]> Git Repo - linux.git/blob - net/mac80211/parse.c
projects / linux.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
ftrace: riscv: move from REGS to ARGS
[linux.git] / net / mac80211 / parse.c
1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3  * Copyright 2002-2005, Instant802 Networks, Inc.
4  * Copyright 2005-2006, Devicescape Software, Inc.
5  * Copyright 2006-2007  Jiri Benc <[email protected]>
6  * Copyright 2007       Johannes Berg <[email protected]>
7  * Copyright 2013-2014  Intel Mobile Communications GmbH
8  * Copyright (C) 2015-2017      Intel Deutschland GmbH
9  * Copyright (C) 2018-2024 Intel Corporation
10  *
11  * element parsing for mac80211
12  */
13
14 #include <net/mac80211.h>
15 #include <linux/netdevice.h>
16 #include <linux/export.h>
17 #include <linux/types.h>
18 #include <linux/slab.h>
19 #include <linux/skbuff.h>
20 #include <linux/etherdevice.h>
21 #include <linux/if_arp.h>
22 #include <linux/bitmap.h>
23 #include <linux/crc32.h>
24 #include <net/net_namespace.h>
25 #include <net/cfg80211.h>
26 #include <net/rtnetlink.h>
27 #include <kunit/visibility.h>
28
29 #include "ieee80211_i.h"
30 #include "driver-ops.h"
31 #include "rate.h"
32 #include "mesh.h"
33 #include "wme.h"
34 #include "led.h"
35 #include "wep.h"
36
37 struct ieee80211_elems_parse {
38         /* must be first for kfree to work */
39         struct ieee802_11_elems elems;
40
41         /* The basic Multi-Link element in the original elements */
42         const struct element *ml_basic_elem;
43
44         /* The reconfiguration Multi-Link element in the original elements */
45         const struct element *ml_reconf_elem;
46
47         /*
48          * scratch buffer that can be used for various element parsing related
49          * tasks, e.g., element de-fragmentation etc.
50          */
51         size_t scratch_len;
52         u8 *scratch_pos;
53         u8 scratch[] __counted_by(scratch_len);
54 };
55
56 static void
57 ieee80211_parse_extension_element(u32 *crc,
58                                   const struct element *elem,
59                                   struct ieee80211_elems_parse *elems_parse,
60                                   struct ieee80211_elems_parse_params *params)
61 {
62         struct ieee802_11_elems *elems = &elems_parse->elems;
63         const void *data = elem->data + 1;
64         bool calc_crc = false;
65         u8 len;
66
67         if (!elem->datalen)
68                 return;
69
70         len = elem->datalen - 1;
71
72         switch (elem->data[0]) {
73         case WLAN_EID_EXT_HE_MU_EDCA:
74                 if (params->mode < IEEE80211_CONN_MODE_HE)
75                         break;
76                 calc_crc = true;
77                 if (len >= sizeof(*elems->mu_edca_param_set))
78                         elems->mu_edca_param_set = data;
79                 break;
80         case WLAN_EID_EXT_HE_CAPABILITY:
81                 if (params->mode < IEEE80211_CONN_MODE_HE)
82                         break;
83                 if (ieee80211_he_capa_size_ok(data, len)) {
84                         elems->he_cap = data;
85                         elems->he_cap_len = len;
86                 }
87                 break;
88         case WLAN_EID_EXT_HE_OPERATION:
89                 if (params->mode < IEEE80211_CONN_MODE_HE)
90                         break;
91                 calc_crc = true;
92                 if (len >= sizeof(*elems->he_operation) &&
93                     len >= ieee80211_he_oper_size(data) - 1)
94                         elems->he_operation = data;
95                 break;
96         case WLAN_EID_EXT_UORA:
97                 if (params->mode < IEEE80211_CONN_MODE_HE)
98                         break;
99                 if (len >= 1)
100                         elems->uora_element = data;
101                 break;
102         case WLAN_EID_EXT_MAX_CHANNEL_SWITCH_TIME:
103                 if (len == 3)
104                         elems->max_channel_switch_time = data;
105                 break;
106         case WLAN_EID_EXT_MULTIPLE_BSSID_CONFIGURATION:
107                 if (len >= sizeof(*elems->mbssid_config_ie))
108                         elems->mbssid_config_ie = data;
109                 break;
110         case WLAN_EID_EXT_HE_SPR:
111                 if (params->mode < IEEE80211_CONN_MODE_HE)
112                         break;
113                 if (len >= sizeof(*elems->he_spr) &&
114                     len >= ieee80211_he_spr_size(data))
115                         elems->he_spr = data;
116                 break;
117         case WLAN_EID_EXT_HE_6GHZ_CAPA:
118                 if (params->mode < IEEE80211_CONN_MODE_HE)
119                         break;
120                 if (len >= sizeof(*elems->he_6ghz_capa))
121                         elems->he_6ghz_capa = data;
122                 break;
123         case WLAN_EID_EXT_EHT_CAPABILITY:
124                 if (params->mode < IEEE80211_CONN_MODE_EHT)
125                         break;
126                 if (ieee80211_eht_capa_size_ok(elems->he_cap,
127                                                data, len,
128                                                params->from_ap)) {
129                         elems->eht_cap = data;
130                         elems->eht_cap_len = len;
131                 }
132                 break;
133         case WLAN_EID_EXT_EHT_OPERATION:
134                 if (params->mode < IEEE80211_CONN_MODE_EHT)
135                         break;
136                 if (ieee80211_eht_oper_size_ok(data, len))
137                         elems->eht_operation = data;
138                 calc_crc = true;
139                 break;
140         case WLAN_EID_EXT_EHT_MULTI_LINK:
141                 if (params->mode < IEEE80211_CONN_MODE_EHT)
142                         break;
143                 calc_crc = true;
144
145                 if (ieee80211_mle_size_ok(data, len)) {
146                         const struct ieee80211_multi_link_elem *mle =
