forked from Minki/linux
e6f462df9a
When mac80211 abandons an association attempt, it may free all the data structures, but inform cfg80211 and userspace about it only by sending the deauth frame it received, in which case cfg80211 has no link to the BSS struct that was used and will not cfg80211_unhold_bss() it. Fix this by providing a way to inform cfg80211 of this with the BSS entry passed, so that it can clean up properly, and use this ability in the appropriate places in mac80211. This isn't ideal: some code is more or less duplicated and tracing is missing. However, it's a fairly small change and it's thus easier to backport - cleanups can come later. Cc: stable@vger.kernel.org Signed-off-by: Johannes Berg <johannes.berg@intel.com>
843 lines
22 KiB
C
843 lines
22 KiB
C
/*
|
|
* cfg80211 MLME SAP interface
|
|
*
|
|
* Copyright (c) 2009, Jouni Malinen <j@w1.fi>
|
|
* Copyright (c) 2015 Intel Deutschland GmbH
|
|
*/
|
|
|
|
#include <linux/kernel.h>
|
|
#include <linux/module.h>
|
|
#include <linux/etherdevice.h>
|
|
#include <linux/netdevice.h>
|
|
#include <linux/nl80211.h>
|
|
#include <linux/slab.h>
|
|
#include <linux/wireless.h>
|
|
#include <net/cfg80211.h>
|
|
#include <net/iw_handler.h>
|
|
#include "core.h"
|
|
#include "nl80211.h"
|
|
#include "rdev-ops.h"
|
|
|
|
|
|
void cfg80211_rx_assoc_resp(struct net_device *dev, struct cfg80211_bss *bss,
|
|
const u8 *buf, size_t len, int uapsd_queues)
|
|
{
|
|
struct wireless_dev *wdev = dev->ieee80211_ptr;
|
|
struct wiphy *wiphy = wdev->wiphy;
|
|
struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
|
|
struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)buf;
|
|
u8 *ie = mgmt->u.assoc_resp.variable;
|
|
int ieoffs = offsetof(struct ieee80211_mgmt, u.assoc_resp.variable);
|
|
u16 status_code = le16_to_cpu(mgmt->u.assoc_resp.status_code);
|
|
|
|
trace_cfg80211_send_rx_assoc(dev, bss);
|
|
|
|
/*
|
|
* This is a bit of a hack, we don't notify userspace of
|
|
* a (re-)association reply if we tried to send a reassoc
|
|
* and got a reject -- we only try again with an assoc
|
|
* frame instead of reassoc.
|
|
*/
|
|
if (cfg80211_sme_rx_assoc_resp(wdev, status_code)) {
|
|
cfg80211_unhold_bss(bss_from_pub(bss));
|
|
cfg80211_put_bss(wiphy, bss);
|
|
return;
|
|
}
|
|
|
|
nl80211_send_rx_assoc(rdev, dev, buf, len, GFP_KERNEL, uapsd_queues);
|
|
/* update current_bss etc., consumes the bss reference */
|
|
__cfg80211_connect_result(dev, mgmt->bssid, NULL, 0, ie, len - ieoffs,
|
|
status_code,
|
|
status_code == WLAN_STATUS_SUCCESS, bss);
|
|
}
|
|
EXPORT_SYMBOL(cfg80211_rx_assoc_resp);
|
|
|
|
static void cfg80211_process_auth(struct wireless_dev *wdev,
|
|
const u8 *buf, size_t len)
|
|
{
|
|
struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
|
|
|
|
nl80211_send_rx_auth(rdev, wdev->netdev, buf, len, GFP_KERNEL);
|
|
cfg80211_sme_rx_auth(wdev, buf, len);
|
|
}
|
|
|
|
static void cfg80211_process_deauth(struct wireless_dev *wdev,
|
|
const u8 *buf, size_t len)
|
|
{
|
|
struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
|
|
struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)buf;
