1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * SME code for cfg80211 4 * both driver SME event handling and the SME implementation 5 * (for nl80211's connect() and wext) 6 * 7 * Copyright 2009 Johannes Berg <johannes@sipsolutions.net> 8 * Copyright (C) 2009, 2020, 2022-2025 Intel Corporation. All rights reserved. 9 * Copyright 2017 Intel Deutschland GmbH 10 */ 11 12 #include <linux/etherdevice.h> 13 #include <linux/if_arp.h> 14 #include <linux/slab.h> 15 #include <linux/workqueue.h> 16 #include <linux/wireless.h> 17 #include <linux/export.h> 18 #include <net/iw_handler.h> 19 #include <net/cfg80211.h> 20 #include <net/rtnetlink.h> 21 #include "nl80211.h" 22 #include "reg.h" 23 #include "rdev-ops.h" 24 25 /* 26 * Software SME in cfg80211, using auth/assoc/deauth calls to the 27 * driver. This is for implementing nl80211's connect/disconnect 28 * and wireless extensions (if configured.) 29 */ 30 31 struct cfg80211_conn { 32 struct cfg80211_connect_params params; 33 /* these are sub-states of the _CONNECTING sme_state */ 34 enum { 35 CFG80211_CONN_SCANNING, 36 CFG80211_CONN_SCAN_AGAIN, 37 CFG80211_CONN_AUTHENTICATE_NEXT, 38 CFG80211_CONN_AUTHENTICATING, 39 CFG80211_CONN_AUTH_FAILED_TIMEOUT, 40 CFG80211_CONN_ASSOCIATE_NEXT, 41 CFG80211_CONN_ASSOCIATING, 42 CFG80211_CONN_ASSOC_FAILED, 43 CFG80211_CONN_ASSOC_FAILED_TIMEOUT, 44 CFG80211_CONN_DEAUTH, 45 CFG80211_CONN_ABANDON, 46 CFG80211_CONN_CONNECTED, 47 } state; 48 u8 bssid[ETH_ALEN], prev_bssid[ETH_ALEN]; 49 const u8 *ie; 50 size_t ie_len; 51 bool auto_auth, prev_bssid_valid; 52 }; 53 54 static void cfg80211_sme_free(struct wireless_dev *wdev) 55 { 56 if (!wdev->conn) 57 return; 58 59 kfree(wdev->conn->ie); 60 kfree(wdev->conn); 61 wdev->conn = NULL; 62 } 63 64 static int cfg80211_conn_scan(struct wireless_dev *wdev) 65 { 66 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 67 struct cfg80211_scan_request_int *request; 68 int n_channels, err; 69 70 lockdep_assert_wiphy(wdev->wiphy); 71 72 if (rdev->scan_req || rdev->scan_msg) 73 return -EBUSY; 74 75 if (wdev->conn->params.channel) 76 n_channels = 1; 77 else 78 n_channels = ieee80211_get_num_supported_channels(wdev->wiphy); 79 80 request = kzalloc(sizeof(*request) + sizeof(request->req.ssids[0]) + 81 sizeof(request->req.channels[0]) * n_channels, 82 GFP_KERNEL); 83 if (!request) 84 return -ENOMEM; 85 86 if (wdev->conn->params.channel) { 87 enum nl80211_band band = wdev->conn->params.channel->band; 88 struct ieee80211_supported_band *sband = 89 wdev->wiphy->bands[band]; 90 91 if (!sband) { 92 kfree(request); 93 return -EINVAL; 94 } 95 request->req.channels[0] = wdev->conn->params.channel; 96 request->req.rates[band] = (1 << sband->n_bitrates) - 1; 97 } else { 98 int i = 0, j; 99 enum nl80211_band band; 100 struct ieee80211_supported_band *bands; 101 struct ieee80211_channel *channel; 102 103 for (band = 0; band < NUM_NL80211_BANDS; band++) { 104 bands = wdev->wiphy->bands[band]; 105 if (!bands) 106 continue; 107 for (j = 0; j < bands->n_channels; j++) { 108 channel = &bands->channels[j]; 109 if (channel->flags & IEEE80211_CHAN_DISABLED) 110 continue; 111 request->req.channels[i++] = channel; 112 } 113 request->req.rates[band] = (1 << bands->n_bitrates) - 1; 114 } 115 n_channels = i; 116 } 117 request->req.n_channels = n_channels; 118 request->req.ssids = (void *)request + 119 struct_size(request, req.channels, n_channels); 120 request->req.n_ssids = 1; 121 122 memcpy(request->req.ssids[0].ssid, wdev->conn->params.ssid, 123 wdev->conn->params.ssid_len); 124 request->req.ssids[0].ssid_len = wdev->conn->params.ssid_len; 125 126 eth_broadcast_addr(request->req.bssid); 127 128 request->req.wdev = wdev; 129 request->req.wiphy = &rdev->wiphy; 130 request->req.scan_start = jiffies; 131 132 rdev->scan_req = request; 133 134 err = cfg80211_scan(rdev); 135 if (!err) { 136 wdev->conn->state = CFG80211_CONN_SCANNING; 137 nl80211_send_scan_start(rdev, wdev); 138 dev_hold(wdev->netdev); 139 } else { 140 rdev->scan_req = NULL; 141 kfree(request); 142 } 143 return err; 144 } 145 146 static int cfg80211_conn_do_work(struct wireless_dev *wdev, 147 enum nl80211_timeout_reason *treason) 148 { 149 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 150 struct cfg80211_connect_params *params; 151 struct cfg80211_auth_request auth_req = {}; 152 struct cfg80211_assoc_request req = {}; 153 int err; 154 155 lockdep_assert_wiphy(wdev->wiphy); 156 157 if (!wdev->conn) 158 return 0; 159 160 params = &wdev->conn->params; 161 162 switch (wdev->conn->state) { 163 case CFG80211_CONN_SCANNING: 164 /* didn't find it during scan ... */ 165 return -ENOENT; 166 case CFG80211_CONN_SCAN_AGAIN: 167 return cfg80211_conn_scan(wdev); 168 case CFG80211_CONN_AUTHENTICATE_NEXT: 169 if (WARN_ON(!rdev->ops->auth)) 170 return -EOPNOTSUPP; 171 wdev->conn->state = CFG80211_CONN_AUTHENTICATING; 172 auth_req.key = params->key; 173 auth_req.key_len = params->key_len; 174 auth_req.key_idx = params->key_idx; 175 auth_req.auth_type = params->auth_type; 176 auth_req.bss = cfg80211_get_bss(&rdev->wiphy, params->channel, 177 params->bssid, 178 params->ssid, params->ssid_len, 179 IEEE80211_BSS_TYPE_ESS, 180 IEEE80211_PRIVACY_ANY); 181 auth_req.link_id = -1; 182 err = cfg80211_mlme_auth(rdev, wdev->netdev, &auth_req); 183 cfg80211_put_bss(&rdev->wiphy, auth_req.bss); 184 return err; 185 case CFG80211_CONN_AUTH_FAILED_TIMEOUT: 186 *treason = NL80211_TIMEOUT_AUTH; 187 return -ENOTCONN; 188 case CFG80211_CONN_ASSOCIATE_NEXT: 189 if (WARN_ON(!rdev->ops->assoc)) 190 return -EOPNOTSUPP; 191 wdev->conn->state = CFG80211_CONN_ASSOCIATING; 192 if (wdev->conn->prev_bssid_valid) 193 req.prev_bssid = wdev->conn->prev_bssid; 194 req.ie = params->ie; 195 req.ie_len = params->ie_len; 196 req.use_mfp = params->mfp != NL80211_MFP_NO; 197 req.crypto = params->crypto; 198 req.flags = params->flags; 199 req.ht_capa = params->ht_capa; 200 req.ht_capa_mask = params->ht_capa_mask; 