sme.c source code [Linux/net/wireless/sme.c]

1	// SPDX-License-Identifier: GPL-2.0
2	/*
3	* SME code for cfg80211
4	* both driver SME event handling and the SME implementation
5	* (for nl80211's connect() and wext)
6	*
7	* Copyright 2009 Johannes Berg <johannes@sipsolutions.net>
8	* Copyright (C) 2009, 2020, 2022-2025 Intel Corporation. All rights reserved.
9	* Copyright 2017 Intel Deutschland GmbH
10	*/
11
12	#include <linux/etherdevice.h>
13	#include <linux/if_arp.h>
14	#include <linux/slab.h>
15	#include <linux/workqueue.h>
16	#include <linux/wireless.h>
17	#include <linux/export.h>
18	#include <net/iw_handler.h>
19	#include <net/cfg80211.h>
20	#include <net/rtnetlink.h>
21	#include "nl80211.h"
22	#include "reg.h"
23	#include "rdev-ops.h"
24
25	/*
26	* Software SME in cfg80211, using auth/assoc/deauth calls to the
27	* driver. This is for implementing nl80211's connect/disconnect
28	* and wireless extensions (if configured.)
29	*/
30
31	struct cfg80211_conn {
32	struct cfg80211_connect_params params;
33	/ these are sub-states of the _CONNECTING sme_state /
34	enum {
35	CFG80211_CONN_SCANNING,
36	CFG80211_CONN_SCAN_AGAIN,
37	CFG80211_CONN_AUTHENTICATE_NEXT,
38	CFG80211_CONN_AUTHENTICATING,
39	CFG80211_CONN_AUTH_FAILED_TIMEOUT,
40	CFG80211_CONN_ASSOCIATE_NEXT,
41	CFG80211_CONN_ASSOCIATING,
42	CFG80211_CONN_ASSOC_FAILED,
43	CFG80211_CONN_ASSOC_FAILED_TIMEOUT,
44	CFG80211_CONN_DEAUTH,
45	CFG80211_CONN_ABANDON,
46	CFG80211_CONN_CONNECTED,
47	} state;
48	u8 bssid[ETH_ALEN], prev_bssid[ETH_ALEN];
49	const u8 *ie;
50	size_t ie_len;
51	bool auto_auth, prev_bssid_valid;
52	};
53
54	static void cfg80211_sme_free(struct wireless_dev *wdev)
55	{
56	if (!wdev->conn)
57	return;
58
59	kfree(objp: wdev->conn->ie);
60	kfree(objp: wdev->conn);
61	wdev->conn = NULL;
62	}
63
64	static int cfg80211_conn_scan(struct wireless_dev *wdev)
65	{
66	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy: wdev->wiphy);
67	struct cfg80211_scan_request_int *request;
68	int n_channels, err;
69
70	lockdep_assert_wiphy(wdev->wiphy);
71
72	if (rdev->scan_req \|\| rdev->scan_msg)
73	return -EBUSY;
74
75	if (wdev->conn->params.channel)
76	n_channels = `1`;
77	else
78	n_channels = ieee80211_get_num_supported_channels(wiphy: wdev->wiphy);
79
80	request = kzalloc(sizeof(request) + sizeof*(request->req.ssids[`0`]) +
81	sizeof(request->req.channels[`0`]) * n_channels,
82	GFP_KERNEL);
83	if (!request)
84	return -ENOMEM;
85
86	if (wdev->conn->params.channel) {
87	enum nl80211_band band = wdev->conn->params.channel->band;
88	struct ieee80211_supported_band *sband =
89	wdev->wiphy->bands[band];
90
91	if (!sband) {
92	kfree(objp: request);
93	return -EINVAL;
94	}
95	request->req.channels[`0`] = wdev->conn->params.channel;
96	request->req.rates[band] = (`1` << sband->n_bitrates) - `1`;
97	} else {
98	int i = `0`, j;
99	enum nl80211_band band;
100	struct ieee80211_supported_band *bands;
101	struct ieee80211_channel *channel;
102
103	for (band = `0`; band < NUM_NL80211_BANDS; band++) {
104	bands = wdev->wiphy->bands[band];
105	if (!bands)
106	continue;
107	for (j = `0`; j < bands->n_channels; j++) {
108	channel = &bands->channels[j];
109	if (channel->flags & IEEE80211_CHAN_DISABLED)
110	continue;
111	request->req.channels[i++] = channel;
112	}
113	request->req.rates[band] = (`1` << bands->n_bitrates) - `1`;
114	}
115	n_channels = i;
116	}
117	request->req.n_channels = n_channels;
118	request->req.ssids = (void *)request +
119	struct_size(request, req.channels, n_channels);
120	request->req.n_ssids = `1`;
121
122	memcpy(to: request->req.ssids[`0`].ssid, from: wdev->conn->params.ssid,
123	len: wdev->conn->params.ssid_len);
124	request->req.ssids[`0`].ssid_len = wdev->conn->params.ssid_len;
125
126	eth_broadcast_addr(addr: request->req.bssid);
127
128	request->req.wdev = wdev;
129	request->req.wiphy = &rdev->wiphy;
130	request->req.scan_start = jiffies;
131
132	rdev->scan_req = request;
133
134	err = cfg80211_scan(rdev);
135	if (!err) {
136	wdev->conn->state = CFG80211_CONN_SCANNING;
137	nl80211_send_scan_start(rdev, wdev);
138	dev_hold(dev: wdev->netdev);
139	} else {
140	rdev->scan_req = NULL;
141	kfree(objp: request);
142	}
143	return err;
144	}
145
146	static int cfg80211_conn_do_work(struct wireless_dev *wdev,
147	enum nl80211_timeout_reason *treason)
148	{
149	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy: wdev->wiphy);
150	struct cfg80211_connect_params *params;
151	struct cfg80211_auth_request auth_req = {};
152	struct cfg80211_assoc_request req = {};
153	int err;
154
155	lockdep_assert_wiphy(wdev->wiphy);
156
157	if (!wdev->conn)
158	return `0`;
159
160	params = &wdev->conn->params;
161
162	switch (wdev->conn->state) {
163	case CFG80211_CONN_SCANNING:
164	/ didn't find it during scan ... /
165	return -ENOENT;
166	case CFG80211_CONN_SCAN_AGAIN:
167	return cfg80211_conn_scan(wdev);
168	case CFG80211_CONN_AUTHENTICATE_NEXT:
169	if (WARN_ON(!rdev->ops->auth))
170	return -EOPNOTSUPP;
171	wdev->conn->state = CFG80211_CONN_AUTHENTICATING;
172	auth_req.key = params->key;
173	auth_req.key_len = params->key_len;
174	auth_req.key_idx = params->key_idx;
175	auth_req.auth_type = params->auth_type;
176	auth_req.bss = cfg80211_get_bss(wiphy: &rdev->wiphy, channel: params->channel,
177	bssid: params->bssid,
178	ssid: params->ssid, ssid_len: params->ssid_len,
179	bss_type: IEEE80211_BSS_TYPE_ESS,
180	privacy: IEEE80211_PRIVACY_ANY);
181	auth_req.link_id = -`1`;
182	err = cfg80211_mlme_auth(rdev, dev: wdev->netdev, req: &auth_req);
183	cfg80211_put_bss(wiphy: &rdev->wiphy, bss: auth_req.bss);
184	return err;
185	case CFG80211_CONN_AUTH_FAILED_TIMEOUT:
186	*treason = NL80211_TIMEOUT_AUTH;
187	return -ENOTCONN;
188	case CFG80211_CONN_ASSOCIATE_NEXT:
189	if (WARN_ON(!rdev->ops->assoc))
190	return -EOPNOTSUPP;
191	wdev->conn->state = CFG80211_CONN_ASSOCIATING;
192	if (wdev->conn->prev_bssid_valid)
193	req.prev_bssid = wdev->conn->prev_bssid;
194	req.ie = params->ie;
195	req.ie_len = params->ie_len;
196	req.use_mfp = params->mfp != NL80211_MFP_NO;
197	req.crypto = params->crypto;
198	req.flags = params->flags;
199	req.ht_capa = params->ht_capa;
200	req.ht_capa_mask = params->ht_capa_mask;
201	req.vht_capa = params->vht_capa;
202	req.vht_capa_mask = params->vht_capa_mask;
203	req.link_id = -`1`;
204
205	req.bss = cfg80211_get_bss(wiphy: &rdev->wiphy, channel: params->channel,