|
|
const u8 *bssid = mgmt->bssid;
|
|
u16 reason_code = le16_to_cpu(mgmt->u.deauth.reason_code);
|
|
bool from_ap = !ether_addr_equal(mgmt->sa, wdev->netdev->dev_addr);
|
|
|
|
nl80211_send_deauth(rdev, wdev->netdev, buf, len, GFP_KERNEL);
|
|
|
|
if (!wdev->current_bss ||
|
|
!ether_addr_equal(wdev->current_bss->pub.bssid, bssid))
|
|
return;
|
|
|
|
__cfg80211_disconnected(wdev->netdev, NULL, 0, reason_code, from_ap);
|
|
cfg80211_sme_deauth(wdev);
|
|
}
|
|
|
|
static void cfg80211_process_disassoc(struct wireless_dev *wdev,
|
|
const u8 *buf, size_t len)
|
|
{
|
|
struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
|
|
struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)buf;
|
|
const u8 *bssid = mgmt->bssid;
|
|
u16 reason_code = le16_to_cpu(mgmt->u.disassoc.reason_code);
|
|
bool from_ap = !ether_addr_equal(mgmt->sa, wdev->netdev->dev_addr);
|
|
|
|
nl80211_send_disassoc(rdev, wdev->netdev, buf, len, GFP_KERNEL);
|
|
|
|
if (WARN_ON(!wdev->current_bss ||
|
|
!ether_addr_equal(wdev->current_bss->pub.bssid, bssid)))
|
|
return;
|
|
|
|
__cfg80211_disconnected(wdev->netdev, NULL, 0, reason_code, from_ap);
|
|
cfg80211_sme_disassoc(wdev);
|
|
}
|
|
|
|
void cfg80211_rx_mlme_mgmt(struct net_device *dev, const u8 *buf, size_t len)
|
|
{
|
|
struct wireless_dev *wdev = dev->ieee80211_ptr;
|
|
struct ieee80211_mgmt *mgmt = (void *)buf;
|
|
|
|
ASSERT_WDEV_LOCK(wdev);
|
|
|
|
trace_cfg80211_rx_mlme_mgmt(dev, buf, len);
|
|
|
|
if (WARN_ON(len < 2))
|
|
return;
|
|
|
|
if (ieee80211_is_auth(mgmt->frame_control))
|
|
cfg80211_process_auth(wdev, buf, len);
|
|
else if (ieee80211_is_deauth(mgmt->frame_control))
|
|
cfg80211_process_deauth(wdev, buf, len);
|
|
else if (ieee80211_is_disassoc(mgmt->frame_control))
|
|
cfg80211_process_disassoc(wdev, buf, len);
|
|
}
|
|
EXPORT_SYMBOL(cfg80211_rx_mlme_mgmt);
|
|
|
|
void cfg80211_auth_timeout(struct net_device *dev, const u8 *addr)
|
|
{
|
|
struct wireless_dev *wdev = dev->ieee80211_ptr;
|
|
struct wiphy *wiphy = wdev->wiphy;
|
|
struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
|
|
|
|
trace_cfg80211_send_auth_timeout(dev, addr);
|
|
|
|
nl80211_send_auth_timeout(rdev, dev, addr, GFP_KERNEL);
|
|
cfg80211_sme_auth_timeout(wdev);
|
|
}
|
|
EXPORT_SYMBOL(cfg80211_auth_timeout);
|
|
|
|
void cfg80211_assoc_timeout(struct net_device *dev, struct cfg80211_bss *bss)
|
|
{
|
|
struct wireless_dev *wdev = dev->ieee80211_ptr;
|
|
struct wiphy *wiphy = wdev->wiphy;
|
|
struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
|
|
|
|
trace_cfg80211_send_assoc_timeout(dev, bss->bssid);
|
|
|
|
nl80211_send_assoc_timeout(rdev, dev, bss->bssid, GFP_KERNEL);
|
|
cfg80211_sme_assoc_timeout(wdev);
|
|
|
|
cfg80211_unhold_bss(bss_from_pub(bss));
|
|
cfg80211_put_bss(wiphy, bss);
|
|
}
|
|
EXPORT_SYMBOL(cfg80211_assoc_timeout);
|
|
|
|
void cfg80211_abandon_assoc(struct net_device *dev, struct cfg80211_bss *bss)
|
|
{
|
|
struct wireless_dev *wdev = dev->ieee80211_ptr;
|
|
struct wiphy *wiphy = wdev->wiphy;
|
|
|
|
cfg80211_sme_abandon_assoc(wdev);
|
|
|
|
