1 | // SPDX-License-Identifier: GPL-2.0 |
2 | /* |
3 | * SME code for cfg80211 |
4 | * both driver SME event handling and the SME implementation |
5 | * (for nl80211's connect() and wext) |
6 | * |
7 | * Copyright 2009 Johannes Berg <johannes@sipsolutions.net> |
8 | * Copyright (C) 2009, 2020, 2022-2023 Intel Corporation. All rights reserved. |
9 | * Copyright 2017 Intel Deutschland GmbH |
10 | */ |
11 | |
12 | #include <linux/etherdevice.h> |
13 | #include <linux/if_arp.h> |
14 | #include <linux/slab.h> |
15 | #include <linux/workqueue.h> |
16 | #include <linux/wireless.h> |
17 | #include <linux/export.h> |
18 | #include <net/iw_handler.h> |
19 | #include <net/cfg80211.h> |
20 | #include <net/rtnetlink.h> |
21 | #include "nl80211.h" |
22 | #include "reg.h" |
23 | #include "rdev-ops.h" |
24 | |
25 | /* |
26 | * Software SME in cfg80211, using auth/assoc/deauth calls to the |
27 | * driver. This is for implementing nl80211's connect/disconnect |
28 | * and wireless extensions (if configured.) |
29 | */ |
30 | |
31 | struct cfg80211_conn { |
32 | struct cfg80211_connect_params params; |
33 | /* these are sub-states of the _CONNECTING sme_state */ |
34 | enum { |
35 | CFG80211_CONN_SCANNING, |
36 | CFG80211_CONN_SCAN_AGAIN, |
37 | CFG80211_CONN_AUTHENTICATE_NEXT, |
38 | CFG80211_CONN_AUTHENTICATING, |
39 | CFG80211_CONN_AUTH_FAILED_TIMEOUT, |
40 | CFG80211_CONN_ASSOCIATE_NEXT, |
41 | CFG80211_CONN_ASSOCIATING, |
42 | CFG80211_CONN_ASSOC_FAILED, |
43 | CFG80211_CONN_ASSOC_FAILED_TIMEOUT, |
44 | CFG80211_CONN_DEAUTH, |
45 | CFG80211_CONN_ABANDON, |
46 | CFG80211_CONN_CONNECTED, |
47 | } state; |
48 | u8 bssid[ETH_ALEN], prev_bssid[ETH_ALEN]; |
49 | const u8 *ie; |
50 | size_t ie_len; |
51 | bool auto_auth, prev_bssid_valid; |
52 | }; |
53 | |
54 | static void cfg80211_sme_free(struct wireless_dev *wdev) |
55 | { |
56 | if (!wdev->conn) |
57 | return; |
58 | |
59 | kfree(objp: wdev->conn->ie); |
60 | kfree(objp: wdev->conn); |
61 | wdev->conn = NULL; |
62 | } |
63 | |
64 | static int cfg80211_conn_scan(struct wireless_dev *wdev) |
65 | { |
66 | struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy: wdev->wiphy); |
67 | struct cfg80211_scan_request *request; |
68 | int n_channels, err; |
69 | |
70 | lockdep_assert_wiphy(wdev->wiphy); |
71 | |
72 | if (rdev->scan_req || rdev->scan_msg) |
73 | return -EBUSY; |
74 | |
75 | if (wdev->conn->params.channel) |
76 | n_channels = 1; |
77 | else |
78 | n_channels = ieee80211_get_num_supported_channels(wiphy: wdev->wiphy); |
79 | |
80 | request = kzalloc(size: sizeof(*request) + sizeof(request->ssids[0]) + |
81 | sizeof(request->channels[0]) * n_channels, |
82 | GFP_KERNEL); |
83 | if (!request) |
84 | return -ENOMEM; |
85 | |
86 | if (wdev->conn->params.channel) { |
87 | enum nl80211_band band = wdev->conn->params.channel->band; |
88 | struct ieee80211_supported_band *sband = |
89 | wdev->wiphy->bands[band]; |
90 | |
91 | if (!sband) { |
92 | kfree(objp: request); |
93 | return -EINVAL; |
94 | } |
95 | request->channels[0] = wdev->conn->params.channel; |
96 | request->rates[band] = (1 << sband->n_bitrates) - 1; |
97 | } else { |
98 | int i = 0, j; |
99 | enum nl80211_band band; |
100 | struct ieee80211_supported_band *bands; |
101 | struct ieee80211_channel *channel; |
102 | |
103 | for (band = 0; band < NUM_NL80211_BANDS; band++) { |
104 | bands = wdev->wiphy->bands[band]; |
105 | if (!bands) |
106 | continue; |
107 | for (j = 0; j < bands->n_channels; j++) { |
108 | channel = &bands->channels[j]; |
109 | if (channel->flags & IEEE80211_CHAN_DISABLED) |
110 | continue; |
111 | request->channels[i++] = channel; |
112 | } |
113 | request->rates[band] = (1 << bands->n_bitrates) - 1; |
114 | } |
115 | n_channels = i; |
116 | } |
117 | request->n_channels = n_channels; |
118 | request->ssids = (void *)&request->channels[n_channels]; |
119 | request->n_ssids = 1; |
120 | |
121 | memcpy(request->ssids[0].ssid, wdev->conn->params.ssid, |
122 | wdev->conn->params.ssid_len); |
123 | request->ssids[0].ssid_len = wdev->conn->params.ssid_len; |
124 | |
125 | eth_broadcast_addr(addr: request->bssid); |
126 | |
127 | request->wdev = wdev; |
128 | request->wiphy = &rdev->wiphy; |
129 | request->scan_start = jiffies; |
130 | |
131 | rdev->scan_req = request; |
132 | |
133 | err = rdev_scan(rdev, request); |
134 | if (!err) { |
135 | wdev->conn->state = CFG80211_CONN_SCANNING; |
136 | nl80211_send_scan_start(rdev, wdev); |
137 | dev_hold(dev: wdev->netdev); |
138 | } else { |
139 | rdev->scan_req = NULL; |
140 | kfree(objp: request); |
141 | } |
142 | return err; |
143 | } |
144 | |
145 | static int cfg80211_conn_do_work(struct wireless_dev *wdev, |
146 | enum nl80211_timeout_reason *treason) |
147 | { |
148 | struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy: wdev->wiphy); |
149 | struct cfg80211_connect_params *params; |
150 | struct cfg80211_auth_request auth_req = {}; |
151 | struct cfg80211_assoc_request req = {}; |
152 | int err; |
153 | |
154 | lockdep_assert_wiphy(wdev->wiphy); |
155 | |
156 | if (!wdev->conn) |
157 | return 0; |
158 | |
159 | params = &wdev->conn->params; |
160 | |
161 | switch (wdev->conn->state) { |
162 | case CFG80211_CONN_SCANNING: |
163 | /* didn't find it during scan ... */ |
164 | return -ENOENT; |
165 | case CFG80211_CONN_SCAN_AGAIN: |
166 | return cfg80211_conn_scan(wdev); |
167 | case CFG80211_CONN_AUTHENTICATE_NEXT: |
168 | if (WARN_ON(!rdev->ops->auth)) |
169 | return -EOPNOTSUPP; |
170 | wdev->conn->state = CFG80211_CONN_AUTHENTICATING; |
171 | auth_req.key = params->key; |
172 | auth_req.key_len = params->key_len; |
173 | auth_req.key_idx = params->key_idx; |
174 | auth_req.auth_type = params->auth_type; |
175 | auth_req.bss = cfg80211_get_bss(wiphy: &rdev->wiphy, channel: params->channel, |
176 | bssid: params->bssid, |
177 | ssid: params->ssid, ssid_len: params->ssid_len, |
178 | bss_type: IEEE80211_BSS_TYPE_ESS, |
179 | privacy: IEEE80211_PRIVACY_ANY); |
180 | auth_req.link_id = -1; |
181 | err = cfg80211_mlme_auth(rdev, dev: wdev->netdev, req: &auth_req); |
182 | cfg80211_put_bss(wiphy: &rdev->wiphy, bss: auth_req.bss); |
183 | return err; |
184 | case CFG80211_CONN_AUTH_FAILED_TIMEOUT: |
185 | *treason = NL80211_TIMEOUT_AUTH; |
186 | return -ENOTCONN; |
187 | case CFG80211_CONN_ASSOCIATE_NEXT: |
188 | if (WARN_ON(!rdev->ops->assoc)) |
189 | return -EOPNOTSUPP; |
190 | wdev->conn->state = CFG80211_CONN_ASSOCIATING; |
191 | if (wdev->conn->prev_bssid_valid) |
192 | req.prev_bssid = wdev->conn->prev_bssid; |
193 | req.ie = params->ie; |
194 | req.ie_len = params->ie_len; |
195 | req.use_mfp = params->mfp != NL80211_MFP_NO; |
196 | req.crypto = params->crypto; |
197 | req.flags = params->flags; |
198 | req.ht_capa = params->ht_capa; |
199 | req.ht_capa_mask = params->ht_capa_mask; |
200 | req.vht_capa = params->vht_capa; |
201 | req.vht_capa_mask = params->vht_capa_mask; |
202 | req.link_id = -1; |
203 | |
204 | req.bss = cfg80211_get_bss(wiphy: &rdev->wiphy, channel: params->channel, |
