]> git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/blob - net/wireless/nl80211.c
projects / mirror_ubuntu-bionic-kernel.git / blob
? search:


2b3dbcd40e46390debf84f4a127b23f185e76b39
[mirror_ubuntu-bionic-kernel.git] / net / wireless / nl80211.c
1 /*
2 * This is the new netlink-based wireless configuration interface.
3 *
4 * Copyright 2006-2010 Johannes Berg <johannes@sipsolutions.net>
5 * Copyright 2013-2014 Intel Mobile Communications GmbH
6 * Copyright 2015-2017 Intel Deutschland GmbH
7 */
8
9 #include <linux/if.h>
10 #include <linux/module.h>
11 #include <linux/err.h>
12 #include <linux/slab.h>
13 #include <linux/list.h>
14 #include <linux/if_ether.h>
15 #include <linux/ieee80211.h>
16 #include <linux/nl80211.h>
17 #include <linux/rtnetlink.h>
18 #include <linux/netlink.h>
19 #include <linux/etherdevice.h>
20 #include <net/net_namespace.h>
21 #include <net/genetlink.h>
22 #include <net/cfg80211.h>
23 #include <net/sock.h>
24 #include <net/inet_connection_sock.h>
25 #include "core.h"
26 #include "nl80211.h"
27 #include "reg.h"
28 #include "rdev-ops.h"
29
30 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
31 struct genl_info *info,
32 struct cfg80211_crypto_settings *settings,
33 int cipher_limit);
34
35 /* the netlink family */
36 static struct genl_family nl80211_fam;
37
38 /* multicast groups */
39 enum nl80211_multicast_groups {
40 NL80211_MCGRP_CONFIG,
41 NL80211_MCGRP_SCAN,
42 NL80211_MCGRP_REGULATORY,
43 NL80211_MCGRP_MLME,
44 NL80211_MCGRP_VENDOR,
45 NL80211_MCGRP_NAN,
46 NL80211_MCGRP_TESTMODE /* keep last - ifdef! */
47 };
48
49 static const struct genl_multicast_group nl80211_mcgrps[] = {
50 [NL80211_MCGRP_CONFIG] = { .name = NL80211_MULTICAST_GROUP_CONFIG },
51 [NL80211_MCGRP_SCAN] = { .name = NL80211_MULTICAST_GROUP_SCAN },
52 [NL80211_MCGRP_REGULATORY] = { .name = NL80211_MULTICAST_GROUP_REG },
53 [NL80211_MCGRP_MLME] = { .name = NL80211_MULTICAST_GROUP_MLME },
54 [NL80211_MCGRP_VENDOR] = { .name = NL80211_MULTICAST_GROUP_VENDOR },
55 [NL80211_MCGRP_NAN] = { .name = NL80211_MULTICAST_GROUP_NAN },
56 #ifdef CONFIG_NL80211_TESTMODE
57 [NL80211_MCGRP_TESTMODE] = { .name = NL80211_MULTICAST_GROUP_TESTMODE }
58 #endif
59 };
60
61 /* returns ERR_PTR values */
62 static struct wireless_dev *
63 __cfg80211_wdev_from_attrs(struct net *netns, struct nlattr **attrs)
64 {
65 struct cfg80211_registered_device *rdev;
66 struct wireless_dev *result = NULL;
67 bool have_ifidx = attrs[NL80211_ATTR_IFINDEX];
68 bool have_wdev_id = attrs[NL80211_ATTR_WDEV];
69 u64 wdev_id;
70 int wiphy_idx = -1;
71 int ifidx = -1;
72
73 ASSERT_RTNL();
74
75 if (!have_ifidx && !have_wdev_id)
76 return ERR_PTR(-EINVAL);
77
78 if (have_ifidx)
79 ifidx = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
80 if (have_wdev_id) {
81 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
82 wiphy_idx = wdev_id >> 32;
83 }
84
85 list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
86 struct wireless_dev *wdev;
87
88 if (wiphy_net(&rdev->wiphy) != netns)
89 continue;
90
91 if (have_wdev_id && rdev->wiphy_idx != wiphy_idx)
92 continue;
93
94 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
95 if (have_ifidx && wdev->netdev &&
96 wdev->netdev->ifindex == ifidx) {
97 result = wdev;
98 break;
99 }
100 if (have_wdev_id && wdev->identifier == (u32)wdev_id) {
101 result = wdev;
102 break;
103 }
104 }
105
106 if (result)
107 break;
108 }
109
110 if (result)
111 return result;
112 return ERR_PTR(-ENODEV);
113 }
114
115 static struct cfg80211_registered_device *
116 __cfg80211_rdev_from_attrs(struct net *netns, struct nlattr **attrs)
117 {
118 struct cfg80211_registered_device *rdev = NULL, *tmp;
119 struct net_device *netdev;
120
121 ASSERT_RTNL();
122
123 if (!attrs[NL80211_ATTR_WIPHY] &&
124 !attrs[NL80211_ATTR_IFINDEX] &&
125 !attrs[NL80211_ATTR_WDEV])
126 return ERR_PTR(-EINVAL);
127
128 if (attrs[NL80211_ATTR_WIPHY])
129 rdev = cfg80211_rdev_by_wiphy_idx(
130 nla_get_u32(attrs[NL80211_ATTR_WIPHY]));
131
132 if (attrs[NL80211_ATTR_WDEV]) {
133 u64 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
134 struct wireless_dev *wdev;
135 bool found = false;
136
137 tmp = cfg80211_rdev_by_wiphy_idx(wdev_id >> 32);
138 if (tmp) {
139 /* make sure wdev exists */
140 list_for_each_entry(wdev, &tmp->wiphy.wdev_list, list) {
141 if (wdev->identifier != (u32)wdev_id)
142 continue;
143 found = true;
144 break;
145 }
146
147 if (!found)
148 tmp = NULL;
149
150 if (rdev && tmp != rdev)
151 return ERR_PTR(-EINVAL);
152 rdev = tmp;
153 }
154 }
155
156 if (attrs[NL80211_ATTR_IFINDEX]) {
157 int ifindex = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
158
159 netdev = __dev_get_by_index(netns, ifindex);
160 if (netdev) {
161 if (netdev->ieee80211_ptr)
162 tmp = wiphy_to_rdev(
163 netdev->ieee80211_ptr->wiphy);
164 else
165 tmp = NULL;
166
167 /* not wireless device -- return error */
168 if (!tmp)
169 return ERR_PTR(-EINVAL);
170
171 /* mismatch -- return error */
172 if (rdev && tmp != rdev)
173 return ERR_PTR(-EINVAL);
174
175 rdev = tmp;
176 }
177 }
178
179 if (!rdev)
180 return ERR_PTR(-ENODEV);
181
182 if (netns != wiphy_net(&rdev->wiphy))
183 return ERR_PTR(-ENODEV);
184
185 return rdev;
186 }
187
188 /*
189 * This function returns a pointer to the driver
190 * that the genl_info item that is passed refers to.
191 *
192 * The result of this can be a PTR_ERR and hence must
193 * be checked with IS_ERR() for errors.
194 */
195 static struct cfg80211_registered_device *
196 cfg80211_get_dev_from_info(struct net *netns, struct genl_info *info)
197 {
198 return __cfg80211_rdev_from_attrs(netns, info->attrs);
199 }
200
201 /* policy for the attributes */
202 static const struct nla_policy nl80211_policy[NUM_NL80211_ATTR] = {
203 [NL80211_ATTR_WIPHY] = { .type = NLA_U32 },
204 [NL80211_ATTR_WIPHY_NAME] = { .type = NLA_NUL_STRING,
205 .len = 20-1 },
206 [NL80211_ATTR_WIPHY_TXQ_PARAMS] = { .type = NLA_NESTED },
207
208 [NL80211_ATTR_WIPHY_FREQ] = { .type = NLA_U32 },
209 [NL80211_ATTR_WIPHY_CHANNEL_TYPE] = { .type = NLA_U32 },
210 [NL80211_ATTR_CHANNEL_WIDTH] = { .type = NLA_U32 },
211 [NL80211_ATTR_CENTER_FREQ1] = { .type = NLA_U32 },
212 [NL80211_ATTR_CENTER_FREQ2] = { .type = NLA_U32 },
213
214 [NL80211_ATTR_WIPHY_RETRY_SHORT] = { .type = NLA_U8 },
215 [NL80211_ATTR_WIPHY_RETRY_LONG] = { .type = NLA_U8 },
216 [NL80211_ATTR_WIPHY_FRAG_THRESHOLD] = { .type = NLA_U32 },
217 [NL80211_ATTR_WIPHY_RTS_THRESHOLD] = { .type = NLA_U32 },
218 [NL80211_ATTR_WIPHY_COVERAGE_CLASS] = { .type = NLA_U8 },
219 [NL80211_ATTR_WIPHY_DYN_ACK] = { .type = NLA_FLAG },
220
221 [NL80211_ATTR_IFTYPE] = { .type = NLA_U32 },
222 [NL80211_ATTR_IFINDEX] = { .type = NLA_U32 },
223 [NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 },
224
225 [NL80211_ATTR_MAC] = { .len = ETH_ALEN },
226 [NL80211_ATTR_PREV_BSSID] = { .len = ETH_ALEN },
227
228 [NL80211_ATTR_KEY] = { .type = NLA_NESTED, },
229 [NL80211_ATTR_KEY_DATA] = { .type = NLA_BINARY,
230 .len = WLAN_MAX_KEY_LEN },
231 [NL80211_ATTR_KEY_IDX] = { .type = NLA_U8 },
232 [NL80211_ATTR_KEY_CIPHER] = { .type = NLA_U32 },
233 [NL80211_ATTR_KEY_DEFAULT] = { .type = NLA_FLAG },
234 [NL80211_ATTR_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
235 [NL80211_ATTR_KEY_TYPE] = { .type = NLA_U32 },
236
237 [NL80211_ATTR_BEACON_INTERVAL] = { .type = NLA_U32 },
238 [NL80211_ATTR_DTIM_PERIOD] = { .type = NLA_U32 },
239 [NL80211_ATTR_BEACON_HEAD] = { .type = NLA_BINARY,
240 .len = IEEE80211_MAX_DATA_LEN },
241 [NL80211_ATTR_BEACON_TAIL] = { .type = NLA_BINARY,
242 .len = IEEE80211_MAX_DATA_LEN },
243 [NL80211_ATTR_STA_AID] = { .type = NLA_U16 },
244 [NL80211_ATTR_STA_FLAGS] = { .type = NLA_NESTED },
245 [NL80211_ATTR_STA_LISTEN_INTERVAL] = { .type = NLA_U16 },
246 [NL80211_ATTR_STA_SUPPORTED_RATES] = { .type = NLA_BINARY,
247 .len = NL80211_MAX_SUPP_RATES },
248 [NL80211_ATTR_STA_PLINK_ACTION] = { .type = NLA_U8 },
249 [NL80211_ATTR_STA_VLAN] = { .type = NLA_U32 },
250 [NL80211_ATTR_MNTR_FLAGS] = { /* NLA_NESTED can't be empty */ },
251 [NL80211_ATTR_MESH_ID] = { .type = NLA_BINARY,
252 .len = IEEE80211_MAX_MESH_ID_LEN },
253 [NL80211_ATTR_MPATH_NEXT_HOP] = { .type = NLA_U32 },
254
255 [NL80211_ATTR_REG_ALPHA2] = { .type = NLA_STRING, .len = 2 },
256 [NL80211_ATTR_REG_RULES] = { .type = NLA_NESTED },
257
258 [NL80211_ATTR_BSS_CTS_PROT] = { .type = NLA_U8 },
259 [NL80211_ATTR_BSS_SHORT_PREAMBLE] = { .type = NLA_U8 },
260 [NL80211_ATTR_BSS_SHORT_SLOT_TIME] = { .type = NLA_U8 },
261 [NL80211_ATTR_BSS_BASIC_RATES] = { .type = NLA_BINARY,
262 .len = NL80211_MAX_SUPP_RATES },
263 [NL80211_ATTR_BSS_HT_OPMODE] = { .type = NLA_U16 },
264
265 [NL80211_ATTR_MESH_CONFIG] = { .type = NLA_NESTED },
266 [NL80211_ATTR_SUPPORT_MESH_AUTH] = { .type = NLA_FLAG },
267
268 [NL80211_ATTR_HT_CAPABILITY] = { .len = NL80211_HT_CAPABILITY_LEN },
269
270 [NL80211_ATTR_MGMT_SUBTYPE] = { .type = NLA_U8 },
271 [NL80211_ATTR_IE] = { .type = NLA_BINARY,
272 .len = IEEE80211_MAX_DATA_LEN },
273 [NL80211_ATTR_SCAN_FREQUENCIES] = { .type = NLA_NESTED },
274 [NL80211_ATTR_SCAN_SSIDS] = { .type = NLA_NESTED },
275
276 [NL80211_ATTR_SSID] = { .type = NLA_BINARY,
277 .len = IEEE80211_MAX_SSID_LEN },
278 [NL80211_ATTR_AUTH_TYPE] = { .type = NLA_U32 },
279 [NL80211_ATTR_REASON_CODE] = { .type = NLA_U16 },
280 [NL80211_ATTR_FREQ_FIXED] = { .type = NLA_FLAG },
281 [NL80211_ATTR_TIMED_OUT] = { .type = NLA_FLAG },
282 [NL80211_ATTR_USE_MFP] = { .type = NLA_U32 },
283 [NL80211_ATTR_STA_FLAGS2] = {
284 .len = sizeof(struct nl80211_sta_flag_update),
285 },
286 [NL80211_ATTR_CONTROL_PORT] = { .type = NLA_FLAG },
287 [NL80211_ATTR_CONTROL_PORT_ETHERTYPE] = { .type = NLA_U16 },
288 [NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT] = { .type = NLA_FLAG },
289 [NL80211_ATTR_PRIVACY] = { .type = NLA_FLAG },
290 [NL80211_ATTR_CIPHER_SUITE_GROUP] = { .type = NLA_U32 },
291 [NL80211_ATTR_WPA_VERSIONS] = { .type = NLA_U32 },
292 [NL80211_ATTR_PID] = { .type = NLA_U32 },
293 [NL80211_ATTR_4ADDR] = { .type = NLA_U8 },
294 [NL80211_ATTR_PMKID] = { .len = WLAN_PMKID_LEN },
295 [NL80211_ATTR_DURATION] = { .type = NLA_U32 },
296 [NL80211_ATTR_COOKIE] = { .type = NLA_U64 },
297 [NL80211_ATTR_TX_RATES] = { .type = NLA_NESTED },
298 [NL80211_ATTR_FRAME] = { .type = NLA_BINARY,
299 .len = IEEE80211_MAX_DATA_LEN },
300 [NL80211_ATTR_FRAME_MATCH] = { .type = NLA_BINARY, },
301 [NL80211_ATTR_PS_STATE] = { .type = NLA_U32 },
302 [NL80211_ATTR_CQM] = { .type = NLA_NESTED, },
303 [NL80211_ATTR_LOCAL_STATE_CHANGE] = { .type = NLA_FLAG },
304 [NL80211_ATTR_AP_ISOLATE] = { .type = NLA_U8 },
305 [NL80211_ATTR_WIPHY_TX_POWER_SETTING] = { .type = NLA_U32 },
306 [NL80211_ATTR_WIPHY_TX_POWER_LEVEL] = { .type = NLA_U32 },
307 [NL80211_ATTR_FRAME_TYPE] = { .type = NLA_U16 },
308 [NL80211_ATTR_WIPHY_ANTENNA_TX] = { .type = NLA_U32 },
309 [NL80211_ATTR_WIPHY_ANTENNA_RX] = { .type = NLA_U32 },
310 [NL80211_ATTR_MCAST_RATE] = { .type = NLA_U32 },
311 [NL80211_ATTR_OFFCHANNEL_TX_OK] = { .type = NLA_FLAG },
312 [NL80211_ATTR_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
313 [NL80211_ATTR_WOWLAN_TRIGGERS] = { .type = NLA_NESTED },
314 [NL80211_ATTR_STA_PLINK_STATE] = { .type = NLA_U8 },
315 [NL80211_ATTR_SCHED_SCAN_INTERVAL] = { .type = NLA_U32 },
316 [NL80211_ATTR_REKEY_DATA] = { .type = NLA_NESTED },
317 [NL80211_ATTR_SCAN_SUPP_RATES] = { .type = NLA_NESTED },
318 [NL80211_ATTR_HIDDEN_SSID] = { .type = NLA_U32 },
319 [NL80211_ATTR_IE_PROBE_RESP] = { .type = NLA_BINARY,
320 .len = IEEE80211_MAX_DATA_LEN },
321 [NL80211_ATTR_IE_ASSOC_RESP] = { .type = NLA_BINARY,
322 .len = IEEE80211_MAX_DATA_LEN },
323 [NL80211_ATTR_ROAM_SUPPORT] = { .type = NLA_FLAG },
324 [NL80211_ATTR_SCHED_SCAN_MATCH] = { .type = NLA_NESTED },
325 [NL80211_ATTR_TX_NO_CCK_RATE] = { .type = NLA_FLAG },
326 [NL80211_ATTR_TDLS_ACTION] = { .type = NLA_U8 },
327 [NL80211_ATTR_TDLS_DIALOG_TOKEN] = { .type = NLA_U8 },
328 [NL80211_ATTR_TDLS_OPERATION] = { .type = NLA_U8 },
329 [NL80211_ATTR_TDLS_SUPPORT] = { .type = NLA_FLAG },
330 [NL80211_ATTR_TDLS_EXTERNAL_SETUP] = { .type = NLA_FLAG },
331 [NL80211_ATTR_TDLS_INITIATOR] = { .type = NLA_FLAG },
332 [NL80211_ATTR_DONT_WAIT_FOR_ACK] = { .type = NLA_FLAG },
333 [NL80211_ATTR_PROBE_RESP] = { .type = NLA_BINARY,
334 .len = IEEE80211_MAX_DATA_LEN },
335 [NL80211_ATTR_DFS_REGION] = { .type = NLA_U8 },
336 [NL80211_ATTR_DISABLE_HT] = { .type = NLA_FLAG },
337 [NL80211_ATTR_HT_CAPABILITY_MASK] = {
338 .len = NL80211_HT_CAPABILITY_LEN
339 },
340 [NL80211_ATTR_NOACK_MAP] = { .type = NLA_U16 },
341 [NL80211_ATTR_INACTIVITY_TIMEOUT] = { .type = NLA_U16 },
342 [NL80211_ATTR_BG_SCAN_PERIOD] = { .type = NLA_U16 },
343 [NL80211_ATTR_WDEV] = { .type = NLA_U64 },
344 [NL80211_ATTR_USER_REG_HINT_TYPE] = { .type = NLA_U32 },
345 [NL80211_ATTR_AUTH_DATA] = { .type = NLA_BINARY, },
346 [NL80211_ATTR_VHT_CAPABILITY] = { .len = NL80211_VHT_CAPABILITY_LEN },
347 [NL80211_ATTR_SCAN_FLAGS] = { .type = NLA_U32 },
348 [NL80211_ATTR_P2P_CTWINDOW] = { .type = NLA_U8 },
349 [NL80211_ATTR_P2P_OPPPS] = { .type = NLA_U8 },
350 [NL80211_ATTR_LOCAL_MESH_POWER_MODE] = {. type = NLA_U32 },
351 [NL80211_ATTR_ACL_POLICY] = {. type = NLA_U32 },
352 [NL80211_ATTR_MAC_ADDRS] = { .type = NLA_NESTED },
353 [NL80211_ATTR_STA_CAPABILITY] = { .type = NLA_U16 },
354 [NL80211_ATTR_STA_EXT_CAPABILITY] = { .type = NLA_BINARY, },
355 [NL80211_ATTR_SPLIT_WIPHY_DUMP] = { .type = NLA_FLAG, },
356 [NL80211_ATTR_DISABLE_VHT] = { .type = NLA_FLAG },
357 [NL80211_ATTR_VHT_CAPABILITY_MASK] = {
358 .len = NL80211_VHT_CAPABILITY_LEN,
359 },
360 [NL80211_ATTR_MDID] = { .type = NLA_U16 },
361 [NL80211_ATTR_IE_RIC] = { .type = NLA_BINARY,
362 .len = IEEE80211_MAX_DATA_LEN },
363 [NL80211_ATTR_PEER_AID] = { .type = NLA_U16 },
364 [NL80211_ATTR_CH_SWITCH_COUNT] = { .type = NLA_U32 },
365 [NL80211_ATTR_CH_SWITCH_BLOCK_TX] = { .type = NLA_FLAG },
366 [NL80211_ATTR_CSA_IES] = { .type = NLA_NESTED },
367 [NL80211_ATTR_CSA_C_OFF_BEACON] = { .type = NLA_BINARY },
368 [NL80211_ATTR_CSA_C_OFF_PRESP] = { .type = NLA_BINARY },
369 [NL80211_ATTR_STA_SUPPORTED_CHANNELS] = { .type = NLA_BINARY },
370 [NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES] = { .type = NLA_BINARY },
371 [NL80211_ATTR_HANDLE_DFS] = { .type = NLA_FLAG },
372 [NL80211_ATTR_OPMODE_NOTIF] = { .type = NLA_U8 },
373 [NL80211_ATTR_VENDOR_ID] = { .type = NLA_U32 },
374 [NL80211_ATTR_VENDOR_SUBCMD] = { .type = NLA_U32 },
375 [NL80211_ATTR_VENDOR_DATA] = { .type = NLA_BINARY },
376 [NL80211_ATTR_QOS_MAP] = { .type = NLA_BINARY,
377 .len = IEEE80211_QOS_MAP_LEN_MAX },
378 [NL80211_ATTR_MAC_HINT] = { .len = ETH_ALEN },
379 [NL80211_ATTR_WIPHY_FREQ_HINT] = { .type = NLA_U32 },
380 [NL80211_ATTR_TDLS_PEER_CAPABILITY] = { .type = NLA_U32 },
381 [NL80211_ATTR_SOCKET_OWNER] = { .type = NLA_FLAG },
382 [NL80211_ATTR_CSA_C_OFFSETS_TX] = { .type = NLA_BINARY },
383 [NL80211_ATTR_USE_RRM] = { .type = NLA_FLAG },
384 [NL80211_ATTR_TSID] = { .type = NLA_U8 },
385 [NL80211_ATTR_USER_PRIO] = { .type = NLA_U8 },
386 [NL80211_ATTR_ADMITTED_TIME] = { .type = NLA_U16 },
387 [NL80211_ATTR_SMPS_MODE] = { .type = NLA_U8 },
388 [NL80211_ATTR_MAC_MASK] = { .len = ETH_ALEN },
389 [NL80211_ATTR_WIPHY_SELF_MANAGED_REG] = { .type = NLA_FLAG },
390 [NL80211_ATTR_NETNS_FD] = { .type = NLA_U32 },
391 [NL80211_ATTR_SCHED_SCAN_DELAY] = { .type = NLA_U32 },
392 [NL80211_ATTR_REG_INDOOR] = { .type = NLA_FLAG },
393 [NL80211_ATTR_PBSS] = { .type = NLA_FLAG },
394 [NL80211_ATTR_BSS_SELECT] = { .type = NLA_NESTED },
395 [NL80211_ATTR_STA_SUPPORT_P2P_PS] = { .type = NLA_U8 },
396 [NL80211_ATTR_MU_MIMO_GROUP_DATA] = {
397 .len = VHT_MUMIMO_GROUPS_DATA_LEN
398 },
399 [NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR] = { .len = ETH_ALEN },
400 [NL80211_ATTR_NAN_MASTER_PREF] = { .type = NLA_U8 },
401 [NL80211_ATTR_BANDS] = { .type = NLA_U32 },
402 [NL80211_ATTR_NAN_FUNC] = { .type = NLA_NESTED },
403 [NL80211_ATTR_FILS_KEK] = { .type = NLA_BINARY,
404 .len = FILS_MAX_KEK_LEN },
405 [NL80211_ATTR_FILS_NONCES] = { .len = 2 * FILS_NONCE_LEN },
406 [NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED] = { .type = NLA_FLAG, },
407 [NL80211_ATTR_BSSID] = { .len = ETH_ALEN },
408 [NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI] = { .type = NLA_S8 },
409 [NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST] = {
410 .len = sizeof(struct nl80211_bss_select_rssi_adjust)
411 },
412 [NL80211_ATTR_TIMEOUT_REASON] = { .type = NLA_U32 },
413 [NL80211_ATTR_FILS_ERP_USERNAME] = { .type = NLA_BINARY,
414 .len = FILS_ERP_MAX_USERNAME_LEN },
415 [NL80211_ATTR_FILS_ERP_REALM] = { .type = NLA_BINARY,
416 .len = FILS_ERP_MAX_REALM_LEN },
417 [NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] = { .type = NLA_U16 },
418 [NL80211_ATTR_FILS_ERP_RRK] = { .type = NLA_BINARY,
419 .len = FILS_ERP_MAX_RRK_LEN },
420 [NL80211_ATTR_FILS_CACHE_ID] = { .len = 2 },
421 [NL80211_ATTR_PMK] = { .type = NLA_BINARY, .len = PMK_MAX_LEN },
422 [NL80211_ATTR_SCHED_SCAN_MULTI] = { .type = NLA_FLAG },
423 };
424
425 /* policy for the key attributes */
426 static const struct nla_policy nl80211_key_policy[NL80211_KEY_MAX + 1] = {
427 [NL80211_KEY_DATA] = { .type = NLA_BINARY, .len = WLAN_MAX_KEY_LEN },
428 [NL80211_KEY_IDX] = { .type = NLA_U8 },
429 [NL80211_KEY_CIPHER] = { .type = NLA_U32 },
430 [NL80211_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
431 [NL80211_KEY_DEFAULT] = { .type = NLA_FLAG },
432 [NL80211_KEY_DEFAULT_MGMT] = { .type = NLA_FLAG },
433 [NL80211_KEY_TYPE] = { .type = NLA_U32 },
434 [NL80211_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
435 };
436
437 /* policy for the key default flags */
438 static const struct nla_policy
439 nl80211_key_default_policy[NUM_NL80211_KEY_DEFAULT_TYPES] = {
440 [NL80211_KEY_DEFAULT_TYPE_UNICAST] = { .type = NLA_FLAG },
441 [NL80211_KEY_DEFAULT_TYPE_MULTICAST] = { .type = NLA_FLAG },
442 };
443
444 #ifdef CONFIG_PM
445 /* policy for WoWLAN attributes */
446 static const struct nla_policy
447 nl80211_wowlan_policy[NUM_NL80211_WOWLAN_TRIG] = {
448 [NL80211_WOWLAN_TRIG_ANY] = { .type = NLA_FLAG },
449 [NL80211_WOWLAN_TRIG_DISCONNECT] = { .type = NLA_FLAG },
450 [NL80211_WOWLAN_TRIG_MAGIC_PKT] = { .type = NLA_FLAG },
451 [NL80211_WOWLAN_TRIG_PKT_PATTERN] = { .type = NLA_NESTED },
452 [NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE] = { .type = NLA_FLAG },
453 [NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST] = { .type = NLA_FLAG },
454 [NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE] = { .type = NLA_FLAG },
455 [NL80211_WOWLAN_TRIG_RFKILL_RELEASE] = { .type = NLA_FLAG },
456 [NL80211_WOWLAN_TRIG_TCP_CONNECTION] = { .type = NLA_NESTED },
457 [NL80211_WOWLAN_TRIG_NET_DETECT] = { .type = NLA_NESTED },
458 };
459
460 static const struct nla_policy
461 nl80211_wowlan_tcp_policy[NUM_NL80211_WOWLAN_TCP] = {
462 [NL80211_WOWLAN_TCP_SRC_IPV4] = { .type = NLA_U32 },
463 [NL80211_WOWLAN_TCP_DST_IPV4] = { .type = NLA_U32 },
464 [NL80211_WOWLAN_TCP_DST_MAC] = { .len = ETH_ALEN },
465 [NL80211_WOWLAN_TCP_SRC_PORT] = { .type = NLA_U16 },
466 [NL80211_WOWLAN_TCP_DST_PORT] = { .type = NLA_U16 },
467 [NL80211_WOWLAN_TCP_DATA_PAYLOAD] = { .len = 1 },
468 [NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ] = {
469 .len = sizeof(struct nl80211_wowlan_tcp_data_seq)
470 },
471 [NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN] = {
472 .len = sizeof(struct nl80211_wowlan_tcp_data_token)
473 },
474 [NL80211_WOWLAN_TCP_DATA_INTERVAL] = { .type = NLA_U32 },
475 [NL80211_WOWLAN_TCP_WAKE_PAYLOAD] = { .len = 1 },
476 [NL80211_WOWLAN_TCP_WAKE_MASK] = { .len = 1 },
477 };
478 #endif /* CONFIG_PM */
479
480 /* policy for coalesce rule attributes */
481 static const struct nla_policy
482 nl80211_coalesce_policy[NUM_NL80211_ATTR_COALESCE_RULE] = {
483 [NL80211_ATTR_COALESCE_RULE_DELAY] = { .type = NLA_U32 },
484 [NL80211_ATTR_COALESCE_RULE_CONDITION] = { .type = NLA_U32 },
485 [NL80211_ATTR_COALESCE_RULE_PKT_PATTERN] = { .type = NLA_NESTED },
486 };
487
488 /* policy for GTK rekey offload attributes */
489 static const struct nla_policy
490 nl80211_rekey_policy[NUM_NL80211_REKEY_DATA] = {
491 [NL80211_REKEY_DATA_KEK] = { .len = NL80211_KEK_LEN },
492 [NL80211_REKEY_DATA_KCK] = { .len = NL80211_KCK_LEN },
493 [NL80211_REKEY_DATA_REPLAY_CTR] = { .len = NL80211_REPLAY_CTR_LEN },
494 };
495
496 static const struct nla_policy
497 nl80211_match_policy[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1] = {
498 [NL80211_SCHED_SCAN_MATCH_ATTR_SSID] = { .type = NLA_BINARY,
499 .len = IEEE80211_MAX_SSID_LEN },
500 [NL80211_SCHED_SCAN_MATCH_ATTR_BSSID] = { .len = ETH_ALEN },
501 [NL80211_SCHED_SCAN_MATCH_ATTR_RSSI] = { .type = NLA_U32 },
502 };
503
504 static const struct nla_policy
505 nl80211_plan_policy[NL80211_SCHED_SCAN_PLAN_MAX + 1] = {
506 [NL80211_SCHED_SCAN_PLAN_INTERVAL] = { .type = NLA_U32 },
507 [NL80211_SCHED_SCAN_PLAN_ITERATIONS] = { .type = NLA_U32 },
508 };
509
510 static const struct nla_policy
511 nl80211_bss_select_policy[NL80211_BSS_SELECT_ATTR_MAX + 1] = {
512 [NL80211_BSS_SELECT_ATTR_RSSI] = { .type = NLA_FLAG },
513 [NL80211_BSS_SELECT_ATTR_BAND_PREF] = { .type = NLA_U32 },
514 [NL80211_BSS_SELECT_ATTR_RSSI_ADJUST] = {
515 .len = sizeof(struct nl80211_bss_select_rssi_adjust)
516 },
517 };
518
519 /* policy for NAN function attributes */
520 static const struct nla_policy
521 nl80211_nan_func_policy[NL80211_NAN_FUNC_ATTR_MAX + 1] = {
522 [NL80211_NAN_FUNC_TYPE] = { .type = NLA_U8 },
523 [NL80211_NAN_FUNC_SERVICE_ID] = {
524 .len = NL80211_NAN_FUNC_SERVICE_ID_LEN },
525 [NL80211_NAN_FUNC_PUBLISH_TYPE] = { .type = NLA_U8 },
526 [NL80211_NAN_FUNC_PUBLISH_BCAST] = { .type = NLA_FLAG },
527 [NL80211_NAN_FUNC_SUBSCRIBE_ACTIVE] = { .type = NLA_FLAG },
528 [NL80211_NAN_FUNC_FOLLOW_UP_ID] = { .type = NLA_U8 },
529 [NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID] = { .type = NLA_U8 },
530 [NL80211_NAN_FUNC_FOLLOW_UP_DEST] = { .len = ETH_ALEN },
531 [NL80211_NAN_FUNC_CLOSE_RANGE] = { .type = NLA_FLAG },
532 [NL80211_NAN_FUNC_TTL] = { .type = NLA_U32 },
533 [NL80211_NAN_FUNC_SERVICE_INFO] = { .type = NLA_BINARY,
534 .len = NL80211_NAN_FUNC_SERVICE_SPEC_INFO_MAX_LEN },
535 [NL80211_NAN_FUNC_SRF] = { .type = NLA_NESTED },
536 [NL80211_NAN_FUNC_RX_MATCH_FILTER] = { .type = NLA_NESTED },
537 [NL80211_NAN_FUNC_TX_MATCH_FILTER] = { .type = NLA_NESTED },
538 [NL80211_NAN_FUNC_INSTANCE_ID] = { .type = NLA_U8 },
539 [NL80211_NAN_FUNC_TERM_REASON] = { .type = NLA_U8 },
540 };
541
542 /* policy for Service Response Filter attributes */
543 static const struct nla_policy
544 nl80211_nan_srf_policy[NL80211_NAN_SRF_ATTR_MAX + 1] = {
545 [NL80211_NAN_SRF_INCLUDE] = { .type = NLA_FLAG },
546 [NL80211_NAN_SRF_BF] = { .type = NLA_BINARY,
547 .len = NL80211_NAN_FUNC_SRF_MAX_LEN },
548 [NL80211_NAN_SRF_BF_IDX] = { .type = NLA_U8 },
549 [NL80211_NAN_SRF_MAC_ADDRS] = { .type = NLA_NESTED },
550 };
551
552 /* policy for packet pattern attributes */
553 static const struct nla_policy
554 nl80211_packet_pattern_policy[MAX_NL80211_PKTPAT + 1] = {
555 [NL80211_PKTPAT_MASK] = { .type = NLA_BINARY, },
556 [NL80211_PKTPAT_PATTERN] = { .type = NLA_BINARY, },
557 [NL80211_PKTPAT_OFFSET] = { .type = NLA_U32 },
558 };
559
560 static int nl80211_prepare_wdev_dump(struct sk_buff *skb,
561 struct netlink_callback *cb,
562 struct cfg80211_registered_device **rdev,
563 struct wireless_dev **wdev)
564 {
565 int err;
566
567 if (!cb->args[0]) {
568 err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
569 genl_family_attrbuf(&nl80211_fam),
570 nl80211_fam.maxattr, nl80211_policy, NULL);
571 if (err)
572 return err;
573
574 *wdev = __cfg80211_wdev_from_attrs(
575 sock_net(skb->sk),
576 genl_family_attrbuf(&nl80211_fam));
577 if (IS_ERR(*wdev))
578 return PTR_ERR(*wdev);
579 *rdev = wiphy_to_rdev((*wdev)->wiphy);
580 /* 0 is the first index - add 1 to parse only once */
581 cb->args[0] = (*rdev)->wiphy_idx + 1;
582 cb->args[1] = (*wdev)->identifier;
583 } else {
584 /* subtract the 1 again here */
585 struct wiphy *wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1);
586 struct wireless_dev *tmp;
587
588 if (!wiphy)
589 return -ENODEV;
590 *rdev = wiphy_to_rdev(wiphy);
591 *wdev = NULL;
592
593 list_for_each_entry(tmp, &(*rdev)->wiphy.wdev_list, list) {
594 if (tmp->identifier == cb->args[1]) {
595 *wdev = tmp;
596 break;
597 }
598 }
599
600 if (!*wdev)
601 return -ENODEV;
602 }
603
604 return 0;
605 }
606
607 /* IE validation */
608 static bool is_valid_ie_attr(const struct nlattr *attr)
609 {
610 const u8 *pos;
611 int len;
612
613 if (!attr)
614 return true;
615
616 pos = nla_data(attr);
617 len = nla_len(attr);
618
619 while (len) {
620 u8 elemlen;
621
622 if (len < 2)
623 return false;
624 len -= 2;
625
626 elemlen = pos[1];
627 if (elemlen > len)
628 return false;
629
630 len -= elemlen;
631 pos += 2 + elemlen;
632 }
633
634 return true;
635 }
636
637 /* message building helper */
638 static inline void *nl80211hdr_put(struct sk_buff *skb, u32 portid, u32 seq,
639 int flags, u8 cmd)
640 {
641 /* since there is no private header just add the generic one */
642 return genlmsg_put(skb, portid, seq, &nl80211_fam, flags, cmd);
643 }
644
645 static int nl80211_msg_put_channel(struct sk_buff *msg,
646 struct ieee80211_channel *chan,
647 bool large)
648 {
649 /* Some channels must be completely excluded from the
650 * list to protect old user-space tools from breaking
651 */
652 if (!large && chan->flags &
653 (IEEE80211_CHAN_NO_10MHZ | IEEE80211_CHAN_NO_20MHZ))
654 return 0;
655
656 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_FREQ,
657 chan->center_freq))
658 goto nla_put_failure;
659
660 if ((chan->flags & IEEE80211_CHAN_DISABLED) &&
661 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_DISABLED))
662 goto nla_put_failure;
663 if (chan->flags & IEEE80211_CHAN_NO_IR) {
664 if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_IR))
665 goto nla_put_failure;
666 if (nla_put_flag(msg, __NL80211_FREQUENCY_ATTR_NO_IBSS))
667 goto nla_put_failure;
668 }
669 if (chan->flags & IEEE80211_CHAN_RADAR) {
670 if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_RADAR))
671 goto nla_put_failure;
672 if (large) {
673 u32 time;
674
675 time = elapsed_jiffies_msecs(chan->dfs_state_entered);
676
677 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_STATE,
678 chan->dfs_state))
679 goto nla_put_failure;
680 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_TIME,
681 time))
682 goto nla_put_failure;
683 if (nla_put_u32(msg,
684 NL80211_FREQUENCY_ATTR_DFS_CAC_TIME,
685 chan->dfs_cac_ms))
686 goto nla_put_failure;
687 }
688 }
689
690 if (large) {
691 if ((chan->flags & IEEE80211_CHAN_NO_HT40MINUS) &&
692 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_MINUS))
693 goto nla_put_failure;
694 if ((chan->flags & IEEE80211_CHAN_NO_HT40PLUS) &&
695 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_PLUS))
696 goto nla_put_failure;
697 if ((chan->flags & IEEE80211_CHAN_NO_80MHZ) &&
698 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_80MHZ))
699 goto nla_put_failure;
700 if ((chan->flags & IEEE80211_CHAN_NO_160MHZ) &&
701 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_160MHZ))
702 goto nla_put_failure;
703 if ((chan->flags & IEEE80211_CHAN_INDOOR_ONLY) &&
704 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_INDOOR_ONLY))
705 goto nla_put_failure;
706 if ((chan->flags & IEEE80211_CHAN_IR_CONCURRENT) &&
707 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_IR_CONCURRENT))
708 goto nla_put_failure;
709 if ((chan->flags & IEEE80211_CHAN_NO_20MHZ) &&
710 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_20MHZ))
711 goto nla_put_failure;
712 if ((chan->flags & IEEE80211_CHAN_NO_10MHZ) &&
713 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_10MHZ))
714 goto nla_put_failure;
715 }
716
717 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_MAX_TX_POWER,
718 DBM_TO_MBM(chan->max_power)))
719 goto nla_put_failure;
720
721 return 0;
722
723 nla_put_failure:
724 return -ENOBUFS;
725 }
726
727 /* netlink command implementations */
728
729 struct key_parse {
730 struct key_params p;
731 int idx;
732 int type;
733 bool def, defmgmt;
734 bool def_uni, def_multi;
735 };
736
737 static int nl80211_parse_key_new(struct nlattr *key, struct key_parse *k)
738 {
739 struct nlattr *tb[NL80211_KEY_MAX + 1];
740 int err = nla_parse_nested(tb, NL80211_KEY_MAX, key,
741 nl80211_key_policy, NULL);
742 if (err)
743 return err;
744
745 k->def = !!tb[NL80211_KEY_DEFAULT];
746 k->defmgmt = !!tb[NL80211_KEY_DEFAULT_MGMT];
747
748 if (k->def) {
749 k->def_uni = true;
750 k->def_multi = true;
751 }
752 if (k->defmgmt)
753 k->def_multi = true;
754
755 if (tb[NL80211_KEY_IDX])
756 k->idx = nla_get_u8(tb[NL80211_KEY_IDX]);
757
758 if (tb[NL80211_KEY_DATA]) {
759 k->p.key = nla_data(tb[NL80211_KEY_DATA]);
760 k->p.key_len = nla_len(tb[NL80211_KEY_DATA]);
761 }
762
763 if (tb[NL80211_KEY_SEQ]) {
764 k->p.seq = nla_data(tb[NL80211_KEY_SEQ]);
765 k->p.seq_len = nla_len(tb[NL80211_KEY_SEQ]);
766 }
767
768 if (tb[NL80211_KEY_CIPHER])
769 k->p.cipher = nla_get_u32(tb[NL80211_KEY_CIPHER]);
770
771 if (tb[NL80211_KEY_TYPE]) {
772 k->type = nla_get_u32(tb[NL80211_KEY_TYPE]);
773 if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES)
774 return -EINVAL;
775 }
776
777 if (tb[NL80211_KEY_DEFAULT_TYPES]) {
778 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
779
780 err = nla_parse_nested(kdt, NUM_NL80211_KEY_DEFAULT_TYPES - 1,
781 tb[NL80211_KEY_DEFAULT_TYPES],
782 nl80211_key_default_policy, NULL);
783 if (err)
784 return err;
785
786 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
787 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
788 }
789
790 return 0;
791 }
792
793 static int nl80211_parse_key_old(struct genl_info *info, struct key_parse *k)
794 {
795 if (info->attrs[NL80211_ATTR_KEY_DATA]) {
796 k->p.key = nla_data(info->attrs[NL80211_ATTR_KEY_DATA]);
797 k->p.key_len = nla_len(info->attrs[NL80211_ATTR_KEY_DATA]);
798 }
799
800 if (info->attrs[NL80211_ATTR_KEY_SEQ]) {
801 k->p.seq = nla_data(info->attrs[NL80211_ATTR_KEY_SEQ]);
802 k->p.seq_len = nla_len(info->attrs[NL80211_ATTR_KEY_SEQ]);
803 }
804
805 if (info->attrs[NL80211_ATTR_KEY_IDX])
806 k->idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
807
808 if (info->attrs[NL80211_ATTR_KEY_CIPHER])
809 k->p.cipher = nla_get_u32(info->attrs[NL80211_ATTR_KEY_CIPHER]);
810
811 k->def = !!info->attrs[NL80211_ATTR_KEY_DEFAULT];
812 k->defmgmt = !!info->attrs[NL80211_ATTR_KEY_DEFAULT_MGMT];
813
814 if (k->def) {
815 k->def_uni = true;
816 k->def_multi = true;
817 }
818 if (k->defmgmt)
819 k->def_multi = true;
820
821 if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
822 k->type = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
823 if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES)
824 return -EINVAL;
825 }
826
827 if (info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES]) {
828 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
829 int err = nla_parse_nested(kdt,
830 NUM_NL80211_KEY_DEFAULT_TYPES - 1,
831 info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES],
832 nl80211_key_default_policy,
833 info->extack);
834 if (err)
835 return err;
836
837 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
838 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
839 }
840
841 return 0;
842 }
843
844 static int nl80211_parse_key(struct genl_info *info, struct key_parse *k)
845 {
846 int err;
847
848 memset(k, 0, sizeof(*k));
849 k->idx = -1;
850 k->type = -1;
851
852 if (info->attrs[NL80211_ATTR_KEY])
853 err = nl80211_parse_key_new(info->attrs[NL80211_ATTR_KEY], k);
854 else
855 err = nl80211_parse_key_old(info, k);
856
857 if (err)
858 return err;
859
860 if (k->def && k->defmgmt)
861 return -EINVAL;
862
863 if (k->defmgmt) {
864 if (k->def_uni || !k->def_multi)
865 return -EINVAL;
866 }
867
868 if (k->idx != -1) {
869 if (k->defmgmt) {
870 if (k->idx < 4 || k->idx > 5)
871 return -EINVAL;
872 } else if (k->def) {
873 if (k->idx < 0 || k->idx > 3)
874 return -EINVAL;
875 } else {
876 if (k->idx < 0 || k->idx > 5)
877 return -EINVAL;
878 }
879 }
880
881 return 0;
882 }
883
884 static struct cfg80211_cached_keys *
885 nl80211_parse_connkeys(struct cfg80211_registered_device *rdev,
886 struct nlattr *keys, bool *no_ht)
887 {
888 struct key_parse parse;
889 struct nlattr *key;
890 struct cfg80211_cached_keys *result;
891 int rem, err, def = 0;
892 bool have_key = false;
893
894 nla_for_each_nested(key, keys, rem) {
895 have_key = true;
896 break;
897 }
898
899 if (!have_key)
900 return NULL;
901
902 result = kzalloc(sizeof(*result), GFP_KERNEL);
903 if (!result)
904 return ERR_PTR(-ENOMEM);
905
906 result->def = -1;
907
908 nla_for_each_nested(key, keys, rem) {
909 memset(&parse, 0, sizeof(parse));
910 parse.idx = -1;
911
912 err = nl80211_parse_key_new(key, &parse);
913 if (err)
914 goto error;
915 err = -EINVAL;
916 if (!parse.p.key)
917 goto error;
918 if (parse.idx < 0 || parse.idx > 3)
919 goto error;
920 if (parse.def) {
921 if (def)
922 goto error;
923 def = 1;
924 result->def = parse.idx;
925 if (!parse.def_uni || !parse.def_multi)
926 goto error;
927 } else if (parse.defmgmt)
928 goto error;
929 err = cfg80211_validate_key_settings(rdev, &parse.p,
930 parse.idx, false, NULL);
931 if (err)
932 goto error;
933 if (parse.p.cipher != WLAN_CIPHER_SUITE_WEP40 &&
934 parse.p.cipher != WLAN_CIPHER_SUITE_WEP104) {
935 err = -EINVAL;
936 goto error;
937 }
938 result->params[parse.idx].cipher = parse.p.cipher;
939 result->params[parse.idx].key_len = parse.p.key_len;
940 result->params[parse.idx].key = result->data[parse.idx];
941 memcpy(result->data[parse.idx], parse.p.key, parse.p.key_len);
942
943 /* must be WEP key if we got here */
944 if (no_ht)
945 *no_ht = true;
946 }
947
948 if (result->def < 0) {
949 err = -EINVAL;
950 goto error;
951 }
952
953 return result;
954 error:
955 kfree(result);
956 return ERR_PTR(err);
957 }
958
959 static int nl80211_key_allowed(struct wireless_dev *wdev)
960 {
961 ASSERT_WDEV_LOCK(wdev);
962
963 switch (wdev->iftype) {
964 case NL80211_IFTYPE_AP:
965 case NL80211_IFTYPE_AP_VLAN:
966 case NL80211_IFTYPE_P2P_GO:
967 case NL80211_IFTYPE_MESH_POINT:
968 break;
969 case NL80211_IFTYPE_ADHOC:
970 case NL80211_IFTYPE_STATION:
971 case NL80211_IFTYPE_P2P_CLIENT:
972 if (!wdev->current_bss)
973 return -ENOLINK;
974 break;
975 case NL80211_IFTYPE_UNSPECIFIED:
976 case NL80211_IFTYPE_OCB:
977 case NL80211_IFTYPE_MONITOR:
978 case NL80211_IFTYPE_NAN:
979 case NL80211_IFTYPE_P2P_DEVICE:
980 case NL80211_IFTYPE_WDS:
981 case NUM_NL80211_IFTYPES:
982 return -EINVAL;
983 }
984
985 return 0;
986 }
987
988 static struct ieee80211_channel *nl80211_get_valid_chan(struct wiphy *wiphy,
989 struct nlattr *tb)
990 {
991 struct ieee80211_channel *chan;
992
993 if (tb == NULL)
994 return NULL;
995 chan = ieee80211_get_channel(wiphy, nla_get_u32(tb));
996 if (!chan || chan->flags & IEEE80211_CHAN_DISABLED)
997 return NULL;
998 return chan;
999 }
1000
1001 static int nl80211_put_iftypes(struct sk_buff *msg, u32 attr, u16 ifmodes)
1002 {
1003 struct nlattr *nl_modes = nla_nest_start(msg, attr);
1004 int i;
1005
1006 if (!nl_modes)
1007 goto nla_put_failure;
1008
1009 i = 0;
1010 while (ifmodes) {
1011 if ((ifmodes & 1) && nla_put_flag(msg, i))
1012 goto nla_put_failure;
1013 ifmodes >>= 1;
1014 i++;
1015 }
1016
1017 nla_nest_end(msg, nl_modes);
1018 return 0;
1019
1020 nla_put_failure:
1021 return -ENOBUFS;
1022 }
1023
1024 static int nl80211_put_iface_combinations(struct wiphy *wiphy,
1025 struct sk_buff *msg,
1026 bool large)
1027 {
1028 struct nlattr *nl_combis;
1029 int i, j;
1030
1031 nl_combis = nla_nest_start(msg,
1032 NL80211_ATTR_INTERFACE_COMBINATIONS);
1033 if (!nl_combis)
1034 goto nla_put_failure;
1035
1036 for (i = 0; i < wiphy->n_iface_combinations; i++) {
1037 const struct ieee80211_iface_combination *c;
1038 struct nlattr *nl_combi, *nl_limits;
1039
1040 c = &wiphy->iface_combinations[i];
1041
1042 nl_combi = nla_nest_start(msg, i + 1);
1043 if (!nl_combi)
1044 goto nla_put_failure;
1045
1046 nl_limits = nla_nest_start(msg, NL80211_IFACE_COMB_LIMITS);
1047 if (!nl_limits)
1048 goto nla_put_failure;
1049
1050 for (j = 0; j < c->n_limits; j++) {
1051 struct nlattr *nl_limit;
1052
1053 nl_limit = nla_nest_start(msg, j + 1);
1054 if (!nl_limit)
1055 goto nla_put_failure;
1056 if (nla_put_u32(msg, NL80211_IFACE_LIMIT_MAX,
1057 c->limits[j].max))
1058 goto nla_put_failure;
1059 if (nl80211_put_iftypes(msg, NL80211_IFACE_LIMIT_TYPES,
1060 c->limits[j].types))
1061 goto nla_put_failure;
1062 nla_nest_end(msg, nl_limit);
1063 }
1064
1065 nla_nest_end(msg, nl_limits);
1066
1067 if (c->beacon_int_infra_match &&
1068 nla_put_flag(msg, NL80211_IFACE_COMB_STA_AP_BI_MATCH))
1069 goto nla_put_failure;
1070 if (nla_put_u32(msg, NL80211_IFACE_COMB_NUM_CHANNELS,
1071 c->num_different_channels) ||
1072 nla_put_u32(msg, NL80211_IFACE_COMB_MAXNUM,
1073 c->max_interfaces))
1074 goto nla_put_failure;
1075 if (large &&
1076 (nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_WIDTHS,
1077 c->radar_detect_widths) ||
1078 nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_REGIONS,
1079 c->radar_detect_regions)))
1080 goto nla_put_failure;
1081 if (c->beacon_int_min_gcd &&
1082 nla_put_u32(msg, NL80211_IFACE_COMB_BI_MIN_GCD,
1083 c->beacon_int_min_gcd))
1084 goto nla_put_failure;
1085
1086 nla_nest_end(msg, nl_combi);
1087 }
1088
1089 nla_nest_end(msg, nl_combis);
1090
1091 return 0;
1092 nla_put_failure:
1093 return -ENOBUFS;
1094 }
1095
1096 #ifdef CONFIG_PM
1097 static int nl80211_send_wowlan_tcp_caps(struct cfg80211_registered_device *rdev,
1098 struct sk_buff *msg)
1099 {
1100 const struct wiphy_wowlan_tcp_support *tcp = rdev->wiphy.wowlan->tcp;
1101 struct nlattr *nl_tcp;
1102
1103 if (!tcp)
1104 return 0;
1105
1106 nl_tcp = nla_nest_start(msg, NL80211_WOWLAN_TRIG_TCP_CONNECTION);
1107 if (!nl_tcp)
1108 return -ENOBUFS;
1109
1110 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
1111 tcp->data_payload_max))
1112 return -ENOBUFS;
1113
1114 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
1115 tcp->data_payload_max))
1116 return -ENOBUFS;
1117
1118 if (tcp->seq && nla_put_flag(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ))
1119 return -ENOBUFS;
1120
1121 if (tcp->tok && nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
1122 sizeof(*tcp->tok), tcp->tok))
1123 return -ENOBUFS;
1124
1125 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
1126 tcp->data_interval_max))
1127 return -ENOBUFS;
1128
1129 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
1130 tcp->wake_payload_max))
1131 return -ENOBUFS;
1132
1133 nla_nest_end(msg, nl_tcp);
1134 return 0;
1135 }
1136
1137 static int nl80211_send_wowlan(struct sk_buff *msg,
1138 struct cfg80211_registered_device *rdev,
1139 bool large)
1140 {
1141 struct nlattr *nl_wowlan;
1142
1143 if (!rdev->wiphy.wowlan)
1144 return 0;
1145
1146 nl_wowlan = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS_SUPPORTED);
1147 if (!nl_wowlan)
1148 return -ENOBUFS;
1149
1150 if (((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_ANY) &&
1151 nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
1152 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_DISCONNECT) &&
1153 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
1154 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT) &&
1155 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
1156 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_SUPPORTS_GTK_REKEY) &&
1157 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED)) ||
1158 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE) &&
1159 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
1160 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ) &&
1161 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
1162 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE) &&
1163 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
1164 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE) &&
1165 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
1166 return -ENOBUFS;
1167
1168 if (rdev->wiphy.wowlan->n_patterns) {
1169 struct nl80211_pattern_support pat = {
1170 .max_patterns = rdev->wiphy.wowlan->n_patterns,
1171 .min_pattern_len = rdev->wiphy.wowlan->pattern_min_len,
1172 .max_pattern_len = rdev->wiphy.wowlan->pattern_max_len,
1173 .max_pkt_offset = rdev->wiphy.wowlan->max_pkt_offset,
1174 };
1175
1176 if (nla_put(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
1177 sizeof(pat), &pat))
1178 return -ENOBUFS;
1179 }
1180
1181 if ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_NET_DETECT) &&
1182 nla_put_u32(msg, NL80211_WOWLAN_TRIG_NET_DETECT,
1183 rdev->wiphy.wowlan->max_nd_match_sets))
1184 return -ENOBUFS;
1185
1186 if (large && nl80211_send_wowlan_tcp_caps(rdev, msg))
1187 return -ENOBUFS;
1188
1189 nla_nest_end(msg, nl_wowlan);
1190
1191 return 0;
1192 }
1193 #endif
1194
1195 static int nl80211_send_coalesce(struct sk_buff *msg,
1196 struct cfg80211_registered_device *rdev)
1197 {
1198 struct nl80211_coalesce_rule_support rule;
1199
1200 if (!rdev->wiphy.coalesce)
1201 return 0;
1202
1203 rule.max_rules = rdev->wiphy.coalesce->n_rules;
1204 rule.max_delay = rdev->wiphy.coalesce->max_delay;
1205 rule.pat.max_patterns = rdev->wiphy.coalesce->n_patterns;
1206 rule.pat.min_pattern_len = rdev->wiphy.coalesce->pattern_min_len;
1207 rule.pat.max_pattern_len = rdev->wiphy.coalesce->pattern_max_len;
1208 rule.pat.max_pkt_offset = rdev->wiphy.coalesce->max_pkt_offset;
1209
1210 if (nla_put(msg, NL80211_ATTR_COALESCE_RULE, sizeof(rule), &rule))
1211 return -ENOBUFS;
1212
1213 return 0;
1214 }
1215
1216 static int nl80211_send_band_rateinfo(struct sk_buff *msg,
1217 struct ieee80211_supported_band *sband)
1218 {
1219 struct nlattr *nl_rates, *nl_rate;
1220 struct ieee80211_rate *rate;
1221 int i;
1222
1223 /* add HT info */
1224 if (sband->ht_cap.ht_supported &&
1225 (nla_put(msg, NL80211_BAND_ATTR_HT_MCS_SET,
1226 sizeof(sband->ht_cap.mcs),
1227 &sband->ht_cap.mcs) ||
1228 nla_put_u16(msg, NL80211_BAND_ATTR_HT_CAPA,
1229 sband->ht_cap.cap) ||
1230 nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_FACTOR,
1231 sband->ht_cap.ampdu_factor) ||
1232 nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_DENSITY,
1233 sband->ht_cap.ampdu_density)))
1234 return -ENOBUFS;
1235
1236 /* add VHT info */
1237 if (sband->vht_cap.vht_supported &&
1238 (nla_put(msg, NL80211_BAND_ATTR_VHT_MCS_SET,
1239 sizeof(sband->vht_cap.vht_mcs),
1240 &sband->vht_cap.vht_mcs) ||
1241 nla_put_u32(msg, NL80211_BAND_ATTR_VHT_CAPA,
1242 sband->vht_cap.cap)))
1243 return -ENOBUFS;
1244
1245 /* add bitrates */
1246 nl_rates = nla_nest_start(msg, NL80211_BAND_ATTR_RATES);
1247 if (!nl_rates)
1248 return -ENOBUFS;
1249
1250 for (i = 0; i < sband->n_bitrates; i++) {
1251 nl_rate = nla_nest_start(msg, i);
1252 if (!nl_rate)
1253 return -ENOBUFS;
1254
1255 rate = &sband->bitrates[i];
1256 if (nla_put_u32(msg, NL80211_BITRATE_ATTR_RATE,
1257 rate->bitrate))
1258 return -ENOBUFS;
1259 if ((rate->flags & IEEE80211_RATE_SHORT_PREAMBLE) &&
1260 nla_put_flag(msg,
1261 NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE))
1262 return -ENOBUFS;
1263
1264 nla_nest_end(msg, nl_rate);
1265 }
1266
1267 nla_nest_end(msg, nl_rates);
1268
1269 return 0;
1270 }
1271
1272 static int
1273 nl80211_send_mgmt_stypes(struct sk_buff *msg,
1274 const struct ieee80211_txrx_stypes *mgmt_stypes)
1275 {
1276 u16 stypes;
1277 struct nlattr *nl_ftypes, *nl_ifs;
1278 enum nl80211_iftype ift;
1279 int i;
1280
1281 if (!mgmt_stypes)
1282 return 0;
1283
1284 nl_ifs = nla_nest_start(msg, NL80211_ATTR_TX_FRAME_TYPES);
1285 if (!nl_ifs)
1286 return -ENOBUFS;
1287
1288 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
1289 nl_ftypes = nla_nest_start(msg, ift);
1290 if (!nl_ftypes)
1291 return -ENOBUFS;
1292 i = 0;
1293 stypes = mgmt_stypes[ift].tx;
1294 while (stypes) {
1295 if ((stypes & 1) &&
1296 nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
1297 (i << 4) | IEEE80211_FTYPE_MGMT))
1298 return -ENOBUFS;
1299 stypes >>= 1;
1300 i++;
1301 }
1302 nla_nest_end(msg, nl_ftypes);
1303 }
1304
1305 nla_nest_end(msg, nl_ifs);
1306
1307 nl_ifs = nla_nest_start(msg, NL80211_ATTR_RX_FRAME_TYPES);
1308 if (!nl_ifs)
1309 return -ENOBUFS;
1310
1311 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
1312 nl_ftypes = nla_nest_start(msg, ift);
1313 if (!nl_ftypes)
1314 return -ENOBUFS;
1315 i = 0;
1316 stypes = mgmt_stypes[ift].rx;
1317 while (stypes) {
1318 if ((stypes & 1) &&
1319 nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
1320 (i << 4) | IEEE80211_FTYPE_MGMT))
1321 return -ENOBUFS;
1322 stypes >>= 1;
1323 i++;
1324 }
1325 nla_nest_end(msg, nl_ftypes);
1326 }
1327 nla_nest_end(msg, nl_ifs);
1328
1329 return 0;
1330 }
1331
1332 #define CMD(op, n) \
1333 do { \
1334 if (rdev->ops->op) { \
1335 i++; \
1336 if (nla_put_u32(msg, i, NL80211_CMD_ ## n)) \
1337 goto nla_put_failure; \
1338 } \
1339 } while (0)
1340
1341 static int nl80211_add_commands_unsplit(struct cfg80211_registered_device *rdev,
1342 struct sk_buff *msg)
1343 {
1344 int i = 0;
1345
1346 /*
1347 * do *NOT* add anything into this function, new things need to be
1348 * advertised only to new versions of userspace that can deal with
1349 * the split (and they can't possibly care about new features...
1350 */
1351 CMD(add_virtual_intf, NEW_INTERFACE);
1352 CMD(change_virtual_intf, SET_INTERFACE);
1353 CMD(add_key, NEW_KEY);
1354 CMD(start_ap, START_AP);
1355 CMD(add_station, NEW_STATION);
1356 CMD(add_mpath, NEW_MPATH);
1357 CMD(update_mesh_config, SET_MESH_CONFIG);
1358 CMD(change_bss, SET_BSS);
1359 CMD(auth, AUTHENTICATE);
1360 CMD(assoc, ASSOCIATE);
1361 CMD(deauth, DEAUTHENTICATE);
1362 CMD(disassoc, DISASSOCIATE);
1363 CMD(join_ibss, JOIN_IBSS);
1364 CMD(join_mesh, JOIN_MESH);
1365 CMD(set_pmksa, SET_PMKSA);
1366 CMD(del_pmksa, DEL_PMKSA);
1367 CMD(flush_pmksa, FLUSH_PMKSA);
1368 if (rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL)
1369 CMD(remain_on_channel, REMAIN_ON_CHANNEL);
1370 CMD(set_bitrate_mask, SET_TX_BITRATE_MASK);
1371 CMD(mgmt_tx, FRAME);
1372 CMD(mgmt_tx_cancel_wait, FRAME_WAIT_CANCEL);
1373 if (rdev->wiphy.flags & WIPHY_FLAG_NETNS_OK) {
1374 i++;
1375 if (nla_put_u32(msg, i, NL80211_CMD_SET_WIPHY_NETNS))
1376 goto nla_put_failure;
1377 }
1378 if (rdev->ops->set_monitor_channel || rdev->ops->start_ap ||
1379 rdev->ops->join_mesh) {
1380 i++;
1381 if (nla_put_u32(msg, i, NL80211_CMD_SET_CHANNEL))
1382 goto nla_put_failure;
1383 }
1384 CMD(set_wds_peer, SET_WDS_PEER);
1385 if (rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) {
1386 CMD(tdls_mgmt, TDLS_MGMT);
1387 CMD(tdls_oper, TDLS_OPER);
1388 }
1389 if (rdev->wiphy.max_sched_scan_reqs)
1390 CMD(sched_scan_start, START_SCHED_SCAN);
1391 CMD(probe_client, PROBE_CLIENT);
1392 CMD(set_noack_map, SET_NOACK_MAP);
1393 if (rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS) {
1394 i++;
1395 if (nla_put_u32(msg, i, NL80211_CMD_REGISTER_BEACONS))
1396 goto nla_put_failure;
1397 }
1398 CMD(start_p2p_device, START_P2P_DEVICE);
1399 CMD(set_mcast_rate, SET_MCAST_RATE);
1400 #ifdef CONFIG_NL80211_TESTMODE
1401 CMD(testmode_cmd, TESTMODE);
1402 #endif
1403
1404 if (rdev->ops->connect || rdev->ops->auth) {
1405 i++;
1406 if (nla_put_u32(msg, i, NL80211_CMD_CONNECT))
1407 goto nla_put_failure;
1408 }
1409
1410 if (rdev->ops->disconnect || rdev->ops->deauth) {
1411 i++;
1412 if (nla_put_u32(msg, i, NL80211_CMD_DISCONNECT))
1413 goto nla_put_failure;
1414 }
1415
1416 return i;
1417 nla_put_failure:
1418 return -ENOBUFS;
1419 }
1420
1421 struct nl80211_dump_wiphy_state {
1422 s64 filter_wiphy;
1423 long start;
1424 long split_start, band_start, chan_start, capa_start;
1425 bool split;
1426 };
1427
1428 static int nl80211_send_wiphy(struct cfg80211_registered_device *rdev,
1429 enum nl80211_commands cmd,
1430 struct sk_buff *msg, u32 portid, u32 seq,
1431 int flags, struct nl80211_dump_wiphy_state *state)
1432 {
1433 void *hdr;
1434 struct nlattr *nl_bands, *nl_band;
1435 struct nlattr *nl_freqs, *nl_freq;
1436 struct nlattr *nl_cmds;
1437 enum nl80211_band band;
1438 struct ieee80211_channel *chan;
1439 int i;
1440 const struct ieee80211_txrx_stypes *mgmt_stypes =
1441 rdev->wiphy.mgmt_stypes;
1442 u32 features;
1443
1444 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
1445 if (!hdr)
1446 return -ENOBUFS;
1447
1448 if (WARN_ON(!state))
1449 return -EINVAL;
1450
1451 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
1452 nla_put_string(msg, NL80211_ATTR_WIPHY_NAME,
1453 wiphy_name(&rdev->wiphy)) ||
1454 nla_put_u32(msg, NL80211_ATTR_GENERATION,
1455 cfg80211_rdev_list_generation))
1456 goto nla_put_failure;
1457
1458 if (cmd != NL80211_CMD_NEW_WIPHY)
1459 goto finish;
1460
1461 switch (state->split_start) {
1462 case 0:
1463 if (nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_SHORT,
1464 rdev->wiphy.retry_short) ||
1465 nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_LONG,
1466 rdev->wiphy.retry_long) ||
1467 nla_put_u32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD,
1468 rdev->wiphy.frag_threshold) ||
1469 nla_put_u32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD,
1470 rdev->wiphy.rts_threshold) ||
1471 nla_put_u8(msg, NL80211_ATTR_WIPHY_COVERAGE_CLASS,
1472 rdev->wiphy.coverage_class) ||
1473 nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCAN_SSIDS,
1474 rdev->wiphy.max_scan_ssids) ||
1475 nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS,
1476 rdev->wiphy.max_sched_scan_ssids) ||
1477 nla_put_u16(msg, NL80211_ATTR_MAX_SCAN_IE_LEN,
1478 rdev->wiphy.max_scan_ie_len) ||
1479 nla_put_u16(msg, NL80211_ATTR_MAX_SCHED_SCAN_IE_LEN,
1480 rdev->wiphy.max_sched_scan_ie_len) ||
1481 nla_put_u8(msg, NL80211_ATTR_MAX_MATCH_SETS,
1482 rdev->wiphy.max_match_sets) ||
1483 nla_put_u32(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_PLANS,
1484 rdev->wiphy.max_sched_scan_plans) ||
1485 nla_put_u32(msg, NL80211_ATTR_MAX_SCAN_PLAN_INTERVAL,
1486 rdev->wiphy.max_sched_scan_plan_interval) ||
1487 nla_put_u32(msg, NL80211_ATTR_MAX_SCAN_PLAN_ITERATIONS,
1488 rdev->wiphy.max_sched_scan_plan_iterations))
1489 goto nla_put_failure;
1490
1491 if ((rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN) &&
1492 nla_put_flag(msg, NL80211_ATTR_SUPPORT_IBSS_RSN))
1493 goto nla_put_failure;
1494 if ((rdev->wiphy.flags & WIPHY_FLAG_MESH_AUTH) &&
1495 nla_put_flag(msg, NL80211_ATTR_SUPPORT_MESH_AUTH))
1496 goto nla_put_failure;
1497 if ((rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) &&
1498 nla_put_flag(msg, NL80211_ATTR_SUPPORT_AP_UAPSD))
1499 goto nla_put_failure;
1500 if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_FW_ROAM) &&
1501 nla_put_flag(msg, NL80211_ATTR_ROAM_SUPPORT))
1502 goto nla_put_failure;
1503 if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) &&
1504 nla_put_flag(msg, NL80211_ATTR_TDLS_SUPPORT))
1505 goto nla_put_failure;
1506 if ((rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP) &&
1507 nla_put_flag(msg, NL80211_ATTR_TDLS_EXTERNAL_SETUP))
1508 goto nla_put_failure;
1509 state->split_start++;
1510 if (state->split)
1511 break;
1512 case 1:
1513 if (nla_put(msg, NL80211_ATTR_CIPHER_SUITES,
1514 sizeof(u32) * rdev->wiphy.n_cipher_suites,
1515 rdev->wiphy.cipher_suites))
1516 goto nla_put_failure;
1517
1518 if (nla_put_u8(msg, NL80211_ATTR_MAX_NUM_PMKIDS,
1519 rdev->wiphy.max_num_pmkids))
1520 goto nla_put_failure;
1521
1522 if ((rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
1523 nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE))
1524 goto nla_put_failure;
1525
1526 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_TX,
1527 rdev->wiphy.available_antennas_tx) ||
1528 nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_RX,
1529 rdev->wiphy.available_antennas_rx))
1530 goto nla_put_failure;
1531
1532 if ((rdev->wiphy.flags & WIPHY_FLAG_AP_PROBE_RESP_OFFLOAD) &&
1533 nla_put_u32(msg, NL80211_ATTR_PROBE_RESP_OFFLOAD,
1534 rdev->wiphy.probe_resp_offload))
1535 goto nla_put_failure;
1536
1537 if ((rdev->wiphy.available_antennas_tx ||
1538 rdev->wiphy.available_antennas_rx) &&
1539 rdev->ops->get_antenna) {
1540 u32 tx_ant = 0, rx_ant = 0;
1541 int res;
1542
1543 res = rdev_get_antenna(rdev, &tx_ant, &rx_ant);
1544 if (!res) {
1545 if (nla_put_u32(msg,
1546 NL80211_ATTR_WIPHY_ANTENNA_TX,
1547 tx_ant) ||
1548 nla_put_u32(msg,
1549 NL80211_ATTR_WIPHY_ANTENNA_RX,
1550 rx_ant))
1551 goto nla_put_failure;
1552 }
1553 }
1554
1555 state->split_start++;
1556 if (state->split)
1557 break;
1558 case 2:
1559 if (nl80211_put_iftypes(msg, NL80211_ATTR_SUPPORTED_IFTYPES,
1560 rdev->wiphy.interface_modes))
1561 goto nla_put_failure;
1562 state->split_start++;
1563 if (state->split)
1564 break;
1565 case 3:
1566 nl_bands = nla_nest_start(msg, NL80211_ATTR_WIPHY_BANDS);
1567 if (!nl_bands)
1568 goto nla_put_failure;
1569
1570 for (band = state->band_start;
1571 band < NUM_NL80211_BANDS; band++) {
1572 struct ieee80211_supported_band *sband;
1573
1574 sband = rdev->wiphy.bands[band];
1575
1576 if (!sband)
1577 continue;
1578
1579 nl_band = nla_nest_start(msg, band);
1580 if (!nl_band)
1581 goto nla_put_failure;
1582
1583 switch (state->chan_start) {
1584 case 0:
1585 if (nl80211_send_band_rateinfo(msg, sband))
1586 goto nla_put_failure;
1587 state->chan_start++;
1588 if (state->split)
1589 break;
1590 default:
1591 /* add frequencies */
1592 nl_freqs = nla_nest_start(
1593 msg, NL80211_BAND_ATTR_FREQS);
1594 if (!nl_freqs)
1595 goto nla_put_failure;
1596
1597 for (i = state->chan_start - 1;
1598 i < sband->n_channels;
1599 i++) {
1600 nl_freq = nla_nest_start(msg, i);
1601 if (!nl_freq)
1602 goto nla_put_failure;
1603
1604 chan = &sband->channels[i];
1605
1606 if (nl80211_msg_put_channel(
1607 msg, chan,
1608 state->split))
1609 goto nla_put_failure;
1610
1611 nla_nest_end(msg, nl_freq);
1612 if (state->split)
1613 break;
1614 }
1615 if (i < sband->n_channels)
1616 state->chan_start = i + 2;
1617 else
1618 state->chan_start = 0;
1619 nla_nest_end(msg, nl_freqs);
1620 }
1621
1622 nla_nest_end(msg, nl_band);
1623
1624 if (state->split) {
1625 /* start again here */
1626 if (state->chan_start)
1627 band--;
1628 break;
1629 }
1630 }
1631 nla_nest_end(msg, nl_bands);
1632
1633 if (band < NUM_NL80211_BANDS)
1634 state->band_start = band + 1;
1635 else
1636 state->band_start = 0;
1637
1638 /* if bands & channels are done, continue outside */
1639 if (state->band_start == 0 && state->chan_start == 0)
1640 state->split_start++;
1641 if (state->split)
1642 break;
1643 case 4:
1644 nl_cmds = nla_nest_start(msg, NL80211_ATTR_SUPPORTED_COMMANDS);
1645 if (!nl_cmds)
1646 goto nla_put_failure;
1647
1648 i = nl80211_add_commands_unsplit(rdev, msg);
1649 if (i < 0)
1650 goto nla_put_failure;
1651 if (state->split) {
1652 CMD(crit_proto_start, CRIT_PROTOCOL_START);
1653 CMD(crit_proto_stop, CRIT_PROTOCOL_STOP);
1654 if (rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH)
1655 CMD(channel_switch, CHANNEL_SWITCH);
1656 CMD(set_qos_map, SET_QOS_MAP);
1657 if (rdev->wiphy.features &
1658 NL80211_FEATURE_SUPPORTS_WMM_ADMISSION)
1659 CMD(add_tx_ts, ADD_TX_TS);
1660 CMD(set_multicast_to_unicast, SET_MULTICAST_TO_UNICAST);
1661 CMD(update_connect_params, UPDATE_CONNECT_PARAMS);
1662 }
1663 #undef CMD
1664
1665 nla_nest_end(msg, nl_cmds);
1666 state->split_start++;
1667 if (state->split)
1668 break;
1669 case 5:
1670 if (rdev->ops->remain_on_channel &&
1671 (rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL) &&
1672 nla_put_u32(msg,
1673 NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION,
1674 rdev->wiphy.max_remain_on_channel_duration))
1675 goto nla_put_failure;
1676
1677 if ((rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX) &&
1678 nla_put_flag(msg, NL80211_ATTR_OFFCHANNEL_TX_OK))
1679 goto nla_put_failure;
1680
1681 if (nl80211_send_mgmt_stypes(msg, mgmt_stypes))
1682 goto nla_put_failure;
1683 state->split_start++;
1684 if (state->split)
1685 break;
1686 case 6:
1687 #ifdef CONFIG_PM
1688 if (nl80211_send_wowlan(msg, rdev, state->split))
1689 goto nla_put_failure;
1690 state->split_start++;
1691 if (state->split)
1692 break;
1693 #else
1694 state->split_start++;
1695 #endif
1696 case 7:
1697 if (nl80211_put_iftypes(msg, NL80211_ATTR_SOFTWARE_IFTYPES,
1698 rdev->wiphy.software_iftypes))
1699 goto nla_put_failure;
1700
1701 if (nl80211_put_iface_combinations(&rdev->wiphy, msg,
1702 state->split))
1703 goto nla_put_failure;
1704
1705 state->split_start++;
1706 if (state->split)
1707 break;
1708 case 8:
1709 if ((rdev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME) &&
1710 nla_put_u32(msg, NL80211_ATTR_DEVICE_AP_SME,
1711 rdev->wiphy.ap_sme_capa))
1712 goto nla_put_failure;
1713
1714 features = rdev->wiphy.features;
1715 /*
1716 * We can only add the per-channel limit information if the
1717 * dump is split, otherwise it makes it too big. Therefore
1718 * only advertise it in that case.
