1 | // SPDX-License-Identifier: GPL-2.0 |
2 | /* |
3 | * SME code for cfg80211 |
4 | * both driver SME event handling and the SME implementation |
5 | * (for nl80211's connect() and wext) |
6 | * |
7 | * Copyright 2009 Johannes Berg <johannes@sipsolutions.net> |
8 | * Copyright (C) 2009, 2020, 2022-2023 Intel Corporation. All rights reserved. |
9 | * Copyright 2017 Intel Deutschland GmbH |
10 | */ |
11 | |
12 | #include <linux/etherdevice.h> |
13 | #include <linux/if_arp.h> |
14 | #include <linux/slab.h> |
15 | #include <linux/workqueue.h> |
16 | #include <linux/wireless.h> |
17 | #include <linux/export.h> |
18 | #include <net/iw_handler.h> |
19 | #include <net/cfg80211.h> |
20 | #include <net/rtnetlink.h> |
21 | #include "nl80211.h" |
22 | #include "reg.h" |
23 | #include "rdev-ops.h" |
24 | |
25 | /* |
26 | * Software SME in cfg80211, using auth/assoc/deauth calls to the |
27 | * driver. This is for implementing nl80211's connect/disconnect |
28 | * and wireless extensions (if configured.) |
29 | */ |
30 | |
31 | struct cfg80211_conn { |
32 | struct cfg80211_connect_params params; |
33 | /* these are sub-states of the _CONNECTING sme_state */ |
34 | enum { |
35 | CFG80211_CONN_SCANNING, |
36 | CFG80211_CONN_SCAN_AGAIN, |
37 | CFG80211_CONN_AUTHENTICATE_NEXT, |
38 | CFG80211_CONN_AUTHENTICATING, |
39 | CFG80211_CONN_AUTH_FAILED_TIMEOUT, |
40 | CFG80211_CONN_ASSOCIATE_NEXT, |
41 | CFG80211_CONN_ASSOCIATING, |
42 | CFG80211_CONN_ASSOC_FAILED, |
43 | CFG80211_CONN_ASSOC_FAILED_TIMEOUT, |
44 | CFG80211_CONN_DEAUTH, |
45 | CFG80211_CONN_ABANDON, |
46 | CFG80211_CONN_CONNECTED, |
47 | } state; |
48 | u8 bssid[ETH_ALEN], prev_bssid[ETH_ALEN]; |
49 | const u8 *ie; |
50 | size_t ie_len; |
51 | bool auto_auth, prev_bssid_valid; |
52 | }; |
53 | |
54 | static void cfg80211_sme_free(struct wireless_dev *wdev) |
55 | { |
56 | if (!wdev->conn) |
57 | return; |
58 | |
59 | kfree(objp: wdev->conn->ie); |
60 | kfree(objp: wdev->conn); |
61 | wdev->conn = NULL; |
62 | } |
63 | |
64 | static int cfg80211_conn_scan(struct wireless_dev *wdev) |
65 | { |
66 | struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy: wdev->wiphy); |
67 | struct cfg80211_scan_request *request; |
68 | int n_channels, err; |
69 | |
70 | lockdep_assert_wiphy(wdev->wiphy); |
71 | |
72 | if (rdev->scan_req || rdev->scan_msg) |
73 | return -EBUSY; |
74 | |
75 | if (wdev->conn->params.channel) |
76 | n_channels = 1; |
77 | else |
78 | n_channels = ieee80211_get_num_supported_channels(wiphy: wdev->wiphy); |
79 | |
80 | request = kzalloc(size: sizeof(*request) + sizeof(request->ssids[0]) + |
81 | sizeof(request->channels[0]) * n_channels, |
82 | GFP_KERNEL); |
83 | if (!request) |
84 | return -ENOMEM; |
85 | |
86 | if (wdev->conn->params.channel) { |
87 | enum nl80211_band band = wdev->conn->params.channel->band; |
88 | struct ieee80211_supported_band *sband = |
89 | wdev->wiphy->bands[band]; |
90 | |
91 | if (!sband) { |
92 | kfree(objp: request); |
93 | return -EINVAL; |
94 | } |
95 | request->channels[0] = wdev->conn->params.channel; |
96 | request->rates[band] = (1 << sband->n_bitrates) - 1; |
97 | } else { |
98 | int i = 0, j; |
99 | enum nl80211_band band; |
100 | struct ieee80211_supported_band *bands; |
101 | struct ieee80211_channel *channel; |
102 | |
103 | for (band = 0; band < NUM_NL80211_BANDS; band++) { |
104 | bands = wdev->wiphy->bands[band]; |
105 | if (!bands) |
106 | continue; |
107 | for (j = 0; j < bands->n_channels; j++) { |
108 | channel = &bands->channels[j]; |
109 | if (channel->flags & IEEE80211_CHAN_DISABLED) |
110 | continue; |
111 | request->channels[i++] = channel; |
112 | } |
113 | request->rates[band] = (1 << bands->n_bitrates) - 1; |
114 | } |
115 | n_channels = i; |
116 | } |
117 | request->n_channels = n_channels; |
118 | request->ssids = (void *)&request->channels[n_channels]; |
119 | request->n_ssids = 1; |
120 | |
121 | memcpy(request->ssids[0].ssid, wdev->conn->params.ssid, |
122 | wdev->conn->params.ssid_len); |
123 | request->ssids[0].ssid_len = wdev->conn->params.ssid_len; |
124 | |
125 | eth_broadcast_addr(addr: request->bssid); |
126 | |
127 | request->wdev = wdev; |
128 | request->wiphy = &rdev->wiphy; |
129 | request->scan_start = jiffies; |
130 | |
131 | rdev->scan_req = request; |
132 | |
133 | err = rdev_scan(rdev, request); |
134 | if (!err) { |
135 | wdev->conn->state = CFG80211_CONN_SCANNING; |
136 | nl80211_send_scan_start(rdev, wdev); |
137 | dev_hold(dev: wdev->netdev); |
138 | } else { |
139 | rdev->scan_req = NULL; |
140 | kfree(objp: request); |
141 | } |
142 | return err; |
143 | } |
144 | |
145 | static int cfg80211_conn_do_work(struct wireless_dev *wdev, |
146 | enum nl80211_timeout_reason *treason) |
147 | { |
148 | struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy: wdev->wiphy); |
149 | struct cfg80211_connect_params *params; |
150 | struct cfg80211_auth_request auth_req = {}; |
151 | struct cfg80211_assoc_request req = {}; |
152 | int err; |
153 | |
154 | lockdep_assert_wiphy(wdev->wiphy); |
155 | |
156 | if (!wdev->conn) |
157 | return 0; |
158 | |
159 | params = &wdev->conn->params; |
160 | |
161 | switch (wdev->conn->state) { |
162 | case CFG80211_CONN_SCANNING: |
163 | /* didn't find it during scan ... */ |
164 | return -ENOENT; |
165 | case CFG80211_CONN_SCAN_AGAIN: |
166 | return cfg80211_conn_scan(wdev); |
167 | case CFG80211_CONN_AUTHENTICATE_NEXT: |
168 | if (WARN_ON(!rdev->ops->auth)) |
169 | return -EOPNOTSUPP; |
170 | wdev->conn->state = CFG80211_CONN_AUTHENTICATING; |
171 | auth_req.key = params->key; |
172 | auth_req.key_len = params->key_len; |
173 | auth_req.key_idx = params->key_idx; |
174 | auth_req.auth_type = params->auth_type; |
175 | auth_req.bss = cfg80211_get_bss(wiphy: &rdev->wiphy, channel: params->channel, |
176 | bssid: params->bssid, |
177 | ssid: params->ssid, ssid_len: params->ssid_len, |
178 | bss_type: IEEE80211_BSS_TYPE_ESS, |
179 | privacy: IEEE80211_PRIVACY_ANY); |
180 | auth_req.link_id = -1; |
181 | err = cfg80211_mlme_auth(rdev, dev: wdev->netdev, req: &auth_req); |
182 | cfg80211_put_bss(wiphy: &rdev->wiphy, bss: auth_req.bss); |
183 | return err; |
184 | case CFG80211_CONN_AUTH_FAILED_TIMEOUT: |
185 | *treason = NL80211_TIMEOUT_AUTH; |
186 | return -ENOTCONN; |
187 | case CFG80211_CONN_ASSOCIATE_NEXT: |
188 | if (WARN_ON(!rdev->ops->assoc)) |
189 | return -EOPNOTSUPP; |
190 | wdev->conn->state = CFG80211_CONN_ASSOCIATING; |
191 | if (wdev->conn->prev_bssid_valid) |
192 | req.prev_bssid = wdev->conn->prev_bssid; |
193 | req.ie = params->ie; |
194 | req.ie_len = params->ie_len; |
195 | req.use_mfp = params->mfp != NL80211_MFP_NO; |
196 | req.crypto = params->crypto; |
197 | req.flags = params->flags; |
198 | req.ht_capa = params->ht_capa; |
199 | req.ht_capa_mask = params->ht_capa_mask; |
200 | req.vht_capa = params->vht_capa; |
201 | req.vht_capa_mask = params->vht_capa_mask; |
202 | req.link_id = -1; |
203 | |
204 | req.bss = cfg80211_get_bss(wiphy: &rdev->wiphy, channel: params->channel, |