147                                 (void *)data;
148
149                         switch (le16_get_bits(mle->control,
150                                               IEEE80211_ML_CONTROL_TYPE)) {
151                         case IEEE80211_ML_CONTROL_TYPE_BASIC:
152                                 if (elems_parse->ml_basic_elem) {
153                                         elems->parse_error |=
154                                                 IEEE80211_PARSE_ERR_DUP_NEST_ML_BASIC;
155                                         break;
156                                 }
157                                 elems_parse->ml_basic_elem = elem;
158                                 break;
159                         case IEEE80211_ML_CONTROL_TYPE_RECONF:
160                                 elems_parse->ml_reconf_elem = elem;
161                                 break;
162                         default:
163                                 break;
164                         }
165                 }
166                 break;
167         case WLAN_EID_EXT_BANDWIDTH_INDICATION:
168                 if (params->mode < IEEE80211_CONN_MODE_EHT)
169                         break;
170                 if (ieee80211_bandwidth_indication_size_ok(data, len))
171                         elems->bandwidth_indication = data;
172                 calc_crc = true;
173                 break;
174         case WLAN_EID_EXT_TID_TO_LINK_MAPPING:
175                 if (params->mode < IEEE80211_CONN_MODE_EHT)
176                         break;
177                 calc_crc = true;
178                 if (ieee80211_tid_to_link_map_size_ok(data, len) &&
179                     elems->ttlm_num < ARRAY_SIZE(elems->ttlm)) {
180                         elems->ttlm[elems->ttlm_num] = (void *)data;
181                         elems->ttlm_num++;
182                 }
183                 break;
184         }
185
186         if (crc && calc_crc)
187                 *crc = crc32_be(*crc, (void *)elem, elem->datalen + 2);
188 }
189
190 static u32
191 _ieee802_11_parse_elems_full(struct ieee80211_elems_parse_params *params,
192                              struct ieee80211_elems_parse *elems_parse,
193                              const struct element *check_inherit)
194 {
195         struct ieee802_11_elems *elems = &elems_parse->elems;
196         const struct element *elem;
197         bool calc_crc = params->filter != 0;
198         DECLARE_BITMAP(seen_elems, 256);
199         u32 crc = params->crc;
200
201         bitmap_zero(seen_elems, 256);
202
203         for_each_element(elem, params->start, params->len) {
204                 const struct element *subelem;
205                 u8 elem_parse_failed;
206                 u8 id = elem->id;
207                 u8 elen = elem->datalen;
208                 const u8 *pos = elem->data;
209
210                 if (check_inherit &&
211                     !cfg80211_is_element_inherited(elem,
212                                                    check_inherit))
213                         continue;
214
215                 switch (id) {
216                 case WLAN_EID_SSID:
217                 case WLAN_EID_SUPP_RATES:
218                 case WLAN_EID_FH_PARAMS:
219                 case WLAN_EID_DS_PARAMS:
220                 case WLAN_EID_CF_PARAMS:
221                 case WLAN_EID_TIM:
222                 case WLAN_EID_IBSS_PARAMS:
223                 case WLAN_EID_CHALLENGE:
224                 case WLAN_EID_RSN:
225                 case WLAN_EID_ERP_INFO:
226                 case WLAN_EID_EXT_SUPP_RATES:
227                 case WLAN_EID_HT_CAPABILITY:
228                 case WLAN_EID_HT_OPERATION:
229                 case WLAN_EID_VHT_CAPABILITY:
230                 case WLAN_EID_VHT_OPERATION:
231                 case WLAN_EID_MESH_ID:
232                 case WLAN_EID_MESH_CONFIG:
233                 case WLAN_EID_PEER_MGMT:
234                 case WLAN_EID_PREQ:
235                 case WLAN_EID_PREP:
236                 case WLAN_EID_PERR:
237                 case WLAN_EID_RANN:
238                 case WLAN_EID_CHANNEL_SWITCH:
239                 case WLAN_EID_EXT_CHANSWITCH_ANN:
240                 case WLAN_EID_COUNTRY:
241                 case WLAN_EID_PWR_CONSTRAINT:
242                 case WLAN_EID_TIMEOUT_INTERVAL:
243                 case WLAN_EID_SECONDARY_CHANNEL_OFFSET:
244                 case WLAN_EID_WIDE_BW_CHANNEL_SWITCH:
245                 case WLAN_EID_CHAN_SWITCH_PARAM:
246                 case WLAN_EID_EXT_CAPABILITY:
247                 case WLAN_EID_CHAN_SWITCH_TIMING:
248                 case WLAN_EID_LINK_ID:
249                 case WLAN_EID_BSS_MAX_IDLE_PERIOD:
250                 case WLAN_EID_RSNX:
251                 case WLAN_EID_S1G_BCN_COMPAT:
252                 case WLAN_EID_S1G_CAPABILITIES:
253                 case WLAN_EID_S1G_OPERATION:
254                 case WLAN_EID_AID_RESPONSE:
255                 case WLAN_EID_S1G_SHORT_BCN_INTERVAL:
256                 /*
257                  * not listing WLAN_EID_CHANNEL_SWITCH_WRAPPER -- it seems possible
258                  * that if the content gets bigger it might be needed more than once
259                  */
260                         if (test_bit(id, seen_elems)) {
261                                 elems->parse_error |=
262                                         IEEE80211_PARSE_ERR_DUP_ELEM;
263                                 continue;
264                         }
265                         break;
266                 }
267
268                 if (calc_crc && id < 64 && (params->filter & (1ULL << id)))
269                         crc = crc32_be(crc, pos - 2, elen + 2);
270
271                 elem_parse_failed = 0;
272
273                 switch (id) {
274                 case WLAN_EID_LINK_ID:
275                         if (elen + 2 < sizeof(struct ieee80211_tdls_lnkie)) {
276                                 elem_parse_failed =