205 | bssid: params->bssid, |
206 | ssid: params->ssid, ssid_len: params->ssid_len, |
207 | bss_type: IEEE80211_BSS_TYPE_ESS, |
208 | privacy: IEEE80211_PRIVACY_ANY); |
209 | if (!req.bss) { |
210 | err = -ENOENT; |
211 | } else { |
212 | err = cfg80211_mlme_assoc(rdev, dev: wdev->netdev, req: &req); |
213 | cfg80211_put_bss(wiphy: &rdev->wiphy, bss: req.bss); |
214 | } |
215 | |
216 | if (err) |
217 | cfg80211_mlme_deauth(rdev, dev: wdev->netdev, bssid: params->bssid, |
218 | NULL, ie_len: 0, |
219 | reason: WLAN_REASON_DEAUTH_LEAVING, |
220 | local_state_change: false); |
221 | return err; |
222 | case CFG80211_CONN_ASSOC_FAILED_TIMEOUT: |
223 | *treason = NL80211_TIMEOUT_ASSOC; |
224 | fallthrough; |
225 | case CFG80211_CONN_ASSOC_FAILED: |
226 | cfg80211_mlme_deauth(rdev, dev: wdev->netdev, bssid: params->bssid, |
227 | NULL, ie_len: 0, |
228 | reason: WLAN_REASON_DEAUTH_LEAVING, local_state_change: false); |
229 | return -ENOTCONN; |
230 | case CFG80211_CONN_DEAUTH: |
231 | cfg80211_mlme_deauth(rdev, dev: wdev->netdev, bssid: params->bssid, |
232 | NULL, ie_len: 0, |
233 | reason: WLAN_REASON_DEAUTH_LEAVING, local_state_change: false); |
234 | fallthrough; |
235 | case CFG80211_CONN_ABANDON: |
236 | /* free directly, disconnected event already sent */ |
237 | cfg80211_sme_free(wdev); |
238 | return 0; |
239 | default: |
240 | return 0; |
241 | } |
242 | } |
243 | |
244 | void cfg80211_conn_work(struct work_struct *work) |
245 | { |
246 | struct cfg80211_registered_device *rdev = |
247 | container_of(work, struct cfg80211_registered_device, conn_work); |
248 | struct wireless_dev *wdev; |
249 | u8 bssid_buf[ETH_ALEN], *bssid = NULL; |
250 | enum nl80211_timeout_reason treason; |
251 | |
252 | wiphy_lock(wiphy: &rdev->wiphy); |
253 | |
254 | list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) { |
255 | if (!wdev->netdev) |
256 | continue; |
257 | |
258 | if (!netif_running(dev: wdev->netdev)) |
259 | continue; |
260 | |
261 | if (!wdev->conn || |
262 | wdev->conn->state == CFG80211_CONN_CONNECTED) |
263 | continue; |
264 | |
265 | if (wdev->conn->params.bssid) { |
266 | memcpy(bssid_buf, wdev->conn->params.bssid, ETH_ALEN); |
267 | bssid = bssid_buf; |
268 | } |
269 | treason = NL80211_TIMEOUT_UNSPECIFIED; |
270 | if (cfg80211_conn_do_work(wdev, treason: &treason)) { |
271 | struct cfg80211_connect_resp_params cr; |
272 | |
273 | memset(&cr, 0, sizeof(cr)); |
274 | cr.status = -1; |
275 | cr.links[0].bssid = bssid; |
276 | cr.timeout_reason = treason; |
277 | __cfg80211_connect_result(dev: wdev->netdev, params: &cr, wextev: false); |
278 | } |
279 | } |
280 | |
281 | wiphy_unlock(wiphy: &rdev->wiphy); |
282 | } |
283 | |
284 | static void cfg80211_step_auth_next(struct cfg80211_conn *conn, |
285 | struct cfg80211_bss *bss) |
286 | { |
287 | memcpy(conn->bssid, bss->bssid, ETH_ALEN); |
288 | conn->params.bssid = conn->bssid; |
289 | conn->params.channel = bss->channel; |
290 | conn->state = CFG80211_CONN_AUTHENTICATE_NEXT; |
291 | } |
292 | |
293 | /* Returned bss is reference counted and must be cleaned up appropriately. */ |
294 | static struct cfg80211_bss *cfg80211_get_conn_bss(struct wireless_dev *wdev) |
295 | { |
296 | struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy: wdev->wiphy); |
297 | struct cfg80211_bss *bss; |
298 | |
299 | lockdep_assert_wiphy(wdev->wiphy); |
300 | |
301 | bss = cfg80211_get_bss(wiphy: wdev->wiphy, channel: wdev->conn->params.channel, |
302 | bssid: wdev->conn->params.bssid, |
303 | ssid: wdev->conn->params.ssid, |
304 | ssid_len: wdev->conn->params.ssid_len, |
305 | bss_type: wdev->conn_bss_type, |
306 | IEEE80211_PRIVACY(wdev->conn->params.privacy)); |
307 | if (!bss) |
308 | return NULL; |
309 | |
310 | cfg80211_step_auth_next(conn: wdev->conn, bss); |
311 | schedule_work(work: &rdev->conn_work); |
312 | |
313 | return bss; |
314 | } |
315 | |
316 | void cfg80211_sme_scan_done(struct net_device *dev) |
317 | { |
318 | struct wireless_dev *wdev = dev->ieee80211_ptr; |
319 | struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy: wdev->wiphy); |
320 | struct cfg80211_bss *bss; |
321 | |
322 | lockdep_assert_wiphy(wdev->wiphy); |
323 | |
324 | if (!wdev->conn) |
325 | return; |
326 | |
327 | if (wdev->conn->state != CFG80211_CONN_SCANNING && |
328 | wdev->conn->state != CFG80211_CONN_SCAN_AGAIN) |
329 | return; |
330 | |
331 | bss = cfg80211_get_conn_bss(wdev); |
332 | if (bss) |
333 | cfg80211_put_bss(wiphy: &rdev->wiphy, bss); |
334 | else |
335 | schedule_work(work: &rdev->conn_work); |
336 | } |
337 | |
338 | void cfg80211_sme_rx_auth(struct wireless_dev *wdev, const u8 *buf, size_t len) |
339 | { |
340 | struct wiphy *wiphy = wdev->wiphy; |
341 | struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); |
342 | struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)buf; |
343 | u16 status_code = le16_to_cpu(mgmt->u.auth.status_code); |
344 | |
345 | lockdep_assert_wiphy(wdev->wiphy); |
346 | |
347 | if (!wdev->conn || wdev->conn->state == CFG80211_CONN_CONNECTED) |
348 | return; |
349 | |
350 | if (status_code == WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG && |
351 | wdev->conn->auto_auth && |
352 | wdev->conn->params.auth_type != NL80211_AUTHTYPE_NETWORK_EAP) { |
353 | /* select automatically between only open, shared, leap */ |
354 | switch (wdev->conn->params.auth_type) { |
355 | case NL80211_AUTHTYPE_OPEN_SYSTEM: |
356 | if (wdev->connect_keys) |
357 | wdev->conn->params.auth_type = |
358 | NL80211_AUTHTYPE_SHARED_KEY; |
359 | else |
360 | wdev->conn->params.auth_type = |
361 | NL80211_AUTHTYPE_NETWORK_EAP; |
362 | break; |
363 | case NL80211_AUTHTYPE_SHARED_KEY: |
364 | wdev->conn->params.auth_type = |
365 | NL80211_AUTHTYPE_NETWORK_EAP; |
366 | break; |
367 | default: |
368 | /* huh? */ |
369 | wdev->conn->params.auth_type = |
370 | NL80211_AUTHTYPE_OPEN_SYSTEM; |
371 | break; |
372 | } |
373 | wdev->conn->state = CFG80211_CONN_AUTHENTICATE_NEXT; |
374 | schedule_work(work: &rdev->conn_work); |
375 | } else if (status_code != WLAN_STATUS_SUCCESS) { |
376 | struct cfg80211_connect_resp_params cr; |
377 | |
378 | memset(&cr, 0, sizeof(cr)); |
379 | cr.status = status_code; |
380 | cr.links[0].bssid = mgmt->bssid; |
381 | cr.timeout_reason = NL80211_TIMEOUT_UNSPECIFIED; |
382 | __cfg80211_connect_result(dev: wdev->netdev, params: &cr, wextev: false); |
383 | } else if (wdev->conn->state == CFG80211_CONN_AUTHENTICATING) { |
384 | wdev->conn->state = CFG80211_CONN_ASSOCIATE_NEXT; |
385 | schedule_work(work: &rdev->conn_work); |
386 | } |
387 | } |
388 | |
389 | bool cfg80211_sme_rx_assoc_resp(struct wireless_dev *wdev, u16 status) |
390 | { |
391 | struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy: wdev->wiphy); |
392 | |
393 | if (!wdev->conn) |
394 | return false; |
395 | |
396 | if (status == WLAN_STATUS_SUCCESS) { |
397 | wdev->conn->state = CFG80211_CONN_CONNECTED; |
398 | return false; |
399 | } |
400 | |
401 | if (wdev->conn->prev_bssid_valid) { |
