cfg.c 107 KB
Newer Older
1
// SPDX-License-Identifier: GPL-2.0-only
2
3
4
/*
 * mac80211 configuration hooks for cfg80211
 *
5
 * Copyright 2006-2010	Johannes Berg <johannes@sipsolutions.net>
6
 * Copyright 2013-2015  Intel Mobile Communications GmbH
7
 * Copyright (C) 2015-2017 Intel Deutschland GmbH
8
 * Copyright (C) 2018-2019 Intel Corporation
9
 * Copyright (C) 2018 Intel Corporation
10
11
 */

12
#include <linux/ieee80211.h>
13
14
#include <linux/nl80211.h>
#include <linux/rtnetlink.h>
15
#include <linux/slab.h>
16
#include <net/net_namespace.h>
17
#include <linux/rcupdate.h>
18
#include <linux/fips.h>
19
#include <linux/if_ether.h>
20
21
#include <net/cfg80211.h>
#include "ieee80211_i.h"
22
#include "driver-ops.h"
Johannes Berg's avatar
Johannes Berg committed
23
#include "rate.h"
24
#include "mesh.h"
25
#include "wme.h"
26

27
28
static void ieee80211_set_mu_mimo_follow(struct ieee80211_sub_if_data *sdata,
					 struct vif_params *params)
29
30
31
32
33
34
35
36
37
{
	bool mu_mimo_groups = false;
	bool mu_mimo_follow = false;

	if (params->vht_mumimo_groups) {
		u64 membership;

		BUILD_BUG_ON(sizeof(membership) != WLAN_MEMBERSHIP_LEN);

38
		memcpy(sdata->vif.bss_conf.mu_group.membership,
39
		       params->vht_mumimo_groups, WLAN_MEMBERSHIP_LEN);
40
		memcpy(sdata->vif.bss_conf.mu_group.position,
41
42
		       params->vht_mumimo_groups + WLAN_MEMBERSHIP_LEN,
		       WLAN_USER_POSITION_LEN);
43
		ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_MU_GROUPS);
44
45
46
47
48
49
50
51
52
		/* don't care about endianness - just check for 0 */
		memcpy(&membership, params->vht_mumimo_groups,
		       WLAN_MEMBERSHIP_LEN);
		mu_mimo_groups = membership != 0;
	}

	if (params->vht_mumimo_follow_addr) {
		mu_mimo_follow =
			is_valid_ether_addr(params->vht_mumimo_follow_addr);
53
		ether_addr_copy(sdata->u.mntr.mu_follow_addr,
54
55
56
				params->vht_mumimo_follow_addr);
	}

57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
	sdata->vif.mu_mimo_owner = mu_mimo_groups || mu_mimo_follow;
}

static int ieee80211_set_mon_options(struct ieee80211_sub_if_data *sdata,
				     struct vif_params *params)
{
	struct ieee80211_local *local = sdata->local;
	struct ieee80211_sub_if_data *monitor_sdata;

	/* check flags first */
	if (params->flags && ieee80211_sdata_running(sdata)) {
		u32 mask = MONITOR_FLAG_COOK_FRAMES | MONITOR_FLAG_ACTIVE;

		/*
		 * Prohibit MONITOR_FLAG_COOK_FRAMES and
		 * MONITOR_FLAG_ACTIVE to be changed while the
		 * interface is up.
		 * Else we would need to add a lot of cruft
		 * to update everything:
		 *	cooked_mntrs, monitor and all fif_* counters
		 *	reconfigure hardware
		 */
		if ((params->flags & mask) != (sdata->u.mntr.flags & mask))
			return -EBUSY;
	}

	/* also validate MU-MIMO change */
	monitor_sdata = rtnl_dereference(local->monitor_sdata);

	if (!monitor_sdata &&
	    (params->vht_mumimo_groups || params->vht_mumimo_follow_addr))
		return -EOPNOTSUPP;

	/* apply all changes now - no failures allowed */

	if (monitor_sdata)
		ieee80211_set_mu_mimo_follow(monitor_sdata, params);

	if (params->flags) {
		if (ieee80211_sdata_running(sdata)) {
			ieee80211_adjust_monitor_flags(sdata, -1);
			sdata->u.mntr.flags = params->flags;
			ieee80211_adjust_monitor_flags(sdata, 1);

			ieee80211_configure_filter(local);
		} else {
			/*
			 * Because the interface is down, ieee80211_do_stop
			 * and ieee80211_do_open take care of "everything"
			 * mentioned in the comment above.
			 */
			sdata->u.mntr.flags = params->flags;
		}
	}
111
112
113
114

	return 0;
}

115
116
static struct wireless_dev *ieee80211_add_iface(struct wiphy *wiphy,
						const char *name,
117
						unsigned char name_assign_type,
118
119
						enum nl80211_iftype type,
						struct vif_params *params)
120
121
{
	struct ieee80211_local *local = wiphy_priv(wiphy);
122
	struct wireless_dev *wdev;
123
124
	struct ieee80211_sub_if_data *sdata;
	int err;
125

126
	err = ieee80211_if_add(local, name, name_assign_type, &wdev, type, params);
127
128
	if (err)
		return ERR_PTR(err);
129

