mlme.c 38 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419
  1. // SPDX-License-Identifier: GPL-2.0
  2. /*
  3. * cfg80211 MLME SAP interface
  4. *
  5. * Copyright (c) 2009, Jouni Malinen <j@w1.fi>
  6. * Copyright (c) 2015 Intel Deutschland GmbH
  7. * Copyright (C) 2019-2020, 2022-2025 Intel Corporation
  8. */
  9. #include <linux/kernel.h>
  10. #include <linux/module.h>
  11. #include <linux/etherdevice.h>
  12. #include <linux/netdevice.h>
  13. #include <linux/nl80211.h>
  14. #include <linux/slab.h>
  15. #include <linux/wireless.h>
  16. #include <net/cfg80211.h>
  17. #include <net/iw_handler.h>
  18. #include "core.h"
  19. #include "nl80211.h"
  20. #include "rdev-ops.h"
  21. void cfg80211_rx_assoc_resp(struct net_device *dev,
  22. const struct cfg80211_rx_assoc_resp_data *data)
  23. {
  24. struct wireless_dev *wdev = dev->ieee80211_ptr;
  25. struct wiphy *wiphy = wdev->wiphy;
  26. struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
  27. struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)data->buf;
  28. struct cfg80211_connect_resp_params cr = {
  29. .timeout_reason = NL80211_TIMEOUT_UNSPECIFIED,
  30. .req_ie = data->req_ies,
  31. .req_ie_len = data->req_ies_len,
  32. .resp_ie = mgmt->u.assoc_resp.variable,
  33. .resp_ie_len = data->len -
  34. offsetof(struct ieee80211_mgmt,
  35. u.assoc_resp.variable),
  36. .status = le16_to_cpu(mgmt->u.assoc_resp.status_code),
  37. .ap_mld_addr = data->ap_mld_addr,
  38. };
  39. unsigned int link_id;
  40. for (link_id = 0; link_id < ARRAY_SIZE(data->links); link_id++) {
  41. cr.links[link_id].status = data->links[link_id].status;
  42. cr.links[link_id].bss = data->links[link_id].bss;
  43. WARN_ON_ONCE(cr.links[link_id].status != WLAN_STATUS_SUCCESS &&
  44. (!cr.ap_mld_addr || !cr.links[link_id].bss));
  45. if (!cr.links[link_id].bss)
  46. continue;
  47. cr.links[link_id].bssid = data->links[link_id].bss->bssid;
  48. cr.links[link_id].addr = data->links[link_id].addr;
  49. /* need to have local link addresses for MLO connections */
  50. WARN_ON(cr.ap_mld_addr &&
  51. !is_valid_ether_addr(cr.links[link_id].addr));
  52. BUG_ON(!cr.links[link_id].bss->channel);
  53. if (cr.links[link_id].bss->channel->band == NL80211_BAND_S1GHZ) {
  54. WARN_ON(link_id);
  55. cr.resp_ie = (u8 *)&mgmt->u.s1g_assoc_resp.variable;
  56. cr.resp_ie_len = data->len -
  57. offsetof(struct ieee80211_mgmt,
  58. u.s1g_assoc_resp.variable);
  59. }
  60. if (cr.ap_mld_addr)
  61. cr.valid_links |= BIT(link_id);
  62. }
  63. trace_cfg80211_send_rx_assoc(dev, data);
  64. /*
  65. * This is a bit of a hack, we don't notify userspace of
  66. * a (re-)association reply if we tried to send a reassoc
  67. * and got a reject -- we only try again with an assoc
  68. * frame instead of reassoc.
  69. */
  70. if (cfg80211_sme_rx_assoc_resp(wdev, cr.status)) {
  71. for (link_id = 0; link_id < ARRAY_SIZE(data->links); link_id++) {
  72. struct cfg80211_bss *bss = data->links[link_id].bss;
  73. if (!bss)
  74. continue;
  75. cfg80211_unhold_bss(bss_from_pub(bss));
  76. cfg80211_put_bss(wiphy, bss);
  77. }
  78. return;
  79. }
  80. nl80211_send_rx_assoc(rdev, dev, data);
  81. /* update current_bss etc., consumes the bss reference */
  82. __cfg80211_connect_result(dev, &cr, cr.status == WLAN_STATUS_SUCCESS);
  83. }
  84. EXPORT_SYMBOL(cfg80211_rx_assoc_resp);
  85. static void cfg80211_process_auth(struct wireless_dev *wdev,
  86. const u8 *buf, size_t len)
  87. {
  88. struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
  89. nl80211_send_rx_auth(rdev, wdev->netdev, buf, len, GFP_KERNEL);
  90. cfg80211_sme_rx_auth(wdev, buf, len);
  91. }
  92. static void cfg80211_process_deauth(struct wireless_dev *wdev,
  93. const u8 *buf, size_t len,
  94. bool reconnect)
  95. {
  96. struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
  97. struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)buf;
  98. const u8 *bssid = mgmt->bssid;
  99. u16 reason_code = le16_to_cpu(mgmt->u.deauth.reason_code);
  100. bool from_ap = !ether_addr_equal(mgmt->sa, wdev->netdev->dev_addr);
  101. nl80211_send_deauth(rdev, wdev->netdev, buf, len, reconnect, GFP_KERNEL);
  102. if (!wdev->connected || !ether_addr_equal(wdev->u.client.connected_addr, bssid))
  103. return;
  104. __cfg80211_disconnected(wdev->netdev, NULL, 0, reason_code, from_ap);
  105. cfg80211_sme_deauth(wdev);
  106. }
  107. static void cfg80211_process_disassoc(struct wireless_dev *wdev,
  108. const u8 *buf, size_t len,
  109. bool reconnect)
  110. {
  111. struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
  112. struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)buf;
  113. const u8 *bssid = mgmt->bssid;
  114. u16 reason_code = le16_to_cpu(mgmt->u.disassoc.reason_code);
  115. bool from_ap = !ether_addr_equal(mgmt->sa, wdev->netdev->dev_addr);
  116. nl80211_send_disassoc(rdev, wdev->netdev, buf, len, reconnect,
  117. GFP_KERNEL);
  118. if (WARN_ON(!wdev->connected ||
  119. !ether_addr_equal(wdev->u.client.connected_addr, bssid)))
  120. return;
  121. __cfg80211_disconnected(wdev->netdev, NULL, 0, reason_code, from_ap);
  122. cfg80211_sme_disassoc(wdev);
  123. }
  124. void cfg80211_rx_mlme_mgmt(struct net_device *dev, const u8 *buf, size_t len)
  125. {
  126. struct wireless_dev *wdev = dev->ieee80211_ptr;
  127. struct ieee80211_mgmt *mgmt = (void *)buf;
  128. lockdep_assert_wiphy(wdev->wiphy);
  129. trace_cfg80211_rx_mlme_mgmt(dev, buf, len);
  130. if (WARN_ON(len < 2))
  131. return;
  132. if (ieee80211_is_auth(mgmt->frame_control))
  133. cfg80211_process_auth(wdev, buf, len);
  134. else if (ieee80211_is_deauth(mgmt->frame_control))
  135. cfg80211_process_deauth(wdev, buf, len, false);
  136. else if (ieee80211_is_disassoc(mgmt->frame_control))
  137. cfg80211_process_disassoc(wdev, buf, len, false);
  138. }
  139. EXPORT_SYMBOL(cfg80211_rx_mlme_mgmt);
