1// SPDX-License-Identifier: GPL-2.0
2/*
3 * SME code for cfg80211
4 * both driver SME event handling and the SME implementation
5 * (for nl80211's connect() and wext)
6 *
7 * Copyright 2009 Johannes Berg <johannes@sipsolutions.net>
8 * Copyright (C) 2009, 2020, 2022-2023 Intel Corporation. All rights reserved.
9 * Copyright 2017 Intel Deutschland GmbH
10 */
11
12#include <linux/etherdevice.h>
13#include <linux/if_arp.h>
14#include <linux/slab.h>
15#include <linux/workqueue.h>
16#include <linux/wireless.h>
17#include <linux/export.h>
18#include <net/iw_handler.h>
19#include <net/cfg80211.h>
20#include <net/rtnetlink.h>
21#include "nl80211.h"
22#include "reg.h"
23#include "rdev-ops.h"
24
25/*
26 * Software SME in cfg80211, using auth/assoc/deauth calls to the
27 * driver. This is for implementing nl80211's connect/disconnect
28 * and wireless extensions (if configured.)
29 */
30
31struct cfg80211_conn {
32 struct cfg80211_connect_params params;
33 /* these are sub-states of the _CONNECTING sme_state */
34 enum {
35 CFG80211_CONN_SCANNING,
36 CFG80211_CONN_SCAN_AGAIN,
37 CFG80211_CONN_AUTHENTICATE_NEXT,
38 CFG80211_CONN_AUTHENTICATING,
39 CFG80211_CONN_AUTH_FAILED_TIMEOUT,
40 CFG80211_CONN_ASSOCIATE_NEXT,
41 CFG80211_CONN_ASSOCIATING,
42 CFG80211_CONN_ASSOC_FAILED,
43 CFG80211_CONN_ASSOC_FAILED_TIMEOUT,
44 CFG80211_CONN_DEAUTH,
45 CFG80211_CONN_ABANDON,
46 CFG80211_CONN_CONNECTED,
47 } state;
48 u8 bssid[ETH_ALEN], prev_bssid[ETH_ALEN];
49 const u8 *ie;
50 size_t ie_len;
51 bool auto_auth, prev_bssid_valid;
52};
53
54static void cfg80211_sme_free(struct wireless_dev *wdev)
55{
56 if (!wdev->conn)
57 return;
58
59 kfree(objp: wdev->conn->ie);
60 kfree(objp: wdev->conn);
61 wdev->conn = NULL;
62}
63
64static int cfg80211_conn_scan(struct wireless_dev *wdev)
65{
66 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy: wdev->wiphy);
67 struct cfg80211_scan_request *request;
68 int n_channels, err;
69
70 lockdep_assert_wiphy(wdev->wiphy);
71
72 if (rdev->scan_req || rdev->scan_msg)
73 return -EBUSY;
74
75 if (wdev->conn->params.channel)
76 n_channels = 1;
77 else
78 n_channels = ieee80211_get_num_supported_channels(wiphy: wdev->wiphy);
79
80 request = kzalloc(size: sizeof(*request) + sizeof(request->ssids[0]) +
81 sizeof(request->channels[0]) * n_channels,
82 GFP_KERNEL);
83 if (!request)
84 return -ENOMEM;
85
86 if (wdev->conn->params.channel) {
87 enum nl80211_band band = wdev->conn->params.channel->band;
88 struct ieee80211_supported_band *sband =
89 wdev->wiphy->bands[band];
90
91 if (!sband) {
92 kfree(objp: request);
93 return -EINVAL;
94 }
95 request->channels[0] = wdev->conn->params.channel;
96 request->rates[band] = (1 << sband->n_bitrates) - 1;
97 } else {
98 int i = 0, j;
99 enum nl80211_band band;
100 struct ieee80211_supported_band *bands;
101 struct ieee80211_channel *channel;
102
103 for (band = 0; band < NUM_NL80211_BANDS; band++) {
104 bands = wdev->wiphy->bands[band];
105 if (!bands)
106 continue;
107 for (j = 0; j < bands->n_channels; j++) {
108 channel = &bands->channels[j];
109 if (channel->flags & IEEE80211_CHAN_DISABLED)
110 continue;
111 request->channels[i++] = channel;
112 }
113 request->rates[band] = (1 << bands->n_bitrates) - 1;
114 }
115 n_channels = i;
116 }
117 request->n_channels = n_channels;
118 request->ssids = (void *)&request->channels[n_channels];
119 request->n_ssids = 1;
120
121 memcpy(request->ssids[0].ssid, wdev->conn->params.ssid,
122 wdev->conn->params.ssid_len);
123 request->ssids[0].ssid_len = wdev->conn->params.ssid_len;
124
125 eth_broadcast_addr(addr: request->bssid);
126
127 request->wdev = wdev;
128 request->wiphy = &rdev->wiphy;
129 request->scan_start = jiffies;
130
131 rdev->scan_req = request;
132
133 err = rdev_scan(rdev, request);
134 if (!err) {
135 wdev->conn->state = CFG80211_CONN_SCANNING;
136 nl80211_send_scan_start(rdev, wdev);
137 dev_hold(dev: wdev->netdev);
138 } else {
139 rdev->scan_req = NULL;
140 kfree(objp: request);
141 }
142 return err;
143}
144
145static int cfg80211_conn_do_work(struct wireless_dev *wdev,
146 enum nl80211_timeout_reason *treason)
147{
148 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy: wdev->wiphy);
149 struct cfg80211_connect_params *params;
150 struct cfg80211_auth_request auth_req = {};
151 struct cfg80211_assoc_request req = {};
152 int err;
153
154 lockdep_assert_wiphy(wdev->wiphy);
155
156 if (!wdev->conn)
157 return 0;
158
159 params = &wdev->conn->params;
160
161 switch (wdev->conn->state) {
162 case CFG80211_CONN_SCANNING:
163 /* didn't find it during scan ... */
164 return -ENOENT;
165 case CFG80211_CONN_SCAN_AGAIN:
166 return cfg80211_conn_scan(wdev);
167 case CFG80211_CONN_AUTHENTICATE_NEXT:
168 if (WARN_ON(!rdev->ops->auth))
169 return -EOPNOTSUPP;
170 wdev->conn->state = CFG80211_CONN_AUTHENTICATING;
171 auth_req.key = params->key;
172 auth_req.key_len = params->key_len;
173 auth_req.key_idx = params->key_idx;
174 auth_req.auth_type = params->auth_type;
175 auth_req.bss = cfg80211_get_bss(wiphy: &rdev->wiphy, channel: params->channel,
176 bssid: params->bssid,
177 ssid: params->ssid, ssid_len: params->ssid_len,
178 bss_type: IEEE80211_BSS_TYPE_ESS,
179 privacy: IEEE80211_PRIVACY_ANY);
180 auth_req.link_id = -1;
181 err = cfg80211_mlme_auth(rdev, dev: wdev->netdev, req: &auth_req);
182 cfg80211_put_bss(wiphy: &rdev->wiphy, bss: auth_req.bss);
183 return err;
184 case CFG80211_CONN_AUTH_FAILED_TIMEOUT:
185 *treason = NL80211_TIMEOUT_AUTH;
186 return -ENOTCONN;
187 case CFG80211_CONN_ASSOCIATE_NEXT:
188 if (WARN_ON(!rdev->ops->assoc))
189 return -EOPNOTSUPP;
190 wdev->conn->state = CFG80211_CONN_ASSOCIATING;
191 if (wdev->conn->prev_bssid_valid)
192 req.prev_bssid = wdev->conn->prev_bssid;
193 req.ie = params->ie;
194 req.ie_len = params->ie_len;
195 req.use_mfp = params->mfp != NL80211_MFP_NO;
196 req.crypto = params->crypto;
197 req.flags = params->flags;
198 req.ht_capa = params->ht_capa;
199 req.ht_capa_mask = params->ht_capa_mask;
200 req.vht_capa = params->vht_capa;
201 req.vht_capa_mask = params->vht_capa_mask;
202 req.link_id = -1;
203
204 req.bss = cfg80211_get_bss(wiphy: &rdev->wiphy, channel: params->channel,
205 bssid: params->bssid,
206 ssid: params->ssid, ssid_len: params->ssid_len,
