net/wireless/mlme.c

   1 // SPDX-License-Identifier: GPL-2.0
   2 /*
   3  * cfg80211 MLME SAP interface
   4  *
   5  * Copyright (c) 2009, Jouni Malinen <j@w1.fi>
   6  * Copyright (c) 2015           Intel Deutschland GmbH
   7  * Copyright (C) 2019 Intel Corporation
   8  */
   9
  10 #include <linux/kernel.h>
  11 #include <linux/module.h>
  12 #include <linux/etherdevice.h>
  13 #include <linux/netdevice.h>
  14 #include <linux/nl80211.h>
  15 #include <linux/slab.h>
  16 #include <linux/wireless.h>
  17 #include <net/cfg80211.h>
  18 #include <net/iw_handler.h>
  19 #include "core.h"
  20 #include "nl80211.h"
  21 #include "rdev-ops.h"
  22
  23
  24 void cfg80211_rx_assoc_resp(struct net_device *dev, struct cfg80211_bss *bss,
  25                             const u8 *buf, size_t len, int uapsd_queues,
  26                             const u8 *req_ies, size_t req_ies_len)
  27 {
  28         struct wireless_dev *wdev = dev->ieee80211_ptr;
  29         struct wiphy *wiphy = wdev->wiphy;
  30         struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
  31         struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)buf;
  32         struct cfg80211_connect_resp_params cr;
  33
  34         memset(&cr, 0, sizeof(cr));
  35         cr.status = (int)le16_to_cpu(mgmt->u.assoc_resp.status_code);
  36         cr.bssid = mgmt->bssid;
  37         cr.bss = bss;
  38         cr.req_ie = req_ies;
  39         cr.req_ie_len = req_ies_len;
  40         cr.resp_ie = mgmt->u.assoc_resp.variable;
  41         cr.resp_ie_len =
  42                 len - offsetof(struct ieee80211_mgmt, u.assoc_resp.variable);
  43         cr.timeout_reason = NL80211_TIMEOUT_UNSPECIFIED;
  44
  45         trace_cfg80211_send_rx_assoc(dev, bss);
  46
  47         /*
  48          * This is a bit of a hack, we don't notify userspace of
  49          * a (re-)association reply if we tried to send a reassoc
  50          * and got a reject -- we only try again with an assoc
  51          * frame instead of reassoc.
  52          */
  53         if (cfg80211_sme_rx_assoc_resp(wdev, cr.status)) {
  54                 cfg80211_unhold_bss(bss_from_pub(bss));
  55                 cfg80211_put_bss(wiphy, bss);
  56                 return;
  57         }
  58
  59         nl80211_send_rx_assoc(rdev, dev, buf, len, GFP_KERNEL, uapsd_queues,
  60                               req_ies, req_ies_len);
  61         /* update current_bss etc., consumes the bss reference */
  62         __cfg80211_connect_result(dev, &cr, cr.status == WLAN_STATUS_SUCCESS);
  63 }
  64 EXPORT_SYMBOL(cfg80211_rx_assoc_resp);
  65
  66 static void cfg80211_process_auth(struct wireless_dev *wdev,
  67                                   const u8 *buf, size_t len)
  68 {
  69         struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
  70
  71         nl80211_send_rx_auth(rdev, wdev->netdev, buf, len, GFP_KERNEL);
  72         cfg80211_sme_rx_auth(wdev, buf, len);
  73 }
  74
  75 static void cfg80211_process_deauth(struct wireless_dev *wdev,
  76                                     const u8 *buf, size_t len)
  77 {
  78         struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
  79         struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)buf;
  80         const u8 *bssid = mgmt->bssid;
  81         u16 reason_code = le16_to_cpu(mgmt->u.deauth.reason_code);
  82         bool from_ap = !ether_addr_equal(mgmt->sa, wdev->netdev->dev_addr);
  83
  84         nl80211_send_deauth(rdev, wdev->netdev, buf, len, GFP_KERNEL);
  85
  86         if (!wdev->current_bss ||
  87             !ether_addr_equal(wdev->current_bss->pub.bssid, bssid))
  88                 return;
  89
  90         __cfg80211_disconnected(wdev->netdev, NULL, 0, reason_code, from_ap);
  91         cfg80211_sme_deauth(wdev);
  92 }
  93
  94 static void cfg80211_process_disassoc(struct wireless_dev *wdev,
  95                                       const u8 *buf, size_t len)
  96 {
  97         struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
  98         struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)buf;
  99         const u8 *bssid = mgmt->bssid;
 100         u16 reason_code = le16_to_cpu(mgmt->u.disassoc.reason_code);
 101         bool from_ap = !ether_addr_equal(mgmt->sa, wdev->netdev->dev_addr);
 102
 103         nl80211_send_disassoc(rdev, wdev->netdev, buf, len, GFP_KERNEL);
 104
 105         if (WARN_ON(!wdev->current_bss ||
 106                     !ether_addr_equal(wdev->current_bss->pub.bssid, bssid)))
 107                 return;
 108
 109         __cfg80211_disconnected(wdev->netdev, NULL, 0, reason_code, from_ap);
 110         cfg80211_sme_disassoc(wdev);
 111 }
 112
 113 void cfg80211_rx_mlme_mgmt(struct net_device *dev, const u8 *buf, size_t len)
 114 {