  140. void cfg80211_auth_timeout(struct net_device *dev, const u8 *addr)
  141. {
  142. struct wireless_dev *wdev = dev->ieee80211_ptr;
  143. struct wiphy *wiphy = wdev->wiphy;
  144. struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
  145. trace_cfg80211_send_auth_timeout(dev, addr);
  146. nl80211_send_auth_timeout(rdev, dev, addr, GFP_KERNEL);
  147. cfg80211_sme_auth_timeout(wdev);
  148. }
  149. EXPORT_SYMBOL(cfg80211_auth_timeout);
  150. void cfg80211_assoc_failure(struct net_device *dev,
  151. struct cfg80211_assoc_failure *data)
  152. {
  153. struct wireless_dev *wdev = dev->ieee80211_ptr;
  154. struct wiphy *wiphy = wdev->wiphy;
  155. struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
  156. const u8 *addr = data->ap_mld_addr ?: data->bss[0]->bssid;
  157. int i;
  158. trace_cfg80211_send_assoc_failure(dev, data);
  159. if (data->timeout) {
  160. nl80211_send_assoc_timeout(rdev, dev, addr, GFP_KERNEL);
  161. cfg80211_sme_assoc_timeout(wdev);
  162. } else {
  163. cfg80211_sme_abandon_assoc(wdev);
  164. }
  165. for (i = 0; i < ARRAY_SIZE(data->bss); i++) {
  166. struct cfg80211_bss *bss = data->bss[i];
  167. if (!bss)
  168. continue;
  169. cfg80211_unhold_bss(bss_from_pub(bss));
  170. cfg80211_put_bss(wiphy, bss);
  171. }
  172. }
  173. EXPORT_SYMBOL(cfg80211_assoc_failure);
  174. void cfg80211_tx_mlme_mgmt(struct net_device *dev, const u8 *buf, size_t len,
  175. bool reconnect)
  176. {
  177. struct wireless_dev *wdev = dev->ieee80211_ptr;
  178. struct ieee80211_mgmt *mgmt = (void *)buf;
  179. lockdep_assert_wiphy(wdev->wiphy);
  180. trace_cfg80211_tx_mlme_mgmt(dev, buf, len, reconnect);
  181. if (WARN_ON(len < 2))
  182. return;
  183. if (ieee80211_is_deauth(mgmt->frame_control))
  184. cfg80211_process_deauth(wdev, buf, len, reconnect);
  185. else
  186. cfg80211_process_disassoc(wdev, buf, len, reconnect);
  187. }
  188. EXPORT_SYMBOL(cfg80211_tx_mlme_mgmt);
  189. void cfg80211_michael_mic_failure(struct net_device *dev, const u8 *addr,
  190. enum nl80211_key_type key_type, int key_id,
  191. const u8 *tsc, gfp_t gfp)
  192. {
  193. struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
  194. struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
  195. #ifdef CONFIG_CFG80211_WEXT
  196. union iwreq_data wrqu;
  197. char *buf = kmalloc(128, gfp);
  198. if (buf) {
  199. memset(&wrqu, 0, sizeof(wrqu));
  200. wrqu.data.length =
  201. sprintf(buf, "MLME-MICHAELMICFAILURE."
  202. "indication(keyid=%d %scast addr=%pM)",
  203. key_id, key_type == NL80211_KEYTYPE_GROUP
  204. ? "broad" : "uni", addr);
  205. wireless_send_event(dev, IWEVCUSTOM, &wrqu, buf);
  206. kfree(buf);
  207. }
  208. #endif
  209. trace_cfg80211_michael_mic_failure(dev, addr, key_type, key_id, tsc);
  210. nl80211_michael_mic_failure(rdev, dev, addr, key_type, key_id, tsc, gfp);
  211. }
  212. EXPORT_SYMBOL(cfg80211_michael_mic_failure);
  213. /* some MLME handling for userspace SME */
  214. int cfg80211_mlme_auth(struct cfg80211_registered_device *rdev,
  215. struct net_device *dev,
  216. struct cfg80211_auth_request *req)
  217. {
  218. struct wireless_dev *wdev = dev->ieee80211_ptr;
  219. lockdep_assert_wiphy(wdev->wiphy);
  220. if (!req->bss)
  221. return -ENOENT;
  222. if (req->link_id >= 0 &&
  223. !(wdev->wiphy->flags & WIPHY_FLAG_SUPPORTS_MLO))
  224. return -EINVAL;
  225. if (req->auth_type == NL80211_AUTHTYPE_SHARED_KEY) {
  226. if (!req->key || !req->key_len ||
  227. req->key_idx < 0 || req->key_idx > 3)
  228. return -EINVAL;
  229. }
  230. if (wdev->connected &&
  231. ether_addr_equal(req->bss->bssid, wdev->u.client.connected_addr))
  232. return -EALREADY;
  233. if (ether_addr_equal(req->bss->bssid, dev->dev_addr) ||
  234. (req->link_id >= 0 &&
  235. ether_addr_equal(req->ap_mld_addr, dev->dev_addr)))
  236. return -EINVAL;
  237. return rdev_auth(rdev, dev, req);
  238. }
  239. /* Do a logical ht_capa &= ht_capa_mask. */
  240. void cfg80211_oper_and_ht_capa(struct ieee80211_ht_cap *ht_capa,
  241. const struct ieee80211_ht_cap *ht_capa_mask)
  242. {
  243. int i;
  244. u8 *p1, *p2;
  245. if (!ht_capa_mask) {
  246. memset(ht_capa, 0, sizeof(*ht_capa));
  247. return;
  248. }
  249. p1 = (u8*)(ht_capa);
  250. p2 = (u8*)(ht_capa_mask);
  251. for (i = 0; i < sizeof(*ht_capa); i++)
  252. p1[i] &= p2[i];
  253. }
  254. /* Do a logical vht_capa &= vht_capa_mask. */
  255. void cfg80211_oper_and_vht_capa(struct ieee80211_vht_cap *vht_capa,
  256. const struct ieee80211_vht_cap *vht_capa_mask)
  257. {
  258. int i;
  259. u8 *p1, *p2;
  260. if (!vht_capa_mask) {
  261. memset(vht_capa, 0, sizeof(*vht_capa));
  262. return;
  263. }
  264. p1 = (u8*)(vht_capa);
  265. p2 = (u8*)(vht_capa_mask);
  266. for (i = 0; i < sizeof(*vht_capa); i++)
  267. p1[i] &= p2[i];
  268. }
  269. static int
  270. cfg80211_mlme_check_mlo_compat(const struct ieee80211_multi_link_elem *mle_a,
  271. const struct ieee80211_multi_link_elem *mle_b,
  272. struct netlink_ext_ack *extack)
  273. {
  274. const struct ieee80211_mle_basic_common_info *common_a, *common_b;
  275. common_a = (const void *)mle_a->variable;
  276. common_b = (const void *)mle_b->variable;
  277. if (memcmp(common_a->mld_mac_addr, common_b->mld_mac_addr, ETH_ALEN)) {
  278. NL_SET_ERR_MSG(extack, "AP MLD address mismatch");
  279. return -EINVAL;
  280. }
  281. if (ieee80211_mle_get_eml_cap((const u8 *)mle_a) !=
  282. ieee80211_mle_get_eml_cap((const u8 *)mle_b)) {
  283. NL_SET_ERR_MSG(extack, "link EML capabilities mismatch");
  284. return -EINVAL;
  285. }
  286. if (ieee80211_mle_get_mld_capa_op((const u8 *)mle_a) !=
  287. ieee80211_mle_get_mld_capa_op((const u8 *)mle_b)) {
  288. NL_SET_ERR_MSG(extack, "link MLD capabilities/ops mismatch");
  289. return -EINVAL;
  290. }
  291. /*
  292. * Only verify the values in Extended MLD Capabilities that are
  293. * not reserved when transmitted by an AP (and expected to remain the
  294. * same over time).