130
131
132
	sdata = IEEE80211_WDEV_TO_SUB_IF(wdev);

	if (type == NL80211_IFTYPE_MONITOR) {
133
		err = ieee80211_set_mon_options(sdata, params);
134
135
136
137
		if (err) {
			ieee80211_if_remove(sdata);
			return NULL;
		}
138
139
	}

140
	return wdev;
141
142
}

143
static int ieee80211_del_iface(struct wiphy *wiphy, struct wireless_dev *wdev)
144
{
145
	ieee80211_if_remove(IEEE80211_WDEV_TO_SUB_IF(wdev));
146

147
	return 0;
148
149
}

150
151
static int ieee80211_change_iface(struct wiphy *wiphy,
				  struct net_device *dev,
152
				  enum nl80211_iftype type,
153
				  struct vif_params *params)
154
{
155
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
156
	int ret;
157

158
	ret = ieee80211_if_change_type(sdata, type);
159
160
	if (ret)
		return ret;
161

162
	if (type == NL80211_IFTYPE_AP_VLAN && params->use_4addr == 0) {
163
		RCU_INIT_POINTER(sdata->u.vlan.sta, NULL);
Johannes Berg's avatar
Johannes Berg committed
164
		ieee80211_check_fast_rx_iface(sdata);
165
	} else if (type == NL80211_IFTYPE_STATION && params->use_4addr >= 0) {
166
		sdata->u.mgd.use_4addr = params->use_4addr;
Johannes Berg's avatar
Johannes Berg committed
167
	}
168

169
	if (sdata->vif.type == NL80211_IFTYPE_MONITOR) {
170
171
172
		ret = ieee80211_set_mon_options(sdata, params);
		if (ret)
			return ret;
173
	}
174

175
176
177
	return 0;
}

178
179
180
static int ieee80211_start_p2p_device(struct wiphy *wiphy,
				      struct wireless_dev *wdev)
{
181
182
183
184
185
186
187
188
189
	struct ieee80211_sub_if_data *sdata = IEEE80211_WDEV_TO_SUB_IF(wdev);
	int ret;

	mutex_lock(&sdata->local->chanctx_mtx);
	ret = ieee80211_check_combinations(sdata, NULL, 0, 0);
	mutex_unlock(&sdata->local->chanctx_mtx);
	if (ret < 0)
		return ret;

190
191
192
193
194
195
196
197
198
	return ieee80211_do_open(wdev, true);
}

static void ieee80211_stop_p2p_device(struct wiphy *wiphy,
				      struct wireless_dev *wdev)
{
	ieee80211_sdata_stop(IEEE80211_WDEV_TO_SUB_IF(wdev));
}

199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
static int ieee80211_start_nan(struct wiphy *wiphy,
			       struct wireless_dev *wdev,
			       struct cfg80211_nan_conf *conf)
{
	struct ieee80211_sub_if_data *sdata = IEEE80211_WDEV_TO_SUB_IF(wdev);
	int ret;

	mutex_lock(&sdata->local->chanctx_mtx);
	ret = ieee80211_check_combinations(sdata, NULL, 0, 0);
	mutex_unlock(&sdata->local->chanctx_mtx);
	if (ret < 0)
		return ret;

	ret = ieee80211_do_open(wdev, true);
	if (ret)
		return ret;

	ret = drv_start_nan(sdata->local, sdata, conf);
	if (ret)
		ieee80211_sdata_stop(sdata);

220
221
	sdata->u.nan.conf = *conf;

222
223
224
225
226
227
228
229
230
231
232
233
	return ret;
}

static void ieee80211_stop_nan(struct wiphy *wiphy,
			       struct wireless_dev *wdev)
{
	struct ieee80211_sub_if_data *sdata = IEEE80211_WDEV_TO_SUB_IF(wdev);

	drv_stop_nan(sdata->local, sdata);
	ieee80211_sdata_stop(sdata);
}

234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
static int ieee80211_nan_change_conf(struct wiphy *wiphy,
				     struct wireless_dev *wdev,
				     struct cfg80211_nan_conf *conf,
				     u32 changes)
{
	struct ieee80211_sub_if_data *sdata = IEEE80211_WDEV_TO_SUB_IF(wdev);
	struct cfg80211_nan_conf new_conf;
	int ret = 0;

	if (sdata->vif.type != NL80211_IFTYPE_NAN)
		return -EOPNOTSUPP;

	if (!ieee80211_sdata_running(sdata))
		return -ENETDOWN;

	new_conf = sdata->u.nan.conf;

	if (changes & CFG80211_NAN_CONF_CHANGED_PREF)
		new_conf.master_pref = conf->master_pref;

254
255
	if (changes & CFG80211_NAN_CONF_CHANGED_BANDS)
		new_conf.bands = conf->bands;
256
257
258
259
260
261
262
263

	ret = drv_nan_change_conf(sdata->local, sdata, &new_conf, changes);
	if (!ret)
		sdata->u.nan.conf = new_conf;

	return ret;
}

264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
static int ieee80211_add_nan_func(struct wiphy *wiphy,
				  struct wireless_dev *wdev,
				  struct cfg80211_nan_func *nan_func)
{
	struct ieee80211_sub_if_data *sdata = IEEE80211_WDEV_TO_SUB_IF(wdev);
	int ret;

	if (sdata->vif.type != NL80211_IFTYPE_NAN)
		return -EOPNOTSUPP;

	if (!ieee80211_sdata_running(sdata))
		return -ENETDOWN;

	spin_lock_bh(&sdata->u.nan.func_lock);

	ret = idr_alloc(&sdata->u.nan.function_inst_ids,
			nan_func, 1, sdata->local->hw.max_nan_de_entries + 1,
			GFP_ATOMIC);
	spin_unlock_bh(&sdata->u.nan.func_lock);

	if (ret < 0)
		return ret;

	nan_func->instance_id = ret;