201 req.vht_capa = params->vht_capa; 202 req.vht_capa_mask = params->vht_capa_mask; 203 req.link_id = -1; 204 205 req.bss = cfg80211_get_bss(&rdev->wiphy, params->channel, 206 params->bssid, 207 params->ssid, params->ssid_len, 208 IEEE80211_BSS_TYPE_ESS, 209 IEEE80211_PRIVACY_ANY); 210 if (!req.bss) { 211 err = -ENOENT; 212 } else { 213 err = cfg80211_mlme_assoc(rdev, wdev->netdev, 214 &req, NULL); 215 cfg80211_put_bss(&rdev->wiphy, req.bss); 216 } 217 218 if (err) 219 cfg80211_mlme_deauth(rdev, wdev->netdev, params->bssid, 220 NULL, 0, 221 WLAN_REASON_DEAUTH_LEAVING, 222 false); 223 return err; 224 case CFG80211_CONN_ASSOC_FAILED_TIMEOUT: 225 *treason = NL80211_TIMEOUT_ASSOC; 226 fallthrough; 227 case CFG80211_CONN_ASSOC_FAILED: 228 cfg80211_mlme_deauth(rdev, wdev->netdev, params->bssid, 229 NULL, 0, 230 WLAN_REASON_DEAUTH_LEAVING, false); 231 return -ENOTCONN; 232 case CFG80211_CONN_DEAUTH: 233 cfg80211_mlme_deauth(rdev, wdev->netdev, params->bssid, 234 NULL, 0, 235 WLAN_REASON_DEAUTH_LEAVING, false); 236 fallthrough; 237 case CFG80211_CONN_ABANDON: 238 /* free directly, disconnected event already sent */ 239 cfg80211_sme_free(wdev); 240 return 0; 241 default: 242 return 0; 243 } 244 } 245 246 void cfg80211_conn_work(struct work_struct *work) 247 { 248 struct cfg80211_registered_device *rdev = 249 container_of(work, struct cfg80211_registered_device, conn_work); 250 struct wireless_dev *wdev; 251 u8 bssid_buf[ETH_ALEN], *bssid = NULL; 252 enum nl80211_timeout_reason treason; 253 254 guard(wiphy)(&rdev->wiphy); 255 256 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) { 257 if (!wdev->netdev) 258 continue; 259 260 if (!netif_running(wdev->netdev)) 261 continue; 262 263 if (!wdev->conn || 264 wdev->conn->state == CFG80211_CONN_CONNECTED) 265 continue; 266 267 if (wdev->conn->params.bssid) { 268 memcpy(bssid_buf, wdev->conn->params.bssid, ETH_ALEN); 269 bssid = bssid_buf; 270 } 271 treason = NL80211_TIMEOUT_UNSPECIFIED; 272 if (cfg80211_conn_do_work(wdev, &treason)) { 273 struct cfg80211_connect_resp_params cr; 274 275 memset(&cr, 0, sizeof(cr)); 276 cr.status = -1; 277 cr.links[0].bssid = bssid; 278 cr.timeout_reason = treason; 279 __cfg80211_connect_result(wdev->netdev, &cr, false); 280 } 281 } 282 } 283 284 static void cfg80211_step_auth_next(struct cfg80211_conn *conn, 285 struct cfg80211_bss *bss) 286 { 287 memcpy(conn->bssid, bss->bssid, ETH_ALEN); 288 conn->params.bssid = conn->bssid; 289 conn->params.channel = bss->channel; 290 conn->state = CFG80211_CONN_AUTHENTICATE_NEXT; 291 } 292 293 /* Returned bss is reference counted and must be cleaned up appropriately. */ 294 static struct cfg80211_bss *cfg80211_get_conn_bss(struct wireless_dev *wdev) 295 { 296 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 297 struct cfg80211_bss *bss; 298 299 lockdep_assert_wiphy(wdev->wiphy); 300 301 bss = cfg80211_get_bss(wdev->wiphy, wdev->conn->params.channel, 302 wdev->conn->params.bssid, 303 wdev->conn->params.ssid, 304 wdev->conn->params.ssid_len, 305 wdev->conn_bss_type, 306 IEEE80211_PRIVACY(wdev->conn->params.privacy)); 307 if (!bss) 308 return NULL; 309 310 cfg80211_step_auth_next(wdev->conn, bss); 311 schedule_work(&rdev->conn_work); 312 313 return bss; 314 } 315 316 void cfg80211_sme_scan_done(struct net_device *dev) 317 { 318 struct wireless_dev *wdev = dev->ieee80211_ptr; 319 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 320 struct cfg80211_bss *bss; 321 322 lockdep_assert_wiphy(wdev->wiphy); 323 324 if (!wdev->conn) 325 return; 326 327 if (wdev->conn->state != CFG80211_CONN_SCANNING && 328 wdev->conn->state != CFG80211_CONN_SCAN_AGAIN) 329 return; 330 331 bss = cfg80211_get_conn_bss(wdev); 332 if (bss) 333 cfg80211_put_bss(&rdev->wiphy, bss); 334 else 335 schedule_work(&rdev->conn_work); 336 } 337 338 void cfg80211_sme_rx_auth(struct wireless_dev *wdev, const u8 *buf, size_t len) 339 { 340 struct wiphy *wiphy = wdev->wiphy; 341 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 342 struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)buf; 343 u16 status_code = le16_to_cpu(mgmt->u.auth.status_code); 344 345 lockdep_assert_wiphy(wdev->wiphy); 346 347 if (!wdev->conn || wdev->conn->state == CFG80211_CONN_CONNECTED) 348 return; 349 350 if (status_code == WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG && 351 wdev->conn->auto_auth && 352 wdev->conn->params.auth_type != NL80211_AUTHTYPE_NETWORK_EAP) { 353 /* select automatically between only open, shared, leap */ 354 switch (wdev->conn->params.auth_type) { 355 case NL80211_AUTHTYPE_OPEN_SYSTEM: 356 if (wdev->connect_keys) 357 wdev->conn->params.auth_type = 358 NL80211_AUTHTYPE_SHARED_KEY; 359 else 360 wdev->conn->params.auth_type = 361 NL80211_AUTHTYPE_NETWORK_EAP; 362 break; 363 case NL80211_AUTHTYPE_SHARED_KEY: 364 wdev->conn->params.auth_type = 365 NL80211_AUTHTYPE_NETWORK_EAP; 366 break; 367 default: 368 /* huh? */ 369 wdev->conn->params.auth_type = 370 NL80211_AUTHTYPE_OPEN_SYSTEM; 371 break; 372 } 373 wdev->conn->state = CFG80211_CONN_AUTHENTICATE_NEXT; 374 schedule_work(&rdev->conn_work); 375 } else if (status_code != WLAN_STATUS_SUCCESS) { 376 struct cfg80211_connect_resp_params cr; 377 378 memset(&cr, 0, sizeof(cr)); 379 cr.status = status_code; 380 cr.links[0].bssid = mgmt->bssid; 381 cr.timeout_reason = NL80211_TIMEOUT_UNSPECIFIED; 382 __cfg80211_connect_result(wdev->netdev, &cr, false); 383 } else if (wdev->conn->state == CFG80211_CONN_AUTHENTICATING) { 384 wdev->conn->state = CFG80211_CONN_ASSOCIATE_NEXT; 385 schedule_work(&rdev->conn_work); 386 } 387 } 388 389 bool cfg80211_sme_rx_assoc_resp(struct wireless_dev *wdev, u16 status) 390 { 391 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 392 393 if (!wdev->conn) 394 return false; 395 396 if (status == WLAN_STATUS_SUCCESS) { 397 wdev->conn->state = CFG80211_CONN_CONNECTED; 398 return false; 399 } 400 401 if (wdev->conn->prev_bssid_valid) { 402 /* 403 * Some stupid APs don't accept reassoc, so we 404 * need to fall back to trying regular assoc; 405 * return true so no event is sent to userspace. 