402 | /* |
403 | * Some stupid APs don't accept reassoc, so we |
404 | * need to fall back to trying regular assoc; |
405 | * return true so no event is sent to userspace. |
406 | */ |
407 | wdev->conn->prev_bssid_valid = false; |
408 | wdev->conn->state = CFG80211_CONN_ASSOCIATE_NEXT; |
409 | schedule_work(work: &rdev->conn_work); |
410 | return true; |
411 | } |
412 | |
413 | wdev->conn->state = CFG80211_CONN_ASSOC_FAILED; |
414 | schedule_work(work: &rdev->conn_work); |
415 | return false; |
416 | } |
417 | |
418 | void cfg80211_sme_deauth(struct wireless_dev *wdev) |
419 | { |
420 | cfg80211_sme_free(wdev); |
421 | } |
422 | |
423 | void cfg80211_sme_auth_timeout(struct wireless_dev *wdev) |
424 | { |
425 | struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy: wdev->wiphy); |
426 | |
427 | if (!wdev->conn) |
428 | return; |
429 | |
430 | wdev->conn->state = CFG80211_CONN_AUTH_FAILED_TIMEOUT; |
431 | schedule_work(work: &rdev->conn_work); |
432 | } |
433 | |
434 | void cfg80211_sme_disassoc(struct wireless_dev *wdev) |
435 | { |
436 | struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy: wdev->wiphy); |
437 | |
438 | if (!wdev->conn) |
439 | return; |
440 | |
441 | wdev->conn->state = CFG80211_CONN_DEAUTH; |
442 | schedule_work(work: &rdev->conn_work); |
443 | } |
444 | |
445 | void cfg80211_sme_assoc_timeout(struct wireless_dev *wdev) |
446 | { |
447 | struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy: wdev->wiphy); |
448 | |
449 | if (!wdev->conn) |
450 | return; |
451 | |
452 | wdev->conn->state = CFG80211_CONN_ASSOC_FAILED_TIMEOUT; |
453 | schedule_work(work: &rdev->conn_work); |
454 | } |
455 | |
456 | void cfg80211_sme_abandon_assoc(struct wireless_dev *wdev) |
457 | { |
458 | struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy: wdev->wiphy); |
459 | |
460 | if (!wdev->conn) |
461 | return; |
462 | |
463 | wdev->conn->state = CFG80211_CONN_ABANDON; |
464 | schedule_work(work: &rdev->conn_work); |
465 | } |
466 | |
467 | static void cfg80211_wdev_release_bsses(struct wireless_dev *wdev) |
468 | { |
469 | unsigned int link; |
470 | |
471 | for_each_valid_link(wdev, link) { |
472 | if (!wdev->links[link].client.current_bss) |
473 | continue; |
474 | cfg80211_unhold_bss(bss: wdev->links[link].client.current_bss); |
475 | cfg80211_put_bss(wiphy: wdev->wiphy, |
476 | bss: &wdev->links[link].client.current_bss->pub); |
477 | wdev->links[link].client.current_bss = NULL; |
478 | } |
479 | } |
480 | |
481 | void cfg80211_wdev_release_link_bsses(struct wireless_dev *wdev, u16 link_mask) |
482 | { |
483 | unsigned int link; |
484 | |
485 | for_each_valid_link(wdev, link) { |
486 | if (!wdev->links[link].client.current_bss || |
487 | !(link_mask & BIT(link))) |
488 | continue; |
489 | cfg80211_unhold_bss(bss: wdev->links[link].client.current_bss); |
490 | cfg80211_put_bss(wiphy: wdev->wiphy, |
491 | bss: &wdev->links[link].client.current_bss->pub); |
492 | wdev->links[link].client.current_bss = NULL; |
493 | } |
494 | } |
495 | |
496 | static int cfg80211_sme_get_conn_ies(struct wireless_dev *wdev, |
497 | const u8 *ies, size_t ies_len, |
498 | const u8 **out_ies, size_t *out_ies_len) |
499 | { |
500 | struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy: wdev->wiphy); |
501 | u8 *buf; |
502 | size_t offs; |
503 | |
504 | if (!rdev->wiphy.extended_capabilities_len || |
505 | (ies && cfg80211_find_ie(eid: WLAN_EID_EXT_CAPABILITY, ies, len: ies_len))) { |
506 | *out_ies = kmemdup(p: ies, size: ies_len, GFP_KERNEL); |
507 | if (!*out_ies) |
508 | return -ENOMEM; |
509 | *out_ies_len = ies_len; |
510 | return 0; |
511 | } |
512 | |
513 | buf = kmalloc(size: ies_len + rdev->wiphy.extended_capabilities_len + 2, |
514 | GFP_KERNEL); |
515 | if (!buf) |
516 | return -ENOMEM; |
517 | |
518 | if (ies_len) { |
519 | static const u8 before_extcapa[] = { |
520 | /* not listing IEs expected to be created by driver */ |
521 | WLAN_EID_RSN, |
522 | WLAN_EID_QOS_CAPA, |
523 | WLAN_EID_RRM_ENABLED_CAPABILITIES, |
524 | WLAN_EID_MOBILITY_DOMAIN, |
525 | WLAN_EID_SUPPORTED_REGULATORY_CLASSES, |
526 | WLAN_EID_BSS_COEX_2040, |
527 | }; |
528 | |
529 | offs = ieee80211_ie_split(ies, ielen: ies_len, ids: before_extcapa, |
530 | ARRAY_SIZE(before_extcapa), offset: 0); |
531 | memcpy(buf, ies, offs); |
532 | /* leave a whole for extended capabilities IE */ |
533 | memcpy(buf + offs + rdev->wiphy.extended_capabilities_len + 2, |
534 | ies + offs, ies_len - offs); |
535 | } else { |
536 | offs = 0; |
537 | } |
538 | |
539 | /* place extended capabilities IE (with only driver capabilities) */ |
540 | buf[offs] = WLAN_EID_EXT_CAPABILITY; |
541 | buf[offs + 1] = rdev->wiphy.extended_capabilities_len; |
542 | memcpy(buf + offs + 2, |
543 | rdev->wiphy.extended_capabilities, |
544 | rdev->wiphy.extended_capabilities_len); |
545 | |
546 | *out_ies = buf; |
547 | *out_ies_len = ies_len + rdev->wiphy.extended_capabilities_len + 2; |
548 | |
549 | return 0; |
550 | } |
551 | |
552 | static int cfg80211_sme_connect(struct wireless_dev *wdev, |
553 | struct cfg80211_connect_params *connect, |
554 | const u8 *prev_bssid) |
555 | { |
556 | struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy: wdev->wiphy); |
557 | struct cfg80211_bss *bss; |
558 | int err; |
559 | |
560 | if (!rdev->ops->auth || !rdev->ops->assoc) |
561 | return -EOPNOTSUPP; |
562 | |
563 | cfg80211_wdev_release_bsses(wdev); |
564 | |
565 | if (wdev->connected) { |
566 | cfg80211_sme_free(wdev); |
567 | wdev->connected = false; |
568 | } |
569 | |
570 | if (wdev->conn) |
571 | return -EINPROGRESS; |
572 | |
573 | wdev->conn = kzalloc(size: sizeof(*wdev->conn), GFP_KERNEL); |
574 | if (!wdev->conn) |
575 | return -ENOMEM; |
576 | |
577 | /* |
578 | * Copy all parameters, and treat explicitly IEs, BSSID, SSID. |
579 | */ |
580 | memcpy(&wdev->conn->params, connect, sizeof(*connect)); |
581 | if (connect->bssid) { |
582 | wdev->conn->params.bssid = wdev->conn->bssid; |
583 | memcpy(wdev->conn->bssid, connect->bssid, ETH_ALEN); |
584 | } |
585 | |
586 | if (cfg80211_sme_get_conn_ies(wdev, ies: connect->ie, ies_len: connect->ie_len, |
587 | out_ies: &wdev->conn->ie, |
588 | out_ies_len: &wdev->conn->params.ie_len)) { |
589 | kfree(objp: wdev->conn); |
590 | wdev->conn = NULL; |
591 | return -ENOMEM; |
592 | } |
593 | wdev->conn->params.ie = wdev->conn->ie; |
594 | |
595 | if (connect->auth_type == NL80211_AUTHTYPE_AUTOMATIC) { |
596 | wdev->conn->auto_auth = true; |
597 | /* start with open system ... should mostly work */ |
598 | wdev->conn->params.auth_type = |
599 | NL80211_AUTHTYPE_OPEN_SYSTEM; |
600 | } else { |
601 | wdev->conn->auto_auth = false; |
602 | } |
603 | |
604 | wdev->conn->params.ssid = wdev->u.client.ssid; |
605 | wdev->conn->params.ssid_len = wdev->u.client.ssid_len; |
606 | |
607 | /* see if we have the bss already */ |
608 | bss = cfg80211_get_bss(wiphy: wdev->wiphy, channel: wdev->conn->params.channel, |
609 | bssid: wdev->conn->params.bssid, |