277                                         IEEE80211_PARSE_ERR_BAD_ELEM_SIZE;
278                                 break;
279                         }
280                         elems->lnk_id = (void *)(pos - 2);
281                         break;
282                 case WLAN_EID_CHAN_SWITCH_TIMING:
283                         if (elen < sizeof(struct ieee80211_ch_switch_timing)) {
284                                 elem_parse_failed =
285                                         IEEE80211_PARSE_ERR_BAD_ELEM_SIZE;
286                                 break;
287                         }
288                         elems->ch_sw_timing = (void *)pos;
289                         break;
290                 case WLAN_EID_EXT_CAPABILITY:
291                         elems->ext_capab = pos;
292                         elems->ext_capab_len = elen;
293                         break;
294                 case WLAN_EID_SSID:
295                         elems->ssid = pos;
296                         elems->ssid_len = elen;
297                         break;
298                 case WLAN_EID_SUPP_RATES:
299                         elems->supp_rates = pos;
300                         elems->supp_rates_len = elen;
301                         break;
302                 case WLAN_EID_DS_PARAMS:
303                         if (elen >= 1)
304                                 elems->ds_params = pos;
305                         else
306                                 elem_parse_failed =
307                                         IEEE80211_PARSE_ERR_BAD_ELEM_SIZE;
308                         break;
309                 case WLAN_EID_TIM:
310                         if (elen >= sizeof(struct ieee80211_tim_ie)) {
311                                 elems->tim = (void *)pos;
312                                 elems->tim_len = elen;
313                         } else
314                                 elem_parse_failed =
315                                         IEEE80211_PARSE_ERR_BAD_ELEM_SIZE;
316                         break;
317                 case WLAN_EID_VENDOR_SPECIFIC:
318                         if (elen >= 4 && pos[0] == 0x00 && pos[1] == 0x50 &&
319                             pos[2] == 0xf2) {
320                                 /* Microsoft OUI (00:50:F2) */
321
322                                 if (calc_crc)
323                                         crc = crc32_be(crc, pos - 2, elen + 2);
324
325                                 if (elen >= 5 && pos[3] == 2) {
326                                         /* OUI Type 2 - WMM IE */
327                                         if (pos[4] == 0) {
328                                                 elems->wmm_info = pos;
329                                                 elems->wmm_info_len = elen;
330                                         } else if (pos[4] == 1) {
331                                                 elems->wmm_param = pos;
332                                                 elems->wmm_param_len = elen;
333                                         }
334                                 }
335                         }
336                         break;
337                 case WLAN_EID_RSN:
338                         elems->rsn = pos;
339                         elems->rsn_len = elen;
340                         break;
341                 case WLAN_EID_ERP_INFO:
342                         if (elen >= 1)
343                                 elems->erp_info = pos;
344                         else
345                                 elem_parse_failed =
346                                         IEEE80211_PARSE_ERR_BAD_ELEM_SIZE;
347                         break;
348                 case WLAN_EID_EXT_SUPP_RATES:
349                         elems->ext_supp_rates = pos;
350                         elems->ext_supp_rates_len = elen;
351                         break;
352                 case WLAN_EID_HT_CAPABILITY:
353                         if (params->mode < IEEE80211_CONN_MODE_HT)
354                                 break;
355                         if (elen >= sizeof(struct ieee80211_ht_cap))
356                                 elems->ht_cap_elem = (void *)pos;
357                         else
358                                 elem_parse_failed =
359                                         IEEE80211_PARSE_ERR_BAD_ELEM_SIZE;
360                         break;
361                 case WLAN_EID_HT_OPERATION:
362                         if (params->mode < IEEE80211_CONN_MODE_HT)
363                                 break;
364                         if (elen >= sizeof(struct ieee80211_ht_operation))
365                                 elems->ht_operation = (void *)pos;
366                         else
367                                 elem_parse_failed =
368                                         IEEE80211_PARSE_ERR_BAD_ELEM_SIZE;
369                         break;
370                 case WLAN_EID_VHT_CAPABILITY:
371                         if (params->mode < IEEE80211_CONN_MODE_VHT)
372                                 break;
373                         if (elen >= sizeof(struct ieee80211_vht_cap))
374                                 elems->vht_cap_elem = (void *)pos;
375                         else
376                                 elem_parse_failed =
377                                         IEEE80211_PARSE_ERR_BAD_ELEM_SIZE;
378                         break;
379                 case WLAN_EID_VHT_OPERATION:
380                         if (params->mode < IEEE80211_CONN_MODE_VHT)
381                                 break;
382                         if (elen >= sizeof(struct ieee80211_vht_operation)) {
383                                 elems->vht_operation = (void *)pos;
384                                 if (calc_crc)
385                                         crc = crc32_be(crc, pos - 2, elen + 2);
386                                 break;
387                         }
388                         elem_parse_failed =