205 | bssid: params->bssid, |
206 | ssid: params->ssid, ssid_len: params->ssid_len, |
207 | bss_type: IEEE80211_BSS_TYPE_ESS, |
208 | privacy: IEEE80211_PRIVACY_ANY); |
209 | if (!req.bss) { |
210 | err = -ENOENT; |
211 | } else { |
212 | err = cfg80211_mlme_assoc(rdev, dev: wdev->netdev, |
213 | req: &req, NULL); |
214 | cfg80211_put_bss(wiphy: &rdev->wiphy, bss: req.bss); |
215 | } |
216 | |
217 | if (err) |
218 | cfg80211_mlme_deauth(rdev, dev: wdev->netdev, bssid: params->bssid, |
219 | NULL, ie_len: 0, |
220 | reason: WLAN_REASON_DEAUTH_LEAVING, |
221 | local_state_change: false); |
222 | return err; |
223 | case CFG80211_CONN_ASSOC_FAILED_TIMEOUT: |
224 | *treason = NL80211_TIMEOUT_ASSOC; |
225 | fallthrough; |
226 | case CFG80211_CONN_ASSOC_FAILED: |
227 | cfg80211_mlme_deauth(rdev, dev: wdev->netdev, bssid: params->bssid, |
228 | NULL, ie_len: 0, |
229 | reason: WLAN_REASON_DEAUTH_LEAVING, local_state_change: false); |
230 | return -ENOTCONN; |
231 | case CFG80211_CONN_DEAUTH: |
232 | cfg80211_mlme_deauth(rdev, dev: wdev->netdev, bssid: params->bssid, |
233 | NULL, ie_len: 0, |
234 | reason: WLAN_REASON_DEAUTH_LEAVING, local_state_change: false); |
235 | fallthrough; |
236 | case CFG80211_CONN_ABANDON: |
237 | /* free directly, disconnected event already sent */ |
238 | cfg80211_sme_free(wdev); |
239 | return 0; |
240 | default: |
241 | return 0; |
242 | } |
243 | } |
244 | |
245 | void cfg80211_conn_work(struct work_struct *work) |
246 | { |
247 | struct cfg80211_registered_device *rdev = |
248 | container_of(work, struct cfg80211_registered_device, conn_work); |
249 | struct wireless_dev *wdev; |
250 | u8 bssid_buf[ETH_ALEN], *bssid = NULL; |
251 | enum nl80211_timeout_reason treason; |
252 | |
253 | wiphy_lock(wiphy: &rdev->wiphy); |
254 | |
255 | list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) { |
256 | if (!wdev->netdev) |
257 | continue; |
258 | |
259 | if (!netif_running(dev: wdev->netdev)) |
260 | continue; |
261 | |
262 | if (!wdev->conn || |
263 | wdev->conn->state == CFG80211_CONN_CONNECTED) |
264 | continue; |
265 | |
266 | if (wdev->conn->params.bssid) { |
267 | memcpy(bssid_buf, wdev->conn->params.bssid, ETH_ALEN); |
268 | bssid = bssid_buf; |
269 | } |
270 | treason = NL80211_TIMEOUT_UNSPECIFIED; |
271 | if (cfg80211_conn_do_work(wdev, treason: &treason)) { |
272 | struct cfg80211_connect_resp_params cr; |
273 | |
274 | memset(&cr, 0, sizeof(cr)); |
275 | cr.status = -1; |
276 | cr.links[0].bssid = bssid; |
277 | cr.timeout_reason = treason; |
278 | __cfg80211_connect_result(dev: wdev->netdev, params: &cr, wextev: false); |
279 | } |
280 | } |
281 | |
282 | wiphy_unlock(wiphy: &rdev->wiphy); |
283 | } |
284 | |
285 | static void cfg80211_step_auth_next(struct cfg80211_conn *conn, |
286 | struct cfg80211_bss *bss) |
287 | { |
288 | memcpy(conn->bssid, bss->bssid, ETH_ALEN); |
289 | conn->params.bssid = conn->bssid; |
290 | conn->params.channel = bss->channel; |
291 | conn->state = CFG80211_CONN_AUTHENTICATE_NEXT; |
292 | } |
293 | |
294 | /* Returned bss is reference counted and must be cleaned up appropriately. */ |
295 | static struct cfg80211_bss *cfg80211_get_conn_bss(struct wireless_dev *wdev) |
296 | { |
297 | struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy: wdev->wiphy); |
298 | struct cfg80211_bss *bss; |
299 | |
300 | lockdep_assert_wiphy(wdev->wiphy); |
301 | |
302 | bss = cfg80211_get_bss(wiphy: wdev->wiphy, channel: wdev->conn->params.channel, |
303 | bssid: wdev->conn->params.bssid, |
304 | ssid: wdev->conn->params.ssid, |
305 | ssid_len: wdev->conn->params.ssid_len, |
306 | bss_type: wdev->conn_bss_type, |
307 | IEEE80211_PRIVACY(wdev->conn->params.privacy)); |
308 | if (!bss) |
309 | return NULL; |
310 | |
311 | cfg80211_step_auth_next(conn: wdev->conn, bss); |
312 | schedule_work(work: &rdev->conn_work); |
313 | |
314 | return bss; |
315 | } |
316 | |
317 | void cfg80211_sme_scan_done(struct net_device *dev) |
318 | { |
319 | struct wireless_dev *wdev = dev->ieee80211_ptr; |
320 | struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy: wdev->wiphy); |
321 | struct cfg80211_bss *bss; |
322 | |
323 | lockdep_assert_wiphy(wdev->wiphy); |
324 | |
325 | if (!wdev->conn) |
326 | return; |
327 | |
328 | if (wdev->conn->state != CFG80211_CONN_SCANNING && |
329 | wdev->conn->state != CFG80211_CONN_SCAN_AGAIN) |
330 | return; |
331 | |
332 | bss = cfg80211_get_conn_bss(wdev); |
333 | if (bss) |
334 | cfg80211_put_bss(wiphy: &rdev->wiphy, bss); |
335 | else |
336 | schedule_work(work: &rdev->conn_work); |
337 | } |
338 | |
339 | void cfg80211_sme_rx_auth(struct wireless_dev *wdev, const u8 *buf, size_t len) |
340 | { |
341 | struct wiphy *wiphy = wdev->wiphy; |
342 | struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); |
343 | struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)buf; |
344 | u16 status_code = le16_to_cpu(mgmt->u.auth.status_code); |
345 | |
346 | lockdep_assert_wiphy(wdev->wiphy); |
347 | |
348 | if (!wdev->conn || wdev->conn->state == CFG80211_CONN_CONNECTED) |
349 | return; |
350 | |
351 | if (status_code == WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG && |
352 | wdev->conn->auto_auth && |
353 | wdev->conn->params.auth_type != NL80211_AUTHTYPE_NETWORK_EAP) { |
354 | /* select automatically between only open, shared, leap */ |
355 | switch (wdev->conn->params.auth_type) { |
356 | case NL80211_AUTHTYPE_OPEN_SYSTEM: |
357 | if (wdev->connect_keys) |
358 | wdev->conn->params.auth_type = |
359 | NL80211_AUTHTYPE_SHARED_KEY; |
360 | else |
361 | wdev->conn->params.auth_type = |
362 | NL80211_AUTHTYPE_NETWORK_EAP; |
363 | break; |
364 | case NL80211_AUTHTYPE_SHARED_KEY: |
365 | wdev->conn->params.auth_type = |
366 | NL80211_AUTHTYPE_NETWORK_EAP; |
367 | break; |
368 | default: |
369 | /* huh? */ |
370 | wdev->conn->params.auth_type = |
371 | NL80211_AUTHTYPE_OPEN_SYSTEM; |
372 | break; |
373 | } |
374 | wdev->conn->state = CFG80211_CONN_AUTHENTICATE_NEXT; |
375 | schedule_work(work: &rdev->conn_work); |
376 | } else if (status_code != WLAN_STATUS_SUCCESS) { |
377 | struct cfg80211_connect_resp_params cr; |
378 | |
379 | memset(&cr, 0, sizeof(cr)); |
380 | cr.status = status_code; |
381 | cr.links[0].bssid = mgmt->bssid; |
382 | cr.timeout_reason = NL80211_TIMEOUT_UNSPECIFIED; |
383 | __cfg80211_connect_result(dev: wdev->netdev, params: &cr, wextev: false); |
384 | } else if (wdev->conn->state == CFG80211_CONN_AUTHENTICATING) { |
385 | wdev->conn->state = CFG80211_CONN_ASSOCIATE_NEXT; |
386 | schedule_work(work: &rdev->conn_work); |
387 | } |
388 | } |
389 | |
390 | bool cfg80211_sme_rx_assoc_resp(struct wireless_dev *wdev, u16 status) |
391 | { |
392 | struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy: wdev->wiphy); |
393 | |
394 | if (!wdev->conn) |
395 | return false; |
396 | |
397 | if (status == WLAN_STATUS_SUCCESS) { |
398 | wdev->conn->state = CFG80211_CONN_CONNECTED; |
399 | return false; |
400 | } |
401 | |
402 | if (wdev->conn->prev_bssid_valid) { |