cfg80211_unhold_bss(bss_from_pub(bss));
|
|
cfg80211_put_bss(wiphy, bss);
|
|
}
|
|
EXPORT_SYMBOL(cfg80211_abandon_assoc);
|
|
|
|
void cfg80211_tx_mlme_mgmt(struct net_device *dev, const u8 *buf, size_t len)
|
|
{
|
|
struct wireless_dev *wdev = dev->ieee80211_ptr;
|
|
struct ieee80211_mgmt *mgmt = (void *)buf;
|
|
|
|
ASSERT_WDEV_LOCK(wdev);
|
|
|
|
trace_cfg80211_tx_mlme_mgmt(dev, buf, len);
|
|
|
|
if (WARN_ON(len < 2))
|
|
return;
|
|
|
|
if (ieee80211_is_deauth(mgmt->frame_control))
|
|
cfg80211_process_deauth(wdev, buf, len);
|
|
else
|
|
cfg80211_process_disassoc(wdev, buf, len);
|
|
}
|
|
EXPORT_SYMBOL(cfg80211_tx_mlme_mgmt);
|
|
|
|
void cfg80211_michael_mic_failure(struct net_device *dev, const u8 *addr,
|
|
enum nl80211_key_type key_type, int key_id,
|
|
const u8 *tsc, gfp_t gfp)
|
|
{
|
|
struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
|
|
struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
|
|
#ifdef CONFIG_CFG80211_WEXT
|
|
union iwreq_data wrqu;
|
|
char *buf = kmalloc(128, gfp);
|
|
|
|
if (buf) {
|
|
sprintf(buf, "MLME-MICHAELMICFAILURE.indication("
|
|
"keyid=%d %scast addr=%pM)", key_id,
|
|
key_type == NL80211_KEYTYPE_GROUP ? "broad" : "uni",
|
|
addr);
|
|
memset(&wrqu, 0, sizeof(wrqu));
|
|
wrqu.data.length = strlen(buf);
|
|
wireless_send_event(dev, IWEVCUSTOM, &wrqu, buf);
|
|
kfree(buf);
|
|
}
|
|
#endif
|
|
|
|
trace_cfg80211_michael_mic_failure(dev, addr, key_type, key_id, tsc);
|
|
nl80211_michael_mic_failure(rdev, dev, addr, key_type, key_id, tsc, gfp);
|
|
}
|
|
EXPORT_SYMBOL(cfg80211_michael_mic_failure);
|
|
|
|
/* some MLME handling for userspace SME */
|
|
int cfg80211_mlme_auth(struct cfg80211_registered_device *rdev,
|
|
struct net_device *dev,
|
|
struct ieee80211_channel *chan,
|
|
enum nl80211_auth_type auth_type,
|
|
const u8 *bssid,
|
|
const u8 *ssid, int ssid_len,
|
|
const u8 *ie, int ie_len,
|
|
const u8 *key, int key_len, int key_idx,
|
|
const u8 *auth_data, int auth_data_len)
|
|
{
|
|
struct wireless_dev *wdev = dev->ieee80211_ptr;
|
|
struct cfg80211_auth_request req = {
|
|
.ie = ie,
|
|
.ie_len = ie_len,
|
|
.auth_data = auth_data,
|
|
.auth_data_len = auth_data_len,
|
|
.auth_type = auth_type,
|
|
.key = key,
|
|
.key_len = key_len,
|
|
.key_idx = key_idx,
|
|
};
|
|
int err;
|
|
|
|
ASSERT_WDEV_LOCK(wdev);
|
|
|
|
if (auth_type == NL80211_AUTHTYPE_SHARED_KEY)
|
|
if (!key || !key_len || key_idx < 0 || key_idx > 3)
|
|
return -EINVAL;
|
|
|
|
if (wdev->current_bss &&
|
|
ether_addr_equal(bssid, wdev->current_bss->pub.bssid))
|
|
return -EALREADY;
|
|
|
|
req.bss = cfg80211_get_bss(&rdev->wiphy, chan, bssid, ssid, ssid_len,
|
|
IEEE80211_BSS_TYPE_ESS,
|
|
IEEE80211_PRIVACY_ANY);
|
|
if (!req.bss)
|
|
return -ENOENT;
|
|
|
|
err = rdev_auth(rdev, dev, &req);
|
|
|
|
cfg80211_put_bss(&rdev->wiphy, req.bss);
|
|
return err;
|
|
}
|
|
|
|
/* Do a logical ht_capa &= ht_capa_mask. */
|
|
void cfg80211_oper_and_ht_capa(struct ieee80211_ht_cap *ht_capa,
|
|
const struct ieee80211_ht_cap *ht_capa_mask)
|
|
{
|
|
int i;
|
|
u8 *p1, *p2;
|
|
if (!ht_capa_mask) {
|
|
