1// SPDX-License-Identifier: GPL-2.0
2/*
3 * SME code for cfg80211
4 * both driver SME event handling and the SME implementation
5 * (for nl80211's connect() and wext)
6 *
7 * Copyright 2009 Johannes Berg <johannes@sipsolutions.net>
8 * Copyright (C) 2009, 2020, 2022-2023 Intel Corporation. All rights reserved.
9 * Copyright 2017 Intel Deutschland GmbH
10 */
11
12#include <linux/etherdevice.h>
13#include <linux/if_arp.h>
14#include <linux/slab.h>
15#include <linux/workqueue.h>
16#include <linux/wireless.h>
17#include <linux/export.h>
18#include <net/iw_handler.h>
19#include <net/cfg80211.h>
20#include <net/rtnetlink.h>
21#include "nl80211.h"
22#include "reg.h"
23#include "rdev-ops.h"
24
25/*
26 * Software SME in cfg80211, using auth/assoc/deauth calls to the
27 * driver. This is for implementing nl80211's connect/disconnect
28 * and wireless extensions (if configured.)
29 */
30
31struct cfg80211_conn {
32 struct cfg80211_connect_params params;
33 /* these are sub-states of the _CONNECTING sme_state */
34 enum {
35 CFG80211_CONN_SCANNING,
36 CFG80211_CONN_SCAN_AGAIN,
37 CFG80211_CONN_AUTHENTICATE_NEXT,
38 CFG80211_CONN_AUTHENTICATING,
39 CFG80211_CONN_AUTH_FAILED_TIMEOUT,
40 CFG80211_CONN_ASSOCIATE_NEXT,
41 CFG80211_CONN_ASSOCIATING,
42 CFG80211_CONN_ASSOC_FAILED,
43 CFG80211_CONN_ASSOC_FAILED_TIMEOUT,
44 CFG80211_CONN_DEAUTH,
45 CFG80211_CONN_ABANDON,
46 CFG80211_CONN_CONNECTED,
47 } state;
48 u8 bssid[ETH_ALEN], prev_bssid[ETH_ALEN];
49 const u8 *ie;
50 size_t ie_len;
51 bool auto_auth, prev_bssid_valid;
52};
53
54static void cfg80211_sme_free(struct wireless_dev *wdev)
55{
56 if (!wdev->conn)
57 return;
58
59 kfree(objp: wdev->conn->ie);
60 kfree(objp: wdev->conn);
61 wdev->conn = NULL;
62}
63
64static int cfg80211_conn_scan(struct wireless_dev *wdev)
65{
66 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy: wdev->wiphy);
67 struct cfg80211_scan_request *request;
68 int n_channels, err;
69
70 lockdep_assert_wiphy(wdev->wiphy);
71
72 if (rdev->scan_req || rdev->scan_msg)
73 return -EBUSY;
74
75 if (wdev->conn->params.channel)
76 n_channels = 1;
77 else
78 n_channels = ieee80211_get_num_supported_channels(wiphy: wdev->wiphy);
79
80 request = kzalloc(size: sizeof(*request) + sizeof(request->ssids[0]) +
81 sizeof(request->channels[0]) * n_channels,
82 GFP_KERNEL);
83 if (!request)
84 return -ENOMEM;
85
86 if (wdev->conn->params.channel) {
87 enum nl80211_band band = wdev->conn->params.channel->band;
88 struct ieee80211_supported_band *sband =
89 wdev->wiphy->bands[band];
90
91 if (!sband) {
92 kfree(objp: request);
93 return -EINVAL;
94 }
95 request->channels[0] = wdev->conn->params.channel;
96 request->rates[band] = (1 << sband->n_bitrates) - 1;
97 } else {
98 int i = 0, j;
99 enum nl80211_band band;
100 struct ieee80211_supported_band *bands;
101 struct ieee80211_channel *channel;
102
103 for (band = 0; band < NUM_NL80211_BANDS; band++) {
104 bands = wdev->wiphy->bands[band];
105 if (!bands)
106 continue;
107 for (j = 0; j < bands->n_channels; j++) {
108 channel = &bands->channels[j];
109 if (channel->flags & IEEE80211_CHAN_DISABLED)
110 continue;
111 request->channels[i++] = channel;
112 }
113 request->rates[band] = (1 << bands->n_bitrates) - 1;
114 }
115 n_channels = i;
116 }
117 request->n_channels = n_channels;
118 request->ssids = (void *)&request->channels[n_channels];
119 request->n_ssids = 1;
120
121 memcpy(request->ssids[0].ssid, wdev->conn->params.ssid,
122 wdev->conn->params.ssid_len);
123 request->ssids[0].ssid_len = wdev->conn->params.ssid_len;
124
125 eth_broadcast_addr(addr: request->bssid);
126
127 request->wdev = wdev;
128 request->wiphy = &rdev->wiphy;
129 request->scan_start = jiffies;
130
131 rdev->scan_req = request;
132
133 err = rdev_scan(rdev, request);
134 if (!err) {
135 wdev->conn->state = CFG80211_CONN_SCANNING;
136 nl80211_send_scan_start(rdev, wdev);
137 dev_hold(dev: wdev->netdev);
138 } else {
139 rdev->scan_req = NULL;
140 kfree(objp: request);
141 }
142 return err;
143}
144
145static int cfg80211_conn_do_work(struct wireless_dev *wdev,
146 enum nl80211_timeout_reason *treason)
147{
148 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy: wdev->wiphy);
149 struct cfg80211_connect_params *params;
150 struct cfg80211_auth_request auth_req = {};
151 struct cfg80211_assoc_request req = {};
152 int err;
153
154 lockdep_assert_wiphy(wdev->wiphy);
155
156 if (!wdev->conn)
157 return 0;
158
159 params = &wdev->conn->params;
160
161 switch (wdev->conn->state) {
162 case CFG80211_CONN_SCANNING:
163 /* didn't find it during scan ... */
164 return -ENOENT;
165 case CFG80211_CONN_SCAN_AGAIN:
166 return cfg80211_conn_scan(wdev);
167 case CFG80211_CONN_AUTHENTICATE_NEXT:
168 if (WARN_ON(!rdev->ops->auth))
169 return -EOPNOTSUPP;
170 wdev->conn->state = CFG80211_CONN_AUTHENTICATING;
171 auth_req.key = params->key;
172 auth_req.key_len = params->key_len;
173 auth_req.key_idx = params->key_idx;
174 auth_req.auth_type = params->auth_type;
175 auth_req.bss = cfg80211_get_bss(wiphy: &rdev->wiphy, channel: params->channel,
176 bssid: params->bssid,
177 ssid: params->ssid, ssid_len: params->ssid_len,
178 bss_type: IEEE80211_BSS_TYPE_ESS,
179 privacy: IEEE80211_PRIVACY_ANY);
180 auth_req.link_id = -1;
181 err = cfg80211_mlme_auth(rdev, dev: wdev->netdev, req: &auth_req);
182 cfg80211_put_bss(wiphy: &rdev->wiphy, bss: auth_req.bss);
183 return err;
184 case CFG80211_CONN_AUTH_FAILED_TIMEOUT:
185 *treason = NL80211_TIMEOUT_AUTH;
186 return -ENOTCONN;
187 case CFG80211_CONN_ASSOCIATE_NEXT:
188 if (WARN_ON(!rdev->ops->assoc))
189 return -EOPNOTSUPP;
190 wdev->conn->state = CFG80211_CONN_ASSOCIATING;
191 if (wdev->conn->prev_bssid_valid)
192 req.prev_bssid = wdev->conn->prev_bssid;
193 req.ie = params->ie;
194 req.ie_len = params->ie_len;
195 req.use_mfp = params->mfp != NL80211_MFP_NO;
196 req.crypto = params->crypto;
197 req.flags = params->flags;
198 req.ht_capa = params->ht_capa;
199 req.ht_capa_mask = params->ht_capa_mask;
200 req.vht_capa = params->vht_capa;
201 req.vht_capa_mask = params->vht_capa_mask;
202 req.link_id = -1;
203
204 req.bss = cfg80211_get_bss(wiphy: &rdev->wiphy, channel: params->channel,
205 bssid: params->bssid,
206 ssid: params->ssid, ssid_len: params->ssid_len,
