]> git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/blob - net/wireless/nl80211.c
projects / mirror_ubuntu-bionic-kernel.git / blob
? search:


ab7ee4893e40a3c386834c7ae5a5f371be22005b
[mirror_ubuntu-bionic-kernel.git] / net / wireless / nl80211.c
1 /*
2 * This is the new netlink-based wireless configuration interface.
3 *
4 * Copyright 2006-2010 Johannes Berg <johannes@sipsolutions.net>
5 * Copyright 2013-2014 Intel Mobile Communications GmbH
6 */
7
8 #include <linux/if.h>
9 #include <linux/module.h>
10 #include <linux/err.h>
11 #include <linux/slab.h>
12 #include <linux/list.h>
13 #include <linux/if_ether.h>
14 #include <linux/ieee80211.h>
15 #include <linux/nl80211.h>
16 #include <linux/rtnetlink.h>
17 #include <linux/netlink.h>
18 #include <linux/etherdevice.h>
19 #include <net/net_namespace.h>
20 #include <net/genetlink.h>
21 #include <net/cfg80211.h>
22 #include <net/sock.h>
23 #include <net/inet_connection_sock.h>
24 #include "core.h"
25 #include "nl80211.h"
26 #include "reg.h"
27 #include "rdev-ops.h"
28
29 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
30 struct genl_info *info,
31 struct cfg80211_crypto_settings *settings,
32 int cipher_limit);
33
34 static int nl80211_pre_doit(const struct genl_ops *ops, struct sk_buff *skb,
35 struct genl_info *info);
36 static void nl80211_post_doit(const struct genl_ops *ops, struct sk_buff *skb,
37 struct genl_info *info);
38
39 /* the netlink family */
40 static struct genl_family nl80211_fam = {
41 .id = GENL_ID_GENERATE, /* don't bother with a hardcoded ID */
42 .name = NL80211_GENL_NAME, /* have users key off the name instead */
43 .hdrsize = 0, /* no private header */
44 .version = 1, /* no particular meaning now */
45 .maxattr = NL80211_ATTR_MAX,
46 .netnsok = true,
47 .pre_doit = nl80211_pre_doit,
48 .post_doit = nl80211_post_doit,
49 };
50
51 /* multicast groups */
52 enum nl80211_multicast_groups {
53 NL80211_MCGRP_CONFIG,
54 NL80211_MCGRP_SCAN,
55 NL80211_MCGRP_REGULATORY,
56 NL80211_MCGRP_MLME,
57 NL80211_MCGRP_VENDOR,
58 NL80211_MCGRP_TESTMODE /* keep last - ifdef! */
59 };
60
61 static const struct genl_multicast_group nl80211_mcgrps[] = {
62 [NL80211_MCGRP_CONFIG] = { .name = "config", },
63 [NL80211_MCGRP_SCAN] = { .name = "scan", },
64 [NL80211_MCGRP_REGULATORY] = { .name = "regulatory", },
65 [NL80211_MCGRP_MLME] = { .name = "mlme", },
66 [NL80211_MCGRP_VENDOR] = { .name = "vendor", },
67 #ifdef CONFIG_NL80211_TESTMODE
68 [NL80211_MCGRP_TESTMODE] = { .name = "testmode", }
69 #endif
70 };
71
72 /* returns ERR_PTR values */
73 static struct wireless_dev *
74 __cfg80211_wdev_from_attrs(struct net *netns, struct nlattr **attrs)
75 {
76 struct cfg80211_registered_device *rdev;
77 struct wireless_dev *result = NULL;
78 bool have_ifidx = attrs[NL80211_ATTR_IFINDEX];
79 bool have_wdev_id = attrs[NL80211_ATTR_WDEV];
80 u64 wdev_id;
81 int wiphy_idx = -1;
82 int ifidx = -1;
83
84 ASSERT_RTNL();
85
86 if (!have_ifidx && !have_wdev_id)
87 return ERR_PTR(-EINVAL);
88
89 if (have_ifidx)
90 ifidx = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
91 if (have_wdev_id) {
92 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
93 wiphy_idx = wdev_id >> 32;
94 }
95
96 list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
97 struct wireless_dev *wdev;
98
99 if (wiphy_net(&rdev->wiphy) != netns)
100 continue;
101
102 if (have_wdev_id && rdev->wiphy_idx != wiphy_idx)
103 continue;
104
105 list_for_each_entry(wdev, &rdev->wdev_list, list) {
106 if (have_ifidx && wdev->netdev &&
107 wdev->netdev->ifindex == ifidx) {
108 result = wdev;
109 break;
110 }
111 if (have_wdev_id && wdev->identifier == (u32)wdev_id) {
112 result = wdev;
113 break;
114 }
115 }
116
117 if (result)
118 break;
119 }
120
121 if (result)
122 return result;
123 return ERR_PTR(-ENODEV);
124 }
125
126 static struct cfg80211_registered_device *
127 __cfg80211_rdev_from_attrs(struct net *netns, struct nlattr **attrs)
128 {
129 struct cfg80211_registered_device *rdev = NULL, *tmp;
130 struct net_device *netdev;
131
132 ASSERT_RTNL();
133
134 if (!attrs[NL80211_ATTR_WIPHY] &&
135 !attrs[NL80211_ATTR_IFINDEX] &&
136 !attrs[NL80211_ATTR_WDEV])
137 return ERR_PTR(-EINVAL);
138
139 if (attrs[NL80211_ATTR_WIPHY])
140 rdev = cfg80211_rdev_by_wiphy_idx(
141 nla_get_u32(attrs[NL80211_ATTR_WIPHY]));
142
143 if (attrs[NL80211_ATTR_WDEV]) {
144 u64 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
145 struct wireless_dev *wdev;
146 bool found = false;
147
148 tmp = cfg80211_rdev_by_wiphy_idx(wdev_id >> 32);
149 if (tmp) {
150 /* make sure wdev exists */
151 list_for_each_entry(wdev, &tmp->wdev_list, list) {
152 if (wdev->identifier != (u32)wdev_id)
153 continue;
154 found = true;
155 break;
156 }
157
158 if (!found)
159 tmp = NULL;
160
161 if (rdev && tmp != rdev)
162 return ERR_PTR(-EINVAL);
163 rdev = tmp;
164 }
165 }
166
167 if (attrs[NL80211_ATTR_IFINDEX]) {
168 int ifindex = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
169 netdev = __dev_get_by_index(netns, ifindex);
170 if (netdev) {
171 if (netdev->ieee80211_ptr)
172 tmp = wiphy_to_rdev(
173 netdev->ieee80211_ptr->wiphy);
174 else
175 tmp = NULL;
176
177 /* not wireless device -- return error */
178 if (!tmp)
179 return ERR_PTR(-EINVAL);
180
181 /* mismatch -- return error */
182 if (rdev && tmp != rdev)
183 return ERR_PTR(-EINVAL);
184
185 rdev = tmp;
186 }
187 }
188
189 if (!rdev)
190 return ERR_PTR(-ENODEV);
191
192 if (netns != wiphy_net(&rdev->wiphy))
193 return ERR_PTR(-ENODEV);
194
195 return rdev;
196 }
197
198 /*
199 * This function returns a pointer to the driver
200 * that the genl_info item that is passed refers to.
201 *
202 * The result of this can be a PTR_ERR and hence must
203 * be checked with IS_ERR() for errors.
204 */
205 static struct cfg80211_registered_device *
206 cfg80211_get_dev_from_info(struct net *netns, struct genl_info *info)
207 {
208 return __cfg80211_rdev_from_attrs(netns, info->attrs);
209 }
210
211 /* policy for the attributes */
212 static const struct nla_policy nl80211_policy[NL80211_ATTR_MAX+1] = {
213 [NL80211_ATTR_WIPHY] = { .type = NLA_U32 },
214 [NL80211_ATTR_WIPHY_NAME] = { .type = NLA_NUL_STRING,
215 .len = 20-1 },
216 [NL80211_ATTR_WIPHY_TXQ_PARAMS] = { .type = NLA_NESTED },
217
218 [NL80211_ATTR_WIPHY_FREQ] = { .type = NLA_U32 },
219 [NL80211_ATTR_WIPHY_CHANNEL_TYPE] = { .type = NLA_U32 },
220 [NL80211_ATTR_CHANNEL_WIDTH] = { .type = NLA_U32 },
221 [NL80211_ATTR_CENTER_FREQ1] = { .type = NLA_U32 },
222 [NL80211_ATTR_CENTER_FREQ2] = { .type = NLA_U32 },
223
224 [NL80211_ATTR_WIPHY_RETRY_SHORT] = { .type = NLA_U8 },
225 [NL80211_ATTR_WIPHY_RETRY_LONG] = { .type = NLA_U8 },
226 [NL80211_ATTR_WIPHY_FRAG_THRESHOLD] = { .type = NLA_U32 },
227 [NL80211_ATTR_WIPHY_RTS_THRESHOLD] = { .type = NLA_U32 },
228 [NL80211_ATTR_WIPHY_COVERAGE_CLASS] = { .type = NLA_U8 },
229 [NL80211_ATTR_WIPHY_DYN_ACK] = { .type = NLA_FLAG },
230
231 [NL80211_ATTR_IFTYPE] = { .type = NLA_U32 },
232 [NL80211_ATTR_IFINDEX] = { .type = NLA_U32 },
233 [NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 },
234
235 [NL80211_ATTR_MAC] = { .len = ETH_ALEN },
236 [NL80211_ATTR_PREV_BSSID] = { .len = ETH_ALEN },
237
238 [NL80211_ATTR_KEY] = { .type = NLA_NESTED, },
239 [NL80211_ATTR_KEY_DATA] = { .type = NLA_BINARY,
240 .len = WLAN_MAX_KEY_LEN },
241 [NL80211_ATTR_KEY_IDX] = { .type = NLA_U8 },
242 [NL80211_ATTR_KEY_CIPHER] = { .type = NLA_U32 },
243 [NL80211_ATTR_KEY_DEFAULT] = { .type = NLA_FLAG },
244 [NL80211_ATTR_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
245 [NL80211_ATTR_KEY_TYPE] = { .type = NLA_U32 },
246
247 [NL80211_ATTR_BEACON_INTERVAL] = { .type = NLA_U32 },
248 [NL80211_ATTR_DTIM_PERIOD] = { .type = NLA_U32 },
249 [NL80211_ATTR_BEACON_HEAD] = { .type = NLA_BINARY,
250 .len = IEEE80211_MAX_DATA_LEN },
251 [NL80211_ATTR_BEACON_TAIL] = { .type = NLA_BINARY,
252 .len = IEEE80211_MAX_DATA_LEN },
253 [NL80211_ATTR_STA_AID] = { .type = NLA_U16 },
254 [NL80211_ATTR_STA_FLAGS] = { .type = NLA_NESTED },
255 [NL80211_ATTR_STA_LISTEN_INTERVAL] = { .type = NLA_U16 },
256 [NL80211_ATTR_STA_SUPPORTED_RATES] = { .type = NLA_BINARY,
257 .len = NL80211_MAX_SUPP_RATES },
258 [NL80211_ATTR_STA_PLINK_ACTION] = { .type = NLA_U8 },
259 [NL80211_ATTR_STA_VLAN] = { .type = NLA_U32 },
260 [NL80211_ATTR_MNTR_FLAGS] = { /* NLA_NESTED can't be empty */ },
261 [NL80211_ATTR_MESH_ID] = { .type = NLA_BINARY,
262 .len = IEEE80211_MAX_MESH_ID_LEN },
263 [NL80211_ATTR_MPATH_NEXT_HOP] = { .type = NLA_U32 },
264
265 [NL80211_ATTR_REG_ALPHA2] = { .type = NLA_STRING, .len = 2 },
266 [NL80211_ATTR_REG_RULES] = { .type = NLA_NESTED },
267
268 [NL80211_ATTR_BSS_CTS_PROT] = { .type = NLA_U8 },
269 [NL80211_ATTR_BSS_SHORT_PREAMBLE] = { .type = NLA_U8 },
270 [NL80211_ATTR_BSS_SHORT_SLOT_TIME] = { .type = NLA_U8 },
271 [NL80211_ATTR_BSS_BASIC_RATES] = { .type = NLA_BINARY,
272 .len = NL80211_MAX_SUPP_RATES },
273 [NL80211_ATTR_BSS_HT_OPMODE] = { .type = NLA_U16 },
274
275 [NL80211_ATTR_MESH_CONFIG] = { .type = NLA_NESTED },
276 [NL80211_ATTR_SUPPORT_MESH_AUTH] = { .type = NLA_FLAG },
277
278 [NL80211_ATTR_HT_CAPABILITY] = { .len = NL80211_HT_CAPABILITY_LEN },
279
280 [NL80211_ATTR_MGMT_SUBTYPE] = { .type = NLA_U8 },
281 [NL80211_ATTR_IE] = { .type = NLA_BINARY,
282 .len = IEEE80211_MAX_DATA_LEN },
283 [NL80211_ATTR_SCAN_FREQUENCIES] = { .type = NLA_NESTED },
284 [NL80211_ATTR_SCAN_SSIDS] = { .type = NLA_NESTED },
285
286 [NL80211_ATTR_SSID] = { .type = NLA_BINARY,
287 .len = IEEE80211_MAX_SSID_LEN },
288 [NL80211_ATTR_AUTH_TYPE] = { .type = NLA_U32 },
289 [NL80211_ATTR_REASON_CODE] = { .type = NLA_U16 },
290 [NL80211_ATTR_FREQ_FIXED] = { .type = NLA_FLAG },
291 [NL80211_ATTR_TIMED_OUT] = { .type = NLA_FLAG },
292 [NL80211_ATTR_USE_MFP] = { .type = NLA_U32 },
293 [NL80211_ATTR_STA_FLAGS2] = {
294 .len = sizeof(struct nl80211_sta_flag_update),
295 },
296 [NL80211_ATTR_CONTROL_PORT] = { .type = NLA_FLAG },
297 [NL80211_ATTR_CONTROL_PORT_ETHERTYPE] = { .type = NLA_U16 },
298 [NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT] = { .type = NLA_FLAG },
299 [NL80211_ATTR_PRIVACY] = { .type = NLA_FLAG },
300 [NL80211_ATTR_CIPHER_SUITE_GROUP] = { .type = NLA_U32 },
301 [NL80211_ATTR_WPA_VERSIONS] = { .type = NLA_U32 },
302 [NL80211_ATTR_PID] = { .type = NLA_U32 },
303 [NL80211_ATTR_4ADDR] = { .type = NLA_U8 },
304 [NL80211_ATTR_PMKID] = { .type = NLA_BINARY,
305 .len = WLAN_PMKID_LEN },
306 [NL80211_ATTR_DURATION] = { .type = NLA_U32 },
307 [NL80211_ATTR_COOKIE] = { .type = NLA_U64 },
308 [NL80211_ATTR_TX_RATES] = { .type = NLA_NESTED },
309 [NL80211_ATTR_FRAME] = { .type = NLA_BINARY,
310 .len = IEEE80211_MAX_DATA_LEN },
311 [NL80211_ATTR_FRAME_MATCH] = { .type = NLA_BINARY, },
312 [NL80211_ATTR_PS_STATE] = { .type = NLA_U32 },
313 [NL80211_ATTR_CQM] = { .type = NLA_NESTED, },
314 [NL80211_ATTR_LOCAL_STATE_CHANGE] = { .type = NLA_FLAG },
315 [NL80211_ATTR_AP_ISOLATE] = { .type = NLA_U8 },
316 [NL80211_ATTR_WIPHY_TX_POWER_SETTING] = { .type = NLA_U32 },
317 [NL80211_ATTR_WIPHY_TX_POWER_LEVEL] = { .type = NLA_U32 },
318 [NL80211_ATTR_FRAME_TYPE] = { .type = NLA_U16 },
319 [NL80211_ATTR_WIPHY_ANTENNA_TX] = { .type = NLA_U32 },
320 [NL80211_ATTR_WIPHY_ANTENNA_RX] = { .type = NLA_U32 },
321 [NL80211_ATTR_MCAST_RATE] = { .type = NLA_U32 },
322 [NL80211_ATTR_OFFCHANNEL_TX_OK] = { .type = NLA_FLAG },
323 [NL80211_ATTR_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
324 [NL80211_ATTR_WOWLAN_TRIGGERS] = { .type = NLA_NESTED },
325 [NL80211_ATTR_STA_PLINK_STATE] = { .type = NLA_U8 },
326 [NL80211_ATTR_SCHED_SCAN_INTERVAL] = { .type = NLA_U32 },
327 [NL80211_ATTR_REKEY_DATA] = { .type = NLA_NESTED },
328 [NL80211_ATTR_SCAN_SUPP_RATES] = { .type = NLA_NESTED },
329 [NL80211_ATTR_HIDDEN_SSID] = { .type = NLA_U32 },
330 [NL80211_ATTR_IE_PROBE_RESP] = { .type = NLA_BINARY,
331 .len = IEEE80211_MAX_DATA_LEN },
332 [NL80211_ATTR_IE_ASSOC_RESP] = { .type = NLA_BINARY,
333 .len = IEEE80211_MAX_DATA_LEN },
334 [NL80211_ATTR_ROAM_SUPPORT] = { .type = NLA_FLAG },
335 [NL80211_ATTR_SCHED_SCAN_MATCH] = { .type = NLA_NESTED },
336 [NL80211_ATTR_TX_NO_CCK_RATE] = { .type = NLA_FLAG },
337 [NL80211_ATTR_TDLS_ACTION] = { .type = NLA_U8 },
338 [NL80211_ATTR_TDLS_DIALOG_TOKEN] = { .type = NLA_U8 },
339 [NL80211_ATTR_TDLS_OPERATION] = { .type = NLA_U8 },
340 [NL80211_ATTR_TDLS_SUPPORT] = { .type = NLA_FLAG },
341 [NL80211_ATTR_TDLS_EXTERNAL_SETUP] = { .type = NLA_FLAG },
342 [NL80211_ATTR_TDLS_INITIATOR] = { .type = NLA_FLAG },
343 [NL80211_ATTR_DONT_WAIT_FOR_ACK] = { .type = NLA_FLAG },
344 [NL80211_ATTR_PROBE_RESP] = { .type = NLA_BINARY,
345 .len = IEEE80211_MAX_DATA_LEN },
346 [NL80211_ATTR_DFS_REGION] = { .type = NLA_U8 },
347 [NL80211_ATTR_DISABLE_HT] = { .type = NLA_FLAG },
348 [NL80211_ATTR_HT_CAPABILITY_MASK] = {
349 .len = NL80211_HT_CAPABILITY_LEN
350 },
351 [NL80211_ATTR_NOACK_MAP] = { .type = NLA_U16 },
352 [NL80211_ATTR_INACTIVITY_TIMEOUT] = { .type = NLA_U16 },
353 [NL80211_ATTR_BG_SCAN_PERIOD] = { .type = NLA_U16 },
354 [NL80211_ATTR_WDEV] = { .type = NLA_U64 },
355 [NL80211_ATTR_USER_REG_HINT_TYPE] = { .type = NLA_U32 },
356 [NL80211_ATTR_SAE_DATA] = { .type = NLA_BINARY, },
357 [NL80211_ATTR_VHT_CAPABILITY] = { .len = NL80211_VHT_CAPABILITY_LEN },
358 [NL80211_ATTR_SCAN_FLAGS] = { .type = NLA_U32 },
359 [NL80211_ATTR_P2P_CTWINDOW] = { .type = NLA_U8 },
360 [NL80211_ATTR_P2P_OPPPS] = { .type = NLA_U8 },
361 [NL80211_ATTR_ACL_POLICY] = {. type = NLA_U32 },
362 [NL80211_ATTR_MAC_ADDRS] = { .type = NLA_NESTED },
363 [NL80211_ATTR_STA_CAPABILITY] = { .type = NLA_U16 },
364 [NL80211_ATTR_STA_EXT_CAPABILITY] = { .type = NLA_BINARY, },
365 [NL80211_ATTR_SPLIT_WIPHY_DUMP] = { .type = NLA_FLAG, },
366 [NL80211_ATTR_DISABLE_VHT] = { .type = NLA_FLAG },
367 [NL80211_ATTR_VHT_CAPABILITY_MASK] = {
368 .len = NL80211_VHT_CAPABILITY_LEN,
369 },
370 [NL80211_ATTR_MDID] = { .type = NLA_U16 },
371 [NL80211_ATTR_IE_RIC] = { .type = NLA_BINARY,
372 .len = IEEE80211_MAX_DATA_LEN },
373 [NL80211_ATTR_PEER_AID] = { .type = NLA_U16 },
374 [NL80211_ATTR_CH_SWITCH_COUNT] = { .type = NLA_U32 },
375 [NL80211_ATTR_CH_SWITCH_BLOCK_TX] = { .type = NLA_FLAG },
376 [NL80211_ATTR_CSA_IES] = { .type = NLA_NESTED },
377 [NL80211_ATTR_CSA_C_OFF_BEACON] = { .type = NLA_BINARY },
378 [NL80211_ATTR_CSA_C_OFF_PRESP] = { .type = NLA_BINARY },
379 [NL80211_ATTR_STA_SUPPORTED_CHANNELS] = { .type = NLA_BINARY },
380 [NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES] = { .type = NLA_BINARY },
381 [NL80211_ATTR_HANDLE_DFS] = { .type = NLA_FLAG },
382 [NL80211_ATTR_OPMODE_NOTIF] = { .type = NLA_U8 },
383 [NL80211_ATTR_VENDOR_ID] = { .type = NLA_U32 },
384 [NL80211_ATTR_VENDOR_SUBCMD] = { .type = NLA_U32 },
385 [NL80211_ATTR_VENDOR_DATA] = { .type = NLA_BINARY },
386 [NL80211_ATTR_QOS_MAP] = { .type = NLA_BINARY,
387 .len = IEEE80211_QOS_MAP_LEN_MAX },
388 [NL80211_ATTR_MAC_HINT] = { .len = ETH_ALEN },
389 [NL80211_ATTR_WIPHY_FREQ_HINT] = { .type = NLA_U32 },
