1 // SPDX-License-Identifier: GPL-2.0
3 * cfg80211 MLME SAP interface
5 * Copyright (c) 2009, Jouni Malinen <j@w1.fi>
6 * Copyright (c) 2015 Intel Deutschland GmbH
7 * Copyright (C) 2019-2020 Intel Corporation
10 #include <linux/kernel.h>
11 #include <linux/module.h>
12 #include <linux/etherdevice.h>
13 #include <linux/netdevice.h>
14 #include <linux/nl80211.h>
15 #include <linux/slab.h>
16 #include <linux/wireless.h>
17 #include <net/cfg80211.h>
18 #include <net/iw_handler.h>
24 void cfg80211_rx_assoc_resp(struct net_device *dev,
25 struct cfg80211_rx_assoc_resp *data)
27 struct wireless_dev *wdev = dev->ieee80211_ptr;
28 struct wiphy *wiphy = wdev->wiphy;
29 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
30 struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)data->buf;
31 struct cfg80211_connect_resp_params cr = {
32 .timeout_reason = NL80211_TIMEOUT_UNSPECIFIED,
33 .req_ie = data->req_ies,
34 .req_ie_len = data->req_ies_len,
35 .resp_ie = mgmt->u.assoc_resp.variable,
36 .resp_ie_len = data->len -
37 offsetof(struct ieee80211_mgmt,
38 u.assoc_resp.variable),
39 .status = le16_to_cpu(mgmt->u.assoc_resp.status_code),
40 .ap_mld_addr = data->ap_mld_addr,
44 for (link_id = 0; link_id < ARRAY_SIZE(data->links); link_id++) {
45 cr.links[link_id].bss = data->links[link_id].bss;
46 if (!cr.links[link_id].bss)
48 cr.links[link_id].bssid = data->links[link_id].bss->bssid;
49 cr.links[link_id].addr = data->links[link_id].addr;
50 /* need to have local link addresses for MLO connections */
51 WARN_ON(cr.ap_mld_addr && !cr.links[link_id].addr);
53 if (cr.links[link_id].bss->channel->band == NL80211_BAND_S1GHZ) {
55 cr.resp_ie = (u8 *)&mgmt->u.s1g_assoc_resp.variable;
56 cr.resp_ie_len = data->len -
57 offsetof(struct ieee80211_mgmt,
58 u.s1g_assoc_resp.variable);
62 cr.valid_links |= BIT(link_id);
65 trace_cfg80211_send_rx_assoc(dev, data);
68 * This is a bit of a hack, we don't notify userspace of
69 * a (re-)association reply if we tried to send a reassoc
70 * and got a reject -- we only try again with an assoc
71 * frame instead of reassoc.
73 if (cfg80211_sme_rx_assoc_resp(wdev, cr.status)) {
74 for (link_id = 0; link_id < ARRAY_SIZE(data->links); link_id++) {
75 struct cfg80211_bss *bss = data->links[link_id].bss;
80 cfg80211_unhold_bss(bss_from_pub(bss));
81 cfg80211_put_bss(wiphy, bss);
86 nl80211_send_rx_assoc(rdev, dev, data);
87 /* update current_bss etc., consumes the bss reference */
88 __cfg80211_connect_result(dev, &cr, cr.status == WLAN_STATUS_SUCCESS);
90 EXPORT_SYMBOL(cfg80211_rx_assoc_resp);
92 static void cfg80211_process_auth(struct wireless_dev *wdev,
93 const u8 *buf, size_t len)
95 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
97 nl80211_send_rx_auth(rdev, wdev->netdev, buf, len, GFP_KERNEL);
98 cfg80211_sme_rx_auth(wdev, buf, len);
101 static void cfg80211_process_deauth(struct wireless_dev *wdev,
102 const u8 *buf, size_t len,
105 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
106 struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)buf;
107 const u8 *bssid = mgmt->bssid;
108 u16 reason_code = le16_to_cpu(mgmt->u.deauth.reason_code);
109 bool from_ap = !ether_addr_equal(mgmt->sa, wdev->netdev->dev_addr);
111 nl80211_send_deauth(rdev, wdev->netdev, buf, len, reconnect, GFP_KERNEL);
113 if (!wdev->connected || !ether_addr_equal(wdev->u.client.connected_addr, bssid))
116 __cfg80211_disconnected(wdev->netdev, NULL, 0, reason_code, from_ap);
117 cfg80211_sme_deauth(wdev);
