]> Pileus Git - ~andy/linux/blob - net/wireless/sme.c
Merge branch 'x86-mm-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git...
[~andy/linux] / net / wireless / sme.c
1 /*
2  * SME code for cfg80211's connect emulation.
3  *
4  * Copyright 2009       Johannes Berg <johannes@sipsolutions.net>
5  * Copyright (C) 2009   Intel Corporation. All rights reserved.
6  */
7
8 #include <linux/etherdevice.h>
9 #include <linux/if_arp.h>
10 #include <linux/slab.h>
11 #include <linux/workqueue.h>
12 #include <linux/wireless.h>
13 #include <linux/export.h>
14 #include <net/iw_handler.h>
15 #include <net/cfg80211.h>
16 #include <net/rtnetlink.h>
17 #include "nl80211.h"
18 #include "reg.h"
19
20 struct cfg80211_conn {
21         struct cfg80211_connect_params params;
22         /* these are sub-states of the _CONNECTING sme_state */
23         enum {
24                 CFG80211_CONN_IDLE,
25                 CFG80211_CONN_SCANNING,
26                 CFG80211_CONN_SCAN_AGAIN,
27                 CFG80211_CONN_AUTHENTICATE_NEXT,
28                 CFG80211_CONN_AUTHENTICATING,
29                 CFG80211_CONN_ASSOCIATE_NEXT,
30                 CFG80211_CONN_ASSOCIATING,
31                 CFG80211_CONN_DEAUTH_ASSOC_FAIL,
32         } state;
33         u8 bssid[ETH_ALEN], prev_bssid[ETH_ALEN];
34         u8 *ie;
35         size_t ie_len;
36         bool auto_auth, prev_bssid_valid;
37 };
38
39 static bool cfg80211_is_all_idle(void)
40 {
41         struct cfg80211_registered_device *rdev;
42         struct wireless_dev *wdev;
43         bool is_all_idle = true;
44
45         mutex_lock(&cfg80211_mutex);
46
47         /*
48          * All devices must be idle as otherwise if you are actively
49          * scanning some new beacon hints could be learned and would
50          * count as new regulatory hints.
51          */
52         list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
53                 cfg80211_lock_rdev(rdev);
54                 list_for_each_entry(wdev, &rdev->netdev_list, list) {
55                         wdev_lock(wdev);
56                         if (wdev->sme_state != CFG80211_SME_IDLE)
57                                 is_all_idle = false;
58                         wdev_unlock(wdev);
59                 }
60                 cfg80211_unlock_rdev(rdev);
61         }
62
63         mutex_unlock(&cfg80211_mutex);
64
65         return is_all_idle;
66 }
67
68 static void disconnect_work(struct work_struct *work)
69 {
70         if (!cfg80211_is_all_idle())
71                 return;
72
73         regulatory_hint_disconnect();
74 }
75
76 static DECLARE_WORK(cfg80211_disconnect_work, disconnect_work);
77
78 static int cfg80211_conn_scan(struct wireless_dev *wdev)
79 {
80         struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy);
81         struct cfg80211_scan_request *request;
82         int n_channels, err;
83
84         ASSERT_RTNL();
85         ASSERT_RDEV_LOCK(rdev);
86         ASSERT_WDEV_LOCK(wdev);
87
88         if (rdev->scan_req)
89                 return -EBUSY;
90
91         if (wdev->conn->params.channel) {
92                 n_channels = 1;
93         } else {
94                 enum ieee80211_band band;
95                 n_channels = 0;
96
97                 for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
98                         if (!wdev->wiphy->bands[band])
99                                 continue;
100                         n_channels += wdev->wiphy->bands[band]->n_channels;
101                 }
102         }
103         request = kzalloc(sizeof(*request) + sizeof(request->ssids[0]) +
104                           sizeof(request->channels[0]) * n_channels,
105                           GFP_KERNEL);
106         if (!request)
107                 return -ENOMEM;
108
109         if (wdev->conn->params.channel)
110                 request->channels[0] = wdev->conn->params.channel;
111         else {
112                 int i = 0, j;
113                 enum ieee80211_band band;
114                 struct ieee80211_supported_band *bands;
115                 struct ieee80211_channel *channel;
116
117                 for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
118                         bands = wdev->wiphy->bands[band];
119                         if (!bands)
120                                 continue;
121                         for (j = 0; j < bands->n_channels; j++) {
122                                 channel = &bands->channels[j];
123                                 if (channel->flags & IEEE80211_CHAN_DISABLED)
124                                         continue;
125                                 request->channels[i++] = channel;
126                         }
127                         request->rates[band] = (1 << bands->n_bitrates) - 1;
128                 }
129                 n_channels = i;
130         }
131         request->n_channels = n_channels;
132         request->ssids = (void *)&request->channels[n_channels];
133         request->n_ssids = 1;
134
135         memcpy(request->ssids[0].ssid, wdev->conn->params.ssid,
136                 wdev->conn->params.ssid_len);
137         request->ssids[0].ssid_len = wdev->conn->params.ssid_len;
138
139         request->dev = wdev->netdev;
140         request->wiphy = &rdev->wiphy;
141
142         rdev->scan_req = request;
143
144         err = rdev->ops->scan(wdev->wiphy, wdev->netdev, request);