390 [NL80211_ATTR_TDLS_PEER_CAPABILITY] = { .type = NLA_U32 },
391 [NL80211_ATTR_IFACE_SOCKET_OWNER] = { .type = NLA_FLAG },
392 [NL80211_ATTR_CSA_C_OFFSETS_TX] = { .type = NLA_BINARY },
393 [NL80211_ATTR_USE_RRM] = { .type = NLA_FLAG },
394 [NL80211_ATTR_TSID] = { .type = NLA_U8 },
395 [NL80211_ATTR_USER_PRIO] = { .type = NLA_U8 },
396 [NL80211_ATTR_ADMITTED_TIME] = { .type = NLA_U16 },
397 };
398
399 /* policy for the key attributes */
400 static const struct nla_policy nl80211_key_policy[NL80211_KEY_MAX + 1] = {
401 [NL80211_KEY_DATA] = { .type = NLA_BINARY, .len = WLAN_MAX_KEY_LEN },
402 [NL80211_KEY_IDX] = { .type = NLA_U8 },
403 [NL80211_KEY_CIPHER] = { .type = NLA_U32 },
404 [NL80211_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
405 [NL80211_KEY_DEFAULT] = { .type = NLA_FLAG },
406 [NL80211_KEY_DEFAULT_MGMT] = { .type = NLA_FLAG },
407 [NL80211_KEY_TYPE] = { .type = NLA_U32 },
408 [NL80211_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
409 };
410
411 /* policy for the key default flags */
412 static const struct nla_policy
413 nl80211_key_default_policy[NUM_NL80211_KEY_DEFAULT_TYPES] = {
414 [NL80211_KEY_DEFAULT_TYPE_UNICAST] = { .type = NLA_FLAG },
415 [NL80211_KEY_DEFAULT_TYPE_MULTICAST] = { .type = NLA_FLAG },
416 };
417
418 /* policy for WoWLAN attributes */
419 static const struct nla_policy
420 nl80211_wowlan_policy[NUM_NL80211_WOWLAN_TRIG] = {
421 [NL80211_WOWLAN_TRIG_ANY] = { .type = NLA_FLAG },
422 [NL80211_WOWLAN_TRIG_DISCONNECT] = { .type = NLA_FLAG },
423 [NL80211_WOWLAN_TRIG_MAGIC_PKT] = { .type = NLA_FLAG },
424 [NL80211_WOWLAN_TRIG_PKT_PATTERN] = { .type = NLA_NESTED },
425 [NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE] = { .type = NLA_FLAG },
426 [NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST] = { .type = NLA_FLAG },
427 [NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE] = { .type = NLA_FLAG },
428 [NL80211_WOWLAN_TRIG_RFKILL_RELEASE] = { .type = NLA_FLAG },
429 [NL80211_WOWLAN_TRIG_TCP_CONNECTION] = { .type = NLA_NESTED },
430 };
431
432 static const struct nla_policy
433 nl80211_wowlan_tcp_policy[NUM_NL80211_WOWLAN_TCP] = {
434 [NL80211_WOWLAN_TCP_SRC_IPV4] = { .type = NLA_U32 },
435 [NL80211_WOWLAN_TCP_DST_IPV4] = { .type = NLA_U32 },
436 [NL80211_WOWLAN_TCP_DST_MAC] = { .len = ETH_ALEN },
437 [NL80211_WOWLAN_TCP_SRC_PORT] = { .type = NLA_U16 },
438 [NL80211_WOWLAN_TCP_DST_PORT] = { .type = NLA_U16 },
439 [NL80211_WOWLAN_TCP_DATA_PAYLOAD] = { .len = 1 },
440 [NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ] = {
441 .len = sizeof(struct nl80211_wowlan_tcp_data_seq)
442 },
443 [NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN] = {
444 .len = sizeof(struct nl80211_wowlan_tcp_data_token)
445 },
446 [NL80211_WOWLAN_TCP_DATA_INTERVAL] = { .type = NLA_U32 },
447 [NL80211_WOWLAN_TCP_WAKE_PAYLOAD] = { .len = 1 },
448 [NL80211_WOWLAN_TCP_WAKE_MASK] = { .len = 1 },
449 };
450
451 /* policy for coalesce rule attributes */
452 static const struct nla_policy
453 nl80211_coalesce_policy[NUM_NL80211_ATTR_COALESCE_RULE] = {
454 [NL80211_ATTR_COALESCE_RULE_DELAY] = { .type = NLA_U32 },
455 [NL80211_ATTR_COALESCE_RULE_CONDITION] = { .type = NLA_U32 },
456 [NL80211_ATTR_COALESCE_RULE_PKT_PATTERN] = { .type = NLA_NESTED },
457 };
458
459 /* policy for GTK rekey offload attributes */
460 static const struct nla_policy
461 nl80211_rekey_policy[NUM_NL80211_REKEY_DATA] = {
462 [NL80211_REKEY_DATA_KEK] = { .len = NL80211_KEK_LEN },
463 [NL80211_REKEY_DATA_KCK] = { .len = NL80211_KCK_LEN },
464 [NL80211_REKEY_DATA_REPLAY_CTR] = { .len = NL80211_REPLAY_CTR_LEN },
465 };
466
467 static const struct nla_policy
468 nl80211_match_policy[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1] = {
469 [NL80211_SCHED_SCAN_MATCH_ATTR_SSID] = { .type = NLA_BINARY,
470 .len = IEEE80211_MAX_SSID_LEN },
471 [NL80211_SCHED_SCAN_MATCH_ATTR_RSSI] = { .type = NLA_U32 },
472 };
473
474 static int nl80211_prepare_wdev_dump(struct sk_buff *skb,
475 struct netlink_callback *cb,
476 struct cfg80211_registered_device **rdev,
477 struct wireless_dev **wdev)
478 {
479 int err;
480
481 rtnl_lock();
482
483 if (!cb->args[0]) {
484 err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
485 nl80211_fam.attrbuf, nl80211_fam.maxattr,
486 nl80211_policy);
487 if (err)
488 goto out_unlock;
489
490 *wdev = __cfg80211_wdev_from_attrs(sock_net(skb->sk),
491 nl80211_fam.attrbuf);
492 if (IS_ERR(*wdev)) {
493 err = PTR_ERR(*wdev);
494 goto out_unlock;
495 }
496 *rdev = wiphy_to_rdev((*wdev)->wiphy);
497 /* 0 is the first index - add 1 to parse only once */
498 cb->args[0] = (*rdev)->wiphy_idx + 1;
499 cb->args[1] = (*wdev)->identifier;
500 } else {
501 /* subtract the 1 again here */
502 struct wiphy *wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1);
503 struct wireless_dev *tmp;
504
505 if (!wiphy) {
506 err = -ENODEV;
507 goto out_unlock;
508 }
509 *rdev = wiphy_to_rdev(wiphy);
510 *wdev = NULL;
511
512 list_for_each_entry(tmp, &(*rdev)->wdev_list, list) {
513 if (tmp->identifier == cb->args[1]) {
514 *wdev = tmp;
515 break;
516 }
517 }
518
519 if (!*wdev) {
520 err = -ENODEV;
521 goto out_unlock;
522 }
523 }
524
525 return 0;
526 out_unlock:
527 rtnl_unlock();
528 return err;
529 }
530
531 static void nl80211_finish_wdev_dump(struct cfg80211_registered_device *rdev)
532 {
533 rtnl_unlock();
534 }
535
536 /* IE validation */
537 static bool is_valid_ie_attr(const struct nlattr *attr)
538 {
539 const u8 *pos;
540 int len;
541
542 if (!attr)
543 return true;
544
545 pos = nla_data(attr);
546 len = nla_len(attr);
547
548 while (len) {
549 u8 elemlen;
550
551 if (len < 2)
552 return false;
553 len -= 2;
554
555 elemlen = pos[1];
556 if (elemlen > len)
557 return false;
558
559 len -= elemlen;
560 pos += 2 + elemlen;
561 }
562
563 return true;
564 }
565
566 /* message building helper */
567 static inline void *nl80211hdr_put(struct sk_buff *skb, u32 portid, u32 seq,
568 int flags, u8 cmd)
569 {
570 /* since there is no private header just add the generic one */
571 return genlmsg_put(skb, portid, seq, &nl80211_fam, flags, cmd);
572 }
573
574 static int nl80211_msg_put_channel(struct sk_buff *msg,
575 struct ieee80211_channel *chan,
576 bool large)
577 {
578 /* Some channels must be completely excluded from the
579 * list to protect old user-space tools from breaking
580 */
581 if (!large && chan->flags &
582 (IEEE80211_CHAN_NO_10MHZ | IEEE80211_CHAN_NO_20MHZ))
583 return 0;
584
585 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_FREQ,
586 chan->center_freq))
587 goto nla_put_failure;
588
589 if ((chan->flags & IEEE80211_CHAN_DISABLED) &&
590 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_DISABLED))
591 goto nla_put_failure;
592 if (chan->flags & IEEE80211_CHAN_NO_IR) {
593 if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_IR))
594 goto nla_put_failure;
595 if (nla_put_flag(msg, __NL80211_FREQUENCY_ATTR_NO_IBSS))
596 goto nla_put_failure;
597 }
598 if (chan->flags & IEEE80211_CHAN_RADAR) {
599 if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_RADAR))
600 goto nla_put_failure;
601 if (large) {
602 u32 time;
603
604 time = elapsed_jiffies_msecs(chan->dfs_state_entered);
605
606 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_STATE,
607 chan->dfs_state))
608 goto nla_put_failure;
609 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_TIME,
610 time))
611 goto nla_put_failure;
612 if (nla_put_u32(msg,
613 NL80211_FREQUENCY_ATTR_DFS_CAC_TIME,
614 chan->dfs_cac_ms))
615 goto nla_put_failure;
616 }
617 }
618
619 if (large) {
620 if ((chan->flags & IEEE80211_CHAN_NO_HT40MINUS) &&
621 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_MINUS))
622 goto nla_put_failure;
623 if ((chan->flags & IEEE80211_CHAN_NO_HT40PLUS) &&
624 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_PLUS))
625 goto nla_put_failure;
626 if ((chan->flags & IEEE80211_CHAN_NO_80MHZ) &&
627 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_80MHZ))
628 goto nla_put_failure;
629 if ((chan->flags & IEEE80211_CHAN_NO_160MHZ) &&
630 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_160MHZ))
631 goto nla_put_failure;
632 if ((chan->flags & IEEE80211_CHAN_INDOOR_ONLY) &&
633 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_INDOOR_ONLY))
634 goto nla_put_failure;
635 if ((chan->flags & IEEE80211_CHAN_GO_CONCURRENT) &&
636 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_GO_CONCURRENT))
637 goto nla_put_failure;
638 if ((chan->flags & IEEE80211_CHAN_NO_20MHZ) &&
639 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_20MHZ))
640 goto nla_put_failure;
641 if ((chan->flags & IEEE80211_CHAN_NO_10MHZ) &&
642 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_10MHZ))
643 goto nla_put_failure;
644 }
645
646 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_MAX_TX_POWER,
647 DBM_TO_MBM(chan->max_power)))
648 goto nla_put_failure;
649
650 return 0;
651
652 nla_put_failure:
653 return -ENOBUFS;
654 }
655
656 /* netlink command implementations */
657
658 struct key_parse {
659 struct key_params p;
660 int idx;
661 int type;
662 bool def, defmgmt;
663 bool def_uni, def_multi;
664 };
665
666 static int nl80211_parse_key_new(struct nlattr *key, struct key_parse *k)
667 {
668 struct nlattr *tb[NL80211_KEY_MAX + 1];
669 int err = nla_parse_nested(tb, NL80211_KEY_MAX, key,
670 nl80211_key_policy);
671 if (err)
672 return err;
673
674 k->def = !!tb[NL80211_KEY_DEFAULT];
675 k->defmgmt = !!tb[NL80211_KEY_DEFAULT_MGMT];
676
677 if (k->def) {
678 k->def_uni = true;
679 k->def_multi = true;
680 }
681 if (k->defmgmt)
682 k->def_multi = true;
683
684 if (tb[NL80211_KEY_IDX])
685 k->idx = nla_get_u8(tb[NL80211_KEY_IDX]);
686
687 if (tb[NL80211_KEY_DATA]) {
688 k->p.key = nla_data(tb[NL80211_KEY_DATA]);
689 k->p.key_len = nla_len(tb[NL80211_KEY_DATA]);
690 }
691
692 if (tb[NL80211_KEY_SEQ]) {
693 k->p.seq = nla_data(tb[NL80211_KEY_SEQ]);
694 k->p.seq_len = nla_len(tb[NL80211_KEY_SEQ]);
695 }
696
697 if (tb[NL80211_KEY_CIPHER])
698 k->p.cipher = nla_get_u32(tb[NL80211_KEY_CIPHER]);
699
700 if (tb[NL80211_KEY_TYPE]) {
701 k->type = nla_get_u32(tb[NL80211_KEY_TYPE]);
702 if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES)
703 return -EINVAL;
704 }
705
706 if (tb[NL80211_KEY_DEFAULT_TYPES]) {
707 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
708 err = nla_parse_nested(kdt, NUM_NL80211_KEY_DEFAULT_TYPES - 1,
709 tb[NL80211_KEY_DEFAULT_TYPES],
710 nl80211_key_default_policy);
711 if (err)
712 return err;
713
714 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
715 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
716 }
717
718 return 0;
719 }
720
721 static int nl80211_parse_key_old(struct genl_info *info, struct key_parse *k)
722 {
723 if (info->attrs[NL80211_ATTR_KEY_DATA]) {
724 k->p.key = nla_data(info->attrs[NL80211_ATTR_KEY_DATA]);
725 k->p.key_len = nla_len(info->attrs[NL80211_ATTR_KEY_DATA]);
726 }
727
728 if (info->attrs[NL80211_ATTR_KEY_SEQ]) {
729 k->p.seq = nla_data(info->attrs[NL80211_ATTR_KEY_SEQ]);
730 k->p.seq_len = nla_len(info->attrs[NL80211_ATTR_KEY_SEQ]);
731 }
732
733 if (info->attrs[NL80211_ATTR_KEY_IDX])
734 k->idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
735
736 if (info->attrs[NL80211_ATTR_KEY_CIPHER])
737 k->p.cipher = nla_get_u32(info->attrs[NL80211_ATTR_KEY_CIPHER]);
738
739 k->def = !!info->attrs[NL80211_ATTR_KEY_DEFAULT];
740 k->defmgmt = !!info->attrs[NL80211_ATTR_KEY_DEFAULT_MGMT];
741
742 if (k->def) {
743 k->def_uni = true;
744 k->def_multi = true;
745 }
746 if (k->defmgmt)
747 k->def_multi = true;
748
749 if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
750 k->type = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
751 if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES)
752 return -EINVAL;
753 }
754
755 if (info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES]) {
756 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
757 int err = nla_parse_nested(
758 kdt, NUM_NL80211_KEY_DEFAULT_TYPES - 1,
759 info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES],
760 nl80211_key_default_policy);
761 if (err)
762 return err;
763
764 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
765 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
766 }
767
768 return 0;
769 }
770
771 static int nl80211_parse_key(struct genl_info *info, struct key_parse *k)
772 {
773 int err;
774
775 memset(k, 0, sizeof(*k));
776 k->idx = -1;
777 k->type = -1;
778
779 if (info->attrs[NL80211_ATTR_KEY])
780 err = nl80211_parse_key_new(info->attrs[NL80211_ATTR_KEY], k);
781 else
782 err = nl80211_parse_key_old(info, k);
783
784 if (err)
785 return err;
786
787 if (k->def && k->defmgmt)
788 return -EINVAL;
789
790 if (k->defmgmt) {
791 if (k->def_uni || !k->def_multi)
792 return -EINVAL;
793 }
794
795 if (k->idx != -1) {
796 if (k->defmgmt) {
797 if (k->idx < 4 || k->idx > 5)
798 return -EINVAL;
799 } else if (k->def) {
800 if (k->idx < 0 || k->idx > 3)
801 return -EINVAL;
802 } else {
803 if (k->idx < 0 || k->idx > 5)
804 return -EINVAL;
805 }
806 }
807
808 return 0;
809 }
810
811 static struct cfg80211_cached_keys *
812 nl80211_parse_connkeys(struct cfg80211_registered_device *rdev,
813 struct nlattr *keys, bool *no_ht)
814 {
815 struct key_parse parse;
816 struct nlattr *key;
817 struct cfg80211_cached_keys *result;
818 int rem, err, def = 0;
819
820 result = kzalloc(sizeof(*result), GFP_KERNEL);
821 if (!result)
822 return ERR_PTR(-ENOMEM);
823
824 result->def = -1;
825 result->defmgmt = -1;
826
827 nla_for_each_nested(key, keys, rem) {
828 memset(&parse, 0, sizeof(parse));
829 parse.idx = -1;
830
831 err = nl80211_parse_key_new(key, &parse);
832 if (err)
833 goto error;
834 err = -EINVAL;
835 if (!parse.p.key)
836 goto error;
837 if (parse.idx < 0 || parse.idx > 4)
838 goto error;
839 if (parse.def) {
840 if (def)
841 goto error;
842 def = 1;
843 result->def = parse.idx;
844 if (!parse.def_uni || !parse.def_multi)
845 goto error;
846 } else if (parse.defmgmt)
847 goto error;
848 err = cfg80211_validate_key_settings(rdev, &parse.p,
849 parse.idx, false, NULL);
850 if (err)
851 goto error;
852 result->params[parse.idx].cipher = parse.p.cipher;
853 result->params[parse.idx].key_len = parse.p.key_len;
854 result->params[parse.idx].key = result->data[parse.idx];
855 memcpy(result->data[parse.idx], parse.p.key, parse.p.key_len);
856
857 if (parse.p.cipher == WLAN_CIPHER_SUITE_WEP40 ||
858 parse.p.cipher == WLAN_CIPHER_SUITE_WEP104) {
859 if (no_ht)
860 *no_ht = true;
861 }
862 }
863
864 return result;
865 error:
866 kfree(result);
867 return ERR_PTR(err);
868 }
869
870 static int nl80211_key_allowed(struct wireless_dev *wdev)
871 {
872 ASSERT_WDEV_LOCK(wdev);
873
874 switch (wdev->iftype) {
875 case NL80211_IFTYPE_AP:
876 case NL80211_IFTYPE_AP_VLAN:
877 case NL80211_IFTYPE_P2P_GO:
878 case NL80211_IFTYPE_MESH_POINT:
879 break;
880 case NL80211_IFTYPE_ADHOC:
881 case NL80211_IFTYPE_STATION:
882 case NL80211_IFTYPE_P2P_CLIENT:
883 if (!wdev->current_bss)
884 return -ENOLINK;