206	bssid: params->bssid,
207	ssid: params->ssid, ssid_len: params->ssid_len,
208	bss_type: IEEE80211_BSS_TYPE_ESS,
209	privacy: IEEE80211_PRIVACY_ANY);
210	if (!req.bss) {
211	err = -ENOENT;
212	} else {
213	err = cfg80211_mlme_assoc(rdev, dev: wdev->netdev,
214	req: &req, NULL);
215	cfg80211_put_bss(wiphy: &rdev->wiphy, bss: req.bss);
216	}
217
218	if (err)
219	cfg80211_mlme_deauth(rdev, dev: wdev->netdev, bssid: params->bssid,
220	NULL, ie_len: `0`,
221	reason: WLAN_REASON_DEAUTH_LEAVING,
222	local_state_change: false);
223	return err;
224	case CFG80211_CONN_ASSOC_FAILED_TIMEOUT:
225	*treason = NL80211_TIMEOUT_ASSOC;
226	fallthrough;
227	case CFG80211_CONN_ASSOC_FAILED:
228	cfg80211_mlme_deauth(rdev, dev: wdev->netdev, bssid: params->bssid,
229	NULL, ie_len: `0`,
230	reason: WLAN_REASON_DEAUTH_LEAVING, local_state_change: false);
231	return -ENOTCONN;
232	case CFG80211_CONN_DEAUTH:
233	cfg80211_mlme_deauth(rdev, dev: wdev->netdev, bssid: params->bssid,
234	NULL, ie_len: `0`,
235	reason: WLAN_REASON_DEAUTH_LEAVING, local_state_change: false);
236	fallthrough;
237	case CFG80211_CONN_ABANDON:
238	/ free directly, disconnected event already sent /
239	cfg80211_sme_free(wdev);
240	return `0`;
241	default:
242	return `0`;
243	}
244	}
245
246	void cfg80211_conn_work(struct work_struct *work)
247	{
248	struct cfg80211_registered_device *rdev =
249	container_of(work, struct cfg80211_registered_device, conn_work);
250	struct wireless_dev *wdev;
251	u8 bssid_buf[ETH_ALEN], *bssid = NULL;
252	enum nl80211_timeout_reason treason;
253
254	guard(wiphy)(T: &rdev->wiphy);
255
256	list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
257	if (!wdev->netdev)
258	continue;
259
260	if (!netif_running(dev: wdev->netdev))
261	continue;
262
263	if (!wdev->conn \|\|
264	wdev->conn->state == CFG80211_CONN_CONNECTED)
265	continue;
266
267	if (wdev->conn->params.bssid) {
268	memcpy(to: bssid_buf, from: wdev->conn->params.bssid, ETH_ALEN);
269	bssid = bssid_buf;
270	}
271	treason = NL80211_TIMEOUT_UNSPECIFIED;
272	if (cfg80211_conn_do_work(wdev, treason: &treason)) {
273	struct cfg80211_connect_resp_params cr;
274
275	memset(s: &cr, c: `0`, n: sizeof(cr));
276	cr.status = -`1`;
277	cr.links[`0`].bssid = bssid;
278	cr.timeout_reason = treason;
279	__cfg80211_connect_result(dev: wdev->netdev, params: &cr, wextev: false);
280	}
281	}
282	}
283
284	static void cfg80211_step_auth_next(struct cfg80211_conn *conn,
285	struct cfg80211_bss *bss)
286	{
287	memcpy(to: conn->bssid, from: bss->bssid, ETH_ALEN);
288	conn->params.bssid = conn->bssid;
289	conn->params.channel = bss->channel;
290	conn->state = CFG80211_CONN_AUTHENTICATE_NEXT;
291	}
292
293	/ Returned bss is reference counted and must be cleaned up appropriately. /
294	static struct cfg80211_bss cfg80211_get_conn_bss(struct* wireless_dev *wdev)
295	{
296	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy: wdev->wiphy);
297	struct cfg80211_bss *bss;
298
299	lockdep_assert_wiphy(wdev->wiphy);
300
301	bss = cfg80211_get_bss(wiphy: wdev->wiphy, channel: wdev->conn->params.channel,
302	bssid: wdev->conn->params.bssid,
303	ssid: wdev->conn->params.ssid,
304	ssid_len: wdev->conn->params.ssid_len,
305	bss_type: wdev->conn_bss_type,
306	IEEE80211_PRIVACY(wdev->conn->params.privacy));
307	if (!bss)
308	return NULL;
309
310	cfg80211_step_auth_next(conn: wdev->conn, bss);
311	schedule_work(work: &rdev->conn_work);
312
313	return bss;
314	}
315
316	void cfg80211_sme_scan_done(struct net_device *dev)
317	{
318	struct wireless_dev *wdev = dev->ieee80211_ptr;
319	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy: wdev->wiphy);
320	struct cfg80211_bss *bss;
321
322	lockdep_assert_wiphy(wdev->wiphy);
323
324	if (!wdev->conn)
325	return;
326
327	if (wdev->conn->state != CFG80211_CONN_SCANNING &&
328	wdev->conn->state != CFG80211_CONN_SCAN_AGAIN)
329	return;
330
331	bss = cfg80211_get_conn_bss(wdev);
332	if (bss)
333	cfg80211_put_bss(wiphy: &rdev->wiphy, bss);
334	else
335	schedule_work(work: &rdev->conn_work);
336	}
337
338	void cfg80211_sme_rx_auth(struct wireless_dev wdev, const* u8 *buf, size_t len)
339	{
340	struct wiphy *wiphy = wdev->wiphy;
341	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
342	struct ieee80211_mgmt mgmt = (struct* ieee80211_mgmt *)buf;
343	u16 status_code = le16_to_cpu(mgmt->u.auth.status_code);
344
345	lockdep_assert_wiphy(wdev->wiphy);
346
347	if (!wdev->conn \|\| wdev->conn->state == CFG80211_CONN_CONNECTED)
348	return;
349
350	if (status_code == WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG &&
351	wdev->conn->auto_auth &&
352	wdev->conn->params.auth_type != NL80211_AUTHTYPE_NETWORK_EAP) {
353	/ select automatically between only open, shared, leap /
354	switch (wdev->conn->params.auth_type) {
355	case NL80211_AUTHTYPE_OPEN_SYSTEM:
356	if (wdev->connect_keys)
357	wdev->conn->params.auth_type =
358	NL80211_AUTHTYPE_SHARED_KEY;
359	else
360	wdev->conn->params.auth_type =
361	NL80211_AUTHTYPE_NETWORK_EAP;
362	break;
363	case NL80211_AUTHTYPE_SHARED_KEY:
364	wdev->conn->params.auth_type =
365	NL80211_AUTHTYPE_NETWORK_EAP;
366	break;
367	default:
368	/ huh? /
369	wdev->conn->params.auth_type =
370	NL80211_AUTHTYPE_OPEN_SYSTEM;
371	break;
372	}
373	wdev->conn->state = CFG80211_CONN_AUTHENTICATE_NEXT;
374	schedule_work(work: &rdev->conn_work);
375	} else if (status_code != WLAN_STATUS_SUCCESS) {
376	struct cfg80211_connect_resp_params cr;
377
378	memset(s: &cr, c: `0`, n: sizeof(cr));
379	cr.status = status_code;
380	cr.links[`0`].bssid = mgmt->bssid;
381	cr.timeout_reason = NL80211_TIMEOUT_UNSPECIFIED;
382	__cfg80211_connect_result(dev: wdev->netdev, params: &cr, wextev: false);
383	} else if (wdev->conn->state == CFG80211_CONN_AUTHENTICATING) {
384	wdev->conn->state = CFG80211_CONN_ASSOCIATE_NEXT;
385	schedule_work(work: &rdev->conn_work);
386	}
387	}
388
389	bool cfg80211_sme_rx_assoc_resp(struct wireless_dev *wdev, u16 status)
390	{
391	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy: wdev->wiphy);
392
393	if (!wdev->conn)
394	return false;
395
396	if (status == WLAN_STATUS_SUCCESS) {
397	wdev->conn->state = CFG80211_CONN_CONNECTED;
398	return false;
399	}
400
401	if (wdev->conn->prev_bssid_valid) {
402	/*
403	* Some stupid APs don't accept reassoc, so we
404	* need to fall back to trying regular assoc;
405	* return true so no event is sent to userspace.