207 bss_type: IEEE80211_BSS_TYPE_ESS,
208 privacy: IEEE80211_PRIVACY_ANY);
209 if (!req.bss) {
210 err = -ENOENT;
211 } else {
212 err = cfg80211_mlme_assoc(rdev, dev: wdev->netdev, req: &req);
213 cfg80211_put_bss(wiphy: &rdev->wiphy, bss: req.bss);
214 }
215
216 if (err)
217 cfg80211_mlme_deauth(rdev, dev: wdev->netdev, bssid: params->bssid,
218 NULL, ie_len: 0,
219 reason: WLAN_REASON_DEAUTH_LEAVING,
220 local_state_change: false);
221 return err;
222 case CFG80211_CONN_ASSOC_FAILED_TIMEOUT:
223 *treason = NL80211_TIMEOUT_ASSOC;
224 fallthrough;
225 case CFG80211_CONN_ASSOC_FAILED:
226 cfg80211_mlme_deauth(rdev, dev: wdev->netdev, bssid: params->bssid,
227 NULL, ie_len: 0,
228 reason: WLAN_REASON_DEAUTH_LEAVING, local_state_change: false);
229 return -ENOTCONN;
230 case CFG80211_CONN_DEAUTH:
231 cfg80211_mlme_deauth(rdev, dev: wdev->netdev, bssid: params->bssid,
232 NULL, ie_len: 0,
233 reason: WLAN_REASON_DEAUTH_LEAVING, local_state_change: false);
234 fallthrough;
235 case CFG80211_CONN_ABANDON:
236 /* free directly, disconnected event already sent */
237 cfg80211_sme_free(wdev);
238 return 0;
239 default:
240 return 0;
241 }
242}
243
244void cfg80211_conn_work(struct work_struct *work)
245{
246 struct cfg80211_registered_device *rdev =
247 container_of(work, struct cfg80211_registered_device, conn_work);
248 struct wireless_dev *wdev;
249 u8 bssid_buf[ETH_ALEN], *bssid = NULL;
250 enum nl80211_timeout_reason treason;
251
252 wiphy_lock(wiphy: &rdev->wiphy);
253
254 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
255 if (!wdev->netdev)
256 continue;
257
258 if (!netif_running(dev: wdev->netdev))
259 continue;
260
261 if (!wdev->conn ||
262 wdev->conn->state == CFG80211_CONN_CONNECTED)
263 continue;
264
265 if (wdev->conn->params.bssid) {
266 memcpy(bssid_buf, wdev->conn->params.bssid, ETH_ALEN);
267 bssid = bssid_buf;
268 }
269 treason = NL80211_TIMEOUT_UNSPECIFIED;
270 if (cfg80211_conn_do_work(wdev, treason: &treason)) {
271 struct cfg80211_connect_resp_params cr;
272
273 memset(&cr, 0, sizeof(cr));
274 cr.status = -1;
275 cr.links[0].bssid = bssid;
276 cr.timeout_reason = treason;
277 __cfg80211_connect_result(dev: wdev->netdev, params: &cr, wextev: false);
278 }
279 }
280
281 wiphy_unlock(wiphy: &rdev->wiphy);
282}
283
284static void cfg80211_step_auth_next(struct cfg80211_conn *conn,
285 struct cfg80211_bss *bss)
286{
287 memcpy(conn->bssid, bss->bssid, ETH_ALEN);
288 conn->params.bssid = conn->bssid;
289 conn->params.channel = bss->channel;
290 conn->state = CFG80211_CONN_AUTHENTICATE_NEXT;
291}
292
293/* Returned bss is reference counted and must be cleaned up appropriately. */
294static struct cfg80211_bss *cfg80211_get_conn_bss(struct wireless_dev *wdev)
295{
296 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy: wdev->wiphy);
297 struct cfg80211_bss *bss;
298
299 lockdep_assert_wiphy(wdev->wiphy);
300
301 bss = cfg80211_get_bss(wiphy: wdev->wiphy, channel: wdev->conn->params.channel,
302 bssid: wdev->conn->params.bssid,
303 ssid: wdev->conn->params.ssid,
304 ssid_len: wdev->conn->params.ssid_len,
305 bss_type: wdev->conn_bss_type,
306 IEEE80211_PRIVACY(wdev->conn->params.privacy));
307 if (!bss)
308 return NULL;
309
310 cfg80211_step_auth_next(conn: wdev->conn, bss);
311 schedule_work(work: &rdev->conn_work);
312
313 return bss;
314}
315
316void cfg80211_sme_scan_done(struct net_device *dev)
317{
318 struct wireless_dev *wdev = dev->ieee80211_ptr;
319 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy: wdev->wiphy);
320 struct cfg80211_bss *bss;
321
322 lockdep_assert_wiphy(wdev->wiphy);
323
324 if (!wdev->conn)
325 return;
326
327 if (wdev->conn->state != CFG80211_CONN_SCANNING &&
328 wdev->conn->state != CFG80211_CONN_SCAN_AGAIN)
329 return;
330
331 bss = cfg80211_get_conn_bss(wdev);
332 if (bss)
333 cfg80211_put_bss(wiphy: &rdev->wiphy, bss);
334 else
335 schedule_work(work: &rdev->conn_work);
336}
337
338void cfg80211_sme_rx_auth(struct wireless_dev *wdev, const u8 *buf, size_t len)
339{
340 struct wiphy *wiphy = wdev->wiphy;
341 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
342 struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)buf;
343 u16 status_code = le16_to_cpu(mgmt->u.auth.status_code);
344
345 lockdep_assert_wiphy(wdev->wiphy);
346
347 if (!wdev->conn || wdev->conn->state == CFG80211_CONN_CONNECTED)
348 return;
349
350 if (status_code == WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG &&
351 wdev->conn->auto_auth &&
352 wdev->conn->params.auth_type != NL80211_AUTHTYPE_NETWORK_EAP) {
353 /* select automatically between only open, shared, leap */
354 switch (wdev->conn->params.auth_type) {
355 case NL80211_AUTHTYPE_OPEN_SYSTEM:
356 if (wdev->connect_keys)
357 wdev->conn->params.auth_type =
358 NL80211_AUTHTYPE_SHARED_KEY;
359 else
360 wdev->conn->params.auth_type =
361 NL80211_AUTHTYPE_NETWORK_EAP;
362 break;
363 case NL80211_AUTHTYPE_SHARED_KEY:
364 wdev->conn->params.auth_type =
365 NL80211_AUTHTYPE_NETWORK_EAP;
366 break;
367 default:
368 /* huh? */
369 wdev->conn->params.auth_type =
370 NL80211_AUTHTYPE_OPEN_SYSTEM;
371 break;
372 }
373 wdev->conn->state = CFG80211_CONN_AUTHENTICATE_NEXT;
374 schedule_work(work: &rdev->conn_work);
375 } else if (status_code != WLAN_STATUS_SUCCESS) {
376 struct cfg80211_connect_resp_params cr;
377
378 memset(&cr, 0, sizeof(cr));
379 cr.status = status_code;
380 cr.links[0].bssid = mgmt->bssid;
381 cr.timeout_reason = NL80211_TIMEOUT_UNSPECIFIED;
382 __cfg80211_connect_result(dev: wdev->netdev, params: &cr, wextev: false);
383 } else if (wdev->conn->state == CFG80211_CONN_AUTHENTICATING) {
384 wdev->conn->state = CFG80211_CONN_ASSOCIATE_NEXT;
385 schedule_work(work: &rdev->conn_work);
386 }
387}
388
389bool cfg80211_sme_rx_assoc_resp(struct wireless_dev *wdev, u16 status)
390{
391 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy: wdev->wiphy);
392
393 if (!wdev->conn)
394 return false;
395
396 if (status == WLAN_STATUS_SUCCESS) {
397 wdev->conn->state = CFG80211_CONN_CONNECTED;
398 return false;
399 }
400
401 if (wdev->conn->prev_bssid_valid) {
402 /*
403 * Some stupid APs don't accept reassoc, so we
404 * need to fall back to trying regular assoc;
405 * return true so no event is sent to userspace.