 115         struct wireless_dev *wdev = dev->ieee80211_ptr;
 116         struct ieee80211_mgmt *mgmt = (void *)buf;
 117
 118         ASSERT_WDEV_LOCK(wdev);
 119
 120         trace_cfg80211_rx_mlme_mgmt(dev, buf, len);
 121
 122         if (WARN_ON(len < 2))
 123                 return;
 124
 125         if (ieee80211_is_auth(mgmt->frame_control))
 126                 cfg80211_process_auth(wdev, buf, len);
 127         else if (ieee80211_is_deauth(mgmt->frame_control))
 128                 cfg80211_process_deauth(wdev, buf, len);
 129         else if (ieee80211_is_disassoc(mgmt->frame_control))
 130                 cfg80211_process_disassoc(wdev, buf, len);
 131 }
 132 EXPORT_SYMBOL(cfg80211_rx_mlme_mgmt);
 133
 134 void cfg80211_auth_timeout(struct net_device *dev, const u8 *addr)
 135 {
 136         struct wireless_dev *wdev = dev->ieee80211_ptr;
 137         struct wiphy *wiphy = wdev->wiphy;
 138         struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
 139
 140         trace_cfg80211_send_auth_timeout(dev, addr);
 141
 142         nl80211_send_auth_timeout(rdev, dev, addr, GFP_KERNEL);
 143         cfg80211_sme_auth_timeout(wdev);
 144 }
 145 EXPORT_SYMBOL(cfg80211_auth_timeout);
 146
 147 void cfg80211_assoc_timeout(struct net_device *dev, struct cfg80211_bss *bss)
 148 {
 149         struct wireless_dev *wdev = dev->ieee80211_ptr;
 150         struct wiphy *wiphy = wdev->wiphy;
 151         struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
 152
 153         trace_cfg80211_send_assoc_timeout(dev, bss->bssid);
 154
 155         nl80211_send_assoc_timeout(rdev, dev, bss->bssid, GFP_KERNEL);
 156         cfg80211_sme_assoc_timeout(wdev);
 157
 158         cfg80211_unhold_bss(bss_from_pub(bss));
 159         cfg80211_put_bss(wiphy, bss);
 160 }
 161 EXPORT_SYMBOL(cfg80211_assoc_timeout);
 162
 163 void cfg80211_abandon_assoc(struct net_device *dev, struct cfg80211_bss *bss)
 164 {
 165         struct wireless_dev *wdev = dev->ieee80211_ptr;
 166         struct wiphy *wiphy = wdev->wiphy;
 167
 168         cfg80211_sme_abandon_assoc(wdev);
 169
 170         cfg80211_unhold_bss(bss_from_pub(bss));
 171         cfg80211_put_bss(wiphy, bss);
 172 }
 173 EXPORT_SYMBOL(cfg80211_abandon_assoc);
 174
 175 void cfg80211_tx_mlme_mgmt(struct net_device *dev, const u8 *buf, size_t len)
 176 {
 177         struct wireless_dev *wdev = dev->ieee80211_ptr;
 178         struct ieee80211_mgmt *mgmt = (void *)buf;
 179
 180         ASSERT_WDEV_LOCK(wdev);
 181
 182         trace_cfg80211_tx_mlme_mgmt(dev, buf, len);
 183
 184         if (WARN_ON(len < 2))
 185                 return;
 186
 187         if (ieee80211_is_deauth(mgmt->frame_control))
 188                 cfg80211_process_deauth(wdev, buf, len);
 189         else
 190                 cfg80211_process_disassoc(wdev, buf, len);
 191 }
 192 EXPORT_SYMBOL(cfg80211_tx_mlme_mgmt);
 193
 194 void cfg80211_michael_mic_failure(struct net_device *dev, const u8 *addr,
 195                                   enum nl80211_key_type key_type, int key_id,
 196                                   const u8 *tsc, gfp_t gfp)
 197 {
 198         struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
 199         struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
 200 #ifdef CONFIG_CFG80211_WEXT
 201         union iwreq_data wrqu;
 202         char *buf = kmalloc(128, gfp);
 203
 204         if (buf) {
 205                 sprintf(buf, "MLME-MICHAELMICFAILURE.indication("
 206                         "keyid=%d %scast addr=%pM)", key_id,
 207                         key_type == NL80211_KEYTYPE_GROUP ? "broad" : "uni",
 208                         addr);
 209                 memset(&wrqu, 0, sizeof(wrqu));
 210                 wrqu.data.length = strlen(buf);
 211                 wireless_send_event(dev, IWEVCUSTOM, &wrqu, buf);
 212                 kfree(buf);
 213         }
 214 #endif
 215
 216         trace_cfg80211_michael_mic_failure(dev, addr, key_type, key_id, tsc);
 217         nl80211_michael_mic_failure(rdev, dev, addr, key_type, key_id, tsc, gfp);
 218 }
 219 EXPORT_SYMBOL(cfg80211_michael_mic_failure);
 220
 221 /* some MLME handling for userspace SME */
 222 int cfg80211_mlme_auth(struct cfg80211_registered_device *rdev,
 223                        struct net_device *dev,
 224                        struct ieee80211_channel *chan,
 225                        enum nl80211_auth_type auth_type,
 226                        const u8 *bssid,
 227                        const u8 *ssid, int ssid_len,
 228                        const u8 *ie, int ie_len,
 229                        const u8 *key, int key_len, int key_idx,
 230                        const u8 *auth_data, int auth_data_len)
 231 {
 232         struct wireless_dev *wdev = dev->ieee80211_ptr;
 233         struct cfg80211_auth_request req = {