  295. * The Recommended Max Simultaneous Links subfield in particular is
  296. * reserved when included in a unicast Probe Response frame and may
  297. * also change when the AP adds/removes links. The BTM MLD
  298. * Recommendation For Multiple APs Support subfield is reserved when
  299. * transmitted by an AP. All other bits are currently reserved.
  300. * See IEEE P802.11be/D7.0, Table 9-417o.
  301. */
  302. if ((ieee80211_mle_get_ext_mld_capa_op((const u8 *)mle_a) &
  303. (IEEE80211_EHT_ML_EXT_MLD_CAPA_OP_PARAM_UPDATE |
  304. IEEE80211_EHT_ML_EXT_MLD_CAPA_NSTR_UPDATE |
  305. IEEE80211_EHT_ML_EXT_MLD_CAPA_EMLSR_ENA_ON_ONE_LINK)) !=
  306. (ieee80211_mle_get_ext_mld_capa_op((const u8 *)mle_b) &
  307. (IEEE80211_EHT_ML_EXT_MLD_CAPA_OP_PARAM_UPDATE |
  308. IEEE80211_EHT_ML_EXT_MLD_CAPA_NSTR_UPDATE |
  309. IEEE80211_EHT_ML_EXT_MLD_CAPA_EMLSR_ENA_ON_ONE_LINK))) {
  310. NL_SET_ERR_MSG(extack,
  311. "extended link MLD capabilities/ops mismatch");
  312. return -EINVAL;
  313. }
  314. return 0;
  315. }
  316. static int cfg80211_mlme_check_mlo(struct net_device *dev,
  317. struct cfg80211_assoc_request *req,
  318. struct netlink_ext_ack *extack)
  319. {
  320. const struct ieee80211_multi_link_elem *mles[ARRAY_SIZE(req->links)] = {};
  321. int i;
  322. if (req->link_id < 0)
  323. return 0;
  324. if (!req->links[req->link_id].bss) {
  325. NL_SET_ERR_MSG(extack, "no BSS for assoc link");
  326. return -EINVAL;
  327. }
  328. rcu_read_lock();
  329. for (i = 0; i < ARRAY_SIZE(req->links); i++) {
  330. const struct cfg80211_bss_ies *ies;
  331. const struct element *ml;
  332. if (!req->links[i].bss)
  333. continue;
  334. if (ether_addr_equal(req->links[i].bss->bssid, dev->dev_addr)) {
  335. NL_SET_ERR_MSG(extack, "BSSID must not be our address");
  336. req->links[i].error = -EINVAL;
  337. goto error;
  338. }
  339. ies = rcu_dereference(req->links[i].bss->ies);
  340. ml = cfg80211_find_ext_elem(WLAN_EID_EXT_EHT_MULTI_LINK,
  341. ies->data, ies->len);
  342. if (!ml) {
  343. NL_SET_ERR_MSG(extack, "MLO BSS w/o ML element");
  344. req->links[i].error = -EINVAL;
  345. goto error;
  346. }
  347. if (!ieee80211_mle_type_ok(ml->data + 1,
  348. IEEE80211_ML_CONTROL_TYPE_BASIC,
  349. ml->datalen - 1)) {
  350. NL_SET_ERR_MSG(extack, "BSS with invalid ML element");
  351. req->links[i].error = -EINVAL;
  352. goto error;
  353. }
  354. mles[i] = (const void *)(ml->data + 1);
  355. if (ieee80211_mle_get_link_id((const u8 *)mles[i]) != i) {
  356. NL_SET_ERR_MSG(extack, "link ID mismatch");
  357. req->links[i].error = -EINVAL;
  358. goto error;
  359. }
  360. }
  361. if (WARN_ON(!mles[req->link_id]))
  362. goto error;
  363. for (i = 0; i < ARRAY_SIZE(req->links); i++) {
  364. if (i == req->link_id || !req->links[i].bss)
  365. continue;
  366. if (WARN_ON(!mles[i]))
  367. goto error;
  368. if (cfg80211_mlme_check_mlo_compat(mles[req->link_id], mles[i],
  369. extack)) {
  370. req->links[i].error = -EINVAL;
  371. goto error;
  372. }
  373. }
  374. rcu_read_unlock();
  375. return 0;
  376. error:
  377. rcu_read_unlock();
  378. return -EINVAL;
  379. }
  380. /* Note: caller must cfg80211_put_bss() regardless of result */
  381. int cfg80211_mlme_assoc(struct cfg80211_registered_device *rdev,
  382. struct net_device *dev,
  383. struct cfg80211_assoc_request *req,
  384. struct netlink_ext_ack *extack)
  385. {
  386. struct wireless_dev *wdev = dev->ieee80211_ptr;
  387. int err;
  388. lockdep_assert_wiphy(wdev->wiphy);
  389. err = cfg80211_mlme_check_mlo(dev, req, extack);
  390. if (err)
  391. return err;
  392. if (wdev->connected &&
  393. (!req->prev_bssid ||
  394. !ether_addr_equal(wdev->u.client.connected_addr, req->prev_bssid)))
  395. return -EALREADY;
  396. if ((req->bss && ether_addr_equal(req->bss->bssid, dev->dev_addr)) ||
  397. (req->link_id >= 0 &&
  398. ether_addr_equal(req->ap_mld_addr, dev->dev_addr)))
  399. return -EINVAL;
  400. cfg80211_oper_and_ht_capa(&req->ht_capa_mask,
  401. rdev->wiphy.ht_capa_mod_mask);
  402. cfg80211_oper_and_vht_capa(&req->vht_capa_mask,
  403. rdev->wiphy.vht_capa_mod_mask);
  404. err = rdev_assoc(rdev, dev, req);
  405. if (!err) {
  406. int link_id;
  407. if (req->bss) {
  408. cfg80211_ref_bss(&rdev->wiphy, req->bss);
  409. cfg80211_hold_bss(bss_from_pub(req->bss));
  410. }
  411. for (link_id = 0; link_id < ARRAY_SIZE(req->links); link_id++) {
  412. if (!req->links[link_id].bss)
  413. continue;
  414. cfg80211_ref_bss(&rdev->wiphy, req->links[link_id].bss);
  415. cfg80211_hold_bss(bss_from_pub(req->links[link_id].bss));
  416. }
  417. }
  418. return err;
  419. }
  420. int cfg80211_mlme_deauth(struct cfg80211_registered_device *rdev,
  421. struct net_device *dev, const u8 *bssid,
  422. const u8 *ie, int ie_len, u16 reason,
  423. bool local_state_change)
  424. {
  425. struct wireless_dev *wdev = dev->ieee80211_ptr;
  426. struct cfg80211_deauth_request req = {
  427. .bssid = bssid,
  428. .reason_code = reason,
  429. .ie = ie,
  430. .ie_len = ie_len,
  431. .local_state_change = local_state_change,
  432. };
  433. lockdep_assert_wiphy(wdev->wiphy);