406 */
407 wdev->conn->prev_bssid_valid = false;
408 wdev->conn->state = CFG80211_CONN_ASSOCIATE_NEXT;
409 schedule_work(work: &rdev->conn_work);
410 return true;
411 }
412
413 wdev->conn->state = CFG80211_CONN_ASSOC_FAILED;
414 schedule_work(work: &rdev->conn_work);
415 return false;
416}
417
418void cfg80211_sme_deauth(struct wireless_dev *wdev)
419{
420 cfg80211_sme_free(wdev);
421}
422
423void cfg80211_sme_auth_timeout(struct wireless_dev *wdev)
424{
425 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy: wdev->wiphy);
426
427 if (!wdev->conn)
428 return;
429
430 wdev->conn->state = CFG80211_CONN_AUTH_FAILED_TIMEOUT;
431 schedule_work(work: &rdev->conn_work);
432}
433
434void cfg80211_sme_disassoc(struct wireless_dev *wdev)
435{
436 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy: wdev->wiphy);
437
438 if (!wdev->conn)
439 return;
440
441 wdev->conn->state = CFG80211_CONN_DEAUTH;
442 schedule_work(work: &rdev->conn_work);
443}
444
445void cfg80211_sme_assoc_timeout(struct wireless_dev *wdev)
446{
447 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy: wdev->wiphy);
448
449 if (!wdev->conn)
450 return;
451
452 wdev->conn->state = CFG80211_CONN_ASSOC_FAILED_TIMEOUT;
453 schedule_work(work: &rdev->conn_work);
454}
455
456void cfg80211_sme_abandon_assoc(struct wireless_dev *wdev)
457{
458 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy: wdev->wiphy);
459
460 if (!wdev->conn)
461 return;
462
463 wdev->conn->state = CFG80211_CONN_ABANDON;
464 schedule_work(work: &rdev->conn_work);
465}
466
467static void cfg80211_wdev_release_bsses(struct wireless_dev *wdev)
468{
469 unsigned int link;
470
471 for_each_valid_link(wdev, link) {
472 if (!wdev->links[link].client.current_bss)
473 continue;
474 cfg80211_unhold_bss(bss: wdev->links[link].client.current_bss);
475 cfg80211_put_bss(wiphy: wdev->wiphy,
476 bss: &wdev->links[link].client.current_bss->pub);
477 wdev->links[link].client.current_bss = NULL;
478 }
479}
480
481void cfg80211_wdev_release_link_bsses(struct wireless_dev *wdev, u16 link_mask)
482{
483 unsigned int link;
484
485 for_each_valid_link(wdev, link) {
486 if (!wdev->links[link].client.current_bss ||
487 !(link_mask & BIT(link)))
488 continue;
489 cfg80211_unhold_bss(bss: wdev->links[link].client.current_bss);
490 cfg80211_put_bss(wiphy: wdev->wiphy,
491 bss: &wdev->links[link].client.current_bss->pub);
492 wdev->links[link].client.current_bss = NULL;
493 }
494}
495
496static int cfg80211_sme_get_conn_ies(struct wireless_dev *wdev,
497 const u8 *ies, size_t ies_len,
498 const u8 **out_ies, size_t *out_ies_len)
499{
500 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy: wdev->wiphy);
501 u8 *buf;
502 size_t offs;
503
504 if (!rdev->wiphy.extended_capabilities_len ||
505 (ies && cfg80211_find_ie(eid: WLAN_EID_EXT_CAPABILITY, ies, len: ies_len))) {
506 *out_ies = kmemdup(p: ies, size: ies_len, GFP_KERNEL);
507 if (!*out_ies)
508 return -ENOMEM;
509 *out_ies_len = ies_len;
510 return 0;
511 }
512
513 buf = kmalloc(size: ies_len + rdev->wiphy.extended_capabilities_len + 2,
514 GFP_KERNEL);
515 if (!buf)
516 return -ENOMEM;
517
518 if (ies_len) {
519 static const u8 before_extcapa[] = {
520 /* not listing IEs expected to be created by driver */
521 WLAN_EID_RSN,
522 WLAN_EID_QOS_CAPA,
523 WLAN_EID_RRM_ENABLED_CAPABILITIES,
524 WLAN_EID_MOBILITY_DOMAIN,
525 WLAN_EID_SUPPORTED_REGULATORY_CLASSES,
526 WLAN_EID_BSS_COEX_2040,
527 };
528
529 offs = ieee80211_ie_split(ies, ielen: ies_len, ids: before_extcapa,
530 ARRAY_SIZE(before_extcapa), offset: 0);
531 memcpy(buf, ies, offs);
532 /* leave a whole for extended capabilities IE */
533 memcpy(buf + offs + rdev->wiphy.extended_capabilities_len + 2,
534 ies + offs, ies_len - offs);
535 } else {
536 offs = 0;
537 }
538
539 /* place extended capabilities IE (with only driver capabilities) */
540 buf[offs] = WLAN_EID_EXT_CAPABILITY;
541 buf[offs + 1] = rdev->wiphy.extended_capabilities_len;
542 memcpy(buf + offs + 2,
543 rdev->wiphy.extended_capabilities,
544 rdev->wiphy.extended_capabilities_len);
545
546 *out_ies = buf;
547 *out_ies_len = ies_len + rdev->wiphy.extended_capabilities_len + 2;
548
549 return 0;
550}
551
552static int cfg80211_sme_connect(struct wireless_dev *wdev,
553 struct cfg80211_connect_params *connect,
554 const u8 *prev_bssid)
555{
556 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy: wdev->wiphy);
557 struct cfg80211_bss *bss;
558 int err;
559
560 if (!rdev->ops->auth || !rdev->ops->assoc)
561 return -EOPNOTSUPP;
562
563 cfg80211_wdev_release_bsses(wdev);
564
565 if (wdev->connected) {
566 cfg80211_sme_free(wdev);
567 wdev->connected = false;
568 }
569
570 if (wdev->conn)
571 return -EINPROGRESS;
572
573 wdev->conn = kzalloc(size: sizeof(*wdev->conn), GFP_KERNEL);
574 if (!wdev->conn)
575 return -ENOMEM;
576
577 /*
578 * Copy all parameters, and treat explicitly IEs, BSSID, SSID.
579 */
580 memcpy(&wdev->conn->params, connect, sizeof(*connect));
581 if (connect->bssid) {
582 wdev->conn->params.bssid = wdev->conn->bssid;
583 memcpy(wdev->conn->bssid, connect->bssid, ETH_ALEN);
584 }
585
586 if (cfg80211_sme_get_conn_ies(wdev, ies: connect->ie, ies_len: connect->ie_len,
587 out_ies: &wdev->conn->ie,
588 out_ies_len: &wdev->conn->params.ie_len)) {
589 kfree(objp: wdev->conn);
590 wdev->conn = NULL;
591 return -ENOMEM;
592 }
593 wdev->conn->params.ie = wdev->conn->ie;
594
595 if (connect->auth_type == NL80211_AUTHTYPE_AUTOMATIC) {
596 wdev->conn->auto_auth = true;
597 /* start with open system ... should mostly work */
598 wdev->conn->params.auth_type =
599 NL80211_AUTHTYPE_OPEN_SYSTEM;
600 } else {
601 wdev->conn->auto_auth = false;
602 }
603
604 wdev->conn->params.ssid = wdev->u.client.ssid;
605 wdev->conn->params.ssid_len = wdev->u.client.ssid_len;
606
607 /* see if we have the bss already */
608 bss = cfg80211_get_bss(wiphy: wdev->wiphy, channel: wdev->conn->params.channel,
609 bssid: wdev->conn->params.bssid,
610 ssid: wdev->conn->params.ssid,
611 ssid_len: wdev->conn->params.ssid_len,
612 bss_type: wdev->conn_bss_type,
613 IEEE80211_PRIVACY(wdev->conn->params.privacy));
614
615 if (prev_bssid) {
616 memcpy(wdev->conn->prev_bssid, prev_bssid, ETH_ALEN);
617 wdev->conn->prev_bssid_valid = true;
618 }
619
620 /* we're good if we have a matching bss struct */
621 if (bss) {
622 enum nl80211_timeout_reason treason;
623
624 cfg80211_step_auth_next(conn: wdev->conn, bss);
625 err = cfg80211_conn_do_work(wdev, treason: &treason);
626 cfg80211_put_bss(wiphy: wdev->wiphy, bss);
627 } else {
628 /* otherwise we'll need to scan for the AP first */
629 err = cfg80211_conn_scan(wdev);
630
631 /*
632 * If we can't scan right now, then we need to scan again
633 * after the current scan finished, since the parameters
634 * changed (unless we find a good AP anyway).