610 | ssid: wdev->conn->params.ssid, |
611 | ssid_len: wdev->conn->params.ssid_len, |
612 | bss_type: wdev->conn_bss_type, |
613 | IEEE80211_PRIVACY(wdev->conn->params.privacy)); |
614 | |
615 | if (prev_bssid) { |
616 | memcpy(wdev->conn->prev_bssid, prev_bssid, ETH_ALEN); |
617 | wdev->conn->prev_bssid_valid = true; |
618 | } |
619 | |
620 | /* we're good if we have a matching bss struct */ |
621 | if (bss) { |
622 | enum nl80211_timeout_reason treason; |
623 | |
624 | cfg80211_step_auth_next(conn: wdev->conn, bss); |
625 | err = cfg80211_conn_do_work(wdev, treason: &treason); |
626 | cfg80211_put_bss(wiphy: wdev->wiphy, bss); |
627 | } else { |
628 | /* otherwise we'll need to scan for the AP first */ |
629 | err = cfg80211_conn_scan(wdev); |
630 | |
631 | /* |
632 | * If we can't scan right now, then we need to scan again |
633 | * after the current scan finished, since the parameters |
634 | * changed (unless we find a good AP anyway). |
635 | */ |
636 | if (err == -EBUSY) { |
637 | err = 0; |
638 | wdev->conn->state = CFG80211_CONN_SCAN_AGAIN; |
639 | } |
640 | } |
641 | |
642 | if (err) |
643 | cfg80211_sme_free(wdev); |
644 | |
645 | return err; |
646 | } |
647 | |
648 | static int cfg80211_sme_disconnect(struct wireless_dev *wdev, u16 reason) |
649 | { |
650 | struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy: wdev->wiphy); |
651 | int err; |
652 | |
653 | if (!wdev->conn) |
654 | return 0; |
655 | |
656 | if (!rdev->ops->deauth) |
657 | return -EOPNOTSUPP; |
658 | |
659 | if (wdev->conn->state == CFG80211_CONN_SCANNING || |
660 | wdev->conn->state == CFG80211_CONN_SCAN_AGAIN) { |
661 | err = 0; |
662 | goto out; |
663 | } |
664 | |
665 | /* wdev->conn->params.bssid must be set if > SCANNING */ |
666 | err = cfg80211_mlme_deauth(rdev, dev: wdev->netdev, |
667 | bssid: wdev->conn->params.bssid, |
668 | NULL, ie_len: 0, reason, local_state_change: false); |
669 | out: |
670 | cfg80211_sme_free(wdev); |
671 | return err; |
672 | } |
673 | |
674 | /* |
675 | * code shared for in-device and software SME |
676 | */ |
677 | |
678 | static bool cfg80211_is_all_idle(void) |
679 | { |
680 | struct cfg80211_registered_device *rdev; |
681 | struct wireless_dev *wdev; |
682 | bool is_all_idle = true; |
683 | |
684 | /* |
685 | * All devices must be idle as otherwise if you are actively |
686 | * scanning some new beacon hints could be learned and would |
687 | * count as new regulatory hints. |
688 | * Also if there is any other active beaconing interface we |
689 | * need not issue a disconnect hint and reset any info such |
690 | * as chan dfs state, etc. |
691 | */ |
692 | for_each_rdev(rdev) { |
693 | wiphy_lock(wiphy: &rdev->wiphy); |
694 | list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) { |
695 | if (wdev->conn || wdev->connected || |
696 | cfg80211_beaconing_iface_active(wdev)) |
697 | is_all_idle = false; |
698 | } |
699 | wiphy_unlock(wiphy: &rdev->wiphy); |
700 | } |
701 | |
702 | return is_all_idle; |
703 | } |
704 | |
705 | static void disconnect_work(struct work_struct *work) |
706 | { |
707 | rtnl_lock(); |
708 | if (cfg80211_is_all_idle()) |
709 | regulatory_hint_disconnect(); |
710 | rtnl_unlock(); |
711 | } |
712 | |
713 | DECLARE_WORK(cfg80211_disconnect_work, disconnect_work); |
714 | |
715 | static void |
716 | cfg80211_connect_result_release_bsses(struct wireless_dev *wdev, |
717 | struct cfg80211_connect_resp_params *cr) |
718 | { |
719 | unsigned int link; |
720 | |
721 | for_each_valid_link(cr, link) { |
722 | if (!cr->links[link].bss) |
723 | continue; |
724 | cfg80211_unhold_bss(bss: bss_from_pub(pub: cr->links[link].bss)); |
725 | cfg80211_put_bss(wiphy: wdev->wiphy, bss: cr->links[link].bss); |
726 | } |
727 | } |
728 | |
729 | /* |
730 | * API calls for drivers implementing connect/disconnect and |
731 | * SME event handling |
732 | */ |
733 | |
734 | /* This method must consume bss one way or another */ |
735 | void __cfg80211_connect_result(struct net_device *dev, |
736 | struct cfg80211_connect_resp_params *cr, |
737 | bool wextev) |
738 | { |
739 | struct wireless_dev *wdev = dev->ieee80211_ptr; |
740 | const struct element *country_elem = NULL; |
741 | const struct element *ssid; |
742 | const u8 *country_data; |
743 | u8 country_datalen; |
744 | #ifdef CONFIG_CFG80211_WEXT |
745 | union iwreq_data wrqu; |
746 | #endif |
747 | unsigned int link; |
748 | const u8 *connected_addr; |
749 | bool bss_not_found = false; |
750 | |
751 | lockdep_assert_wiphy(wdev->wiphy); |
752 | |
753 | if (WARN_ON(wdev->iftype != NL80211_IFTYPE_STATION && |
754 | wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)) |
755 | goto out; |
756 | |
757 | if (cr->valid_links) { |
758 | if (WARN_ON(!cr->ap_mld_addr)) |
759 | goto out; |
760 | |
761 | for_each_valid_link(cr, link) { |
762 | if (WARN_ON(!cr->links[link].addr)) |
763 | goto out; |
764 | } |
765 | |
766 | if (WARN_ON(wdev->connect_keys)) |
767 | goto out; |
768 | } |
769 | |
770 | wdev->unprot_beacon_reported = 0; |
771 | nl80211_send_connect_result(rdev: wiphy_to_rdev(wiphy: wdev->wiphy), netdev: dev, params: cr, |
772 | GFP_KERNEL); |
773 | connected_addr = cr->valid_links ? cr->ap_mld_addr : cr->links[0].bssid; |
774 | |
775 | #ifdef CONFIG_CFG80211_WEXT |
776 | if (wextev && !cr->valid_links) { |
777 | if (cr->req_ie && cr->status == WLAN_STATUS_SUCCESS) { |
778 | memset(&wrqu, 0, sizeof(wrqu)); |
779 | wrqu.data.length = cr->req_ie_len; |
780 | wireless_send_event(dev, IWEVASSOCREQIE, wrqu: &wrqu, |
781 | extra: cr->req_ie); |
782 | } |
783 | |
784 | if (cr->resp_ie && cr->status == WLAN_STATUS_SUCCESS) { |
785 | memset(&wrqu, 0, sizeof(wrqu)); |
786 | wrqu.data.length = cr->resp_ie_len; |
787 | wireless_send_event(dev, IWEVASSOCRESPIE, wrqu: &wrqu, |
788 | extra: cr->resp_ie); |
789 | } |
790 | |
791 | memset(&wrqu, 0, sizeof(wrqu)); |
792 | wrqu.ap_addr.sa_family = ARPHRD_ETHER; |
793 | if (connected_addr && cr->status == WLAN_STATUS_SUCCESS) { |
794 | memcpy(wrqu.ap_addr.sa_data, connected_addr, ETH_ALEN); |
795 | memcpy(wdev->wext.prev_bssid, connected_addr, ETH_ALEN); |
796 | wdev->wext.prev_bssid_valid = true; |
797 | } |
798 | wireless_send_event(dev, SIOCGIWAP, wrqu: &wrqu, NULL); |
799 | } |
800 | #endif |
801 | |
802 | if (cr->status == WLAN_STATUS_SUCCESS) { |
803 | if (!wiphy_to_rdev(wiphy: wdev->wiphy)->ops->connect) { |
804 | for_each_valid_link(cr, link) { |
805 | if (WARN_ON_ONCE(!cr->links[link].bss)) |
806 | break; |
807 | } |
808 | } |
809 | |
810 | for_each_valid_link(cr, link) { |
811 | /* don't do extra lookups for failures */ |
812 | if (cr->links[link].status != WLAN_STATUS_SUCCESS) |
813 | continue; |
814 | |
815 | if (cr->links[link].bss) |
816 | continue; |
817 | |
818 | cr->links[link].bss = |
819 | cfg80211_get_bss(wiphy: wdev->wiphy, NULL, |
820 | bssid: cr->links[link].bssid, |
821 | ssid: wdev->u.client.ssid, |
822 | ssid_len: wdev->u.client.ssid_len, |
823 | bss_type: wdev->conn_bss_type, |
824 | privacy: IEEE80211_PRIVACY_ANY); |