 234                 .ie = ie,
 235                 .ie_len = ie_len,
 236                 .auth_data = auth_data,
 237                 .auth_data_len = auth_data_len,
 238                 .auth_type = auth_type,
 239                 .key = key,
 240                 .key_len = key_len,
 241                 .key_idx = key_idx,
 242         };
 243         int err;
 244
 245         ASSERT_WDEV_LOCK(wdev);
 246
 247         if (auth_type == NL80211_AUTHTYPE_SHARED_KEY)
 248                 if (!key || !key_len || key_idx < 0 || key_idx > 3)
 249                         return -EINVAL;
 250
 251         if (wdev->current_bss &&
 252             ether_addr_equal(bssid, wdev->current_bss->pub.bssid))
 253                 return -EALREADY;
 254
 255         req.bss = cfg80211_get_bss(&rdev->wiphy, chan, bssid, ssid, ssid_len,
 256                                    IEEE80211_BSS_TYPE_ESS,
 257                                    IEEE80211_PRIVACY_ANY);
 258         if (!req.bss)
 259                 return -ENOENT;
 260
 261         err = rdev_auth(rdev, dev, &req);
 262
 263         cfg80211_put_bss(&rdev->wiphy, req.bss);
 264         return err;
 265 }
 266
 267 /*  Do a logical ht_capa &= ht_capa_mask.  */
 268 void cfg80211_oper_and_ht_capa(struct ieee80211_ht_cap *ht_capa,
 269                                const struct ieee80211_ht_cap *ht_capa_mask)
 270 {
 271         int i;
 272         u8 *p1, *p2;
 273         if (!ht_capa_mask) {
 274                 memset(ht_capa, 0, sizeof(*ht_capa));
 275                 return;
 276         }
 277
 278         p1 = (u8*)(ht_capa);
 279         p2 = (u8*)(ht_capa_mask);
 280         for (i = 0; i < sizeof(*ht_capa); i++)
 281                 p1[i] &= p2[i];
 282 }
 283
 284 /*  Do a logical vht_capa &= vht_capa_mask.  */
 285 void cfg80211_oper_and_vht_capa(struct ieee80211_vht_cap *vht_capa,
 286                                 const struct ieee80211_vht_cap *vht_capa_mask)
 287 {
 288         int i;
 289         u8 *p1, *p2;
 290         if (!vht_capa_mask) {
 291                 memset(vht_capa, 0, sizeof(*vht_capa));
 292                 return;
 293         }
 294
 295         p1 = (u8*)(vht_capa);
 296         p2 = (u8*)(vht_capa_mask);
 297         for (i = 0; i < sizeof(*vht_capa); i++)
 298                 p1[i] &= p2[i];
 299 }
 300
 301 int cfg80211_mlme_assoc(struct cfg80211_registered_device *rdev,
 302                         struct net_device *dev,
 303                         struct ieee80211_channel *chan,
 304                         const u8 *bssid,
 305                         const u8 *ssid, int ssid_len,
 306                         struct cfg80211_assoc_request *req)
 307 {
 308         struct wireless_dev *wdev = dev->ieee80211_ptr;
 309         int err;
 310
 311         ASSERT_WDEV_LOCK(wdev);
 312
 313         if (wdev->current_bss &&
 314             (!req->prev_bssid || !ether_addr_equal(wdev->current_bss->pub.bssid,
 315                                                    req->prev_bssid)))
 316                 return -EALREADY;
 317
 318         cfg80211_oper_and_ht_capa(&req->ht_capa_mask,
 319                                   rdev->wiphy.ht_capa_mod_mask);
 320         cfg80211_oper_and_vht_capa(&req->vht_capa_mask,
 321                                    rdev->wiphy.vht_capa_mod_mask);
 322
 323         req->bss = cfg80211_get_bss(&rdev->wiphy, chan, bssid, ssid, ssid_len,
 324                                     IEEE80211_BSS_TYPE_ESS,
 325                                     IEEE80211_PRIVACY_ANY);
 326         if (!req->bss)
 327                 return -ENOENT;
 328
 329         err = rdev_assoc(rdev, dev, req);
 330         if (!err)
 331                 cfg80211_hold_bss(bss_from_pub(req->bss));
 332         else
 333                 cfg80211_put_bss(&rdev->wiphy, req->bss);
 334
 335         return err;
 336 }
 337
 338 int cfg80211_mlme_deauth(struct cfg80211_registered_device *rdev,
 339                          struct net_device *dev, const u8 *bssid,
 340                          const u8 *ie, int ie_len, u16 reason,
 341                          bool local_state_change)
 342 {
 343         struct wireless_dev *wdev = dev->ieee80211_ptr;
 344         struct cfg80211_deauth_request req = {
 345                 .bssid = bssid,
 346                 .reason_code = reason,
 347                 .ie = ie,
 348                 .ie_len = ie_len,
 349                 .local_state_change = local_state_change,
 350         };
 351
 352         ASSERT_WDEV_LOCK(wdev);
 353
 354         if (local_state_change &&
 355             (!wdev->current_bss ||
 356              !ether_addr_equal(wdev->current_bss->pub.bssid, bssid)))
 357                 return 0;
 358
 359         if (ether_addr_equal(wdev->disconnect_bssid, bssid) ||