406 */ 407 wdev->conn->prev_bssid_valid = false; 408 wdev->conn->state = CFG80211_CONN_ASSOCIATE_NEXT; 409 schedule_work(&rdev->conn_work); 410 return true; 411 } 412 413 wdev->conn->state = CFG80211_CONN_ASSOC_FAILED; 414 schedule_work(&rdev->conn_work); 415 return false; 416 } 417 418 void cfg80211_sme_deauth(struct wireless_dev *wdev) 419 { 420 cfg80211_sme_free(wdev); 421 } 422 423 void cfg80211_sme_auth_timeout(struct wireless_dev *wdev) 424 { 425 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 426 427 if (!wdev->conn) 428 return; 429 430 wdev->conn->state = CFG80211_CONN_AUTH_FAILED_TIMEOUT; 431 schedule_work(&rdev->conn_work); 432 } 433 434 void cfg80211_sme_disassoc(struct wireless_dev *wdev) 435 { 436 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 437 438 if (!wdev->conn) 439 return; 440 441 wdev->conn->state = CFG80211_CONN_DEAUTH; 442 schedule_work(&rdev->conn_work); 443 } 444 445 void cfg80211_sme_assoc_timeout(struct wireless_dev *wdev) 446 { 447 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 448 449 if (!wdev->conn) 450 return; 451 452 wdev->conn->state = CFG80211_CONN_ASSOC_FAILED_TIMEOUT; 453 schedule_work(&rdev->conn_work); 454 } 455 456 void cfg80211_sme_abandon_assoc(struct wireless_dev *wdev) 457 { 458 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 459 460 if (!wdev->conn) 461 return; 462 463 wdev->conn->state = CFG80211_CONN_ABANDON; 464 schedule_work(&rdev->conn_work); 465 } 466 467 static void cfg80211_wdev_release_bsses(struct wireless_dev *wdev) 468 { 469 unsigned int link; 470 471 for_each_valid_link(wdev, link) { 472 if (!wdev->links[link].client.current_bss) 473 continue; 474 cfg80211_unhold_bss(wdev->links[link].client.current_bss); 475 cfg80211_put_bss(wdev->wiphy, 476 &wdev->links[link].client.current_bss->pub); 477 wdev->links[link].client.current_bss = NULL; 478 } 479 } 480 481 void cfg80211_wdev_release_link_bsses(struct wireless_dev *wdev, u16 link_mask) 482 { 483 unsigned int link; 484 485 for_each_valid_link(wdev, link) { 486 if (!wdev->links[link].client.current_bss || 487 !(link_mask & BIT(link))) 488 continue; 489 cfg80211_unhold_bss(wdev->links[link].client.current_bss); 490 cfg80211_put_bss(wdev->wiphy, 491 &wdev->links[link].client.current_bss->pub); 492 wdev->links[link].client.current_bss = NULL; 493 } 494 } 495 496 static int cfg80211_sme_get_conn_ies(struct wireless_dev *wdev, 497 const u8 *ies, size_t ies_len, 498 const u8 **out_ies, size_t *out_ies_len) 499 { 500 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 501 u8 *buf; 502 size_t offs; 503 504 if (!rdev->wiphy.extended_capabilities_len || 505 (ies && cfg80211_find_ie(WLAN_EID_EXT_CAPABILITY, ies, ies_len))) { 506 *out_ies = kmemdup(ies, ies_len, GFP_KERNEL); 507 if (!*out_ies) 508 return -ENOMEM; 509 *out_ies_len = ies_len; 510 return 0; 511 } 512 513 buf = kmalloc(ies_len + rdev->wiphy.extended_capabilities_len + 2, 514 GFP_KERNEL); 515 if (!buf) 516 return -ENOMEM; 517 518 if (ies_len) { 519 static const u8 before_extcapa[] = { 520 /* not listing IEs expected to be created by driver */ 521 WLAN_EID_RSN, 522 WLAN_EID_QOS_CAPA, 523 WLAN_EID_RRM_ENABLED_CAPABILITIES, 524 WLAN_EID_MOBILITY_DOMAIN, 525 WLAN_EID_SUPPORTED_REGULATORY_CLASSES, 526 WLAN_EID_BSS_COEX_2040, 527 }; 528 529 offs = ieee80211_ie_split(ies, ies_len, before_extcapa, 530 ARRAY_SIZE(before_extcapa), 0); 531 memcpy(buf, ies, offs); 532 /* leave a whole for extended capabilities IE */ 533 memcpy(buf + offs + rdev->wiphy.extended_capabilities_len + 2, 534 ies + offs, ies_len - offs); 535 } else { 536 offs = 0; 537 } 538 539 /* place extended capabilities IE (with only driver capabilities) */ 540 buf[offs] = WLAN_EID_EXT_CAPABILITY; 541 buf[offs + 1] = rdev->wiphy.extended_capabilities_len; 542 memcpy(buf + offs + 2, 543 rdev->wiphy.extended_capabilities, 544 rdev->wiphy.extended_capabilities_len); 545 546 *out_ies = buf; 547 *out_ies_len = ies_len + rdev->wiphy.extended_capabilities_len + 2; 548 549 return 0; 550 } 551 552 static int cfg80211_sme_connect(struct wireless_dev *wdev, 553 struct cfg80211_connect_params *connect, 554 const u8 *prev_bssid) 555 { 556 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 557 struct cfg80211_bss *bss; 558 int err; 559 560 if (!rdev->ops->auth || !rdev->ops->assoc) 561 return -EOPNOTSUPP; 562 563 cfg80211_wdev_release_bsses(wdev); 564 565 if (wdev->connected) { 566 cfg80211_sme_free(wdev); 567 wdev->connected = false; 568 } 569 570 if (wdev->conn) 571 return -EINPROGRESS; 572 573 wdev->conn = kzalloc(sizeof(*wdev->conn), GFP_KERNEL); 574 if (!wdev->conn) 575 return -ENOMEM; 576 577 /* 578 * Copy all parameters, and treat explicitly IEs, BSSID, SSID. 579 */ 580 memcpy(&wdev->conn->params, connect, sizeof(*connect)); 581 if (connect->bssid) { 582 wdev->conn->params.bssid = wdev->conn->bssid; 583 memcpy(wdev->conn->bssid, connect->bssid, ETH_ALEN); 584 } 585 586 if (cfg80211_sme_get_conn_ies(wdev, connect->ie, connect->ie_len, 587 &wdev->conn->ie, 588 &wdev->conn->params.ie_len)) { 589 kfree(wdev->conn); 590 wdev->conn = NULL; 591 return -ENOMEM; 592 } 593 wdev->conn->params.ie = wdev->conn->ie; 594 595 if (connect->auth_type == NL80211_AUTHTYPE_AUTOMATIC) { 596 wdev->conn->auto_auth = true; 597 /* start with open system ... should mostly work */ 598 wdev->conn->params.auth_type = 599 NL80211_AUTHTYPE_OPEN_SYSTEM; 600 } else { 601 wdev->conn->auto_auth = false; 602 } 603 604 wdev->conn->params.ssid = wdev->u.client.ssid; 605 wdev->conn->params.ssid_len = wdev->u.client.ssid_len; 606 607 /* see if we have the bss already */ 608 bss = cfg80211_get_bss(wdev->wiphy, wdev->conn->params.channel, 609 wdev->conn->params.bssid, 610 wdev->conn->params.ssid, 611 wdev->conn->params.ssid_len, 612 wdev->conn_bss_type, 613 IEEE80211_PRIVACY(wdev->conn->params.privacy)); 614 615 if (prev_bssid) { 616 memcpy(wdev->conn->prev_bssid, prev_bssid, ETH_ALEN); 617 wdev->conn->prev_bssid_valid = true; 618 } 619 620 /* we're good if we have a matching bss struct */ 621 if (bss) { 622 enum nl80211_timeout_reason treason; 623 624 cfg80211_step_auth_next(wdev->conn, bss); 625 err = cfg80211_conn_do_work(wdev, &treason); 626 cfg80211_put_bss(wdev->wiphy, bss); 627 } else { 628 /* otherwise we'll need to scan for the AP first */ 629 err = cfg80211_conn_scan(wdev); 630 631 /* 632 * If we can't scan right now, then we need to scan again 633 * after the current scan finished, since the parameters 634 * changed (unless we find a good AP anyway). 