120 static void cfg80211_process_disassoc(struct wireless_dev *wdev,
121 const u8 *buf, size_t len,
124 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
125 struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)buf;
126 const u8 *bssid = mgmt->bssid;
127 u16 reason_code = le16_to_cpu(mgmt->u.disassoc.reason_code);
128 bool from_ap = !ether_addr_equal(mgmt->sa, wdev->netdev->dev_addr);
130 nl80211_send_disassoc(rdev, wdev->netdev, buf, len, reconnect,
133 if (WARN_ON(!wdev->connected ||
134 !ether_addr_equal(wdev->u.client.connected_addr, bssid)))
137 __cfg80211_disconnected(wdev->netdev, NULL, 0, reason_code, from_ap);
138 cfg80211_sme_disassoc(wdev);
141 void cfg80211_rx_mlme_mgmt(struct net_device *dev, const u8 *buf, size_t len)
143 struct wireless_dev *wdev = dev->ieee80211_ptr;
144 struct ieee80211_mgmt *mgmt = (void *)buf;
146 ASSERT_WDEV_LOCK(wdev);
148 trace_cfg80211_rx_mlme_mgmt(dev, buf, len);
150 if (WARN_ON(len < 2))
153 if (ieee80211_is_auth(mgmt->frame_control))
154 cfg80211_process_auth(wdev, buf, len);
155 else if (ieee80211_is_deauth(mgmt->frame_control))
156 cfg80211_process_deauth(wdev, buf, len, false);
157 else if (ieee80211_is_disassoc(mgmt->frame_control))
158 cfg80211_process_disassoc(wdev, buf, len, false);
160 EXPORT_SYMBOL(cfg80211_rx_mlme_mgmt);
162 void cfg80211_auth_timeout(struct net_device *dev, const u8 *addr)
164 struct wireless_dev *wdev = dev->ieee80211_ptr;
165 struct wiphy *wiphy = wdev->wiphy;
166 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
168 trace_cfg80211_send_auth_timeout(dev, addr);
170 nl80211_send_auth_timeout(rdev, dev, addr, GFP_KERNEL);
171 cfg80211_sme_auth_timeout(wdev);
173 EXPORT_SYMBOL(cfg80211_auth_timeout);
175 void cfg80211_assoc_failure(struct net_device *dev,
176 struct cfg80211_assoc_failure *data)
178 struct wireless_dev *wdev = dev->ieee80211_ptr;
179 struct wiphy *wiphy = wdev->wiphy;
180 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
181 const u8 *addr = data->ap_mld_addr ?: data->bss[0]->bssid;
184 trace_cfg80211_send_assoc_failure(dev, data);
187 nl80211_send_assoc_timeout(rdev, dev, addr, GFP_KERNEL);
188 cfg80211_sme_assoc_timeout(wdev);
190 cfg80211_sme_abandon_assoc(wdev);
193 for (i = 0; i < ARRAY_SIZE(data->bss); i++) {
194 struct cfg80211_bss *bss = data->bss[i];
199 cfg80211_unhold_bss(bss_from_pub(bss));
200 cfg80211_put_bss(wiphy, bss);
203 EXPORT_SYMBOL(cfg80211_assoc_failure);
205 void cfg80211_tx_mlme_mgmt(struct net_device *dev, const u8 *buf, size_t len,
208 struct wireless_dev *wdev = dev->ieee80211_ptr;
209 struct ieee80211_mgmt *mgmt = (void *)buf;
211 ASSERT_WDEV_LOCK(wdev);
213 trace_cfg80211_tx_mlme_mgmt(dev, buf, len, reconnect);
215 if (WARN_ON(len < 2))
218 if (ieee80211_is_deauth(mgmt->frame_control))
219 cfg80211_process_deauth(wdev, buf, len, reconnect);
221 cfg80211_process_disassoc(wdev, buf, len, reconnect);
223 EXPORT_SYMBOL(cfg80211_tx_mlme_mgmt);
225 void cfg80211_michael_mic_failure(struct net_device *dev, const u8 *addr,
226 enum nl80211_key_type key_type, int key_id,
227 const u8 *tsc, gfp_t gfp)
229 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
230 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
231 #ifdef CONFIG_CFG80211_WEXT
232 union iwreq_data wrqu;
233 char *buf = kmalloc(128, gfp);
236 sprintf(buf, "MLME-MICHAELMICFAILURE.indication("
237 "keyid=%d %scast addr=%pM)", key_id,
238 key_type == NL80211_KEYTYPE_GROUP ? "broad" : "uni",
240 memset(&wrqu, 0, sizeof(wrqu));