	WARN_ON(nan_func->instance_id == 0);

	ret = drv_add_nan_func(sdata->local, sdata, nan_func);
	if (ret) {
		spin_lock_bh(&sdata->u.nan.func_lock);
		idr_remove(&sdata->u.nan.function_inst_ids,
			   nan_func->instance_id);
		spin_unlock_bh(&sdata->u.nan.func_lock);
	}

	return ret;
}

static struct cfg80211_nan_func *
ieee80211_find_nan_func_by_cookie(struct ieee80211_sub_if_data *sdata,
				  u64 cookie)
{
	struct cfg80211_nan_func *func;
	int id;

	lockdep_assert_held(&sdata->u.nan.func_lock);

	idr_for_each_entry(&sdata->u.nan.function_inst_ids, func, id) {
		if (func->cookie == cookie)
			return func;
	}

	return NULL;
}

static void ieee80211_del_nan_func(struct wiphy *wiphy,
				  struct wireless_dev *wdev, u64 cookie)
{
	struct ieee80211_sub_if_data *sdata = IEEE80211_WDEV_TO_SUB_IF(wdev);
	struct cfg80211_nan_func *func;
	u8 instance_id = 0;

	if (sdata->vif.type != NL80211_IFTYPE_NAN ||
	    !ieee80211_sdata_running(sdata))
		return;

	spin_lock_bh(&sdata->u.nan.func_lock);

	func = ieee80211_find_nan_func_by_cookie(sdata, cookie);
	if (func)
		instance_id = func->instance_id;

	spin_unlock_bh(&sdata->u.nan.func_lock);

	if (instance_id)
		drv_del_nan_func(sdata->local, sdata, instance_id);
}

342
343
344
345
346
347
348
static int ieee80211_set_noack_map(struct wiphy *wiphy,
				  struct net_device *dev,
				  u16 noack_map)
{
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);

	sdata->noack_map = noack_map;
Johannes Berg's avatar
Johannes Berg committed
349
350
351

	ieee80211_check_fast_xmit_iface(sdata);

352
353
354
	return 0;
}

355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
static int ieee80211_set_tx(struct ieee80211_sub_if_data *sdata,
			    const u8 *mac_addr, u8 key_idx)
{
	struct ieee80211_local *local = sdata->local;
	struct ieee80211_key *key;
	struct sta_info *sta;
	int ret = -EINVAL;

	if (!wiphy_ext_feature_isset(local->hw.wiphy,
				     NL80211_EXT_FEATURE_EXT_KEY_ID))
		return -EINVAL;

	sta = sta_info_get_bss(sdata, mac_addr);

	if (!sta)
		return -EINVAL;

	if (sta->ptk_idx == key_idx)
		return 0;

	mutex_lock(&local->key_mtx);
	key = key_mtx_dereference(local, sta->ptk[key_idx]);

	if (key && key->conf.flags & IEEE80211_KEY_FLAG_NO_AUTO_TX)
		ret = ieee80211_set_tx_key(key);

	mutex_unlock(&local->key_mtx);
	return ret;
}

385
static int ieee80211_add_key(struct wiphy *wiphy, struct net_device *dev,
386
			     u8 key_idx, bool pairwise, const u8 *mac_addr,
387
388
			     struct key_params *params)
{
389
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
390
	struct ieee80211_local *local = sdata->local;
391
	struct sta_info *sta = NULL;
392
	const struct ieee80211_cipher_scheme *cs = NULL;
393
	struct ieee80211_key *key;
394
	int err;
395

396
	if (!ieee80211_sdata_running(sdata))
Johannes Berg's avatar
Johannes Berg committed
397
398
		return -ENETDOWN;

399
400
401
	if (pairwise && params->mode == NL80211_KEY_SET_TX)
		return ieee80211_set_tx(sdata, mac_addr, key_idx);

402
	/* reject WEP and TKIP keys if WEP failed to initialize */
403
404
405
	switch (params->cipher) {
	case WLAN_CIPHER_SUITE_WEP40:
	case WLAN_CIPHER_SUITE_TKIP:
406
	case WLAN_CIPHER_SUITE_WEP104:
407
		if (WARN_ON_ONCE(fips_enabled))
408
			return -EINVAL;
409
	case WLAN_CIPHER_SUITE_CCMP:
Jouni Malinen's avatar
Jouni Malinen committed
410
	case WLAN_CIPHER_SUITE_CCMP_256:
411
	case WLAN_CIPHER_SUITE_AES_CMAC:
412
	case WLAN_CIPHER_SUITE_BIP_CMAC_256:
413
414
	case WLAN_CIPHER_SUITE_BIP_GMAC_128:
	case WLAN_CIPHER_SUITE_BIP_GMAC_256:
415
	case WLAN_CIPHER_SUITE_GCMP:
416
	case WLAN_CIPHER_SUITE_GCMP_256:
417
		break;
418
	default:
419
		cs = ieee80211_cs_get(local, params->cipher, sdata->vif.type);
420
		break;
421
422
	}