825 | if (!cr->links[link].bss) { |
826 | bss_not_found = true; |
827 | break; |
828 | } |
829 | cfg80211_hold_bss(bss: bss_from_pub(pub: cr->links[link].bss)); |
830 | } |
831 | } |
832 | |
833 | cfg80211_wdev_release_bsses(wdev); |
834 | |
835 | if (cr->status != WLAN_STATUS_SUCCESS) { |
836 | kfree_sensitive(objp: wdev->connect_keys); |
837 | wdev->connect_keys = NULL; |
838 | wdev->u.client.ssid_len = 0; |
839 | wdev->conn_owner_nlportid = 0; |
840 | cfg80211_connect_result_release_bsses(wdev, cr); |
841 | cfg80211_sme_free(wdev); |
842 | return; |
843 | } |
844 | |
845 | if (WARN_ON(bss_not_found)) { |
846 | cfg80211_connect_result_release_bsses(wdev, cr); |
847 | return; |
848 | } |
849 | |
850 | memset(wdev->links, 0, sizeof(wdev->links)); |
851 | for_each_valid_link(cr, link) { |
852 | if (cr->links[link].status == WLAN_STATUS_SUCCESS) |
853 | continue; |
854 | cr->valid_links &= ~BIT(link); |
855 | /* don't require bss pointer for failed links */ |
856 | if (!cr->links[link].bss) |
857 | continue; |
858 | cfg80211_unhold_bss(bss: bss_from_pub(pub: cr->links[link].bss)); |
859 | cfg80211_put_bss(wiphy: wdev->wiphy, bss: cr->links[link].bss); |
860 | } |
861 | wdev->valid_links = cr->valid_links; |
862 | for_each_valid_link(cr, link) |
863 | wdev->links[link].client.current_bss = |
864 | bss_from_pub(pub: cr->links[link].bss); |
865 | wdev->connected = true; |
866 | ether_addr_copy(dst: wdev->u.client.connected_addr, src: connected_addr); |
867 | if (cr->valid_links) { |
868 | for_each_valid_link(cr, link) |
869 | memcpy(wdev->links[link].addr, cr->links[link].addr, |
870 | ETH_ALEN); |
871 | } |
872 | |
873 | cfg80211_upload_connect_keys(wdev); |
874 | |
875 | rcu_read_lock(); |
876 | for_each_valid_link(cr, link) { |
877 | country_elem = |
878 | ieee80211_bss_get_elem(bss: cr->links[link].bss, |
879 | id: WLAN_EID_COUNTRY); |
880 | if (country_elem) |
881 | break; |
882 | } |
883 | if (!country_elem) { |
884 | rcu_read_unlock(); |
885 | return; |
886 | } |
887 | |
888 | country_datalen = country_elem->datalen; |
889 | country_data = kmemdup(p: country_elem->data, size: country_datalen, GFP_ATOMIC); |
890 | rcu_read_unlock(); |
891 | |
892 | if (!country_data) |
893 | return; |
894 | |
895 | regulatory_hint_country_ie(wiphy: wdev->wiphy, |
896 | band: cr->links[link].bss->channel->band, |
897 | country_ie: country_data, country_ie_len: country_datalen); |
898 | kfree(objp: country_data); |
899 | |
900 | if (!wdev->u.client.ssid_len) { |
901 | rcu_read_lock(); |
902 | for_each_valid_link(cr, link) { |
903 | ssid = ieee80211_bss_get_elem(bss: cr->links[link].bss, |
904 | id: WLAN_EID_SSID); |
905 | |
906 | if (!ssid || !ssid->datalen) |
907 | continue; |
908 | |
909 | memcpy(wdev->u.client.ssid, ssid->data, ssid->datalen); |
910 | wdev->u.client.ssid_len = ssid->datalen; |
911 | break; |
912 | } |
913 | rcu_read_unlock(); |
914 | } |
915 | |
916 | return; |
917 | out: |
918 | for_each_valid_link(cr, link) |
919 | cfg80211_put_bss(wiphy: wdev->wiphy, bss: cr->links[link].bss); |
920 | } |
921 | |
922 | static void cfg80211_update_link_bss(struct wireless_dev *wdev, |
923 | struct cfg80211_bss **bss) |
924 | { |
925 | struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy: wdev->wiphy); |
926 | struct cfg80211_internal_bss *ibss; |
927 | |
928 | if (!*bss) |
929 | return; |
930 | |
931 | ibss = bss_from_pub(pub: *bss); |
932 | if (list_empty(head: &ibss->list)) { |
933 | struct cfg80211_bss *found = NULL, *tmp = *bss; |
934 | |
935 | found = cfg80211_get_bss(wiphy: wdev->wiphy, NULL, |
936 | bssid: (*bss)->bssid, |
937 | ssid: wdev->u.client.ssid, |
938 | ssid_len: wdev->u.client.ssid_len, |
939 | bss_type: wdev->conn_bss_type, |
940 | privacy: IEEE80211_PRIVACY_ANY); |
941 | if (found) { |
942 | /* The same BSS is already updated so use it |
943 | * instead, as it has latest info. |
944 | */ |
945 | *bss = found; |
946 | } else { |
947 | /* Update with BSS provided by driver, it will |
948 | * be freshly added and ref cnted, we can free |
949 | * the old one. |
950 | * |
951 | * signal_valid can be false, as we are not |
952 | * expecting the BSS to be found. |
953 | * |
954 | * keep the old timestamp to avoid confusion |
955 | */ |
956 | cfg80211_bss_update(rdev, tmp: ibss, signal_valid: false, |
957 | ts: ibss->ts); |
958 | } |
959 | |
960 | cfg80211_put_bss(wiphy: wdev->wiphy, bss: tmp); |
961 | } |
962 | } |
963 | |
964 | /* Consumes bss object(s) one way or another */ |
965 | void cfg80211_connect_done(struct net_device *dev, |
966 | struct cfg80211_connect_resp_params *params, |
967 | gfp_t gfp) |
968 | { |
969 | struct wireless_dev *wdev = dev->ieee80211_ptr; |
970 | struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy: wdev->wiphy); |
971 | struct cfg80211_event *ev; |
972 | unsigned long flags; |
973 | u8 *next; |
974 | size_t link_info_size = 0; |
975 | unsigned int link; |
976 | |
977 | for_each_valid_link(params, link) { |
978 | cfg80211_update_link_bss(wdev, bss: ¶ms->links[link].bss); |
979 | link_info_size += params->links[link].bssid ? ETH_ALEN : 0; |
980 | link_info_size += params->links[link].addr ? ETH_ALEN : 0; |
981 | } |
982 | |
983 | ev = kzalloc(size: sizeof(*ev) + (params->ap_mld_addr ? ETH_ALEN : 0) + |
984 | params->req_ie_len + params->resp_ie_len + |
985 | params->fils.kek_len + params->fils.pmk_len + |
986 | (params->fils.pmkid ? WLAN_PMKID_LEN : 0) + link_info_size, |
987 | flags: gfp); |
988 | |
989 | if (!ev) { |
990 | for_each_valid_link(params, link) |
991 | cfg80211_put_bss(wiphy: wdev->wiphy, |
992 | bss: params->links[link].bss); |
993 | return; |
994 | } |
995 | |
996 | ev->type = EVENT_CONNECT_RESULT; |
997 | next = ((u8 *)ev) + sizeof(*ev); |
998 | if (params->ap_mld_addr) { |
999 | ev->cr.ap_mld_addr = next; |
1000 | memcpy((void *)ev->cr.ap_mld_addr, params->ap_mld_addr, |
1001 | ETH_ALEN); |
1002 | next += ETH_ALEN; |
1003 | } |
1004 | if (params->req_ie_len) { |
1005 | ev->cr.req_ie = next; |
1006 | ev->cr.req_ie_len = params->req_ie_len; |
1007 | memcpy((void *)ev->cr.req_ie, params->req_ie, |
1008 | params->req_ie_len); |
1009 | next += params->req_ie_len; |
1010 | } |
1011 | if (params->resp_ie_len) { |
1012 | ev->cr.resp_ie = next; |
1013 | ev->cr.resp_ie_len = params->resp_ie_len; |
1014 | memcpy((void *)ev->cr.resp_ie, params->resp_ie, |
1015 | params->resp_ie_len); |
1016 | next += params->resp_ie_len; |
1017 | } |
1018 | if (params->fils.kek_len) { |
1019 | ev->cr.fils.kek = next; |
1020 | ev->cr.fils.kek_len = params->fils.kek_len; |
1021 | memcpy((void *)ev->cr.fils.kek, params->fils.kek, |
1022 | params->fils.kek_len); |
1023 | next += params->fils.kek_len; |
1024 | } |
1025 | if (params->fils.pmk_len) { |
1026 | ev->cr.fils.pmk = next; |
1027 | ev->cr.fils.pmk_len = params->fils.pmk_len; |
1028 | memcpy((void *)ev->cr.fils.pmk, params->fils.pmk, |
1029 | params->fils.pmk_len); |
1030 | next += params->fils.pmk_len; |
1031 | } |
1032 | if (params->fils.pmkid) { |