403 | /* |
404 | * Some stupid APs don't accept reassoc, so we |
405 | * need to fall back to trying regular assoc; |
406 | * return true so no event is sent to userspace. |
407 | */ |
408 | wdev->conn->prev_bssid_valid = false; |
409 | wdev->conn->state = CFG80211_CONN_ASSOCIATE_NEXT; |
410 | schedule_work(work: &rdev->conn_work); |
411 | return true; |
412 | } |
413 | |
414 | wdev->conn->state = CFG80211_CONN_ASSOC_FAILED; |
415 | schedule_work(work: &rdev->conn_work); |
416 | return false; |
417 | } |
418 | |
419 | void cfg80211_sme_deauth(struct wireless_dev *wdev) |
420 | { |
421 | cfg80211_sme_free(wdev); |
422 | } |
423 | |
424 | void cfg80211_sme_auth_timeout(struct wireless_dev *wdev) |
425 | { |
426 | struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy: wdev->wiphy); |
427 | |
428 | if (!wdev->conn) |
429 | return; |
430 | |
431 | wdev->conn->state = CFG80211_CONN_AUTH_FAILED_TIMEOUT; |
432 | schedule_work(work: &rdev->conn_work); |
433 | } |
434 | |
435 | void cfg80211_sme_disassoc(struct wireless_dev *wdev) |
436 | { |
437 | struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy: wdev->wiphy); |
438 | |
439 | if (!wdev->conn) |
440 | return; |
441 | |
442 | wdev->conn->state = CFG80211_CONN_DEAUTH; |
443 | schedule_work(work: &rdev->conn_work); |
444 | } |
445 | |
446 | void cfg80211_sme_assoc_timeout(struct wireless_dev *wdev) |
447 | { |
448 | struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy: wdev->wiphy); |
449 | |
450 | if (!wdev->conn) |
451 | return; |
452 | |
453 | wdev->conn->state = CFG80211_CONN_ASSOC_FAILED_TIMEOUT; |
454 | schedule_work(work: &rdev->conn_work); |
455 | } |
456 | |
457 | void cfg80211_sme_abandon_assoc(struct wireless_dev *wdev) |
458 | { |
459 | struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy: wdev->wiphy); |
460 | |
461 | if (!wdev->conn) |
462 | return; |
463 | |
464 | wdev->conn->state = CFG80211_CONN_ABANDON; |
465 | schedule_work(work: &rdev->conn_work); |
466 | } |
467 | |
468 | static void cfg80211_wdev_release_bsses(struct wireless_dev *wdev) |
469 | { |
470 | unsigned int link; |
471 | |
472 | for_each_valid_link(wdev, link) { |
473 | if (!wdev->links[link].client.current_bss) |
474 | continue; |
475 | cfg80211_unhold_bss(bss: wdev->links[link].client.current_bss); |
476 | cfg80211_put_bss(wiphy: wdev->wiphy, |
477 | bss: &wdev->links[link].client.current_bss->pub); |
478 | wdev->links[link].client.current_bss = NULL; |
479 | } |
480 | } |
481 | |
482 | void cfg80211_wdev_release_link_bsses(struct wireless_dev *wdev, u16 link_mask) |
483 | { |
484 | unsigned int link; |
485 | |
486 | for_each_valid_link(wdev, link) { |
487 | if (!wdev->links[link].client.current_bss || |
488 | !(link_mask & BIT(link))) |
489 | continue; |
490 | cfg80211_unhold_bss(bss: wdev->links[link].client.current_bss); |
491 | cfg80211_put_bss(wiphy: wdev->wiphy, |
492 | bss: &wdev->links[link].client.current_bss->pub); |
493 | wdev->links[link].client.current_bss = NULL; |
494 | } |
495 | } |
496 | |
497 | static int cfg80211_sme_get_conn_ies(struct wireless_dev *wdev, |
498 | const u8 *ies, size_t ies_len, |
499 | const u8 **out_ies, size_t *out_ies_len) |
500 | { |
501 | struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy: wdev->wiphy); |
502 | u8 *buf; |
503 | size_t offs; |
504 | |
505 | if (!rdev->wiphy.extended_capabilities_len || |
506 | (ies && cfg80211_find_ie(eid: WLAN_EID_EXT_CAPABILITY, ies, len: ies_len))) { |
507 | *out_ies = kmemdup(p: ies, size: ies_len, GFP_KERNEL); |
508 | if (!*out_ies) |
509 | return -ENOMEM; |
510 | *out_ies_len = ies_len; |
511 | return 0; |
512 | } |
513 | |
514 | buf = kmalloc(size: ies_len + rdev->wiphy.extended_capabilities_len + 2, |
515 | GFP_KERNEL); |
516 | if (!buf) |
517 | return -ENOMEM; |
518 | |
519 | if (ies_len) { |
520 | static const u8 before_extcapa[] = { |
521 | /* not listing IEs expected to be created by driver */ |
522 | WLAN_EID_RSN, |
523 | WLAN_EID_QOS_CAPA, |
524 | WLAN_EID_RRM_ENABLED_CAPABILITIES, |
525 | WLAN_EID_MOBILITY_DOMAIN, |
526 | WLAN_EID_SUPPORTED_REGULATORY_CLASSES, |
527 | WLAN_EID_BSS_COEX_2040, |
528 | }; |
529 | |
530 | offs = ieee80211_ie_split(ies, ielen: ies_len, ids: before_extcapa, |
531 | ARRAY_SIZE(before_extcapa), offset: 0); |
532 | memcpy(buf, ies, offs); |
533 | /* leave a whole for extended capabilities IE */ |
534 | memcpy(buf + offs + rdev->wiphy.extended_capabilities_len + 2, |
535 | ies + offs, ies_len - offs); |
536 | } else { |
537 | offs = 0; |
538 | } |
539 | |
540 | /* place extended capabilities IE (with only driver capabilities) */ |
541 | buf[offs] = WLAN_EID_EXT_CAPABILITY; |
542 | buf[offs + 1] = rdev->wiphy.extended_capabilities_len; |
543 | memcpy(buf + offs + 2, |
544 | rdev->wiphy.extended_capabilities, |
545 | rdev->wiphy.extended_capabilities_len); |
546 | |
547 | *out_ies = buf; |
548 | *out_ies_len = ies_len + rdev->wiphy.extended_capabilities_len + 2; |
549 | |
550 | return 0; |
551 | } |
552 | |
553 | static int cfg80211_sme_connect(struct wireless_dev *wdev, |
554 | struct cfg80211_connect_params *connect, |
555 | const u8 *prev_bssid) |
556 | { |
557 | struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy: wdev->wiphy); |
558 | struct cfg80211_bss *bss; |
559 | int err; |
560 | |
561 | if (!rdev->ops->auth || !rdev->ops->assoc) |
562 | return -EOPNOTSUPP; |
563 | |
564 | cfg80211_wdev_release_bsses(wdev); |
565 | |
566 | if (wdev->connected) { |
567 | cfg80211_sme_free(wdev); |
568 | wdev->connected = false; |
569 | } |
570 | |
571 | if (wdev->conn) |
572 | return -EINPROGRESS; |
573 | |
574 | wdev->conn = kzalloc(size: sizeof(*wdev->conn), GFP_KERNEL); |
575 | if (!wdev->conn) |
576 | return -ENOMEM; |
577 | |
578 | /* |
579 | * Copy all parameters, and treat explicitly IEs, BSSID, SSID. |
580 | */ |
581 | memcpy(&wdev->conn->params, connect, sizeof(*connect)); |
582 | if (connect->bssid) { |
583 | wdev->conn->params.bssid = wdev->conn->bssid; |
584 | memcpy(wdev->conn->bssid, connect->bssid, ETH_ALEN); |
585 | } |
586 | |
587 | if (cfg80211_sme_get_conn_ies(wdev, ies: connect->ie, ies_len: connect->ie_len, |
588 | out_ies: &wdev->conn->ie, |
589 | out_ies_len: &wdev->conn->params.ie_len)) { |
590 | kfree(objp: wdev->conn); |
591 | wdev->conn = NULL; |
592 | return -ENOMEM; |
593 | } |
594 | wdev->conn->params.ie = wdev->conn->ie; |
595 | |
596 | if (connect->auth_type == NL80211_AUTHTYPE_AUTOMATIC) { |
597 | wdev->conn->auto_auth = true; |
598 | /* start with open system ... should mostly work */ |
599 | wdev->conn->params.auth_type = |
600 | NL80211_AUTHTYPE_OPEN_SYSTEM; |
601 | } else { |
602 | wdev->conn->auto_auth = false; |
603 | } |
604 | |
605 | wdev->conn->params.ssid = wdev->u.client.ssid; |
606 | wdev->conn->params.ssid_len = wdev->u.client.ssid_len; |
607 | |
608 | /* see if we have the bss already */ |
609 | bss = cfg80211_get_bss(wiphy: wdev->wiphy, channel: wdev->conn->params.channel, |
610 | bssid: wdev->conn->params.bssid, |