241 wrqu.data.length = strlen(buf);
242 wireless_send_event(dev, IWEVCUSTOM, &wrqu, buf);
247 trace_cfg80211_michael_mic_failure(dev, addr, key_type, key_id, tsc);
248 nl80211_michael_mic_failure(rdev, dev, addr, key_type, key_id, tsc, gfp);
250 EXPORT_SYMBOL(cfg80211_michael_mic_failure);
252 /* some MLME handling for userspace SME */
253 int cfg80211_mlme_auth(struct cfg80211_registered_device *rdev,
254 struct net_device *dev,
255 struct cfg80211_auth_request *req)
257 struct wireless_dev *wdev = dev->ieee80211_ptr;
259 ASSERT_WDEV_LOCK(wdev);
264 if (req->link_id >= 0 &&
265 !(wdev->wiphy->flags & WIPHY_FLAG_SUPPORTS_MLO))
268 if (req->auth_type == NL80211_AUTHTYPE_SHARED_KEY) {
269 if (!req->key || !req->key_len ||
270 req->key_idx < 0 || req->key_idx > 3)
274 if (wdev->connected &&
275 ether_addr_equal(req->bss->bssid, wdev->u.client.connected_addr))
278 return rdev_auth(rdev, dev, req);
281 /* Do a logical ht_capa &= ht_capa_mask. */
282 void cfg80211_oper_and_ht_capa(struct ieee80211_ht_cap *ht_capa,
283 const struct ieee80211_ht_cap *ht_capa_mask)
288 memset(ht_capa, 0, sizeof(*ht_capa));
293 p2 = (u8*)(ht_capa_mask);
294 for (i = 0; i < sizeof(*ht_capa); i++)
298 /* Do a logical vht_capa &= vht_capa_mask. */
299 void cfg80211_oper_and_vht_capa(struct ieee80211_vht_cap *vht_capa,
300 const struct ieee80211_vht_cap *vht_capa_mask)
304 if (!vht_capa_mask) {
305 memset(vht_capa, 0, sizeof(*vht_capa));
309 p1 = (u8*)(vht_capa);
310 p2 = (u8*)(vht_capa_mask);
311 for (i = 0; i < sizeof(*vht_capa); i++)
315 /* Note: caller must cfg80211_put_bss() regardless of result */
316 int cfg80211_mlme_assoc(struct cfg80211_registered_device *rdev,
317 struct net_device *dev,
318 struct cfg80211_assoc_request *req)
320 struct wireless_dev *wdev = dev->ieee80211_ptr;
323 ASSERT_WDEV_LOCK(wdev);
325 for (i = 1; i < ARRAY_SIZE(req->links); i++) {
326 if (!req->links[i].bss)
328 for (j = 0; j < i; j++) {
329 if (req->links[i].bss == req->links[j].bss)
334 if (wdev->connected &&
336 !ether_addr_equal(wdev->u.client.connected_addr, req->prev_bssid)))
339 cfg80211_oper_and_ht_capa(&req->ht_capa_mask,
340 rdev->wiphy.ht_capa_mod_mask);
341 cfg80211_oper_and_vht_capa(&req->vht_capa_mask,
342 rdev->wiphy.vht_capa_mod_mask);
344 err = rdev_assoc(rdev, dev, req);
349 cfg80211_ref_bss(&rdev->wiphy, req->bss);
350 cfg80211_hold_bss(bss_from_pub(req->bss));
353 for (link_id = 0; link_id < ARRAY_SIZE(req->links); link_id++) {
354 if (!req->links[link_id].bss)
356 cfg80211_ref_bss(&rdev->wiphy, req->links[link_id].bss);
357 cfg80211_hold_bss(bss_from_pub(req->links[link_id].bss));
363 int cfg80211_mlme_deauth(struct cfg80211_registered_device *rdev,
364 struct net_device *dev, const u8 *bssid,
365 const u8 *ie, int ie_len, u16 reason,
366 bool local_state_change)
368 struct wireless_dev *wdev = dev->ieee80211_ptr;
369 struct cfg80211_deauth_request req = {
371 .reason_code = reason,
374 .local_state_change = local_state_change,
377 ASSERT_WDEV_LOCK(wdev);
379 if (local_state_change &&
381 !ether_addr_equal(wdev->u.client.connected_addr, bssid)))
384 if (ether_addr_equal(wdev->disconnect_bssid, bssid) ||
386 ether_addr_equal(wdev->u.client.connected_addr, bssid)))
387 wdev->conn_owner_nlportid = 0;
389 return rdev_deauth(rdev, dev, &req);
392 int cfg80211_mlme_disassoc(struct cfg80211_registered_device *rdev,
393 struct net_device *dev, const u8 *ap_addr,
394 const u8 *ie, int ie_len, u16 reason,
395 bool local_state_change)
397 struct wireless_dev *wdev = dev->ieee80211_ptr;