885 break;
886 default:
887 return -EINVAL;
888 }
889
890 return 0;
891 }
892
893 static struct ieee80211_channel *nl80211_get_valid_chan(struct wiphy *wiphy,
894 struct nlattr *tb)
895 {
896 struct ieee80211_channel *chan;
897
898 if (tb == NULL)
899 return NULL;
900 chan = ieee80211_get_channel(wiphy, nla_get_u32(tb));
901 if (!chan || chan->flags & IEEE80211_CHAN_DISABLED)
902 return NULL;
903 return chan;
904 }
905
906 static int nl80211_put_iftypes(struct sk_buff *msg, u32 attr, u16 ifmodes)
907 {
908 struct nlattr *nl_modes = nla_nest_start(msg, attr);
909 int i;
910
911 if (!nl_modes)
912 goto nla_put_failure;
913
914 i = 0;
915 while (ifmodes) {
916 if ((ifmodes & 1) && nla_put_flag(msg, i))
917 goto nla_put_failure;
918 ifmodes >>= 1;
919 i++;
920 }
921
922 nla_nest_end(msg, nl_modes);
923 return 0;
924
925 nla_put_failure:
926 return -ENOBUFS;
927 }
928
929 static int nl80211_put_iface_combinations(struct wiphy *wiphy,
930 struct sk_buff *msg,
931 bool large)
932 {
933 struct nlattr *nl_combis;
934 int i, j;
935
936 nl_combis = nla_nest_start(msg,
937 NL80211_ATTR_INTERFACE_COMBINATIONS);
938 if (!nl_combis)
939 goto nla_put_failure;
940
941 for (i = 0; i < wiphy->n_iface_combinations; i++) {
942 const struct ieee80211_iface_combination *c;
943 struct nlattr *nl_combi, *nl_limits;
944
945 c = &wiphy->iface_combinations[i];
946
947 nl_combi = nla_nest_start(msg, i + 1);
948 if (!nl_combi)
949 goto nla_put_failure;
950
951 nl_limits = nla_nest_start(msg, NL80211_IFACE_COMB_LIMITS);
952 if (!nl_limits)
953 goto nla_put_failure;
954
955 for (j = 0; j < c->n_limits; j++) {
956 struct nlattr *nl_limit;
957
958 nl_limit = nla_nest_start(msg, j + 1);
959 if (!nl_limit)
960 goto nla_put_failure;
961 if (nla_put_u32(msg, NL80211_IFACE_LIMIT_MAX,
962 c->limits[j].max))
963 goto nla_put_failure;
964 if (nl80211_put_iftypes(msg, NL80211_IFACE_LIMIT_TYPES,
965 c->limits[j].types))
966 goto nla_put_failure;
967 nla_nest_end(msg, nl_limit);
968 }
969
970 nla_nest_end(msg, nl_limits);
971
972 if (c->beacon_int_infra_match &&
973 nla_put_flag(msg, NL80211_IFACE_COMB_STA_AP_BI_MATCH))
974 goto nla_put_failure;
975 if (nla_put_u32(msg, NL80211_IFACE_COMB_NUM_CHANNELS,
976 c->num_different_channels) ||
977 nla_put_u32(msg, NL80211_IFACE_COMB_MAXNUM,
978 c->max_interfaces))
979 goto nla_put_failure;
980 if (large &&
981 (nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_WIDTHS,
982 c->radar_detect_widths) ||
983 nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_REGIONS,
984 c->radar_detect_regions)))
985 goto nla_put_failure;
986
987 nla_nest_end(msg, nl_combi);
988 }
989
990 nla_nest_end(msg, nl_combis);
991
992 return 0;
993 nla_put_failure:
994 return -ENOBUFS;
995 }
996
997 #ifdef CONFIG_PM
998 static int nl80211_send_wowlan_tcp_caps(struct cfg80211_registered_device *rdev,
999 struct sk_buff *msg)
1000 {
1001 const struct wiphy_wowlan_tcp_support *tcp = rdev->wiphy.wowlan->tcp;
1002 struct nlattr *nl_tcp;
1003
1004 if (!tcp)
1005 return 0;
1006
1007 nl_tcp = nla_nest_start(msg, NL80211_WOWLAN_TRIG_TCP_CONNECTION);
1008 if (!nl_tcp)
1009 return -ENOBUFS;
1010
1011 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
1012 tcp->data_payload_max))
1013 return -ENOBUFS;
1014
1015 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
1016 tcp->data_payload_max))
1017 return -ENOBUFS;
1018
1019 if (tcp->seq && nla_put_flag(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ))
1020 return -ENOBUFS;
1021
1022 if (tcp->tok && nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
1023 sizeof(*tcp->tok), tcp->tok))
1024 return -ENOBUFS;
1025
1026 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
1027 tcp->data_interval_max))
1028 return -ENOBUFS;
1029
1030 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
1031 tcp->wake_payload_max))
1032 return -ENOBUFS;
1033
1034 nla_nest_end(msg, nl_tcp);
1035 return 0;
1036 }
1037
1038 static int nl80211_send_wowlan(struct sk_buff *msg,
1039 struct cfg80211_registered_device *rdev,
1040 bool large)
1041 {
1042 struct nlattr *nl_wowlan;
1043
1044 if (!rdev->wiphy.wowlan)
1045 return 0;
1046
1047 nl_wowlan = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS_SUPPORTED);
1048 if (!nl_wowlan)
1049 return -ENOBUFS;
1050
1051 if (((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_ANY) &&
1052 nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
1053 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_DISCONNECT) &&
1054 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
1055 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT) &&
1056 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
1057 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_SUPPORTS_GTK_REKEY) &&
1058 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED)) ||
1059 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE) &&
1060 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
1061 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ) &&
1062 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
1063 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE) &&
1064 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
1065 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE) &&
1066 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
1067 return -ENOBUFS;
1068
1069 if (rdev->wiphy.wowlan->n_patterns) {
1070 struct nl80211_pattern_support pat = {
1071 .max_patterns = rdev->wiphy.wowlan->n_patterns,
1072 .min_pattern_len = rdev->wiphy.wowlan->pattern_min_len,
1073 .max_pattern_len = rdev->wiphy.wowlan->pattern_max_len,
1074 .max_pkt_offset = rdev->wiphy.wowlan->max_pkt_offset,
1075 };
1076
1077 if (nla_put(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
1078 sizeof(pat), &pat))
1079 return -ENOBUFS;
1080 }
1081
1082 if (large && nl80211_send_wowlan_tcp_caps(rdev, msg))
1083 return -ENOBUFS;
1084
1085 nla_nest_end(msg, nl_wowlan);
1086
1087 return 0;
1088 }
1089 #endif
1090
1091 static int nl80211_send_coalesce(struct sk_buff *msg,
1092 struct cfg80211_registered_device *rdev)
1093 {
1094 struct nl80211_coalesce_rule_support rule;
1095
1096 if (!rdev->wiphy.coalesce)
1097 return 0;
1098
1099 rule.max_rules = rdev->wiphy.coalesce->n_rules;
1100 rule.max_delay = rdev->wiphy.coalesce->max_delay;
1101 rule.pat.max_patterns = rdev->wiphy.coalesce->n_patterns;
1102 rule.pat.min_pattern_len = rdev->wiphy.coalesce->pattern_min_len;
1103 rule.pat.max_pattern_len = rdev->wiphy.coalesce->pattern_max_len;
1104 rule.pat.max_pkt_offset = rdev->wiphy.coalesce->max_pkt_offset;
1105
1106 if (nla_put(msg, NL80211_ATTR_COALESCE_RULE, sizeof(rule), &rule))
1107 return -ENOBUFS;
1108
1109 return 0;
1110 }
1111
1112 static int nl80211_send_band_rateinfo(struct sk_buff *msg,
1113 struct ieee80211_supported_band *sband)
1114 {
1115 struct nlattr *nl_rates, *nl_rate;
1116 struct ieee80211_rate *rate;
1117 int i;
1118
1119 /* add HT info */
1120 if (sband->ht_cap.ht_supported &&
1121 (nla_put(msg, NL80211_BAND_ATTR_HT_MCS_SET,
1122 sizeof(sband->ht_cap.mcs),
1123 &sband->ht_cap.mcs) ||
1124 nla_put_u16(msg, NL80211_BAND_ATTR_HT_CAPA,
1125 sband->ht_cap.cap) ||
1126 nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_FACTOR,
1127 sband->ht_cap.ampdu_factor) ||
1128 nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_DENSITY,
1129 sband->ht_cap.ampdu_density)))
1130 return -ENOBUFS;
1131
1132 /* add VHT info */
1133 if (sband->vht_cap.vht_supported &&
1134 (nla_put(msg, NL80211_BAND_ATTR_VHT_MCS_SET,
1135 sizeof(sband->vht_cap.vht_mcs),
1136 &sband->vht_cap.vht_mcs) ||
1137 nla_put_u32(msg, NL80211_BAND_ATTR_VHT_CAPA,
1138 sband->vht_cap.cap)))
1139 return -ENOBUFS;
1140
1141 /* add bitrates */
1142 nl_rates = nla_nest_start(msg, NL80211_BAND_ATTR_RATES);
1143 if (!nl_rates)
1144 return -ENOBUFS;
1145
1146 for (i = 0; i < sband->n_bitrates; i++) {
1147 nl_rate = nla_nest_start(msg, i);
1148 if (!nl_rate)
1149 return -ENOBUFS;
1150
1151 rate = &sband->bitrates[i];
1152 if (nla_put_u32(msg, NL80211_BITRATE_ATTR_RATE,
1153 rate->bitrate))
1154 return -ENOBUFS;
1155 if ((rate->flags & IEEE80211_RATE_SHORT_PREAMBLE) &&
1156 nla_put_flag(msg,
1157 NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE))
1158 return -ENOBUFS;
1159
1160 nla_nest_end(msg, nl_rate);
1161 }
1162
1163 nla_nest_end(msg, nl_rates);
1164
1165 return 0;
1166 }
1167
1168 static int
1169 nl80211_send_mgmt_stypes(struct sk_buff *msg,
1170 const struct ieee80211_txrx_stypes *mgmt_stypes)
1171 {
1172 u16 stypes;
1173 struct nlattr *nl_ftypes, *nl_ifs;
1174 enum nl80211_iftype ift;
1175 int i;
1176
1177 if (!mgmt_stypes)
1178 return 0;
1179
1180 nl_ifs = nla_nest_start(msg, NL80211_ATTR_TX_FRAME_TYPES);
1181 if (!nl_ifs)
1182 return -ENOBUFS;
1183
1184 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
1185 nl_ftypes = nla_nest_start(msg, ift);
1186 if (!nl_ftypes)
1187 return -ENOBUFS;
1188 i = 0;
1189 stypes = mgmt_stypes[ift].tx;
1190 while (stypes) {
1191 if ((stypes & 1) &&
1192 nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
1193 (i << 4) | IEEE80211_FTYPE_MGMT))
1194 return -ENOBUFS;
1195 stypes >>= 1;
1196 i++;
1197 }
1198 nla_nest_end(msg, nl_ftypes);
1199 }
1200
1201 nla_nest_end(msg, nl_ifs);
1202
1203 nl_ifs = nla_nest_start(msg, NL80211_ATTR_RX_FRAME_TYPES);
1204 if (!nl_ifs)
1205 return -ENOBUFS;
1206
1207 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
1208 nl_ftypes = nla_nest_start(msg, ift);
1209 if (!nl_ftypes)
1210 return -ENOBUFS;
1211 i = 0;
1212 stypes = mgmt_stypes[ift].rx;
1213 while (stypes) {
1214 if ((stypes & 1) &&
1215 nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
1216 (i << 4) | IEEE80211_FTYPE_MGMT))
1217 return -ENOBUFS;
1218 stypes >>= 1;
1219 i++;
1220 }
1221 nla_nest_end(msg, nl_ftypes);
1222 }
1223 nla_nest_end(msg, nl_ifs);
1224
1225 return 0;
1226 }
1227
1228 struct nl80211_dump_wiphy_state {
1229 s64 filter_wiphy;
1230 long start;
1231 long split_start, band_start, chan_start;
1232 bool split;
1233 };
1234
1235 static int nl80211_send_wiphy(struct cfg80211_registered_device *rdev,
1236 enum nl80211_commands cmd,
1237 struct sk_buff *msg, u32 portid, u32 seq,
1238 int flags, struct nl80211_dump_wiphy_state *state)
1239 {
1240 void *hdr;
1241 struct nlattr *nl_bands, *nl_band;
1242 struct nlattr *nl_freqs, *nl_freq;
1243 struct nlattr *nl_cmds;
1244 enum ieee80211_band band;
1245 struct ieee80211_channel *chan;
1246 int i;
1247 const struct ieee80211_txrx_stypes *mgmt_stypes =
1248 rdev->wiphy.mgmt_stypes;
1249 u32 features;
1250
1251 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
1252 if (!hdr)
1253 return -ENOBUFS;
1254
1255 if (WARN_ON(!state))
1256 return -EINVAL;
1257
1258 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
1259 nla_put_string(msg, NL80211_ATTR_WIPHY_NAME,
1260 wiphy_name(&rdev->wiphy)) ||
1261 nla_put_u32(msg, NL80211_ATTR_GENERATION,
1262 cfg80211_rdev_list_generation))
1263 goto nla_put_failure;
1264
1265 if (cmd != NL80211_CMD_NEW_WIPHY)
1266 goto finish;
1267
1268 switch (state->split_start) {
1269 case 0:
1270 if (nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_SHORT,
1271 rdev->wiphy.retry_short) ||
1272 nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_LONG,
1273 rdev->wiphy.retry_long) ||
1274 nla_put_u32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD,
1275 rdev->wiphy.frag_threshold) ||
1276 nla_put_u32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD,
1277 rdev->wiphy.rts_threshold) ||
1278 nla_put_u8(msg, NL80211_ATTR_WIPHY_COVERAGE_CLASS,
1279 rdev->wiphy.coverage_class) ||
1280 nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCAN_SSIDS,
1281 rdev->wiphy.max_scan_ssids) ||
1282 nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS,
1283 rdev->wiphy.max_sched_scan_ssids) ||
1284 nla_put_u16(msg, NL80211_ATTR_MAX_SCAN_IE_LEN,
1285 rdev->wiphy.max_scan_ie_len) ||
1286 nla_put_u16(msg, NL80211_ATTR_MAX_SCHED_SCAN_IE_LEN,
1287 rdev->wiphy.max_sched_scan_ie_len) ||
1288 nla_put_u8(msg, NL80211_ATTR_MAX_MATCH_SETS,
1289 rdev->wiphy.max_match_sets))
1290 goto nla_put_failure;
1291
1292 if ((rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN) &&
1293 nla_put_flag(msg, NL80211_ATTR_SUPPORT_IBSS_RSN))
1294 goto nla_put_failure;
1295 if ((rdev->wiphy.flags & WIPHY_FLAG_MESH_AUTH) &&
1296 nla_put_flag(msg, NL80211_ATTR_SUPPORT_MESH_AUTH))
1297 goto nla_put_failure;
1298 if ((rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) &&
1299 nla_put_flag(msg, NL80211_ATTR_SUPPORT_AP_UAPSD))
1300 goto nla_put_failure;
1301 if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_FW_ROAM) &&
1302 nla_put_flag(msg, NL80211_ATTR_ROAM_SUPPORT))
1303 goto nla_put_failure;
1304 if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) &&
1305 nla_put_flag(msg, NL80211_ATTR_TDLS_SUPPORT))
1306 goto nla_put_failure;
1307 if ((rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP) &&
1308 nla_put_flag(msg, NL80211_ATTR_TDLS_EXTERNAL_SETUP))
1309 goto nla_put_failure;
1310 state->split_start++;
1311 if (state->split)
1312 break;
1313 case 1:
1314 if (nla_put(msg, NL80211_ATTR_CIPHER_SUITES,
1315 sizeof(u32) * rdev->wiphy.n_cipher_suites,
1316 rdev->wiphy.cipher_suites))
1317 goto nla_put_failure;
1318
1319 if (nla_put_u8(msg, NL80211_ATTR_MAX_NUM_PMKIDS,
1320 rdev->wiphy.max_num_pmkids))
1321 goto nla_put_failure;
1322
1323 if ((rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
1324 nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE))
1325 goto nla_put_failure;
1326
1327 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_TX,
1328 rdev->wiphy.available_antennas_tx) ||
1329 nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_RX,
1330 rdev->wiphy.available_antennas_rx))
1331 goto nla_put_failure;
1332
1333 if ((rdev->wiphy.flags & WIPHY_FLAG_AP_PROBE_RESP_OFFLOAD) &&
1334 nla_put_u32(msg, NL80211_ATTR_PROBE_RESP_OFFLOAD,
1335 rdev->wiphy.probe_resp_offload))
1336 goto nla_put_failure;
1337
1338 if ((rdev->wiphy.available_antennas_tx ||
1339 rdev->wiphy.available_antennas_rx) &&
1340 rdev->ops->get_antenna) {
1341 u32 tx_ant = 0, rx_ant = 0;
1342 int res;
1343 res = rdev_get_antenna(rdev, &tx_ant, &rx_ant);
1344 if (!res) {
1345 if (nla_put_u32(msg,
1346 NL80211_ATTR_WIPHY_ANTENNA_TX,
1347 tx_ant) ||
1348 nla_put_u32(msg,
1349 NL80211_ATTR_WIPHY_ANTENNA_RX,
1350 rx_ant))
1351 goto nla_put_failure;
1352 }
1353 }
1354
1355 state->split_start++;
1356 if (state->split)
1357 break;
1358 case 2:
1359 if (nl80211_put_iftypes(msg, NL80211_ATTR_SUPPORTED_IFTYPES,
1360 rdev->wiphy.interface_modes))
1361 goto nla_put_failure;
1362 state->split_start++;
1363 if (state->split)
1364 break;
1365 case 3:
1366 nl_bands = nla_nest_start(msg, NL80211_ATTR_WIPHY_BANDS);
1367 if (!nl_bands)
1368 goto nla_put_failure;
1369
1370 for (band = state->band_start;
1371 band < IEEE80211_NUM_BANDS; band++) {
1372 struct ieee80211_supported_band *sband;
1373
1374 sband = rdev->wiphy.bands[band];
1375
1376 if (!sband)
1377 continue;
1378