 360             (wdev->current_bss &&
 361              ether_addr_equal(wdev->current_bss->pub.bssid, bssid)))
 362                 wdev->conn_owner_nlportid = 0;
 363
 364         return rdev_deauth(rdev, dev, &req);
 365 }
 366
 367 int cfg80211_mlme_disassoc(struct cfg80211_registered_device *rdev,
 368                            struct net_device *dev, const u8 *bssid,
 369                            const u8 *ie, int ie_len, u16 reason,
 370                            bool local_state_change)
 371 {
 372         struct wireless_dev *wdev = dev->ieee80211_ptr;
 373         struct cfg80211_disassoc_request req = {
 374                 .reason_code = reason,
 375                 .local_state_change = local_state_change,
 376                 .ie = ie,
 377                 .ie_len = ie_len,
 378         };
 379         int err;
 380
 381         ASSERT_WDEV_LOCK(wdev);
 382
 383         if (!wdev->current_bss)
 384                 return -ENOTCONN;
 385
 386         if (ether_addr_equal(wdev->current_bss->pub.bssid, bssid))
 387                 req.bss = &wdev->current_bss->pub;
 388         else
 389                 return -ENOTCONN;
 390
 391         err = rdev_disassoc(rdev, dev, &req);
 392         if (err)
 393                 return err;
 394
 395         /* driver should have reported the disassoc */
 396         WARN_ON(wdev->current_bss);
 397         return 0;
 398 }
 399
 400 void cfg80211_mlme_down(struct cfg80211_registered_device *rdev,
 401                         struct net_device *dev)
 402 {
 403         struct wireless_dev *wdev = dev->ieee80211_ptr;
 404         u8 bssid[ETH_ALEN];
 405
 406         ASSERT_WDEV_LOCK(wdev);
 407
 408         if (!rdev->ops->deauth)
 409                 return;
 410
 411         if (!wdev->current_bss)
 412                 return;
 413
 414         memcpy(bssid, wdev->current_bss->pub.bssid, ETH_ALEN);
 415         cfg80211_mlme_deauth(rdev, dev, bssid, NULL, 0,
 416                              WLAN_REASON_DEAUTH_LEAVING, false);
 417 }
 418
 419 struct cfg80211_mgmt_registration {
 420         struct list_head list;
 421         struct wireless_dev *wdev;
 422
 423         u32 nlportid;
 424
 425         int match_len;
 426
 427         __le16 frame_type;
 428
 429         bool multicast_rx;
 430
 431         u8 match[];
 432 };
 433
 434 static void cfg80211_mgmt_registrations_update(struct wireless_dev *wdev)
 435 {
 436         struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
 437         struct wireless_dev *tmp;
 438         struct cfg80211_mgmt_registration *reg;
 439         struct mgmt_frame_regs upd = {};
 440
 441         ASSERT_RTNL();
 442
 443         spin_lock_bh(&wdev->mgmt_registrations_lock);
 444         if (!wdev->mgmt_registrations_need_update) {
 445                 spin_unlock_bh(&wdev->mgmt_registrations_lock);
 446                 return;
 447         }
 448
 449         rcu_read_lock();
 450         list_for_each_entry_rcu(tmp, &rdev->wiphy.wdev_list, list) {
 451                 list_for_each_entry(reg, &tmp->mgmt_registrations, list) {
 452                         u32 mask = BIT(le16_to_cpu(reg->frame_type) >> 4);
 453                         u32 mcast_mask = 0;
 454
 455                         if (reg->multicast_rx)
 456                                 mcast_mask = mask;
 457
 458                         upd.global_stypes |= mask;
 459                         upd.global_mcast_stypes |= mcast_mask;
 460
 461                         if (tmp == wdev) {
 462                                 upd.interface_stypes |= mask;
 463                                 upd.interface_mcast_stypes |= mcast_mask;
 464                         }
 465                 }
 466         }
 467         rcu_read_unlock();
 468
 469         wdev->mgmt_registrations_need_update = 0;
 470         spin_unlock_bh(&wdev->mgmt_registrations_lock);
 471
 472         rdev_update_mgmt_frame_registrations(rdev, wdev, &upd);
 473 }
 474
 475 void cfg80211_mgmt_registrations_update_wk(struct work_struct *wk)
 476 {
 477         struct cfg80211_registered_device *rdev;
 478         struct wireless_dev *wdev;
 479
 480         rdev = container_of(wk, struct cfg80211_registered_device,
 481                             mgmt_registrations_update_wk);
 482
 483         rtnl_lock();
 484         list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list)
 485                 cfg80211_mgmt_registrations_update(wdev);
 486         rtnl_unlock();
 487 }
 488
 489 int cfg80211_mlme_register_mgmt(struct wireless_dev *wdev, u32 snd_portid,
 490                                 u16 frame_type, const u8 *match_data,
 491                                 int match_len, bool multicast_rx,
 492                                 struct netlink_ext_ack *extack)
 493 {
 494         struct cfg80211_mgmt_registration *reg, *nreg;