398 struct cfg80211_disassoc_request req = {
399 .reason_code = reason,
400 .local_state_change = local_state_change,
407 ASSERT_WDEV_LOCK(wdev);
409 if (!wdev->connected)
412 if (memcmp(wdev->u.client.connected_addr, ap_addr, ETH_ALEN))
415 err = rdev_disassoc(rdev, dev, &req);
419 /* driver should have reported the disassoc */
420 WARN_ON(wdev->connected);
424 void cfg80211_mlme_down(struct cfg80211_registered_device *rdev,
425 struct net_device *dev)
427 struct wireless_dev *wdev = dev->ieee80211_ptr;
430 ASSERT_WDEV_LOCK(wdev);
432 if (!rdev->ops->deauth)
435 if (!wdev->connected)
438 memcpy(bssid, wdev->u.client.connected_addr, ETH_ALEN);
439 cfg80211_mlme_deauth(rdev, dev, bssid, NULL, 0,
440 WLAN_REASON_DEAUTH_LEAVING, false);
443 struct cfg80211_mgmt_registration {
444 struct list_head list;
445 struct wireless_dev *wdev;
458 static void cfg80211_mgmt_registrations_update(struct wireless_dev *wdev)
460 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
461 struct wireless_dev *tmp;
462 struct cfg80211_mgmt_registration *reg;
463 struct mgmt_frame_regs upd = {};
465 lockdep_assert_held(&rdev->wiphy.mtx);
467 spin_lock_bh(&rdev->mgmt_registrations_lock);
468 if (!wdev->mgmt_registrations_need_update) {
469 spin_unlock_bh(&rdev->mgmt_registrations_lock);
474 list_for_each_entry_rcu(tmp, &rdev->wiphy.wdev_list, list) {
475 list_for_each_entry(reg, &tmp->mgmt_registrations, list) {
476 u32 mask = BIT(le16_to_cpu(reg->frame_type) >> 4);
479 if (reg->multicast_rx)
482 upd.global_stypes |= mask;
483 upd.global_mcast_stypes |= mcast_mask;
486 upd.interface_stypes |= mask;
487 upd.interface_mcast_stypes |= mcast_mask;
493 wdev->mgmt_registrations_need_update = 0;
494 spin_unlock_bh(&rdev->mgmt_registrations_lock);
496 rdev_update_mgmt_frame_registrations(rdev, wdev, &upd);
499 void cfg80211_mgmt_registrations_update_wk(struct work_struct *wk)
501 struct cfg80211_registered_device *rdev;
502 struct wireless_dev *wdev;
504 rdev = container_of(wk, struct cfg80211_registered_device,
505 mgmt_registrations_update_wk);
507 wiphy_lock(&rdev->wiphy);
508 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list)
509 cfg80211_mgmt_registrations_update(wdev);
510 wiphy_unlock(&rdev->wiphy);
513 int cfg80211_mlme_register_mgmt(struct wireless_dev *wdev, u32 snd_portid,
514 u16 frame_type, const u8 *match_data,
515 int match_len, bool multicast_rx,
516 struct netlink_ext_ack *extack)
518 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
519 struct cfg80211_mgmt_registration *reg, *nreg;
522 bool update_multicast = false;
524 if (!wdev->wiphy->mgmt_stypes)
527 if ((frame_type & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_MGMT) {
528 NL_SET_ERR_MSG(extack, "frame type not management");
532 if (frame_type & ~(IEEE80211_FCTL_FTYPE | IEEE80211_FCTL_STYPE)) {
533 NL_SET_ERR_MSG(extack, "Invalid frame type");
537 mgmt_type = (frame_type & IEEE80211_FCTL_STYPE) >> 4;
538 if (!(wdev->wiphy->mgmt_stypes[wdev->iftype].rx & BIT(mgmt_type))) {
539 NL_SET_ERR_MSG(extack,
540 "Registration to specific type not supported");
545 * To support Pre Association Security Negotiation (PASN), registration
546 * for authentication frames should be supported. However, as some
547 * versions of the user space daemons wrongly register to all types of
548 * authentication frames (which might result in unexpected behavior)
549 * allow such registration if the request is for a specific
550 * authentication algorithm number.