1379 nl_band = nla_nest_start(msg, band);
1380 if (!nl_band)
1381 goto nla_put_failure;
1382
1383 switch (state->chan_start) {
1384 case 0:
1385 if (nl80211_send_band_rateinfo(msg, sband))
1386 goto nla_put_failure;
1387 state->chan_start++;
1388 if (state->split)
1389 break;
1390 default:
1391 /* add frequencies */
1392 nl_freqs = nla_nest_start(
1393 msg, NL80211_BAND_ATTR_FREQS);
1394 if (!nl_freqs)
1395 goto nla_put_failure;
1396
1397 for (i = state->chan_start - 1;
1398 i < sband->n_channels;
1399 i++) {
1400 nl_freq = nla_nest_start(msg, i);
1401 if (!nl_freq)
1402 goto nla_put_failure;
1403
1404 chan = &sband->channels[i];
1405
1406 if (nl80211_msg_put_channel(
1407 msg, chan,
1408 state->split))
1409 goto nla_put_failure;
1410
1411 nla_nest_end(msg, nl_freq);
1412 if (state->split)
1413 break;
1414 }
1415 if (i < sband->n_channels)
1416 state->chan_start = i + 2;
1417 else
1418 state->chan_start = 0;
1419 nla_nest_end(msg, nl_freqs);
1420 }
1421
1422 nla_nest_end(msg, nl_band);
1423
1424 if (state->split) {
1425 /* start again here */
1426 if (state->chan_start)
1427 band--;
1428 break;
1429 }
1430 }
1431 nla_nest_end(msg, nl_bands);
1432
1433 if (band < IEEE80211_NUM_BANDS)
1434 state->band_start = band + 1;
1435 else
1436 state->band_start = 0;
1437
1438 /* if bands & channels are done, continue outside */
1439 if (state->band_start == 0 && state->chan_start == 0)
1440 state->split_start++;
1441 if (state->split)
1442 break;
1443 case 4:
1444 nl_cmds = nla_nest_start(msg, NL80211_ATTR_SUPPORTED_COMMANDS);
1445 if (!nl_cmds)
1446 goto nla_put_failure;
1447
1448 i = 0;
1449 #define CMD(op, n) \
1450 do { \
1451 if (rdev->ops->op) { \
1452 i++; \
1453 if (nla_put_u32(msg, i, NL80211_CMD_ ## n)) \
1454 goto nla_put_failure; \
1455 } \
1456 } while (0)
1457
1458 CMD(add_virtual_intf, NEW_INTERFACE);
1459 CMD(change_virtual_intf, SET_INTERFACE);
1460 CMD(add_key, NEW_KEY);
1461 CMD(start_ap, START_AP);
1462 CMD(add_station, NEW_STATION);
1463 CMD(add_mpath, NEW_MPATH);
1464 CMD(update_mesh_config, SET_MESH_CONFIG);
1465 CMD(change_bss, SET_BSS);
1466 CMD(auth, AUTHENTICATE);
1467 CMD(assoc, ASSOCIATE);
1468 CMD(deauth, DEAUTHENTICATE);
1469 CMD(disassoc, DISASSOCIATE);
1470 CMD(join_ibss, JOIN_IBSS);
1471 CMD(join_mesh, JOIN_MESH);
1472 CMD(set_pmksa, SET_PMKSA);
1473 CMD(del_pmksa, DEL_PMKSA);
1474 CMD(flush_pmksa, FLUSH_PMKSA);
1475 if (rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL)
1476 CMD(remain_on_channel, REMAIN_ON_CHANNEL);
1477 CMD(set_bitrate_mask, SET_TX_BITRATE_MASK);
1478 CMD(mgmt_tx, FRAME);
1479 CMD(mgmt_tx_cancel_wait, FRAME_WAIT_CANCEL);
1480 if (rdev->wiphy.flags & WIPHY_FLAG_NETNS_OK) {
1481 i++;
1482 if (nla_put_u32(msg, i, NL80211_CMD_SET_WIPHY_NETNS))
1483 goto nla_put_failure;
1484 }
1485 if (rdev->ops->set_monitor_channel || rdev->ops->start_ap ||
1486 rdev->ops->join_mesh) {
1487 i++;
1488 if (nla_put_u32(msg, i, NL80211_CMD_SET_CHANNEL))
1489 goto nla_put_failure;
1490 }
1491 CMD(set_wds_peer, SET_WDS_PEER);
1492 if (rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) {
1493 CMD(tdls_mgmt, TDLS_MGMT);
1494 CMD(tdls_oper, TDLS_OPER);
1495 }
1496 if (rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN)
1497 CMD(sched_scan_start, START_SCHED_SCAN);
1498 CMD(probe_client, PROBE_CLIENT);
1499 CMD(set_noack_map, SET_NOACK_MAP);
1500 if (rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS) {
1501 i++;
1502 if (nla_put_u32(msg, i, NL80211_CMD_REGISTER_BEACONS))
1503 goto nla_put_failure;
1504 }
1505 CMD(start_p2p_device, START_P2P_DEVICE);
1506 CMD(set_mcast_rate, SET_MCAST_RATE);
1507 #ifdef CONFIG_NL80211_TESTMODE
1508 CMD(testmode_cmd, TESTMODE);
1509 #endif
1510 if (state->split) {
1511 CMD(crit_proto_start, CRIT_PROTOCOL_START);
1512 CMD(crit_proto_stop, CRIT_PROTOCOL_STOP);
1513 if (rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH)
1514 CMD(channel_switch, CHANNEL_SWITCH);
1515 CMD(set_qos_map, SET_QOS_MAP);
1516 if (rdev->wiphy.flags &
1517 WIPHY_FLAG_SUPPORTS_WMM_ADMISSION)
1518 CMD(add_tx_ts, ADD_TX_TS);
1519 }
1520 /* add into the if now */
1521 #undef CMD
1522
1523 if (rdev->ops->connect || rdev->ops->auth) {
1524 i++;
1525 if (nla_put_u32(msg, i, NL80211_CMD_CONNECT))
1526 goto nla_put_failure;
1527 }
1528
1529 if (rdev->ops->disconnect || rdev->ops->deauth) {
1530 i++;
1531 if (nla_put_u32(msg, i, NL80211_CMD_DISCONNECT))
1532 goto nla_put_failure;
1533 }
1534
1535 nla_nest_end(msg, nl_cmds);
1536 state->split_start++;
1537 if (state->split)
1538 break;
1539 case 5:
1540 if (rdev->ops->remain_on_channel &&
1541 (rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL) &&
1542 nla_put_u32(msg,
1543 NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION,
1544 rdev->wiphy.max_remain_on_channel_duration))
1545 goto nla_put_failure;
1546
1547 if ((rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX) &&
1548 nla_put_flag(msg, NL80211_ATTR_OFFCHANNEL_TX_OK))
1549 goto nla_put_failure;
1550
1551 if (nl80211_send_mgmt_stypes(msg, mgmt_stypes))
1552 goto nla_put_failure;
1553 state->split_start++;
1554 if (state->split)
1555 break;
1556 case 6:
1557 #ifdef CONFIG_PM
1558 if (nl80211_send_wowlan(msg, rdev, state->split))
1559 goto nla_put_failure;
1560 state->split_start++;
1561 if (state->split)
1562 break;
1563 #else
1564 state->split_start++;
1565 #endif
1566 case 7:
1567 if (nl80211_put_iftypes(msg, NL80211_ATTR_SOFTWARE_IFTYPES,
1568 rdev->wiphy.software_iftypes))
1569 goto nla_put_failure;
1570
1571 if (nl80211_put_iface_combinations(&rdev->wiphy, msg,
1572 state->split))
1573 goto nla_put_failure;
1574
1575 state->split_start++;
1576 if (state->split)
1577 break;
1578 case 8:
1579 if ((rdev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME) &&
1580 nla_put_u32(msg, NL80211_ATTR_DEVICE_AP_SME,
1581 rdev->wiphy.ap_sme_capa))
1582 goto nla_put_failure;
1583
1584 features = rdev->wiphy.features;
1585 /*
1586 * We can only add the per-channel limit information if the
1587 * dump is split, otherwise it makes it too big. Therefore
1588 * only advertise it in that case.
1589 */
1590 if (state->split)
1591 features |= NL80211_FEATURE_ADVERTISE_CHAN_LIMITS;
1592 if (nla_put_u32(msg, NL80211_ATTR_FEATURE_FLAGS, features))
1593 goto nla_put_failure;
1594
1595 if (rdev->wiphy.ht_capa_mod_mask &&
1596 nla_put(msg, NL80211_ATTR_HT_CAPABILITY_MASK,
1597 sizeof(*rdev->wiphy.ht_capa_mod_mask),
1598 rdev->wiphy.ht_capa_mod_mask))
1599 goto nla_put_failure;
1600
1601 if (rdev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME &&
1602 rdev->wiphy.max_acl_mac_addrs &&
1603 nla_put_u32(msg, NL80211_ATTR_MAC_ACL_MAX,
1604 rdev->wiphy.max_acl_mac_addrs))
1605 goto nla_put_failure;
1606
1607 /*
1608 * Any information below this point is only available to
1609 * applications that can deal with it being split. This
1610 * helps ensure that newly added capabilities don't break
1611 * older tools by overrunning their buffers.
1612 *
1613 * We still increment split_start so that in the split
1614 * case we'll continue with more data in the next round,
1615 * but break unconditionally so unsplit data stops here.
1616 */
1617 state->split_start++;
1618 break;
1619 case 9:
1620 if (rdev->wiphy.extended_capabilities &&
1621 (nla_put(msg, NL80211_ATTR_EXT_CAPA,
1622 rdev->wiphy.extended_capabilities_len,
1623 rdev->wiphy.extended_capabilities) ||
1624 nla_put(msg, NL80211_ATTR_EXT_CAPA_MASK,
1625 rdev->wiphy.extended_capabilities_len,
1626 rdev->wiphy.extended_capabilities_mask)))
1627 goto nla_put_failure;
1628
1629 if (rdev->wiphy.vht_capa_mod_mask &&
1630 nla_put(msg, NL80211_ATTR_VHT_CAPABILITY_MASK,
1631 sizeof(*rdev->wiphy.vht_capa_mod_mask),
1632 rdev->wiphy.vht_capa_mod_mask))
1633 goto nla_put_failure;
1634
1635 state->split_start++;
1636 break;
1637 case 10:
1638 if (nl80211_send_coalesce(msg, rdev))
1639 goto nla_put_failure;
1640
1641 if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ) &&
1642 (nla_put_flag(msg, NL80211_ATTR_SUPPORT_5_MHZ) ||
1643 nla_put_flag(msg, NL80211_ATTR_SUPPORT_10_MHZ)))
1644 goto nla_put_failure;
1645
1646 if (rdev->wiphy.max_ap_assoc_sta &&
1647 nla_put_u32(msg, NL80211_ATTR_MAX_AP_ASSOC_STA,
1648 rdev->wiphy.max_ap_assoc_sta))
1649 goto nla_put_failure;
1650
1651 state->split_start++;
1652 break;
1653 case 11:
1654 if (rdev->wiphy.n_vendor_commands) {
1655 const struct nl80211_vendor_cmd_info *info;
1656 struct nlattr *nested;
1657
1658 nested = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA);
1659 if (!nested)
1660 goto nla_put_failure;
1661
1662 for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) {
1663 info = &rdev->wiphy.vendor_commands[i].info;
1664 if (nla_put(msg, i + 1, sizeof(*info), info))
1665 goto nla_put_failure;
1666 }
1667 nla_nest_end(msg, nested);
1668 }
1669
1670 if (rdev->wiphy.n_vendor_events) {
1671 const struct nl80211_vendor_cmd_info *info;
1672 struct nlattr *nested;
1673
1674 nested = nla_nest_start(msg,
1675 NL80211_ATTR_VENDOR_EVENTS);
1676 if (!nested)
1677 goto nla_put_failure;
1678
1679 for (i = 0; i < rdev->wiphy.n_vendor_events; i++) {
1680 info = &rdev->wiphy.vendor_events[i];
1681 if (nla_put(msg, i + 1, sizeof(*info), info))
1682 goto nla_put_failure;
1683 }
1684 nla_nest_end(msg, nested);
1685 }
1686 state->split_start++;
1687 break;
1688 case 12:
1689 if (rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH &&
1690 nla_put_u8(msg, NL80211_ATTR_MAX_CSA_COUNTERS,
1691 rdev->wiphy.max_num_csa_counters))
1692 goto nla_put_failure;
1693
1694 /* done */
1695 state->split_start = 0;
1696 break;
1697 }
1698 finish:
1699 return genlmsg_end(msg, hdr);
1700
1701 nla_put_failure:
1702 genlmsg_cancel(msg, hdr);
1703 return -EMSGSIZE;
1704 }
1705
1706 static int nl80211_dump_wiphy_parse(struct sk_buff *skb,
1707 struct netlink_callback *cb,
1708 struct nl80211_dump_wiphy_state *state)
1709 {
1710 struct nlattr **tb = nl80211_fam.attrbuf;
1711 int ret = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
1712 tb, nl80211_fam.maxattr, nl80211_policy);
1713 /* ignore parse errors for backward compatibility */
1714 if (ret)
1715 return 0;
1716
1717 state->split = tb[NL80211_ATTR_SPLIT_WIPHY_DUMP];
1718 if (tb[NL80211_ATTR_WIPHY])
1719 state->filter_wiphy = nla_get_u32(tb[NL80211_ATTR_WIPHY]);
1720 if (tb[NL80211_ATTR_WDEV])
1721 state->filter_wiphy = nla_get_u64(tb[NL80211_ATTR_WDEV]) >> 32;
1722 if (tb[NL80211_ATTR_IFINDEX]) {
1723 struct net_device *netdev;
1724 struct cfg80211_registered_device *rdev;
1725 int ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]);
1726
1727 netdev = __dev_get_by_index(sock_net(skb->sk), ifidx);
1728 if (!netdev)
1729 return -ENODEV;
1730 if (netdev->ieee80211_ptr) {
1731 rdev = wiphy_to_rdev(
1732 netdev->ieee80211_ptr->wiphy);
1733 state->filter_wiphy = rdev->wiphy_idx;
1734 }
1735 }
1736
1737 return 0;
1738 }
1739
1740 static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb)
1741 {
1742 int idx = 0, ret;
1743 struct nl80211_dump_wiphy_state *state = (void *)cb->args[0];
1744 struct cfg80211_registered_device *rdev;
1745
1746 rtnl_lock();
1747 if (!state) {
1748 state = kzalloc(sizeof(*state), GFP_KERNEL);
1749 if (!state) {
1750 rtnl_unlock();
1751 return -ENOMEM;
1752 }
1753 state->filter_wiphy = -1;
1754 ret = nl80211_dump_wiphy_parse(skb, cb, state);
1755 if (ret) {
1756 kfree(state);
1757 rtnl_unlock();
1758 return ret;
1759 }
1760 cb->args[0] = (long)state;
1761 }
1762
1763 list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
1764 if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
1765 continue;
1766 if (++idx <= state->start)
1767 continue;
1768 if (state->filter_wiphy != -1 &&
1769 state->filter_wiphy != rdev->wiphy_idx)
1770 continue;
1771 /* attempt to fit multiple wiphy data chunks into the skb */
1772 do {
1773 ret = nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY,
1774 skb,
1775 NETLINK_CB(cb->skb).portid,
1776 cb->nlh->nlmsg_seq,
1777 NLM_F_MULTI, state);
1778 if (ret < 0) {
1779 /*
1780 * If sending the wiphy data didn't fit (ENOBUFS
1781 * or EMSGSIZE returned), this SKB is still
1782 * empty (so it's not too big because another
1783 * wiphy dataset is already in the skb) and
1784 * we've not tried to adjust the dump allocation
1785 * yet ... then adjust the alloc size to be
1786 * bigger, and return 1 but with the empty skb.
1787 * This results in an empty message being RX'ed
1788 * in userspace, but that is ignored.
1789 *
1790 * We can then retry with the larger buffer.
1791 */
1792 if ((ret == -ENOBUFS || ret == -EMSGSIZE) &&
1793 !skb->len && !state->split &&
1794 cb->min_dump_alloc < 4096) {
1795 cb->min_dump_alloc = 4096;
1796 state->split_start = 0;
1797 rtnl_unlock();
1798 return 1;
1799 }
1800 idx--;
1801 break;
1802 }
1803 } while (state->split_start > 0);
1804 break;
1805 }
1806 rtnl_unlock();
1807
1808 state->start = idx;
1809
1810 return skb->len;
1811 }
1812
1813 static int nl80211_dump_wiphy_done(struct netlink_callback *cb)
1814 {
1815 kfree((void *)cb->args[0]);
1816 return 0;
1817 }
1818
1819 static int nl80211_get_wiphy(struct sk_buff *skb, struct genl_info *info)
1820 {
1821 struct sk_buff *msg;
1822 struct cfg80211_registered_device *rdev = info->user_ptr[0];
1823 struct nl80211_dump_wiphy_state state = {};
1824
1825 msg = nlmsg_new(4096, GFP_KERNEL);
1826 if (!msg)
1827 return -ENOMEM;
1828
1829 if (nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY, msg,
1830 info->snd_portid, info->snd_seq, 0,
1831 &state) < 0) {
1832 nlmsg_free(msg);
1833 return -ENOBUFS;
1834 }
1835
1836 return genlmsg_reply(msg, info);
1837 }
1838
1839 static const struct nla_policy txq_params_policy[NL80211_TXQ_ATTR_MAX + 1] = {
1840 [NL80211_TXQ_ATTR_QUEUE] = { .type = NLA_U8 },
1841 [NL80211_TXQ_ATTR_TXOP] = { .type = NLA_U16 },
1842 [NL80211_TXQ_ATTR_CWMIN] = { .type = NLA_U16 },
1843 [NL80211_TXQ_ATTR_CWMAX] = { .type = NLA_U16 },
1844 [NL80211_TXQ_ATTR_AIFS] = { .type = NLA_U8 },
1845 };
1846
1847 static int parse_txq_params(struct nlattr *tb[],
1848 struct ieee80211_txq_params *txq_params)
1849 {
1850 if (!tb[NL80211_TXQ_ATTR_AC] || !tb[NL80211_TXQ_ATTR_TXOP] ||
1851 !tb[NL80211_TXQ_ATTR_CWMIN] || !tb[NL80211_TXQ_ATTR_CWMAX] ||
1852 !tb[NL80211_TXQ_ATTR_AIFS])
1853 return -EINVAL;
1854
1855 txq_params->ac = nla_get_u8(tb[NL80211_TXQ_ATTR_AC]);
1856 txq_params->txop = nla_get_u16(tb[NL80211_TXQ_ATTR_TXOP]);
1857 txq_params->cwmin = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMIN]);
1858 txq_params->cwmax = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMAX]);
1859 txq_params->aifs = nla_get_u8(tb[NL80211_TXQ_ATTR_AIFS]);
1860
1861 if (txq_params->ac >= NL80211_NUM_ACS)
1862 return -EINVAL;
1863
1864 return 0;
1865 }
1866
1867 static bool nl80211_can_set_dev_channel(struct wireless_dev *wdev)
1868 {
1869 /*
1870 * You can only set the channel explicitly for WDS interfaces,
1871 * all others have their channel managed via their respective
1872 * "establish a connection" command (connect, join, ...)