389                                 IEEE80211_PARSE_ERR_BAD_ELEM_SIZE;
390                         break;
391                 case WLAN_EID_OPMODE_NOTIF:
392                         if (params->mode < IEEE80211_CONN_MODE_VHT)
393                                 break;
394                         if (elen > 0) {
395                                 elems->opmode_notif = pos;
396                                 if (calc_crc)
397                                         crc = crc32_be(crc, pos - 2, elen + 2);
398                                 break;
399                         }
400                         elem_parse_failed =
401                                 IEEE80211_PARSE_ERR_BAD_ELEM_SIZE;
402                         break;
403                 case WLAN_EID_MESH_ID:
404                         elems->mesh_id = pos;
405                         elems->mesh_id_len = elen;
406                         break;
407                 case WLAN_EID_MESH_CONFIG:
408                         if (elen >= sizeof(struct ieee80211_meshconf_ie))
409                                 elems->mesh_config = (void *)pos;
410                         else
411                                 elem_parse_failed =
412                                         IEEE80211_PARSE_ERR_BAD_ELEM_SIZE;
413                         break;
414                 case WLAN_EID_PEER_MGMT:
415                         elems->peering = pos;
416                         elems->peering_len = elen;
417                         break;
418                 case WLAN_EID_MESH_AWAKE_WINDOW:
419                         if (elen >= 2)
420                                 elems->awake_window = (void *)pos;
421                         break;
422                 case WLAN_EID_PREQ:
423                         elems->preq = pos;
424                         elems->preq_len = elen;
425                         break;
426                 case WLAN_EID_PREP:
427                         elems->prep = pos;
428                         elems->prep_len = elen;
429                         break;
430                 case WLAN_EID_PERR:
431                         elems->perr = pos;
432                         elems->perr_len = elen;
433                         break;
434                 case WLAN_EID_RANN:
435                         if (elen >= sizeof(struct ieee80211_rann_ie))
436                                 elems->rann = (void *)pos;
437                         else
438                                 elem_parse_failed =
439                                         IEEE80211_PARSE_ERR_BAD_ELEM_SIZE;
440                         break;
441                 case WLAN_EID_CHANNEL_SWITCH:
442                         if (elen != sizeof(struct ieee80211_channel_sw_ie)) {
443                                 elem_parse_failed =
444                                         IEEE80211_PARSE_ERR_BAD_ELEM_SIZE;
445                                 break;
446                         }
447                         elems->ch_switch_ie = (void *)pos;
448                         break;
449                 case WLAN_EID_EXT_CHANSWITCH_ANN:
450                         if (elen != sizeof(struct ieee80211_ext_chansw_ie)) {
451                                 elem_parse_failed =
452                                         IEEE80211_PARSE_ERR_BAD_ELEM_SIZE;
453                                 break;
454                         }
455                         elems->ext_chansw_ie = (void *)pos;
456                         break;
457                 case WLAN_EID_SECONDARY_CHANNEL_OFFSET:
458                         if (params->mode < IEEE80211_CONN_MODE_HT)
459                                 break;
460                         if (elen != sizeof(struct ieee80211_sec_chan_offs_ie)) {
461                                 elem_parse_failed =
462                                         IEEE80211_PARSE_ERR_BAD_ELEM_SIZE;
463                                 break;
464                         }
465                         elems->sec_chan_offs = (void *)pos;
466                         break;
467                 case WLAN_EID_CHAN_SWITCH_PARAM:
468                         if (elen <
469                             sizeof(*elems->mesh_chansw_params_ie)) {
470                                 elem_parse_failed =
471                                         IEEE80211_PARSE_ERR_BAD_ELEM_SIZE;
472                                 break;
473                         }
474                         elems->mesh_chansw_params_ie = (void *)pos;
475                         break;
476                 case WLAN_EID_WIDE_BW_CHANNEL_SWITCH:
477                         if (params->mode < IEEE80211_CONN_MODE_VHT)
478                                 break;
479
480                         if (!params->action) {
481                                 elem_parse_failed =
482                                         IEEE80211_PARSE_ERR_UNEXPECTED_ELEM;
483                                 break;
484                         }
485
486                         if (elen < sizeof(*elems->wide_bw_chansw_ie)) {
487                                 elem_parse_failed =
488                                         IEEE80211_PARSE_ERR_BAD_ELEM_SIZE;
489                                 break;
490                         }
491                         elems->wide_bw_chansw_ie = (void *)pos;
492                         break;
493                 case WLAN_EID_CHANNEL_SWITCH_WRAPPER:
494                         if (params->mode < IEEE80211_CONN_MODE_VHT)
495                                 break;
496                         if (params->action) {
497                                 elem_parse_failed =
498                                         IEEE80211_PARSE_ERR_UNEXPECTED_ELEM;
499                                 break;
500                         }
501                         /*
502                          * This is a bit tricky, but as we only care about
503                          * a few elements, parse them out manually.
