1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * cfg80211 MLME SAP interface 4 * 5 * Copyright (c) 2009, Jouni Malinen <j@w1.fi> 6 * Copyright (c) 2015 Intel Deutschland GmbH 7 */ 8 9 #include <linux/kernel.h> 10 #include <linux/module.h> 11 #include <linux/etherdevice.h> 12 #include <linux/netdevice.h> 13 #include <linux/nl80211.h> 14 #include <linux/slab.h> 15 #include <linux/wireless.h> 16 #include <net/cfg80211.h> 17 #include <net/iw_handler.h> 18 #include "core.h" 19 #include "nl80211.h" 20 #include "rdev-ops.h" 21 22 23 void cfg80211_rx_assoc_resp(struct net_device *dev, struct cfg80211_bss *bss, 24 const u8 *buf, size_t len, int uapsd_queues) 25 { 26 struct wireless_dev *wdev = dev->ieee80211_ptr; 27 struct wiphy *wiphy = wdev->wiphy; 28 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 29 struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)buf; 30 struct cfg80211_connect_resp_params cr; 31 32 memset(&cr, 0, sizeof(cr)); 33 cr.status = (int)le16_to_cpu(mgmt->u.assoc_resp.status_code); 34 cr.bssid = mgmt->bssid; 35 cr.bss = bss; 36 cr.resp_ie = mgmt->u.assoc_resp.variable; 37 cr.resp_ie_len = 38 len - offsetof(struct ieee80211_mgmt, u.assoc_resp.variable); 39 cr.timeout_reason = NL80211_TIMEOUT_UNSPECIFIED; 40 41 trace_cfg80211_send_rx_assoc(dev, bss); 42 43 /* 44 * This is a bit of a hack, we don't notify userspace of 45 * a (re-)association reply if we tried to send a reassoc 46 * and got a reject -- we only try again with an assoc 47 * frame instead of reassoc. 48 */ 49 if (cfg80211_sme_rx_assoc_resp(wdev, cr.status)) { 50 cfg80211_unhold_bss(bss_from_pub(bss)); 51 cfg80211_put_bss(wiphy, bss); 52 return; 53 } 54 55 nl80211_send_rx_assoc(rdev, dev, buf, len, GFP_KERNEL, uapsd_queues); 56 /* update current_bss etc., consumes the bss reference */ 57 __cfg80211_connect_result(dev, &cr, cr.status == WLAN_STATUS_SUCCESS); 58 } 59 EXPORT_SYMBOL(cfg80211_rx_assoc_resp); 60 61 static void cfg80211_process_auth(struct wireless_dev *wdev, 62 const u8 *buf, size_t len) 63 { 64 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 65 66 nl80211_send_rx_auth(rdev, wdev->netdev, buf, len, GFP_KERNEL); 67 cfg80211_sme_rx_auth(wdev, buf, len); 68 } 69 70 static void cfg80211_process_deauth(struct wireless_dev *wdev, 71 const u8 *buf, size_t len) 72 { 73 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 74 struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)buf; 75 const u8 *bssid = mgmt->bssid; 76 u16 reason_code = le16_to_cpu(mgmt->u.deauth.reason_code); 77 bool from_ap = !ether_addr_equal(mgmt->sa, wdev->netdev->dev_addr); 78 79 nl80211_send_deauth(rdev, wdev->netdev, buf, len, GFP_KERNEL); 80 81 if (!wdev->current_bss || 82 !ether_addr_equal(wdev->current_bss->pub.bssid, bssid)) 83 return; 84 85 __cfg80211_disconnected(wdev->netdev, NULL, 0, reason_code, from_ap); 86 cfg80211_sme_deauth(wdev); 87 } 88 89 static void cfg80211_process_disassoc(struct wireless_dev *wdev, 90 const u8 *buf, size_t len) 91 { 92 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 93 struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)buf; 94 const u8 *bssid = mgmt->bssid; 95 u16 reason_code = le16_to_cpu(mgmt->u.disassoc.reason_code); 96 bool from_ap = !ether_addr_equal(mgmt->sa, wdev->netdev->dev_addr); 97 98 nl80211_send_disassoc(rdev, wdev->netdev, buf, len, GFP_KERNEL); 99 100 if (WARN_ON(!wdev->current_bss || 101 !ether_addr_equal(wdev->current_bss->pub.bssid, bssid))) 102 return; 103 104 __cfg80211_disconnected(wdev->netdev, NULL, 0, reason_code, from_ap); 105 cfg80211_sme_disassoc(wdev); 106 } 107 108 void cfg80211_rx_mlme_mgmt(struct net_device *dev, const u8 *buf, size_t len) 109 { 110 struct wireless_dev *wdev = dev->ieee80211_ptr; 111 struct ieee80211_mgmt *mgmt = (void *)buf; 112 113 ASSERT_WDEV_LOCK(wdev); 114 115 trace_cfg80211_rx_mlme_mgmt(dev, buf, len); 116 117 if (WARN_ON(len < 2)) 118 return; 119 120 if (ieee80211_is_auth(mgmt->frame_control)) 121 cfg80211_process_auth(wdev, buf, len); 122 else if (ieee80211_is_deauth(mgmt->frame_control)) 123 cfg80211_process_deauth(wdev, buf, len); 124 else if (ieee80211_is_disassoc(mgmt->frame_control)) 125 cfg80211_process_disassoc(wdev, buf, len); 126 } 127 EXPORT_SYMBOL(cfg80211_rx_mlme_mgmt); 128 129 void cfg80211_auth_timeout(struct net_device *dev, const u8 *addr) 130 { 131 struct wireless_dev *wdev = dev->ieee80211_ptr; 132 struct wiphy *wiphy = wdev->wiphy; 133 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 134 135 trace_cfg80211_send_auth_timeout(dev, addr); 136 137 nl80211_send_auth_timeout(rdev, dev, addr, GFP_KERNEL); 138 cfg80211_sme_auth_timeout(wdev); 139 } 140 EXPORT_SYMBOL(cfg80211_auth_timeout); 141 142 void cfg80211_assoc_timeout(struct net_device *dev, struct cfg80211_bss *bss) 143 { 144 struct wireless_dev *wdev = dev->ieee80211_ptr; 145 struct wiphy *wiphy = wdev->wiphy; 146 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 147 148 trace_cfg80211_send_assoc_timeout(dev, bss->bssid); 149 150 nl80211_send_assoc_timeout(rdev, dev, bss->bssid, GFP_KERNEL); 151 cfg80211_sme_assoc_timeout(wdev); 152 153 cfg80211_unhold_bss(bss_from_pub(bss)); 154 cfg80211_put_bss(wiphy, bss); 155 } 156 EXPORT_SYMBOL(cfg80211_assoc_timeout); 157 158 void cfg80211_abandon_assoc(struct net_device *dev, struct cfg80211_bss *bss) 159 { 160 struct wireless_dev *wdev = dev->ieee80211_ptr; 161 struct wiphy *wiphy = wdev->wiphy; 162 163 cfg80211_sme_abandon_assoc(wdev); 164 165 cfg80211_unhold_bss(bss_from_pub(bss)); 166 cfg80211_put_bss(wiphy, bss); 167 } 168 EXPORT_SYMBOL(cfg80211_abandon_assoc); 169 170 void cfg80211_tx_mlme_mgmt(struct net_device *dev, const u8 *buf, size_t len) 171 { 172 struct wireless_dev *wdev = dev->ieee80211_ptr; 173 struct ieee80211_mgmt *mgmt = (void *)buf; 174 175 ASSERT_WDEV_LOCK(wdev); 176 177 trace_cfg80211_tx_mlme_mgmt(dev, buf, len); 178 179 if (WARN_ON(len < 2)) 180 return; 181 182 if (ieee80211_is_deauth(mgmt->frame_control)) 183 cfg80211_process_deauth(wdev, buf, len); 184 else 185 cfg80211_process_disassoc(wdev, buf, len); 186 } 187 EXPORT_SYMBOL(cfg80211_tx_mlme_mgmt); 188 189 void cfg80211_michael_mic_failure(struct net_device *dev, const u8 *addr, 190 enum nl80211_key_type key_type, int key_id, 191 const u8 *tsc, gfp_t gfp) 192 { 193 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy; 194 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 195 #ifdef CONFIG_CFG80211_WEXT 196 union iwreq_data wrqu; 197 char *buf = kmalloc(128, gfp); 198 199 if (buf) { 200 sprintf(buf, "MLME-MICHAELMICFAILURE.indication(" 201 "keyid=%d %scast addr=%pM)", key_id, 202 key_type == NL80211_KEYTYPE_GROUP ? "broad" : "uni", 203 addr); 204 memset(&wrqu, 0, sizeof(wrqu)); 205 wrqu.data.length = strlen(buf); 206 wireless_send_event(dev, IWEVCUSTOM, &wrqu, buf); 207 kfree(buf); 208 } 209 #endif 210 211 trace_cfg80211_michael_mic_failure(dev, addr, key_type, key_id, tsc); 212 nl80211_michael_mic_failure(rdev, dev, addr, key_type, key_id, tsc, gfp); 213 } 214 EXPORT_SYMBOL(cfg80211_michael_mic_failure); 215 216 /* some MLME handling for userspace SME */ 217 int cfg80211_mlme_auth(struct cfg80211_registered_device *rdev, 218 struct net_device *dev, 219 struct ieee80211_channel *chan, 220 enum nl80211_auth_type auth_type, 221 const u8 *bssid, 222 const u8 *ssid, int ssid_len, 223 const u8 *ie, int ie_len, 224 const u8 *key, int key_len, int key_idx, 225 const u8 *auth_data, int auth_data_len) 226 { 227 struct wireless_dev *wdev = dev->ieee80211_ptr; 228 struct cfg80211_auth_request req = { 229 .ie = ie, 230 .ie_len = ie_len, 231 .auth_data = auth_data, 232 .auth_data_len = auth_data_len, 233 .auth_type = auth_type, 234 .key = key, 235 .key_len = key_len, 236 .key_idx = key_idx, 237 }; 238 int err; 239 240 ASSERT_WDEV_LOCK(wdev); 241 242 if (auth_type == NL80211_AUTHTYPE_SHARED_KEY) 243 if (!key || !key_len || key_idx < 0 || key_idx > 3) 244 return -EINVAL; 245 246 if (wdev->current_bss && 247 ether_addr_equal(bssid, wdev->current_bss->pub.bssid)) 248 return -EALREADY; 249 250 req.bss = cfg80211_get_bss(&rdev->wiphy, chan, bssid, ssid, ssid_len, 251 IEEE80211_BSS_TYPE_ESS, 252 IEEE80211_PRIVACY_ANY); 253 if (!req.bss) 254 return -ENOENT; 255 256 err = rdev_auth(rdev, dev, &req); 257 258 cfg80211_put_bss(&rdev->wiphy, req.bss); 259 return err; 260 } 261 262 /* Do a logical ht_capa &= ht_capa_mask. */ 263 void cfg80211_oper_and_ht_capa(struct ieee80211_ht_cap *ht_capa, 264 const struct ieee80211_ht_cap *ht_capa_mask) 265 { 266 int i; 267 u8 *p1, *p2; 268 if (!ht_capa_mask) { 269 memset(ht_capa, 0, sizeof(*ht_capa)); 270 return; 271 } 272 273 p1 = (u8*)(ht_capa); 274 p2 = (u8*)(ht_capa_mask); 275 for (i = 0; i<sizeof(*ht_capa); i++) 276 p1[i] &= p2[i]; 277 } 278 279 /* Do a logical ht_capa &= ht_capa_mask. */ 280 void cfg80211_oper_and_vht_capa(struct ieee80211_vht_cap *vht_capa, 281 const struct ieee80211_vht_cap *vht_capa_mask) 282 { 283 int i; 284 u8 *p1, *p2; 285 if (!vht_capa_mask) { 286 memset(vht_capa, 0, sizeof(*vht_capa)); 287 return; 288 } 289 290 p1 = (u8*)(vht_capa); 291 p2 = (u8*)(vht_capa_mask); 292 for (i = 0; i < sizeof(*vht_capa); i++) 293 p1[i] &= p2[i]; 294 } 295 296 int cfg80211_mlme_assoc(struct cfg80211_registered_device *rdev, 297 struct net_device *dev, 298 struct ieee80211_channel *chan, 299 const u8 *bssid, 300 const u8 *ssid, int ssid_len, 301 struct cfg80211_assoc_request *req) 302 { 303 struct wireless_dev *wdev = dev->ieee80211_ptr; 304 int err; 305 306 ASSERT_WDEV_LOCK(wdev); 307 308 if (wdev->current_bss && 309 (!req->prev_bssid || !ether_addr_equal(wdev->current_bss->pub.bssid, 310 req->prev_bssid))) 311 return -EALREADY; 312 313 cfg80211_oper_and_ht_capa(&req->ht_capa_mask, 