635 */ 636 if (err == -EBUSY) { 637 err = 0; 638 wdev->conn->state = CFG80211_CONN_SCAN_AGAIN; 639 } 640 } 641 642 if (err) 643 cfg80211_sme_free(wdev); 644 645 return err; 646 } 647 648 static int cfg80211_sme_disconnect(struct wireless_dev *wdev, u16 reason) 649 { 650 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 651 int err; 652 653 if (!wdev->conn) 654 return 0; 655 656 if (!rdev->ops->deauth) 657 return -EOPNOTSUPP; 658 659 if (wdev->conn->state == CFG80211_CONN_SCANNING || 660 wdev->conn->state == CFG80211_CONN_SCAN_AGAIN) { 661 err = 0; 662 goto out; 663 } 664 665 /* wdev->conn->params.bssid must be set if > SCANNING */ 666 err = cfg80211_mlme_deauth(rdev, wdev->netdev, 667 wdev->conn->params.bssid, 668 NULL, 0, reason, false); 669 out: 670 cfg80211_sme_free(wdev); 671 return err; 672 } 673 674 /* 675 * code shared for in-device and software SME 676 */ 677 678 static bool cfg80211_is_all_idle(void) 679 { 680 struct cfg80211_registered_device *rdev; 681 struct wireless_dev *wdev; 682 bool is_all_idle = true; 683 684 /* 685 * All devices must be idle as otherwise if you are actively 686 * scanning some new beacon hints could be learned and would 687 * count as new regulatory hints. 688 * Also if there is any other active beaconing interface we 689 * need not issue a disconnect hint and reset any info such 690 * as chan dfs state, etc. 691 */ 692 for_each_rdev(rdev) { 693 guard(wiphy)(&rdev->wiphy); 694 695 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) { 696 if (wdev->conn || wdev->connected || 697 cfg80211_beaconing_iface_active(wdev)) 698 is_all_idle = false; 699 } 700 } 701 702 return is_all_idle; 703 } 704 705 static void disconnect_work(struct work_struct *work) 706 { 707 rtnl_lock(); 708 if (cfg80211_is_all_idle()) 709 regulatory_hint_disconnect(); 710 rtnl_unlock(); 711 } 712 713 DECLARE_WORK(cfg80211_disconnect_work, disconnect_work); 714 715 static void 716 cfg80211_connect_result_release_bsses(struct wireless_dev *wdev, 717 struct cfg80211_connect_resp_params *cr) 718 { 719 unsigned int link; 720 721 for_each_valid_link(cr, link) { 722 if (!cr->links[link].bss) 723 continue; 724 cfg80211_unhold_bss(bss_from_pub(cr->links[link].bss)); 725 cfg80211_put_bss(wdev->wiphy, cr->links[link].bss); 726 } 727 } 728 729 /* 730 * API calls for drivers implementing connect/disconnect and 731 * SME event handling 732 */ 733 734 /* This method must consume bss one way or another */ 735 void __cfg80211_connect_result(struct net_device *dev, 736 struct cfg80211_connect_resp_params *cr, 737 bool wextev) 738 { 739 struct wireless_dev *wdev = dev->ieee80211_ptr; 740 const struct element *country_elem = NULL; 741 const struct element *ssid; 742 const u8 *country_data; 743 u8 country_datalen; 744 #ifdef CONFIG_CFG80211_WEXT 745 union iwreq_data wrqu; 746 #endif 747 unsigned int link; 748 const u8 *connected_addr; 749 bool bss_not_found = false; 750 751 lockdep_assert_wiphy(wdev->wiphy); 752 753 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_STATION && 754 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)) 755 goto out; 756 757 if (cr->valid_links) { 758 if (WARN_ON(!cr->ap_mld_addr)) 759 goto out; 760 761 for_each_valid_link(cr, link) { 762 if (WARN_ON(!cr->links[link].addr)) 763 goto out; 764 } 765 766 if (WARN_ON(wdev->connect_keys)) 767 goto out; 768 } 769 770 wdev->unprot_beacon_reported = 0; 771 nl80211_send_connect_result(wiphy_to_rdev(wdev->wiphy), dev, cr, 772 GFP_KERNEL); 773 connected_addr = cr->valid_links ? cr->ap_mld_addr : cr->links[0].bssid; 774 775 #ifdef CONFIG_CFG80211_WEXT 776 if (wextev && !cr->valid_links) { 777 if (cr->req_ie && cr->status == WLAN_STATUS_SUCCESS) { 778 memset(&wrqu, 0, sizeof(wrqu)); 779 wrqu.data.length = cr->req_ie_len; 780 wireless_send_event(dev, IWEVASSOCREQIE, &wrqu, 781 cr->req_ie); 782 } 783 784 if (cr->resp_ie && cr->status == WLAN_STATUS_SUCCESS) { 785 memset(&wrqu, 0, sizeof(wrqu)); 786 wrqu.data.length = cr->resp_ie_len; 787 wireless_send_event(dev, IWEVASSOCRESPIE, &wrqu, 788 cr->resp_ie); 789 } 790 791 memset(&wrqu, 0, sizeof(wrqu)); 792 wrqu.ap_addr.sa_family = ARPHRD_ETHER; 793 if (connected_addr && cr->status == WLAN_STATUS_SUCCESS) { 794 memcpy(wrqu.ap_addr.sa_data, connected_addr, ETH_ALEN); 795 memcpy(wdev->wext.prev_bssid, connected_addr, ETH_ALEN); 796 wdev->wext.prev_bssid_valid = true; 797 } 798 wireless_send_event(dev, SIOCGIWAP, &wrqu, NULL); 799 } 800 #endif 801 802 if (cr->status == WLAN_STATUS_SUCCESS) { 803 if (!wiphy_to_rdev(wdev->wiphy)->ops->connect) { 804 for_each_valid_link(cr, link) { 805 if (WARN_ON_ONCE(!cr->links[link].bss)) 806 break; 807 } 808 } 809 810 for_each_valid_link(cr, link) { 811 /* don't do extra lookups for failures */ 812 if (cr->links[link].status != WLAN_STATUS_SUCCESS) 813 continue; 814 815 if (cr->links[link].bss) 816 continue; 817 818 cr->links[link].bss = 819 cfg80211_get_bss(wdev->wiphy, NULL, 820 cr->links[link].bssid, 821 wdev->u.client.ssid, 822 wdev->u.client.ssid_len, 823 wdev->conn_bss_type, 824 IEEE80211_PRIVACY_ANY); 825 if (!cr->links[link].bss) { 826 bss_not_found = true; 827 break; 828 } 829 cfg80211_hold_bss(bss_from_pub(cr->links[link].bss)); 830 } 831 } 