611 | ssid: wdev->conn->params.ssid, |
612 | ssid_len: wdev->conn->params.ssid_len, |
613 | bss_type: wdev->conn_bss_type, |
614 | IEEE80211_PRIVACY(wdev->conn->params.privacy)); |
615 | |
616 | if (prev_bssid) { |
617 | memcpy(wdev->conn->prev_bssid, prev_bssid, ETH_ALEN); |
618 | wdev->conn->prev_bssid_valid = true; |
619 | } |
620 | |
621 | /* we're good if we have a matching bss struct */ |
622 | if (bss) { |
623 | enum nl80211_timeout_reason treason; |
624 | |
625 | cfg80211_step_auth_next(conn: wdev->conn, bss); |
626 | err = cfg80211_conn_do_work(wdev, treason: &treason); |
627 | cfg80211_put_bss(wiphy: wdev->wiphy, bss); |
628 | } else { |
629 | /* otherwise we'll need to scan for the AP first */ |
630 | err = cfg80211_conn_scan(wdev); |
631 | |
632 | /* |
633 | * If we can't scan right now, then we need to scan again |
634 | * after the current scan finished, since the parameters |
635 | * changed (unless we find a good AP anyway). |
636 | */ |
637 | if (err == -EBUSY) { |
638 | err = 0; |
639 | wdev->conn->state = CFG80211_CONN_SCAN_AGAIN; |
640 | } |
641 | } |
642 | |
643 | if (err) |
644 | cfg80211_sme_free(wdev); |
645 | |
646 | return err; |
647 | } |
648 | |
649 | static int cfg80211_sme_disconnect(struct wireless_dev *wdev, u16 reason) |
650 | { |
651 | struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy: wdev->wiphy); |
652 | int err; |
653 | |
654 | if (!wdev->conn) |
655 | return 0; |
656 | |
657 | if (!rdev->ops->deauth) |
658 | return -EOPNOTSUPP; |
659 | |
660 | if (wdev->conn->state == CFG80211_CONN_SCANNING || |
661 | wdev->conn->state == CFG80211_CONN_SCAN_AGAIN) { |
662 | err = 0; |
663 | goto out; |
664 | } |
665 | |
666 | /* wdev->conn->params.bssid must be set if > SCANNING */ |
667 | err = cfg80211_mlme_deauth(rdev, dev: wdev->netdev, |
668 | bssid: wdev->conn->params.bssid, |
669 | NULL, ie_len: 0, reason, local_state_change: false); |
670 | out: |
671 | cfg80211_sme_free(wdev); |
672 | return err; |
673 | } |
674 | |
675 | /* |
676 | * code shared for in-device and software SME |
677 | */ |
678 | |
679 | static bool cfg80211_is_all_idle(void) |
680 | { |
681 | struct cfg80211_registered_device *rdev; |
682 | struct wireless_dev *wdev; |
683 | bool is_all_idle = true; |
684 | |
685 | /* |
686 | * All devices must be idle as otherwise if you are actively |
687 | * scanning some new beacon hints could be learned and would |
688 | * count as new regulatory hints. |
689 | * Also if there is any other active beaconing interface we |
690 | * need not issue a disconnect hint and reset any info such |
691 | * as chan dfs state, etc. |
692 | */ |
693 | for_each_rdev(rdev) { |
694 | wiphy_lock(wiphy: &rdev->wiphy); |
695 | list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) { |
696 | if (wdev->conn || wdev->connected || |
697 | cfg80211_beaconing_iface_active(wdev)) |
698 | is_all_idle = false; |
699 | } |
700 | wiphy_unlock(wiphy: &rdev->wiphy); |
701 | } |
702 | |
703 | return is_all_idle; |
704 | } |
705 | |
706 | static void disconnect_work(struct work_struct *work) |
707 | { |
708 | rtnl_lock(); |
709 | if (cfg80211_is_all_idle()) |
710 | regulatory_hint_disconnect(); |
711 | rtnl_unlock(); |
712 | } |
713 | |
714 | DECLARE_WORK(cfg80211_disconnect_work, disconnect_work); |
715 | |
716 | static void |
717 | cfg80211_connect_result_release_bsses(struct wireless_dev *wdev, |
718 | struct cfg80211_connect_resp_params *cr) |
719 | { |
720 | unsigned int link; |
721 | |
722 | for_each_valid_link(cr, link) { |
723 | if (!cr->links[link].bss) |
724 | continue; |
725 | cfg80211_unhold_bss(bss: bss_from_pub(pub: cr->links[link].bss)); |
726 | cfg80211_put_bss(wiphy: wdev->wiphy, bss: cr->links[link].bss); |
727 | } |
728 | } |
729 | |
730 | /* |
731 | * API calls for drivers implementing connect/disconnect and |
732 | * SME event handling |
733 | */ |
734 | |
735 | /* This method must consume bss one way or another */ |
736 | void __cfg80211_connect_result(struct net_device *dev, |
737 | struct cfg80211_connect_resp_params *cr, |
738 | bool wextev) |
739 | { |
740 | struct wireless_dev *wdev = dev->ieee80211_ptr; |
741 | const struct element *country_elem = NULL; |
742 | const struct element *ssid; |
743 | const u8 *country_data; |
744 | u8 country_datalen; |
745 | #ifdef CONFIG_CFG80211_WEXT |
746 | union iwreq_data wrqu; |
747 | #endif |
748 | unsigned int link; |
749 | const u8 *connected_addr; |
750 | bool bss_not_found = false; |
751 | |
752 | lockdep_assert_wiphy(wdev->wiphy); |
753 | |
754 | if (WARN_ON(wdev->iftype != NL80211_IFTYPE_STATION && |
755 | wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)) |
756 | goto out; |
757 | |
758 | if (cr->valid_links) { |
759 | if (WARN_ON(!cr->ap_mld_addr)) |
760 | goto out; |
761 | |
762 | for_each_valid_link(cr, link) { |
763 | if (WARN_ON(!cr->links[link].addr)) |
764 | goto out; |
765 | } |
766 | |
767 | if (WARN_ON(wdev->connect_keys)) |
768 | goto out; |
769 | } |
770 | |
771 | wdev->unprot_beacon_reported = 0; |
772 | nl80211_send_connect_result(rdev: wiphy_to_rdev(wiphy: wdev->wiphy), netdev: dev, params: cr, |
773 | GFP_KERNEL); |
774 | connected_addr = cr->valid_links ? cr->ap_mld_addr : cr->links[0].bssid; |
775 | |
776 | #ifdef CONFIG_CFG80211_WEXT |
777 | if (wextev && !cr->valid_links) { |
778 | if (cr->req_ie && cr->status == WLAN_STATUS_SUCCESS) { |
779 | memset(&wrqu, 0, sizeof(wrqu)); |
780 | wrqu.data.length = cr->req_ie_len; |
781 | wireless_send_event(dev, IWEVASSOCREQIE, wrqu: &wrqu, |
782 | extra: cr->req_ie); |
783 | } |
784 | |
785 | if (cr->resp_ie && cr->status == WLAN_STATUS_SUCCESS) { |
786 | memset(&wrqu, 0, sizeof(wrqu)); |
787 | wrqu.data.length = cr->resp_ie_len; |
788 | wireless_send_event(dev, IWEVASSOCRESPIE, wrqu: &wrqu, |
789 | extra: cr->resp_ie); |
790 | } |
791 | |
792 | memset(&wrqu, 0, sizeof(wrqu)); |
793 | wrqu.ap_addr.sa_family = ARPHRD_ETHER; |
794 | if (connected_addr && cr->status == WLAN_STATUS_SUCCESS) { |
795 | memcpy(wrqu.ap_addr.sa_data, connected_addr, ETH_ALEN); |
796 | memcpy(wdev->wext.prev_bssid, connected_addr, ETH_ALEN); |
797 | wdev->wext.prev_bssid_valid = true; |
798 | } |
799 | wireless_send_event(dev, SIOCGIWAP, wrqu: &wrqu, NULL); |
800 | } |
801 | #endif |
802 | |
803 | if (cr->status == WLAN_STATUS_SUCCESS) { |
804 | if (!wiphy_to_rdev(wiphy: wdev->wiphy)->ops->connect) { |
805 | for_each_valid_link(cr, link) { |
806 | if (WARN_ON_ONCE(!cr->links[link].bss)) |
807 | break; |
808 | } |
809 | } |
810 | |
811 | for_each_valid_link(cr, link) { |
812 | /* don't do extra lookups for failures */ |
813 | if (cr->links[link].status != WLAN_STATUS_SUCCESS) |
814 | continue; |
815 | |
816 | if (cr->links[link].bss) |
817 | continue; |
818 | |
819 | cr->links[link].bss = |
820 | cfg80211_get_bss(wiphy: wdev->wiphy, NULL, |
821 | bssid: cr->links[link].bssid, |
822 | ssid: wdev->u.client.ssid, |
823 | ssid_len: wdev->u.client.ssid_len, |
824 | bss_type: wdev->conn_bss_type, |
825 | privacy: IEEE80211_PRIVACY_ANY); |