memset(ht_capa, 0, sizeof(*ht_capa));
|
|
return;
|
|
}
|
|
|
|
p1 = (u8*)(ht_capa);
|
|
p2 = (u8*)(ht_capa_mask);
|
|
for (i = 0; i<sizeof(*ht_capa); i++)
|
|
p1[i] &= p2[i];
|
|
}
|
|
|
|
/* Do a logical ht_capa &= ht_capa_mask. */
|
|
void cfg80211_oper_and_vht_capa(struct ieee80211_vht_cap *vht_capa,
|
|
const struct ieee80211_vht_cap *vht_capa_mask)
|
|
{
|
|
int i;
|
|
u8 *p1, *p2;
|
|
if (!vht_capa_mask) {
|
|
memset(vht_capa, 0, sizeof(*vht_capa));
|
|
return;
|
|
}
|
|
|
|
p1 = (u8*)(vht_capa);
|
|
p2 = (u8*)(vht_capa_mask);
|
|
for (i = 0; i < sizeof(*vht_capa); i++)
|
|
p1[i] &= p2[i];
|
|
}
|
|
|
|
int cfg80211_mlme_assoc(struct cfg80211_registered_device *rdev,
|
|
struct net_device *dev,
|
|
struct ieee80211_channel *chan,
|
|
const u8 *bssid,
|
|
const u8 *ssid, int ssid_len,
|
|
struct cfg80211_assoc_request *req)
|
|
{
|
|
struct wireless_dev *wdev = dev->ieee80211_ptr;
|
|
int err;
|
|
|
|
ASSERT_WDEV_LOCK(wdev);
|
|
|
|
if (wdev->current_bss &&
|
|
(!req->prev_bssid || !ether_addr_equal(wdev->current_bss->pub.bssid,
|
|
req->prev_bssid)))
|
|
return -EALREADY;
|
|
|
|
cfg80211_oper_and_ht_capa(&req->ht_capa_mask,
|
|
rdev->wiphy.ht_capa_mod_mask);
|
|
cfg80211_oper_and_vht_capa(&req->vht_capa_mask,
|
|
rdev->wiphy.vht_capa_mod_mask);
|
|
|
|
req->bss = cfg80211_get_bss(&rdev->wiphy, chan, bssid, ssid, ssid_len,
|
|
IEEE80211_BSS_TYPE_ESS,
|
|
IEEE80211_PRIVACY_ANY);
|
|
if (!req->bss)
|
|
return -ENOENT;
|
|
|
|
err = rdev_assoc(rdev, dev, req);
|
|
if (!err)
|
|
cfg80211_hold_bss(bss_from_pub(req->bss));
|
|
else
|
|
cfg80211_put_bss(&rdev->wiphy, req->bss);
|
|
|
|
return err;
|
|
}
|
|
|
|
int cfg80211_mlme_deauth(struct cfg80211_registered_device *rdev,
|
|
struct net_device *dev, const u8 *bssid,
|
|
const u8 *ie, int ie_len, u16 reason,
|
|
bool local_state_change)
|
|
{
|
|
struct wireless_dev *wdev = dev->ieee80211_ptr;
|
|
struct cfg80211_deauth_request req = {
|
|
.bssid = bssid,
|
|
.reason_code = reason,
|
|
.ie = ie,
|
|
.ie_len = ie_len,
|
|
.local_state_change = local_state_change,
|
|
};
|
|
|
|
ASSERT_WDEV_LOCK(wdev);
|
|
|
|
if (local_state_change &&
|
|
(!wdev->current_bss ||
|
|
!ether_addr_equal(wdev->current_bss->pub.bssid, bssid)))
|
|
return 0;
|
|
|
|
return rdev_deauth(rdev, dev, &req);
|
|
}
|
|
|
|
int cfg80211_mlme_disassoc(struct cfg80211_registered_device *rdev,
|
|
struct net_device *dev, const u8 *bssid,
|
|
const u8 *ie, int ie_len, u16 reason,
|
|
bool local_state_change)
|
|
{
|
|
struct wireless_dev *wdev = dev->ieee80211_ptr;
|
|
struct cfg80211_disassoc_request req = {
|
|
.reason_code = reason,
|
|
.local_state_change = local_state_change,
|
|
.ie = ie,
|
|
.ie_len = ie_len,
|
|
};
|
|
int err;
|
|
|
|
ASSERT_WDEV_LOCK(wdev);
|
|
|
|
if (!wdev->current_bss)
|
|
return -ENOTCONN;
|
|
|
|
if (ether_addr_equal(wdev->current_bss->pub.bssid, bssid))
|
|
req.bss = &wdev->current_bss->pub;
|
|
else
|
|
return -ENOTCONN;
|
|
|
|
err = rdev_disassoc(rdev, dev, &req);
|
|
if (err)
|
|
return err;
|
|
|
|
/* driver should have reported the disassoc */
|
|
WARN_ON(wdev->current_bss);
|
|
return 0;
|