207 bss_type: IEEE80211_BSS_TYPE_ESS,
208 privacy: IEEE80211_PRIVACY_ANY);
209 if (!req.bss) {
210 err = -ENOENT;
211 } else {
212 err = cfg80211_mlme_assoc(rdev, dev: wdev->netdev,
213 req: &req, NULL);
214 cfg80211_put_bss(wiphy: &rdev->wiphy, bss: req.bss);
215 }
216
217 if (err)
218 cfg80211_mlme_deauth(rdev, dev: wdev->netdev, bssid: params->bssid,
219 NULL, ie_len: 0,
220 reason: WLAN_REASON_DEAUTH_LEAVING,
221 local_state_change: false);
222 return err;
223 case CFG80211_CONN_ASSOC_FAILED_TIMEOUT:
224 *treason = NL80211_TIMEOUT_ASSOC;
225 fallthrough;
226 case CFG80211_CONN_ASSOC_FAILED:
227 cfg80211_mlme_deauth(rdev, dev: wdev->netdev, bssid: params->bssid,
228 NULL, ie_len: 0,
229 reason: WLAN_REASON_DEAUTH_LEAVING, local_state_change: false);
230 return -ENOTCONN;
231 case CFG80211_CONN_DEAUTH:
232 cfg80211_mlme_deauth(rdev, dev: wdev->netdev, bssid: params->bssid,
233 NULL, ie_len: 0,
234 reason: WLAN_REASON_DEAUTH_LEAVING, local_state_change: false);
235 fallthrough;
236 case CFG80211_CONN_ABANDON:
237 /* free directly, disconnected event already sent */
238 cfg80211_sme_free(wdev);
239 return 0;
240 default:
241 return 0;
242 }
243}
244
245void cfg80211_conn_work(struct work_struct *work)
246{
247 struct cfg80211_registered_device *rdev =
248 container_of(work, struct cfg80211_registered_device, conn_work);
249 struct wireless_dev *wdev;
250 u8 bssid_buf[ETH_ALEN], *bssid = NULL;
251 enum nl80211_timeout_reason treason;
252
253 wiphy_lock(wiphy: &rdev->wiphy);
254
255 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
256 if (!wdev->netdev)
257 continue;
258
259 if (!netif_running(dev: wdev->netdev))
260 continue;
261
262 if (!wdev->conn ||
263 wdev->conn->state == CFG80211_CONN_CONNECTED)
264 continue;
265
266 if (wdev->conn->params.bssid) {
267 memcpy(bssid_buf, wdev->conn->params.bssid, ETH_ALEN);
268 bssid = bssid_buf;
269 }
270 treason = NL80211_TIMEOUT_UNSPECIFIED;
271 if (cfg80211_conn_do_work(wdev, treason: &treason)) {
272 struct cfg80211_connect_resp_params cr;
273
274 memset(&cr, 0, sizeof(cr));
275 cr.status = -1;
276 cr.links[0].bssid = bssid;
277 cr.timeout_reason = treason;
278 __cfg80211_connect_result(dev: wdev->netdev, params: &cr, wextev: false);
279 }
280 }
281
282 wiphy_unlock(wiphy: &rdev->wiphy);
283}
284
285static void cfg80211_step_auth_next(struct cfg80211_conn *conn,
286 struct cfg80211_bss *bss)
287{
288 memcpy(conn->bssid, bss->bssid, ETH_ALEN);
289 conn->params.bssid = conn->bssid;
290 conn->params.channel = bss->channel;
291 conn->state = CFG80211_CONN_AUTHENTICATE_NEXT;
292}
293
294/* Returned bss is reference counted and must be cleaned up appropriately. */
295static struct cfg80211_bss *cfg80211_get_conn_bss(struct wireless_dev *wdev)
296{
297 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy: wdev->wiphy);
298 struct cfg80211_bss *bss;
299
300 lockdep_assert_wiphy(wdev->wiphy);
301
302 bss = cfg80211_get_bss(wiphy: wdev->wiphy, channel: wdev->conn->params.channel,
303 bssid: wdev->conn->params.bssid,
304 ssid: wdev->conn->params.ssid,
305 ssid_len: wdev->conn->params.ssid_len,
306 bss_type: wdev->conn_bss_type,
307 IEEE80211_PRIVACY(wdev->conn->params.privacy));
308 if (!bss)
309 return NULL;
310
311 cfg80211_step_auth_next(conn: wdev->conn, bss);
312 schedule_work(work: &rdev->conn_work);
313
314 return bss;
315}
316
317void cfg80211_sme_scan_done(struct net_device *dev)
318{
319 struct wireless_dev *wdev = dev->ieee80211_ptr;
320 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy: wdev->wiphy);
321 struct cfg80211_bss *bss;
322
323 lockdep_assert_wiphy(wdev->wiphy);
324
325 if (!wdev->conn)
326 return;
327
328 if (wdev->conn->state != CFG80211_CONN_SCANNING &&
329 wdev->conn->state != CFG80211_CONN_SCAN_AGAIN)
330 return;
331
332 bss = cfg80211_get_conn_bss(wdev);
333 if (bss)
334 cfg80211_put_bss(wiphy: &rdev->wiphy, bss);
335 else
336 schedule_work(work: &rdev->conn_work);
337}
338
339void cfg80211_sme_rx_auth(struct wireless_dev *wdev, const u8 *buf, size_t len)
340{
341 struct wiphy *wiphy = wdev->wiphy;
342 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
343 struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)buf;
344 u16 status_code = le16_to_cpu(mgmt->u.auth.status_code);
345
346 lockdep_assert_wiphy(wdev->wiphy);
347
348 if (!wdev->conn || wdev->conn->state == CFG80211_CONN_CONNECTED)
349 return;
350
351 if (status_code == WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG &&
352 wdev->conn->auto_auth &&
353 wdev->conn->params.auth_type != NL80211_AUTHTYPE_NETWORK_EAP) {
354 /* select automatically between only open, shared, leap */
355 switch (wdev->conn->params.auth_type) {
356 case NL80211_AUTHTYPE_OPEN_SYSTEM:
357 if (wdev->connect_keys)
358 wdev->conn->params.auth_type =
359 NL80211_AUTHTYPE_SHARED_KEY;
360 else
361 wdev->conn->params.auth_type =
362 NL80211_AUTHTYPE_NETWORK_EAP;
363 break;
364 case NL80211_AUTHTYPE_SHARED_KEY:
365 wdev->conn->params.auth_type =
366 NL80211_AUTHTYPE_NETWORK_EAP;
367 break;
368 default:
369 /* huh? */
370 wdev->conn->params.auth_type =
371 NL80211_AUTHTYPE_OPEN_SYSTEM;
372 break;
373 }
374 wdev->conn->state = CFG80211_CONN_AUTHENTICATE_NEXT;
375 schedule_work(work: &rdev->conn_work);
376 } else if (status_code != WLAN_STATUS_SUCCESS) {
377 struct cfg80211_connect_resp_params cr;
378
379 memset(&cr, 0, sizeof(cr));
380 cr.status = status_code;
381 cr.links[0].bssid = mgmt->bssid;
382 cr.timeout_reason = NL80211_TIMEOUT_UNSPECIFIED;
383 __cfg80211_connect_result(dev: wdev->netdev, params: &cr, wextev: false);
384 } else if (wdev->conn->state == CFG80211_CONN_AUTHENTICATING) {
385 wdev->conn->state = CFG80211_CONN_ASSOCIATE_NEXT;
386 schedule_work(work: &rdev->conn_work);
387 }
388}
389
390bool cfg80211_sme_rx_assoc_resp(struct wireless_dev *wdev, u16 status)
391{
392 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy: wdev->wiphy);
393
394 if (!wdev->conn)
395 return false;
396
397 if (status == WLAN_STATUS_SUCCESS) {
398 wdev->conn->state = CFG80211_CONN_CONNECTED;
399 return false;
400 }
401
402 if (wdev->conn->prev_bssid_valid) {
403 /*
404 * Some stupid APs don't accept reassoc, so we
405 * need to fall back to trying regular assoc;
406 * return true so no event is sent to userspace.