423
	key = ieee80211_key_alloc(params->cipher, key_idx, params->key_len,
424
425
				  params->key, params->seq_len, params->seq,
				  cs);
426
427
	if (IS_ERR(key))
		return PTR_ERR(key);
428

429
430
431
	if (pairwise)
		key->conf.flags |= IEEE80211_KEY_FLAG_PAIRWISE;

432
433
434
	if (params->mode == NL80211_KEY_NO_TX)
		key->conf.flags |= IEEE80211_KEY_FLAG_NO_AUTO_TX;

435
	mutex_lock(&local->sta_mtx);
436

437
	if (mac_addr) {
438
		sta = sta_info_get_bss(sdata, mac_addr);
Johannes Berg's avatar
Johannes Berg committed
439
440
441
442
443
		/*
		 * The ASSOC test makes sure the driver is ready to
		 * receive the key. When wpa_supplicant has roamed
		 * using FT, it attempts to set the key before
		 * association has completed, this rejects that attempt
444
		 * so it will set the key again after association.
Johannes Berg's avatar
Johannes Berg committed
445
446
447
448
449
		 *
		 * TODO: accept the key if we have a station entry and
		 *       add it to the device after the station.
		 */
		if (!sta || !test_sta_flag(sta, WLAN_STA_ASSOC)) {
450
			ieee80211_key_free_unused(key);
451
452
			err = -ENOENT;
			goto out_unlock;
453
		}
454
455
	}

456
457
458
459
460
461
462
463
	switch (sdata->vif.type) {
	case NL80211_IFTYPE_STATION:
		if (sdata->u.mgd.mfp != IEEE80211_MFP_DISABLED)
			key->conf.flags |= IEEE80211_KEY_FLAG_RX_MGMT;
		break;
	case NL80211_IFTYPE_AP:
	case NL80211_IFTYPE_AP_VLAN:
		/* Keys without a station are used for TX only */
464
		if (sta && test_sta_flag(sta, WLAN_STA_MFP))
465
466
467
468
469
470
471
472
473
474
475
476
477
478
			key->conf.flags |= IEEE80211_KEY_FLAG_RX_MGMT;
		break;
	case NL80211_IFTYPE_ADHOC:
		/* no MFP (yet) */
		break;
	case NL80211_IFTYPE_MESH_POINT:
#ifdef CONFIG_MAC80211_MESH
		if (sdata->u.mesh.security != IEEE80211_MESH_SEC_NONE)
			key->conf.flags |= IEEE80211_KEY_FLAG_RX_MGMT;
		break;
#endif
	case NL80211_IFTYPE_WDS:
	case NL80211_IFTYPE_MONITOR:
	case NL80211_IFTYPE_P2P_DEVICE:
479
	case NL80211_IFTYPE_NAN:
480
481
482
483
	case NL80211_IFTYPE_UNSPECIFIED:
	case NUM_NL80211_IFTYPES:
	case NL80211_IFTYPE_P2P_CLIENT:
	case NL80211_IFTYPE_P2P_GO:
484
	case NL80211_IFTYPE_OCB:
485
486
487
488
489
		/* shouldn't happen */
		WARN_ON_ONCE(1);
		break;
	}

490
491
492
	if (sta)
		sta->cipher_scheme = cs;

493
	err = ieee80211_key_link(key, sdata, sta);
494

495
 out_unlock:
496
	mutex_unlock(&local->sta_mtx);
497
498

	return err;
499
500
501
}

static int ieee80211_del_key(struct wiphy *wiphy, struct net_device *dev,
502
			     u8 key_idx, bool pairwise, const u8 *mac_addr)
503
{
504
505
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
	struct ieee80211_local *local = sdata->local;
506
	struct sta_info *sta;
507
	struct ieee80211_key *key = NULL;
508
509
	int ret;

510
511
	mutex_lock(&local->sta_mtx);
	mutex_lock(&local->key_mtx);
512

513
	if (mac_addr) {
514
515
		ret = -ENOENT;

516
		sta = sta_info_get_bss(sdata, mac_addr);
517
		if (!sta)
518
			goto out_unlock;
519

520
		if (pairwise)
521
			key = key_mtx_dereference(local, sta->ptk[key_idx]);
522
		else
523
			key = key_mtx_dereference(local, sta->gtk[key_idx]);
524
	} else
525
		key = key_mtx_dereference(local, sdata->keys[key_idx]);
526

527
	if (!key) {
528
529
530
		ret = -ENOENT;
		goto out_unlock;
	}
531

532
	ieee80211_key_free(key, sdata->vif.type == NL80211_IFTYPE_STATION);
533

534
535
	ret = 0;
 out_unlock:
536
537
	mutex_unlock(&local->key_mtx);
	mutex_unlock(&local->sta_mtx);
538
539

	return ret;
540
541
}

542
static int ieee80211_get_key(struct wiphy *wiphy, struct net_device *dev,
543
544
			     u8 key_idx, bool pairwise, const u8 *mac_addr,
			     void *cookie,
545
546
547
			     void (*callback)(void *cookie,
					      struct key_params *params))
{
548
	struct ieee80211_sub_if_data *sdata;
549
550
551
	struct sta_info *sta = NULL;
	u8 seq[6] = {0};
	struct key_params params;
552
	struct ieee80211_key *key = NULL;
Johannes Berg's avatar
Johannes Berg committed
553
	u64 pn64;
554
555
556
	u32 iv32;
	u16 iv16;
	int err = -ENOENT;
557
	struct ieee80211_key_seq kseq = {};
558