1033 | ev->cr.fils.pmkid = next; |
1034 | memcpy((void *)ev->cr.fils.pmkid, params->fils.pmkid, |
1035 | WLAN_PMKID_LEN); |
1036 | next += WLAN_PMKID_LEN; |
1037 | } |
1038 | ev->cr.fils.update_erp_next_seq_num = params->fils.update_erp_next_seq_num; |
1039 | if (params->fils.update_erp_next_seq_num) |
1040 | ev->cr.fils.erp_next_seq_num = params->fils.erp_next_seq_num; |
1041 | ev->cr.valid_links = params->valid_links; |
1042 | for_each_valid_link(params, link) { |
1043 | if (params->links[link].bss) |
1044 | cfg80211_hold_bss( |
1045 | bss: bss_from_pub(pub: params->links[link].bss)); |
1046 | ev->cr.links[link].bss = params->links[link].bss; |
1047 | |
1048 | if (params->links[link].addr) { |
1049 | ev->cr.links[link].addr = next; |
1050 | memcpy((void *)ev->cr.links[link].addr, |
1051 | params->links[link].addr, |
1052 | ETH_ALEN); |
1053 | next += ETH_ALEN; |
1054 | } |
1055 | if (params->links[link].bssid) { |
1056 | ev->cr.links[link].bssid = next; |
1057 | memcpy((void *)ev->cr.links[link].bssid, |
1058 | params->links[link].bssid, |
1059 | ETH_ALEN); |
1060 | next += ETH_ALEN; |
1061 | } |
1062 | } |
1063 | ev->cr.status = params->status; |
1064 | ev->cr.timeout_reason = params->timeout_reason; |
1065 | |
1066 | spin_lock_irqsave(&wdev->event_lock, flags); |
1067 | list_add_tail(new: &ev->list, head: &wdev->event_list); |
1068 | spin_unlock_irqrestore(lock: &wdev->event_lock, flags); |
1069 | queue_work(wq: cfg80211_wq, work: &rdev->event_work); |
1070 | } |
1071 | EXPORT_SYMBOL(cfg80211_connect_done); |
1072 | |
1073 | /* Consumes bss object one way or another */ |
1074 | void __cfg80211_roamed(struct wireless_dev *wdev, |
1075 | struct cfg80211_roam_info *info) |
1076 | { |
1077 | #ifdef CONFIG_CFG80211_WEXT |
1078 | union iwreq_data wrqu; |
1079 | #endif |
1080 | unsigned int link; |
1081 | const u8 *connected_addr; |
1082 | |
1083 | lockdep_assert_wiphy(wdev->wiphy); |
1084 | |
1085 | if (WARN_ON(wdev->iftype != NL80211_IFTYPE_STATION && |
1086 | wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)) |
1087 | goto out; |
1088 | |
1089 | if (WARN_ON(!wdev->connected)) |
1090 | goto out; |
1091 | |
1092 | if (info->valid_links) { |
1093 | if (WARN_ON(!info->ap_mld_addr)) |
1094 | goto out; |
1095 | |
1096 | for_each_valid_link(info, link) { |
1097 | if (WARN_ON(!info->links[link].addr)) |
1098 | goto out; |
1099 | } |
1100 | } |
1101 | |
1102 | cfg80211_wdev_release_bsses(wdev); |
1103 | |
1104 | for_each_valid_link(info, link) { |
1105 | if (WARN_ON(!info->links[link].bss)) |
1106 | goto out; |
1107 | } |
1108 | |
1109 | memset(wdev->links, 0, sizeof(wdev->links)); |
1110 | wdev->valid_links = info->valid_links; |
1111 | for_each_valid_link(info, link) { |
1112 | cfg80211_hold_bss(bss: bss_from_pub(pub: info->links[link].bss)); |
1113 | wdev->links[link].client.current_bss = |
1114 | bss_from_pub(pub: info->links[link].bss); |
1115 | } |
1116 | |
1117 | connected_addr = info->valid_links ? |
1118 | info->ap_mld_addr : |
1119 | info->links[0].bss->bssid; |
1120 | ether_addr_copy(dst: wdev->u.client.connected_addr, src: connected_addr); |
1121 | if (info->valid_links) { |
1122 | for_each_valid_link(info, link) |
1123 | memcpy(wdev->links[link].addr, info->links[link].addr, |
1124 | ETH_ALEN); |
1125 | } |
1126 | wdev->unprot_beacon_reported = 0; |
1127 | nl80211_send_roamed(rdev: wiphy_to_rdev(wiphy: wdev->wiphy), |
1128 | netdev: wdev->netdev, info, GFP_KERNEL); |
1129 | |
1130 | #ifdef CONFIG_CFG80211_WEXT |
1131 | if (!info->valid_links) { |
1132 | if (info->req_ie) { |
1133 | memset(&wrqu, 0, sizeof(wrqu)); |
1134 | wrqu.data.length = info->req_ie_len; |
1135 | wireless_send_event(dev: wdev->netdev, IWEVASSOCREQIE, |
1136 | wrqu: &wrqu, extra: info->req_ie); |
1137 | } |
1138 | |
1139 | if (info->resp_ie) { |
1140 | memset(&wrqu, 0, sizeof(wrqu)); |
1141 | wrqu.data.length = info->resp_ie_len; |
1142 | wireless_send_event(dev: wdev->netdev, IWEVASSOCRESPIE, |
1143 | wrqu: &wrqu, extra: info->resp_ie); |
1144 | } |
1145 | |
1146 | memset(&wrqu, 0, sizeof(wrqu)); |
1147 | wrqu.ap_addr.sa_family = ARPHRD_ETHER; |
1148 | memcpy(wrqu.ap_addr.sa_data, connected_addr, ETH_ALEN); |
1149 | memcpy(wdev->wext.prev_bssid, connected_addr, ETH_ALEN); |
1150 | wdev->wext.prev_bssid_valid = true; |
1151 | wireless_send_event(dev: wdev->netdev, SIOCGIWAP, wrqu: &wrqu, NULL); |
1152 | } |
1153 | #endif |
1154 | |
1155 | return; |
1156 | out: |
1157 | for_each_valid_link(info, link) |
1158 | cfg80211_put_bss(wiphy: wdev->wiphy, bss: info->links[link].bss); |
1159 | } |
1160 | |
1161 | /* Consumes info->links.bss object(s) one way or another */ |
1162 | void cfg80211_roamed(struct net_device *dev, struct cfg80211_roam_info *info, |
1163 | gfp_t gfp) |
1164 | { |
1165 | struct wireless_dev *wdev = dev->ieee80211_ptr; |
1166 | struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy: wdev->wiphy); |
1167 | struct cfg80211_event *ev; |
1168 | unsigned long flags; |
1169 | u8 *next; |
1170 | unsigned int link; |
1171 | size_t link_info_size = 0; |
1172 | bool bss_not_found = false; |
1173 | |
1174 | for_each_valid_link(info, link) { |
1175 | link_info_size += info->links[link].addr ? ETH_ALEN : 0; |
1176 | link_info_size += info->links[link].bssid ? ETH_ALEN : 0; |
1177 | |
1178 | if (info->links[link].bss) |
1179 | continue; |
1180 | |
1181 | info->links[link].bss = |
1182 | cfg80211_get_bss(wiphy: wdev->wiphy, |
1183 | channel: info->links[link].channel, |
1184 | bssid: info->links[link].bssid, |
1185 | ssid: wdev->u.client.ssid, |
1186 | ssid_len: wdev->u.client.ssid_len, |
1187 | bss_type: wdev->conn_bss_type, |
1188 | privacy: IEEE80211_PRIVACY_ANY); |
1189 | |
1190 | if (!info->links[link].bss) { |
1191 | bss_not_found = true; |
1192 | break; |
1193 | } |
1194 | } |
1195 | |
1196 | if (WARN_ON(bss_not_found)) |
1197 | goto out; |
1198 | |
1199 | ev = kzalloc(size: sizeof(*ev) + info->req_ie_len + info->resp_ie_len + |
1200 | info->fils.kek_len + info->fils.pmk_len + |
1201 | (info->fils.pmkid ? WLAN_PMKID_LEN : 0) + |
1202 | (info->ap_mld_addr ? ETH_ALEN : 0) + link_info_size, flags: gfp); |
1203 | if (!ev) |
1204 | goto out; |
1205 | |
1206 | ev->type = EVENT_ROAMED; |
1207 | next = ((u8 *)ev) + sizeof(*ev); |
1208 | if (info->req_ie_len) { |
1209 | ev->rm.req_ie = next; |
1210 | ev->rm.req_ie_len = info->req_ie_len; |
1211 | memcpy((void *)ev->rm.req_ie, info->req_ie, info->req_ie_len); |
1212 | next += info->req_ie_len; |
1213 | } |
1214 | if (info->resp_ie_len) { |
1215 | ev->rm.resp_ie = next; |
1216 | ev->rm.resp_ie_len = info->resp_ie_len; |
1217 | memcpy((void *)ev->rm.resp_ie, info->resp_ie, |
1218 | info->resp_ie_len); |
1219 | next += info->resp_ie_len; |
1220 | } |
1221 | if (info->fils.kek_len) { |
1222 | ev->rm.fils.kek = next; |
1223 | ev->rm.fils.kek_len = info->fils.kek_len; |
1224 | memcpy((void *)ev->rm.fils.kek, info->fils.kek, |
1225 | info->fils.kek_len); |
1226 | next += info->fils.kek_len; |
1227 | } |