1873 *
1874 * For AP/GO and mesh mode, the channel can be set with the
1875 * channel userspace API, but is only stored and passed to the
1876 * low-level driver when the AP starts or the mesh is joined.
1877 * This is for backward compatibility, userspace can also give
1878 * the channel in the start-ap or join-mesh commands instead.
1879 *
1880 * Monitors are special as they are normally slaved to
1881 * whatever else is going on, so they have their own special
1882 * operation to set the monitor channel if possible.
1883 */
1884 return !wdev ||
1885 wdev->iftype == NL80211_IFTYPE_AP ||
1886 wdev->iftype == NL80211_IFTYPE_MESH_POINT ||
1887 wdev->iftype == NL80211_IFTYPE_MONITOR ||
1888 wdev->iftype == NL80211_IFTYPE_P2P_GO;
1889 }
1890
1891 static int nl80211_parse_chandef(struct cfg80211_registered_device *rdev,
1892 struct genl_info *info,
1893 struct cfg80211_chan_def *chandef)
1894 {
1895 u32 control_freq;
1896
1897 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
1898 return -EINVAL;
1899
1900 control_freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]);
1901
1902 chandef->chan = ieee80211_get_channel(&rdev->wiphy, control_freq);
1903 chandef->width = NL80211_CHAN_WIDTH_20_NOHT;
1904 chandef->center_freq1 = control_freq;
1905 chandef->center_freq2 = 0;
1906
1907 /* Primary channel not allowed */
1908 if (!chandef->chan || chandef->chan->flags & IEEE80211_CHAN_DISABLED)
1909 return -EINVAL;
1910
1911 if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
1912 enum nl80211_channel_type chantype;
1913
1914 chantype = nla_get_u32(
1915 info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
1916
1917 switch (chantype) {
1918 case NL80211_CHAN_NO_HT:
1919 case NL80211_CHAN_HT20:
1920 case NL80211_CHAN_HT40PLUS:
1921 case NL80211_CHAN_HT40MINUS:
1922 cfg80211_chandef_create(chandef, chandef->chan,
1923 chantype);
1924 break;
1925 default:
1926 return -EINVAL;
1927 }
1928 } else if (info->attrs[NL80211_ATTR_CHANNEL_WIDTH]) {
1929 chandef->width =
1930 nla_get_u32(info->attrs[NL80211_ATTR_CHANNEL_WIDTH]);
1931 if (info->attrs[NL80211_ATTR_CENTER_FREQ1])
1932 chandef->center_freq1 =
1933 nla_get_u32(
1934 info->attrs[NL80211_ATTR_CENTER_FREQ1]);
1935 if (info->attrs[NL80211_ATTR_CENTER_FREQ2])
1936 chandef->center_freq2 =
1937 nla_get_u32(
1938 info->attrs[NL80211_ATTR_CENTER_FREQ2]);
1939 }
1940
1941 if (!cfg80211_chandef_valid(chandef))
1942 return -EINVAL;
1943
1944 if (!cfg80211_chandef_usable(&rdev->wiphy, chandef,
1945 IEEE80211_CHAN_DISABLED))
1946 return -EINVAL;
1947
1948 if ((chandef->width == NL80211_CHAN_WIDTH_5 ||
1949 chandef->width == NL80211_CHAN_WIDTH_10) &&
1950 !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ))
1951 return -EINVAL;
1952
1953 return 0;
1954 }
1955
1956 static int __nl80211_set_channel(struct cfg80211_registered_device *rdev,
1957 struct net_device *dev,
1958 struct genl_info *info)
1959 {
1960 struct cfg80211_chan_def chandef;
1961 int result;
1962 enum nl80211_iftype iftype = NL80211_IFTYPE_MONITOR;
1963 struct wireless_dev *wdev = NULL;
1964
1965 if (dev)
1966 wdev = dev->ieee80211_ptr;
1967 if (!nl80211_can_set_dev_channel(wdev))
1968 return -EOPNOTSUPP;
1969 if (wdev)
1970 iftype = wdev->iftype;
1971
1972 result = nl80211_parse_chandef(rdev, info, &chandef);
1973 if (result)
1974 return result;
1975
1976 switch (iftype) {
1977 case NL80211_IFTYPE_AP:
1978 case NL80211_IFTYPE_P2P_GO:
1979 if (!cfg80211_reg_can_beacon(&rdev->wiphy, &chandef, iftype)) {
1980 result = -EINVAL;
1981 break;
1982 }
1983 if (wdev->beacon_interval) {
1984 if (!dev || !rdev->ops->set_ap_chanwidth ||
1985 !(rdev->wiphy.features &
1986 NL80211_FEATURE_AP_MODE_CHAN_WIDTH_CHANGE)) {
1987 result = -EBUSY;
1988 break;
1989 }
1990
1991 /* Only allow dynamic channel width changes */
1992 if (chandef.chan != wdev->preset_chandef.chan) {
1993 result = -EBUSY;
1994 break;
1995 }
1996 result = rdev_set_ap_chanwidth(rdev, dev, &chandef);
1997 if (result)
1998 break;
1999 }
2000 wdev->preset_chandef = chandef;
2001 result = 0;
2002 break;
2003 case NL80211_IFTYPE_MESH_POINT:
2004 result = cfg80211_set_mesh_channel(rdev, wdev, &chandef);
2005 break;
2006 case NL80211_IFTYPE_MONITOR:
2007 result = cfg80211_set_monitor_channel(rdev, &chandef);
2008 break;
2009 default:
2010 result = -EINVAL;
2011 }
2012
2013 return result;
2014 }
2015
2016 static int nl80211_set_channel(struct sk_buff *skb, struct genl_info *info)
2017 {
2018 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2019 struct net_device *netdev = info->user_ptr[1];
2020
2021 return __nl80211_set_channel(rdev, netdev, info);
2022 }
2023
2024 static int nl80211_set_wds_peer(struct sk_buff *skb, struct genl_info *info)
2025 {
2026 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2027 struct net_device *dev = info->user_ptr[1];
2028 struct wireless_dev *wdev = dev->ieee80211_ptr;
2029 const u8 *bssid;
2030
2031 if (!info->attrs[NL80211_ATTR_MAC])
2032 return -EINVAL;
2033
2034 if (netif_running(dev))
2035 return -EBUSY;
2036
2037 if (!rdev->ops->set_wds_peer)
2038 return -EOPNOTSUPP;
2039
2040 if (wdev->iftype != NL80211_IFTYPE_WDS)
2041 return -EOPNOTSUPP;
2042
2043 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
2044 return rdev_set_wds_peer(rdev, dev, bssid);
2045 }
2046
2047
2048 static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info)
2049 {
2050 struct cfg80211_registered_device *rdev;
2051 struct net_device *netdev = NULL;
2052 struct wireless_dev *wdev;
2053 int result = 0, rem_txq_params = 0;
2054 struct nlattr *nl_txq_params;
2055 u32 changed;
2056 u8 retry_short = 0, retry_long = 0;
2057 u32 frag_threshold = 0, rts_threshold = 0;
2058 u8 coverage_class = 0;
2059
2060 ASSERT_RTNL();
2061
2062 /*
2063 * Try to find the wiphy and netdev. Normally this
2064 * function shouldn't need the netdev, but this is
2065 * done for backward compatibility -- previously
2066 * setting the channel was done per wiphy, but now
2067 * it is per netdev. Previous userland like hostapd
2068 * also passed a netdev to set_wiphy, so that it is
2069 * possible to let that go to the right netdev!
2070 */
2071
2072 if (info->attrs[NL80211_ATTR_IFINDEX]) {
2073 int ifindex = nla_get_u32(info->attrs[NL80211_ATTR_IFINDEX]);
2074
2075 netdev = __dev_get_by_index(genl_info_net(info), ifindex);
2076 if (netdev && netdev->ieee80211_ptr)
2077 rdev = wiphy_to_rdev(netdev->ieee80211_ptr->wiphy);
2078 else
2079 netdev = NULL;
2080 }
2081
2082 if (!netdev) {
2083 rdev = __cfg80211_rdev_from_attrs(genl_info_net(info),
2084 info->attrs);
2085 if (IS_ERR(rdev))
2086 return PTR_ERR(rdev);
2087 wdev = NULL;
2088 netdev = NULL;
2089 result = 0;
2090 } else
2091 wdev = netdev->ieee80211_ptr;
2092
2093 /*
2094 * end workaround code, by now the rdev is available
2095 * and locked, and wdev may or may not be NULL.
2096 */
2097
2098 if (info->attrs[NL80211_ATTR_WIPHY_NAME])
2099 result = cfg80211_dev_rename(
2100 rdev, nla_data(info->attrs[NL80211_ATTR_WIPHY_NAME]));
2101
2102 if (result)
2103 return result;
2104
2105 if (info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS]) {
2106 struct ieee80211_txq_params txq_params;
2107 struct nlattr *tb[NL80211_TXQ_ATTR_MAX + 1];
2108
2109 if (!rdev->ops->set_txq_params)
2110 return -EOPNOTSUPP;
2111
2112 if (!netdev)
2113 return -EINVAL;
2114
2115 if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
2116 netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
2117 return -EINVAL;
2118
2119 if (!netif_running(netdev))
2120 return -ENETDOWN;
2121
2122 nla_for_each_nested(nl_txq_params,
2123 info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS],
2124 rem_txq_params) {
2125 result = nla_parse(tb, NL80211_TXQ_ATTR_MAX,
2126 nla_data(nl_txq_params),
2127 nla_len(nl_txq_params),
2128 txq_params_policy);
2129 if (result)
2130 return result;
2131 result = parse_txq_params(tb, &txq_params);
2132 if (result)
2133 return result;
2134
2135 result = rdev_set_txq_params(rdev, netdev,
2136 &txq_params);
2137 if (result)
2138 return result;
2139 }
2140 }
2141
2142 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
2143 result = __nl80211_set_channel(
2144 rdev,
2145 nl80211_can_set_dev_channel(wdev) ? netdev : NULL,
2146 info);
2147 if (result)
2148 return result;
2149 }
2150
2151 if (info->attrs[NL80211_ATTR_WIPHY_TX_POWER_SETTING]) {
2152 struct wireless_dev *txp_wdev = wdev;
2153 enum nl80211_tx_power_setting type;
2154 int idx, mbm = 0;
2155
2156 if (!(rdev->wiphy.features & NL80211_FEATURE_VIF_TXPOWER))
2157 txp_wdev = NULL;
2158
2159 if (!rdev->ops->set_tx_power)
2160 return -EOPNOTSUPP;
2161
2162 idx = NL80211_ATTR_WIPHY_TX_POWER_SETTING;
2163 type = nla_get_u32(info->attrs[idx]);
2164
2165 if (!info->attrs[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] &&
2166 (type != NL80211_TX_POWER_AUTOMATIC))
2167 return -EINVAL;
2168
2169 if (type != NL80211_TX_POWER_AUTOMATIC) {
2170 idx = NL80211_ATTR_WIPHY_TX_POWER_LEVEL;
2171 mbm = nla_get_u32(info->attrs[idx]);
2172 }
2173
2174 result = rdev_set_tx_power(rdev, txp_wdev, type, mbm);
2175 if (result)
2176 return result;
2177 }
2178
2179 if (info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX] &&
2180 info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]) {
2181 u32 tx_ant, rx_ant;
2182 if ((!rdev->wiphy.available_antennas_tx &&
2183 !rdev->wiphy.available_antennas_rx) ||
2184 !rdev->ops->set_antenna)
2185 return -EOPNOTSUPP;
2186
2187 tx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX]);
2188 rx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]);
2189
2190 /* reject antenna configurations which don't match the
2191 * available antenna masks, except for the "all" mask */
2192 if ((~tx_ant && (tx_ant & ~rdev->wiphy.available_antennas_tx)) ||
2193 (~rx_ant && (rx_ant & ~rdev->wiphy.available_antennas_rx)))
2194 return -EINVAL;
2195
2196 tx_ant = tx_ant & rdev->wiphy.available_antennas_tx;
2197 rx_ant = rx_ant & rdev->wiphy.available_antennas_rx;
2198
2199 result = rdev_set_antenna(rdev, tx_ant, rx_ant);
2200 if (result)
2201 return result;
2202 }
2203
2204 changed = 0;
2205
2206 if (info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]) {
2207 retry_short = nla_get_u8(
2208 info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]);
2209 if (retry_short == 0)
2210 return -EINVAL;
2211
2212 changed |= WIPHY_PARAM_RETRY_SHORT;
2213 }
2214
2215 if (info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]) {
2216 retry_long = nla_get_u8(
2217 info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]);
2218 if (retry_long == 0)
2219 return -EINVAL;
2220
2221 changed |= WIPHY_PARAM_RETRY_LONG;
2222 }
2223
2224 if (info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]) {
2225 frag_threshold = nla_get_u32(
2226 info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]);
2227 if (frag_threshold < 256)
2228 return -EINVAL;
2229
2230 if (frag_threshold != (u32) -1) {
2231 /*
2232 * Fragments (apart from the last one) are required to
2233 * have even length. Make the fragmentation code
2234 * simpler by stripping LSB should someone try to use
2235 * odd threshold value.