1719 */
1720 if (state->split)
1721 features |= NL80211_FEATURE_ADVERTISE_CHAN_LIMITS;
1722 if (nla_put_u32(msg, NL80211_ATTR_FEATURE_FLAGS, features))
1723 goto nla_put_failure;
1724
1725 if (rdev->wiphy.ht_capa_mod_mask &&
1726 nla_put(msg, NL80211_ATTR_HT_CAPABILITY_MASK,
1727 sizeof(*rdev->wiphy.ht_capa_mod_mask),
1728 rdev->wiphy.ht_capa_mod_mask))
1729 goto nla_put_failure;
1730
1731 if (rdev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME &&
1732 rdev->wiphy.max_acl_mac_addrs &&
1733 nla_put_u32(msg, NL80211_ATTR_MAC_ACL_MAX,
1734 rdev->wiphy.max_acl_mac_addrs))
1735 goto nla_put_failure;
1736
1737 /*
1738 * Any information below this point is only available to
1739 * applications that can deal with it being split. This
1740 * helps ensure that newly added capabilities don't break
1741 * older tools by overrunning their buffers.
1742 *
1743 * We still increment split_start so that in the split
1744 * case we'll continue with more data in the next round,
1745 * but break unconditionally so unsplit data stops here.
1746 */
1747 state->split_start++;
1748 break;
1749 case 9:
1750 if (rdev->wiphy.extended_capabilities &&
1751 (nla_put(msg, NL80211_ATTR_EXT_CAPA,
1752 rdev->wiphy.extended_capabilities_len,
1753 rdev->wiphy.extended_capabilities) ||
1754 nla_put(msg, NL80211_ATTR_EXT_CAPA_MASK,
1755 rdev->wiphy.extended_capabilities_len,
1756 rdev->wiphy.extended_capabilities_mask)))
1757 goto nla_put_failure;
1758
1759 if (rdev->wiphy.vht_capa_mod_mask &&
1760 nla_put(msg, NL80211_ATTR_VHT_CAPABILITY_MASK,
1761 sizeof(*rdev->wiphy.vht_capa_mod_mask),
1762 rdev->wiphy.vht_capa_mod_mask))
1763 goto nla_put_failure;
1764
1765 state->split_start++;
1766 break;
1767 case 10:
1768 if (nl80211_send_coalesce(msg, rdev))
1769 goto nla_put_failure;
1770
1771 if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ) &&
1772 (nla_put_flag(msg, NL80211_ATTR_SUPPORT_5_MHZ) ||
1773 nla_put_flag(msg, NL80211_ATTR_SUPPORT_10_MHZ)))
1774 goto nla_put_failure;
1775
1776 if (rdev->wiphy.max_ap_assoc_sta &&
1777 nla_put_u32(msg, NL80211_ATTR_MAX_AP_ASSOC_STA,
1778 rdev->wiphy.max_ap_assoc_sta))
1779 goto nla_put_failure;
1780
1781 state->split_start++;
1782 break;
1783 case 11:
1784 if (rdev->wiphy.n_vendor_commands) {
1785 const struct nl80211_vendor_cmd_info *info;
1786 struct nlattr *nested;
1787
1788 nested = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA);
1789 if (!nested)
1790 goto nla_put_failure;
1791
1792 for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) {
1793 info = &rdev->wiphy.vendor_commands[i].info;
1794 if (nla_put(msg, i + 1, sizeof(*info), info))
1795 goto nla_put_failure;
1796 }
1797 nla_nest_end(msg, nested);
1798 }
1799
1800 if (rdev->wiphy.n_vendor_events) {
1801 const struct nl80211_vendor_cmd_info *info;
1802 struct nlattr *nested;
1803
1804 nested = nla_nest_start(msg,
1805 NL80211_ATTR_VENDOR_EVENTS);
1806 if (!nested)
1807 goto nla_put_failure;
1808
1809 for (i = 0; i < rdev->wiphy.n_vendor_events; i++) {
1810 info = &rdev->wiphy.vendor_events[i];
1811 if (nla_put(msg, i + 1, sizeof(*info), info))
1812 goto nla_put_failure;
1813 }
1814 nla_nest_end(msg, nested);
1815 }
1816 state->split_start++;
1817 break;
1818 case 12:
1819 if (rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH &&
1820 nla_put_u8(msg, NL80211_ATTR_MAX_CSA_COUNTERS,
1821 rdev->wiphy.max_num_csa_counters))
1822 goto nla_put_failure;
1823
1824 if (rdev->wiphy.regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
1825 nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
1826 goto nla_put_failure;
1827
1828 if (rdev->wiphy.max_sched_scan_reqs &&
1829 nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_MAX_REQS,
1830 rdev->wiphy.max_sched_scan_reqs))
1831 goto nla_put_failure;
1832
1833 if (nla_put(msg, NL80211_ATTR_EXT_FEATURES,
1834 sizeof(rdev->wiphy.ext_features),
1835 rdev->wiphy.ext_features))
1836 goto nla_put_failure;
1837
1838 if (rdev->wiphy.bss_select_support) {
1839 struct nlattr *nested;
1840 u32 bss_select_support = rdev->wiphy.bss_select_support;
1841
1842 nested = nla_nest_start(msg, NL80211_ATTR_BSS_SELECT);
1843 if (!nested)
1844 goto nla_put_failure;
1845
1846 i = 0;
1847 while (bss_select_support) {
1848 if ((bss_select_support & 1) &&
1849 nla_put_flag(msg, i))
1850 goto nla_put_failure;
1851 i++;
1852 bss_select_support >>= 1;
1853 }
1854 nla_nest_end(msg, nested);
1855 }
1856
1857 state->split_start++;
1858 break;
1859 case 13:
1860 if (rdev->wiphy.num_iftype_ext_capab &&
1861 rdev->wiphy.iftype_ext_capab) {
1862 struct nlattr *nested_ext_capab, *nested;
1863
1864 nested = nla_nest_start(msg,
1865 NL80211_ATTR_IFTYPE_EXT_CAPA);
1866 if (!nested)
1867 goto nla_put_failure;
1868
1869 for (i = state->capa_start;
1870 i < rdev->wiphy.num_iftype_ext_capab; i++) {
1871 const struct wiphy_iftype_ext_capab *capab;
1872
1873 capab = &rdev->wiphy.iftype_ext_capab[i];
1874
1875 nested_ext_capab = nla_nest_start(msg, i);
1876 if (!nested_ext_capab ||
1877 nla_put_u32(msg, NL80211_ATTR_IFTYPE,
1878 capab->iftype) ||
1879 nla_put(msg, NL80211_ATTR_EXT_CAPA,
1880 capab->extended_capabilities_len,
1881 capab->extended_capabilities) ||
1882 nla_put(msg, NL80211_ATTR_EXT_CAPA_MASK,
1883 capab->extended_capabilities_len,
1884 capab->extended_capabilities_mask))
1885 goto nla_put_failure;
1886
1887 nla_nest_end(msg, nested_ext_capab);
1888 if (state->split)
1889 break;
1890 }
1891 nla_nest_end(msg, nested);
1892 if (i < rdev->wiphy.num_iftype_ext_capab) {
1893 state->capa_start = i + 1;
1894 break;
1895 }
1896 }
1897
1898 if (nla_put_u32(msg, NL80211_ATTR_BANDS,
1899 rdev->wiphy.nan_supported_bands))
1900 goto nla_put_failure;
1901
1902 /* done */
1903 state->split_start = 0;
1904 break;
1905 }
1906 finish:
1907 genlmsg_end(msg, hdr);
1908 return 0;
1909
1910 nla_put_failure:
1911 genlmsg_cancel(msg, hdr);
1912 return -EMSGSIZE;
1913 }
1914
1915 static int nl80211_dump_wiphy_parse(struct sk_buff *skb,
1916 struct netlink_callback *cb,
1917 struct nl80211_dump_wiphy_state *state)
1918 {
1919 struct nlattr **tb = genl_family_attrbuf(&nl80211_fam);
1920 int ret = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize, tb,
1921 nl80211_fam.maxattr, nl80211_policy, NULL);
1922 /* ignore parse errors for backward compatibility */
1923 if (ret)
1924 return 0;
1925
1926 state->split = tb[NL80211_ATTR_SPLIT_WIPHY_DUMP];
1927 if (tb[NL80211_ATTR_WIPHY])
1928 state->filter_wiphy = nla_get_u32(tb[NL80211_ATTR_WIPHY]);
1929 if (tb[NL80211_ATTR_WDEV])
1930 state->filter_wiphy = nla_get_u64(tb[NL80211_ATTR_WDEV]) >> 32;
1931 if (tb[NL80211_ATTR_IFINDEX]) {
1932 struct net_device *netdev;
1933 struct cfg80211_registered_device *rdev;
1934 int ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]);
1935
1936 netdev = __dev_get_by_index(sock_net(skb->sk), ifidx);
1937 if (!netdev)
1938 return -ENODEV;
1939 if (netdev->ieee80211_ptr) {
1940 rdev = wiphy_to_rdev(
1941 netdev->ieee80211_ptr->wiphy);
1942 state->filter_wiphy = rdev->wiphy_idx;
1943 }
1944 }
1945
1946 return 0;
1947 }
1948
1949 static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb)
1950 {
1951 int idx = 0, ret;
1952 struct nl80211_dump_wiphy_state *state = (void *)cb->args[0];
1953 struct cfg80211_registered_device *rdev;
1954
1955 rtnl_lock();
1956 if (!state) {
1957 state = kzalloc(sizeof(*state), GFP_KERNEL);
1958 if (!state) {
1959 rtnl_unlock();
1960 return -ENOMEM;
1961 }
1962 state->filter_wiphy = -1;
1963 ret = nl80211_dump_wiphy_parse(skb, cb, state);
1964 if (ret) {
1965 kfree(state);
1966 rtnl_unlock();
1967 return ret;
1968 }
1969 cb->args[0] = (long)state;
1970 }
1971
1972 list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
1973 if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
1974 continue;
1975 if (++idx <= state->start)
1976 continue;
1977 if (state->filter_wiphy != -1 &&
1978 state->filter_wiphy != rdev->wiphy_idx)
1979 continue;
1980 /* attempt to fit multiple wiphy data chunks into the skb */
1981 do {
1982 ret = nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY,
1983 skb,
1984 NETLINK_CB(cb->skb).portid,
1985 cb->nlh->nlmsg_seq,
1986 NLM_F_MULTI, state);
1987 if (ret < 0) {
1988 /*
1989 * If sending the wiphy data didn't fit (ENOBUFS
1990 * or EMSGSIZE returned), this SKB is still
1991 * empty (so it's not too big because another
1992 * wiphy dataset is already in the skb) and
1993 * we've not tried to adjust the dump allocation
1994 * yet ... then adjust the alloc size to be
1995 * bigger, and return 1 but with the empty skb.
1996 * This results in an empty message being RX'ed
1997 * in userspace, but that is ignored.
1998 *
1999 * We can then retry with the larger buffer.
2000 */
2001 if ((ret == -ENOBUFS || ret == -EMSGSIZE) &&
2002 !skb->len && !state->split &&
2003 cb->min_dump_alloc < 4096) {
2004 cb->min_dump_alloc = 4096;
2005 state->split_start = 0;
2006 rtnl_unlock();
2007 return 1;
2008 }
2009 idx--;
2010 break;
2011 }
2012 } while (state->split_start > 0);
2013 break;
2014 }
2015 rtnl_unlock();
2016
2017 state->start = idx;
2018
2019 return skb->len;
2020 }
2021
2022 static int nl80211_dump_wiphy_done(struct netlink_callback *cb)
2023 {
2024 kfree((void *)cb->args[0]);
2025 return 0;
2026 }
2027
2028 static int nl80211_get_wiphy(struct sk_buff *skb, struct genl_info *info)
2029 {
2030 struct sk_buff *msg;
2031 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2032 struct nl80211_dump_wiphy_state state = {};
2033
2034 msg = nlmsg_new(4096, GFP_KERNEL);
2035 if (!msg)
2036 return -ENOMEM;
2037
2038 if (nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY, msg,
2039 info->snd_portid, info->snd_seq, 0,
2040 &state) < 0) {
2041 nlmsg_free(msg);
2042 return -ENOBUFS;
2043 }
2044
2045 return genlmsg_reply(msg, info);
2046 }
2047
2048 static const struct nla_policy txq_params_policy[NL80211_TXQ_ATTR_MAX + 1] = {
2049 [NL80211_TXQ_ATTR_QUEUE] = { .type = NLA_U8 },
2050 [NL80211_TXQ_ATTR_TXOP] = { .type = NLA_U16 },
2051 [NL80211_TXQ_ATTR_CWMIN] = { .type = NLA_U16 },
2052 [NL80211_TXQ_ATTR_CWMAX] = { .type = NLA_U16 },
2053 [NL80211_TXQ_ATTR_AIFS] = { .type = NLA_U8 },
2054 };
2055
2056 static int parse_txq_params(struct nlattr *tb[],
2057 struct ieee80211_txq_params *txq_params)
2058 {
2059 if (!tb[NL80211_TXQ_ATTR_AC] || !tb[NL80211_TXQ_ATTR_TXOP] ||
2060 !tb[NL80211_TXQ_ATTR_CWMIN] || !tb[NL80211_TXQ_ATTR_CWMAX] ||
2061 !tb[NL80211_TXQ_ATTR_AIFS])
2062 return -EINVAL;
2063
2064 txq_params->ac = nla_get_u8(tb[NL80211_TXQ_ATTR_AC]);
2065 txq_params->txop = nla_get_u16(tb[NL80211_TXQ_ATTR_TXOP]);
2066 txq_params->cwmin = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMIN]);
2067 txq_params->cwmax = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMAX]);
2068 txq_params->aifs = nla_get_u8(tb[NL80211_TXQ_ATTR_AIFS]);
2069
2070 if (txq_params->ac >= NL80211_NUM_ACS)
2071 return -EINVAL;
2072
2073 return 0;
2074 }
2075
2076 static bool nl80211_can_set_dev_channel(struct wireless_dev *wdev)
2077 {
2078 /*
2079 * You can only set the channel explicitly for WDS interfaces,
2080 * all others have their channel managed via their respective
2081 * "establish a connection" command (connect, join, ...)
2082 *
2083 * For AP/GO and mesh mode, the channel can be set with the
2084 * channel userspace API, but is only stored and passed to the
2085 * low-level driver when the AP starts or the mesh is joined.
2086 * This is for backward compatibility, userspace can also give
2087 * the channel in the start-ap or join-mesh commands instead.
2088 *
2089 * Monitors are special as they are normally slaved to
2090 * whatever else is going on, so they have their own special
2091 * operation to set the monitor channel if possible.
2092 */
2093 return !wdev ||
2094 wdev->iftype == NL80211_IFTYPE_AP ||
2095 wdev->iftype == NL80211_IFTYPE_MESH_POINT ||
2096 wdev->iftype == NL80211_IFTYPE_MONITOR ||
2097 wdev->iftype == NL80211_IFTYPE_P2P_GO;
2098 }
2099
2100 static int nl80211_parse_chandef(struct cfg80211_registered_device *rdev,
2101 struct genl_info *info,
2102 struct cfg80211_chan_def *chandef)
2103 {
2104 u32 control_freq;
2105
2106 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
2107 return -EINVAL;
2108
2109 control_freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]);
2110
2111 chandef->chan = ieee80211_get_channel(&rdev->wiphy, control_freq);
2112 chandef->width = NL80211_CHAN_WIDTH_20_NOHT;
2113 chandef->center_freq1 = control_freq;
2114 chandef->center_freq2 = 0;
2115
2116 /* Primary channel not allowed */
2117 if (!chandef->chan || chandef->chan->flags & IEEE80211_CHAN_DISABLED)
2118 return -EINVAL;
2119
2120 if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
2121 enum nl80211_channel_type chantype;
2122
2123 chantype = nla_get_u32(
2124 info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
2125
2126 switch (chantype) {
2127 case NL80211_CHAN_NO_HT:
2128 case NL80211_CHAN_HT20:
2129 case NL80211_CHAN_HT40PLUS:
2130 case NL80211_CHAN_HT40MINUS:
2131 cfg80211_chandef_create(chandef, chandef->chan,
2132 chantype);
2133 /* user input for center_freq is incorrect */
2134 if (info->attrs[NL80211_ATTR_CENTER_FREQ1] &&
2135 chandef->center_freq1 != nla_get_u32(
2136 info->attrs[NL80211_ATTR_CENTER_FREQ1]))
2137 return -EINVAL;
2138 /* center_freq2 must be zero */
2139 if (info->attrs[NL80211_ATTR_CENTER_FREQ2] &&
2140 nla_get_u32(info->attrs[NL80211_ATTR_CENTER_FREQ2]))
2141 return -EINVAL;
2142 break;
2143 default:
2144 return -EINVAL;
2145 }
2146 } else if (info->attrs[NL80211_ATTR_CHANNEL_WIDTH]) {
2147 chandef->width =
2148 nla_get_u32(info->attrs[NL80211_ATTR_CHANNEL_WIDTH]);
2149 if (info->attrs[NL80211_ATTR_CENTER_FREQ1])
2150 chandef->center_freq1 =
2151 nla_get_u32(
2152 info->attrs[NL80211_ATTR_CENTER_FREQ1]);
2153 if (info->attrs[NL80211_ATTR_CENTER_FREQ2])
2154 chandef->center_freq2 =
2155 nla_get_u32(
2156 info->attrs[NL80211_ATTR_CENTER_FREQ2]);
2157 }
2158
2159 if (!cfg80211_chandef_valid(chandef))
2160 return -EINVAL;
2161
2162 if (!cfg80211_chandef_usable(&rdev->wiphy, chandef,
2163 IEEE80211_CHAN_DISABLED))
2164 return -EINVAL;
2165
2166 if ((chandef->width == NL80211_CHAN_WIDTH_5 ||
2167 chandef->width == NL80211_CHAN_WIDTH_10) &&
2168 !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ))
2169 return -EINVAL;
2170
2171 return 0;
2172 }
2173
2174 static int __nl80211_set_channel(struct cfg80211_registered_device *rdev,
2175 struct net_device *dev,
2176 struct genl_info *info)
2177 {
2178 struct cfg80211_chan_def chandef;
2179 int result;
2180 enum nl80211_iftype iftype = NL80211_IFTYPE_MONITOR;
2181 struct wireless_dev *wdev = NULL;
2182
2183 if (dev)
2184 wdev = dev->ieee80211_ptr;
2185 if (!nl80211_can_set_dev_channel(wdev))
2186 return -EOPNOTSUPP;
2187 if (wdev)
2188 iftype = wdev->iftype;
2189
2190 result = nl80211_parse_chandef(rdev, info, &chandef);
2191 if (result)
2192 return result;
2193
2194 switch (iftype) {
2195 case NL80211_IFTYPE_AP:
2196 case NL80211_IFTYPE_P2P_GO:
2197 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &chandef,
2198 iftype)) {
2199 result = -EINVAL;
2200 break;
2201 }
2202 if (wdev->beacon_interval) {
2203 if (!dev || !rdev->ops->set_ap_chanwidth ||
2204 !(rdev->wiphy.features &
2205 NL80211_FEATURE_AP_MODE_CHAN_WIDTH_CHANGE)) {
2206 result = -EBUSY;
2207 break;
2208 }
2209
2210 /* Only allow dynamic channel width changes */
2211 if (chandef.chan != wdev->preset_chandef.chan) {
2212 result = -EBUSY;
2213 break;
2214 }
2215 result = rdev_set_ap_chanwidth(rdev, dev, &chandef);
2216 if (result)
2217 break;
2218 }
2219 wdev->preset_chandef = chandef;
2220 result = 0;
2221 break;
2222 case NL80211_IFTYPE_MESH_POINT:
2223 result = cfg80211_set_mesh_channel(rdev, wdev, &chandef);
2224 break;
2225 case NL80211_IFTYPE_MONITOR:
2226 result = cfg80211_set_monitor_channel(rdev, &chandef);
2227 break;
2228 default:
2229 result = -EINVAL;
2230 }
2231
2232 return result;
2233 }
2234
2235 static int nl80211_set_channel(struct sk_buff *skb, struct genl_info *info)
2236 {
2237 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2238 struct net_device *netdev = info->user_ptr[1];
2239
2240 return __nl80211_set_channel(rdev, netdev, info);
2241 }
2242
2243 static int nl80211_set_wds_peer(struct sk_buff *skb, struct genl_info *info)
2244 {
2245 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2246 struct net_device *dev = info->user_ptr[1];
2247 struct wireless_dev *wdev = dev->ieee80211_ptr;
2248 const u8 *bssid;
2249
2250 if (!info->attrs[NL80211_ATTR_MAC])
2251 return -EINVAL;
2252
2253 if (netif_running(dev))
2254 return -EBUSY;
2255
2256 if (!rdev->ops->set_wds_peer)
2257 return -EOPNOTSUPP;
2258
2259 if (wdev->iftype != NL80211_IFTYPE_WDS)
2260 return -EOPNOTSUPP;
2261
2262 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
2263 return rdev_set_wds_peer(rdev, dev, bssid);
2264 }
2265
2266 static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info)
2267 {
2268 struct cfg80211_registered_device *rdev;
2269 struct net_device *netdev = NULL;
2270 struct wireless_dev *wdev;
2271 int result = 0, rem_txq_params = 0;
2272 struct nlattr *nl_txq_params;
2273 u32 changed;
2274 u8 retry_short = 0, retry_long = 0;
2275 u32 frag_threshold = 0, rts_threshold = 0;
2276 u8 coverage_class = 0;
2277
2278 ASSERT_RTNL();
2279
2280 /*
2281 * Try to find the wiphy and netdev. Normally this
2282 * function shouldn't need the netdev, but this is
2283 * done for backward compatibility -- previously
2284 * setting the channel was done per wiphy, but now
2285 * it is per netdev. Previous userland like hostapd
2286 * also passed a netdev to set_wiphy, so that it is
2287 * possible to let that go to the right netdev!
2288 */
2289
2290 if (info->attrs[NL80211_ATTR_IFINDEX]) {
2291 int ifindex = nla_get_u32(info->attrs[NL80211_ATTR_IFINDEX]);
2292
2293 netdev = __dev_get_by_index(genl_info_net(info), ifindex);
2294 if (netdev && netdev->ieee80211_ptr)
2295 rdev = wiphy_to_rdev(netdev->ieee80211_ptr->wiphy);
2296 else
2297 netdev = NULL;
2298 }
2299
2300 if (!netdev) {
2301 rdev = __cfg80211_rdev_from_attrs(genl_info_net(info),
2302 info->attrs);
2303 if (IS_ERR(rdev))
2304 return PTR_ERR(rdev);
2305 wdev = NULL;
2306 netdev = NULL;
2307 result = 0;
2308 } else
2309 wdev = netdev->ieee80211_ptr;
2310
2311 /*
2312 * end workaround code, by now the rdev is available
2313 * and locked, and wdev may or may not be NULL.
2314 */
2315
2316 if (info->attrs[NL80211_ATTR_WIPHY_NAME])
2317 result = cfg80211_dev_rename(
2318 rdev, nla_data(info->attrs[NL80211_ATTR_WIPHY_NAME]));
2319
2320 if (result)
2321 return result;
2322
2323 if (info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS]) {
2324 struct ieee80211_txq_params txq_params;
2325 struct nlattr *tb[NL80211_TXQ_ATTR_MAX + 1];
2326
2327 if (!rdev->ops->set_txq_params)
2328 return -EOPNOTSUPP;
2329
2330 if (!netdev)
2331 return -EINVAL;
2332
2333 if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
2334 netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
2335 return -EINVAL;
2336
2337 if (!netif_running(netdev))
2338 return -ENETDOWN;
2339
2340 nla_for_each_nested(nl_txq_params,
2341 info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS],
2342 rem_txq_params) {
2343 result = nla_parse_nested(tb, NL80211_TXQ_ATTR_MAX,
2344 nl_txq_params,
2345 txq_params_policy,
2346 info->extack);
2347 if (result)
2348 return result;
2349 result = parse_txq_params(tb, &txq_params);
2350 if (result)
2351 return result;
2352
2353 result = rdev_set_txq_params(rdev, netdev,
2354 &txq_params);
2355 if (result)
2356 return result;
2357 }
2358 }
2359
2360 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
2361 result = __nl80211_set_channel(
2362 rdev,
2363 nl80211_can_set_dev_channel(wdev) ? netdev : NULL,
2364 info);
2365 if (result)
2366 return result;
2367 }
2368
2369 if (info->attrs[NL80211_ATTR_WIPHY_TX_POWER_SETTING]) {
2370 struct wireless_dev *txp_wdev = wdev;
2371 enum nl80211_tx_power_setting type;
2372 int idx, mbm = 0;
2373
2374 if (!(rdev->wiphy.features & NL80211_FEATURE_VIF_TXPOWER))
2375 txp_wdev = NULL;
2376
2377 if (!rdev->ops->set_tx_power)
2378 return -EOPNOTSUPP;
2379
2380 idx = NL80211_ATTR_WIPHY_TX_POWER_SETTING;
2381 type = nla_get_u32(info->attrs[idx]);
2382
2383 if (!info->attrs[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] &&
2384 (type != NL80211_TX_POWER_AUTOMATIC))
2385 return -EINVAL;
2386
2387 if (type != NL80211_TX_POWER_AUTOMATIC) {
2388 idx = NL80211_ATTR_WIPHY_TX_POWER_LEVEL;
2389 mbm = nla_get_u32(info->attrs[idx]);
2390 }
2391
2392 result = rdev_set_tx_power(rdev, txp_wdev, type, mbm);
2393 if (result)
2394 return result;
2395 }
2396
2397 if (info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX] &&
2398 info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]) {
2399 u32 tx_ant, rx_ant;
2400
2401 if ((!rdev->wiphy.available_antennas_tx &&
2402 !rdev->wiphy.available_antennas_rx) ||
2403 !rdev->ops->set_antenna)
2404 return -EOPNOTSUPP;
2405
2406 tx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX]);
2407 rx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]);
2408
2409 /* reject antenna configurations which don't match the
2410 * available antenna masks, except for the "all" mask */
2411 if ((~tx_ant && (tx_ant & ~rdev->wiphy.available_antennas_tx)) ||
2412 (~rx_ant && (rx_ant & ~rdev->wiphy.available_antennas_rx)))
2413 return -EINVAL;
2414
2415 tx_ant = tx_ant & rdev->wiphy.available_antennas_tx;
2416 rx_ant = rx_ant & rdev->wiphy.available_antennas_rx;
2417
2418 result = rdev_set_antenna(rdev, tx_ant, rx_ant);
2419 if (result)
2420 return result;
2421 }
2422
2423 changed = 0;
2424
2425 if (info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]) {
2426 retry_short = nla_get_u8(
2427 info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]);
2428 if (retry_short == 0)
2429 return -EINVAL;
2430
2431 changed |= WIPHY_PARAM_RETRY_SHORT;
2432 }
2433
2434 if (info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]) {
2435 retry_long = nla_get_u8(
2436 info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]);
2437 if (retry_long == 0)
2438 return -EINVAL;
2439
2440 changed |= WIPHY_PARAM_RETRY_LONG;
2441 }
2442
2443 if (info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]) {
2444 frag_threshold = nla_get_u32(
2445 info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]);
2446 if (frag_threshold < 256)
2447 return -EINVAL;
2448
2449 if (frag_threshold != (u32) -1) {
2450 /*
2451 * Fragments (apart from the last one) are required to
2452 * have even length. Make the fragmentation code
2453 * simpler by stripping LSB should someone try to use
2454 * odd threshold value.
2455 */
2456 frag_threshold &= ~0x1;
2457 }
2458 changed |= WIPHY_PARAM_FRAG_THRESHOLD;
2459 }
2460
2461 if (info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]) {
2462 rts_threshold = nla_get_u32(
2463 info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]);
2464 changed |= WIPHY_PARAM_RTS_THRESHOLD;
2465 }
2466
2467 if (info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]) {
2468 if (info->attrs[NL80211_ATTR_WIPHY_DYN_ACK])
2469 return -EINVAL;
2470
2471 coverage_class = nla_get_u8(
2472 info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]);
2473 changed |= WIPHY_PARAM_COVERAGE_CLASS;
2474 }
2475
2476 if (info->attrs[NL80211_ATTR_WIPHY_DYN_ACK]) {
2477 if (!(rdev->wiphy.features & NL80211_FEATURE_ACKTO_ESTIMATION))
2478 return -EOPNOTSUPP;
2479
2480 changed |= WIPHY_PARAM_DYN_ACK;
2481 }
2482
2483 if (changed) {
2484 u8 old_retry_short, old_retry_long;
2485 u32 old_frag_threshold, old_rts_threshold;
2486 u8 old_coverage_class;
2487
2488 if (!rdev->ops->set_wiphy_params)
2489 return -EOPNOTSUPP;
2490
2491 old_retry_short = rdev->wiphy.retry_short;
2492 old_retry_long = rdev->wiphy.retry_long;
2493 old_frag_threshold = rdev->wiphy.frag_threshold;
2494 old_rts_threshold = rdev->wiphy.rts_threshold;
2495 old_coverage_class = rdev->wiphy.coverage_class;
2496
2497 if (changed & WIPHY_PARAM_RETRY_SHORT)
2498 rdev->wiphy.retry_short = retry_short;
2499 if (changed & WIPHY_PARAM_RETRY_LONG)
2500 rdev->wiphy.retry_long = retry_long;
2501 if (changed & WIPHY_PARAM_FRAG_THRESHOLD)
2502 rdev->wiphy.frag_threshold = frag_threshold;
2503 if (changed & WIPHY_PARAM_RTS_THRESHOLD)
2504 rdev->wiphy.rts_threshold = rts_threshold;
2505 if (changed & WIPHY_PARAM_COVERAGE_CLASS)
2506 rdev->wiphy.coverage_class = coverage_class;
2507
2508 result = rdev_set_wiphy_params(rdev, changed);
2509 if (result) {
2510 rdev->wiphy.retry_short = old_retry_short;
2511 rdev->wiphy.retry_long = old_retry_long;
2512 rdev->wiphy.frag_threshold = old_frag_threshold;
2513 rdev->wiphy.rts_threshold = old_rts_threshold;
2514 rdev->wiphy.coverage_class = old_coverage_class;
2515 return result;
2516 }
2517 }
2518 return 0;
2519 }
2520
2521 static inline u64 wdev_id(struct wireless_dev *wdev)
2522 {
2523 return (u64)wdev->identifier |
2524 ((u64)wiphy_to_rdev(wdev->wiphy)->wiphy_idx << 32);
2525 }
2526
2527 static int nl80211_send_chandef(struct sk_buff *msg,
2528 const struct cfg80211_chan_def *chandef)
2529 {
2530 if (WARN_ON(!cfg80211_chandef_valid(chandef)))
2531 return -EINVAL;
2532
2533 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ,
2534 chandef->chan->center_freq))
2535 return -ENOBUFS;
2536 switch (chandef->width) {
2537 case NL80211_CHAN_WIDTH_20_NOHT:
2538 case NL80211_CHAN_WIDTH_20:
2539 case NL80211_CHAN_WIDTH_40:
2540 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
2541 cfg80211_get_chandef_type(chandef)))
2542 return -ENOBUFS;
2543 break;
2544 default:
2545 break;
2546 }
2547 if (nla_put_u32(msg, NL80211_ATTR_CHANNEL_WIDTH, chandef->width))
2548 return -ENOBUFS;
2549 if (nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ1, chandef->center_freq1))
2550 return -ENOBUFS;
2551 if (chandef->center_freq2 &&
2552 nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ2, chandef->center_freq2))
2553 return -ENOBUFS;
2554 return 0;
2555 }
2556
2557 static int nl80211_send_iface(struct sk_buff *msg, u32 portid, u32 seq, int flags,
2558 struct cfg80211_registered_device *rdev,
2559 struct wireless_dev *wdev, bool removal)
2560 {
2561 struct net_device *dev = wdev->netdev;
2562 u8 cmd = NL80211_CMD_NEW_INTERFACE;
2563 void *hdr;
2564
2565 if (removal)
2566 cmd = NL80211_CMD_DEL_INTERFACE;
2567
2568 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
2569 if (!hdr)
2570 return -1;
2571
2572 if (dev &&
2573 (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
2574 nla_put_string(msg, NL80211_ATTR_IFNAME, dev->name)))
2575 goto nla_put_failure;
2576
2577 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
2578 nla_put_u32(msg, NL80211_ATTR_IFTYPE, wdev->iftype) ||
2579 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
2580 NL80211_ATTR_PAD) ||
2581 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, wdev_address(wdev)) ||
2582 nla_put_u32(msg, NL80211_ATTR_GENERATION,
2583 rdev->devlist_generation ^
2584 (cfg80211_rdev_list_generation << 2)))
2585 goto nla_put_failure;
2586
2587 if (rdev->ops->get_channel) {
2588 int ret;
2589 struct cfg80211_chan_def chandef;
2590
2591 ret = rdev_get_channel(rdev, wdev, &chandef);
2592 if (ret == 0) {
2593 if (nl80211_send_chandef(msg, &chandef))
2594 goto nla_put_failure;
2595 }
2596 }
2597
2598 if (rdev->ops->get_tx_power) {
2599 int dbm, ret;
2600
2601 ret = rdev_get_tx_power(rdev, wdev, &dbm);
2602 if (ret == 0 &&
2603 nla_put_u32(msg, NL80211_ATTR_WIPHY_TX_POWER_LEVEL,
2604 DBM_TO_MBM(dbm)))
2605 goto nla_put_failure;
2606 }
2607
2608 wdev_lock(wdev);
2609 switch (wdev->iftype) {
2610 case NL80211_IFTYPE_AP:
2611 if (wdev->ssid_len &&
2612 nla_put(msg, NL80211_ATTR_SSID, wdev->ssid_len, wdev->ssid))
2613 goto nla_put_failure_locked;
2614 break;
2615 case NL80211_IFTYPE_STATION:
2616 case NL80211_IFTYPE_P2P_CLIENT:
2617 case NL80211_IFTYPE_ADHOC: {
2618 const u8 *ssid_ie;
2619 if (!wdev->current_bss)
2620 break;
2621 ssid_ie = ieee80211_bss_get_ie(&wdev->current_bss->pub,
2622 WLAN_EID_SSID);
2623 if (!ssid_ie)
2624 break;
2625 if (nla_put(msg, NL80211_ATTR_SSID, ssid_ie[1], ssid_ie + 2))
2626 goto nla_put_failure_locked;
2627 break;
2628 }
2629 default:
2630 /* nothing */
2631 break;
2632 }
2633 wdev_unlock(wdev);
2634
2635 genlmsg_end(msg, hdr);
2636 return 0;
2637
2638 nla_put_failure_locked:
2639 wdev_unlock(wdev);
2640 nla_put_failure:
2641 genlmsg_cancel(msg, hdr);
2642 return -EMSGSIZE;
2643 }
2644
2645 static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *cb)
2646 {
2647 int wp_idx = 0;
2648 int if_idx = 0;
2649 int wp_start = cb->args[0];
2650 int if_start = cb->args[1];
2651 int filter_wiphy = -1;
2652 struct cfg80211_registered_device *rdev;
2653 struct wireless_dev *wdev;
2654 int ret;
2655
2656 rtnl_lock();
2657 if (!cb->args[2]) {
2658 struct nl80211_dump_wiphy_state state = {
2659 .filter_wiphy = -1,
2660 };
2661
2662 ret = nl80211_dump_wiphy_parse(skb, cb, &state);
2663 if (ret)
2664 goto out_unlock;
2665
2666 filter_wiphy = state.filter_wiphy;
2667
2668 /*
2669 * if filtering, set cb->args[2] to +1 since 0 is the default
2670 * value needed to determine that parsing is necessary.
2671 */
2672 if (filter_wiphy >= 0)
2673 cb->args[2] = filter_wiphy + 1;
2674 else
2675 cb->args[2] = -1;
2676 } else if (cb->args[2] > 0) {
2677 filter_wiphy = cb->args[2] - 1;
2678 }
2679
2680 list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
2681 if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
2682 continue;
2683 if (wp_idx < wp_start) {
2684 wp_idx++;
2685 continue;
2686 }
2687
2688 if (filter_wiphy >= 0 && filter_wiphy != rdev->wiphy_idx)
2689 continue;
2690
2691 if_idx = 0;
2692
2693 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
2694 if (if_idx < if_start) {
2695 if_idx++;
2696 continue;
2697 }
2698 if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).portid,
2699 cb->nlh->nlmsg_seq, NLM_F_MULTI,
2700 rdev, wdev, false) < 0) {
2701 goto out;
2702 }
2703 if_idx++;
2704 }
2705
2706 wp_idx++;
2707 }
2708 out:
2709 cb->args[0] = wp_idx;
2710 cb->args[1] = if_idx;
2711
2712 ret = skb->len;
2713 out_unlock:
2714 rtnl_unlock();
2715
2716 return ret;
2717 }
2718
2719 static int nl80211_get_interface(struct sk_buff *skb, struct genl_info *info)
2720 {
2721 struct sk_buff *msg;
2722 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2723 struct wireless_dev *wdev = info->user_ptr[1];
2724
2725 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2726 if (!msg)
2727 return -ENOMEM;
2728
2729 if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
2730 rdev, wdev, false) < 0) {
2731 nlmsg_free(msg);
2732 return -ENOBUFS;
2733 }
2734
2735 return genlmsg_reply(msg, info);
2736 }
2737
2738 static const struct nla_policy mntr_flags_policy[NL80211_MNTR_FLAG_MAX + 1] = {
2739 [NL80211_MNTR_FLAG_FCSFAIL] = { .type = NLA_FLAG },
2740 [NL80211_MNTR_FLAG_PLCPFAIL] = { .type = NLA_FLAG },
2741 [NL80211_MNTR_FLAG_CONTROL] = { .type = NLA_FLAG },
2742 [NL80211_MNTR_FLAG_OTHER_BSS] = { .type = NLA_FLAG },
2743 [NL80211_MNTR_FLAG_COOK_FRAMES] = { .type = NLA_FLAG },
2744 [NL80211_MNTR_FLAG_ACTIVE] = { .type = NLA_FLAG },
2745 };
2746
2747 static int parse_monitor_flags(struct nlattr *nla, u32 *mntrflags)
2748 {
2749 struct nlattr *flags[NL80211_MNTR_FLAG_MAX + 1];
2750 int flag;
2751
2752 *mntrflags = 0;
2753
2754 if (!nla)
2755 return -EINVAL;
2756
2757 if (nla_parse_nested(flags, NL80211_MNTR_FLAG_MAX, nla,
2758 mntr_flags_policy, NULL))
2759 return -EINVAL;
2760
2761 for (flag = 1; flag <= NL80211_MNTR_FLAG_MAX; flag++)
2762 if (flags[flag])
2763 *mntrflags |= (1<<flag);
2764
2765 *mntrflags |= MONITOR_FLAG_CHANGED;
2766
2767 return 0;
2768 }
2769
2770 static int nl80211_parse_mon_options(struct cfg80211_registered_device *rdev,
2771 enum nl80211_iftype type,
2772 struct genl_info *info,
2773 struct vif_params *params)
2774 {
2775 bool change = false;
2776 int err;
2777
2778 if (info->attrs[NL80211_ATTR_MNTR_FLAGS]) {
2779 if (type != NL80211_IFTYPE_MONITOR)
2780 return -EINVAL;
2781
2782 err = parse_monitor_flags(info->attrs[NL80211_ATTR_MNTR_FLAGS],
2783 &params->flags);
2784 if (err)
2785 return err;
2786
2787 change = true;
2788 }
2789
2790 if (params->flags & MONITOR_FLAG_ACTIVE &&
2791 !(rdev->wiphy.features & NL80211_FEATURE_ACTIVE_MONITOR))
2792 return -EOPNOTSUPP;
2793
2794 if (info->attrs[NL80211_ATTR_MU_MIMO_GROUP_DATA]) {
2795 const u8 *mumimo_groups;
2796 u32 cap_flag = NL80211_EXT_FEATURE_MU_MIMO_AIR_SNIFFER;
2797
2798 if (type != NL80211_IFTYPE_MONITOR)
2799 return -EINVAL;
2800
2801 if (!wiphy_ext_feature_isset(&rdev->wiphy, cap_flag))
2802 return -EOPNOTSUPP;
2803
2804 mumimo_groups =
2805 nla_data(info->attrs[NL80211_ATTR_MU_MIMO_GROUP_DATA]);
2806
2807 /* bits 0 and 63 are reserved and must be zero */
2808 if ((mumimo_groups[0] & BIT(0)) ||
2809 (mumimo_groups[VHT_MUMIMO_GROUPS_DATA_LEN - 1] & BIT(7)))
2810 return -EINVAL;
2811
2812 params->vht_mumimo_groups = mumimo_groups;
2813 change = true;
2814 }
2815
2816 if (info->attrs[NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR]) {
2817 u32 cap_flag = NL80211_EXT_FEATURE_MU_MIMO_AIR_SNIFFER;
2818
2819 if (type != NL80211_IFTYPE_MONITOR)
2820 return -EINVAL;
2821
2822 if (!wiphy_ext_feature_isset(&rdev->wiphy, cap_flag))
2823 return -EOPNOTSUPP;
2824
2825 params->vht_mumimo_follow_addr =
2826 nla_data(info->attrs[NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR]);
2827 change = true;
2828 }
2829
2830 return change ? 1 : 0;
2831 }
2832
2833 static int nl80211_valid_4addr(struct cfg80211_registered_device *rdev,
2834 struct net_device *netdev, u8 use_4addr,
2835 enum nl80211_iftype iftype)
2836 {
2837 if (!use_4addr) {
2838 if (netdev && (netdev->priv_flags & IFF_BRIDGE_PORT))
2839 return -EBUSY;
2840 return 0;
2841 }
2842
2843 switch (iftype) {
2844 case NL80211_IFTYPE_AP_VLAN:
2845 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_AP)
2846 return 0;
2847 break;
2848 case NL80211_IFTYPE_STATION:
2849 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_STATION)
2850 return 0;
2851 break;
2852 default:
2853 break;
2854 }
2855
2856 return -EOPNOTSUPP;
2857 }
2858
2859 static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info)
2860 {
2861 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2862 struct vif_params params;
2863 int err;
2864 enum nl80211_iftype otype, ntype;
2865 struct net_device *dev = info->user_ptr[1];
2866 bool change = false;
2867
2868 memset(&params, 0, sizeof(params));
2869
2870 otype = ntype = dev->ieee80211_ptr->iftype;
2871
2872 if (info->attrs[NL80211_ATTR_IFTYPE]) {
2873 ntype = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
2874 if (otype != ntype)
2875 change = true;
2876 if (ntype > NL80211_IFTYPE_MAX)
2877 return -EINVAL;
2878 }
2879
2880 if (info->attrs[NL80211_ATTR_MESH_ID]) {
2881 struct wireless_dev *wdev = dev->ieee80211_ptr;
2882
2883 if (ntype != NL80211_IFTYPE_MESH_POINT)
2884 return -EINVAL;
2885 if (netif_running(dev))
2886 return -EBUSY;
2887
2888 wdev_lock(wdev);
2889 BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
2890 IEEE80211_MAX_MESH_ID_LEN);
2891 wdev->mesh_id_up_len =
2892 nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
2893 memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
2894 wdev->mesh_id_up_len);
2895 wdev_unlock(wdev);
2896 }
2897
2898 if (info->attrs[NL80211_ATTR_4ADDR]) {
2899 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
2900 change = true;
2901 err = nl80211_valid_4addr(rdev, dev, params.use_4addr, ntype);
2902 if (err)
2903 return err;
2904 } else {
2905 params.use_4addr = -1;
2906 }
2907
2908 err = nl80211_parse_mon_options(rdev, ntype, info, &params);
2909 if (err < 0)
2910 return err;
2911 if (err > 0)
2912 change = true;
2913
2914 if (change)
2915 err = cfg80211_change_iface(rdev, dev, ntype, &params);
2916 else
2917 err = 0;
2918
2919 if (!err && params.use_4addr != -1)
2920 dev->ieee80211_ptr->use_4addr = params.use_4addr;
2921
2922 return err;
2923 }
2924
2925 static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info)
2926 {
2927 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2928 struct vif_params params;
2929 struct wireless_dev *wdev;
2930 struct sk_buff *msg;
2931 int err;
2932 enum nl80211_iftype type = NL80211_IFTYPE_UNSPECIFIED;
2933
2934 /* to avoid failing a new interface creation due to pending removal */
2935 cfg80211_destroy_ifaces(rdev);
2936
2937 memset(&params, 0, sizeof(params));
2938
2939 if (!info->attrs[NL80211_ATTR_IFNAME])
2940 return -EINVAL;
2941
2942 if (info->attrs[NL80211_ATTR_IFTYPE]) {
2943 type = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
2944 if (type > NL80211_IFTYPE_MAX)
2945 return -EINVAL;
2946 }
2947
2948 if (!rdev->ops->add_virtual_intf ||
2949 !(rdev->wiphy.interface_modes & (1 << type)))
2950 return -EOPNOTSUPP;
2951
2952 if ((type == NL80211_IFTYPE_P2P_DEVICE || type == NL80211_IFTYPE_NAN ||
2953 rdev->wiphy.features & NL80211_FEATURE_MAC_ON_CREATE) &&
2954 info->attrs[NL80211_ATTR_MAC]) {
2955 nla_memcpy(params.macaddr, info->attrs[NL80211_ATTR_MAC],
2956 ETH_ALEN);
2957 if (!is_valid_ether_addr(params.macaddr))
2958 return -EADDRNOTAVAIL;
2959 }
2960
2961 if (info->attrs[NL80211_ATTR_4ADDR]) {
2962 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
2963 err = nl80211_valid_4addr(rdev, NULL, params.use_4addr, type);
2964 if (err)
2965 return err;
2966 }
2967
2968 err = nl80211_parse_mon_options(rdev, type, info, &params);
2969 if (err < 0)
2970 return err;
2971
2972 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2973 if (!msg)
2974 return -ENOMEM;
2975
2976 wdev = rdev_add_virtual_intf(rdev,
2977 nla_data(info->attrs[NL80211_ATTR_IFNAME]),
2978 NET_NAME_USER, type, &params);
2979 if (WARN_ON(!wdev)) {
2980 nlmsg_free(msg);
2981 return -EPROTO;
2982 } else if (IS_ERR(wdev)) {
2983 nlmsg_free(msg);
2984 return PTR_ERR(wdev);
2985 }
2986
2987 if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
2988 wdev->owner_nlportid = info->snd_portid;
2989
2990 switch (type) {
2991 case NL80211_IFTYPE_MESH_POINT:
2992 if (!info->attrs[NL80211_ATTR_MESH_ID])
2993 break;
2994 wdev_lock(wdev);
2995 BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
2996 IEEE80211_MAX_MESH_ID_LEN);
2997 wdev->mesh_id_up_len =
2998 nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
2999 memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
3000 wdev->mesh_id_up_len);
3001 wdev_unlock(wdev);
3002 break;
3003 case NL80211_IFTYPE_NAN:
3004 case NL80211_IFTYPE_P2P_DEVICE:
3005 /*
3006 * P2P Device and NAN do not have a netdev, so don't go
3007 * through the netdev notifier and must be added here
3008 */
3009 mutex_init(&wdev->mtx);
3010 INIT_LIST_HEAD(&wdev->event_list);
3011 spin_lock_init(&wdev->event_lock);
3012 INIT_LIST_HEAD(&wdev->mgmt_registrations);
3013 spin_lock_init(&wdev->mgmt_registrations_lock);
3014
3015 wdev->identifier = ++rdev->wdev_id;
3016 list_add_rcu(&wdev->list, &rdev->wiphy.wdev_list);
3017 rdev->devlist_generation++;
3018 break;
3019 default:
3020 break;
3021 }
3022
3023 if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
3024 rdev, wdev, false) < 0) {
3025 nlmsg_free(msg);
3026 return -ENOBUFS;
3027 }
3028
3029 /*
3030 * For wdevs which have no associated netdev object (e.g. of type
3031 * NL80211_IFTYPE_P2P_DEVICE), emit the NEW_INTERFACE event here.
3032 * For all other types, the event will be generated from the
3033 * netdev notifier
3034 */
3035 if (!wdev->netdev)
3036 nl80211_notify_iface(rdev, wdev, NL80211_CMD_NEW_INTERFACE);
3037
3038 return genlmsg_reply(msg, info);
3039 }
3040
3041 static int nl80211_del_interface(struct sk_buff *skb, struct genl_info *info)
3042 {
3043 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3044 struct wireless_dev *wdev = info->user_ptr[1];
3045
3046 if (!rdev->ops->del_virtual_intf)
3047 return -EOPNOTSUPP;
3048
3049 /*
3050 * If we remove a wireless device without a netdev then clear
3051 * user_ptr[1] so that nl80211_post_doit won't dereference it
3052 * to check if it needs to do dev_put(). Otherwise it crashes
3053 * since the wdev has been freed, unlike with a netdev where
3054 * we need the dev_put() for the netdev to really be freed.
3055 */
3056 if (!wdev->netdev)
3057 info->user_ptr[1] = NULL;
3058
3059 return rdev_del_virtual_intf(rdev, wdev);
3060 }
3061
3062 static int nl80211_set_noack_map(struct sk_buff *skb, struct genl_info *info)
3063 {
3064 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3065 struct net_device *dev = info->user_ptr[1];
3066 u16 noack_map;
3067
3068 if (!info->attrs[NL80211_ATTR_NOACK_MAP])
3069 return -EINVAL;
3070
3071 if (!rdev->ops->set_noack_map)
3072 return -EOPNOTSUPP;
3073
3074 noack_map = nla_get_u16(info->attrs[NL80211_ATTR_NOACK_MAP]);
3075
3076 return rdev_set_noack_map(rdev, dev, noack_map);
3077 }
3078
3079 struct get_key_cookie {
3080 struct sk_buff *msg;
3081 int error;
3082 int idx;
3083 };
3084
3085 static void get_key_callback(void *c, struct key_params *params)
3086 {
3087 struct nlattr *key;
3088 struct get_key_cookie *cookie = c;
3089
3090 if ((params->key &&
3091 nla_put(cookie->msg, NL80211_ATTR_KEY_DATA,
3092 params->key_len, params->key)) ||
3093 (params->seq &&
3094 nla_put(cookie->msg, NL80211_ATTR_KEY_SEQ,
3095 params->seq_len, params->seq)) ||
3096 (params->cipher &&
3097 nla_put_u32(cookie->msg, NL80211_ATTR_KEY_CIPHER,
3098 params->cipher)))
3099 goto nla_put_failure;
3100
3101 key = nla_nest_start(cookie->msg, NL80211_ATTR_KEY);
3102 if (!key)
3103 goto nla_put_failure;
3104
3105 if ((params->key &&
3106 nla_put(cookie->msg, NL80211_KEY_DATA,
3107 params->key_len, params->key)) ||
3108 (params->seq &&
3109 nla_put(cookie->msg, NL80211_KEY_SEQ,
3110 params->seq_len, params->seq)) ||
3111 (params->cipher &&
3112 nla_put_u32(cookie->msg, NL80211_KEY_CIPHER,
3113 params->cipher)))
3114 goto nla_put_failure;
3115
3116 if (nla_put_u8(cookie->msg, NL80211_ATTR_KEY_IDX, cookie->idx))
3117 goto nla_put_failure;
3118
3119 nla_nest_end(cookie->msg, key);
3120
3121 return;
3122 nla_put_failure:
3123 cookie->error = 1;
3124 }
3125
3126 static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info)
3127 {
3128 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3129 int err;
3130 struct net_device *dev = info->user_ptr[1];
3131 u8 key_idx = 0;
3132 const u8 *mac_addr = NULL;
3133 bool pairwise;
3134 struct get_key_cookie cookie = {
3135 .error = 0,
3136 };
3137 void *hdr;
3138 struct sk_buff *msg;
3139
3140 if (info->attrs[NL80211_ATTR_KEY_IDX])
3141 key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
3142
3143 if (key_idx > 5)
3144 return -EINVAL;
3145
3146 if (info->attrs[NL80211_ATTR_MAC])
3147 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3148
3149 pairwise = !!mac_addr;
3150 if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
3151 u32 kt = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
3152
3153 if (kt >= NUM_NL80211_KEYTYPES)
3154 return -EINVAL;
3155 if (kt != NL80211_KEYTYPE_GROUP &&
3156 kt != NL80211_KEYTYPE_PAIRWISE)
3157 return -EINVAL;
3158 pairwise = kt == NL80211_KEYTYPE_PAIRWISE;
3159 }
3160
3161 if (!rdev->ops->get_key)
3162 return -EOPNOTSUPP;
3163
3164 if (!pairwise && mac_addr && !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
3165 return -ENOENT;
3166
3167 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3168 if (!msg)
3169 return -ENOMEM;
3170
3171 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
3172 NL80211_CMD_NEW_KEY);
3173 if (!hdr)
3174 goto nla_put_failure;
3175
3176 cookie.msg = msg;
3177 cookie.idx = key_idx;
3178
3179 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
3180 nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_idx))
3181 goto nla_put_failure;
3182 if (mac_addr &&
3183 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr))
3184 goto nla_put_failure;
3185
3186 err = rdev_get_key(rdev, dev, key_idx, pairwise, mac_addr, &cookie,
3187 get_key_callback);
3188
3189 if (err)
3190 goto free_msg;
3191
3192 if (cookie.error)
3193 goto nla_put_failure;
3194
3195 genlmsg_end(msg, hdr);
3196 return genlmsg_reply(msg, info);
3197
3198 nla_put_failure:
3199 err = -ENOBUFS;
3200 free_msg:
3201 nlmsg_free(msg);
3202 return err;
3203 }
3204
3205 static int nl80211_set_key(struct sk_buff *skb, struct genl_info *info)
3206 {
3207 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3208 struct key_parse key;
3209 int err;
3210 struct net_device *dev = info->user_ptr[1];
3211
3212 err = nl80211_parse_key(info, &key);
3213 if (err)
3214 return err;
3215
3216 if (key.idx < 0)
3217 return -EINVAL;
3218
3219 /* only support setting default key */
3220 if (!key.def && !key.defmgmt)
3221 return -EINVAL;
3222
3223 wdev_lock(dev->ieee80211_ptr);
3224
3225 if (key.def) {
3226 if (!rdev->ops->set_default_key) {
3227 err = -EOPNOTSUPP;
3228 goto out;
3229 }
3230
3231 err = nl80211_key_allowed(dev->ieee80211_ptr);
3232 if (err)
3233 goto out;
3234
3235 err = rdev_set_default_key(rdev, dev, key.idx,
3236 key.def_uni, key.def_multi);
3237
3238 if (err)
3239 goto out;
3240
3241 #ifdef CONFIG_CFG80211_WEXT
3242 dev->ieee80211_ptr->wext.default_key = key.idx;
3243 #endif
3244 } else {
3245 if (key.def_uni || !key.def_multi) {
3246 err = -EINVAL;
3247 goto out;
3248 }
3249
3250 if (!rdev->ops->set_default_mgmt_key) {
3251 err = -EOPNOTSUPP;
3252 goto out;
3253 }
3254
3255 err = nl80211_key_allowed(dev->ieee80211_ptr);
3256 if (err)
3257 goto out;
3258
3259 err = rdev_set_default_mgmt_key(rdev, dev, key.idx);
3260 if (err)
3261 goto out;
3262
3263 #ifdef CONFIG_CFG80211_WEXT
3264 dev->ieee80211_ptr->wext.default_mgmt_key = key.idx;
3265 #endif
3266 }
3267
3268 out:
3269 wdev_unlock(dev->ieee80211_ptr);
3270
3271 return err;
3272 }
3273
3274 static int nl80211_new_key(struct sk_buff *skb, struct genl_info *info)
3275 {
3276 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3277 int err;
3278 struct net_device *dev = info->user_ptr[1];
3279 struct key_parse key;
3280 const u8 *mac_addr = NULL;
3281
3282 err = nl80211_parse_key(info, &key);
3283 if (err)
3284 return err;
3285
3286 if (!key.p.key)
3287 return -EINVAL;
3288
3289 if (info->attrs[NL80211_ATTR_MAC])
3290 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3291
3292 if (key.type == -1) {
3293 if (mac_addr)
3294 key.type = NL80211_KEYTYPE_PAIRWISE;
3295 else
3296 key.type = NL80211_KEYTYPE_GROUP;
3297 }
3298
3299 /* for now */
3300 if (key.type != NL80211_KEYTYPE_PAIRWISE &&
3301 key.type != NL80211_KEYTYPE_GROUP)
3302 return -EINVAL;
3303
3304 if (!rdev->ops->add_key)
3305 return -EOPNOTSUPP;
3306
3307 if (cfg80211_validate_key_settings(rdev, &key.p, key.idx,
3308 key.type == NL80211_KEYTYPE_PAIRWISE,
3309 mac_addr))
3310 return -EINVAL;
3311
3312 wdev_lock(dev->ieee80211_ptr);
3313 err = nl80211_key_allowed(dev->ieee80211_ptr);
3314 if (!err)
3315 err = rdev_add_key(rdev, dev, key.idx,
3316 key.type == NL80211_KEYTYPE_PAIRWISE,
3317 mac_addr, &key.p);
3318 wdev_unlock(dev->ieee80211_ptr);
3319
3320 return err;
3321 }
3322
3323 static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info)
3324 {
3325 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3326 int err;
3327 struct net_device *dev = info->user_ptr[1];
3328 u8 *mac_addr = NULL;
3329 struct key_parse key;
3330
3331 err = nl80211_parse_key(info, &key);
3332 if (err)
3333 return err;
3334
3335 if (info->attrs[NL80211_ATTR_MAC])
3336 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3337
3338 if (key.type == -1) {
3339 if (mac_addr)
3340 key.type = NL80211_KEYTYPE_PAIRWISE;
3341 else
3342 key.type = NL80211_KEYTYPE_GROUP;
3343 }
3344
3345 /* for now */
3346 if (key.type != NL80211_KEYTYPE_PAIRWISE &&
3347 key.type != NL80211_KEYTYPE_GROUP)
3348 return -EINVAL;
3349
3350 if (!rdev->ops->del_key)
3351 return -EOPNOTSUPP;
3352
3353 wdev_lock(dev->ieee80211_ptr);
3354 err = nl80211_key_allowed(dev->ieee80211_ptr);
3355
3356 if (key.type == NL80211_KEYTYPE_GROUP && mac_addr &&
3357 !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
3358 err = -ENOENT;
3359
3360 if (!err)
3361 err = rdev_del_key(rdev, dev, key.idx,
3362 key.type == NL80211_KEYTYPE_PAIRWISE,
3363 mac_addr);
3364
3365 #ifdef CONFIG_CFG80211_WEXT
3366 if (!err) {
3367 if (key.idx == dev->ieee80211_ptr->wext.default_key)
3368 dev->ieee80211_ptr->wext.default_key = -1;
3369 else if (key.idx == dev->ieee80211_ptr->wext.default_mgmt_key)
3370 dev->ieee80211_ptr->wext.default_mgmt_key = -1;
3371 }
3372 #endif
3373 wdev_unlock(dev->ieee80211_ptr);
3374
3375 return err;
3376 }
3377
3378 /* This function returns an error or the number of nested attributes */
3379 static int validate_acl_mac_addrs(struct nlattr *nl_attr)
3380 {
3381 struct nlattr *attr;
3382 int n_entries = 0, tmp;
3383
3384 nla_for_each_nested(attr, nl_attr, tmp) {
3385 if (nla_len(attr) != ETH_ALEN)
3386 return -EINVAL;
3387
3388 n_entries++;
3389 }
3390
3391 return n_entries;
3392 }
3393
3394 /*
3395 * This function parses ACL information and allocates memory for ACL data.
3396 * On successful return, the calling function is responsible to free the
3397 * ACL buffer returned by this function.
3398 */
3399 static struct cfg80211_acl_data *parse_acl_data(struct wiphy *wiphy,
3400 struct genl_info *info)
3401 {
3402 enum nl80211_acl_policy acl_policy;
3403 struct nlattr *attr;
3404 struct cfg80211_acl_data *acl;
3405 int i = 0, n_entries, tmp;
3406
3407 if (!wiphy->max_acl_mac_addrs)
3408 return ERR_PTR(-EOPNOTSUPP);
3409
3410 if (!info->attrs[NL80211_ATTR_ACL_POLICY])
3411 return ERR_PTR(-EINVAL);
3412
3413 acl_policy = nla_get_u32(info->attrs[NL80211_ATTR_ACL_POLICY]);
3414 if (acl_policy != NL80211_ACL_POLICY_ACCEPT_UNLESS_LISTED &&
3415 acl_policy != NL80211_ACL_POLICY_DENY_UNLESS_LISTED)
3416 return ERR_PTR(-EINVAL);
3417
3418 if (!info->attrs[NL80211_ATTR_MAC_ADDRS])
3419 return ERR_PTR(-EINVAL);
3420
3421 n_entries = validate_acl_mac_addrs(info->attrs[NL80211_ATTR_MAC_ADDRS]);
3422 if (n_entries < 0)
3423 return ERR_PTR(n_entries);
3424
3425 if (n_entries > wiphy->max_acl_mac_addrs)
3426 return ERR_PTR(-ENOTSUPP);
3427
3428 acl = kzalloc(sizeof(*acl) + (sizeof(struct mac_address) * n_entries),
3429 GFP_KERNEL);
3430 if (!acl)
3431 return ERR_PTR(-ENOMEM);
3432
3433 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_MAC_ADDRS], tmp) {
3434 memcpy(acl->mac_addrs[i].addr, nla_data(attr), ETH_ALEN);
3435 i++;
3436 }
3437
3438 acl->n_acl_entries = n_entries;
3439 acl->acl_policy = acl_policy;
3440
3441 return acl;
3442 }
3443
3444 static int nl80211_set_mac_acl(struct sk_buff *skb, struct genl_info *info)
3445 {
3446 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3447 struct net_device *dev = info->user_ptr[1];
3448 struct cfg80211_acl_data *acl;
3449 int err;
3450
3451 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
3452 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3453 return -EOPNOTSUPP;
3454
3455 if (!dev->ieee80211_ptr->beacon_interval)
3456 return -EINVAL;
3457
3458 acl = parse_acl_data(&rdev->wiphy, info);
3459 if (IS_ERR(acl))
3460 return PTR_ERR(acl);
3461
3462 err = rdev_set_mac_acl(rdev, dev, acl);
3463
3464 kfree(acl);
3465
3466 return err;
3467 }
3468
3469 static u32 rateset_to_mask(struct ieee80211_supported_band *sband,
3470 u8 *rates, u8 rates_len)
3471 {
3472 u8 i;
3473 u32 mask = 0;
3474
3475 for (i = 0; i < rates_len; i++) {
3476 int rate = (rates[i] & 0x7f) * 5;
3477 int ridx;
3478
3479 for (ridx = 0; ridx < sband->n_bitrates; ridx++) {
3480 struct ieee80211_rate *srate =
3481 &sband->bitrates[ridx];
3482 if (rate == srate->bitrate) {
3483 mask |= 1 << ridx;
3484 break;
3485 }
3486 }
3487 if (ridx == sband->n_bitrates)
3488 return 0; /* rate not found */
3489 }
3490
3491 return mask;
3492 }
3493
3494 static bool ht_rateset_to_mask(struct ieee80211_supported_band *sband,
3495 u8 *rates, u8 rates_len,
3496 u8 mcs[IEEE80211_HT_MCS_MASK_LEN])
3497 {
3498 u8 i;
3499
3500 memset(mcs, 0, IEEE80211_HT_MCS_MASK_LEN);
3501
3502 for (i = 0; i < rates_len; i++) {
3503 int ridx, rbit;
3504
3505 ridx = rates[i] / 8;
3506 rbit = BIT(rates[i] % 8);
3507
3508 /* check validity */
3509 if ((ridx < 0) || (ridx >= IEEE80211_HT_MCS_MASK_LEN))
3510 return false;
3511
3512 /* check availability */
3513 if (sband->ht_cap.mcs.rx_mask[ridx] & rbit)
3514 mcs[ridx] |= rbit;
3515 else
3516 return false;
3517 }
3518
3519 return true;
3520 }
3521
3522 static u16 vht_mcs_map_to_mcs_mask(u8 vht_mcs_map)
3523 {
3524 u16 mcs_mask = 0;
3525
3526 switch (vht_mcs_map) {
3527 case IEEE80211_VHT_MCS_NOT_SUPPORTED:
3528 break;
3529 case IEEE80211_VHT_MCS_SUPPORT_0_7:
3530 mcs_mask = 0x00FF;
3531 break;
3532 case IEEE80211_VHT_MCS_SUPPORT_0_8:
3533 mcs_mask = 0x01FF;
3534 break;
3535 case IEEE80211_VHT_MCS_SUPPORT_0_9:
3536 mcs_mask = 0x03FF;
3537 break;
3538 default:
3539 break;
3540 }
3541
3542 return mcs_mask;
3543 }
3544
3545 static void vht_build_mcs_mask(u16 vht_mcs_map,
3546 u16 vht_mcs_mask[NL80211_VHT_NSS_MAX])
3547 {
3548 u8 nss;
3549
3550 for (nss = 0; nss < NL80211_VHT_NSS_MAX; nss++) {
3551 vht_mcs_mask[nss] = vht_mcs_map_to_mcs_mask(vht_mcs_map & 0x03);
3552 vht_mcs_map >>= 2;
3553 }
3554 }
3555
3556 static bool vht_set_mcs_mask(struct ieee80211_supported_band *sband,
3557 struct nl80211_txrate_vht *txrate,
3558 u16 mcs[NL80211_VHT_NSS_MAX])
3559 {
3560 u16 tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
3561 u16 tx_mcs_mask[NL80211_VHT_NSS_MAX] = {};
3562 u8 i;
3563
3564 if (!sband->vht_cap.vht_supported)
3565 return false;
3566
3567 memset(mcs, 0, sizeof(u16) * NL80211_VHT_NSS_MAX);
3568
3569 /* Build vht_mcs_mask from VHT capabilities */
3570 vht_build_mcs_mask(tx_mcs_map, tx_mcs_mask);
3571
3572 for (i = 0; i < NL80211_VHT_NSS_MAX; i++) {
3573 if ((tx_mcs_mask[i] & txrate->mcs[i]) == txrate->mcs[i])
3574 mcs[i] = txrate->mcs[i];
3575 else
3576 return false;
3577 }
3578
3579 return true;
3580 }
3581
3582 static const struct nla_policy nl80211_txattr_policy[NL80211_TXRATE_MAX + 1] = {
3583 [NL80211_TXRATE_LEGACY] = { .type = NLA_BINARY,
3584 .len = NL80211_MAX_SUPP_RATES },
3585 [NL80211_TXRATE_HT] = { .type = NLA_BINARY,
3586 .len = NL80211_MAX_SUPP_HT_RATES },
3587 [NL80211_TXRATE_VHT] = { .len = sizeof(struct nl80211_txrate_vht)},
3588 [NL80211_TXRATE_GI] = { .type = NLA_U8 },
3589 };
3590
3591 static int nl80211_parse_tx_bitrate_mask(struct genl_info *info,
3592 struct cfg80211_bitrate_mask *mask)
3593 {
3594 struct nlattr *tb[NL80211_TXRATE_MAX + 1];
3595 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3596 int rem, i;
3597 struct nlattr *tx_rates;
3598 struct ieee80211_supported_band *sband;
3599 u16 vht_tx_mcs_map;
3600
3601 memset(mask, 0, sizeof(*mask));
3602 /* Default to all rates enabled */
3603 for (i = 0; i < NUM_NL80211_BANDS; i++) {
3604 sband = rdev->wiphy.bands[i];
3605
3606 if (!sband)
3607 continue;
3608
3609 mask->control[i].legacy = (1 << sband->n_bitrates) - 1;
3610 memcpy(mask->control[i].ht_mcs,
3611 sband->ht_cap.mcs.rx_mask,
3612 sizeof(mask->control[i].ht_mcs));
3613
3614 if (!sband->vht_cap.vht_supported)
3615 continue;
3616
3617 vht_tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
3618 vht_build_mcs_mask(vht_tx_mcs_map, mask->control[i].vht_mcs);
3619 }
3620
3621 /* if no rates are given set it back to the defaults */
3622 if (!info->attrs[NL80211_ATTR_TX_RATES])
3623 goto out;
3624
3625 /* The nested attribute uses enum nl80211_band as the index. This maps
3626 * directly to the enum nl80211_band values used in cfg80211.