|
}
|
|
|
|
void cfg80211_mlme_down(struct cfg80211_registered_device *rdev,
|
|
struct net_device *dev)
|
|
{
|
|
struct wireless_dev *wdev = dev->ieee80211_ptr;
|
|
u8 bssid[ETH_ALEN];
|
|
|
|
ASSERT_WDEV_LOCK(wdev);
|
|
|
|
if (!rdev->ops->deauth)
|
|
return;
|
|
|
|
if (!wdev->current_bss)
|
|
return;
|
|
|
|
memcpy(bssid, wdev->current_bss->pub.bssid, ETH_ALEN);
|
|
cfg80211_mlme_deauth(rdev, dev, bssid, NULL, 0,
|
|
WLAN_REASON_DEAUTH_LEAVING, false);
|
|
}
|
|
|
|
struct cfg80211_mgmt_registration {
|
|
struct list_head list;
|
|
struct wireless_dev *wdev;
|
|
|
|
u32 nlportid;
|
|
|
|
int match_len;
|
|
|
|
__le16 frame_type;
|
|
|
|
u8 match[];
|
|
};
|
|
|
|
static void
|
|
cfg80211_process_mlme_unregistrations(struct cfg80211_registered_device *rdev)
|
|
{
|
|
struct cfg80211_mgmt_registration *reg;
|
|
|
|
ASSERT_RTNL();
|
|
|
|
spin_lock_bh(&rdev->mlme_unreg_lock);
|
|
while ((reg = list_first_entry_or_null(&rdev->mlme_unreg,
|
|
struct cfg80211_mgmt_registration,
|
|
list))) {
|
|
list_del(®->list);
|
|
spin_unlock_bh(&rdev->mlme_unreg_lock);
|
|
|
|
if (rdev->ops->mgmt_frame_register) {
|
|
u16 frame_type = le16_to_cpu(reg->frame_type);
|
|
|
|
rdev_mgmt_frame_register(rdev, reg->wdev,
|
|
frame_type, false);
|
|
}
|
|
|
|
kfree(reg);
|
|
|
|
spin_lock_bh(&rdev->mlme_unreg_lock);
|
|
}
|
|
spin_unlock_bh(&rdev->mlme_unreg_lock);
|
|
}
|
|
|
|
void cfg80211_mlme_unreg_wk(struct work_struct *wk)
|
|
{
|
|
struct cfg80211_registered_device *rdev;
|
|
|
|
rdev = container_of(wk, struct cfg80211_registered_device,
|
|
mlme_unreg_wk);
|
|
|
|
rtnl_lock();
|
|
cfg80211_process_mlme_unregistrations(rdev);
|
|
rtnl_unlock();
|
|
}
|
|
|
|
int cfg80211_mlme_register_mgmt(struct wireless_dev *wdev, u32 snd_portid,
|
|
u16 frame_type, const u8 *match_data,
|
|
int match_len)
|
|
{
|
|
struct wiphy *wiphy = wdev->wiphy;
|
|
struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
|
|
struct cfg80211_mgmt_registration *reg, *nreg;
|
|
int err = 0;
|
|
u16 mgmt_type;
|
|
|
|
if (!wdev->wiphy->mgmt_stypes)
|
|
return -EOPNOTSUPP;
|
|
|
|
if ((frame_type & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_MGMT)
|
|
return -EINVAL;
|
|
|
|
if (frame_type & ~(IEEE80211_FCTL_FTYPE | IEEE80211_FCTL_STYPE))
|
|
return -EINVAL;
|
|
|
|
mgmt_type = (frame_type & IEEE80211_FCTL_STYPE) >> 4;
|
|
if (!(wdev->wiphy->mgmt_stypes[wdev->iftype].rx & BIT(mgmt_type)))
|
|
return -EINVAL;
|
|
|
|
nreg = kzalloc(sizeof(*reg) + match_len, GFP_KERNEL);
|
|
if (!nreg)
|
|
return -ENOMEM;
|
|
|
|
spin_lock_bh(&wdev->mgmt_registrations_lock);
|
|
|
|
list_for_each_entry(reg, &wdev->mgmt_registrations, list) {
|
|
int mlen = min(match_len, reg->match_len);
|
|
|
|
if (frame_type != le16_to_cpu(reg->frame_type))
|
|
continue;
|
|
|
|
if (memcmp(reg->match, match_data, mlen) == 0) {
|
|
err = -EALREADY;
|
|
break;
|
|
}
|
|
}
|
|
|
|
if (err) {
|
|
kfree(nreg);
|
|
goto out;
|
|
}
|
|
|
|
memcpy(nreg->match, match_data, match_len);
|
|
nreg->match_len = match_len;
|
|
nreg->nlportid = snd_portid;
|
|
nreg->frame_type = cpu_to_le16(frame_type);
|
|
nreg->wdev = wdev;
