net/wireless/sme.c

   1 /*
   2  * SME code for cfg80211
   3  * both driver SME event handling and the SME implementation
   4  * (for nl80211's connect() and wext)
   5  *
   6  * Copyright 2009       Johannes Berg <johannes@sipsolutions.net>
   7  * Copyright (C) 2009   Intel Corporation. All rights reserved.
   8  */
   9
  10 #include <linux/etherdevice.h>
  11 #include <linux/if_arp.h>
  12 #include <linux/slab.h>
  13 #include <linux/workqueue.h>
  14 #include <linux/wireless.h>
  15 #include <linux/export.h>
  16 #include <net/iw_handler.h>
  17 #include <net/cfg80211.h>
  18 #include <net/rtnetlink.h>
  19 #include "nl80211.h"
  20 #include "reg.h"
  21 #include "rdev-ops.h"
  22
  23 /*
  24  * Software SME in cfg80211, using auth/assoc/deauth calls to the
  25  * driver. This is is for implementing nl80211's connect/disconnect
  26  * and wireless extensions (if configured.)
  27  */
  28
  29 struct cfg80211_conn {
  30         struct cfg80211_connect_params params;
  31         /* these are sub-states of the _CONNECTING sme_state */
  32         enum {
  33                 CFG80211_CONN_SCANNING,
  34                 CFG80211_CONN_SCAN_AGAIN,
  35                 CFG80211_CONN_AUTHENTICATE_NEXT,
  36                 CFG80211_CONN_AUTHENTICATING,
  37                 CFG80211_CONN_AUTH_FAILED,
  38                 CFG80211_CONN_ASSOCIATE_NEXT,
  39                 CFG80211_CONN_ASSOCIATING,
  40                 CFG80211_CONN_ASSOC_FAILED,
  41                 CFG80211_CONN_DEAUTH,
  42                 CFG80211_CONN_CONNECTED,
  43         } state;
  44         u8 bssid[ETH_ALEN], prev_bssid[ETH_ALEN];
  45         u8 *ie;
  46         size_t ie_len;
  47         bool auto_auth, prev_bssid_valid;
  48 };
  49
  50 static void cfg80211_sme_free(struct wireless_dev *wdev)
  51 {
  52         if (!wdev->conn)
  53                 return;
  54
  55         kfree(wdev->conn->ie);
  56         kfree(wdev->conn);
  57         wdev->conn = NULL;
  58 }
  59
  60 static int cfg80211_conn_scan(struct wireless_dev *wdev)
  61 {
  62         struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy);
  63         struct cfg80211_scan_request *request;
  64         int n_channels, err;
  65
  66         ASSERT_RTNL();
  67         ASSERT_WDEV_LOCK(wdev);
  68
  69         if (rdev->scan_req || rdev->scan_msg)
  70                 return -EBUSY;
  71
  72         if (wdev->conn->params.channel)
  73                 n_channels = 1;
  74         else
  75                 n_channels = ieee80211_get_num_supported_channels(wdev->wiphy);
  76
  77         request = kzalloc(sizeof(*request) + sizeof(request->ssids[0]) +
  78                           sizeof(request->channels[0]) * n_channels,
  79                           GFP_KERNEL);
  80         if (!request)
  81                 return -ENOMEM;
  82
  83         if (wdev->conn->params.channel)
  84                 request->channels[0] = wdev->conn->params.channel;
  85         else {
  86                 int i = 0, j;
  87                 enum ieee80211_band band;
  88                 struct ieee80211_supported_band *bands;
  89                 struct ieee80211_channel *channel;
  90
  91                 for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
  92                         bands = wdev->wiphy->bands[band];
  93                         if (!bands)
  94                                 continue;
  95                         for (j = 0; j < bands->n_channels; j++) {
  96                                 channel = &bands->channels[j];
  97                                 if (channel->flags & IEEE80211_CHAN_DISABLED)
  98                                         continue;
  99                                 request->channels[i++] = channel;
 100                         }
 101                         request->rates[band] = (1 << bands->n_bitrates) - 1;
 102                 }
 103                 n_channels = i;
 104         }
 105         request->n_channels = n_channels;
 106         request->ssids = (void *)&request->channels[n_channels];
 107         request->n_ssids = 1;
 108
 109         memcpy(request->ssids[0].ssid, wdev->conn->params.ssid,
 110                 wdev->conn->params.ssid_len);
 111         request->ssids[0].ssid_len = wdev->conn->params.ssid_len;
 112
 113         request->wdev = wdev;
 114         request->wiphy = &rdev->wiphy;
 115         request->scan_start = jiffies;
 116
 117         rdev->scan_req = request;
 118
 119         err = rdev_scan(rdev, request);
 120         if (!err) {
 121                 wdev->conn->state = CFG80211_CONN_SCANNING;
 122                 nl80211_send_scan_start(rdev, wdev);
 123                 dev_hold(wdev->netdev);
 124         } else {
 125                 rdev->scan_req = NULL;
 126                 kfree(request);
 127         }
 128         return err;
 129 }
 130
 131 static int cfg80211_conn_do_work(struct wireless_dev *wdev)
 132 {
 133         struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy);
 134         struct cfg80211_connect_params *params;
 135         struct cfg80211_assoc_request req = {};
 136         int err;
 137