3627 */
3628 BUILD_BUG_ON(NL80211_MAX_SUPP_HT_RATES > IEEE80211_HT_MCS_MASK_LEN * 8);
3629 nla_for_each_nested(tx_rates, info->attrs[NL80211_ATTR_TX_RATES], rem) {
3630 enum nl80211_band band = nla_type(tx_rates);
3631 int err;
3632
3633 if (band < 0 || band >= NUM_NL80211_BANDS)
3634 return -EINVAL;
3635 sband = rdev->wiphy.bands[band];
3636 if (sband == NULL)
3637 return -EINVAL;
3638 err = nla_parse_nested(tb, NL80211_TXRATE_MAX, tx_rates,
3639 nl80211_txattr_policy, info->extack);
3640 if (err)
3641 return err;
3642 if (tb[NL80211_TXRATE_LEGACY]) {
3643 mask->control[band].legacy = rateset_to_mask(
3644 sband,
3645 nla_data(tb[NL80211_TXRATE_LEGACY]),
3646 nla_len(tb[NL80211_TXRATE_LEGACY]));
3647 if ((mask->control[band].legacy == 0) &&
3648 nla_len(tb[NL80211_TXRATE_LEGACY]))
3649 return -EINVAL;
3650 }
3651 if (tb[NL80211_TXRATE_HT]) {
3652 if (!ht_rateset_to_mask(
3653 sband,
3654 nla_data(tb[NL80211_TXRATE_HT]),
3655 nla_len(tb[NL80211_TXRATE_HT]),
3656 mask->control[band].ht_mcs))
3657 return -EINVAL;
3658 }
3659 if (tb[NL80211_TXRATE_VHT]) {
3660 if (!vht_set_mcs_mask(
3661 sband,
3662 nla_data(tb[NL80211_TXRATE_VHT]),
3663 mask->control[band].vht_mcs))
3664 return -EINVAL;
3665 }
3666 if (tb[NL80211_TXRATE_GI]) {
3667 mask->control[band].gi =
3668 nla_get_u8(tb[NL80211_TXRATE_GI]);
3669 if (mask->control[band].gi > NL80211_TXRATE_FORCE_LGI)
3670 return -EINVAL;
3671 }
3672
3673 if (mask->control[band].legacy == 0) {
3674 /* don't allow empty legacy rates if HT or VHT
3675 * are not even supported.
3676 */
3677 if (!(rdev->wiphy.bands[band]->ht_cap.ht_supported ||
3678 rdev->wiphy.bands[band]->vht_cap.vht_supported))
3679 return -EINVAL;
3680
3681 for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++)
3682 if (mask->control[band].ht_mcs[i])
3683 goto out;
3684
3685 for (i = 0; i < NL80211_VHT_NSS_MAX; i++)
3686 if (mask->control[band].vht_mcs[i])
3687 goto out;
3688
3689 /* legacy and mcs rates may not be both empty */
3690 return -EINVAL;
3691 }
3692 }
3693
3694 out:
3695 return 0;
3696 }
3697
3698 static int validate_beacon_tx_rate(struct cfg80211_registered_device *rdev,
3699 enum nl80211_band band,
3700 struct cfg80211_bitrate_mask *beacon_rate)
3701 {
3702 u32 count_ht, count_vht, i;
3703 u32 rate = beacon_rate->control[band].legacy;
3704
3705 /* Allow only one rate */
3706 if (hweight32(rate) > 1)
3707 return -EINVAL;
3708
3709 count_ht = 0;
3710 for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++) {
3711 if (hweight8(beacon_rate->control[band].ht_mcs[i]) > 1) {
3712 return -EINVAL;
3713 } else if (beacon_rate->control[band].ht_mcs[i]) {
3714 count_ht++;
3715 if (count_ht > 1)
3716 return -EINVAL;
3717 }
3718 if (count_ht && rate)
3719 return -EINVAL;
3720 }
3721
3722 count_vht = 0;
3723 for (i = 0; i < NL80211_VHT_NSS_MAX; i++) {
3724 if (hweight16(beacon_rate->control[band].vht_mcs[i]) > 1) {
3725 return -EINVAL;
3726 } else if (beacon_rate->control[band].vht_mcs[i]) {
3727 count_vht++;
3728 if (count_vht > 1)
3729 return -EINVAL;
3730 }
3731 if (count_vht && rate)
3732 return -EINVAL;
3733 }
3734
3735 if ((count_ht && count_vht) || (!rate && !count_ht && !count_vht))
3736 return -EINVAL;
3737
3738 if (rate &&
3739 !wiphy_ext_feature_isset(&rdev->wiphy,
3740 NL80211_EXT_FEATURE_BEACON_RATE_LEGACY))
3741 return -EINVAL;
3742 if (count_ht &&
3743 !wiphy_ext_feature_isset(&rdev->wiphy,
3744 NL80211_EXT_FEATURE_BEACON_RATE_HT))
3745 return -EINVAL;
3746 if (count_vht &&
3747 !wiphy_ext_feature_isset(&rdev->wiphy,
3748 NL80211_EXT_FEATURE_BEACON_RATE_VHT))
3749 return -EINVAL;
3750
3751 return 0;
3752 }
3753
3754 static int nl80211_parse_beacon(struct nlattr *attrs[],
3755 struct cfg80211_beacon_data *bcn)
3756 {
3757 bool haveinfo = false;
3758
3759 if (!is_valid_ie_attr(attrs[NL80211_ATTR_BEACON_TAIL]) ||
3760 !is_valid_ie_attr(attrs[NL80211_ATTR_IE]) ||
3761 !is_valid_ie_attr(attrs[NL80211_ATTR_IE_PROBE_RESP]) ||
3762 !is_valid_ie_attr(attrs[NL80211_ATTR_IE_ASSOC_RESP]))
3763 return -EINVAL;
3764
3765 memset(bcn, 0, sizeof(*bcn));
3766
3767 if (attrs[NL80211_ATTR_BEACON_HEAD]) {
3768 bcn->head = nla_data(attrs[NL80211_ATTR_BEACON_HEAD]);
3769 bcn->head_len = nla_len(attrs[NL80211_ATTR_BEACON_HEAD]);
3770 if (!bcn->head_len)
3771 return -EINVAL;
3772 haveinfo = true;
3773 }
3774
3775 if (attrs[NL80211_ATTR_BEACON_TAIL]) {
3776 bcn->tail = nla_data(attrs[NL80211_ATTR_BEACON_TAIL]);
3777 bcn->tail_len = nla_len(attrs[NL80211_ATTR_BEACON_TAIL]);
3778 haveinfo = true;
3779 }
3780
3781 if (!haveinfo)
3782 return -EINVAL;
3783
3784 if (attrs[NL80211_ATTR_IE]) {
3785 bcn->beacon_ies = nla_data(attrs[NL80211_ATTR_IE]);
3786 bcn->beacon_ies_len = nla_len(attrs[NL80211_ATTR_IE]);
3787 }
3788
3789 if (attrs[NL80211_ATTR_IE_PROBE_RESP]) {
3790 bcn->proberesp_ies =
3791 nla_data(attrs[NL80211_ATTR_IE_PROBE_RESP]);
3792 bcn->proberesp_ies_len =
3793 nla_len(attrs[NL80211_ATTR_IE_PROBE_RESP]);
3794 }
3795
3796 if (attrs[NL80211_ATTR_IE_ASSOC_RESP]) {
3797 bcn->assocresp_ies =
3798 nla_data(attrs[NL80211_ATTR_IE_ASSOC_RESP]);
3799 bcn->assocresp_ies_len =
3800 nla_len(attrs[NL80211_ATTR_IE_ASSOC_RESP]);
3801 }
3802
3803 if (attrs[NL80211_ATTR_PROBE_RESP]) {
3804 bcn->probe_resp = nla_data(attrs[NL80211_ATTR_PROBE_RESP]);
3805 bcn->probe_resp_len = nla_len(attrs[NL80211_ATTR_PROBE_RESP]);
3806 }
3807
3808 return 0;
3809 }
3810
3811 static void nl80211_check_ap_rate_selectors(struct cfg80211_ap_settings *params,
3812 const u8 *rates)
3813 {
3814 int i;
3815
3816 if (!rates)
3817 return;
3818
3819 for (i = 0; i < rates[1]; i++) {
3820 if (rates[2 + i] == BSS_MEMBERSHIP_SELECTOR_HT_PHY)
3821 params->ht_required = true;
3822 if (rates[2 + i] == BSS_MEMBERSHIP_SELECTOR_VHT_PHY)
3823 params->vht_required = true;
3824 }
3825 }
3826
3827 /*
3828 * Since the nl80211 API didn't include, from the beginning, attributes about
3829 * HT/VHT requirements/capabilities, we parse them out of the IEs for the
3830 * benefit of drivers that rebuild IEs in the firmware.
3831 */
3832 static void nl80211_calculate_ap_params(struct cfg80211_ap_settings *params)
3833 {
3834 const struct cfg80211_beacon_data *bcn = &params->beacon;
3835 size_t ies_len = bcn->tail_len;
3836 const u8 *ies = bcn->tail;
3837 const u8 *rates;
3838 const u8 *cap;
3839
3840 rates = cfg80211_find_ie(WLAN_EID_SUPP_RATES, ies, ies_len);
3841 nl80211_check_ap_rate_selectors(params, rates);
3842
3843 rates = cfg80211_find_ie(WLAN_EID_EXT_SUPP_RATES, ies, ies_len);
3844 nl80211_check_ap_rate_selectors(params, rates);
3845
3846 cap = cfg80211_find_ie(WLAN_EID_HT_CAPABILITY, ies, ies_len);
3847 if (cap && cap[1] >= sizeof(*params->ht_cap))
3848 params->ht_cap = (void *)(cap + 2);
3849 cap = cfg80211_find_ie(WLAN_EID_VHT_CAPABILITY, ies, ies_len);
3850 if (cap && cap[1] >= sizeof(*params->vht_cap))
3851 params->vht_cap = (void *)(cap + 2);
3852 }
3853
3854 static bool nl80211_get_ap_channel(struct cfg80211_registered_device *rdev,
3855 struct cfg80211_ap_settings *params)
3856 {
3857 struct wireless_dev *wdev;
3858 bool ret = false;
3859
3860 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
3861 if (wdev->iftype != NL80211_IFTYPE_AP &&
3862 wdev->iftype != NL80211_IFTYPE_P2P_GO)
3863 continue;
3864
3865 if (!wdev->preset_chandef.chan)
3866 continue;
3867
3868 params->chandef = wdev->preset_chandef;
3869 ret = true;
3870 break;
3871 }
3872
3873 return ret;
3874 }
3875
3876 static bool nl80211_valid_auth_type(struct cfg80211_registered_device *rdev,
3877 enum nl80211_auth_type auth_type,
3878 enum nl80211_commands cmd)
3879 {
3880 if (auth_type > NL80211_AUTHTYPE_MAX)
3881 return false;
3882
3883 switch (cmd) {
3884 case NL80211_CMD_AUTHENTICATE:
3885 if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) &&
3886 auth_type == NL80211_AUTHTYPE_SAE)
3887 return false;
3888 if (!wiphy_ext_feature_isset(&rdev->wiphy,
3889 NL80211_EXT_FEATURE_FILS_STA) &&
3890 (auth_type == NL80211_AUTHTYPE_FILS_SK ||
3891 auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
3892 auth_type == NL80211_AUTHTYPE_FILS_PK))
3893 return false;
3894 return true;
3895 case NL80211_CMD_CONNECT:
3896 /* SAE not supported yet */
3897 if (auth_type == NL80211_AUTHTYPE_SAE)
3898 return false;
3899 /* FILS with SK PFS or PK not supported yet */
3900 if (auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
3901 auth_type == NL80211_AUTHTYPE_FILS_PK)
3902 return false;
3903 if (!wiphy_ext_feature_isset(
3904 &rdev->wiphy,
3905 NL80211_EXT_FEATURE_FILS_SK_OFFLOAD) &&
3906 auth_type == NL80211_AUTHTYPE_FILS_SK)
3907 return false;
3908 return true;
3909 case NL80211_CMD_START_AP:
3910 /* SAE not supported yet */
3911 if (auth_type == NL80211_AUTHTYPE_SAE)
3912 return false;
3913 /* FILS not supported yet */
3914 if (auth_type == NL80211_AUTHTYPE_FILS_SK ||
3915 auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
3916 auth_type == NL80211_AUTHTYPE_FILS_PK)
3917 return false;
3918 return true;
3919 default:
3920 return false;
3921 }
3922 }
3923
3924 static int nl80211_start_ap(struct sk_buff *skb, struct genl_info *info)
3925 {
3926 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3927 struct net_device *dev = info->user_ptr[1];
3928 struct wireless_dev *wdev = dev->ieee80211_ptr;
3929 struct cfg80211_ap_settings params;
3930 int err;
3931
3932 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
3933 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3934 return -EOPNOTSUPP;
3935
3936 if (!rdev->ops->start_ap)
3937 return -EOPNOTSUPP;
3938
3939 if (wdev->beacon_interval)
3940 return -EALREADY;
3941
3942 memset(&params, 0, sizeof(params));
3943
3944 /* these are required for START_AP */
3945 if (!info->attrs[NL80211_ATTR_BEACON_INTERVAL] ||
3946 !info->attrs[NL80211_ATTR_DTIM_PERIOD] ||
3947 !info->attrs[NL80211_ATTR_BEACON_HEAD])
3948 return -EINVAL;
3949
3950 err = nl80211_parse_beacon(info->attrs, &params.beacon);
3951 if (err)
3952 return err;
3953
3954 params.beacon_interval =
3955 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
3956 params.dtim_period =
3957 nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
3958
3959 err = cfg80211_validate_beacon_int(rdev, dev->ieee80211_ptr->iftype,
3960 params.beacon_interval);
3961 if (err)
3962 return err;
3963
3964 /*
3965 * In theory, some of these attributes should be required here
3966 * but since they were not used when the command was originally
3967 * added, keep them optional for old user space programs to let
3968 * them continue to work with drivers that do not need the
3969 * additional information -- drivers must check!
3970 */
3971 if (info->attrs[NL80211_ATTR_SSID]) {
3972 params.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
3973 params.ssid_len =
3974 nla_len(info->attrs[NL80211_ATTR_SSID]);
3975 if (params.ssid_len == 0 ||
3976 params.ssid_len > IEEE80211_MAX_SSID_LEN)
3977 return -EINVAL;
3978 }
3979
3980 if (info->attrs[NL80211_ATTR_HIDDEN_SSID]) {
3981 params.hidden_ssid = nla_get_u32(
3982 info->attrs[NL80211_ATTR_HIDDEN_SSID]);
3983 if (params.hidden_ssid != NL80211_HIDDEN_SSID_NOT_IN_USE &&
3984 params.hidden_ssid != NL80211_HIDDEN_SSID_ZERO_LEN &&
3985 params.hidden_ssid != NL80211_HIDDEN_SSID_ZERO_CONTENTS)
3986 return -EINVAL;
3987 }
3988
3989 params.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
3990
3991 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
3992 params.auth_type = nla_get_u32(
3993 info->attrs[NL80211_ATTR_AUTH_TYPE]);
3994 if (!nl80211_valid_auth_type(rdev, params.auth_type,
3995 NL80211_CMD_START_AP))
3996 return -EINVAL;
3997 } else
3998 params.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
3999
4000 err = nl80211_crypto_settings(rdev, info, &params.crypto,
4001 NL80211_MAX_NR_CIPHER_SUITES);
4002 if (err)
4003 return err;
4004
4005 if (info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]) {
4006 if (!(rdev->wiphy.features & NL80211_FEATURE_INACTIVITY_TIMER))
4007 return -EOPNOTSUPP;
4008 params.inactivity_timeout = nla_get_u16(
4009 info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]);
4010 }
4011
4012 if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
4013 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4014 return -EINVAL;
4015 params.p2p_ctwindow =
4016 nla_get_u8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
4017 if (params.p2p_ctwindow > 127)
4018 return -EINVAL;
4019 if (params.p2p_ctwindow != 0 &&
4020 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN))
4021 return -EINVAL;
4022 }
4023
4024 if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
4025 u8 tmp;
4026
4027 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4028 return -EINVAL;
4029 tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
4030 if (tmp > 1)
4031 return -EINVAL;
4032 params.p2p_opp_ps = tmp;
4033 if (params.p2p_opp_ps != 0 &&
4034 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS))
4035 return -EINVAL;
4036 }
4037
4038 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
4039 err = nl80211_parse_chandef(rdev, info, &params.chandef);
4040 if (err)
4041 return err;
4042 } else if (wdev->preset_chandef.chan) {
4043 params.chandef = wdev->preset_chandef;
4044 } else if (!nl80211_get_ap_channel(rdev, &params))
4045 return -EINVAL;
4046
4047 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &params.chandef,
4048 wdev->iftype))
4049 return -EINVAL;
4050
4051 if (info->attrs[NL80211_ATTR_TX_RATES]) {
4052 err = nl80211_parse_tx_bitrate_mask(info, &params.beacon_rate);
4053 if (err)
4054 return err;
4055
4056 err = validate_beacon_tx_rate(rdev, params.chandef.chan->band,
4057 &params.beacon_rate);
4058 if (err)
4059 return err;
4060 }
4061
4062 if (info->attrs[NL80211_ATTR_SMPS_MODE]) {
4063 params.smps_mode =
4064 nla_get_u8(info->attrs[NL80211_ATTR_SMPS_MODE]);
4065 switch (params.smps_mode) {
4066 case NL80211_SMPS_OFF:
4067 break;
4068 case NL80211_SMPS_STATIC:
4069 if (!(rdev->wiphy.features &
4070 NL80211_FEATURE_STATIC_SMPS))
4071 return -EINVAL;
4072 break;
4073 case NL80211_SMPS_DYNAMIC:
4074 if (!(rdev->wiphy.features &
4075 NL80211_FEATURE_DYNAMIC_SMPS))
4076 return -EINVAL;
4077 break;
4078 default:
4079 return -EINVAL;
4080 }
4081 } else {
4082 params.smps_mode = NL80211_SMPS_OFF;
4083 }
4084
4085 params.pbss = nla_get_flag(info->attrs[NL80211_ATTR_PBSS]);
4086 if (params.pbss && !rdev->wiphy.bands[NL80211_BAND_60GHZ])
4087 return -EOPNOTSUPP;
4088
4089 if (info->attrs[NL80211_ATTR_ACL_POLICY]) {
4090 params.acl = parse_acl_data(&rdev->wiphy, info);
4091 if (IS_ERR(params.acl))
4092 return PTR_ERR(params.acl);
4093 }
4094
4095 nl80211_calculate_ap_params(&params);
4096
4097 wdev_lock(wdev);
4098 err = rdev_start_ap(rdev, dev, &params);
4099 if (!err) {
4100 wdev->preset_chandef = params.chandef;
4101 wdev->beacon_interval = params.beacon_interval;
4102 wdev->chandef = params.chandef;
4103 wdev->ssid_len = params.ssid_len;
4104 memcpy(wdev->ssid, params.ssid, wdev->ssid_len);
4105 }
4106 wdev_unlock(wdev);
4107
4108 kfree(params.acl);
4109
4110 return err;
4111 }
4112
4113 static int nl80211_set_beacon(struct sk_buff *skb, struct genl_info *info)
4114 {
4115 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4116 struct net_device *dev = info->user_ptr[1];
4117 struct wireless_dev *wdev = dev->ieee80211_ptr;
4118 struct cfg80211_beacon_data params;
4119 int err;
4120
4121 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
4122 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4123 return -EOPNOTSUPP;
4124
4125 if (!rdev->ops->change_beacon)
4126 return -EOPNOTSUPP;
4127
4128 if (!wdev->beacon_interval)
4129 return -EINVAL;
4130
4131 err = nl80211_parse_beacon(info->attrs, &params);
4132 if (err)
4133 return err;
4134
4135 wdev_lock(wdev);
4136 err = rdev_change_beacon(rdev, dev, &params);
4137 wdev_unlock(wdev);
4138
4139 return err;
4140 }
4141
4142 static int nl80211_stop_ap(struct sk_buff *skb, struct genl_info *info)
4143 {
4144 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4145 struct net_device *dev = info->user_ptr[1];
4146
4147 return cfg80211_stop_ap(rdev, dev, false);
4148 }
4149
4150 static const struct nla_policy sta_flags_policy[NL80211_STA_FLAG_MAX + 1] = {
4151 [NL80211_STA_FLAG_AUTHORIZED] = { .type = NLA_FLAG },
4152 [NL80211_STA_FLAG_SHORT_PREAMBLE] = { .type = NLA_FLAG },
4153 [NL80211_STA_FLAG_WME] = { .type = NLA_FLAG },
4154 [NL80211_STA_FLAG_MFP] = { .type = NLA_FLAG },
4155 [NL80211_STA_FLAG_AUTHENTICATED] = { .type = NLA_FLAG },
4156 [NL80211_STA_FLAG_TDLS_PEER] = { .type = NLA_FLAG },
4157 };
4158
4159 static int parse_station_flags(struct genl_info *info,
4160 enum nl80211_iftype iftype,
4161 struct station_parameters *params)
4162 {
4163 struct nlattr *flags[NL80211_STA_FLAG_MAX + 1];
4164 struct nlattr *nla;
4165 int flag;
4166
4167 /*
4168 * Try parsing the new attribute first so userspace
4169 * can specify both for older kernels.
4170 */
4171 nla = info->attrs[NL80211_ATTR_STA_FLAGS2];
4172 if (nla) {
4173 struct nl80211_sta_flag_update *sta_flags;
4174
4175 sta_flags = nla_data(nla);
4176 params->sta_flags_mask = sta_flags->mask;
4177 params->sta_flags_set = sta_flags->set;
4178 params->sta_flags_set &= params->sta_flags_mask;
4179 if ((params->sta_flags_mask |
4180 params->sta_flags_set) & BIT(__NL80211_STA_FLAG_INVALID))
4181 return -EINVAL;
4182 return 0;
4183 }
4184
4185 /* if present, parse the old attribute */
4186
4187 nla = info->attrs[NL80211_ATTR_STA_FLAGS];
4188 if (!nla)
4189 return 0;
4190
4191 if (nla_parse_nested(flags, NL80211_STA_FLAG_MAX, nla,
4192 sta_flags_policy, info->extack))
4193 return -EINVAL;
4194
4195 /*
4196 * Only allow certain flags for interface types so that
4197 * other attributes are silently ignored. Remember that
4198 * this is backward compatibility code with old userspace
4199 * and shouldn't be hit in other cases anyway.
4200 */
4201 switch (iftype) {
4202 case NL80211_IFTYPE_AP:
4203 case NL80211_IFTYPE_AP_VLAN:
4204 case NL80211_IFTYPE_P2P_GO:
4205 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
4206 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
4207 BIT(NL80211_STA_FLAG_WME) |
4208 BIT(NL80211_STA_FLAG_MFP);
4209 break;
4210 case NL80211_IFTYPE_P2P_CLIENT:
4211 case NL80211_IFTYPE_STATION:
4212 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
4213 BIT(NL80211_STA_FLAG_TDLS_PEER);
4214 break;
4215 case NL80211_IFTYPE_MESH_POINT:
4216 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHENTICATED) |
4217 BIT(NL80211_STA_FLAG_MFP) |
4218 BIT(NL80211_STA_FLAG_AUTHORIZED);
4219 default:
4220 return -EINVAL;
4221 }
4222
4223 for (flag = 1; flag <= NL80211_STA_FLAG_MAX; flag++) {
4224 if (flags[flag]) {
4225 params->sta_flags_set |= (1<<flag);
4226
4227 /* no longer support new API additions in old API */
4228 if (flag > NL80211_STA_FLAG_MAX_OLD_API)
4229 return -EINVAL;
4230 }
4231 }
4232
4233 return 0;
4234 }
4235
4236 static bool nl80211_put_sta_rate(struct sk_buff *msg, struct rate_info *info,
4237 int attr)
4238 {
4239 struct nlattr *rate;
4240 u32 bitrate;
4241 u16 bitrate_compat;
4242 enum nl80211_rate_info rate_flg;
4243
4244 rate = nla_nest_start(msg, attr);
4245 if (!rate)
4246 return false;
4247
4248 /* cfg80211_calculate_bitrate will return 0 for mcs >= 32 */
4249 bitrate = cfg80211_calculate_bitrate(info);
4250 /* report 16-bit bitrate only if we can */
4251 bitrate_compat = bitrate < (1UL << 16) ? bitrate : 0;
4252 if (bitrate > 0 &&
4253 nla_put_u32(msg, NL80211_RATE_INFO_BITRATE32, bitrate))
4254 return false;
4255 if (bitrate_compat > 0 &&
4256 nla_put_u16(msg, NL80211_RATE_INFO_BITRATE, bitrate_compat))
4257 return false;
4258
4259 switch (info->bw) {
4260 case RATE_INFO_BW_5:
4261 rate_flg = NL80211_RATE_INFO_5_MHZ_WIDTH;
4262 break;
4263 case RATE_INFO_BW_10:
4264 rate_flg = NL80211_RATE_INFO_10_MHZ_WIDTH;
4265 break;
4266 default:
4267 WARN_ON(1);
4268 /* fall through */
4269 case RATE_INFO_BW_20:
4270 rate_flg = 0;
4271 break;
4272 case RATE_INFO_BW_40:
4273 rate_flg = NL80211_RATE_INFO_40_MHZ_WIDTH;
4274 break;
4275 case RATE_INFO_BW_80:
4276 rate_flg = NL80211_RATE_INFO_80_MHZ_WIDTH;
4277 break;
4278 case RATE_INFO_BW_160:
4279 rate_flg = NL80211_RATE_INFO_160_MHZ_WIDTH;
4280 break;
4281 }
4282
4283 if (rate_flg && nla_put_flag(msg, rate_flg))
4284 return false;
4285
4286 if (info->flags & RATE_INFO_FLAGS_MCS) {
4287 if (nla_put_u8(msg, NL80211_RATE_INFO_MCS, info->mcs))
4288 return false;
4289 if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
4290 nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
4291 return false;
4292 } else if (info->flags & RATE_INFO_FLAGS_VHT_MCS) {
4293 if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_MCS, info->mcs))
4294 return false;
4295 if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_NSS, info->nss))
4296 return false;
4297 if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
4298 nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
4299 return false;
4300 }
4301
4302 nla_nest_end(msg, rate);
4303 return true;
4304 }
4305
4306 static bool nl80211_put_signal(struct sk_buff *msg, u8 mask, s8 *signal,
4307 int id)
4308 {
4309 void *attr;
4310 int i = 0;
4311
4312 if (!mask)
4313 return true;
4314
4315 attr = nla_nest_start(msg, id);
4316 if (!attr)
4317 return false;
4318
4319 for (i = 0; i < IEEE80211_MAX_CHAINS; i++) {
4320 if (!(mask & BIT(i)))
4321 continue;
4322
4323 if (nla_put_u8(msg, i, signal[i]))
4324 return false;
4325 }
4326
4327 nla_nest_end(msg, attr);
4328
4329 return true;
4330 }
4331
4332 static int nl80211_send_station(struct sk_buff *msg, u32 cmd, u32 portid,
4333 u32 seq, int flags,
4334 struct cfg80211_registered_device *rdev,
4335 struct net_device *dev,
4336 const u8 *mac_addr, struct station_info *sinfo)
4337 {
4338 void *hdr;
4339 struct nlattr *sinfoattr, *bss_param;
4340
4341 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
4342 if (!hdr)
4343 return -1;
4344
4345 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
4346 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
4347 nla_put_u32(msg, NL80211_ATTR_GENERATION, sinfo->generation))
4348 goto nla_put_failure;
4349
4350 sinfoattr = nla_nest_start(msg, NL80211_ATTR_STA_INFO);
4351 if (!sinfoattr)
4352 goto nla_put_failure;
4353
4354 #define PUT_SINFO(attr, memb, type) do { \
4355 BUILD_BUG_ON(sizeof(type) == sizeof(u64)); \
4356 if (sinfo->filled & (1ULL << NL80211_STA_INFO_ ## attr) && \
4357 nla_put_ ## type(msg, NL80211_STA_INFO_ ## attr, \
4358 sinfo->memb)) \
4359 goto nla_put_failure; \
4360 } while (0)
4361 #define PUT_SINFO_U64(attr, memb) do { \
4362 if (sinfo->filled & (1ULL << NL80211_STA_INFO_ ## attr) && \
4363 nla_put_u64_64bit(msg, NL80211_STA_INFO_ ## attr, \
4364 sinfo->memb, NL80211_STA_INFO_PAD)) \
4365 goto nla_put_failure; \
4366 } while (0)
4367
4368 PUT_SINFO(CONNECTED_TIME, connected_time, u32);
4369 PUT_SINFO(INACTIVE_TIME, inactive_time, u32);
4370
4371 if (sinfo->filled & (BIT(NL80211_STA_INFO_RX_BYTES) |
4372 BIT(NL80211_STA_INFO_RX_BYTES64)) &&
4373 nla_put_u32(msg, NL80211_STA_INFO_RX_BYTES,
4374 (u32)sinfo->rx_bytes))
4375 goto nla_put_failure;
4376
4377 if (sinfo->filled & (BIT(NL80211_STA_INFO_TX_BYTES) |
4378 BIT(NL80211_STA_INFO_TX_BYTES64)) &&
4379 nla_put_u32(msg, NL80211_STA_INFO_TX_BYTES,
4380 (u32)sinfo->tx_bytes))
4381 goto nla_put_failure;
4382
4383 PUT_SINFO_U64(RX_BYTES64, rx_bytes);
4384 PUT_SINFO_U64(TX_BYTES64, tx_bytes);
4385 PUT_SINFO(LLID, llid, u16);
4386 PUT_SINFO(PLID, plid, u16);
4387 PUT_SINFO(PLINK_STATE, plink_state, u8);
4388 PUT_SINFO_U64(RX_DURATION, rx_duration);
4389
4390 switch (rdev->wiphy.signal_type) {
4391 case CFG80211_SIGNAL_TYPE_MBM:
4392 PUT_SINFO(SIGNAL, signal, u8);
4393 PUT_SINFO(SIGNAL_AVG, signal_avg, u8);
4394 break;
4395 default:
4396 break;
4397 }
4398 if (sinfo->filled & BIT(NL80211_STA_INFO_CHAIN_SIGNAL)) {
4399 if (!nl80211_put_signal(msg, sinfo->chains,
4400 sinfo->chain_signal,
4401 NL80211_STA_INFO_CHAIN_SIGNAL))
4402 goto nla_put_failure;
4403 }
4404 if (sinfo->filled & BIT(NL80211_STA_INFO_CHAIN_SIGNAL_AVG)) {
4405 if (!nl80211_put_signal(msg, sinfo->chains,
4406 sinfo->chain_signal_avg,
4407 NL80211_STA_INFO_CHAIN_SIGNAL_AVG))
4408 goto nla_put_failure;
4409 }
4410 if (sinfo->filled & BIT(NL80211_STA_INFO_TX_BITRATE)) {
4411 if (!nl80211_put_sta_rate(msg, &sinfo->txrate,
4412 NL80211_STA_INFO_TX_BITRATE))
4413 goto nla_put_failure;
4414 }
4415 if (sinfo->filled & BIT(NL80211_STA_INFO_RX_BITRATE)) {
4416 if (!nl80211_put_sta_rate(msg, &sinfo->rxrate,
4417 NL80211_STA_INFO_RX_BITRATE))
4418 goto nla_put_failure;
4419 }
4420
4421 PUT_SINFO(RX_PACKETS, rx_packets, u32);
4422 PUT_SINFO(TX_PACKETS, tx_packets, u32);
4423 PUT_SINFO(TX_RETRIES, tx_retries, u32);
4424 PUT_SINFO(TX_FAILED, tx_failed, u32);
4425 PUT_SINFO(EXPECTED_THROUGHPUT, expected_throughput, u32);
4426 PUT_SINFO(BEACON_LOSS, beacon_loss_count, u32);
4427 PUT_SINFO(LOCAL_PM, local_pm, u32);
4428 PUT_SINFO(PEER_PM, peer_pm, u32);
4429 PUT_SINFO(NONPEER_PM, nonpeer_pm, u32);
4430
4431 if (sinfo->filled & BIT(NL80211_STA_INFO_BSS_PARAM)) {
4432 bss_param = nla_nest_start(msg, NL80211_STA_INFO_BSS_PARAM);
4433 if (!bss_param)
4434 goto nla_put_failure;
4435
4436 if (((sinfo->bss_param.flags & BSS_PARAM_FLAGS_CTS_PROT) &&
4437 nla_put_flag(msg, NL80211_STA_BSS_PARAM_CTS_PROT)) ||
4438 ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_PREAMBLE) &&
4439 nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_PREAMBLE)) ||
4440 ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_SLOT_TIME) &&
4441 nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_SLOT_TIME)) ||
4442 nla_put_u8(msg, NL80211_STA_BSS_PARAM_DTIM_PERIOD,
4443 sinfo->bss_param.dtim_period) ||
4444 nla_put_u16(msg, NL80211_STA_BSS_PARAM_BEACON_INTERVAL,
4445 sinfo->bss_param.beacon_interval))
4446 goto nla_put_failure;
4447
4448 nla_nest_end(msg, bss_param);
4449 }
4450 if ((sinfo->filled & BIT(NL80211_STA_INFO_STA_FLAGS)) &&
4451 nla_put(msg, NL80211_STA_INFO_STA_FLAGS,
4452 sizeof(struct nl80211_sta_flag_update),
4453 &sinfo->sta_flags))
4454 goto nla_put_failure;
4455
4456 PUT_SINFO_U64(T_OFFSET, t_offset);
4457 PUT_SINFO_U64(RX_DROP_MISC, rx_dropped_misc);
4458 PUT_SINFO_U64(BEACON_RX, rx_beacon);
4459 PUT_SINFO(BEACON_SIGNAL_AVG, rx_beacon_signal_avg, u8);
4460
4461 #undef PUT_SINFO
4462 #undef PUT_SINFO_U64
4463
4464 if (sinfo->filled & BIT(NL80211_STA_INFO_TID_STATS)) {
4465 struct nlattr *tidsattr;
4466 int tid;
4467
4468 tidsattr = nla_nest_start(msg, NL80211_STA_INFO_TID_STATS);
4469 if (!tidsattr)
4470 goto nla_put_failure;
4471
4472 for (tid = 0; tid < IEEE80211_NUM_TIDS + 1; tid++) {
4473 struct cfg80211_tid_stats *tidstats;
4474 struct nlattr *tidattr;
4475
4476 tidstats = &sinfo->pertid[tid];
4477
4478 if (!tidstats->filled)
4479 continue;
4480
4481 tidattr = nla_nest_start(msg, tid + 1);
4482 if (!tidattr)
4483 goto nla_put_failure;
4484
4485 #define PUT_TIDVAL_U64(attr, memb) do { \
4486 if (tidstats->filled & BIT(NL80211_TID_STATS_ ## attr) && \
4487 nla_put_u64_64bit(msg, NL80211_TID_STATS_ ## attr, \
4488 tidstats->memb, NL80211_TID_STATS_PAD)) \
4489 goto nla_put_failure; \
4490 } while (0)
4491
4492 PUT_TIDVAL_U64(RX_MSDU, rx_msdu);
4493 PUT_TIDVAL_U64(TX_MSDU, tx_msdu);
4494 PUT_TIDVAL_U64(TX_MSDU_RETRIES, tx_msdu_retries);
4495 PUT_TIDVAL_U64(TX_MSDU_FAILED, tx_msdu_failed);
4496
4497 #undef PUT_TIDVAL_U64
4498 nla_nest_end(msg, tidattr);
4499 }
4500
4501 nla_nest_end(msg, tidsattr);
4502 }
4503
4504 nla_nest_end(msg, sinfoattr);
4505
4506 if (sinfo->assoc_req_ies_len &&
4507 nla_put(msg, NL80211_ATTR_IE, sinfo->assoc_req_ies_len,
4508 sinfo->assoc_req_ies))
4509 goto nla_put_failure;
4510
4511 genlmsg_end(msg, hdr);
4512 return 0;
4513
4514 nla_put_failure:
4515 genlmsg_cancel(msg, hdr);
4516 return -EMSGSIZE;
4517 }
4518
4519 static int nl80211_dump_station(struct sk_buff *skb,
4520 struct netlink_callback *cb)
4521 {
4522 struct station_info sinfo;
4523 struct cfg80211_registered_device *rdev;
4524 struct wireless_dev *wdev;
4525 u8 mac_addr[ETH_ALEN];
4526 int sta_idx = cb->args[2];
4527 int err;
4528
4529 rtnl_lock();
4530 err = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev);
4531 if (err)
4532 goto out_err;
4533
4534 if (!wdev->netdev) {
4535 err = -EINVAL;
4536 goto out_err;
4537 }
4538
4539 if (!rdev->ops->dump_station) {
4540 err = -EOPNOTSUPP;
4541 goto out_err;
4542 }
4543
4544 while (1) {
4545 memset(&sinfo, 0, sizeof(sinfo));
4546 err = rdev_dump_station(rdev, wdev->netdev, sta_idx,
4547 mac_addr, &sinfo);
4548 if (err == -ENOENT)
4549 break;
4550 if (err)
4551 goto out_err;
4552
4553 if (nl80211_send_station(skb, NL80211_CMD_NEW_STATION,
4554 NETLINK_CB(cb->skb).portid,
4555 cb->nlh->nlmsg_seq, NLM_F_MULTI,
4556 rdev, wdev->netdev, mac_addr,
4557 &sinfo) < 0)
4558 goto out;
4559
4560 sta_idx++;
4561 }
4562
4563 out:
4564 cb->args[2] = sta_idx;
4565 err = skb->len;
4566 out_err:
4567 rtnl_unlock();
4568
4569 return err;
4570 }
4571
4572 static int nl80211_get_station(struct sk_buff *skb, struct genl_info *info)
4573 {
4574 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4575 struct net_device *dev = info->user_ptr[1];
4576 struct station_info sinfo;
4577 struct sk_buff *msg;
4578 u8 *mac_addr = NULL;
4579 int err;
4580
4581 memset(&sinfo, 0, sizeof(sinfo));
4582
4583 if (!info->attrs[NL80211_ATTR_MAC])
4584 return -EINVAL;
4585
4586 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4587
4588 if (!rdev->ops->get_station)
4589 return -EOPNOTSUPP;
4590
4591 err = rdev_get_station(rdev, dev, mac_addr, &sinfo);
4592 if (err)
4593 return err;
4594
4595 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4596 if (!msg)
4597 return -ENOMEM;
4598
4599 if (nl80211_send_station(msg, NL80211_CMD_NEW_STATION,
4600 info->snd_portid, info->snd_seq, 0,
4601 rdev, dev, mac_addr, &sinfo) < 0) {
4602 nlmsg_free(msg);
4603 return -ENOBUFS;
4604 }
4605
4606 return genlmsg_reply(msg, info);
4607 }
4608
4609 int cfg80211_check_station_change(struct wiphy *wiphy,
4610 struct station_parameters *params,
4611 enum cfg80211_station_type statype)
4612 {
4613 if (params->listen_interval != -1 &&
4614 statype != CFG80211_STA_AP_CLIENT_UNASSOC)
4615 return -EINVAL;
4616
4617 if (params->support_p2p_ps != -1 &&
4618 statype != CFG80211_STA_AP_CLIENT_UNASSOC)
4619 return -EINVAL;
4620
4621 if (params->aid &&
4622 !(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) &&
4623 statype != CFG80211_STA_AP_CLIENT_UNASSOC)
4624 return -EINVAL;
4625
4626 /* When you run into this, adjust the code below for the new flag */
4627 BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 7);
4628
4629 switch (statype) {
4630 case CFG80211_STA_MESH_PEER_KERNEL:
4631 case CFG80211_STA_MESH_PEER_USER:
4632 /*
4633 * No ignoring the TDLS flag here -- the userspace mesh
4634 * code doesn't have the bug of including TDLS in the
4635 * mask everywhere.
4636 */
4637 if (params->sta_flags_mask &
4638 ~(BIT(NL80211_STA_FLAG_AUTHENTICATED) |
4639 BIT(NL80211_STA_FLAG_MFP) |
4640 BIT(NL80211_STA_FLAG_AUTHORIZED)))
4641 return -EINVAL;
4642 break;
4643 case CFG80211_STA_TDLS_PEER_SETUP:
4644 case CFG80211_STA_TDLS_PEER_ACTIVE:
4645 if (!(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
4646 return -EINVAL;
4647 /* ignore since it can't change */
4648 params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
4649 break;
4650 default:
4651 /* disallow mesh-specific things */
4652 if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION)
4653 return -EINVAL;
4654 if (params->local_pm)
4655 return -EINVAL;
4656 if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE)
4657 return -EINVAL;
4658 }
4659
4660 if (statype != CFG80211_STA_TDLS_PEER_SETUP &&
4661 statype != CFG80211_STA_TDLS_PEER_ACTIVE) {
4662 /* TDLS can't be set, ... */
4663 if (params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))
4664 return -EINVAL;
4665 /*
4666 * ... but don't bother the driver with it. This works around
4667 * a hostapd/wpa_supplicant issue -- it always includes the
4668 * TLDS_PEER flag in the mask even for AP mode.
4669 */
4670 params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
4671 }
4672
4673 if (statype != CFG80211_STA_TDLS_PEER_SETUP &&
4674 statype != CFG80211_STA_AP_CLIENT_UNASSOC) {
4675 /* reject other things that can't change */
4676 if (params->sta_modify_mask & STATION_PARAM_APPLY_UAPSD)
4677 return -EINVAL;
4678 if (params->sta_modify_mask & STATION_PARAM_APPLY_CAPABILITY)
4679 return -EINVAL;
4680 if (params->supported_rates)
4681 return -EINVAL;
4682 if (params->ext_capab || params->ht_capa || params->vht_capa)
4683 return -EINVAL;
4684 }
4685
4686 if (statype != CFG80211_STA_AP_CLIENT &&
4687 statype != CFG80211_STA_AP_CLIENT_UNASSOC) {
4688 if (params->vlan)
4689 return -EINVAL;
4690 }
4691
4692 switch (statype) {
4693 case CFG80211_STA_AP_MLME_CLIENT:
4694 /* Use this only for authorizing/unauthorizing a station */
4695 if (!(params->sta_flags_mask & BIT(NL80211_STA_FLAG_AUTHORIZED)))
4696 return -EOPNOTSUPP;
4697 break;
4698 case CFG80211_STA_AP_CLIENT:
4699 case CFG80211_STA_AP_CLIENT_UNASSOC:
4700 /* accept only the listed bits */
4701 if (params->sta_flags_mask &
4702 ~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
4703 BIT(NL80211_STA_FLAG_AUTHENTICATED) |
4704 BIT(NL80211_STA_FLAG_ASSOCIATED) |
4705 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
4706 BIT(NL80211_STA_FLAG_WME) |
4707 BIT(NL80211_STA_FLAG_MFP)))
4708 return -EINVAL;
4709
4710 /* but authenticated/associated only if driver handles it */
4711 if (!(wiphy->features & NL80211_FEATURE_FULL_AP_CLIENT_STATE) &&
4712 params->sta_flags_mask &
4713 (BIT(NL80211_STA_FLAG_AUTHENTICATED) |
4714 BIT(NL80211_STA_FLAG_ASSOCIATED)))
4715 return -EINVAL;
4716 break;
4717 case CFG80211_STA_IBSS:
4718 case CFG80211_STA_AP_STA:
4719 /* reject any changes other than AUTHORIZED */
4720 if (params->sta_flags_mask & ~BIT(NL80211_STA_FLAG_AUTHORIZED))
4721 return -EINVAL;
4722 break;
4723 case CFG80211_STA_TDLS_PEER_SETUP:
4724 /* reject any changes other than AUTHORIZED or WME */
4725 if (params->sta_flags_mask & ~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
4726 BIT(NL80211_STA_FLAG_WME)))
4727 return -EINVAL;
4728 /* force (at least) rates when authorizing */
4729 if (params->sta_flags_set & BIT(NL80211_STA_FLAG_AUTHORIZED) &&
4730 !params->supported_rates)
4731 return -EINVAL;
4732 break;
4733 case CFG80211_STA_TDLS_PEER_ACTIVE:
4734 /* reject any changes */
4735 return -EINVAL;
4736 case CFG80211_STA_MESH_PEER_KERNEL:
4737 if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE)
4738 return -EINVAL;
4739 break;
4740 case CFG80211_STA_MESH_PEER_USER:
4741 if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION &&
4742 params->plink_action != NL80211_PLINK_ACTION_BLOCK)
4743 return -EINVAL;
4744 break;
4745 }
4746
4747 /*
4748 * Older kernel versions ignored this attribute entirely, so don't
4749 * reject attempts to update it but mark it as unused instead so the
4750 * driver won't look at the data.
4751 */
4752 if (statype != CFG80211_STA_AP_CLIENT_UNASSOC &&
4753 statype != CFG80211_STA_TDLS_PEER_SETUP)
4754 params->opmode_notif_used = false;
4755
4756 return 0;
4757 }
4758 EXPORT_SYMBOL(cfg80211_check_station_change);
4759
4760 /*
4761 * Get vlan interface making sure it is running and on the right wiphy.
4762 */
4763 static struct net_device *get_vlan(struct genl_info *info,
4764 struct cfg80211_registered_device *rdev)
4765 {
4766 struct nlattr *vlanattr = info->attrs[NL80211_ATTR_STA_VLAN];
4767 struct net_device *v;
4768 int ret;
4769
4770 if (!vlanattr)
4771 return NULL;
4772
4773 v = dev_get_by_index(genl_info_net(info), nla_get_u32(vlanattr));
4774 if (!v)
4775 return ERR_PTR(-ENODEV);
4776
4777 if (!v->ieee80211_ptr || v->ieee80211_ptr->wiphy != &rdev->wiphy) {
4778 ret = -EINVAL;
4779 goto error;
4780 }
4781
4782 if (v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
4783 v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
4784 v->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) {
4785 ret = -EINVAL;
4786 goto error;
4787 }
4788
4789 if (!netif_running(v)) {
4790 ret = -ENETDOWN;
4791 goto error;
4792 }
4793
4794 return v;
4795 error:
4796 dev_put(v);
4797 return ERR_PTR(ret);
4798 }
4799
4800 static const struct nla_policy
4801 nl80211_sta_wme_policy[NL80211_STA_WME_MAX + 1] = {
4802 [NL80211_STA_WME_UAPSD_QUEUES] = { .type = NLA_U8 },
4803 [NL80211_STA_WME_MAX_SP] = { .type = NLA_U8 },
4804 };
4805
4806 static int nl80211_parse_sta_wme(struct genl_info *info,
4807 struct station_parameters *params)
4808 {
4809 struct nlattr *tb[NL80211_STA_WME_MAX + 1];
4810 struct nlattr *nla;
4811 int err;
4812
4813 /* parse WME attributes if present */
4814 if (!info->attrs[NL80211_ATTR_STA_WME])
4815 return 0;
4816
4817 nla = info->attrs[NL80211_ATTR_STA_WME];
4818 err = nla_parse_nested(tb, NL80211_STA_WME_MAX, nla,
4819 nl80211_sta_wme_policy, info->extack);
4820 if (err)
4821 return err;
4822
4823 if (tb[NL80211_STA_WME_UAPSD_QUEUES])
4824 params->uapsd_queues = nla_get_u8(
4825 tb[NL80211_STA_WME_UAPSD_QUEUES]);
4826 if (params->uapsd_queues & ~IEEE80211_WMM_IE_STA_QOSINFO_AC_MASK)
4827 return -EINVAL;
4828
4829 if (tb[NL80211_STA_WME_MAX_SP])
4830 params->max_sp = nla_get_u8(tb[NL80211_STA_WME_MAX_SP]);
4831
4832 if (params->max_sp & ~IEEE80211_WMM_IE_STA_QOSINFO_SP_MASK)
4833 return -EINVAL;
4834
4835 params->sta_modify_mask |= STATION_PARAM_APPLY_UAPSD;
4836
4837 return 0;
4838 }
4839
4840 static int nl80211_parse_sta_channel_info(struct genl_info *info,
4841 struct station_parameters *params)
4842 {
4843 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]) {
4844 params->supported_channels =
4845 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]);
4846 params->supported_channels_len =
4847 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]);
4848 /*
4849 * Need to include at least one (first channel, number of
4850 * channels) tuple for each subband, and must have proper
4851 * tuples for the rest of the data as well.
4852 */
4853 if (params->supported_channels_len < 2)
4854 return -EINVAL;
4855 if (params->supported_channels_len % 2)
4856 return -EINVAL;
4857 }
4858
4859 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]) {
4860 params->supported_oper_classes =
4861 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]);
4862 params->supported_oper_classes_len =
4863 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]);
4864 /*
4865 * The value of the Length field of the Supported Operating
4866 * Classes element is between 2 and 253.
4867 */
4868 if (params->supported_oper_classes_len < 2 ||
4869 params->supported_oper_classes_len > 253)
4870 return -EINVAL;
4871 }
4872 return 0;
4873 }
4874
4875 static int nl80211_set_station_tdls(struct genl_info *info,
4876 struct station_parameters *params)
4877 {
4878 int err;
4879 /* Dummy STA entry gets updated once the peer capabilities are known */
4880 if (info->attrs[NL80211_ATTR_PEER_AID])
4881 params->aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
4882 if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
4883 params->ht_capa =
4884 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
4885 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
4886 params->vht_capa =
4887 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
4888
4889 err = nl80211_parse_sta_channel_info(info, params);
4890 if (err)
4891 return err;
4892
4893 return nl80211_parse_sta_wme(info, params);
4894 }
4895
4896 static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info)
4897 {
4898 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4899 struct net_device *dev = info->user_ptr[1];
4900 struct station_parameters params;
4901 u8 *mac_addr;
4902 int err;
4903
4904 memset(&params, 0, sizeof(params));
4905
4906 if (!rdev->ops->change_station)
4907 return -EOPNOTSUPP;
4908
4909 /*
4910 * AID and listen_interval properties can be set only for unassociated
4911 * station. Include these parameters here and will check them in
4912 * cfg80211_check_station_change().
4913 */
4914 if (info->attrs[NL80211_ATTR_STA_AID])
4915 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
4916
4917 if (info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
4918 params.listen_interval =
4919 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
4920 else
4921 params.listen_interval = -1;
4922
4923 if (info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]) {
4924 u8 tmp;
4925
4926 tmp = nla_get_u8(info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]);
4927 if (tmp >= NUM_NL80211_P2P_PS_STATUS)
4928 return -EINVAL;
4929
4930 params.support_p2p_ps = tmp;
4931 } else {
4932 params.support_p2p_ps = -1;
4933 }
4934
4935 if (!info->attrs[NL80211_ATTR_MAC])
4936 return -EINVAL;
4937
4938 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4939
4940 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) {
4941 params.supported_rates =
4942 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
4943 params.supported_rates_len =
4944 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
4945 }
4946
4947 if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
4948 params.capability =
4949 nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]);
4950 params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY;
4951 }
4952
4953 if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) {
4954 params.ext_capab =
4955 nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
4956 params.ext_capab_len =
4957 nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
4958 }
4959
4960 if (parse_station_flags(info, dev->ieee80211_ptr->iftype, &params))
4961 return -EINVAL;
4962
4963 if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION]) {
4964 params.plink_action =
4965 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
4966 if (params.plink_action >= NUM_NL80211_PLINK_ACTIONS)
4967 return -EINVAL;
4968 }
4969
4970 if (info->attrs[NL80211_ATTR_STA_PLINK_STATE]) {
4971 params.plink_state =
4972 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_STATE]);
4973 if (params.plink_state >= NUM_NL80211_PLINK_STATES)
4974 return -EINVAL;
4975 if (info->attrs[NL80211_ATTR_MESH_PEER_AID]) {
4976 params.peer_aid = nla_get_u16(
4977 info->attrs[NL80211_ATTR_MESH_PEER_AID]);
4978 if (params.peer_aid > IEEE80211_MAX_AID)
4979 return -EINVAL;
4980 }
4981 params.sta_modify_mask |= STATION_PARAM_APPLY_PLINK_STATE;
4982 }
4983
4984 if (info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE]) {
4985 enum nl80211_mesh_power_mode pm = nla_get_u32(
4986 info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE]);
4987
4988 if (pm <= NL80211_MESH_POWER_UNKNOWN ||
4989 pm > NL80211_MESH_POWER_MAX)
4990 return -EINVAL;
4991
4992 params.local_pm = pm;
4993 }
4994
4995 if (info->attrs[NL80211_ATTR_OPMODE_NOTIF]) {
4996 params.opmode_notif_used = true;
4997 params.opmode_notif =
4998 nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]);
4999 }
5000
5001 /* Include parameters for TDLS peer (will check later) */
5002 err = nl80211_set_station_tdls(info, &params);
5003 if (err)
5004 return err;
5005
5006 params.vlan = get_vlan(info, rdev);
5007 if (IS_ERR(params.vlan))
5008 return PTR_ERR(params.vlan);
5009
5010 switch (dev->ieee80211_ptr->iftype) {
5011 case NL80211_IFTYPE_AP:
5012 case NL80211_IFTYPE_AP_VLAN:
5013 case NL80211_IFTYPE_P2P_GO:
5014 case NL80211_IFTYPE_P2P_CLIENT:
5015 case NL80211_IFTYPE_STATION:
5016 case NL80211_IFTYPE_ADHOC:
5017 case NL80211_IFTYPE_MESH_POINT:
5018 break;
5019 default:
5020 err = -EOPNOTSUPP;
5021 goto out_put_vlan;
5022 }
5023
5024 /* driver will call cfg80211_check_station_change() */
5025 err = rdev_change_station(rdev, dev, mac_addr, &params);
5026
5027 out_put_vlan:
5028 if (params.vlan)
5029 dev_put(params.vlan);
5030
5031 return err;
5032 }
5033
5034 static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info)
5035 {
5036 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5037 int err;
5038 struct net_device *dev = info->user_ptr[1];
5039 struct station_parameters params;
5040 u8 *mac_addr = NULL;
5041 u32 auth_assoc = BIT(NL80211_STA_FLAG_AUTHENTICATED) |
5042 BIT(NL80211_STA_FLAG_ASSOCIATED);
5043
5044 memset(&params, 0, sizeof(params));
5045
5046 if (!rdev->ops->add_station)
5047 return -EOPNOTSUPP;
5048
5049 if (!info->attrs[NL80211_ATTR_MAC])
5050 return -EINVAL;
5051
5052 if (!info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
5053 return -EINVAL;
5054
5055 if (!info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES])
5056 return -EINVAL;
5057
5058 if (!info->attrs[NL80211_ATTR_STA_AID] &&
5059 !info->attrs[NL80211_ATTR_PEER_AID])
5060 return -EINVAL;
5061
5062 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
5063 params.supported_rates =
5064 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
5065 params.supported_rates_len =
5066 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
5067 params.listen_interval =
5068 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
5069
5070 if (info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]) {
5071 u8 tmp;
5072
5073 tmp = nla_get_u8(info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]);
5074 if (tmp >= NUM_NL80211_P2P_PS_STATUS)
5075 return -EINVAL;
5076
5077 params.support_p2p_ps = tmp;
5078 } else {
5079 /*
5080 * if not specified, assume it's supported for P2P GO interface,
5081 * and is NOT supported for AP interface
5082 */
5083 params.support_p2p_ps =
5084 dev->ieee80211_ptr->iftype == NL80211_IFTYPE_P2P_GO;
5085 }
5086
5087 if (info->attrs[NL80211_ATTR_PEER_AID])
5088 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
5089 else
5090 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
5091 if (!params.aid || params.aid > IEEE80211_MAX_AID)
5092 return -EINVAL;
5093
5094 if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
5095 params.capability =
5096 nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]);
5097 params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY;
5098 }
5099
5100 if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) {
5101 params.ext_capab =
5102 nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
5103 params.ext_capab_len =
5104 nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
5105 }
5106
5107 if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
5108 params.ht_capa =
5109 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
5110
5111 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
5112 params.vht_capa =
5113 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
5114
5115 if (info->attrs[NL80211_ATTR_OPMODE_NOTIF]) {
5116 params.opmode_notif_used = true;
5117 params.opmode_notif =
5118 nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]);
5119 }
5120
5121 if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION]) {
5122 params.plink_action =
5123 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
5124 if (params.plink_action >= NUM_NL80211_PLINK_ACTIONS)
5125 return -EINVAL;
5126 }
5127
5128 err = nl80211_parse_sta_channel_info(info, &params);
5129 if (err)
5130 return err;
5131
5132 err = nl80211_parse_sta_wme(info, &params);
5133 if (err)
5134 return err;
5135
5136 if (parse_station_flags(info, dev->ieee80211_ptr->iftype, &params))
5137 return -EINVAL;
5138
5139 /* HT/VHT requires QoS, but if we don't have that just ignore HT/VHT
5140 * as userspace might just pass through the capabilities from the IEs
5141 * directly, rather than enforcing this restriction and returning an
5142 * error in this case.
5143 */
5144 if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_WME))) {
5145 params.ht_capa = NULL;
5146 params.vht_capa = NULL;
5147 }
5148
5149 /* When you run into this, adjust the code below for the new flag */
5150 BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 7);
5151
5152 switch (dev->ieee80211_ptr->iftype) {
5153 case NL80211_IFTYPE_AP:
5154 case NL80211_IFTYPE_AP_VLAN:
5155 case NL80211_IFTYPE_P2P_GO:
5156 /* ignore WME attributes if iface/sta is not capable */
5157 if (!(rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) ||
5158 !(params.sta_flags_set & BIT(NL80211_STA_FLAG_WME)))
5159 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
5160
5161 /* TDLS peers cannot be added */
5162 if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) ||
5163 info->attrs[NL80211_ATTR_PEER_AID])
5164 return -EINVAL;
5165 /* but don't bother the driver with it */
5166 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
5167
5168 /* allow authenticated/associated only if driver handles it */
5169 if (!(rdev->wiphy.features &
5170 NL80211_FEATURE_FULL_AP_CLIENT_STATE) &&
5171 params.sta_flags_mask & auth_assoc)
5172 return -EINVAL;
5173
5174 /* Older userspace, or userspace wanting to be compatible with
5175 * !NL80211_FEATURE_FULL_AP_CLIENT_STATE, will not set the auth
5176 * and assoc flags in the mask, but assumes the station will be
5177 * added as associated anyway since this was the required driver
5178 * behaviour before NL80211_FEATURE_FULL_AP_CLIENT_STATE was
5179 * introduced.
5180 * In order to not bother drivers with this quirk in the API
5181 * set the flags in both the mask and set for new stations in
5182 * this case.
5183 */
5184 if (!(params.sta_flags_mask & auth_assoc)) {
5185 params.sta_flags_mask |= auth_assoc;
5186 params.sta_flags_set |= auth_assoc;
5187 }
5188
5189 /* must be last in here for error handling */
5190 params.vlan = get_vlan(info, rdev);
5191 if (IS_ERR(params.vlan))
5192 return PTR_ERR(params.vlan);
5193 break;
5194 case NL80211_IFTYPE_MESH_POINT:
5195 /* ignore uAPSD data */
5196 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
5197
5198 /* associated is disallowed */
5199 if (params.sta_flags_mask & BIT(NL80211_STA_FLAG_ASSOCIATED))
5200 return -EINVAL;
5201 /* TDLS peers cannot be added */
5202 if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) ||
5203 info->attrs[NL80211_ATTR_PEER_AID])
5204 return -EINVAL;
5205 break;
5206 case NL80211_IFTYPE_STATION:
5207 case NL80211_IFTYPE_P2P_CLIENT:
5208 /* ignore uAPSD data */
5209 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
5210
5211 /* these are disallowed */
5212 if (params.sta_flags_mask &
5213 (BIT(NL80211_STA_FLAG_ASSOCIATED) |
5214 BIT(NL80211_STA_FLAG_AUTHENTICATED)))
5215 return -EINVAL;
5216 /* Only TDLS peers can be added */
5217 if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
5218 return -EINVAL;
5219 /* Can only add if TDLS ... */
5220 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS))
5221 return -EOPNOTSUPP;
5222 /* ... with external setup is supported */
5223 if (!(rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP))
5224 return -EOPNOTSUPP;
5225 /*
5226 * Older wpa_supplicant versions always mark the TDLS peer
5227 * as authorized, but it shouldn't yet be.
5228 */
5229 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_AUTHORIZED);
5230 break;
5231 default:
5232 return -EOPNOTSUPP;
5233 }
5234
5235 /* be aware of params.vlan when changing code here */
5236
5237 err = rdev_add_station(rdev, dev, mac_addr, &params);
5238
5239 if (params.vlan)
5240 dev_put(params.vlan);
5241 return err;
5242 }
5243
5244 static int nl80211_del_station(struct sk_buff *skb, struct genl_info *info)
5245 {
5246 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5247 struct net_device *dev = info->user_ptr[1];
5248 struct station_del_parameters params;
5249
5250 memset(&params, 0, sizeof(params));
5251
5252 if (info->attrs[NL80211_ATTR_MAC])
5253 params.mac = nla_data(info->attrs[NL80211_ATTR_MAC]);
5254
5255 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
5256 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
5257 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
5258 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
5259 return -EINVAL;
5260
5261 if (!rdev->ops->del_station)
5262 return -EOPNOTSUPP;
5263
5264 if (info->attrs[NL80211_ATTR_MGMT_SUBTYPE]) {
5265 params.subtype =
5266 nla_get_u8(info->attrs[NL80211_ATTR_MGMT_SUBTYPE]);
5267 if (params.subtype != IEEE80211_STYPE_DISASSOC >> 4 &&
5268 params.subtype != IEEE80211_STYPE_DEAUTH >> 4)
5269 return -EINVAL;
5270 } else {
5271 /* Default to Deauthentication frame */
5272 params.subtype = IEEE80211_STYPE_DEAUTH >> 4;
5273 }
5274
5275 if (info->attrs[NL80211_ATTR_REASON_CODE]) {
5276 params.reason_code =
5277 nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
5278 if (params.reason_code == 0)
5279 return -EINVAL; /* 0 is reserved */
5280 } else {
5281 /* Default to reason code 2 */
5282 params.reason_code = WLAN_REASON_PREV_AUTH_NOT_VALID;
5283 }
5284
5285 return rdev_del_station(rdev, dev, &params);
5286 }
5287
5288 static int nl80211_send_mpath(struct sk_buff *msg, u32 portid, u32 seq,
5289 int flags, struct net_device *dev,
5290 u8 *dst, u8 *next_hop,
5291 struct mpath_info *pinfo)
5292 {
5293 void *hdr;
5294 struct nlattr *pinfoattr;
5295
5296 hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_MPATH);
5297 if (!hdr)
5298 return -1;
5299
5300 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
5301 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, dst) ||
5302 nla_put(msg, NL80211_ATTR_MPATH_NEXT_HOP, ETH_ALEN, next_hop) ||
5303 nla_put_u32(msg, NL80211_ATTR_GENERATION, pinfo->generation))
5304 goto nla_put_failure;
5305
5306 pinfoattr = nla_nest_start(msg, NL80211_ATTR_MPATH_INFO);
5307 if (!pinfoattr)
5308 goto nla_put_failure;
5309 if ((pinfo->filled & MPATH_INFO_FRAME_QLEN) &&
5310 nla_put_u32(msg, NL80211_MPATH_INFO_FRAME_QLEN,
5311 pinfo->frame_qlen))
5312 goto nla_put_failure;
5313 if (((pinfo->filled & MPATH_INFO_SN) &&
5314 nla_put_u32(msg, NL80211_MPATH_INFO_SN, pinfo->sn)) ||
5315 ((pinfo->filled & MPATH_INFO_METRIC) &&
5316 nla_put_u32(msg, NL80211_MPATH_INFO_METRIC,
5317 pinfo->metric)) ||
5318 ((pinfo->filled & MPATH_INFO_EXPTIME) &&
5319 nla_put_u32(msg, NL80211_MPATH_INFO_EXPTIME,
5320 pinfo->exptime)) ||
5321 ((pinfo->filled & MPATH_INFO_FLAGS) &&
5322 nla_put_u8(msg, NL80211_MPATH_INFO_FLAGS,
5323 pinfo->flags)) ||
5324 ((pinfo->filled & MPATH_INFO_DISCOVERY_TIMEOUT) &&
5325 nla_put_u32(msg, NL80211_MPATH_INFO_DISCOVERY_TIMEOUT,
5326 pinfo->discovery_timeout)) ||
5327 ((pinfo->filled & MPATH_INFO_DISCOVERY_RETRIES) &&
5328 nla_put_u8(msg, NL80211_MPATH_INFO_DISCOVERY_RETRIES,
5329 pinfo->discovery_retries)))
5330 goto nla_put_failure;
5331
5332 nla_nest_end(msg, pinfoattr);
5333
5334 genlmsg_end(msg, hdr);
5335 return 0;
5336
5337 nla_put_failure:
5338 genlmsg_cancel(msg, hdr);
5339 return -EMSGSIZE;
5340 }
5341
5342 static int nl80211_dump_mpath(struct sk_buff *skb,
5343 struct netlink_callback *cb)
5344 {
5345 struct mpath_info pinfo;
5346 struct cfg80211_registered_device *rdev;
5347 struct wireless_dev *wdev;
5348 u8 dst[ETH_ALEN];
5349 u8 next_hop[ETH_ALEN];
5350 int path_idx = cb->args[2];
5351 int err;
5352
5353 rtnl_lock();
5354 err = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev);
5355 if (err)
5356 goto out_err;
5357
5358 if (!rdev->ops->dump_mpath) {
5359 err = -EOPNOTSUPP;
5360 goto out_err;
5361 }
5362
5363 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) {
5364 err = -EOPNOTSUPP;
5365 goto out_err;
5366 }
5367
5368 while (1) {
5369 err = rdev_dump_mpath(rdev, wdev->netdev, path_idx, dst,
5370 next_hop, &pinfo);
5371 if (err == -ENOENT)
5372 break;
5373 if (err)
5374 goto out_err;
5375
5376 if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid,
5377 cb->nlh->nlmsg_seq, NLM_F_MULTI,
5378 wdev->netdev, dst, next_hop,
5379 &pinfo) < 0)
5380 goto out;
5381
5382 path_idx++;
5383 }
5384
5385 out:
5386 cb->args[2] = path_idx;
5387 err = skb->len;
5388 out_err:
5389 rtnl_unlock();
5390 return err;
5391 }
5392
5393 static int nl80211_get_mpath(struct sk_buff *skb, struct genl_info *info)
5394 {
5395 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5396 int err;
5397 struct net_device *dev = info->user_ptr[1];
5398 struct mpath_info pinfo;
5399 struct sk_buff *msg;
5400 u8 *dst = NULL;
5401 u8 next_hop[ETH_ALEN];
5402
5403 memset(&pinfo, 0, sizeof(pinfo));
5404
5405 if (!info->attrs[NL80211_ATTR_MAC])
5406 return -EINVAL;
5407
5408 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
5409
5410 if (!rdev->ops->get_mpath)
5411 return -EOPNOTSUPP;
5412
5413 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
5414 return -EOPNOTSUPP;
5415
5416 err = rdev_get_mpath(rdev, dev, dst, next_hop, &pinfo);
5417 if (err)
5418 return err;
5419
5420 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5421 if (!msg)
5422 return -ENOMEM;
5423
5424 if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0,
5425 dev, dst, next_hop, &pinfo) < 0) {
5426 nlmsg_free(msg);
5427 return -ENOBUFS;
5428 }
5429
5430 return genlmsg_reply(msg, info);
5431 }
5432
5433 static int nl80211_set_mpath(struct sk_buff *skb, struct genl_info *info)
5434 {
5435 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5436 struct net_device *dev = info->user_ptr[1];
5437 u8 *dst = NULL;
5438 u8 *next_hop = NULL;
5439
5440 if (!info->attrs[NL80211_ATTR_MAC])
5441 return -EINVAL;
5442
5443 if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
5444 return -EINVAL;
5445
5446 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
5447 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
5448
5449 if (!rdev->ops->change_mpath)
5450 return -EOPNOTSUPP;
5451
5452 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
5453 return -EOPNOTSUPP;
5454
5455 return rdev_change_mpath(rdev, dev, dst, next_hop);
5456 }
5457
5458 static int nl80211_new_mpath(struct sk_buff *skb, struct genl_info *info)
5459 {
5460 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5461 struct net_device *dev = info->user_ptr[1];
5462 u8 *dst = NULL;
5463 u8 *next_hop = NULL;
5464
5465 if (!info->attrs[NL80211_ATTR_MAC])
5466 return -EINVAL;
5467
5468 if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
5469 return -EINVAL;
5470
5471 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
5472 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
5473
5474 if (!rdev->ops->add_mpath)
5475 return -EOPNOTSUPP;
5476
5477 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
5478 return -EOPNOTSUPP;
5479
5480 return rdev_add_mpath(rdev, dev, dst, next_hop);
5481 }
5482
5483 static int nl80211_del_mpath(struct sk_buff *skb, struct genl_info *info)
5484 {
5485 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5486 struct net_device *dev = info->user_ptr[1];
5487 u8 *dst = NULL;
5488
5489 if (info->attrs[NL80211_ATTR_MAC])
5490 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
5491
5492 if (!rdev->ops->del_mpath)
5493 return -EOPNOTSUPP;
5494
5495 return rdev_del_mpath(rdev, dev, dst);
5496 }
5497
5498 static int nl80211_get_mpp(struct sk_buff *skb, struct genl_info *info)
5499 {
5500 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5501 int err;
5502 struct net_device *dev = info->user_ptr[1];
5503 struct mpath_info pinfo;
5504 struct sk_buff *msg;
5505 u8 *dst = NULL;
5506 u8 mpp[ETH_ALEN];
5507
5508 memset(&pinfo, 0, sizeof(pinfo));
5509
5510 if (!info->attrs[NL80211_ATTR_MAC])
5511 return -EINVAL;
5512
5513 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
5514
5515 if (!rdev->ops->get_mpp)
5516 return -EOPNOTSUPP;
5517
5518 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
5519 return -EOPNOTSUPP;
5520
5521 err = rdev_get_mpp(rdev, dev, dst, mpp, &pinfo);
5522 if (err)
5523 return err;
5524
5525 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5526 if (!msg)
5527 return -ENOMEM;
5528
5529 if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0,
5530 dev, dst, mpp, &pinfo) < 0) {
5531 nlmsg_free(msg);
5532 return -ENOBUFS;
5533 }
5534
5535 return genlmsg_reply(msg, info);
5536 }
5537
5538 static int nl80211_dump_mpp(struct sk_buff *skb,
5539 struct netlink_callback *cb)
5540 {
5541 struct mpath_info pinfo;
5542 struct cfg80211_registered_device *rdev;
5543 struct wireless_dev *wdev;
5544 u8 dst[ETH_ALEN];
5545 u8 mpp[ETH_ALEN];
5546 int path_idx = cb->args[2];
5547 int err;
5548
5549 rtnl_lock();
5550 err = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev);
5551 if (err)
5552 goto out_err;
5553
5554 if (!rdev->ops->dump_mpp) {
5555 err = -EOPNOTSUPP;
5556 goto out_err;
5557 }
5558
5559 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) {
5560 err = -EOPNOTSUPP;
5561 goto out_err;
5562 }
5563
5564 while (1) {
5565 err = rdev_dump_mpp(rdev, wdev->netdev, path_idx, dst,
5566 mpp, &pinfo);
5567 if (err == -ENOENT)
5568 break;
5569 if (err)
5570 goto out_err;
5571
5572 if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid,
5573 cb->nlh->nlmsg_seq, NLM_F_MULTI,
5574 wdev->netdev, dst, mpp,
5575 &pinfo) < 0)
5576 goto out;
5577
5578 path_idx++;
5579 }
5580
5581 out:
5582 cb->args[2] = path_idx;
5583 err = skb->len;
5584 out_err:
5585 rtnl_unlock();
5586 return err;
5587 }
5588
5589 static int nl80211_set_bss(struct sk_buff *skb, struct genl_info *info)
5590 {
5591 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5592 struct net_device *dev = info->user_ptr[1];
5593 struct wireless_dev *wdev = dev->ieee80211_ptr;
5594 struct bss_parameters params;
5595 int err;
5596
5597 memset(&params, 0, sizeof(params));
5598 /* default to not changing parameters */
5599 params.use_cts_prot = -1;
5600 params.use_short_preamble = -1;
5601 params.use_short_slot_time = -1;
5602 params.ap_isolate = -1;
5603 params.ht_opmode = -1;
5604 params.p2p_ctwindow = -1;
5605 params.p2p_opp_ps = -1;
5606
5607 if (info->attrs[NL80211_ATTR_BSS_CTS_PROT])
5608 params.use_cts_prot =
5609 nla_get_u8(info->attrs[NL80211_ATTR_BSS_CTS_PROT]);
5610 if (info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE])
5611 params.use_short_preamble =
5612 nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]);
5613 if (info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME])
5614 params.use_short_slot_time =
5615 nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]);
5616 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
5617 params.basic_rates =
5618 nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
5619 params.basic_rates_len =
5620 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
5621 }
5622 if (info->attrs[NL80211_ATTR_AP_ISOLATE])
5623 params.ap_isolate = !!nla_get_u8(info->attrs[NL80211_ATTR_AP_ISOLATE]);
5624 if (info->attrs[NL80211_ATTR_BSS_HT_OPMODE])
5625 params.ht_opmode =
5626 nla_get_u16(info->attrs[NL80211_ATTR_BSS_HT_OPMODE]);
5627
5628 if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
5629 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
5630 return -EINVAL;
5631 params.p2p_ctwindow =
5632 nla_get_s8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
5633 if (params.p2p_ctwindow < 0)
5634 return -EINVAL;
5635 if (params.p2p_ctwindow != 0 &&
5636 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN))
5637 return -EINVAL;
5638 }
5639
5640 if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
5641 u8 tmp;
5642
5643 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
5644 return -EINVAL;
5645 tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
5646 if (tmp > 1)
5647 return -EINVAL;
5648 params.p2p_opp_ps = tmp;
5649 if (params.p2p_opp_ps &&
5650 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS))
5651 return -EINVAL;
5652 }
5653
5654 if (!rdev->ops->change_bss)
5655 return -EOPNOTSUPP;
5656
5657 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
5658 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
5659 return -EOPNOTSUPP;
5660
5661 wdev_lock(wdev);
5662 err = rdev_change_bss(rdev, dev, &params);
5663 wdev_unlock(wdev);
5664
5665 return err;
5666 }
5667
5668 static int nl80211_req_set_reg(struct sk_buff *skb, struct genl_info *info)
5669 {
5670 char *data = NULL;
5671 bool is_indoor;
5672 enum nl80211_user_reg_hint_type user_reg_hint_type;
5673 u32 owner_nlportid;
5674
5675 /*
5676 * You should only get this when cfg80211 hasn't yet initialized
5677 * completely when built-in to the kernel right between the time
5678 * window between nl80211_init() and regulatory_init(), if that is
5679 * even possible.