406	*/
407	wdev->conn->prev_bssid_valid = false;
408	wdev->conn->state = CFG80211_CONN_ASSOCIATE_NEXT;
409	schedule_work(work: &rdev->conn_work);
410	return true;
411	}
412
413	wdev->conn->state = CFG80211_CONN_ASSOC_FAILED;
414	schedule_work(work: &rdev->conn_work);
415	return false;
416	}
417
418	void cfg80211_sme_deauth(struct wireless_dev *wdev)
419	{
420	cfg80211_sme_free(wdev);
421	}
422
423	void cfg80211_sme_auth_timeout(struct wireless_dev *wdev)
424	{
425	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy: wdev->wiphy);
426
427	if (!wdev->conn)
428	return;
429
430	wdev->conn->state = CFG80211_CONN_AUTH_FAILED_TIMEOUT;
431	schedule_work(work: &rdev->conn_work);
432	}
433
434	void cfg80211_sme_disassoc(struct wireless_dev *wdev)
435	{
436	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy: wdev->wiphy);
437
438	if (!wdev->conn)
439	return;
440
441	wdev->conn->state = CFG80211_CONN_DEAUTH;
442	schedule_work(work: &rdev->conn_work);
443	}
444
445	void cfg80211_sme_assoc_timeout(struct wireless_dev *wdev)
446	{
447	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy: wdev->wiphy);
448
449	if (!wdev->conn)
450	return;
451
452	wdev->conn->state = CFG80211_CONN_ASSOC_FAILED_TIMEOUT;
453	schedule_work(work: &rdev->conn_work);
454	}
455
456	void cfg80211_sme_abandon_assoc(struct wireless_dev *wdev)
457	{
458	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy: wdev->wiphy);
459
460	if (!wdev->conn)
461	return;
462
463	wdev->conn->state = CFG80211_CONN_ABANDON;
464	schedule_work(work: &rdev->conn_work);
465	}
466
467	static void cfg80211_wdev_release_bsses(struct wireless_dev *wdev)
468	{
469	unsigned int link;
470
471	for_each_valid_link(wdev, link) {
472	if (!wdev->links[link].client.current_bss)
473	continue;
474	cfg80211_unhold_bss(bss: wdev->links[link].client.current_bss);
475	cfg80211_put_bss(wiphy: wdev->wiphy,
476	bss: &wdev->links[link].client.current_bss->pub);
477	wdev->links[link].client.current_bss = NULL;
478	}
479	}
480
481	void cfg80211_wdev_release_link_bsses(struct wireless_dev *wdev, u16 link_mask)
482	{
483	unsigned int link;
484
485	for_each_valid_link(wdev, link) {
486	if (!wdev->links[link].client.current_bss \|\|
487	!(link_mask & BIT(link)))
488	continue;
489	cfg80211_unhold_bss(bss: wdev->links[link].client.current_bss);
490	cfg80211_put_bss(wiphy: wdev->wiphy,
491	bss: &wdev->links[link].client.current_bss->pub);
492	wdev->links[link].client.current_bss = NULL;
493	}
494	}
495
496	static int cfg80211_sme_get_conn_ies(struct wireless_dev *wdev,
497	const u8 *ies, size_t ies_len,
498	const u8 *out_ies, size_t out_ies_len)
499	{
500	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy: wdev->wiphy);
501	u8 *buf;
502	size_t offs;
503
504	if (!rdev->wiphy.extended_capabilities_len \|\|
505	(ies && cfg80211_find_ie(eid: WLAN_EID_EXT_CAPABILITY, ies, len: ies_len))) {
506	*out_ies = kmemdup(ies, ies_len, GFP_KERNEL);
507	if (!*out_ies)
508	return -ENOMEM;
509	*out_ies_len = ies_len;
510	return `0`;
511	}
512
513	buf = kmalloc(ies_len + rdev->wiphy.extended_capabilities_len + `2`,
514	GFP_KERNEL);
515	if (!buf)
516	return -ENOMEM;
517
518	if (ies_len) {
519	static const u8 before_extcapa[] = {
520	/ not listing IEs expected to be created by driver /
521	WLAN_EID_RSN,
522	WLAN_EID_QOS_CAPA,
523	WLAN_EID_RRM_ENABLED_CAPABILITIES,
524	WLAN_EID_MOBILITY_DOMAIN,
525	WLAN_EID_SUPPORTED_REGULATORY_CLASSES,
526	WLAN_EID_BSS_COEX_2040,
527	};
528
529	offs = ieee80211_ie_split(ies, ielen: ies_len, ids: before_extcapa,
530	ARRAY_SIZE(before_extcapa), offset: `0`);
531	memcpy(to: buf, from: ies, len: offs);
532	/ leave a whole for extended capabilities IE /
533	memcpy(to: buf + offs + rdev->wiphy.extended_capabilities_len + `2`,
534	from: ies + offs, len: ies_len - offs);
535	} else {
536	offs = `0`;
537	}
538
539	/ place extended capabilities IE (with only driver capabilities) /
540	buf[offs] = WLAN_EID_EXT_CAPABILITY;
541	buf[offs + `1`] = rdev->wiphy.extended_capabilities_len;
542	memcpy(to: buf + offs + `2`,
543	from: rdev->wiphy.extended_capabilities,
544	len: rdev->wiphy.extended_capabilities_len);
545
546	*out_ies = buf;
547	*out_ies_len = ies_len + rdev->wiphy.extended_capabilities_len + `2`;
548
549	return `0`;
550	}
551
552	static int cfg80211_sme_connect(struct wireless_dev *wdev,
553	struct cfg80211_connect_params *connect,
554	const u8 *prev_bssid)
555	{
556	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy: wdev->wiphy);
557	struct cfg80211_bss *bss;
558	int err;
559
560	if (!rdev->ops->auth \|\| !rdev->ops->assoc)
561	return -EOPNOTSUPP;
562
563	cfg80211_wdev_release_bsses(wdev);
564
565	if (wdev->connected) {
566	cfg80211_sme_free(wdev);
567	wdev->connected = false;
568	}
569
570	if (wdev->conn)
571	return -EINPROGRESS;
572
573	wdev->conn = kzalloc(sizeof(*wdev->conn), GFP_KERNEL);
574	if (!wdev->conn)
575	return -ENOMEM;
576
577	/*
578	* Copy all parameters, and treat explicitly IEs, BSSID, SSID.
579	*/
580	memcpy(to: &wdev->conn->params, from: connect, len: sizeof(*connect));
581	if (connect->bssid) {
582	wdev->conn->params.bssid = wdev->conn->bssid;
583	memcpy(to: wdev->conn->bssid, from: connect->bssid, ETH_ALEN);
584	}
585
586	if (cfg80211_sme_get_conn_ies(wdev, ies: connect->ie, ies_len: connect->ie_len,
587	out_ies: &wdev->conn->ie,
588	out_ies_len: &wdev->conn->params.ie_len)) {
589	kfree(objp: wdev->conn);
590	wdev->conn = NULL;
591	return -ENOMEM;
592	}
593	wdev->conn->params.ie = wdev->conn->ie;
594
595	if (connect->auth_type == NL80211_AUTHTYPE_AUTOMATIC) {
596	wdev->conn->auto_auth = true;
597	/ start with open system ... should mostly work /
598	wdev->conn->params.auth_type =
599	NL80211_AUTHTYPE_OPEN_SYSTEM;
600	} else {
601	wdev->conn->auto_auth = false;
602	}
603
604	wdev->conn->params.ssid = wdev->u.client.ssid;
605	wdev->conn->params.ssid_len = wdev->u.client.ssid_len;
606
607	/ see if we have the bss already /
608	bss = cfg80211_get_bss(wiphy: wdev->wiphy, channel: wdev->conn->params.channel,
609	bssid: wdev->conn->params.bssid,
610	ssid: wdev->conn->params.ssid,
611	ssid_len: wdev->conn->params.ssid_len,
612	bss_type: wdev->conn_bss_type,
613	IEEE80211_PRIVACY(wdev->conn->params.privacy));
614
615	if (prev_bssid) {
616	memcpy(to: wdev->conn->prev_bssid, from: prev_bssid, ETH_ALEN);
617	wdev->conn->prev_bssid_valid = true;
618	}
619
620	/ we're good if we have a matching bss struct /
621	if (bss) {
622	enum nl80211_timeout_reason treason;
623
624	cfg80211_step_auth_next(conn: wdev->conn, bss);
625	err = cfg80211_conn_do_work(wdev, treason: &treason);
626	cfg80211_put_bss(wiphy: wdev->wiphy, bss);
627	} else {
628	/ otherwise we'll need to scan for the AP first /
629	err = cfg80211_conn_scan(wdev);
630
631	/*
632	* If we can't scan right now, then we need to scan again
633	* after the current scan finished, since the parameters
634	* changed (unless we find a good AP anyway).