145         if (!err) {
146                 wdev->conn->state = CFG80211_CONN_SCANNING;
147                 nl80211_send_scan_start(rdev, wdev->netdev);
148                 dev_hold(wdev->netdev);
149         } else {
150                 rdev->scan_req = NULL;
151                 kfree(request);
152         }
153         return err;
154 }
155
156 static int cfg80211_conn_do_work(struct wireless_dev *wdev)
157 {
158         struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy);
159         struct cfg80211_connect_params *params;
160         const u8 *prev_bssid = NULL;
161         int err;
162
163         ASSERT_WDEV_LOCK(wdev);
164
165         if (!wdev->conn)
166                 return 0;
167
168         params = &wdev->conn->params;
169
170         switch (wdev->conn->state) {
171         case CFG80211_CONN_SCAN_AGAIN:
172                 return cfg80211_conn_scan(wdev);
173         case CFG80211_CONN_AUTHENTICATE_NEXT:
174                 BUG_ON(!rdev->ops->auth);
175                 wdev->conn->state = CFG80211_CONN_AUTHENTICATING;
176                 return __cfg80211_mlme_auth(rdev, wdev->netdev,
177                                             params->channel, params->auth_type,
178                                             params->bssid,
179                                             params->ssid, params->ssid_len,
180                                             NULL, 0,
181                                             params->key, params->key_len,
182                                             params->key_idx, false);
183         case CFG80211_CONN_ASSOCIATE_NEXT:
184                 BUG_ON(!rdev->ops->assoc);
185                 wdev->conn->state = CFG80211_CONN_ASSOCIATING;
186                 if (wdev->conn->prev_bssid_valid)
187                         prev_bssid = wdev->conn->prev_bssid;
188                 err = __cfg80211_mlme_assoc(rdev, wdev->netdev,
189                                             params->channel, params->bssid,
190                                             prev_bssid,
191                                             params->ssid, params->ssid_len,
192                                             params->ie, params->ie_len,
193                                             false, &params->crypto,
194                                             params->flags, &params->ht_capa,
195                                             &params->ht_capa_mask);
196                 if (err)
197                         __cfg80211_mlme_deauth(rdev, wdev->netdev, params->bssid,
198                                                NULL, 0,
199                                                WLAN_REASON_DEAUTH_LEAVING,
200                                                false);
201                 return err;
202         case CFG80211_CONN_DEAUTH_ASSOC_FAIL:
203                 __cfg80211_mlme_deauth(rdev, wdev->netdev, params->bssid,
204                                        NULL, 0,
205                                        WLAN_REASON_DEAUTH_LEAVING, false);
206                 /* return an error so that we call __cfg80211_connect_result() */
207                 return -EINVAL;
208         default:
209                 return 0;
210         }
211 }
212
213 void cfg80211_conn_work(struct work_struct *work)
214 {
215         struct cfg80211_registered_device *rdev =
216                 container_of(work, struct cfg80211_registered_device, conn_work);
217         struct wireless_dev *wdev;
218         u8 bssid_buf[ETH_ALEN], *bssid = NULL;
219
220         rtnl_lock();
221         cfg80211_lock_rdev(rdev);
222         mutex_lock(&rdev->devlist_mtx);
223
224         list_for_each_entry(wdev, &rdev->netdev_list, list) {
225                 wdev_lock(wdev);
226                 if (!netif_running(wdev->netdev)) {
227                         wdev_unlock(wdev);
228                         continue;
229                 }
230                 if (wdev->sme_state != CFG80211_SME_CONNECTING) {
231                         wdev_unlock(wdev);
232                         continue;
233                 }
234                 if (wdev->conn->params.bssid) {
235                         memcpy(bssid_buf, wdev->conn->params.bssid, ETH_ALEN);
236                         bssid = bssid_buf;
237                 }
238                 if (cfg80211_conn_do_work(wdev))
239                         __cfg80211_connect_result(
240                                         wdev->netdev, bssid,
241                                         NULL, 0, NULL, 0,
242                                         WLAN_STATUS_UNSPECIFIED_FAILURE,
243                                         false, NULL);
244                 wdev_unlock(wdev);
245         }
246
247         mutex_unlock(&rdev->devlist_mtx);
248         cfg80211_unlock_rdev(rdev);
249         rtnl_unlock();
250 }
251
252 static struct cfg80211_bss *cfg80211_get_conn_bss(struct wireless_dev *wdev)
253 {
254         struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy);
255         struct cfg80211_bss *bss;
256         u16 capa = WLAN_CAPABILITY_ESS;
257
258         ASSERT_WDEV_LOCK(wdev);
259
260         if (wdev->conn->params.privacy)
261                 capa |= WLAN_CAPABILITY_PRIVACY;
262
263         bss = cfg80211_get_bss(wdev->wiphy, wdev->conn->params.channel,
264                                wdev->conn->params.bssid,