|
|
list_add(&nreg->list, &wdev->mgmt_registrations);
|
|
spin_unlock_bh(&wdev->mgmt_registrations_lock);
|
|
|
|
/* process all unregistrations to avoid driver confusion */
|
|
cfg80211_process_mlme_unregistrations(rdev);
|
|
|
|
if (rdev->ops->mgmt_frame_register)
|
|
rdev_mgmt_frame_register(rdev, wdev, frame_type, true);
|
|
|
|
return 0;
|
|
|
|
out:
|
|
spin_unlock_bh(&wdev->mgmt_registrations_lock);
|
|
|
|
return err;
|
|
}
|
|
|
|
void cfg80211_mlme_unregister_socket(struct wireless_dev *wdev, u32 nlportid)
|
|
{
|
|
struct wiphy *wiphy = wdev->wiphy;
|
|
struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
|
|
struct cfg80211_mgmt_registration *reg, *tmp;
|
|
|
|
spin_lock_bh(&wdev->mgmt_registrations_lock);
|
|
|
|
list_for_each_entry_safe(reg, tmp, &wdev->mgmt_registrations, list) {
|
|
if (reg->nlportid != nlportid)
|
|
continue;
|
|
|
|
list_del(®->list);
|
|
spin_lock(&rdev->mlme_unreg_lock);
|
|
list_add_tail(®->list, &rdev->mlme_unreg);
|
|
spin_unlock(&rdev->mlme_unreg_lock);
|
|
|
|
schedule_work(&rdev->mlme_unreg_wk);
|
|
}
|
|
|
|
spin_unlock_bh(&wdev->mgmt_registrations_lock);
|
|
|
|
if (nlportid && rdev->crit_proto_nlportid == nlportid) {
|
|
rdev->crit_proto_nlportid = 0;
|
|
rdev_crit_proto_stop(rdev, wdev);
|
|
}
|
|
|
|
if (nlportid == wdev->ap_unexpected_nlportid)
|
|
wdev->ap_unexpected_nlportid = 0;
|
|
}
|
|
|
|
void cfg80211_mlme_purge_registrations(struct wireless_dev *wdev)
|
|
{
|
|
struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
|
|
|
|
spin_lock_bh(&wdev->mgmt_registrations_lock);
|
|
spin_lock(&rdev->mlme_unreg_lock);
|
|
list_splice_tail_init(&wdev->mgmt_registrations, &rdev->mlme_unreg);
|
|
spin_unlock(&rdev->mlme_unreg_lock);
|
|
spin_unlock_bh(&wdev->mgmt_registrations_lock);
|
|
|
|
cfg80211_process_mlme_unregistrations(rdev);
|
|
}
|
|
|
|
int cfg80211_mlme_mgmt_tx(struct cfg80211_registered_device *rdev,
|
|
struct wireless_dev *wdev,
|
|
struct cfg80211_mgmt_tx_params *params, u64 *cookie)
|
|
{
|
|
const struct ieee80211_mgmt *mgmt;
|
|
u16 stype;
|
|
|
|
if (!wdev->wiphy->mgmt_stypes)
|
|
return -EOPNOTSUPP;
|
|
|
|
if (!rdev->ops->mgmt_tx)
|
|
return -EOPNOTSUPP;
|
|
|
|
if (params->len < 24 + 1)
|
|
return -EINVAL;
|
|
|
|
mgmt = (const struct ieee80211_mgmt *)params->buf;
|
|
|
|
if (!ieee80211_is_mgmt(mgmt->frame_control))
|
|
return -EINVAL;
|
|
|
|
stype = le16_to_cpu(mgmt->frame_control) & IEEE80211_FCTL_STYPE;
|
|
if (!(wdev->wiphy->mgmt_stypes[wdev->iftype].tx & BIT(stype >> 4)))
|
|
return -EINVAL;
|
|
|
|
if (ieee80211_is_action(mgmt->frame_control) &&
|
|
mgmt->u.action.category != WLAN_CATEGORY_PUBLIC) {
|
|
int err = 0;
|
|
|
|
wdev_lock(wdev);
|
|
|
|
switch (wdev->iftype) {
|
|
case NL80211_IFTYPE_ADHOC:
|
|
case NL80211_IFTYPE_STATION:
|
|
case NL80211_IFTYPE_P2P_CLIENT:
|
|
if (!wdev->current_bss) {
|
|
err = -ENOTCONN;
|
|
break;
|
|
}
|
|
|
|
if (!ether_addr_equal(wdev->current_bss->pub.bssid,
|
|
mgmt->bssid)) {
|
|
err = -ENOTCONN;
|
|
break;
|
|
}
|
|
|
|
/*
|
|
* check for IBSS DA must be done by driver as
|
|
* cfg80211 doesn't track the stations