407 */
408 wdev->conn->prev_bssid_valid = false;
409 wdev->conn->state = CFG80211_CONN_ASSOCIATE_NEXT;
410 schedule_work(work: &rdev->conn_work);
411 return true;
412 }
413
414 wdev->conn->state = CFG80211_CONN_ASSOC_FAILED;
415 schedule_work(work: &rdev->conn_work);
416 return false;
417}
418
419void cfg80211_sme_deauth(struct wireless_dev *wdev)
420{
421 cfg80211_sme_free(wdev);
422}
423
424void cfg80211_sme_auth_timeout(struct wireless_dev *wdev)
425{
426 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy: wdev->wiphy);
427
428 if (!wdev->conn)
429 return;
430
431 wdev->conn->state = CFG80211_CONN_AUTH_FAILED_TIMEOUT;
432 schedule_work(work: &rdev->conn_work);
433}
434
435void cfg80211_sme_disassoc(struct wireless_dev *wdev)
436{
437 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy: wdev->wiphy);
438
439 if (!wdev->conn)
440 return;
441
442 wdev->conn->state = CFG80211_CONN_DEAUTH;
443 schedule_work(work: &rdev->conn_work);
444}
445
446void cfg80211_sme_assoc_timeout(struct wireless_dev *wdev)
447{
448 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy: wdev->wiphy);
449
450 if (!wdev->conn)
451 return;
452
453 wdev->conn->state = CFG80211_CONN_ASSOC_FAILED_TIMEOUT;
454 schedule_work(work: &rdev->conn_work);
455}
456
457void cfg80211_sme_abandon_assoc(struct wireless_dev *wdev)
458{
459 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy: wdev->wiphy);
460
461 if (!wdev->conn)
462 return;
463
464 wdev->conn->state = CFG80211_CONN_ABANDON;
465 schedule_work(work: &rdev->conn_work);
466}
467
468static void cfg80211_wdev_release_bsses(struct wireless_dev *wdev)
469{
470 unsigned int link;
471
472 for_each_valid_link(wdev, link) {
473 if (!wdev->links[link].client.current_bss)
474 continue;
475 cfg80211_unhold_bss(bss: wdev->links[link].client.current_bss);
476 cfg80211_put_bss(wiphy: wdev->wiphy,
477 bss: &wdev->links[link].client.current_bss->pub);
478 wdev->links[link].client.current_bss = NULL;
479 }
480}
481
482void cfg80211_wdev_release_link_bsses(struct wireless_dev *wdev, u16 link_mask)
483{
484 unsigned int link;
485
486 for_each_valid_link(wdev, link) {
487 if (!wdev->links[link].client.current_bss ||
488 !(link_mask & BIT(link)))
489 continue;
490 cfg80211_unhold_bss(bss: wdev->links[link].client.current_bss);
491 cfg80211_put_bss(wiphy: wdev->wiphy,
492 bss: &wdev->links[link].client.current_bss->pub);
493 wdev->links[link].client.current_bss = NULL;
494 }
495}
496
497static int cfg80211_sme_get_conn_ies(struct wireless_dev *wdev,
498 const u8 *ies, size_t ies_len,
499 const u8 **out_ies, size_t *out_ies_len)
500{
501 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy: wdev->wiphy);
502 u8 *buf;
503 size_t offs;
504
505 if (!rdev->wiphy.extended_capabilities_len ||
506 (ies && cfg80211_find_ie(eid: WLAN_EID_EXT_CAPABILITY, ies, len: ies_len))) {
507 *out_ies = kmemdup(p: ies, size: ies_len, GFP_KERNEL);
508 if (!*out_ies)
509 return -ENOMEM;
510 *out_ies_len = ies_len;
511 return 0;
512 }
513
514 buf = kmalloc(size: ies_len + rdev->wiphy.extended_capabilities_len + 2,
515 GFP_KERNEL);
516 if (!buf)
517 return -ENOMEM;
518
519 if (ies_len) {
520 static const u8 before_extcapa[] = {
521 /* not listing IEs expected to be created by driver */
522 WLAN_EID_RSN,
523 WLAN_EID_QOS_CAPA,
524 WLAN_EID_RRM_ENABLED_CAPABILITIES,
525 WLAN_EID_MOBILITY_DOMAIN,
526 WLAN_EID_SUPPORTED_REGULATORY_CLASSES,
527 WLAN_EID_BSS_COEX_2040,
528 };
529
530 offs = ieee80211_ie_split(ies, ielen: ies_len, ids: before_extcapa,
531 ARRAY_SIZE(before_extcapa), offset: 0);
532 memcpy(buf, ies, offs);
533 /* leave a whole for extended capabilities IE */
534 memcpy(buf + offs + rdev->wiphy.extended_capabilities_len + 2,
535 ies + offs, ies_len - offs);
536 } else {
537 offs = 0;
538 }
539
540 /* place extended capabilities IE (with only driver capabilities) */
541 buf[offs] = WLAN_EID_EXT_CAPABILITY;
542 buf[offs + 1] = rdev->wiphy.extended_capabilities_len;
543 memcpy(buf + offs + 2,
544 rdev->wiphy.extended_capabilities,
545 rdev->wiphy.extended_capabilities_len);
546
547 *out_ies = buf;
548 *out_ies_len = ies_len + rdev->wiphy.extended_capabilities_len + 2;
549
550 return 0;
551}
552
553static int cfg80211_sme_connect(struct wireless_dev *wdev,
554 struct cfg80211_connect_params *connect,
555 const u8 *prev_bssid)
556{
557 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy: wdev->wiphy);
558 struct cfg80211_bss *bss;
559 int err;
560
561 if (!rdev->ops->auth || !rdev->ops->assoc)
562 return -EOPNOTSUPP;
563
564 cfg80211_wdev_release_bsses(wdev);
565
566 if (wdev->connected) {
567 cfg80211_sme_free(wdev);
568 wdev->connected = false;
569 }
570
571 if (wdev->conn)
572 return -EINPROGRESS;
573
574 wdev->conn = kzalloc(size: sizeof(*wdev->conn), GFP_KERNEL);
575 if (!wdev->conn)
576 return -ENOMEM;
577
578 /*
579 * Copy all parameters, and treat explicitly IEs, BSSID, SSID.
580 */
581 memcpy(&wdev->conn->params, connect, sizeof(*connect));
582 if (connect->bssid) {
583 wdev->conn->params.bssid = wdev->conn->bssid;
584 memcpy(wdev->conn->bssid, connect->bssid, ETH_ALEN);
585 }
586
587 if (cfg80211_sme_get_conn_ies(wdev, ies: connect->ie, ies_len: connect->ie_len,
588 out_ies: &wdev->conn->ie,
589 out_ies_len: &wdev->conn->params.ie_len)) {
590 kfree(objp: wdev->conn);
591 wdev->conn = NULL;
592 return -ENOMEM;
593 }
594 wdev->conn->params.ie = wdev->conn->ie;
595
596 if (connect->auth_type == NL80211_AUTHTYPE_AUTOMATIC) {
597 wdev->conn->auto_auth = true;
598 /* start with open system ... should mostly work */
599 wdev->conn->params.auth_type =
600 NL80211_AUTHTYPE_OPEN_SYSTEM;
601 } else {
602 wdev->conn->auto_auth = false;
603 }
604
605 wdev->conn->params.ssid = wdev->u.client.ssid;
606 wdev->conn->params.ssid_len = wdev->u.client.ssid_len;
607
608 /* see if we have the bss already */
609 bss = cfg80211_get_bss(wiphy: wdev->wiphy, channel: wdev->conn->params.channel,
610 bssid: wdev->conn->params.bssid,
611 ssid: wdev->conn->params.ssid,
612 ssid_len: wdev->conn->params.ssid_len,
613 bss_type: wdev->conn_bss_type,
614 IEEE80211_PRIVACY(wdev->conn->params.privacy));
615
616 if (prev_bssid) {
617 memcpy(wdev->conn->prev_bssid, prev_bssid, ETH_ALEN);
618 wdev->conn->prev_bssid_valid = true;
619 }
620
621 /* we're good if we have a matching bss struct */
622 if (bss) {
623 enum nl80211_timeout_reason treason;
624
625 cfg80211_step_auth_next(conn: wdev->conn, bss);
626 err = cfg80211_conn_do_work(wdev, treason: &treason);
627 cfg80211_put_bss(wiphy: wdev->wiphy, bss);
628 } else {
629 /* otherwise we'll need to scan for the AP first */
630 err = cfg80211_conn_scan(wdev);
631
632 /*
633 * If we can't scan right now, then we need to scan again
634 * after the current scan finished, since the parameters
635 * changed (unless we find a good AP anyway).