265                                wdev->conn->params.ssid,
266                                wdev->conn->params.ssid_len,
267                                WLAN_CAPABILITY_ESS | WLAN_CAPABILITY_PRIVACY,
268                                capa);
269         if (!bss)
270                 return NULL;
271
272         memcpy(wdev->conn->bssid, bss->bssid, ETH_ALEN);
273         wdev->conn->params.bssid = wdev->conn->bssid;
274         wdev->conn->params.channel = bss->channel;
275         wdev->conn->state = CFG80211_CONN_AUTHENTICATE_NEXT;
276         schedule_work(&rdev->conn_work);
277
278         return bss;
279 }
280
281 static void __cfg80211_sme_scan_done(struct net_device *dev)
282 {
283         struct wireless_dev *wdev = dev->ieee80211_ptr;
284         struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy);
285         struct cfg80211_bss *bss;
286
287         ASSERT_WDEV_LOCK(wdev);
288
289         if (wdev->sme_state != CFG80211_SME_CONNECTING)
290                 return;
291
292         if (!wdev->conn)
293                 return;
294
295         if (wdev->conn->state != CFG80211_CONN_SCANNING &&
296             wdev->conn->state != CFG80211_CONN_SCAN_AGAIN)
297                 return;
298
299         bss = cfg80211_get_conn_bss(wdev);
300         if (bss) {
301                 cfg80211_put_bss(bss);
302         } else {
303                 /* not found */
304                 if (wdev->conn->state == CFG80211_CONN_SCAN_AGAIN)
305                         schedule_work(&rdev->conn_work);
306                 else
307                         __cfg80211_connect_result(
308                                         wdev->netdev,
309                                         wdev->conn->params.bssid,
310                                         NULL, 0, NULL, 0,
311                                         WLAN_STATUS_UNSPECIFIED_FAILURE,
312                                         false, NULL);
313         }
314 }
315
316 void cfg80211_sme_scan_done(struct net_device *dev)
317 {
318         struct wireless_dev *wdev = dev->ieee80211_ptr;
319
320         mutex_lock(&wiphy_to_dev(wdev->wiphy)->devlist_mtx);
321         wdev_lock(wdev);
322         __cfg80211_sme_scan_done(dev);
323         wdev_unlock(wdev);
324         mutex_unlock(&wiphy_to_dev(wdev->wiphy)->devlist_mtx);
325 }
326
327 void cfg80211_sme_rx_auth(struct net_device *dev,
328                           const u8 *buf, size_t len)
329 {
330         struct wireless_dev *wdev = dev->ieee80211_ptr;
331         struct wiphy *wiphy = wdev->wiphy;
332         struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
333         struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)buf;
334         u16 status_code = le16_to_cpu(mgmt->u.auth.status_code);
335
336         ASSERT_WDEV_LOCK(wdev);
337
338         /* should only RX auth frames when connecting */
339         if (wdev->sme_state != CFG80211_SME_CONNECTING)
340                 return;
341
342         if (WARN_ON(!wdev->conn))
343                 return;
344
345         if (status_code == WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG &&
346             wdev->conn->auto_auth &&
347             wdev->conn->params.auth_type != NL80211_AUTHTYPE_NETWORK_EAP) {
348                 /* select automatically between only open, shared, leap */
349                 switch (wdev->conn->params.auth_type) {
350                 case NL80211_AUTHTYPE_OPEN_SYSTEM:
351                         if (wdev->connect_keys)
352                                 wdev->conn->params.auth_type =
353                                         NL80211_AUTHTYPE_SHARED_KEY;
354                         else
355                                 wdev->conn->params.auth_type =
356                                         NL80211_AUTHTYPE_NETWORK_EAP;
357                         break;
358                 case NL80211_AUTHTYPE_SHARED_KEY:
359                         wdev->conn->params.auth_type =
360                                 NL80211_AUTHTYPE_NETWORK_EAP;
361                         break;
362                 default:
363                         /* huh? */
364                         wdev->conn->params.auth_type =
365                                 NL80211_AUTHTYPE_OPEN_SYSTEM;
366                         break;
367                 }
368                 wdev->conn->state = CFG80211_CONN_AUTHENTICATE_NEXT;
369                 schedule_work(&rdev->conn_work);
370         } else if (status_code != WLAN_STATUS_SUCCESS) {
371                 __cfg80211_connect_result(dev, mgmt->bssid, NULL, 0, NULL, 0,
372                                           status_code, false, NULL);
373         } else if (wdev->sme_state == CFG80211_SME_CONNECTING &&
374                  wdev->conn->state == CFG80211_CONN_AUTHENTICATING) {
375                 wdev->conn->state = CFG80211_CONN_ASSOCIATE_NEXT;
376                 schedule_work(&rdev->conn_work);
377         }
378 }
379
380 bool cfg80211_sme_failed_reassoc(struct wireless_dev *wdev)
381 {
382         struct wiphy *wiphy = wdev->wiphy;
383         struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
384
385         if (WARN_ON(!wdev->conn))
386                 return false;
387
388         if (!wdev->conn->prev_bssid_valid)
389                 return false;
390
391         /*
392          * Some stupid APs don't accept reassoc, so we
393          * need to fall back to trying regular assoc.