 138         ASSERT_WDEV_LOCK(wdev);
 139
 140         if (!wdev->conn)
 141                 return 0;
 142
 143         params = &wdev->conn->params;
 144
 145         switch (wdev->conn->state) {
 146         case CFG80211_CONN_SCANNING:
 147                 /* didn't find it during scan ... */
 148                 return -ENOENT;
 149         case CFG80211_CONN_SCAN_AGAIN:
 150                 return cfg80211_conn_scan(wdev);
 151         case CFG80211_CONN_AUTHENTICATE_NEXT:
 152                 BUG_ON(!rdev->ops->auth);
 153                 wdev->conn->state = CFG80211_CONN_AUTHENTICATING;
 154                 return cfg80211_mlme_auth(rdev, wdev->netdev,
 155                                           params->channel, params->auth_type,
 156                                           params->bssid,
 157                                           params->ssid, params->ssid_len,
 158                                           NULL, 0,
 159                                           params->key, params->key_len,
 160                                           params->key_idx, NULL, 0);
 161         case CFG80211_CONN_AUTH_FAILED:
 162                 return -ENOTCONN;
 163         case CFG80211_CONN_ASSOCIATE_NEXT:
 164                 BUG_ON(!rdev->ops->assoc);
 165                 wdev->conn->state = CFG80211_CONN_ASSOCIATING;
 166                 if (wdev->conn->prev_bssid_valid)
 167                         req.prev_bssid = wdev->conn->prev_bssid;
 168                 req.ie = params->ie;
 169                 req.ie_len = params->ie_len;
 170                 req.use_mfp = params->mfp != NL80211_MFP_NO;
 171                 req.crypto = params->crypto;
 172                 req.flags = params->flags;
 173                 req.ht_capa = params->ht_capa;
 174                 req.ht_capa_mask = params->ht_capa_mask;
 175                 req.vht_capa = params->vht_capa;
 176                 req.vht_capa_mask = params->vht_capa_mask;
 177
 178                 err = cfg80211_mlme_assoc(rdev, wdev->netdev, params->channel,
 179                                           params->bssid, params->ssid,
 180                                           params->ssid_len, &req);
 181                 if (err)
 182                         cfg80211_mlme_deauth(rdev, wdev->netdev, params->bssid,
 183                                              NULL, 0,
 184                                              WLAN_REASON_DEAUTH_LEAVING,
 185                                              false);
 186                 return err;
 187         case CFG80211_CONN_ASSOC_FAILED:
 188                 cfg80211_mlme_deauth(rdev, wdev->netdev, params->bssid,
 189                                      NULL, 0,
 190                                      WLAN_REASON_DEAUTH_LEAVING, false);
 191                 return -ENOTCONN;
 192         case CFG80211_CONN_DEAUTH:
 193                 cfg80211_mlme_deauth(rdev, wdev->netdev, params->bssid,
 194                                      NULL, 0,
 195                                      WLAN_REASON_DEAUTH_LEAVING, false);
 196                 /* free directly, disconnected event already sent */
 197                 cfg80211_sme_free(wdev);
 198                 return 0;
 199         default:
 200                 return 0;
 201         }
 202 }
 203
 204 void cfg80211_conn_work(struct work_struct *work)
 205 {
 206         struct cfg80211_registered_device *rdev =
 207                 container_of(work, struct cfg80211_registered_device, conn_work);
 208         struct wireless_dev *wdev;
 209         u8 bssid_buf[ETH_ALEN], *bssid = NULL;
 210
 211         rtnl_lock();
 212
 213         list_for_each_entry(wdev, &rdev->wdev_list, list) {
 214                 if (!wdev->netdev)
 215                         continue;
 216
 217                 wdev_lock(wdev);
 218                 if (!netif_running(wdev->netdev)) {
 219                         wdev_unlock(wdev);
 220                         continue;
 221                 }
 222                 if (!wdev->conn ||
 223                     wdev->conn->state == CFG80211_CONN_CONNECTED) {
 224                         wdev_unlock(wdev);
 225                         continue;
 226                 }
 227                 if (wdev->conn->params.bssid) {
 228                         memcpy(bssid_buf, wdev->conn->params.bssid, ETH_ALEN);
 229                         bssid = bssid_buf;
 230                 }
 231                 if (cfg80211_conn_do_work(wdev)) {
 232                         __cfg80211_connect_result(
 233                                         wdev->netdev, bssid,
 234                                         NULL, 0, NULL, 0,
 235                                         WLAN_STATUS_UNSPECIFIED_FAILURE,
 236                                         false, NULL);
 237                 }
 238                 wdev_unlock(wdev);
 239         }
 240
 241         rtnl_unlock();
 242 }
 243
 244 /* Returned bss is reference counted and must be cleaned up appropriately. */
 245 static struct cfg80211_bss *cfg80211_get_conn_bss(struct wireless_dev *wdev)
 246 {
 247         struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy);