 495         int err = 0;
 496         u16 mgmt_type;
 497         bool update_multicast = false;
 498
 499         if (!wdev->wiphy->mgmt_stypes)
 500                 return -EOPNOTSUPP;
 501
 502         if ((frame_type & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_MGMT) {
 503                 NL_SET_ERR_MSG(extack, "frame type not management");
 504                 return -EINVAL;
 505         }
 506
 507         if (frame_type & ~(IEEE80211_FCTL_FTYPE | IEEE80211_FCTL_STYPE)) {
 508                 NL_SET_ERR_MSG(extack, "Invalid frame type");
 509                 return -EINVAL;
 510         }
 511
 512         mgmt_type = (frame_type & IEEE80211_FCTL_STYPE) >> 4;
 513         if (!(wdev->wiphy->mgmt_stypes[wdev->iftype].rx & BIT(mgmt_type))) {
 514                 NL_SET_ERR_MSG(extack,
 515                                "Registration to specific type not supported");
 516                 return -EINVAL;
 517         }
 518
 519         /*
 520          * To support Pre Association Security Negotiation (PASN), registration
 521          * for authentication frames should be supported. However, as some
 522          * versions of the user space daemons wrongly register to all types of
 523          * authentication frames (which might result in unexpected behavior)
 524          * allow such registration if the request is for a specific
 525          * authentication algorithm number.
 526          */
 527         if (wdev->iftype == NL80211_IFTYPE_STATION &&
 528             (frame_type & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_AUTH &&
 529             !(match_data && match_len >= 2)) {
 530                 NL_SET_ERR_MSG(extack,
 531                                "Authentication algorithm number required");
 532                 return -EINVAL;
 533         }
 534
 535         nreg = kzalloc(sizeof(*reg) + match_len, GFP_KERNEL);
 536         if (!nreg)
 537                 return -ENOMEM;
 538
 539         spin_lock_bh(&wdev->mgmt_registrations_lock);
 540
 541         list_for_each_entry(reg, &wdev->mgmt_registrations, list) {
 542                 int mlen = min(match_len, reg->match_len);
 543
 544                 if (frame_type != le16_to_cpu(reg->frame_type))
 545                         continue;
 546
 547                 if (memcmp(reg->match, match_data, mlen) == 0) {
 548                         if (reg->multicast_rx != multicast_rx) {
 549                                 update_multicast = true;
 550                                 reg->multicast_rx = multicast_rx;
 551                                 break;
 552                         }
 553                         NL_SET_ERR_MSG(extack, "Match already configured");
 554                         err = -EALREADY;
 555                         break;
 556                 }
 557         }
 558
 559         if (err)
 560                 goto out;
 561
 562         if (update_multicast) {
 563                 kfree(nreg);
 564         } else {
 565                 memcpy(nreg->match, match_data, match_len);
 566                 nreg->match_len = match_len;
 567                 nreg->nlportid = snd_portid;
 568                 nreg->frame_type = cpu_to_le16(frame_type);
 569                 nreg->wdev = wdev;
 570                 nreg->multicast_rx = multicast_rx;
 571                 list_add(&nreg->list, &wdev->mgmt_registrations);
 572         }
 573         wdev->mgmt_registrations_need_update = 1;
 574         spin_unlock_bh(&wdev->mgmt_registrations_lock);
 575
 576         cfg80211_mgmt_registrations_update(wdev);
 577
 578         return 0;
 579
 580  out:
 581         kfree(nreg);
 582         spin_unlock_bh(&wdev->mgmt_registrations_lock);
 583
 584         return err;
 585 }
 586
 587 void cfg80211_mlme_unregister_socket(struct wireless_dev *wdev, u32 nlportid)
 588 {
 589         struct wiphy *wiphy = wdev->wiphy;
 590         struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
 591         struct cfg80211_mgmt_registration *reg, *tmp;
 592
 593         spin_lock_bh(&wdev->mgmt_registrations_lock);
 594
 595         list_for_each_entry_safe(reg, tmp, &wdev->mgmt_registrations, list) {
 596                 if (reg->nlportid != nlportid)
 597                         continue;
 598
 599                 list_del(&reg->list);
 600                 kfree(reg);
 601
 602                 wdev->mgmt_registrations_need_update = 1;
 603                 schedule_work(&rdev->mgmt_registrations_update_wk);
 604         }
 605
 606         spin_unlock_bh(&wdev->mgmt_registrations_lock);
 607
 608         if (nlportid && rdev->crit_proto_nlportid == nlportid) {
 609                 rdev->crit_proto_nlportid = 0;
 610                 rdev_crit_proto_stop(rdev, wdev);
 611         }
 612
 613         if (nlportid == wdev->ap_unexpected_nlportid)