394          */
395         wdev->conn->prev_bssid_valid = false;
396         wdev->conn->state = CFG80211_CONN_ASSOCIATE_NEXT;
397         schedule_work(&rdev->conn_work);
398
399         return true;
400 }
401
402 void cfg80211_sme_failed_assoc(struct wireless_dev *wdev)
403 {
404         struct wiphy *wiphy = wdev->wiphy;
405         struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
406
407         wdev->conn->state = CFG80211_CONN_DEAUTH_ASSOC_FAIL;
408         schedule_work(&rdev->conn_work);
409 }
410
411 void __cfg80211_connect_result(struct net_device *dev, const u8 *bssid,
412                                const u8 *req_ie, size_t req_ie_len,
413                                const u8 *resp_ie, size_t resp_ie_len,
414                                u16 status, bool wextev,
415                                struct cfg80211_bss *bss)
416 {
417         struct wireless_dev *wdev = dev->ieee80211_ptr;
418         u8 *country_ie;
419 #ifdef CONFIG_CFG80211_WEXT
420         union iwreq_data wrqu;
421 #endif
422
423         ASSERT_WDEV_LOCK(wdev);
424
425         if (WARN_ON(wdev->iftype != NL80211_IFTYPE_STATION &&
426                     wdev->iftype != NL80211_IFTYPE_P2P_CLIENT))
427                 return;
428
429         if (wdev->sme_state != CFG80211_SME_CONNECTING)
430                 return;
431
432         nl80211_send_connect_result(wiphy_to_dev(wdev->wiphy), dev,
433                                     bssid, req_ie, req_ie_len,
434                                     resp_ie, resp_ie_len,
435                                     status, GFP_KERNEL);
436
437 #ifdef CONFIG_CFG80211_WEXT
438         if (wextev) {
439                 if (req_ie && status == WLAN_STATUS_SUCCESS) {
440                         memset(&wrqu, 0, sizeof(wrqu));
441                         wrqu.data.length = req_ie_len;
442                         wireless_send_event(dev, IWEVASSOCREQIE, &wrqu, req_ie);
443                 }
444
445                 if (resp_ie && status == WLAN_STATUS_SUCCESS) {
446                         memset(&wrqu, 0, sizeof(wrqu));
447                         wrqu.data.length = resp_ie_len;
448                         wireless_send_event(dev, IWEVASSOCRESPIE, &wrqu, resp_ie);
449                 }
450
451                 memset(&wrqu, 0, sizeof(wrqu));
452                 wrqu.ap_addr.sa_family = ARPHRD_ETHER;
453                 if (bssid && status == WLAN_STATUS_SUCCESS) {
454                         memcpy(wrqu.ap_addr.sa_data, bssid, ETH_ALEN);
455                         memcpy(wdev->wext.prev_bssid, bssid, ETH_ALEN);
456                         wdev->wext.prev_bssid_valid = true;
457                 }
458                 wireless_send_event(dev, SIOCGIWAP, &wrqu, NULL);
459         }
460 #endif
461
462         if (wdev->current_bss) {
463                 cfg80211_unhold_bss(wdev->current_bss);
464                 cfg80211_put_bss(&wdev->current_bss->pub);
465                 wdev->current_bss = NULL;
466         }
467
468         if (wdev->conn)
469                 wdev->conn->state = CFG80211_CONN_IDLE;
470
471         if (status != WLAN_STATUS_SUCCESS) {
472                 wdev->sme_state = CFG80211_SME_IDLE;
473                 if (wdev->conn)
474                         kfree(wdev->conn->ie);
475                 kfree(wdev->conn);
476                 wdev->conn = NULL;
477                 kfree(wdev->connect_keys);
478                 wdev->connect_keys = NULL;
479                 wdev->ssid_len = 0;
480                 return;
481         }
482
483         if (!bss)
484                 bss = cfg80211_get_bss(wdev->wiphy,
485                                        wdev->conn ? wdev->conn->params.channel :
486                                        NULL,
487                                        bssid,
488                                        wdev->ssid, wdev->ssid_len,
489                                        WLAN_CAPABILITY_ESS,
490                                        WLAN_CAPABILITY_ESS);
491
492         if (WARN_ON(!bss))
493                 return;
494
495         cfg80211_hold_bss(bss_from_pub(bss));
496         wdev->current_bss = bss_from_pub(bss);
497
498         wdev->sme_state = CFG80211_SME_CONNECTED;
499         cfg80211_upload_connect_keys(wdev);
500
501         country_ie = (u8 *) ieee80211_bss_get_ie(bss, WLAN_EID_COUNTRY);
502
503         if (!country_ie)
504                 return;
505
506         /*
507          * ieee80211_bss_get_ie() ensures we can access:
508          * - country_ie + 2, the start of the country ie data, and
509          * - and country_ie[1] which is the IE length
510          */
511         regulatory_hint_11d(wdev->wiphy,
512                             bss->channel->band,
513                             country_ie + 2,
514                             country_ie[1]);
515 }
516
517 void cfg80211_connect_result(struct net_device *dev, const u8 *bssid,
518                              const u8 *req_ie, size_t req_ie_len,
519                              const u8 *resp_ie, size_t resp_ie_len,
520                              u16 status, gfp_t gfp)
521 {