552 if (wdev->iftype == NL80211_IFTYPE_STATION &&
553 (frame_type & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_AUTH &&
554 !(match_data && match_len >= 2)) {
555 NL_SET_ERR_MSG(extack,
556 "Authentication algorithm number required");
560 nreg = kzalloc(sizeof(*reg) + match_len, GFP_KERNEL);
564 spin_lock_bh(&rdev->mgmt_registrations_lock);
566 list_for_each_entry(reg, &wdev->mgmt_registrations, list) {
567 int mlen = min(match_len, reg->match_len);
569 if (frame_type != le16_to_cpu(reg->frame_type))
572 if (memcmp(reg->match, match_data, mlen) == 0) {
573 if (reg->multicast_rx != multicast_rx) {
574 update_multicast = true;
575 reg->multicast_rx = multicast_rx;
578 NL_SET_ERR_MSG(extack, "Match already configured");
587 if (update_multicast) {
590 memcpy(nreg->match, match_data, match_len);
591 nreg->match_len = match_len;
592 nreg->nlportid = snd_portid;
593 nreg->frame_type = cpu_to_le16(frame_type);
595 nreg->multicast_rx = multicast_rx;
596 list_add(&nreg->list, &wdev->mgmt_registrations);
598 wdev->mgmt_registrations_need_update = 1;
599 spin_unlock_bh(&rdev->mgmt_registrations_lock);
601 cfg80211_mgmt_registrations_update(wdev);
607 spin_unlock_bh(&rdev->mgmt_registrations_lock);
612 void cfg80211_mlme_unregister_socket(struct wireless_dev *wdev, u32 nlportid)
614 struct wiphy *wiphy = wdev->wiphy;
615 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
616 struct cfg80211_mgmt_registration *reg, *tmp;
618 spin_lock_bh(&rdev->mgmt_registrations_lock);
620 list_for_each_entry_safe(reg, tmp, &wdev->mgmt_registrations, list) {
621 if (reg->nlportid != nlportid)
624 list_del(®->list);
627 wdev->mgmt_registrations_need_update = 1;
628 schedule_work(&rdev->mgmt_registrations_update_wk);
631 spin_unlock_bh(&rdev->mgmt_registrations_lock);
633 if (nlportid && rdev->crit_proto_nlportid == nlportid) {
634 rdev->crit_proto_nlportid = 0;
635 rdev_crit_proto_stop(rdev, wdev);
638 if (nlportid == wdev->ap_unexpected_nlportid)
639 wdev->ap_unexpected_nlportid = 0;
642 void cfg80211_mlme_purge_registrations(struct wireless_dev *wdev)
644 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
645 struct cfg80211_mgmt_registration *reg, *tmp;
647 spin_lock_bh(&rdev->mgmt_registrations_lock);
648 list_for_each_entry_safe(reg, tmp, &wdev->mgmt_registrations, list) {
649 list_del(®->list);
652 wdev->mgmt_registrations_need_update = 1;
653 spin_unlock_bh(&rdev->mgmt_registrations_lock);
655 cfg80211_mgmt_registrations_update(wdev);
658 static bool cfg80211_allowed_address(struct wireless_dev *wdev, const u8 *addr)
662 for_each_valid_link(wdev, i) {
663 if (ether_addr_equal(addr, wdev->links[i].addr))
667 return ether_addr_equal(addr, wdev_address(wdev));
670 int cfg80211_mlme_mgmt_tx(struct cfg80211_registered_device *rdev,
671 struct wireless_dev *wdev,
672 struct cfg80211_mgmt_tx_params *params, u64 *cookie)
674 const struct ieee80211_mgmt *mgmt;
677 if (!wdev->wiphy->mgmt_stypes)
680 if (!rdev->ops->mgmt_tx)
683 if (params->len < 24 + 1)
686 mgmt = (const struct ieee80211_mgmt *)params->buf;
688 if (!ieee80211_is_mgmt(mgmt->frame_control))
691 stype = le16_to_cpu(mgmt->frame_control) & IEEE80211_FCTL_STYPE;
692 if (!(wdev->wiphy->mgmt_stypes[wdev->iftype].tx & BIT(stype >> 4)))
695 if (ieee80211_is_action(mgmt->frame_control) &&
696 mgmt->u.action.category != WLAN_CATEGORY_PUBLIC) {
701 switch (wdev->iftype) {
702 case NL80211_IFTYPE_ADHOC:
704 * check for IBSS DA must be done by driver as
705 * cfg80211 doesn't track the stations
707 if (!wdev->u.ibss.current_bss ||
708 !ether_addr_equal(wdev->u.ibss.current_bss->pub.bssid,
714 case NL80211_IFTYPE_STATION:
715 case NL80211_IFTYPE_P2P_CLIENT:
716 if (!wdev->connected) {
721 /* FIXME: MLD may address this differently */
723 if (!ether_addr_equal(wdev->u.client.connected_addr,
729 /* for station, check that DA is the AP */
730 if (!ether_addr_equal(wdev->u.client.connected_addr,
736 case NL80211_IFTYPE_AP:
737 case NL80211_IFTYPE_P2P_GO:
738 case NL80211_IFTYPE_AP_VLAN:
739 if (!ether_addr_equal(mgmt->bssid, wdev_address(wdev)))
742 case NL80211_IFTYPE_MESH_POINT:
743 if (!ether_addr_equal(mgmt->sa, mgmt->bssid)) {
748 * check for mesh DA must be done by driver as
749 * cfg80211 doesn't track the stations
752 case NL80211_IFTYPE_P2P_DEVICE:
754 * fall through, P2P device only supports
755 * public action frames
757 case NL80211_IFTYPE_NAN:
768 if (!cfg80211_allowed_address(wdev, mgmt->sa)) {
769 /* Allow random TA to be used with Public Action frames if the
770 * driver has indicated support for this. Otherwise, only allow
771 * the local address to be used.