 248         struct cfg80211_bss *bss;
 249         u16 capa = WLAN_CAPABILITY_ESS;
 250
 251         ASSERT_WDEV_LOCK(wdev);
 252
 253         if (wdev->conn->params.privacy)
 254                 capa |= WLAN_CAPABILITY_PRIVACY;
 255
 256         bss = cfg80211_get_bss(wdev->wiphy, wdev->conn->params.channel,
 257                                wdev->conn->params.bssid,
 258                                wdev->conn->params.ssid,
 259                                wdev->conn->params.ssid_len,
 260                                WLAN_CAPABILITY_ESS | WLAN_CAPABILITY_PRIVACY,
 261                                capa);
 262         if (!bss)
 263                 return NULL;
 264
 265         memcpy(wdev->conn->bssid, bss->bssid, ETH_ALEN);
 266         wdev->conn->params.bssid = wdev->conn->bssid;
 267         wdev->conn->params.channel = bss->channel;
 268         wdev->conn->state = CFG80211_CONN_AUTHENTICATE_NEXT;
 269         schedule_work(&rdev->conn_work);
 270
 271         return bss;
 272 }
 273
 274 static void __cfg80211_sme_scan_done(struct net_device *dev)
 275 {
 276         struct wireless_dev *wdev = dev->ieee80211_ptr;
 277         struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy);
 278         struct cfg80211_bss *bss;
 279
 280         ASSERT_WDEV_LOCK(wdev);
 281
 282         if (!wdev->conn)
 283                 return;
 284
 285         if (wdev->conn->state != CFG80211_CONN_SCANNING &&
 286             wdev->conn->state != CFG80211_CONN_SCAN_AGAIN)
 287                 return;
 288
 289         bss = cfg80211_get_conn_bss(wdev);
 290         if (bss)
 291                 cfg80211_put_bss(&rdev->wiphy, bss);
 292         else
 293                 schedule_work(&rdev->conn_work);
 294 }
 295
 296 void cfg80211_sme_scan_done(struct net_device *dev)
 297 {
 298         struct wireless_dev *wdev = dev->ieee80211_ptr;
 299
 300         wdev_lock(wdev);
 301         __cfg80211_sme_scan_done(dev);
 302         wdev_unlock(wdev);
 303 }
 304
 305 void cfg80211_sme_rx_auth(struct wireless_dev *wdev, const u8 *buf, size_t len)
 306 {
 307         struct wiphy *wiphy = wdev->wiphy;
 308         struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
 309         struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)buf;
 310         u16 status_code = le16_to_cpu(mgmt->u.auth.status_code);
 311
 312         ASSERT_WDEV_LOCK(wdev);
 313
 314         if (!wdev->conn || wdev->conn->state == CFG80211_CONN_CONNECTED)
 315                 return;
 316
 317         if (status_code == WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG &&
 318             wdev->conn->auto_auth &&
 319             wdev->conn->params.auth_type != NL80211_AUTHTYPE_NETWORK_EAP) {
 320                 /* select automatically between only open, shared, leap */
 321                 switch (wdev->conn->params.auth_type) {
 322                 case NL80211_AUTHTYPE_OPEN_SYSTEM:
 323                         if (wdev->connect_keys)
 324                                 wdev->conn->params.auth_type =
 325                                         NL80211_AUTHTYPE_SHARED_KEY;
 326                         else
 327                                 wdev->conn->params.auth_type =
 328                                         NL80211_AUTHTYPE_NETWORK_EAP;
 329                         break;
 330                 case NL80211_AUTHTYPE_SHARED_KEY:
 331                         wdev->conn->params.auth_type =
 332                                 NL80211_AUTHTYPE_NETWORK_EAP;
 333                         break;
 334                 default:
 335                         /* huh? */
 336                         wdev->conn->params.auth_type =
 337                                 NL80211_AUTHTYPE_OPEN_SYSTEM;
 338                         break;
 339                 }
 340                 wdev->conn->state = CFG80211_CONN_AUTHENTICATE_NEXT;
 341                 schedule_work(&rdev->conn_work);
 342         } else if (status_code != WLAN_STATUS_SUCCESS) {
 343                 __cfg80211_connect_result(wdev->netdev, mgmt->bssid,
 344                                           NULL, 0, NULL, 0,
 345                                           status_code, false, NULL);
 346         } else if (wdev->conn->state == CFG80211_CONN_AUTHENTICATING) {
 347                 wdev->conn->state = CFG80211_CONN_ASSOCIATE_NEXT;
 348                 schedule_work(&rdev->conn_work);
 349         }
 350 }
 351
 352 bool cfg80211_sme_rx_assoc_resp(struct wireless_dev *wdev, u16 status)
 353 {
 354         struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy);
 355
 356         if (!wdev->conn)
 357                 return false;
 358
 359         if (status == WLAN_STATUS_SUCCESS) {
 360                 wdev->conn->state = CFG80211_CONN_CONNECTED;
 361                 return false;
 362         }
 363
 364         if (wdev->conn->prev_bssid_valid) {
 365                 /*
 366                  * Some stupid APs don't accept reassoc, so we
 367                  * need to fall back to trying regular assoc;
 368                  * return true so no event is sent to userspace.