635	*/
636	if (err == -EBUSY) {
637	err = `0`;
638	wdev->conn->state = CFG80211_CONN_SCAN_AGAIN;
639	}
640	}
641
642	if (err)
643	cfg80211_sme_free(wdev);
644
645	return err;
646	}
647
648	static int cfg80211_sme_disconnect(struct wireless_dev *wdev, u16 reason)
649	{
650	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy: wdev->wiphy);
651	int err;
652
653	if (!wdev->conn)
654	return `0`;
655
656	if (!rdev->ops->deauth)
657	return -EOPNOTSUPP;
658
659	if (wdev->conn->state == CFG80211_CONN_SCANNING \|\|
660	wdev->conn->state == CFG80211_CONN_SCAN_AGAIN) {
661	err = `0`;
662	goto out;
663	}
664
665	/ wdev->conn->params.bssid must be set if > SCANNING /
666	err = cfg80211_mlme_deauth(rdev, dev: wdev->netdev,
667	bssid: wdev->conn->params.bssid,
668	NULL, ie_len: `0`, reason, local_state_change: false);
669	out:
670	cfg80211_sme_free(wdev);
671	return err;
672	}
673
674	/*
675	* code shared for in-device and software SME
676	*/
677
678	static bool cfg80211_is_all_idle(void)
679	{
680	struct cfg80211_registered_device *rdev;
681	struct wireless_dev *wdev;
682	bool is_all_idle = true;
683
684	/*
685	* All devices must be idle as otherwise if you are actively
686	* scanning some new beacon hints could be learned and would
687	* count as new regulatory hints.
688	* Also if there is any other active beaconing interface we
689	* need not issue a disconnect hint and reset any info such
690	* as chan dfs state, etc.
691	*/
692	for_each_rdev(rdev) {
693	guard(wiphy)(T: &rdev->wiphy);
694
695	list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
696	if (wdev->conn \|\| wdev->connected \|\|
697	cfg80211_beaconing_iface_active(wdev))
698	is_all_idle = false;
699	}
700	}
701
702	return is_all_idle;
703	}
704
705	static void disconnect_work(struct work_struct *work)
706	{
707	rtnl_lock();
708	if (cfg80211_is_all_idle())
709	regulatory_hint_disconnect();
710	rtnl_unlock();
711	}
712
713	DECLARE_WORK(cfg80211_disconnect_work, disconnect_work);
714
715	static void
716	cfg80211_connect_result_release_bsses(struct wireless_dev *wdev,
717	struct cfg80211_connect_resp_params *cr)
718	{
719	unsigned int link;
720
721	for_each_valid_link(cr, link) {
722	if (!cr->links[link].bss)
723	continue;
724	cfg80211_unhold_bss(bss: bss_from_pub(pub: cr->links[link].bss));
725	cfg80211_put_bss(wiphy: wdev->wiphy, bss: cr->links[link].bss);
726	}
727	}
728
729	/*
730	* API calls for drivers implementing connect/disconnect and
731	* SME event handling
732	*/
733
734	/ This method must consume bss one way or another /
735	void __cfg80211_connect_result(struct net_device *dev,
736	struct cfg80211_connect_resp_params *cr,
737	bool wextev)
738	{
739	struct wireless_dev *wdev = dev->ieee80211_ptr;
740	const struct element *country_elem = NULL;
741	const struct element *ssid;
742	const u8 *country_data;
743	u8 country_datalen;
744	#ifdef CONFIG_CFG80211_WEXT
745	union iwreq_data wrqu;
746	#endif
747	unsigned int link;
748	const u8 *connected_addr;
749	bool bss_not_found = false;
750
751	lockdep_assert_wiphy(wdev->wiphy);
752
753	if (WARN_ON(wdev->iftype != NL80211_IFTYPE_STATION &&
754	wdev->iftype != NL80211_IFTYPE_P2P_CLIENT))
755	goto out;
756
757	if (cr->valid_links) {
758	if (WARN_ON(!cr->ap_mld_addr))
759	goto out;
760
761	for_each_valid_link(cr, link) {
762	if (WARN_ON(!cr->links[link].addr))
763	goto out;
764	}
765
766	if (WARN_ON(wdev->connect_keys))
767	goto out;
768	}
769
770	wdev->unprot_beacon_reported = `0`;
771	nl80211_send_connect_result(rdev: wiphy_to_rdev(wiphy: wdev->wiphy), netdev: dev, params: cr,
772	GFP_KERNEL);
773	connected_addr = cr->valid_links ? cr->ap_mld_addr : cr->links[`0`].bssid;
774
775	#ifdef CONFIG_CFG80211_WEXT
776	if (wextev && !cr->valid_links) {
777	if (cr->req_ie && cr->status == WLAN_STATUS_SUCCESS) {
778	memset(&wrqu, `0`, sizeof(wrqu));
779	wrqu.data.length = cr->req_ie_len;
780	wireless_send_event(dev, IWEVASSOCREQIE, &wrqu,
781	cr->req_ie);
782	}
783
784	if (cr->resp_ie && cr->status == WLAN_STATUS_SUCCESS) {
785	memset(&wrqu, `0`, sizeof(wrqu));
786	wrqu.data.length = cr->resp_ie_len;
787	wireless_send_event(dev, IWEVASSOCRESPIE, &wrqu,
788	cr->resp_ie);
789	}
790
791	memset(&wrqu, `0`, sizeof(wrqu));
792	wrqu.ap_addr.sa_family = ARPHRD_ETHER;
793	if (connected_addr && cr->status == WLAN_STATUS_SUCCESS) {
794	memcpy(wrqu.ap_addr.sa_data, connected_addr, ETH_ALEN);
795	memcpy(wdev->wext.prev_bssid, connected_addr, ETH_ALEN);
796	wdev->wext.prev_bssid_valid = true;
797	}
798	wireless_send_event(dev, SIOCGIWAP, &wrqu, NULL);
799	}
800	#endif
801
802	if (cr->status == WLAN_STATUS_SUCCESS) {
803	if (!wiphy_to_rdev(wiphy: wdev->wiphy)->ops->connect) {
804	for_each_valid_link(cr, link) {
805	if (WARN_ON_ONCE(!cr->links[link].bss))
806	break;
807	}
808	}
809
810	for_each_valid_link(cr, link) {
811	/ don't do extra lookups for failures /
812	if (cr->links[link].status != WLAN_STATUS_SUCCESS)
813	continue;
814
815	if (cr->links[link].bss)
816	continue;
817
818	cr->links[link].bss =
819	cfg80211_get_bss(wiphy: wdev->wiphy, NULL,
820	bssid: cr->links[link].bssid,
821	ssid: wdev->u.client.ssid,
822	ssid_len: wdev->u.client.ssid_len,
823	bss_type: wdev->conn_bss_type,
824	privacy: IEEE80211_PRIVACY_ANY);
825	if (!cr->links[link].bss) {
826	bss_not_found = true;
827	break;
828	}
829	cfg80211_hold_bss(bss: bss_from_pub(pub: cr->links[link].bss));
830	}
831	}
832
833	cfg80211_wdev_release_bsses(wdev);
834
835	if (cr->status != WLAN_STATUS_SUCCESS) {
836	kfree_sensitive(objp: wdev->connect_keys);
837	wdev->connect_keys = NULL;
838	wdev->u.client.ssid_len = `0`;
839	wdev->conn_owner_nlportid = `0`;
840	cfg80211_connect_result_release_bsses(wdev, cr);
841	cfg80211_sme_free(wdev);
842	return;
843	}
844
845	if (WARN_ON(bss_not_found)) {
846	cfg80211_connect_result_release_bsses(wdev, cr);
847	return;
848	}
849
850	memset(s: wdev->links, c: `0`, n: sizeof(wdev->links));
851	for_each_valid_link(cr, link) {
852	if (cr->links[link].status == WLAN_STATUS_SUCCESS)
853	continue;
854	cr->valid_links &= ~BIT(link);
855	/ don't require bss pointer for failed links /
856	if (!cr->links[link].bss)
857	continue;
858	cfg80211_unhold_bss(bss: bss_from_pub(pub: cr->links[link].bss));
859	cfg80211_put_bss(wiphy: wdev->wiphy, bss: cr->links[link].bss);
860	}
861	wdev->valid_links = cr->valid_links;