773 if (!ieee80211_is_action(mgmt->frame_control) ||
774 mgmt->u.action.category != WLAN_CATEGORY_PUBLIC)
776 if (!wdev->connected &&
777 !wiphy_ext_feature_isset(
779 NL80211_EXT_FEATURE_MGMT_TX_RANDOM_TA))
781 if (wdev->connected &&
782 !wiphy_ext_feature_isset(
784 NL80211_EXT_FEATURE_MGMT_TX_RANDOM_TA_CONNECTED))
788 /* Transmit the management frame as requested by user space */
789 return rdev_mgmt_tx(rdev, wdev, params, cookie);
792 bool cfg80211_rx_mgmt_khz(struct wireless_dev *wdev, int freq, int sig_dbm,
793 const u8 *buf, size_t len, u32 flags)
795 struct wiphy *wiphy = wdev->wiphy;
796 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
797 struct cfg80211_mgmt_registration *reg;
798 const struct ieee80211_txrx_stypes *stypes =
799 &wiphy->mgmt_stypes[wdev->iftype];
800 struct ieee80211_mgmt *mgmt = (void *)buf;
804 __le16 ftype = mgmt->frame_control &
805 cpu_to_le16(IEEE80211_FCTL_FTYPE | IEEE80211_FCTL_STYPE);
808 trace_cfg80211_rx_mgmt(wdev, freq, sig_dbm);
809 stype = (le16_to_cpu(mgmt->frame_control) & IEEE80211_FCTL_STYPE) >> 4;
811 if (!(stypes->rx & BIT(stype))) {
812 trace_cfg80211_return_bool(false);
816 data = buf + ieee80211_hdrlen(mgmt->frame_control);
817 data_len = len - ieee80211_hdrlen(mgmt->frame_control);
819 spin_lock_bh(&rdev->mgmt_registrations_lock);
821 list_for_each_entry(reg, &wdev->mgmt_registrations, list) {
822 if (reg->frame_type != ftype)
825 if (reg->match_len > data_len)
828 if (memcmp(reg->match, data, reg->match_len))
833 /* Indicate the received Action frame to user space */
834 if (nl80211_send_mgmt(rdev, wdev, reg->nlportid,
836 buf, len, flags, GFP_ATOMIC))
843 spin_unlock_bh(&rdev->mgmt_registrations_lock);
845 trace_cfg80211_return_bool(result);
848 EXPORT_SYMBOL(cfg80211_rx_mgmt_khz);
850 void cfg80211_sched_dfs_chan_update(struct cfg80211_registered_device *rdev)
852 cancel_delayed_work(&rdev->dfs_update_channels_wk);
853 queue_delayed_work(cfg80211_wq, &rdev->dfs_update_channels_wk, 0);
856 void cfg80211_dfs_channels_update_work(struct work_struct *work)
858 struct delayed_work *delayed_work = to_delayed_work(work);
859 struct cfg80211_registered_device *rdev;
860 struct cfg80211_chan_def chandef;
861 struct ieee80211_supported_band *sband;
862 struct ieee80211_channel *c;
864 bool check_again = false;
865 unsigned long timeout, next_time = 0;
866 unsigned long time_dfs_update;
867 enum nl80211_radar_event radar_event;
870 rdev = container_of(delayed_work, struct cfg80211_registered_device,
871 dfs_update_channels_wk);
872 wiphy = &rdev->wiphy;
875 for (bandid = 0; bandid < NUM_NL80211_BANDS; bandid++) {
876 sband = wiphy->bands[bandid];
880 for (i = 0; i < sband->n_channels; i++) {
881 c = &sband->channels[i];
883 if (!(c->flags & IEEE80211_CHAN_RADAR))
886 if (c->dfs_state != NL80211_DFS_UNAVAILABLE &&
887 c->dfs_state != NL80211_DFS_AVAILABLE)
890 if (c->dfs_state == NL80211_DFS_UNAVAILABLE) {
891 time_dfs_update = IEEE80211_DFS_MIN_NOP_TIME_MS;
892 radar_event = NL80211_RADAR_NOP_FINISHED;
894 if (regulatory_pre_cac_allowed(wiphy) ||
895 cfg80211_any_wiphy_oper_chan(wiphy, c))
898 time_dfs_update = REG_PRE_CAC_EXPIRY_GRACE_MS;
899 radar_event = NL80211_RADAR_PRE_CAC_EXPIRED;