5680 */
5681 if (unlikely(!rcu_access_pointer(cfg80211_regdomain)))
5682 return -EINPROGRESS;
5683
5684 if (info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE])
5685 user_reg_hint_type =
5686 nla_get_u32(info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE]);
5687 else
5688 user_reg_hint_type = NL80211_USER_REG_HINT_USER;
5689
5690 switch (user_reg_hint_type) {
5691 case NL80211_USER_REG_HINT_USER:
5692 case NL80211_USER_REG_HINT_CELL_BASE:
5693 if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
5694 return -EINVAL;
5695
5696 data = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
5697 return regulatory_hint_user(data, user_reg_hint_type);
5698 case NL80211_USER_REG_HINT_INDOOR:
5699 if (info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
5700 owner_nlportid = info->snd_portid;
5701 is_indoor = !!info->attrs[NL80211_ATTR_REG_INDOOR];
5702 } else {
5703 owner_nlportid = 0;
5704 is_indoor = true;
5705 }
5706
5707 return regulatory_hint_indoor(is_indoor, owner_nlportid);
5708 default:
5709 return -EINVAL;
5710 }
5711 }
5712
5713 static int nl80211_reload_regdb(struct sk_buff *skb, struct genl_info *info)
5714 {
5715 return reg_reload_regdb();
5716 }
5717
5718 static int nl80211_get_mesh_config(struct sk_buff *skb,
5719 struct genl_info *info)
5720 {
5721 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5722 struct net_device *dev = info->user_ptr[1];
5723 struct wireless_dev *wdev = dev->ieee80211_ptr;
5724 struct mesh_config cur_params;
5725 int err = 0;
5726 void *hdr;
5727 struct nlattr *pinfoattr;
5728 struct sk_buff *msg;
5729
5730 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
5731 return -EOPNOTSUPP;
5732
5733 if (!rdev->ops->get_mesh_config)
5734 return -EOPNOTSUPP;
5735
5736 wdev_lock(wdev);
5737 /* If not connected, get default parameters */
5738 if (!wdev->mesh_id_len)
5739 memcpy(&cur_params, &default_mesh_config, sizeof(cur_params));
5740 else
5741 err = rdev_get_mesh_config(rdev, dev, &cur_params);
5742 wdev_unlock(wdev);
5743
5744 if (err)
5745 return err;
5746
5747 /* Draw up a netlink message to send back */
5748 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5749 if (!msg)
5750 return -ENOMEM;
5751 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
5752 NL80211_CMD_GET_MESH_CONFIG);
5753 if (!hdr)
5754 goto out;
5755 pinfoattr = nla_nest_start(msg, NL80211_ATTR_MESH_CONFIG);
5756 if (!pinfoattr)
5757 goto nla_put_failure;
5758 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
5759 nla_put_u16(msg, NL80211_MESHCONF_RETRY_TIMEOUT,
5760 cur_params.dot11MeshRetryTimeout) ||
5761 nla_put_u16(msg, NL80211_MESHCONF_CONFIRM_TIMEOUT,
5762 cur_params.dot11MeshConfirmTimeout) ||
5763 nla_put_u16(msg, NL80211_MESHCONF_HOLDING_TIMEOUT,
5764 cur_params.dot11MeshHoldingTimeout) ||
5765 nla_put_u16(msg, NL80211_MESHCONF_MAX_PEER_LINKS,
5766 cur_params.dot11MeshMaxPeerLinks) ||
5767 nla_put_u8(msg, NL80211_MESHCONF_MAX_RETRIES,
5768 cur_params.dot11MeshMaxRetries) ||
5769 nla_put_u8(msg, NL80211_MESHCONF_TTL,
5770 cur_params.dot11MeshTTL) ||
5771 nla_put_u8(msg, NL80211_MESHCONF_ELEMENT_TTL,
5772 cur_params.element_ttl) ||
5773 nla_put_u8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
5774 cur_params.auto_open_plinks) ||
5775 nla_put_u32(msg, NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
5776 cur_params.dot11MeshNbrOffsetMaxNeighbor) ||
5777 nla_put_u8(msg, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
5778 cur_params.dot11MeshHWMPmaxPREQretries) ||
5779 nla_put_u32(msg, NL80211_MESHCONF_PATH_REFRESH_TIME,
5780 cur_params.path_refresh_time) ||
5781 nla_put_u16(msg, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
5782 cur_params.min_discovery_timeout) ||
5783 nla_put_u32(msg, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
5784 cur_params.dot11MeshHWMPactivePathTimeout) ||
5785 nla_put_u16(msg, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
5786 cur_params.dot11MeshHWMPpreqMinInterval) ||
5787 nla_put_u16(msg, NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
5788 cur_params.dot11MeshHWMPperrMinInterval) ||
5789 nla_put_u16(msg, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
5790 cur_params.dot11MeshHWMPnetDiameterTraversalTime) ||
5791 nla_put_u8(msg, NL80211_MESHCONF_HWMP_ROOTMODE,
5792 cur_params.dot11MeshHWMPRootMode) ||
5793 nla_put_u16(msg, NL80211_MESHCONF_HWMP_RANN_INTERVAL,
5794 cur_params.dot11MeshHWMPRannInterval) ||
5795 nla_put_u8(msg, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
5796 cur_params.dot11MeshGateAnnouncementProtocol) ||
5797 nla_put_u8(msg, NL80211_MESHCONF_FORWARDING,
5798 cur_params.dot11MeshForwarding) ||
5799 nla_put_s32(msg, NL80211_MESHCONF_RSSI_THRESHOLD,
5800 cur_params.rssi_threshold) ||
5801 nla_put_u32(msg, NL80211_MESHCONF_HT_OPMODE,
5802 cur_params.ht_opmode) ||
5803 nla_put_u32(msg, NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
5804 cur_params.dot11MeshHWMPactivePathToRootTimeout) ||
5805 nla_put_u16(msg, NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
5806 cur_params.dot11MeshHWMProotInterval) ||
5807 nla_put_u16(msg, NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
5808 cur_params.dot11MeshHWMPconfirmationInterval) ||
5809 nla_put_u32(msg, NL80211_MESHCONF_POWER_MODE,
5810 cur_params.power_mode) ||
5811 nla_put_u16(msg, NL80211_MESHCONF_AWAKE_WINDOW,
5812 cur_params.dot11MeshAwakeWindowDuration) ||
5813 nla_put_u32(msg, NL80211_MESHCONF_PLINK_TIMEOUT,
5814 cur_params.plink_timeout))
5815 goto nla_put_failure;
5816 nla_nest_end(msg, pinfoattr);
5817 genlmsg_end(msg, hdr);
5818 return genlmsg_reply(msg, info);
5819
5820 nla_put_failure:
5821 genlmsg_cancel(msg, hdr);
5822 out:
5823 nlmsg_free(msg);
5824 return -ENOBUFS;
5825 }
5826
5827 static const struct nla_policy nl80211_meshconf_params_policy[NL80211_MESHCONF_ATTR_MAX+1] = {
5828 [NL80211_MESHCONF_RETRY_TIMEOUT] = { .type = NLA_U16 },
5829 [NL80211_MESHCONF_CONFIRM_TIMEOUT] = { .type = NLA_U16 },
5830 [NL80211_MESHCONF_HOLDING_TIMEOUT] = { .type = NLA_U16 },
5831 [NL80211_MESHCONF_MAX_PEER_LINKS] = { .type = NLA_U16 },
5832 [NL80211_MESHCONF_MAX_RETRIES] = { .type = NLA_U8 },
5833 [NL80211_MESHCONF_TTL] = { .type = NLA_U8 },
5834 [NL80211_MESHCONF_ELEMENT_TTL] = { .type = NLA_U8 },
5835 [NL80211_MESHCONF_AUTO_OPEN_PLINKS] = { .type = NLA_U8 },
5836 [NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR] = { .type = NLA_U32 },
5837 [NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES] = { .type = NLA_U8 },
5838 [NL80211_MESHCONF_PATH_REFRESH_TIME] = { .type = NLA_U32 },
5839 [NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT] = { .type = NLA_U16 },
5840 [NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT] = { .type = NLA_U32 },
5841 [NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL] = { .type = NLA_U16 },
5842 [NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL] = { .type = NLA_U16 },
5843 [NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME] = { .type = NLA_U16 },
5844 [NL80211_MESHCONF_HWMP_ROOTMODE] = { .type = NLA_U8 },
5845 [NL80211_MESHCONF_HWMP_RANN_INTERVAL] = { .type = NLA_U16 },
5846 [NL80211_MESHCONF_GATE_ANNOUNCEMENTS] = { .type = NLA_U8 },
5847 [NL80211_MESHCONF_FORWARDING] = { .type = NLA_U8 },
5848 [NL80211_MESHCONF_RSSI_THRESHOLD] = { .type = NLA_U32 },
5849 [NL80211_MESHCONF_HT_OPMODE] = { .type = NLA_U16 },
5850 [NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT] = { .type = NLA_U32 },
5851 [NL80211_MESHCONF_HWMP_ROOT_INTERVAL] = { .type = NLA_U16 },
5852 [NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL] = { .type = NLA_U16 },
5853 [NL80211_MESHCONF_POWER_MODE] = { .type = NLA_U32 },
5854 [NL80211_MESHCONF_AWAKE_WINDOW] = { .type = NLA_U16 },
5855 [NL80211_MESHCONF_PLINK_TIMEOUT] = { .type = NLA_U32 },
5856 };
5857
5858 static const struct nla_policy
5859 nl80211_mesh_setup_params_policy[NL80211_MESH_SETUP_ATTR_MAX+1] = {
5860 [NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC] = { .type = NLA_U8 },
5861 [NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL] = { .type = NLA_U8 },
5862 [NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC] = { .type = NLA_U8 },
5863 [NL80211_MESH_SETUP_USERSPACE_AUTH] = { .type = NLA_FLAG },
5864 [NL80211_MESH_SETUP_AUTH_PROTOCOL] = { .type = NLA_U8 },
5865 [NL80211_MESH_SETUP_USERSPACE_MPM] = { .type = NLA_FLAG },
5866 [NL80211_MESH_SETUP_IE] = { .type = NLA_BINARY,
5867 .len = IEEE80211_MAX_DATA_LEN },
5868 [NL80211_MESH_SETUP_USERSPACE_AMPE] = { .type = NLA_FLAG },
5869 };
5870
5871 static int nl80211_check_bool(const struct nlattr *nla, u8 min, u8 max, bool *out)
5872 {
5873 u8 val = nla_get_u8(nla);
5874 if (val < min || val > max)
5875 return -EINVAL;
5876 *out = val;
5877 return 0;
5878 }
5879
5880 static int nl80211_check_u8(const struct nlattr *nla, u8 min, u8 max, u8 *out)
5881 {
5882 u8 val = nla_get_u8(nla);
5883 if (val < min || val > max)
5884 return -EINVAL;
5885 *out = val;
5886 return 0;
5887 }
5888
5889 static int nl80211_check_u16(const struct nlattr *nla, u16 min, u16 max, u16 *out)
5890 {
5891 u16 val = nla_get_u16(nla);
5892 if (val < min || val > max)
5893 return -EINVAL;
5894 *out = val;
5895 return 0;
5896 }
5897
5898 static int nl80211_check_u32(const struct nlattr *nla, u32 min, u32 max, u32 *out)
5899 {
5900 u32 val = nla_get_u32(nla);
5901 if (val < min || val > max)
5902 return -EINVAL;
5903 *out = val;
5904 return 0;
5905 }
5906
5907 static int nl80211_check_s32(const struct nlattr *nla, s32 min, s32 max, s32 *out)
5908 {
5909 s32 val = nla_get_s32(nla);
5910 if (val < min || val > max)
5911 return -EINVAL;
5912 *out = val;
5913 return 0;
5914 }
5915
5916 static int nl80211_check_power_mode(const struct nlattr *nla,
5917 enum nl80211_mesh_power_mode min,
5918 enum nl80211_mesh_power_mode max,
5919 enum nl80211_mesh_power_mode *out)
5920 {
5921 u32 val = nla_get_u32(nla);
5922 if (val < min || val > max)
5923 return -EINVAL;
5924 *out = val;
5925 return 0;
5926 }
5927
5928 static int nl80211_parse_mesh_config(struct genl_info *info,
5929 struct mesh_config *cfg,
5930 u32 *mask_out)
5931 {
5932 struct nlattr *tb[NL80211_MESHCONF_ATTR_MAX + 1];
5933 u32 mask = 0;
5934 u16 ht_opmode;
5935
5936 #define FILL_IN_MESH_PARAM_IF_SET(tb, cfg, param, min, max, mask, attr, fn) \
5937 do { \
5938 if (tb[attr]) { \
5939 if (fn(tb[attr], min, max, &cfg->param)) \
5940 return -EINVAL; \
5941 mask |= (1 << (attr - 1)); \
5942 } \
5943 } while (0)
5944
5945 if (!info->attrs[NL80211_ATTR_MESH_CONFIG])
5946 return -EINVAL;
5947 if (nla_parse_nested(tb, NL80211_MESHCONF_ATTR_MAX,
5948 info->attrs[NL80211_ATTR_MESH_CONFIG],
5949 nl80211_meshconf_params_policy, info->extack))
5950 return -EINVAL;
5951
5952 /* This makes sure that there aren't more than 32 mesh config
5953 * parameters (otherwise our bitfield scheme would not work.) */
5954 BUILD_BUG_ON(NL80211_MESHCONF_ATTR_MAX > 32);
5955
5956 /* Fill in the params struct */
5957 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshRetryTimeout, 1, 255,
5958 mask, NL80211_MESHCONF_RETRY_TIMEOUT,
5959 nl80211_check_u16);
5960 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConfirmTimeout, 1, 255,
5961 mask, NL80211_MESHCONF_CONFIRM_TIMEOUT,
5962 nl80211_check_u16);
5963 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHoldingTimeout, 1, 255,
5964 mask, NL80211_MESHCONF_HOLDING_TIMEOUT,
5965 nl80211_check_u16);
5966 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxPeerLinks, 0, 255,
5967 mask, NL80211_MESHCONF_MAX_PEER_LINKS,
5968 nl80211_check_u16);
5969 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxRetries, 0, 16,
5970 mask, NL80211_MESHCONF_MAX_RETRIES,
5971 nl80211_check_u8);
5972 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshTTL, 1, 255,
5973 mask, NL80211_MESHCONF_TTL, nl80211_check_u8);
5974 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, element_ttl, 1, 255,
5975 mask, NL80211_MESHCONF_ELEMENT_TTL,
5976 nl80211_check_u8);
5977 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, auto_open_plinks, 0, 1,
5978 mask, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
5979 nl80211_check_bool);
5980 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshNbrOffsetMaxNeighbor,
5981 1, 255, mask,
5982 NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
5983 nl80211_check_u32);
5984 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPmaxPREQretries, 0, 255,
5985 mask, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
5986 nl80211_check_u8);
5987 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, path_refresh_time, 1, 65535,
5988 mask, NL80211_MESHCONF_PATH_REFRESH_TIME,
5989 nl80211_check_u32);
5990 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, min_discovery_timeout, 1, 65535,
5991 mask, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
5992 nl80211_check_u16);
5993 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathTimeout,
5994 1, 65535, mask,
5995 NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
5996 nl80211_check_u32);
5997 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPpreqMinInterval,
5998 1, 65535, mask,
5999 NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
6000 nl80211_check_u16);
6001 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPperrMinInterval,
6002 1, 65535, mask,
6003 NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
6004 nl80211_check_u16);
6005 FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
6006 dot11MeshHWMPnetDiameterTraversalTime,
6007 1, 65535, mask,
6008 NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
6009 nl80211_check_u16);
6010 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRootMode, 0, 4,
6011 mask, NL80211_MESHCONF_HWMP_ROOTMODE,
6012 nl80211_check_u8);
6013 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRannInterval, 1, 65535,
6014 mask, NL80211_MESHCONF_HWMP_RANN_INTERVAL,
6015 nl80211_check_u16);
6016 FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
6017 dot11MeshGateAnnouncementProtocol, 0, 1,
6018 mask, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
6019 nl80211_check_bool);
6020 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshForwarding, 0, 1,
6021 mask, NL80211_MESHCONF_FORWARDING,
6022 nl80211_check_bool);
6023 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, rssi_threshold, -255, 0,
6024 mask, NL80211_MESHCONF_RSSI_THRESHOLD,
6025 nl80211_check_s32);
6026 /*
6027 * Check HT operation mode based on
6028 * IEEE 802.11 2012 8.4.2.59 HT Operation element.
6029 */
6030 if (tb[NL80211_MESHCONF_HT_OPMODE]) {
6031 ht_opmode = nla_get_u16(tb[NL80211_MESHCONF_HT_OPMODE]);
6032
6033 if (ht_opmode & ~(IEEE80211_HT_OP_MODE_PROTECTION |
6034 IEEE80211_HT_OP_MODE_NON_GF_STA_PRSNT |
6035 IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT))
6036 return -EINVAL;
6037
6038 if ((ht_opmode & IEEE80211_HT_OP_MODE_NON_GF_STA_PRSNT) &&
6039 (ht_opmode & IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT))
6040 return -EINVAL;
6041
6042 switch (ht_opmode & IEEE80211_HT_OP_MODE_PROTECTION) {
6043 case IEEE80211_HT_OP_MODE_PROTECTION_NONE:
6044 case IEEE80211_HT_OP_MODE_PROTECTION_20MHZ:
6045 if (ht_opmode & IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT)
6046 return -EINVAL;
6047 break;
6048 case IEEE80211_HT_OP_MODE_PROTECTION_NONMEMBER:
6049 case IEEE80211_HT_OP_MODE_PROTECTION_NONHT_MIXED:
6050 if (!(ht_opmode & IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT))
6051 return -EINVAL;
6052 break;
6053 }
6054 cfg->ht_opmode = ht_opmode;
6055 mask |= (1 << (NL80211_MESHCONF_HT_OPMODE - 1));
6056 }
6057 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathToRootTimeout,
6058 1, 65535, mask,
6059 NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
6060 nl80211_check_u32);
6061 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMProotInterval, 1, 65535,
6062 mask, NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
6063 nl80211_check_u16);
6064 FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
6065 dot11MeshHWMPconfirmationInterval,
6066 1, 65535, mask,
6067 NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
6068 nl80211_check_u16);
6069 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, power_mode,
6070 NL80211_MESH_POWER_ACTIVE,
6071 NL80211_MESH_POWER_MAX,
6072 mask, NL80211_MESHCONF_POWER_MODE,
6073 nl80211_check_power_mode);
6074 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshAwakeWindowDuration,
6075 0, 65535, mask,
6076 NL80211_MESHCONF_AWAKE_WINDOW, nl80211_check_u16);
6077 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, plink_timeout, 0, 0xffffffff,
6078 mask, NL80211_MESHCONF_PLINK_TIMEOUT,
6079 nl80211_check_u32);
6080 if (mask_out)
6081 *mask_out = mask;
6082
6083 return 0;
6084
6085 #undef FILL_IN_MESH_PARAM_IF_SET
6086 }
6087
6088 static int nl80211_parse_mesh_setup(struct genl_info *info,
6089 struct mesh_setup *setup)
6090 {
6091 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6092 struct nlattr *tb[NL80211_MESH_SETUP_ATTR_MAX + 1];
6093
6094 if (!info->attrs[NL80211_ATTR_MESH_SETUP])
6095 return -EINVAL;
6096 if (nla_parse_nested(tb, NL80211_MESH_SETUP_ATTR_MAX,
6097 info->attrs[NL80211_ATTR_MESH_SETUP],
6098 nl80211_mesh_setup_params_policy, info->extack))
6099 return -EINVAL;
6100
6101 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])
6102 setup->sync_method =
6103 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])) ?
6104 IEEE80211_SYNC_METHOD_VENDOR :
6105 IEEE80211_SYNC_METHOD_NEIGHBOR_OFFSET;
6106
6107 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])
6108 setup->path_sel_proto =
6109 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])) ?
6110 IEEE80211_PATH_PROTOCOL_VENDOR :
6111 IEEE80211_PATH_PROTOCOL_HWMP;
6112
6113 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])
6114 setup->path_metric =
6115 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])) ?
6116 IEEE80211_PATH_METRIC_VENDOR :
6117 IEEE80211_PATH_METRIC_AIRTIME;
6118
6119 if (tb[NL80211_MESH_SETUP_IE]) {
6120 struct nlattr *ieattr =
6121 tb[NL80211_MESH_SETUP_IE];
6122 if (!is_valid_ie_attr(ieattr))
6123 return -EINVAL;
6124 setup->ie = nla_data(ieattr);
6125 setup->ie_len = nla_len(ieattr);
6126 }
6127 if (tb[NL80211_MESH_SETUP_USERSPACE_MPM] &&
6128 !(rdev->wiphy.features & NL80211_FEATURE_USERSPACE_MPM))
6129 return -EINVAL;
6130 setup->user_mpm = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_MPM]);
6131 setup->is_authenticated = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AUTH]);
6132 setup->is_secure = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AMPE]);
6133 if (setup->is_secure)
6134 setup->user_mpm = true;
6135
6136 if (tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]) {
6137 if (!setup->user_mpm)
6138 return -EINVAL;
6139 setup->auth_id =
6140 nla_get_u8(tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]);
6141 }
6142
6143 return 0;
6144 }
6145
6146 static int nl80211_update_mesh_config(struct sk_buff *skb,
6147 struct genl_info *info)
6148 {
6149 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6150 struct net_device *dev = info->user_ptr[1];
6151 struct wireless_dev *wdev = dev->ieee80211_ptr;
6152 struct mesh_config cfg;
6153 u32 mask;
6154 int err;
6155
6156 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
6157 return -EOPNOTSUPP;
6158
6159 if (!rdev->ops->update_mesh_config)
6160 return -EOPNOTSUPP;
6161
6162 err = nl80211_parse_mesh_config(info, &cfg, &mask);
6163 if (err)
6164 return err;
6165
6166 wdev_lock(wdev);
6167 if (!wdev->mesh_id_len)
6168 err = -ENOLINK;
6169
6170 if (!err)
6171 err = rdev_update_mesh_config(rdev, dev, mask, &cfg);
6172
6173 wdev_unlock(wdev);
6174
6175 return err;
6176 }
6177
6178 static int nl80211_put_regdom(const struct ieee80211_regdomain *regdom,
6179 struct sk_buff *msg)
6180 {
6181 struct nlattr *nl_reg_rules;
6182 unsigned int i;
6183
6184 if (nla_put_string(msg, NL80211_ATTR_REG_ALPHA2, regdom->alpha2) ||
6185 (regdom->dfs_region &&
6186 nla_put_u8(msg, NL80211_ATTR_DFS_REGION, regdom->dfs_region)))
6187 goto nla_put_failure;
6188
6189 nl_reg_rules = nla_nest_start(msg, NL80211_ATTR_REG_RULES);
6190 if (!nl_reg_rules)
6191 goto nla_put_failure;
6192
6193 for (i = 0; i < regdom->n_reg_rules; i++) {
6194 struct nlattr *nl_reg_rule;
6195 const struct ieee80211_reg_rule *reg_rule;
6196 const struct ieee80211_freq_range *freq_range;
6197 const struct ieee80211_power_rule *power_rule;
6198 unsigned int max_bandwidth_khz;
6199
6200 reg_rule = &regdom->reg_rules[i];
6201 freq_range = &reg_rule->freq_range;
6202 power_rule = &reg_rule->power_rule;
6203
6204 nl_reg_rule = nla_nest_start(msg, i);
6205 if (!nl_reg_rule)
6206 goto nla_put_failure;
6207
6208 max_bandwidth_khz = freq_range->max_bandwidth_khz;
6209 if (!max_bandwidth_khz)
6210 max_bandwidth_khz = reg_get_max_bandwidth(regdom,
6211 reg_rule);
6212
6213 if (nla_put_u32(msg, NL80211_ATTR_REG_RULE_FLAGS,
6214 reg_rule->flags) ||
6215 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_START,
6216 freq_range->start_freq_khz) ||
6217 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_END,
6218 freq_range->end_freq_khz) ||
6219 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_MAX_BW,
6220 max_bandwidth_khz) ||
6221 nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN,
6222 power_rule->max_antenna_gain) ||
6223 nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_EIRP,
6224 power_rule->max_eirp) ||
6225 nla_put_u32(msg, NL80211_ATTR_DFS_CAC_TIME,
6226 reg_rule->dfs_cac_ms))
6227 goto nla_put_failure;
6228
6229 nla_nest_end(msg, nl_reg_rule);
6230 }
6231
6232 nla_nest_end(msg, nl_reg_rules);
6233 return 0;
6234
6235 nla_put_failure:
6236 return -EMSGSIZE;
6237 }
6238
6239 static int nl80211_get_reg_do(struct sk_buff *skb, struct genl_info *info)
6240 {
6241 const struct ieee80211_regdomain *regdom = NULL;
6242 struct cfg80211_registered_device *rdev;
6243 struct wiphy *wiphy = NULL;
6244 struct sk_buff *msg;
6245 void *hdr;
6246
6247 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
6248 if (!msg)
6249 return -ENOBUFS;
6250
6251 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
6252 NL80211_CMD_GET_REG);
6253 if (!hdr)
6254 goto put_failure;
6255
6256 if (info->attrs[NL80211_ATTR_WIPHY]) {
6257 bool self_managed;
6258
6259 rdev = cfg80211_get_dev_from_info(genl_info_net(info), info);
6260 if (IS_ERR(rdev)) {
6261 nlmsg_free(msg);
6262 return PTR_ERR(rdev);
6263 }
6264
6265 wiphy = &rdev->wiphy;
6266 self_managed = wiphy->regulatory_flags &
6267 REGULATORY_WIPHY_SELF_MANAGED;
6268 regdom = get_wiphy_regdom(wiphy);
6269
6270 /* a self-managed-reg device must have a private regdom */
6271 if (WARN_ON(!regdom && self_managed)) {
6272 nlmsg_free(msg);
6273 return -EINVAL;
6274 }
6275
6276 if (regdom &&
6277 nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
6278 goto nla_put_failure;
6279 }
6280
6281 if (!wiphy && reg_last_request_cell_base() &&
6282 nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE,
6283 NL80211_USER_REG_HINT_CELL_BASE))
6284 goto nla_put_failure;
6285
6286 rcu_read_lock();
6287
6288 if (!regdom)
6289 regdom = rcu_dereference(cfg80211_regdomain);
6290
6291 if (nl80211_put_regdom(regdom, msg))
6292 goto nla_put_failure_rcu;
6293
6294 rcu_read_unlock();
6295
6296 genlmsg_end(msg, hdr);
6297 return genlmsg_reply(msg, info);
6298
6299 nla_put_failure_rcu:
6300 rcu_read_unlock();
6301 nla_put_failure:
6302 genlmsg_cancel(msg, hdr);
6303 put_failure:
6304 nlmsg_free(msg);
6305 return -EMSGSIZE;
6306 }
6307
6308 static int nl80211_send_regdom(struct sk_buff *msg, struct netlink_callback *cb,
6309 u32 seq, int flags, struct wiphy *wiphy,
6310 const struct ieee80211_regdomain *regdom)
6311 {
6312 void *hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags,
6313 NL80211_CMD_GET_REG);
6314
6315 if (!hdr)
6316 return -1;
6317
6318 genl_dump_check_consistent(cb, hdr);
6319
6320 if (nl80211_put_regdom(regdom, msg))
6321 goto nla_put_failure;
6322
6323 if (!wiphy && reg_last_request_cell_base() &&
6324 nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE,
6325 NL80211_USER_REG_HINT_CELL_BASE))
6326 goto nla_put_failure;
6327
6328 if (wiphy &&
6329 nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
6330 goto nla_put_failure;
6331
6332 if (wiphy && wiphy->regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
6333 nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
6334 goto nla_put_failure;
6335
6336 genlmsg_end(msg, hdr);
6337 return 0;
6338
6339 nla_put_failure:
6340 genlmsg_cancel(msg, hdr);
6341 return -EMSGSIZE;
6342 }
6343
6344 static int nl80211_get_reg_dump(struct sk_buff *skb,
6345 struct netlink_callback *cb)
6346 {
6347 const struct ieee80211_regdomain *regdom = NULL;
6348 struct cfg80211_registered_device *rdev;
6349 int err, reg_idx, start = cb->args[2];
6350
6351 rtnl_lock();
6352
6353 if (cfg80211_regdomain && start == 0) {
6354 err = nl80211_send_regdom(skb, cb, cb->nlh->nlmsg_seq,
6355 NLM_F_MULTI, NULL,
6356 rtnl_dereference(cfg80211_regdomain));
6357 if (err < 0)
6358 goto out_err;
6359 }
6360
6361 /* the global regdom is idx 0 */
6362 reg_idx = 1;
6363 list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
6364 regdom = get_wiphy_regdom(&rdev->wiphy);
6365 if (!regdom)
6366 continue;
6367
6368 if (++reg_idx <= start)
6369 continue;
6370
6371 err = nl80211_send_regdom(skb, cb, cb->nlh->nlmsg_seq,
6372 NLM_F_MULTI, &rdev->wiphy, regdom);
6373 if (err < 0) {
6374 reg_idx--;
6375 break;
6376 }
6377 }
6378
6379 cb->args[2] = reg_idx;
6380 err = skb->len;
6381 out_err:
6382 rtnl_unlock();
6383 return err;
6384 }
6385
6386 #ifdef CONFIG_CFG80211_CRDA_SUPPORT
6387 static const struct nla_policy reg_rule_policy[NL80211_REG_RULE_ATTR_MAX + 1] = {
6388 [NL80211_ATTR_REG_RULE_FLAGS] = { .type = NLA_U32 },
6389 [NL80211_ATTR_FREQ_RANGE_START] = { .type = NLA_U32 },
6390 [NL80211_ATTR_FREQ_RANGE_END] = { .type = NLA_U32 },
6391 [NL80211_ATTR_FREQ_RANGE_MAX_BW] = { .type = NLA_U32 },
6392 [NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN] = { .type = NLA_U32 },
6393 [NL80211_ATTR_POWER_RULE_MAX_EIRP] = { .type = NLA_U32 },
6394 [NL80211_ATTR_DFS_CAC_TIME] = { .type = NLA_U32 },
6395 };
6396
6397 static int parse_reg_rule(struct nlattr *tb[],
6398 struct ieee80211_reg_rule *reg_rule)
6399 {
6400 struct ieee80211_freq_range *freq_range = &reg_rule->freq_range;
6401 struct ieee80211_power_rule *power_rule = &reg_rule->power_rule;
6402
6403 if (!tb[NL80211_ATTR_REG_RULE_FLAGS])
6404 return -EINVAL;
6405 if (!tb[NL80211_ATTR_FREQ_RANGE_START])
6406 return -EINVAL;
6407 if (!tb[NL80211_ATTR_FREQ_RANGE_END])
6408 return -EINVAL;
6409 if (!tb[NL80211_ATTR_FREQ_RANGE_MAX_BW])
6410 return -EINVAL;
6411 if (!tb[NL80211_ATTR_POWER_RULE_MAX_EIRP])
6412 return -EINVAL;
6413
6414 reg_rule->flags = nla_get_u32(tb[NL80211_ATTR_REG_RULE_FLAGS]);
6415
6416 freq_range->start_freq_khz =
6417 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]);
6418 freq_range->end_freq_khz =
6419 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]);
6420 freq_range->max_bandwidth_khz =
6421 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]);
6422
6423 power_rule->max_eirp =
6424 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]);
6425
6426 if (tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN])
6427 power_rule->max_antenna_gain =
6428 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]);
6429
6430 if (tb[NL80211_ATTR_DFS_CAC_TIME])
6431 reg_rule->dfs_cac_ms =
6432 nla_get_u32(tb[NL80211_ATTR_DFS_CAC_TIME]);
6433
6434 return 0;
6435 }
6436
6437 static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info)
6438 {
6439 struct nlattr *tb[NL80211_REG_RULE_ATTR_MAX + 1];
6440 struct nlattr *nl_reg_rule;
6441 char *alpha2;
6442 int rem_reg_rules, r;
6443 u32 num_rules = 0, rule_idx = 0, size_of_regd;
6444 enum nl80211_dfs_regions dfs_region = NL80211_DFS_UNSET;
6445 struct ieee80211_regdomain *rd;
6446
6447 if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
6448 return -EINVAL;
6449
6450 if (!info->attrs[NL80211_ATTR_REG_RULES])
6451 return -EINVAL;
6452
6453 alpha2 = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
6454
6455 if (info->attrs[NL80211_ATTR_DFS_REGION])
6456 dfs_region = nla_get_u8(info->attrs[NL80211_ATTR_DFS_REGION]);
6457
6458 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
6459 rem_reg_rules) {
6460 num_rules++;
6461 if (num_rules > NL80211_MAX_SUPP_REG_RULES)
6462 return -EINVAL;
6463 }
6464
6465 if (!reg_is_valid_request(alpha2))
6466 return -EINVAL;
6467
6468 size_of_regd = sizeof(struct ieee80211_regdomain) +
6469 num_rules * sizeof(struct ieee80211_reg_rule);
6470
6471 rd = kzalloc(size_of_regd, GFP_KERNEL);
6472 if (!rd)
6473 return -ENOMEM;
6474
6475 rd->n_reg_rules = num_rules;
6476 rd->alpha2[0] = alpha2[0];
6477 rd->alpha2[1] = alpha2[1];
6478
6479 /*
6480 * Disable DFS master mode if the DFS region was
6481 * not supported or known on this kernel.
6482 */
6483 if (reg_supported_dfs_region(dfs_region))
6484 rd->dfs_region = dfs_region;
6485
6486 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
6487 rem_reg_rules) {
6488 r = nla_parse_nested(tb, NL80211_REG_RULE_ATTR_MAX,
6489 nl_reg_rule, reg_rule_policy,
6490 info->extack);
6491 if (r)
6492 goto bad_reg;
6493 r = parse_reg_rule(tb, &rd->reg_rules[rule_idx]);
6494 if (r)
6495 goto bad_reg;
6496
6497 rule_idx++;
6498
6499 if (rule_idx > NL80211_MAX_SUPP_REG_RULES) {
6500 r = -EINVAL;
6501 goto bad_reg;
6502 }
6503 }
6504
6505 /* set_regdom takes ownership of rd */
6506 return set_regdom(rd, REGD_SOURCE_CRDA);
6507 bad_reg:
6508 kfree(rd);
6509 return r;
6510 }
6511 #endif /* CONFIG_CFG80211_CRDA_SUPPORT */
6512
6513 static int validate_scan_freqs(struct nlattr *freqs)
6514 {
6515 struct nlattr *attr1, *attr2;
6516 int n_channels = 0, tmp1, tmp2;
6517
6518 nla_for_each_nested(attr1, freqs, tmp1)
6519 if (nla_len(attr1) != sizeof(u32))
6520 return 0;
6521
6522 nla_for_each_nested(attr1, freqs, tmp1) {
6523 n_channels++;
6524 /*
6525 * Some hardware has a limited channel list for
6526 * scanning, and it is pretty much nonsensical
6527 * to scan for a channel twice, so disallow that
6528 * and don't require drivers to check that the
6529 * channel list they get isn't longer than what
6530 * they can scan, as long as they can scan all
6531 * the channels they registered at once.
6532 */
6533 nla_for_each_nested(attr2, freqs, tmp2)
6534 if (attr1 != attr2 &&
6535 nla_get_u32(attr1) == nla_get_u32(attr2))
6536 return 0;
6537 }
6538
6539 return n_channels;
6540 }
6541
6542 static bool is_band_valid(struct wiphy *wiphy, enum nl80211_band b)
6543 {
6544 return b < NUM_NL80211_BANDS && wiphy->bands[b];
6545 }
6546
6547 static int parse_bss_select(struct nlattr *nla, struct wiphy *wiphy,
6548 struct cfg80211_bss_selection *bss_select)
6549 {
6550 struct nlattr *attr[NL80211_BSS_SELECT_ATTR_MAX + 1];
6551 struct nlattr *nest;
6552 int err;
6553 bool found = false;
6554 int i;
6555
6556 /* only process one nested attribute */
6557 nest = nla_data(nla);
6558 if (!nla_ok(nest, nla_len(nest)))
6559 return -EINVAL;
6560
6561 err = nla_parse_nested(attr, NL80211_BSS_SELECT_ATTR_MAX, nest,
6562 nl80211_bss_select_policy, NULL);
6563 if (err)
6564 return err;
6565
6566 /* only one attribute may be given */
6567 for (i = 0; i <= NL80211_BSS_SELECT_ATTR_MAX; i++) {
6568 if (attr[i]) {
6569 if (found)
6570 return -EINVAL;
6571 found = true;
6572 }
6573 }
6574
6575 bss_select->behaviour = __NL80211_BSS_SELECT_ATTR_INVALID;
6576
6577 if (attr[NL80211_BSS_SELECT_ATTR_RSSI])
6578 bss_select->behaviour = NL80211_BSS_SELECT_ATTR_RSSI;
6579
6580 if (attr[NL80211_BSS_SELECT_ATTR_BAND_PREF]) {
6581 bss_select->behaviour = NL80211_BSS_SELECT_ATTR_BAND_PREF;
6582 bss_select->param.band_pref =
6583 nla_get_u32(attr[NL80211_BSS_SELECT_ATTR_BAND_PREF]);
6584 if (!is_band_valid(wiphy, bss_select->param.band_pref))
6585 return -EINVAL;
6586 }
6587
6588 if (attr[NL80211_BSS_SELECT_ATTR_RSSI_ADJUST]) {
6589 struct nl80211_bss_select_rssi_adjust *adj_param;
6590
6591 adj_param = nla_data(attr[NL80211_BSS_SELECT_ATTR_RSSI_ADJUST]);
6592 bss_select->behaviour = NL80211_BSS_SELECT_ATTR_RSSI_ADJUST;
6593 bss_select->param.adjust.band = adj_param->band;
6594 bss_select->param.adjust.delta = adj_param->delta;
6595 if (!is_band_valid(wiphy, bss_select->param.adjust.band))
6596 return -EINVAL;
6597 }
6598
6599 /* user-space did not provide behaviour attribute */
6600 if (bss_select->behaviour == __NL80211_BSS_SELECT_ATTR_INVALID)
6601 return -EINVAL;
6602
6603 if (!(wiphy->bss_select_support & BIT(bss_select->behaviour)))
6604 return -EINVAL;
6605
6606 return 0;
6607 }
6608
6609 static int nl80211_parse_random_mac(struct nlattr **attrs,
6610 u8 *mac_addr, u8 *mac_addr_mask)
6611 {
6612 int i;
6613
6614 if (!attrs[NL80211_ATTR_MAC] && !attrs[NL80211_ATTR_MAC_MASK]) {
6615 eth_zero_addr(mac_addr);
6616 eth_zero_addr(mac_addr_mask);
6617 mac_addr[0] = 0x2;
6618 mac_addr_mask[0] = 0x3;
6619
6620 return 0;
6621 }
6622
6623 /* need both or none */
6624 if (!attrs[NL80211_ATTR_MAC] || !attrs[NL80211_ATTR_MAC_MASK])
6625 return -EINVAL;
6626
6627 memcpy(mac_addr, nla_data(attrs[NL80211_ATTR_MAC]), ETH_ALEN);
6628 memcpy(mac_addr_mask, nla_data(attrs[NL80211_ATTR_MAC_MASK]), ETH_ALEN);
6629
6630 /* don't allow or configure an mcast address */
6631 if (!is_multicast_ether_addr(mac_addr_mask) ||
6632 is_multicast_ether_addr(mac_addr))
6633 return -EINVAL;
6634
6635 /*
6636 * allow users to pass a MAC address that has bits set outside
6637 * of the mask, but don't bother drivers with having to deal
6638 * with such bits
6639 */
6640 for (i = 0; i < ETH_ALEN; i++)
6641 mac_addr[i] &= mac_addr_mask[i];
6642
6643 return 0;
6644 }
6645
6646 static bool cfg80211_off_channel_oper_allowed(struct wireless_dev *wdev)
6647 {
6648 ASSERT_WDEV_LOCK(wdev);
6649
6650 if (!cfg80211_beaconing_iface_active(wdev))
6651 return true;
6652
6653 if (!(wdev->chandef.chan->flags & IEEE80211_CHAN_RADAR))
6654 return true;
6655
6656 return regulatory_pre_cac_allowed(wdev->wiphy);
6657 }
6658
6659 static int
6660 nl80211_check_scan_flags(struct wiphy *wiphy, struct wireless_dev *wdev,
6661 void *request, struct nlattr **attrs,
6662 bool is_sched_scan)
6663 {
6664 u8 *mac_addr, *mac_addr_mask;
6665 u32 *flags;
6666 enum nl80211_feature_flags randomness_flag;
6667
6668 if (!attrs[NL80211_ATTR_SCAN_FLAGS])
6669 return 0;
6670
6671 if (is_sched_scan) {
6672 struct cfg80211_sched_scan_request *req = request;
6673
6674 randomness_flag = wdev ?
6675 NL80211_FEATURE_SCHED_SCAN_RANDOM_MAC_ADDR :
6676 NL80211_FEATURE_ND_RANDOM_MAC_ADDR;
6677 flags = &req->flags;
6678 mac_addr = req->mac_addr;
6679 mac_addr_mask = req->mac_addr_mask;
6680 } else {
6681 struct cfg80211_scan_request *req = request;
6682
6683 randomness_flag = NL80211_FEATURE_SCAN_RANDOM_MAC_ADDR;
6684 flags = &req->flags;
6685 mac_addr = req->mac_addr;
6686 mac_addr_mask = req->mac_addr_mask;
6687 }
6688
6689 *flags = nla_get_u32(attrs[NL80211_ATTR_SCAN_FLAGS]);
6690
6691 if ((*flags & NL80211_SCAN_FLAG_LOW_PRIORITY) &&
6692 !(wiphy->features & NL80211_FEATURE_LOW_PRIORITY_SCAN))
6693 return -EOPNOTSUPP;
6694
6695 if (*flags & NL80211_SCAN_FLAG_RANDOM_ADDR) {
6696 int err;
6697
6698 if (!(wiphy->features & randomness_flag) ||
6699 (wdev && wdev->current_bss))
6700 return -EOPNOTSUPP;
6701
6702 err = nl80211_parse_random_mac(attrs, mac_addr, mac_addr_mask);
6703 if (err)
6704 return err;
6705 }
6706
6707 if ((*flags & NL80211_SCAN_FLAG_FILS_MAX_CHANNEL_TIME) &&
6708 !wiphy_ext_feature_isset(wiphy,
6709 NL80211_EXT_FEATURE_FILS_MAX_CHANNEL_TIME))
6710 return -EOPNOTSUPP;
6711
6712 if ((*flags & NL80211_SCAN_FLAG_ACCEPT_BCAST_PROBE_RESP) &&
6713 !wiphy_ext_feature_isset(wiphy,
6714 NL80211_EXT_FEATURE_ACCEPT_BCAST_PROBE_RESP))
6715 return -EOPNOTSUPP;
6716
6717 if ((*flags & NL80211_SCAN_FLAG_OCE_PROBE_REQ_DEFERRAL_SUPPRESSION) &&
6718 !wiphy_ext_feature_isset(wiphy,
6719 NL80211_EXT_FEATURE_OCE_PROBE_REQ_DEFERRAL_SUPPRESSION))
6720 return -EOPNOTSUPP;
6721
6722 if ((*flags & NL80211_SCAN_FLAG_OCE_PROBE_REQ_HIGH_TX_RATE) &&
6723 !wiphy_ext_feature_isset(wiphy,
6724 NL80211_EXT_FEATURE_OCE_PROBE_REQ_HIGH_TX_RATE))
6725 return -EOPNOTSUPP;
6726
6727 return 0;
6728 }
6729
6730 static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info)
6731 {
6732 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6733 struct wireless_dev *wdev = info->user_ptr[1];
6734 struct cfg80211_scan_request *request;
6735 struct nlattr *attr;
6736 struct wiphy *wiphy;
6737 int err, tmp, n_ssids = 0, n_channels, i;
6738 size_t ie_len;
6739
6740 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
6741 return -EINVAL;
6742
6743 wiphy = &rdev->wiphy;
6744
6745 if (wdev->iftype == NL80211_IFTYPE_NAN)
6746 return -EOPNOTSUPP;
6747
6748 if (!rdev->ops->scan)
6749 return -EOPNOTSUPP;
6750
6751 if (rdev->scan_req || rdev->scan_msg) {
6752 err = -EBUSY;
6753 goto unlock;
6754 }
6755
6756 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
6757 n_channels = validate_scan_freqs(
6758 info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
6759 if (!n_channels) {
6760 err = -EINVAL;
6761 goto unlock;
6762 }
6763 } else {
6764 n_channels = ieee80211_get_num_supported_channels(wiphy);
6765 }
6766
6767 if (info->attrs[NL80211_ATTR_SCAN_SSIDS])
6768 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp)
6769 n_ssids++;
6770
6771 if (n_ssids > wiphy->max_scan_ssids) {
6772 err = -EINVAL;
6773 goto unlock;
6774 }
6775
6776 if (info->attrs[NL80211_ATTR_IE])
6777 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
6778 else
6779 ie_len = 0;
6780
6781 if (ie_len > wiphy->max_scan_ie_len) {
6782 err = -EINVAL;
6783 goto unlock;
6784 }
6785
6786 request = kzalloc(sizeof(*request)
6787 + sizeof(*request->ssids) * n_ssids
6788 + sizeof(*request->channels) * n_channels
6789 + ie_len, GFP_KERNEL);
6790 if (!request) {
6791 err = -ENOMEM;
6792 goto unlock;
6793 }
6794
6795 if (n_ssids)
6796 request->ssids = (void *)&request->channels[n_channels];
6797 request->n_ssids = n_ssids;
6798 if (ie_len) {
6799 if (n_ssids)
6800 request->ie = (void *)(request->ssids + n_ssids);
6801 else
6802 request->ie = (void *)(request->channels + n_channels);
6803 }
6804
6805 i = 0;
6806 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
6807 /* user specified, bail out if channel not found */
6808 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_FREQUENCIES], tmp) {
6809 struct ieee80211_channel *chan;
6810
6811 chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
6812
6813 if (!chan) {
6814 err = -EINVAL;
6815 goto out_free;
6816 }
6817
6818 /* ignore disabled channels */
6819 if (chan->flags & IEEE80211_CHAN_DISABLED)
6820 continue;
6821
6822 request->channels[i] = chan;
6823 i++;
6824 }
6825 } else {
6826 enum nl80211_band band;
6827
6828 /* all channels */
6829 for (band = 0; band < NUM_NL80211_BANDS; band++) {
6830 int j;
6831
6832 if (!wiphy->bands[band])
6833 continue;
6834 for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
6835 struct ieee80211_channel *chan;
6836
6837 chan = &wiphy->bands[band]->channels[j];
6838
6839 if (chan->flags & IEEE80211_CHAN_DISABLED)
6840 continue;
6841
6842 request->channels[i] = chan;
6843 i++;
6844 }
6845 }
6846 }
6847
6848 if (!i) {
6849 err = -EINVAL;
6850 goto out_free;
6851 }
6852
6853 request->n_channels = i;
6854
6855 wdev_lock(wdev);
6856 if (!cfg80211_off_channel_oper_allowed(wdev)) {
6857 struct ieee80211_channel *chan;
6858
6859 if (request->n_channels != 1) {
6860 wdev_unlock(wdev);
6861 err = -EBUSY;
6862 goto out_free;
6863 }
6864
6865 chan = request->channels[0];
6866 if (chan->center_freq != wdev->chandef.chan->center_freq) {
6867 wdev_unlock(wdev);
6868 err = -EBUSY;
6869 goto out_free;
6870 }
6871 }
6872 wdev_unlock(wdev);
6873
6874 i = 0;
6875 if (n_ssids) {
6876 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) {
6877 if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
6878 err = -EINVAL;
6879 goto out_free;
6880 }
6881 request->ssids[i].ssid_len = nla_len(attr);
6882 memcpy(request->ssids[i].ssid, nla_data(attr), nla_len(attr));
6883 i++;
6884 }
6885 }
6886
6887 if (info->attrs[NL80211_ATTR_IE]) {
6888 request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
6889 memcpy((void *)request->ie,
6890 nla_data(info->attrs[NL80211_ATTR_IE]),
6891 request->ie_len);
6892 }
6893
6894 for (i = 0; i < NUM_NL80211_BANDS; i++)
6895 if (wiphy->bands[i])
6896 request->rates[i] =
6897 (1 << wiphy->bands[i]->n_bitrates) - 1;
6898
6899 if (info->attrs[NL80211_ATTR_SCAN_SUPP_RATES]) {
6900 nla_for_each_nested(attr,
6901 info->attrs[NL80211_ATTR_SCAN_SUPP_RATES],
6902 tmp) {
6903 enum nl80211_band band = nla_type(attr);
6904
6905 if (band < 0 || band >= NUM_NL80211_BANDS) {
6906 err = -EINVAL;
6907 goto out_free;
6908 }
6909
6910 if (!wiphy->bands[band])
6911 continue;
6912
6913 err = ieee80211_get_ratemask(wiphy->bands[band],
6914 nla_data(attr),
6915 nla_len(attr),
6916 &request->rates[band]);
6917 if (err)
6918 goto out_free;
6919 }
6920 }
6921
6922 if (info->attrs[NL80211_ATTR_MEASUREMENT_DURATION]) {
6923 if (!wiphy_ext_feature_isset(wiphy,
6924 NL80211_EXT_FEATURE_SET_SCAN_DWELL)) {
6925 err = -EOPNOTSUPP;
6926 goto out_free;
6927 }
6928
6929 request->duration =
6930 nla_get_u16(info->attrs[NL80211_ATTR_MEASUREMENT_DURATION]);
6931 request->duration_mandatory =
6932 nla_get_flag(info->attrs[NL80211_ATTR_MEASUREMENT_DURATION_MANDATORY]);
6933 }
6934
6935 err = nl80211_check_scan_flags(wiphy, wdev, request, info->attrs,
6936 false);
6937 if (err)
6938 goto out_free;
6939
6940 request->no_cck =
6941 nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
6942
6943 /* Initial implementation used NL80211_ATTR_MAC to set the specific
6944 * BSSID to scan for. This was problematic because that same attribute
6945 * was already used for another purpose (local random MAC address). The
6946 * NL80211_ATTR_BSSID attribute was added to fix this. For backwards
6947 * compatibility with older userspace components, also use the
6948 * NL80211_ATTR_MAC value here if it can be determined to be used for
6949 * the specific BSSID use case instead of the random MAC address
6950 * (NL80211_ATTR_SCAN_FLAGS is used to enable random MAC address use).
6951 */
6952 if (info->attrs[NL80211_ATTR_BSSID])
6953 memcpy(request->bssid,
6954 nla_data(info->attrs[NL80211_ATTR_BSSID]), ETH_ALEN);
6955 else if (!(request->flags & NL80211_SCAN_FLAG_RANDOM_ADDR) &&
6956 info->attrs[NL80211_ATTR_MAC])
6957 memcpy(request->bssid, nla_data(info->attrs[NL80211_ATTR_MAC]),
6958 ETH_ALEN);
6959 else
6960 eth_broadcast_addr(request->bssid);
6961
6962 request->wdev = wdev;
6963 request->wiphy = &rdev->wiphy;
6964 request->scan_start = jiffies;
6965
6966 rdev->scan_req = request;
6967 err = rdev_scan(rdev, request);
6968
6969 if (!err) {
6970 nl80211_send_scan_start(rdev, wdev);
6971 if (wdev->netdev)
6972 dev_hold(wdev->netdev);
6973 } else {
6974 out_free:
6975 rdev->scan_req = NULL;
6976 kfree(request);
6977 }
6978
6979 unlock:
6980 return err;
6981 }
6982
6983 static int nl80211_abort_scan(struct sk_buff *skb, struct genl_info *info)
6984 {
6985 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6986 struct wireless_dev *wdev = info->user_ptr[1];
6987
6988 if (!rdev->ops->abort_scan)
6989 return -EOPNOTSUPP;
6990
6991 if (rdev->scan_msg)
6992 return 0;
6993
6994 if (!rdev->scan_req)
6995 return -ENOENT;
6996
6997 rdev_abort_scan(rdev, wdev);
6998 return 0;
6999 }
7000
7001 static int
7002 nl80211_parse_sched_scan_plans(struct wiphy *wiphy, int n_plans,
7003 struct cfg80211_sched_scan_request *request,
7004 struct nlattr **attrs)
7005 {
7006 int tmp, err, i = 0;
7007 struct nlattr *attr;
7008
7009 if (!attrs[NL80211_ATTR_SCHED_SCAN_PLANS]) {
7010 u32 interval;
7011
7012 /*
7013 * If scan plans are not specified,
7014 * %NL80211_ATTR_SCHED_SCAN_INTERVAL will be specified. In this
7015 * case one scan plan will be set with the specified scan
7016 * interval and infinite number of iterations.
7017 */
7018 interval = nla_get_u32(attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]);
7019 if (!interval)
7020 return -EINVAL;
7021
7022 request->scan_plans[0].interval =
7023 DIV_ROUND_UP(interval, MSEC_PER_SEC);
7024 if (!request->scan_plans[0].interval)
7025 return -EINVAL;
7026
7027 if (request->scan_plans[0].interval >
7028 wiphy->max_sched_scan_plan_interval)
7029 request->scan_plans[0].interval =
7030 wiphy->max_sched_scan_plan_interval;
7031
7032 return 0;
7033 }
7034
7035 nla_for_each_nested(attr, attrs[NL80211_ATTR_SCHED_SCAN_PLANS], tmp) {
7036 struct nlattr *plan[NL80211_SCHED_SCAN_PLAN_MAX + 1];
7037
7038 if (WARN_ON(i >= n_plans))
7039 return -EINVAL;
7040
7041 err = nla_parse_nested(plan, NL80211_SCHED_SCAN_PLAN_MAX,
7042 attr, nl80211_plan_policy, NULL);
7043 if (err)
7044 return err;
7045
7046 if (!plan[NL80211_SCHED_SCAN_PLAN_INTERVAL])
7047 return -EINVAL;
7048
7049 request->scan_plans[i].interval =
7050 nla_get_u32(plan[NL80211_SCHED_SCAN_PLAN_INTERVAL]);
7051 if (!request->scan_plans[i].interval ||
7052 request->scan_plans[i].interval >
7053 wiphy->max_sched_scan_plan_interval)
7054 return -EINVAL;
7055
7056 if (plan[NL80211_SCHED_SCAN_PLAN_ITERATIONS]) {
7057 request->scan_plans[i].iterations =
7058 nla_get_u32(plan[NL80211_SCHED_SCAN_PLAN_ITERATIONS]);
7059 if (!request->scan_plans[i].iterations ||
7060 (request->scan_plans[i].iterations >
7061 wiphy->max_sched_scan_plan_iterations))
7062 return -EINVAL;
7063 } else if (i < n_plans - 1) {
7064 /*
7065 * All scan plans but the last one must specify
7066 * a finite number of iterations
7067 */
7068 return -EINVAL;
7069 }
7070
7071 i++;
7072 }
7073
7074 /*
7075 * The last scan plan must not specify the number of
7076 * iterations, it is supposed to run infinitely
7077 */
7078 if (request->scan_plans[n_plans - 1].iterations)
7079 return -EINVAL;
7080
7081 return 0;
7082 }
7083
7084 static struct cfg80211_sched_scan_request *
7085 nl80211_parse_sched_scan(struct wiphy *wiphy, struct wireless_dev *wdev,
7086 struct nlattr **attrs, int max_match_sets)
7087 {
7088 struct cfg80211_sched_scan_request *request;
7089 struct nlattr *attr;
7090 int err, tmp, n_ssids = 0, n_match_sets = 0, n_channels, i, n_plans = 0;
7091 enum nl80211_band band;
7092 size_t ie_len;
7093 struct nlattr *tb[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1];
7094 s32 default_match_rssi = NL80211_SCAN_RSSI_THOLD_OFF;
7095
7096 if (!is_valid_ie_attr(attrs[NL80211_ATTR_IE]))
7097 return ERR_PTR(-EINVAL);
7098
7099 if (attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
7100 n_channels = validate_scan_freqs(
7101 attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
7102 if (!n_channels)
7103 return ERR_PTR(-EINVAL);
7104 } else {
7105 n_channels = ieee80211_get_num_supported_channels(wiphy);
7106 }
7107
7108 if (attrs[NL80211_ATTR_SCAN_SSIDS])
7109 nla_for_each_nested(attr, attrs[NL80211_ATTR_SCAN_SSIDS],
7110 tmp)
7111 n_ssids++;
7112
7113 if (n_ssids > wiphy->max_sched_scan_ssids)
7114 return ERR_PTR(-EINVAL);
7115
7116 /*
7117 * First, count the number of 'real' matchsets. Due to an issue with
7118 * the old implementation, matchsets containing only the RSSI attribute
7119 * (NL80211_SCHED_SCAN_MATCH_ATTR_RSSI) are considered as the 'default'
7120 * RSSI for all matchsets, rather than their own matchset for reporting
7121 * all APs with a strong RSSI. This is needed to be compatible with
7122 * older userspace that treated a matchset with only the RSSI as the
7123 * global RSSI for all other matchsets - if there are other matchsets.
7124 */
7125 if (attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
7126 nla_for_each_nested(attr,
7127 attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
7128 tmp) {
7129 struct nlattr *rssi;
7130
7131 err = nla_parse_nested(tb,
7132 NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
7133 attr, nl80211_match_policy,
7134 NULL);
7135 if (err)
7136 return ERR_PTR(err);
7137
7138 /* SSID and BSSID are mutually exclusive */
7139 if (tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID] &&
7140 tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID])
7141 return ERR_PTR(-EINVAL);
7142
7143 /* add other standalone attributes here */
7144 if (tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID] ||
7145 tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID]) {
7146 n_match_sets++;
7147 continue;
7148 }
7149 rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
7150 if (rssi)
7151 default_match_rssi = nla_get_s32(rssi);
7152 }
7153 }
7154
7155 /* However, if there's no other matchset, add the RSSI one */
7156 if (!n_match_sets && default_match_rssi != NL80211_SCAN_RSSI_THOLD_OFF)
7157 n_match_sets = 1;
7158
7159 if (n_match_sets > max_match_sets)
7160 return ERR_PTR(-EINVAL);
7161
7162 if (attrs[NL80211_ATTR_IE])
7163 ie_len = nla_len(attrs[NL80211_ATTR_IE]);
7164 else
7165 ie_len = 0;
7166
7167 if (ie_len > wiphy->max_sched_scan_ie_len)
7168 return ERR_PTR(-EINVAL);
7169
7170 if (attrs[NL80211_ATTR_SCHED_SCAN_PLANS]) {
7171 /*
7172 * NL80211_ATTR_SCHED_SCAN_INTERVAL must not be specified since
7173 * each scan plan already specifies its own interval
7174 */
7175 if (attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
7176 return ERR_PTR(-EINVAL);
7177
7178 nla_for_each_nested(attr,
7179 attrs[NL80211_ATTR_SCHED_SCAN_PLANS], tmp)
7180 n_plans++;
7181 } else {
7182 /*
7183 * The scan interval attribute is kept for backward
7184 * compatibility. If no scan plans are specified and sched scan
7185 * interval is specified, one scan plan will be set with this
7186 * scan interval and infinite number of iterations.