504                          */
505                         subelem = cfg80211_find_elem(WLAN_EID_WIDE_BW_CHANNEL_SWITCH,
506                                                      pos, elen);
507                         if (subelem) {
508                                 if (subelem->datalen >= sizeof(*elems->wide_bw_chansw_ie))
509                                         elems->wide_bw_chansw_ie =
510                                                 (void *)subelem->data;
511                                 else
512                                         elem_parse_failed =
513                                                 IEEE80211_PARSE_ERR_BAD_ELEM_SIZE;
514                         }
515
516                         if (params->mode < IEEE80211_CONN_MODE_EHT)
517                                 break;
518
519                         subelem = cfg80211_find_ext_elem(WLAN_EID_EXT_BANDWIDTH_INDICATION,
520                                                          pos, elen);
521                         if (subelem) {
522                                 const void *edata = subelem->data + 1;
523                                 u8 edatalen = subelem->datalen - 1;
524
525                                 if (ieee80211_bandwidth_indication_size_ok(edata,
526                                                                            edatalen))
527                                         elems->bandwidth_indication = edata;
528                                 else
529                                         elem_parse_failed =
530                                                 IEEE80211_PARSE_ERR_BAD_ELEM_SIZE;
531                         }
532                         break;
533                 case WLAN_EID_COUNTRY:
534                         elems->country_elem = pos;
535                         elems->country_elem_len = elen;
536                         break;
537                 case WLAN_EID_PWR_CONSTRAINT:
538                         if (elen != 1) {
539                                 elem_parse_failed =
540                                         IEEE80211_PARSE_ERR_BAD_ELEM_SIZE;
541                                 break;
542                         }
543                         elems->pwr_constr_elem = pos;
544                         break;
545                 case WLAN_EID_CISCO_VENDOR_SPECIFIC:
546                         /* Lots of different options exist, but we only care
547                          * about the Dynamic Transmit Power Control element.
548                          * First check for the Cisco OUI, then for the DTPC
549                          * tag (0x00).
550                          */
551                         if (elen < 4) {
552                                 elem_parse_failed =
553                                         IEEE80211_PARSE_ERR_BAD_ELEM_SIZE;
554                                 break;
555                         }
556
557                         if (pos[0] != 0x00 || pos[1] != 0x40 ||
558                             pos[2] != 0x96 || pos[3] != 0x00)
559                                 break;
560
561                         if (elen != 6) {
562                                 elem_parse_failed =
563                                         IEEE80211_PARSE_ERR_BAD_ELEM_SIZE;
564                                 break;
565                         }
566
567                         if (calc_crc)
568                                 crc = crc32_be(crc, pos - 2, elen + 2);
569
570                         elems->cisco_dtpc_elem = pos;
571                         break;
572                 case WLAN_EID_ADDBA_EXT:
573                         if (elen < sizeof(struct ieee80211_addba_ext_ie)) {
574                                 elem_parse_failed =
575                                         IEEE80211_PARSE_ERR_BAD_ELEM_SIZE;
576                                 break;
577                         }
578                         elems->addba_ext_ie = (void *)pos;
579                         break;
580                 case WLAN_EID_TIMEOUT_INTERVAL:
581                         if (elen >= sizeof(struct ieee80211_timeout_interval_ie))
582                                 elems->timeout_int = (void *)pos;
583                         else
584                                 elem_parse_failed =
585                                         IEEE80211_PARSE_ERR_BAD_ELEM_SIZE;
586                         break;
587                 case WLAN_EID_BSS_MAX_IDLE_PERIOD:
588                         if (elen >= sizeof(*elems->max_idle_period_ie))
589                                 elems->max_idle_period_ie = (void *)pos;
590                         break;
591                 case WLAN_EID_RSNX:
592                         elems->rsnx = pos;
593                         elems->rsnx_len = elen;
594                         break;
595                 case WLAN_EID_TX_POWER_ENVELOPE:
596                         if (elen < 1 ||
597                             elen > sizeof(struct ieee80211_tx_pwr_env))
598                                 break;
599
600                         if (elems->tx_pwr_env_num >= ARRAY_SIZE(elems->tx_pwr_env))
601                                 break;
602
603                         elems->tx_pwr_env[elems->tx_pwr_env_num] = (void *)pos;
604                         elems->tx_pwr_env_len[elems->tx_pwr_env_num] = elen;
605                         elems->tx_pwr_env_num++;
606                         break;
607                 case WLAN_EID_EXTENSION:
608                         ieee80211_parse_extension_element(calc_crc ?