|
|
*/
|
|
if (wdev->iftype == NL80211_IFTYPE_ADHOC)
|
|
break;
|
|
|
|
/* for station, check that DA is the AP */
|
|
if (!ether_addr_equal(wdev->current_bss->pub.bssid,
|
|
mgmt->da)) {
|
|
err = -ENOTCONN;
|
|
break;
|
|
}
|
|
break;
|
|
case NL80211_IFTYPE_AP:
|
|
case NL80211_IFTYPE_P2P_GO:
|
|
case NL80211_IFTYPE_AP_VLAN:
|
|
if (!ether_addr_equal(mgmt->bssid, wdev_address(wdev)))
|
|
err = -EINVAL;
|
|
break;
|
|
case NL80211_IFTYPE_MESH_POINT:
|
|
if (!ether_addr_equal(mgmt->sa, mgmt->bssid)) {
|
|
err = -EINVAL;
|
|
break;
|
|
}
|
|
/*
|
|
* check for mesh DA must be done by driver as
|
|
* cfg80211 doesn't track the stations
|
|
*/
|
|
break;
|
|
case NL80211_IFTYPE_P2P_DEVICE:
|
|
/*
|
|
* fall through, P2P device only supports
|
|
* public action frames
|
|
*/
|
|
case NL80211_IFTYPE_NAN:
|
|
default:
|
|
err = -EOPNOTSUPP;
|
|
break;
|
|
}
|
|
wdev_unlock(wdev);
|
|
|
|
if (err)
|
|
return err;
|
|
}
|
|
|
|
if (!ether_addr_equal(mgmt->sa, wdev_address(wdev)))
|
|
return -EINVAL;
|
|
|
|
/* Transmit the Action frame as requested by user space */
|
|
return rdev_mgmt_tx(rdev, wdev, params, cookie);
|
|
}
|
|
|
|
bool cfg80211_rx_mgmt(struct wireless_dev *wdev, int freq, int sig_mbm,
|
|
const u8 *buf, size_t len, u32 flags)
|
|
{
|
|
struct wiphy *wiphy = wdev->wiphy;
|
|
struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
|
|
struct cfg80211_mgmt_registration *reg;
|
|
const struct ieee80211_txrx_stypes *stypes =
|
|
&wiphy->mgmt_stypes[wdev->iftype];
|
|
struct ieee80211_mgmt *mgmt = (void *)buf;
|
|
const u8 *data;
|
|
int data_len;
|
|
bool result = false;
|
|
__le16 ftype = mgmt->frame_control &
|
|
cpu_to_le16(IEEE80211_FCTL_FTYPE | IEEE80211_FCTL_STYPE);
|
|
u16 stype;
|
|
|
|
trace_cfg80211_rx_mgmt(wdev, freq, sig_mbm);
|
|
stype = (le16_to_cpu(mgmt->frame_control) & IEEE80211_FCTL_STYPE) >> 4;
|
|
|
|
if (!(stypes->rx & BIT(stype))) {
|
|
trace_cfg80211_return_bool(false);
|
|
return false;
|
|
}
|
|
|
|
data = buf + ieee80211_hdrlen(mgmt->frame_control);
|
|
data_len = len - ieee80211_hdrlen(mgmt->frame_control);
|
|
|
|
spin_lock_bh(&wdev->mgmt_registrations_lock);
|
|
|
|
list_for_each_entry(reg, &wdev->mgmt_registrations, list) {
|
|
if (reg->frame_type != ftype)
|
|
continue;
|
|
|
|
if (reg->match_len > data_len)
|
|
continue;
|
|
|
|
if (memcmp(reg->match, data, reg->match_len))
|
|
continue;
|
|
|
|
/* found match! */
|
|
|
|
/* Indicate the received Action frame to user space */
|
|
if (nl80211_send_mgmt(rdev, wdev, reg->nlportid,
|
|
freq, sig_mbm,
|
|
buf, len, flags, GFP_ATOMIC))
|
|
continue;
|
|
|
|
result = true;
|
|
break;
|
|
}
|
|
|
|
spin_unlock_bh(&wdev->mgmt_registrations_lock);
|
|
|
|
trace_cfg80211_return_bool(result);
|
|
return result;
|
|
}
|
|
EXPORT_SYMBOL(cfg80211_rx_mgmt);
|
|
|
|
void cfg80211_dfs_channels_update_work(struct work_struct *work)
|
|
{
|
|
struct delayed_work *delayed_work = to_delayed_work(work);
|
|
struct cfg80211_registered_device *rdev;
|
|
struct cfg80211_chan_def chandef;
|
|
struct ieee80211_supported_band *sband;
|
|
struct ieee80211_channel *c;