  434. if (local_state_change &&
  435. (!wdev->connected ||
  436. !ether_addr_equal(wdev->u.client.connected_addr, bssid)))
  437. return 0;
  438. if (ether_addr_equal(wdev->disconnect_bssid, bssid) ||
  439. (wdev->connected &&
  440. ether_addr_equal(wdev->u.client.connected_addr, bssid)))
  441. wdev->conn_owner_nlportid = 0;
  442. return rdev_deauth(rdev, dev, &req);
  443. }
  444. int cfg80211_mlme_disassoc(struct cfg80211_registered_device *rdev,
  445. struct net_device *dev, const u8 *ap_addr,
  446. const u8 *ie, int ie_len, u16 reason,
  447. bool local_state_change)
  448. {
  449. struct wireless_dev *wdev = dev->ieee80211_ptr;
  450. struct cfg80211_disassoc_request req = {
  451. .reason_code = reason,
  452. .local_state_change = local_state_change,
  453. .ie = ie,
  454. .ie_len = ie_len,
  455. .ap_addr = ap_addr,
  456. };
  457. int err;
  458. lockdep_assert_wiphy(wdev->wiphy);
  459. if (!wdev->connected)
  460. return -ENOTCONN;
  461. if (memcmp(wdev->u.client.connected_addr, ap_addr, ETH_ALEN))
  462. return -ENOTCONN;
  463. err = rdev_disassoc(rdev, dev, &req);
  464. if (err)
  465. return err;
  466. /* driver should have reported the disassoc */
  467. WARN_ON(wdev->connected);
  468. return 0;
  469. }
  470. void cfg80211_mlme_down(struct cfg80211_registered_device *rdev,
  471. struct net_device *dev)
  472. {
  473. struct wireless_dev *wdev = dev->ieee80211_ptr;
  474. u8 bssid[ETH_ALEN];
  475. lockdep_assert_wiphy(wdev->wiphy);
  476. if (!rdev->ops->deauth)
  477. return;
  478. if (!wdev->connected)
  479. return;
  480. memcpy(bssid, wdev->u.client.connected_addr, ETH_ALEN);
  481. cfg80211_mlme_deauth(rdev, dev, bssid, NULL, 0,
  482. WLAN_REASON_DEAUTH_LEAVING, false);
  483. }
  484. struct cfg80211_mgmt_registration {
  485. struct list_head list;
  486. struct wireless_dev *wdev;
  487. u32 nlportid;
  488. int match_len;
  489. __le16 frame_type;
  490. bool multicast_rx;
  491. u8 match[];
  492. };
  493. static void cfg80211_mgmt_registrations_update(struct wireless_dev *wdev)
  494. {
  495. struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
  496. struct wireless_dev *tmp;
  497. struct cfg80211_mgmt_registration *reg;
  498. struct mgmt_frame_regs upd = {};
  499. lockdep_assert_held(&rdev->wiphy.mtx);
  500. spin_lock_bh(&rdev->mgmt_registrations_lock);
  501. if (!wdev->mgmt_registrations_need_update) {
  502. spin_unlock_bh(&rdev->mgmt_registrations_lock);
  503. return;
  504. }
  505. rcu_read_lock();
  506. list_for_each_entry_rcu(tmp, &rdev->wiphy.wdev_list, list) {
  507. list_for_each_entry(reg, &tmp->mgmt_registrations, list) {
  508. u32 mask = BIT(le16_to_cpu(reg->frame_type) >> 4);
  509. u32 mcast_mask = 0;
  510. if (reg->multicast_rx)
  511. mcast_mask = mask;
  512. upd.global_stypes |= mask;
  513. upd.global_mcast_stypes |= mcast_mask;
  514. if (tmp == wdev) {
  515. upd.interface_stypes |= mask;
  516. upd.interface_mcast_stypes |= mcast_mask;
  517. }
  518. }
  519. }
  520. rcu_read_unlock();
  521. wdev->mgmt_registrations_need_update = 0;
  522. spin_unlock_bh(&rdev->mgmt_registrations_lock);
  523. rdev_update_mgmt_frame_registrations(rdev, wdev, &upd);
  524. }
  525. void cfg80211_mgmt_registrations_update_wk(struct work_struct *wk)
  526. {
  527. struct cfg80211_registered_device *rdev;
  528. struct wireless_dev *wdev;
  529. rdev = container_of(wk, struct cfg80211_registered_device,
  530. mgmt_registrations_update_wk);
  531. guard(wiphy)(&rdev->wiphy);
  532. list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list)
  533. cfg80211_mgmt_registrations_update(wdev);
  534. }
  535. int cfg80211_mlme_register_mgmt(struct wireless_dev *wdev, u32 snd_portid,
  536. u16 frame_type, const u8 *match_data,
  537. int match_len, bool multicast_rx,
  538. struct netlink_ext_ack *extack)
  539. {
  540. struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
  541. struct cfg80211_mgmt_registration *reg, *nreg;
  542. int err = 0;
  543. u16 mgmt_type;
  544. bool update_multicast = false;
  545. if (!wdev->wiphy->mgmt_stypes)
  546. return -EOPNOTSUPP;
  547. if ((frame_type & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_MGMT) {
  548. NL_SET_ERR_MSG(extack, "frame type not management");
  549. return -EINVAL;
  550. }
  551. if (frame_type & ~(IEEE80211_FCTL_FTYPE | IEEE80211_FCTL_STYPE)) {
  552. NL_SET_ERR_MSG(extack, "Invalid frame type");
  553. return -EINVAL;
  554. }
  555. mgmt_type = (frame_type & IEEE80211_FCTL_STYPE) >> 4;
  556. if (!(wdev->wiphy->mgmt_stypes[wdev->iftype].rx & BIT(mgmt_type))) {
  557. NL_SET_ERR_MSG(extack,
  558. "Registration to specific type not supported");
  559. return -EINVAL;
  560. }
  561. /*
  562. * To support Pre Association Security Negotiation (PASN), registration
  563. * for authentication frames should be supported. However, as some
  564. * versions of the user space daemons wrongly register to all types of
  565. * authentication frames (which might result in unexpected behavior)
  566. * allow such registration if the request is for a specific
  567. * authentication algorithm number.