522         struct wireless_dev *wdev = dev->ieee80211_ptr;
523         struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy);
524         struct cfg80211_event *ev;
525         unsigned long flags;
526
527         CFG80211_DEV_WARN_ON(wdev->sme_state != CFG80211_SME_CONNECTING);
528
529         ev = kzalloc(sizeof(*ev) + req_ie_len + resp_ie_len, gfp);
530         if (!ev)
531                 return;
532
533         ev->type = EVENT_CONNECT_RESULT;
534         if (bssid)
535                 memcpy(ev->cr.bssid, bssid, ETH_ALEN);
536         if (req_ie_len) {
537                 ev->cr.req_ie = ((u8 *)ev) + sizeof(*ev);
538                 ev->cr.req_ie_len = req_ie_len;
539                 memcpy((void *)ev->cr.req_ie, req_ie, req_ie_len);
540         }
541         if (resp_ie_len) {
542                 ev->cr.resp_ie = ((u8 *)ev) + sizeof(*ev) + req_ie_len;
543                 ev->cr.resp_ie_len = resp_ie_len;
544                 memcpy((void *)ev->cr.resp_ie, resp_ie, resp_ie_len);
545         }
546         ev->cr.status = status;
547
548         spin_lock_irqsave(&wdev->event_lock, flags);
549         list_add_tail(&ev->list, &wdev->event_list);
550         spin_unlock_irqrestore(&wdev->event_lock, flags);
551         queue_work(cfg80211_wq, &rdev->event_work);
552 }
553 EXPORT_SYMBOL(cfg80211_connect_result);
554
555 void __cfg80211_roamed(struct wireless_dev *wdev,
556                        struct cfg80211_bss *bss,
557                        const u8 *req_ie, size_t req_ie_len,
558                        const u8 *resp_ie, size_t resp_ie_len)
559 {
560 #ifdef CONFIG_CFG80211_WEXT
561         union iwreq_data wrqu;
562 #endif
563         ASSERT_WDEV_LOCK(wdev);
564
565         if (WARN_ON(wdev->iftype != NL80211_IFTYPE_STATION &&
566                     wdev->iftype != NL80211_IFTYPE_P2P_CLIENT))
567                 goto out;
568
569         if (wdev->sme_state != CFG80211_SME_CONNECTED)
570                 goto out;
571
572         /* internal error -- how did we get to CONNECTED w/o BSS? */
573         if (WARN_ON(!wdev->current_bss)) {
574                 goto out;
575         }
576
577         cfg80211_unhold_bss(wdev->current_bss);
578         cfg80211_put_bss(&wdev->current_bss->pub);
579         wdev->current_bss = NULL;
580
581         cfg80211_hold_bss(bss_from_pub(bss));
582         wdev->current_bss = bss_from_pub(bss);
583
584         nl80211_send_roamed(wiphy_to_dev(wdev->wiphy), wdev->netdev, bss->bssid,
585                             req_ie, req_ie_len, resp_ie, resp_ie_len,
586                             GFP_KERNEL);
587
588 #ifdef CONFIG_CFG80211_WEXT
589         if (req_ie) {
590                 memset(&wrqu, 0, sizeof(wrqu));
591                 wrqu.data.length = req_ie_len;
592                 wireless_send_event(wdev->netdev, IWEVASSOCREQIE,
593                                     &wrqu, req_ie);
594         }
595
596         if (resp_ie) {
597                 memset(&wrqu, 0, sizeof(wrqu));
598                 wrqu.data.length = resp_ie_len;
599                 wireless_send_event(wdev->netdev, IWEVASSOCRESPIE,
600                                     &wrqu, resp_ie);
601         }
602
603         memset(&wrqu, 0, sizeof(wrqu));
604         wrqu.ap_addr.sa_family = ARPHRD_ETHER;
605         memcpy(wrqu.ap_addr.sa_data, bss->bssid, ETH_ALEN);
606         memcpy(wdev->wext.prev_bssid, bss->bssid, ETH_ALEN);
607         wdev->wext.prev_bssid_valid = true;
608         wireless_send_event(wdev->netdev, SIOCGIWAP, &wrqu, NULL);
609 #endif
610
611         return;
612 out:
613         cfg80211_put_bss(bss);
614 }
615
616 void cfg80211_roamed(struct net_device *dev,
617                      struct ieee80211_channel *channel,
618                      const u8 *bssid,
619                      const u8 *req_ie, size_t req_ie_len,
620                      const u8 *resp_ie, size_t resp_ie_len, gfp_t gfp)
621 {
622         struct wireless_dev *wdev = dev->ieee80211_ptr;
623         struct cfg80211_bss *bss;
624
625         CFG80211_DEV_WARN_ON(wdev->sme_state != CFG80211_SME_CONNECTED);
626
627         bss = cfg80211_get_bss(wdev->wiphy, channel, bssid, wdev->ssid,
628                                wdev->ssid_len, WLAN_CAPABILITY_ESS,
629                                WLAN_CAPABILITY_ESS);
630         if (WARN_ON(!bss))
631                 return;
632
633         cfg80211_roamed_bss(dev, bss, req_ie, req_ie_len, resp_ie,
634                             resp_ie_len, gfp);
635 }
636 EXPORT_SYMBOL(cfg80211_roamed);
637
638 void cfg80211_roamed_bss(struct net_device *dev,
639                          struct cfg80211_bss *bss, const u8 *req_ie,
640                          size_t req_ie_len, const u8 *resp_ie,
641                          size_t resp_ie_len, gfp_t gfp)
642 {
643         struct wireless_dev *wdev = dev->ieee80211_ptr;
644         struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy);
645         struct cfg80211_event *ev;
646         unsigned long flags;
647
648         CFG80211_DEV_WARN_ON(wdev->sme_state != CFG80211_SME_CONNECTED);
649
650         if (WARN_ON(!bss))
651                 return;
652