314 rdev->wiphy.ht_capa_mod_mask); 315 cfg80211_oper_and_vht_capa(&req->vht_capa_mask, 316 rdev->wiphy.vht_capa_mod_mask); 317 318 req->bss = cfg80211_get_bss(&rdev->wiphy, chan, bssid, ssid, ssid_len, 319 IEEE80211_BSS_TYPE_ESS, 320 IEEE80211_PRIVACY_ANY); 321 if (!req->bss) 322 return -ENOENT; 323 324 err = rdev_assoc(rdev, dev, req); 325 if (!err) 326 cfg80211_hold_bss(bss_from_pub(req->bss)); 327 else 328 cfg80211_put_bss(&rdev->wiphy, req->bss); 329 330 return err; 331 } 332 333 int cfg80211_mlme_deauth(struct cfg80211_registered_device *rdev, 334 struct net_device *dev, const u8 *bssid, 335 const u8 *ie, int ie_len, u16 reason, 336 bool local_state_change) 337 { 338 struct wireless_dev *wdev = dev->ieee80211_ptr; 339 struct cfg80211_deauth_request req = { 340 .bssid = bssid, 341 .reason_code = reason, 342 .ie = ie, 343 .ie_len = ie_len, 344 .local_state_change = local_state_change, 345 }; 346 347 ASSERT_WDEV_LOCK(wdev); 348 349 if (local_state_change && 350 (!wdev->current_bss || 351 !ether_addr_equal(wdev->current_bss->pub.bssid, bssid))) 352 return 0; 353 354 if (ether_addr_equal(wdev->disconnect_bssid, bssid) || 355 (wdev->current_bss && 356 ether_addr_equal(wdev->current_bss->pub.bssid, bssid))) 357 wdev->conn_owner_nlportid = 0; 358 359 return rdev_deauth(rdev, dev, &req); 360 } 361 362 int cfg80211_mlme_disassoc(struct cfg80211_registered_device *rdev, 363 struct net_device *dev, const u8 *bssid, 364 const u8 *ie, int ie_len, u16 reason, 365 bool local_state_change) 366 { 367 struct wireless_dev *wdev = dev->ieee80211_ptr; 368 struct cfg80211_disassoc_request req = { 369 .reason_code = reason, 370 .local_state_change = local_state_change, 371 .ie = ie, 372 .ie_len = ie_len, 373 }; 374 int err; 375 376 ASSERT_WDEV_LOCK(wdev); 377 378 if (!wdev->current_bss) 379 return -ENOTCONN; 380 381 if (ether_addr_equal(wdev->current_bss->pub.bssid, bssid)) 382 req.bss = &wdev->current_bss->pub; 383 else 384 return -ENOTCONN; 385 386 err = rdev_disassoc(rdev, dev, &req); 387 if (err) 388 return err; 389 390 /* driver should have reported the disassoc */ 391 WARN_ON(wdev->current_bss); 392 return 0; 393 } 394 395 void cfg80211_mlme_down(struct cfg80211_registered_device *rdev, 396 struct net_device *dev) 397 { 398 struct wireless_dev *wdev = dev->ieee80211_ptr; 399 u8 bssid[ETH_ALEN]; 400 401 ASSERT_WDEV_LOCK(wdev); 402 403 if (!rdev->ops->deauth) 404 return; 405 406 if (!wdev->current_bss) 407 return; 408 409 memcpy(bssid, wdev->current_bss->pub.bssid, ETH_ALEN); 410 cfg80211_mlme_deauth(rdev, dev, bssid, NULL, 0, 411 WLAN_REASON_DEAUTH_LEAVING, false); 412 } 413 414 struct cfg80211_mgmt_registration { 415 struct list_head list; 416 struct wireless_dev *wdev; 417 418 u32 nlportid; 419 420 int match_len; 421 422 __le16 frame_type; 423 424 u8 match[]; 425 }; 426 427 static void 428 cfg80211_process_mlme_unregistrations(struct cfg80211_registered_device *rdev) 429 { 430 struct cfg80211_mgmt_registration *reg; 431 432 ASSERT_RTNL(); 433 434 spin_lock_bh(&rdev->mlme_unreg_lock); 435 while ((reg = list_first_entry_or_null(&rdev->mlme_unreg, 436 struct cfg80211_mgmt_registration, 437 list))) { 438 list_del(®->list); 439 spin_unlock_bh(&rdev->mlme_unreg_lock); 440 441 if (rdev->ops->mgmt_frame_register) { 442 u16 frame_type = le16_to_cpu(reg->frame_type); 443 444 rdev_mgmt_frame_register(rdev, reg->wdev, 445 frame_type, false); 446 } 447 448 kfree(reg); 449 450 spin_lock_bh(&rdev->mlme_unreg_lock); 451 } 452 spin_unlock_bh(&rdev->mlme_unreg_lock); 453 } 454 455 void cfg80211_mlme_unreg_wk(struct work_struct *wk) 456 { 457 struct cfg80211_registered_device *rdev; 458 459 rdev = container_of(wk, struct cfg80211_registered_device, 460 mlme_unreg_wk); 461 462 rtnl_lock(); 463 cfg80211_process_mlme_unregistrations(rdev); 464 rtnl_unlock(); 465 } 466 467 int cfg80211_mlme_register_mgmt(struct wireless_dev *wdev, u32 snd_portid, 468 u16 frame_type, const u8 *match_data, 469 int match_len) 470 { 471 struct wiphy *wiphy = wdev->wiphy; 472 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 473 struct cfg80211_mgmt_registration *reg, *nreg; 474 int err = 0; 475 u16 mgmt_type; 476 477 if (!wdev->wiphy->mgmt_stypes) 478 return -EOPNOTSUPP; 479 480 if ((frame_type & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_MGMT) 481 return -EINVAL; 482 483 if (frame_type & ~(IEEE80211_FCTL_FTYPE | IEEE80211_FCTL_STYPE)) 484 return -EINVAL; 485 486 mgmt_type = (frame_type & IEEE80211_FCTL_STYPE) >> 4; 487 if (!(wdev->wiphy->mgmt_stypes[wdev->iftype].rx & BIT(mgmt_type))) 488 return -EINVAL; 489 490 nreg = kzalloc(sizeof(*reg) + match_len, GFP_KERNEL); 491 if (!nreg) 492 return -ENOMEM; 493 494 spin_lock_bh(&wdev->mgmt_registrations_lock); 495 496 list_for_each_entry(reg, &wdev->mgmt_registrations, list) { 497 int mlen = min(match_len, reg->match_len); 498 499 if (frame_type != le16_to_cpu(reg->frame_type)) 500 continue; 501 502 if (memcmp(reg->match, match_data, mlen) == 0) { 503 err = -EALREADY; 504 break; 505 } 506 } 507 508 if (err) { 509 kfree(nreg); 510 goto out; 511 } 512 513 memcpy(nreg->match, match_data, match_len); 514 nreg->match_len = match_len; 515 nreg->nlportid = snd_portid; 516 nreg->frame_type = cpu_to_le16(frame_type); 517 nreg->wdev = wdev; 518 list_add(&nreg->list, &wdev->mgmt_registrations); 519 spin_unlock_bh(&wdev->mgmt_registrations_lock); 520 521 /* process all unregistrations to avoid driver confusion */ 522 cfg80211_process_mlme_unregistrations(rdev); 523 524 if (rdev->ops->mgmt_frame_register) 525 rdev_mgmt_frame_register(rdev, wdev, frame_type, true); 526 527 return 0; 528 529 out: 530 spin_unlock_bh(&wdev->mgmt_registrations_lock); 531 532 return err; 533 } 534 535 void cfg80211_mlme_unregister_socket(struct wireless_dev *wdev, u32 nlportid) 536 { 537 struct wiphy *wiphy = wdev->wiphy; 538 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 539 struct cfg80211_mgmt_registration *reg, *tmp; 540 541 spin_lock_bh(&wdev->mgmt_registrations_lock); 542 543 list_for_each_entry_safe(reg, tmp, &wdev->mgmt_registrations, list) { 544 if (reg->nlportid != nlportid) 545 continue; 546 547 list_del(®->list); 548 spin_lock(&rdev->mlme_unreg_lock); 549 list_add_tail(®->list, &rdev->mlme_unreg); 550 spin_unlock(&rdev->mlme_unreg_lock); 551 552 schedule_work(&rdev->mlme_unreg_wk); 553 } 554 555 spin_unlock_bh(&wdev->mgmt_registrations_lock); 556 557 if (nlportid && rdev->crit_proto_nlportid == nlportid) { 558 rdev->crit_proto_nlportid = 0; 559 rdev_crit_proto_stop(rdev, wdev); 560 } 561 562 if (nlportid == wdev->ap_unexpected_nlportid) 563 wdev->ap_unexpected_nlportid = 0; 564 } 565 566 void cfg80211_mlme_purge_registrations(struct wireless_dev *wdev) 567 { 568 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 569 570 spin_lock_bh(&wdev->mgmt_registrations_lock); 571 spin_lock(&rdev->mlme_unreg_lock); 572 list_splice_tail_init(&wdev->mgmt_registrations, &rdev->mlme_unreg); 573 spin_unlock(&rdev->mlme_unreg_lock); 574 spin_unlock_bh(&wdev->mgmt_registrations_lock); 575 576 cfg80211_process_mlme_unregistrations(rdev); 577 } 578 579 int cfg80211_mlme_mgmt_tx(struct cfg80211_registered_device *rdev, 580 struct wireless_dev *wdev, 581 struct cfg80211_mgmt_tx_params *params, u64 *cookie) 582 { 583 const struct ieee80211_mgmt *mgmt; 584 u16 stype; 585 586 if (!wdev->wiphy->mgmt_stypes) 587 return -EOPNOTSUPP; 588 589 if (!rdev->ops->mgmt_tx) 590 return -EOPNOTSUPP; 591 592 if (params->len < 24 + 1) 593 return -EINVAL; 594 595 mgmt = (const struct ieee80211_mgmt *)params->buf; 596 597 if (!ieee80211_is_mgmt(mgmt->frame_control)) 598 return -EINVAL; 599 600 stype = le16_to_cpu(mgmt->frame_control) & IEEE80211_FCTL_STYPE; 601 if (!(wdev->wiphy->mgmt_stypes[wdev->iftype].tx & BIT(stype >> 4))) 602 return -EINVAL; 603 604 if (ieee80211_is_action(mgmt->frame_control) && 605 mgmt->u.action.category != WLAN_CATEGORY_PUBLIC) { 606 int err = 0; 607 608 wdev_lock(wdev); 609 610 switch (wdev->iftype) { 611 case NL80211_IFTYPE_ADHOC: 612 case NL80211_IFTYPE_STATION: 613 case NL80211_IFTYPE_P2P_CLIENT: 614 if (!wdev->current_bss) { 615 err = -ENOTCONN; 616 break; 617 } 618 619 if (!ether_addr_equal(wdev->current_bss->pub.bssid, 620 mgmt->bssid)) { 621 err = -ENOTCONN; 622 break; 623 } 624 625 /* 626 * check for IBSS DA must be done by driver as 627 * cfg80211 doesn't track the stations 628 */ 629 if (wdev->iftype == NL80211_IFTYPE_ADHOC) 630 break; 631 632 /* for station, check that DA is the AP */ 633 if (!ether_addr_equal(wdev->current_bss->pub.bssid, 634 mgmt->da)) { 635 err = -ENOTCONN; 636 break; 637 } 638 break; 639 case NL80211_IFTYPE_AP: 640 case NL80211_IFTYPE_P2P_GO: 641 case NL80211_IFTYPE_AP_VLAN: 642 if (!ether_addr_equal(mgmt->bssid, wdev_address(wdev))) 643 err = -EINVAL; 644 break; 645 case NL80211_IFTYPE_MESH_POINT: 646 if (!ether_addr_equal(mgmt->sa, mgmt->bssid)) { 647 err = -EINVAL; 648 break; 649 } 650 /* 651 * check for mesh DA must be done by driver as 652 * cfg80211 doesn't track the stations 653 */ 654 break; 655 case NL80211_IFTYPE_P2P_DEVICE: 656 /* 657 * fall through, P2P device only supports 658 * public action frames 659 */ 660 case NL80211_IFTYPE_NAN: 661 default: 662 err = -EOPNOTSUPP; 663 break; 664 } 665 wdev_unlock(wdev); 666 667 if (err) 668 return err; 669 } 670 671 if (!ether_addr_equal(mgmt->sa, wdev_address(wdev))) { 672 /* Allow random TA to be used with Public Action frames if the 673 * driver has indicated support for this. Otherwise, only allow 674 * the local address to be used. 675 */ 676 if (!ieee80211_is_action(mgmt->frame_control) || 677 mgmt->u.action.category != WLAN_CATEGORY_PUBLIC) 678 return -EINVAL; 679 if (!wdev->current_bss && 680 !wiphy_ext_feature_isset( 