862	for_each_valid_link(cr, link)
863	wdev->links[link].client.current_bss =
864	bss_from_pub(pub: cr->links[link].bss);
865	wdev->connected = true;
866	ether_addr_copy(dst: wdev->u.client.connected_addr, src: connected_addr);
867	if (cr->valid_links) {
868	for_each_valid_link(cr, link)
869	memcpy(to: wdev->links[link].addr, from: cr->links[link].addr,
870	ETH_ALEN);
871	}
872
873	cfg80211_upload_connect_keys(wdev);
874
875	rcu_read_lock();
876	for_each_valid_link(cr, link) {
877	country_elem =
878	ieee80211_bss_get_elem(bss: cr->links[link].bss,
879	id: WLAN_EID_COUNTRY);
880	if (country_elem)
881	break;
882	}
883	if (!country_elem) {
884	rcu_read_unlock();
885	return;
886	}
887
888	country_datalen = country_elem->datalen;
889	country_data = kmemdup(country_elem->data, country_datalen, GFP_ATOMIC);
890	rcu_read_unlock();
891
892	if (!country_data)
893	return;
894
895	regulatory_hint_country_ie(wiphy: wdev->wiphy,
896	band: cr->links[link].bss->channel->band,
897	country_ie: country_data, country_ie_len: country_datalen);
898	kfree(objp: country_data);
899
900	if (!wdev->u.client.ssid_len) {
901	rcu_read_lock();
902	for_each_valid_link(cr, link) {
903	u32 ssid_len;
904
905	ssid = ieee80211_bss_get_elem(bss: cr->links[link].bss,
906	id: WLAN_EID_SSID);
907
908	if (!ssid \|\| !ssid->datalen)
909	continue;
910
911	ssid_len = min(ssid->datalen, IEEE80211_MAX_SSID_LEN);
912	memcpy(to: wdev->u.client.ssid, from: ssid->data, len: ssid_len);
913	wdev->u.client.ssid_len = ssid->datalen;
914	break;
915	}
916	rcu_read_unlock();
917	}
918
919	return;
920	out:
921	for_each_valid_link(cr, link)
922	cfg80211_put_bss(wiphy: wdev->wiphy, bss: cr->links[link].bss);
923	}
924
925	static void cfg80211_update_link_bss(struct wireless_dev *wdev,
926	struct cfg80211_bss **bss)
927	{
928	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy: wdev->wiphy);
929	struct cfg80211_internal_bss *ibss;
930
931	if (!*bss)
932	return;
933
934	ibss = bss_from_pub(pub: *bss);
935	if (list_empty(head: &ibss->list)) {
936	struct cfg80211_bss found = NULL, tmp = *bss;
937
938	found = cfg80211_get_bss(wiphy: wdev->wiphy, NULL,
939	bssid: (*bss)->bssid,
940	ssid: wdev->u.client.ssid,
941	ssid_len: wdev->u.client.ssid_len,
942	bss_type: wdev->conn_bss_type,
943	privacy: IEEE80211_PRIVACY_ANY);
944	if (found) {
945	/ The same BSS is already updated so use it*
946	* instead, as it has latest info.
947	*/
948	*bss = found;
949	} else {
950	/ Update with BSS provided by driver, it will*
951	* be freshly added and ref cnted, we can free
952	* the old one.
953	*
954	* signal_valid can be false, as we are not
955	* expecting the BSS to be found.
956	*
957	* keep the old timestamp to avoid confusion
958	*/
959	cfg80211_bss_update(rdev, tmp: ibss, signal_valid: false,
960	ts: ibss->ts);
961	}
962
963	cfg80211_put_bss(wiphy: wdev->wiphy, bss: tmp);
964	}
965	}
966
967	/ Consumes bss object(s) one way or another /
968	void cfg80211_connect_done(struct net_device *dev,
969	struct cfg80211_connect_resp_params *params,
970	gfp_t gfp)
971	{
972	struct wireless_dev *wdev = dev->ieee80211_ptr;
973	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy: wdev->wiphy);
974	struct cfg80211_event *ev;
975	unsigned long flags;
976	u8 *next;
977	size_t link_info_size = `0`;
978	unsigned int link;
979
980	for_each_valid_link(params, link) {
981	cfg80211_update_link_bss(wdev, bss: &params->links[link].bss);
982	link_info_size += params->links[link].bssid ? ETH_ALEN : `0`;
983	link_info_size += params->links[link].addr ? ETH_ALEN : `0`;
984	}
985
986	ev = kzalloc(sizeof(*ev) + (params->ap_mld_addr ? ETH_ALEN : `0`) +
987	params->req_ie_len + params->resp_ie_len +
988	params->fils.kek_len + params->fils.pmk_len +
989	(params->fils.pmkid ? WLAN_PMKID_LEN : `0`) + link_info_size,
990	gfp);
991
992	if (!ev) {
993	for_each_valid_link(params, link)
994	cfg80211_put_bss(wiphy: wdev->wiphy,
995	bss: params->links[link].bss);
996	return;
997	}
998
999	ev->type = EVENT_CONNECT_RESULT;
1000	next = ((u8 )ev) + sizeof(ev);
1001	if (params->ap_mld_addr) {
1002	ev->cr.ap_mld_addr = next;
1003	memcpy(to: (void *)ev->cr.ap_mld_addr, from: params->ap_mld_addr,
1004	ETH_ALEN);
1005	next += ETH_ALEN;
1006	}
1007	if (params->req_ie_len) {
1008	ev->cr.req_ie = next;
1009	ev->cr.req_ie_len = params->req_ie_len;
1010	memcpy(to: (void *)ev->cr.req_ie, from: params->req_ie,
1011	len: params->req_ie_len);
1012	next += params->req_ie_len;
1013	}
1014	if (params->resp_ie_len) {
1015	ev->cr.resp_ie = next;
1016	ev->cr.resp_ie_len = params->resp_ie_len;
1017	memcpy(to: (void *)ev->cr.resp_ie, from: params->resp_ie,
1018	len: params->resp_ie_len);
1019	next += params->resp_ie_len;
1020	}
1021	if (params->fils.kek_len) {
1022	ev->cr.fils.kek = next;
1023	ev->cr.fils.kek_len = params->fils.kek_len;
1024	memcpy(to: (void *)ev->cr.fils.kek, from: params->fils.kek,
1025	len: params->fils.kek_len);
1026	next += params->fils.kek_len;
1027	}
1028	if (params->fils.pmk_len) {
1029	ev->cr.fils.pmk = next;
1030	ev->cr.fils.pmk_len = params->fils.pmk_len;
1031	memcpy(to: (void *)ev->cr.fils.pmk, from: params->fils.pmk,
1032	len: params->fils.pmk_len);
1033	next += params->fils.pmk_len;
1034	}
1035	if (params->fils.pmkid) {
1036	ev->cr.fils.pmkid = next;
1037	memcpy(to: (void *)ev->cr.fils.pmkid, from: params->fils.pmkid,
1038	WLAN_PMKID_LEN);
1039	next += WLAN_PMKID_LEN;
1040	}
1041	ev->cr.fils.update_erp_next_seq_num = params->fils.update_erp_next_seq_num;
1042	if (params->fils.update_erp_next_seq_num)
1043	ev->cr.fils.erp_next_seq_num = params->fils.erp_next_seq_num;
1044	ev->cr.valid_links = params->valid_links;
1045	for_each_valid_link(params, link) {
1046	if (params->links[link].bss)
1047	cfg80211_hold_bss(
1048	bss: bss_from_pub(pub: params->links[link].bss));
1049	ev->cr.links[link].bss = params->links[link].bss;
1050	ev->cr.links[link].status = params->links[link].status;
1051
1052	if (params->links[link].addr) {
1053	ev->cr.links[link].addr = next;
1054	memcpy(to: (void *)ev->cr.links[link].addr,
1055	from: params->links[link].addr,
1056	ETH_ALEN);
1057	next += ETH_ALEN;
1058	}
1059	if (params->links[link].bssid) {
1060	ev->cr.links[link].bssid = next;
1061	memcpy(to: (void *)ev->cr.links[link].bssid,
1062	from: params->links[link].bssid,