 614                 wdev->ap_unexpected_nlportid = 0;
 615 }
 616
 617 void cfg80211_mlme_purge_registrations(struct wireless_dev *wdev)
 618 {
 619         struct cfg80211_mgmt_registration *reg, *tmp;
 620
 621         spin_lock_bh(&wdev->mgmt_registrations_lock);
 622         list_for_each_entry_safe(reg, tmp, &wdev->mgmt_registrations, list) {
 623                 list_del(&reg->list);
 624                 kfree(reg);
 625         }
 626         wdev->mgmt_registrations_need_update = 1;
 627         spin_unlock_bh(&wdev->mgmt_registrations_lock);
 628
 629         cfg80211_mgmt_registrations_update(wdev);
 630 }
 631
 632 int cfg80211_mlme_mgmt_tx(struct cfg80211_registered_device *rdev,
 633                           struct wireless_dev *wdev,
 634                           struct cfg80211_mgmt_tx_params *params, u64 *cookie)
 635 {
 636         const struct ieee80211_mgmt *mgmt;
 637         u16 stype;
 638
 639         if (!wdev->wiphy->mgmt_stypes)
 640                 return -EOPNOTSUPP;
 641
 642         if (!rdev->ops->mgmt_tx)
 643                 return -EOPNOTSUPP;
 644
 645         if (params->len < 24 + 1)
 646                 return -EINVAL;
 647
 648         mgmt = (const struct ieee80211_mgmt *)params->buf;
 649
 650         if (!ieee80211_is_mgmt(mgmt->frame_control))
 651                 return -EINVAL;
 652
 653         stype = le16_to_cpu(mgmt->frame_control) & IEEE80211_FCTL_STYPE;
 654         if (!(wdev->wiphy->mgmt_stypes[wdev->iftype].tx & BIT(stype >> 4)))
 655                 return -EINVAL;
 656
 657         if (ieee80211_is_action(mgmt->frame_control) &&
 658             mgmt->u.action.category != WLAN_CATEGORY_PUBLIC) {
 659                 int err = 0;
 660
 661                 wdev_lock(wdev);
 662
 663                 switch (wdev->iftype) {
 664                 case NL80211_IFTYPE_ADHOC:
 665                 case NL80211_IFTYPE_STATION:
 666                 case NL80211_IFTYPE_P2P_CLIENT:
 667                         if (!wdev->current_bss) {
 668                                 err = -ENOTCONN;
 669                                 break;
 670                         }
 671
 672                         if (!ether_addr_equal(wdev->current_bss->pub.bssid,
 673                                               mgmt->bssid)) {
 674                                 err = -ENOTCONN;
 675                                 break;
 676                         }
 677
 678                         /*
 679                          * check for IBSS DA must be done by driver as
 680                          * cfg80211 doesn't track the stations
 681                          */
 682                         if (wdev->iftype == NL80211_IFTYPE_ADHOC)
 683                                 break;
 684
 685                         /* for station, check that DA is the AP */
 686                         if (!ether_addr_equal(wdev->current_bss->pub.bssid,
 687                                               mgmt->da)) {
 688                                 err = -ENOTCONN;
 689                                 break;
 690                         }
 691                         break;
 692                 case NL80211_IFTYPE_AP:
 693                 case NL80211_IFTYPE_P2P_GO:
 694                 case NL80211_IFTYPE_AP_VLAN:
 695                         if (!ether_addr_equal(mgmt->bssid, wdev_address(wdev)))
 696                                 err = -EINVAL;
 697                         break;
 698                 case NL80211_IFTYPE_MESH_POINT:
 699                         if (!ether_addr_equal(mgmt->sa, mgmt->bssid)) {
 700                                 err = -EINVAL;
 701                                 break;
 702                         }
 703                         /*
 704                          * check for mesh DA must be done by driver as
 705                          * cfg80211 doesn't track the stations
 706                          */
 707                         break;
 708                 case NL80211_IFTYPE_P2P_DEVICE:
 709                         /*
 710                          * fall through, P2P device only supports
 711                          * public action frames
 712                          */
 713                 case NL80211_IFTYPE_NAN:
 714                 default:
 715                         err = -EOPNOTSUPP;
 716                         break;
 717                 }
 718                 wdev_unlock(wdev);
 719
 720                 if (err)
 721                         return err;
 722         }
 723
 724         if (!ether_addr_equal(mgmt->sa, wdev_address(wdev))) {
 725                 /* Allow random TA to be used with Public Action frames if the
 726                  * driver has indicated support for this. Otherwise, only allow
 727                  * the local address to be used.