609                                                                 &crc : NULL,
610                                                           elem, elems_parse,
611                                                           params);
612                         break;
613                 case WLAN_EID_S1G_CAPABILITIES:
614                         if (params->mode != IEEE80211_CONN_MODE_S1G)
615                                 break;
616                         if (elen >= sizeof(*elems->s1g_capab))
617                                 elems->s1g_capab = (void *)pos;
618                         else
619                                 elem_parse_failed =
620                                         IEEE80211_PARSE_ERR_BAD_ELEM_SIZE;
621                         break;
622                 case WLAN_EID_S1G_OPERATION:
623                         if (params->mode != IEEE80211_CONN_MODE_S1G)
624                                 break;
625                         if (elen == sizeof(*elems->s1g_oper))
626                                 elems->s1g_oper = (void *)pos;
627                         else
628                                 elem_parse_failed =
629                                         IEEE80211_PARSE_ERR_BAD_ELEM_SIZE;
630                         break;
631                 case WLAN_EID_S1G_BCN_COMPAT:
632                         if (params->mode != IEEE80211_CONN_MODE_S1G)
633                                 break;
634                         if (elen == sizeof(*elems->s1g_bcn_compat))
635                                 elems->s1g_bcn_compat = (void *)pos;
636                         else
637                                 elem_parse_failed =
638                                         IEEE80211_PARSE_ERR_BAD_ELEM_SIZE;
639                         break;
640                 case WLAN_EID_AID_RESPONSE:
641                         if (params->mode != IEEE80211_CONN_MODE_S1G)
642                                 break;
643                         if (elen == sizeof(struct ieee80211_aid_response_ie))
644                                 elems->aid_resp = (void *)pos;
645                         else
646                                 elem_parse_failed =
647                                         IEEE80211_PARSE_ERR_BAD_ELEM_SIZE;
648                         break;
649                 default:
650                         break;
651                 }
652
653                 if (elem_parse_failed)
654                         elems->parse_error |= elem_parse_failed;
655                 else
656                         __set_bit(id, seen_elems);
657         }
658
659         if (!for_each_element_completed(elem, params->start, params->len))
660                 elems->parse_error |= IEEE80211_PARSE_ERR_INVALID_END;
661
662         return crc;
663 }
664
665 static size_t ieee802_11_find_bssid_profile(const u8 *start, size_t len,
666                                             struct ieee802_11_elems *elems,
667                                             struct cfg80211_bss *bss,
668                                             u8 *nontransmitted_profile)
669 {
670         const struct element *elem, *sub;
671         size_t profile_len = 0;
672         bool found = false;
673
674         if (!bss || !bss->transmitted_bss)
675                 return profile_len;
676
677         for_each_element_id(elem, WLAN_EID_MULTIPLE_BSSID, start, len) {
678                 if (elem->datalen < 2)
679                         continue;
680                 if (elem->data[0] < 1 || elem->data[0] > 8)
681                         continue;
682
683                 for_each_element(sub, elem->data + 1, elem->datalen - 1) {
684                         u8 new_bssid[ETH_ALEN];
685                         const u8 *index;
686
687                         if (sub->id != 0 || sub->datalen < 4) {
688                                 /* not a valid BSS profile */
689                                 continue;
690                         }
691
692                         if (sub->data[0] != WLAN_EID_NON_TX_BSSID_CAP ||
693                             sub->data[1] != 2) {
694                                 /* The first element of the
695                                  * Nontransmitted BSSID Profile is not
696                                  * the Nontransmitted BSSID Capability
697                                  * element.