636 */
637 if (err == -EBUSY) {
638 err = 0;
639 wdev->conn->state = CFG80211_CONN_SCAN_AGAIN;
640 }
641 }
642
643 if (err)
644 cfg80211_sme_free(wdev);
645
646 return err;
647}
648
649static int cfg80211_sme_disconnect(struct wireless_dev *wdev, u16 reason)
650{
651 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy: wdev->wiphy);
652 int err;
653
654 if (!wdev->conn)
655 return 0;
656
657 if (!rdev->ops->deauth)
658 return -EOPNOTSUPP;
659
660 if (wdev->conn->state == CFG80211_CONN_SCANNING ||
661 wdev->conn->state == CFG80211_CONN_SCAN_AGAIN) {
662 err = 0;
663 goto out;
664 }
665
666 /* wdev->conn->params.bssid must be set if > SCANNING */
667 err = cfg80211_mlme_deauth(rdev, dev: wdev->netdev,
668 bssid: wdev->conn->params.bssid,
669 NULL, ie_len: 0, reason, local_state_change: false);
670 out:
671 cfg80211_sme_free(wdev);
672 return err;
673}
674
675/*
676 * code shared for in-device and software SME
677 */
678
679static bool cfg80211_is_all_idle(void)
680{
681 struct cfg80211_registered_device *rdev;
682 struct wireless_dev *wdev;
683 bool is_all_idle = true;
684
685 /*
686 * All devices must be idle as otherwise if you are actively
687 * scanning some new beacon hints could be learned and would
688 * count as new regulatory hints.
689 * Also if there is any other active beaconing interface we
690 * need not issue a disconnect hint and reset any info such
691 * as chan dfs state, etc.
692 */
693 for_each_rdev(rdev) {
694 wiphy_lock(wiphy: &rdev->wiphy);
695 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
696 if (wdev->conn || wdev->connected ||
697 cfg80211_beaconing_iface_active(wdev))
698 is_all_idle = false;
699 }
700 wiphy_unlock(wiphy: &rdev->wiphy);
701 }
702
703 return is_all_idle;
704}
705
706static void disconnect_work(struct work_struct *work)
707{
708 rtnl_lock();
709 if (cfg80211_is_all_idle())
710 regulatory_hint_disconnect();
711 rtnl_unlock();
712}
713
714DECLARE_WORK(cfg80211_disconnect_work, disconnect_work);
715
716static void
717cfg80211_connect_result_release_bsses(struct wireless_dev *wdev,
718 struct cfg80211_connect_resp_params *cr)
719{
720 unsigned int link;
721
722 for_each_valid_link(cr, link) {
723 if (!cr->links[link].bss)
724 continue;
725 cfg80211_unhold_bss(bss: bss_from_pub(pub: cr->links[link].bss));
726 cfg80211_put_bss(wiphy: wdev->wiphy, bss: cr->links[link].bss);
727 }
728}
729
730/*
731 * API calls for drivers implementing connect/disconnect and
732 * SME event handling
733 */
734
735/* This method must consume bss one way or another */
736void __cfg80211_connect_result(struct net_device *dev,
737 struct cfg80211_connect_resp_params *cr,
738 bool wextev)
739{
740 struct wireless_dev *wdev = dev->ieee80211_ptr;
741 const struct element *country_elem = NULL;
742 const struct element *ssid;
743 const u8 *country_data;
744 u8 country_datalen;
745#ifdef CONFIG_CFG80211_WEXT
746 union iwreq_data wrqu;
747#endif
748 unsigned int link;
749 const u8 *connected_addr;
750 bool bss_not_found = false;
751
752 lockdep_assert_wiphy(wdev->wiphy);
753
754 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_STATION &&
755 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT))
756 goto out;
757
758 if (cr->valid_links) {
759 if (WARN_ON(!cr->ap_mld_addr))
760 goto out;
761
762 for_each_valid_link(cr, link) {
763 if (WARN_ON(!cr->links[link].addr))
764 goto out;
765 }
766
767 if (WARN_ON(wdev->connect_keys))
768 goto out;
769 }
770
771 wdev->unprot_beacon_reported = 0;
772 nl80211_send_connect_result(rdev: wiphy_to_rdev(wiphy: wdev->wiphy), netdev: dev, params: cr,
773 GFP_KERNEL);
774 connected_addr = cr->valid_links ? cr->ap_mld_addr : cr->links[0].bssid;
775
776#ifdef CONFIG_CFG80211_WEXT
777 if (wextev && !cr->valid_links) {
778 if (cr->req_ie && cr->status == WLAN_STATUS_SUCCESS) {
779 memset(&wrqu, 0, sizeof(wrqu));
780 wrqu.data.length = cr->req_ie_len;
781 wireless_send_event(dev, IWEVASSOCREQIE, wrqu: &wrqu,
782 extra: cr->req_ie);
783 }
784
785 if (cr->resp_ie && cr->status == WLAN_STATUS_SUCCESS) {
786 memset(&wrqu, 0, sizeof(wrqu));
787 wrqu.data.length = cr->resp_ie_len;
788 wireless_send_event(dev, IWEVASSOCRESPIE, wrqu: &wrqu,
789 extra: cr->resp_ie);
790 }
791
792 memset(&wrqu, 0, sizeof(wrqu));
793 wrqu.ap_addr.sa_family = ARPHRD_ETHER;
794 if (connected_addr && cr->status == WLAN_STATUS_SUCCESS) {
795 memcpy(wrqu.ap_addr.sa_data, connected_addr, ETH_ALEN);
796 memcpy(wdev->wext.prev_bssid, connected_addr, ETH_ALEN);
797 wdev->wext.prev_bssid_valid = true;
798 }
799 wireless_send_event(dev, SIOCGIWAP, wrqu: &wrqu, NULL);
800 }
801#endif
802
803 if (cr->status == WLAN_STATUS_SUCCESS) {
804 if (!wiphy_to_rdev(wiphy: wdev->wiphy)->ops->connect) {
805 for_each_valid_link(cr, link) {
806 if (WARN_ON_ONCE(!cr->links[link].bss))
807 break;
808 }
809 }
810
811 for_each_valid_link(cr, link) {
812 /* don't do extra lookups for failures */
813 if (cr->links[link].status != WLAN_STATUS_SUCCESS)
814 continue;
815
816 if (cr->links[link].bss)
817 continue;
818
819 cr->links[link].bss =
820 cfg80211_get_bss(wiphy: wdev->wiphy, NULL,
821 bssid: cr->links[link].bssid,
822 ssid: wdev->u.client.ssid,
823 ssid_len: wdev->u.client.ssid_len,
824 bss_type: wdev->conn_bss_type,
825 privacy: IEEE80211_PRIVACY_ANY);
826 if (!cr->links[link].bss) {
827 bss_not_found = true;
828 break;
829 }
830 cfg80211_hold_bss(bss: bss_from_pub(pub: cr->links[link].bss));
831 }
832 }
833
834 cfg80211_wdev_release_bsses(wdev);
835
836 if (cr->status != WLAN_STATUS_SUCCESS) {
837 kfree_sensitive(objp: wdev->connect_keys);
838 wdev->connect_keys = NULL;
839 wdev->u.client.ssid_len = 0;
840 wdev->conn_owner_nlportid = 0;
841 cfg80211_connect_result_release_bsses(wdev, cr);
842 cfg80211_sme_free(wdev);
843 return;
844 }
845
846 if (WARN_ON(bss_not_found)) {
847 cfg80211_connect_result_release_bsses(wdev, cr);
848 return;
849 }
850
851 memset(wdev->links, 0, sizeof(wdev->links));
852 for_each_valid_link(cr, link) {
853 if (cr->links[link].status == WLAN_STATUS_SUCCESS)
854 continue;
855 cr->valid_links &= ~BIT(link);
856 /* don't require bss pointer for failed links */
857 if (!cr->links[link].bss)
858 continue;
859 cfg80211_unhold_bss(bss: bss_from_pub(pub: cr->links[link].bss));