832 833 cfg80211_wdev_release_bsses(wdev); 834 835 if (cr->status != WLAN_STATUS_SUCCESS) { 836 kfree_sensitive(wdev->connect_keys); 837 wdev->connect_keys = NULL; 838 wdev->u.client.ssid_len = 0; 839 wdev->conn_owner_nlportid = 0; 840 cfg80211_connect_result_release_bsses(wdev, cr); 841 cfg80211_sme_free(wdev); 842 return; 843 } 844 845 if (WARN_ON(bss_not_found)) { 846 cfg80211_connect_result_release_bsses(wdev, cr); 847 return; 848 } 849 850 memset(wdev->links, 0, sizeof(wdev->links)); 851 for_each_valid_link(cr, link) { 852 if (cr->links[link].status == WLAN_STATUS_SUCCESS) 853 continue; 854 cr->valid_links &= ~BIT(link); 855 /* don't require bss pointer for failed links */ 856 if (!cr->links[link].bss) 857 continue; 858 cfg80211_unhold_bss(bss_from_pub(cr->links[link].bss)); 859 cfg80211_put_bss(wdev->wiphy, cr->links[link].bss); 860 } 861 wdev->valid_links = cr->valid_links; 862 for_each_valid_link(cr, link) 863 wdev->links[link].client.current_bss = 864 bss_from_pub(cr->links[link].bss); 865 wdev->connected = true; 866 ether_addr_copy(wdev->u.client.connected_addr, connected_addr); 867 if (cr->valid_links) { 868 for_each_valid_link(cr, link) 869 memcpy(wdev->links[link].addr, cr->links[link].addr, 870 ETH_ALEN); 871 } 872 873 cfg80211_upload_connect_keys(wdev); 874 875 rcu_read_lock(); 876 for_each_valid_link(cr, link) { 877 country_elem = 878 ieee80211_bss_get_elem(cr->links[link].bss, 879 WLAN_EID_COUNTRY); 880 if (country_elem) 881 break; 882 } 883 if (!country_elem) { 884 rcu_read_unlock(); 885 return; 886 } 887 888 country_datalen = country_elem->datalen; 889 country_data = kmemdup(country_elem->data, country_datalen, GFP_ATOMIC); 890 rcu_read_unlock(); 891 892 if (!country_data) 893 return; 894 895 regulatory_hint_country_ie(wdev->wiphy, 896 cr->links[link].bss->channel->band, 897 country_data, country_datalen); 898 kfree(country_data); 899 900 if (!wdev->u.client.ssid_len) { 901 rcu_read_lock(); 902 for_each_valid_link(cr, link) { 903 ssid = ieee80211_bss_get_elem(cr->links[link].bss, 904 WLAN_EID_SSID); 905 906 if (!ssid || !ssid->datalen) 907 continue; 908 909 memcpy(wdev->u.client.ssid, ssid->data, ssid->datalen); 910 wdev->u.client.ssid_len = ssid->datalen; 911 break; 912 } 913 rcu_read_unlock(); 914 } 915 916 return; 917 out: 918 for_each_valid_link(cr, link) 919 cfg80211_put_bss(wdev->wiphy, cr->links[link].bss); 920 } 921 922 static void cfg80211_update_link_bss(struct wireless_dev *wdev, 923 struct cfg80211_bss **bss) 924 { 925 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 926 struct cfg80211_internal_bss *ibss; 927 928 if (!*bss) 929 return; 930 931 ibss = bss_from_pub(*bss); 932 if (list_empty(&ibss->list)) { 933 struct cfg80211_bss *found = NULL, *tmp = *bss; 934 935 found = cfg80211_get_bss(wdev->wiphy, NULL, 936 (*bss)->bssid, 937 wdev->u.client.ssid, 938 wdev->u.client.ssid_len, 939 wdev->conn_bss_type, 940 IEEE80211_PRIVACY_ANY); 941 if (found) { 942 /* The same BSS is already updated so use it 943 * instead, as it has latest info. 944 */ 945 *bss = found; 946 } else { 947 /* Update with BSS provided by driver, it will 948 * be freshly added and ref cnted, we can free 949 * the old one. 950 * 951 * signal_valid can be false, as we are not 952 * expecting the BSS to be found. 953 * 954 * keep the old timestamp to avoid confusion 955 */ 956 cfg80211_bss_update(rdev, ibss, false, 957 ibss->ts); 958 } 959 960 cfg80211_put_bss(wdev->wiphy, tmp); 961 } 962 } 963 964 /* Consumes bss object(s) one way or another */ 965 void cfg80211_connect_done(struct net_device *dev, 966 struct cfg80211_connect_resp_params *params, 967 gfp_t gfp) 968 { 969 struct wireless_dev *wdev = dev->ieee80211_ptr; 970 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 971 struct cfg80211_event *ev; 972 unsigned long flags; 973 u8 *next; 974 size_t link_info_size = 0; 975 unsigned int link; 976 977 for_each_valid_link(params, link) { 978 cfg80211_update_link_bss(wdev, ¶ms->links[link].bss); 979 link_info_size += params->links[link].bssid ? ETH_ALEN : 0; 980 link_info_size += params->links[link].addr ? ETH_ALEN : 0; 981 } 982 983 ev = kzalloc(sizeof(*ev) + (params->ap_mld_addr ? ETH_ALEN : 0) + 984 params->req_ie_len + params->resp_ie_len + 985 params->fils.kek_len + params->fils.pmk_len + 986 (params->fils.pmkid ? WLAN_PMKID_LEN : 0) + link_info_size, 987 gfp); 988 989 if (!ev) { 990 for_each_valid_link(params, link) 991 cfg80211_put_bss(wdev->wiphy, 992 params->links[link].bss); 993 return; 994 } 995 996 ev->type = EVENT_CONNECT_RESULT; 997 next = ((u8 *)ev) + sizeof(*ev); 998 if (params->ap_mld_addr) { 999 ev->cr.ap_mld_addr = next; 1000 memcpy((void *)ev->cr.ap_mld_addr, params->ap_mld_addr, 1001 ETH_ALEN); 1002 next += ETH_ALEN; 1003 } 1004 if (params->req_ie_len) { 1005 ev->cr.req_ie = next; 1006 ev->cr.req_ie_len = params->req_ie_len; 1007 memcpy((void *)ev->cr.req_ie, params->req_ie, 1008 params->req_ie_len); 1009 next += params->req_ie_len; 1010 } 1011 if (params->resp_ie_len) { 1012 ev->cr.resp_ie = next; 1013 ev->cr.resp_ie_len = params->resp_ie_len; 1014 memcpy((void *)ev->cr.resp_ie, params->resp_ie, 1015 params->resp_ie_len); 1016 next += params->resp_ie_len; 1017 } 1018 if (params->fils.kek_len) { 1019 ev->cr.fils.kek = next; 1020 ev->cr.fils.kek_len = params->fils.kek_len; 1021 memcpy((void *)ev->cr.fils.kek, params->fils.kek, 1022 params->fils.kek_len); 1023 next += params->fils.kek_len; 1024 } 1025 if (params->fils.pmk_len) { 1026 ev->cr.fils.pmk = next; 1027 ev->cr.fils.pmk_len = params->fils.pmk_len; 1028 memcpy((void *)ev->cr.fils.pmk, params->fils.pmk, 1029 params->fils.pmk_len); 1030 next += params->fils.pmk_len; 1031 } 1032 if (params->fils.pmkid) { 1033 ev->cr.fils.pmkid = next; 1034 memcpy((void *)ev->cr.fils.pmkid, params->fils.pmkid, 1035 WLAN_PMKID_LEN); 1036 next += WLAN_PMKID_LEN; 1037 } 1038 ev->cr.fils.update_erp_next_seq_num = params->fils.update_erp_next_seq_num; 