1063	ETH_ALEN);
1064	next += ETH_ALEN;
1065	}
1066	}
1067	ev->cr.status = params->status;
1068	ev->cr.timeout_reason = params->timeout_reason;
1069
1070	spin_lock_irqsave(&wdev->event_lock, flags);
1071	list_add_tail(new: &ev->list, head: &wdev->event_list);
1072	spin_unlock_irqrestore(lock: &wdev->event_lock, flags);
1073	queue_work(wq: cfg80211_wq, work: &rdev->event_work);
1074	}
1075	EXPORT_SYMBOL(cfg80211_connect_done);
1076
1077	/ Consumes bss object one way or another /
1078	void __cfg80211_roamed(struct wireless_dev *wdev,
1079	struct cfg80211_roam_info *info)
1080	{
1081	#ifdef CONFIG_CFG80211_WEXT
1082	union iwreq_data wrqu;
1083	#endif
1084	unsigned int link;
1085	const u8 *connected_addr;
1086
1087	lockdep_assert_wiphy(wdev->wiphy);
1088
1089	if (WARN_ON(wdev->iftype != NL80211_IFTYPE_STATION &&
1090	wdev->iftype != NL80211_IFTYPE_P2P_CLIENT))
1091	goto out;
1092
1093	if (WARN_ON(!wdev->connected))
1094	goto out;
1095
1096	if (info->valid_links) {
1097	if (WARN_ON(!info->ap_mld_addr))
1098	goto out;
1099
1100	for_each_valid_link(info, link) {
1101	if (WARN_ON(!info->links[link].addr))
1102	goto out;
1103	}
1104	}
1105
1106	cfg80211_wdev_release_bsses(wdev);
1107
1108	for_each_valid_link(info, link) {
1109	if (WARN_ON(!info->links[link].bss))
1110	goto out;
1111	}
1112
1113	memset(s: wdev->links, c: `0`, n: sizeof(wdev->links));
1114	wdev->valid_links = info->valid_links;
1115	for_each_valid_link(info, link) {
1116	cfg80211_hold_bss(bss: bss_from_pub(pub: info->links[link].bss));
1117	wdev->links[link].client.current_bss =
1118	bss_from_pub(pub: info->links[link].bss);
1119	}
1120
1121	connected_addr = info->valid_links ?
1122	info->ap_mld_addr :
1123	info->links[`0`].bss->bssid;
1124	ether_addr_copy(dst: wdev->u.client.connected_addr, src: connected_addr);
1125	if (info->valid_links) {
1126	for_each_valid_link(info, link)
1127	memcpy(to: wdev->links[link].addr, from: info->links[link].addr,
1128	ETH_ALEN);
1129	}
1130	wdev->unprot_beacon_reported = `0`;
1131	nl80211_send_roamed(rdev: wiphy_to_rdev(wiphy: wdev->wiphy),
1132	netdev: wdev->netdev, info, GFP_KERNEL);
1133
1134	#ifdef CONFIG_CFG80211_WEXT
1135	if (!info->valid_links) {
1136	if (info->req_ie) {
1137	memset(&wrqu, `0`, sizeof(wrqu));
1138	wrqu.data.length = info->req_ie_len;
1139	wireless_send_event(wdev->netdev, IWEVASSOCREQIE,
1140	&wrqu, info->req_ie);
1141	}
1142
1143	if (info->resp_ie) {
1144	memset(&wrqu, `0`, sizeof(wrqu));
1145	wrqu.data.length = info->resp_ie_len;
1146	wireless_send_event(wdev->netdev, IWEVASSOCRESPIE,
1147	&wrqu, info->resp_ie);
1148	}
1149
1150	memset(&wrqu, `0`, sizeof(wrqu));
1151	wrqu.ap_addr.sa_family = ARPHRD_ETHER;
1152	memcpy(wrqu.ap_addr.sa_data, connected_addr, ETH_ALEN);
1153	memcpy(wdev->wext.prev_bssid, connected_addr, ETH_ALEN);
1154	wdev->wext.prev_bssid_valid = true;
1155	wireless_send_event(wdev->netdev, SIOCGIWAP, &wrqu, NULL);
1156	}
1157	#endif
1158
1159	return;
1160	out:
1161	for_each_valid_link(info, link)
1162	cfg80211_put_bss(wiphy: wdev->wiphy, bss: info->links[link].bss);
1163	}
1164
1165	/ Consumes info->links.bss object(s) one way or another /
1166	void cfg80211_roamed(struct net_device dev, struct* cfg80211_roam_info *info,
1167	gfp_t gfp)
1168	{
1169	struct wireless_dev *wdev = dev->ieee80211_ptr;
1170	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy: wdev->wiphy);
1171	struct cfg80211_event *ev;
1172	unsigned long flags;
1173	u8 *next;
1174	unsigned int link;
1175	size_t link_info_size = `0`;
1176	bool bss_not_found = false;
1177
1178	for_each_valid_link(info, link) {
1179	link_info_size += info->links[link].addr ? ETH_ALEN : `0`;
1180	link_info_size += info->links[link].bssid ? ETH_ALEN : `0`;
1181
1182	if (info->links[link].bss)
1183	continue;
1184
1185	info->links[link].bss =
1186	cfg80211_get_bss(wiphy: wdev->wiphy,
1187	channel: info->links[link].channel,
1188	bssid: info->links[link].bssid,
1189	ssid: wdev->u.client.ssid,
1190	ssid_len: wdev->u.client.ssid_len,
1191	bss_type: wdev->conn_bss_type,
1192	privacy: IEEE80211_PRIVACY_ANY);
1193
1194	if (!info->links[link].bss) {
1195	bss_not_found = true;
1196	break;
1197	}
1198	}
1199
1200	if (WARN_ON(bss_not_found))
1201	goto out;
1202
1203	ev = kzalloc(sizeof(*ev) + info->req_ie_len + info->resp_ie_len +
1204	info->fils.kek_len + info->fils.pmk_len +
1205	(info->fils.pmkid ? WLAN_PMKID_LEN : `0`) +
1206	(info->ap_mld_addr ? ETH_ALEN : `0`) + link_info_size, gfp);
1207	if (!ev)
1208	goto out;
1209
1210	ev->type = EVENT_ROAMED;
1211	next = ((u8 )ev) + sizeof(ev);
1212	if (info->req_ie_len) {
1213	ev->rm.req_ie = next;
1214	ev->rm.req_ie_len = info->req_ie_len;
1215	memcpy(to: (void *)ev->rm.req_ie, from: info->req_ie, len: info->req_ie_len);
1216	next += info->req_ie_len;
1217	}
1218	if (info->resp_ie_len) {
1219	ev->rm.resp_ie = next;
1220	ev->rm.resp_ie_len = info->resp_ie_len;
1221	memcpy(to: (void *)ev->rm.resp_ie, from: info->resp_ie,
1222	len: info->resp_ie_len);
1223	next += info->resp_ie_len;
1224	}
1225	if (info->fils.kek_len) {
1226	ev->rm.fils.kek = next;
1227	ev->rm.fils.kek_len = info->fils.kek_len;
1228	memcpy(to: (void *)ev->rm.fils.kek, from: info->fils.kek,
1229	len: info->fils.kek_len);
1230	next += info->fils.kek_len;
1231	}
1232	if (info->fils.pmk_len) {
1233	ev->rm.fils.pmk = next;
1234	ev->rm.fils.pmk_len = info->fils.pmk_len;
1235	memcpy(to: (void *)ev->rm.fils.pmk, from: info->fils.pmk,
1236	len: info->fils.pmk_len);
1237	next += info->fils.pmk_len;
1238	}
1239	if (info->fils.pmkid) {
1240	ev->rm.fils.pmkid = next;
1241	memcpy(to: (void *)ev->rm.fils.pmkid, from: info->fils.pmkid,
1242	WLAN_PMKID_LEN);
1243	next += WLAN_PMKID_LEN;
1244	}
1245	ev->rm.fils.update_erp_next_seq_num = info->fils.update_erp_next_seq_num;
1246	if (info->fils.update_erp_next_seq_num)
1247	ev->rm.fils.erp_next_seq_num = info->fils.erp_next_seq_num;
1248	if (info->ap_mld_addr) {
1249	ev->rm.ap_mld_addr = next;
1250	memcpy(to: (void *)ev->rm.ap_mld_addr, from: info->ap_mld_addr,
1251	ETH_ALEN);
1252	next += ETH_ALEN;
1253	}
1254	ev->rm.valid_links = info->valid_links;
1255	for_each_valid_link(info, link) {
1256	ev->rm.links[link].bss = info->links[link].bss;
1257
1258	if (info->links[link].addr) {
1259	ev->rm.links[link].addr = next;
1260	memcpy(to: (void *)ev->rm.links[link].addr,