635 */
636 if (err == -EBUSY) {
637 err = 0;
638 wdev->conn->state = CFG80211_CONN_SCAN_AGAIN;
639 }
640 }
641
642 if (err)
643 cfg80211_sme_free(wdev);
644
645 return err;
646}
647
648static int cfg80211_sme_disconnect(struct wireless_dev *wdev, u16 reason)
649{
650 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy: wdev->wiphy);
651 int err;
652
653 if (!wdev->conn)
654 return 0;
655
656 if (!rdev->ops->deauth)
657 return -EOPNOTSUPP;
658
659 if (wdev->conn->state == CFG80211_CONN_SCANNING ||
660 wdev->conn->state == CFG80211_CONN_SCAN_AGAIN) {
661 err = 0;
662 goto out;
663 }
664
665 /* wdev->conn->params.bssid must be set if > SCANNING */
666 err = cfg80211_mlme_deauth(rdev, dev: wdev->netdev,
667 bssid: wdev->conn->params.bssid,
668 NULL, ie_len: 0, reason, local_state_change: false);
669 out:
670 cfg80211_sme_free(wdev);
671 return err;
672}
673
674/*
675 * code shared for in-device and software SME
676 */
677
678static bool cfg80211_is_all_idle(void)
679{
680 struct cfg80211_registered_device *rdev;
681 struct wireless_dev *wdev;
682 bool is_all_idle = true;
683
684 /*
685 * All devices must be idle as otherwise if you are actively
686 * scanning some new beacon hints could be learned and would
687 * count as new regulatory hints.
688 * Also if there is any other active beaconing interface we
689 * need not issue a disconnect hint and reset any info such
690 * as chan dfs state, etc.
691 */
692 for_each_rdev(rdev) {
693 wiphy_lock(wiphy: &rdev->wiphy);
694 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
695 if (wdev->conn || wdev->connected ||
696 cfg80211_beaconing_iface_active(wdev))
697 is_all_idle = false;
698 }
699 wiphy_unlock(wiphy: &rdev->wiphy);
700 }
701
702 return is_all_idle;
703}
704
705static void disconnect_work(struct work_struct *work)
706{
707 rtnl_lock();
708 if (cfg80211_is_all_idle())
709 regulatory_hint_disconnect();
710 rtnl_unlock();
711}
712
713DECLARE_WORK(cfg80211_disconnect_work, disconnect_work);
714
715static void
716cfg80211_connect_result_release_bsses(struct wireless_dev *wdev,
717 struct cfg80211_connect_resp_params *cr)
718{
719 unsigned int link;
720
721 for_each_valid_link(cr, link) {
722 if (!cr->links[link].bss)
723 continue;
724 cfg80211_unhold_bss(bss: bss_from_pub(pub: cr->links[link].bss));
725 cfg80211_put_bss(wiphy: wdev->wiphy, bss: cr->links[link].bss);
726 }
727}
728
729/*
730 * API calls for drivers implementing connect/disconnect and
731 * SME event handling
732 */
733
734/* This method must consume bss one way or another */
735void __cfg80211_connect_result(struct net_device *dev,
736 struct cfg80211_connect_resp_params *cr,
737 bool wextev)
738{
739 struct wireless_dev *wdev = dev->ieee80211_ptr;
740 const struct element *country_elem = NULL;
741 const struct element *ssid;
742 const u8 *country_data;
743 u8 country_datalen;
744#ifdef CONFIG_CFG80211_WEXT
745 union iwreq_data wrqu;
746#endif
747 unsigned int link;
748 const u8 *connected_addr;
749 bool bss_not_found = false;
750
751 lockdep_assert_wiphy(wdev->wiphy);
752
753 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_STATION &&
754 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT))
755 goto out;
756
757 if (cr->valid_links) {
758 if (WARN_ON(!cr->ap_mld_addr))
759 goto out;
760
761 for_each_valid_link(cr, link) {
762 if (WARN_ON(!cr->links[link].addr))
763 goto out;
764 }
765
766 if (WARN_ON(wdev->connect_keys))
767 goto out;
768 }
769
770 wdev->unprot_beacon_reported = 0;
771 nl80211_send_connect_result(rdev: wiphy_to_rdev(wiphy: wdev->wiphy), netdev: dev, params: cr,
772 GFP_KERNEL);
773 connected_addr = cr->valid_links ? cr->ap_mld_addr : cr->links[0].bssid;
774
775#ifdef CONFIG_CFG80211_WEXT
776 if (wextev && !cr->valid_links) {
777 if (cr->req_ie && cr->status == WLAN_STATUS_SUCCESS) {
778 memset(&wrqu, 0, sizeof(wrqu));
779 wrqu.data.length = cr->req_ie_len;
780 wireless_send_event(dev, IWEVASSOCREQIE, wrqu: &wrqu,
781 extra: cr->req_ie);
782 }
783
784 if (cr->resp_ie && cr->status == WLAN_STATUS_SUCCESS) {
785 memset(&wrqu, 0, sizeof(wrqu));
786 wrqu.data.length = cr->resp_ie_len;
787 wireless_send_event(dev, IWEVASSOCRESPIE, wrqu: &wrqu,
788 extra: cr->resp_ie);
789 }
790
791 memset(&wrqu, 0, sizeof(wrqu));
792 wrqu.ap_addr.sa_family = ARPHRD_ETHER;
793 if (connected_addr && cr->status == WLAN_STATUS_SUCCESS) {
794 memcpy(wrqu.ap_addr.sa_data, connected_addr, ETH_ALEN);
795 memcpy(wdev->wext.prev_bssid, connected_addr, ETH_ALEN);
796 wdev->wext.prev_bssid_valid = true;
797 }
798 wireless_send_event(dev, SIOCGIWAP, wrqu: &wrqu, NULL);
799 }
800#endif
801
802 if (cr->status == WLAN_STATUS_SUCCESS) {
803 if (!wiphy_to_rdev(wiphy: wdev->wiphy)->ops->connect) {
804 for_each_valid_link(cr, link) {
805 if (WARN_ON_ONCE(!cr->links[link].bss))
806 break;
807 }
808 }
809
810 for_each_valid_link(cr, link) {
811 /* don't do extra lookups for failures */
812 if (cr->links[link].status != WLAN_STATUS_SUCCESS)
813 continue;
814
815 if (cr->links[link].bss)
816 continue;
817
818 cr->links[link].bss =
819 cfg80211_get_bss(wiphy: wdev->wiphy, NULL,
820 bssid: cr->links[link].bssid,
821 ssid: wdev->u.client.ssid,
822 ssid_len: wdev->u.client.ssid_len,
823 bss_type: wdev->conn_bss_type,
824 privacy: IEEE80211_PRIVACY_ANY);
825 if (!cr->links[link].bss) {
826 bss_not_found = true;
827 break;
828 }
829 cfg80211_hold_bss(bss: bss_from_pub(pub: cr->links[link].bss));
830 }
831 }
832
833 cfg80211_wdev_release_bsses(wdev);
834
835 if (cr->status != WLAN_STATUS_SUCCESS) {
836 kfree_sensitive(objp: wdev->connect_keys);
837 wdev->connect_keys = NULL;
838 wdev->u.client.ssid_len = 0;
839 wdev->conn_owner_nlportid = 0;
840 cfg80211_connect_result_release_bsses(wdev, cr);
841 cfg80211_sme_free(wdev);
842 return;
843 }
844
845 if (WARN_ON(bss_not_found)) {
846 cfg80211_connect_result_release_bsses(wdev, cr);
847 return;
848 }
849
850 memset(wdev->links, 0, sizeof(wdev->links));
851 for_each_valid_link(cr, link) {
852 if (cr->links[link].status == WLAN_STATUS_SUCCESS)
853 continue;
854 cr->valid_links &= ~BIT(link);
855 /* don't require bss pointer for failed links */
856 if (!cr->links[link].bss)
857 continue;
858 cfg80211_unhold_bss(bss: bss_from_pub(pub: cr->links[link].bss));