 728                  */
 729                 if (!ieee80211_is_action(mgmt->frame_control) ||
 730                     mgmt->u.action.category != WLAN_CATEGORY_PUBLIC)
 731                         return -EINVAL;
 732                 if (!wdev->current_bss &&
 733                     !wiphy_ext_feature_isset(
 734                             &rdev->wiphy,
 735                             NL80211_EXT_FEATURE_MGMT_TX_RANDOM_TA))
 736                         return -EINVAL;
 737                 if (wdev->current_bss &&
 738                     !wiphy_ext_feature_isset(
 739                             &rdev->wiphy,
 740                             NL80211_EXT_FEATURE_MGMT_TX_RANDOM_TA_CONNECTED))
 741                         return -EINVAL;
 742         }
 743
 744         /* Transmit the Action frame as requested by user space */
 745         return rdev_mgmt_tx(rdev, wdev, params, cookie);
 746 }
 747
 748 bool cfg80211_rx_mgmt_khz(struct wireless_dev *wdev, int freq, int sig_dbm,
 749                           const u8 *buf, size_t len, u32 flags)
 750 {
 751         struct wiphy *wiphy = wdev->wiphy;
 752         struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
 753         struct cfg80211_mgmt_registration *reg;
 754         const struct ieee80211_txrx_stypes *stypes =
 755                 &wiphy->mgmt_stypes[wdev->iftype];
 756         struct ieee80211_mgmt *mgmt = (void *)buf;
 757         const u8 *data;
 758         int data_len;
 759         bool result = false;
 760         __le16 ftype = mgmt->frame_control &
 761                 cpu_to_le16(IEEE80211_FCTL_FTYPE | IEEE80211_FCTL_STYPE);
 762         u16 stype;
 763
 764         trace_cfg80211_rx_mgmt(wdev, freq, sig_dbm);
 765         stype = (le16_to_cpu(mgmt->frame_control) & IEEE80211_FCTL_STYPE) >> 4;
 766
 767         if (!(stypes->rx & BIT(stype))) {
 768                 trace_cfg80211_return_bool(false);
 769                 return false;
 770         }
 771
 772         data = buf + ieee80211_hdrlen(mgmt->frame_control);
 773         data_len = len - ieee80211_hdrlen(mgmt->frame_control);
 774
 775         spin_lock_bh(&wdev->mgmt_registrations_lock);
 776
 777         list_for_each_entry(reg, &wdev->mgmt_registrations, list) {
 778                 if (reg->frame_type != ftype)
 779                         continue;
 780
 781                 if (reg->match_len > data_len)
 782                         continue;
 783
 784                 if (memcmp(reg->match, data, reg->match_len))
 785                         continue;
 786
 787                 /* found match! */
 788
 789                 /* Indicate the received Action frame to user space */
 790                 if (nl80211_send_mgmt(rdev, wdev, reg->nlportid,
 791                                       freq, sig_dbm,
 792                                       buf, len, flags, GFP_ATOMIC))
 793                         continue;
 794
 795                 result = true;
 796                 break;
 797         }
 798
 799         spin_unlock_bh(&wdev->mgmt_registrations_lock);
 800
 801         trace_cfg80211_return_bool(result);
 802         return result;
 803 }
 804 EXPORT_SYMBOL(cfg80211_rx_mgmt_khz);
 805
 806 void cfg80211_sched_dfs_chan_update(struct cfg80211_registered_device *rdev)
 807 {
 808         cancel_delayed_work(&rdev->dfs_update_channels_wk);
 809         queue_delayed_work(cfg80211_wq, &rdev->dfs_update_channels_wk, 0);
 810 }
 811
 812 void cfg80211_dfs_channels_update_work(struct work_struct *work)
 813 {
 814         struct delayed_work *delayed_work = to_delayed_work(work);
 815         struct cfg80211_registered_device *rdev;
 816         struct cfg80211_chan_def chandef;
 817         struct ieee80211_supported_band *sband;
 818         struct ieee80211_channel *c;
 819         struct wiphy *wiphy;
 820         bool check_again = false;
 821         unsigned long timeout, next_time = 0;
 822         unsigned long time_dfs_update;
 823         enum nl80211_radar_event radar_event;
 824         int bandid, i;
 825
 826         rdev = container_of(delayed_work, struct cfg80211_registered_device,
 827                             dfs_update_channels_wk);
 828         wiphy = &rdev->wiphy;
 829
 830         rtnl_lock();
 831         for (bandid = 0; bandid < NUM_NL80211_BANDS; bandid++) {
 832                 sband = wiphy->bands[bandid];
 833                 if (!sband)
 834                         continue;
 835
 836                 for (i = 0; i < sband->n_channels; i++) {
 837                         c = &sband->channels[i];
 838
 839                         if (!(c->flags & IEEE80211_CHAN_RADAR))
 840                                 continue;
 841
 842                         if (c->dfs_state != NL80211_DFS_UNAVAILABLE &&
 843                             c->dfs_state != NL80211_DFS_AVAILABLE)
 844                                 continue;
 845
 846                         if (c->dfs_state == NL80211_DFS_UNAVAILABLE) {
 847                                 time_dfs_update = IEEE80211_DFS_MIN_NOP_TIME_MS;