 369                  */
 370                 wdev->conn->prev_bssid_valid = false;
 371                 wdev->conn->state = CFG80211_CONN_ASSOCIATE_NEXT;
 372                 schedule_work(&rdev->conn_work);
 373                 return true;
 374         }
 375
 376         wdev->conn->state = CFG80211_CONN_ASSOC_FAILED;
 377         schedule_work(&rdev->conn_work);
 378         return false;
 379 }
 380
 381 void cfg80211_sme_deauth(struct wireless_dev *wdev)
 382 {
 383         cfg80211_sme_free(wdev);
 384 }
 385
 386 void cfg80211_sme_auth_timeout(struct wireless_dev *wdev)
 387 {
 388         struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy);
 389
 390         if (!wdev->conn)
 391                 return;
 392
 393         wdev->conn->state = CFG80211_CONN_AUTH_FAILED;
 394         schedule_work(&rdev->conn_work);
 395 }
 396
 397 void cfg80211_sme_disassoc(struct wireless_dev *wdev)
 398 {
 399         struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy);
 400
 401         if (!wdev->conn)
 402                 return;
 403
 404         wdev->conn->state = CFG80211_CONN_DEAUTH;
 405         schedule_work(&rdev->conn_work);
 406 }
 407
 408 void cfg80211_sme_assoc_timeout(struct wireless_dev *wdev)
 409 {
 410         struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy);
 411
 412         if (!wdev->conn)
 413                 return;
 414
 415         wdev->conn->state = CFG80211_CONN_ASSOC_FAILED;
 416         schedule_work(&rdev->conn_work);
 417 }
 418
 419 static int cfg80211_sme_connect(struct wireless_dev *wdev,
 420                                 struct cfg80211_connect_params *connect,
 421                                 const u8 *prev_bssid)
 422 {
 423         struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy);
 424         struct cfg80211_bss *bss;
 425         int err;
 426
 427         if (!rdev->ops->auth || !rdev->ops->assoc)
 428                 return -EOPNOTSUPP;
 429
 430         if (wdev->current_bss)
 431                 return -EALREADY;
 432
 433         if (WARN_ON(wdev->conn))
 434                 return -EINPROGRESS;
 435
 436         wdev->conn = kzalloc(sizeof(*wdev->conn), GFP_KERNEL);
 437         if (!wdev->conn)
 438                 return -ENOMEM;
 439
 440         /*
 441          * Copy all parameters, and treat explicitly IEs, BSSID, SSID.
 442          */
 443         memcpy(&wdev->conn->params, connect, sizeof(*connect));
 444         if (connect->bssid) {
 445                 wdev->conn->params.bssid = wdev->conn->bssid;
 446                 memcpy(wdev->conn->bssid, connect->bssid, ETH_ALEN);
 447         }
 448
 449         if (connect->ie) {
 450                 wdev->conn->ie = kmemdup(connect->ie, connect->ie_len,
 451                                         GFP_KERNEL);
 452                 wdev->conn->params.ie = wdev->conn->ie;
 453                 if (!wdev->conn->ie) {
 454                         kfree(wdev->conn);
 455                         wdev->conn = NULL;
 456                         return -ENOMEM;
 457                 }
 458         }
 459
 460         if (connect->auth_type == NL80211_AUTHTYPE_AUTOMATIC) {
 461                 wdev->conn->auto_auth = true;
 462                 /* start with open system ... should mostly work */
 463                 wdev->conn->params.auth_type =
 464                         NL80211_AUTHTYPE_OPEN_SYSTEM;
 465         } else {
 466                 wdev->conn->auto_auth = false;
 467         }
 468
 469         wdev->conn->params.ssid = wdev->ssid;
 470         wdev->conn->params.ssid_len = connect->ssid_len;
 471
 472         /* see if we have the bss already */
 473         bss = cfg80211_get_conn_bss(wdev);
 474
 475         if (prev_bssid) {
 476                 memcpy(wdev->conn->prev_bssid, prev_bssid, ETH_ALEN);
 477                 wdev->conn->prev_bssid_valid = true;
 478         }
 479
 480         /* we're good if we have a matching bss struct */
 481         if (bss) {
 482                 wdev->conn->state = CFG80211_CONN_AUTHENTICATE_NEXT;
 483                 err = cfg80211_conn_do_work(wdev);
 484                 cfg80211_put_bss(wdev->wiphy, bss);
 485         } else {
 486                 /* otherwise we'll need to scan for the AP first */
 487                 err = cfg80211_conn_scan(wdev);
 488
 489                 /*
 490                  * If we can't scan right now, then we need to scan again
 491                  * after the current scan finished, since the parameters
 492                  * changed (unless we find a good AP anyway).