559
560
	sdata = IEEE80211_DEV_TO_SUB_IF(dev);

561
562
	rcu_read_lock();

563
	if (mac_addr) {
564
		sta = sta_info_get_bss(sdata, mac_addr);
565
566
567
		if (!sta)
			goto out;

568
		if (pairwise && key_idx < NUM_DEFAULT_KEYS)
569
			key = rcu_dereference(sta->ptk[key_idx]);
570
571
		else if (!pairwise &&
			 key_idx < NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS)
Johannes Berg's avatar
Johannes Berg committed
572
			key = rcu_dereference(sta->gtk[key_idx]);
573
	} else
Johannes Berg's avatar
Johannes Berg committed
574
		key = rcu_dereference(sdata->keys[key_idx]);
575
576
577
578
579
580

	if (!key)
		goto out;

	memset(&params, 0, sizeof(params));

581
	params.cipher = key->conf.cipher;
582

583
584
	switch (key->conf.cipher) {
	case WLAN_CIPHER_SUITE_TKIP:
585
586
587
		pn64 = atomic64_read(&key->conf.tx_pn);
		iv32 = TKIP_PN_TO_IV32(pn64);
		iv16 = TKIP_PN_TO_IV16(pn64);
588

589
590
591
592
593
594
		if (key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE &&
		    !(key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV)) {
			drv_get_key_seq(sdata->local, key, &kseq);
			iv32 = kseq.tkip.iv32;
			iv16 = kseq.tkip.iv16;
		}
595
596
597
598
599
600
601
602
603
604

		seq[0] = iv16 & 0xff;
		seq[1] = (iv16 >> 8) & 0xff;
		seq[2] = iv32 & 0xff;
		seq[3] = (iv32 >> 8) & 0xff;
		seq[4] = (iv32 >> 16) & 0xff;
		seq[5] = (iv32 >> 24) & 0xff;
		params.seq = seq;
		params.seq_len = 6;
		break;
605
	case WLAN_CIPHER_SUITE_CCMP:
Jouni Malinen's avatar
Jouni Malinen committed
606
	case WLAN_CIPHER_SUITE_CCMP_256:
607
	case WLAN_CIPHER_SUITE_AES_CMAC:
608
	case WLAN_CIPHER_SUITE_BIP_CMAC_256:
609
610
		BUILD_BUG_ON(offsetof(typeof(kseq), ccmp) !=
			     offsetof(typeof(kseq), aes_cmac));
611
		/* fall through */
612
613
	case WLAN_CIPHER_SUITE_BIP_GMAC_128:
	case WLAN_CIPHER_SUITE_BIP_GMAC_256:
614
615
		BUILD_BUG_ON(offsetof(typeof(kseq), ccmp) !=
			     offsetof(typeof(kseq), aes_gmac));
616
		/* fall through */
617
618
	case WLAN_CIPHER_SUITE_GCMP:
	case WLAN_CIPHER_SUITE_GCMP_256:
619
620
621
		BUILD_BUG_ON(offsetof(typeof(kseq), ccmp) !=
			     offsetof(typeof(kseq), gcmp));

622
623
624
		if (key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE &&
		    !(key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV)) {
			drv_get_key_seq(sdata->local, key, &kseq);
625
			memcpy(seq, kseq.ccmp.pn, 6);
626
		} else {
627
			pn64 = atomic64_read(&key->conf.tx_pn);
628
629
630
631
632
633
634
			seq[0] = pn64;
			seq[1] = pn64 >> 8;
			seq[2] = pn64 >> 16;
			seq[3] = pn64 >> 24;
			seq[4] = pn64 >> 32;
			seq[5] = pn64 >> 40;
		}
635
636
637
		params.seq = seq;
		params.seq_len = 6;
		break;
638
639
640
641
642
643
644
645
646
	default:
		if (!(key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE))
			break;
		if (WARN_ON(key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV))
			break;
		drv_get_key_seq(sdata->local, key, &kseq);
		params.seq = kseq.hw.seq;
		params.seq_len = kseq.hw.seq_len;
		break;
647
648
649
650
651
652
653
654
655
	}

	params.key = key->conf.key;
	params.key_len = key->conf.keylen;

	callback(cookie, &params);
	err = 0;

 out:
656
	rcu_read_unlock();
657
658
659
	return err;
}

660
661
static int ieee80211_config_default_key(struct wiphy *wiphy,
					struct net_device *dev,
662
663
					u8 key_idx, bool uni,
					bool multi)
664
{
Johannes Berg's avatar
Johannes Berg committed
665
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
666