859 cfg80211_put_bss(wiphy: wdev->wiphy, bss: cr->links[link].bss);
860 }
861 wdev->valid_links = cr->valid_links;
862 for_each_valid_link(cr, link)
863 wdev->links[link].client.current_bss =
864 bss_from_pub(pub: cr->links[link].bss);
865 wdev->connected = true;
866 ether_addr_copy(dst: wdev->u.client.connected_addr, src: connected_addr);
867 if (cr->valid_links) {
868 for_each_valid_link(cr, link)
869 memcpy(wdev->links[link].addr, cr->links[link].addr,
870 ETH_ALEN);
871 }
872
873 cfg80211_upload_connect_keys(wdev);
874
875 rcu_read_lock();
876 for_each_valid_link(cr, link) {
877 country_elem =
878 ieee80211_bss_get_elem(bss: cr->links[link].bss,
879 id: WLAN_EID_COUNTRY);
880 if (country_elem)
881 break;
882 }
883 if (!country_elem) {
884 rcu_read_unlock();
885 return;
886 }
887
888 country_datalen = country_elem->datalen;
889 country_data = kmemdup(p: country_elem->data, size: country_datalen, GFP_ATOMIC);
890 rcu_read_unlock();
891
892 if (!country_data)
893 return;
894
895 regulatory_hint_country_ie(wiphy: wdev->wiphy,
896 band: cr->links[link].bss->channel->band,
897 country_ie: country_data, country_ie_len: country_datalen);
898 kfree(objp: country_data);
899
900 if (!wdev->u.client.ssid_len) {
901 rcu_read_lock();
902 for_each_valid_link(cr, link) {
903 ssid = ieee80211_bss_get_elem(bss: cr->links[link].bss,
904 id: WLAN_EID_SSID);
905
906 if (!ssid || !ssid->datalen)
907 continue;
908
909 memcpy(wdev->u.client.ssid, ssid->data, ssid->datalen);
910 wdev->u.client.ssid_len = ssid->datalen;
911 break;
912 }
913 rcu_read_unlock();
914 }
915
916 return;
917out:
918 for_each_valid_link(cr, link)
919 cfg80211_put_bss(wiphy: wdev->wiphy, bss: cr->links[link].bss);
920}
921
922static void cfg80211_update_link_bss(struct wireless_dev *wdev,
923 struct cfg80211_bss **bss)
924{
925 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy: wdev->wiphy);
926 struct cfg80211_internal_bss *ibss;
927
928 if (!*bss)
929 return;
930
931 ibss = bss_from_pub(pub: *bss);
932 if (list_empty(head: &ibss->list)) {
933 struct cfg80211_bss *found = NULL, *tmp = *bss;
934
935 found = cfg80211_get_bss(wiphy: wdev->wiphy, NULL,
936 bssid: (*bss)->bssid,
937 ssid: wdev->u.client.ssid,
938 ssid_len: wdev->u.client.ssid_len,
939 bss_type: wdev->conn_bss_type,
940 privacy: IEEE80211_PRIVACY_ANY);
941 if (found) {
942 /* The same BSS is already updated so use it
943 * instead, as it has latest info.
944 */
945 *bss = found;
946 } else {
947 /* Update with BSS provided by driver, it will
948 * be freshly added and ref cnted, we can free
949 * the old one.
950 *
951 * signal_valid can be false, as we are not
952 * expecting the BSS to be found.
953 *
954 * keep the old timestamp to avoid confusion
955 */
956 cfg80211_bss_update(rdev, tmp: ibss, signal_valid: false,
957 ts: ibss->ts);
958 }
959
960 cfg80211_put_bss(wiphy: wdev->wiphy, bss: tmp);
961 }
962}
963
964/* Consumes bss object(s) one way or another */
965void cfg80211_connect_done(struct net_device *dev,
966 struct cfg80211_connect_resp_params *params,
967 gfp_t gfp)
968{
969 struct wireless_dev *wdev = dev->ieee80211_ptr;
970 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy: wdev->wiphy);
971 struct cfg80211_event *ev;
972 unsigned long flags;
973 u8 *next;
974 size_t link_info_size = 0;
975 unsigned int link;
976
977 for_each_valid_link(params, link) {
978 cfg80211_update_link_bss(wdev, bss: &params->links[link].bss);
979 link_info_size += params->links[link].bssid ? ETH_ALEN : 0;
980 link_info_size += params->links[link].addr ? ETH_ALEN : 0;
981 }
982
983 ev = kzalloc(size: sizeof(*ev) + (params->ap_mld_addr ? ETH_ALEN : 0) +
984 params->req_ie_len + params->resp_ie_len +
985 params->fils.kek_len + params->fils.pmk_len +
986 (params->fils.pmkid ? WLAN_PMKID_LEN : 0) + link_info_size,
987 flags: gfp);
988
989 if (!ev) {
990 for_each_valid_link(params, link)
991 cfg80211_put_bss(wiphy: wdev->wiphy,
992 bss: params->links[link].bss);
993 return;
994 }
995
996 ev->type = EVENT_CONNECT_RESULT;
997 next = ((u8 *)ev) + sizeof(*ev);
998 if (params->ap_mld_addr) {
999 ev->cr.ap_mld_addr = next;
1000 memcpy((void *)ev->cr.ap_mld_addr, params->ap_mld_addr,
1001 ETH_ALEN);
1002 next += ETH_ALEN;
1003 }
1004 if (params->req_ie_len) {
1005 ev->cr.req_ie = next;
1006 ev->cr.req_ie_len = params->req_ie_len;
1007 memcpy((void *)ev->cr.req_ie, params->req_ie,
1008 params->req_ie_len);
1009 next += params->req_ie_len;
1010 }
1011 if (params->resp_ie_len) {
1012 ev->cr.resp_ie = next;
1013 ev->cr.resp_ie_len = params->resp_ie_len;
1014 memcpy((void *)ev->cr.resp_ie, params->resp_ie,
1015 params->resp_ie_len);
1016 next += params->resp_ie_len;
1017 }
1018 if (params->fils.kek_len) {
1019 ev->cr.fils.kek = next;
1020 ev->cr.fils.kek_len = params->fils.kek_len;
1021 memcpy((void *)ev->cr.fils.kek, params->fils.kek,
1022 params->fils.kek_len);
1023 next += params->fils.kek_len;
1024 }
1025 if (params->fils.pmk_len) {
1026 ev->cr.fils.pmk = next;
1027 ev->cr.fils.pmk_len = params->fils.pmk_len;
1028 memcpy((void *)ev->cr.fils.pmk, params->fils.pmk,
1029 params->fils.pmk_len);
1030 next += params->fils.pmk_len;
1031 }
1032 if (params->fils.pmkid) {
1033 ev->cr.fils.pmkid = next;
1034 memcpy((void *)ev->cr.fils.pmkid, params->fils.pmkid,
1035 WLAN_PMKID_LEN);
1036 next += WLAN_PMKID_LEN;
1037 }
1038 ev->cr.fils.update_erp_next_seq_num = params->fils.update_erp_next_seq_num;
1039 if (params->fils.update_erp_next_seq_num)
1040 ev->cr.fils.erp_next_seq_num = params->fils.erp_next_seq_num;
1041 ev->cr.valid_links = params->valid_links;
1042 for_each_valid_link(params, link) {
1043 if (params->links[link].bss)
1044 cfg80211_hold_bss(
1045 bss: bss_from_pub(pub: params->links[link].bss));
1046 ev->cr.links[link].bss = params->links[link].bss;
1047
1048 if (params->links[link].addr) {
1049 ev->cr.links[link].addr = next;
1050 memcpy((void *)ev->cr.links[link].addr,
1051 params->links[link].addr,
1052 ETH_ALEN);
1053 next += ETH_ALEN;
1054 }
1055 if (params->links[link].bssid) {
1056 ev->cr.links[link].bssid = next;
1057 memcpy((void *)ev->cr.links[link].bssid,
1058 params->links[link].bssid,
1059 ETH_ALEN);
1060 next += ETH_ALEN;