1228 | if (info->fils.pmk_len) { |
1229 | ev->rm.fils.pmk = next; |
1230 | ev->rm.fils.pmk_len = info->fils.pmk_len; |
1231 | memcpy((void *)ev->rm.fils.pmk, info->fils.pmk, |
1232 | info->fils.pmk_len); |
1233 | next += info->fils.pmk_len; |
1234 | } |
1235 | if (info->fils.pmkid) { |
1236 | ev->rm.fils.pmkid = next; |
1237 | memcpy((void *)ev->rm.fils.pmkid, info->fils.pmkid, |
1238 | WLAN_PMKID_LEN); |
1239 | next += WLAN_PMKID_LEN; |
1240 | } |
1241 | ev->rm.fils.update_erp_next_seq_num = info->fils.update_erp_next_seq_num; |
1242 | if (info->fils.update_erp_next_seq_num) |
1243 | ev->rm.fils.erp_next_seq_num = info->fils.erp_next_seq_num; |
1244 | if (info->ap_mld_addr) { |
1245 | ev->rm.ap_mld_addr = next; |
1246 | memcpy((void *)ev->rm.ap_mld_addr, info->ap_mld_addr, |
1247 | ETH_ALEN); |
1248 | next += ETH_ALEN; |
1249 | } |
1250 | ev->rm.valid_links = info->valid_links; |
1251 | for_each_valid_link(info, link) { |
1252 | ev->rm.links[link].bss = info->links[link].bss; |
1253 | |
1254 | if (info->links[link].addr) { |
1255 | ev->rm.links[link].addr = next; |
1256 | memcpy((void *)ev->rm.links[link].addr, |
1257 | info->links[link].addr, |
1258 | ETH_ALEN); |
1259 | next += ETH_ALEN; |
1260 | } |
1261 | |
1262 | if (info->links[link].bssid) { |
1263 | ev->rm.links[link].bssid = next; |
1264 | memcpy((void *)ev->rm.links[link].bssid, |
1265 | info->links[link].bssid, |
1266 | ETH_ALEN); |
1267 | next += ETH_ALEN; |
1268 | } |
1269 | } |
1270 | |
1271 | spin_lock_irqsave(&wdev->event_lock, flags); |
1272 | list_add_tail(new: &ev->list, head: &wdev->event_list); |
1273 | spin_unlock_irqrestore(lock: &wdev->event_lock, flags); |
1274 | queue_work(wq: cfg80211_wq, work: &rdev->event_work); |
1275 | |
1276 | return; |
1277 | out: |
1278 | for_each_valid_link(info, link) |
1279 | cfg80211_put_bss(wiphy: wdev->wiphy, bss: info->links[link].bss); |
1280 | |
1281 | } |
1282 | EXPORT_SYMBOL(cfg80211_roamed); |
1283 | |
1284 | void __cfg80211_port_authorized(struct wireless_dev *wdev, const u8 *peer_addr, |
1285 | const u8 *td_bitmap, u8 td_bitmap_len) |
1286 | { |
1287 | lockdep_assert_wiphy(wdev->wiphy); |
1288 | |
1289 | if (WARN_ON(wdev->iftype != NL80211_IFTYPE_STATION && |
1290 | wdev->iftype != NL80211_IFTYPE_P2P_CLIENT && |
1291 | wdev->iftype != NL80211_IFTYPE_AP && |
1292 | wdev->iftype != NL80211_IFTYPE_P2P_GO)) |
1293 | return; |
1294 | |
1295 | if (wdev->iftype == NL80211_IFTYPE_STATION || |
1296 | wdev->iftype == NL80211_IFTYPE_P2P_CLIENT) { |
1297 | if (WARN_ON(!wdev->connected) || |
1298 | WARN_ON(!ether_addr_equal(wdev->u.client.connected_addr, peer_addr))) |
1299 | return; |
1300 | } |
1301 | |
1302 | nl80211_send_port_authorized(rdev: wiphy_to_rdev(wiphy: wdev->wiphy), netdev: wdev->netdev, |
1303 | peer_addr, td_bitmap, td_bitmap_len); |
1304 | } |
1305 | |
1306 | void cfg80211_port_authorized(struct net_device *dev, const u8 *peer_addr, |
1307 | const u8 *td_bitmap, u8 td_bitmap_len, gfp_t gfp) |
1308 | { |
1309 | struct wireless_dev *wdev = dev->ieee80211_ptr; |
1310 | struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy: wdev->wiphy); |
1311 | struct cfg80211_event *ev; |
1312 | unsigned long flags; |
1313 | |
1314 | if (WARN_ON(!peer_addr)) |
1315 | return; |
1316 | |
1317 | ev = kzalloc(size: sizeof(*ev) + td_bitmap_len, flags: gfp); |
1318 | if (!ev) |
1319 | return; |
1320 | |
1321 | ev->type = EVENT_PORT_AUTHORIZED; |
1322 | memcpy(ev->pa.peer_addr, peer_addr, ETH_ALEN); |
1323 | ev->pa.td_bitmap = ((u8 *)ev) + sizeof(*ev); |
1324 | ev->pa.td_bitmap_len = td_bitmap_len; |
1325 | memcpy((void *)ev->pa.td_bitmap, td_bitmap, td_bitmap_len); |
1326 | |
1327 | /* |
1328 | * Use the wdev event list so that if there are pending |
1329 | * connected/roamed events, they will be reported first. |
1330 | */ |
1331 | spin_lock_irqsave(&wdev->event_lock, flags); |
1332 | list_add_tail(new: &ev->list, head: &wdev->event_list); |
1333 | spin_unlock_irqrestore(lock: &wdev->event_lock, flags); |
1334 | queue_work(wq: cfg80211_wq, work: &rdev->event_work); |
1335 | } |
1336 | EXPORT_SYMBOL(cfg80211_port_authorized); |
1337 | |
1338 | void __cfg80211_disconnected(struct net_device *dev, const u8 *ie, |
1339 | size_t ie_len, u16 reason, bool from_ap) |
1340 | { |
1341 | struct wireless_dev *wdev = dev->ieee80211_ptr; |
1342 | struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy: wdev->wiphy); |
1343 | int i; |
1344 | #ifdef CONFIG_CFG80211_WEXT |
1345 | union iwreq_data wrqu; |
1346 | #endif |
1347 | |
1348 | lockdep_assert_wiphy(wdev->wiphy); |
1349 | |
1350 | if (WARN_ON(wdev->iftype != NL80211_IFTYPE_STATION && |
1351 | wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)) |
1352 | return; |
1353 | |
1354 | cfg80211_wdev_release_bsses(wdev); |
1355 | wdev->connected = false; |
1356 | wdev->u.client.ssid_len = 0; |
1357 | wdev->conn_owner_nlportid = 0; |
1358 | kfree_sensitive(objp: wdev->connect_keys); |
1359 | wdev->connect_keys = NULL; |
1360 | |
1361 | nl80211_send_disconnected(rdev, netdev: dev, reason, ie, ie_len, from_ap); |
1362 | |
1363 | /* stop critical protocol if supported */ |
1364 | if (rdev->ops->crit_proto_stop && rdev->crit_proto_nlportid) { |
1365 | rdev->crit_proto_nlportid = 0; |
1366 | rdev_crit_proto_stop(rdev, wdev); |
1367 | } |
1368 | |
1369 | /* |
1370 | * Delete all the keys ... pairwise keys can't really |
1371 | * exist any more anyway, but default keys might. |
1372 | */ |
1373 | if (rdev->ops->del_key) { |
1374 | int max_key_idx = 5; |
1375 | |
1376 | if (wiphy_ext_feature_isset( |
1377 | wiphy: wdev->wiphy, |
1378 | ftidx: NL80211_EXT_FEATURE_BEACON_PROTECTION) || |
1379 | wiphy_ext_feature_isset( |
1380 | wiphy: wdev->wiphy, |
1381 | ftidx: NL80211_EXT_FEATURE_BEACON_PROTECTION_CLIENT)) |
1382 | max_key_idx = 7; |
1383 | for (i = 0; i <= max_key_idx; i++) |
1384 | rdev_del_key(rdev, netdev: dev, link_id: -1, key_index: i, pairwise: false, NULL); |
1385 | } |
1386 | |
1387 | rdev_set_qos_map(rdev, dev, NULL); |
1388 | |
1389 | #ifdef CONFIG_CFG80211_WEXT |
1390 | memset(&wrqu, 0, sizeof(wrqu)); |
1391 | wrqu.ap_addr.sa_family = ARPHRD_ETHER; |
1392 | wireless_send_event(dev, SIOCGIWAP, wrqu: &wrqu, NULL); |
1393 | wdev->wext.connect.ssid_len = 0; |
1394 | #endif |
1395 | |
1396 | schedule_work(work: &cfg80211_disconnect_work); |
1397 | } |
1398 | |
1399 | void cfg80211_disconnected(struct net_device *dev, u16 reason, |
1400 | const u8 *ie, size_t ie_len, |
1401 | bool locally_generated, gfp_t gfp) |
1402 | { |
1403 | struct wireless_dev *wdev = dev->ieee80211_ptr; |
1404 | struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy: wdev->wiphy); |
1405 | struct cfg80211_event *ev; |
1406 | unsigned long flags; |
1407 | |
1408 | ev = kzalloc(size: sizeof(*ev) + ie_len, flags: gfp); |
1409 | if (!ev) |
1410 | return; |
1411 | |
1412 | ev->type = EVENT_DISCONNECTED; |
1413 | ev->dc.ie = ((u8 *)ev) + sizeof(*ev); |
1414 | ev->dc.ie_len = ie_len; |
1415 | memcpy((void *)ev->dc.ie, ie, ie_len); |