860 cfg80211_put_bss(wiphy: wdev->wiphy, bss: cr->links[link].bss);
861 }
862 wdev->valid_links = cr->valid_links;
863 for_each_valid_link(cr, link)
864 wdev->links[link].client.current_bss =
865 bss_from_pub(pub: cr->links[link].bss);
866 wdev->connected = true;
867 ether_addr_copy(dst: wdev->u.client.connected_addr, src: connected_addr);
868 if (cr->valid_links) {
869 for_each_valid_link(cr, link)
870 memcpy(wdev->links[link].addr, cr->links[link].addr,
871 ETH_ALEN);
872 }
873
874 cfg80211_upload_connect_keys(wdev);
875
876 rcu_read_lock();
877 for_each_valid_link(cr, link) {
878 country_elem =
879 ieee80211_bss_get_elem(bss: cr->links[link].bss,
880 id: WLAN_EID_COUNTRY);
881 if (country_elem)
882 break;
883 }
884 if (!country_elem) {
885 rcu_read_unlock();
886 return;
887 }
888
889 country_datalen = country_elem->datalen;
890 country_data = kmemdup(p: country_elem->data, size: country_datalen, GFP_ATOMIC);
891 rcu_read_unlock();
892
893 if (!country_data)
894 return;
895
896 regulatory_hint_country_ie(wiphy: wdev->wiphy,
897 band: cr->links[link].bss->channel->band,
898 country_ie: country_data, country_ie_len: country_datalen);
899 kfree(objp: country_data);
900
901 if (!wdev->u.client.ssid_len) {
902 rcu_read_lock();
903 for_each_valid_link(cr, link) {
904 ssid = ieee80211_bss_get_elem(bss: cr->links[link].bss,
905 id: WLAN_EID_SSID);
906
907 if (!ssid || !ssid->datalen)
908 continue;
909
910 memcpy(wdev->u.client.ssid, ssid->data, ssid->datalen);
911 wdev->u.client.ssid_len = ssid->datalen;
912 break;
913 }
914 rcu_read_unlock();
915 }
916
917 return;
918out:
919 for_each_valid_link(cr, link)
920 cfg80211_put_bss(wiphy: wdev->wiphy, bss: cr->links[link].bss);
921}
922
923static void cfg80211_update_link_bss(struct wireless_dev *wdev,
924 struct cfg80211_bss **bss)
925{
926 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy: wdev->wiphy);
927 struct cfg80211_internal_bss *ibss;
928
929 if (!*bss)
930 return;
931
932 ibss = bss_from_pub(pub: *bss);
933 if (list_empty(head: &ibss->list)) {
934 struct cfg80211_bss *found = NULL, *tmp = *bss;
935
936 found = cfg80211_get_bss(wiphy: wdev->wiphy, NULL,
937 bssid: (*bss)->bssid,
938 ssid: wdev->u.client.ssid,
939 ssid_len: wdev->u.client.ssid_len,
940 bss_type: wdev->conn_bss_type,
941 privacy: IEEE80211_PRIVACY_ANY);
942 if (found) {
943 /* The same BSS is already updated so use it
944 * instead, as it has latest info.
945 */
946 *bss = found;
947 } else {
948 /* Update with BSS provided by driver, it will
949 * be freshly added and ref cnted, we can free
950 * the old one.
951 *
952 * signal_valid can be false, as we are not
953 * expecting the BSS to be found.
954 *
955 * keep the old timestamp to avoid confusion
956 */
957 cfg80211_bss_update(rdev, tmp: ibss, signal_valid: false,
958 ts: ibss->ts);
959 }
960
961 cfg80211_put_bss(wiphy: wdev->wiphy, bss: tmp);
962 }
963}
964
965/* Consumes bss object(s) one way or another */
966void cfg80211_connect_done(struct net_device *dev,
967 struct cfg80211_connect_resp_params *params,
968 gfp_t gfp)
969{
970 struct wireless_dev *wdev = dev->ieee80211_ptr;
971 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy: wdev->wiphy);
972 struct cfg80211_event *ev;
973 unsigned long flags;
974 u8 *next;
975 size_t link_info_size = 0;
976 unsigned int link;
977
978 for_each_valid_link(params, link) {
979 cfg80211_update_link_bss(wdev, bss: &params->links[link].bss);
980 link_info_size += params->links[link].bssid ? ETH_ALEN : 0;
981 link_info_size += params->links[link].addr ? ETH_ALEN : 0;
982 }
983
984 ev = kzalloc(size: sizeof(*ev) + (params->ap_mld_addr ? ETH_ALEN : 0) +
985 params->req_ie_len + params->resp_ie_len +
986 params->fils.kek_len + params->fils.pmk_len +
987 (params->fils.pmkid ? WLAN_PMKID_LEN : 0) + link_info_size,
988 flags: gfp);
989
990 if (!ev) {
991 for_each_valid_link(params, link)
992 cfg80211_put_bss(wiphy: wdev->wiphy,
993 bss: params->links[link].bss);
994 return;
995 }
996
997 ev->type = EVENT_CONNECT_RESULT;
998 next = ((u8 *)ev) + sizeof(*ev);
999 if (params->ap_mld_addr) {
1000 ev->cr.ap_mld_addr = next;
1001 memcpy((void *)ev->cr.ap_mld_addr, params->ap_mld_addr,
1002 ETH_ALEN);
1003 next += ETH_ALEN;
1004 }
1005 if (params->req_ie_len) {
1006 ev->cr.req_ie = next;
1007 ev->cr.req_ie_len = params->req_ie_len;
1008 memcpy((void *)ev->cr.req_ie, params->req_ie,
1009 params->req_ie_len);
1010 next += params->req_ie_len;
1011 }
1012 if (params->resp_ie_len) {
1013 ev->cr.resp_ie = next;
1014 ev->cr.resp_ie_len = params->resp_ie_len;
1015 memcpy((void *)ev->cr.resp_ie, params->resp_ie,
1016 params->resp_ie_len);
1017 next += params->resp_ie_len;
1018 }
1019 if (params->fils.kek_len) {
1020 ev->cr.fils.kek = next;
1021 ev->cr.fils.kek_len = params->fils.kek_len;
1022 memcpy((void *)ev->cr.fils.kek, params->fils.kek,
1023 params->fils.kek_len);
1024 next += params->fils.kek_len;
1025 }
1026 if (params->fils.pmk_len) {
1027 ev->cr.fils.pmk = next;
1028 ev->cr.fils.pmk_len = params->fils.pmk_len;
1029 memcpy((void *)ev->cr.fils.pmk, params->fils.pmk,
1030 params->fils.pmk_len);
1031 next += params->fils.pmk_len;
1032 }
1033 if (params->fils.pmkid) {
1034 ev->cr.fils.pmkid = next;
1035 memcpy((void *)ev->cr.fils.pmkid, params->fils.pmkid,
1036 WLAN_PMKID_LEN);
1037 next += WLAN_PMKID_LEN;
1038 }
1039 ev->cr.fils.update_erp_next_seq_num = params->fils.update_erp_next_seq_num;
1040 if (params->fils.update_erp_next_seq_num)
1041 ev->cr.fils.erp_next_seq_num = params->fils.erp_next_seq_num;
1042 ev->cr.valid_links = params->valid_links;
1043 for_each_valid_link(params, link) {
1044 if (params->links[link].bss)
1045 cfg80211_hold_bss(
1046 bss: bss_from_pub(pub: params->links[link].bss));
1047 ev->cr.links[link].bss = params->links[link].bss;
1048
1049 if (params->links[link].addr) {
1050 ev->cr.links[link].addr = next;
1051 memcpy((void *)ev->cr.links[link].addr,
1052 params->links[link].addr,
1053 ETH_ALEN);
1054 next += ETH_ALEN;
1055 }
1056 if (params->links[link].bssid) {
1057 ev->cr.links[link].bssid = next;
1058 memcpy((void *)ev->cr.links[link].bssid,
1059 params->links[link].bssid,
1060 ETH_ALEN);
1061 next += ETH_ALEN;
1062 }
1063 }