1061 }
1062 }
1063 ev->cr.status = params->status;
1064 ev->cr.timeout_reason = params->timeout_reason;
1065
1066 spin_lock_irqsave(&wdev->event_lock, flags);
1067 list_add_tail(new: &ev->list, head: &wdev->event_list);
1068 spin_unlock_irqrestore(lock: &wdev->event_lock, flags);
1069 queue_work(wq: cfg80211_wq, work: &rdev->event_work);
1070}
1071EXPORT_SYMBOL(cfg80211_connect_done);
1072
1073/* Consumes bss object one way or another */
1074void __cfg80211_roamed(struct wireless_dev *wdev,
1075 struct cfg80211_roam_info *info)
1076{
1077#ifdef CONFIG_CFG80211_WEXT
1078 union iwreq_data wrqu;
1079#endif
1080 unsigned int link;
1081 const u8 *connected_addr;
1082
1083 lockdep_assert_wiphy(wdev->wiphy);
1084
1085 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_STATION &&
1086 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT))
1087 goto out;
1088
1089 if (WARN_ON(!wdev->connected))
1090 goto out;
1091
1092 if (info->valid_links) {
1093 if (WARN_ON(!info->ap_mld_addr))
1094 goto out;
1095
1096 for_each_valid_link(info, link) {
1097 if (WARN_ON(!info->links[link].addr))
1098 goto out;
1099 }
1100 }
1101
1102 cfg80211_wdev_release_bsses(wdev);
1103
1104 for_each_valid_link(info, link) {
1105 if (WARN_ON(!info->links[link].bss))
1106 goto out;
1107 }
1108
1109 memset(wdev->links, 0, sizeof(wdev->links));
1110 wdev->valid_links = info->valid_links;
1111 for_each_valid_link(info, link) {
1112 cfg80211_hold_bss(bss: bss_from_pub(pub: info->links[link].bss));
1113 wdev->links[link].client.current_bss =
1114 bss_from_pub(pub: info->links[link].bss);
1115 }
1116
1117 connected_addr = info->valid_links ?
1118 info->ap_mld_addr :
1119 info->links[0].bss->bssid;
1120 ether_addr_copy(dst: wdev->u.client.connected_addr, src: connected_addr);
1121 if (info->valid_links) {
1122 for_each_valid_link(info, link)
1123 memcpy(wdev->links[link].addr, info->links[link].addr,
1124 ETH_ALEN);
1125 }
1126 wdev->unprot_beacon_reported = 0;
1127 nl80211_send_roamed(rdev: wiphy_to_rdev(wiphy: wdev->wiphy),
1128 netdev: wdev->netdev, info, GFP_KERNEL);
1129
1130#ifdef CONFIG_CFG80211_WEXT
1131 if (!info->valid_links) {
1132 if (info->req_ie) {
1133 memset(&wrqu, 0, sizeof(wrqu));
1134 wrqu.data.length = info->req_ie_len;
1135 wireless_send_event(dev: wdev->netdev, IWEVASSOCREQIE,
1136 wrqu: &wrqu, extra: info->req_ie);
1137 }
1138
1139 if (info->resp_ie) {
1140 memset(&wrqu, 0, sizeof(wrqu));
1141 wrqu.data.length = info->resp_ie_len;
1142 wireless_send_event(dev: wdev->netdev, IWEVASSOCRESPIE,
1143 wrqu: &wrqu, extra: info->resp_ie);
1144 }
1145
1146 memset(&wrqu, 0, sizeof(wrqu));
1147 wrqu.ap_addr.sa_family = ARPHRD_ETHER;
1148 memcpy(wrqu.ap_addr.sa_data, connected_addr, ETH_ALEN);
1149 memcpy(wdev->wext.prev_bssid, connected_addr, ETH_ALEN);
1150 wdev->wext.prev_bssid_valid = true;
1151 wireless_send_event(dev: wdev->netdev, SIOCGIWAP, wrqu: &wrqu, NULL);
1152 }
1153#endif
1154
1155 return;
1156out:
1157 for_each_valid_link(info, link)
1158 cfg80211_put_bss(wiphy: wdev->wiphy, bss: info->links[link].bss);
1159}
1160
1161/* Consumes info->links.bss object(s) one way or another */
1162void cfg80211_roamed(struct net_device *dev, struct cfg80211_roam_info *info,
1163 gfp_t gfp)
1164{
1165 struct wireless_dev *wdev = dev->ieee80211_ptr;
1166 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy: wdev->wiphy);
1167 struct cfg80211_event *ev;
1168 unsigned long flags;
1169 u8 *next;
1170 unsigned int link;
1171 size_t link_info_size = 0;
1172 bool bss_not_found = false;
1173
1174 for_each_valid_link(info, link) {
1175 link_info_size += info->links[link].addr ? ETH_ALEN : 0;
1176 link_info_size += info->links[link].bssid ? ETH_ALEN : 0;
1177
1178 if (info->links[link].bss)
1179 continue;
1180
1181 info->links[link].bss =
1182 cfg80211_get_bss(wiphy: wdev->wiphy,
1183 channel: info->links[link].channel,
1184 bssid: info->links[link].bssid,
1185 ssid: wdev->u.client.ssid,
1186 ssid_len: wdev->u.client.ssid_len,
1187 bss_type: wdev->conn_bss_type,
1188 privacy: IEEE80211_PRIVACY_ANY);
1189
1190 if (!info->links[link].bss) {
1191 bss_not_found = true;
1192 break;
1193 }
1194 }
1195
1196 if (WARN_ON(bss_not_found))
1197 goto out;
1198
1199 ev = kzalloc(size: sizeof(*ev) + info->req_ie_len + info->resp_ie_len +
1200 info->fils.kek_len + info->fils.pmk_len +
1201 (info->fils.pmkid ? WLAN_PMKID_LEN : 0) +
1202 (info->ap_mld_addr ? ETH_ALEN : 0) + link_info_size, flags: gfp);
1203 if (!ev)
1204 goto out;
1205
1206 ev->type = EVENT_ROAMED;
1207 next = ((u8 *)ev) + sizeof(*ev);
1208 if (info->req_ie_len) {
1209 ev->rm.req_ie = next;
1210 ev->rm.req_ie_len = info->req_ie_len;
1211 memcpy((void *)ev->rm.req_ie, info->req_ie, info->req_ie_len);
1212 next += info->req_ie_len;
1213 }
1214 if (info->resp_ie_len) {
1215 ev->rm.resp_ie = next;
1216 ev->rm.resp_ie_len = info->resp_ie_len;
1217 memcpy((void *)ev->rm.resp_ie, info->resp_ie,
1218 info->resp_ie_len);
1219 next += info->resp_ie_len;
1220 }
1221 if (info->fils.kek_len) {
1222 ev->rm.fils.kek = next;
1223 ev->rm.fils.kek_len = info->fils.kek_len;
1224 memcpy((void *)ev->rm.fils.kek, info->fils.kek,
1225 info->fils.kek_len);
1226 next += info->fils.kek_len;
1227 }
1228 if (info->fils.pmk_len) {
1229 ev->rm.fils.pmk = next;
1230 ev->rm.fils.pmk_len = info->fils.pmk_len;
1231 memcpy((void *)ev->rm.fils.pmk, info->fils.pmk,
1232 info->fils.pmk_len);
1233 next += info->fils.pmk_len;
1234 }
1235 if (info->fils.pmkid) {
1236 ev->rm.fils.pmkid = next;
1237 memcpy((void *)ev->rm.fils.pmkid, info->fils.pmkid,
1238 WLAN_PMKID_LEN);
1239 next += WLAN_PMKID_LEN;
1240 }
1241 ev->rm.fils.update_erp_next_seq_num = info->fils.update_erp_next_seq_num;
1242 if (info->fils.update_erp_next_seq_num)
1243 ev->rm.fils.erp_next_seq_num = info->fils.erp_next_seq_num;
1244 if (info->ap_mld_addr) {
1245 ev->rm.ap_mld_addr = next;
1246 memcpy((void *)ev->rm.ap_mld_addr, info->ap_mld_addr,
1247 ETH_ALEN);
1248 next += ETH_ALEN;
1249 }
1250 ev->rm.valid_links = info->valid_links;
1251 for_each_valid_link(info, link) {
1252 ev->rm.links[link].bss = info->links[link].bss;
1253
1254 if (info->links[link].addr) {
1255 ev->rm.links[link].addr = next;
1256 memcpy((void *)ev->rm.links[link].addr,