653         ev = kzalloc(sizeof(*ev) + req_ie_len + resp_ie_len, gfp);
654         if (!ev) {
655                 cfg80211_put_bss(bss);
656                 return;
657         }
658
659         ev->type = EVENT_ROAMED;
660         ev->rm.req_ie = ((u8 *)ev) + sizeof(*ev);
661         ev->rm.req_ie_len = req_ie_len;
662         memcpy((void *)ev->rm.req_ie, req_ie, req_ie_len);
663         ev->rm.resp_ie = ((u8 *)ev) + sizeof(*ev) + req_ie_len;
664         ev->rm.resp_ie_len = resp_ie_len;
665         memcpy((void *)ev->rm.resp_ie, resp_ie, resp_ie_len);
666         ev->rm.bss = bss;
667
668         spin_lock_irqsave(&wdev->event_lock, flags);
669         list_add_tail(&ev->list, &wdev->event_list);
670         spin_unlock_irqrestore(&wdev->event_lock, flags);
671         queue_work(cfg80211_wq, &rdev->event_work);
672 }
673 EXPORT_SYMBOL(cfg80211_roamed_bss);
674
675 void __cfg80211_disconnected(struct net_device *dev, const u8 *ie,
676                              size_t ie_len, u16 reason, bool from_ap)
677 {
678         struct wireless_dev *wdev = dev->ieee80211_ptr;
679         struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy);
680         int i;
681 #ifdef CONFIG_CFG80211_WEXT
682         union iwreq_data wrqu;
683 #endif
684
685         ASSERT_WDEV_LOCK(wdev);
686
687         if (WARN_ON(wdev->iftype != NL80211_IFTYPE_STATION &&
688                     wdev->iftype != NL80211_IFTYPE_P2P_CLIENT))
689                 return;
690
691         if (wdev->sme_state != CFG80211_SME_CONNECTED)
692                 return;
693
694         if (wdev->current_bss) {
695                 cfg80211_unhold_bss(wdev->current_bss);
696                 cfg80211_put_bss(&wdev->current_bss->pub);
697         }
698
699         wdev->current_bss = NULL;
700         wdev->sme_state = CFG80211_SME_IDLE;
701         wdev->ssid_len = 0;
702
703         if (wdev->conn) {
704                 const u8 *bssid;
705                 int ret;
706
707                 kfree(wdev->conn->ie);
708                 wdev->conn->ie = NULL;
709                 kfree(wdev->conn);
710                 wdev->conn = NULL;
711
712                 /*
713                  * If this disconnect was due to a disassoc, we
714                  * we might still have an auth BSS around. For
715                  * the userspace SME that's currently expected,
716                  * but for the kernel SME (nl80211 CONNECT or
717                  * wireless extensions) we want to clear up all
718                  * state.
719                  */
720                 for (i = 0; i < MAX_AUTH_BSSES; i++) {
721                         if (!wdev->auth_bsses[i])
722                                 continue;
723                         bssid = wdev->auth_bsses[i]->pub.bssid;
724                         ret = __cfg80211_mlme_deauth(rdev, dev, bssid, NULL, 0,
725                                                 WLAN_REASON_DEAUTH_LEAVING,
726                                                 false);
727                         WARN(ret, "deauth failed: %d\n", ret);
728                 }
729         }
730
731         nl80211_send_disconnected(rdev, dev, reason, ie, ie_len, from_ap);
732
733         /*
734          * Delete all the keys ... pairwise keys can't really
735          * exist any more anyway, but default keys might.
736          */
737         if (rdev->ops->del_key)
738                 for (i = 0; i < 6; i++)
739                         rdev->ops->del_key(wdev->wiphy, dev, i, false, NULL);
740
741 #ifdef CONFIG_CFG80211_WEXT
742         memset(&wrqu, 0, sizeof(wrqu));
743         wrqu.ap_addr.sa_family = ARPHRD_ETHER;
744         wireless_send_event(dev, SIOCGIWAP, &wrqu, NULL);
745         wdev->wext.connect.ssid_len = 0;
746 #endif
747
748         schedule_work(&cfg80211_disconnect_work);
749 }
750
751 void cfg80211_disconnected(struct net_device *dev, u16 reason,
752                            u8 *ie, size_t ie_len, gfp_t gfp)
753 {
754         struct wireless_dev *wdev = dev->ieee80211_ptr;
755         struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy);
756         struct cfg80211_event *ev;
757         unsigned long flags;
758
759         CFG80211_DEV_WARN_ON(wdev->sme_state != CFG80211_SME_CONNECTED);
760
761         ev = kzalloc(sizeof(*ev) + ie_len, gfp);
762         if (!ev)
763                 return;
764
765         ev->type = EVENT_DISCONNECTED;
766         ev->dc.ie = ((u8 *)ev) + sizeof(*ev);
767         ev->dc.ie_len = ie_len;
768         memcpy((void *)ev->dc.ie, ie, ie_len);
769         ev->dc.reason = reason;
770
771         spin_lock_irqsave(&wdev->event_lock, flags);
772         list_add_tail(&ev->list, &wdev->event_list);
773         spin_unlock_irqrestore(&wdev->event_lock, flags);
774         queue_work(cfg80211_wq, &rdev->event_work);
775 }
776 EXPORT_SYMBOL(cfg80211_disconnected);
777
778 int __cfg80211_connect(struct cfg80211_registered_device *rdev,
779                        struct net_device *dev,
780                        struct cfg80211_connect_params *connect,
781                        struct cfg80211_cached_keys *connkeys,
782                        const u8 *prev_bssid)