826 | if (!cr->links[link].bss) { |
827 | bss_not_found = true; |
828 | break; |
829 | } |
830 | cfg80211_hold_bss(bss: bss_from_pub(pub: cr->links[link].bss)); |
831 | } |
832 | } |
833 | |
834 | cfg80211_wdev_release_bsses(wdev); |
835 | |
836 | if (cr->status != WLAN_STATUS_SUCCESS) { |
837 | kfree_sensitive(objp: wdev->connect_keys); |
838 | wdev->connect_keys = NULL; |
839 | wdev->u.client.ssid_len = 0; |
840 | wdev->conn_owner_nlportid = 0; |
841 | cfg80211_connect_result_release_bsses(wdev, cr); |
842 | cfg80211_sme_free(wdev); |
843 | return; |
844 | } |
845 | |
846 | if (WARN_ON(bss_not_found)) { |
847 | cfg80211_connect_result_release_bsses(wdev, cr); |
848 | return; |
849 | } |
850 | |
851 | memset(wdev->links, 0, sizeof(wdev->links)); |
852 | for_each_valid_link(cr, link) { |
853 | if (cr->links[link].status == WLAN_STATUS_SUCCESS) |
854 | continue; |
855 | cr->valid_links &= ~BIT(link); |
856 | /* don't require bss pointer for failed links */ |
857 | if (!cr->links[link].bss) |
858 | continue; |
859 | cfg80211_unhold_bss(bss: bss_from_pub(pub: cr->links[link].bss)); |
860 | cfg80211_put_bss(wiphy: wdev->wiphy, bss: cr->links[link].bss); |
861 | } |
862 | wdev->valid_links = cr->valid_links; |
863 | for_each_valid_link(cr, link) |
864 | wdev->links[link].client.current_bss = |
865 | bss_from_pub(pub: cr->links[link].bss); |
866 | wdev->connected = true; |
867 | ether_addr_copy(dst: wdev->u.client.connected_addr, src: connected_addr); |
868 | if (cr->valid_links) { |
869 | for_each_valid_link(cr, link) |
870 | memcpy(wdev->links[link].addr, cr->links[link].addr, |
871 | ETH_ALEN); |
872 | } |
873 | |
874 | cfg80211_upload_connect_keys(wdev); |
875 | |
876 | rcu_read_lock(); |
877 | for_each_valid_link(cr, link) { |
878 | country_elem = |
879 | ieee80211_bss_get_elem(bss: cr->links[link].bss, |
880 | id: WLAN_EID_COUNTRY); |
881 | if (country_elem) |
882 | break; |
883 | } |
884 | if (!country_elem) { |
885 | rcu_read_unlock(); |
886 | return; |
887 | } |
888 | |
889 | country_datalen = country_elem->datalen; |
890 | country_data = kmemdup(p: country_elem->data, size: country_datalen, GFP_ATOMIC); |
891 | rcu_read_unlock(); |
892 | |
893 | if (!country_data) |
894 | return; |
895 | |
896 | regulatory_hint_country_ie(wiphy: wdev->wiphy, |
897 | band: cr->links[link].bss->channel->band, |
898 | country_ie: country_data, country_ie_len: country_datalen); |
899 | kfree(objp: country_data); |
900 | |
901 | if (!wdev->u.client.ssid_len) { |
902 | rcu_read_lock(); |
903 | for_each_valid_link(cr, link) { |
904 | ssid = ieee80211_bss_get_elem(bss: cr->links[link].bss, |
905 | id: WLAN_EID_SSID); |
906 | |
907 | if (!ssid || !ssid->datalen) |
908 | continue; |
909 | |
910 | memcpy(wdev->u.client.ssid, ssid->data, ssid->datalen); |
911 | wdev->u.client.ssid_len = ssid->datalen; |
912 | break; |
913 | } |
914 | rcu_read_unlock(); |
915 | } |
916 | |
917 | return; |
918 | out: |
919 | for_each_valid_link(cr, link) |
920 | cfg80211_put_bss(wiphy: wdev->wiphy, bss: cr->links[link].bss); |
921 | } |
922 | |
923 | static void cfg80211_update_link_bss(struct wireless_dev *wdev, |
924 | struct cfg80211_bss **bss) |
925 | { |
926 | struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy: wdev->wiphy); |
927 | struct cfg80211_internal_bss *ibss; |
928 | |
929 | if (!*bss) |
930 | return; |
931 | |
932 | ibss = bss_from_pub(pub: *bss); |
933 | if (list_empty(head: &ibss->list)) { |
934 | struct cfg80211_bss *found = NULL, *tmp = *bss; |
935 | |
936 | found = cfg80211_get_bss(wiphy: wdev->wiphy, NULL, |
937 | bssid: (*bss)->bssid, |
938 | ssid: wdev->u.client.ssid, |
939 | ssid_len: wdev->u.client.ssid_len, |
940 | bss_type: wdev->conn_bss_type, |
941 | privacy: IEEE80211_PRIVACY_ANY); |
942 | if (found) { |
943 | /* The same BSS is already updated so use it |
944 | * instead, as it has latest info. |
945 | */ |
946 | *bss = found; |
947 | } else { |
948 | /* Update with BSS provided by driver, it will |
949 | * be freshly added and ref cnted, we can free |
950 | * the old one. |
951 | * |
952 | * signal_valid can be false, as we are not |
953 | * expecting the BSS to be found. |
954 | * |
955 | * keep the old timestamp to avoid confusion |
956 | */ |
957 | cfg80211_bss_update(rdev, tmp: ibss, signal_valid: false, |
958 | ts: ibss->ts); |
959 | } |
960 | |
961 | cfg80211_put_bss(wiphy: wdev->wiphy, bss: tmp); |
962 | } |
963 | } |
964 | |
965 | /* Consumes bss object(s) one way or another */ |
966 | void cfg80211_connect_done(struct net_device *dev, |
967 | struct cfg80211_connect_resp_params *params, |
968 | gfp_t gfp) |
969 | { |
970 | struct wireless_dev *wdev = dev->ieee80211_ptr; |
971 | struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy: wdev->wiphy); |
972 | struct cfg80211_event *ev; |
973 | unsigned long flags; |
974 | u8 *next; |
975 | size_t link_info_size = 0; |
976 | unsigned int link; |
977 | |
978 | for_each_valid_link(params, link) { |
979 | cfg80211_update_link_bss(wdev, bss: ¶ms->links[link].bss); |
980 | link_info_size += params->links[link].bssid ? ETH_ALEN : 0; |
981 | link_info_size += params->links[link].addr ? ETH_ALEN : 0; |
982 | } |
983 | |
984 | ev = kzalloc(size: sizeof(*ev) + (params->ap_mld_addr ? ETH_ALEN : 0) + |
985 | params->req_ie_len + params->resp_ie_len + |
986 | params->fils.kek_len + params->fils.pmk_len + |
987 | (params->fils.pmkid ? WLAN_PMKID_LEN : 0) + link_info_size, |
988 | flags: gfp); |
989 | |
990 | if (!ev) { |
991 | for_each_valid_link(params, link) |
992 | cfg80211_put_bss(wiphy: wdev->wiphy, |
993 | bss: params->links[link].bss); |
994 | return; |
995 | } |
996 | |
997 | ev->type = EVENT_CONNECT_RESULT; |
998 | next = ((u8 *)ev) + sizeof(*ev); |
999 | if (params->ap_mld_addr) { |
1000 | ev->cr.ap_mld_addr = next; |
1001 | memcpy((void *)ev->cr.ap_mld_addr, params->ap_mld_addr, |
1002 | ETH_ALEN); |
1003 | next += ETH_ALEN; |
1004 | } |
1005 | if (params->req_ie_len) { |
1006 | ev->cr.req_ie = next; |
1007 | ev->cr.req_ie_len = params->req_ie_len; |
1008 | memcpy((void *)ev->cr.req_ie, params->req_ie, |
1009 | params->req_ie_len); |
1010 | next += params->req_ie_len; |
1011 | } |
1012 | if (params->resp_ie_len) { |
1013 | ev->cr.resp_ie = next; |
1014 | ev->cr.resp_ie_len = params->resp_ie_len; |
1015 | memcpy((void *)ev->cr.resp_ie, params->resp_ie, |
1016 | params->resp_ie_len); |
1017 | next += params->resp_ie_len; |
1018 | } |
1019 | if (params->fils.kek_len) { |
1020 | ev->cr.fils.kek = next; |
1021 | ev->cr.fils.kek_len = params->fils.kek_len; |
1022 | memcpy((void *)ev->cr.fils.kek, params->fils.kek, |
1023 | params->fils.kek_len); |
1024 | next += params->fils.kek_len; |
1025 | } |
1026 | if (params->fils.pmk_len) { |
1027 | ev->cr.fils.pmk = next; |
1028 | ev->cr.fils.pmk_len = params->fils.pmk_len; |
1029 | memcpy((void *)ev->cr.fils.pmk, params->fils.pmk, |
1030 | params->fils.pmk_len); |
1031 | next += params->fils.pmk_len; |
1032 | } |
1033 | if (params->fils.pmkid) { |
1034 | ev->cr.fils.pmkid = next; |