  568. */
  569. if (wdev->iftype == NL80211_IFTYPE_STATION &&
  570. (frame_type & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_AUTH &&
  571. !(match_data && match_len >= 2)) {
  572. NL_SET_ERR_MSG(extack,
  573. "Authentication algorithm number required");
  574. return -EINVAL;
  575. }
  576. nreg = kzalloc(sizeof(*reg) + match_len, GFP_KERNEL);
  577. if (!nreg)
  578. return -ENOMEM;
  579. spin_lock_bh(&rdev->mgmt_registrations_lock);
  580. list_for_each_entry(reg, &wdev->mgmt_registrations, list) {
  581. int mlen = min(match_len, reg->match_len);
  582. if (frame_type != le16_to_cpu(reg->frame_type))
  583. continue;
  584. if (memcmp(reg->match, match_data, mlen) == 0) {
  585. if (reg->multicast_rx != multicast_rx) {
  586. update_multicast = true;
  587. reg->multicast_rx = multicast_rx;
  588. break;
  589. }
  590. NL_SET_ERR_MSG(extack, "Match already configured");
  591. err = -EALREADY;
  592. break;
  593. }
  594. }
  595. if (err)
  596. goto out;
  597. if (update_multicast) {
  598. kfree(nreg);
  599. } else {
  600. memcpy(nreg->match, match_data, match_len);
  601. nreg->match_len = match_len;
  602. nreg->nlportid = snd_portid;
  603. nreg->frame_type = cpu_to_le16(frame_type);
  604. nreg->wdev = wdev;
  605. nreg->multicast_rx = multicast_rx;
  606. list_add(&nreg->list, &wdev->mgmt_registrations);
  607. }
  608. wdev->mgmt_registrations_need_update = 1;
  609. spin_unlock_bh(&rdev->mgmt_registrations_lock);
  610. cfg80211_mgmt_registrations_update(wdev);
  611. return 0;
  612. out:
  613. kfree(nreg);
  614. spin_unlock_bh(&rdev->mgmt_registrations_lock);
  615. return err;
  616. }
  617. void cfg80211_mlme_unregister_socket(struct wireless_dev *wdev, u32 nlportid)
  618. {
  619. struct wiphy *wiphy = wdev->wiphy;
  620. struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
  621. struct cfg80211_mgmt_registration *reg, *tmp;
  622. spin_lock_bh(&rdev->mgmt_registrations_lock);
  623. list_for_each_entry_safe(reg, tmp, &wdev->mgmt_registrations, list) {
  624. if (reg->nlportid != nlportid)
  625. continue;
  626. list_del(&reg->list);
  627. kfree(reg);
  628. wdev->mgmt_registrations_need_update = 1;
  629. schedule_work(&rdev->mgmt_registrations_update_wk);
  630. }
  631. spin_unlock_bh(&rdev->mgmt_registrations_lock);
  632. if (nlportid && rdev->crit_proto_nlportid == nlportid) {
  633. rdev->crit_proto_nlportid = 0;
  634. rdev_crit_proto_stop(rdev, wdev);
  635. }
  636. if (nlportid == wdev->ap_unexpected_nlportid)
  637. wdev->ap_unexpected_nlportid = 0;
  638. }
  639. void cfg80211_mlme_purge_registrations(struct wireless_dev *wdev)
  640. {
  641. struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
  642. struct cfg80211_mgmt_registration *reg, *tmp;
  643. spin_lock_bh(&rdev->mgmt_registrations_lock);
  644. list_for_each_entry_safe(reg, tmp, &wdev->mgmt_registrations, list) {
  645. list_del(&reg->list);
  646. kfree(reg);
  647. }
  648. wdev->mgmt_registrations_need_update = 1;
  649. spin_unlock_bh(&rdev->mgmt_registrations_lock);
  650. cfg80211_mgmt_registrations_update(wdev);
  651. }
  652. static bool cfg80211_allowed_address(struct wireless_dev *wdev, const u8 *addr)
  653. {
  654. int i;
  655. for_each_valid_link(wdev, i) {
  656. if (ether_addr_equal(addr, wdev->links[i].addr))
  657. return true;
  658. }
  659. return ether_addr_equal(addr, wdev_address(wdev));
  660. }
  661. static bool cfg80211_allowed_random_address(struct wireless_dev *wdev,
  662. const struct ieee80211_mgmt *mgmt)
  663. {
  664. if (ieee80211_is_auth(mgmt->frame_control) ||
  665. ieee80211_is_deauth(mgmt->frame_control)) {
  666. /* Allow random TA to be used with authentication and
  667. * deauthentication frames if the driver has indicated support.
  668. */
  669. if (wiphy_ext_feature_isset(
  670. wdev->wiphy,
  671. NL80211_EXT_FEATURE_AUTH_AND_DEAUTH_RANDOM_TA))
  672. return true;
  673. } else if (ieee80211_is_action(mgmt->frame_control) &&
  674. mgmt->u.action.category == WLAN_CATEGORY_PUBLIC) {
  675. /* Allow random TA to be used with Public Action frames if the
  676. * driver has indicated support.