1261	from: info->links[link].addr,
1262	ETH_ALEN);
1263	next += ETH_ALEN;
1264	}
1265
1266	if (info->links[link].bssid) {
1267	ev->rm.links[link].bssid = next;
1268	memcpy(to: (void *)ev->rm.links[link].bssid,
1269	from: info->links[link].bssid,
1270	ETH_ALEN);
1271	next += ETH_ALEN;
1272	}
1273	}
1274
1275	spin_lock_irqsave(&wdev->event_lock, flags);
1276	list_add_tail(new: &ev->list, head: &wdev->event_list);
1277	spin_unlock_irqrestore(lock: &wdev->event_lock, flags);
1278	queue_work(wq: cfg80211_wq, work: &rdev->event_work);
1279
1280	return;
1281	out:
1282	for_each_valid_link(info, link)
1283	cfg80211_put_bss(wiphy: wdev->wiphy, bss: info->links[link].bss);
1284
1285	}
1286	EXPORT_SYMBOL(cfg80211_roamed);
1287
1288	void __cfg80211_port_authorized(struct wireless_dev wdev, const* u8 *peer_addr,
1289	const u8 *td_bitmap, u8 td_bitmap_len)
1290	{
1291	lockdep_assert_wiphy(wdev->wiphy);
1292
1293	if (WARN_ON(wdev->iftype != NL80211_IFTYPE_STATION &&
1294	wdev->iftype != NL80211_IFTYPE_P2P_CLIENT &&
1295	wdev->iftype != NL80211_IFTYPE_AP &&
1296	wdev->iftype != NL80211_IFTYPE_P2P_GO))
1297	return;
1298
1299	if (wdev->iftype == NL80211_IFTYPE_STATION \|\|
1300	wdev->iftype == NL80211_IFTYPE_P2P_CLIENT) {
1301	if (WARN_ON(!wdev->connected) \|\|
1302	WARN_ON(!ether_addr_equal(wdev->u.client.connected_addr, peer_addr)))
1303	return;
1304	}
1305
1306	nl80211_send_port_authorized(rdev: wiphy_to_rdev(wiphy: wdev->wiphy), netdev: wdev->netdev,
1307	peer_addr, td_bitmap, td_bitmap_len);
1308	}
1309
1310	void cfg80211_port_authorized(struct net_device dev, const* u8 *peer_addr,
1311	const u8 *td_bitmap, u8 td_bitmap_len, gfp_t gfp)
1312	{
1313	struct wireless_dev *wdev = dev->ieee80211_ptr;
1314	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy: wdev->wiphy);
1315	struct cfg80211_event *ev;
1316	unsigned long flags;
1317
1318	if (WARN_ON(!peer_addr))
1319	return;
1320
1321	ev = kzalloc(sizeof(*ev) + td_bitmap_len, gfp);
1322	if (!ev)
1323	return;
1324
1325	ev->type = EVENT_PORT_AUTHORIZED;
1326	memcpy(to: ev->pa.peer_addr, from: peer_addr, ETH_ALEN);
1327	ev->pa.td_bitmap = ((u8 )ev) + sizeof(ev);
1328	ev->pa.td_bitmap_len = td_bitmap_len;
1329	memcpy(to: (void *)ev->pa.td_bitmap, from: td_bitmap, len: td_bitmap_len);
1330
1331	/*
1332	* Use the wdev event list so that if there are pending
1333	* connected/roamed events, they will be reported first.
1334	*/
1335	spin_lock_irqsave(&wdev->event_lock, flags);
1336	list_add_tail(new: &ev->list, head: &wdev->event_list);
1337	spin_unlock_irqrestore(lock: &wdev->event_lock, flags);
1338	queue_work(wq: cfg80211_wq, work: &rdev->event_work);
1339	}
1340	EXPORT_SYMBOL(cfg80211_port_authorized);
1341
1342	void __cfg80211_disconnected(struct net_device dev, const* u8 *ie,
1343	size_t ie_len, u16 reason, bool from_ap)
1344	{
1345	struct wireless_dev *wdev = dev->ieee80211_ptr;
1346	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy: wdev->wiphy);
1347	int i;
1348	#ifdef CONFIG_CFG80211_WEXT
1349	union iwreq_data wrqu;
1350	#endif
1351
1352	lockdep_assert_wiphy(wdev->wiphy);
1353
1354	if (WARN_ON(wdev->iftype != NL80211_IFTYPE_STATION &&
1355	wdev->iftype != NL80211_IFTYPE_P2P_CLIENT))
1356	return;
1357
1358	cfg80211_wdev_release_bsses(wdev);
1359	wdev->valid_links = `0`;
1360	wdev->connected = false;
1361	wdev->u.client.ssid_len = `0`;
1362	wdev->conn_owner_nlportid = `0`;
1363	kfree_sensitive(objp: wdev->connect_keys);
1364	wdev->connect_keys = NULL;
1365
1366	nl80211_send_disconnected(rdev, netdev: dev, reason, ie, ie_len, from_ap);
1367
1368	/ stop critical protocol if supported /
1369	if (rdev->ops->crit_proto_stop && rdev->crit_proto_nlportid) {
1370	rdev->crit_proto_nlportid = `0`;
1371	rdev_crit_proto_stop(rdev, wdev);
1372	}
1373
1374	/*
1375	* Delete all the keys ... pairwise keys can't really
1376	* exist any more anyway, but default keys might.
1377	*/
1378	if (rdev->ops->del_key) {
1379	int max_key_idx = `5`;
1380
1381	if (wiphy_ext_feature_isset(
1382	wiphy: wdev->wiphy,
1383	ftidx: NL80211_EXT_FEATURE_BEACON_PROTECTION) \|\|
1384	wiphy_ext_feature_isset(
1385	wiphy: wdev->wiphy,
1386	ftidx: NL80211_EXT_FEATURE_BEACON_PROTECTION_CLIENT))
1387	max_key_idx = `7`;
1388	for (i = `0`; i <= max_key_idx; i++)
1389	rdev_del_key(rdev, netdev: dev, link_id: -`1`, key_index: i, pairwise: false, NULL);
1390	}
1391
1392	rdev_set_qos_map(rdev, dev, NULL);
1393
1394	#ifdef CONFIG_CFG80211_WEXT
1395	memset(&wrqu, `0`, sizeof(wrqu));
1396	wrqu.ap_addr.sa_family = ARPHRD_ETHER;
1397	wireless_send_event(dev, SIOCGIWAP, &wrqu, NULL);
1398	wdev->wext.connect.ssid_len = `0`;
1399	#endif
1400
1401	schedule_work(work: &cfg80211_disconnect_work);
1402
1403	cfg80211_schedule_channels_check(wdev);
1404	}
1405
1406	void cfg80211_disconnected(struct net_device *dev, u16 reason,
1407	const u8 *ie, size_t ie_len,
1408	bool locally_generated, gfp_t gfp)
1409	{
1410	struct wireless_dev *wdev = dev->ieee80211_ptr;
1411	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy: wdev->wiphy);
1412	struct cfg80211_event *ev;
1413	unsigned long flags;
1414
1415	ev = kzalloc(sizeof(*ev) + ie_len, gfp);
1416	if (!ev)
1417	return;
1418
1419	ev->type = EVENT_DISCONNECTED;
1420	ev->dc.ie = ((u8 )ev) + sizeof(ev);
1421	ev->dc.ie_len = ie_len;
1422	memcpy(to: (void *)ev->dc.ie, from: ie, len: ie_len);
1423	ev->dc.reason = reason;
1424	ev->dc.locally_generated = locally_generated;
1425
1426	spin_lock_irqsave(&wdev->event_lock, flags);
1427	list_add_tail(new: &ev->list, head: &wdev->event_list);
1428	spin_unlock_irqrestore(lock: &wdev->event_lock, flags);
1429	queue_work(wq: cfg80211_wq, work: &rdev->event_work);
1430	}
1431	EXPORT_SYMBOL(cfg80211_disconnected);
1432
1433	/*
1434	* API calls for nl80211/wext compatibility code
1435	*/
1436	int cfg80211_connect(struct cfg80211_registered_device *rdev,
1437	struct net_device *dev,
1438	struct cfg80211_connect_params *connect,
1439	struct cfg80211_cached_keys *connkeys,
1440	const u8 *prev_bssid)
1441	{
1442	struct wireless_dev *wdev = dev->ieee80211_ptr;
1443	int err;
1444
1445	lockdep_assert_wiphy(wdev->wiphy);
1446
1447	/*
1448	* If we have an ssid_len, we're trying to connect or are
1449	* already connected, so reject a new SSID unless it's the
1450	* same (which is the case for re-association.)