7187 */
7188 if (!attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
7189 return ERR_PTR(-EINVAL);
7190
7191 n_plans = 1;
7192 }
7193
7194 if (!n_plans || n_plans > wiphy->max_sched_scan_plans)
7195 return ERR_PTR(-EINVAL);
7196
7197 if (!wiphy_ext_feature_isset(
7198 wiphy, NL80211_EXT_FEATURE_SCHED_SCAN_RELATIVE_RSSI) &&
7199 (attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI] ||
7200 attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]))
7201 return ERR_PTR(-EINVAL);
7202
7203 request = kzalloc(sizeof(*request)
7204 + sizeof(*request->ssids) * n_ssids
7205 + sizeof(*request->match_sets) * n_match_sets
7206 + sizeof(*request->scan_plans) * n_plans
7207 + sizeof(*request->channels) * n_channels
7208 + ie_len, GFP_KERNEL);
7209 if (!request)
7210 return ERR_PTR(-ENOMEM);
7211
7212 if (n_ssids)
7213 request->ssids = (void *)&request->channels[n_channels];
7214 request->n_ssids = n_ssids;
7215 if (ie_len) {
7216 if (n_ssids)
7217 request->ie = (void *)(request->ssids + n_ssids);
7218 else
7219 request->ie = (void *)(request->channels + n_channels);
7220 }
7221
7222 if (n_match_sets) {
7223 if (request->ie)
7224 request->match_sets = (void *)(request->ie + ie_len);
7225 else if (n_ssids)
7226 request->match_sets =
7227 (void *)(request->ssids + n_ssids);
7228 else
7229 request->match_sets =
7230 (void *)(request->channels + n_channels);
7231 }
7232 request->n_match_sets = n_match_sets;
7233
7234 if (n_match_sets)
7235 request->scan_plans = (void *)(request->match_sets +
7236 n_match_sets);
7237 else if (request->ie)
7238 request->scan_plans = (void *)(request->ie + ie_len);
7239 else if (n_ssids)
7240 request->scan_plans = (void *)(request->ssids + n_ssids);
7241 else
7242 request->scan_plans = (void *)(request->channels + n_channels);
7243
7244 request->n_scan_plans = n_plans;
7245
7246 i = 0;
7247 if (attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
7248 /* user specified, bail out if channel not found */
7249 nla_for_each_nested(attr,
7250 attrs[NL80211_ATTR_SCAN_FREQUENCIES],
7251 tmp) {
7252 struct ieee80211_channel *chan;
7253
7254 chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
7255
7256 if (!chan) {
7257 err = -EINVAL;
7258 goto out_free;
7259 }
7260
7261 /* ignore disabled channels */
7262 if (chan->flags & IEEE80211_CHAN_DISABLED)
7263 continue;
7264
7265 request->channels[i] = chan;
7266 i++;
7267 }
7268 } else {
7269 /* all channels */
7270 for (band = 0; band < NUM_NL80211_BANDS; band++) {
7271 int j;
7272
7273 if (!wiphy->bands[band])
7274 continue;
7275 for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
7276 struct ieee80211_channel *chan;
7277
7278 chan = &wiphy->bands[band]->channels[j];
7279
7280 if (chan->flags & IEEE80211_CHAN_DISABLED)
7281 continue;
7282
7283 request->channels[i] = chan;
7284 i++;
7285 }
7286 }
7287 }
7288
7289 if (!i) {
7290 err = -EINVAL;
7291 goto out_free;
7292 }
7293
7294 request->n_channels = i;
7295
7296 i = 0;
7297 if (n_ssids) {
7298 nla_for_each_nested(attr, attrs[NL80211_ATTR_SCAN_SSIDS],
7299 tmp) {
7300 if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
7301 err = -EINVAL;
7302 goto out_free;
7303 }
7304 request->ssids[i].ssid_len = nla_len(attr);
7305 memcpy(request->ssids[i].ssid, nla_data(attr),
7306 nla_len(attr));
7307 i++;
7308 }
7309 }
7310
7311 i = 0;
7312 if (attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
7313 nla_for_each_nested(attr,
7314 attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
7315 tmp) {
7316 struct nlattr *ssid, *bssid, *rssi;
7317
7318 err = nla_parse_nested(tb,
7319 NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
7320 attr, nl80211_match_policy,
7321 NULL);
7322 if (err)
7323 goto out_free;
7324 ssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID];
7325 bssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID];
7326 if (ssid || bssid) {
7327 if (WARN_ON(i >= n_match_sets)) {
7328 /* this indicates a programming error,
7329 * the loop above should have verified
7330 * things properly
7331 */
7332 err = -EINVAL;
7333 goto out_free;
7334 }
7335
7336 if (ssid) {
7337 if (nla_len(ssid) > IEEE80211_MAX_SSID_LEN) {
7338 err = -EINVAL;
7339 goto out_free;
7340 }
7341 memcpy(request->match_sets[i].ssid.ssid,
7342 nla_data(ssid), nla_len(ssid));
7343 request->match_sets[i].ssid.ssid_len =
7344 nla_len(ssid);
7345 }
7346 if (bssid) {
7347 if (nla_len(bssid) != ETH_ALEN) {
7348 err = -EINVAL;
7349 goto out_free;
7350 }
7351 memcpy(request->match_sets[i].bssid,
7352 nla_data(bssid), ETH_ALEN);
7353 }
7354
7355 /* special attribute - old implementation w/a */
7356 request->match_sets[i].rssi_thold =
7357 default_match_rssi;
7358 rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
7359 if (rssi)
7360 request->match_sets[i].rssi_thold =
7361 nla_get_s32(rssi);
7362 }
7363 i++;
7364 }
7365
7366 /* there was no other matchset, so the RSSI one is alone */
7367 if (i == 0 && n_match_sets)
7368 request->match_sets[0].rssi_thold = default_match_rssi;
7369
7370 request->min_rssi_thold = INT_MAX;
7371 for (i = 0; i < n_match_sets; i++)
7372 request->min_rssi_thold =
7373 min(request->match_sets[i].rssi_thold,
7374 request->min_rssi_thold);
7375 } else {
7376 request->min_rssi_thold = NL80211_SCAN_RSSI_THOLD_OFF;
7377 }
7378
7379 if (ie_len) {
7380 request->ie_len = ie_len;
7381 memcpy((void *)request->ie,
7382 nla_data(attrs[NL80211_ATTR_IE]),
7383 request->ie_len);
7384 }
7385
7386 err = nl80211_check_scan_flags(wiphy, wdev, request, attrs, true);
7387 if (err)
7388 goto out_free;
7389
7390 if (attrs[NL80211_ATTR_SCHED_SCAN_DELAY])
7391 request->delay =
7392 nla_get_u32(attrs[NL80211_ATTR_SCHED_SCAN_DELAY]);
7393
7394 if (attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI]) {
7395 request->relative_rssi = nla_get_s8(
7396 attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI]);
7397 request->relative_rssi_set = true;
7398 }
7399
7400 if (request->relative_rssi_set &&
7401 attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]) {
7402 struct nl80211_bss_select_rssi_adjust *rssi_adjust;
7403
7404 rssi_adjust = nla_data(
7405 attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]);
7406 request->rssi_adjust.band = rssi_adjust->band;
7407 request->rssi_adjust.delta = rssi_adjust->delta;
7408 if (!is_band_valid(wiphy, request->rssi_adjust.band)) {
7409 err = -EINVAL;
7410 goto out_free;
7411 }
7412 }
7413
7414 err = nl80211_parse_sched_scan_plans(wiphy, n_plans, request, attrs);
7415 if (err)
7416 goto out_free;
7417
7418 request->scan_start = jiffies;
7419
7420 return request;
7421
7422 out_free:
7423 kfree(request);
7424 return ERR_PTR(err);
7425 }
7426
7427 static int nl80211_start_sched_scan(struct sk_buff *skb,
7428 struct genl_info *info)
7429 {
7430 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7431 struct net_device *dev = info->user_ptr[1];
7432 struct wireless_dev *wdev = dev->ieee80211_ptr;
7433 struct cfg80211_sched_scan_request *sched_scan_req;
7434 bool want_multi;
7435 int err;
7436
7437 if (!rdev->wiphy.max_sched_scan_reqs || !rdev->ops->sched_scan_start)
7438 return -EOPNOTSUPP;
7439
7440 want_multi = info->attrs[NL80211_ATTR_SCHED_SCAN_MULTI];
7441 err = cfg80211_sched_scan_req_possible(rdev, want_multi);
7442 if (err)
7443 return err;
7444
7445 sched_scan_req = nl80211_parse_sched_scan(&rdev->wiphy, wdev,
7446 info->attrs,
7447 rdev->wiphy.max_match_sets);
7448
7449 err = PTR_ERR_OR_ZERO(sched_scan_req);
7450 if (err)
7451 goto out_err;
7452
7453 /* leave request id zero for legacy request
7454 * or if driver does not support multi-scheduled scan
7455 */
7456 if (want_multi && rdev->wiphy.max_sched_scan_reqs > 1) {
7457 while (!sched_scan_req->reqid)
7458 sched_scan_req->reqid = rdev->wiphy.cookie_counter++;
7459 }
7460
7461 err = rdev_sched_scan_start(rdev, dev, sched_scan_req);
7462 if (err)
7463 goto out_free;
7464
7465 sched_scan_req->dev = dev;
7466 sched_scan_req->wiphy = &rdev->wiphy;
7467
7468 if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
7469 sched_scan_req->owner_nlportid = info->snd_portid;
7470
7471 cfg80211_add_sched_scan_req(rdev, sched_scan_req);
7472
7473 nl80211_send_sched_scan(sched_scan_req, NL80211_CMD_START_SCHED_SCAN);
7474 return 0;
7475
7476 out_free:
7477 kfree(sched_scan_req);
7478 out_err:
7479 return err;
7480 }
7481
7482 static int nl80211_stop_sched_scan(struct sk_buff *skb,
7483 struct genl_info *info)
7484 {
7485 struct cfg80211_sched_scan_request *req;
7486 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7487 u64 cookie;
7488
7489 if (!rdev->wiphy.max_sched_scan_reqs || !rdev->ops->sched_scan_stop)
7490 return -EOPNOTSUPP;
7491
7492 if (info->attrs[NL80211_ATTR_COOKIE]) {
7493 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
7494 return __cfg80211_stop_sched_scan(rdev, cookie, false);
7495 }
7496
7497 req = list_first_or_null_rcu(&rdev->sched_scan_req_list,
7498 struct cfg80211_sched_scan_request,
7499 list);
7500 if (!req || req->reqid ||
7501 (req->owner_nlportid &&
7502 req->owner_nlportid != info->snd_portid))
7503 return -ENOENT;
7504
7505 return cfg80211_stop_sched_scan_req(rdev, req, false);
7506 }
7507
7508 static int nl80211_start_radar_detection(struct sk_buff *skb,
7509 struct genl_info *info)
7510 {
7511 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7512 struct net_device *dev = info->user_ptr[1];
7513 struct wireless_dev *wdev = dev->ieee80211_ptr;
7514 struct cfg80211_chan_def chandef;
7515 enum nl80211_dfs_regions dfs_region;
7516 unsigned int cac_time_ms;
7517 int err;
7518
7519 dfs_region = reg_get_dfs_region(wdev->wiphy);
7520 if (dfs_region == NL80211_DFS_UNSET)
7521 return -EINVAL;
7522
7523 err = nl80211_parse_chandef(rdev, info, &chandef);
7524 if (err)
7525 return err;
7526
7527 if (netif_carrier_ok(dev))
7528 return -EBUSY;
7529
7530 if (wdev->cac_started)
7531 return -EBUSY;
7532
7533 err = cfg80211_chandef_dfs_required(wdev->wiphy, &chandef,
7534 wdev->iftype);
7535 if (err < 0)
7536 return err;
7537
7538 if (err == 0)
7539 return -EINVAL;
7540
7541 if (!cfg80211_chandef_dfs_usable(wdev->wiphy, &chandef))
7542 return -EINVAL;
7543
7544 if (!rdev->ops->start_radar_detection)
7545 return -EOPNOTSUPP;
7546
7547 cac_time_ms = cfg80211_chandef_dfs_cac_time(&rdev->wiphy, &chandef);
7548 if (WARN_ON(!cac_time_ms))
7549 cac_time_ms = IEEE80211_DFS_MIN_CAC_TIME_MS;
7550
7551 err = rdev_start_radar_detection(rdev, dev, &chandef, cac_time_ms);
7552 if (!err) {
7553 wdev->chandef = chandef;
7554 wdev->cac_started = true;
7555 wdev->cac_start_time = jiffies;
7556 wdev->cac_time_ms = cac_time_ms;
7557 }
7558 return err;
7559 }
7560
7561 static int nl80211_channel_switch(struct sk_buff *skb, struct genl_info *info)
7562 {
7563 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7564 struct net_device *dev = info->user_ptr[1];
7565 struct wireless_dev *wdev = dev->ieee80211_ptr;
7566 struct cfg80211_csa_settings params;
7567 /* csa_attrs is defined static to avoid waste of stack size - this
7568 * function is called under RTNL lock, so this should not be a problem.
7569 */
7570 static struct nlattr *csa_attrs[NL80211_ATTR_MAX+1];
7571 int err;
7572 bool need_new_beacon = false;
7573 bool need_handle_dfs_flag = true;
7574 int len, i;
7575 u32 cs_count;
7576
7577 if (!rdev->ops->channel_switch ||
7578 !(rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH))
7579 return -EOPNOTSUPP;
7580
7581 switch (dev->ieee80211_ptr->iftype) {
7582 case NL80211_IFTYPE_AP:
7583 case NL80211_IFTYPE_P2P_GO:
7584 need_new_beacon = true;
7585 /* For all modes except AP the handle_dfs flag needs to be
7586 * supplied to tell the kernel that userspace will handle radar
7587 * events when they happen. Otherwise a switch to a channel
7588 * requiring DFS will be rejected.
7589 */
7590 need_handle_dfs_flag = false;
7591
7592 /* useless if AP is not running */
7593 if (!wdev->beacon_interval)
7594 return -ENOTCONN;
7595 break;
7596 case NL80211_IFTYPE_ADHOC:
7597 if (!wdev->ssid_len)
7598 return -ENOTCONN;
7599 break;
7600 case NL80211_IFTYPE_MESH_POINT:
7601 if (!wdev->mesh_id_len)
7602 return -ENOTCONN;
7603 break;
7604 default:
7605 return -EOPNOTSUPP;
7606 }
7607
7608 memset(&params, 0, sizeof(params));
7609
7610 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
7611 !info->attrs[NL80211_ATTR_CH_SWITCH_COUNT])
7612 return -EINVAL;
7613
7614 /* only important for AP, IBSS and mesh create IEs internally */
7615 if (need_new_beacon && !info->attrs[NL80211_ATTR_CSA_IES])
7616 return -EINVAL;
7617
7618 /* Even though the attribute is u32, the specification says
7619 * u8, so let's make sure we don't overflow.
7620 */
7621 cs_count = nla_get_u32(info->attrs[NL80211_ATTR_CH_SWITCH_COUNT]);
7622 if (cs_count > 255)
7623 return -EINVAL;
7624
7625 params.count = cs_count;
7626
7627 if (!need_new_beacon)
7628 goto skip_beacons;
7629
7630 err = nl80211_parse_beacon(info->attrs, &params.beacon_after);
7631 if (err)
7632 return err;
7633
7634 err = nla_parse_nested(csa_attrs, NL80211_ATTR_MAX,
7635 info->attrs[NL80211_ATTR_CSA_IES],
7636 nl80211_policy, info->extack);
7637 if (err)
7638 return err;
7639
7640 err = nl80211_parse_beacon(csa_attrs, &params.beacon_csa);
7641 if (err)
7642 return err;
7643
7644 if (!csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON])
7645 return -EINVAL;
7646
7647 len = nla_len(csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON]);
7648 if (!len || (len % sizeof(u16)))
7649 return -EINVAL;
7650
7651 params.n_counter_offsets_beacon = len / sizeof(u16);
7652 if (rdev->wiphy.max_num_csa_counters &&
7653 (params.n_counter_offsets_beacon >
7654 rdev->wiphy.max_num_csa_counters))
7655 return -EINVAL;
7656
7657 params.counter_offsets_beacon =
7658 nla_data(csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON]);
7659
7660 /* sanity checks - counters should fit and be the same */
7661 for (i = 0; i < params.n_counter_offsets_beacon; i++) {
7662 u16 offset = params.counter_offsets_beacon[i];
7663
7664 if (offset >= params.beacon_csa.tail_len)
7665 return -EINVAL;
7666
7667 if (params.beacon_csa.tail[offset] != params.count)
7668 return -EINVAL;
7669 }
7670
7671 if (csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]) {
7672 len = nla_len(csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]);
7673 if (!len || (len % sizeof(u16)))
7674 return -EINVAL;
7675
7676 params.n_counter_offsets_presp = len / sizeof(u16);
7677 if (rdev->wiphy.max_num_csa_counters &&
7678 (params.n_counter_offsets_presp >
7679 rdev->wiphy.max_num_csa_counters))
7680 return -EINVAL;
7681
7682 params.counter_offsets_presp =
7683 nla_data(csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]);
7684
7685 /* sanity checks - counters should fit and be the same */
7686 for (i = 0; i < params.n_counter_offsets_presp; i++) {
7687 u16 offset = params.counter_offsets_presp[i];
7688
7689 if (offset >= params.beacon_csa.probe_resp_len)
7690 return -EINVAL;
7691
7692 if (params.beacon_csa.probe_resp[offset] !=
7693 params.count)
7694 return -EINVAL;
7695 }
7696 }
7697
7698 skip_beacons:
7699 err = nl80211_parse_chandef(rdev, info, &params.chandef);
7700 if (err)
7701 return err;
7702
7703 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &params.chandef,
7704 wdev->iftype))
7705 return -EINVAL;
7706
7707 err = cfg80211_chandef_dfs_required(wdev->wiphy,
7708 &params.chandef,
7709 wdev->iftype);
7710 if (err < 0)
7711 return err;
7712
7713 if (err > 0) {
7714 params.radar_required = true;
7715 if (need_handle_dfs_flag &&
7716 !nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS])) {
7717 return -EINVAL;
7718 }
7719 }
7720
7721 if (info->attrs[NL80211_ATTR_CH_SWITCH_BLOCK_TX])
7722 params.block_tx = true;
7723
7724 wdev_lock(wdev);
7725 err = rdev_channel_switch(rdev, dev, &params);
7726 wdev_unlock(wdev);
7727
7728 return err;
7729 }
7730
7731 static int nl80211_send_bss(struct sk_buff *msg, struct netlink_callback *cb,
7732 u32 seq, int flags,
7733 struct cfg80211_registered_device *rdev,
7734 struct wireless_dev *wdev,
7735 struct cfg80211_internal_bss *intbss)
7736 {
7737 struct cfg80211_bss *res = &intbss->pub;
7738 const struct cfg80211_bss_ies *ies;
7739 void *hdr;
7740 struct nlattr *bss;
7741
7742 ASSERT_WDEV_LOCK(wdev);
7743
7744 hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags,
7745 NL80211_CMD_NEW_SCAN_RESULTS);
7746 if (!hdr)
7747 return -1;
7748
7749 genl_dump_check_consistent(cb, hdr);
7750
7751 if (nla_put_u32(msg, NL80211_ATTR_GENERATION, rdev->bss_generation))
7752 goto nla_put_failure;
7753 if (wdev->netdev &&
7754 nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex))
7755 goto nla_put_failure;
7756 if (nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
7757 NL80211_ATTR_PAD))
7758 goto nla_put_failure;
7759
7760 bss = nla_nest_start(msg, NL80211_ATTR_BSS);
7761 if (!bss)
7762 goto nla_put_failure;
7763 if ((!is_zero_ether_addr(res->bssid) &&
7764 nla_put(msg, NL80211_BSS_BSSID, ETH_ALEN, res->bssid)))
7765 goto nla_put_failure;
7766
7767 rcu_read_lock();
7768 /* indicate whether we have probe response data or not */
7769 if (rcu_access_pointer(res->proberesp_ies) &&
7770 nla_put_flag(msg, NL80211_BSS_PRESP_DATA))
7771 goto fail_unlock_rcu;
7772
7773 /* this pointer prefers to be pointed to probe response data
7774 * but is always valid
7775 */
7776 ies = rcu_dereference(res->ies);
7777 if (ies) {
7778 if (nla_put_u64_64bit(msg, NL80211_BSS_TSF, ies->tsf,
7779 NL80211_BSS_PAD))
7780 goto fail_unlock_rcu;
7781 if (ies->len && nla_put(msg, NL80211_BSS_INFORMATION_ELEMENTS,
7782 ies->len, ies->data))
7783 goto fail_unlock_rcu;
7784 }
7785
7786 /* and this pointer is always (unless driver didn't know) beacon data */
7787 ies = rcu_dereference(res->beacon_ies);
7788 if (ies && ies->from_beacon) {
7789 if (nla_put_u64_64bit(msg, NL80211_BSS_BEACON_TSF, ies->tsf,
7790 NL80211_BSS_PAD))
7791 goto fail_unlock_rcu;
7792 if (ies->len && nla_put(msg, NL80211_BSS_BEACON_IES,
7793 ies->len, ies->data))
7794 goto fail_unlock_rcu;
7795 }
7796 rcu_read_unlock();
7797
7798 if (res->beacon_interval &&
7799 nla_put_u16(msg, NL80211_BSS_BEACON_INTERVAL, res->beacon_interval))
7800 goto nla_put_failure;
7801 if (nla_put_u16(msg, NL80211_BSS_CAPABILITY, res->capability) ||
7802 nla_put_u32(msg, NL80211_BSS_FREQUENCY, res->channel->center_freq) ||
7803 nla_put_u32(msg, NL80211_BSS_CHAN_WIDTH, res->scan_width) ||
7804 nla_put_u32(msg, NL80211_BSS_SEEN_MS_AGO,
7805 jiffies_to_msecs(jiffies - intbss->ts)))
7806 goto nla_put_failure;
7807
7808 if (intbss->parent_tsf &&
7809 (nla_put_u64_64bit(msg, NL80211_BSS_PARENT_TSF,
7810 intbss->parent_tsf, NL80211_BSS_PAD) ||
7811 nla_put(msg, NL80211_BSS_PARENT_BSSID, ETH_ALEN,
7812 intbss->parent_bssid)))
7813 goto nla_put_failure;
7814
7815 if (intbss->ts_boottime &&
7816 nla_put_u64_64bit(msg, NL80211_BSS_LAST_SEEN_BOOTTIME,
7817 intbss->ts_boottime, NL80211_BSS_PAD))
7818 goto nla_put_failure;
7819
7820 switch (rdev->wiphy.signal_type) {
7821 case CFG80211_SIGNAL_TYPE_MBM:
7822 if (nla_put_u32(msg, NL80211_BSS_SIGNAL_MBM, res->signal))
7823 goto nla_put_failure;
7824 break;
7825 case CFG80211_SIGNAL_TYPE_UNSPEC:
7826 if (nla_put_u8(msg, NL80211_BSS_SIGNAL_UNSPEC, res->signal))
7827 goto nla_put_failure;
7828 break;
7829 default:
7830 break;
7831 }
7832
7833 switch (wdev->iftype) {
7834 case NL80211_IFTYPE_P2P_CLIENT:
7835 case NL80211_IFTYPE_STATION:
7836 if (intbss == wdev->current_bss &&
7837 nla_put_u32(msg, NL80211_BSS_STATUS,
7838 NL80211_BSS_STATUS_ASSOCIATED))
7839 goto nla_put_failure;
7840 break;
7841 case NL80211_IFTYPE_ADHOC:
7842 if (intbss == wdev->current_bss &&
7843 nla_put_u32(msg, NL80211_BSS_STATUS,
7844 NL80211_BSS_STATUS_IBSS_JOINED))
7845 goto nla_put_failure;
7846 break;
7847 default:
7848 break;
7849 }
7850
7851 nla_nest_end(msg, bss);
7852
7853 genlmsg_end(msg, hdr);
7854 return 0;
7855
7856 fail_unlock_rcu:
7857 rcu_read_unlock();
7858 nla_put_failure:
7859 genlmsg_cancel(msg, hdr);
7860 return -EMSGSIZE;
7861 }
7862
7863 static int nl80211_dump_scan(struct sk_buff *skb, struct netlink_callback *cb)
7864 {
7865 struct cfg80211_registered_device *rdev;
7866 struct cfg80211_internal_bss *scan;
7867 struct wireless_dev *wdev;
7868 int start = cb->args[2], idx = 0;
7869 int err;
7870
7871 rtnl_lock();
7872 err = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev);
7873 if (err) {
7874 rtnl_unlock();
7875 return err;
7876 }
7877
7878 wdev_lock(wdev);
7879 spin_lock_bh(&rdev->bss_lock);
7880 cfg80211_bss_expire(rdev);
7881
7882 cb->seq = rdev->bss_generation;
7883
7884 list_for_each_entry(scan, &rdev->bss_list, list) {
7885 if (++idx <= start)
7886 continue;
7887 if (nl80211_send_bss(skb, cb,
7888 cb->nlh->nlmsg_seq, NLM_F_MULTI,
7889 rdev, wdev, scan) < 0) {
7890 idx--;
7891 break;
7892 }
7893 }
7894
7895 spin_unlock_bh(&rdev->bss_lock);
7896 wdev_unlock(wdev);
7897
7898 cb->args[2] = idx;
7899 rtnl_unlock();
7900
7901 return skb->len;
7902 }
7903
7904 static int nl80211_send_survey(struct sk_buff *msg, u32 portid, u32 seq,
7905 int flags, struct net_device *dev,
7906 bool allow_radio_stats,
7907 struct survey_info *survey)
7908 {
7909 void *hdr;
7910 struct nlattr *infoattr;
7911
7912 /* skip radio stats if userspace didn't request them */
7913 if (!survey->channel && !allow_radio_stats)
7914 return 0;
7915
7916 hdr = nl80211hdr_put(msg, portid, seq, flags,
7917 NL80211_CMD_NEW_SURVEY_RESULTS);
7918 if (!hdr)
7919 return -ENOMEM;
7920
7921 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
7922 goto nla_put_failure;
7923
7924 infoattr = nla_nest_start(msg, NL80211_ATTR_SURVEY_INFO);
7925 if (!infoattr)
7926 goto nla_put_failure;
7927
7928 if (survey->channel &&
7929 nla_put_u32(msg, NL80211_SURVEY_INFO_FREQUENCY,
7930 survey->channel->center_freq))
7931 goto nla_put_failure;
7932
7933 if ((survey->filled & SURVEY_INFO_NOISE_DBM) &&
7934 nla_put_u8(msg, NL80211_SURVEY_INFO_NOISE, survey->noise))
7935 goto nla_put_failure;
7936 if ((survey->filled & SURVEY_INFO_IN_USE) &&
7937 nla_put_flag(msg, NL80211_SURVEY_INFO_IN_USE))
7938 goto nla_put_failure;
7939 if ((survey->filled & SURVEY_INFO_TIME) &&
7940 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME,
7941 survey->time, NL80211_SURVEY_INFO_PAD))
7942 goto nla_put_failure;
7943 if ((survey->filled & SURVEY_INFO_TIME_BUSY) &&
7944 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_BUSY,
7945 survey->time_busy, NL80211_SURVEY_INFO_PAD))
7946 goto nla_put_failure;
7947 if ((survey->filled & SURVEY_INFO_TIME_EXT_BUSY) &&
7948 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_EXT_BUSY,
7949 survey->time_ext_busy, NL80211_SURVEY_INFO_PAD))
7950 goto nla_put_failure;
7951 if ((survey->filled & SURVEY_INFO_TIME_RX) &&
7952 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_RX,
7953 survey->time_rx, NL80211_SURVEY_INFO_PAD))
7954 goto nla_put_failure;
7955 if ((survey->filled & SURVEY_INFO_TIME_TX) &&
7956 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_TX,
7957 survey->time_tx, NL80211_SURVEY_INFO_PAD))
7958 goto nla_put_failure;
7959 if ((survey->filled & SURVEY_INFO_TIME_SCAN) &&
7960 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_SCAN,
7961 survey->time_scan, NL80211_SURVEY_INFO_PAD))
7962 goto nla_put_failure;
7963
7964 nla_nest_end(msg, infoattr);
7965
7966 genlmsg_end(msg, hdr);
7967 return 0;
7968
7969 nla_put_failure:
7970 genlmsg_cancel(msg, hdr);
7971 return -EMSGSIZE;
7972 }
7973
7974 static int nl80211_dump_survey(struct sk_buff *skb, struct netlink_callback *cb)
7975 {
7976 struct nlattr **attrbuf = genl_family_attrbuf(&nl80211_fam);
7977 struct survey_info survey;
7978 struct cfg80211_registered_device *rdev;
7979 struct wireless_dev *wdev;
7980 int survey_idx = cb->args[2];
7981 int res;
7982 bool radio_stats;
7983
7984 rtnl_lock();
7985 res = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev);
7986 if (res)
7987 goto out_err;
7988
7989 /* prepare_wdev_dump parsed the attributes */
7990 radio_stats = attrbuf[NL80211_ATTR_SURVEY_RADIO_STATS];
7991
7992 if (!wdev->netdev) {
7993 res = -EINVAL;
7994 goto out_err;
7995 }
7996
7997 if (!rdev->ops->dump_survey) {
7998 res = -EOPNOTSUPP;
7999 goto out_err;
8000 }
8001
8002 while (1) {
8003 res = rdev_dump_survey(rdev, wdev->netdev, survey_idx, &survey);
8004 if (res == -ENOENT)
8005 break;
8006 if (res)
8007 goto out_err;
8008
8009 /* don't send disabled channels, but do send non-channel data */
8010 if (survey.channel &&
8011 survey.channel->flags & IEEE80211_CHAN_DISABLED) {
8012 survey_idx++;
8013 continue;
8014 }
8015
8016 if (nl80211_send_survey(skb,
8017 NETLINK_CB(cb->skb).portid,
8018 cb->nlh->nlmsg_seq, NLM_F_MULTI,
8019 wdev->netdev, radio_stats, &survey) < 0)
8020 goto out;
8021 survey_idx++;
8022 }
8023
8024 out:
8025 cb->args[2] = survey_idx;
8026 res = skb->len;
8027 out_err:
8028 rtnl_unlock();
8029 return res;
8030 }
8031
8032 static bool nl80211_valid_wpa_versions(u32 wpa_versions)
8033 {
8034 return !(wpa_versions & ~(NL80211_WPA_VERSION_1 |
8035 NL80211_WPA_VERSION_2));
8036 }
8037
8038 static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info)
8039 {
8040 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8041 struct net_device *dev = info->user_ptr[1];
8042 struct ieee80211_channel *chan;
8043 const u8 *bssid, *ssid, *ie = NULL, *auth_data = NULL;
8044 int err, ssid_len, ie_len = 0, auth_data_len = 0;
8045 enum nl80211_auth_type auth_type;
8046 struct key_parse key;
8047 bool local_state_change;
8048
8049 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
8050 return -EINVAL;
8051
8052 if (!info->attrs[NL80211_ATTR_MAC])
8053 return -EINVAL;
8054
8055 if (!info->attrs[NL80211_ATTR_AUTH_TYPE])
8056 return -EINVAL;
8057
8058 if (!info->attrs[NL80211_ATTR_SSID])
8059 return -EINVAL;
8060
8061 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
8062 return -EINVAL;
8063
8064 err = nl80211_parse_key(info, &key);
8065 if (err)
8066 return err;
8067
8068 if (key.idx >= 0) {
8069 if (key.type != -1 && key.type != NL80211_KEYTYPE_GROUP)
8070 return -EINVAL;
8071 if (!key.p.key || !key.p.key_len)
8072 return -EINVAL;
8073 if ((key.p.cipher != WLAN_CIPHER_SUITE_WEP40 ||
8074 key.p.key_len != WLAN_KEY_LEN_WEP40) &&
8075 (key.p.cipher != WLAN_CIPHER_SUITE_WEP104 ||
8076 key.p.key_len != WLAN_KEY_LEN_WEP104))
8077 return -EINVAL;
8078 if (key.idx > 3)
8079 return -EINVAL;
8080 } else {
8081 key.p.key_len = 0;
8082 key.p.key = NULL;
8083 }
8084
8085 if (key.idx >= 0) {
8086 int i;
8087 bool ok = false;
8088
8089 for (i = 0; i < rdev->wiphy.n_cipher_suites; i++) {
8090 if (key.p.cipher == rdev->wiphy.cipher_suites[i]) {
8091 ok = true;
8092 break;
8093 }
8094 }
8095 if (!ok)
8096 return -EINVAL;
8097 }
8098
8099 if (!rdev->ops->auth)
8100 return -EOPNOTSUPP;
8101
8102 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
8103 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
8104 return -EOPNOTSUPP;
8105
8106 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
8107 chan = nl80211_get_valid_chan(&rdev->wiphy,
8108 info->attrs[NL80211_ATTR_WIPHY_FREQ]);
8109 if (!chan)
8110 return -EINVAL;
8111
8112 ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
8113 ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
8114
8115 if (info->attrs[NL80211_ATTR_IE]) {
8116 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
8117 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
8118 }
8119
8120 auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
8121 if (!nl80211_valid_auth_type(rdev, auth_type, NL80211_CMD_AUTHENTICATE))
8122 return -EINVAL;
8123
8124 if ((auth_type == NL80211_AUTHTYPE_SAE ||
8125 auth_type == NL80211_AUTHTYPE_FILS_SK ||
8126 auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
8127 auth_type == NL80211_AUTHTYPE_FILS_PK) &&
8128 !info->attrs[NL80211_ATTR_AUTH_DATA])
8129 return -EINVAL;
8130
8131 if (info->attrs[NL80211_ATTR_AUTH_DATA]) {
8132 if (auth_type != NL80211_AUTHTYPE_SAE &&
8133 auth_type != NL80211_AUTHTYPE_FILS_SK &&
8134 auth_type != NL80211_AUTHTYPE_FILS_SK_PFS &&
8135 auth_type != NL80211_AUTHTYPE_FILS_PK)
8136 return -EINVAL;
8137 auth_data = nla_data(info->attrs[NL80211_ATTR_AUTH_DATA]);
8138 auth_data_len = nla_len(info->attrs[NL80211_ATTR_AUTH_DATA]);
8139 /* need to include at least Auth Transaction and Status Code */
8140 if (auth_data_len < 4)
8141 return -EINVAL;
8142 }
8143
8144 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
8145
8146 /*
8147 * Since we no longer track auth state, ignore
8148 * requests to only change local state.
8149 */
8150 if (local_state_change)
8151 return 0;
8152
8153 wdev_lock(dev->ieee80211_ptr);
8154 err = cfg80211_mlme_auth(rdev, dev, chan, auth_type, bssid,
8155 ssid, ssid_len, ie, ie_len,
8156 key.p.key, key.p.key_len, key.idx,
8157 auth_data, auth_data_len);
8158 wdev_unlock(dev->ieee80211_ptr);
8159 return err;
8160 }
8161
8162 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
8163 struct genl_info *info,
8164 struct cfg80211_crypto_settings *settings,
8165 int cipher_limit)
8166 {
8167 memset(settings, 0, sizeof(*settings));
8168
8169 settings->control_port = info->attrs[NL80211_ATTR_CONTROL_PORT];
8170
8171 if (info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) {
8172 u16 proto;
8173
8174 proto = nla_get_u16(
8175 info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]);
8176 settings->control_port_ethertype = cpu_to_be16(proto);
8177 if (!(rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
8178 proto != ETH_P_PAE)
8179 return -EINVAL;
8180 if (info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT])
8181 settings->control_port_no_encrypt = true;
8182 } else
8183 settings->control_port_ethertype = cpu_to_be16(ETH_P_PAE);
8184
8185 if (info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]) {
8186 void *data;
8187 int len, i;
8188
8189 data = nla_data(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
8190 len = nla_len(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
8191 settings->n_ciphers_pairwise = len / sizeof(u32);
8192
8193 if (len % sizeof(u32))
8194 return -EINVAL;
8195
8196 if (settings->n_ciphers_pairwise > cipher_limit)
8197 return -EINVAL;
8198
8199 memcpy(settings->ciphers_pairwise, data, len);
8200
8201 for (i = 0; i < settings->n_ciphers_pairwise; i++)
8202 if (!cfg80211_supported_cipher_suite(
8203 &rdev->wiphy,
8204 settings->ciphers_pairwise[i]))
8205 return -EINVAL;
8206 }
8207
8208 if (info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]) {
8209 settings->cipher_group =
8210 nla_get_u32(info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]);
8211 if (!cfg80211_supported_cipher_suite(&rdev->wiphy,
8212 settings->cipher_group))
8213 return -EINVAL;
8214 }
8215
8216 if (info->attrs[NL80211_ATTR_WPA_VERSIONS]) {
8217 settings->wpa_versions =
8218 nla_get_u32(info->attrs[NL80211_ATTR_WPA_VERSIONS]);
8219 if (!nl80211_valid_wpa_versions(settings->wpa_versions))
8220 return -EINVAL;
8221 }
8222
8223 if (info->attrs[NL80211_ATTR_AKM_SUITES]) {
8224 void *data;
8225 int len;
8226
8227 data = nla_data(info->attrs[NL80211_ATTR_AKM_SUITES]);
8228 len = nla_len(info->attrs[NL80211_ATTR_AKM_SUITES]);
8229 settings->n_akm_suites = len / sizeof(u32);
8230
8231 if (len % sizeof(u32))
8232 return -EINVAL;
8233
8234 if (settings->n_akm_suites > NL80211_MAX_NR_AKM_SUITES)
8235 return -EINVAL;
8236
8237 memcpy(settings->akm_suites, data, len);
8238 }
8239
8240 if (info->attrs[NL80211_ATTR_PMK]) {
8241 if (nla_len(info->attrs[NL80211_ATTR_PMK]) != WLAN_PMK_LEN)
8242 return -EINVAL;
8243 if (!wiphy_ext_feature_isset(&rdev->wiphy,
8244 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_PSK))
8245 return -EINVAL;
8246 settings->psk = nla_data(info->attrs[NL80211_ATTR_PMK]);
8247 }
8248
8249 return 0;
8250 }
8251
8252 static int nl80211_associate(struct sk_buff *skb, struct genl_info *info)
8253 {
8254 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8255 struct net_device *dev = info->user_ptr[1];
8256 struct ieee80211_channel *chan;
8257 struct cfg80211_assoc_request req = {};
8258 const u8 *bssid, *ssid;
8259 int err, ssid_len = 0;
8260
8261 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
8262 return -EINVAL;
8263
8264 if (!info->attrs[NL80211_ATTR_MAC] ||
8265 !info->attrs[NL80211_ATTR_SSID] ||
8266 !info->attrs[NL80211_ATTR_WIPHY_FREQ])
8267 return -EINVAL;
8268
8269 if (!rdev->ops->assoc)
8270 return -EOPNOTSUPP;
8271
8272 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
8273 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
8274 return -EOPNOTSUPP;
8275
8276 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
8277
8278 chan = nl80211_get_valid_chan(&rdev->wiphy,
8279 info->attrs[NL80211_ATTR_WIPHY_FREQ]);
8280 if (!chan)
8281 return -EINVAL;
8282
8283 ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
8284 ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
8285
8286 if (info->attrs[NL80211_ATTR_IE]) {
8287 req.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
8288 req.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
8289 }
8290
8291 if (info->attrs[NL80211_ATTR_USE_MFP]) {
8292 enum nl80211_mfp mfp =
8293 nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
8294 if (mfp == NL80211_MFP_REQUIRED)
8295 req.use_mfp = true;
8296 else if (mfp != NL80211_MFP_NO)
8297 return -EINVAL;
8298 }
8299
8300 if (info->attrs[NL80211_ATTR_PREV_BSSID])
8301 req.prev_bssid = nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]);
8302
8303 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
8304 req.flags |= ASSOC_REQ_DISABLE_HT;
8305
8306 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
8307 memcpy(&req.ht_capa_mask,
8308 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
8309 sizeof(req.ht_capa_mask));
8310
8311 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
8312 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
8313 return -EINVAL;
8314 memcpy(&req.ht_capa,
8315 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
8316 sizeof(req.ht_capa));
8317 }
8318
8319 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT]))
8320 req.flags |= ASSOC_REQ_DISABLE_VHT;
8321
8322 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
8323 memcpy(&req.vht_capa_mask,
8324 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]),
8325 sizeof(req.vht_capa_mask));
8326
8327 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {
8328 if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
8329 return -EINVAL;
8330 memcpy(&req.vht_capa,
8331 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]),
8332 sizeof(req.vht_capa));
8333 }
8334
8335 if (nla_get_flag(info->attrs[NL80211_ATTR_USE_RRM])) {
8336 if (!((rdev->wiphy.features &
8337 NL80211_FEATURE_DS_PARAM_SET_IE_IN_PROBES) &&
8338 (rdev->wiphy.features & NL80211_FEATURE_QUIET)) &&
8339 !wiphy_ext_feature_isset(&rdev->wiphy,
8340 NL80211_EXT_FEATURE_RRM))
8341 return -EINVAL;
8342 req.flags |= ASSOC_REQ_USE_RRM;
8343 }
8344
8345 if (info->attrs[NL80211_ATTR_FILS_KEK]) {
8346 req.fils_kek = nla_data(info->attrs[NL80211_ATTR_FILS_KEK]);
8347 req.fils_kek_len = nla_len(info->attrs[NL80211_ATTR_FILS_KEK]);
8348 if (!info->attrs[NL80211_ATTR_FILS_NONCES])
8349 return -EINVAL;
8350 req.fils_nonces =
8351 nla_data(info->attrs[NL80211_ATTR_FILS_NONCES]);
8352 }
8353
8354 err = nl80211_crypto_settings(rdev, info, &req.crypto, 1);
8355 if (!err) {
8356 wdev_lock(dev->ieee80211_ptr);
8357
8358 err = cfg80211_mlme_assoc(rdev, dev, chan, bssid,
8359 ssid, ssid_len, &req);
8360
8361 if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
8362 dev->ieee80211_ptr->conn_owner_nlportid =
8363 info->snd_portid;
8364 memcpy(dev->ieee80211_ptr->disconnect_bssid,
8365 bssid, ETH_ALEN);
8366 }
8367
8368 wdev_unlock(dev->ieee80211_ptr);
8369 }
8370
8371 return err;
8372 }
8373
8374 static int nl80211_deauthenticate(struct sk_buff *skb, struct genl_info *info)
8375 {
8376 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8377 struct net_device *dev = info->user_ptr[1];
8378 const u8 *ie = NULL, *bssid;
8379 int ie_len = 0, err;
8380 u16 reason_code;
8381 bool local_state_change;
8382
8383 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
8384 return -EINVAL;
8385
8386 if (!info->attrs[NL80211_ATTR_MAC])
8387 return -EINVAL;
8388
8389 if (!info->attrs[NL80211_ATTR_REASON_CODE])
8390 return -EINVAL;
8391
8392 if (!rdev->ops->deauth)
8393 return -EOPNOTSUPP;
8394
8395 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
8396 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
8397 return -EOPNOTSUPP;
8398
8399 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
8400
8401 reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
8402 if (reason_code == 0) {
8403 /* Reason Code 0 is reserved */
8404 return -EINVAL;
8405 }
8406
8407 if (info->attrs[NL80211_ATTR_IE]) {
8408 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
8409 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
8410 }
8411
8412 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
8413
8414 wdev_lock(dev->ieee80211_ptr);
8415 err = cfg80211_mlme_deauth(rdev, dev, bssid, ie, ie_len, reason_code,
8416 local_state_change);
8417 wdev_unlock(dev->ieee80211_ptr);
8418 return err;
8419 }
8420
8421 static int nl80211_disassociate(struct sk_buff *skb, struct genl_info *info)
8422 {
8423 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8424 struct net_device *dev = info->user_ptr[1];
8425 const u8 *ie = NULL, *bssid;
8426 int ie_len = 0, err;
8427 u16 reason_code;
8428 bool local_state_change;
8429
8430 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
8431 return -EINVAL;
8432
8433 if (!info->attrs[NL80211_ATTR_MAC])
8434 return -EINVAL;
8435
8436 if (!info->attrs[NL80211_ATTR_REASON_CODE])
8437 return -EINVAL;
8438
8439 if (!rdev->ops->disassoc)
8440 return -EOPNOTSUPP;
8441
8442 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
8443 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
8444 return -EOPNOTSUPP;
8445
8446 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
8447
8448 reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
8449 if (reason_code == 0) {
8450 /* Reason Code 0 is reserved */
8451 return -EINVAL;
8452 }
8453
8454 if (info->attrs[NL80211_ATTR_IE]) {
8455 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
8456 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
8457 }
8458
8459 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
8460
8461 wdev_lock(dev->ieee80211_ptr);
8462 err = cfg80211_mlme_disassoc(rdev, dev, bssid, ie, ie_len, reason_code,
8463 local_state_change);
8464 wdev_unlock(dev->ieee80211_ptr);
8465 return err;
8466 }
8467
8468 static bool
8469 nl80211_parse_mcast_rate(struct cfg80211_registered_device *rdev,
8470 int mcast_rate[NUM_NL80211_BANDS],
8471 int rateval)
8472 {
8473 struct wiphy *wiphy = &rdev->wiphy;
8474 bool found = false;
8475 int band, i;
8476
8477 for (band = 0; band < NUM_NL80211_BANDS; band++) {
8478 struct ieee80211_supported_band *sband;
8479
8480 sband = wiphy->bands[band];
8481 if (!sband)
8482 continue;
8483
8484 for (i = 0; i < sband->n_bitrates; i++) {
8485 if (sband->bitrates[i].bitrate == rateval) {
8486 mcast_rate[band] = i + 1;
8487 found = true;
8488 break;
8489 }
8490 }
8491 }
8492
8493 return found;
8494 }
8495
8496 static int nl80211_join_ibss(struct sk_buff *skb, struct genl_info *info)
8497 {
8498 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8499 struct net_device *dev = info->user_ptr[1];
8500 struct cfg80211_ibss_params ibss;
8501 struct wiphy *wiphy;
8502 struct cfg80211_cached_keys *connkeys = NULL;
8503 int err;
8504
8505 memset(&ibss, 0, sizeof(ibss));
8506
8507 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
8508 return -EINVAL;
8509
8510 if (!info->attrs[NL80211_ATTR_SSID] ||
8511 !nla_len(info->attrs[NL80211_ATTR_SSID]))
8512 return -EINVAL;
8513
8514 ibss.beacon_interval = 100;
8515
8516 if (info->attrs[NL80211_ATTR_BEACON_INTERVAL])
8517 ibss.beacon_interval =
8518 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
8519
8520 err = cfg80211_validate_beacon_int(rdev, NL80211_IFTYPE_ADHOC,
8521 ibss.beacon_interval);
8522 if (err)
8523 return err;
8524
8525 if (!rdev->ops->join_ibss)
8526 return -EOPNOTSUPP;
8527
8528 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
8529 return -EOPNOTSUPP;
8530
8531 wiphy = &rdev->wiphy;
8532
8533 if (info->attrs[NL80211_ATTR_MAC]) {
8534 ibss.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
8535
8536 if (!is_valid_ether_addr(ibss.bssid))
8537 return -EINVAL;
8538 }
8539 ibss.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
8540 ibss.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
8541
8542 if (info->attrs[NL80211_ATTR_IE]) {
8543 ibss.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
8544 ibss.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
8545 }
8546
8547 err = nl80211_parse_chandef(rdev, info, &ibss.chandef);
8548 if (err)
8549 return err;
8550
8551 if (!cfg80211_reg_can_beacon(&rdev->wiphy, &ibss.chandef,
8552 NL80211_IFTYPE_ADHOC))
8553 return -EINVAL;
8554
8555 switch (ibss.chandef.width) {
8556 case NL80211_CHAN_WIDTH_5:
8557 case NL80211_CHAN_WIDTH_10:
8558 case NL80211_CHAN_WIDTH_20_NOHT:
8559 break;
8560 case NL80211_CHAN_WIDTH_20:
8561 case NL80211_CHAN_WIDTH_40:
8562 if (!(rdev->wiphy.features & NL80211_FEATURE_HT_IBSS))
8563 return -EINVAL;
8564 break;
8565 case NL80211_CHAN_WIDTH_80:
8566 case NL80211_CHAN_WIDTH_80P80:
8567 case NL80211_CHAN_WIDTH_160:
8568 if (!(rdev->wiphy.features & NL80211_FEATURE_HT_IBSS))
8569 return -EINVAL;
8570 if (!wiphy_ext_feature_isset(&rdev->wiphy,
8571 NL80211_EXT_FEATURE_VHT_IBSS))
8572 return -EINVAL;
8573 break;
8574 default:
8575 return -EINVAL;
8576 }
8577
8578 ibss.channel_fixed = !!info->attrs[NL80211_ATTR_FREQ_FIXED];
8579 ibss.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
8580
8581 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
8582 u8 *rates =
8583 nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
8584 int n_rates =
8585 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
8586 struct ieee80211_supported_band *sband =
8587 wiphy->bands[ibss.chandef.chan->band];
8588
8589 err = ieee80211_get_ratemask(sband, rates, n_rates,
8590 &ibss.basic_rates);
8591 if (err)
8592 return err;
8593 }
8594
8595 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
8596 memcpy(&ibss.ht_capa_mask,
8597 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
8598 sizeof(ibss.ht_capa_mask));
8599
8600 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
8601 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
8602 return -EINVAL;
8603 memcpy(&ibss.ht_capa,
8604 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
8605 sizeof(ibss.ht_capa));
8606 }
8607
8608 if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
8609 !nl80211_parse_mcast_rate(rdev, ibss.mcast_rate,
8610 nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
8611 return -EINVAL;
8612
8613 if (ibss.privacy && info->attrs[NL80211_ATTR_KEYS]) {
8614 bool no_ht = false;
8615
8616 connkeys = nl80211_parse_connkeys(rdev,
8617 info->attrs[NL80211_ATTR_KEYS],
8618 &no_ht);
8619 if (IS_ERR(connkeys))
8620 return PTR_ERR(connkeys);
8621
8622 if ((ibss.chandef.width != NL80211_CHAN_WIDTH_20_NOHT) &&
8623 no_ht) {
8624 kzfree(connkeys);
8625 return -EINVAL;
8626 }
8627 }
8628
8629 ibss.control_port =
8630 nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT]);
8631
8632 ibss.userspace_handles_dfs =
8633 nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS]);
8634
8635 err = cfg80211_join_ibss(rdev, dev, &ibss, connkeys);
8636 if (err)
8637 kzfree(connkeys);
8638 return err;
8639 }
8640
8641 static int nl80211_leave_ibss(struct sk_buff *skb, struct genl_info *info)
8642 {
8643 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8644 struct net_device *dev = info->user_ptr[1];
8645
8646 if (!rdev->ops->leave_ibss)
8647 return -EOPNOTSUPP;
8648
8649 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
8650 return -EOPNOTSUPP;
8651
8652 return cfg80211_leave_ibss(rdev, dev, false);
8653 }
8654
8655 static int nl80211_set_mcast_rate(struct sk_buff *skb, struct genl_info *info)
8656 {
8657 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8658 struct net_device *dev = info->user_ptr[1];
8659 int mcast_rate[NUM_NL80211_BANDS];
8660 u32 nla_rate;
8661 int err;
8662
8663 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC &&
8664 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
8665 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_OCB)
8666 return -EOPNOTSUPP;
8667
8668 if (!rdev->ops->set_mcast_rate)
8669 return -EOPNOTSUPP;
8670
8671 memset(mcast_rate, 0, sizeof(mcast_rate));
8672
8673 if (!info->attrs[NL80211_ATTR_MCAST_RATE])
8674 return -EINVAL;
8675
8676 nla_rate = nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE]);
8677 if (!nl80211_parse_mcast_rate(rdev, mcast_rate, nla_rate))
8678 return -EINVAL;
8679
8680 err = rdev_set_mcast_rate(rdev, dev, mcast_rate);
8681
8682 return err;
8683 }
8684
8685 static struct sk_buff *
8686 __cfg80211_alloc_vendor_skb(struct cfg80211_registered_device *rdev,
8687 struct wireless_dev *wdev, int approxlen,
8688 u32 portid, u32 seq, enum nl80211_commands cmd,
8689 enum nl80211_attrs attr,
8690 const struct nl80211_vendor_cmd_info *info,
8691 gfp_t gfp)
8692 {
8693 struct sk_buff *skb;
8694 void *hdr;
8695 struct nlattr *data;
8696
8697 skb = nlmsg_new(approxlen + 100, gfp);
8698 if (!skb)
8699 return NULL;
8700
8701 hdr = nl80211hdr_put(skb, portid, seq, 0, cmd);
8702 if (!hdr) {
8703 kfree_skb(skb);
8704 return NULL;
8705 }
8706
8707 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
8708 goto nla_put_failure;
8709
8710 if (info) {
8711 if (nla_put_u32(skb, NL80211_ATTR_VENDOR_ID,
8712 info->vendor_id))
8713 goto nla_put_failure;
8714 if (nla_put_u32(skb, NL80211_ATTR_VENDOR_SUBCMD,
8715 info->subcmd))
8716 goto nla_put_failure;
8717 }
8718
8719 if (wdev) {
8720 if (nla_put_u64_64bit(skb, NL80211_ATTR_WDEV,
8721 wdev_id(wdev), NL80211_ATTR_PAD))
8722 goto nla_put_failure;
8723 if (wdev->netdev &&
8724 nla_put_u32(skb, NL80211_ATTR_IFINDEX,
8725 wdev->netdev->ifindex))
8726 goto nla_put_failure;
8727 }
8728
8729 data = nla_nest_start(skb, attr);
8730 if (!data)
8731 goto nla_put_failure;
8732
8733 ((void **)skb->cb)[0] = rdev;
8734 ((void **)skb->cb)[1] = hdr;
8735 ((void **)skb->cb)[2] = data;
8736
8737 return skb;
8738
8739 nla_put_failure:
8740 kfree_skb(skb);
8741 return NULL;
8742 }
8743
8744 struct sk_buff *__cfg80211_alloc_event_skb(struct wiphy *wiphy,
8745 struct wireless_dev *wdev,
8746 enum nl80211_commands cmd,
8747 enum nl80211_attrs attr,
8748 int vendor_event_idx,
8749 int approxlen, gfp_t gfp)
8750 {
8751 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
8752 const struct nl80211_vendor_cmd_info *info;
8753
8754 switch (cmd) {
8755 case NL80211_CMD_TESTMODE:
8756 if (WARN_ON(vendor_event_idx != -1))
8757 return NULL;
8758 info = NULL;
8759 break;
8760 case NL80211_CMD_VENDOR:
8761 if (WARN_ON(vendor_event_idx < 0 ||
8762 vendor_event_idx >= wiphy->n_vendor_events))
8763 return NULL;
8764 info = &wiphy->vendor_events[vendor_event_idx];
8765 break;
8766 default:
8767 WARN_ON(1);
8768 return NULL;
8769 }
8770
8771 return __cfg80211_alloc_vendor_skb(rdev, wdev, approxlen, 0, 0,
8772 cmd, attr, info, gfp);
8773 }
8774 EXPORT_SYMBOL(__cfg80211_alloc_event_skb);
8775
8776 void __cfg80211_send_event_skb(struct sk_buff *skb, gfp_t gfp)
8777 {
8778 struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
8779 void *hdr = ((void **)skb->cb)[1];
8780 struct nlattr *data = ((void **)skb->cb)[2];
8781 enum nl80211_multicast_groups mcgrp = NL80211_MCGRP_TESTMODE;
8782
8783 /* clear CB data for netlink core to own from now on */
8784 memset(skb->cb, 0, sizeof(skb->cb));
8785
8786 nla_nest_end(skb, data);
8787 genlmsg_end(skb, hdr);
8788
8789 if (data->nla_type == NL80211_ATTR_VENDOR_DATA)
8790 mcgrp = NL80211_MCGRP_VENDOR;
8791
8792 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), skb, 0,
8793 mcgrp, gfp);
8794 }
8795 EXPORT_SYMBOL(__cfg80211_send_event_skb);
8796
8797 #ifdef CONFIG_NL80211_TESTMODE
8798 static int nl80211_testmode_do(struct sk_buff *skb, struct genl_info *info)
8799 {
8800 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8801 struct wireless_dev *wdev =
8802 __cfg80211_wdev_from_attrs(genl_info_net(info), info->attrs);
8803 int err;
8804
8805 if (!rdev->ops->testmode_cmd)
8806 return -EOPNOTSUPP;
8807
8808 if (IS_ERR(wdev)) {
8809 err = PTR_ERR(wdev);
8810 if (err != -EINVAL)
8811 return err;
8812 wdev = NULL;
8813 } else if (wdev->wiphy != &rdev->wiphy) {
8814 return -EINVAL;
8815 }
8816
8817 if (!info->attrs[NL80211_ATTR_TESTDATA])
8818 return -EINVAL;
8819
8820 rdev->cur_cmd_info = info;
8821 err = rdev_testmode_cmd(rdev, wdev,
8822 nla_data(info->attrs[NL80211_ATTR_TESTDATA]),
8823 nla_len(info->attrs[NL80211_ATTR_TESTDATA]));
8824 rdev->cur_cmd_info = NULL;
8825
8826 return err;
8827 }
8828
8829 static int nl80211_testmode_dump(struct sk_buff *skb,
8830 struct netlink_callback *cb)
8831 {
8832 struct cfg80211_registered_device *rdev;
8833 int err;
8834 long phy_idx;
8835 void *data = NULL;
8836 int data_len = 0;
8837
8838 rtnl_lock();
8839
8840 if (cb->args[0]) {
8841 /*
8842 * 0 is a valid index, but not valid for args[0],
8843 * so we need to offset by 1.
8844 */
8845 phy_idx = cb->args[0] - 1;
8846
8847 rdev = cfg80211_rdev_by_wiphy_idx(phy_idx);
8848 if (!rdev) {
8849 err = -ENOENT;
8850 goto out_err;
8851 }
8852 } else {
8853 struct nlattr **attrbuf = genl_family_attrbuf(&nl80211_fam);
8854
8855 err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
8856 attrbuf, nl80211_fam.maxattr,
8857 nl80211_policy, NULL);
8858 if (err)
8859 goto out_err;
8860
8861 rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk), attrbuf);
8862 if (IS_ERR(rdev)) {
8863 err = PTR_ERR(rdev);
8864 goto out_err;
8865 }
8866 phy_idx = rdev->wiphy_idx;
8867
8868 if (attrbuf[NL80211_ATTR_TESTDATA])
8869 cb->args[1] = (long)attrbuf[NL80211_ATTR_TESTDATA];
8870 }
8871
8872 if (cb->args[1]) {
8873 data = nla_data((void *)cb->args[1]);
8874 data_len = nla_len((void *)cb->args[1]);
8875 }
8876
8877 if (!rdev->ops->testmode_dump) {
8878 err = -EOPNOTSUPP;
8879 goto out_err;
8880 }
8881
8882 while (1) {
8883 void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid,
8884 cb->nlh->nlmsg_seq, NLM_F_MULTI,
8885 NL80211_CMD_TESTMODE);
8886 struct nlattr *tmdata;
8887
8888 if (!hdr)
8889 break;
8890
8891 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, phy_idx)) {
8892 genlmsg_cancel(skb, hdr);
8893 break;
8894 }
8895
8896 tmdata = nla_nest_start(skb, NL80211_ATTR_TESTDATA);
8897 if (!tmdata) {
8898 genlmsg_cancel(skb, hdr);
8899 break;
8900 }
8901 err = rdev_testmode_dump(rdev, skb, cb, data, data_len);
8902 nla_nest_end(skb, tmdata);
8903
8904 if (err == -ENOBUFS || err == -ENOENT) {
8905 genlmsg_cancel(skb, hdr);
8906 break;
8907 } else if (err) {
8908 genlmsg_cancel(skb, hdr);
8909 goto out_err;
8910 }
8911
8912 genlmsg_end(skb, hdr);
8913 }
8914
8915 err = skb->len;
8916 /* see above */
8917 cb->args[0] = phy_idx + 1;
8918 out_err:
8919 rtnl_unlock();
8920 return err;
8921 }
8922 #endif
8923
8924 static int nl80211_connect(struct sk_buff *skb, struct genl_info *info)
8925 {
8926 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8927 struct net_device *dev = info->user_ptr[1];
8928 struct cfg80211_connect_params connect;
8929 struct wiphy *wiphy;
8930 struct cfg80211_cached_keys *connkeys = NULL;
8931 int err;
8932
8933 memset(&connect, 0, sizeof(connect));
8934
8935 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
8936 return -EINVAL;
8937
8938 if (!info->attrs[NL80211_ATTR_SSID] ||
8939 !nla_len(info->attrs[NL80211_ATTR_SSID]))
8940 return -EINVAL;
8941
8942 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
8943 connect.auth_type =
8944 nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
8945 if (!nl80211_valid_auth_type(rdev, connect.auth_type,
8946 NL80211_CMD_CONNECT))
8947 return -EINVAL;
8948 } else
8949 connect.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
8950
8951 connect.privacy = info->attrs[NL80211_ATTR_PRIVACY];
8952
8953 if (info->attrs[NL80211_ATTR_WANT_1X_4WAY_HS] &&
8954 !wiphy_ext_feature_isset(&rdev->wiphy,
8955 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
8956 return -EINVAL;
8957 connect.want_1x = info->attrs[NL80211_ATTR_WANT_1X_4WAY_HS];
8958
8959 err = nl80211_crypto_settings(rdev, info, &connect.crypto,
8960 NL80211_MAX_NR_CIPHER_SUITES);
8961 if (err)
8962 return err;
8963
8964 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
8965 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
8966 return -EOPNOTSUPP;
8967
8968 wiphy = &rdev->wiphy;
8969
8970 connect.bg_scan_period = -1;
8971 if (info->attrs[NL80211_ATTR_BG_SCAN_PERIOD] &&
8972 (wiphy->flags & WIPHY_FLAG_SUPPORTS_FW_ROAM)) {
8973 connect.bg_scan_period =
8974 nla_get_u16(info->attrs[NL80211_ATTR_BG_SCAN_PERIOD]);
8975 }
8976
8977 if (info->attrs[NL80211_ATTR_MAC])
8978 connect.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
8979 else if (info->attrs[NL80211_ATTR_MAC_HINT])
8980 connect.bssid_hint =
8981 nla_data(info->attrs[NL80211_ATTR_MAC_HINT]);
8982 connect.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
8983 connect.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
8984
8985 if (info->attrs[NL80211_ATTR_IE]) {
8986 connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
8987 connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
8988 }
8989
8990 if (info->attrs[NL80211_ATTR_USE_MFP]) {
8991 connect.mfp = nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
8992 if (connect.mfp == NL80211_MFP_OPTIONAL &&
8993 !wiphy_ext_feature_isset(&rdev->wiphy,
8994 NL80211_EXT_FEATURE_MFP_OPTIONAL))
8995 return -EOPNOTSUPP;
8996
8997 if (connect.mfp != NL80211_MFP_REQUIRED &&
8998 connect.mfp != NL80211_MFP_NO &&
8999 connect.mfp != NL80211_MFP_OPTIONAL)
9000 return -EINVAL;
9001 } else {
9002 connect.mfp = NL80211_MFP_NO;
9003 }
9004
9005 if (info->attrs[NL80211_ATTR_PREV_BSSID])
9006 connect.prev_bssid =
9007 nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]);
9008
9009 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
9010 connect.channel = nl80211_get_valid_chan(
9011 wiphy, info->attrs[NL80211_ATTR_WIPHY_FREQ]);
9012 if (!connect.channel)
9013 return -EINVAL;
9014 } else if (info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]) {
9015 connect.channel_hint = nl80211_get_valid_chan(
9016 wiphy, info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]);
9017 if (!connect.channel_hint)
9018 return -EINVAL;
9019 }
9020
9021 if (connect.privacy && info->attrs[NL80211_ATTR_KEYS]) {
9022 connkeys = nl80211_parse_connkeys(rdev,
9023 info->attrs[NL80211_ATTR_KEYS], NULL);
9024 if (IS_ERR(connkeys))
9025 return PTR_ERR(connkeys);
9026 }
9027
9028 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
9029 connect.flags |= ASSOC_REQ_DISABLE_HT;
9030
9031 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
9032 memcpy(&connect.ht_capa_mask,
9033 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
9034 sizeof(connect.ht_capa_mask));
9035
9036 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
9037 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) {
9038 kzfree(connkeys);
9039 return -EINVAL;
9040 }
9041 memcpy(&connect.ht_capa,
9042 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
9043 sizeof(connect.ht_capa));
9044 }
9045
9046 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT]))
9047 connect.flags |= ASSOC_REQ_DISABLE_VHT;
9048
9049 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
9050 memcpy(&connect.vht_capa_mask,
9051 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]),
9052 sizeof(connect.vht_capa_mask));
9053
9054 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {
9055 if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]) {
9056 kzfree(connkeys);
9057 return -EINVAL;
9058 }
9059 memcpy(&connect.vht_capa,
9060 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]),
9061 sizeof(connect.vht_capa));
9062 }
9063
9064 if (nla_get_flag(info->attrs[NL80211_ATTR_USE_RRM])) {
9065 if (!((rdev->wiphy.features &
9066 NL80211_FEATURE_DS_PARAM_SET_IE_IN_PROBES) &&
9067 (rdev->wiphy.features & NL80211_FEATURE_QUIET)) &&
9068 !wiphy_ext_feature_isset(&rdev->wiphy,
9069 NL80211_EXT_FEATURE_RRM)) {
9070 kzfree(connkeys);
9071 return -EINVAL;
9072 }
9073 connect.flags |= ASSOC_REQ_USE_RRM;
9074 }
9075
9076 connect.pbss = nla_get_flag(info->attrs[NL80211_ATTR_PBSS]);
9077 if (connect.pbss && !rdev->wiphy.bands[NL80211_BAND_60GHZ]) {
9078 kzfree(connkeys);
9079 return -EOPNOTSUPP;
9080 }
9081
9082 if (info->attrs[NL80211_ATTR_BSS_SELECT]) {
9083 /* bss selection makes no sense if bssid is set */
9084 if (connect.bssid) {
9085 kzfree(connkeys);
9086 return -EINVAL;
9087 }
9088
9089 err = parse_bss_select(info->attrs[NL80211_ATTR_BSS_SELECT],
9090 wiphy, &connect.bss_select);
9091 if (err) {
9092 kzfree(connkeys);
9093 return err;
9094 }
9095 }
9096
9097 if (wiphy_ext_feature_isset(&rdev->wiphy,
9098 NL80211_EXT_FEATURE_FILS_SK_OFFLOAD) &&
9099 info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] &&
9100 info->attrs[NL80211_ATTR_FILS_ERP_REALM] &&
9101 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] &&
9102 info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
9103 connect.fils_erp_username =
9104 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
9105 connect.fils_erp_username_len =
9106 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
9107 connect.fils_erp_realm =
9108 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
9109 connect.fils_erp_realm_len =
9110 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
9111 connect.fils_erp_next_seq_num =
9112 nla_get_u16(
9113 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM]);
9114 connect.fils_erp_rrk =
9115 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
9116 connect.fils_erp_rrk_len =
9117 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
9118 } else if (info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] ||
9119 info->attrs[NL80211_ATTR_FILS_ERP_REALM] ||
9120 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] ||
9121 info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
9122 kzfree(connkeys);
9123 return -EINVAL;
9124 }
9125
9126 wdev_lock(dev->ieee80211_ptr);
9127
9128 err = cfg80211_connect(rdev, dev, &connect, connkeys,
9129 connect.prev_bssid);
9130 if (err)
9131 kzfree(connkeys);
9132
9133 if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
9134 dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid;
9135 if (connect.bssid)
9136 memcpy(dev->ieee80211_ptr->disconnect_bssid,
9137 connect.bssid, ETH_ALEN);
9138 else
9139 memset(dev->ieee80211_ptr->disconnect_bssid,
9140 0, ETH_ALEN);
9141 }
9142
9143 wdev_unlock(dev->ieee80211_ptr);
9144
9145 return err;
9146 }
9147
9148 static int nl80211_update_connect_params(struct sk_buff *skb,
9149 struct genl_info *info)
9150 {
9151 struct cfg80211_connect_params connect = {};
9152 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9153 struct net_device *dev = info->user_ptr[1];
9154 struct wireless_dev *wdev = dev->ieee80211_ptr;
9155 u32 changed = 0;
9156 int ret;
9157
9158 if (!rdev->ops->update_connect_params)
9159 return -EOPNOTSUPP;
9160
9161 if (info->attrs[NL80211_ATTR_IE]) {
9162 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
9163 return -EINVAL;
9164 connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
9165 connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
9166 changed |= UPDATE_ASSOC_IES;
9167 }
9168
9169 wdev_lock(dev->ieee80211_ptr);
9170 if (!wdev->current_bss)
9171 ret = -ENOLINK;
9172 else
9173 ret = rdev_update_connect_params(rdev, dev, &connect, changed);
9174 wdev_unlock(dev->ieee80211_ptr);
9175
9176 return ret;
9177 }
9178
9179 static int nl80211_disconnect(struct sk_buff *skb, struct genl_info *info)
9180 {
9181 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9182 struct net_device *dev = info->user_ptr[1];
9183 u16 reason;
9184 int ret;
9185
9186 if (!info->attrs[NL80211_ATTR_REASON_CODE])
9187 reason = WLAN_REASON_DEAUTH_LEAVING;
9188 else
9189 reason = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
9190
9191 if (reason == 0)
9192 return -EINVAL;
9193
9194 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
9195 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
9196 return -EOPNOTSUPP;
9197
9198 wdev_lock(dev->ieee80211_ptr);
9199 ret = cfg80211_disconnect(rdev, dev, reason, true);
9200 wdev_unlock(dev->ieee80211_ptr);
9201 return ret;
9202 }
9203
9204 static int nl80211_wiphy_netns(struct sk_buff *skb, struct genl_info *info)
9205 {
9206 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9207 struct net *net;
9208 int err;
9209
9210 if (info->attrs[NL80211_ATTR_PID]) {
9211 u32 pid = nla_get_u32(info->attrs[NL80211_ATTR_PID]);
9212
9213 net = get_net_ns_by_pid(pid);
9214 } else if (info->attrs[NL80211_ATTR_NETNS_FD]) {
9215 u32 fd = nla_get_u32(info->attrs[NL80211_ATTR_NETNS_FD]);
9216
9217 net = get_net_ns_by_fd(fd);
9218 } else {
9219 return -EINVAL;
9220 }
9221
9222 if (IS_ERR(net))
9223 return PTR_ERR(net);
9224
9225 err = 0;
9226
9227 /* check if anything to do */
9228 if (!net_eq(wiphy_net(&rdev->wiphy), net))
9229 err = cfg80211_switch_netns(rdev, net);
9230
9231 put_net(net);
9232 return err;
9233 }
9234
9235 static int nl80211_setdel_pmksa(struct sk_buff *skb, struct genl_info *info)
9236 {
9237 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9238 int (*rdev_ops)(struct wiphy *wiphy, struct net_device *dev,
9239 struct cfg80211_pmksa *pmksa) = NULL;
9240 struct net_device *dev = info->user_ptr[1];
9241 struct cfg80211_pmksa pmksa;
9242
9243 memset(&pmksa, 0, sizeof(struct cfg80211_pmksa));
9244
9245 if (!info->attrs[NL80211_ATTR_PMKID])
9246 return -EINVAL;
9247
9248 pmksa.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]);
9249
9250 if (info->attrs[NL80211_ATTR_MAC]) {
9251 pmksa.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
9252 } else if (info->attrs[NL80211_ATTR_SSID] &&
9253 info->attrs[NL80211_ATTR_FILS_CACHE_ID] &&
9254 (info->genlhdr->cmd == NL80211_CMD_DEL_PMKSA ||
9255 info->attrs[NL80211_ATTR_PMK])) {
9256 pmksa.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
9257 pmksa.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
9258 pmksa.cache_id =
9259 nla_data(info->attrs[NL80211_ATTR_FILS_CACHE_ID]);
9260 } else {
9261 return -EINVAL;
9262 }
9263 if (info->attrs[NL80211_ATTR_PMK]) {
9264 pmksa.pmk = nla_data(info->attrs[NL80211_ATTR_PMK]);
9265 pmksa.pmk_len = nla_len(info->attrs[NL80211_ATTR_PMK]);
9266 }
9267
9268 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
9269 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
9270 return -EOPNOTSUPP;
9271
9272 switch (info->genlhdr->cmd) {
9273 case NL80211_CMD_SET_PMKSA:
9274 rdev_ops = rdev->ops->set_pmksa;
9275 break;
9276 case NL80211_CMD_DEL_PMKSA:
9277 rdev_ops = rdev->ops->del_pmksa;
9278 break;
9279 default:
9280 WARN_ON(1);
9281 break;
9282 }
9283
9284 if (!rdev_ops)
9285 return -EOPNOTSUPP;
9286
9287 return rdev_ops(&rdev->wiphy, dev, &pmksa);
9288 }
9289
9290 static int nl80211_flush_pmksa(struct sk_buff *skb, struct genl_info *info)
9291 {
9292 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9293 struct net_device *dev = info->user_ptr[1];
9294
9295 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
9296 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
9297 return -EOPNOTSUPP;
9298
9299 if (!rdev->ops->flush_pmksa)
9300 return -EOPNOTSUPP;
9301
9302 return rdev_flush_pmksa(rdev, dev);
9303 }
9304
9305 static int nl80211_tdls_mgmt(struct sk_buff *skb, struct genl_info *info)
9306 {
9307 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9308 struct net_device *dev = info->user_ptr[1];
9309 u8 action_code, dialog_token;
9310 u32 peer_capability = 0;
9311 u16 status_code;
9312 u8 *peer;
9313 bool initiator;
9314
9315 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
9316 !rdev->ops->tdls_mgmt)
9317 return -EOPNOTSUPP;
9318
9319 if (!info->attrs[NL80211_ATTR_TDLS_ACTION] ||
9320 !info->attrs[NL80211_ATTR_STATUS_CODE] ||
9321 !info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN] ||
9322 !info->attrs[NL80211_ATTR_IE] ||
9323 !info->attrs[NL80211_ATTR_MAC])
9324 return -EINVAL;
9325
9326 peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
9327 action_code = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_ACTION]);
9328 status_code = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
9329 dialog_token = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN]);
9330 initiator = nla_get_flag(info->attrs[NL80211_ATTR_TDLS_INITIATOR]);
9331 if (info->attrs[NL80211_ATTR_TDLS_PEER_CAPABILITY])
9332 peer_capability =
9333 nla_get_u32(info->attrs[NL80211_ATTR_TDLS_PEER_CAPABILITY]);
9334
9335 return rdev_tdls_mgmt(rdev, dev, peer, action_code,
9336 dialog_token, status_code, peer_capability,
9337 initiator,
9338 nla_data(info->attrs[NL80211_ATTR_IE]),
9339 nla_len(info->attrs[NL80211_ATTR_IE]));
9340 }
9341
9342 static int nl80211_tdls_oper(struct sk_buff *skb, struct genl_info *info)
9343 {
9344 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9345 struct net_device *dev = info->user_ptr[1];
9346 enum nl80211_tdls_operation operation;
9347 u8 *peer;
9348
9349 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
9350 !rdev->ops->tdls_oper)
9351 return -EOPNOTSUPP;
9352
9353 if (!info->attrs[NL80211_ATTR_TDLS_OPERATION] ||
9354 !info->attrs[NL80211_ATTR_MAC])
9355 return -EINVAL;
9356
9357 operation = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_OPERATION]);
9358 peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
9359
9360 return rdev_tdls_oper(rdev, dev, peer, operation);
9361 }
9362
9363 static int nl80211_remain_on_channel(struct sk_buff *skb,
9364 struct genl_info *info)
9365 {
9366 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9367 struct wireless_dev *wdev = info->user_ptr[1];
9368 struct cfg80211_chan_def chandef;
9369 const struct cfg80211_chan_def *compat_chandef;
9370 struct sk_buff *msg;
9371 void *hdr;
9372 u64 cookie;
9373 u32 duration;
9374 int err;
9375
9376 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
9377 !info->attrs[NL80211_ATTR_DURATION])
9378 return -EINVAL;
9379
9380 duration = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
9381
9382 if (!rdev->ops->remain_on_channel ||
9383 !(rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL))
9384 return -EOPNOTSUPP;
9385
9386 /*
9387 * We should be on that channel for at least a minimum amount of
9388 * time (10ms) but no longer than the driver supports.