2236 */
2237 frag_threshold &= ~0x1;
2238 }
2239 changed |= WIPHY_PARAM_FRAG_THRESHOLD;
2240 }
2241
2242 if (info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]) {
2243 rts_threshold = nla_get_u32(
2244 info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]);
2245 changed |= WIPHY_PARAM_RTS_THRESHOLD;
2246 }
2247
2248 if (info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]) {
2249 if (info->attrs[NL80211_ATTR_WIPHY_DYN_ACK])
2250 return -EINVAL;
2251
2252 coverage_class = nla_get_u8(
2253 info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]);
2254 changed |= WIPHY_PARAM_COVERAGE_CLASS;
2255 }
2256
2257 if (info->attrs[NL80211_ATTR_WIPHY_DYN_ACK]) {
2258 if (!(rdev->wiphy.features & NL80211_FEATURE_ACKTO_ESTIMATION))
2259 return -EOPNOTSUPP;
2260
2261 changed |= WIPHY_PARAM_DYN_ACK;
2262 }
2263
2264 if (changed) {
2265 u8 old_retry_short, old_retry_long;
2266 u32 old_frag_threshold, old_rts_threshold;
2267 u8 old_coverage_class;
2268
2269 if (!rdev->ops->set_wiphy_params)
2270 return -EOPNOTSUPP;
2271
2272 old_retry_short = rdev->wiphy.retry_short;
2273 old_retry_long = rdev->wiphy.retry_long;
2274 old_frag_threshold = rdev->wiphy.frag_threshold;
2275 old_rts_threshold = rdev->wiphy.rts_threshold;
2276 old_coverage_class = rdev->wiphy.coverage_class;
2277
2278 if (changed & WIPHY_PARAM_RETRY_SHORT)
2279 rdev->wiphy.retry_short = retry_short;
2280 if (changed & WIPHY_PARAM_RETRY_LONG)
2281 rdev->wiphy.retry_long = retry_long;
2282 if (changed & WIPHY_PARAM_FRAG_THRESHOLD)
2283 rdev->wiphy.frag_threshold = frag_threshold;
2284 if (changed & WIPHY_PARAM_RTS_THRESHOLD)
2285 rdev->wiphy.rts_threshold = rts_threshold;
2286 if (changed & WIPHY_PARAM_COVERAGE_CLASS)
2287 rdev->wiphy.coverage_class = coverage_class;
2288
2289 result = rdev_set_wiphy_params(rdev, changed);
2290 if (result) {
2291 rdev->wiphy.retry_short = old_retry_short;
2292 rdev->wiphy.retry_long = old_retry_long;
2293 rdev->wiphy.frag_threshold = old_frag_threshold;
2294 rdev->wiphy.rts_threshold = old_rts_threshold;
2295 rdev->wiphy.coverage_class = old_coverage_class;
2296 }
2297 }
2298 return 0;
2299 }
2300
2301 static inline u64 wdev_id(struct wireless_dev *wdev)
2302 {
2303 return (u64)wdev->identifier |
2304 ((u64)wiphy_to_rdev(wdev->wiphy)->wiphy_idx << 32);
2305 }
2306
2307 static int nl80211_send_chandef(struct sk_buff *msg,
2308 const struct cfg80211_chan_def *chandef)
2309 {
2310 WARN_ON(!cfg80211_chandef_valid(chandef));
2311
2312 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ,
2313 chandef->chan->center_freq))
2314 return -ENOBUFS;
2315 switch (chandef->width) {
2316 case NL80211_CHAN_WIDTH_20_NOHT:
2317 case NL80211_CHAN_WIDTH_20:
2318 case NL80211_CHAN_WIDTH_40:
2319 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
2320 cfg80211_get_chandef_type(chandef)))
2321 return -ENOBUFS;
2322 break;
2323 default:
2324 break;
2325 }
2326 if (nla_put_u32(msg, NL80211_ATTR_CHANNEL_WIDTH, chandef->width))
2327 return -ENOBUFS;
2328 if (nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ1, chandef->center_freq1))
2329 return -ENOBUFS;
2330 if (chandef->center_freq2 &&
2331 nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ2, chandef->center_freq2))
2332 return -ENOBUFS;
2333 return 0;
2334 }
2335
2336 static int nl80211_send_iface(struct sk_buff *msg, u32 portid, u32 seq, int flags,
2337 struct cfg80211_registered_device *rdev,
2338 struct wireless_dev *wdev)
2339 {
2340 struct net_device *dev = wdev->netdev;
2341 void *hdr;
2342
2343 hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_INTERFACE);
2344 if (!hdr)
2345 return -1;
2346
2347 if (dev &&
2348 (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
2349 nla_put_string(msg, NL80211_ATTR_IFNAME, dev->name)))
2350 goto nla_put_failure;
2351
2352 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
2353 nla_put_u32(msg, NL80211_ATTR_IFTYPE, wdev->iftype) ||
2354 nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)) ||
2355 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, wdev_address(wdev)) ||
2356 nla_put_u32(msg, NL80211_ATTR_GENERATION,
2357 rdev->devlist_generation ^
2358 (cfg80211_rdev_list_generation << 2)))
2359 goto nla_put_failure;
2360
2361 if (rdev->ops->get_channel) {
2362 int ret;
2363 struct cfg80211_chan_def chandef;
2364
2365 ret = rdev_get_channel(rdev, wdev, &chandef);
2366 if (ret == 0) {
2367 if (nl80211_send_chandef(msg, &chandef))
2368 goto nla_put_failure;
2369 }
2370 }
2371
2372 if (wdev->ssid_len) {
2373 if (nla_put(msg, NL80211_ATTR_SSID, wdev->ssid_len, wdev->ssid))
2374 goto nla_put_failure;
2375 }
2376
2377 return genlmsg_end(msg, hdr);
2378
2379 nla_put_failure:
2380 genlmsg_cancel(msg, hdr);
2381 return -EMSGSIZE;
2382 }
2383
2384 static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *cb)
2385 {
2386 int wp_idx = 0;
2387 int if_idx = 0;
2388 int wp_start = cb->args[0];
2389 int if_start = cb->args[1];
2390 struct cfg80211_registered_device *rdev;
2391 struct wireless_dev *wdev;
2392
2393 rtnl_lock();
2394 list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
2395 if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
2396 continue;
2397 if (wp_idx < wp_start) {
2398 wp_idx++;
2399 continue;
2400 }
2401 if_idx = 0;
2402
2403 list_for_each_entry(wdev, &rdev->wdev_list, list) {
2404 if (if_idx < if_start) {
2405 if_idx++;
2406 continue;
2407 }
2408 if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).portid,
2409 cb->nlh->nlmsg_seq, NLM_F_MULTI,
2410 rdev, wdev) < 0) {
2411 goto out;
2412 }
2413 if_idx++;
2414 }
2415
2416 wp_idx++;
2417 }
2418 out:
2419 rtnl_unlock();
2420
2421 cb->args[0] = wp_idx;
2422 cb->args[1] = if_idx;
2423
2424 return skb->len;
2425 }
2426
2427 static int nl80211_get_interface(struct sk_buff *skb, struct genl_info *info)
2428 {
2429 struct sk_buff *msg;
2430 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2431 struct wireless_dev *wdev = info->user_ptr[1];
2432
2433 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2434 if (!msg)
2435 return -ENOMEM;
2436
2437 if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
2438 rdev, wdev) < 0) {
2439 nlmsg_free(msg);
2440 return -ENOBUFS;
2441 }
2442
2443 return genlmsg_reply(msg, info);
2444 }
2445
2446 static const struct nla_policy mntr_flags_policy[NL80211_MNTR_FLAG_MAX + 1] = {
2447 [NL80211_MNTR_FLAG_FCSFAIL] = { .type = NLA_FLAG },
2448 [NL80211_MNTR_FLAG_PLCPFAIL] = { .type = NLA_FLAG },
2449 [NL80211_MNTR_FLAG_CONTROL] = { .type = NLA_FLAG },
2450 [NL80211_MNTR_FLAG_OTHER_BSS] = { .type = NLA_FLAG },
2451 [NL80211_MNTR_FLAG_COOK_FRAMES] = { .type = NLA_FLAG },
2452 [NL80211_MNTR_FLAG_ACTIVE] = { .type = NLA_FLAG },
2453 };
2454
2455 static int parse_monitor_flags(struct nlattr *nla, u32 *mntrflags)
2456 {
2457 struct nlattr *flags[NL80211_MNTR_FLAG_MAX + 1];
2458 int flag;
2459
2460 *mntrflags = 0;
2461
2462 if (!nla)
2463 return -EINVAL;
2464
2465 if (nla_parse_nested(flags, NL80211_MNTR_FLAG_MAX,
2466 nla, mntr_flags_policy))
2467 return -EINVAL;
2468
2469 for (flag = 1; flag <= NL80211_MNTR_FLAG_MAX; flag++)
2470 if (flags[flag])
2471 *mntrflags |= (1<<flag);
2472
2473 return 0;
2474 }
2475
2476 static int nl80211_valid_4addr(struct cfg80211_registered_device *rdev,
2477 struct net_device *netdev, u8 use_4addr,
2478 enum nl80211_iftype iftype)
2479 {
2480 if (!use_4addr) {
2481 if (netdev && (netdev->priv_flags & IFF_BRIDGE_PORT))
2482 return -EBUSY;
2483 return 0;
2484 }
2485
2486 switch (iftype) {
2487 case NL80211_IFTYPE_AP_VLAN:
2488 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_AP)
2489 return 0;
2490 break;
2491 case NL80211_IFTYPE_STATION:
2492 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_STATION)
2493 return 0;
2494 break;
2495 default:
2496 break;
2497 }
2498
2499 return -EOPNOTSUPP;
2500 }
2501
2502 static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info)
2503 {
2504 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2505 struct vif_params params;
2506 int err;
2507 enum nl80211_iftype otype, ntype;
2508 struct net_device *dev = info->user_ptr[1];
2509 u32 _flags, *flags = NULL;
2510 bool change = false;
2511
2512 memset(&params, 0, sizeof(params));
2513
2514 otype = ntype = dev->ieee80211_ptr->iftype;
2515
2516 if (info->attrs[NL80211_ATTR_IFTYPE]) {
2517 ntype = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
2518 if (otype != ntype)
2519 change = true;
2520 if (ntype > NL80211_IFTYPE_MAX)
2521 return -EINVAL;
2522 }
2523
2524 if (info->attrs[NL80211_ATTR_MESH_ID]) {
2525 struct wireless_dev *wdev = dev->ieee80211_ptr;
2526
2527 if (ntype != NL80211_IFTYPE_MESH_POINT)
2528 return -EINVAL;
2529 if (netif_running(dev))
2530 return -EBUSY;
2531
2532 wdev_lock(wdev);
2533 BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
2534 IEEE80211_MAX_MESH_ID_LEN);
2535 wdev->mesh_id_up_len =
2536 nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
2537 memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
2538 wdev->mesh_id_up_len);
2539 wdev_unlock(wdev);
2540 }
2541
2542 if (info->attrs[NL80211_ATTR_4ADDR]) {
2543 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
2544 change = true;
2545 err = nl80211_valid_4addr(rdev, dev, params.use_4addr, ntype);
2546 if (err)
2547 return err;
2548 } else {
2549 params.use_4addr = -1;
2550 }
2551
2552 if (info->attrs[NL80211_ATTR_MNTR_FLAGS]) {
2553 if (ntype != NL80211_IFTYPE_MONITOR)
2554 return -EINVAL;
2555 err = parse_monitor_flags(info->attrs[NL80211_ATTR_MNTR_FLAGS],
2556 &_flags);
2557 if (err)
2558 return err;
2559
2560 flags = &_flags;
2561 change = true;
2562 }
2563
2564 if (flags && (*flags & MONITOR_FLAG_ACTIVE) &&
2565 !(rdev->wiphy.features & NL80211_FEATURE_ACTIVE_MONITOR))
2566 return -EOPNOTSUPP;
2567
2568 if (change)
2569 err = cfg80211_change_iface(rdev, dev, ntype, flags, &params);
2570 else
2571 err = 0;
2572
2573 if (!err && params.use_4addr != -1)
2574 dev->ieee80211_ptr->use_4addr = params.use_4addr;
2575
2576 return err;
2577 }
2578
2579 static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info)
2580 {
2581 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2582 struct vif_params params;
2583 struct wireless_dev *wdev;
2584 struct sk_buff *msg;
2585 int err;
2586 enum nl80211_iftype type = NL80211_IFTYPE_UNSPECIFIED;
2587 u32 flags;
2588
2589 /* to avoid failing a new interface creation due to pending removal */
2590 cfg80211_destroy_ifaces(rdev);
2591
2592 memset(&params, 0, sizeof(params));
2593
2594 if (!info->attrs[NL80211_ATTR_IFNAME])
2595 return -EINVAL;
2596
2597 if (info->attrs[NL80211_ATTR_IFTYPE]) {
2598 type = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
2599 if (type > NL80211_IFTYPE_MAX)
2600 return -EINVAL;
2601 }
2602
2603 if (!rdev->ops->add_virtual_intf ||
2604 !(rdev->wiphy.interface_modes & (1 << type)))
2605 return -EOPNOTSUPP;
2606
2607 if (type == NL80211_IFTYPE_P2P_DEVICE && info->attrs[NL80211_ATTR_MAC]) {
2608 nla_memcpy(params.macaddr, info->attrs[NL80211_ATTR_MAC],
2609 ETH_ALEN);
2610 if (!is_valid_ether_addr(params.macaddr))
2611 return -EADDRNOTAVAIL;
2612 }
2613
2614 if (info->attrs[NL80211_ATTR_4ADDR]) {
2615 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
2616 err = nl80211_valid_4addr(rdev, NULL, params.use_4addr, type);
2617 if (err)
2618 return err;
2619 }
2620
2621 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2622 if (!msg)
2623 return -ENOMEM;
2624
2625 err = parse_monitor_flags(type == NL80211_IFTYPE_MONITOR ?
2626 info->attrs[NL80211_ATTR_MNTR_FLAGS] : NULL,
2627 &flags);
2628
2629 if (!err && (flags & MONITOR_FLAG_ACTIVE) &&
2630 !(rdev->wiphy.features & NL80211_FEATURE_ACTIVE_MONITOR))
2631 return -EOPNOTSUPP;
2632
2633 wdev = rdev_add_virtual_intf(rdev,
2634 nla_data(info->attrs[NL80211_ATTR_IFNAME]),
2635 type, err ? NULL : &flags, &params);
2636 if (IS_ERR(wdev)) {
2637 nlmsg_free(msg);
2638 return PTR_ERR(wdev);
2639 }
2640
2641 if (info->attrs[NL80211_ATTR_IFACE_SOCKET_OWNER])
2642 wdev->owner_nlportid = info->snd_portid;
2643
2644 switch (type) {
2645 case NL80211_IFTYPE_MESH_POINT:
2646 if (!info->attrs[NL80211_ATTR_MESH_ID])
2647 break;
2648 wdev_lock(wdev);
2649 BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
2650 IEEE80211_MAX_MESH_ID_LEN);
2651 wdev->mesh_id_up_len =
2652 nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
2653 memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
2654 wdev->mesh_id_up_len);
2655 wdev_unlock(wdev);
2656 break;
2657 case NL80211_IFTYPE_P2P_DEVICE:
2658 /*
2659 * P2P Device doesn't have a netdev, so doesn't go
2660 * through the netdev notifier and must be added here
2661 */
2662 mutex_init(&wdev->mtx);
2663 INIT_LIST_HEAD(&wdev->event_list);
2664 spin_lock_init(&wdev->event_lock);
2665 INIT_LIST_HEAD(&wdev->mgmt_registrations);
2666 spin_lock_init(&wdev->mgmt_registrations_lock);
2667
2668 wdev->identifier = ++rdev->wdev_id;
2669 list_add_rcu(&wdev->list, &rdev->wdev_list);
2670 rdev->devlist_generation++;
2671 break;
2672 default:
2673 break;
2674 }
2675
2676 if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
2677 rdev, wdev) < 0) {
2678 nlmsg_free(msg);
2679 return -ENOBUFS;
2680 }
2681
2682 return genlmsg_reply(msg, info);
2683 }
2684
2685 static int nl80211_del_interface(struct sk_buff *skb, struct genl_info *info)
2686 {
2687 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2688 struct wireless_dev *wdev = info->user_ptr[1];
2689
2690 if (!rdev->ops->del_virtual_intf)
2691 return -EOPNOTSUPP;
2692
2693 /*
2694 * If we remove a wireless device without a netdev then clear
2695 * user_ptr[1] so that nl80211_post_doit won't dereference it
2696 * to check if it needs to do dev_put(). Otherwise it crashes
2697 * since the wdev has been freed, unlike with a netdev where
2698 * we need the dev_put() for the netdev to really be freed.
2699 */
2700 if (!wdev->netdev)
2701 info->user_ptr[1] = NULL;
2702
2703 return rdev_del_virtual_intf(rdev, wdev);
2704 }
2705
2706 static int nl80211_set_noack_map(struct sk_buff *skb, struct genl_info *info)
2707 {
2708 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2709 struct net_device *dev = info->user_ptr[1];
2710 u16 noack_map;
2711
2712 if (!info->attrs[NL80211_ATTR_NOACK_MAP])
2713 return -EINVAL;
2714
2715 if (!rdev->ops->set_noack_map)
2716 return -EOPNOTSUPP;
2717
2718 noack_map = nla_get_u16(info->attrs[NL80211_ATTR_NOACK_MAP]);
2719
2720 return rdev_set_noack_map(rdev, dev, noack_map);
2721 }
2722
2723 struct get_key_cookie {
2724 struct sk_buff *msg;
2725 int error;
2726 int idx;
2727 };
2728
2729 static void get_key_callback(void *c, struct key_params *params)
2730 {
2731 struct nlattr *key;
2732 struct get_key_cookie *cookie = c;
2733
2734 if ((params->key &&
2735 nla_put(cookie->msg, NL80211_ATTR_KEY_DATA,
2736 params->key_len, params->key)) ||
2737 (params->seq &&
2738 nla_put(cookie->msg, NL80211_ATTR_KEY_SEQ,
2739 params->seq_len, params->seq)) ||
2740 (params->cipher &&
2741 nla_put_u32(cookie->msg, NL80211_ATTR_KEY_CIPHER,
2742 params->cipher)))
2743 goto nla_put_failure;
2744
2745 key = nla_nest_start(cookie->msg, NL80211_ATTR_KEY);
2746 if (!key)
2747 goto nla_put_failure;
2748
2749 if ((params->key &&
2750 nla_put(cookie->msg, NL80211_KEY_DATA,
2751 params->key_len, params->key)) ||
2752 (params->seq &&
2753 nla_put(cookie->msg, NL80211_KEY_SEQ,
2754 params->seq_len, params->seq)) ||
2755 (params->cipher &&
2756 nla_put_u32(cookie->msg, NL80211_KEY_CIPHER,
2757 params->cipher)))
2758 goto nla_put_failure;
2759
2760 if (nla_put_u8(cookie->msg, NL80211_ATTR_KEY_IDX, cookie->idx))
2761 goto nla_put_failure;
2762
2763 nla_nest_end(cookie->msg, key);
2764
2765 return;
2766 nla_put_failure:
2767 cookie->error = 1;
2768 }
2769
2770 static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info)
2771 {
2772 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2773 int err;
2774 struct net_device *dev = info->user_ptr[1];
2775 u8 key_idx = 0;
2776 const u8 *mac_addr = NULL;
2777 bool pairwise;
2778 struct get_key_cookie cookie = {
2779 .error = 0,
2780 };
2781 void *hdr;
2782 struct sk_buff *msg;
2783
2784 if (info->attrs[NL80211_ATTR_KEY_IDX])
2785 key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
2786
2787 if (key_idx > 5)
2788 return -EINVAL;
2789
2790 if (info->attrs[NL80211_ATTR_MAC])
2791 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2792
2793 pairwise = !!mac_addr;
2794 if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
2795 u32 kt = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
2796 if (kt >= NUM_NL80211_KEYTYPES)
2797 return -EINVAL;
2798 if (kt != NL80211_KEYTYPE_GROUP &&
2799 kt != NL80211_KEYTYPE_PAIRWISE)
2800 return -EINVAL;
2801 pairwise = kt == NL80211_KEYTYPE_PAIRWISE;
2802 }
2803
2804 if (!rdev->ops->get_key)
2805 return -EOPNOTSUPP;
2806
2807 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2808 if (!msg)
2809 return -ENOMEM;
2810
2811 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
2812 NL80211_CMD_NEW_KEY);
2813 if (!hdr)
2814 goto nla_put_failure;
2815
2816 cookie.msg = msg;
2817 cookie.idx = key_idx;
2818
2819 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
2820 nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_idx))
2821 goto nla_put_failure;
2822 if (mac_addr &&
2823 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr))
2824 goto nla_put_failure;
2825
2826 if (pairwise && mac_addr &&
2827 !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
2828 return -ENOENT;
2829
2830 err = rdev_get_key(rdev, dev, key_idx, pairwise, mac_addr, &cookie,
2831 get_key_callback);
2832
2833 if (err)
2834 goto free_msg;
2835
2836 if (cookie.error)
2837 goto nla_put_failure;
2838
2839 genlmsg_end(msg, hdr);
2840 return genlmsg_reply(msg, info);
2841
2842 nla_put_failure:
2843 err = -ENOBUFS;
2844 free_msg:
2845 nlmsg_free(msg);
2846 return err;
2847 }
2848
2849 static int nl80211_set_key(struct sk_buff *skb, struct genl_info *info)
2850 {
2851 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2852 struct key_parse key;
2853 int err;
2854 struct net_device *dev = info->user_ptr[1];
2855
2856 err = nl80211_parse_key(info, &key);
2857 if (err)
2858 return err;
2859
2860 if (key.idx < 0)
2861 return -EINVAL;
2862
2863 /* only support setting default key */
2864 if (!key.def && !key.defmgmt)
2865 return -EINVAL;
2866
2867 wdev_lock(dev->ieee80211_ptr);
2868
2869 if (key.def) {
2870 if (!rdev->ops->set_default_key) {
2871 err = -EOPNOTSUPP;
2872 goto out;
2873 }
2874
2875 err = nl80211_key_allowed(dev->ieee80211_ptr);
2876 if (err)
2877 goto out;
2878
2879 err = rdev_set_default_key(rdev, dev, key.idx,
2880 key.def_uni, key.def_multi);
2881
2882 if (err)
2883 goto out;
2884
2885 #ifdef CONFIG_CFG80211_WEXT
2886 dev->ieee80211_ptr->wext.default_key = key.idx;
2887 #endif
2888 } else {
2889 if (key.def_uni || !key.def_multi) {
2890 err = -EINVAL;
2891 goto out;
2892 }
2893
2894 if (!rdev->ops->set_default_mgmt_key) {
2895 err = -EOPNOTSUPP;
2896 goto out;
2897 }
2898
2899 err = nl80211_key_allowed(dev->ieee80211_ptr);
2900 if (err)
2901 goto out;
2902
2903 err = rdev_set_default_mgmt_key(rdev, dev, key.idx);
2904 if (err)
2905 goto out;
2906
2907 #ifdef CONFIG_CFG80211_WEXT
2908 dev->ieee80211_ptr->wext.default_mgmt_key = key.idx;
2909 #endif
2910 }
2911
2912 out:
2913 wdev_unlock(dev->ieee80211_ptr);
2914
2915 return err;
2916 }
2917
2918 static int nl80211_new_key(struct sk_buff *skb, struct genl_info *info)
2919 {
2920 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2921 int err;
2922 struct net_device *dev = info->user_ptr[1];
2923 struct key_parse key;
2924 const u8 *mac_addr = NULL;
2925
2926 err = nl80211_parse_key(info, &key);
2927 if (err)
2928 return err;
2929
2930 if (!key.p.key)
2931 return -EINVAL;
2932
2933 if (info->attrs[NL80211_ATTR_MAC])
2934 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2935
2936 if (key.type == -1) {
2937 if (mac_addr)
2938 key.type = NL80211_KEYTYPE_PAIRWISE;
2939 else
2940 key.type = NL80211_KEYTYPE_GROUP;
2941 }
2942
2943 /* for now */
2944 if (key.type != NL80211_KEYTYPE_PAIRWISE &&
2945 key.type != NL80211_KEYTYPE_GROUP)
2946 return -EINVAL;
2947
2948 if (!rdev->ops->add_key)
2949 return -EOPNOTSUPP;
2950
2951 if (cfg80211_validate_key_settings(rdev, &key.p, key.idx,
2952 key.type == NL80211_KEYTYPE_PAIRWISE,
2953 mac_addr))
2954 return -EINVAL;
2955
2956 wdev_lock(dev->ieee80211_ptr);
2957 err = nl80211_key_allowed(dev->ieee80211_ptr);
2958 if (!err)
2959 err = rdev_add_key(rdev, dev, key.idx,
2960 key.type == NL80211_KEYTYPE_PAIRWISE,
2961 mac_addr, &key.p);
2962 wdev_unlock(dev->ieee80211_ptr);
2963
2964 return err;
2965 }
2966
2967 static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info)
2968 {
2969 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2970 int err;
2971 struct net_device *dev = info->user_ptr[1];
2972 u8 *mac_addr = NULL;
2973 struct key_parse key;
2974
2975 err = nl80211_parse_key(info, &key);
2976 if (err)
2977 return err;
2978
2979 if (info->attrs[NL80211_ATTR_MAC])
2980 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2981
2982 if (key.type == -1) {
2983 if (mac_addr)
2984 key.type = NL80211_KEYTYPE_PAIRWISE;
2985 else
2986 key.type = NL80211_KEYTYPE_GROUP;
2987 }
2988
2989 /* for now */
2990 if (key.type != NL80211_KEYTYPE_PAIRWISE &&
2991 key.type != NL80211_KEYTYPE_GROUP)
2992 return -EINVAL;
2993
2994 if (!rdev->ops->del_key)
2995 return -EOPNOTSUPP;
2996
2997 wdev_lock(dev->ieee80211_ptr);
2998 err = nl80211_key_allowed(dev->ieee80211_ptr);
2999
3000 if (key.type == NL80211_KEYTYPE_PAIRWISE && mac_addr &&
3001 !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
3002 err = -ENOENT;
3003
3004 if (!err)
3005 err = rdev_del_key(rdev, dev, key.idx,
3006 key.type == NL80211_KEYTYPE_PAIRWISE,
3007 mac_addr);
3008
3009 #ifdef CONFIG_CFG80211_WEXT
3010 if (!err) {
3011 if (key.idx == dev->ieee80211_ptr->wext.default_key)
3012 dev->ieee80211_ptr->wext.default_key = -1;
3013 else if (key.idx == dev->ieee80211_ptr->wext.default_mgmt_key)
3014 dev->ieee80211_ptr->wext.default_mgmt_key = -1;
3015 }
3016 #endif
3017 wdev_unlock(dev->ieee80211_ptr);
3018
3019 return err;
3020 }
3021
3022 /* This function returns an error or the number of nested attributes */
3023 static int validate_acl_mac_addrs(struct nlattr *nl_attr)
3024 {
3025 struct nlattr *attr;
3026 int n_entries = 0, tmp;
3027
3028 nla_for_each_nested(attr, nl_attr, tmp) {
3029 if (nla_len(attr) != ETH_ALEN)
3030 return -EINVAL;
3031
3032 n_entries++;
3033 }
3034
3035 return n_entries;
3036 }
3037
3038 /*
3039 * This function parses ACL information and allocates memory for ACL data.