667
	ieee80211_set_default_key(sdata, key_idx, uni, multi);
668
669
670
671

	return 0;
}

672
673
674
675
static int ieee80211_config_default_mgmt_key(struct wiphy *wiphy,
					     struct net_device *dev,
					     u8 key_idx)
{
676
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
677
678
679
680
681
682

	ieee80211_set_default_mgmt_key(sdata, key_idx);

	return 0;
}

683
684
685
686
687
void sta_set_rate_info_tx(struct sta_info *sta,
			  const struct ieee80211_tx_rate *rate,
			  struct rate_info *rinfo)
{
	rinfo->flags = 0;
688
	if (rate->flags & IEEE80211_TX_RC_MCS) {
689
		rinfo->flags |= RATE_INFO_FLAGS_MCS;
690
691
692
693
694
695
696
		rinfo->mcs = rate->idx;
	} else if (rate->flags & IEEE80211_TX_RC_VHT_MCS) {
		rinfo->flags |= RATE_INFO_FLAGS_VHT_MCS;
		rinfo->mcs = ieee80211_rate_get_vht_mcs(rate);
		rinfo->nss = ieee80211_rate_get_vht_nss(rate);
	} else {
		struct ieee80211_supported_band *sband;
697
698
699
		int shift = ieee80211_vif_get_shift(&sta->sdata->vif);
		u16 brate;

700
701
702
703
704
		sband = ieee80211_get_sband(sta->sdata);
		if (sband) {
			brate = sband->bitrates[rate->idx].bitrate;
			rinfo->legacy = DIV_ROUND_UP(brate, 1 << shift);
		}
705
	}
706
	if (rate->flags & IEEE80211_TX_RC_40_MHZ_WIDTH)
707
708
709
710
711
712
713
		rinfo->bw = RATE_INFO_BW_40;
	else if (rate->flags & IEEE80211_TX_RC_80_MHZ_WIDTH)
		rinfo->bw = RATE_INFO_BW_80;
	else if (rate->flags & IEEE80211_TX_RC_160_MHZ_WIDTH)
		rinfo->bw = RATE_INFO_BW_160;
	else
		rinfo->bw = RATE_INFO_BW_20;
714
715
716
717
	if (rate->flags & IEEE80211_TX_RC_SHORT_GI)
		rinfo->flags |= RATE_INFO_FLAGS_SHORT_GI;
}

718
static int ieee80211_dump_station(struct wiphy *wiphy, struct net_device *dev,
719
				  int idx, u8 *mac, struct station_info *sinfo)
720
{
721
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
722
	struct ieee80211_local *local = sdata->local;
723
	struct sta_info *sta;
724
725
	int ret = -ENOENT;

726
	mutex_lock(&local->sta_mtx);
727

728
	sta = sta_info_get_by_idx(sdata, idx);
729
730
	if (sta) {
		ret = 0;
731
		memcpy(mac, sta->sta.addr, ETH_ALEN);
732
		sta_set_sinfo(sta, sinfo, true);
733
	}
734

735
	mutex_unlock(&local->sta_mtx);
736

737
	return ret;
738
739
}

740
741
742
743
744
745
746
747
static int ieee80211_dump_survey(struct wiphy *wiphy, struct net_device *dev,
				 int idx, struct survey_info *survey)
{
	struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);

	return drv_get_survey(local, idx, survey);
}

748
static int ieee80211_get_station(struct wiphy *wiphy, struct net_device *dev,
749
				 const u8 *mac, struct station_info *sinfo)
750
{
751
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
752
	struct ieee80211_local *local = sdata->local;
753
	struct sta_info *sta;
754
	int ret = -ENOENT;
755

756
	mutex_lock(&local->sta_mtx);
757

758
	sta = sta_info_get_bss(sdata, mac);
759
760
	if (sta) {
		ret = 0;
761
		sta_set_sinfo(sta, sinfo, true);
762
763
	}

764
	mutex_unlock(&local->sta_mtx);
765
766

	return ret;
767
768
}

Johannes Berg's avatar
Johannes Berg committed
769
static int ieee80211_set_monitor_channel(struct wiphy *wiphy,
770
					 struct cfg80211_chan_def *chandef)
771
772
{
	struct ieee80211_local *local = wiphy_priv(wiphy);
Johannes Berg's avatar
Johannes Berg committed
773
774
	struct ieee80211_sub_if_data *sdata;
	int ret = 0;
775

776
	if (cfg80211_chandef_identical(&local->monitor_chandef, chandef))
Johannes Berg's avatar
Johannes Berg committed
777
		return 0;
778

779
	mutex_lock(&local->mtx);
Johannes Berg's avatar
Johannes Berg committed
780
	if (local->use_chanctx) {
781
		sdata = rtnl_dereference(local->monitor_sdata);
Johannes Berg's avatar
Johannes Berg committed
782
783
		if (sdata) {
			ieee80211_vif_release_channel(sdata);
784
			ret = ieee80211_vif_use_channel(sdata, chandef,
Johannes Berg's avatar
Johannes Berg committed
785
786
787
					IEEE80211_CHANCTX_EXCLUSIVE);
		}
	} else if (local->open_count == local->monitors) {
788
		local->_oper_chandef = *chandef;
Johannes Berg's avatar
Johannes Berg committed
789
790
		ieee80211_hw_config(local, 0);
	}
791

792
793
	if (ret == 0)
		local->monitor_chandef = *chandef;
794
	mutex_unlock(&local->mtx);
795