9389 */
9390 if (duration < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
9391 duration > rdev->wiphy.max_remain_on_channel_duration)
9392 return -EINVAL;
9393
9394 err = nl80211_parse_chandef(rdev, info, &chandef);
9395 if (err)
9396 return err;
9397
9398 wdev_lock(wdev);
9399 if (!cfg80211_off_channel_oper_allowed(wdev) &&
9400 !cfg80211_chandef_identical(&wdev->chandef, &chandef)) {
9401 compat_chandef = cfg80211_chandef_compatible(&wdev->chandef,
9402 &chandef);
9403 if (compat_chandef != &chandef) {
9404 wdev_unlock(wdev);
9405 return -EBUSY;
9406 }
9407 }
9408 wdev_unlock(wdev);
9409
9410 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
9411 if (!msg)
9412 return -ENOMEM;
9413
9414 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
9415 NL80211_CMD_REMAIN_ON_CHANNEL);
9416 if (!hdr) {
9417 err = -ENOBUFS;
9418 goto free_msg;
9419 }
9420
9421 err = rdev_remain_on_channel(rdev, wdev, chandef.chan,
9422 duration, &cookie);
9423
9424 if (err)
9425 goto free_msg;
9426
9427 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
9428 NL80211_ATTR_PAD))
9429 goto nla_put_failure;
9430
9431 genlmsg_end(msg, hdr);
9432
9433 return genlmsg_reply(msg, info);
9434
9435 nla_put_failure:
9436 err = -ENOBUFS;
9437 free_msg:
9438 nlmsg_free(msg);
9439 return err;
9440 }
9441
9442 static int nl80211_cancel_remain_on_channel(struct sk_buff *skb,
9443 struct genl_info *info)
9444 {
9445 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9446 struct wireless_dev *wdev = info->user_ptr[1];
9447 u64 cookie;
9448
9449 if (!info->attrs[NL80211_ATTR_COOKIE])
9450 return -EINVAL;
9451
9452 if (!rdev->ops->cancel_remain_on_channel)
9453 return -EOPNOTSUPP;
9454
9455 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
9456
9457 return rdev_cancel_remain_on_channel(rdev, wdev, cookie);
9458 }
9459
9460 static int nl80211_set_tx_bitrate_mask(struct sk_buff *skb,
9461 struct genl_info *info)
9462 {
9463 struct cfg80211_bitrate_mask mask;
9464 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9465 struct net_device *dev = info->user_ptr[1];
9466 int err;
9467
9468 if (!rdev->ops->set_bitrate_mask)
9469 return -EOPNOTSUPP;
9470
9471 err = nl80211_parse_tx_bitrate_mask(info, &mask);
9472 if (err)
9473 return err;
9474
9475 return rdev_set_bitrate_mask(rdev, dev, NULL, &mask);
9476 }
9477
9478 static int nl80211_register_mgmt(struct sk_buff *skb, struct genl_info *info)
9479 {
9480 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9481 struct wireless_dev *wdev = info->user_ptr[1];
9482 u16 frame_type = IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_ACTION;
9483
9484 if (!info->attrs[NL80211_ATTR_FRAME_MATCH])
9485 return -EINVAL;
9486
9487 if (info->attrs[NL80211_ATTR_FRAME_TYPE])
9488 frame_type = nla_get_u16(info->attrs[NL80211_ATTR_FRAME_TYPE]);
9489
9490 switch (wdev->iftype) {
9491 case NL80211_IFTYPE_STATION:
9492 case NL80211_IFTYPE_ADHOC:
9493 case NL80211_IFTYPE_P2P_CLIENT:
9494 case NL80211_IFTYPE_AP:
9495 case NL80211_IFTYPE_AP_VLAN:
9496 case NL80211_IFTYPE_MESH_POINT:
9497 case NL80211_IFTYPE_P2P_GO:
9498 case NL80211_IFTYPE_P2P_DEVICE:
9499 break;
9500 case NL80211_IFTYPE_NAN:
9501 default:
9502 return -EOPNOTSUPP;
9503 }
9504
9505 /* not much point in registering if we can't reply */
9506 if (!rdev->ops->mgmt_tx)
9507 return -EOPNOTSUPP;
9508
9509 return cfg80211_mlme_register_mgmt(wdev, info->snd_portid, frame_type,
9510 nla_data(info->attrs[NL80211_ATTR_FRAME_MATCH]),
9511 nla_len(info->attrs[NL80211_ATTR_FRAME_MATCH]));
9512 }
9513
9514 static int nl80211_tx_mgmt(struct sk_buff *skb, struct genl_info *info)
9515 {
9516 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9517 struct wireless_dev *wdev = info->user_ptr[1];
9518 struct cfg80211_chan_def chandef;
9519 int err;
9520 void *hdr = NULL;
9521 u64 cookie;
9522 struct sk_buff *msg = NULL;
9523 struct cfg80211_mgmt_tx_params params = {
9524 .dont_wait_for_ack =
9525 info->attrs[NL80211_ATTR_DONT_WAIT_FOR_ACK],
9526 };
9527
9528 if (!info->attrs[NL80211_ATTR_FRAME])
9529 return -EINVAL;
9530
9531 if (!rdev->ops->mgmt_tx)
9532 return -EOPNOTSUPP;
9533
9534 switch (wdev->iftype) {
9535 case NL80211_IFTYPE_P2P_DEVICE:
9536 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
9537 return -EINVAL;
9538 case NL80211_IFTYPE_STATION:
9539 case NL80211_IFTYPE_ADHOC:
9540 case NL80211_IFTYPE_P2P_CLIENT:
9541 case NL80211_IFTYPE_AP:
9542 case NL80211_IFTYPE_AP_VLAN:
9543 case NL80211_IFTYPE_MESH_POINT:
9544 case NL80211_IFTYPE_P2P_GO:
9545 break;
9546 case NL80211_IFTYPE_NAN:
9547 default:
9548 return -EOPNOTSUPP;
9549 }
9550
9551 if (info->attrs[NL80211_ATTR_DURATION]) {
9552 if (!(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
9553 return -EINVAL;
9554 params.wait = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
9555
9556 /*
9557 * We should wait on the channel for at least a minimum amount
9558 * of time (10ms) but no longer than the driver supports.
9559 */
9560 if (params.wait < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
9561 params.wait > rdev->wiphy.max_remain_on_channel_duration)
9562 return -EINVAL;
9563 }
9564
9565 params.offchan = info->attrs[NL80211_ATTR_OFFCHANNEL_TX_OK];
9566
9567 if (params.offchan && !(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
9568 return -EINVAL;
9569
9570 params.no_cck = nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
9571
9572 /* get the channel if any has been specified, otherwise pass NULL to
9573 * the driver. The latter will use the current one
9574 */
9575 chandef.chan = NULL;
9576 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
9577 err = nl80211_parse_chandef(rdev, info, &chandef);
9578 if (err)
9579 return err;
9580 }
9581
9582 if (!chandef.chan && params.offchan)
9583 return -EINVAL;
9584
9585 wdev_lock(wdev);
9586 if (params.offchan && !cfg80211_off_channel_oper_allowed(wdev)) {
9587 wdev_unlock(wdev);
9588 return -EBUSY;
9589 }
9590 wdev_unlock(wdev);
9591
9592 params.buf = nla_data(info->attrs[NL80211_ATTR_FRAME]);
9593 params.len = nla_len(info->attrs[NL80211_ATTR_FRAME]);
9594
9595 if (info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]) {
9596 int len = nla_len(info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]);
9597 int i;
9598
9599 if (len % sizeof(u16))
9600 return -EINVAL;
9601
9602 params.n_csa_offsets = len / sizeof(u16);
9603 params.csa_offsets =
9604 nla_data(info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]);
9605
9606 /* check that all the offsets fit the frame */
9607 for (i = 0; i < params.n_csa_offsets; i++) {
9608 if (params.csa_offsets[i] >= params.len)
9609 return -EINVAL;
9610 }
9611 }
9612
9613 if (!params.dont_wait_for_ack) {
9614 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
9615 if (!msg)
9616 return -ENOMEM;
9617
9618 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
9619 NL80211_CMD_FRAME);
9620 if (!hdr) {
9621 err = -ENOBUFS;
9622 goto free_msg;
9623 }
9624 }
9625
9626 params.chan = chandef.chan;
9627 err = cfg80211_mlme_mgmt_tx(rdev, wdev, &params, &cookie);
9628 if (err)
9629 goto free_msg;
9630
9631 if (msg) {
9632 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
9633 NL80211_ATTR_PAD))
9634 goto nla_put_failure;
9635
9636 genlmsg_end(msg, hdr);
9637 return genlmsg_reply(msg, info);
9638 }
9639
9640 return 0;
9641
9642 nla_put_failure:
9643 err = -ENOBUFS;
9644 free_msg:
9645 nlmsg_free(msg);
9646 return err;
9647 }
9648
9649 static int nl80211_tx_mgmt_cancel_wait(struct sk_buff *skb, struct genl_info *info)
9650 {
9651 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9652 struct wireless_dev *wdev = info->user_ptr[1];
9653 u64 cookie;
9654
9655 if (!info->attrs[NL80211_ATTR_COOKIE])
9656 return -EINVAL;
9657
9658 if (!rdev->ops->mgmt_tx_cancel_wait)
9659 return -EOPNOTSUPP;
9660
9661 switch (wdev->iftype) {
9662 case NL80211_IFTYPE_STATION:
9663 case NL80211_IFTYPE_ADHOC:
9664 case NL80211_IFTYPE_P2P_CLIENT:
9665 case NL80211_IFTYPE_AP:
9666 case NL80211_IFTYPE_AP_VLAN:
9667 case NL80211_IFTYPE_P2P_GO:
9668 case NL80211_IFTYPE_P2P_DEVICE:
9669 break;
9670 case NL80211_IFTYPE_NAN:
9671 default:
9672 return -EOPNOTSUPP;
9673 }
9674
9675 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
9676
9677 return rdev_mgmt_tx_cancel_wait(rdev, wdev, cookie);
9678 }
9679
9680 static int nl80211_set_power_save(struct sk_buff *skb, struct genl_info *info)
9681 {
9682 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9683 struct wireless_dev *wdev;
9684 struct net_device *dev = info->user_ptr[1];
9685 u8 ps_state;
9686 bool state;
9687 int err;
9688
9689 if (!info->attrs[NL80211_ATTR_PS_STATE])
9690 return -EINVAL;
9691
9692 ps_state = nla_get_u32(info->attrs[NL80211_ATTR_PS_STATE]);
9693
9694 if (ps_state != NL80211_PS_DISABLED && ps_state != NL80211_PS_ENABLED)
9695 return -EINVAL;
9696
9697 wdev = dev->ieee80211_ptr;
9698
9699 if (!rdev->ops->set_power_mgmt)
9700 return -EOPNOTSUPP;
9701
9702 state = (ps_state == NL80211_PS_ENABLED) ? true : false;
9703
9704 if (state == wdev->ps)
9705 return 0;
9706
9707 err = rdev_set_power_mgmt(rdev, dev, state, wdev->ps_timeout);
9708 if (!err)
9709 wdev->ps = state;
9710 return err;
9711 }
9712
9713 static int nl80211_get_power_save(struct sk_buff *skb, struct genl_info *info)
9714 {
9715 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9716 enum nl80211_ps_state ps_state;
9717 struct wireless_dev *wdev;
9718 struct net_device *dev = info->user_ptr[1];
9719 struct sk_buff *msg;
9720 void *hdr;
9721 int err;
9722
9723 wdev = dev->ieee80211_ptr;
9724
9725 if (!rdev->ops->set_power_mgmt)
9726 return -EOPNOTSUPP;
9727
9728 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
9729 if (!msg)
9730 return -ENOMEM;
9731
9732 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
9733 NL80211_CMD_GET_POWER_SAVE);
9734 if (!hdr) {
9735 err = -ENOBUFS;
9736 goto free_msg;
9737 }
9738
9739 if (wdev->ps)
9740 ps_state = NL80211_PS_ENABLED;
9741 else
9742 ps_state = NL80211_PS_DISABLED;
9743
9744 if (nla_put_u32(msg, NL80211_ATTR_PS_STATE, ps_state))
9745 goto nla_put_failure;
9746
9747 genlmsg_end(msg, hdr);
9748 return genlmsg_reply(msg, info);
9749
9750 nla_put_failure:
9751 err = -ENOBUFS;
9752 free_msg:
9753 nlmsg_free(msg);
9754 return err;
9755 }
9756
9757 static const struct nla_policy
9758 nl80211_attr_cqm_policy[NL80211_ATTR_CQM_MAX + 1] = {
9759 [NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_BINARY },
9760 [NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U32 },
9761 [NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 },
9762 [NL80211_ATTR_CQM_TXE_RATE] = { .type = NLA_U32 },
9763 [NL80211_ATTR_CQM_TXE_PKTS] = { .type = NLA_U32 },
9764 [NL80211_ATTR_CQM_TXE_INTVL] = { .type = NLA_U32 },
9765 [NL80211_ATTR_CQM_RSSI_LEVEL] = { .type = NLA_S32 },
9766 };
9767
9768 static int nl80211_set_cqm_txe(struct genl_info *info,
9769 u32 rate, u32 pkts, u32 intvl)
9770 {
9771 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9772 struct net_device *dev = info->user_ptr[1];
9773 struct wireless_dev *wdev = dev->ieee80211_ptr;
9774
9775 if (rate > 100 || intvl > NL80211_CQM_TXE_MAX_INTVL)
9776 return -EINVAL;
9777
9778 if (!rdev->ops->set_cqm_txe_config)
9779 return -EOPNOTSUPP;
9780
9781 if (wdev->iftype != NL80211_IFTYPE_STATION &&
9782 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
9783 return -EOPNOTSUPP;
9784
9785 return rdev_set_cqm_txe_config(rdev, dev, rate, pkts, intvl);
9786 }
9787
9788 static int cfg80211_cqm_rssi_update(struct cfg80211_registered_device *rdev,
9789 struct net_device *dev)
9790 {
9791 struct wireless_dev *wdev = dev->ieee80211_ptr;
9792 s32 last, low, high;
9793 u32 hyst;
9794 int i, n;
9795 int err;
9796
9797 /* RSSI reporting disabled? */
9798 if (!wdev->cqm_config)
9799 return rdev_set_cqm_rssi_range_config(rdev, dev, 0, 0);
9800
9801 /*
9802 * Obtain current RSSI value if possible, if not and no RSSI threshold
9803 * event has been received yet, we should receive an event after a
9804 * connection is established and enough beacons received to calculate
9805 * the average.
9806 */
9807 if (!wdev->cqm_config->last_rssi_event_value && wdev->current_bss &&
9808 rdev->ops->get_station) {
9809 struct station_info sinfo;
9810 u8 *mac_addr;
9811
9812 mac_addr = wdev->current_bss->pub.bssid;
9813
9814 err = rdev_get_station(rdev, dev, mac_addr, &sinfo);
9815 if (err)
9816 return err;
9817
9818 if (sinfo.filled & BIT(NL80211_STA_INFO_BEACON_SIGNAL_AVG))
9819 wdev->cqm_config->last_rssi_event_value =
9820 (s8) sinfo.rx_beacon_signal_avg;
9821 }
9822
9823 last = wdev->cqm_config->last_rssi_event_value;
9824 hyst = wdev->cqm_config->rssi_hyst;
9825 n = wdev->cqm_config->n_rssi_thresholds;
9826
9827 for (i = 0; i < n; i++)
9828 if (last < wdev->cqm_config->rssi_thresholds[i])
9829 break;
9830
9831 low = i > 0 ?
9832 (wdev->cqm_config->rssi_thresholds[i - 1] - hyst) : S32_MIN;
9833 high = i < n ?
9834 (wdev->cqm_config->rssi_thresholds[i] + hyst - 1) : S32_MAX;
9835
9836 return rdev_set_cqm_rssi_range_config(rdev, dev, low, high);
9837 }
9838
9839 static int nl80211_set_cqm_rssi(struct genl_info *info,
9840 const s32 *thresholds, int n_thresholds,
9841 u32 hysteresis)
9842 {
9843 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9844 struct net_device *dev = info->user_ptr[1];
9845 struct wireless_dev *wdev = dev->ieee80211_ptr;
9846 int i, err;
9847 s32 prev = S32_MIN;
9848
9849 /* Check all values negative and sorted */
9850 for (i = 0; i < n_thresholds; i++) {
9851 if (thresholds[i] > 0 || thresholds[i] <= prev)
9852 return -EINVAL;
9853
9854 prev = thresholds[i];
9855 }
9856
9857 if (wdev->iftype != NL80211_IFTYPE_STATION &&
9858 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
9859 return -EOPNOTSUPP;
9860
9861 wdev_lock(wdev);
9862 cfg80211_cqm_config_free(wdev);
9863 wdev_unlock(wdev);
9864
9865 if (n_thresholds <= 1 && rdev->ops->set_cqm_rssi_config) {
9866 if (n_thresholds == 0 || thresholds[0] == 0) /* Disabling */
9867 return rdev_set_cqm_rssi_config(rdev, dev, 0, 0);
9868
9869 return rdev_set_cqm_rssi_config(rdev, dev,
9870 thresholds[0], hysteresis);
9871 }
9872
9873 if (!wiphy_ext_feature_isset(&rdev->wiphy,
9874 NL80211_EXT_FEATURE_CQM_RSSI_LIST))
9875 return -EOPNOTSUPP;
9876
9877 if (n_thresholds == 1 && thresholds[0] == 0) /* Disabling */
9878 n_thresholds = 0;
9879
9880 wdev_lock(wdev);
9881 if (n_thresholds) {
9882 struct cfg80211_cqm_config *cqm_config;
9883
9884 cqm_config = kzalloc(sizeof(struct cfg80211_cqm_config) +
9885 n_thresholds * sizeof(s32), GFP_KERNEL);
9886 if (!cqm_config) {
9887 err = -ENOMEM;
9888 goto unlock;
9889 }
9890
9891 cqm_config->rssi_hyst = hysteresis;
9892 cqm_config->n_rssi_thresholds = n_thresholds;
9893 memcpy(cqm_config->rssi_thresholds, thresholds,
9894 n_thresholds * sizeof(s32));
9895
9896 wdev->cqm_config = cqm_config;
9897 }
9898
9899 err = cfg80211_cqm_rssi_update(rdev, dev);
9900
9901 unlock:
9902 wdev_unlock(wdev);
9903
9904 return err;
9905 }
9906
9907 static int nl80211_set_cqm(struct sk_buff *skb, struct genl_info *info)
9908 {
9909 struct nlattr *attrs[NL80211_ATTR_CQM_MAX + 1];
9910 struct nlattr *cqm;
9911 int err;
9912
9913 cqm = info->attrs[NL80211_ATTR_CQM];
9914 if (!cqm)
9915 return -EINVAL;
9916
9917 err = nla_parse_nested(attrs, NL80211_ATTR_CQM_MAX, cqm,
9918 nl80211_attr_cqm_policy, info->extack);
9919 if (err)
9920 return err;
9921
9922 if (attrs[NL80211_ATTR_CQM_RSSI_THOLD] &&
9923 attrs[NL80211_ATTR_CQM_RSSI_HYST]) {
9924 const s32 *thresholds =
9925 nla_data(attrs[NL80211_ATTR_CQM_RSSI_THOLD]);
9926 int len = nla_len(attrs[NL80211_ATTR_CQM_RSSI_THOLD]);
9927 u32 hysteresis = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_HYST]);
9928
9929 if (len % 4)
9930 return -EINVAL;
9931
9932 return nl80211_set_cqm_rssi(info, thresholds, len / 4,
9933 hysteresis);
9934 }
9935
9936 if (attrs[NL80211_ATTR_CQM_TXE_RATE] &&
9937 attrs[NL80211_ATTR_CQM_TXE_PKTS] &&
9938 attrs[NL80211_ATTR_CQM_TXE_INTVL]) {
9939 u32 rate = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_RATE]);
9940 u32 pkts = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_PKTS]);
9941 u32 intvl = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_INTVL]);
9942
9943 return nl80211_set_cqm_txe(info, rate, pkts, intvl);
9944 }
9945
9946 return -EINVAL;
9947 }
9948
9949 static int nl80211_join_ocb(struct sk_buff *skb, struct genl_info *info)
9950 {
9951 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9952 struct net_device *dev = info->user_ptr[1];
9953 struct ocb_setup setup = {};
9954 int err;
9955
9956 err = nl80211_parse_chandef(rdev, info, &setup.chandef);
9957 if (err)
9958 return err;
9959
9960 return cfg80211_join_ocb(rdev, dev, &setup);
9961 }
9962
9963 static int nl80211_leave_ocb(struct sk_buff *skb, struct genl_info *info)
9964 {
9965 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9966 struct net_device *dev = info->user_ptr[1];
9967
9968 return cfg80211_leave_ocb(rdev, dev);
9969 }
9970
9971 static int nl80211_join_mesh(struct sk_buff *skb, struct genl_info *info)
9972 {
9973 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9974 struct net_device *dev = info->user_ptr[1];
9975 struct mesh_config cfg;
9976 struct mesh_setup setup;
9977 int err;
9978
9979 /* start with default */
9980 memcpy(&cfg, &default_mesh_config, sizeof(cfg));
9981 memcpy(&setup, &default_mesh_setup, sizeof(setup));
9982
9983 if (info->attrs[NL80211_ATTR_MESH_CONFIG]) {
9984 /* and parse parameters if given */
9985 err = nl80211_parse_mesh_config(info, &cfg, NULL);
9986 if (err)
9987 return err;
9988 }
9989
9990 if (!info->attrs[NL80211_ATTR_MESH_ID] ||
9991 !nla_len(info->attrs[NL80211_ATTR_MESH_ID]))
9992 return -EINVAL;
9993
9994 setup.mesh_id = nla_data(info->attrs[NL80211_ATTR_MESH_ID]);
9995 setup.mesh_id_len = nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
9996
9997 if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
9998 !nl80211_parse_mcast_rate(rdev, setup.mcast_rate,
9999 nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
10000 return -EINVAL;
10001
10002 if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) {
10003 setup.beacon_interval =
10004 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
10005
10006 err = cfg80211_validate_beacon_int(rdev,
10007 NL80211_IFTYPE_MESH_POINT,
10008 setup.beacon_interval);
10009 if (err)
10010 return err;
10011 }
10012
10013 if (info->attrs[NL80211_ATTR_DTIM_PERIOD]) {
10014 setup.dtim_period =
10015 nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
10016 if (setup.dtim_period < 1 || setup.dtim_period > 100)
10017 return -EINVAL;
10018 }
10019
10020 if (info->attrs[NL80211_ATTR_MESH_SETUP]) {
10021 /* parse additional setup parameters if given */
10022 err = nl80211_parse_mesh_setup(info, &setup);
10023 if (err)
10024 return err;
10025 }
10026
10027 if (setup.user_mpm)
10028 cfg.auto_open_plinks = false;
10029
10030 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
10031 err = nl80211_parse_chandef(rdev, info, &setup.chandef);
10032 if (err)
10033 return err;
10034 } else {
10035 /* cfg80211_join_mesh() will sort it out */
10036 setup.chandef.chan = NULL;
10037 }
10038
10039 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
10040 u8 *rates = nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
10041 int n_rates =
10042 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
10043 struct ieee80211_supported_band *sband;
10044
10045 if (!setup.chandef.chan)
10046 return -EINVAL;
10047
10048 sband = rdev->wiphy.bands[setup.chandef.chan->band];
10049
10050 err = ieee80211_get_ratemask(sband, rates, n_rates,
10051 &setup.basic_rates);
10052 if (err)
10053 return err;
10054 }
10055
10056 if (info->attrs[NL80211_ATTR_TX_RATES]) {
10057 err = nl80211_parse_tx_bitrate_mask(info, &setup.beacon_rate);
10058 if (err)
10059 return err;
10060
10061 if (!setup.chandef.chan)
10062 return -EINVAL;
10063
10064 err = validate_beacon_tx_rate(rdev, setup.chandef.chan->band,
10065 &setup.beacon_rate);
10066 if (err)
10067 return err;
10068 }
10069
10070 setup.userspace_handles_dfs =
10071 nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS]);
10072
10073 return cfg80211_join_mesh(rdev, dev, &setup, &cfg);
10074 }
10075
10076 static int nl80211_leave_mesh(struct sk_buff *skb, struct genl_info *info)
10077 {
10078 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10079 struct net_device *dev = info->user_ptr[1];
10080
10081 return cfg80211_leave_mesh(rdev, dev);
10082 }
10083
10084 #ifdef CONFIG_PM
10085 static int nl80211_send_wowlan_patterns(struct sk_buff *msg,
10086 struct cfg80211_registered_device *rdev)
10087 {
10088 struct cfg80211_wowlan *wowlan = rdev->wiphy.wowlan_config;
10089 struct nlattr *nl_pats, *nl_pat;
10090 int i, pat_len;
10091
10092 if (!wowlan->n_patterns)
10093 return 0;
10094
10095 nl_pats = nla_nest_start(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN);
10096 if (!nl_pats)
10097 return -ENOBUFS;
10098
10099 for (i = 0; i < wowlan->n_patterns; i++) {
10100 nl_pat = nla_nest_start(msg, i + 1);
10101 if (!nl_pat)
10102 return -ENOBUFS;
10103 pat_len = wowlan->patterns[i].pattern_len;
10104 if (nla_put(msg, NL80211_PKTPAT_MASK, DIV_ROUND_UP(pat_len, 8),
10105 wowlan->patterns[i].mask) ||
10106 nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len,
10107 wowlan->patterns[i].pattern) ||
10108 nla_put_u32(msg, NL80211_PKTPAT_OFFSET,
10109 wowlan->patterns[i].pkt_offset))
10110 return -ENOBUFS;
10111 nla_nest_end(msg, nl_pat);
10112 }
10113 nla_nest_end(msg, nl_pats);
10114
10115 return 0;
10116 }
10117
10118 static int nl80211_send_wowlan_tcp(struct sk_buff *msg,
10119 struct cfg80211_wowlan_tcp *tcp)
10120 {
10121 struct nlattr *nl_tcp;
10122
10123 if (!tcp)
10124 return 0;
10125
10126 nl_tcp = nla_nest_start(msg, NL80211_WOWLAN_TRIG_TCP_CONNECTION);
10127 if (!nl_tcp)
10128 return -ENOBUFS;
10129
10130 if (nla_put_in_addr(msg, NL80211_WOWLAN_TCP_SRC_IPV4, tcp->src) ||
10131 nla_put_in_addr(msg, NL80211_WOWLAN_TCP_DST_IPV4, tcp->dst) ||
10132 nla_put(msg, NL80211_WOWLAN_TCP_DST_MAC, ETH_ALEN, tcp->dst_mac) ||
10133 nla_put_u16(msg, NL80211_WOWLAN_TCP_SRC_PORT, tcp->src_port) ||
10134 nla_put_u16(msg, NL80211_WOWLAN_TCP_DST_PORT, tcp->dst_port) ||
10135 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
10136 tcp->payload_len, tcp->payload) ||
10137 nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
10138 tcp->data_interval) ||
10139 nla_put(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
10140 tcp->wake_len, tcp->wake_data) ||
10141 nla_put(msg, NL80211_WOWLAN_TCP_WAKE_MASK,
10142 DIV_ROUND_UP(tcp->wake_len, 8), tcp->wake_mask))
10143 return -ENOBUFS;
10144
10145 if (tcp->payload_seq.len &&
10146 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ,
10147 sizeof(tcp->payload_seq), &tcp->payload_seq))
10148 return -ENOBUFS;
10149
10150 if (tcp->payload_tok.len &&
10151 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
10152 sizeof(tcp->payload_tok) + tcp->tokens_size,
10153 &tcp->payload_tok))
10154 return -ENOBUFS;
10155
10156 nla_nest_end(msg, nl_tcp);
10157
10158 return 0;
10159 }
10160
10161 static int nl80211_send_wowlan_nd(struct sk_buff *msg,
10162 struct cfg80211_sched_scan_request *req)
10163 {
10164 struct nlattr *nd, *freqs, *matches, *match, *scan_plans, *scan_plan;
10165 int i;
10166
10167 if (!req)
10168 return 0;
10169
10170 nd = nla_nest_start(msg, NL80211_WOWLAN_TRIG_NET_DETECT);
10171 if (!nd)
10172 return -ENOBUFS;
10173
10174 if (req->n_scan_plans == 1 &&
10175 nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_INTERVAL,
10176 req->scan_plans[0].interval * 1000))
10177 return -ENOBUFS;
10178
10179 if (nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_DELAY, req->delay))
10180 return -ENOBUFS;
10181
10182 if (req->relative_rssi_set) {
10183 struct nl80211_bss_select_rssi_adjust rssi_adjust;
10184
10185 if (nla_put_s8(msg, NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI,
10186 req->relative_rssi))
10187 return -ENOBUFS;
10188
10189 rssi_adjust.band = req->rssi_adjust.band;
10190 rssi_adjust.delta = req->rssi_adjust.delta;
10191 if (nla_put(msg, NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST,
10192 sizeof(rssi_adjust), &rssi_adjust))
10193 return -ENOBUFS;
10194 }
10195
10196 freqs = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQUENCIES);
10197 if (!freqs)
10198 return -ENOBUFS;
10199
10200 for (i = 0; i < req->n_channels; i++) {
10201 if (nla_put_u32(msg, i, req->channels[i]->center_freq))
10202 return -ENOBUFS;
10203 }
10204
10205 nla_nest_end(msg, freqs);
10206
10207 if (req->n_match_sets) {
10208 matches = nla_nest_start(msg, NL80211_ATTR_SCHED_SCAN_MATCH);
10209 if (!matches)
10210 return -ENOBUFS;
10211
10212 for (i = 0; i < req->n_match_sets; i++) {
10213 match = nla_nest_start(msg, i);
10214 if (!match)
10215 return -ENOBUFS;
10216
10217 if (nla_put(msg, NL80211_SCHED_SCAN_MATCH_ATTR_SSID,
10218 req->match_sets[i].ssid.ssid_len,
10219 req->match_sets[i].ssid.ssid))
10220 return -ENOBUFS;
10221 nla_nest_end(msg, match);
10222 }
10223 nla_nest_end(msg, matches);
10224 }
10225
10226 scan_plans = nla_nest_start(msg, NL80211_ATTR_SCHED_SCAN_PLANS);
10227 if (!scan_plans)
10228 return -ENOBUFS;
10229
10230 for (i = 0; i < req->n_scan_plans; i++) {
10231 scan_plan = nla_nest_start(msg, i + 1);
10232 if (!scan_plan)
10233 return -ENOBUFS;
10234
10235 if (!scan_plan ||
10236 nla_put_u32(msg, NL80211_SCHED_SCAN_PLAN_INTERVAL,
10237 req->scan_plans[i].interval) ||
10238 (req->scan_plans[i].iterations &&
10239 nla_put_u32(msg, NL80211_SCHED_SCAN_PLAN_ITERATIONS,
10240 req->scan_plans[i].iterations)))
10241 return -ENOBUFS;
10242 nla_nest_end(msg, scan_plan);
10243 }
10244 nla_nest_end(msg, scan_plans);
10245
10246 nla_nest_end(msg, nd);
10247
10248 return 0;
10249 }
10250
10251 static int nl80211_get_wowlan(struct sk_buff *skb, struct genl_info *info)
10252 {
10253 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10254 struct sk_buff *msg;
10255 void *hdr;
10256 u32 size = NLMSG_DEFAULT_SIZE;
10257
10258 if (!rdev->wiphy.wowlan)
10259 return -EOPNOTSUPP;
10260
10261 if (rdev->wiphy.wowlan_config && rdev->wiphy.wowlan_config->tcp) {
10262 /* adjust size to have room for all the data */
10263 size += rdev->wiphy.wowlan_config->tcp->tokens_size +
10264 rdev->wiphy.wowlan_config->tcp->payload_len +
10265 rdev->wiphy.wowlan_config->tcp->wake_len +
10266 rdev->wiphy.wowlan_config->tcp->wake_len / 8;
10267 }
10268
10269 msg = nlmsg_new(size, GFP_KERNEL);
10270 if (!msg)
10271 return -ENOMEM;
10272
10273 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
10274 NL80211_CMD_GET_WOWLAN);
10275 if (!hdr)
10276 goto nla_put_failure;
10277
10278 if (rdev->wiphy.wowlan_config) {
10279 struct nlattr *nl_wowlan;
10280
10281 nl_wowlan = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS);
10282 if (!nl_wowlan)
10283 goto nla_put_failure;
10284
10285 if ((rdev->wiphy.wowlan_config->any &&
10286 nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
10287 (rdev->wiphy.wowlan_config->disconnect &&
10288 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
10289 (rdev->wiphy.wowlan_config->magic_pkt &&
10290 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
10291 (rdev->wiphy.wowlan_config->gtk_rekey_failure &&
10292 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
10293 (rdev->wiphy.wowlan_config->eap_identity_req &&
10294 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
10295 (rdev->wiphy.wowlan_config->four_way_handshake &&
10296 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
10297 (rdev->wiphy.wowlan_config->rfkill_release &&
10298 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
10299 goto nla_put_failure;
10300
10301 if (nl80211_send_wowlan_patterns(msg, rdev))
10302 goto nla_put_failure;
10303
10304 if (nl80211_send_wowlan_tcp(msg,
10305 rdev->wiphy.wowlan_config->tcp))
10306 goto nla_put_failure;
10307
10308 if (nl80211_send_wowlan_nd(
10309 msg,
10310 rdev->wiphy.wowlan_config->nd_config))
10311 goto nla_put_failure;
10312
10313 nla_nest_end(msg, nl_wowlan);
10314 }
10315
10316 genlmsg_end(msg, hdr);
10317 return genlmsg_reply(msg, info);
10318
10319 nla_put_failure:
10320 nlmsg_free(msg);
10321 return -ENOBUFS;
10322 }
10323
10324 static int nl80211_parse_wowlan_tcp(struct cfg80211_registered_device *rdev,
10325 struct nlattr *attr,
10326 struct cfg80211_wowlan *trig)
10327 {
10328 struct nlattr *tb[NUM_NL80211_WOWLAN_TCP];
10329 struct cfg80211_wowlan_tcp *cfg;
10330 struct nl80211_wowlan_tcp_data_token *tok = NULL;
10331 struct nl80211_wowlan_tcp_data_seq *seq = NULL;
10332 u32 size;
10333 u32 data_size, wake_size, tokens_size = 0, wake_mask_size;
10334 int err, port;
10335
10336 if (!rdev->wiphy.wowlan->tcp)
10337 return -EINVAL;
10338
10339 err = nla_parse_nested(tb, MAX_NL80211_WOWLAN_TCP, attr,
10340 nl80211_wowlan_tcp_policy, NULL);
10341 if (err)
10342 return err;
10343
10344 if (!tb[NL80211_WOWLAN_TCP_SRC_IPV4] ||
10345 !tb[NL80211_WOWLAN_TCP_DST_IPV4] ||
10346 !tb[NL80211_WOWLAN_TCP_DST_MAC] ||
10347 !tb[NL80211_WOWLAN_TCP_DST_PORT] ||
10348 !tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD] ||
10349 !tb[NL80211_WOWLAN_TCP_DATA_INTERVAL] ||
10350 !tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD] ||
10351 !tb[NL80211_WOWLAN_TCP_WAKE_MASK])
10352 return -EINVAL;
10353
10354 data_size = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]);
10355 if (data_size > rdev->wiphy.wowlan->tcp->data_payload_max)
10356 return -EINVAL;
10357
10358 if (nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) >
10359 rdev->wiphy.wowlan->tcp->data_interval_max ||
10360 nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) == 0)
10361 return -EINVAL;
10362
10363 wake_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]);
10364 if (wake_size > rdev->wiphy.wowlan->tcp->wake_payload_max)
10365 return -EINVAL;
10366
10367 wake_mask_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_MASK]);
10368 if (wake_mask_size != DIV_ROUND_UP(wake_size, 8))
10369 return -EINVAL;
10370
10371 if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]) {
10372 u32 tokln = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]);
10373
10374 tok = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]);
10375 tokens_size = tokln - sizeof(*tok);
10376
10377 if (!tok->len || tokens_size % tok->len)
10378 return -EINVAL;
10379 if (!rdev->wiphy.wowlan->tcp->tok)
10380 return -EINVAL;
10381 if (tok->len > rdev->wiphy.wowlan->tcp->tok->max_len)
10382 return -EINVAL;
10383 if (tok->len < rdev->wiphy.wowlan->tcp->tok->min_len)
10384 return -EINVAL;
10385 if (tokens_size > rdev->wiphy.wowlan->tcp->tok->bufsize)
10386 return -EINVAL;
10387 if (tok->offset + tok->len > data_size)
10388 return -EINVAL;
10389 }
10390
10391 if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]) {
10392 seq = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]);
10393 if (!rdev->wiphy.wowlan->tcp->seq)
10394 return -EINVAL;
10395 if (seq->len == 0 || seq->len > 4)
10396 return -EINVAL;
10397 if (seq->len + seq->offset > data_size)
10398 return -EINVAL;
10399 }
10400
10401 size = sizeof(*cfg);
10402 size += data_size;
10403 size += wake_size + wake_mask_size;
10404 size += tokens_size;
10405
10406 cfg = kzalloc(size, GFP_KERNEL);
10407 if (!cfg)
10408 return -ENOMEM;
10409 cfg->src = nla_get_in_addr(tb[NL80211_WOWLAN_TCP_SRC_IPV4]);
10410 cfg->dst = nla_get_in_addr(tb[NL80211_WOWLAN_TCP_DST_IPV4]);
10411 memcpy(cfg->dst_mac, nla_data(tb[NL80211_WOWLAN_TCP_DST_MAC]),
10412 ETH_ALEN);
10413 if (tb[NL80211_WOWLAN_TCP_SRC_PORT])
10414 port = nla_get_u16(tb[NL80211_WOWLAN_TCP_SRC_PORT]);
10415 else
10416 port = 0;
10417 #ifdef CONFIG_INET
10418 /* allocate a socket and port for it and use it */
10419 err = __sock_create(wiphy_net(&rdev->wiphy), PF_INET, SOCK_STREAM,
10420 IPPROTO_TCP, &cfg->sock, 1);
10421 if (err) {
10422 kfree(cfg);
10423 return err;
10424 }
10425 if (inet_csk_get_port(cfg->sock->sk, port)) {
10426 sock_release(cfg->sock);
10427 kfree(cfg);
10428 return -EADDRINUSE;
10429 }
10430 cfg->src_port = inet_sk(cfg->sock->sk)->inet_num;
10431 #else
10432 if (!port) {
10433 kfree(cfg);
10434 return -EINVAL;
10435 }
10436 cfg->src_port = port;
10437 #endif
10438
10439 cfg->dst_port = nla_get_u16(tb[NL80211_WOWLAN_TCP_DST_PORT]);
10440 cfg->payload_len = data_size;
10441 cfg->payload = (u8 *)cfg + sizeof(*cfg) + tokens_size;
10442 memcpy((void *)cfg->payload,
10443 nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]),
10444 data_size);
10445 if (seq)
10446 cfg->payload_seq = *seq;
10447 cfg->data_interval = nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]);
10448 cfg->wake_len = wake_size;
10449 cfg->wake_data = (u8 *)cfg + sizeof(*cfg) + tokens_size + data_size;
10450 memcpy((void *)cfg->wake_data,
10451 nla_data(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]),
10452 wake_size);
10453 cfg->wake_mask = (u8 *)cfg + sizeof(*cfg) + tokens_size +
10454 data_size + wake_size;
10455 memcpy((void *)cfg->wake_mask,
10456 nla_data(tb[NL80211_WOWLAN_TCP_WAKE_MASK]),
10457 wake_mask_size);
10458 if (tok) {
10459 cfg->tokens_size = tokens_size;
10460 memcpy(&cfg->payload_tok, tok, sizeof(*tok) + tokens_size);
10461 }
10462
10463 trig->tcp = cfg;
10464
10465 return 0;
10466 }
10467
10468 static int nl80211_parse_wowlan_nd(struct cfg80211_registered_device *rdev,
10469 const struct wiphy_wowlan_support *wowlan,
10470 struct nlattr *attr,
10471 struct cfg80211_wowlan *trig)
10472 {
10473 struct nlattr **tb;
10474 int err;
10475
10476 tb = kzalloc(NUM_NL80211_ATTR * sizeof(*tb), GFP_KERNEL);
10477 if (!tb)
10478 return -ENOMEM;
10479
10480 if (!(wowlan->flags & WIPHY_WOWLAN_NET_DETECT)) {
10481 err = -EOPNOTSUPP;
10482 goto out;
10483 }
10484
10485 err = nla_parse_nested(tb, NL80211_ATTR_MAX, attr, nl80211_policy,
10486 NULL);
10487 if (err)
10488 goto out;
10489
10490 trig->nd_config = nl80211_parse_sched_scan(&rdev->wiphy, NULL, tb,
10491 wowlan->max_nd_match_sets);
10492 err = PTR_ERR_OR_ZERO(trig->nd_config);
10493 if (err)
10494 trig->nd_config = NULL;
10495
10496 out:
10497 kfree(tb);
10498 return err;
10499 }
10500
10501 static int nl80211_set_wowlan(struct sk_buff *skb, struct genl_info *info)
10502 {
10503 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10504 struct nlattr *tb[NUM_NL80211_WOWLAN_TRIG];
10505 struct cfg80211_wowlan new_triggers = {};
10506 struct cfg80211_wowlan *ntrig;
10507 const struct wiphy_wowlan_support *wowlan = rdev->wiphy.wowlan;
10508 int err, i;
10509 bool prev_enabled = rdev->wiphy.wowlan_config;
10510 bool regular = false;
10511
10512 if (!wowlan)
10513 return -EOPNOTSUPP;
10514
10515 if (!info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]) {
10516 cfg80211_rdev_free_wowlan(rdev);
10517 rdev->wiphy.wowlan_config = NULL;
10518 goto set_wakeup;
10519 }
10520
10521 err = nla_parse_nested(tb, MAX_NL80211_WOWLAN_TRIG,
10522 info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS],
10523 nl80211_wowlan_policy, info->extack);
10524 if (err)
10525 return err;
10526
10527 if (tb[NL80211_WOWLAN_TRIG_ANY]) {
10528 if (!(wowlan->flags & WIPHY_WOWLAN_ANY))
10529 return -EINVAL;
10530 new_triggers.any = true;
10531 }
10532
10533 if (tb[NL80211_WOWLAN_TRIG_DISCONNECT]) {
10534 if (!(wowlan->flags & WIPHY_WOWLAN_DISCONNECT))
10535 return -EINVAL;
10536 new_triggers.disconnect = true;
10537 regular = true;
10538 }
10539
10540 if (tb[NL80211_WOWLAN_TRIG_MAGIC_PKT]) {
10541 if (!(wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT))
10542 return -EINVAL;
10543 new_triggers.magic_pkt = true;
10544 regular = true;
10545 }
10546
10547 if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED])
10548 return -EINVAL;
10549
10550 if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE]) {
10551 if (!(wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE))
10552 return -EINVAL;
10553 new_triggers.gtk_rekey_failure = true;
10554 regular = true;
10555 }
10556
10557 if (tb[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST]) {
10558 if (!(wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ))
10559 return -EINVAL;
10560 new_triggers.eap_identity_req = true;
10561 regular = true;
10562 }
10563
10564 if (tb[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE]) {
10565 if (!(wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE))
10566 return -EINVAL;
10567 new_triggers.four_way_handshake = true;
10568 regular = true;
10569 }
10570
10571 if (tb[NL80211_WOWLAN_TRIG_RFKILL_RELEASE]) {
10572 if (!(wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE))
10573 return -EINVAL;
10574 new_triggers.rfkill_release = true;
10575 regular = true;
10576 }
10577
10578 if (tb[NL80211_WOWLAN_TRIG_PKT_PATTERN]) {
10579 struct nlattr *pat;
10580 int n_patterns = 0;
10581 int rem, pat_len, mask_len, pkt_offset;
10582 struct nlattr *pat_tb[NUM_NL80211_PKTPAT];
10583
10584 regular = true;
10585
10586 nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
10587 rem)
10588 n_patterns++;
10589 if (n_patterns > wowlan->n_patterns)
10590 return -EINVAL;
10591
10592 new_triggers.patterns = kcalloc(n_patterns,
10593 sizeof(new_triggers.patterns[0]),
10594 GFP_KERNEL);
10595 if (!new_triggers.patterns)
10596 return -ENOMEM;
10597
10598 new_triggers.n_patterns = n_patterns;
10599 i = 0;
10600
10601 nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
10602 rem) {
10603 u8 *mask_pat;
10604
10605 nla_parse_nested(pat_tb, MAX_NL80211_PKTPAT, pat,
10606 nl80211_packet_pattern_policy,
10607 info->extack);
10608 err = -EINVAL;
10609 if (!pat_tb[NL80211_PKTPAT_MASK] ||
10610 !pat_tb[NL80211_PKTPAT_PATTERN])
10611 goto error;
10612 pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]);
10613 mask_len = DIV_ROUND_UP(pat_len, 8);
10614 if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len)
10615 goto error;
10616 if (pat_len > wowlan->pattern_max_len ||
10617 pat_len < wowlan->pattern_min_len)
10618 goto error;
10619
10620 if (!pat_tb[NL80211_PKTPAT_OFFSET])
10621 pkt_offset = 0;
10622 else
10623 pkt_offset = nla_get_u32(
10624 pat_tb[NL80211_PKTPAT_OFFSET]);
10625 if (pkt_offset > wowlan->max_pkt_offset)
10626 goto error;
10627 new_triggers.patterns[i].pkt_offset = pkt_offset;
10628
10629 mask_pat = kmalloc(mask_len + pat_len, GFP_KERNEL);
10630 if (!mask_pat) {
10631 err = -ENOMEM;
10632 goto error;
10633 }
10634 new_triggers.patterns[i].mask = mask_pat;
10635 memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_MASK]),
10636 mask_len);
10637 mask_pat += mask_len;
10638 new_triggers.patterns[i].pattern = mask_pat;
10639 new_triggers.patterns[i].pattern_len = pat_len;
10640 memcpy(mask_pat,
10641 nla_data(pat_tb[NL80211_PKTPAT_PATTERN]),
10642 pat_len);
10643 i++;
10644 }
10645 }
10646
10647 if (tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION]) {
10648 regular = true;
10649 err = nl80211_parse_wowlan_tcp(
10650 rdev, tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION],
10651 &new_triggers);
10652 if (err)
10653 goto error;
10654 }
10655
10656 if (tb[NL80211_WOWLAN_TRIG_NET_DETECT]) {
10657 regular = true;
10658 err = nl80211_parse_wowlan_nd(
10659 rdev, wowlan, tb[NL80211_WOWLAN_TRIG_NET_DETECT],
10660 &new_triggers);
10661 if (err)
10662 goto error;
10663 }
10664
10665 /* The 'any' trigger means the device continues operating more or less
10666 * as in its normal operation mode and wakes up the host on most of the
10667 * normal interrupts (like packet RX, ...)
10668 * It therefore makes little sense to combine with the more constrained
10669 * wakeup trigger modes.
10670 */
10671 if (new_triggers.any && regular) {
10672 err = -EINVAL;
10673 goto error;
10674 }
10675
10676 ntrig = kmemdup(&new_triggers, sizeof(new_triggers), GFP_KERNEL);
10677 if (!ntrig) {
10678 err = -ENOMEM;
10679 goto error;
10680 }
10681 cfg80211_rdev_free_wowlan(rdev);
10682 rdev->wiphy.wowlan_config = ntrig;
10683
10684 set_wakeup:
10685 if (rdev->ops->set_wakeup &&
10686 prev_enabled != !!rdev->wiphy.wowlan_config)
10687 rdev_set_wakeup(rdev, rdev->wiphy.wowlan_config);
10688
10689 return 0;
10690 error:
10691 for (i = 0; i < new_triggers.n_patterns; i++)
10692 kfree(new_triggers.patterns[i].mask);
10693 kfree(new_triggers.patterns);
10694 if (new_triggers.tcp && new_triggers.tcp->sock)
10695 sock_release(new_triggers.tcp->sock);
10696 kfree(new_triggers.tcp);
10697 kfree(new_triggers.nd_config);
10698 return err;
10699 }
10700 #endif
10701
10702 static int nl80211_send_coalesce_rules(struct sk_buff *msg,
10703 struct cfg80211_registered_device *rdev)
10704 {
10705 struct nlattr *nl_pats, *nl_pat, *nl_rule, *nl_rules;
10706 int i, j, pat_len;
10707 struct cfg80211_coalesce_rules *rule;
10708
10709 if (!rdev->coalesce->n_rules)
10710 return 0;
10711
10712 nl_rules = nla_nest_start(msg, NL80211_ATTR_COALESCE_RULE);
10713 if (!nl_rules)
10714 return -ENOBUFS;
10715
10716 for (i = 0; i < rdev->coalesce->n_rules; i++) {
10717 nl_rule = nla_nest_start(msg, i + 1);
10718 if (!nl_rule)
10719 return -ENOBUFS;
10720
10721 rule = &rdev->coalesce->rules[i];
10722 if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_DELAY,
10723 rule->delay))
10724 return -ENOBUFS;
10725
10726 if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_CONDITION,
10727 rule->condition))
10728 return -ENOBUFS;
10729
10730 nl_pats = nla_nest_start(msg,
10731 NL80211_ATTR_COALESCE_RULE_PKT_PATTERN);
10732 if (!nl_pats)
10733 return -ENOBUFS;
10734
10735 for (j = 0; j < rule->n_patterns; j++) {
10736 nl_pat = nla_nest_start(msg, j + 1);
10737 if (!nl_pat)
10738 return -ENOBUFS;
10739 pat_len = rule->patterns[j].pattern_len;
10740 if (nla_put(msg, NL80211_PKTPAT_MASK,
10741 DIV_ROUND_UP(pat_len, 8),
10742 rule->patterns[j].mask) ||
10743 nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len,
10744 rule->patterns[j].pattern) ||
10745 nla_put_u32(msg, NL80211_PKTPAT_OFFSET,
10746 rule->patterns[j].pkt_offset))
10747 return -ENOBUFS;
10748 nla_nest_end(msg, nl_pat);
10749 }
10750 nla_nest_end(msg, nl_pats);
10751 nla_nest_end(msg, nl_rule);
10752 }
10753 nla_nest_end(msg, nl_rules);
10754
10755 return 0;
10756 }
10757
10758 static int nl80211_get_coalesce(struct sk_buff *skb, struct genl_info *info)
10759 {
10760 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10761 struct sk_buff *msg;
10762 void *hdr;
10763
10764 if (!rdev->wiphy.coalesce)
10765 return -EOPNOTSUPP;
10766
10767 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
10768 if (!msg)
10769 return -ENOMEM;
10770
10771 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
10772 NL80211_CMD_GET_COALESCE);
10773 if (!hdr)
10774 goto nla_put_failure;
10775
10776 if (rdev->coalesce && nl80211_send_coalesce_rules(msg, rdev))
10777 goto nla_put_failure;
10778
10779 genlmsg_end(msg, hdr);
10780 return genlmsg_reply(msg, info);
10781
10782 nla_put_failure:
10783 nlmsg_free(msg);
10784 return -ENOBUFS;
10785 }
10786
10787 void cfg80211_rdev_free_coalesce(struct cfg80211_registered_device *rdev)
10788 {
10789 struct cfg80211_coalesce *coalesce = rdev->coalesce;
10790 int i, j;
10791 struct cfg80211_coalesce_rules *rule;
10792
10793 if (!coalesce)
10794 return;
10795
10796 for (i = 0; i < coalesce->n_rules; i++) {
10797 rule = &coalesce->rules[i];
10798 for (j = 0; j < rule->n_patterns; j++)
10799 kfree(rule->patterns[j].mask);
10800 kfree(rule->patterns);
10801 }
10802 kfree(coalesce->rules);
10803 kfree(coalesce);
10804 rdev->coalesce = NULL;
10805 }
10806
10807 static int nl80211_parse_coalesce_rule(struct cfg80211_registered_device *rdev,
10808 struct nlattr *rule,
10809 struct cfg80211_coalesce_rules *new_rule)
10810 {
10811 int err, i;
10812 const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce;
10813 struct nlattr *tb[NUM_NL80211_ATTR_COALESCE_RULE], *pat;
10814 int rem, pat_len, mask_len, pkt_offset, n_patterns = 0;
10815 struct nlattr *pat_tb[NUM_NL80211_PKTPAT];
10816
10817 err = nla_parse_nested(tb, NL80211_ATTR_COALESCE_RULE_MAX, rule,
10818 nl80211_coalesce_policy, NULL);
10819 if (err)
10820 return err;
10821
10822 if (tb[NL80211_ATTR_COALESCE_RULE_DELAY])
10823 new_rule->delay =
10824 nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_DELAY]);
10825 if (new_rule->delay > coalesce->max_delay)
10826 return -EINVAL;
10827
10828 if (tb[NL80211_ATTR_COALESCE_RULE_CONDITION])
10829 new_rule->condition =
10830 nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_CONDITION]);
10831 if (new_rule->condition != NL80211_COALESCE_CONDITION_MATCH &&
10832 new_rule->condition != NL80211_COALESCE_CONDITION_NO_MATCH)
10833 return -EINVAL;
10834
10835 if (!tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN])
10836 return -EINVAL;
10837
10838 nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN],
10839 rem)
10840 n_patterns++;
10841 if (n_patterns > coalesce->n_patterns)
10842 return -EINVAL;
10843
10844 new_rule->patterns = kcalloc(n_patterns, sizeof(new_rule->patterns[0]),
10845 GFP_KERNEL);
10846 if (!new_rule->patterns)
10847 return -ENOMEM;
10848
10849 new_rule->n_patterns = n_patterns;
10850 i = 0;
10851
10852 nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN],
10853 rem) {
10854 u8 *mask_pat;
10855
10856 nla_parse_nested(pat_tb, MAX_NL80211_PKTPAT, pat,
10857 nl80211_packet_pattern_policy, NULL);
10858 if (!pat_tb[NL80211_PKTPAT_MASK] ||
10859 !pat_tb[NL80211_PKTPAT_PATTERN])
10860 return -EINVAL;
10861 pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]);
10862 mask_len = DIV_ROUND_UP(pat_len, 8);
10863 if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len)
10864 return -EINVAL;
10865 if (pat_len > coalesce->pattern_max_len ||
10866 pat_len < coalesce->pattern_min_len)
10867 return -EINVAL;
10868
10869 if (!pat_tb[NL80211_PKTPAT_OFFSET])
10870 pkt_offset = 0;
10871 else
10872 pkt_offset = nla_get_u32(pat_tb[NL80211_PKTPAT_OFFSET]);
10873 if (pkt_offset > coalesce->max_pkt_offset)
10874 return -EINVAL;
10875 new_rule->patterns[i].pkt_offset = pkt_offset;
10876
10877 mask_pat = kmalloc(mask_len + pat_len, GFP_KERNEL);
10878 if (!mask_pat)
10879 return -ENOMEM;
10880
10881 new_rule->patterns[i].mask = mask_pat;
10882 memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_MASK]),
10883 mask_len);
10884
10885 mask_pat += mask_len;
10886 new_rule->patterns[i].pattern = mask_pat;
10887 new_rule->patterns[i].pattern_len = pat_len;
10888 memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_PATTERN]),
10889 pat_len);
10890 i++;
10891 }
10892
10893 return 0;
10894 }
10895
10896 static int nl80211_set_coalesce(struct sk_buff *skb, struct genl_info *info)
10897 {
10898 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10899 const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce;
10900 struct cfg80211_coalesce new_coalesce = {};
10901 struct cfg80211_coalesce *n_coalesce;
10902 int err, rem_rule, n_rules = 0, i, j;
10903 struct nlattr *rule;
10904 struct cfg80211_coalesce_rules *tmp_rule;
10905
10906 if (!rdev->wiphy.coalesce || !rdev->ops->set_coalesce)
10907 return -EOPNOTSUPP;
10908
10909 if (!info->attrs[NL80211_ATTR_COALESCE_RULE]) {
10910 cfg80211_rdev_free_coalesce(rdev);
10911 rdev_set_coalesce(rdev, NULL);
10912 return 0;
10913 }
10914
10915 nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE],
10916 rem_rule)
10917 n_rules++;
10918 if (n_rules > coalesce->n_rules)
10919 return -EINVAL;
10920
10921 new_coalesce.rules = kcalloc(n_rules, sizeof(new_coalesce.rules[0]),
10922 GFP_KERNEL);
10923 if (!new_coalesce.rules)
10924 return -ENOMEM;
10925
10926 new_coalesce.n_rules = n_rules;
10927 i = 0;
10928
10929 nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE],
10930 rem_rule) {
10931 err = nl80211_parse_coalesce_rule(rdev, rule,
10932 &new_coalesce.rules[i]);
10933 if (err)
10934 goto error;
10935
10936 i++;
10937 }
10938
10939 err = rdev_set_coalesce(rdev, &new_coalesce);
10940 if (err)
10941 goto error;
10942
10943 n_coalesce = kmemdup(&new_coalesce, sizeof(new_coalesce), GFP_KERNEL);
10944 if (!n_coalesce) {
10945 err = -ENOMEM;
10946 goto error;
10947 }
10948 cfg80211_rdev_free_coalesce(rdev);
10949 rdev->coalesce = n_coalesce;
10950
10951 return 0;
10952 error:
10953 for (i = 0; i < new_coalesce.n_rules; i++) {
10954 tmp_rule = &new_coalesce.rules[i];
10955 for (j = 0; j < tmp_rule->n_patterns; j++)
10956 kfree(tmp_rule->patterns[j].mask);
10957 kfree(tmp_rule->patterns);
10958 }
10959 kfree(new_coalesce.rules);
10960
10961 return err;
10962 }
10963
10964 static int nl80211_set_rekey_data(struct sk_buff *skb, struct genl_info *info)
10965 {
10966 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10967 struct net_device *dev = info->user_ptr[1];
10968 struct wireless_dev *wdev = dev->ieee80211_ptr;
10969 struct nlattr *tb[NUM_NL80211_REKEY_DATA];
10970 struct cfg80211_gtk_rekey_data rekey_data;
10971 int err;
10972
10973 if (!info->attrs[NL80211_ATTR_REKEY_DATA])
10974 return -EINVAL;
10975
10976 err = nla_parse_nested(tb, MAX_NL80211_REKEY_DATA,
10977 info->attrs[NL80211_ATTR_REKEY_DATA],
10978 nl80211_rekey_policy, info->extack);
10979 if (err)
10980 return err;
10981
10982 if (!tb[NL80211_REKEY_DATA_REPLAY_CTR] || !tb[NL80211_REKEY_DATA_KEK] ||
10983 !tb[NL80211_REKEY_DATA_KCK])
10984 return -EINVAL;
10985 if (nla_len(tb[NL80211_REKEY_DATA_REPLAY_CTR]) != NL80211_REPLAY_CTR_LEN)
10986 return -ERANGE;
10987 if (nla_len(tb[NL80211_REKEY_DATA_KEK]) != NL80211_KEK_LEN)
10988 return -ERANGE;
10989 if (nla_len(tb[NL80211_REKEY_DATA_KCK]) != NL80211_KCK_LEN)
10990 return -ERANGE;
10991
10992 rekey_data.kek = nla_data(tb[NL80211_REKEY_DATA_KEK]);
10993 rekey_data.kck = nla_data(tb[NL80211_REKEY_DATA_KCK]);
10994 rekey_data.replay_ctr = nla_data(tb[NL80211_REKEY_DATA_REPLAY_CTR]);
10995
10996 wdev_lock(wdev);
10997 if (!wdev->current_bss) {
10998 err = -ENOTCONN;
10999 goto out;
11000 }
11001
11002 if (!rdev->ops->set_rekey_data) {
11003 err = -EOPNOTSUPP;
11004 goto out;
11005 }
11006
11007 err = rdev_set_rekey_data(rdev, dev, &rekey_data);
11008 out:
11009 wdev_unlock(wdev);
11010 return err;
11011 }
11012
11013 static int nl80211_register_unexpected_frame(struct sk_buff *skb,
11014 struct genl_info *info)
11015 {
11016 struct net_device *dev = info->user_ptr[1];
11017 struct wireless_dev *wdev = dev->ieee80211_ptr;
11018
11019 if (wdev->iftype != NL80211_IFTYPE_AP &&
11020 wdev->iftype != NL80211_IFTYPE_P2P_GO)
11021 return -EINVAL;
11022
11023 if (wdev->ap_unexpected_nlportid)
11024 return -EBUSY;
11025
11026 wdev->ap_unexpected_nlportid = info->snd_portid;
11027 return 0;
11028 }
11029
11030 static int nl80211_probe_client(struct sk_buff *skb,
11031 struct genl_info *info)
11032 {
11033 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11034 struct net_device *dev = info->user_ptr[1];
11035 struct wireless_dev *wdev = dev->ieee80211_ptr;
11036 struct sk_buff *msg;
11037 void *hdr;
11038 const u8 *addr;
11039 u64 cookie;
11040 int err;
11041
11042 if (wdev->iftype != NL80211_IFTYPE_AP &&
11043 wdev->iftype != NL80211_IFTYPE_P2P_GO)
11044 return -EOPNOTSUPP;
11045
11046 if (!info->attrs[NL80211_ATTR_MAC])
11047 return -EINVAL;
11048
11049 if (!rdev->ops->probe_client)
11050 return -EOPNOTSUPP;
11051
11052 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
11053 if (!msg)
11054 return -ENOMEM;
11055
11056 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
11057 NL80211_CMD_PROBE_CLIENT);
11058 if (!hdr) {
11059 err = -ENOBUFS;
11060 goto free_msg;
11061 }
11062
11063 addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
11064
11065 err = rdev_probe_client(rdev, dev, addr, &cookie);
11066 if (err)
11067 goto free_msg;
11068
11069 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
11070 NL80211_ATTR_PAD))
11071 goto nla_put_failure;
11072
11073 genlmsg_end(msg, hdr);
11074
11075 return genlmsg_reply(msg, info);
11076
11077 nla_put_failure:
11078 err = -ENOBUFS;
11079 free_msg:
11080 nlmsg_free(msg);
11081 return err;
11082 }
11083
11084 static int nl80211_register_beacons(struct sk_buff *skb, struct genl_info *info)
11085 {
11086 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11087 struct cfg80211_beacon_registration *reg, *nreg;
11088 int rv;
11089
11090 if (!(rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS))
11091 return -EOPNOTSUPP;
11092
11093 nreg = kzalloc(sizeof(*nreg), GFP_KERNEL);
11094 if (!nreg)
11095 return -ENOMEM;
11096
11097 /* First, check if already registered. */
11098 spin_lock_bh(&rdev->beacon_registrations_lock);
11099 list_for_each_entry(reg, &rdev->beacon_registrations, list) {
11100 if (reg->nlportid == info->snd_portid) {
11101 rv = -EALREADY;
11102 goto out_err;
11103 }
11104 }
11105 /* Add it to the list */
11106 nreg->nlportid = info->snd_portid;
11107 list_add(&nreg->list, &rdev->beacon_registrations);
11108
11109 spin_unlock_bh(&rdev->beacon_registrations_lock);
11110
11111 return 0;
11112 out_err:
11113 spin_unlock_bh(&rdev->beacon_registrations_lock);
11114 kfree(nreg);
11115 return rv;
11116 }
11117
11118 static int nl80211_start_p2p_device(struct sk_buff *skb, struct genl_info *info)
11119 {
11120 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11121 struct wireless_dev *wdev = info->user_ptr[1];
11122 int err;
11123
11124 if (!rdev->ops->start_p2p_device)
11125 return -EOPNOTSUPP;
11126
11127 if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
11128 return -EOPNOTSUPP;
11129
11130 if (wdev_running(wdev))
11131 return 0;
11132
11133 if (rfkill_blocked(rdev->rfkill))
11134 return -ERFKILL;
11135
11136 err = rdev_start_p2p_device(rdev, wdev);
11137 if (err)
11138 return err;
11139
11140 wdev->is_running = true;
11141 rdev->opencount++;
11142
11143 return 0;
11144 }
11145
11146 static int nl80211_stop_p2p_device(struct sk_buff *skb, struct genl_info *info)
11147 {
11148 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11149 struct wireless_dev *wdev = info->user_ptr[1];
11150
11151 if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
11152 return -EOPNOTSUPP;
11153
11154 if (!rdev->ops->stop_p2p_device)
11155 return -EOPNOTSUPP;
11156
11157 cfg80211_stop_p2p_device(rdev, wdev);
11158
11159 return 0;
11160 }
11161
11162 static int nl80211_start_nan(struct sk_buff *skb, struct genl_info *info)
11163 {
11164 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11165 struct wireless_dev *wdev = info->user_ptr[1];
11166 struct cfg80211_nan_conf conf = {};
11167 int err;
11168
11169 if (wdev->iftype != NL80211_IFTYPE_NAN)
11170 return -EOPNOTSUPP;
11171
11172 if (wdev_running(wdev))
11173 return -EEXIST;
11174
11175 if (rfkill_blocked(rdev->rfkill))
11176 return -ERFKILL;
11177
11178 if (!info->attrs[NL80211_ATTR_NAN_MASTER_PREF])
11179 return -EINVAL;
11180
11181 conf.master_pref =
11182 nla_get_u8(info->attrs[NL80211_ATTR_NAN_MASTER_PREF]);
11183 if (!conf.master_pref)
11184 return -EINVAL;
11185
11186 if (info->attrs[NL80211_ATTR_BANDS]) {
11187 u32 bands = nla_get_u32(info->attrs[NL80211_ATTR_BANDS]);
11188
11189 if (bands & ~(u32)wdev->wiphy->nan_supported_bands)
11190 return -EOPNOTSUPP;
11191
11192 if (bands && !(bands & BIT(NL80211_BAND_2GHZ)))
11193 return -EINVAL;
11194
11195 conf.bands = bands;
11196 }
11197
11198 err = rdev_start_nan(rdev, wdev, &conf);
11199 if (err)
11200 return err;
11201
11202 wdev->is_running = true;
11203 rdev->opencount++;
11204
11205 return 0;
11206 }
11207
11208 static int nl80211_stop_nan(struct sk_buff *skb, struct genl_info *info)
11209 {
11210 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11211 struct wireless_dev *wdev = info->user_ptr[1];
11212
11213 if (wdev->iftype != NL80211_IFTYPE_NAN)
11214 return -EOPNOTSUPP;
11215
11216 cfg80211_stop_nan(rdev, wdev);
11217
11218 return 0;
11219 }
11220
11221 static int validate_nan_filter(struct nlattr *filter_attr)
11222 {
11223 struct nlattr *attr;
11224 int len = 0, n_entries = 0, rem;
11225
11226 nla_for_each_nested(attr, filter_attr, rem) {
11227 len += nla_len(attr);
11228 n_entries++;
11229 }
11230
11231 if (len >= U8_MAX)
11232 return -EINVAL;
11233
11234 return n_entries;
11235 }
11236
11237 static int handle_nan_filter(struct nlattr *attr_filter,
11238 struct cfg80211_nan_func *func,
11239 bool tx)
11240 {
11241 struct nlattr *attr;
11242 int n_entries, rem, i;
11243 struct cfg80211_nan_func_filter *filter;
11244
11245 n_entries = validate_nan_filter(attr_filter);
11246 if (n_entries < 0)
11247 return n_entries;
11248
11249 BUILD_BUG_ON(sizeof(*func->rx_filters) != sizeof(*func->tx_filters));
11250
11251 filter = kcalloc(n_entries, sizeof(*func->rx_filters), GFP_KERNEL);
11252 if (!filter)
11253 return -ENOMEM;
11254
11255 i = 0;
11256 nla_for_each_nested(attr, attr_filter, rem) {
11257 filter[i].filter = nla_memdup(attr, GFP_KERNEL);
11258 filter[i].len = nla_len(attr);
11259 i++;
11260 }
11261 if (tx) {
11262 func->num_tx_filters = n_entries;
11263 func->tx_filters = filter;
11264 } else {
11265 func->num_rx_filters = n_entries;
11266 func->rx_filters = filter;
11267 }
11268
11269 return 0;
11270 }
11271
11272 static int nl80211_nan_add_func(struct sk_buff *skb,
11273 struct genl_info *info)
11274 {
11275 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11276 struct wireless_dev *wdev = info->user_ptr[1];
11277 struct nlattr *tb[NUM_NL80211_NAN_FUNC_ATTR], *func_attr;
11278 struct cfg80211_nan_func *func;
11279 struct sk_buff *msg = NULL;
11280 void *hdr = NULL;
11281 int err = 0;
11282
11283 if (wdev->iftype != NL80211_IFTYPE_NAN)
11284 return -EOPNOTSUPP;
11285
11286 if (!wdev_running(wdev))
11287 return -ENOTCONN;
11288
11289 if (!info->attrs[NL80211_ATTR_NAN_FUNC])
11290 return -EINVAL;
11291
11292 err = nla_parse_nested(tb, NL80211_NAN_FUNC_ATTR_MAX,
11293 info->attrs[NL80211_ATTR_NAN_FUNC],
11294 nl80211_nan_func_policy, info->extack);
11295 if (err)
11296 return err;
11297
11298 func = kzalloc(sizeof(*func), GFP_KERNEL);
11299 if (!func)
11300 return -ENOMEM;
11301
11302 func->cookie = wdev->wiphy->cookie_counter++;
11303
11304 if (!tb[NL80211_NAN_FUNC_TYPE] ||
11305 nla_get_u8(tb[NL80211_NAN_FUNC_TYPE]) > NL80211_NAN_FUNC_MAX_TYPE) {
11306 err = -EINVAL;
11307 goto out;
11308 }
11309
11310
11311 func->type = nla_get_u8(tb[NL80211_NAN_FUNC_TYPE]);
11312
11313 if (!tb[NL80211_NAN_FUNC_SERVICE_ID]) {
11314 err = -EINVAL;
11315 goto out;
11316 }
11317
11318 memcpy(func->service_id, nla_data(tb[NL80211_NAN_FUNC_SERVICE_ID]),
11319 sizeof(func->service_id));
11320
11321 func->close_range =
11322 nla_get_flag(tb[NL80211_NAN_FUNC_CLOSE_RANGE]);
11323
11324 if (tb[NL80211_NAN_FUNC_SERVICE_INFO]) {
11325 func->serv_spec_info_len =
11326 nla_len(tb[NL80211_NAN_FUNC_SERVICE_INFO]);
11327 func->serv_spec_info =
11328 kmemdup(nla_data(tb[NL80211_NAN_FUNC_SERVICE_INFO]),
11329 func->serv_spec_info_len,
11330 GFP_KERNEL);
11331 if (!func->serv_spec_info) {
11332 err = -ENOMEM;
11333 goto out;
11334 }
11335 }
11336
11337 if (tb[NL80211_NAN_FUNC_TTL])
11338 func->ttl = nla_get_u32(tb[NL80211_NAN_FUNC_TTL]);
11339
11340 switch (func->type) {
11341 case NL80211_NAN_FUNC_PUBLISH:
11342 if (!tb[NL80211_NAN_FUNC_PUBLISH_TYPE]) {
11343 err = -EINVAL;
11344 goto out;
11345 }
11346
11347 func->publish_type =
11348 nla_get_u8(tb[NL80211_NAN_FUNC_PUBLISH_TYPE]);
11349 func->publish_bcast =
11350 nla_get_flag(tb[NL80211_NAN_FUNC_PUBLISH_BCAST]);
11351
11352 if ((!(func->publish_type & NL80211_NAN_SOLICITED_PUBLISH)) &&
11353 func->publish_bcast) {
11354 err = -EINVAL;
11355 goto out;
11356 }
11357 break;
11358 case NL80211_NAN_FUNC_SUBSCRIBE:
11359 func->subscribe_active =
11360 nla_get_flag(tb[NL80211_NAN_FUNC_SUBSCRIBE_ACTIVE]);
11361 break;
11362 case NL80211_NAN_FUNC_FOLLOW_UP:
11363 if (!tb[NL80211_NAN_FUNC_FOLLOW_UP_ID] ||
11364 !tb[NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID] ||
11365 !tb[NL80211_NAN_FUNC_FOLLOW_UP_DEST]) {
11366 err = -EINVAL;
11367 goto out;
11368 }
11369
11370 func->followup_id =
11371 nla_get_u8(tb[NL80211_NAN_FUNC_FOLLOW_UP_ID]);
11372 func->followup_reqid =
11373 nla_get_u8(tb[NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID]);
11374 memcpy(func->followup_dest.addr,
11375 nla_data(tb[NL80211_NAN_FUNC_FOLLOW_UP_DEST]),
11376 sizeof(func->followup_dest.addr));
11377 if (func->ttl) {
11378 err = -EINVAL;
11379 goto out;
11380 }
11381 break;
11382 default:
11383 err = -EINVAL;
11384 goto out;
11385 }
11386
11387 if (tb[NL80211_NAN_FUNC_SRF]) {
11388 struct nlattr *srf_tb[NUM_NL80211_NAN_SRF_ATTR];
11389
11390 err = nla_parse_nested(srf_tb, NL80211_NAN_SRF_ATTR_MAX,
11391 tb[NL80211_NAN_FUNC_SRF],
11392 nl80211_nan_srf_policy, info->extack);
11393 if (err)
11394 goto out;
11395
11396 func->srf_include =
11397 nla_get_flag(srf_tb[NL80211_NAN_SRF_INCLUDE]);
11398
11399 if (srf_tb[NL80211_NAN_SRF_BF]) {
11400 if (srf_tb[NL80211_NAN_SRF_MAC_ADDRS] ||
11401 !srf_tb[NL80211_NAN_SRF_BF_IDX]) {
11402 err = -EINVAL;
11403 goto out;
11404 }
11405
11406 func->srf_bf_len =
11407 nla_len(srf_tb[NL80211_NAN_SRF_BF]);
11408 func->srf_bf =
11409 kmemdup(nla_data(srf_tb[NL80211_NAN_SRF_BF]),
11410 func->srf_bf_len, GFP_KERNEL);
11411 if (!func->srf_bf) {
11412 err = -ENOMEM;
11413 goto out;
11414 }
11415
11416 func->srf_bf_idx =
11417 nla_get_u8(srf_tb[NL80211_NAN_SRF_BF_IDX]);
11418 } else {
11419 struct nlattr *attr, *mac_attr =
11420 srf_tb[NL80211_NAN_SRF_MAC_ADDRS];
11421 int n_entries, rem, i = 0;
11422
11423 if (!mac_attr) {
11424 err = -EINVAL;
11425 goto out;
11426 }
11427
11428 n_entries = validate_acl_mac_addrs(mac_attr);
11429 if (n_entries <= 0) {
11430 err = -EINVAL;
11431 goto out;
11432 }
11433
11434 func->srf_num_macs = n_entries;
11435 func->srf_macs =
11436 kzalloc(sizeof(*func->srf_macs) * n_entries,
11437 GFP_KERNEL);
11438 if (!func->srf_macs) {
11439 err = -ENOMEM;
11440 goto out;
11441 }
11442
11443 nla_for_each_nested(attr, mac_attr, rem)
11444 memcpy(func->srf_macs[i++].addr, nla_data(attr),
11445 sizeof(*func->srf_macs));
11446 }
11447 }
11448
11449 if (tb[NL80211_NAN_FUNC_TX_MATCH_FILTER]) {
11450 err = handle_nan_filter(tb[NL80211_NAN_FUNC_TX_MATCH_FILTER],
11451 func, true);
11452 if (err)
11453 goto out;
11454 }
11455
11456 if (tb[NL80211_NAN_FUNC_RX_MATCH_FILTER]) {
11457 err = handle_nan_filter(tb[NL80211_NAN_FUNC_RX_MATCH_FILTER],
11458 func, false);
11459 if (err)
11460 goto out;
11461 }
11462
11463 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
11464 if (!msg) {
11465 err = -ENOMEM;
11466 goto out;
11467 }
11468
11469 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
11470 NL80211_CMD_ADD_NAN_FUNCTION);
11471 /* This can't really happen - we just allocated 4KB */
11472 if (WARN_ON(!hdr)) {
11473 err = -ENOMEM;
11474 goto out;
11475 }
11476
11477 err = rdev_add_nan_func(rdev, wdev, func);
11478 out:
11479 if (err < 0) {
11480 cfg80211_free_nan_func(func);
11481 nlmsg_free(msg);
11482 return err;
11483 }
11484
11485 /* propagate the instance id and cookie to userspace */
11486 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, func->cookie,
11487 NL80211_ATTR_PAD))
11488 goto nla_put_failure;
11489
11490 func_attr = nla_nest_start(msg, NL80211_ATTR_NAN_FUNC);
11491 if (!func_attr)
11492 goto nla_put_failure;
11493
11494 if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID,
11495 func->instance_id))
11496 goto nla_put_failure;
11497
11498 nla_nest_end(msg, func_attr);
11499
11500 genlmsg_end(msg, hdr);
11501 return genlmsg_reply(msg, info);
11502
11503 nla_put_failure:
11504 nlmsg_free(msg);
11505 return -ENOBUFS;
11506 }
11507
11508 static int nl80211_nan_del_func(struct sk_buff *skb,
11509 struct genl_info *info)
11510 {