1035 | memcpy((void *)ev->cr.fils.pmkid, params->fils.pmkid, |
1036 | WLAN_PMKID_LEN); |
1037 | next += WLAN_PMKID_LEN; |
1038 | } |
1039 | ev->cr.fils.update_erp_next_seq_num = params->fils.update_erp_next_seq_num; |
1040 | if (params->fils.update_erp_next_seq_num) |
1041 | ev->cr.fils.erp_next_seq_num = params->fils.erp_next_seq_num; |
1042 | ev->cr.valid_links = params->valid_links; |
1043 | for_each_valid_link(params, link) { |
1044 | if (params->links[link].bss) |
1045 | cfg80211_hold_bss( |
1046 | bss: bss_from_pub(pub: params->links[link].bss)); |
1047 | ev->cr.links[link].bss = params->links[link].bss; |
1048 | |
1049 | if (params->links[link].addr) { |
1050 | ev->cr.links[link].addr = next; |
1051 | memcpy((void *)ev->cr.links[link].addr, |
1052 | params->links[link].addr, |
1053 | ETH_ALEN); |
1054 | next += ETH_ALEN; |
1055 | } |
1056 | if (params->links[link].bssid) { |
1057 | ev->cr.links[link].bssid = next; |
1058 | memcpy((void *)ev->cr.links[link].bssid, |
1059 | params->links[link].bssid, |
1060 | ETH_ALEN); |
1061 | next += ETH_ALEN; |
1062 | } |
1063 | } |
1064 | ev->cr.status = params->status; |
1065 | ev->cr.timeout_reason = params->timeout_reason; |
1066 | |
1067 | spin_lock_irqsave(&wdev->event_lock, flags); |
1068 | list_add_tail(new: &ev->list, head: &wdev->event_list); |
1069 | spin_unlock_irqrestore(lock: &wdev->event_lock, flags); |
1070 | queue_work(wq: cfg80211_wq, work: &rdev->event_work); |
1071 | } |
1072 | EXPORT_SYMBOL(cfg80211_connect_done); |
1073 | |
1074 | /* Consumes bss object one way or another */ |
1075 | void __cfg80211_roamed(struct wireless_dev *wdev, |
1076 | struct cfg80211_roam_info *info) |
1077 | { |
1078 | #ifdef CONFIG_CFG80211_WEXT |
1079 | union iwreq_data wrqu; |
1080 | #endif |
1081 | unsigned int link; |
1082 | const u8 *connected_addr; |
1083 | |
1084 | lockdep_assert_wiphy(wdev->wiphy); |
1085 | |
1086 | if (WARN_ON(wdev->iftype != NL80211_IFTYPE_STATION && |
1087 | wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)) |
1088 | goto out; |
1089 | |
1090 | if (WARN_ON(!wdev->connected)) |
1091 | goto out; |
1092 | |
1093 | if (info->valid_links) { |
1094 | if (WARN_ON(!info->ap_mld_addr)) |
1095 | goto out; |
1096 | |
1097 | for_each_valid_link(info, link) { |
1098 | if (WARN_ON(!info->links[link].addr)) |
1099 | goto out; |
1100 | } |
1101 | } |
1102 | |
1103 | cfg80211_wdev_release_bsses(wdev); |
1104 | |
1105 | for_each_valid_link(info, link) { |
1106 | if (WARN_ON(!info->links[link].bss)) |
1107 | goto out; |
1108 | } |
1109 | |
1110 | memset(wdev->links, 0, sizeof(wdev->links)); |
1111 | wdev->valid_links = info->valid_links; |
1112 | for_each_valid_link(info, link) { |
1113 | cfg80211_hold_bss(bss: bss_from_pub(pub: info->links[link].bss)); |
1114 | wdev->links[link].client.current_bss = |
1115 | bss_from_pub(pub: info->links[link].bss); |
1116 | } |
1117 | |
1118 | connected_addr = info->valid_links ? |
1119 | info->ap_mld_addr : |
1120 | info->links[0].bss->bssid; |
1121 | ether_addr_copy(dst: wdev->u.client.connected_addr, src: connected_addr); |
1122 | if (info->valid_links) { |
1123 | for_each_valid_link(info, link) |
1124 | memcpy(wdev->links[link].addr, info->links[link].addr, |
1125 | ETH_ALEN); |
1126 | } |
1127 | wdev->unprot_beacon_reported = 0; |
1128 | nl80211_send_roamed(rdev: wiphy_to_rdev(wiphy: wdev->wiphy), |
1129 | netdev: wdev->netdev, info, GFP_KERNEL); |
1130 | |
1131 | #ifdef CONFIG_CFG80211_WEXT |
1132 | if (!info->valid_links) { |
1133 | if (info->req_ie) { |
1134 | memset(&wrqu, 0, sizeof(wrqu)); |
1135 | wrqu.data.length = info->req_ie_len; |
1136 | wireless_send_event(dev: wdev->netdev, IWEVASSOCREQIE, |
1137 | wrqu: &wrqu, extra: info->req_ie); |
1138 | } |
1139 | |
1140 | if (info->resp_ie) { |
1141 | memset(&wrqu, 0, sizeof(wrqu)); |
1142 | wrqu.data.length = info->resp_ie_len; |
1143 | wireless_send_event(dev: wdev->netdev, IWEVASSOCRESPIE, |
1144 | wrqu: &wrqu, extra: info->resp_ie); |
1145 | } |
1146 | |
1147 | memset(&wrqu, 0, sizeof(wrqu)); |
1148 | wrqu.ap_addr.sa_family = ARPHRD_ETHER; |
1149 | memcpy(wrqu.ap_addr.sa_data, connected_addr, ETH_ALEN); |
1150 | memcpy(wdev->wext.prev_bssid, connected_addr, ETH_ALEN); |
1151 | wdev->wext.prev_bssid_valid = true; |
1152 | wireless_send_event(dev: wdev->netdev, SIOCGIWAP, wrqu: &wrqu, NULL); |
1153 | } |
1154 | #endif |
1155 | |
1156 | return; |
1157 | out: |
1158 | for_each_valid_link(info, link) |
1159 | cfg80211_put_bss(wiphy: wdev->wiphy, bss: info->links[link].bss); |
1160 | } |
1161 | |
1162 | /* Consumes info->links.bss object(s) one way or another */ |
1163 | void cfg80211_roamed(struct net_device *dev, struct cfg80211_roam_info *info, |
1164 | gfp_t gfp) |
1165 | { |
1166 | struct wireless_dev *wdev = dev->ieee80211_ptr; |
1167 | struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy: wdev->wiphy); |
1168 | struct cfg80211_event *ev; |
1169 | unsigned long flags; |
1170 | u8 *next; |
1171 | unsigned int link; |
1172 | size_t link_info_size = 0; |
1173 | bool bss_not_found = false; |
1174 | |
1175 | for_each_valid_link(info, link) { |
1176 | link_info_size += info->links[link].addr ? ETH_ALEN : 0; |
1177 | link_info_size += info->links[link].bssid ? ETH_ALEN : 0; |
1178 | |
1179 | if (info->links[link].bss) |
1180 | continue; |
1181 | |
1182 | info->links[link].bss = |
1183 | cfg80211_get_bss(wiphy: wdev->wiphy, |
1184 | channel: info->links[link].channel, |
1185 | bssid: info->links[link].bssid, |
1186 | ssid: wdev->u.client.ssid, |
1187 | ssid_len: wdev->u.client.ssid_len, |
1188 | bss_type: wdev->conn_bss_type, |
1189 | privacy: IEEE80211_PRIVACY_ANY); |
1190 | |
1191 | if (!info->links[link].bss) { |
1192 | bss_not_found = true; |
1193 | break; |
1194 | } |
1195 | } |
1196 | |
1197 | if (WARN_ON(bss_not_found)) |
1198 | goto out; |
1199 | |
1200 | ev = kzalloc(size: sizeof(*ev) + info->req_ie_len + info->resp_ie_len + |
1201 | info->fils.kek_len + info->fils.pmk_len + |
1202 | (info->fils.pmkid ? WLAN_PMKID_LEN : 0) + |
1203 | (info->ap_mld_addr ? ETH_ALEN : 0) + link_info_size, flags: gfp); |
1204 | if (!ev) |
1205 | goto out; |
1206 | |
1207 | ev->type = EVENT_ROAMED; |
1208 | next = ((u8 *)ev) + sizeof(*ev); |
1209 | if (info->req_ie_len) { |
1210 | ev->rm.req_ie = next; |
1211 | ev->rm.req_ie_len = info->req_ie_len; |
1212 | memcpy((void *)ev->rm.req_ie, info->req_ie, info->req_ie_len); |
1213 | next += info->req_ie_len; |
1214 | } |
1215 | if (info->resp_ie_len) { |
1216 | ev->rm.resp_ie = next; |
1217 | ev->rm.resp_ie_len = info->resp_ie_len; |
1218 | memcpy((void *)ev->rm.resp_ie, info->resp_ie, |
1219 | info->resp_ie_len); |
1220 | next += info->resp_ie_len; |
1221 | } |
1222 | if (info->fils.kek_len) { |
1223 | ev->rm.fils.kek = next; |
1224 | ev->rm.fils.kek_len = info->fils.kek_len; |
1225 | memcpy((void *)ev->rm.fils.kek, info->fils.kek, |
1226 | info->fils.kek_len); |
1227 | next += info->fils.kek_len; |
1228 | } |
1229 | if (info->fils.pmk_len) { |