 848                                 radar_event = NL80211_RADAR_NOP_FINISHED;
 849                         } else {
 850                                 if (regulatory_pre_cac_allowed(wiphy) ||
 851                                     cfg80211_any_wiphy_oper_chan(wiphy, c))
 852                                         continue;
 853
 854                                 time_dfs_update = REG_PRE_CAC_EXPIRY_GRACE_MS;
 855                                 radar_event = NL80211_RADAR_PRE_CAC_EXPIRED;
 856                         }
 857
 858                         timeout = c->dfs_state_entered +
 859                                   msecs_to_jiffies(time_dfs_update);
 860
 861                         if (time_after_eq(jiffies, timeout)) {
 862                                 c->dfs_state = NL80211_DFS_USABLE;
 863                                 c->dfs_state_entered = jiffies;
 864
 865                                 cfg80211_chandef_create(&chandef, c,
 866                                                         NL80211_CHAN_NO_HT);
 867
 868                                 nl80211_radar_notify(rdev, &chandef,
 869                                                      radar_event, NULL,
 870                                                      GFP_ATOMIC);
 871
 872                                 regulatory_propagate_dfs_state(wiphy, &chandef,
 873                                                                c->dfs_state,
 874                                                                radar_event);
 875                                 continue;
 876                         }
 877
 878                         if (!check_again)
 879                                 next_time = timeout - jiffies;
 880                         else
 881                                 next_time = min(next_time, timeout - jiffies);
 882                         check_again = true;
 883                 }
 884         }
 885         rtnl_unlock();
 886
 887         /* reschedule if there are other channels waiting to be cleared again */
 888         if (check_again)
 889                 queue_delayed_work(cfg80211_wq, &rdev->dfs_update_channels_wk,
 890                                    next_time);
 891 }
 892
 893
 894 void cfg80211_radar_event(struct wiphy *wiphy,
 895                           struct cfg80211_chan_def *chandef,
 896                           gfp_t gfp)
 897 {
 898         struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
 899
 900         trace_cfg80211_radar_event(wiphy, chandef);
 901
 902         /* only set the chandef supplied channel to unavailable, in
 903          * case the radar is detected on only one of multiple channels
 904          * spanned by the chandef.
 905          */
 906         cfg80211_set_dfs_state(wiphy, chandef, NL80211_DFS_UNAVAILABLE);
 907
 908         cfg80211_sched_dfs_chan_update(rdev);
 909
 910         nl80211_radar_notify(rdev, chandef, NL80211_RADAR_DETECTED, NULL, gfp);
 911
 912         memcpy(&rdev->radar_chandef, chandef, sizeof(struct cfg80211_chan_def));
 913         queue_work(cfg80211_wq, &rdev->propagate_radar_detect_wk);
 914 }
 915 EXPORT_SYMBOL(cfg80211_radar_event);
 916
 917 void cfg80211_cac_event(struct net_device *netdev,
 918                         const struct cfg80211_chan_def *chandef,
 919                         enum nl80211_radar_event event, gfp_t gfp)
 920 {
 921         struct wireless_dev *wdev = netdev->ieee80211_ptr;
 922         struct wiphy *wiphy = wdev->wiphy;
 923         struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
 924         unsigned long timeout;
 925
 926         trace_cfg80211_cac_event(netdev, event);
 927
 928         if (WARN_ON(!wdev->cac_started && event != NL80211_RADAR_CAC_STARTED))
 929                 return;
 930
 931         if (WARN_ON(!wdev->chandef.chan))
 932                 return;
 933
 934         switch (event) {
 935         case NL80211_RADAR_CAC_FINISHED:
 936                 timeout = wdev->cac_start_time +
 937                           msecs_to_jiffies(wdev->cac_time_ms);
 938                 WARN_ON(!time_after_eq(jiffies, timeout));
 939                 cfg80211_set_dfs_state(wiphy, chandef, NL80211_DFS_AVAILABLE);
 940                 memcpy(&rdev->cac_done_chandef, chandef,
 941                        sizeof(struct cfg80211_chan_def));
 942                 queue_work(cfg80211_wq, &rdev->propagate_cac_done_wk);
 943                 cfg80211_sched_dfs_chan_update(rdev);
 944                 fallthrough;
 945         case NL80211_RADAR_CAC_ABORTED:
 946                 wdev->cac_started = false;
 947                 break;
 948         case NL80211_RADAR_CAC_STARTED:
 949                 wdev->cac_started = true;
 950                 break;
 951         default:
 952                 WARN_ON(1);
 953                 return;
 954         }
 955
 956         nl80211_radar_notify(rdev, chandef, event, netdev, gfp);
 957 }
 958 EXPORT_SYMBOL(cfg80211_cac_event);