 493                  */
 494                 if (err == -EBUSY) {
 495                         err = 0;
 496                         wdev->conn->state = CFG80211_CONN_SCAN_AGAIN;
 497                 }
 498         }
 499
 500         if (err)
 501                 cfg80211_sme_free(wdev);
 502
 503         return err;
 504 }
 505
 506 static int cfg80211_sme_disconnect(struct wireless_dev *wdev, u16 reason)
 507 {
 508         struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy);
 509         int err;
 510
 511         if (!wdev->conn)
 512                 return 0;
 513
 514         if (!rdev->ops->deauth)
 515                 return -EOPNOTSUPP;
 516
 517         if (wdev->conn->state == CFG80211_CONN_SCANNING ||
 518             wdev->conn->state == CFG80211_CONN_SCAN_AGAIN) {
 519                 err = 0;
 520                 goto out;
 521         }
 522
 523         /* wdev->conn->params.bssid must be set if > SCANNING */
 524         err = cfg80211_mlme_deauth(rdev, wdev->netdev,
 525                                    wdev->conn->params.bssid,
 526                                    NULL, 0, reason, false);
 527  out:
 528         cfg80211_sme_free(wdev);
 529         return err;
 530 }
 531
 532 /*
 533  * code shared for in-device and software SME
 534  */
 535
 536 static bool cfg80211_is_all_idle(void)
 537 {
 538         struct cfg80211_registered_device *rdev;
 539         struct wireless_dev *wdev;
 540         bool is_all_idle = true;
 541
 542         /*
 543          * All devices must be idle as otherwise if you are actively
 544          * scanning some new beacon hints could be learned and would
 545          * count as new regulatory hints.
 546          */
 547         list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
 548                 list_for_each_entry(wdev, &rdev->wdev_list, list) {
 549                         wdev_lock(wdev);
 550                         if (wdev->conn || wdev->current_bss)
 551                                 is_all_idle = false;
 552                         wdev_unlock(wdev);
 553                 }
 554         }
 555
 556         return is_all_idle;
 557 }
 558
 559 static void disconnect_work(struct work_struct *work)
 560 {
 561         rtnl_lock();
 562         if (cfg80211_is_all_idle())
 563                 regulatory_hint_disconnect();
 564         rtnl_unlock();
 565 }
 566
 567 static DECLARE_WORK(cfg80211_disconnect_work, disconnect_work);
 568
 569
 570 /*
 571  * API calls for drivers implementing connect/disconnect and
 572  * SME event handling
 573  */
 574
 575 /* This method must consume bss one way or another */
 576 void __cfg80211_connect_result(struct net_device *dev, const u8 *bssid,
 577                                const u8 *req_ie, size_t req_ie_len,
 578                                const u8 *resp_ie, size_t resp_ie_len,
 579                                u16 status, bool wextev,
 580                                struct cfg80211_bss *bss)
 581 {
 582         struct wireless_dev *wdev = dev->ieee80211_ptr;
 583         const u8 *country_ie;
 584 #ifdef CONFIG_CFG80211_WEXT
 585         union iwreq_data wrqu;
 586 #endif
 587
 588         ASSERT_WDEV_LOCK(wdev);
 589
 590         if (WARN_ON(wdev->iftype != NL80211_IFTYPE_STATION &&
 591                     wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)) {
 592                 cfg80211_put_bss(wdev->wiphy, bss);
 593                 return;
 594         }
 595
 596         nl80211_send_connect_result(wiphy_to_dev(wdev->wiphy), dev,
 597                                     bssid, req_ie, req_ie_len,
 598                                     resp_ie, resp_ie_len,
 599                                     status, GFP_KERNEL);
 600
 601 #ifdef CONFIG_CFG80211_WEXT
 602         if (wextev) {
 603                 if (req_ie && status == WLAN_STATUS_SUCCESS) {
 604                         memset(&wrqu, 0, sizeof(wrqu));
 605                         wrqu.data.length = req_ie_len;
 606                         wireless_send_event(dev, IWEVASSOCREQIE, &wrqu, req_ie);
 607                 }
 608
 609                 if (resp_ie && status == WLAN_STATUS_SUCCESS) {
 610                         memset(&wrqu, 0, sizeof(wrqu));
 611                         wrqu.data.length = resp_ie_len;
 612                         wireless_send_event(dev, IWEVASSOCRESPIE, &wrqu, resp_ie);
 613                 }
 614
 615                 memset(&wrqu, 0, sizeof(wrqu));
 616                 wrqu.ap_addr.sa_family = ARPHRD_ETHER;
 617                 if (bssid && status == WLAN_STATUS_SUCCESS) {
 618                         memcpy(wrqu.ap_addr.sa_data, bssid, ETH_ALEN);
 619                         memcpy(wdev->wext.prev_bssid, bssid, ETH_ALEN);
 620                         wdev->wext.prev_bssid_valid = true;