1064 ev->cr.status = params->status;
1065 ev->cr.timeout_reason = params->timeout_reason;
1066
1067 spin_lock_irqsave(&wdev->event_lock, flags);
1068 list_add_tail(new: &ev->list, head: &wdev->event_list);
1069 spin_unlock_irqrestore(lock: &wdev->event_lock, flags);
1070 queue_work(wq: cfg80211_wq, work: &rdev->event_work);
1071}
1072EXPORT_SYMBOL(cfg80211_connect_done);
1073
1074/* Consumes bss object one way or another */
1075void __cfg80211_roamed(struct wireless_dev *wdev,
1076 struct cfg80211_roam_info *info)
1077{
1078#ifdef CONFIG_CFG80211_WEXT
1079 union iwreq_data wrqu;
1080#endif
1081 unsigned int link;
1082 const u8 *connected_addr;
1083
1084 lockdep_assert_wiphy(wdev->wiphy);
1085
1086 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_STATION &&
1087 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT))
1088 goto out;
1089
1090 if (WARN_ON(!wdev->connected))
1091 goto out;
1092
1093 if (info->valid_links) {
1094 if (WARN_ON(!info->ap_mld_addr))
1095 goto out;
1096
1097 for_each_valid_link(info, link) {
1098 if (WARN_ON(!info->links[link].addr))
1099 goto out;
1100 }
1101 }
1102
1103 cfg80211_wdev_release_bsses(wdev);
1104
1105 for_each_valid_link(info, link) {
1106 if (WARN_ON(!info->links[link].bss))
1107 goto out;
1108 }
1109
1110 memset(wdev->links, 0, sizeof(wdev->links));
1111 wdev->valid_links = info->valid_links;
1112 for_each_valid_link(info, link) {
1113 cfg80211_hold_bss(bss: bss_from_pub(pub: info->links[link].bss));
1114 wdev->links[link].client.current_bss =
1115 bss_from_pub(pub: info->links[link].bss);
1116 }
1117
1118 connected_addr = info->valid_links ?
1119 info->ap_mld_addr :
1120 info->links[0].bss->bssid;
1121 ether_addr_copy(dst: wdev->u.client.connected_addr, src: connected_addr);
1122 if (info->valid_links) {
1123 for_each_valid_link(info, link)
1124 memcpy(wdev->links[link].addr, info->links[link].addr,
1125 ETH_ALEN);
1126 }
1127 wdev->unprot_beacon_reported = 0;
1128 nl80211_send_roamed(rdev: wiphy_to_rdev(wiphy: wdev->wiphy),
1129 netdev: wdev->netdev, info, GFP_KERNEL);
1130
1131#ifdef CONFIG_CFG80211_WEXT
1132 if (!info->valid_links) {
1133 if (info->req_ie) {
1134 memset(&wrqu, 0, sizeof(wrqu));
1135 wrqu.data.length = info->req_ie_len;
1136 wireless_send_event(dev: wdev->netdev, IWEVASSOCREQIE,
1137 wrqu: &wrqu, extra: info->req_ie);
1138 }
1139
1140 if (info->resp_ie) {
1141 memset(&wrqu, 0, sizeof(wrqu));
1142 wrqu.data.length = info->resp_ie_len;
1143 wireless_send_event(dev: wdev->netdev, IWEVASSOCRESPIE,
1144 wrqu: &wrqu, extra: info->resp_ie);
1145 }
1146
1147 memset(&wrqu, 0, sizeof(wrqu));
1148 wrqu.ap_addr.sa_family = ARPHRD_ETHER;
1149 memcpy(wrqu.ap_addr.sa_data, connected_addr, ETH_ALEN);
1150 memcpy(wdev->wext.prev_bssid, connected_addr, ETH_ALEN);
1151 wdev->wext.prev_bssid_valid = true;
1152 wireless_send_event(dev: wdev->netdev, SIOCGIWAP, wrqu: &wrqu, NULL);
1153 }
1154#endif
1155
1156 return;
1157out:
1158 for_each_valid_link(info, link)
1159 cfg80211_put_bss(wiphy: wdev->wiphy, bss: info->links[link].bss);
1160}
1161
1162/* Consumes info->links.bss object(s) one way or another */
1163void cfg80211_roamed(struct net_device *dev, struct cfg80211_roam_info *info,
1164 gfp_t gfp)
1165{
1166 struct wireless_dev *wdev = dev->ieee80211_ptr;
1167 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy: wdev->wiphy);
1168 struct cfg80211_event *ev;
1169 unsigned long flags;
1170 u8 *next;
1171 unsigned int link;
1172 size_t link_info_size = 0;
1173 bool bss_not_found = false;
1174
1175 for_each_valid_link(info, link) {
1176 link_info_size += info->links[link].addr ? ETH_ALEN : 0;
1177 link_info_size += info->links[link].bssid ? ETH_ALEN : 0;
1178
1179 if (info->links[link].bss)
1180 continue;
1181
1182 info->links[link].bss =
1183 cfg80211_get_bss(wiphy: wdev->wiphy,
1184 channel: info->links[link].channel,
1185 bssid: info->links[link].bssid,
1186 ssid: wdev->u.client.ssid,
1187 ssid_len: wdev->u.client.ssid_len,
1188 bss_type: wdev->conn_bss_type,
1189 privacy: IEEE80211_PRIVACY_ANY);
1190
1191 if (!info->links[link].bss) {
1192 bss_not_found = true;
1193 break;
1194 }
1195 }
1196
1197 if (WARN_ON(bss_not_found))
1198 goto out;
1199
1200 ev = kzalloc(size: sizeof(*ev) + info->req_ie_len + info->resp_ie_len +
1201 info->fils.kek_len + info->fils.pmk_len +
1202 (info->fils.pmkid ? WLAN_PMKID_LEN : 0) +
1203 (info->ap_mld_addr ? ETH_ALEN : 0) + link_info_size, flags: gfp);
1204 if (!ev)
1205 goto out;
1206
1207 ev->type = EVENT_ROAMED;
1208 next = ((u8 *)ev) + sizeof(*ev);
1209 if (info->req_ie_len) {
1210 ev->rm.req_ie = next;
1211 ev->rm.req_ie_len = info->req_ie_len;
1212 memcpy((void *)ev->rm.req_ie, info->req_ie, info->req_ie_len);
1213 next += info->req_ie_len;
1214 }
1215 if (info->resp_ie_len) {
1216 ev->rm.resp_ie = next;
1217 ev->rm.resp_ie_len = info->resp_ie_len;
1218 memcpy((void *)ev->rm.resp_ie, info->resp_ie,
1219 info->resp_ie_len);
1220 next += info->resp_ie_len;
1221 }
1222 if (info->fils.kek_len) {
1223 ev->rm.fils.kek = next;
1224 ev->rm.fils.kek_len = info->fils.kek_len;
1225 memcpy((void *)ev->rm.fils.kek, info->fils.kek,
1226 info->fils.kek_len);
1227 next += info->fils.kek_len;
1228 }
1229 if (info->fils.pmk_len) {
1230 ev->rm.fils.pmk = next;
1231 ev->rm.fils.pmk_len = info->fils.pmk_len;
1232 memcpy((void *)ev->rm.fils.pmk, info->fils.pmk,
1233 info->fils.pmk_len);
1234 next += info->fils.pmk_len;
1235 }
1236 if (info->fils.pmkid) {
1237 ev->rm.fils.pmkid = next;
1238 memcpy((void *)ev->rm.fils.pmkid, info->fils.pmkid,
1239 WLAN_PMKID_LEN);
1240 next += WLAN_PMKID_LEN;
1241 }
1242 ev->rm.fils.update_erp_next_seq_num = info->fils.update_erp_next_seq_num;
1243 if (info->fils.update_erp_next_seq_num)
1244 ev->rm.fils.erp_next_seq_num = info->fils.erp_next_seq_num;
1245 if (info->ap_mld_addr) {
1246 ev->rm.ap_mld_addr = next;
1247 memcpy((void *)ev->rm.ap_mld_addr, info->ap_mld_addr,
1248 ETH_ALEN);
1249 next += ETH_ALEN;
1250 }
1251 ev->rm.valid_links = info->valid_links;
1252 for_each_valid_link(info, link) {
1253 ev->rm.links[link].bss = info->links[link].bss;
1254
1255 if (info->links[link].addr) {
1256 ev->rm.links[link].addr = next;
1257 memcpy((void *)ev->rm.links[link].addr,
1258 info->links[link].addr,