1416 | ev->dc.reason = reason; |
1417 | ev->dc.locally_generated = locally_generated; |
1418 | |
1419 | spin_lock_irqsave(&wdev->event_lock, flags); |
1420 | list_add_tail(new: &ev->list, head: &wdev->event_list); |
1421 | spin_unlock_irqrestore(lock: &wdev->event_lock, flags); |
1422 | queue_work(wq: cfg80211_wq, work: &rdev->event_work); |
1423 | } |
1424 | EXPORT_SYMBOL(cfg80211_disconnected); |
1425 | |
1426 | /* |
1427 | * API calls for nl80211/wext compatibility code |
1428 | */ |
1429 | int cfg80211_connect(struct cfg80211_registered_device *rdev, |
1430 | struct net_device *dev, |
1431 | struct cfg80211_connect_params *connect, |
1432 | struct cfg80211_cached_keys *connkeys, |
1433 | const u8 *prev_bssid) |
1434 | { |
1435 | struct wireless_dev *wdev = dev->ieee80211_ptr; |
1436 | int err; |
1437 | |
1438 | lockdep_assert_wiphy(wdev->wiphy); |
1439 | |
1440 | /* |
1441 | * If we have an ssid_len, we're trying to connect or are |
1442 | * already connected, so reject a new SSID unless it's the |
1443 | * same (which is the case for re-association.) |
1444 | */ |
1445 | if (wdev->u.client.ssid_len && |
1446 | (wdev->u.client.ssid_len != connect->ssid_len || |
1447 | memcmp(p: wdev->u.client.ssid, q: connect->ssid, size: wdev->u.client.ssid_len))) |
1448 | return -EALREADY; |
1449 | |
1450 | /* |
1451 | * If connected, reject (re-)association unless prev_bssid |
1452 | * matches the current BSSID. |
1453 | */ |
1454 | if (wdev->connected) { |
1455 | if (!prev_bssid) |
1456 | return -EALREADY; |
1457 | if (!ether_addr_equal(addr1: prev_bssid, |
1458 | addr2: wdev->u.client.connected_addr)) |
1459 | return -ENOTCONN; |
1460 | } |
1461 | |
1462 | /* |
1463 | * Reject if we're in the process of connecting with WEP, |
1464 | * this case isn't very interesting and trying to handle |
1465 | * it would make the code much more complex. |
1466 | */ |
1467 | if (wdev->connect_keys) |
1468 | return -EINPROGRESS; |
1469 | |
1470 | cfg80211_oper_and_ht_capa(ht_capa: &connect->ht_capa_mask, |
1471 | ht_capa_mask: rdev->wiphy.ht_capa_mod_mask); |
1472 | cfg80211_oper_and_vht_capa(vht_capa: &connect->vht_capa_mask, |
1473 | vht_capa_mask: rdev->wiphy.vht_capa_mod_mask); |
1474 | |
1475 | if (connkeys && connkeys->def >= 0) { |
1476 | int idx; |
1477 | u32 cipher; |
1478 | |
1479 | idx = connkeys->def; |
1480 | cipher = connkeys->params[idx].cipher; |
1481 | /* If given a WEP key we may need it for shared key auth */ |
1482 | if (cipher == WLAN_CIPHER_SUITE_WEP40 || |
1483 | cipher == WLAN_CIPHER_SUITE_WEP104) { |
1484 | connect->key_idx = idx; |
1485 | connect->key = connkeys->params[idx].key; |
1486 | connect->key_len = connkeys->params[idx].key_len; |
1487 | |
1488 | /* |
1489 | * If ciphers are not set (e.g. when going through |
1490 | * iwconfig), we have to set them appropriately here. |
1491 | */ |
1492 | if (connect->crypto.cipher_group == 0) |
1493 | connect->crypto.cipher_group = cipher; |
1494 | |
1495 | if (connect->crypto.n_ciphers_pairwise == 0) { |
1496 | connect->crypto.n_ciphers_pairwise = 1; |
1497 | connect->crypto.ciphers_pairwise[0] = cipher; |
1498 | } |
1499 | } |
1500 | } else { |
1501 | if (WARN_ON(connkeys)) |
1502 | return -EINVAL; |
1503 | |
1504 | /* connect can point to wdev->wext.connect which |
1505 | * can hold key data from a previous connection |
1506 | */ |
1507 | connect->key = NULL; |
1508 | connect->key_len = 0; |
1509 | connect->key_idx = 0; |
1510 | } |
1511 | |
1512 | wdev->connect_keys = connkeys; |
1513 | memcpy(wdev->u.client.ssid, connect->ssid, connect->ssid_len); |
1514 | wdev->u.client.ssid_len = connect->ssid_len; |
1515 | |
1516 | wdev->conn_bss_type = connect->pbss ? IEEE80211_BSS_TYPE_PBSS : |
1517 | IEEE80211_BSS_TYPE_ESS; |
1518 | |
1519 | if (!rdev->ops->connect) |
1520 | err = cfg80211_sme_connect(wdev, connect, prev_bssid); |
1521 | else |
1522 | err = rdev_connect(rdev, dev, sme: connect); |
1523 | |
1524 | if (err) { |
1525 | wdev->connect_keys = NULL; |
1526 | /* |
1527 | * This could be reassoc getting refused, don't clear |
1528 | * ssid_len in that case. |
1529 | */ |
1530 | if (!wdev->connected) |
1531 | wdev->u.client.ssid_len = 0; |
1532 | return err; |
1533 | } |
1534 | |
1535 | return 0; |
1536 | } |
1537 | |
1538 | int cfg80211_disconnect(struct cfg80211_registered_device *rdev, |
1539 | struct net_device *dev, u16 reason, bool wextev) |
1540 | { |
1541 | struct wireless_dev *wdev = dev->ieee80211_ptr; |
1542 | int err = 0; |
1543 | |
1544 | lockdep_assert_wiphy(wdev->wiphy); |
1545 | |
1546 | kfree_sensitive(objp: wdev->connect_keys); |
1547 | wdev->connect_keys = NULL; |
1548 | |
1549 | wdev->conn_owner_nlportid = 0; |
1550 | |
1551 | if (wdev->conn) |
1552 | err = cfg80211_sme_disconnect(wdev, reason); |
1553 | else if (!rdev->ops->disconnect) |
1554 | cfg80211_mlme_down(rdev, dev); |
1555 | else if (wdev->u.client.ssid_len) |
1556 | err = rdev_disconnect(rdev, dev, reason_code: reason); |
1557 | |
1558 | /* |
1559 | * Clear ssid_len unless we actually were fully connected, |
1560 | * in which case cfg80211_disconnected() will take care of |
1561 | * this later. |
1562 | */ |
1563 | if (!wdev->connected) |
1564 | wdev->u.client.ssid_len = 0; |
1565 | |
1566 | return err; |
1567 | } |
1568 | |
1569 | /* |
1570 | * Used to clean up after the connection / connection attempt owner socket |
1571 | * disconnects |
1572 | */ |
1573 | void cfg80211_autodisconnect_wk(struct work_struct *work) |
1574 | { |
1575 | struct wireless_dev *wdev = |
1576 | container_of(work, struct wireless_dev, disconnect_wk); |
1577 | struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy: wdev->wiphy); |
1578 | |
1579 | wiphy_lock(wiphy: wdev->wiphy); |
1580 | |
1581 | if (wdev->conn_owner_nlportid) { |
1582 | switch (wdev->iftype) { |
1583 | case NL80211_IFTYPE_ADHOC: |
1584 | cfg80211_leave_ibss(rdev, dev: wdev->netdev, nowext: false); |
1585 | break; |
1586 | case NL80211_IFTYPE_AP: |
1587 | case NL80211_IFTYPE_P2P_GO: |
1588 | cfg80211_stop_ap(rdev, dev: wdev->netdev, link: -1, notify: false); |
1589 | break; |
1590 | case NL80211_IFTYPE_MESH_POINT: |
1591 | cfg80211_leave_mesh(rdev, dev: wdev->netdev); |
1592 | break; |
1593 | case NL80211_IFTYPE_STATION: |
1594 | case NL80211_IFTYPE_P2P_CLIENT: |
1595 | /* |
1596 | * Use disconnect_bssid if still connecting and |
1597 | * ops->disconnect not implemented. Otherwise we can |
1598 | * use cfg80211_disconnect. |
1599 | */ |
1600 | if (rdev->ops->disconnect || wdev->connected) |
1601 | cfg80211_disconnect(rdev, dev: wdev->netdev, |
1602 | reason: WLAN_REASON_DEAUTH_LEAVING, |
1603 | wextev: true); |
1604 | else |
1605 | cfg80211_mlme_deauth(rdev, dev: wdev->netdev, |
1606 | bssid: wdev->disconnect_bssid, |
1607 | NULL, ie_len: 0, |
1608 | reason: WLAN_REASON_DEAUTH_LEAVING, |
1609 | local_state_change: false); |
1610 | break; |
1611 | default: |
1612 | break; |
1613 | } |
1614 | } |
1615 | |
1616 | wiphy_unlock(wiphy: wdev->wiphy); |
1617 | } |
1618 | |