 621                 }
 622                 wireless_send_event(dev, SIOCGIWAP, &wrqu, NULL);
 623         }
 624 #endif
 625
 626         if (!bss && (status == WLAN_STATUS_SUCCESS)) {
 627                 WARN_ON_ONCE(!wiphy_to_dev(wdev->wiphy)->ops->connect);
 628                 bss = cfg80211_get_bss(wdev->wiphy, NULL, bssid,
 629                                        wdev->ssid, wdev->ssid_len,
 630                                        WLAN_CAPABILITY_ESS,
 631                                        WLAN_CAPABILITY_ESS);
 632                 if (bss)
 633                         cfg80211_hold_bss(bss_from_pub(bss));
 634         }
 635
 636         if (wdev->current_bss) {
 637                 cfg80211_unhold_bss(wdev->current_bss);
 638                 cfg80211_put_bss(wdev->wiphy, &wdev->current_bss->pub);
 639                 wdev->current_bss = NULL;
 640         }
 641
 642         if (status != WLAN_STATUS_SUCCESS) {
 643                 kfree(wdev->connect_keys);
 644                 wdev->connect_keys = NULL;
 645                 wdev->ssid_len = 0;
 646                 if (bss) {
 647                         cfg80211_unhold_bss(bss_from_pub(bss));
 648                         cfg80211_put_bss(wdev->wiphy, bss);
 649                 }
 650                 cfg80211_sme_free(wdev);
 651                 return;
 652         }
 653
 654         if (WARN_ON(!bss))
 655                 return;
 656
 657         wdev->current_bss = bss_from_pub(bss);
 658
 659         cfg80211_upload_connect_keys(wdev);
 660
 661         rcu_read_lock();
 662         country_ie = ieee80211_bss_get_ie(bss, WLAN_EID_COUNTRY);
 663         if (!country_ie) {
 664                 rcu_read_unlock();
 665                 return;
 666         }
 667
 668         country_ie = kmemdup(country_ie, 2 + country_ie[1], GFP_ATOMIC);
 669         rcu_read_unlock();
 670
 671         if (!country_ie)
 672                 return;
 673
 674         /*
 675          * ieee80211_bss_get_ie() ensures we can access:
 676          * - country_ie + 2, the start of the country ie data, and
 677          * - and country_ie[1] which is the IE length
 678          */
 679         regulatory_hint_country_ie(wdev->wiphy, bss->channel->band,
 680                                    country_ie + 2, country_ie[1]);
 681         kfree(country_ie);
 682 }
 683
 684 void cfg80211_connect_result(struct net_device *dev, const u8 *bssid,
 685                              const u8 *req_ie, size_t req_ie_len,
 686                              const u8 *resp_ie, size_t resp_ie_len,
 687                              u16 status, gfp_t gfp)
 688 {
 689         struct wireless_dev *wdev = dev->ieee80211_ptr;
 690         struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy);
 691         struct cfg80211_event *ev;
 692         unsigned long flags;
 693
 694         ev = kzalloc(sizeof(*ev) + req_ie_len + resp_ie_len, gfp);
 695         if (!ev)
 696                 return;
 697
 698         ev->type = EVENT_CONNECT_RESULT;
 699         if (bssid)
 700                 memcpy(ev->cr.bssid, bssid, ETH_ALEN);
 701         if (req_ie_len) {
 702                 ev->cr.req_ie = ((u8 *)ev) + sizeof(*ev);
 703                 ev->cr.req_ie_len = req_ie_len;
 704                 memcpy((void *)ev->cr.req_ie, req_ie, req_ie_len);
 705         }
 706         if (resp_ie_len) {
 707                 ev->cr.resp_ie = ((u8 *)ev) + sizeof(*ev) + req_ie_len;
 708                 ev->cr.resp_ie_len = resp_ie_len;
 709                 memcpy((void *)ev->cr.resp_ie, resp_ie, resp_ie_len);
 710         }
 711         ev->cr.status = status;
 712
 713         spin_lock_irqsave(&wdev->event_lock, flags);
 714         list_add_tail(&ev->list, &wdev->event_list);
 715         spin_unlock_irqrestore(&wdev->event_lock, flags);
 716         queue_work(cfg80211_wq, &rdev->event_work);
 717 }
 718 EXPORT_SYMBOL(cfg80211_connect_result);
 719
 720 /* Consumes bss object one way or another */
 721 void __cfg80211_roamed(struct wireless_dev *wdev,
 722                        struct cfg80211_bss *bss,
 723                        const u8 *req_ie, size_t req_ie_len,
 724                        const u8 *resp_ie, size_t resp_ie_len)
 725 {
 726 #ifdef CONFIG_CFG80211_WEXT
 727         union iwreq_data wrqu;
 728 #endif
 729         ASSERT_WDEV_LOCK(wdev);
 730
 731         if (WARN_ON(wdev->iftype != NL80211_IFTYPE_STATION &&
 732                     wdev->iftype != NL80211_IFTYPE_P2P_CLIENT))
 733                 goto out;
 734
 735         if (WARN_ON(!wdev->current_bss))
 736                 goto out;
 737
 738         cfg80211_unhold_bss(wdev->current_bss);
 739         cfg80211_put_bss(wdev->wiphy, &wdev->current_bss->pub);
 740         wdev->current_bss = NULL;
 741
 742         cfg80211_hold_bss(bss_from_pub(bss));