1259 ETH_ALEN);
1260 next += ETH_ALEN;
1261 }
1262
1263 if (info->links[link].bssid) {
1264 ev->rm.links[link].bssid = next;
1265 memcpy((void *)ev->rm.links[link].bssid,
1266 info->links[link].bssid,
1267 ETH_ALEN);
1268 next += ETH_ALEN;
1269 }
1270 }
1271
1272 spin_lock_irqsave(&wdev->event_lock, flags);
1273 list_add_tail(new: &ev->list, head: &wdev->event_list);
1274 spin_unlock_irqrestore(lock: &wdev->event_lock, flags);
1275 queue_work(wq: cfg80211_wq, work: &rdev->event_work);
1276
1277 return;
1278out:
1279 for_each_valid_link(info, link)
1280 cfg80211_put_bss(wiphy: wdev->wiphy, bss: info->links[link].bss);
1281
1282}
1283EXPORT_SYMBOL(cfg80211_roamed);
1284
1285void __cfg80211_port_authorized(struct wireless_dev *wdev, const u8 *peer_addr,
1286 const u8 *td_bitmap, u8 td_bitmap_len)
1287{
1288 lockdep_assert_wiphy(wdev->wiphy);
1289
1290 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_STATION &&
1291 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT &&
1292 wdev->iftype != NL80211_IFTYPE_AP &&
1293 wdev->iftype != NL80211_IFTYPE_P2P_GO))
1294 return;
1295
1296 if (wdev->iftype == NL80211_IFTYPE_STATION ||
1297 wdev->iftype == NL80211_IFTYPE_P2P_CLIENT) {
1298 if (WARN_ON(!wdev->connected) ||
1299 WARN_ON(!ether_addr_equal(wdev->u.client.connected_addr, peer_addr)))
1300 return;
1301 }
1302
1303 nl80211_send_port_authorized(rdev: wiphy_to_rdev(wiphy: wdev->wiphy), netdev: wdev->netdev,
1304 peer_addr, td_bitmap, td_bitmap_len);
1305}
1306
1307void cfg80211_port_authorized(struct net_device *dev, const u8 *peer_addr,
1308 const u8 *td_bitmap, u8 td_bitmap_len, gfp_t gfp)
1309{
1310 struct wireless_dev *wdev = dev->ieee80211_ptr;
1311 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy: wdev->wiphy);
1312 struct cfg80211_event *ev;
1313 unsigned long flags;
1314
1315 if (WARN_ON(!peer_addr))
1316 return;
1317
1318 ev = kzalloc(size: sizeof(*ev) + td_bitmap_len, flags: gfp);
1319 if (!ev)
1320 return;
1321
1322 ev->type = EVENT_PORT_AUTHORIZED;
1323 memcpy(ev->pa.peer_addr, peer_addr, ETH_ALEN);
1324 ev->pa.td_bitmap = ((u8 *)ev) + sizeof(*ev);
1325 ev->pa.td_bitmap_len = td_bitmap_len;
1326 memcpy((void *)ev->pa.td_bitmap, td_bitmap, td_bitmap_len);
1327
1328 /*
1329 * Use the wdev event list so that if there are pending
1330 * connected/roamed events, they will be reported first.
1331 */
1332 spin_lock_irqsave(&wdev->event_lock, flags);
1333 list_add_tail(new: &ev->list, head: &wdev->event_list);
1334 spin_unlock_irqrestore(lock: &wdev->event_lock, flags);
1335 queue_work(wq: cfg80211_wq, work: &rdev->event_work);
1336}
1337EXPORT_SYMBOL(cfg80211_port_authorized);
1338
1339void __cfg80211_disconnected(struct net_device *dev, const u8 *ie,
1340 size_t ie_len, u16 reason, bool from_ap)
1341{
1342 struct wireless_dev *wdev = dev->ieee80211_ptr;
1343 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy: wdev->wiphy);
1344 int i;
1345#ifdef CONFIG_CFG80211_WEXT
1346 union iwreq_data wrqu;
1347#endif
1348
1349 lockdep_assert_wiphy(wdev->wiphy);
1350
1351 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_STATION &&
1352 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT))
1353 return;
1354
1355 cfg80211_wdev_release_bsses(wdev);
1356 wdev->connected = false;
1357 wdev->u.client.ssid_len = 0;
1358 wdev->conn_owner_nlportid = 0;
1359 kfree_sensitive(objp: wdev->connect_keys);
1360 wdev->connect_keys = NULL;
1361
1362 nl80211_send_disconnected(rdev, netdev: dev, reason, ie, ie_len, from_ap);
1363
1364 /* stop critical protocol if supported */
1365 if (rdev->ops->crit_proto_stop && rdev->crit_proto_nlportid) {
1366 rdev->crit_proto_nlportid = 0;
1367 rdev_crit_proto_stop(rdev, wdev);
1368 }
1369
1370 /*
1371 * Delete all the keys ... pairwise keys can't really
1372 * exist any more anyway, but default keys might.
1373 */
1374 if (rdev->ops->del_key) {
1375 int max_key_idx = 5;
1376
1377 if (wiphy_ext_feature_isset(
1378 wiphy: wdev->wiphy,
1379 ftidx: NL80211_EXT_FEATURE_BEACON_PROTECTION) ||
1380 wiphy_ext_feature_isset(
1381 wiphy: wdev->wiphy,
1382 ftidx: NL80211_EXT_FEATURE_BEACON_PROTECTION_CLIENT))
1383 max_key_idx = 7;
1384 for (i = 0; i <= max_key_idx; i++)
1385 rdev_del_key(rdev, netdev: dev, link_id: -1, key_index: i, pairwise: false, NULL);
1386 }
1387
1388 rdev_set_qos_map(rdev, dev, NULL);
1389
1390#ifdef CONFIG_CFG80211_WEXT
1391 memset(&wrqu, 0, sizeof(wrqu));
1392 wrqu.ap_addr.sa_family = ARPHRD_ETHER;
1393 wireless_send_event(dev, SIOCGIWAP, wrqu: &wrqu, NULL);
1394 wdev->wext.connect.ssid_len = 0;
1395#endif
1396
1397 schedule_work(work: &cfg80211_disconnect_work);
1398
1399 cfg80211_schedule_channels_check(wdev);
1400}
1401
1402void cfg80211_disconnected(struct net_device *dev, u16 reason,
1403 const u8 *ie, size_t ie_len,
1404 bool locally_generated, gfp_t gfp)
1405{
1406 struct wireless_dev *wdev = dev->ieee80211_ptr;
1407 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy: wdev->wiphy);
1408 struct cfg80211_event *ev;
1409 unsigned long flags;
1410
1411 ev = kzalloc(size: sizeof(*ev) + ie_len, flags: gfp);
1412 if (!ev)
1413 return;
1414
1415 ev->type = EVENT_DISCONNECTED;
1416 ev->dc.ie = ((u8 *)ev) + sizeof(*ev);
1417 ev->dc.ie_len = ie_len;
1418 memcpy((void *)ev->dc.ie, ie, ie_len);
1419 ev->dc.reason = reason;
1420 ev->dc.locally_generated = locally_generated;
1421
1422 spin_lock_irqsave(&wdev->event_lock, flags);
1423 list_add_tail(new: &ev->list, head: &wdev->event_list);
1424 spin_unlock_irqrestore(lock: &wdev->event_lock, flags);
1425 queue_work(wq: cfg80211_wq, work: &rdev->event_work);
1426}
1427EXPORT_SYMBOL(cfg80211_disconnected);
1428
1429/*
1430 * API calls for nl80211/wext compatibility code
1431 */
1432int cfg80211_connect(struct cfg80211_registered_device *rdev,
1433 struct net_device *dev,
1434 struct cfg80211_connect_params *connect,
1435 struct cfg80211_cached_keys *connkeys,
1436 const u8 *prev_bssid)
1437{
1438 struct wireless_dev *wdev = dev->ieee80211_ptr;
1439 int err;
1440
1441 lockdep_assert_wiphy(wdev->wiphy);
1442
1443 /*
1444 * If we have an ssid_len, we're trying to connect or are
1445 * already connected, so reject a new SSID unless it's the
1446 * same (which is the case for re-association.)