1039 if (params->fils.update_erp_next_seq_num) 1040 ev->cr.fils.erp_next_seq_num = params->fils.erp_next_seq_num; 1041 ev->cr.valid_links = params->valid_links; 1042 for_each_valid_link(params, link) { 1043 if (params->links[link].bss) 1044 cfg80211_hold_bss( 1045 bss_from_pub(params->links[link].bss)); 1046 ev->cr.links[link].bss = params->links[link].bss; 1047 ev->cr.links[link].status = params->links[link].status; 1048 1049 if (params->links[link].addr) { 1050 ev->cr.links[link].addr = next; 1051 memcpy((void *)ev->cr.links[link].addr, 1052 params->links[link].addr, 1053 ETH_ALEN); 1054 next += ETH_ALEN; 1055 } 1056 if (params->links[link].bssid) { 1057 ev->cr.links[link].bssid = next; 1058 memcpy((void *)ev->cr.links[link].bssid, 1059 params->links[link].bssid, 1060 ETH_ALEN); 1061 next += ETH_ALEN; 1062 } 1063 } 1064 ev->cr.status = params->status; 1065 ev->cr.timeout_reason = params->timeout_reason; 1066 1067 spin_lock_irqsave(&wdev->event_lock, flags); 1068 list_add_tail(&ev->list, &wdev->event_list); 1069 spin_unlock_irqrestore(&wdev->event_lock, flags); 1070 queue_work(cfg80211_wq, &rdev->event_work); 1071 } 1072 EXPORT_SYMBOL(cfg80211_connect_done); 1073 1074 /* Consumes bss object one way or another */ 1075 void __cfg80211_roamed(struct wireless_dev *wdev, 1076 struct cfg80211_roam_info *info) 1077 { 1078 #ifdef CONFIG_CFG80211_WEXT 1079 union iwreq_data wrqu; 1080 #endif 1081 unsigned int link; 1082 const u8 *connected_addr; 1083 1084 lockdep_assert_wiphy(wdev->wiphy); 1085 1086 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_STATION && 1087 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)) 1088 goto out; 1089 1090 if (WARN_ON(!wdev->connected)) 1091 goto out; 1092 1093 if (info->valid_links) { 1094 if (WARN_ON(!info->ap_mld_addr)) 1095 goto out; 1096 1097 for_each_valid_link(info, link) { 1098 if (WARN_ON(!info->links[link].addr)) 1099 goto out; 1100 } 1101 } 1102 1103 cfg80211_wdev_release_bsses(wdev); 1104 1105 for_each_valid_link(info, link) { 1106 if (WARN_ON(!info->links[link].bss)) 1107 goto out; 1108 } 1109 1110 memset(wdev->links, 0, sizeof(wdev->links)); 1111 wdev->valid_links = info->valid_links; 1112 for_each_valid_link(info, link) { 1113 cfg80211_hold_bss(bss_from_pub(info->links[link].bss)); 1114 wdev->links[link].client.current_bss = 1115 bss_from_pub(info->links[link].bss); 1116 } 1117 1118 connected_addr = info->valid_links ? 1119 info->ap_mld_addr : 1120 info->links[0].bss->bssid; 1121 ether_addr_copy(wdev->u.client.connected_addr, connected_addr); 1122 if (info->valid_links) { 1123 for_each_valid_link(info, link) 1124 memcpy(wdev->links[link].addr, info->links[link].addr, 1125 ETH_ALEN); 1126 } 1127 wdev->unprot_beacon_reported = 0; 1128 nl80211_send_roamed(wiphy_to_rdev(wdev->wiphy), 1129 wdev->netdev, info, GFP_KERNEL); 1130 1131 #ifdef CONFIG_CFG80211_WEXT 1132 if (!info->valid_links) { 1133 if (info->req_ie) { 1134 memset(&wrqu, 0, sizeof(wrqu)); 1135 wrqu.data.length = info->req_ie_len; 1136 wireless_send_event(wdev->netdev, IWEVASSOCREQIE, 1137 &wrqu, info->req_ie); 1138 } 1139 1140 if (info->resp_ie) { 1141 memset(&wrqu, 0, sizeof(wrqu)); 1142 wrqu.data.length = info->resp_ie_len; 1143 wireless_send_event(wdev->netdev, IWEVASSOCRESPIE, 1144 &wrqu, info->resp_ie); 1145 } 1146 1147 memset(&wrqu, 0, sizeof(wrqu)); 1148 wrqu.ap_addr.sa_family = ARPHRD_ETHER; 1149 memcpy(wrqu.ap_addr.sa_data, connected_addr, ETH_ALEN); 1150 memcpy(wdev->wext.prev_bssid, connected_addr, ETH_ALEN); 1151 wdev->wext.prev_bssid_valid = true; 1152 wireless_send_event(wdev->netdev, SIOCGIWAP, &wrqu, NULL); 1153 } 1154 #endif 1155 1156 return; 1157 out: 1158 for_each_valid_link(info, link) 1159 cfg80211_put_bss(wdev->wiphy, info->links[link].bss); 1160 } 1161 1162 /* Consumes info->links.bss object(s) one way or another */ 1163 void cfg80211_roamed(struct net_device *dev, struct cfg80211_roam_info *info, 1164 gfp_t gfp) 1165 { 1166 struct wireless_dev *wdev = dev->ieee80211_ptr; 1167 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 1168 struct cfg80211_event *ev; 1169 unsigned long flags; 1170 u8 *next; 1171 unsigned int link; 1172 size_t link_info_size = 0; 1173 bool bss_not_found = false; 1174 1175 for_each_valid_link(info, link) { 1176 link_info_size += info->links[link].addr ? ETH_ALEN : 0; 1177 link_info_size += info->links[link].bssid ? ETH_ALEN : 0; 1178 1179 if (info->links[link].bss) 1180 continue; 1181 1182 info->links[link].bss = 1183 cfg80211_get_bss(wdev->wiphy, 1184 info->links[link].channel, 1185 info->links[link].bssid, 1186 wdev->u.client.ssid, 1187 wdev->u.client.ssid_len, 1188 wdev->conn_bss_type, 1189 IEEE80211_PRIVACY_ANY); 1190 1191 if (!info->links[link].bss) { 1192 bss_not_found = true; 1193 break; 1194 } 1195 } 1196 1197 if (WARN_ON(bss_not_found)) 1198 goto out; 1199 1200 ev = kzalloc(sizeof(*ev) + info->req_ie_len + info->resp_ie_len + 1201 info->fils.kek_len + info->fils.pmk_len + 1202 (info->fils.pmkid ? WLAN_PMKID_LEN : 0) + 1203 (info->ap_mld_addr ? ETH_ALEN : 0) + link_info_size, gfp); 1204 if (!ev) 1205 goto out; 1206 1207 ev->type = EVENT_ROAMED; 1208 next = ((u8 *)ev) + sizeof(*ev); 1209 if (info->req_ie_len) { 1210 ev->rm.req_ie = next; 1211 ev->rm.req_ie_len = info->req_ie_len; 1212 memcpy((void *)ev->rm.req_ie, info->req_ie, info->req_ie_len); 1213 next += info->req_ie_len; 1214 } 1215 if (info->resp_ie_len) { 1216 ev->rm.resp_ie = next; 1217 ev->rm.resp_ie_len = info->resp_ie_len; 1218 memcpy((void *)ev->rm.resp_ie, info->resp_ie, 1219 info->resp_ie_len); 1220 next += info->resp_ie_len; 1221 } 1222 if (info->fils.kek_len) { 1223 ev->rm.fils.kek = next; 1224 ev->rm.fils.kek_len = info->fils.kek_len; 1225 memcpy((void *)ev->rm.fils.kek, info->fils.kek, 1226 info->fils.kek_len); 1227 next += info->fils.kek_len; 1228 } 1229 if (info->fils.pmk_len) { 1230 ev->rm.fils.pmk = next; 1231 ev->rm.fils.pmk_len = info->fils.pmk_len; 1232 