11511 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11512 struct wireless_dev *wdev = info->user_ptr[1];
11513 u64 cookie;
11514
11515 if (wdev->iftype != NL80211_IFTYPE_NAN)
11516 return -EOPNOTSUPP;
11517
11518 if (!wdev_running(wdev))
11519 return -ENOTCONN;
11520
11521 if (!info->attrs[NL80211_ATTR_COOKIE])
11522 return -EINVAL;
11523
11524 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
11525
11526 rdev_del_nan_func(rdev, wdev, cookie);
11527
11528 return 0;
11529 }
11530
11531 static int nl80211_nan_change_config(struct sk_buff *skb,
11532 struct genl_info *info)
11533 {
11534 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11535 struct wireless_dev *wdev = info->user_ptr[1];
11536 struct cfg80211_nan_conf conf = {};
11537 u32 changed = 0;
11538
11539 if (wdev->iftype != NL80211_IFTYPE_NAN)
11540 return -EOPNOTSUPP;
11541
11542 if (!wdev_running(wdev))
11543 return -ENOTCONN;
11544
11545 if (info->attrs[NL80211_ATTR_NAN_MASTER_PREF]) {
11546 conf.master_pref =
11547 nla_get_u8(info->attrs[NL80211_ATTR_NAN_MASTER_PREF]);
11548 if (conf.master_pref <= 1 || conf.master_pref == 255)
11549 return -EINVAL;
11550
11551 changed |= CFG80211_NAN_CONF_CHANGED_PREF;
11552 }
11553
11554 if (info->attrs[NL80211_ATTR_BANDS]) {
11555 u32 bands = nla_get_u32(info->attrs[NL80211_ATTR_BANDS]);
11556
11557 if (bands & ~(u32)wdev->wiphy->nan_supported_bands)
11558 return -EOPNOTSUPP;
11559
11560 if (bands && !(bands & BIT(NL80211_BAND_2GHZ)))
11561 return -EINVAL;
11562
11563 conf.bands = bands;
11564 changed |= CFG80211_NAN_CONF_CHANGED_BANDS;
11565 }
11566
11567 if (!changed)
11568 return -EINVAL;
11569
11570 return rdev_nan_change_conf(rdev, wdev, &conf, changed);
11571 }
11572
11573 void cfg80211_nan_match(struct wireless_dev *wdev,
11574 struct cfg80211_nan_match_params *match, gfp_t gfp)
11575 {
11576 struct wiphy *wiphy = wdev->wiphy;
11577 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
11578 struct nlattr *match_attr, *local_func_attr, *peer_func_attr;
11579 struct sk_buff *msg;
11580 void *hdr;
11581
11582 if (WARN_ON(!match->inst_id || !match->peer_inst_id || !match->addr))
11583 return;
11584
11585 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11586 if (!msg)
11587 return;
11588
11589 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NAN_MATCH);
11590 if (!hdr) {
11591 nlmsg_free(msg);
11592 return;
11593 }
11594
11595 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11596 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
11597 wdev->netdev->ifindex)) ||
11598 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
11599 NL80211_ATTR_PAD))
11600 goto nla_put_failure;
11601
11602 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, match->cookie,
11603 NL80211_ATTR_PAD) ||
11604 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, match->addr))
11605 goto nla_put_failure;
11606
11607 match_attr = nla_nest_start(msg, NL80211_ATTR_NAN_MATCH);
11608 if (!match_attr)
11609 goto nla_put_failure;
11610
11611 local_func_attr = nla_nest_start(msg, NL80211_NAN_MATCH_FUNC_LOCAL);
11612 if (!local_func_attr)
11613 goto nla_put_failure;
11614
11615 if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, match->inst_id))
11616 goto nla_put_failure;
11617
11618 nla_nest_end(msg, local_func_attr);
11619
11620 peer_func_attr = nla_nest_start(msg, NL80211_NAN_MATCH_FUNC_PEER);
11621 if (!peer_func_attr)
11622 goto nla_put_failure;
11623
11624 if (nla_put_u8(msg, NL80211_NAN_FUNC_TYPE, match->type) ||
11625 nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, match->peer_inst_id))
11626 goto nla_put_failure;
11627
11628 if (match->info && match->info_len &&
11629 nla_put(msg, NL80211_NAN_FUNC_SERVICE_INFO, match->info_len,
11630 match->info))
11631 goto nla_put_failure;
11632
11633 nla_nest_end(msg, peer_func_attr);
11634 nla_nest_end(msg, match_attr);
11635 genlmsg_end(msg, hdr);
11636
11637 if (!wdev->owner_nlportid)
11638 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
11639 msg, 0, NL80211_MCGRP_NAN, gfp);
11640 else
11641 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg,
11642 wdev->owner_nlportid);
11643
11644 return;
11645
11646 nla_put_failure:
11647 nlmsg_free(msg);
11648 }
11649 EXPORT_SYMBOL(cfg80211_nan_match);
11650
11651 void cfg80211_nan_func_terminated(struct wireless_dev *wdev,
11652 u8 inst_id,
11653 enum nl80211_nan_func_term_reason reason,
11654 u64 cookie, gfp_t gfp)
11655 {
11656 struct wiphy *wiphy = wdev->wiphy;
11657 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
11658 struct sk_buff *msg;
11659 struct nlattr *func_attr;
11660 void *hdr;
11661
11662 if (WARN_ON(!inst_id))
11663 return;
11664
11665 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11666 if (!msg)
11667 return;
11668
11669 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DEL_NAN_FUNCTION);
11670 if (!hdr) {
11671 nlmsg_free(msg);
11672 return;
11673 }
11674
11675 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11676 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
11677 wdev->netdev->ifindex)) ||
11678 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
11679 NL80211_ATTR_PAD))
11680 goto nla_put_failure;
11681
11682 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
11683 NL80211_ATTR_PAD))
11684 goto nla_put_failure;
11685
11686 func_attr = nla_nest_start(msg, NL80211_ATTR_NAN_FUNC);
11687 if (!func_attr)
11688 goto nla_put_failure;
11689
11690 if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, inst_id) ||
11691 nla_put_u8(msg, NL80211_NAN_FUNC_TERM_REASON, reason))
11692 goto nla_put_failure;
11693
11694 nla_nest_end(msg, func_attr);
11695 genlmsg_end(msg, hdr);
11696
11697 if (!wdev->owner_nlportid)
11698 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
11699 msg, 0, NL80211_MCGRP_NAN, gfp);
11700 else
11701 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg,
11702 wdev->owner_nlportid);
11703
11704 return;
11705
11706 nla_put_failure:
11707 nlmsg_free(msg);
11708 }
11709 EXPORT_SYMBOL(cfg80211_nan_func_terminated);
11710
11711 static int nl80211_get_protocol_features(struct sk_buff *skb,
11712 struct genl_info *info)
11713 {
11714 void *hdr;
11715 struct sk_buff *msg;
11716
11717 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
11718 if (!msg)
11719 return -ENOMEM;
11720
11721 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
11722 NL80211_CMD_GET_PROTOCOL_FEATURES);
11723 if (!hdr)
11724 goto nla_put_failure;
11725
11726 if (nla_put_u32(msg, NL80211_ATTR_PROTOCOL_FEATURES,
11727 NL80211_PROTOCOL_FEATURE_SPLIT_WIPHY_DUMP))
11728 goto nla_put_failure;
11729
11730 genlmsg_end(msg, hdr);
11731 return genlmsg_reply(msg, info);
11732
11733 nla_put_failure:
11734 kfree_skb(msg);
11735 return -ENOBUFS;
11736 }
11737
11738 static int nl80211_update_ft_ies(struct sk_buff *skb, struct genl_info *info)
11739 {
11740 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11741 struct cfg80211_update_ft_ies_params ft_params;
11742 struct net_device *dev = info->user_ptr[1];
11743
11744 if (!rdev->ops->update_ft_ies)
11745 return -EOPNOTSUPP;
11746
11747 if (!info->attrs[NL80211_ATTR_MDID] ||
11748 !is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
11749 return -EINVAL;
11750
11751 memset(&ft_params, 0, sizeof(ft_params));
11752 ft_params.md = nla_get_u16(info->attrs[NL80211_ATTR_MDID]);
11753 ft_params.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
11754 ft_params.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
11755
11756 return rdev_update_ft_ies(rdev, dev, &ft_params);
11757 }
11758
11759 static int nl80211_crit_protocol_start(struct sk_buff *skb,
11760 struct genl_info *info)
11761 {
11762 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11763 struct wireless_dev *wdev = info->user_ptr[1];
11764 enum nl80211_crit_proto_id proto = NL80211_CRIT_PROTO_UNSPEC;
11765 u16 duration;
11766 int ret;
11767
11768 if (!rdev->ops->crit_proto_start)
11769 return -EOPNOTSUPP;
11770
11771 if (WARN_ON(!rdev->ops->crit_proto_stop))
11772 return -EINVAL;
11773
11774 if (rdev->crit_proto_nlportid)
11775 return -EBUSY;
11776
11777 /* determine protocol if provided */
11778 if (info->attrs[NL80211_ATTR_CRIT_PROT_ID])
11779 proto = nla_get_u16(info->attrs[NL80211_ATTR_CRIT_PROT_ID]);
11780
11781 if (proto >= NUM_NL80211_CRIT_PROTO)
11782 return -EINVAL;
11783
11784 /* timeout must be provided */
11785 if (!info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION])
11786 return -EINVAL;
11787
11788 duration =
11789 nla_get_u16(info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION]);
11790
11791 if (duration > NL80211_CRIT_PROTO_MAX_DURATION)
11792 return -ERANGE;
11793
11794 ret = rdev_crit_proto_start(rdev, wdev, proto, duration);
11795 if (!ret)
11796 rdev->crit_proto_nlportid = info->snd_portid;
11797
11798 return ret;
11799 }
11800
11801 static int nl80211_crit_protocol_stop(struct sk_buff *skb,
11802 struct genl_info *info)
11803 {
11804 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11805 struct wireless_dev *wdev = info->user_ptr[1];
11806
11807 if (!rdev->ops->crit_proto_stop)
11808 return -EOPNOTSUPP;
11809
11810 if (rdev->crit_proto_nlportid) {
11811 rdev->crit_proto_nlportid = 0;
11812 rdev_crit_proto_stop(rdev, wdev);
11813 }
11814 return 0;
11815 }
11816
11817 static int nl80211_vendor_cmd(struct sk_buff *skb, struct genl_info *info)
11818 {
11819 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11820 struct wireless_dev *wdev =
11821 __cfg80211_wdev_from_attrs(genl_info_net(info), info->attrs);
11822 int i, err;
11823 u32 vid, subcmd;
11824
11825 if (!rdev->wiphy.vendor_commands)
11826 return -EOPNOTSUPP;
11827
11828 if (IS_ERR(wdev)) {
11829 err = PTR_ERR(wdev);
11830 if (err != -EINVAL)
11831 return err;
11832 wdev = NULL;
11833 } else if (wdev->wiphy != &rdev->wiphy) {
11834 return -EINVAL;
11835 }
11836
11837 if (!info->attrs[NL80211_ATTR_VENDOR_ID] ||
11838 !info->attrs[NL80211_ATTR_VENDOR_SUBCMD])
11839 return -EINVAL;
11840
11841 vid = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_ID]);
11842 subcmd = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_SUBCMD]);
11843 for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) {
11844 const struct wiphy_vendor_command *vcmd;
11845 void *data = NULL;
11846 int len = 0;
11847
11848 vcmd = &rdev->wiphy.vendor_commands[i];
11849
11850 if (vcmd->info.vendor_id != vid || vcmd->info.subcmd != subcmd)
11851 continue;
11852
11853 if (vcmd->flags & (WIPHY_VENDOR_CMD_NEED_WDEV |
11854 WIPHY_VENDOR_CMD_NEED_NETDEV)) {
11855 if (!wdev)
11856 return -EINVAL;
11857 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_NETDEV &&
11858 !wdev->netdev)
11859 return -EINVAL;
11860
11861 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_RUNNING) {
11862 if (!wdev_running(wdev))
11863 return -ENETDOWN;
11864 }
11865
11866 if (!vcmd->doit)
11867 return -EOPNOTSUPP;
11868 } else {
11869 wdev = NULL;
11870 }
11871
11872 if (info->attrs[NL80211_ATTR_VENDOR_DATA]) {
11873 data = nla_data(info->attrs[NL80211_ATTR_VENDOR_DATA]);
11874 len = nla_len(info->attrs[NL80211_ATTR_VENDOR_DATA]);
11875 }
11876
11877 rdev->cur_cmd_info = info;
11878 err = rdev->wiphy.vendor_commands[i].doit(&rdev->wiphy, wdev,
11879 data, len);
11880 rdev->cur_cmd_info = NULL;
11881 return err;
11882 }
11883
11884 return -EOPNOTSUPP;
11885 }
11886
11887 static int nl80211_prepare_vendor_dump(struct sk_buff *skb,
11888 struct netlink_callback *cb,
11889 struct cfg80211_registered_device **rdev,
11890 struct wireless_dev **wdev)
11891 {
11892 struct nlattr **attrbuf = genl_family_attrbuf(&nl80211_fam);
11893 u32 vid, subcmd;
11894 unsigned int i;
11895 int vcmd_idx = -1;
11896 int err;
11897 void *data = NULL;
11898 unsigned int data_len = 0;
11899
11900 if (cb->args[0]) {
11901 /* subtract the 1 again here */
11902 struct wiphy *wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1);
11903 struct wireless_dev *tmp;
11904
11905 if (!wiphy)
11906 return -ENODEV;
11907 *rdev = wiphy_to_rdev(wiphy);
11908 *wdev = NULL;
11909
11910 if (cb->args[1]) {
11911 list_for_each_entry(tmp, &wiphy->wdev_list, list) {
11912 if (tmp->identifier == cb->args[1] - 1) {
11913 *wdev = tmp;
11914 break;
11915 }
11916 }
11917 }
11918
11919 /* keep rtnl locked in successful case */
11920 return 0;
11921 }
11922
11923 err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize, attrbuf,
11924 nl80211_fam.maxattr, nl80211_policy, NULL);
11925 if (err)
11926 return err;
11927
11928 if (!attrbuf[NL80211_ATTR_VENDOR_ID] ||
11929 !attrbuf[NL80211_ATTR_VENDOR_SUBCMD])
11930 return -EINVAL;
11931
11932 *wdev = __cfg80211_wdev_from_attrs(sock_net(skb->sk), attrbuf);
11933 if (IS_ERR(*wdev))
11934 *wdev = NULL;
11935
11936 *rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk), attrbuf);
11937 if (IS_ERR(*rdev))
11938 return PTR_ERR(*rdev);
11939
11940 vid = nla_get_u32(attrbuf[NL80211_ATTR_VENDOR_ID]);
11941 subcmd = nla_get_u32(attrbuf[NL80211_ATTR_VENDOR_SUBCMD]);
11942
11943 for (i = 0; i < (*rdev)->wiphy.n_vendor_commands; i++) {
11944 const struct wiphy_vendor_command *vcmd;
11945
11946 vcmd = &(*rdev)->wiphy.vendor_commands[i];
11947
11948 if (vcmd->info.vendor_id != vid || vcmd->info.subcmd != subcmd)
11949 continue;
11950
11951 if (!vcmd->dumpit)
11952 return -EOPNOTSUPP;
11953
11954 vcmd_idx = i;
11955 break;
11956 }
11957
11958 if (vcmd_idx < 0)
11959 return -EOPNOTSUPP;
11960
11961 if (attrbuf[NL80211_ATTR_VENDOR_DATA]) {
11962 data = nla_data(attrbuf[NL80211_ATTR_VENDOR_DATA]);
11963 data_len = nla_len(attrbuf[NL80211_ATTR_VENDOR_DATA]);
11964 }
11965
11966 /* 0 is the first index - add 1 to parse only once */
11967 cb->args[0] = (*rdev)->wiphy_idx + 1;
11968 /* add 1 to know if it was NULL */
11969 cb->args[1] = *wdev ? (*wdev)->identifier + 1 : 0;
11970 cb->args[2] = vcmd_idx;
11971 cb->args[3] = (unsigned long)data;
11972 cb->args[4] = data_len;
11973
11974 /* keep rtnl locked in successful case */
11975 return 0;
11976 }
11977
11978 static int nl80211_vendor_cmd_dump(struct sk_buff *skb,
11979 struct netlink_callback *cb)
11980 {
11981 struct cfg80211_registered_device *rdev;
11982 struct wireless_dev *wdev;
11983 unsigned int vcmd_idx;
11984 const struct wiphy_vendor_command *vcmd;
11985 void *data;
11986 int data_len;
11987 int err;
11988 struct nlattr *vendor_data;
11989
11990 rtnl_lock();
11991 err = nl80211_prepare_vendor_dump(skb, cb, &rdev, &wdev);
11992 if (err)
11993 goto out;
11994
11995 vcmd_idx = cb->args[2];
11996 data = (void *)cb->args[3];
11997 data_len = cb->args[4];
11998 vcmd = &rdev->wiphy.vendor_commands[vcmd_idx];
11999
12000 if (vcmd->flags & (WIPHY_VENDOR_CMD_NEED_WDEV |
12001 WIPHY_VENDOR_CMD_NEED_NETDEV)) {
12002 if (!wdev) {
12003 err = -EINVAL;
12004 goto out;
12005 }
12006 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_NETDEV &&
12007 !wdev->netdev) {
12008 err = -EINVAL;
12009 goto out;
12010 }
12011
12012 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_RUNNING) {
12013 if (!wdev_running(wdev)) {
12014 err = -ENETDOWN;
12015 goto out;
12016 }
12017 }
12018 }
12019
12020 while (1) {
12021 void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid,
12022 cb->nlh->nlmsg_seq, NLM_F_MULTI,
12023 NL80211_CMD_VENDOR);
12024 if (!hdr)
12025 break;
12026
12027 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12028 (wdev && nla_put_u64_64bit(skb, NL80211_ATTR_WDEV,
12029 wdev_id(wdev),
12030 NL80211_ATTR_PAD))) {
12031 genlmsg_cancel(skb, hdr);
12032 break;
12033 }
12034
12035 vendor_data = nla_nest_start(skb, NL80211_ATTR_VENDOR_DATA);
12036 if (!vendor_data) {
12037 genlmsg_cancel(skb, hdr);
12038 break;
12039 }
12040
12041 err = vcmd->dumpit(&rdev->wiphy, wdev, skb, data, data_len,
12042 (unsigned long *)&cb->args[5]);
12043 nla_nest_end(skb, vendor_data);
12044
12045 if (err == -ENOBUFS || err == -ENOENT) {
12046 genlmsg_cancel(skb, hdr);
12047 break;
12048 } else if (err) {
12049 genlmsg_cancel(skb, hdr);
12050 goto out;
12051 }
12052
12053 genlmsg_end(skb, hdr);
12054 }
12055
12056 err = skb->len;
12057 out:
12058 rtnl_unlock();
12059 return err;
12060 }
12061
12062 struct sk_buff *__cfg80211_alloc_reply_skb(struct wiphy *wiphy,
12063 enum nl80211_commands cmd,
12064 enum nl80211_attrs attr,
12065 int approxlen)
12066 {
12067 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12068
12069 if (WARN_ON(!rdev->cur_cmd_info))
12070 return NULL;
12071
12072 return __cfg80211_alloc_vendor_skb(rdev, NULL, approxlen,
12073 rdev->cur_cmd_info->snd_portid,
12074 rdev->cur_cmd_info->snd_seq,
12075 cmd, attr, NULL, GFP_KERNEL);
12076 }
12077 EXPORT_SYMBOL(__cfg80211_alloc_reply_skb);
12078
12079 int cfg80211_vendor_cmd_reply(struct sk_buff *skb)
12080 {
12081 struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
12082 void *hdr = ((void **)skb->cb)[1];
12083 struct nlattr *data = ((void **)skb->cb)[2];
12084
12085 /* clear CB data for netlink core to own from now on */
12086 memset(skb->cb, 0, sizeof(skb->cb));
12087
12088 if (WARN_ON(!rdev->cur_cmd_info)) {
12089 kfree_skb(skb);
12090 return -EINVAL;
12091 }
12092
12093 nla_nest_end(skb, data);
12094 genlmsg_end(skb, hdr);
12095 return genlmsg_reply(skb, rdev->cur_cmd_info);
12096 }
12097 EXPORT_SYMBOL_GPL(cfg80211_vendor_cmd_reply);
12098
12099 static int nl80211_set_qos_map(struct sk_buff *skb,
12100 struct genl_info *info)
12101 {
12102 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12103 struct cfg80211_qos_map *qos_map = NULL;
12104 struct net_device *dev = info->user_ptr[1];
12105 u8 *pos, len, num_des, des_len, des;
12106 int ret;
12107
12108 if (!rdev->ops->set_qos_map)
12109 return -EOPNOTSUPP;
12110
12111 if (info->attrs[NL80211_ATTR_QOS_MAP]) {
12112 pos = nla_data(info->attrs[NL80211_ATTR_QOS_MAP]);
12113 len = nla_len(info->attrs[NL80211_ATTR_QOS_MAP]);
12114
12115 if (len % 2 || len < IEEE80211_QOS_MAP_LEN_MIN ||
12116 len > IEEE80211_QOS_MAP_LEN_MAX)
12117 return -EINVAL;
12118
12119 qos_map = kzalloc(sizeof(struct cfg80211_qos_map), GFP_KERNEL);
12120 if (!qos_map)
12121 return -ENOMEM;
12122
12123 num_des = (len - IEEE80211_QOS_MAP_LEN_MIN) >> 1;
12124 if (num_des) {
12125 des_len = num_des *
12126 sizeof(struct cfg80211_dscp_exception);
12127 memcpy(qos_map->dscp_exception, pos, des_len);
12128 qos_map->num_des = num_des;
12129 for (des = 0; des < num_des; des++) {
12130 if (qos_map->dscp_exception[des].up > 7) {
12131 kfree(qos_map);
12132 return -EINVAL;
12133 }
12134 }
12135 pos += des_len;
12136 }
12137 memcpy(qos_map->up, pos, IEEE80211_QOS_MAP_LEN_MIN);
12138 }
12139
12140 wdev_lock(dev->ieee80211_ptr);
12141 ret = nl80211_key_allowed(dev->ieee80211_ptr);
12142 if (!ret)
12143 ret = rdev_set_qos_map(rdev, dev, qos_map);
12144 wdev_unlock(dev->ieee80211_ptr);
12145
12146 kfree(qos_map);
12147 return ret;
12148 }
12149
12150 static int nl80211_add_tx_ts(struct sk_buff *skb, struct genl_info *info)
12151 {
12152 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12153 struct net_device *dev = info->user_ptr[1];
12154 struct wireless_dev *wdev = dev->ieee80211_ptr;
12155 const u8 *peer;
12156 u8 tsid, up;
12157 u16 admitted_time = 0;
12158 int err;
12159
12160 if (!(rdev->wiphy.features & NL80211_FEATURE_SUPPORTS_WMM_ADMISSION))
12161 return -EOPNOTSUPP;
12162
12163 if (!info->attrs[NL80211_ATTR_TSID] || !info->attrs[NL80211_ATTR_MAC] ||
12164 !info->attrs[NL80211_ATTR_USER_PRIO])
12165 return -EINVAL;
12166
12167 tsid = nla_get_u8(info->attrs[NL80211_ATTR_TSID]);
12168 if (tsid >= IEEE80211_NUM_TIDS)
12169 return -EINVAL;
12170
12171 up = nla_get_u8(info->attrs[NL80211_ATTR_USER_PRIO]);
12172 if (up >= IEEE80211_NUM_UPS)
12173 return -EINVAL;
12174
12175 /* WMM uses TIDs 0-7 even for TSPEC */
12176 if (tsid >= IEEE80211_FIRST_TSPEC_TSID) {
12177 /* TODO: handle 802.11 TSPEC/admission control
12178 * need more attributes for that (e.g. BA session requirement);
12179 * change the WMM adminssion test above to allow both then
12180 */
12181 return -EINVAL;
12182 }
12183
12184 peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
12185
12186 if (info->attrs[NL80211_ATTR_ADMITTED_TIME]) {
12187 admitted_time =
12188 nla_get_u16(info->attrs[NL80211_ATTR_ADMITTED_TIME]);
12189 if (!admitted_time)
12190 return -EINVAL;
12191 }
12192
12193 wdev_lock(wdev);
12194 switch (wdev->iftype) {
12195 case NL80211_IFTYPE_STATION:
12196 case NL80211_IFTYPE_P2P_CLIENT:
12197 if (wdev->current_bss)
12198 break;
12199 err = -ENOTCONN;
12200 goto out;
12201 default:
12202 err = -EOPNOTSUPP;
12203 goto out;
12204 }
12205
12206 err = rdev_add_tx_ts(rdev, dev, tsid, peer, up, admitted_time);
12207
12208 out:
12209 wdev_unlock(wdev);
12210 return err;
12211 }
12212
12213 static int nl80211_del_tx_ts(struct sk_buff *skb, struct genl_info *info)
12214 {
12215 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12216 struct net_device *dev = info->user_ptr[1];
12217 struct wireless_dev *wdev = dev->ieee80211_ptr;
12218 const u8 *peer;
12219 u8 tsid;
12220 int err;
12221
12222 if (!info->attrs[NL80211_ATTR_TSID] || !info->attrs[NL80211_ATTR_MAC])
12223 return -EINVAL;
12224
12225 tsid = nla_get_u8(info->attrs[NL80211_ATTR_TSID]);
12226 peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
12227
12228 wdev_lock(wdev);
12229 err = rdev_del_tx_ts(rdev, dev, tsid, peer);
12230 wdev_unlock(wdev);
12231
12232 return err;
12233 }
12234
12235 static int nl80211_tdls_channel_switch(struct sk_buff *skb,
12236 struct genl_info *info)
12237 {
12238 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12239 struct net_device *dev = info->user_ptr[1];
12240 struct wireless_dev *wdev = dev->ieee80211_ptr;
12241 struct cfg80211_chan_def chandef = {};
12242 const u8 *addr;
12243 u8 oper_class;
12244 int err;
12245
12246 if (!rdev->ops->tdls_channel_switch ||
12247 !(rdev->wiphy.features & NL80211_FEATURE_TDLS_CHANNEL_SWITCH))
12248 return -EOPNOTSUPP;
12249
12250 switch (dev->ieee80211_ptr->iftype) {
12251 case NL80211_IFTYPE_STATION:
12252 case NL80211_IFTYPE_P2P_CLIENT:
12253 break;
12254 default:
12255 return -EOPNOTSUPP;
12256 }
12257
12258 if (!info->attrs[NL80211_ATTR_MAC] ||
12259 !info->attrs[NL80211_ATTR_OPER_CLASS])
12260 return -EINVAL;
12261
12262 err = nl80211_parse_chandef(rdev, info, &chandef);
12263 if (err)
12264 return err;
12265
12266 /*
12267 * Don't allow wide channels on the 2.4Ghz band, as per IEEE802.11-2012
12268 * section 10.22.6.2.1. Disallow 5/10Mhz channels as well for now, the
12269 * specification is not defined for them.
12270 */
12271 if (chandef.chan->band == NL80211_BAND_2GHZ &&
12272 chandef.width != NL80211_CHAN_WIDTH_20_NOHT &&
12273 chandef.width != NL80211_CHAN_WIDTH_20)
12274 return -EINVAL;
12275
12276 /* we will be active on the TDLS link */
12277 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &chandef,
12278 wdev->iftype))
12279 return -EINVAL;
12280
12281 /* don't allow switching to DFS channels */
12282 if (cfg80211_chandef_dfs_required(wdev->wiphy, &chandef, wdev->iftype))
12283 return -EINVAL;
12284
12285 addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
12286 oper_class = nla_get_u8(info->attrs[NL80211_ATTR_OPER_CLASS]);
12287
12288 wdev_lock(wdev);
12289 err = rdev_tdls_channel_switch(rdev, dev, addr, oper_class, &chandef);
12290 wdev_unlock(wdev);
12291
12292 return err;
12293 }
12294
12295 static int nl80211_tdls_cancel_channel_switch(struct sk_buff *skb,
12296 struct genl_info *info)
12297 {
12298 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12299 struct net_device *dev = info->user_ptr[1];
12300 struct wireless_dev *wdev = dev->ieee80211_ptr;
12301 const u8 *addr;
12302
12303 if (!rdev->ops->tdls_channel_switch ||
12304 !rdev->ops->tdls_cancel_channel_switch ||
12305 !(rdev->wiphy.features & NL80211_FEATURE_TDLS_CHANNEL_SWITCH))
12306 return -EOPNOTSUPP;
12307
12308 switch (dev->ieee80211_ptr->iftype) {
12309 case NL80211_IFTYPE_STATION:
12310 case NL80211_IFTYPE_P2P_CLIENT:
12311 break;
12312 default:
12313 return -EOPNOTSUPP;
12314 }
12315
12316 if (!info->attrs[NL80211_ATTR_MAC])
12317 return -EINVAL;
12318
12319 addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
12320
12321 wdev_lock(wdev);
12322 rdev_tdls_cancel_channel_switch(rdev, dev, addr);
12323 wdev_unlock(wdev);
12324
12325 return 0;
12326 }
12327
12328 static int nl80211_set_multicast_to_unicast(struct sk_buff *skb,
12329 struct genl_info *info)
12330 {
12331 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12332 struct net_device *dev = info->user_ptr[1];
12333 struct wireless_dev *wdev = dev->ieee80211_ptr;
12334 const struct nlattr *nla;
12335 bool enabled;
12336
12337 if (!rdev->ops->set_multicast_to_unicast)
12338 return -EOPNOTSUPP;
12339
12340 if (wdev->iftype != NL80211_IFTYPE_AP &&
12341 wdev->iftype != NL80211_IFTYPE_P2P_GO)
12342 return -EOPNOTSUPP;
12343
12344 nla = info->attrs[NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED];
12345 enabled = nla_get_flag(nla);
12346
12347 return rdev_set_multicast_to_unicast(rdev, dev, enabled);
12348 }
12349
12350 static int nl80211_set_pmk(struct sk_buff *skb, struct genl_info *info)
12351 {
12352 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12353 struct net_device *dev = info->user_ptr[1];
12354 struct wireless_dev *wdev = dev->ieee80211_ptr;
12355 struct cfg80211_pmk_conf pmk_conf = {};
12356 int ret;
12357
12358 if (wdev->iftype != NL80211_IFTYPE_STATION &&
12359 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
12360 return -EOPNOTSUPP;
12361
12362 if (!wiphy_ext_feature_isset(&rdev->wiphy,
12363 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
12364 return -EOPNOTSUPP;
12365
12366 if (!info->attrs[NL80211_ATTR_MAC] || !info->attrs[NL80211_ATTR_PMK])
12367 return -EINVAL;
12368
12369 wdev_lock(wdev);
12370 if (!wdev->current_bss) {
12371 ret = -ENOTCONN;
12372 goto out;
12373 }
12374
12375 pmk_conf.aa = nla_data(info->attrs[NL80211_ATTR_MAC]);
12376 if (memcmp(pmk_conf.aa, wdev->current_bss->pub.bssid, ETH_ALEN)) {
12377 ret = -EINVAL;
12378 goto out;
12379 }
12380
12381 pmk_conf.pmk = nla_data(info->attrs[NL80211_ATTR_PMK]);
12382 pmk_conf.pmk_len = nla_len(info->attrs[NL80211_ATTR_PMK]);
12383 if (pmk_conf.pmk_len != WLAN_PMK_LEN &&
12384 pmk_conf.pmk_len != WLAN_PMK_LEN_SUITE_B_192) {
12385 ret = -EINVAL;
12386 goto out;
12387 }
12388
12389 if (info->attrs[NL80211_ATTR_PMKR0_NAME]) {
12390 int r0_name_len = nla_len(info->attrs[NL80211_ATTR_PMKR0_NAME]);
12391
12392 if (r0_name_len != WLAN_PMK_NAME_LEN) {
12393 ret = -EINVAL;
12394 goto out;
12395 }
12396
12397 pmk_conf.pmk_r0_name =
12398 nla_data(info->attrs[NL80211_ATTR_PMKR0_NAME]);
12399 }
12400
12401 ret = rdev_set_pmk(rdev, dev, &pmk_conf);
12402 out:
12403 wdev_unlock(wdev);
12404 return ret;
12405 }
12406
12407 static int nl80211_del_pmk(struct sk_buff *skb, struct genl_info *info)
12408 {
12409 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12410 struct net_device *dev = info->user_ptr[1];
12411 struct wireless_dev *wdev = dev->ieee80211_ptr;
12412 const u8 *aa;
12413 int ret;
12414
12415 if (wdev->iftype != NL80211_IFTYPE_STATION &&
12416 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
12417 return -EOPNOTSUPP;
12418
12419 if (!wiphy_ext_feature_isset(&rdev->wiphy,
12420 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
12421 return -EOPNOTSUPP;
12422
12423 if (!info->attrs[NL80211_ATTR_MAC])
12424 return -EINVAL;
12425
12426 wdev_lock(wdev);
12427 aa = nla_data(info->attrs[NL80211_ATTR_MAC]);
12428 ret = rdev_del_pmk(rdev, dev, aa);
12429 wdev_unlock(wdev);
12430
12431 return ret;
12432 }
12433
12434 #define NL80211_FLAG_NEED_WIPHY 0x01
12435 #define NL80211_FLAG_NEED_NETDEV 0x02
12436 #define NL80211_FLAG_NEED_RTNL 0x04
12437 #define NL80211_FLAG_CHECK_NETDEV_UP 0x08
12438 #define NL80211_FLAG_NEED_NETDEV_UP (NL80211_FLAG_NEED_NETDEV |\
12439 NL80211_FLAG_CHECK_NETDEV_UP)
12440 #define NL80211_FLAG_NEED_WDEV 0x10
12441 /* If a netdev is associated, it must be UP, P2P must be started */
12442 #define NL80211_FLAG_NEED_WDEV_UP (NL80211_FLAG_NEED_WDEV |\
12443 NL80211_FLAG_CHECK_NETDEV_UP)
12444 #define NL80211_FLAG_CLEAR_SKB 0x20
12445
12446 static int nl80211_pre_doit(const struct genl_ops *ops, struct sk_buff *skb,
12447 struct genl_info *info)
12448 {
12449 struct cfg80211_registered_device *rdev;
12450 struct wireless_dev *wdev;
12451 struct net_device *dev;
12452 bool rtnl = ops->internal_flags & NL80211_FLAG_NEED_RTNL;
12453
12454 if (rtnl)
12455 rtnl_lock();
12456
12457 if (ops->internal_flags & NL80211_FLAG_NEED_WIPHY) {
12458 rdev = cfg80211_get_dev_from_info(genl_info_net(info), info);
12459 if (IS_ERR(rdev)) {
12460 if (rtnl)
12461 rtnl_unlock();
12462 return PTR_ERR(rdev);
12463 }
12464 info->user_ptr[0] = rdev;
12465 } else if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV ||
12466 ops->internal_flags & NL80211_FLAG_NEED_WDEV) {
12467 ASSERT_RTNL();
12468
12469 wdev = __cfg80211_wdev_from_attrs(genl_info_net(info),
12470 info->attrs);
12471 if (IS_ERR(wdev)) {
12472 if (rtnl)
12473 rtnl_unlock();
12474 return PTR_ERR(wdev);
12475 }
12476
12477 dev = wdev->netdev;
12478 rdev = wiphy_to_rdev(wdev->wiphy);
12479
12480 if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV) {
12481 if (!dev) {
12482 if (rtnl)
12483 rtnl_unlock();
12484 return -EINVAL;
12485 }
12486
12487 info->user_ptr[1] = dev;
12488 } else {
12489 info->user_ptr[1] = wdev;
12490 }
12491
12492 if (ops->internal_flags & NL80211_FLAG_CHECK_NETDEV_UP &&
12493 !wdev_running(wdev)) {
12494 if (rtnl)
12495 rtnl_unlock();
12496 return -ENETDOWN;
12497 }
12498
12499 if (dev)
12500 dev_hold(dev);
12501
12502 info->user_ptr[0] = rdev;
12503 }
12504
12505 return 0;
12506 }
12507
12508 static void nl80211_post_doit(const struct genl_ops *ops, struct sk_buff *skb,
12509 struct genl_info *info)
12510 {
12511 if (info->user_ptr[1]) {
12512 if (ops->internal_flags & NL80211_FLAG_NEED_WDEV) {
12513 struct wireless_dev *wdev = info->user_ptr[1];
12514
12515 if (wdev->netdev)
12516 dev_put(wdev->netdev);
12517 } else {
12518 dev_put(info->user_ptr[1]);
12519 }
12520 }
12521
12522 if (ops->internal_flags & NL80211_FLAG_NEED_RTNL)
12523 rtnl_unlock();
12524
12525 /* If needed, clear the netlink message payload from the SKB
12526 * as it might contain key data that shouldn't stick around on
12527 * the heap after the SKB is freed. The netlink message header
12528 * is still needed for further processing, so leave it intact.
12529 */
12530 if (ops->internal_flags & NL80211_FLAG_CLEAR_SKB) {
12531 struct nlmsghdr *nlh = nlmsg_hdr(skb);
12532
12533 memset(nlmsg_data(nlh), 0, nlmsg_len(nlh));
12534 }
12535 }
12536
12537 static const struct genl_ops nl80211_ops[] = {
12538 {
12539 .cmd = NL80211_CMD_GET_WIPHY,
12540 .doit = nl80211_get_wiphy,
12541 .dumpit = nl80211_dump_wiphy,
12542 .done = nl80211_dump_wiphy_done,
12543 .policy = nl80211_policy,
12544 /* can be retrieved by unprivileged users */
12545 .internal_flags = NL80211_FLAG_NEED_WIPHY |
12546 NL80211_FLAG_NEED_RTNL,
12547 },
12548 {
12549 .cmd = NL80211_CMD_SET_WIPHY,
12550 .doit = nl80211_set_wiphy,
12551 .policy = nl80211_policy,
12552 .flags = GENL_UNS_ADMIN_PERM,
12553 .internal_flags = NL80211_FLAG_NEED_RTNL,
12554 },
12555 {
12556 .cmd = NL80211_CMD_GET_INTERFACE,
12557 .doit = nl80211_get_interface,
12558 .dumpit = nl80211_dump_interface,
12559 .policy = nl80211_policy,
12560 /* can be retrieved by unprivileged users */
12561 .internal_flags = NL80211_FLAG_NEED_WDEV |
12562 NL80211_FLAG_NEED_RTNL,
12563 },
12564 {
12565 .cmd = NL80211_CMD_SET_INTERFACE,
12566 .doit = nl80211_set_interface,
12567 .policy = nl80211_policy,
12568 .flags = GENL_UNS_ADMIN_PERM,
12569 .internal_flags = NL80211_FLAG_NEED_NETDEV |
12570 NL80211_FLAG_NEED_RTNL,
12571 },
12572 {
12573 .cmd = NL80211_CMD_NEW_INTERFACE,
12574 .doit = nl80211_new_interface,
12575 .policy = nl80211_policy,
12576 .flags = GENL_UNS_ADMIN_PERM,
12577 .internal_flags = NL80211_FLAG_NEED_WIPHY |
12578 NL80211_FLAG_NEED_RTNL,
12579 },
12580 {
12581 .cmd = NL80211_CMD_DEL_INTERFACE,
12582 .doit = nl80211_del_interface,
12583 .policy = nl80211_policy,
12584 .flags = GENL_UNS_ADMIN_PERM,
12585 .internal_flags = NL80211_FLAG_NEED_WDEV |
12586 NL80211_FLAG_NEED_RTNL,
12587 },
12588 {
12589 .cmd = NL80211_CMD_GET_KEY,
12590 .doit = nl80211_get_key,
12591 .policy = nl80211_policy,
12592 .flags = GENL_UNS_ADMIN_PERM,
12593 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12594 NL80211_FLAG_NEED_RTNL,
12595 },
12596 {
12597 .cmd = NL80211_CMD_SET_KEY,
12598 .doit = nl80211_set_key,
12599 .policy = nl80211_policy,
12600 .flags = GENL_UNS_ADMIN_PERM,
12601 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12602 NL80211_FLAG_NEED_RTNL |
12603 NL80211_FLAG_CLEAR_SKB,
12604 },
12605 {
12606 .cmd = NL80211_CMD_NEW_KEY,
12607 .doit = nl80211_new_key,
12608 .policy = nl80211_policy,
12609 .flags = GENL_UNS_ADMIN_PERM,
12610 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12611 NL80211_FLAG_NEED_RTNL |
12612 NL80211_FLAG_CLEAR_SKB,
12613 },
12614 {
12615 .cmd = NL80211_CMD_DEL_KEY,
12616 .doit = nl80211_del_key,
12617 .policy = nl80211_policy,
12618 .flags = GENL_UNS_ADMIN_PERM,
12619 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12620 NL80211_FLAG_NEED_RTNL,
12621 },
12622 {
12623 .cmd = NL80211_CMD_SET_BEACON,
12624 .policy = nl80211_policy,
12625 .flags = GENL_UNS_ADMIN_PERM,
12626 .doit = nl80211_set_beacon,
12627 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12628 NL80211_FLAG_NEED_RTNL,
12629 },
12630 {
12631 .cmd = NL80211_CMD_START_AP,
12632 .policy = nl80211_policy,
12633 .flags = GENL_UNS_ADMIN_PERM,
12634 .doit = nl80211_start_ap,
12635 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12636 NL80211_FLAG_NEED_RTNL,
12637 },
12638 {
12639 .cmd = NL80211_CMD_STOP_AP,
12640 .policy = nl80211_policy,
12641 .flags = GENL_UNS_ADMIN_PERM,
12642 .doit = nl80211_stop_ap,
12643 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12644 NL80211_FLAG_NEED_RTNL,
12645 },
12646 {
12647 .cmd = NL80211_CMD_GET_STATION,
12648 .doit = nl80211_get_station,
12649 .dumpit = nl80211_dump_station,
12650 .policy = nl80211_policy,
12651 .internal_flags = NL80211_FLAG_NEED_NETDEV |
12652 NL80211_FLAG_NEED_RTNL,
12653 },
12654 {
12655 .cmd = NL80211_CMD_SET_STATION,
12656 .doit = nl80211_set_station,
12657 .policy = nl80211_policy,
12658 .flags = GENL_UNS_ADMIN_PERM,
12659 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12660 NL80211_FLAG_NEED_RTNL,
12661 },
12662 {
12663 .cmd = NL80211_CMD_NEW_STATION,
12664 .doit = nl80211_new_station,
12665 .policy = nl80211_policy,
12666 .flags = GENL_UNS_ADMIN_PERM,
12667 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12668 NL80211_FLAG_NEED_RTNL,
12669 },
12670 {
12671 .cmd = NL80211_CMD_DEL_STATION,
12672 .doit = nl80211_del_station,
12673 .policy = nl80211_policy,
12674 .flags = GENL_UNS_ADMIN_PERM,
12675 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12676 NL80211_FLAG_NEED_RTNL,
12677 },
12678 {
12679 .cmd = NL80211_CMD_GET_MPATH,
12680 .doit = nl80211_get_mpath,
12681 .dumpit = nl80211_dump_mpath,
12682 .policy = nl80211_policy,
12683 .flags = GENL_UNS_ADMIN_PERM,
12684 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12685 NL80211_FLAG_NEED_RTNL,
12686 },
12687 {
12688 .cmd = NL80211_CMD_GET_MPP,
12689 .doit = nl80211_get_mpp,
12690 .dumpit = nl80211_dump_mpp,
12691 .policy = nl80211_policy,
12692 .flags = GENL_UNS_ADMIN_PERM,
12693 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12694 NL80211_FLAG_NEED_RTNL,
12695 },
12696 {
12697 .cmd = NL80211_CMD_SET_MPATH,
12698 .doit = nl80211_set_mpath,
12699 .policy = nl80211_policy,
12700 .flags = GENL_UNS_ADMIN_PERM,
12701 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12702 NL80211_FLAG_NEED_RTNL,
12703 },
12704 {
12705 .cmd = NL80211_CMD_NEW_MPATH,
12706 .doit = nl80211_new_mpath,
12707 .policy = nl80211_policy,
12708 .flags = GENL_UNS_ADMIN_PERM,
12709 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12710 NL80211_FLAG_NEED_RTNL,
12711 },
12712 {
12713 .cmd = NL80211_CMD_DEL_MPATH,
12714 .doit = nl80211_del_mpath,
12715 .policy = nl80211_policy,
12716 .flags = GENL_UNS_ADMIN_PERM,
12717 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12718 NL80211_FLAG_NEED_RTNL,
12719 },
12720 {
12721 .cmd = NL80211_CMD_SET_BSS,
12722 .doit = nl80211_set_bss,
12723 .policy = nl80211_policy,
12724 .flags = GENL_UNS_ADMIN_PERM,
12725 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12726 NL80211_FLAG_NEED_RTNL,
12727 },
12728 {
12729 .cmd = NL80211_CMD_GET_REG,
12730 .doit = nl80211_get_reg_do,
12731 .dumpit = nl80211_get_reg_dump,
12732 .policy = nl80211_policy,
12733 .internal_flags = NL80211_FLAG_NEED_RTNL,
12734 /* can be retrieved by unprivileged users */
12735 },
12736 #ifdef CONFIG_CFG80211_CRDA_SUPPORT
12737 {
12738 .cmd = NL80211_CMD_SET_REG,
12739 .doit = nl80211_set_reg,
12740 .policy = nl80211_policy,
12741 .flags = GENL_ADMIN_PERM,
12742 .internal_flags = NL80211_FLAG_NEED_RTNL,
12743 },
12744 #endif
12745 {
12746 .cmd = NL80211_CMD_REQ_SET_REG,
12747 .doit = nl80211_req_set_reg,
12748 .policy = nl80211_policy,
12749 .flags = GENL_ADMIN_PERM,
12750 },
12751 {
12752 .cmd = NL80211_CMD_RELOAD_REGDB,
12753 .doit = nl80211_reload_regdb,
12754 .policy = nl80211_policy,
12755 .flags = GENL_ADMIN_PERM,
12756 },
12757 {
12758 .cmd = NL80211_CMD_GET_MESH_CONFIG,
12759 .doit = nl80211_get_mesh_config,
12760 .policy = nl80211_policy,
12761 /* can be retrieved by unprivileged users */
12762 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12763 NL80211_FLAG_NEED_RTNL,
12764 },
12765 {
12766 .cmd = NL80211_CMD_SET_MESH_CONFIG,
12767 .doit = nl80211_update_mesh_config,
12768 .policy = nl80211_policy,
12769 .flags = GENL_UNS_ADMIN_PERM,
12770 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12771 NL80211_FLAG_NEED_RTNL,
12772 },
12773 {
12774 .cmd = NL80211_CMD_TRIGGER_SCAN,
12775 .doit = nl80211_trigger_scan,
12776 .policy = nl80211_policy,
12777 .flags = GENL_UNS_ADMIN_PERM,
12778 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
12779 NL80211_FLAG_NEED_RTNL,
12780 },
12781 {
12782 .cmd = NL80211_CMD_ABORT_SCAN,
12783 .doit = nl80211_abort_scan,
12784 .policy = nl80211_policy,
12785 .flags = GENL_UNS_ADMIN_PERM,
12786 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
12787 NL80211_FLAG_NEED_RTNL,
12788 },
12789 {
12790 .cmd = NL80211_CMD_GET_SCAN,
12791 .policy = nl80211_policy,
12792 .dumpit = nl80211_dump_scan,
12793 },
12794 {
12795 .cmd = NL80211_CMD_START_SCHED_SCAN,
12796 .doit = nl80211_start_sched_scan,
12797 .policy = nl80211_policy,
12798 .flags = GENL_UNS_ADMIN_PERM,
12799 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12800 NL80211_FLAG_NEED_RTNL,
12801 },
12802 {
12803 .cmd = NL80211_CMD_STOP_SCHED_SCAN,
12804 .doit = nl80211_stop_sched_scan,
12805 .policy = nl80211_policy,
12806 .flags = GENL_UNS_ADMIN_PERM,
12807 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12808 NL80211_FLAG_NEED_RTNL,
12809 },
12810 {
12811 .cmd = NL80211_CMD_AUTHENTICATE,
12812 .doit = nl80211_authenticate,
12813 .policy = nl80211_policy,
12814 .flags = GENL_UNS_ADMIN_PERM,
12815 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12816 NL80211_FLAG_NEED_RTNL |
12817 NL80211_FLAG_CLEAR_SKB,
12818 },
12819 {
12820 .cmd = NL80211_CMD_ASSOCIATE,
12821 .doit = nl80211_associate,
12822 .policy = nl80211_policy,
12823 .flags = GENL_UNS_ADMIN_PERM,
12824 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12825 NL80211_FLAG_NEED_RTNL,
12826 },
12827 {
12828 .cmd = NL80211_CMD_DEAUTHENTICATE,
12829 .doit = nl80211_deauthenticate,
12830 .policy = nl80211_policy,
12831 .flags = GENL_UNS_ADMIN_PERM,
12832 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12833 NL80211_FLAG_NEED_RTNL,
12834 },
12835 {
12836 .cmd = NL80211_CMD_DISASSOCIATE,
12837 .doit = nl80211_disassociate,
12838 .policy = nl80211_policy,
12839 .flags = GENL_UNS_ADMIN_PERM,
12840 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12841 NL80211_FLAG_NEED_RTNL,
12842 },
12843 {
12844 .cmd = NL80211_CMD_JOIN_IBSS,
12845 .doit = nl80211_join_ibss,
12846 .policy = nl80211_policy,
12847 .flags = GENL_UNS_ADMIN_PERM,
12848 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12849 NL80211_FLAG_NEED_RTNL,
12850 },
12851 {
12852 .cmd = NL80211_CMD_LEAVE_IBSS,
12853 .doit = nl80211_leave_ibss,
12854 .policy = nl80211_policy,
12855 .flags = GENL_UNS_ADMIN_PERM,
12856 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12857 NL80211_FLAG_NEED_RTNL,
12858 },
12859 #ifdef CONFIG_NL80211_TESTMODE
12860 {
12861 .cmd = NL80211_CMD_TESTMODE,
12862 .doit = nl80211_testmode_do,
12863 .dumpit = nl80211_testmode_dump,
12864 .policy = nl80211_policy,
12865 .flags = GENL_UNS_ADMIN_PERM,
12866 .internal_flags = NL80211_FLAG_NEED_WIPHY |
12867 NL80211_FLAG_NEED_RTNL,
12868 },
12869 #endif
12870 {
12871 .cmd = NL80211_CMD_CONNECT,
12872 .doit = nl80211_connect,
12873 .policy = nl80211_policy,
12874 .flags = GENL_UNS_ADMIN_PERM,
12875 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12876 NL80211_FLAG_NEED_RTNL,
12877 },
12878 {
12879 .cmd = NL80211_CMD_UPDATE_CONNECT_PARAMS,
12880 .doit = nl80211_update_connect_params,
12881 .policy = nl80211_policy,
12882 .flags = GENL_ADMIN_PERM,
12883 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12884 NL80211_FLAG_NEED_RTNL,
12885 },
12886 {
12887 .cmd = NL80211_CMD_DISCONNECT,
12888 .doit = nl80211_disconnect,
12889 .policy = nl80211_policy,
12890 .flags = GENL_UNS_ADMIN_PERM,
12891 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12892 NL80211_FLAG_NEED_RTNL,
12893 },
12894 {
12895 .cmd = NL80211_CMD_SET_WIPHY_NETNS,
12896 .doit = nl80211_wiphy_netns,
12897 .policy = nl80211_policy,
12898 .flags = GENL_UNS_ADMIN_PERM,
12899 .internal_flags = NL80211_FLAG_NEED_WIPHY |
12900 NL80211_FLAG_NEED_RTNL,
12901 },
12902 {
12903 .cmd = NL80211_CMD_GET_SURVEY,
12904 .policy = nl80211_policy,
12905 .dumpit = nl80211_dump_survey,
12906 },
12907 {
12908 .cmd = NL80211_CMD_SET_PMKSA,
12909 .doit = nl80211_setdel_pmksa,
12910 .policy = nl80211_policy,
12911 .flags = GENL_UNS_ADMIN_PERM,
12912 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12913 NL80211_FLAG_NEED_RTNL,
12914 },
12915 {
12916 .cmd = NL80211_CMD_DEL_PMKSA,
12917 .doit = nl80211_setdel_pmksa,
12918 .policy = nl80211_policy,
12919 .flags = GENL_UNS_ADMIN_PERM,
12920 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12921 NL80211_FLAG_NEED_RTNL,
12922 },
12923 {
12924 .cmd = NL80211_CMD_FLUSH_PMKSA,
12925 .doit = nl80211_flush_pmksa,
12926 .policy = nl80211_policy,
12927 .flags = GENL_UNS_ADMIN_PERM,
12928 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12929 NL80211_FLAG_NEED_RTNL,
12930 },
12931 {
12932 .cmd = NL80211_CMD_REMAIN_ON_CHANNEL,
12933 .doit = nl80211_remain_on_channel,
12934 .policy = nl80211_policy,
12935 .flags = GENL_UNS_ADMIN_PERM,
12936 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
12937 NL80211_FLAG_NEED_RTNL,
12938 },
12939 {
12940 .cmd = NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
12941 .doit = nl80211_cancel_remain_on_channel,
12942 .policy = nl80211_policy,
12943 .flags = GENL_UNS_ADMIN_PERM,
12944 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
12945 NL80211_FLAG_NEED_RTNL,
12946 },
12947 {
12948 .cmd = NL80211_CMD_SET_TX_BITRATE_MASK,
12949 .doit = nl80211_set_tx_bitrate_mask,
12950 .policy = nl80211_policy,
12951 .flags = GENL_UNS_ADMIN_PERM,
12952 .internal_flags = NL80211_FLAG_NEED_NETDEV |
12953 NL80211_FLAG_NEED_RTNL,
12954 },
12955 {
12956 .cmd = NL80211_CMD_REGISTER_FRAME,
12957 .doit = nl80211_register_mgmt,
12958 .policy = nl80211_policy,
12959 .flags = GENL_UNS_ADMIN_PERM,
12960 .internal_flags = NL80211_FLAG_NEED_WDEV |
12961 NL80211_FLAG_NEED_RTNL,
12962 },
12963 {
12964 .cmd = NL80211_CMD_FRAME,
12965 .doit = nl80211_tx_mgmt,
12966 .policy = nl80211_policy,
12967 .flags = GENL_UNS_ADMIN_PERM,
12968 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
12969 NL80211_FLAG_NEED_RTNL,
12970 },
12971 {
12972 .cmd = NL80211_CMD_FRAME_WAIT_CANCEL,
12973 .doit = nl80211_tx_mgmt_cancel_wait,
12974 .policy = nl80211_policy,
12975 .flags = GENL_UNS_ADMIN_PERM,
12976 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
12977 NL80211_FLAG_NEED_RTNL,
12978 },
12979 {
12980 .cmd = NL80211_CMD_SET_POWER_SAVE,
12981 .doit = nl80211_set_power_save,
12982 .policy = nl80211_policy,
12983 .flags = GENL_UNS_ADMIN_PERM,
12984 .internal_flags = NL80211_FLAG_NEED_NETDEV |
12985 NL80211_FLAG_NEED_RTNL,
12986 },
12987 {
12988 .cmd = NL80211_CMD_GET_POWER_SAVE,
12989 .doit = nl80211_get_power_save,
12990 .policy = nl80211_policy,
12991 /* can be retrieved by unprivileged users */
12992 .internal_flags = NL80211_FLAG_NEED_NETDEV |
12993 NL80211_FLAG_NEED_RTNL,
12994 },
12995 {
12996 .cmd = NL80211_CMD_SET_CQM,
12997 .doit = nl80211_set_cqm,
12998 .policy = nl80211_policy,
12999 .flags = GENL_UNS_ADMIN_PERM,
13000 .internal_flags = NL80211_FLAG_NEED_NETDEV |
13001 NL80211_FLAG_NEED_RTNL,
13002 },
13003 {
13004 .cmd = NL80211_CMD_SET_CHANNEL,
13005 .doit = nl80211_set_channel,
13006 .policy = nl80211_policy,
13007 .flags = GENL_UNS_ADMIN_PERM,
13008 .internal_flags = NL80211_FLAG_NEED_NETDEV |
13009 NL80211_FLAG_NEED_RTNL,
13010 },
13011 {
13012 .cmd = NL80211_CMD_SET_WDS_PEER,
13013 .doit = nl80211_set_wds_peer,
13014 .policy = nl80211_policy,
13015 .flags = GENL_UNS_ADMIN_PERM,
13016 .internal_flags = NL80211_FLAG_NEED_NETDEV |
13017 NL80211_FLAG_NEED_RTNL,
13018 },
13019 {
13020 .cmd = NL80211_CMD_JOIN_MESH,
13021 .doit = nl80211_join_mesh,
13022 .policy = nl80211_policy,
13023 .flags = GENL_UNS_ADMIN_PERM,
13024 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13025 NL80211_FLAG_NEED_RTNL,
13026 },
13027 {
13028 .cmd = NL80211_CMD_LEAVE_MESH,
13029 .doit = nl80211_leave_mesh,
13030 .policy = nl80211_policy,
13031 .flags = GENL_UNS_ADMIN_PERM,
13032 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13033 NL80211_FLAG_NEED_RTNL,
13034 },
13035 {
13036 .cmd = NL80211_CMD_JOIN_OCB,
13037 .doit = nl80211_join_ocb,
13038 .policy = nl80211_policy,
13039 .flags = GENL_UNS_ADMIN_PERM,
13040 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13041 NL80211_FLAG_NEED_RTNL,
13042 },
13043 {
13044 .cmd = NL80211_CMD_LEAVE_OCB,
13045 .doit = nl80211_leave_ocb,
13046 .policy = nl80211_policy,
13047 .flags = GENL_UNS_ADMIN_PERM,
13048 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13049 NL80211_FLAG_NEED_RTNL,
13050 },
13051 #ifdef CONFIG_PM
13052 {
13053 .cmd = NL80211_CMD_GET_WOWLAN,
13054 .doit = nl80211_get_wowlan,
13055 .policy = nl80211_policy,
13056 /* can be retrieved by unprivileged users */
13057 .internal_flags = NL80211_FLAG_NEED_WIPHY |
13058 NL80211_FLAG_NEED_RTNL,
13059 },
13060 {
13061 .cmd = NL80211_CMD_SET_WOWLAN,
13062 .doit = nl80211_set_wowlan,
13063 .policy = nl80211_policy,
13064 .flags = GENL_UNS_ADMIN_PERM,
13065 .internal_flags = NL80211_FLAG_NEED_WIPHY |
13066 NL80211_FLAG_NEED_RTNL,
13067 },
13068 #endif
13069 {
13070 .cmd = NL80211_CMD_SET_REKEY_OFFLOAD,
13071 .doit = nl80211_set_rekey_data,
13072 .policy = nl80211_policy,
13073 .flags = GENL_UNS_ADMIN_PERM,
13074 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13075 NL80211_FLAG_NEED_RTNL |
13076 NL80211_FLAG_CLEAR_SKB,
13077 },
13078 {
13079 .cmd = NL80211_CMD_TDLS_MGMT,
13080 .doit = nl80211_tdls_mgmt,
13081 .policy = nl80211_policy,
13082 .flags = GENL_UNS_ADMIN_PERM,
13083 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13084 NL80211_FLAG_NEED_RTNL,
13085 },
13086 {
13087 .cmd = NL80211_CMD_TDLS_OPER,
13088 .doit = nl80211_tdls_oper,
13089 .policy = nl80211_policy,
13090 .flags = GENL_UNS_ADMIN_PERM,
13091 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13092 NL80211_FLAG_NEED_RTNL,
13093 },
13094 {
13095 .cmd = NL80211_CMD_UNEXPECTED_FRAME,
13096 .doit = nl80211_register_unexpected_frame,
13097 .policy = nl80211_policy,
13098 .flags = GENL_UNS_ADMIN_PERM,
13099 .internal_flags = NL80211_FLAG_NEED_NETDEV |
13100 NL80211_FLAG_NEED_RTNL,
13101 },
13102 {
13103 .cmd = NL80211_CMD_PROBE_CLIENT,
13104 .doit = nl80211_probe_client,
13105 .policy = nl80211_policy,
13106 .flags = GENL_UNS_ADMIN_PERM,
13107 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13108 NL80211_FLAG_NEED_RTNL,
13109 },
13110 {
13111 .cmd = NL80211_CMD_REGISTER_BEACONS,
13112 .doit = nl80211_register_beacons,
13113 .policy = nl80211_policy,
13114 .flags = GENL_UNS_ADMIN_PERM,
13115 .internal_flags = NL80211_FLAG_NEED_WIPHY |
13116 NL80211_FLAG_NEED_RTNL,
13117 },
13118 {
13119 .cmd = NL80211_CMD_SET_NOACK_MAP,
13120 .doit = nl80211_set_noack_map,
13121 .policy = nl80211_policy,
13122 .flags = GENL_UNS_ADMIN_PERM,
13123 .internal_flags = NL80211_FLAG_NEED_NETDEV |
13124 NL80211_FLAG_NEED_RTNL,
13125 },
13126 {
13127 .cmd = NL80211_CMD_START_P2P_DEVICE,
13128 .doit = nl80211_start_p2p_device,
13129 .policy = nl80211_policy,
13130 .flags = GENL_UNS_ADMIN_PERM,
13131 .internal_flags = NL80211_FLAG_NEED_WDEV |
13132 NL80211_FLAG_NEED_RTNL,
13133 },
13134 {
13135 .cmd = NL80211_CMD_STOP_P2P_DEVICE,
13136 .doit = nl80211_stop_p2p_device,
13137 .policy = nl80211_policy,
13138 .flags = GENL_UNS_ADMIN_PERM,
13139 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
13140 NL80211_FLAG_NEED_RTNL,
13141 },
13142 {
13143 .cmd = NL80211_CMD_START_NAN,
13144 .doit = nl80211_start_nan,
13145 .policy = nl80211_policy,
13146 .flags = GENL_ADMIN_PERM,
13147 .internal_flags = NL80211_FLAG_NEED_WDEV |
13148 NL80211_FLAG_NEED_RTNL,
13149 },
13150 {
13151 .cmd = NL80211_CMD_STOP_NAN,
13152 .doit = nl80211_stop_nan,
13153 .policy = nl80211_policy,
13154 .flags = GENL_ADMIN_PERM,
13155 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
13156 NL80211_FLAG_NEED_RTNL,
13157 },
13158 {
13159 .cmd = NL80211_CMD_ADD_NAN_FUNCTION,
13160 .doit = nl80211_nan_add_func,
13161 .policy = nl80211_policy,
13162 .flags = GENL_ADMIN_PERM,
13163 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
13164 NL80211_FLAG_NEED_RTNL,
13165 },
13166 {
13167 .cmd = NL80211_CMD_DEL_NAN_FUNCTION,
13168 .doit = nl80211_nan_del_func,
13169 .policy = nl80211_policy,
13170 .flags = GENL_ADMIN_PERM,
13171 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
13172 NL80211_FLAG_NEED_RTNL,
13173 },
13174 {
13175 .cmd = NL80211_CMD_CHANGE_NAN_CONFIG,
13176 .doit = nl80211_nan_change_config,
13177 .policy = nl80211_policy,
13178 .flags = GENL_ADMIN_PERM,
13179 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
13180 NL80211_FLAG_NEED_RTNL,
13181 },
13182 {
13183 .cmd = NL80211_CMD_SET_MCAST_RATE,
13184 .doit = nl80211_set_mcast_rate,
13185 .policy = nl80211_policy,
13186 .flags = GENL_UNS_ADMIN_PERM,
13187 .internal_flags = NL80211_FLAG_NEED_NETDEV |
13188 NL80211_FLAG_NEED_RTNL,
13189 },
13190 {
13191 .cmd = NL80211_CMD_SET_MAC_ACL,
13192 .doit = nl80211_set_mac_acl,
13193 .policy = nl80211_policy,
13194 .flags = GENL_UNS_ADMIN_PERM,
13195 .internal_flags = NL80211_FLAG_NEED_NETDEV |
13196 NL80211_FLAG_NEED_RTNL,
13197 },
13198 {
13199 .cmd = NL80211_CMD_RADAR_DETECT,
13200 .doit = nl80211_start_radar_detection,
13201 .policy = nl80211_policy,
13202 .flags = GENL_UNS_ADMIN_PERM,
13203 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13204 NL80211_FLAG_NEED_RTNL,
13205 },
13206 {
13207 .cmd = NL80211_CMD_GET_PROTOCOL_FEATURES,
13208 .doit = nl80211_get_protocol_features,
13209 .policy = nl80211_policy,
13210 },
13211 {
13212 .cmd = NL80211_CMD_UPDATE_FT_IES,
13213 .doit = nl80211_update_ft_ies,
13214 .policy = nl80211_policy,
13215 .flags = GENL_UNS_ADMIN_PERM,
13216 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13217 NL80211_FLAG_NEED_RTNL,
13218 },
13219 {
13220 .cmd = NL80211_CMD_CRIT_PROTOCOL_START,
13221 .doit = nl80211_crit_protocol_start,
13222 .policy = nl80211_policy,
13223 .flags = GENL_UNS_ADMIN_PERM,
13224 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
13225 NL80211_FLAG_NEED_RTNL,
13226 },
13227 {
13228 .cmd = NL80211_CMD_CRIT_PROTOCOL_STOP,
13229 .doit = nl80211_crit_protocol_stop,
13230 .policy = nl80211_policy,
13231 .flags = GENL_UNS_ADMIN_PERM,
13232 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
13233 NL80211_FLAG_NEED_RTNL,
13234 },
13235 {
13236 .cmd = NL80211_CMD_GET_COALESCE,
13237 .doit = nl80211_get_coalesce,
13238 .policy = nl80211_policy,
13239 .internal_flags = NL80211_FLAG_NEED_WIPHY |
13240 NL80211_FLAG_NEED_RTNL,
13241 },
13242 {
13243 .cmd = NL80211_CMD_SET_COALESCE,
13244 .doit = nl80211_set_coalesce,
13245 .policy = nl80211_policy,
13246 .flags = GENL_UNS_ADMIN_PERM,
13247 .internal_flags = NL80211_FLAG_NEED_WIPHY |
13248 NL80211_FLAG_NEED_RTNL,
13249 },
13250 {
13251 .cmd = NL80211_CMD_CHANNEL_SWITCH,
13252 .doit = nl80211_channel_switch,
13253 .policy = nl80211_policy,
13254 .flags = GENL_UNS_ADMIN_PERM,
13255 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13256 NL80211_FLAG_NEED_RTNL,
13257 },
13258 {
13259 .cmd = NL80211_CMD_VENDOR,
13260 .doit = nl80211_vendor_cmd,
13261 .dumpit = nl80211_vendor_cmd_dump,
13262 .policy = nl80211_policy,
13263 .flags = GENL_UNS_ADMIN_PERM,
13264 .internal_flags = NL80211_FLAG_NEED_WIPHY |
13265 NL80211_FLAG_NEED_RTNL,
13266 },
13267 {
13268 .cmd = NL80211_CMD_SET_QOS_MAP,
13269 .doit = nl80211_set_qos_map,
13270 .policy = nl80211_policy,
13271 .flags = GENL_UNS_ADMIN_PERM,
13272 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13273 NL80211_FLAG_NEED_RTNL,
13274 },
13275 {
13276 .cmd = NL80211_CMD_ADD_TX_TS,
13277 .doit = nl80211_add_tx_ts,
13278 .policy = nl80211_policy,
13279 .flags = GENL_UNS_ADMIN_PERM,
13280 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13281 NL80211_FLAG_NEED_RTNL,
13282 },
13283 {
13284 .cmd = NL80211_CMD_DEL_TX_TS,
13285 .doit = nl80211_del_tx_ts,
13286 .policy = nl80211_policy,
13287 .flags = GENL_UNS_ADMIN_PERM,
13288 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13289 NL80211_FLAG_NEED_RTNL,
13290 },
13291 {
13292 .cmd = NL80211_CMD_TDLS_CHANNEL_SWITCH,
13293 .doit = nl80211_tdls_channel_switch,
13294 .policy = nl80211_policy,
13295 .flags = GENL_UNS_ADMIN_PERM,
13296 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13297 NL80211_FLAG_NEED_RTNL,
13298 },
13299 {
13300 .cmd = NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH,
13301 .doit = nl80211_tdls_cancel_channel_switch,
13302 .policy = nl80211_policy,
13303 .flags = GENL_UNS_ADMIN_PERM,
13304 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13305 NL80211_FLAG_NEED_RTNL,
13306 },
13307 {
13308 .cmd = NL80211_CMD_SET_MULTICAST_TO_UNICAST,
13309 .doit = nl80211_set_multicast_to_unicast,
13310 .policy = nl80211_policy,
13311 .flags = GENL_UNS_ADMIN_PERM,
13312 .internal_flags = NL80211_FLAG_NEED_NETDEV |
13313 NL80211_FLAG_NEED_RTNL,
13314 },
13315 {
13316 .cmd = NL80211_CMD_SET_PMK,
13317 .doit = nl80211_set_pmk,
13318 .policy = nl80211_policy,
13319 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13320 NL80211_FLAG_NEED_RTNL,
13321 },
13322 {
13323 .cmd = NL80211_CMD_DEL_PMK,
13324 .doit = nl80211_del_pmk,
13325 .policy = nl80211_policy,
13326 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13327 NL80211_FLAG_NEED_RTNL,
13328 },
13329
13330 };
13331
13332 static struct genl_family nl80211_fam __ro_after_init = {
13333 .name = NL80211_GENL_NAME, /* have users key off the name instead */
13334 .hdrsize = 0, /* no private header */
13335 .version = 1, /* no particular meaning now */
13336 .maxattr = NL80211_ATTR_MAX,
13337 .netnsok = true,
13338 .pre_doit = nl80211_pre_doit,
13339 .post_doit = nl80211_post_doit,
13340 .module = THIS_MODULE,
13341 .ops = nl80211_ops,
13342 .n_ops = ARRAY_SIZE(nl80211_ops),
13343 .mcgrps = nl80211_mcgrps,
13344 .n_mcgrps = ARRAY_SIZE(nl80211_mcgrps),
13345 };
13346
13347 /* notification functions */
13348
13349 void nl80211_notify_wiphy(struct cfg80211_registered_device *rdev,
13350 enum nl80211_commands cmd)
13351 {
13352 struct sk_buff *msg;
13353 struct nl80211_dump_wiphy_state state = {};
13354
13355 WARN_ON(cmd != NL80211_CMD_NEW_WIPHY &&
13356 cmd != NL80211_CMD_DEL_WIPHY);
13357
13358 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
13359 if (!msg)
13360 return;
13361
13362 if (nl80211_send_wiphy(rdev, cmd, msg, 0, 0, 0, &state) < 0) {
13363 nlmsg_free(msg);
13364 return;
13365 }
13366
13367 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
13368 NL80211_MCGRP_CONFIG, GFP_KERNEL);
13369 }
13370
13371 void nl80211_notify_iface(struct cfg80211_registered_device *rdev,
13372 struct wireless_dev *wdev,
13373 enum nl80211_commands cmd)
13374 {
13375 struct sk_buff *msg;
13376
13377 WARN_ON(cmd != NL80211_CMD_NEW_INTERFACE &&
13378 cmd != NL80211_CMD_DEL_INTERFACE);
13379
13380 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
13381 if (!msg)
13382 return;
13383
13384 if (nl80211_send_iface(msg, 0, 0, 0, rdev, wdev,
13385 cmd == NL80211_CMD_DEL_INTERFACE) < 0) {
13386 nlmsg_free(msg);
13387 return;
13388 }
13389
13390 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
13391 NL80211_MCGRP_CONFIG, GFP_KERNEL);
13392 }
13393
13394 static int nl80211_add_scan_req(struct sk_buff *msg,
13395 struct cfg80211_registered_device *rdev)
13396 {
13397 struct cfg80211_scan_request *req = rdev->scan_req;
13398 struct nlattr *nest;
13399 int i;
13400
13401 if (WARN_ON(!req))
13402 return 0;
13403
13404 nest = nla_nest_start(msg, NL80211_ATTR_SCAN_SSIDS);
13405 if (!nest)
13406 goto nla_put_failure;
13407 for (i = 0; i < req->n_ssids; i++) {
13408 if (nla_put(msg, i, req->ssids[i].ssid_len, req->ssids[i].ssid))
13409 goto nla_put_failure;
13410 }
13411 nla_nest_end(msg, nest);
13412
13413 nest = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQUENCIES);
13414 if (!nest)
13415 goto nla_put_failure;
13416 for (i = 0; i < req->n_channels; i++) {
13417 if (nla_put_u32(msg, i, req->channels[i]->center_freq))
13418 goto nla_put_failure;
13419 }
13420 nla_nest_end(msg, nest);
13421
13422 if (req->ie &&
13423 nla_put(msg, NL80211_ATTR_IE, req->ie_len, req->ie))
13424 goto nla_put_failure;
13425
13426 if (req->flags &&
13427 nla_put_u32(msg, NL80211_ATTR_SCAN_FLAGS, req->flags))
13428 goto nla_put_failure;
13429
13430 if (req->info.scan_start_tsf &&
13431 (nla_put_u64_64bit(msg, NL80211_ATTR_SCAN_START_TIME_TSF,
13432 req->info.scan_start_tsf, NL80211_BSS_PAD) ||
13433 nla_put(msg, NL80211_ATTR_SCAN_START_TIME_TSF_BSSID, ETH_ALEN,
13434 req->info.tsf_bssid)))
13435 goto nla_put_failure;
13436
13437 return 0;
13438 nla_put_failure:
13439 return -ENOBUFS;
13440 }
13441
13442 static int nl80211_prep_scan_msg(struct sk_buff *msg,
13443 struct cfg80211_registered_device *rdev,
13444 struct wireless_dev *wdev,
13445 u32 portid, u32 seq, int flags,
13446 u32 cmd)
13447 {
13448 void *hdr;
13449
13450 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
13451 if (!hdr)
13452 return -1;
13453
13454 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
13455 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
13456 wdev->netdev->ifindex)) ||
13457 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
13458 NL80211_ATTR_PAD))
13459 goto nla_put_failure;
13460
13461 /* ignore errors and send incomplete event anyway */
13462 nl80211_add_scan_req(msg, rdev);
13463
13464 genlmsg_end(msg, hdr);
13465 return 0;
13466
13467 nla_put_failure:
13468 genlmsg_cancel(msg, hdr);
13469 return -EMSGSIZE;
13470 }
13471
13472 static int
13473 nl80211_prep_sched_scan_msg(struct sk_buff *msg,
13474 struct cfg80211_sched_scan_request *req, u32 cmd)
13475 {
13476 void *hdr;
13477
13478 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
13479 if (!hdr)
13480 return -1;
13481
13482 if (nla_put_u32(msg, NL80211_ATTR_WIPHY,
13483 wiphy_to_rdev(req->wiphy)->wiphy_idx) ||
13484 nla_put_u32(msg, NL80211_ATTR_IFINDEX, req->dev->ifindex) ||
13485 nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, req->reqid,
13486 NL80211_ATTR_PAD))
13487 goto nla_put_failure;
13488
13489 genlmsg_end(msg, hdr);
13490 return 0;
13491
13492 nla_put_failure:
13493 genlmsg_cancel(msg, hdr);
13494 return -EMSGSIZE;
13495 }
13496
13497 void nl80211_send_scan_start(struct cfg80211_registered_device *rdev,
13498 struct wireless_dev *wdev)
13499 {
13500 struct sk_buff *msg;
13501
13502 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
13503 if (!msg)
13504 return;
13505
13506 if (nl80211_prep_scan_msg(msg, rdev, wdev, 0, 0, 0,
13507 NL80211_CMD_TRIGGER_SCAN) < 0) {
13508 nlmsg_free(msg);
13509 return;
13510 }
13511
13512 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
13513 NL80211_MCGRP_SCAN, GFP_KERNEL);
13514 }
13515
13516 struct sk_buff *nl80211_build_scan_msg(struct cfg80211_registered_device *rdev,
13517 struct wireless_dev *wdev, bool aborted)
13518 {
13519 struct sk_buff *msg;
13520
13521 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
13522 if (!msg)
13523 return NULL;
13524
13525 if (nl80211_prep_scan_msg(msg, rdev, wdev, 0, 0, 0,
13526 aborted ? NL80211_CMD_SCAN_ABORTED :
13527 NL80211_CMD_NEW_SCAN_RESULTS) < 0) {
13528 nlmsg_free(msg);
13529 return NULL;
13530 }
13531
13532 return msg;
13533 }
13534
13535 /* send message created by nl80211_build_scan_msg() */
13536 void nl80211_send_scan_msg(struct cfg80211_registered_device *rdev,
13537 struct sk_buff *msg)
13538 {
13539 if (!msg)
13540 return;
13541
13542 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
13543 NL80211_MCGRP_SCAN, GFP_KERNEL);
13544 }
13545
13546 void nl80211_send_sched_scan(struct cfg80211_sched_scan_request *req, u32 cmd)
13547 {
13548 struct sk_buff *msg;
13549
13550 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
13551 if (!msg)
13552 return;
13553
13554 if (nl80211_prep_sched_scan_msg(msg, req, cmd) < 0) {
13555 nlmsg_free(msg);
13556 return;
13557 }
13558
13559 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(req->wiphy), msg, 0,
13560 NL80211_MCGRP_SCAN, GFP_KERNEL);
13561 }
13562
13563 static bool nl80211_reg_change_event_fill(struct sk_buff *msg,
13564 struct regulatory_request *request)
13565 {
13566 /* Userspace can always count this one always being set */
13567 if (nla_put_u8(msg, NL80211_ATTR_REG_INITIATOR, request->initiator))
13568 goto nla_put_failure;
13569
13570 if (request->alpha2[0] == '0' && request->alpha2[1] == '0') {
13571 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
13572 NL80211_REGDOM_TYPE_WORLD))
13573 goto nla_put_failure;
13574 } else if (request->alpha2[0] == '9' && request->alpha2[1] == '9') {
13575 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
13576 NL80211_REGDOM_TYPE_CUSTOM_WORLD))
13577 goto nla_put_failure;
13578 } else if ((request->alpha2[0] == '9' && request->alpha2[1] == '8') ||
13579 request->intersect) {
13580 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
13581 NL80211_REGDOM_TYPE_INTERSECTION))
13582 goto nla_put_failure;
13583 } else {
13584 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
13585 NL80211_REGDOM_TYPE_COUNTRY) ||
13586 nla_put_string(msg, NL80211_ATTR_REG_ALPHA2,
13587 request->alpha2))
13588 goto nla_put_failure;
13589 }
13590
13591 if (request->wiphy_idx != WIPHY_IDX_INVALID) {
13592 struct wiphy *wiphy = wiphy_idx_to_wiphy(request->wiphy_idx);
13593
13594 if (wiphy &&
13595 nla_put_u32(msg, NL80211_ATTR_WIPHY, request->wiphy_idx))
13596 goto nla_put_failure;
13597
13598 if (wiphy &&
13599 wiphy->regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
13600 nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
13601 goto nla_put_failure;
13602 }
13603
13604 return true;
13605
13606 nla_put_failure:
13607 return false;
13608 }
13609
13610 /*
13611 * This can happen on global regulatory changes or device specific settings
13612 * based on custom regulatory domains.