  677. */
  678. if (!wdev->connected &&
  679. wiphy_ext_feature_isset(
  680. wdev->wiphy,
  681. NL80211_EXT_FEATURE_MGMT_TX_RANDOM_TA))
  682. return true;
  683. if (wdev->connected &&
  684. wiphy_ext_feature_isset(
  685. wdev->wiphy,
  686. NL80211_EXT_FEATURE_MGMT_TX_RANDOM_TA_CONNECTED))
  687. return true;
  688. }
  689. return false;
  690. }
  691. int cfg80211_mlme_mgmt_tx(struct cfg80211_registered_device *rdev,
  692. struct wireless_dev *wdev,
  693. struct cfg80211_mgmt_tx_params *params, u64 *cookie)
  694. {
  695. const struct ieee80211_mgmt *mgmt;
  696. u16 stype;
  697. lockdep_assert_wiphy(&rdev->wiphy);
  698. if (!wdev->wiphy->mgmt_stypes)
  699. return -EOPNOTSUPP;
  700. if (!rdev->ops->mgmt_tx)
  701. return -EOPNOTSUPP;
  702. if (params->len < 24 + 1)
  703. return -EINVAL;
  704. mgmt = (const struct ieee80211_mgmt *)params->buf;
  705. if (!ieee80211_is_mgmt(mgmt->frame_control) ||
  706. ieee80211_has_order(mgmt->frame_control))
  707. return -EINVAL;
  708. stype = le16_to_cpu(mgmt->frame_control) & IEEE80211_FCTL_STYPE;
  709. if (!(wdev->wiphy->mgmt_stypes[wdev->iftype].tx & BIT(stype >> 4)))
  710. return -EINVAL;
  711. if (ieee80211_is_action(mgmt->frame_control) &&
  712. mgmt->u.action.category != WLAN_CATEGORY_PUBLIC) {
  713. int err = 0;
  714. switch (wdev->iftype) {
  715. case NL80211_IFTYPE_ADHOC:
  716. /*
  717. * check for IBSS DA must be done by driver as
  718. * cfg80211 doesn't track the stations
  719. */
  720. if (!wdev->u.ibss.current_bss ||
  721. !ether_addr_equal(wdev->u.ibss.current_bss->pub.bssid,
  722. mgmt->bssid)) {
  723. err = -ENOTCONN;
  724. break;
  725. }
  726. break;
  727. case NL80211_IFTYPE_STATION:
  728. case NL80211_IFTYPE_P2P_CLIENT:
  729. if (!wdev->connected) {
  730. err = -ENOTCONN;
  731. break;
  732. }
  733. /* FIXME: MLD may address this differently */
  734. if (!ether_addr_equal(wdev->u.client.connected_addr,
  735. mgmt->bssid)) {
  736. err = -ENOTCONN;
  737. break;
  738. }
  739. /* for station, check that DA is the AP */
  740. if (!ether_addr_equal(wdev->u.client.connected_addr,
  741. mgmt->da)) {
  742. err = -ENOTCONN;
  743. break;
  744. }
  745. break;
  746. case NL80211_IFTYPE_AP:
  747. case NL80211_IFTYPE_P2P_GO:
  748. case NL80211_IFTYPE_AP_VLAN:
  749. if (!ether_addr_equal(mgmt->bssid, wdev_address(wdev)) &&
  750. (params->link_id < 0 ||
  751. !ether_addr_equal(mgmt->bssid,
  752. wdev->links[params->link_id].addr)))
  753. err = -EINVAL;
  754. break;
  755. case NL80211_IFTYPE_MESH_POINT:
  756. if (!ether_addr_equal(mgmt->sa, mgmt->bssid)) {
  757. err = -EINVAL;
  758. break;
  759. }
  760. /*
  761. * check for mesh DA must be done by driver as
  762. * cfg80211 doesn't track the stations
  763. */
  764. break;
  765. case NL80211_IFTYPE_P2P_DEVICE:
  766. /*
  767. * fall through, P2P device only supports
  768. * public action frames
  769. */
  770. case NL80211_IFTYPE_NAN:
  771. default:
  772. err = -EOPNOTSUPP;
  773. break;
  774. }
  775. if (err)
  776. return err;
  777. }
  778. if (!cfg80211_allowed_address(wdev, mgmt->sa) &&
  779. !cfg80211_allowed_random_address(wdev, mgmt))
  780. return -EINVAL;
  781. /* Transmit the management frame as requested by user space */
  782. return rdev_mgmt_tx(rdev, wdev, params, cookie);
  783. }
  784. bool cfg80211_rx_mgmt_ext(struct wireless_dev *wdev,
  785. struct cfg80211_rx_info *info)
  786. {
  787. struct wiphy *wiphy = wdev->wiphy;
  788. struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
  789. struct cfg80211_mgmt_registration *reg;
  790. const struct ieee80211_txrx_stypes *stypes =
  791. &wiphy->mgmt_stypes[wdev->iftype];
  792. struct ieee80211_mgmt *mgmt = (void *)info->buf;
  793. const u8 *data;
  794. int data_len;
  795. bool result = false;
  796. __le16 ftype = mgmt->frame_control &
  797. cpu_to_le16(IEEE80211_FCTL_FTYPE | IEEE80211_FCTL_STYPE);
  798. u16 stype;
  799. trace_cfg80211_rx_mgmt(wdev, info);
  800. stype = (le16_to_cpu(mgmt->frame_control) & IEEE80211_FCTL_STYPE) >> 4;
  801. if (!(stypes->rx & BIT(stype))) {
  802. trace_cfg80211_return_bool(false);
  803. return false;
  804. }
  805. data = info->buf + ieee80211_hdrlen(mgmt->frame_control);
  806. data_len = info->len - ieee80211_hdrlen(mgmt->frame_control);
  807. spin_lock_bh(&rdev->mgmt_registrations_lock);
  808. list_for_each_entry(reg, &wdev->mgmt_registrations, list) {
  809. if (reg->frame_type != ftype)
  810. continue;
  811. if (reg->match_len > data_len)
  812. continue;
  813. if (memcmp(reg->match, data, reg->match_len))
  814. continue;
  815. /* found match! */
  816. /* Indicate the received Action frame to user space */
  817. if (nl80211_send_mgmt(rdev, wdev, reg->nlportid, info,
  818. GFP_ATOMIC))
  819. continue;
  820. result = true;
  821. break;
  822. }
  823. spin_unlock_bh(&rdev->mgmt_registrations_lock);
  824. trace_cfg80211_return_bool(result);
  825. return result;
  826. }
  827. EXPORT_SYMBOL(cfg80211_rx_mgmt_ext);
  828. void cfg80211_sched_dfs_chan_update(struct cfg80211_registered_device *rdev)
  829. {
  830. cancel_delayed_work(&rdev->dfs_update_channels_wk);
  831. queue_delayed_work(cfg80211_wq, &rdev->dfs_update_channels_wk, 0);
  832. }
  833. void cfg80211_dfs_channels_update_work(struct work_struct *work)
  834. {
  835. struct delayed_work *delayed_work = to_delayed_work(work);
  836. struct cfg80211_registered_device *rdev;
  837. struct cfg80211_chan_def chandef;
  838. struct ieee80211_supported_band *sband;
  839. struct ieee80211_channel *c;
  840. struct wiphy *wiphy;
  841. bool check_again = false;
  842. unsigned long timeout, next_time = 0;
  843. unsigned long time_dfs_update;
  844. enum nl80211_radar_event radar_event;
  845. int bandid, i;
  846. rdev = container_of(delayed_work, struct cfg80211_registered_device,
  847. dfs_update_channels_wk);
  848. wiphy = &rdev->wiphy;
  849. rtnl_lock();
  850. for (bandid = 0; bandid < NUM_NL80211_BANDS; bandid++) {
  851. sband = wiphy->bands[bandid];
  852. if (!sband)
  853. continue;
  854. for (i = 0; i < sband->n_channels; i++) {
  855. c = &sband->channels[i];
  856. if (!(c->flags & IEEE80211_CHAN_RADAR))
  857. continue;
  858. if (c->dfs_state != NL80211_DFS_UNAVAILABLE &&
  859. c->dfs_state != NL80211_DFS_AVAILABLE)
  860. continue;
  861. if (c->dfs_state == NL80211_DFS_UNAVAILABLE) {
  862. time_dfs_update = IEEE80211_DFS_MIN_NOP_TIME_MS;
  863. radar_event = NL80211_RADAR_NOP_FINISHED;
  864. } else {
  865. if (regulatory_pre_cac_allowed(wiphy) ||
  866. cfg80211_any_wiphy_oper_chan(wiphy, c))
  867. continue;
  868. time_dfs_update = REG_PRE_CAC_EXPIRY_GRACE_MS;
  869. radar_event = NL80211_RADAR_PRE_CAC_EXPIRED;
  870. }
  871. timeout = c->dfs_state_entered +
  872. msecs_to_jiffies(time_dfs_update);
  873. if (time_after_eq(jiffies, timeout)) {
  874. c->dfs_state = NL80211_DFS_USABLE;
  875. c->dfs_state_entered = jiffies;
  876. cfg80211_chandef_create(&chandef, c,
  877. NL80211_CHAN_NO_HT);
  878. nl80211_radar_notify(rdev, &chandef,
  879. radar_event, NULL,
  880. GFP_ATOMIC);
  881. regulatory_propagate_dfs_state(wiphy, &chandef,
  882. c->dfs_state,
  883. radar_event);
  884. continue;
  885. }
  886. if (!check_again)
  887. next_time = timeout - jiffies;
  888. else
  889. next_time = min(next_time, timeout - jiffies);
  890. check_again = true;
  891. }
  892. }
  893. rtnl_unlock();
  894. /* reschedule if there are other channels waiting to be cleared again */
  895. if (check_again)
  896. queue_delayed_work(cfg80211_wq, &rdev->dfs_update_channels_wk,
  897. next_time);
  898. }
  899. void __cfg80211_radar_event(struct wiphy *wiphy,
  900. struct cfg80211_chan_def *chandef,
  901. bool offchan, gfp_t gfp)
  902. {
  903. struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
  904. trace_cfg80211_radar_event(wiphy, chandef, offchan);
  905. /* only set the chandef supplied channel to unavailable, in
  906. * case the radar is detected on only one of multiple channels
  907. * spanned by the chandef.