memcpy((void *)ev->rm.fils.pmk, info->fils.pmk, 1233 info->fils.pmk_len); 1234 next += info->fils.pmk_len; 1235 } 1236 if (info->fils.pmkid) { 1237 ev->rm.fils.pmkid = next; 1238 memcpy((void *)ev->rm.fils.pmkid, info->fils.pmkid, 1239 WLAN_PMKID_LEN); 1240 next += WLAN_PMKID_LEN; 1241 } 1242 ev->rm.fils.update_erp_next_seq_num = info->fils.update_erp_next_seq_num; 1243 if (info->fils.update_erp_next_seq_num) 1244 ev->rm.fils.erp_next_seq_num = info->fils.erp_next_seq_num; 1245 if (info->ap_mld_addr) { 1246 ev->rm.ap_mld_addr = next; 1247 memcpy((void *)ev->rm.ap_mld_addr, info->ap_mld_addr, 1248 ETH_ALEN); 1249 next += ETH_ALEN; 1250 } 1251 ev->rm.valid_links = info->valid_links; 1252 for_each_valid_link(info, link) { 1253 ev->rm.links[link].bss = info->links[link].bss; 1254 1255 if (info->links[link].addr) { 1256 ev->rm.links[link].addr = next; 1257 memcpy((void *)ev->rm.links[link].addr, 1258 info->links[link].addr, 1259 ETH_ALEN); 1260 next += ETH_ALEN; 1261 } 1262 1263 if (info->links[link].bssid) { 1264 ev->rm.links[link].bssid = next; 1265 memcpy((void *)ev->rm.links[link].bssid, 1266 info->links[link].bssid, 1267 ETH_ALEN); 1268 next += ETH_ALEN; 1269 } 1270 } 1271 1272 spin_lock_irqsave(&wdev->event_lock, flags); 1273 list_add_tail(&ev->list, &wdev->event_list); 1274 spin_unlock_irqrestore(&wdev->event_lock, flags); 1275 queue_work(cfg80211_wq, &rdev->event_work); 1276 1277 return; 1278 out: 1279 for_each_valid_link(info, link) 1280 cfg80211_put_bss(wdev->wiphy, info->links[link].bss); 1281 1282 } 1283 EXPORT_SYMBOL(cfg80211_roamed); 1284 1285 void __cfg80211_port_authorized(struct wireless_dev *wdev, const u8 *peer_addr, 1286 const u8 *td_bitmap, u8 td_bitmap_len) 1287 { 1288 lockdep_assert_wiphy(wdev->wiphy); 1289 1290 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_STATION && 1291 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT && 1292 wdev->iftype != NL80211_IFTYPE_AP && 1293 wdev->iftype != NL80211_IFTYPE_P2P_GO)) 1294 return; 1295 1296 if (wdev->iftype == NL80211_IFTYPE_STATION || 1297 wdev->iftype == NL80211_IFTYPE_P2P_CLIENT) { 1298 if (WARN_ON(!wdev->connected) || 1299 WARN_ON(!ether_addr_equal(wdev->u.client.connected_addr, peer_addr))) 1300 return; 1301 } 1302 1303 nl80211_send_port_authorized(wiphy_to_rdev(wdev->wiphy), wdev->netdev, 1304 peer_addr, td_bitmap, td_bitmap_len); 1305 } 1306 1307 void cfg80211_port_authorized(struct net_device *dev, const u8 *peer_addr, 1308 const u8 *td_bitmap, u8 td_bitmap_len, gfp_t gfp) 1309 { 1310 struct wireless_dev *wdev = dev->ieee80211_ptr; 1311 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 1312 struct cfg80211_event *ev; 1313 unsigned long flags; 1314 1315 if (WARN_ON(!peer_addr)) 1316 return; 1317 1318 ev = kzalloc(sizeof(*ev) + td_bitmap_len, gfp); 1319 if (!ev) 1320 return; 1321 1322 ev->type = EVENT_PORT_AUTHORIZED; 1323 memcpy(ev->pa.peer_addr, peer_addr, ETH_ALEN); 1324 ev->pa.td_bitmap = ((u8 *)ev) + sizeof(*ev); 1325 ev->pa.td_bitmap_len = td_bitmap_len; 1326 memcpy((void *)ev->pa.td_bitmap, td_bitmap, td_bitmap_len); 1327 1328 /* 1329 * Use the wdev event list so that if there are pending 1330 * connected/roamed events, they will be reported first. 1331 */ 1332 spin_lock_irqsave(&wdev->event_lock, flags); 1333 list_add_tail(&ev->list, &wdev->event_list); 1334 spin_unlock_irqrestore(&wdev->event_lock, flags); 1335 queue_work(cfg80211_wq, &rdev->event_work); 1336 } 1337 EXPORT_SYMBOL(cfg80211_port_authorized); 1338 1339 void __cfg80211_disconnected(struct net_device *dev, const u8 *ie, 1340 size_t ie_len, u16 reason, bool from_ap) 1341 { 1342 struct wireless_dev *wdev = dev->ieee80211_ptr; 1343 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 1344 int i; 1345 #ifdef CONFIG_CFG80211_WEXT 1346 union iwreq_data wrqu; 1347 #endif 1348 1349 lockdep_assert_wiphy(wdev->wiphy); 1350 1351 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_STATION && 1352 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)) 1353 return; 1354 1355 cfg80211_wdev_release_bsses(wdev); 1356 wdev->valid_links = 0; 1357 wdev->connected = false; 1358 wdev->u.client.ssid_len = 0; 1359 wdev->conn_owner_nlportid = 0; 1360 kfree_sensitive(wdev->connect_keys); 1361 wdev->connect_keys = NULL; 1362 1363 nl80211_send_disconnected(rdev, dev, reason, ie, ie_len, from_ap); 1364 1365 /* stop critical protocol if supported */ 1366 if (rdev->ops->crit_proto_stop && rdev->crit_proto_nlportid) { 1367 rdev->crit_proto_nlportid = 0; 1368 rdev_crit_proto_stop(rdev, wdev); 1369 } 1370 1371 /* 1372 * Delete all the keys ... pairwise keys can't really 1373 * exist any more anyway, but default keys might. 1374 */ 1375 if (rdev->ops->del_key) { 1376 int max_key_idx = 5; 1377 1378 if (wiphy_ext_feature_isset( 1379 wdev->wiphy, 1380 NL80211_EXT_FEATURE_BEACON_PROTECTION) || 1381 wiphy_ext_feature_isset( 1382 wdev->wiphy, 1383 NL80211_EXT_FEATURE_BEACON_PROTECTION_CLIENT)) 1384 max_key_idx = 7; 1385 for (i = 0; i <= max_key_idx; i++) 1386 rdev_del_key(rdev, dev, -1, i, false, NULL); 1387 } 1388 1389 rdev_set_qos_map(rdev, dev, NULL); 1390 1391 #ifdef CONFIG_CFG80211_WEXT 1392 memset(&wrqu, 0, sizeof(wrqu)); 1393 wrqu.ap_addr.sa_family = ARPHRD_ETHER; 1394 wireless_send_event(dev, SIOCGIWAP, &wrqu, NULL); 1395 wdev->wext.connect.ssid_len = 0; 1396 #endif 1397 1398 schedule_work(&cfg80211_disconnect_work); 1399 1400 cfg80211_schedule_channels_check(wdev); 1401 } 1402 1403 void cfg80211_disconnected(struct net_device *dev, u16 reason, 1404 const u8 *ie, size_t ie_len, 1405 bool locally_generated, gfp_t gfp) 1406 { 1407 struct wireless_dev *wdev = dev->ieee80211_ptr; 1408 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 1409 struct cfg80211_event *ev; 1410 unsigned long flags; 1411 1412 ev = kzalloc(sizeof(*ev) + ie_len, gfp); 1413 if (!ev) 1414 return; 1415 1416 ev->type = EVENT_DISCONNECTED; 1417 ev->dc.ie = ((u8 *)ev) + sizeof(*ev); 1418 ev->dc.ie_len = ie_len; 1419 memcpy((void *)ev->dc.ie, ie, ie_len); 1420 ev->dc.reason = reason; 1421 ev->dc.locally_generated = locally_generated; 1422 1423 spin_lock_irqsave(&wdev->event_lock, flags); 1424 list_add_tail(&ev->list, &wdev->event_list); 1425 spin_unlock_irqrestore(&wdev->event_lock, flags); 1426 queue_work(cfg80211_wq, &rdev->event_work); 1427 } 1428 EXPORT_SYMBOL(cfg80211_disconnected); 1429 1430 /* 1431 * API calls for nl80211/wext compatibility code 1432 */ 1433 int cfg80211_connect(struct cfg80211_registered_device *rdev, 1434 struct net_device *dev, 1435 struct cfg80211_connect_params *connect, 1436 struct cfg80211_cached_keys *connkeys, 1437 const u8 *prev_bssid) 1438 { 1439 struct wireless_dev *wdev = dev->ieee80211_ptr; 1440 int err; 1441 1442 lockdep_assert_wiphy(wdev->wiphy); 1443 1444 /* 1445 * If we have an ssid_len, we're trying to connect or are 1446 * already connected, so reject a new SSID unless it's the 1447 * same (which is the case for re-association.) 1448 */ 1449 if (wdev->u.client.ssid_len && 1450 (wdev->u.client.ssid_len != connect->ssid_len || 1451 memcmp(wdev->u.client.ssid, connect->ssid, wdev->u.client.ssid_len))) 1452 return -EALREADY; 1453 1454 /* 1455 * If connected, reject (re-)association unless prev_bssid 1456 * matches the current BSSID. 1457 */ 1458 if (wdev->connected) { 1459 if (!prev_bssid) 1460 return -EALREADY; 1461 if (!ether_addr_equal(prev_bssid, 1462 wdev->u.client.connected_addr)) 1463 return -ENOTCONN; 1464 } 1465 1466 /* 1467 * Reject if we're in the process of connecting with WEP, 1468 * this case isn't very interesting and trying to handle 1469 * it would make the code much more complex. 1470 */ 1471 if (wdev->connect_keys) 1472 return -EINPROGRESS; 1473 1474 cfg80211_oper_and_ht_capa(&connect->ht_capa_mask, 1475 rdev->wiphy.ht_capa_mod_mask); 1476 cfg80211_oper_and_vht_capa(&connect->vht_capa_mask, 1477 rdev->wiphy.vht_capa_mod_mask); 1478 1479 if (connkeys && connkeys->def >= 0) { 1480 int idx; 1481 u32 cipher; 1482 1483 idx = connkeys->def; 1484 cipher = connkeys->params[idx].cipher; 1485 /* If given a WEP key we may need it for shared key auth */ 1486 if (cipher == WLAN_CIPHER_SUITE_WEP40 || 1487 cipher == WLAN_CIPHER_SUITE_WEP104) { 1488 connect->key_idx = idx; 1489 connect->key = connkeys->params[idx].key; 1490 connect->key_len = connkeys->params[idx].key_len; 1491 1492 /* 1493 * If ciphers are not set (e.g. when going through 1494 * iwconfig), we have to set them appropriately here. 1495 */ 1496 if (connect->crypto.cipher_group == 0) 1497 connect->crypto.cipher_group = cipher; 1498 1499 if (connect->crypto.n_ciphers_pairwise == 0) { 1500 connect->crypto.n_ciphers_pairwise = 1; 1501 connect->crypto.ciphers_pairwise[0] = cipher; 1502 } 1503 } 1504 } else { 1505 if (WARN_ON(connkeys)) 1506 return -EINVAL; 1507 1508 /* connect can point to wdev->wext.connect which 1509 * can hold key data from a previous connection 1510 */ 1511 connect->key = NULL; 1512 connect->key_len = 0; 1513 connect->key_idx = 0; 1514 } 1515 1516 wdev->connect_keys = connkeys; 1517 memcpy(wdev->u.client.ssid, connect->ssid, connect->ssid_len); 1518 wdev->u.client.ssid_len = connect->ssid_len; 1519 1520 wdev->conn_bss_type = connect->pbss ? IEEE80211_BSS_TYPE_PBSS : 1521 IEEE80211_BSS_TYPE_ESS; 1522 1523 if (!rdev->ops->connect) 1524 err = cfg80211_sme_connect(wdev, connect, prev_bssid); 1525 else 1526 err = rdev_connect(rdev, dev, connect); 1527 1528 if (err) { 1529 wdev->connect_keys = NULL; 1530 /* 1531 * This could be reassoc getting refused, don't clear 1532 * ssid_len in that case. 1533 */ 1534 if (!wdev->connected) 1535 wdev->u.client.ssid_len = 0; 1536 return err; 1537 } 1538 1539 return 0; 1540 } 1541 1542 int cfg80211_disconnect(struct cfg80211_registered_device *rdev, 1543 struct net_device *dev, u16 reason, bool wextev) 1544 { 1545 struct wireless_dev *wdev = dev->ieee80211_ptr; 1546 int err = 0; 1547 1548 lockdep_assert_wiphy(wdev->wiphy); 1549 1550 kfree_sensitive(wdev->connect_keys); 1551 wdev->connect_keys = NULL; 1552 1553 wdev->conn_owner_nlportid = 0; 1554 1555 if (wdev->conn) 1556 err = cfg80211_sme_disconnect(wdev, reason); 1557 else if (!rdev->ops->disconnect) 1558 cfg80211_mlme_down(rdev, dev); 1559 else if (wdev->u.client.ssid_len) 1560 err = rdev_disconnect(rdev, dev, reason); 1561 1562 /* 1563 * Clear ssid_len unless we actually were fully connected, 1564 * in which case cfg80211_disconnected() will take care of 1565 * this later. 1566 */ 1567 if (!wdev->connected) 1568 wdev->u.client.ssid_len = 0; 1569 1570 return err; 1571 } 1572 1573 /* 1574 * Used to clean up after the connection / connection attempt owner socket 1575 * disconnects 1576 */ 1577 void cfg80211_autodisconnect_wk(struct work_struct *work) 1578 { 1579 struct wireless_dev *wdev = 1580 container_of(work, struct wireless_dev, disconnect_wk); 1581 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 1582 1583 guard(wiphy)(wdev->wiphy); 1584 1585 if (wdev->conn_owner_nlportid) { 1586 switch (wdev->iftype) { 1587 case NL80211_IFTYPE_ADHOC: 1588 cfg80211_leave_ibss(rdev, wdev->netdev, false); 1589 break; 1590 case NL80211_IFTYPE_AP: 1591 case NL80211_IFTYPE_P2P_GO: 1592 cfg80211_stop_ap(rdev, wdev->netdev, -1, false); 1593 break; 1594 case NL80211_IFTYPE_MESH_POINT: 1595 cfg80211_leave_mesh(rdev, wdev->netdev); 1596 break; 1597 case NL80211_IFTYPE_STATION: 1598 case NL80211_IFTYPE_P2P_CLIENT: 1599 /* 1600 * Use disconnect_bssid if still connecting and 1601 * ops->disconnect not implemented. Otherwise we can 1602 * use cfg80211_disconnect. 1603 */ 1604 if (rdev->ops->disconnect || wdev->connected) 1605 cfg80211_disconnect(rdev, wdev->netdev, 1606 WLAN_REASON_DEAUTH_LEAVING, 1607 true); 1608 else 1609 cfg80211_mlme_deauth(rdev, wdev->netdev, 1610 wdev->disconnect_bssid, 1611 NULL, 0, 1612 WLAN_REASON_DEAUTH_LEAVING, 1613 false); 1614 break; 1615 default: 1616 break; 1617 } 1618 } 1619 } 1620