1257 info->links[link].addr,
1258 ETH_ALEN);
1259 next += ETH_ALEN;
1260 }
1261
1262 if (info->links[link].bssid) {
1263 ev->rm.links[link].bssid = next;
1264 memcpy((void *)ev->rm.links[link].bssid,
1265 info->links[link].bssid,
1266 ETH_ALEN);
1267 next += ETH_ALEN;
1268 }
1269 }
1270
1271 spin_lock_irqsave(&wdev->event_lock, flags);
1272 list_add_tail(new: &ev->list, head: &wdev->event_list);
1273 spin_unlock_irqrestore(lock: &wdev->event_lock, flags);
1274 queue_work(wq: cfg80211_wq, work: &rdev->event_work);
1275
1276 return;
1277out:
1278 for_each_valid_link(info, link)
1279 cfg80211_put_bss(wiphy: wdev->wiphy, bss: info->links[link].bss);
1280
1281}
1282EXPORT_SYMBOL(cfg80211_roamed);
1283
1284void __cfg80211_port_authorized(struct wireless_dev *wdev, const u8 *peer_addr,
1285 const u8 *td_bitmap, u8 td_bitmap_len)
1286{
1287 lockdep_assert_wiphy(wdev->wiphy);
1288
1289 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_STATION &&
1290 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT &&
1291 wdev->iftype != NL80211_IFTYPE_AP &&
1292 wdev->iftype != NL80211_IFTYPE_P2P_GO))
1293 return;
1294
1295 if (wdev->iftype == NL80211_IFTYPE_STATION ||
1296 wdev->iftype == NL80211_IFTYPE_P2P_CLIENT) {
1297 if (WARN_ON(!wdev->connected) ||
1298 WARN_ON(!ether_addr_equal(wdev->u.client.connected_addr, peer_addr)))
1299 return;
1300 }
1301
1302 nl80211_send_port_authorized(rdev: wiphy_to_rdev(wiphy: wdev->wiphy), netdev: wdev->netdev,
1303 peer_addr, td_bitmap, td_bitmap_len);
1304}
1305
1306void cfg80211_port_authorized(struct net_device *dev, const u8 *peer_addr,
1307 const u8 *td_bitmap, u8 td_bitmap_len, gfp_t gfp)
1308{
1309 struct wireless_dev *wdev = dev->ieee80211_ptr;
1310 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy: wdev->wiphy);
1311 struct cfg80211_event *ev;
1312 unsigned long flags;
1313
1314 if (WARN_ON(!peer_addr))
1315 return;
1316
1317 ev = kzalloc(size: sizeof(*ev) + td_bitmap_len, flags: gfp);
1318 if (!ev)
1319 return;
1320
1321 ev->type = EVENT_PORT_AUTHORIZED;
1322 memcpy(ev->pa.peer_addr, peer_addr, ETH_ALEN);
1323 ev->pa.td_bitmap = ((u8 *)ev) + sizeof(*ev);
1324 ev->pa.td_bitmap_len = td_bitmap_len;
1325 memcpy((void *)ev->pa.td_bitmap, td_bitmap, td_bitmap_len);
1326
1327 /*
1328 * Use the wdev event list so that if there are pending
1329 * connected/roamed events, they will be reported first.
1330 */
1331 spin_lock_irqsave(&wdev->event_lock, flags);
1332 list_add_tail(new: &ev->list, head: &wdev->event_list);
1333 spin_unlock_irqrestore(lock: &wdev->event_lock, flags);
1334 queue_work(wq: cfg80211_wq, work: &rdev->event_work);
1335}
1336EXPORT_SYMBOL(cfg80211_port_authorized);
1337
1338void __cfg80211_disconnected(struct net_device *dev, const u8 *ie,
1339 size_t ie_len, u16 reason, bool from_ap)
1340{
1341 struct wireless_dev *wdev = dev->ieee80211_ptr;
1342 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy: wdev->wiphy);
1343 int i;
1344#ifdef CONFIG_CFG80211_WEXT
1345 union iwreq_data wrqu;
1346#endif
1347
1348 lockdep_assert_wiphy(wdev->wiphy);
1349
1350 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_STATION &&
1351 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT))
1352 return;
1353
1354 cfg80211_wdev_release_bsses(wdev);
1355 wdev->connected = false;
1356 wdev->u.client.ssid_len = 0;
1357 wdev->conn_owner_nlportid = 0;
1358 kfree_sensitive(objp: wdev->connect_keys);
1359 wdev->connect_keys = NULL;
1360
1361 nl80211_send_disconnected(rdev, netdev: dev, reason, ie, ie_len, from_ap);
1362
1363 /* stop critical protocol if supported */
1364 if (rdev->ops->crit_proto_stop && rdev->crit_proto_nlportid) {
1365 rdev->crit_proto_nlportid = 0;
1366 rdev_crit_proto_stop(rdev, wdev);
1367 }
1368
1369 /*
1370 * Delete all the keys ... pairwise keys can't really
1371 * exist any more anyway, but default keys might.
1372 */
1373 if (rdev->ops->del_key) {
1374 int max_key_idx = 5;
1375
1376 if (wiphy_ext_feature_isset(
1377 wiphy: wdev->wiphy,
1378 ftidx: NL80211_EXT_FEATURE_BEACON_PROTECTION) ||
1379 wiphy_ext_feature_isset(
1380 wiphy: wdev->wiphy,
1381 ftidx: NL80211_EXT_FEATURE_BEACON_PROTECTION_CLIENT))
1382 max_key_idx = 7;
1383 for (i = 0; i <= max_key_idx; i++)
1384 rdev_del_key(rdev, netdev: dev, link_id: -1, key_index: i, pairwise: false, NULL);
1385 }
1386
1387 rdev_set_qos_map(rdev, dev, NULL);
1388
1389#ifdef CONFIG_CFG80211_WEXT
1390 memset(&wrqu, 0, sizeof(wrqu));
1391 wrqu.ap_addr.sa_family = ARPHRD_ETHER;
1392 wireless_send_event(dev, SIOCGIWAP, wrqu: &wrqu, NULL);
1393 wdev->wext.connect.ssid_len = 0;
1394#endif
1395
1396 schedule_work(work: &cfg80211_disconnect_work);
1397}
1398
1399void cfg80211_disconnected(struct net_device *dev, u16 reason,
1400 const u8 *ie, size_t ie_len,
1401 bool locally_generated, gfp_t gfp)
1402{
1403 struct wireless_dev *wdev = dev->ieee80211_ptr;
1404 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy: wdev->wiphy);
1405 struct cfg80211_event *ev;
1406 unsigned long flags;
1407
1408 ev = kzalloc(size: sizeof(*ev) + ie_len, flags: gfp);
1409 if (!ev)
1410 return;
1411
1412 ev->type = EVENT_DISCONNECTED;
1413 ev->dc.ie = ((u8 *)ev) + sizeof(*ev);
1414 ev->dc.ie_len = ie_len;
1415 memcpy((void *)ev->dc.ie, ie, ie_len);
1416 ev->dc.reason = reason;
1417 ev->dc.locally_generated = locally_generated;
1418
1419 spin_lock_irqsave(&wdev->event_lock, flags);
1420 list_add_tail(new: &ev->list, head: &wdev->event_list);
1421 spin_unlock_irqrestore(lock: &wdev->event_lock, flags);
1422 queue_work(wq: cfg80211_wq, work: &rdev->event_work);
1423}
1424EXPORT_SYMBOL(cfg80211_disconnected);
1425
1426/*
1427 * API calls for nl80211/wext compatibility code
1428 */
1429int cfg80211_connect(struct cfg80211_registered_device *rdev,
1430 struct net_device *dev,
1431 struct cfg80211_connect_params *connect,
1432 struct cfg80211_cached_keys *connkeys,
1433 const u8 *prev_bssid)
1434{
1435 struct wireless_dev *wdev = dev->ieee80211_ptr;
1436 int err;
1437
1438 lockdep_assert_wiphy(wdev->wiphy);
1439
1440 /*
1441 * If we have an ssid_len, we're trying to connect or are
1442 * already connected, so reject a new SSID unless it's the
1443 * same (which is the case for re-association.)