  908. */
  909. cfg80211_set_dfs_state(wiphy, chandef, NL80211_DFS_UNAVAILABLE);
  910. if (offchan)
  911. queue_work(cfg80211_wq, &rdev->background_cac_abort_wk);
  912. cfg80211_sched_dfs_chan_update(rdev);
  913. nl80211_radar_notify(rdev, chandef, NL80211_RADAR_DETECTED, NULL, gfp);
  914. memcpy(&rdev->radar_chandef, chandef, sizeof(struct cfg80211_chan_def));
  915. queue_work(cfg80211_wq, &rdev->propagate_radar_detect_wk);
  916. }
  917. EXPORT_SYMBOL(__cfg80211_radar_event);
  918. void cfg80211_cac_event(struct net_device *netdev,
  919. const struct cfg80211_chan_def *chandef,
  920. enum nl80211_radar_event event, gfp_t gfp,
  921. unsigned int link_id)
  922. {
  923. struct wireless_dev *wdev = netdev->ieee80211_ptr;
  924. struct wiphy *wiphy = wdev->wiphy;
  925. struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
  926. unsigned long timeout;
  927. if (WARN_ON(wdev->valid_links &&
  928. !(wdev->valid_links & BIT(link_id))))
  929. return;
  930. trace_cfg80211_cac_event(netdev, event, link_id);
  931. if (WARN_ON(!wdev->links[link_id].cac_started &&
  932. event != NL80211_RADAR_CAC_STARTED))
  933. return;
  934. switch (event) {
  935. case NL80211_RADAR_CAC_FINISHED:
  936. timeout = wdev->links[link_id].cac_start_time +
  937. msecs_to_jiffies(wdev->links[link_id].cac_time_ms);
  938. WARN_ON(!time_after_eq(jiffies, timeout));
  939. cfg80211_set_dfs_state(wiphy, chandef, NL80211_DFS_AVAILABLE);
  940. memcpy(&rdev->cac_done_chandef, chandef,
  941. sizeof(struct cfg80211_chan_def));
  942. queue_work(cfg80211_wq, &rdev->propagate_cac_done_wk);
  943. cfg80211_sched_dfs_chan_update(rdev);
  944. fallthrough;
  945. case NL80211_RADAR_CAC_ABORTED:
  946. wdev->links[link_id].cac_started = false;
  947. break;
  948. case NL80211_RADAR_CAC_STARTED:
  949. wdev->links[link_id].cac_started = true;
  950. break;
  951. default:
  952. WARN_ON(1);
  953. return;
  954. }
  955. nl80211_radar_notify(rdev, chandef, event, netdev, gfp);
  956. }
  957. EXPORT_SYMBOL(cfg80211_cac_event);
  958. static void
  959. __cfg80211_background_cac_event(struct cfg80211_registered_device *rdev,
  960. struct wireless_dev *wdev,
  961. const struct cfg80211_chan_def *chandef,
  962. enum nl80211_radar_event event)
  963. {
  964. struct wiphy *wiphy = &rdev->wiphy;
  965. struct net_device *netdev;
  966. lockdep_assert_wiphy(&rdev->wiphy);
  967. if (!cfg80211_chandef_valid(chandef))
  968. return;
  969. if (!rdev->background_radar_wdev)
  970. return;
  971. switch (event) {
  972. case NL80211_RADAR_CAC_FINISHED:
  973. cfg80211_set_dfs_state(wiphy, chandef, NL80211_DFS_AVAILABLE);
  974. memcpy(&rdev->cac_done_chandef, chandef, sizeof(*chandef));
  975. queue_work(cfg80211_wq, &rdev->propagate_cac_done_wk);
  976. cfg80211_sched_dfs_chan_update(rdev);
  977. wdev = rdev->background_radar_wdev;
  978. break;
  979. case NL80211_RADAR_CAC_ABORTED:
  980. if (!cancel_delayed_work(&rdev->background_cac_done_wk))
  981. return;
  982. wdev = rdev->background_radar_wdev;
  983. break;
  984. case NL80211_RADAR_CAC_STARTED:
  985. break;
  986. default:
  987. return;
  988. }
  989. netdev = wdev ? wdev->netdev : NULL;
  990. nl80211_radar_notify(rdev, chandef, event, netdev, GFP_KERNEL);
  991. }
  992. static void
  993. cfg80211_background_cac_event(struct cfg80211_registered_device *rdev,
  994. const struct cfg80211_chan_def *chandef,
  995. enum nl80211_radar_event event)
  996. {
  997. guard(wiphy)(&rdev->wiphy);
  998. __cfg80211_background_cac_event(rdev, rdev->background_radar_wdev,
  999. chandef, event);
  1000. }
  1001. void cfg80211_background_cac_done_wk(struct work_struct *work)
  1002. {
  1003. struct delayed_work *delayed_work = to_delayed_work(work);
  1004. struct cfg80211_registered_device *rdev;
  1005. rdev = container_of(delayed_work, struct cfg80211_registered_device,
  1006. background_cac_done_wk);
  1007. cfg80211_background_cac_event(rdev, &rdev->background_radar_chandef,
  1008. NL80211_RADAR_CAC_FINISHED);
  1009. }
  1010. void cfg80211_background_cac_abort_wk(struct work_struct *work)
  1011. {
  1012. struct cfg80211_registered_device *rdev;
  1013. rdev = container_of(work, struct cfg80211_registered_device,
  1014. background_cac_abort_wk);
  1015. cfg80211_background_cac_event(rdev, &rdev->background_radar_chandef,
  1016. NL80211_RADAR_CAC_ABORTED);
  1017. }
  1018. void cfg80211_background_cac_abort(struct wiphy *wiphy)
  1019. {
  1020. struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
  1021. queue_work(cfg80211_wq, &rdev->background_cac_abort_wk);
  1022. }
  1023. EXPORT_SYMBOL(cfg80211_background_cac_abort);
  1024. int
  1025. cfg80211_start_background_radar_detection(struct cfg80211_registered_device *rdev,
  1026. struct wireless_dev *wdev,