783 {
784         struct wireless_dev *wdev = dev->ieee80211_ptr;
785         struct cfg80211_bss *bss = NULL;
786         int err;
787
788         ASSERT_WDEV_LOCK(wdev);
789
790         if (wdev->sme_state != CFG80211_SME_IDLE)
791                 return -EALREADY;
792
793         if (WARN_ON(wdev->connect_keys)) {
794                 kfree(wdev->connect_keys);
795                 wdev->connect_keys = NULL;
796         }
797
798         cfg80211_oper_and_ht_capa(&connect->ht_capa_mask,
799                                   rdev->wiphy.ht_capa_mod_mask);
800
801         if (connkeys && connkeys->def >= 0) {
802                 int idx;
803                 u32 cipher;
804
805                 idx = connkeys->def;
806                 cipher = connkeys->params[idx].cipher;
807                 /* If given a WEP key we may need it for shared key auth */
808                 if (cipher == WLAN_CIPHER_SUITE_WEP40 ||
809                     cipher == WLAN_CIPHER_SUITE_WEP104) {
810                         connect->key_idx = idx;
811                         connect->key = connkeys->params[idx].key;
812                         connect->key_len = connkeys->params[idx].key_len;
813
814                         /*
815                          * If ciphers are not set (e.g. when going through
816                          * iwconfig), we have to set them appropriately here.
817                          */
818                         if (connect->crypto.cipher_group == 0)
819                                 connect->crypto.cipher_group = cipher;
820
821                         if (connect->crypto.n_ciphers_pairwise == 0) {
822                                 connect->crypto.n_ciphers_pairwise = 1;
823                                 connect->crypto.ciphers_pairwise[0] = cipher;
824                         }
825                 }
826         }
827
828         if (!rdev->ops->connect) {
829                 if (!rdev->ops->auth || !rdev->ops->assoc)
830                         return -EOPNOTSUPP;
831
832                 if (WARN_ON(wdev->conn))
833                         return -EINPROGRESS;
834
835                 wdev->conn = kzalloc(sizeof(*wdev->conn), GFP_KERNEL);
836                 if (!wdev->conn)
837                         return -ENOMEM;
838
839                 /*
840                  * Copy all parameters, and treat explicitly IEs, BSSID, SSID.
841                  */
842                 memcpy(&wdev->conn->params, connect, sizeof(*connect));
843                 if (connect->bssid) {
844                         wdev->conn->params.bssid = wdev->conn->bssid;
845                         memcpy(wdev->conn->bssid, connect->bssid, ETH_ALEN);
846                 }
847
848                 if (connect->ie) {
849                         wdev->conn->ie = kmemdup(connect->ie, connect->ie_len,
850                                                 GFP_KERNEL);
851                         wdev->conn->params.ie = wdev->conn->ie;
852                         if (!wdev->conn->ie) {
853                                 kfree(wdev->conn);
854                                 wdev->conn = NULL;
855                                 return -ENOMEM;
856                         }
857                 }
858
859                 if (connect->auth_type == NL80211_AUTHTYPE_AUTOMATIC) {
860                         wdev->conn->auto_auth = true;
861                         /* start with open system ... should mostly work */
862                         wdev->conn->params.auth_type =
863                                 NL80211_AUTHTYPE_OPEN_SYSTEM;
864                 } else {
865                         wdev->conn->auto_auth = false;
866                 }
867
868                 memcpy(wdev->ssid, connect->ssid, connect->ssid_len);
869                 wdev->ssid_len = connect->ssid_len;
870                 wdev->conn->params.ssid = wdev->ssid;
871                 wdev->conn->params.ssid_len = connect->ssid_len;
872
873                 /* see if we have the bss already */
874                 bss = cfg80211_get_conn_bss(wdev);
875
876                 wdev->sme_state = CFG80211_SME_CONNECTING;
877                 wdev->connect_keys = connkeys;
878
879                 if (prev_bssid) {
880                         memcpy(wdev->conn->prev_bssid, prev_bssid, ETH_ALEN);
881                         wdev->conn->prev_bssid_valid = true;
882                 }
883
884                 /* we're good if we have a matching bss struct */
885                 if (bss) {
886                         wdev->conn->state = CFG80211_CONN_AUTHENTICATE_NEXT;
887                         err = cfg80211_conn_do_work(wdev);
888                         cfg80211_put_bss(bss);
889                 } else {
890                         /* otherwise we'll need to scan for the AP first */
891                         err = cfg80211_conn_scan(wdev);
892                         /*
893                          * If we can't scan right now, then we need to scan again
894                          * after the current scan finished, since the parameters
895                          * changed (unless we find a good AP anyway).