3040 * On successful return, the calling function is responsible to free the
3041 * ACL buffer returned by this function.
3042 */
3043 static struct cfg80211_acl_data *parse_acl_data(struct wiphy *wiphy,
3044 struct genl_info *info)
3045 {
3046 enum nl80211_acl_policy acl_policy;
3047 struct nlattr *attr;
3048 struct cfg80211_acl_data *acl;
3049 int i = 0, n_entries, tmp;
3050
3051 if (!wiphy->max_acl_mac_addrs)
3052 return ERR_PTR(-EOPNOTSUPP);
3053
3054 if (!info->attrs[NL80211_ATTR_ACL_POLICY])
3055 return ERR_PTR(-EINVAL);
3056
3057 acl_policy = nla_get_u32(info->attrs[NL80211_ATTR_ACL_POLICY]);
3058 if (acl_policy != NL80211_ACL_POLICY_ACCEPT_UNLESS_LISTED &&
3059 acl_policy != NL80211_ACL_POLICY_DENY_UNLESS_LISTED)
3060 return ERR_PTR(-EINVAL);
3061
3062 if (!info->attrs[NL80211_ATTR_MAC_ADDRS])
3063 return ERR_PTR(-EINVAL);
3064
3065 n_entries = validate_acl_mac_addrs(info->attrs[NL80211_ATTR_MAC_ADDRS]);
3066 if (n_entries < 0)
3067 return ERR_PTR(n_entries);
3068
3069 if (n_entries > wiphy->max_acl_mac_addrs)
3070 return ERR_PTR(-ENOTSUPP);
3071
3072 acl = kzalloc(sizeof(*acl) + (sizeof(struct mac_address) * n_entries),
3073 GFP_KERNEL);
3074 if (!acl)
3075 return ERR_PTR(-ENOMEM);
3076
3077 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_MAC_ADDRS], tmp) {
3078 memcpy(acl->mac_addrs[i].addr, nla_data(attr), ETH_ALEN);
3079 i++;
3080 }
3081
3082 acl->n_acl_entries = n_entries;
3083 acl->acl_policy = acl_policy;
3084
3085 return acl;
3086 }
3087
3088 static int nl80211_set_mac_acl(struct sk_buff *skb, struct genl_info *info)
3089 {
3090 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3091 struct net_device *dev = info->user_ptr[1];
3092 struct cfg80211_acl_data *acl;
3093 int err;
3094
3095 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
3096 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3097 return -EOPNOTSUPP;
3098
3099 if (!dev->ieee80211_ptr->beacon_interval)
3100 return -EINVAL;
3101
3102 acl = parse_acl_data(&rdev->wiphy, info);
3103 if (IS_ERR(acl))
3104 return PTR_ERR(acl);
3105
3106 err = rdev_set_mac_acl(rdev, dev, acl);
3107
3108 kfree(acl);
3109
3110 return err;
3111 }
3112
3113 static int nl80211_parse_beacon(struct nlattr *attrs[],
3114 struct cfg80211_beacon_data *bcn)
3115 {
3116 bool haveinfo = false;
3117
3118 if (!is_valid_ie_attr(attrs[NL80211_ATTR_BEACON_TAIL]) ||
3119 !is_valid_ie_attr(attrs[NL80211_ATTR_IE]) ||
3120 !is_valid_ie_attr(attrs[NL80211_ATTR_IE_PROBE_RESP]) ||
3121 !is_valid_ie_attr(attrs[NL80211_ATTR_IE_ASSOC_RESP]))
3122 return -EINVAL;
3123
3124 memset(bcn, 0, sizeof(*bcn));
3125
3126 if (attrs[NL80211_ATTR_BEACON_HEAD]) {
3127 bcn->head = nla_data(attrs[NL80211_ATTR_BEACON_HEAD]);
3128 bcn->head_len = nla_len(attrs[NL80211_ATTR_BEACON_HEAD]);
3129 if (!bcn->head_len)
3130 return -EINVAL;
3131 haveinfo = true;
3132 }
3133
3134 if (attrs[NL80211_ATTR_BEACON_TAIL]) {
3135 bcn->tail = nla_data(attrs[NL80211_ATTR_BEACON_TAIL]);
3136 bcn->tail_len = nla_len(attrs[NL80211_ATTR_BEACON_TAIL]);
3137 haveinfo = true;
3138 }
3139
3140 if (!haveinfo)
3141 return -EINVAL;
3142
3143 if (attrs[NL80211_ATTR_IE]) {
3144 bcn->beacon_ies = nla_data(attrs[NL80211_ATTR_IE]);
3145 bcn->beacon_ies_len = nla_len(attrs[NL80211_ATTR_IE]);
3146 }
3147
3148 if (attrs[NL80211_ATTR_IE_PROBE_RESP]) {
3149 bcn->proberesp_ies =
3150 nla_data(attrs[NL80211_ATTR_IE_PROBE_RESP]);
3151 bcn->proberesp_ies_len =
3152 nla_len(attrs[NL80211_ATTR_IE_PROBE_RESP]);
3153 }
3154
3155 if (attrs[NL80211_ATTR_IE_ASSOC_RESP]) {
3156 bcn->assocresp_ies =
3157 nla_data(attrs[NL80211_ATTR_IE_ASSOC_RESP]);
3158 bcn->assocresp_ies_len =
3159 nla_len(attrs[NL80211_ATTR_IE_ASSOC_RESP]);
3160 }
3161
3162 if (attrs[NL80211_ATTR_PROBE_RESP]) {
3163 bcn->probe_resp = nla_data(attrs[NL80211_ATTR_PROBE_RESP]);
3164 bcn->probe_resp_len = nla_len(attrs[NL80211_ATTR_PROBE_RESP]);
3165 }
3166
3167 return 0;
3168 }
3169
3170 static bool nl80211_get_ap_channel(struct cfg80211_registered_device *rdev,
3171 struct cfg80211_ap_settings *params)
3172 {
3173 struct wireless_dev *wdev;
3174 bool ret = false;
3175
3176 list_for_each_entry(wdev, &rdev->wdev_list, list) {
3177 if (wdev->iftype != NL80211_IFTYPE_AP &&
3178 wdev->iftype != NL80211_IFTYPE_P2P_GO)
3179 continue;
3180
3181 if (!wdev->preset_chandef.chan)
3182 continue;
3183
3184 params->chandef = wdev->preset_chandef;
3185 ret = true;
3186 break;
3187 }
3188
3189 return ret;
3190 }
3191
3192 static bool nl80211_valid_auth_type(struct cfg80211_registered_device *rdev,
3193 enum nl80211_auth_type auth_type,
3194 enum nl80211_commands cmd)
3195 {
3196 if (auth_type > NL80211_AUTHTYPE_MAX)
3197 return false;
3198
3199 switch (cmd) {
3200 case NL80211_CMD_AUTHENTICATE:
3201 if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) &&
3202 auth_type == NL80211_AUTHTYPE_SAE)
3203 return false;
3204 return true;
3205 case NL80211_CMD_CONNECT:
3206 case NL80211_CMD_START_AP:
3207 /* SAE not supported yet */
3208 if (auth_type == NL80211_AUTHTYPE_SAE)
3209 return false;
3210 return true;
3211 default:
3212 return false;
3213 }
3214 }
3215
3216 static int nl80211_start_ap(struct sk_buff *skb, struct genl_info *info)
3217 {
3218 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3219 struct net_device *dev = info->user_ptr[1];
3220 struct wireless_dev *wdev = dev->ieee80211_ptr;
3221 struct cfg80211_ap_settings params;
3222 int err;
3223
3224 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
3225 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3226 return -EOPNOTSUPP;
3227
3228 if (!rdev->ops->start_ap)
3229 return -EOPNOTSUPP;
3230
3231 if (wdev->beacon_interval)
3232 return -EALREADY;
3233
3234 memset(&params, 0, sizeof(params));
3235
3236 /* these are required for START_AP */
3237 if (!info->attrs[NL80211_ATTR_BEACON_INTERVAL] ||
3238 !info->attrs[NL80211_ATTR_DTIM_PERIOD] ||
3239 !info->attrs[NL80211_ATTR_BEACON_HEAD])
3240 return -EINVAL;
3241
3242 err = nl80211_parse_beacon(info->attrs, &params.beacon);
3243 if (err)
3244 return err;
3245
3246 params.beacon_interval =
3247 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
3248 params.dtim_period =
3249 nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
3250
3251 err = cfg80211_validate_beacon_int(rdev, params.beacon_interval);
3252 if (err)
3253 return err;
3254
3255 /*
3256 * In theory, some of these attributes should be required here
3257 * but since they were not used when the command was originally
3258 * added, keep them optional for old user space programs to let
3259 * them continue to work with drivers that do not need the
3260 * additional information -- drivers must check!
3261 */
3262 if (info->attrs[NL80211_ATTR_SSID]) {
3263 params.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
3264 params.ssid_len =
3265 nla_len(info->attrs[NL80211_ATTR_SSID]);
3266 if (params.ssid_len == 0 ||
3267 params.ssid_len > IEEE80211_MAX_SSID_LEN)
3268 return -EINVAL;
3269 }
3270
3271 if (info->attrs[NL80211_ATTR_HIDDEN_SSID]) {
3272 params.hidden_ssid = nla_get_u32(
3273 info->attrs[NL80211_ATTR_HIDDEN_SSID]);
3274 if (params.hidden_ssid != NL80211_HIDDEN_SSID_NOT_IN_USE &&
3275 params.hidden_ssid != NL80211_HIDDEN_SSID_ZERO_LEN &&
3276 params.hidden_ssid != NL80211_HIDDEN_SSID_ZERO_CONTENTS)
3277 return -EINVAL;
3278 }
3279
3280 params.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
3281
3282 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
3283 params.auth_type = nla_get_u32(
3284 info->attrs[NL80211_ATTR_AUTH_TYPE]);
3285 if (!nl80211_valid_auth_type(rdev, params.auth_type,
3286 NL80211_CMD_START_AP))
3287 return -EINVAL;
3288 } else
3289 params.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
3290
3291 err = nl80211_crypto_settings(rdev, info, &params.crypto,
3292 NL80211_MAX_NR_CIPHER_SUITES);
3293 if (err)
3294 return err;
3295
3296 if (info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]) {
3297 if (!(rdev->wiphy.features & NL80211_FEATURE_INACTIVITY_TIMER))
3298 return -EOPNOTSUPP;
3299 params.inactivity_timeout = nla_get_u16(
3300 info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]);
3301 }
3302
3303 if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
3304 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3305 return -EINVAL;
3306 params.p2p_ctwindow =
3307 nla_get_u8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
3308 if (params.p2p_ctwindow > 127)
3309 return -EINVAL;
3310 if (params.p2p_ctwindow != 0 &&
3311 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN))
3312 return -EINVAL;
3313 }
3314
3315 if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
3316 u8 tmp;
3317
3318 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3319 return -EINVAL;
3320 tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
3321 if (tmp > 1)
3322 return -EINVAL;
3323 params.p2p_opp_ps = tmp;
3324 if (params.p2p_opp_ps != 0 &&
3325 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS))
3326 return -EINVAL;
3327 }
3328
3329 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
3330 err = nl80211_parse_chandef(rdev, info, &params.chandef);
3331 if (err)
3332 return err;
3333 } else if (wdev->preset_chandef.chan) {
3334 params.chandef = wdev->preset_chandef;
3335 } else if (!nl80211_get_ap_channel(rdev, &params))
3336 return -EINVAL;
3337
3338 if (!cfg80211_reg_can_beacon(&rdev->wiphy, &params.chandef,
3339 wdev->iftype))
3340 return -EINVAL;
3341
3342 if (info->attrs[NL80211_ATTR_ACL_POLICY]) {
3343 params.acl = parse_acl_data(&rdev->wiphy, info);
3344 if (IS_ERR(params.acl))
3345 return PTR_ERR(params.acl);
3346 }
3347
3348 wdev_lock(wdev);
3349 err = rdev_start_ap(rdev, dev, &params);
3350 if (!err) {
3351 wdev->preset_chandef = params.chandef;
3352 wdev->beacon_interval = params.beacon_interval;
3353 wdev->chandef = params.chandef;
3354 wdev->ssid_len = params.ssid_len;
3355 memcpy(wdev->ssid, params.ssid, wdev->ssid_len);
3356 }
3357 wdev_unlock(wdev);
3358
3359 kfree(params.acl);
3360
3361 return err;
3362 }
3363
3364 static int nl80211_set_beacon(struct sk_buff *skb, struct genl_info *info)
3365 {
3366 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3367 struct net_device *dev = info->user_ptr[1];
3368 struct wireless_dev *wdev = dev->ieee80211_ptr;
3369 struct cfg80211_beacon_data params;
3370 int err;
3371
3372 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
3373 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3374 return -EOPNOTSUPP;
3375
3376 if (!rdev->ops->change_beacon)
3377 return -EOPNOTSUPP;
3378
3379 if (!wdev->beacon_interval)
3380 return -EINVAL;
3381
3382 err = nl80211_parse_beacon(info->attrs, &params);
3383 if (err)
3384 return err;
3385
3386 wdev_lock(wdev);
3387 err = rdev_change_beacon(rdev, dev, &params);
3388 wdev_unlock(wdev);
3389
3390 return err;
3391 }
3392
3393 static int nl80211_stop_ap(struct sk_buff *skb, struct genl_info *info)
3394 {
3395 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3396 struct net_device *dev = info->user_ptr[1];
3397
3398 return cfg80211_stop_ap(rdev, dev, false);
3399 }
3400
3401 static const struct nla_policy sta_flags_policy[NL80211_STA_FLAG_MAX + 1] = {
3402 [NL80211_STA_FLAG_AUTHORIZED] = { .type = NLA_FLAG },
3403 [NL80211_STA_FLAG_SHORT_PREAMBLE] = { .type = NLA_FLAG },
3404 [NL80211_STA_FLAG_WME] = { .type = NLA_FLAG },
3405 [NL80211_STA_FLAG_MFP] = { .type = NLA_FLAG },
3406 [NL80211_STA_FLAG_AUTHENTICATED] = { .type = NLA_FLAG },
3407 [NL80211_STA_FLAG_TDLS_PEER] = { .type = NLA_FLAG },
3408 };
3409
3410 static int parse_station_flags(struct genl_info *info,
3411 enum nl80211_iftype iftype,
3412 struct station_parameters *params)
3413 {
3414 struct nlattr *flags[NL80211_STA_FLAG_MAX + 1];
3415 struct nlattr *nla;
3416 int flag;
3417
3418 /*
3419 * Try parsing the new attribute first so userspace
3420 * can specify both for older kernels.
3421 */
3422 nla = info->attrs[NL80211_ATTR_STA_FLAGS2];
3423 if (nla) {
3424 struct nl80211_sta_flag_update *sta_flags;
3425
3426 sta_flags = nla_data(nla);
3427 params->sta_flags_mask = sta_flags->mask;
3428 params->sta_flags_set = sta_flags->set;
3429 params->sta_flags_set &= params->sta_flags_mask;
3430 if ((params->sta_flags_mask |
3431 params->sta_flags_set) & BIT(__NL80211_STA_FLAG_INVALID))
3432 return -EINVAL;
3433 return 0;
3434 }
3435
3436 /* if present, parse the old attribute */
3437
3438 nla = info->attrs[NL80211_ATTR_STA_FLAGS];
3439 if (!nla)
3440 return 0;
3441
3442 if (nla_parse_nested(flags, NL80211_STA_FLAG_MAX,
3443 nla, sta_flags_policy))
3444 return -EINVAL;
3445
3446 /*
3447 * Only allow certain flags for interface types so that
3448 * other attributes are silently ignored. Remember that
3449 * this is backward compatibility code with old userspace
3450 * and shouldn't be hit in other cases anyway.