  1027. struct cfg80211_chan_def *chandef)
  1028. {
  1029. unsigned int cac_time_ms;
  1030. int err;
  1031. lockdep_assert_wiphy(&rdev->wiphy);
  1032. if (!wiphy_ext_feature_isset(&rdev->wiphy,
  1033. NL80211_EXT_FEATURE_RADAR_BACKGROUND))
  1034. return -EOPNOTSUPP;
  1035. /* Offchannel chain already locked by another wdev */
  1036. if (rdev->background_radar_wdev && rdev->background_radar_wdev != wdev)
  1037. return -EBUSY;
  1038. /* CAC already in progress on the offchannel chain */
  1039. if (rdev->background_radar_wdev == wdev &&
  1040. delayed_work_pending(&rdev->background_cac_done_wk))
  1041. return -EBUSY;
  1042. err = rdev_set_radar_background(rdev, chandef);
  1043. if (err)
  1044. return err;
  1045. cac_time_ms = cfg80211_chandef_dfs_cac_time(&rdev->wiphy, chandef);
  1046. if (!cac_time_ms)
  1047. cac_time_ms = IEEE80211_DFS_MIN_CAC_TIME_MS;
  1048. rdev->background_radar_chandef = *chandef;
  1049. rdev->background_radar_wdev = wdev; /* Get offchain ownership */
  1050. __cfg80211_background_cac_event(rdev, wdev, chandef,
  1051. NL80211_RADAR_CAC_STARTED);
  1052. queue_delayed_work(cfg80211_wq, &rdev->background_cac_done_wk,
  1053. msecs_to_jiffies(cac_time_ms));
  1054. return 0;
  1055. }
  1056. void cfg80211_stop_radar_detection(struct wireless_dev *wdev)
  1057. {
  1058. struct wiphy *wiphy = wdev->wiphy;
  1059. struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
  1060. int link_id;
  1061. for_each_valid_link(wdev, link_id) {
  1062. struct cfg80211_chan_def chandef;
  1063. if (!wdev->links[link_id].cac_started)
  1064. continue;
  1065. chandef = *wdev_chandef(wdev, link_id);
  1066. rdev_end_cac(rdev, wdev->netdev, link_id);
  1067. nl80211_radar_notify(rdev, &chandef, NL80211_RADAR_CAC_ABORTED,
  1068. wdev->netdev, GFP_KERNEL);
  1069. }
  1070. }
  1071. void cfg80211_stop_background_radar_detection(struct wireless_dev *wdev)
  1072. {
  1073. struct wiphy *wiphy = wdev->wiphy;
  1074. struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
  1075. lockdep_assert_wiphy(wiphy);
  1076. if (wdev != rdev->background_radar_wdev)
  1077. return;
  1078. rdev_set_radar_background(rdev, NULL);
  1079. rdev->background_radar_wdev = NULL; /* Release offchain ownership */
  1080. __cfg80211_background_cac_event(rdev, wdev,
  1081. &rdev->background_radar_chandef,
  1082. NL80211_RADAR_CAC_ABORTED);
  1083. }
  1084. int cfg80211_assoc_ml_reconf(struct cfg80211_registered_device *rdev,
  1085. struct net_device *dev,
  1086. struct cfg80211_ml_reconf_req *req)
  1087. {
  1088. struct wireless_dev *wdev = dev->ieee80211_ptr;
  1089. int err;
  1090. lockdep_assert_wiphy(wdev->wiphy);
  1091. err = rdev_assoc_ml_reconf(rdev, dev, req);
  1092. if (!err) {
  1093. int link_id;
  1094. for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS;
  1095. link_id++) {
  1096. if (!req->add_links[link_id].bss)
  1097. continue;
  1098. cfg80211_ref_bss(&rdev->wiphy, req->add_links[link_id].bss);
  1099. cfg80211_hold_bss(bss_from_pub(req->add_links[link_id].bss));
  1100. }
  1101. }
  1102. return err;
  1103. }
  1104. void cfg80211_mlo_reconf_add_done(struct net_device *dev,
  1105. struct cfg80211_mlo_reconf_done_data *data)
  1106. {
  1107. struct wireless_dev *wdev = dev->ieee80211_ptr;
  1108. struct wiphy *wiphy = wdev->wiphy;
  1109. int link_id;
  1110. lockdep_assert_wiphy(wiphy);
  1111. trace_cfg80211_mlo_reconf_add_done(dev, data->added_links,
  1112. data->buf, data->len,
  1113. data->driver_initiated);
  1114. if (WARN_ON(!wdev->valid_links))
  1115. return;
  1116. if (WARN_ON(wdev->iftype != NL80211_IFTYPE_STATION &&
  1117. wdev->iftype != NL80211_IFTYPE_P2P_CLIENT))
  1118. return;
  1119. /* validate that a BSS is given for each added link */
  1120. for (link_id = 0; link_id < ARRAY_SIZE(data->links); link_id++) {
  1121. struct cfg80211_bss *bss = data->links[link_id].bss;
  1122. if (!(data->added_links & BIT(link_id)))
  1123. continue;
  1124. if (WARN_ON(!bss))
  1125. return;
  1126. }
  1127. for (link_id = 0; link_id < ARRAY_SIZE(data->links); link_id++) {
  1128. struct cfg80211_bss *bss = data->links[link_id].bss;
  1129. if (!bss)
  1130. continue;
  1131. if (data->added_links & BIT(link_id)) {
  1132. wdev->links[link_id].client.current_bss =
  1133. bss_from_pub(bss);
  1134. if (data->driver_initiated)
  1135. cfg80211_hold_bss(bss_from_pub(bss));
  1136. memcpy(wdev->links[link_id].addr,
  1137. data->links[link_id].addr,
  1138. ETH_ALEN);
  1139. } else {
  1140. if (!data->driver_initiated)
  1141. cfg80211_unhold_bss(bss_from_pub(bss));
  1142. cfg80211_put_bss(wiphy, bss);
  1143. }
  1144. }
  1145. wdev->valid_links |= data->added_links;
  1146. nl80211_mlo_reconf_add_done(dev, data);
  1147. }
  1148. EXPORT_SYMBOL(cfg80211_mlo_reconf_add_done);