681 &rdev->wiphy, 682 NL80211_EXT_FEATURE_MGMT_TX_RANDOM_TA)) 683 return -EINVAL; 684 if (wdev->current_bss && 685 !wiphy_ext_feature_isset( 686 &rdev->wiphy, 687 NL80211_EXT_FEATURE_MGMT_TX_RANDOM_TA_CONNECTED)) 688 return -EINVAL; 689 } 690 691 /* Transmit the Action frame as requested by user space */ 692 return rdev_mgmt_tx(rdev, wdev, params, cookie); 693 } 694 695 bool cfg80211_rx_mgmt(struct wireless_dev *wdev, int freq, int sig_dbm, 696 const u8 *buf, size_t len, u32 flags) 697 { 698 struct wiphy *wiphy = wdev->wiphy; 699 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 700 struct cfg80211_mgmt_registration *reg; 701 const struct ieee80211_txrx_stypes *stypes = 702 &wiphy->mgmt_stypes[wdev->iftype]; 703 struct ieee80211_mgmt *mgmt = (void *)buf; 704 const u8 *data; 705 int data_len; 706 bool result = false; 707 __le16 ftype = mgmt->frame_control & 708 cpu_to_le16(IEEE80211_FCTL_FTYPE | IEEE80211_FCTL_STYPE); 709 u16 stype; 710 711 trace_cfg80211_rx_mgmt(wdev, freq, sig_dbm); 712 stype = (le16_to_cpu(mgmt->frame_control) & IEEE80211_FCTL_STYPE) >> 4; 713 714 if (!(stypes->rx & BIT(stype))) { 715 trace_cfg80211_return_bool(false); 716 return false; 717 } 718 719 data = buf + ieee80211_hdrlen(mgmt->frame_control); 720 data_len = len - ieee80211_hdrlen(mgmt->frame_control); 721 722 spin_lock_bh(&wdev->mgmt_registrations_lock); 723 724 list_for_each_entry(reg, &wdev->mgmt_registrations, list) { 725 if (reg->frame_type != ftype) 726 continue; 727 728 if (reg->match_len > data_len) 729 continue; 730 731 if (memcmp(reg->match, data, reg->match_len)) 732 continue; 733 734 /* found match! */ 735 736 /* Indicate the received Action frame to user space */ 737 if (nl80211_send_mgmt(rdev, wdev, reg->nlportid, 738 freq, sig_dbm, 739 buf, len, flags, GFP_ATOMIC)) 740 continue; 741 742 result = true; 743 break; 744 } 745 746 spin_unlock_bh(&wdev->mgmt_registrations_lock); 747 748 trace_cfg80211_return_bool(result); 749 return result; 750 } 751 EXPORT_SYMBOL(cfg80211_rx_mgmt); 752 753 void cfg80211_sched_dfs_chan_update(struct cfg80211_registered_device *rdev) 754 { 755 cancel_delayed_work(&rdev->dfs_update_channels_wk); 756 queue_delayed_work(cfg80211_wq, &rdev->dfs_update_channels_wk, 0); 757 } 758 759 void cfg80211_dfs_channels_update_work(struct work_struct *work) 760 { 761 struct delayed_work *delayed_work = to_delayed_work(work); 762 struct cfg80211_registered_device *rdev; 763 struct cfg80211_chan_def chandef; 764 struct ieee80211_supported_band *sband; 765 struct ieee80211_channel *c; 766 struct wiphy *wiphy; 767 bool check_again = false; 768 unsigned long timeout, next_time = 0; 769 unsigned long time_dfs_update; 770 enum nl80211_radar_event radar_event; 771 int bandid, i; 772 773 rdev = container_of(delayed_work, struct cfg80211_registered_device, 774 dfs_update_channels_wk); 775 wiphy = &rdev->wiphy; 776 777 rtnl_lock(); 778 for (bandid = 0; bandid < NUM_NL80211_BANDS; bandid++) { 779 sband = wiphy->bands[bandid]; 780 if (!sband) 781 continue; 782 783 for (i = 0; i < sband->n_channels; i++) { 784 c = &sband->channels[i]; 785 786 if (!