698                                  */
699                                 continue;
700                         }
701
702                         memset(nontransmitted_profile, 0, len);
703                         profile_len = cfg80211_merge_profile(start, len,
704                                                              elem,
705                                                              sub,
706                                                              nontransmitted_profile,
707                                                              len);
708
709                         /* found a Nontransmitted BSSID Profile */
710                         index = cfg80211_find_ie(WLAN_EID_MULTI_BSSID_IDX,
711                                                  nontransmitted_profile,
712                                                  profile_len);
713                         if (!index || index[1] < 1 || index[2] == 0) {
714                                 /* Invalid MBSSID Index element */
715                                 continue;
716                         }
717
718                         cfg80211_gen_new_bssid(bss->transmitted_bss->bssid,
719                                                elem->data[0],
720                                                index[2],
721                                                new_bssid);
722                         if (ether_addr_equal(new_bssid, bss->bssid)) {
723                                 found = true;
724                                 elems->bssid_index_len = index[1];
725                                 elems->bssid_index = (void *)&index[2];
726                                 break;
727                         }
728                 }
729         }
730
731         return found ? profile_len : 0;
732 }
733
734 static void
735 ieee80211_mle_get_sta_prof(struct ieee80211_elems_parse *elems_parse,
736                            u8 link_id)
737 {
738         struct ieee802_11_elems *elems = &elems_parse->elems;
739         const struct ieee80211_multi_link_elem *ml = elems->ml_basic;
740         ssize_t ml_len = elems->ml_basic_len;
741         const struct element *sub;
742
743         for_each_mle_subelement(sub, (u8 *)ml, ml_len) {
744                 struct ieee80211_mle_per_sta_profile *prof = (void *)sub->data;
745                 ssize_t sta_prof_len;
746                 u16 control;
747
748                 if (sub->id != IEEE80211_MLE_SUBELEM_PER_STA_PROFILE)
749                         continue;
750
751                 if (!ieee80211_mle_basic_sta_prof_size_ok(sub->data,
752                                                           sub->datalen))
753                         return;
754
755                 control = le16_to_cpu(prof->control);
756
757                 if (link_id != u16_get_bits(control,
758                                             IEEE80211_MLE_STA_CONTROL_LINK_ID))
759                         continue;
760
761                 if (!(control & IEEE80211_MLE_STA_CONTROL_COMPLETE_PROFILE))
762                         return;
763
764                 /* the sub element can be fragmented */
765                 sta_prof_len =
766                         cfg80211_defragment_element(sub,
767                                                     (u8 *)ml, ml_len,
768                                                     elems_parse->scratch_pos,
769                                                     elems_parse->scratch +
770                                                         elems_parse->scratch_len -
771                                                         elems_parse->scratch_pos,
772                                                     IEEE80211_MLE_SUBELEM_FRAGMENT);
773
774                 if (sta_prof_len < 0)
775                         return;
776
777                 elems->prof = (void *)elems_parse->scratch_pos;
778                 elems->sta_prof_len = sta_prof_len;
779                 elems_parse->scratch_pos += sta_prof_len;
780
781                 return;
782         }
783 }
784
785 static void ieee80211_mle_parse_link(struct ieee80211_elems_parse *elems_parse,
786                                      struct ieee80211_elems_parse_params *params)
787 {
788         struct ieee802_11_elems *elems = &elems_parse->elems;
789         struct ieee80211_mle_per_sta_profile *prof;
790         struct ieee80211_elems_parse_params sub = {
791                 .mode = params->mode,
792                 .action = params->action,
793                 .from_ap = params->from_ap,
794                 .link_id = -1,
795         };
796         ssize_t ml_len = elems->ml_basic_len;
797         const struct element *non_inherit = NULL;
798         const u8 *end;
799
800         ml_len = cfg80211_defragment_element(elems_parse->ml_basic_elem,
801                                              elems->ie_start,
802                                              elems->total_len,
803                                              elems_parse->scratch_pos,
804                                              elems_parse->scratch +
805                                                 elems_parse->scratch_len -
806                                                 elems_parse->scratch_pos,
807                                              WLAN_EID_FRAGMENT);
808
809         if (ml_len < 0)
810                 return;
811
812         elems->ml_basic = (const void *)elems_parse->scratch_pos;
813         elems->ml_basic_len = ml_len;
814         elems_parse->scratch_pos += ml_len;
815
816         if (params->link_id == -1)
817                 return;
818
819         ieee80211_mle_get_sta_prof(elems_parse, params->link_id);
820         prof = elems->prof;
821
822         if (!prof)
823                 return;
824
825         /* check if we have the 4 bytes for the fixed part in assoc response */
826         if (elems->sta_prof_len < sizeof(*prof) + prof->sta_info_len - 1 + 4) {
827                 elems->prof = NULL;
828                 elems->sta_prof_len = 0;
829                 return;
830         }
831
832         /*
833          * Skip the capability information and the status code that are expected
834          * as part of the station profile in association response frames. Note
835          * the -1 is because the 'sta_info_len' is accounted to as part of the
836          * per-STA profile, but not part of the 'u8 variable[]' portion.