Johannes Berg's avatar
Johannes Berg committed
796
	return ret;
797
798
}

799
static int ieee80211_set_probe_resp(struct ieee80211_sub_if_data *sdata,
800
801
				    const u8 *resp, size_t resp_len,
				    const struct ieee80211_csa_settings *csa)
802
{
803
	struct probe_resp *new, *old;
804
805

	if (!resp || !resp_len)
806
		return 1;
807

808
	old = sdata_dereference(sdata->u.ap.probe_resp, sdata);
809

810
	new = kzalloc(sizeof(struct probe_resp) + resp_len, GFP_KERNEL);
811
812
813
	if (!new)
		return -ENOMEM;

814
815
	new->len = resp_len;
	memcpy(new->data, resp, resp_len);
816

817
818
819
820
821
	if (csa)
		memcpy(new->csa_counter_offsets, csa->counter_offsets_presp,
		       csa->n_counter_offsets_presp *
		       sizeof(new->csa_counter_offsets[0]));

822
	rcu_assign_pointer(sdata->u.ap.probe_resp, new);
823
824
	if (old)
		kfree_rcu(old, rcu_head);
825
826
827
828

	return 0;
}

829
830
831
832
833
834
835
836
837
838
static int ieee80211_set_ftm_responder_params(
				struct ieee80211_sub_if_data *sdata,
				const u8 *lci, size_t lci_len,
				const u8 *civicloc, size_t civicloc_len)
{
	struct ieee80211_ftm_responder_params *new, *old;
	struct ieee80211_bss_conf *bss_conf;
	u8 *pos;
	int len;

839
840
	if (!lci_len && !civicloc_len)
		return 0;
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870

	bss_conf = &sdata->vif.bss_conf;
	old = bss_conf->ftmr_params;
	len = lci_len + civicloc_len;

	new = kzalloc(sizeof(*new) + len, GFP_KERNEL);
	if (!new)
		return -ENOMEM;

	pos = (u8 *)(new + 1);
	if (lci_len) {
		new->lci_len = lci_len;
		new->lci = pos;
		memcpy(pos, lci, lci_len);
		pos += lci_len;
	}

	if (civicloc_len) {
		new->civicloc_len = civicloc_len;
		new->civicloc = pos;
		memcpy(pos, civicloc, civicloc_len);
		pos += civicloc_len;
	}

	bss_conf->ftmr_params = new;
	kfree(old);

	return 0;
}

871
static int ieee80211_assign_beacon(struct ieee80211_sub_if_data *sdata,
872
873
				   struct cfg80211_beacon_data *params,
				   const struct ieee80211_csa_settings *csa)
874
875
876
{
	struct beacon_data *new, *old;
	int new_head_len, new_tail_len;
877
878
	int size, err;
	u32 changed = BSS_CHANGED_BEACON;
879

880
881
	old = sdata_dereference(sdata->u.ap.beacon, sdata);

882
883
884

	/* Need to have a beacon head if we don't have one yet */
	if (!params->head && !old)
885
		return -EINVAL;
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916

	/* new or old head? */
	if (params->head)
		new_head_len = params->head_len;
	else
		new_head_len = old->head_len;

	/* new or old tail? */
	if (params->tail || !old)
		/* params->tail_len will be zero for !params->tail */
		new_tail_len = params->tail_len;
	else
		new_tail_len = old->tail_len;

	size = sizeof(*new) + new_head_len + new_tail_len;

	new = kzalloc(size, GFP_KERNEL);
	if (!new)
		return -ENOMEM;

	/* start filling the new info now */

	/*
	 * pointers go into the block we allocated,
	 * memory is | beacon_data | head | tail |
	 */
	new->head = ((u8 *) new) + sizeof(*new);
	new->tail = new->head + new_head_len;
	new->head_len = new_head_len;
	new->tail_len = new_tail_len;

917
918
919
920
921
922
923
	if (csa) {
		new->csa_current_counter = csa->count;
		memcpy(new->csa_counter_offsets, csa->counter_offsets_beacon,
		       csa->n_counter_offsets_beacon *
		       sizeof(new->csa_counter_offsets[0]));
	}

924
925
926
927
928
929
930
931
932
933
934
935
936
	/* copy in head */
	if (params->head)
		memcpy(new->head, params->head, new_head_len);
	else
		memcpy(new->head, old->head, new_head_len);

	/* copy in optional tail */
	if (params->tail)
		memcpy(new->tail, params->tail, new_tail_len);
	else
		if (old)
			memcpy(new->tail, old->tail, new_tail_len);

937
	err = ieee80211_set_probe_resp(sdata, params->probe_resp,
938
				       params->probe_resp_len, csa);
939
940
	if (err < 0) {
		kfree(new);
941
		return err;
942
	}
943
	if (err == 0)
944
945
		changed |= BSS_CHANGED_AP_PROBE_RESP;

946
947
948
949
950
951
952
953
	if (params->ftm_responder != -1) {
		sdata->vif.bss_conf.ftm_responder = params->ftm_responder;
		err = ieee80211_set_ftm_responder_params(sdata,
							 params->lci,
							 params->lci_len,
							 params->civicloc,
							 params->civicloc_len);