13613 */
13614 void nl80211_common_reg_change_event(enum nl80211_commands cmd_id,
13615 struct regulatory_request *request)
13616 {
13617 struct sk_buff *msg;
13618 void *hdr;
13619
13620 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
13621 if (!msg)
13622 return;
13623
13624 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd_id);
13625 if (!hdr) {
13626 nlmsg_free(msg);
13627 return;
13628 }
13629
13630 if (nl80211_reg_change_event_fill(msg, request) == false)
13631 goto nla_put_failure;
13632
13633 genlmsg_end(msg, hdr);
13634
13635 rcu_read_lock();
13636 genlmsg_multicast_allns(&nl80211_fam, msg, 0,
13637 NL80211_MCGRP_REGULATORY, GFP_ATOMIC);
13638 rcu_read_unlock();
13639
13640 return;
13641
13642 nla_put_failure:
13643 genlmsg_cancel(msg, hdr);
13644 nlmsg_free(msg);
13645 }
13646
13647 static void nl80211_send_mlme_event(struct cfg80211_registered_device *rdev,
13648 struct net_device *netdev,
13649 const u8 *buf, size_t len,
13650 enum nl80211_commands cmd, gfp_t gfp,
13651 int uapsd_queues)
13652 {
13653 struct sk_buff *msg;
13654 void *hdr;
13655
13656 msg = nlmsg_new(100 + len, gfp);
13657 if (!msg)
13658 return;
13659
13660 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
13661 if (!hdr) {
13662 nlmsg_free(msg);
13663 return;
13664 }
13665
13666 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
13667 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
13668 nla_put(msg, NL80211_ATTR_FRAME, len, buf))
13669 goto nla_put_failure;
13670
13671 if (uapsd_queues >= 0) {
13672 struct nlattr *nla_wmm =
13673 nla_nest_start(msg, NL80211_ATTR_STA_WME);
13674 if (!nla_wmm)
13675 goto nla_put_failure;
13676
13677 if (nla_put_u8(msg, NL80211_STA_WME_UAPSD_QUEUES,
13678 uapsd_queues))
13679 goto nla_put_failure;
13680
13681 nla_nest_end(msg, nla_wmm);
13682 }
13683
13684 genlmsg_end(msg, hdr);
13685
13686 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
13687 NL80211_MCGRP_MLME, gfp);
13688 return;
13689
13690 nla_put_failure:
13691 genlmsg_cancel(msg, hdr);
13692 nlmsg_free(msg);
13693 }
13694
13695 void nl80211_send_rx_auth(struct cfg80211_registered_device *rdev,
13696 struct net_device *netdev, const u8 *buf,
13697 size_t len, gfp_t gfp)
13698 {
13699 nl80211_send_mlme_event(rdev, netdev, buf, len,
13700 NL80211_CMD_AUTHENTICATE, gfp, -1);
13701 }
13702
13703 void nl80211_send_rx_assoc(struct cfg80211_registered_device *rdev,
13704 struct net_device *netdev, const u8 *buf,
13705 size_t len, gfp_t gfp, int uapsd_queues)
13706 {
13707 nl80211_send_mlme_event(rdev, netdev, buf, len,
13708 NL80211_CMD_ASSOCIATE, gfp, uapsd_queues);
13709 }
13710
13711 void nl80211_send_deauth(struct cfg80211_registered_device *rdev,
13712 struct net_device *netdev, const u8 *buf,
13713 size_t len, gfp_t gfp)
13714 {
13715 nl80211_send_mlme_event(rdev, netdev, buf, len,
13716 NL80211_CMD_DEAUTHENTICATE, gfp, -1);
13717 }
13718
13719 void nl80211_send_disassoc(struct cfg80211_registered_device *rdev,
13720 struct net_device *netdev, const u8 *buf,
13721 size_t len, gfp_t gfp)
13722 {
13723 nl80211_send_mlme_event(rdev, netdev, buf, len,
13724 NL80211_CMD_DISASSOCIATE, gfp, -1);
13725 }
13726
13727 void cfg80211_rx_unprot_mlme_mgmt(struct net_device *dev, const u8 *buf,
13728 size_t len)
13729 {
13730 struct wireless_dev *wdev = dev->ieee80211_ptr;
13731 struct wiphy *wiphy = wdev->wiphy;
13732 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
13733 const struct ieee80211_mgmt *mgmt = (void *)buf;
13734 u32 cmd;
13735
13736 if (WARN_ON(len < 2))
13737 return;
13738
13739 if (ieee80211_is_deauth(mgmt->frame_control))
13740 cmd = NL80211_CMD_UNPROT_DEAUTHENTICATE;
13741 else
13742 cmd = NL80211_CMD_UNPROT_DISASSOCIATE;
13743
13744 trace_cfg80211_rx_unprot_mlme_mgmt(dev, buf, len);
13745 nl80211_send_mlme_event(rdev, dev, buf, len, cmd, GFP_ATOMIC, -1);
13746 }
13747 EXPORT_SYMBOL(cfg80211_rx_unprot_mlme_mgmt);
13748
13749 static void nl80211_send_mlme_timeout(struct cfg80211_registered_device *rdev,
13750 struct net_device *netdev, int cmd,
13751 const u8 *addr, gfp_t gfp)
13752 {
13753 struct sk_buff *msg;
13754 void *hdr;
13755
13756 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
13757 if (!msg)
13758 return;
13759
13760 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
13761 if (!hdr) {
13762 nlmsg_free(msg);
13763 return;
13764 }
13765
13766 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
13767 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
13768 nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) ||
13769 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
13770 goto nla_put_failure;
13771
13772 genlmsg_end(msg, hdr);
13773
13774 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
13775 NL80211_MCGRP_MLME, gfp);
13776 return;
13777
13778 nla_put_failure:
13779 genlmsg_cancel(msg, hdr);
13780 nlmsg_free(msg);
13781 }
13782
13783 void nl80211_send_auth_timeout(struct cfg80211_registered_device *rdev,
13784 struct net_device *netdev, const u8 *addr,
13785 gfp_t gfp)
13786 {
13787 nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_AUTHENTICATE,
13788 addr, gfp);
13789 }
13790
13791 void nl80211_send_assoc_timeout(struct cfg80211_registered_device *rdev,
13792 struct net_device *netdev, const u8 *addr,
13793 gfp_t gfp)
13794 {
13795 nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_ASSOCIATE,
13796 addr, gfp);
13797 }
13798
13799 void nl80211_send_connect_result(struct cfg80211_registered_device *rdev,
13800 struct net_device *netdev,
13801 struct cfg80211_connect_resp_params *cr,
13802 gfp_t gfp)
13803 {
13804 struct sk_buff *msg;
13805 void *hdr;
13806
13807 msg = nlmsg_new(100 + cr->req_ie_len + cr->resp_ie_len +
13808 cr->fils_kek_len + cr->pmk_len +
13809 (cr->pmkid ? WLAN_PMKID_LEN : 0), gfp);
13810 if (!msg)
13811 return;
13812
13813 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONNECT);
13814 if (!hdr) {
13815 nlmsg_free(msg);
13816 return;
13817 }
13818
13819 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
13820 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
13821 (cr->bssid &&
13822 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, cr->bssid)) ||
13823 nla_put_u16(msg, NL80211_ATTR_STATUS_CODE,
13824 cr->status < 0 ? WLAN_STATUS_UNSPECIFIED_FAILURE :
13825 cr->status) ||
13826 (cr->status < 0 &&
13827 (nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) ||
13828 nla_put_u32(msg, NL80211_ATTR_TIMEOUT_REASON,
13829 cr->timeout_reason))) ||
13830 (cr->req_ie &&
13831 nla_put(msg, NL80211_ATTR_REQ_IE, cr->req_ie_len, cr->req_ie)) ||
13832 (cr->resp_ie &&
13833 nla_put(msg, NL80211_ATTR_RESP_IE, cr->resp_ie_len,
13834 cr->resp_ie)) ||
13835 (cr->update_erp_next_seq_num &&
13836 nla_put_u16(msg, NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM,
13837 cr->fils_erp_next_seq_num)) ||
13838 (cr->status == WLAN_STATUS_SUCCESS &&
13839 ((cr->fils_kek &&
13840 nla_put(msg, NL80211_ATTR_FILS_KEK, cr->fils_kek_len,
13841 cr->fils_kek)) ||
13842 (cr->pmk &&
13843 nla_put(msg, NL80211_ATTR_PMK, cr->pmk_len, cr->pmk)) ||
13844 (cr->pmkid &&
13845 nla_put(msg, NL80211_ATTR_PMKID, WLAN_PMKID_LEN, cr->pmkid)))))
13846 goto nla_put_failure;
13847
13848 genlmsg_end(msg, hdr);
13849
13850 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
13851 NL80211_MCGRP_MLME, gfp);
13852 return;
13853
13854 nla_put_failure:
13855 genlmsg_cancel(msg, hdr);
13856 nlmsg_free(msg);
13857 }
13858
13859 void nl80211_send_roamed(struct cfg80211_registered_device *rdev,
13860 struct net_device *netdev,
13861 struct cfg80211_roam_info *info, gfp_t gfp)
13862 {
13863 struct sk_buff *msg;
13864 void *hdr;
13865 const u8 *bssid = info->bss ? info->bss->bssid : info->bssid;
13866
13867 msg = nlmsg_new(100 + info->req_ie_len + info->resp_ie_len, gfp);
13868 if (!msg)
13869 return;
13870
13871 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ROAM);
13872 if (!hdr) {
13873 nlmsg_free(msg);
13874 return;
13875 }
13876
13877 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
13878 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
13879 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid) ||
13880 (info->req_ie &&
13881 nla_put(msg, NL80211_ATTR_REQ_IE, info->req_ie_len,
13882 info->req_ie)) ||
13883 (info->resp_ie &&
13884 nla_put(msg, NL80211_ATTR_RESP_IE, info->resp_ie_len,
13885 info->resp_ie)))
13886 goto nla_put_failure;
13887
13888 genlmsg_end(msg, hdr);
13889
13890 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
13891 NL80211_MCGRP_MLME, gfp);
13892 return;
13893
13894 nla_put_failure:
13895 genlmsg_cancel(msg, hdr);
13896 nlmsg_free(msg);
13897 }
13898
13899 void nl80211_send_port_authorized(struct cfg80211_registered_device *rdev,
13900 struct net_device *netdev, const u8 *bssid)
13901 {
13902 struct sk_buff *msg;
13903 void *hdr;
13904
13905 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
13906 if (!msg)
13907 return;
13908
13909 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PORT_AUTHORIZED);
13910 if (!hdr) {
13911 nlmsg_free(msg);
13912 return;
13913 }
13914
13915 if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
13916 goto nla_put_failure;
13917
13918 genlmsg_end(msg, hdr);
13919
13920 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
13921 NL80211_MCGRP_MLME, GFP_KERNEL);
13922 return;
13923
13924 nla_put_failure:
13925 genlmsg_cancel(msg, hdr);
13926 nlmsg_free(msg);
13927 }
13928
13929 void nl80211_send_disconnected(struct cfg80211_registered_device *rdev,
13930 struct net_device *netdev, u16 reason,
13931 const u8 *ie, size_t ie_len, bool from_ap)
13932 {
13933 struct sk_buff *msg;
13934 void *hdr;
13935
13936 msg = nlmsg_new(100 + ie_len, GFP_KERNEL);
13937 if (!msg)
13938 return;
13939
13940 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DISCONNECT);
13941 if (!hdr) {
13942 nlmsg_free(msg);
13943 return;
13944 }
13945
13946 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
13947 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
13948 (from_ap && reason &&
13949 nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason)) ||
13950 (from_ap &&
13951 nla_put_flag(msg, NL80211_ATTR_DISCONNECTED_BY_AP)) ||
13952 (ie && nla_put(msg, NL80211_ATTR_IE, ie_len, ie)))
13953 goto nla_put_failure;
13954
13955 genlmsg_end(msg, hdr);
13956
13957 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
13958 NL80211_MCGRP_MLME, GFP_KERNEL);
13959 return;
13960
13961 nla_put_failure:
13962 genlmsg_cancel(msg, hdr);
13963 nlmsg_free(msg);
13964 }
13965
13966 void nl80211_send_ibss_bssid(struct cfg80211_registered_device *rdev,
13967 struct net_device *netdev, const u8 *bssid,
13968 gfp_t gfp)
13969 {
13970 struct sk_buff *msg;
13971 void *hdr;
13972
13973 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
13974 if (!msg)
13975 return;
13976
13977 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_JOIN_IBSS);
13978 if (!hdr) {
13979 nlmsg_free(msg);
13980 return;
13981 }
13982
13983 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
13984 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
13985 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
13986 goto nla_put_failure;
13987
13988 genlmsg_end(msg, hdr);
13989
13990 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
13991 NL80211_MCGRP_MLME, gfp);
13992 return;
13993
13994 nla_put_failure:
13995 genlmsg_cancel(msg, hdr);
13996 nlmsg_free(msg);
13997 }
13998
13999 void cfg80211_notify_new_peer_candidate(struct net_device *dev, const u8 *addr,
14000 const u8* ie, u8 ie_len, gfp_t gfp)
14001 {
14002 struct wireless_dev *wdev = dev->ieee80211_ptr;
14003 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
14004 struct sk_buff *msg;
14005 void *hdr;
14006
14007 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_MESH_POINT))
14008 return;
14009
14010 trace_cfg80211_notify_new_peer_candidate(dev, addr);
14011
14012 msg = nlmsg_new(100 + ie_len, gfp);
14013 if (!msg)
14014 return;
14015
14016 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NEW_PEER_CANDIDATE);
14017 if (!hdr) {
14018 nlmsg_free(msg);
14019 return;
14020 }
14021
14022 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14023 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
14024 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
14025 (ie_len && ie &&
14026 nla_put(msg, NL80211_ATTR_IE, ie_len , ie)))
14027 goto nla_put_failure;
14028
14029 genlmsg_end(msg, hdr);
14030
14031 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14032 NL80211_MCGRP_MLME, gfp);
14033 return;
14034
14035 nla_put_failure:
14036 genlmsg_cancel(msg, hdr);
14037 nlmsg_free(msg);
14038 }
14039 EXPORT_SYMBOL(cfg80211_notify_new_peer_candidate);
14040
14041 void nl80211_michael_mic_failure(struct cfg80211_registered_device *rdev,
14042 struct net_device *netdev, const u8 *addr,
14043 enum nl80211_key_type key_type, int key_id,
14044 const u8 *tsc, gfp_t gfp)
14045 {
14046 struct sk_buff *msg;
14047 void *hdr;
14048
14049 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
14050 if (!msg)
14051 return;
14052
14053 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_MICHAEL_MIC_FAILURE);
14054 if (!hdr) {
14055 nlmsg_free(msg);
14056 return;
14057 }
14058
14059 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14060 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
14061 (addr && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) ||
14062 nla_put_u32(msg, NL80211_ATTR_KEY_TYPE, key_type) ||
14063 (key_id != -1 &&
14064 nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_id)) ||
14065 (tsc && nla_put(msg, NL80211_ATTR_KEY_SEQ, 6, tsc)))
14066 goto nla_put_failure;
14067
14068 genlmsg_end(msg, hdr);
14069
14070 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14071 NL80211_MCGRP_MLME, gfp);
14072 return;
14073
14074 nla_put_failure:
14075 genlmsg_cancel(msg, hdr);
14076 nlmsg_free(msg);
14077 }
14078
14079 void nl80211_send_beacon_hint_event(struct wiphy *wiphy,
14080 struct ieee80211_channel *channel_before,
14081 struct ieee80211_channel *channel_after)
14082 {
14083 struct sk_buff *msg;
14084 void *hdr;
14085 struct nlattr *nl_freq;
14086
14087 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC);
14088 if (!msg)
14089 return;
14090
14091 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_BEACON_HINT);
14092 if (!hdr) {
14093 nlmsg_free(msg);
14094 return;
14095 }
14096
14097 /*
14098 * Since we are applying the beacon hint to a wiphy we know its
14099 * wiphy_idx is valid
14100 */
14101 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
14102 goto nla_put_failure;
14103
14104 /* Before */
14105 nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_BEFORE);
14106 if (!nl_freq)
14107 goto nla_put_failure;
14108 if (nl80211_msg_put_channel(msg, channel_before, false))
14109 goto nla_put_failure;
14110 nla_nest_end(msg, nl_freq);
14111
14112 /* After */
14113 nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_AFTER);
14114 if (!nl_freq)
14115 goto nla_put_failure;
14116 if (nl80211_msg_put_channel(msg, channel_after, false))
14117 goto nla_put_failure;
14118 nla_nest_end(msg, nl_freq);
14119
14120 genlmsg_end(msg, hdr);
14121
14122 rcu_read_lock();
14123 genlmsg_multicast_allns(&nl80211_fam, msg, 0,
14124 NL80211_MCGRP_REGULATORY, GFP_ATOMIC);
14125 rcu_read_unlock();
14126
14127 return;
14128
14129 nla_put_failure:
14130 genlmsg_cancel(msg, hdr);
14131 nlmsg_free(msg);
14132 }
14133
14134 static void nl80211_send_remain_on_chan_event(
14135 int cmd, struct cfg80211_registered_device *rdev,
14136 struct wireless_dev *wdev, u64 cookie,
14137 struct ieee80211_channel *chan,
14138 unsigned int duration, gfp_t gfp)
14139 {
14140 struct sk_buff *msg;
14141 void *hdr;
14142
14143 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
14144 if (!msg)
14145 return;
14146
14147 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
14148 if (!hdr) {
14149 nlmsg_free(msg);
14150 return;
14151 }
14152
14153 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14154 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
14155 wdev->netdev->ifindex)) ||
14156 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
14157 NL80211_ATTR_PAD) ||
14158 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, chan->center_freq) ||
14159 nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
14160 NL80211_CHAN_NO_HT) ||
14161 nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
14162 NL80211_ATTR_PAD))
14163 goto nla_put_failure;
14164
14165 if (cmd == NL80211_CMD_REMAIN_ON_CHANNEL &&
14166 nla_put_u32(msg, NL80211_ATTR_DURATION, duration))
14167 goto nla_put_failure;
14168
14169 genlmsg_end(msg, hdr);
14170
14171 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14172 NL80211_MCGRP_MLME, gfp);
14173 return;
14174
14175 nla_put_failure:
14176 genlmsg_cancel(msg, hdr);
14177 nlmsg_free(msg);
14178 }
14179
14180 void cfg80211_ready_on_channel(struct wireless_dev *wdev, u64 cookie,
14181 struct ieee80211_channel *chan,
14182 unsigned int duration, gfp_t gfp)
14183 {
14184 struct wiphy *wiphy = wdev->wiphy;
14185 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
14186
14187 trace_cfg80211_ready_on_channel(wdev, cookie, chan, duration);
14188 nl80211_send_remain_on_chan_event(NL80211_CMD_REMAIN_ON_CHANNEL,
14189 rdev, wdev, cookie, chan,
14190 duration, gfp);
14191 }
14192 EXPORT_SYMBOL(cfg80211_ready_on_channel);
14193
14194 void cfg80211_remain_on_channel_expired(struct wireless_dev *wdev, u64 cookie,
14195 struct ieee80211_channel *chan,
14196 gfp_t gfp)
14197 {
14198 struct wiphy *wiphy = wdev->wiphy;
14199 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
14200
14201 trace_cfg80211_ready_on_channel_expired(wdev, cookie, chan);
14202 nl80211_send_remain_on_chan_event(NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
14203 rdev, wdev, cookie, chan, 0, gfp);
14204 }
14205 EXPORT_SYMBOL(cfg80211_remain_on_channel_expired);
14206
14207 void cfg80211_new_sta(struct net_device *dev, const u8 *mac_addr,
14208 struct station_info *sinfo, gfp_t gfp)
14209 {
14210 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
14211 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
14212 struct sk_buff *msg;
14213
14214 trace_cfg80211_new_sta(dev, mac_addr, sinfo);
14215
14216 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
14217 if (!msg)
14218 return;
14219
14220 if (nl80211_send_station(msg, NL80211_CMD_NEW_STATION, 0, 0, 0,
14221 rdev, dev, mac_addr, sinfo) < 0) {
14222 nlmsg_free(msg);
14223 return;
14224 }
14225
14226 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14227 NL80211_MCGRP_MLME, gfp);
14228 }
14229 EXPORT_SYMBOL(cfg80211_new_sta);
14230
14231 void cfg80211_del_sta_sinfo(struct net_device *dev, const u8 *mac_addr,
14232 struct station_info *sinfo, gfp_t gfp)
14233 {
14234 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
14235 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
14236 struct sk_buff *msg;
14237 struct station_info empty_sinfo = {};
14238
14239 if (!sinfo)
14240 sinfo = &empty_sinfo;
14241
14242 trace_cfg80211_del_sta(dev, mac_addr);
14243
14244 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
14245 if (!msg)
14246 return;
14247
14248 if (nl80211_send_station(msg, NL80211_CMD_DEL_STATION, 0, 0, 0,
14249 rdev, dev, mac_addr, sinfo) < 0) {
14250 nlmsg_free(msg);
14251 return;
14252 }
14253
14254 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14255 NL80211_MCGRP_MLME, gfp);
14256 }
14257 EXPORT_SYMBOL(cfg80211_del_sta_sinfo);
14258
14259 void cfg80211_conn_failed(struct net_device *dev, const u8 *mac_addr,
14260 enum nl80211_connect_failed_reason reason,
14261 gfp_t gfp)
14262 {
14263 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
14264 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
14265 struct sk_buff *msg;
14266 void *hdr;
14267
14268 msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
14269 if (!msg)
14270 return;
14271
14272 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONN_FAILED);
14273 if (!hdr) {
14274 nlmsg_free(msg);
14275 return;
14276 }
14277
14278 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
14279 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
14280 nla_put_u32(msg, NL80211_ATTR_CONN_FAILED_REASON, reason))
14281 goto nla_put_failure;
14282
14283 genlmsg_end(msg, hdr);
14284
14285 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14286 NL80211_MCGRP_MLME, gfp);
14287 return;
14288
14289 nla_put_failure:
14290 genlmsg_cancel(msg, hdr);
14291 nlmsg_free(msg);
14292 }
14293 EXPORT_SYMBOL(cfg80211_conn_failed);
14294
14295 static bool __nl80211_unexpected_frame(struct net_device *dev, u8 cmd,
14296 const u8 *addr, gfp_t gfp)
14297 {
14298 struct wireless_dev *wdev = dev->ieee80211_ptr;
14299 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
14300 struct sk_buff *msg;
14301 void *hdr;
14302 u32 nlportid = READ_ONCE(wdev->ap_unexpected_nlportid);
14303
14304 if (!nlportid)
14305 return false;
14306
14307 msg = nlmsg_new(100, gfp);
14308 if (!msg)
14309 return true;
14310
14311 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
14312 if (!hdr) {
14313 nlmsg_free(msg);
14314 return true;
14315 }
14316
14317 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14318 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
14319 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
14320 goto nla_put_failure;
14321
14322 genlmsg_end(msg, hdr);
14323 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
14324 return true;
14325
14326 nla_put_failure:
14327 genlmsg_cancel(msg, hdr);
14328 nlmsg_free(msg);
14329 return true;
14330 }
14331
14332 bool cfg80211_rx_spurious_frame(struct net_device *dev,
14333 const u8 *addr, gfp_t gfp)
14334 {
14335 struct wireless_dev *wdev = dev->ieee80211_ptr;
14336 bool ret;
14337
14338 trace_cfg80211_rx_spurious_frame(dev, addr);
14339
14340 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
14341 wdev->iftype != NL80211_IFTYPE_P2P_GO)) {
14342 trace_cfg80211_return_bool(false);
14343 return false;
14344 }
14345 ret = __nl80211_unexpected_frame(dev, NL80211_CMD_UNEXPECTED_FRAME,
14346 addr, gfp);
14347 trace_cfg80211_return_bool(ret);
14348 return ret;
14349 }
14350 EXPORT_SYMBOL(cfg80211_rx_spurious_frame);
14351
14352 bool cfg80211_rx_unexpected_4addr_frame(struct net_device *dev,
14353 const u8 *addr, gfp_t gfp)
14354 {
14355 struct wireless_dev *wdev = dev->ieee80211_ptr;
14356 bool ret;
14357
14358 trace_cfg80211_rx_unexpected_4addr_frame(dev, addr);
14359
14360 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
14361 wdev->iftype != NL80211_IFTYPE_P2P_GO &&
14362 wdev->iftype != NL80211_IFTYPE_AP_VLAN)) {
14363 trace_cfg80211_return_bool(false);
14364 return false;
14365 }
14366 ret = __nl80211_unexpected_frame(dev,
14367 NL80211_CMD_UNEXPECTED_4ADDR_FRAME,
14368 addr, gfp);
14369 trace_cfg80211_return_bool(ret);
14370 return ret;
14371 }
14372 EXPORT_SYMBOL(cfg80211_rx_unexpected_4addr_frame);
14373
14374 int nl80211_send_mgmt(struct cfg80211_registered_device *rdev,
14375 struct wireless_dev *wdev, u32 nlportid,
14376 int freq, int sig_dbm,
14377 const u8 *buf, size_t len, u32 flags, gfp_t gfp)
14378 {
14379 struct net_device *netdev = wdev->netdev;
14380 struct sk_buff *msg;
14381 void *hdr;
14382
14383 msg = nlmsg_new(100 + len, gfp);
14384 if (!msg)
14385 return -ENOMEM;
14386
14387 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
14388 if (!hdr) {
14389 nlmsg_free(msg);
14390 return -ENOMEM;
14391 }
14392
14393 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14394 (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
14395 netdev->ifindex)) ||
14396 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
14397 NL80211_ATTR_PAD) ||
14398 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq) ||
14399 (sig_dbm &&
14400 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) ||
14401 nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
14402 (flags &&
14403 nla_put_u32(msg, NL80211_ATTR_RXMGMT_FLAGS, flags)))
14404 goto nla_put_failure;
14405
14406 genlmsg_end(msg, hdr);
14407
14408 return genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
14409
14410 nla_put_failure:
14411 genlmsg_cancel(msg, hdr);
14412 nlmsg_free(msg);
14413 return -ENOBUFS;
14414 }
14415
14416 void cfg80211_mgmt_tx_status(struct wireless_dev *wdev, u64 cookie,
14417 const u8 *buf, size_t len, bool ack, gfp_t gfp)
14418 {
14419 struct wiphy *wiphy = wdev->wiphy;
14420 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
14421 struct net_device *netdev = wdev->netdev;
14422 struct sk_buff *msg;
14423 void *hdr;
14424
14425 trace_cfg80211_mgmt_tx_status(wdev, cookie, ack);
14426
14427 msg = nlmsg_new(100 + len, gfp);
14428 if (!msg)
14429 return;
14430
14431 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME_TX_STATUS);
14432 if (!hdr) {
14433 nlmsg_free(msg);
14434 return;
14435 }
14436
14437 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14438 (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
14439 netdev->ifindex)) ||
14440 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
14441 NL80211_ATTR_PAD) ||
14442 nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
14443 nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
14444 NL80211_ATTR_PAD) ||
14445 (ack && nla_put_flag(msg, NL80211_ATTR_ACK)))
14446 goto nla_put_failure;
14447
14448 genlmsg_end(msg, hdr);
14449
14450 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14451 NL80211_MCGRP_MLME, gfp);
14452 return;
14453
14454 nla_put_failure:
14455 genlmsg_cancel(msg, hdr);
14456 nlmsg_free(msg);
14457 }
14458 EXPORT_SYMBOL(cfg80211_mgmt_tx_status);
14459
14460 static struct sk_buff *cfg80211_prepare_cqm(struct net_device *dev,
14461 const char *mac, gfp_t gfp)
14462 {
14463 struct wireless_dev *wdev = dev->ieee80211_ptr;
14464 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
14465 struct sk_buff *msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
14466 void **cb;
14467
14468 if (!msg)
14469 return NULL;
14470
14471 cb = (void **)msg->cb;
14472
14473 cb[0] = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM);
14474 if (!cb[0]) {
14475 nlmsg_free(msg);
14476 return NULL;
14477 }
14478
14479 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14480 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
14481 goto nla_put_failure;
14482
14483 if (mac && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac))
14484 goto nla_put_failure;
14485
14486 cb[1] = nla_nest_start(msg, NL80211_ATTR_CQM);
14487 if (!cb[1])
14488 goto nla_put_failure;
14489
14490 cb[2] = rdev;
14491
14492 return msg;
14493 nla_put_failure:
14494 nlmsg_free(msg);
14495 return NULL;
14496 }
14497
14498 static void cfg80211_send_cqm(struct sk_buff *msg, gfp_t gfp)
14499 {
14500 void **cb = (void **)msg->cb;
14501 struct cfg80211_registered_device *rdev = cb[2];
14502
14503 nla_nest_end(msg, cb[1]);
14504 genlmsg_end(msg, cb[0]);
14505
14506 memset(msg->cb, 0, sizeof(msg->cb));
14507
14508 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14509 NL80211_MCGRP_MLME, gfp);
14510 }
14511
14512 void cfg80211_cqm_rssi_notify(struct net_device *dev,
14513 enum nl80211_cqm_rssi_threshold_event rssi_event,
14514 s32 rssi_level, gfp_t gfp)
14515 {
14516 struct sk_buff *msg;
14517 struct wireless_dev *wdev = dev->ieee80211_ptr;
14518 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
14519
14520 trace_cfg80211_cqm_rssi_notify(dev, rssi_event, rssi_level);
14521
14522 if (WARN_ON(rssi_event != NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW &&
14523 rssi_event != NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH))
14524 return;
14525
14526 if (wdev->cqm_config) {
14527 wdev->cqm_config->last_rssi_event_value = rssi_level;
14528
14529 cfg80211_cqm_rssi_update(rdev, dev);
14530
14531 if (rssi_level == 0)
14532 rssi_level = wdev->cqm_config->last_rssi_event_value;
14533 }
14534
14535 msg = cfg80211_prepare_cqm(dev, NULL, gfp);
14536 if (!msg)
14537 return;
14538
14539 if (nla_put_u32(msg, NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT,
14540 rssi_event))
14541 goto nla_put_failure;
14542
14543 if (rssi_level && nla_put_s32(msg, NL80211_ATTR_CQM_RSSI_LEVEL,
14544 rssi_level))
14545 goto nla_put_failure;
14546
14547 cfg80211_send_cqm(msg, gfp);
14548
14549 return;
14550
14551 nla_put_failure:
14552 nlmsg_free(msg);
14553 }
14554 EXPORT_SYMBOL(cfg80211_cqm_rssi_notify);
14555
14556 void cfg80211_cqm_txe_notify(struct net_device *dev,
14557 const u8 *peer, u32 num_packets,
14558 u32 rate, u32 intvl, gfp_t gfp)
14559 {
14560 struct sk_buff *msg;
14561
14562 msg = cfg80211_prepare_cqm(dev, peer, gfp);
14563 if (!msg)
14564 return;
14565
14566 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_PKTS, num_packets))
14567 goto nla_put_failure;
14568
14569 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_RATE, rate))
14570 goto nla_put_failure;
14571
14572 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_INTVL, intvl))
14573 goto nla_put_failure;
14574
14575 cfg80211_send_cqm(msg, gfp);
14576 return;
14577
14578 nla_put_failure:
14579 nlmsg_free(msg);
14580 }
14581 EXPORT_SYMBOL(cfg80211_cqm_txe_notify);
14582
14583 void cfg80211_cqm_pktloss_notify(struct net_device *dev,
14584 const u8 *peer, u32 num_packets, gfp_t gfp)
14585 {
14586 struct sk_buff *msg;
14587
14588 trace_cfg80211_cqm_pktloss_notify(dev, peer, num_packets);
14589
14590 msg = cfg80211_prepare_cqm(dev, peer, gfp);
14591 if (!msg)
14592 return;
14593
14594 if (nla_put_u32(msg, NL80211_ATTR_CQM_PKT_LOSS_EVENT, num_packets))
14595 goto nla_put_failure;
14596
14597 cfg80211_send_cqm(msg, gfp);
14598 return;
14599
14600 nla_put_failure:
14601 nlmsg_free(msg);
14602 }
14603 EXPORT_SYMBOL(cfg80211_cqm_pktloss_notify);
14604
14605 void cfg80211_cqm_beacon_loss_notify(struct net_device *dev, gfp_t gfp)
14606 {
14607 struct sk_buff *msg;
14608
14609 msg = cfg80211_prepare_cqm(dev, NULL, gfp);
14610 if (!msg)
14611 return;
14612
14613 if (nla_put_flag(msg, NL80211_ATTR_CQM_BEACON_LOSS_EVENT))
14614 goto nla_put_failure;
14615
14616 cfg80211_send_cqm(msg, gfp);
14617 return;
14618
14619 nla_put_failure:
14620 nlmsg_free(msg);
14621 }
14622 EXPORT_SYMBOL(cfg80211_cqm_beacon_loss_notify);
14623
14624 static void nl80211_gtk_rekey_notify(struct cfg80211_registered_device *rdev,
14625 struct net_device *netdev, const u8 *bssid,
14626 const u8 *replay_ctr, gfp_t gfp)
14627 {
14628 struct sk_buff *msg;
14629 struct nlattr *rekey_attr;
14630 void *hdr;
14631
14632 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
14633 if (!msg)
14634 return;
14635
14636 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_REKEY_OFFLOAD);
14637 if (!hdr) {
14638 nlmsg_free(msg);
14639 return;
14640 }
14641
14642 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14643 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
14644 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
14645 goto nla_put_failure;
14646
14647 rekey_attr = nla_nest_start(msg, NL80211_ATTR_REKEY_DATA);
14648 if (!rekey_attr)
14649 goto nla_put_failure;
14650
14651 if (nla_put(msg, NL80211_REKEY_DATA_REPLAY_CTR,
14652 NL80211_REPLAY_CTR_LEN, replay_ctr))
14653 goto nla_put_failure;
14654
14655 nla_nest_end(msg, rekey_attr);
14656
14657 genlmsg_end(msg, hdr);
14658
14659 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14660 NL80211_MCGRP_MLME, gfp);
14661 return;
14662
14663 nla_put_failure:
14664 genlmsg_cancel(msg, hdr);
14665 nlmsg_free(msg);
14666 }
14667
14668 void cfg80211_gtk_rekey_notify(struct net_device *dev, const u8 *bssid,
14669 const u8 *replay_ctr, gfp_t gfp)
14670 {
14671 struct wireless_dev *wdev = dev->ieee80211_ptr;
14672 struct wiphy *wiphy = wdev->wiphy;
14673 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
14674
14675 trace_cfg80211_gtk_rekey_notify(dev, bssid);
14676 nl80211_gtk_rekey_notify(rdev, dev, bssid, replay_ctr, gfp);
14677 }
14678 EXPORT_SYMBOL(cfg80211_gtk_rekey_notify);
14679
14680 static void
14681 nl80211_pmksa_candidate_notify(struct cfg80211_registered_device *rdev,
14682 struct net_device *netdev, int index,
14683 const u8 *bssid, bool preauth, gfp_t gfp)
14684 {
14685 struct sk_buff *msg;
14686 struct nlattr *attr;
14687 void *hdr;
14688
14689 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
14690 if (!msg)
14691 return;
14692
14693 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PMKSA_CANDIDATE);
14694 if (!hdr) {
14695 nlmsg_free(msg);
14696 return;
14697 }
14698
14699 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14700 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
14701 goto nla_put_failure;
14702
14703 attr = nla_nest_start(msg, NL80211_ATTR_PMKSA_CANDIDATE);
14704 if (!attr)
14705 goto nla_put_failure;
14706
14707 if (nla_put_u32(msg, NL80211_PMKSA_CANDIDATE_INDEX, index) ||
14708 nla_put(msg, NL80211_PMKSA_CANDIDATE_BSSID, ETH_ALEN, bssid) ||
14709 (preauth &&
14710 nla_put_flag(msg, NL80211_PMKSA_CANDIDATE_PREAUTH)))
14711 goto nla_put_failure;
14712
14713 nla_nest_end(msg, attr);
14714
14715 genlmsg_end(msg, hdr);
14716
14717 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14718 NL80211_MCGRP_MLME, gfp);
14719 return;
14720
14721 nla_put_failure:
14722 genlmsg_cancel(msg, hdr);
14723 nlmsg_free(msg);
14724 }
14725
14726 void cfg80211_pmksa_candidate_notify(struct net_device *dev, int index,
14727 const u8 *bssid, bool preauth, gfp_t gfp)
14728 {
14729 struct wireless_dev *wdev = dev->ieee80211_ptr;
14730 struct wiphy *wiphy = wdev->wiphy;
14731 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
14732
14733 trace_cfg80211_pmksa_candidate_notify(dev, index, bssid, preauth);
14734 nl80211_pmksa_candidate_notify(rdev, dev, index, bssid, preauth, gfp);
14735 }
14736 EXPORT_SYMBOL(cfg80211_pmksa_candidate_notify);
14737
14738 static void nl80211_ch_switch_notify(struct cfg80211_registered_device *rdev,
14739 struct net_device *netdev,
14740 struct cfg80211_chan_def *chandef,
14741 gfp_t gfp,
14742 enum nl80211_commands notif,
14743 u8 count)
14744 {
14745 struct sk_buff *msg;
14746 void *hdr;
14747
14748 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
14749 if (!msg)
14750 return;
14751
14752 hdr = nl80211hdr_put(msg, 0, 0, 0, notif);
14753 if (!hdr) {
14754 nlmsg_free(msg);
14755 return;
14756 }
14757
14758 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
14759 goto nla_put_failure;
14760
14761 if (nl80211_send_chandef(msg, chandef))
14762 goto nla_put_failure;
14763
14764 if ((notif == NL80211_CMD_CH_SWITCH_STARTED_NOTIFY) &&
14765 (nla_put_u32(msg, NL80211_ATTR_CH_SWITCH_COUNT, count)))
14766 goto nla_put_failure;
14767
14768 genlmsg_end(msg, hdr);
14769
14770 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14771 NL80211_MCGRP_MLME, gfp);
14772 return;
14773
14774 nla_put_failure:
14775 genlmsg_cancel(msg, hdr);
14776 nlmsg_free(msg);
14777 }
14778
14779 void cfg80211_ch_switch_notify(struct net_device *dev,
14780 struct cfg80211_chan_def *chandef)
14781 {
14782 struct wireless_dev *wdev = dev->ieee80211_ptr;
14783 struct wiphy *wiphy = wdev->wiphy;
14784 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
14785
14786 ASSERT_WDEV_LOCK(wdev);
14787
14788 trace_cfg80211_ch_switch_notify(dev, chandef);
14789
14790 wdev->chandef = *chandef;
14791 wdev->preset_chandef = *chandef;
14792 nl80211_ch_switch_notify(rdev, dev, chandef, GFP_KERNEL,
14793 NL80211_CMD_CH_SWITCH_NOTIFY, 0);
14794 }
14795 EXPORT_SYMBOL(cfg80211_ch_switch_notify);
14796
14797 void cfg80211_ch_switch_started_notify(struct net_device *dev,
14798 struct cfg80211_chan_def *chandef,
14799 u8 count)
14800 {
14801 struct wireless_dev *wdev = dev->ieee80211_ptr;
14802 struct wiphy *wiphy = wdev->wiphy;
14803 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
14804
14805 trace_cfg80211_ch_switch_started_notify(dev, chandef);
14806
14807 nl80211_ch_switch_notify(rdev, dev, chandef, GFP_KERNEL,
14808 NL80211_CMD_CH_SWITCH_STARTED_NOTIFY, count);
14809 }
14810 EXPORT_SYMBOL(cfg80211_ch_switch_started_notify);
14811
14812 void
14813 nl80211_radar_notify(struct cfg80211_registered_device *rdev,
14814 const struct cfg80211_chan_def *chandef,
14815 enum nl80211_radar_event event,
14816 struct net_device *netdev, gfp_t gfp)
14817 {
14818 struct sk_buff *msg;
14819 void *hdr;
14820
14821 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
14822 if (!msg)
14823 return;
14824
14825 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_RADAR_DETECT);
14826 if (!hdr) {
14827 nlmsg_free(msg);
14828 return;
14829 }
14830
14831 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
14832 goto nla_put_failure;
14833
14834 /* NOP and radar events don't need a netdev parameter */
14835 if (netdev) {
14836 struct wireless_dev *wdev = netdev->ieee80211_ptr;
14837
14838 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
14839 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
14840 NL80211_ATTR_PAD))
14841 goto nla_put_failure;
14842 }
14843
14844 if (nla_put_u32(msg, NL80211_ATTR_RADAR_EVENT, event))
14845 goto nla_put_failure;
14846
14847 if (nl80211_send_chandef(msg, chandef))
14848 goto nla_put_failure;
14849
14850 genlmsg_end(msg, hdr);
14851
14852 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14853 NL80211_MCGRP_MLME, gfp);
14854 return;
14855
14856 nla_put_failure:
14857 genlmsg_cancel(msg, hdr);
14858 nlmsg_free(msg);
14859 }
14860
14861 void cfg80211_probe_status(struct net_device *dev, const u8 *addr,
14862 u64 cookie, bool acked, gfp_t gfp)
14863 {
14864 struct wireless_dev *wdev = dev->ieee80211_ptr;
14865 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
14866 struct sk_buff *msg;
14867 void *hdr;
14868
14869 trace_cfg80211_probe_status(dev, addr, cookie, acked);
14870
14871 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
14872
14873 if (!msg)
14874 return;
14875
14876 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PROBE_CLIENT);
14877 if (!hdr) {
14878 nlmsg_free(msg);
14879 return;
14880 }
14881
14882 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14883 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
14884 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
14885 nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
14886 NL80211_ATTR_PAD) ||
14887 (acked && nla_put_flag(msg, NL80211_ATTR_ACK)))
14888 goto nla_put_failure;
14889
14890 genlmsg_end(msg, hdr);
14891
14892 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14893 NL80211_MCGRP_MLME, gfp);
14894 return;
14895
14896 nla_put_failure:
14897 genlmsg_cancel(msg, hdr);
14898 nlmsg_free(msg);
14899 }
14900 EXPORT_SYMBOL(cfg80211_probe_status);
14901
14902 void cfg80211_report_obss_beacon(struct wiphy *wiphy,
14903 const u8 *frame, size_t len,
14904 int freq, int sig_dbm)
14905 {
14906 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
14907 struct sk_buff *msg;
14908 void *hdr;
14909 struct cfg80211_beacon_registration *reg;
14910
14911 trace_cfg80211_report_obss_beacon(wiphy, frame, len, freq, sig_dbm);
14912
14913 spin_lock_bh(&rdev->beacon_registrations_lock);
14914 list_for_each_entry(reg, &rdev->beacon_registrations, list) {
14915 msg = nlmsg_new(len + 100, GFP_ATOMIC);
14916 if (!msg) {
14917 spin_unlock_bh(&rdev->beacon_registrations_lock);
14918 return;
14919 }
14920
14921 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
14922 if (!hdr)
14923 goto nla_put_failure;
14924
14925 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14926 (freq &&
14927 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq)) ||
14928 (sig_dbm &&
14929 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) ||
14930 nla_put(msg, NL80211_ATTR_FRAME, len, frame))
14931 goto nla_put_failure;
14932
14933 genlmsg_end(msg, hdr);
14934
14935 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, reg->nlportid);
14936 }
14937 spin_unlock_bh(&rdev->beacon_registrations_lock);
14938 return;
14939
14940 nla_put_failure:
14941 spin_unlock_bh(&rdev->beacon_registrations_lock);
14942 if (hdr)
14943 genlmsg_cancel(msg, hdr);
14944 nlmsg_free(msg);
14945 }
14946 EXPORT_SYMBOL(cfg80211_report_obss_beacon);
14947
14948 #ifdef CONFIG_PM
14949 static int cfg80211_net_detect_results(struct sk_buff *msg,
14950 struct cfg80211_wowlan_wakeup *wakeup)
14951 {
14952 struct cfg80211_wowlan_nd_info *nd = wakeup->net_detect;
14953 struct nlattr *nl_results, *nl_match, *nl_freqs;
14954 int i, j;
14955
14956 nl_results = nla_nest_start(
14957 msg, NL80211_WOWLAN_TRIG_NET_DETECT_RESULTS);
14958 if (!nl_results)
14959 return -EMSGSIZE;
14960
14961 for (i = 0; i < nd->n_matches; i++) {
14962 struct cfg80211_wowlan_nd_match *match = nd->matches[i];
14963
14964 nl_match = nla_nest_start(msg, i);
14965 if (!nl_match)
14966 break;
14967
14968 /* The SSID attribute is optional in nl80211, but for
14969 * simplicity reasons it's always present in the
14970 * cfg80211 structure. If a driver can't pass the
14971 * SSID, that needs to be changed. A zero length SSID
14972 * is still a valid SSID (wildcard), so it cannot be
14973 * used for this purpose.
14974 */
14975 if (nla_put(msg, NL80211_ATTR_SSID, match->ssid.ssid_len,
14976 match->ssid.ssid)) {
14977 nla_nest_cancel(msg, nl_match);
14978 goto out;
14979 }
14980
14981 if (match->n_channels) {
14982 nl_freqs = nla_nest_start(
14983 msg, NL80211_ATTR_SCAN_FREQUENCIES);
14984 if (!nl_freqs) {
14985 nla_nest_cancel(msg, nl_match);
14986 goto out;
14987 }
14988
14989 for (j = 0; j < match->n_channels; j++) {
14990 if (nla_put_u32(msg, j, match->channels[j])) {
14991 nla_nest_cancel(msg, nl_freqs);
14992 nla_nest_cancel(msg, nl_match);
14993 goto out;
14994 }
14995 }
14996
14997 nla_nest_end(msg, nl_freqs);
14998 }
14999
15000 nla_nest_end(msg, nl_match);
15001 }
15002
15003 out:
15004 nla_nest_end(msg, nl_results);
15005 return 0;
15006 }
15007
15008 void cfg80211_report_wowlan_wakeup(struct wireless_dev *wdev,
15009 struct cfg80211_wowlan_wakeup *wakeup,
15010 gfp_t gfp)
15011 {
15012 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
15013 struct sk_buff *msg;
15014 void *hdr;
15015 int size = 200;
15016
15017 trace_cfg80211_report_wowlan_wakeup(wdev->wiphy, wdev, wakeup);
15018
15019 if (wakeup)
15020 size += wakeup->packet_present_len;
15021
15022 msg = nlmsg_new(size, gfp);
15023 if (!msg)
15024 return;
15025
15026 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_WOWLAN);
15027 if (!hdr)
15028 goto free_msg;
15029
15030 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15031 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
15032 NL80211_ATTR_PAD))
15033 goto free_msg;
15034
15035 if (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
15036 wdev->netdev->ifindex))
15037 goto free_msg;
15038
15039 if (wakeup) {
15040 struct nlattr *reasons;
15041
15042 reasons = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS);
15043 if (!reasons)
15044 goto free_msg;
15045
15046 if (wakeup->disconnect &&
15047 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT))
15048 goto free_msg;
15049 if (wakeup->magic_pkt &&
15050 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT))
15051 goto free_msg;
15052 if (wakeup->gtk_rekey_failure &&
15053 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE))
15054 goto free_msg;
15055 if (wakeup->eap_identity_req &&
15056 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST))
15057 goto free_msg;
15058 if (wakeup->four_way_handshake &&
15059 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE))
15060 goto free_msg;
15061 if (wakeup->rfkill_release &&
15062 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE))
15063 goto free_msg;
15064
15065 if (wakeup->pattern_idx >= 0 &&
15066 nla_put_u32(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
15067 wakeup->pattern_idx))
15068 goto free_msg;
15069
15070 if (wakeup->tcp_match &&
15071 nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_MATCH))
15072 goto free_msg;
15073
15074 if (wakeup->tcp_connlost &&
15075 nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_CONNLOST))
15076 goto free_msg;
15077
15078 if (wakeup->tcp_nomoretokens &&
15079 nla_put_flag(msg,
15080 NL80211_WOWLAN_TRIG_WAKEUP_TCP_NOMORETOKENS))
15081 goto free_msg;
15082
15083 if (wakeup->packet) {
15084 u32 pkt_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211;
15085 u32 len_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211_LEN;
15086
15087 if (!wakeup->packet_80211) {
15088 pkt_attr =
15089 NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023;
15090 len_attr =
15091 NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023_LEN;
15092 }
15093
15094 if (wakeup->packet_len &&
15095 nla_put_u32(msg, len_attr, wakeup->packet_len))
15096 goto free_msg;
15097
15098 if (nla_put(msg, pkt_attr, wakeup->packet_present_len,
15099 wakeup->packet))
15100 goto free_msg;
15101 }
15102
15103 if (wakeup->net_detect &&
15104 cfg80211_net_detect_results(msg, wakeup))
15105 goto free_msg;
15106
15107 nla_nest_end(msg, reasons);
15108 }
15109
15110 genlmsg_end(msg, hdr);
15111
15112 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15113 NL80211_MCGRP_MLME, gfp);
15114 return;
15115
15116 free_msg:
15117 nlmsg_free(msg);
15118 }
15119 EXPORT_SYMBOL(cfg80211_report_wowlan_wakeup);
15120 #endif
15121
15122 void cfg80211_tdls_oper_request(struct net_device *dev, const u8 *peer,
15123 enum nl80211_tdls_operation oper,
15124 u16 reason_code, gfp_t gfp)
15125 {
15126 struct wireless_dev *wdev = dev->ieee80211_ptr;
15127 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
15128 struct sk_buff *msg;
15129 void *hdr;
15130
15131 trace_cfg80211_tdls_oper_request(wdev->wiphy, dev, peer, oper,
15132 reason_code);
15133
15134 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
15135 if (!msg)
15136 return;
15137
15138 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_TDLS_OPER);
15139 if (!hdr) {
15140 nlmsg_free(msg);
15141 return;
15142 }
15143
15144 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15145 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
15146 nla_put_u8(msg, NL80211_ATTR_TDLS_OPERATION, oper) ||
15147 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer) ||
15148 (reason_code > 0 &&
15149 nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason_code)))
15150 goto nla_put_failure;
15151
15152 genlmsg_end(msg, hdr);
15153
15154 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15155 NL80211_MCGRP_MLME, gfp);
15156 return;
15157
15158 nla_put_failure:
15159 genlmsg_cancel(msg, hdr);
15160 nlmsg_free(msg);
15161 }
15162 EXPORT_SYMBOL(cfg80211_tdls_oper_request);
15163
15164 static int nl80211_netlink_notify(struct notifier_block * nb,
15165 unsigned long state,
15166 void *_notify)
15167 {
15168 struct netlink_notify *notify = _notify;
15169 struct cfg80211_registered_device *rdev;
15170 struct wireless_dev *wdev;
15171 struct cfg80211_beacon_registration *reg, *tmp;
15172
15173 if (state != NETLINK_URELEASE || notify->protocol != NETLINK_GENERIC)
15174 return NOTIFY_DONE;
15175
15176 rcu_read_lock();
15177
15178 list_for_each_entry_rcu(rdev, &cfg80211_rdev_list, list) {
15179 struct cfg80211_sched_scan_request *sched_scan_req;
15180
15181 list_for_each_entry_rcu(sched_scan_req,
15182 &rdev->sched_scan_req_list,
15183 list) {
15184 if (sched_scan_req->owner_nlportid == notify->portid) {
15185 sched_scan_req->nl_owner_dead = true;
15186 schedule_work(&rdev->sched_scan_stop_wk);
15187 }
15188 }
15189
15190 list_for_each_entry_rcu(wdev, &rdev->wiphy.wdev_list, list) {
15191 cfg80211_mlme_unregister_socket(wdev, notify->portid);
15192
15193 if (wdev->owner_nlportid == notify->portid) {
15194 wdev->nl_owner_dead = true;
15195 schedule_work(&rdev->destroy_work);
15196 } else if (wdev->conn_owner_nlportid == notify->portid) {
15197 schedule_work(&wdev->disconnect_wk);
15198 }
15199 }
15200
15201 spin_lock_bh(&rdev->beacon_registrations_lock);
15202 list_for_each_entry_safe(reg, tmp, &rdev->beacon_registrations,
15203 list) {
15204 if (reg->nlportid == notify->portid) {
15205 list_del(&reg->list);
15206 kfree(reg);
15207 break;
15208 }
15209 }
15210 spin_unlock_bh(&rdev->beacon_registrations_lock);
15211 }
15212
15213 rcu_read_unlock();
15214
15215 /*
15216 * It is possible that the user space process that is controlling the
15217 * indoor setting disappeared, so notify the regulatory core.
15218 */
15219 regulatory_netlink_notify(notify->portid);
15220 return NOTIFY_OK;
15221 }
15222
15223 static struct notifier_block nl80211_netlink_notifier = {
15224 .notifier_call = nl80211_netlink_notify,
15225 };
15226
15227 void cfg80211_ft_event(struct net_device *netdev,
15228 struct cfg80211_ft_event_params *ft_event)
15229 {
15230 struct wiphy *wiphy = netdev->ieee80211_ptr->wiphy;
15231 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15232 struct sk_buff *msg;
15233 void *hdr;
15234
15235 trace_cfg80211_ft_event(wiphy, netdev, ft_event);
15236
15237 if (!ft_event->target_ap)
15238 return;
15239
15240 msg = nlmsg_new(100 + ft_event->ric_ies_len, GFP_KERNEL);
15241 if (!msg)
15242 return;
15243
15244 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FT_EVENT);
15245 if (!hdr)
15246 goto out;
15247
15248 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15249 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
15250 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, ft_event->target_ap))
15251 goto out;
15252
15253 if (ft_event->ies &&
15254 nla_put(msg, NL80211_ATTR_IE, ft_event->ies_len, ft_event->ies))
15255 goto out;
15256 if (ft_event->ric_ies &&
15257 nla_put(msg, NL80211_ATTR_IE_RIC, ft_event->ric_ies_len,
15258 ft_event->ric_ies))
15259 goto out;
15260
15261 genlmsg_end(msg, hdr);
15262
15263 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15264 NL80211_MCGRP_MLME, GFP_KERNEL);
15265 return;
15266 out:
15267 nlmsg_free(msg);
15268 }
15269 EXPORT_SYMBOL(cfg80211_ft_event);
15270
15271 void cfg80211_crit_proto_stopped(struct wireless_dev *wdev, gfp_t gfp)
15272 {
15273 struct cfg80211_registered_device *rdev;
15274 struct sk_buff *msg;
15275 void *hdr;
15276 u32 nlportid;
15277
15278 rdev = wiphy_to_rdev(wdev->wiphy);
15279 if (!rdev->crit_proto_nlportid)
15280 return;
15281
15282 nlportid = rdev->crit_proto_nlportid;
15283 rdev->crit_proto_nlportid = 0;
15284
15285 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
15286 if (!msg)
15287 return;
15288
15289 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CRIT_PROTOCOL_STOP);
15290 if (!hdr)
15291 goto nla_put_failure;
15292
15293 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15294 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
15295 NL80211_ATTR_PAD))
15296 goto nla_put_failure;
15297
15298 genlmsg_end(msg, hdr);
15299
15300 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
15301 return;
15302
15303 nla_put_failure:
15304 if (hdr)
15305 genlmsg_cancel(msg, hdr);
15306 nlmsg_free(msg);
15307 }
15308 EXPORT_SYMBOL(cfg80211_crit_proto_stopped);
15309
15310 void nl80211_send_ap_stopped(struct wireless_dev *wdev)
15311 {
15312 struct wiphy *wiphy = wdev->wiphy;
15313 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15314 struct sk_buff *msg;
15315 void *hdr;
15316
15317 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
15318 if (!msg)
15319 return;
15320
15321 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_STOP_AP);
15322 if (!hdr)
15323 goto out;
15324
15325 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15326 nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex) ||
15327 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
15328 NL80211_ATTR_PAD))
15329 goto out;
15330
15331 genlmsg_end(msg, hdr);
15332
15333 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(wiphy), msg, 0,
15334 NL80211_MCGRP_MLME, GFP_KERNEL);
15335 return;
15336 out:
15337 nlmsg_free(msg);
15338 }
15339
15340 /* initialisation/exit functions */
15341
15342 int __init nl80211_init(void)
15343 {
15344 int err;
15345
15346 err = genl_register_family(&nl80211_fam);
15347 if (err)
15348 return err;
15349
15350 err = netlink_register_notifier(&nl80211_netlink_notifier);
15351 if (err)
15352 goto err_out;
15353
15354 return 0;
15355 err_out:
15356 genl_unregister_family(&nl80211_fam);
15357 return err;
15358 }
15359
15360 void nl80211_exit(void)
15361 {
15362 netlink_unregister_notifier(&nl80211_netlink_notifier);
15363 genl_unregister_family(&nl80211_fam);
15364 }
ubuntu-bionic-kernel mirror