902 timeout = c->dfs_state_entered +
903 msecs_to_jiffies(time_dfs_update);
905 if (time_after_eq(jiffies, timeout)) {
906 c->dfs_state = NL80211_DFS_USABLE;
907 c->dfs_state_entered = jiffies;
909 cfg80211_chandef_create(&chandef, c,
912 nl80211_radar_notify(rdev, &chandef,
916 regulatory_propagate_dfs_state(wiphy, &chandef,
923 next_time = timeout - jiffies;
925 next_time = min(next_time, timeout - jiffies);
931 /* reschedule if there are other channels waiting to be cleared again */
933 queue_delayed_work(cfg80211_wq, &rdev->dfs_update_channels_wk,
938 void __cfg80211_radar_event(struct wiphy *wiphy,
939 struct cfg80211_chan_def *chandef,
940 bool offchan, gfp_t gfp)
942 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
944 trace_cfg80211_radar_event(wiphy, chandef, offchan);
946 /* only set the chandef supplied channel to unavailable, in
947 * case the radar is detected on only one of multiple channels
948 * spanned by the chandef.
950 cfg80211_set_dfs_state(wiphy, chandef, NL80211_DFS_UNAVAILABLE);
953 queue_work(cfg80211_wq, &rdev->background_cac_abort_wk);
955 cfg80211_sched_dfs_chan_update(rdev);
957 nl80211_radar_notify(rdev, chandef, NL80211_RADAR_DETECTED, NULL, gfp);
959 memcpy(&rdev->radar_chandef, chandef, sizeof(struct cfg80211_chan_def));
960 queue_work(cfg80211_wq, &rdev->propagate_radar_detect_wk);
962 EXPORT_SYMBOL(__cfg80211_radar_event);
964 void cfg80211_cac_event(struct net_device *netdev,
965 const struct cfg80211_chan_def *chandef,
966 enum nl80211_radar_event event, gfp_t gfp)
968 struct wireless_dev *wdev = netdev->ieee80211_ptr;
969 struct wiphy *wiphy = wdev->wiphy;
970 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
971 unsigned long timeout;
973 /* not yet supported */
974 if (wdev->valid_links)
977 trace_cfg80211_cac_event(netdev, event);
979 if (WARN_ON(!wdev->cac_started && event != NL80211_RADAR_CAC_STARTED))
983 case NL80211_RADAR_CAC_FINISHED:
984 timeout = wdev->cac_start_time +
985 msecs_to_jiffies(wdev->cac_time_ms);
986 WARN_ON(!time_after_eq(jiffies, timeout));
987 cfg80211_set_dfs_state(wiphy, chandef, NL80211_DFS_AVAILABLE);
988 memcpy(&rdev->cac_done_chandef, chandef,
989 sizeof(struct cfg80211_chan_def));
990 queue_work(cfg80211_wq, &rdev->propagate_cac_done_wk);
991 cfg80211_sched_dfs_chan_update(rdev);
993 case NL80211_RADAR_CAC_ABORTED:
994 wdev->cac_started = false;
996 case NL80211_RADAR_CAC_STARTED:
997 wdev->cac_started = true;
1004 nl80211_radar_notify(rdev, chandef, event, netdev, gfp);
1006 EXPORT_SYMBOL(cfg80211_cac_event);
1009 __cfg80211_background_cac_event(struct cfg80211_registered_device *rdev,
1010 struct wireless_dev *wdev,
1011 const struct cfg80211_chan_def *chandef,
1012 enum nl80211_radar_event event)
1014 struct wiphy *wiphy = &rdev->wiphy;
1015 struct net_device *netdev;
1017 lockdep_assert_wiphy(&rdev->wiphy);
1019 if (!cfg80211_chandef_valid(chandef))
1022 if (!rdev->background_radar_wdev)
1026 case NL80211_RADAR_CAC_FINISHED:
1027 cfg80211_set_dfs_state(wiphy, chandef, NL80211_DFS_AVAILABLE);
1028 memcpy(&rdev->cac_done_chandef, chandef, sizeof(*chandef));
1029 queue_work(cfg80211_wq, &rdev->propagate_cac_done_wk);
1030 cfg80211_sched_dfs_chan_update(rdev);