(c->flags & IEEE80211_CHAN_RADAR)) 787 continue; 788 789 if (c->dfs_state != NL80211_DFS_UNAVAILABLE && 790 c->dfs_state != NL80211_DFS_AVAILABLE) 791 continue; 792 793 if (c->dfs_state == NL80211_DFS_UNAVAILABLE) { 794 time_dfs_update = IEEE80211_DFS_MIN_NOP_TIME_MS; 795 radar_event = NL80211_RADAR_NOP_FINISHED; 796 } else { 797 if (regulatory_pre_cac_allowed(wiphy) || 798 cfg80211_any_wiphy_oper_chan(wiphy, c)) 799 continue; 800 801 time_dfs_update = REG_PRE_CAC_EXPIRY_GRACE_MS; 802 radar_event = NL80211_RADAR_PRE_CAC_EXPIRED; 803 } 804 805 timeout = c->dfs_state_entered + 806 msecs_to_jiffies(time_dfs_update); 807 808 if (time_after_eq(jiffies, timeout)) { 809 c->dfs_state = NL80211_DFS_USABLE; 810 c->dfs_state_entered = jiffies; 811 812 cfg80211_chandef_create(&chandef, c, 813 NL80211_CHAN_NO_HT); 814 815 nl80211_radar_notify(rdev, &chandef, 816 radar_event, NULL, 817 GFP_ATOMIC); 818 819 regulatory_propagate_dfs_state(wiphy, &chandef, 820 c->dfs_state, 821 radar_event); 822 continue; 823 } 824 825 if (!check_again) 826 next_time = timeout - jiffies; 827 else 828 next_time = min(next_time, timeout - jiffies); 829 check_again = true; 830 } 831 } 832 rtnl_unlock(); 833 834 /* reschedule if there are other channels waiting to be cleared again */ 835 if (check_again) 836 queue_delayed_work(cfg80211_wq, &rdev->dfs_update_channels_wk, 837 next_time); 838 } 839 840 841 void cfg80211_radar_event(struct wiphy *wiphy, 842 struct cfg80211_chan_def *chandef, 843 gfp_t gfp) 844 { 845 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 846 847 trace_cfg80211_radar_event(wiphy, chandef); 848 849 /* only set the chandef supplied channel to unavailable, in 850 * case the radar is detected on only one of multiple channels 851 * spanned by the chandef. 852 */ 853 cfg80211_set_dfs_state(wiphy, chandef, NL80211_DFS_UNAVAILABLE); 854 855 cfg80211_sched_dfs_chan_update(rdev); 856 857 nl80211_radar_notify(rdev, chandef, NL80211_RADAR_DETECTED, NULL, gfp); 858 859 memcpy(&rdev->radar_chandef, chandef, sizeof(struct cfg80211_chan_def)); 860 queue_work(cfg80211_wq, &rdev->propagate_radar_detect_wk); 861 } 862 EXPORT_SYMBOL(cfg80211_radar_event); 863 864 void cfg80211_cac_event(struct net_device *netdev, 865 const struct cfg80211_chan_def *chandef, 866 enum nl80211_radar_event event, gfp_t gfp) 867 { 868 struct wireless_dev *wdev = netdev->ieee80211_ptr; 869 struct wiphy *wiphy = wdev->wiphy; 870 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 871 unsigned long timeout; 872 873 trace_cfg80211_cac_event(netdev, event); 874 875 if (WARN_ON(!wdev->cac_started)) 876 return; 877 878 if (WARN_ON(!wdev->chandef.chan)) 879 return; 880 881 switch (event) { 882 case NL80211_RADAR_CAC_FINISHED: 883 timeout = wdev->cac_start_time + 884 msecs_to_jiffies(wdev->cac_time_ms); 885 WARN_ON(!time_after_eq(jiffies, timeout)); 886 cfg80211_set_dfs_state(wiphy, chandef, NL80211_DFS_AVAILABLE); 887 memcpy(&rdev->cac_done_chandef, chandef, 888 sizeof(struct cfg80211_chan_def)); 889 queue_work(cfg80211_wq, &rdev->propagate_cac_done_wk); 890 cfg80211_sched_dfs_chan_update(rdev); 891 break; 892 case NL80211_RADAR_CAC_ABORTED: 893 break; 894 default: 895 WARN_ON(1); 896 return; 897 } 898 wdev->cac_started = false; 899 900 nl80211_radar_notify(rdev, chandef, event, netdev, gfp); 901 } 902 EXPORT_SYMBOL(cfg80211_cac_event); 903