1230 | ev->rm.fils.pmk = next; |
1231 | ev->rm.fils.pmk_len = info->fils.pmk_len; |
1232 | memcpy((void *)ev->rm.fils.pmk, info->fils.pmk, |
1233 | info->fils.pmk_len); |
1234 | next += info->fils.pmk_len; |
1235 | } |
1236 | if (info->fils.pmkid) { |
1237 | ev->rm.fils.pmkid = next; |
1238 | memcpy((void *)ev->rm.fils.pmkid, info->fils.pmkid, |
1239 | WLAN_PMKID_LEN); |
1240 | next += WLAN_PMKID_LEN; |
1241 | } |
1242 | ev->rm.fils.update_erp_next_seq_num = info->fils.update_erp_next_seq_num; |
1243 | if (info->fils.update_erp_next_seq_num) |
1244 | ev->rm.fils.erp_next_seq_num = info->fils.erp_next_seq_num; |
1245 | if (info->ap_mld_addr) { |
1246 | ev->rm.ap_mld_addr = next; |
1247 | memcpy((void *)ev->rm.ap_mld_addr, info->ap_mld_addr, |
1248 | ETH_ALEN); |
1249 | next += ETH_ALEN; |
1250 | } |
1251 | ev->rm.valid_links = info->valid_links; |
1252 | for_each_valid_link(info, link) { |
1253 | ev->rm.links[link].bss = info->links[link].bss; |
1254 | |
1255 | if (info->links[link].addr) { |
1256 | ev->rm.links[link].addr = next; |
1257 | memcpy((void *)ev->rm.links[link].addr, |
1258 | info->links[link].addr, |
1259 | ETH_ALEN); |
1260 | next += ETH_ALEN; |
1261 | } |
1262 | |
1263 | if (info->links[link].bssid) { |
1264 | ev->rm.links[link].bssid = next; |
1265 | memcpy((void *)ev->rm.links[link].bssid, |
1266 | info->links[link].bssid, |
1267 | ETH_ALEN); |
1268 | next += ETH_ALEN; |
1269 | } |
1270 | } |
1271 | |
1272 | spin_lock_irqsave(&wdev->event_lock, flags); |
1273 | list_add_tail(new: &ev->list, head: &wdev->event_list); |
1274 | spin_unlock_irqrestore(lock: &wdev->event_lock, flags); |
1275 | queue_work(wq: cfg80211_wq, work: &rdev->event_work); |
1276 | |
1277 | return; |
1278 | out: |
1279 | for_each_valid_link(info, link) |
1280 | cfg80211_put_bss(wiphy: wdev->wiphy, bss: info->links[link].bss); |
1281 | |
1282 | } |
1283 | EXPORT_SYMBOL(cfg80211_roamed); |
1284 | |
1285 | void __cfg80211_port_authorized(struct wireless_dev *wdev, const u8 *peer_addr, |
1286 | const u8 *td_bitmap, u8 td_bitmap_len) |
1287 | { |
1288 | lockdep_assert_wiphy(wdev->wiphy); |
1289 | |
1290 | if (WARN_ON(wdev->iftype != NL80211_IFTYPE_STATION && |
1291 | wdev->iftype != NL80211_IFTYPE_P2P_CLIENT && |
1292 | wdev->iftype != NL80211_IFTYPE_AP && |
1293 | wdev->iftype != NL80211_IFTYPE_P2P_GO)) |
1294 | return; |
1295 | |
1296 | if (wdev->iftype == NL80211_IFTYPE_STATION || |
1297 | wdev->iftype == NL80211_IFTYPE_P2P_CLIENT) { |
1298 | if (WARN_ON(!wdev->connected) || |
1299 | WARN_ON(!ether_addr_equal(wdev->u.client.connected_addr, peer_addr))) |
1300 | return; |
1301 | } |
1302 | |
1303 | nl80211_send_port_authorized(rdev: wiphy_to_rdev(wiphy: wdev->wiphy), netdev: wdev->netdev, |
1304 | peer_addr, td_bitmap, td_bitmap_len); |
1305 | } |
1306 | |
1307 | void cfg80211_port_authorized(struct net_device *dev, const u8 *peer_addr, |
1308 | const u8 *td_bitmap, u8 td_bitmap_len, gfp_t gfp) |
1309 | { |
1310 | struct wireless_dev *wdev = dev->ieee80211_ptr; |
1311 | struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy: wdev->wiphy); |
1312 | struct cfg80211_event *ev; |
1313 | unsigned long flags; |
1314 | |
1315 | if (WARN_ON(!peer_addr)) |
1316 | return; |
1317 | |
1318 | ev = kzalloc(size: sizeof(*ev) + td_bitmap_len, flags: gfp); |
1319 | if (!ev) |
1320 | return; |
1321 | |
1322 | ev->type = EVENT_PORT_AUTHORIZED; |
1323 | memcpy(ev->pa.peer_addr, peer_addr, ETH_ALEN); |
1324 | ev->pa.td_bitmap = ((u8 *)ev) + sizeof(*ev); |
1325 | ev->pa.td_bitmap_len = td_bitmap_len; |
1326 | memcpy((void *)ev->pa.td_bitmap, td_bitmap, td_bitmap_len); |
1327 | |
1328 | /* |
1329 | * Use the wdev event list so that if there are pending |
1330 | * connected/roamed events, they will be reported first. |
1331 | */ |
1332 | spin_lock_irqsave(&wdev->event_lock, flags); |
1333 | list_add_tail(new: &ev->list, head: &wdev->event_list); |
1334 | spin_unlock_irqrestore(lock: &wdev->event_lock, flags); |
1335 | queue_work(wq: cfg80211_wq, work: &rdev->event_work); |
1336 | } |
1337 | EXPORT_SYMBOL(cfg80211_port_authorized); |
1338 | |
1339 | void __cfg80211_disconnected(struct net_device *dev, const u8 *ie, |
1340 | size_t ie_len, u16 reason, bool from_ap) |
1341 | { |
1342 | struct wireless_dev *wdev = dev->ieee80211_ptr; |
1343 | struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy: wdev->wiphy); |
1344 | int i; |
1345 | #ifdef CONFIG_CFG80211_WEXT |
1346 | union iwreq_data wrqu; |
1347 | #endif |
1348 | |
1349 | lockdep_assert_wiphy(wdev->wiphy); |
1350 | |
1351 | if (WARN_ON(wdev->iftype != NL80211_IFTYPE_STATION && |
1352 | wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)) |
1353 | return; |
1354 | |
1355 | cfg80211_wdev_release_bsses(wdev); |
1356 | wdev->connected = false; |
1357 | wdev->u.client.ssid_len = 0; |
1358 | wdev->conn_owner_nlportid = 0; |
1359 | kfree_sensitive(objp: wdev->connect_keys); |
1360 | wdev->connect_keys = NULL; |
1361 | |
1362 | nl80211_send_disconnected(rdev, netdev: dev, reason, ie, ie_len, from_ap); |
1363 | |
1364 | /* stop critical protocol if supported */ |
1365 | if (rdev->ops->crit_proto_stop && rdev->crit_proto_nlportid) { |
1366 | rdev->crit_proto_nlportid = 0; |
1367 | rdev_crit_proto_stop(rdev, wdev); |
1368 | } |
1369 | |
1370 | /* |
1371 | * Delete all the keys ... pairwise keys can't really |
1372 | * exist any more anyway, but default keys might. |
1373 | */ |
1374 | if (rdev->ops->del_key) { |
1375 | int max_key_idx = 5; |
1376 | |
1377 | if (wiphy_ext_feature_isset( |
1378 | wiphy: wdev->wiphy, |
1379 | ftidx: NL80211_EXT_FEATURE_BEACON_PROTECTION) || |
1380 | wiphy_ext_feature_isset( |
1381 | wiphy: wdev->wiphy, |
1382 | ftidx: NL80211_EXT_FEATURE_BEACON_PROTECTION_CLIENT)) |
1383 | max_key_idx = 7; |
1384 | for (i = 0; i <= max_key_idx; i++) |
1385 | rdev_del_key(rdev, netdev: dev, link_id: -1, key_index: i, pairwise: false, NULL); |
1386 | } |
1387 | |
1388 | rdev_set_qos_map(rdev, dev, NULL); |
1389 | |
1390 | #ifdef CONFIG_CFG80211_WEXT |
1391 | memset(&wrqu, 0, sizeof(wrqu)); |
1392 | wrqu.ap_addr.sa_family = ARPHRD_ETHER; |
1393 | wireless_send_event(dev, SIOCGIWAP, wrqu: &wrqu, NULL); |
1394 | wdev->wext.connect.ssid_len = 0; |
1395 | #endif |
1396 | |
1397 | schedule_work(work: &cfg80211_disconnect_work); |
1398 | |
1399 | cfg80211_schedule_channels_check(wdev); |
1400 | } |
1401 | |
1402 | void cfg80211_disconnected(struct net_device *dev, u16 reason, |
1403 | const u8 *ie, size_t ie_len, |
1404 | bool locally_generated, gfp_t gfp) |
1405 | { |
1406 | struct wireless_dev *wdev = dev->ieee80211_ptr; |
1407 | struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy: wdev->wiphy); |
1408 | struct cfg80211_event *ev; |
1409 | unsigned long flags; |
1410 | |
1411 | ev = kzalloc(size: sizeof(*ev) + ie_len, flags: gfp); |
1412 | if (!ev) |
1413 | return; |
1414 | |
1415 | ev->type = EVENT_DISCONNECTED; |
1416 | ev->dc.ie = ((u8 *)ev) + sizeof(*ev); |
1417 | ev->dc.ie_len = ie_len; |
1418 | memcpy((void *)ev->dc.ie, ie, ie_len); |