 743         wdev->current_bss = bss_from_pub(bss);
 744
 745         nl80211_send_roamed(wiphy_to_dev(wdev->wiphy), wdev->netdev, bss->bssid,
 746                             req_ie, req_ie_len, resp_ie, resp_ie_len,
 747                             GFP_KERNEL);
 748
 749 #ifdef CONFIG_CFG80211_WEXT
 750         if (req_ie) {
 751                 memset(&wrqu, 0, sizeof(wrqu));
 752                 wrqu.data.length = req_ie_len;
 753                 wireless_send_event(wdev->netdev, IWEVASSOCREQIE,
 754                                     &wrqu, req_ie);
 755         }
 756
 757         if (resp_ie) {
 758                 memset(&wrqu, 0, sizeof(wrqu));
 759                 wrqu.data.length = resp_ie_len;
 760                 wireless_send_event(wdev->netdev, IWEVASSOCRESPIE,
 761                                     &wrqu, resp_ie);
 762         }
 763
 764         memset(&wrqu, 0, sizeof(wrqu));
 765         wrqu.ap_addr.sa_family = ARPHRD_ETHER;
 766         memcpy(wrqu.ap_addr.sa_data, bss->bssid, ETH_ALEN);
 767         memcpy(wdev->wext.prev_bssid, bss->bssid, ETH_ALEN);
 768         wdev->wext.prev_bssid_valid = true;
 769         wireless_send_event(wdev->netdev, SIOCGIWAP, &wrqu, NULL);
 770 #endif
 771
 772         return;
 773 out:
 774         cfg80211_put_bss(wdev->wiphy, bss);
 775 }
 776
 777 void cfg80211_roamed(struct net_device *dev,
 778                      struct ieee80211_channel *channel,
 779                      const u8 *bssid,
 780                      const u8 *req_ie, size_t req_ie_len,
 781                      const u8 *resp_ie, size_t resp_ie_len, gfp_t gfp)
 782 {
 783         struct wireless_dev *wdev = dev->ieee80211_ptr;
 784         struct cfg80211_bss *bss;
 785
 786         bss = cfg80211_get_bss(wdev->wiphy, channel, bssid, wdev->ssid,
 787                                wdev->ssid_len, WLAN_CAPABILITY_ESS,
 788                                WLAN_CAPABILITY_ESS);
 789         if (WARN_ON(!bss))
 790                 return;
 791
 792         cfg80211_roamed_bss(dev, bss, req_ie, req_ie_len, resp_ie,
 793                             resp_ie_len, gfp);
 794 }
 795 EXPORT_SYMBOL(cfg80211_roamed);
 796
 797 /* Consumes bss object one way or another */
 798 void cfg80211_roamed_bss(struct net_device *dev,
 799                          struct cfg80211_bss *bss, const u8 *req_ie,
 800                          size_t req_ie_len, const u8 *resp_ie,
 801                          size_t resp_ie_len, gfp_t gfp)
 802 {
 803         struct wireless_dev *wdev = dev->ieee80211_ptr;
 804         struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy);
 805         struct cfg80211_event *ev;
 806         unsigned long flags;
 807
 808         if (WARN_ON(!bss))
 809                 return;
 810
 811         ev = kzalloc(sizeof(*ev) + req_ie_len + resp_ie_len, gfp);
 812         if (!ev) {
 813                 cfg80211_put_bss(wdev->wiphy, bss);
 814                 return;
 815         }
 816
 817         ev->type = EVENT_ROAMED;
 818         ev->rm.req_ie = ((u8 *)ev) + sizeof(*ev);
 819         ev->rm.req_ie_len = req_ie_len;
 820         memcpy((void *)ev->rm.req_ie, req_ie, req_ie_len);
 821         ev->rm.resp_ie = ((u8 *)ev) + sizeof(*ev) + req_ie_len;
 822         ev->rm.resp_ie_len = resp_ie_len;
 823         memcpy((void *)ev->rm.resp_ie, resp_ie, resp_ie_len);
 824         ev->rm.bss = bss;
 825
 826         spin_lock_irqsave(&wdev->event_lock, flags);
 827         list_add_tail(&ev->list, &wdev->event_list);
 828         spin_unlock_irqrestore(&wdev->event_lock, flags);
 829         queue_work(cfg80211_wq, &rdev->event_work);
 830 }
 831 EXPORT_SYMBOL(cfg80211_roamed_bss);
 832
 833 void __cfg80211_disconnected(struct net_device *dev, const u8 *ie,
 834                              size_t ie_len, u16 reason, bool from_ap)
 835 {
 836         struct wireless_dev *wdev = dev->ieee80211_ptr;
 837         struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy);
 838         int i;
 839 #ifdef CONFIG_CFG80211_WEXT
 840         union iwreq_data wrqu;
 841 #endif
 842
 843         ASSERT_WDEV_LOCK(wdev);
 844
 845         if (WARN_ON(wdev->iftype != NL80211_IFTYPE_STATION &&
 846                     wdev->iftype != NL80211_IFTYPE_P2P_CLIENT))
 847                 return;
 848
 849         if (wdev->current_bss) {
 850                 cfg80211_unhold_bss(wdev->current_bss);
 851                 cfg80211_put_bss(wdev->wiphy, &wdev->current_bss->pub);
 852         }
 853
 854         wdev->current_bss = NULL;
 855         wdev->ssid_len = 0;
 856
 857         nl80211_send_disconnected(rdev, dev, reason, ie, ie_len, from_ap);
 858
 859         /*
 860          * Delete all the keys ... pairwise keys can't really
 861          * exist any more anyway, but default keys might.