954
955
		if (err < 0) {
			kfree(new);
956
			return err;
957
		}
958
959
960
961

		changed |= BSS_CHANGED_FTM_RESPONDER;
	}

962
963
964
965
	rcu_assign_pointer(sdata->u.ap.beacon, new);

	if (old)
		kfree_rcu(old, rcu_head);
966

967
	return changed;
968
969
}

970
971
static int ieee80211_start_ap(struct wiphy *wiphy, struct net_device *dev,
			      struct cfg80211_ap_settings *params)
972
{
973
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
974
	struct ieee80211_local *local = sdata->local;
975
	struct beacon_data *old;
976
	struct ieee80211_sub_if_data *vlan;
977
978
979
	u32 changed = BSS_CHANGED_BEACON_INT |
		      BSS_CHANGED_BEACON_ENABLED |
		      BSS_CHANGED_BEACON |
980
		      BSS_CHANGED_SSID |
981
		      BSS_CHANGED_P2P_PS |
982
983
		      BSS_CHANGED_TXPOWER |
		      BSS_CHANGED_TWT;
984
	int err;
985
	int prev_beacon_int;
986

987
	old = sdata_dereference(sdata->u.ap.beacon, sdata);
988
989
990
	if (old)
		return -EALREADY;

991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
	switch (params->smps_mode) {
	case NL80211_SMPS_OFF:
		sdata->smps_mode = IEEE80211_SMPS_OFF;
		break;
	case NL80211_SMPS_STATIC:
		sdata->smps_mode = IEEE80211_SMPS_STATIC;
		break;
	case NL80211_SMPS_DYNAMIC:
		sdata->smps_mode = IEEE80211_SMPS_DYNAMIC;
		break;
	default:
		return -EINVAL;
	}
1004
1005
	sdata->u.ap.req_smps = sdata->smps_mode;

1006
1007
	sdata->needed_rx_chains = sdata->local->rx_chains;

1008
	prev_beacon_int = sdata->vif.bss_conf.beacon_int;
1009
1010
	sdata->vif.bss_conf.beacon_int = params->beacon_interval;

1011
1012
1013
	if (params->he_cap)
		sdata->vif.bss_conf.he_support = true;

1014
	mutex_lock(&local->mtx);
1015
	err = ieee80211_vif_use_channel(sdata, &params->chandef,
Johannes Berg's avatar
Johannes Berg committed
1016
					IEEE80211_CHANCTX_SHARED);
1017
1018
	if (!err)
		ieee80211_vif_copy_chanctx_to_vlans(sdata, false);
1019
	mutex_unlock(&local->mtx);
1020
1021
	if (err) {
		sdata->vif.bss_conf.beacon_int = prev_beacon_int;
1022
		return err;
1023
	}
1024

1025
1026
1027
1028
1029
1030
	/*
	 * Apply control port protocol, this allows us to
	 * not encrypt dynamic WEP control frames.
	 */
	sdata->control_port_protocol = params->crypto.control_port_ethertype;
	sdata->control_port_no_encrypt = params->crypto.control_port_no_encrypt;
1031
1032
	sdata->control_port_over_nl80211 =
				params->crypto.control_port_over_nl80211;
1033
1034
1035
1036
	sdata->encrypt_headroom = ieee80211_cs_headroom(sdata->local,
							&params->crypto,
							sdata->vif.type);

1037
1038
1039
1040
1041
	list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list) {
		vlan->control_port_protocol =
			params->crypto.control_port_ethertype;
		vlan->control_port_no_encrypt =
			params->crypto.control_port_no_encrypt;
1042
1043
		vlan->control_port_over_nl80211 =
			params->crypto.control_port_over_nl80211;
1044
1045
1046
1047
		vlan->encrypt_headroom =
			ieee80211_cs_headroom(sdata->local,
					      &params->crypto,
					      vlan->vif.type);
1048
1049
	}

1050
	sdata->vif.bss_conf.dtim_period = params->dtim_period;
1051
	sdata->vif.bss_conf.enable_beacon = true;
1052
	sdata->vif.bss_conf.allow_p2p_go_ps = sdata->vif.p2p;
1053
	sdata->vif.bss_conf.twt_responder = params->twt_responder;
1054
1055
1056
1057
1058
1059
1060
1061

	sdata->vif.bss_conf.ssid_len = params->ssid_len;
	if (params->ssid_len)
		memcpy(sdata->vif.bss_conf.ssid, params->ssid,
		       params->ssid_len);
	sdata->vif.bss_conf.hidden_ssid =
		(params->hidden_ssid != NL80211_HIDDEN_SSID_NOT_IN_USE);

1062
1063
1064
1065
1066
1067
1068
	memset(&sdata->vif.bss_conf.p2p_noa_attr, 0,
	       sizeof(sdata->vif.bss_conf.p2p_noa_attr));
	sdata->vif.bss_conf.p2p_noa_attr.oppps_ctwindow =
		params->p2p_ctwindow & IEEE80211_P2P_OPPPS_CTWINDOW_MASK;
	if (params->p2p_opp_ps)
		sdata->vif.bss_conf.p2p_noa_attr.oppps_ctwindow |=
					IEEE80211_P2P_OPPPS_ENABLE_BIT;
1069

1070
	err = ieee80211_assign_beacon(sdata, &params->beacon, NULL);
1071
1072
	if (err < 0) {
		ieee80211_vif_release_channel(sdata);
1073
		return err;
1074
	}
1075
1076
	changed |= err;

1077
1078
	err = drv_start_ap(sdata->lo