896                          */
897                         if (err == -EBUSY) {
898                                 err = 0;
899                                 wdev->conn->state = CFG80211_CONN_SCAN_AGAIN;
900                         }
901                 }
902                 if (err) {
903                         kfree(wdev->conn->ie);
904                         kfree(wdev->conn);
905                         wdev->conn = NULL;
906                         wdev->sme_state = CFG80211_SME_IDLE;
907                         wdev->connect_keys = NULL;
908                         wdev->ssid_len = 0;
909                 }
910
911                 return err;
912         } else {
913                 wdev->sme_state = CFG80211_SME_CONNECTING;
914                 wdev->connect_keys = connkeys;
915                 err = rdev->ops->connect(&rdev->wiphy, dev, connect);
916                 if (err) {
917                         wdev->connect_keys = NULL;
918                         wdev->sme_state = CFG80211_SME_IDLE;
919                         return err;
920                 }
921
922                 memcpy(wdev->ssid, connect->ssid, connect->ssid_len);
923                 wdev->ssid_len = connect->ssid_len;
924
925                 return 0;
926         }
927 }
928
929 int cfg80211_connect(struct cfg80211_registered_device *rdev,
930                      struct net_device *dev,
931                      struct cfg80211_connect_params *connect,
932                      struct cfg80211_cached_keys *connkeys)
933 {
934         int err;
935
936         mutex_lock(&rdev->devlist_mtx);
937         wdev_lock(dev->ieee80211_ptr);
938         err = __cfg80211_connect(rdev, dev, connect, connkeys, NULL);
939         wdev_unlock(dev->ieee80211_ptr);
940         mutex_unlock(&rdev->devlist_mtx);
941
942         return err;
943 }
944
945 int __cfg80211_disconnect(struct cfg80211_registered_device *rdev,
946                           struct net_device *dev, u16 reason, bool wextev)
947 {
948         struct wireless_dev *wdev = dev->ieee80211_ptr;
949         int err;
950
951         ASSERT_WDEV_LOCK(wdev);
952
953         if (wdev->sme_state == CFG80211_SME_IDLE)
954                 return -EINVAL;
955
956         kfree(wdev->connect_keys);
957         wdev->connect_keys = NULL;
958
959         if (!rdev->ops->disconnect) {
960                 if (!rdev->ops->deauth)
961                         return -EOPNOTSUPP;
962
963                 /* was it connected by userspace SME? */
964                 if (!wdev->conn) {
965                         cfg80211_mlme_down(rdev, dev);
966                         return 0;
967                 }
968
969                 if (wdev->sme_state == CFG80211_SME_CONNECTING &&
970                     (wdev->conn->state == CFG80211_CONN_SCANNING ||
971                      wdev->conn->state == CFG80211_CONN_SCAN_AGAIN)) {
972                         wdev->sme_state = CFG80211_SME_IDLE;
973                         kfree(wdev->conn->ie);
974                         kfree(wdev->conn);
975                         wdev->conn = NULL;
976                         wdev->ssid_len = 0;
977                         return 0;
978                 }
979
980                 /* wdev->conn->params.bssid must be set if > SCANNING */
981                 err = __cfg80211_mlme_deauth(rdev, dev,
982                                              wdev->conn->params.bssid,
983                                              NULL, 0, reason, false);
984                 if (err)
985                         return err;
986         } else {
987                 err = rdev->ops->disconnect(&rdev->wiphy, dev, reason);
988                 if (err)
989                         return err;
990         }
991
992         if (wdev->sme_state == CFG80211_SME_CONNECTED)
993                 __cfg80211_disconnected(dev, NULL, 0, 0, false);
994         else if (wdev->sme_state == CFG80211_SME_CONNECTING)
995                 __cfg80211_connect_result(dev, NULL, NULL, 0, NULL, 0,
996                                           WLAN_STATUS_UNSPECIFIED_FAILURE,
997                                           wextev, NULL);
998
999         return 0;
1000 }
1001
1002 int cfg80211_disconnect(struct cfg80211_registered_device *rdev,
1003                         struct net_device *dev,
1004                         u16 reason, bool wextev)
1005 {
1006         int err;
1007
1008         wdev_lock(dev->ieee80211_ptr);
1009         err = __cfg80211_disconnect(rdev, dev, reason, wextev);
1010         wdev_unlock(dev->ieee80211_ptr);
1011
1012         return err;
1013 }
1014
1015 void cfg80211_sme_disassoc(struct net_device *dev, int idx)
1016 {
1017         struct wireless_dev *wdev = dev->ieee80211_ptr;
1018         struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy);
1019         u8 bssid[ETH_ALEN];
1020
1021         ASSERT_WDEV_LOCK(wdev);
1022
1023         if (!wdev->conn)
1024                 return;
1025
1026         if (wdev->conn->state == CFG80211_CONN_IDLE)
1027                 return;
1028
1029         /*
1030          * Ok, so the association was made by this SME -- we don't
1031          * want it any more so deauthenticate too.
1032          */
1033
1034         if (!wdev->auth_bsses[idx])
1035                 return;
1036
1037         memcpy(bssid, wdev->auth_bsses[idx]->pub.bssid, ETH_ALEN);
1038         if (__cfg80211_mlme_deauth(rdev, dev, bssid,
1039                                    NULL, 0, WLAN_REASON_DEAUTH_LEAVING,
1040                                    false)) {
1041                 /* whatever -- assume gone anyway */
1042                 cfg80211_unhold_bss(wdev->auth_bsses[idx]);
1043                 cfg80211_put_bss(&wdev->auth_bsses[idx]->pub);
1044                 wdev->auth_bsses[idx] = NULL;
1045         }
1046 }