|
|
struct wiphy *wiphy;
|
|
bool check_again = false;
|
|
unsigned long timeout, next_time = 0;
|
|
int bandid, i;
|
|
|
|
rdev = container_of(delayed_work, struct cfg80211_registered_device,
|
|
dfs_update_channels_wk);
|
|
wiphy = &rdev->wiphy;
|
|
|
|
rtnl_lock();
|
|
for (bandid = 0; bandid < NUM_NL80211_BANDS; bandid++) {
|
|
sband = wiphy->bands[bandid];
|
|
if (!sband)
|
|
continue;
|
|
|
|
for (i = 0; i < sband->n_channels; i++) {
|
|
c = &sband->channels[i];
|
|
|
|
if (c->dfs_state != NL80211_DFS_UNAVAILABLE)
|
|
continue;
|
|
|
|
timeout = c->dfs_state_entered + msecs_to_jiffies(
|
|
IEEE80211_DFS_MIN_NOP_TIME_MS);
|
|
|
|
if (time_after_eq(jiffies, timeout)) {
|
|
c->dfs_state = NL80211_DFS_USABLE;
|
|
c->dfs_state_entered = jiffies;
|
|
|
|
cfg80211_chandef_create(&chandef, c,
|
|
NL80211_CHAN_NO_HT);
|
|
|
|
nl80211_radar_notify(rdev, &chandef,
|
|
NL80211_RADAR_NOP_FINISHED,
|
|
NULL, GFP_ATOMIC);
|
|
continue;
|
|
}
|
|
|
|
if (!check_again)
|
|
next_time = timeout - jiffies;
|
|
else
|
|
next_time = min(next_time, timeout - jiffies);
|
|
check_again = true;
|
|
}
|
|
}
|
|
rtnl_unlock();
|
|
|
|
/* reschedule if there are other channels waiting to be cleared again */
|
|
if (check_again)
|
|
queue_delayed_work(cfg80211_wq, &rdev->dfs_update_channels_wk,
|
|
next_time);
|
|
}
|
|
|
|
|
|
void cfg80211_radar_event(struct wiphy *wiphy,
|
|
struct cfg80211_chan_def *chandef,
|
|
gfp_t gfp)
|
|
{
|
|
struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
|
|
unsigned long timeout;
|
|
|
|
trace_cfg80211_radar_event(wiphy, chandef);
|
|
|
|
/* only set the chandef supplied channel to unavailable, in
|
|
* case the radar is detected on only one of multiple channels
|
|
* spanned by the chandef.
|
|
*/
|
|
cfg80211_set_dfs_state(wiphy, chandef, NL80211_DFS_UNAVAILABLE);
|
|
|
|
timeout = msecs_to_jiffies(IEEE80211_DFS_MIN_NOP_TIME_MS);
|
|
queue_delayed_work(cfg80211_wq, &rdev->dfs_update_channels_wk,
|
|
timeout);
|
|
|
|
nl80211_radar_notify(rdev, chandef, NL80211_RADAR_DETECTED, NULL, gfp);
|
|
}
|
|
EXPORT_SYMBOL(cfg80211_radar_event);
|
|
|
|
void cfg80211_cac_event(struct net_device *netdev,
|
|
const struct cfg80211_chan_def *chandef,
|
|
enum nl80211_radar_event event, gfp_t gfp)
|
|
{
|
|
struct wireless_dev *wdev = netdev->ieee80211_ptr;
|
|
struct wiphy *wiphy = wdev->wiphy;
|
|
struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
|
|
unsigned long timeout;
|
|
|
|
trace_cfg80211_cac_event(netdev, event);
|
|
|
|
if (WARN_ON(!wdev->cac_started))
|
|
return;
|
|
|
|
if (WARN_ON(!wdev->chandef.chan))
|
|
return;
|
|
|
|
switch (event) {
|
|
case NL80211_RADAR_CAC_FINISHED:
|
|
timeout = wdev->cac_start_time +
|
|
msecs_to_jiffies(wdev->cac_time_ms);
|
|
WARN_ON(!time_after_eq(jiffies, timeout));
|
|
cfg80211_set_dfs_state(wiphy, chandef, NL80211_DFS_AVAILABLE);
|
|
break;
|
|
case NL80211_RADAR_CAC_ABORTED:
|
|
break;
|
|
default:
|
|
WARN_ON(1);
|
|
return;
|
|
}
|
|
wdev->cac_started = false;
|
|
|
|
nl80211_radar_notify(rdev, chandef, event, netdev, gfp);
|
|
}
|
|
EXPORT_SYMBOL(cfg80211_cac_event);
|