837          */
838         sub.start = prof->variable + prof->sta_info_len - 1 + 4;
839         end = (const u8 *)prof + elems->sta_prof_len;
840         sub.len = end - sub.start;
841
842         non_inherit = cfg80211_find_ext_elem(WLAN_EID_EXT_NON_INHERITANCE,
843                                              sub.start, sub.len);
844         _ieee802_11_parse_elems_full(&sub, elems_parse, non_inherit);
845 }
846
847 static void
848 ieee80211_mle_defrag_reconf(struct ieee80211_elems_parse *elems_parse)
849 {
850         struct ieee802_11_elems *elems = &elems_parse->elems;
851         ssize_t ml_len;
852
853         ml_len = cfg80211_defragment_element(elems_parse->ml_reconf_elem,
854                                              elems->ie_start,
855                                              elems->total_len,
856                                              elems_parse->scratch_pos,
857                                              elems_parse->scratch +
858                                                 elems_parse->scratch_len -
859                                                 elems_parse->scratch_pos,
860                                              WLAN_EID_FRAGMENT);
861         if (ml_len < 0)
862                 return;
863         elems->ml_reconf = (void *)elems_parse->scratch_pos;
864         elems->ml_reconf_len = ml_len;
865         elems_parse->scratch_pos += ml_len;
866 }
867
868 struct ieee802_11_elems *
869 ieee802_11_parse_elems_full(struct ieee80211_elems_parse_params *params)
870 {
871         struct ieee80211_elems_parse *elems_parse;
872         struct ieee802_11_elems *elems;
873         const struct element *non_inherit = NULL;
874         u8 *nontransmitted_profile;
875         int nontransmitted_profile_len = 0;
876         size_t scratch_len = 3 * params->len;
877
878         BUILD_BUG_ON(offsetof(typeof(*elems_parse), elems) != 0);
879
880         elems_parse = kzalloc(struct_size(elems_parse, scratch, scratch_len),
881                               GFP_ATOMIC);
882         if (!elems_parse)
883                 return NULL;
884
885         elems_parse->scratch_len = scratch_len;
886         elems_parse->scratch_pos = elems_parse->scratch;
887
888         elems = &elems_parse->elems;
889         elems->ie_start = params->start;
890         elems->total_len = params->len;
891
892         nontransmitted_profile = elems_parse->scratch_pos;
893         nontransmitted_profile_len =
894                 ieee802_11_find_bssid_profile(params->start, params->len,
895                                               elems, params->bss,
896                                               nontransmitted_profile);
897         elems_parse->scratch_pos += nontransmitted_profile_len;
898         non_inherit = cfg80211_find_ext_elem(WLAN_EID_EXT_NON_INHERITANCE,
899                                              nontransmitted_profile,
900                                              nontransmitted_profile_len);
901
902         elems->crc = _ieee802_11_parse_elems_full(params, elems_parse,
903                                                   non_inherit);
904
905         /* Override with nontransmitted profile, if found */
906         if (nontransmitted_profile_len) {
907                 struct ieee80211_elems_parse_params sub = {
908                         .mode = params->mode,
909                         .start = nontransmitted_profile,
910                         .len = nontransmitted_profile_len,
911                         .action = params->action,
912                         .link_id = params->link_id,
913                 };
914
915                 _ieee802_11_parse_elems_full(&sub, elems_parse, NULL);
916         }
917
918         ieee80211_mle_parse_link(elems_parse, params);
919
920         ieee80211_mle_defrag_reconf(elems_parse);
921
922         if (elems->tim && !elems->parse_error) {
923                 const struct ieee80211_tim_ie *tim_ie = elems->tim;
924
925                 elems->dtim_period = tim_ie->dtim_period;
926                 elems->dtim_count = tim_ie->dtim_count;
927         }
928
929         /* Override DTIM period and count if needed */
930         if (elems->bssid_index &&
931             elems->bssid_index_len >=
932             offsetofend(struct ieee80211_bssid_index, dtim_period))
933                 elems->dtim_period = elems->bssid_index->dtim_period;
934
935         if (elems->bssid_index &&
936             elems->bssid_index_len >=
937             offsetofend(struct ieee80211_bssid_index, dtim_count))
938                 elems->dtim_count = elems->bssid_index->dtim_count;
939
940         return elems;
941 }
942 EXPORT_SYMBOL_IF_KUNIT(ieee802_11_parse_elems_full);
943
944 int ieee80211_parse_bitrates(enum nl80211_chan_width width,
945                              const struct ieee80211_supported_band *sband,
946                              const u8 *srates, int srates_len, u32 *rates)
947 {
948         u32 rate_flags = ieee80211_chanwidth_rate_flags(width);
949         struct ieee80211_rate *br;
950         int brate, rate, i, j, count = 0;
951
952         *rates = 0;
953
954         for (i = 0; i < srates_len; i++) {
955                 rate = srates[i] & 0x7f;
956
957                 for (j = 0; j < sband->n_bitrates; j++) {
958                         br = &sband->bitrates[j];
959                         if ((rate_flags & br->flags) != rate_flags)
960                                 continue;
961
962                         brate = DIV_ROUND_UP(br->bitrate, 5);
963                         if (brate == rate) {
964                                 *rates |= BIT(j);
965                                 count++;
966                                 break;
967                         }
968                 }
969         }
970         return count;
971 }
Empty description
This page took 0.092141 seconds and 4 git commands to generate.