1444 */
1445 if (wdev->u.client.ssid_len &&
1446 (wdev->u.client.ssid_len != connect->ssid_len ||
1447 memcmp(p: wdev->u.client.ssid, q: connect->ssid, size: wdev->u.client.ssid_len)))
1448 return -EALREADY;
1449
1450 /*
1451 * If connected, reject (re-)association unless prev_bssid
1452 * matches the current BSSID.
1453 */
1454 if (wdev->connected) {
1455 if (!prev_bssid)
1456 return -EALREADY;
1457 if (!ether_addr_equal(addr1: prev_bssid,
1458 addr2: wdev->u.client.connected_addr))
1459 return -ENOTCONN;
1460 }
1461
1462 /*
1463 * Reject if we're in the process of connecting with WEP,
1464 * this case isn't very interesting and trying to handle
1465 * it would make the code much more complex.
1466 */
1467 if (wdev->connect_keys)
1468 return -EINPROGRESS;
1469
1470 cfg80211_oper_and_ht_capa(ht_capa: &connect->ht_capa_mask,
1471 ht_capa_mask: rdev->wiphy.ht_capa_mod_mask);
1472 cfg80211_oper_and_vht_capa(vht_capa: &connect->vht_capa_mask,
1473 vht_capa_mask: rdev->wiphy.vht_capa_mod_mask);
1474
1475 if (connkeys && connkeys->def >= 0) {
1476 int idx;
1477 u32 cipher;
1478
1479 idx = connkeys->def;
1480 cipher = connkeys->params[idx].cipher;
1481 /* If given a WEP key we may need it for shared key auth */
1482 if (cipher == WLAN_CIPHER_SUITE_WEP40 ||
1483 cipher == WLAN_CIPHER_SUITE_WEP104) {
1484 connect->key_idx = idx;
1485 connect->key = connkeys->params[idx].key;
1486 connect->key_len = connkeys->params[idx].key_len;
1487
1488 /*
1489 * If ciphers are not set (e.g. when going through
1490 * iwconfig), we have to set them appropriately here.
1491 */
1492 if (connect->crypto.cipher_group == 0)
1493 connect->crypto.cipher_group = cipher;
1494
1495 if (connect->crypto.n_ciphers_pairwise == 0) {
1496 connect->crypto.n_ciphers_pairwise = 1;
1497 connect->crypto.ciphers_pairwise[0] = cipher;
1498 }
1499 }
1500 } else {
1501 if (WARN_ON(connkeys))
1502 return -EINVAL;
1503
1504 /* connect can point to wdev->wext.connect which
1505 * can hold key data from a previous connection
1506 */
1507 connect->key = NULL;
1508 connect->key_len = 0;
1509 connect->key_idx = 0;
1510 }
1511
1512 wdev->connect_keys = connkeys;
1513 memcpy(wdev->u.client.ssid, connect->ssid, connect->ssid_len);
1514 wdev->u.client.ssid_len = connect->ssid_len;
1515
1516 wdev->conn_bss_type = connect->pbss ? IEEE80211_BSS_TYPE_PBSS :
1517 IEEE80211_BSS_TYPE_ESS;
1518
1519 if (!rdev->ops->connect)
1520 err = cfg80211_sme_connect(wdev, connect, prev_bssid);
1521 else
1522 err = rdev_connect(rdev, dev, sme: connect);
1523
1524 if (err) {
1525 wdev->connect_keys = NULL;
1526 /*
1527 * This could be reassoc getting refused, don't clear
1528 * ssid_len in that case.
1529 */
1530 if (!wdev->connected)
1531 wdev->u.client.ssid_len = 0;
1532 return err;
1533 }
1534
1535 return 0;
1536}
1537
1538int cfg80211_disconnect(struct cfg80211_registered_device *rdev,
1539 struct net_device *dev, u16 reason, bool wextev)
1540{
1541 struct wireless_dev *wdev = dev->ieee80211_ptr;
1542 int err = 0;
1543
1544 lockdep_assert_wiphy(wdev->wiphy);
1545
1546 kfree_sensitive(objp: wdev->connect_keys);
1547 wdev->connect_keys = NULL;
1548
1549 wdev->conn_owner_nlportid = 0;
1550
1551 if (wdev->conn)
1552 err = cfg80211_sme_disconnect(wdev, reason);
1553 else if (!rdev->ops->disconnect)
1554 cfg80211_mlme_down(rdev, dev);
1555 else if (wdev->u.client.ssid_len)
1556 err = rdev_disconnect(rdev, dev, reason_code: reason);
1557
1558 /*
1559 * Clear ssid_len unless we actually were fully connected,
1560 * in which case cfg80211_disconnected() will take care of
1561 * this later.
1562 */
1563 if (!wdev->connected)
1564 wdev->u.client.ssid_len = 0;
1565
1566 return err;
1567}
1568
1569/*
1570 * Used to clean up after the connection / connection attempt owner socket
1571 * disconnects
1572 */
1573void cfg80211_autodisconnect_wk(struct work_struct *work)
1574{
1575 struct wireless_dev *wdev =
1576 container_of(work, struct wireless_dev, disconnect_wk);
1577 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy: wdev->wiphy);
1578
1579 wiphy_lock(wiphy: wdev->wiphy);
1580
1581 if (wdev->conn_owner_nlportid) {
1582 switch (wdev->iftype) {
1583 case NL80211_IFTYPE_ADHOC:
1584 cfg80211_leave_ibss(rdev, dev: wdev->netdev, nowext: false);
1585 break;
1586 case NL80211_IFTYPE_AP:
1587 case NL80211_IFTYPE_P2P_GO:
1588 cfg80211_stop_ap(rdev, dev: wdev->netdev, link: -1, notify: false);
1589 break;
1590 case NL80211_IFTYPE_MESH_POINT:
1591 cfg80211_leave_mesh(rdev, dev: wdev->netdev);
1592 break;
1593 case NL80211_IFTYPE_STATION:
1594 case NL80211_IFTYPE_P2P_CLIENT:
1595 /*
1596 * Use disconnect_bssid if still connecting and
1597 * ops->disconnect not implemented. Otherwise we can
1598 * use cfg80211_disconnect.
1599 */
1600 if (rdev->ops->disconnect || wdev->connected)
1601 cfg80211_disconnect(rdev, dev: wdev->netdev,
1602 reason: WLAN_REASON_DEAUTH_LEAVING,
1603 wextev: true);
1604 else
1605 cfg80211_mlme_deauth(rdev, dev: wdev->netdev,
1606 bssid: wdev->disconnect_bssid,
1607 NULL, ie_len: 0,
1608 reason: WLAN_REASON_DEAUTH_LEAVING,
1609 local_state_change: false);
1610 break;
1611 default:
1612 break;
1613 }
1614 }
1615
1616 wiphy_unlock(wiphy: wdev->wiphy);
1617}
1618

source code of linux/net/wireless/sme.c