1451	*/
1452	if (wdev->u.client.ssid_len &&
1453	(wdev->u.client.ssid_len != connect->ssid_len \|\|
1454	memcmp(wdev->u.client.ssid, connect->ssid, wdev->u.client.ssid_len)))
1455	return -EALREADY;
1456
1457	/*
1458	* If connected, reject (re-)association unless prev_bssid
1459	* matches the current BSSID.
1460	*/
1461	if (wdev->connected) {
1462	if (!prev_bssid)
1463	return -EALREADY;
1464	if (!ether_addr_equal(addr1: prev_bssid,
1465	addr2: wdev->u.client.connected_addr))
1466	return -ENOTCONN;
1467	}
1468
1469	/*
1470	* Reject if we're in the process of connecting with WEP,
1471	* this case isn't very interesting and trying to handle
1472	* it would make the code much more complex.
1473	*/
1474	if (wdev->connect_keys)
1475	return -EINPROGRESS;
1476
1477	cfg80211_oper_and_ht_capa(ht_capa: &connect->ht_capa_mask,
1478	ht_capa_mask: rdev->wiphy.ht_capa_mod_mask);
1479	cfg80211_oper_and_vht_capa(vht_capa: &connect->vht_capa_mask,
1480	vht_capa_mask: rdev->wiphy.vht_capa_mod_mask);
1481
1482	if (connkeys && connkeys->def >= `0`) {
1483	int idx;
1484	u32 cipher;
1485
1486	idx = connkeys->def;
1487	cipher = connkeys->params[idx].cipher;
1488	/ If given a WEP key we may need it for shared key auth /
1489	if (cipher == WLAN_CIPHER_SUITE_WEP40 \|\|
1490	cipher == WLAN_CIPHER_SUITE_WEP104) {
1491	connect->key_idx = idx;
1492	connect->key = connkeys->params[idx].key;
1493	connect->key_len = connkeys->params[idx].key_len;
1494
1495	/*
1496	* If ciphers are not set (e.g. when going through
1497	* iwconfig), we have to set them appropriately here.
1498	*/
1499	if (connect->crypto.cipher_group == `0`)
1500	connect->crypto.cipher_group = cipher;
1501
1502	if (connect->crypto.n_ciphers_pairwise == `0`) {
1503	connect->crypto.n_ciphers_pairwise = `1`;
1504	connect->crypto.ciphers_pairwise[`0`] = cipher;
1505	}
1506	}
1507	} else {
1508	if (WARN_ON(connkeys))
1509	return -EINVAL;
1510
1511	/ connect can point to wdev->wext.connect which*
1512	* can hold key data from a previous connection
1513	*/
1514	connect->key = NULL;
1515	connect->key_len = `0`;
1516	connect->key_idx = `0`;
1517	}
1518
1519	wdev->connect_keys = connkeys;
1520	memcpy(to: wdev->u.client.ssid, from: connect->ssid, len: connect->ssid_len);
1521	wdev->u.client.ssid_len = connect->ssid_len;
1522
1523	wdev->conn_bss_type = connect->pbss ? IEEE80211_BSS_TYPE_PBSS :
1524	IEEE80211_BSS_TYPE_ESS;
1525
1526	if (!rdev->ops->connect)
1527	err = cfg80211_sme_connect(wdev, connect, prev_bssid);
1528	else
1529	err = rdev_connect(rdev, dev, sme: connect);
1530
1531	if (err) {
1532	wdev->connect_keys = NULL;
1533	/*
1534	* This could be reassoc getting refused, don't clear
1535	* ssid_len in that case.
1536	*/
1537	if (!wdev->connected)
1538	wdev->u.client.ssid_len = `0`;
1539	return err;
1540	}
1541
1542	return `0`;
1543	}
1544
1545	int cfg80211_disconnect(struct cfg80211_registered_device *rdev,
1546	struct net_device *dev, u16 reason, bool wextev)
1547	{
1548	struct wireless_dev *wdev = dev->ieee80211_ptr;
1549	int err = `0`;
1550
1551	lockdep_assert_wiphy(wdev->wiphy);
1552
1553	kfree_sensitive(objp: wdev->connect_keys);
1554	wdev->connect_keys = NULL;
1555
1556	wdev->conn_owner_nlportid = `0`;
1557
1558	if (wdev->conn)
1559	err = cfg80211_sme_disconnect(wdev, reason);
1560	else if (!rdev->ops->disconnect)
1561	cfg80211_mlme_down(rdev, dev);
1562	else if (wdev->u.client.ssid_len)
1563	err = rdev_disconnect(rdev, dev, reason_code: reason);
1564
1565	/*
1566	* Clear ssid_len unless we actually were fully connected,
1567	* in which case cfg80211_disconnected() will take care of
1568	* this later.
1569	*/
1570	if (!wdev->connected)
1571	wdev->u.client.ssid_len = `0`;
1572
1573	return err;
1574	}
1575
1576	/*
1577	* Used to clean up after the connection / connection attempt owner socket
1578	* disconnects
1579	*/
1580	void cfg80211_autodisconnect_wk(struct work_struct *work)
1581	{
1582	struct wireless_dev *wdev =
1583	container_of(work, struct wireless_dev, disconnect_wk);
1584	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy: wdev->wiphy);
1585
1586	guard(wiphy)(T: wdev->wiphy);
1587
1588	if (wdev->conn_owner_nlportid) {
1589	switch (wdev->iftype) {
1590	case NL80211_IFTYPE_ADHOC:
1591	cfg80211_leave_ibss(rdev, dev: wdev->netdev, nowext: false);
1592	break;
1593	case NL80211_IFTYPE_AP:
1594	case NL80211_IFTYPE_P2P_GO:
1595	cfg80211_stop_ap(rdev, dev: wdev->netdev, link: -`1`, notify: false);
1596	break;
1597	case NL80211_IFTYPE_MESH_POINT:
1598	cfg80211_leave_mesh(rdev, dev: wdev->netdev);
1599	break;
1600	case NL80211_IFTYPE_STATION:
1601	case NL80211_IFTYPE_P2P_CLIENT:
1602	/*
1603	* Use disconnect_bssid if still connecting and
1604	* ops->disconnect not implemented. Otherwise we can
1605	* use cfg80211_disconnect.
1606	*/
1607	if (rdev->ops->disconnect \|\| wdev->connected)
1608	cfg80211_disconnect(rdev, dev: wdev->netdev,
1609	reason: WLAN_REASON_DEAUTH_LEAVING,
1610	wextev: true);
1611	else
1612	cfg80211_mlme_deauth(rdev, dev: wdev->netdev,
1613	bssid: wdev->disconnect_bssid,
1614	NULL, ie_len: `0`,
1615	reason: WLAN_REASON_DEAUTH_LEAVING,
1616	local_state_change: false);
1617	break;
1618	default:
1619	break;
1620	}
1621	}
1622	}
1623

Browse the source code of Linux/net/wireless/sme.c