 862          */
 863         if (rdev->ops->del_key)
 864                 for (i = 0; i < 6; i++)
 865                         rdev_del_key(rdev, dev, i, false, NULL);
 866
 867         rdev_set_qos_map(rdev, dev, NULL);
 868
 869 #ifdef CONFIG_CFG80211_WEXT
 870         memset(&wrqu, 0, sizeof(wrqu));
 871         wrqu.ap_addr.sa_family = ARPHRD_ETHER;
 872         wireless_send_event(dev, SIOCGIWAP, &wrqu, NULL);
 873         wdev->wext.connect.ssid_len = 0;
 874 #endif
 875
 876         schedule_work(&cfg80211_disconnect_work);
 877 }
 878
 879 void cfg80211_disconnected(struct net_device *dev, u16 reason,
 880                            u8 *ie, size_t ie_len, gfp_t gfp)
 881 {
 882         struct wireless_dev *wdev = dev->ieee80211_ptr;
 883         struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy);
 884         struct cfg80211_event *ev;
 885         unsigned long flags;
 886
 887         ev = kzalloc(sizeof(*ev) + ie_len, gfp);
 888         if (!ev)
 889                 return;
 890
 891         ev->type = EVENT_DISCONNECTED;
 892         ev->dc.ie = ((u8 *)ev) + sizeof(*ev);
 893         ev->dc.ie_len = ie_len;
 894         memcpy((void *)ev->dc.ie, ie, ie_len);
 895         ev->dc.reason = reason;
 896
 897         spin_lock_irqsave(&wdev->event_lock, flags);
 898         list_add_tail(&ev->list, &wdev->event_list);
 899         spin_unlock_irqrestore(&wdev->event_lock, flags);
 900         queue_work(cfg80211_wq, &rdev->event_work);
 901 }
 902 EXPORT_SYMBOL(cfg80211_disconnected);
 903
 904 /*
 905  * API calls for nl80211/wext compatibility code
 906  */
 907 int cfg80211_connect(struct cfg80211_registered_device *rdev,
 908                      struct net_device *dev,
 909                      struct cfg80211_connect_params *connect,
 910                      struct cfg80211_cached_keys *connkeys,
 911                      const u8 *prev_bssid)
 912 {
 913         struct wireless_dev *wdev = dev->ieee80211_ptr;
 914         int err;
 915
 916         ASSERT_WDEV_LOCK(wdev);
 917
 918         if (WARN_ON(wdev->connect_keys)) {
 919                 kfree(wdev->connect_keys);
 920                 wdev->connect_keys = NULL;
 921         }
 922
 923         cfg80211_oper_and_ht_capa(&connect->ht_capa_mask,
 924                                   rdev->wiphy.ht_capa_mod_mask);
 925
 926         if (connkeys && connkeys->def >= 0) {
 927                 int idx;
 928                 u32 cipher;
 929
 930                 idx = connkeys->def;
 931                 cipher = connkeys->params[idx].cipher;
 932                 /* If given a WEP key we may need it for shared key auth */
 933                 if (cipher == WLAN_CIPHER_SUITE_WEP40 ||
 934                     cipher == WLAN_CIPHER_SUITE_WEP104) {
 935                         connect->key_idx = idx;
 936                         connect->key = connkeys->params[idx].key;
 937                         connect->key_len = connkeys->params[idx].key_len;
 938
 939                         /*
 940                          * If ciphers are not set (e.g. when going through
 941                          * iwconfig), we have to set them appropriately here.
 942                          */
 943                         if (connect->crypto.cipher_group == 0)
 944                                 connect->crypto.cipher_group = cipher;
 945
 946                         if (connect->crypto.n_ciphers_pairwise == 0) {
 947                                 connect->crypto.n_ciphers_pairwise = 1;
 948                                 connect->crypto.ciphers_pairwise[0] = cipher;
 949                         }
 950                 }
 951         }
 952
 953         wdev->connect_keys = connkeys;
 954         memcpy(wdev->ssid, connect->ssid, connect->ssid_len);
 955         wdev->ssid_len = connect->ssid_len;
 956
 957         if (!rdev->ops->connect)
 958                 err = cfg80211_sme_connect(wdev, connect, prev_bssid);
 959         else
 960                 err = rdev_connect(rdev, dev, connect);
 961
 962         if (err) {
 963                 wdev->connect_keys = NULL;
 964                 wdev->ssid_len = 0;
 965                 return err;
 966         }
 967
 968         return 0;
 969 }
 970
 971 int cfg80211_disconnect(struct cfg80211_registered_device *rdev,
 972                         struct net_device *dev, u16 reason, bool wextev)
 973 {
 974         struct wireless_dev *wdev = dev->ieee80211_ptr;
 975         int err = 0;
 976
 977         ASSERT_WDEV_LOCK(wdev);
 978
 979         kfree(wdev->connect_keys);
 980         wdev->connect_keys = NULL;
 981
 982         if (wdev->conn)
 983                 err = cfg80211_sme_disconnect(wdev, reason);
 984         else if (!rdev->ops->disconnect)
 985                 cfg80211_mlme_down(rdev, dev);
 986         else if (wdev->current_bss)
 987                 err = rdev_disconnect(rdev, dev, reason);
 988
 989         return err;
 990 }