1447 */
1448 if (wdev->u.client.ssid_len &&
1449 (wdev->u.client.ssid_len != connect->ssid_len ||
1450 memcmp(p: wdev->u.client.ssid, q: connect->ssid, size: wdev->u.client.ssid_len)))
1451 return -EALREADY;
1452
1453 /*
1454 * If connected, reject (re-)association unless prev_bssid
1455 * matches the current BSSID.
1456 */
1457 if (wdev->connected) {
1458 if (!prev_bssid)
1459 return -EALREADY;
1460 if (!ether_addr_equal(addr1: prev_bssid,
1461 addr2: wdev->u.client.connected_addr))
1462 return -ENOTCONN;
1463 }
1464
1465 /*
1466 * Reject if we're in the process of connecting with WEP,
1467 * this case isn't very interesting and trying to handle
1468 * it would make the code much more complex.
1469 */
1470 if (wdev->connect_keys)
1471 return -EINPROGRESS;
1472
1473 cfg80211_oper_and_ht_capa(ht_capa: &connect->ht_capa_mask,
1474 ht_capa_mask: rdev->wiphy.ht_capa_mod_mask);
1475 cfg80211_oper_and_vht_capa(vht_capa: &connect->vht_capa_mask,
1476 vht_capa_mask: rdev->wiphy.vht_capa_mod_mask);
1477
1478 if (connkeys && connkeys->def >= 0) {
1479 int idx;
1480 u32 cipher;
1481
1482 idx = connkeys->def;
1483 cipher = connkeys->params[idx].cipher;
1484 /* If given a WEP key we may need it for shared key auth */
1485 if (cipher == WLAN_CIPHER_SUITE_WEP40 ||
1486 cipher == WLAN_CIPHER_SUITE_WEP104) {
1487 connect->key_idx = idx;
1488 connect->key = connkeys->params[idx].key;
1489 connect->key_len = connkeys->params[idx].key_len;
1490
1491 /*
1492 * If ciphers are not set (e.g. when going through
1493 * iwconfig), we have to set them appropriately here.
1494 */
1495 if (connect->crypto.cipher_group == 0)
1496 connect->crypto.cipher_group = cipher;
1497
1498 if (connect->crypto.n_ciphers_pairwise == 0) {
1499 connect->crypto.n_ciphers_pairwise = 1;
1500 connect->crypto.ciphers_pairwise[0] = cipher;
1501 }
1502 }
1503 } else {
1504 if (WARN_ON(connkeys))
1505 return -EINVAL;
1506
1507 /* connect can point to wdev->wext.connect which
1508 * can hold key data from a previous connection
1509 */
1510 connect->key = NULL;
1511 connect->key_len = 0;
1512 connect->key_idx = 0;
1513 }
1514
1515 wdev->connect_keys = connkeys;
1516 memcpy(wdev->u.client.ssid, connect->ssid, connect->ssid_len);
1517 wdev->u.client.ssid_len = connect->ssid_len;
1518
1519 wdev->conn_bss_type = connect->pbss ? IEEE80211_BSS_TYPE_PBSS :
1520 IEEE80211_BSS_TYPE_ESS;
1521
1522 if (!rdev->ops->connect)
1523 err = cfg80211_sme_connect(wdev, connect, prev_bssid);
1524 else
1525 err = rdev_connect(rdev, dev, sme: connect);
1526
1527 if (err) {
1528 wdev->connect_keys = NULL;
1529 /*
1530 * This could be reassoc getting refused, don't clear
1531 * ssid_len in that case.
1532 */
1533 if (!wdev->connected)
1534 wdev->u.client.ssid_len = 0;
1535 return err;
1536 }
1537
1538 return 0;
1539}
1540
1541int cfg80211_disconnect(struct cfg80211_registered_device *rdev,
1542 struct net_device *dev, u16 reason, bool wextev)
1543{
1544 struct wireless_dev *wdev = dev->ieee80211_ptr;
1545 int err = 0;
1546
1547 lockdep_assert_wiphy(wdev->wiphy);
1548
1549 kfree_sensitive(objp: wdev->connect_keys);
1550 wdev->connect_keys = NULL;
1551
1552 wdev->conn_owner_nlportid = 0;
1553
1554 if (wdev->conn)
1555 err = cfg80211_sme_disconnect(wdev, reason);
1556 else if (!rdev->ops->disconnect)
1557 cfg80211_mlme_down(rdev, dev);
1558 else if (wdev->u.client.ssid_len)
1559 err = rdev_disconnect(rdev, dev, reason_code: reason);
1560
1561 /*
1562 * Clear ssid_len unless we actually were fully connected,
1563 * in which case cfg80211_disconnected() will take care of
1564 * this later.
1565 */
1566 if (!wdev->connected)
1567 wdev->u.client.ssid_len = 0;
1568
1569 return err;
1570}
1571
1572/*
1573 * Used to clean up after the connection / connection attempt owner socket
1574 * disconnects
1575 */
1576void cfg80211_autodisconnect_wk(struct work_struct *work)
1577{
1578 struct wireless_dev *wdev =
1579 container_of(work, struct wireless_dev, disconnect_wk);
1580 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy: wdev->wiphy);
1581
1582 wiphy_lock(wiphy: wdev->wiphy);
1583
1584 if (wdev->conn_owner_nlportid) {
1585 switch (wdev->iftype) {
1586 case NL80211_IFTYPE_ADHOC:
1587 cfg80211_leave_ibss(rdev, dev: wdev->netdev, nowext: false);
1588 break;
1589 case NL80211_IFTYPE_AP:
1590 case NL80211_IFTYPE_P2P_GO:
1591 cfg80211_stop_ap(rdev, dev: wdev->netdev, link: -1, notify: false);
1592 break;
1593 case NL80211_IFTYPE_MESH_POINT:
1594 cfg80211_leave_mesh(rdev, dev: wdev->netdev);
1595 break;
1596 case NL80211_IFTYPE_STATION:
1597 case NL80211_IFTYPE_P2P_CLIENT:
1598 /*
1599 * Use disconnect_bssid if still connecting and
1600 * ops->disconnect not implemented. Otherwise we can
1601 * use cfg80211_disconnect.
1602 */
1603 if (rdev->ops->disconnect || wdev->connected)
1604 cfg80211_disconnect(rdev, dev: wdev->netdev,
1605 reason: WLAN_REASON_DEAUTH_LEAVING,
1606 wextev: true);
1607 else
1608 cfg80211_mlme_deauth(rdev, dev: wdev->netdev,
1609 bssid: wdev->disconnect_bssid,
1610 NULL, ie_len: 0,
1611 reason: WLAN_REASON_DEAUTH_LEAVING,
1612 local_state_change: false);
1613 break;
1614 default:
1615 break;
1616 }
1617 }
1618
1619 wiphy_unlock(wiphy: wdev->wiphy);
1620}
1621

source code of linux/net/wireless/sme.c