1031 wdev = rdev->background_radar_wdev;
1033 case NL80211_RADAR_CAC_ABORTED:
1034 if (!cancel_delayed_work(&rdev->background_cac_done_wk))
1036 wdev = rdev->background_radar_wdev;
1038 case NL80211_RADAR_CAC_STARTED:
1044 netdev = wdev ? wdev->netdev : NULL;
1045 nl80211_radar_notify(rdev, chandef, event, netdev, GFP_KERNEL);
1049 cfg80211_background_cac_event(struct cfg80211_registered_device *rdev,
1050 const struct cfg80211_chan_def *chandef,
1051 enum nl80211_radar_event event)
1053 wiphy_lock(&rdev->wiphy);
1054 __cfg80211_background_cac_event(rdev, rdev->background_radar_wdev,
1056 wiphy_unlock(&rdev->wiphy);
1059 void cfg80211_background_cac_done_wk(struct work_struct *work)
1061 struct delayed_work *delayed_work = to_delayed_work(work);
1062 struct cfg80211_registered_device *rdev;
1064 rdev = container_of(delayed_work, struct cfg80211_registered_device,
1065 background_cac_done_wk);
1066 cfg80211_background_cac_event(rdev, &rdev->background_radar_chandef,
1067 NL80211_RADAR_CAC_FINISHED);
1070 void cfg80211_background_cac_abort_wk(struct work_struct *work)
1072 struct cfg80211_registered_device *rdev;
1074 rdev = container_of(work, struct cfg80211_registered_device,
1075 background_cac_abort_wk);
1076 cfg80211_background_cac_event(rdev, &rdev->background_radar_chandef,
1077 NL80211_RADAR_CAC_ABORTED);
1080 void cfg80211_background_cac_abort(struct wiphy *wiphy)
1082 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
1084 queue_work(cfg80211_wq, &rdev->background_cac_abort_wk);
1086 EXPORT_SYMBOL(cfg80211_background_cac_abort);
1089 cfg80211_start_background_radar_detection(struct cfg80211_registered_device *rdev,
1090 struct wireless_dev *wdev,
1091 struct cfg80211_chan_def *chandef)
1093 unsigned int cac_time_ms;
1096 lockdep_assert_wiphy(&rdev->wiphy);
1098 if (!wiphy_ext_feature_isset(&rdev->wiphy,
1099 NL80211_EXT_FEATURE_RADAR_BACKGROUND))
1102 /* Offchannel chain already locked by another wdev */
1103 if (rdev->background_radar_wdev && rdev->background_radar_wdev != wdev)
1106 /* CAC already in progress on the offchannel chain */
1107 if (rdev->background_radar_wdev == wdev &&
1108 delayed_work_pending(&rdev->background_cac_done_wk))
1111 err = rdev_set_radar_background(rdev, chandef);
1115 cac_time_ms = cfg80211_chandef_dfs_cac_time(&rdev->wiphy, chandef);
1117 cac_time_ms = IEEE80211_DFS_MIN_CAC_TIME_MS;
1119 rdev->background_radar_chandef = *chandef;
1120 rdev->background_radar_wdev = wdev; /* Get offchain ownership */
1122 __cfg80211_background_cac_event(rdev, wdev, chandef,
1123 NL80211_RADAR_CAC_STARTED);
1124 queue_delayed_work(cfg80211_wq, &rdev->background_cac_done_wk,
1125 msecs_to_jiffies(cac_time_ms));
1130 void cfg80211_stop_background_radar_detection(struct wireless_dev *wdev)
1132 struct wiphy *wiphy = wdev->wiphy;
1133 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
1135 lockdep_assert_wiphy(wiphy);
1137 if (wdev != rdev->background_radar_wdev)
1140 rdev_set_radar_background(rdev, NULL);
1141 rdev->background_radar_wdev = NULL; /* Release offchain ownership */
1143 __cfg80211_background_cac_event(rdev, wdev,
1144 &rdev->background_radar_chandef,
1145 NL80211_RADAR_CAC_ABORTED);