1419 | ev->dc.reason = reason; |
1420 | ev->dc.locally_generated = locally_generated; |
1421 | |
1422 | spin_lock_irqsave(&wdev->event_lock, flags); |
1423 | list_add_tail(new: &ev->list, head: &wdev->event_list); |
1424 | spin_unlock_irqrestore(lock: &wdev->event_lock, flags); |
1425 | queue_work(wq: cfg80211_wq, work: &rdev->event_work); |
1426 | } |
1427 | EXPORT_SYMBOL(cfg80211_disconnected); |
1428 | |
1429 | /* |
1430 | * API calls for nl80211/wext compatibility code |
1431 | */ |
1432 | int cfg80211_connect(struct cfg80211_registered_device *rdev, |
1433 | struct net_device *dev, |
1434 | struct cfg80211_connect_params *connect, |
1435 | struct cfg80211_cached_keys *connkeys, |
1436 | const u8 *prev_bssid) |
1437 | { |
1438 | struct wireless_dev *wdev = dev->ieee80211_ptr; |
1439 | int err; |
1440 | |
1441 | lockdep_assert_wiphy(wdev->wiphy); |
1442 | |
1443 | /* |
1444 | * If we have an ssid_len, we're trying to connect or are |
1445 | * already connected, so reject a new SSID unless it's the |
1446 | * same (which is the case for re-association.) |
1447 | */ |
1448 | if (wdev->u.client.ssid_len && |
1449 | (wdev->u.client.ssid_len != connect->ssid_len || |
1450 | memcmp(p: wdev->u.client.ssid, q: connect->ssid, size: wdev->u.client.ssid_len))) |
1451 | return -EALREADY; |
1452 | |
1453 | /* |
1454 | * If connected, reject (re-)association unless prev_bssid |
1455 | * matches the current BSSID. |
1456 | */ |
1457 | if (wdev->connected) { |
1458 | if (!prev_bssid) |
1459 | return -EALREADY; |
1460 | if (!ether_addr_equal(addr1: prev_bssid, |
1461 | addr2: wdev->u.client.connected_addr)) |
1462 | return -ENOTCONN; |
1463 | } |
1464 | |
1465 | /* |
1466 | * Reject if we're in the process of connecting with WEP, |
1467 | * this case isn't very interesting and trying to handle |
1468 | * it would make the code much more complex. |
1469 | */ |
1470 | if (wdev->connect_keys) |
1471 | return -EINPROGRESS; |
1472 | |
1473 | cfg80211_oper_and_ht_capa(ht_capa: &connect->ht_capa_mask, |
1474 | ht_capa_mask: rdev->wiphy.ht_capa_mod_mask); |
1475 | cfg80211_oper_and_vht_capa(vht_capa: &connect->vht_capa_mask, |
1476 | vht_capa_mask: rdev->wiphy.vht_capa_mod_mask); |
1477 | |
1478 | if (connkeys && connkeys->def >= 0) { |
1479 | int idx; |
1480 | u32 cipher; |
1481 | |
1482 | idx = connkeys->def; |
1483 | cipher = connkeys->params[idx].cipher; |
1484 | /* If given a WEP key we may need it for shared key auth */ |
1485 | if (cipher == WLAN_CIPHER_SUITE_WEP40 || |
1486 | cipher == WLAN_CIPHER_SUITE_WEP104) { |
1487 | connect->key_idx = idx; |
1488 | connect->key = connkeys->params[idx].key; |
1489 | connect->key_len = connkeys->params[idx].key_len; |
1490 | |
1491 | /* |
1492 | * If ciphers are not set (e.g. when going through |
1493 | * iwconfig), we have to set them appropriately here. |
1494 | */ |
1495 | if (connect->crypto.cipher_group == 0) |
1496 | connect->crypto.cipher_group = cipher; |
1497 | |
1498 | if (connect->crypto.n_ciphers_pairwise == 0) { |
1499 | connect->crypto.n_ciphers_pairwise = 1; |
1500 | connect->crypto.ciphers_pairwise[0] = cipher; |
1501 | } |
1502 | } |
1503 | } else { |
1504 | if (WARN_ON(connkeys)) |
1505 | return -EINVAL; |
1506 | |
1507 | /* connect can point to wdev->wext.connect which |
1508 | * can hold key data from a previous connection |
1509 | */ |
1510 | connect->key = NULL; |
1511 | connect->key_len = 0; |
1512 | connect->key_idx = 0; |
1513 | } |
1514 | |
1515 | wdev->connect_keys = connkeys; |
1516 | memcpy(wdev->u.client.ssid, connect->ssid, connect->ssid_len); |
1517 | wdev->u.client.ssid_len = connect->ssid_len; |
1518 | |
1519 | wdev->conn_bss_type = connect->pbss ? IEEE80211_BSS_TYPE_PBSS : |
1520 | IEEE80211_BSS_TYPE_ESS; |
1521 | |
1522 | if (!rdev->ops->connect) |
1523 | err = cfg80211_sme_connect(wdev, connect, prev_bssid); |
1524 | else |
1525 | err = rdev_connect(rdev, dev, sme: connect); |
1526 | |
1527 | if (err) { |
1528 | wdev->connect_keys = NULL; |
1529 | /* |
1530 | * This could be reassoc getting refused, don't clear |
1531 | * ssid_len in that case. |
1532 | */ |
1533 | if (!wdev->connected) |
1534 | wdev->u.client.ssid_len = 0; |
1535 | return err; |
1536 | } |
1537 | |
1538 | return 0; |
1539 | } |
1540 | |
1541 | int cfg80211_disconnect(struct cfg80211_registered_device *rdev, |
1542 | struct net_device *dev, u16 reason, bool wextev) |
1543 | { |
1544 | struct wireless_dev *wdev = dev->ieee80211_ptr; |
1545 | int err = 0; |
1546 | |
1547 | lockdep_assert_wiphy(wdev->wiphy); |
1548 | |
1549 | kfree_sensitive(objp: wdev->connect_keys); |
1550 | wdev->connect_keys = NULL; |
1551 | |
1552 | wdev->conn_owner_nlportid = 0; |
1553 | |
1554 | if (wdev->conn) |
1555 | err = cfg80211_sme_disconnect(wdev, reason); |
1556 | else if (!rdev->ops->disconnect) |
1557 | cfg80211_mlme_down(rdev, dev); |
1558 | else if (wdev->u.client.ssid_len) |
1559 | err = rdev_disconnect(rdev, dev, reason_code: reason); |
1560 | |
1561 | /* |
1562 | * Clear ssid_len unless we actually were fully connected, |
1563 | * in which case cfg80211_disconnected() will take care of |
1564 | * this later. |
1565 | */ |
1566 | if (!wdev->connected) |
1567 | wdev->u.client.ssid_len = 0; |
1568 | |
1569 | return err; |
1570 | } |
1571 | |
1572 | /* |
1573 | * Used to clean up after the connection / connection attempt owner socket |
1574 | * disconnects |
1575 | */ |
1576 | void cfg80211_autodisconnect_wk(struct work_struct *work) |
1577 | { |
1578 | struct wireless_dev *wdev = |
1579 | container_of(work, struct wireless_dev, disconnect_wk); |
1580 | struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy: wdev->wiphy); |
1581 | |
1582 | wiphy_lock(wiphy: wdev->wiphy); |
1583 | |
1584 | if (wdev->conn_owner_nlportid) { |
1585 | switch (wdev->iftype) { |
1586 | case NL80211_IFTYPE_ADHOC: |
1587 | cfg80211_leave_ibss(rdev, dev: wdev->netdev, nowext: false); |
1588 | break; |
1589 | case NL80211_IFTYPE_AP: |
1590 | case NL80211_IFTYPE_P2P_GO: |
1591 | cfg80211_stop_ap(rdev, dev: wdev->netdev, link: -1, notify: false); |
1592 | break; |
1593 | case NL80211_IFTYPE_MESH_POINT: |
1594 | cfg80211_leave_mesh(rdev, dev: wdev->netdev); |
1595 | break; |
1596 | case NL80211_IFTYPE_STATION: |
1597 | case NL80211_IFTYPE_P2P_CLIENT: |
1598 | /* |
1599 | * Use disconnect_bssid if still connecting and |
1600 | * ops->disconnect not implemented. Otherwise we can |
1601 | * use cfg80211_disconnect. |
1602 | */ |
1603 | if (rdev->ops->disconnect || wdev->connected) |
1604 | cfg80211_disconnect(rdev, dev: wdev->netdev, |
1605 | reason: WLAN_REASON_DEAUTH_LEAVING, |
1606 | wextev: true); |
1607 | else |
1608 | cfg80211_mlme_deauth(rdev, dev: wdev->netdev, |
1609 | bssid: wdev->disconnect_bssid, |
1610 | NULL, ie_len: 0, |
1611 | reason: WLAN_REASON_DEAUTH_LEAVING, |
1612 | local_state_change: false); |
1613 | break; |
1614 | default: |
1615 | break; |
1616 | } |
1617 | } |
1618 | |
1619 | wiphy_unlock(wiphy: wdev->wiphy); |
1620 | } |
1621 | |