3451 */
3452 switch (iftype) {
3453 case NL80211_IFTYPE_AP:
3454 case NL80211_IFTYPE_AP_VLAN:
3455 case NL80211_IFTYPE_P2P_GO:
3456 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
3457 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
3458 BIT(NL80211_STA_FLAG_WME) |
3459 BIT(NL80211_STA_FLAG_MFP);
3460 break;
3461 case NL80211_IFTYPE_P2P_CLIENT:
3462 case NL80211_IFTYPE_STATION:
3463 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
3464 BIT(NL80211_STA_FLAG_TDLS_PEER);
3465 break;
3466 case NL80211_IFTYPE_MESH_POINT:
3467 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHENTICATED) |
3468 BIT(NL80211_STA_FLAG_MFP) |
3469 BIT(NL80211_STA_FLAG_AUTHORIZED);
3470 default:
3471 return -EINVAL;
3472 }
3473
3474 for (flag = 1; flag <= NL80211_STA_FLAG_MAX; flag++) {
3475 if (flags[flag]) {
3476 params->sta_flags_set |= (1<<flag);
3477
3478 /* no longer support new API additions in old API */
3479 if (flag > NL80211_STA_FLAG_MAX_OLD_API)
3480 return -EINVAL;
3481 }
3482 }
3483
3484 return 0;
3485 }
3486
3487 static bool nl80211_put_sta_rate(struct sk_buff *msg, struct rate_info *info,
3488 int attr)
3489 {
3490 struct nlattr *rate;
3491 u32 bitrate;
3492 u16 bitrate_compat;
3493
3494 rate = nla_nest_start(msg, attr);
3495 if (!rate)
3496 return false;
3497
3498 /* cfg80211_calculate_bitrate will return 0 for mcs >= 32 */
3499 bitrate = cfg80211_calculate_bitrate(info);
3500 /* report 16-bit bitrate only if we can */
3501 bitrate_compat = bitrate < (1UL << 16) ? bitrate : 0;
3502 if (bitrate > 0 &&
3503 nla_put_u32(msg, NL80211_RATE_INFO_BITRATE32, bitrate))
3504 return false;
3505 if (bitrate_compat > 0 &&
3506 nla_put_u16(msg, NL80211_RATE_INFO_BITRATE, bitrate_compat))
3507 return false;
3508
3509 if (info->flags & RATE_INFO_FLAGS_MCS) {
3510 if (nla_put_u8(msg, NL80211_RATE_INFO_MCS, info->mcs))
3511 return false;
3512 if (info->flags & RATE_INFO_FLAGS_40_MHZ_WIDTH &&
3513 nla_put_flag(msg, NL80211_RATE_INFO_40_MHZ_WIDTH))
3514 return false;
3515 if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
3516 nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
3517 return false;
3518 } else if (info->flags & RATE_INFO_FLAGS_VHT_MCS) {
3519 if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_MCS, info->mcs))
3520 return false;
3521 if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_NSS, info->nss))
3522 return false;
3523 if (info->flags & RATE_INFO_FLAGS_40_MHZ_WIDTH &&
3524 nla_put_flag(msg, NL80211_RATE_INFO_40_MHZ_WIDTH))
3525 return false;
3526 if (info->flags & RATE_INFO_FLAGS_80_MHZ_WIDTH &&
3527 nla_put_flag(msg, NL80211_RATE_INFO_80_MHZ_WIDTH))
3528 return false;
3529 if (info->flags & RATE_INFO_FLAGS_80P80_MHZ_WIDTH &&
3530 nla_put_flag(msg, NL80211_RATE_INFO_80P80_MHZ_WIDTH))
3531 return false;
3532 if (info->flags & RATE_INFO_FLAGS_160_MHZ_WIDTH &&
3533 nla_put_flag(msg, NL80211_RATE_INFO_160_MHZ_WIDTH))
3534 return false;
3535 if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
3536 nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
3537 return false;
3538 }
3539
3540 nla_nest_end(msg, rate);
3541 return true;
3542 }
3543
3544 static bool nl80211_put_signal(struct sk_buff *msg, u8 mask, s8 *signal,
3545 int id)
3546 {
3547 void *attr;
3548 int i = 0;
3549
3550 if (!mask)
3551 return true;
3552
3553 attr = nla_nest_start(msg, id);
3554 if (!attr)
3555 return false;
3556
3557 for (i = 0; i < IEEE80211_MAX_CHAINS; i++) {
3558 if (!(mask & BIT(i)))
3559 continue;
3560
3561 if (nla_put_u8(msg, i, signal[i]))
3562 return false;
3563 }
3564
3565 nla_nest_end(msg, attr);
3566
3567 return true;
3568 }
3569
3570 static int nl80211_send_station(struct sk_buff *msg, u32 portid, u32 seq,
3571 int flags,
3572 struct cfg80211_registered_device *rdev,
3573 struct net_device *dev,
3574 const u8 *mac_addr, struct station_info *sinfo)
3575 {
3576 void *hdr;
3577 struct nlattr *sinfoattr, *bss_param;
3578
3579 hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_STATION);
3580 if (!hdr)
3581 return -1;
3582
3583 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
3584 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
3585 nla_put_u32(msg, NL80211_ATTR_GENERATION, sinfo->generation))
3586 goto nla_put_failure;
3587
3588 sinfoattr = nla_nest_start(msg, NL80211_ATTR_STA_INFO);
3589 if (!sinfoattr)
3590 goto nla_put_failure;
3591 if ((sinfo->filled & STATION_INFO_CONNECTED_TIME) &&
3592 nla_put_u32(msg, NL80211_STA_INFO_CONNECTED_TIME,
3593 sinfo->connected_time))
3594 goto nla_put_failure;
3595 if ((sinfo->filled & STATION_INFO_INACTIVE_TIME) &&
3596 nla_put_u32(msg, NL80211_STA_INFO_INACTIVE_TIME,
3597 sinfo->inactive_time))
3598 goto nla_put_failure;
3599 if ((sinfo->filled & (STATION_INFO_RX_BYTES |
3600 STATION_INFO_RX_BYTES64)) &&
3601 nla_put_u32(msg, NL80211_STA_INFO_RX_BYTES,
3602 (u32)sinfo->rx_bytes))
3603 goto nla_put_failure;
3604 if ((sinfo->filled & (STATION_INFO_TX_BYTES |
3605 STATION_INFO_TX_BYTES64)) &&
3606 nla_put_u32(msg, NL80211_STA_INFO_TX_BYTES,
3607 (u32)sinfo->tx_bytes))
3608 goto nla_put_failure;
3609 if ((sinfo->filled & STATION_INFO_RX_BYTES64) &&
3610 nla_put_u64(msg, NL80211_STA_INFO_RX_BYTES64,
3611 sinfo->rx_bytes))
3612 goto nla_put_failure;
3613 if ((sinfo->filled & STATION_INFO_TX_BYTES64) &&
3614 nla_put_u64(msg, NL80211_STA_INFO_TX_BYTES64,
3615 sinfo->tx_bytes))
3616 goto nla_put_failure;
3617 if ((sinfo->filled & STATION_INFO_LLID) &&
3618 nla_put_u16(msg, NL80211_STA_INFO_LLID, sinfo->llid))
3619 goto nla_put_failure;
3620 if ((sinfo->filled & STATION_INFO_PLID) &&
3621 nla_put_u16(msg, NL80211_STA_INFO_PLID, sinfo->plid))
3622 goto nla_put_failure;
3623 if ((sinfo->filled & STATION_INFO_PLINK_STATE) &&
3624 nla_put_u8(msg, NL80211_STA_INFO_PLINK_STATE,
3625 sinfo->plink_state))
3626 goto nla_put_failure;
3627 switch (rdev->wiphy.signal_type) {
3628 case CFG80211_SIGNAL_TYPE_MBM:
3629 if ((sinfo->filled & STATION_INFO_SIGNAL) &&
3630 nla_put_u8(msg, NL80211_STA_INFO_SIGNAL,
3631 sinfo->signal))
3632 goto nla_put_failure;
3633 if ((sinfo->filled & STATION_INFO_SIGNAL_AVG) &&
3634 nla_put_u8(msg, NL80211_STA_INFO_SIGNAL_AVG,
3635 sinfo->signal_avg))
3636 goto nla_put_failure;
3637 break;
3638 default:
3639 break;
3640 }
3641 if (sinfo->filled & STATION_INFO_CHAIN_SIGNAL) {
3642 if (!nl80211_put_signal(msg, sinfo->chains,
3643 sinfo->chain_signal,
3644 NL80211_STA_INFO_CHAIN_SIGNAL))
3645 goto nla_put_failure;
3646 }
3647 if (sinfo->filled & STATION_INFO_CHAIN_SIGNAL_AVG) {
3648 if (!nl80211_put_signal(msg, sinfo->chains,
3649 sinfo->chain_signal_avg,
3650 NL80211_STA_INFO_CHAIN_SIGNAL_AVG))
3651 goto nla_put_failure;
3652 }
3653 if (sinfo->filled & STATION_INFO_TX_BITRATE) {
3654 if (!nl80211_put_sta_rate(msg, &sinfo->txrate,
3655 NL80211_STA_INFO_TX_BITRATE))
3656 goto nla_put_failure;
3657 }
3658 if (sinfo->filled & STATION_INFO_RX_BITRATE) {
3659 if (!nl80211_put_sta_rate(msg, &sinfo->rxrate,
3660 NL80211_STA_INFO_RX_BITRATE))
3661 goto nla_put_failure;
3662 }
3663 if ((sinfo->filled & STATION_INFO_RX_PACKETS) &&
3664 nla_put_u32(msg, NL80211_STA_INFO_RX_PACKETS,
3665 sinfo->rx_packets))
3666 goto nla_put_failure;
3667 if ((sinfo->filled & STATION_INFO_TX_PACKETS) &&
3668 nla_put_u32(msg, NL80211_STA_INFO_TX_PACKETS,
3669 sinfo->tx_packets))
3670 goto nla_put_failure;
3671 if ((sinfo->filled & STATION_INFO_TX_RETRIES) &&
3672 nla_put_u32(msg, NL80211_STA_INFO_TX_RETRIES,
3673 sinfo->tx_retries))
3674 goto nla_put_failure;
3675 if ((sinfo->filled & STATION_INFO_TX_FAILED) &&
3676 nla_put_u32(msg, NL80211_STA_INFO_TX_FAILED,
3677 sinfo->tx_failed))
3678 goto nla_put_failure;
3679 if ((sinfo->filled & STATION_INFO_EXPECTED_THROUGHPUT) &&
3680 nla_put_u32(msg, NL80211_STA_INFO_EXPECTED_THROUGHPUT,
3681 sinfo->expected_throughput))
3682 goto nla_put_failure;
3683 if ((sinfo->filled & STATION_INFO_BEACON_LOSS_COUNT) &&
3684 nla_put_u32(msg, NL80211_STA_INFO_BEACON_LOSS,
3685 sinfo->beacon_loss_count))
3686 goto nla_put_failure;
3687 if ((sinfo->filled & STATION_INFO_LOCAL_PM) &&
3688 nla_put_u32(msg, NL80211_STA_INFO_LOCAL_PM,
3689 sinfo->local_pm))
3690 goto nla_put_failure;
3691 if ((sinfo->filled & STATION_INFO_PEER_PM) &&
3692 nla_put_u32(msg, NL80211_STA_INFO_PEER_PM,
3693 sinfo->peer_pm))
3694 goto nla_put_failure;
3695 if ((sinfo->filled & STATION_INFO_NONPEER_PM) &&
3696 nla_put_u32(msg, NL80211_STA_INFO_NONPEER_PM,
3697 sinfo->nonpeer_pm))
3698 goto nla_put_failure;
3699 if (sinfo->filled & STATION_INFO_BSS_PARAM) {
3700 bss_param = nla_nest_start(msg, NL80211_STA_INFO_BSS_PARAM);
3701 if (!bss_param)
3702 goto nla_put_failure;
3703
3704 if (((sinfo->bss_param.flags & BSS_PARAM_FLAGS_CTS_PROT) &&
3705 nla_put_flag(msg, NL80211_STA_BSS_PARAM_CTS_PROT)) ||
3706 ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_PREAMBLE) &&
3707 nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_PREAMBLE)) ||
3708 ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_SLOT_TIME) &&
3709 nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_SLOT_TIME)) ||
3710 nla_put_u8(msg, NL80211_STA_BSS_PARAM_DTIM_PERIOD,
3711 sinfo->bss_param.dtim_period) ||
3712 nla_put_u16(msg, NL80211_STA_BSS_PARAM_BEACON_INTERVAL,
3713 sinfo->bss_param.beacon_interval))
3714 goto nla_put_failure;
3715
3716 nla_nest_end(msg, bss_param);
3717 }
3718 if ((sinfo->filled & STATION_INFO_STA_FLAGS) &&
3719 nla_put(msg, NL80211_STA_INFO_STA_FLAGS,
3720 sizeof(struct nl80211_sta_flag_update),
3721 &sinfo->sta_flags))
3722 goto nla_put_failure;
3723 if ((sinfo->filled & STATION_INFO_T_OFFSET) &&
3724 nla_put_u64(msg, NL80211_STA_INFO_T_OFFSET,
3725 sinfo->t_offset))
3726 goto nla_put_failure;
3727 nla_nest_end(msg, sinfoattr);
3728
3729 if ((sinfo->filled & STATION_INFO_ASSOC_REQ_IES) &&
3730 nla_put(msg, NL80211_ATTR_IE, sinfo->assoc_req_ies_len,
3731 sinfo->assoc_req_ies))
3732 goto nla_put_failure;
3733
3734 return genlmsg_end(msg, hdr);
3735
3736 nla_put_failure:
3737 genlmsg_cancel(msg, hdr);
3738 return -EMSGSIZE;
3739 }
3740
3741 static int nl80211_dump_station(struct sk_buff *skb,
3742 struct netlink_callback *cb)
3743 {
3744 struct station_info sinfo;
3745 struct cfg80211_registered_device *rdev;
3746 struct wireless_dev *wdev;
3747 u8 mac_addr[ETH_ALEN];
3748 int sta_idx = cb->args[2];
3749 int err;
3750
3751 err = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev);
3752 if (err)
3753 return err;
3754
3755 if (!wdev->netdev) {
3756 err = -EINVAL;
3757 goto out_err;
3758 }
3759
3760 if (!rdev->ops->dump_station) {
3761 err = -EOPNOTSUPP;
3762 goto out_err;
3763 }
3764
3765 while (1) {
3766 memset(&sinfo, 0, sizeof(sinfo));
3767 err = rdev_dump_station(rdev, wdev->netdev, sta_idx,
3768 mac_addr, &sinfo);
3769 if (err == -ENOENT)
3770 break;
3771 if (err)
3772 goto out_err;
3773
3774 if (nl80211_send_station(skb,
3775 NETLINK_CB(cb->skb).portid,
3776 cb->nlh->nlmsg_seq, NLM_F_MULTI,
3777 rdev, wdev->netdev, mac_addr,
3778 &sinfo) < 0)
3779 goto out;
3780
3781 sta_idx++;
3782 }
3783
3784
3785 out:
3786 cb->args[2] = sta_idx;
3787 err = skb->len;
3788 out_err:
3789 nl80211_finish_wdev_dump(rdev);
3790
3791 return err;
3792 }
3793
3794 static int nl80211_get_station(struct sk_buff *skb, struct genl_info *info)
3795 {
3796 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3797 struct net_device *dev = info->user_ptr[1];
3798 struct station_info sinfo;
3799 struct sk_buff *msg;
3800 u8 *mac_addr = NULL;
3801 int err;
3802
3803 memset(&sinfo, 0, sizeof(sinfo));
3804
3805 if (!info->attrs[NL80211_ATTR_MAC])
3806 return -EINVAL;
3807
3808 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3809
3810 if (!rdev->ops->get_station)
3811 return -EOPNOTSUPP;
3812
3813 err = rdev_get_station(rdev, dev, mac_addr, &sinfo);
3814 if (err)
3815 return err;
3816
3817 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3818 if (!msg)
3819 return -ENOMEM;
3820
3821 if (nl80211_send_station(msg, info->snd_portid, info->snd_seq, 0,
3822 rdev, dev, mac_addr, &sinfo) < 0) {
3823 nlmsg_free(msg);
3824 return -ENOBUFS;
3825 }
3826
3827 return genlmsg_reply(msg, info);
3828 }
3829
3830 int cfg80211_check_station_change(struct wiphy *wiphy,
3831 struct station_parameters *params,
3832 enum cfg80211_station_type statype)
3833 {
3834 if (params->listen_interval != -1)
3835 return -EINVAL;
3836 if (params->aid &&
3837 !(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
3838 return -EINVAL;
3839
3840 /* When you run into this, adjust the code below for the new flag */
3841 BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 7);
3842
3843 switch (statype) {
3844 case CFG80211_STA_MESH_PEER_KERNEL:
3845 case CFG80211_STA_MESH_PEER_USER:
3846 /*
3847 * No ignoring the TDLS flag here -- the userspace mesh
3848 * code doesn't have the bug of including TDLS in the
3849 * mask everywhere.
3850 */
3851 if (params->sta_flags_mask &
3852 ~(BIT(NL80211_STA_FLAG_AUTHENTICATED) |
3853 BIT(NL80211_STA_FLAG_MFP) |
3854 BIT(NL80211_STA_FLAG_AUTHORIZED)))
3855 return -EINVAL;
3856 break;
3857 case CFG80211_STA_TDLS_PEER_SETUP:
3858 case CFG80211_STA_TDLS_PEER_ACTIVE:
3859 if (!(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
3860 return -EINVAL;
3861 /* ignore since it can't change */
3862 params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
3863 break;
3864 default:
3865 /* disallow mesh-specific things */
3866 if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION)
3867 return -EINVAL;
3868 if (params->local_pm)
3869 return -EINVAL;
3870 if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE)
3871 return -EINVAL;
3872 }
3873
3874 if (statype != CFG80211_STA_TDLS_PEER_SETUP &&
3875 statype != CFG80211_STA_TDLS_PEER_ACTIVE) {
3876 /* TDLS can't be set, ... */
3877 if (params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))
3878 return -EINVAL;
3879 /*
3880 * ... but don't bother the driver with it. This works around
3881 * a hostapd/wpa_supplicant issue -- it always includes the
3882 * TLDS_PEER flag in the mask even for AP mode.
3883 */
3884 params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
3885 }
3886
3887 if (statype != CFG80211_STA_TDLS_PEER_SETUP) {
3888 /* reject other things that can't change */
3889 if (params->sta_modify_mask & STATION_PARAM_APPLY_UAPSD)
3890 return -EINVAL;
3891 if (params->sta_modify_mask & STATION_PARAM_APPLY_CAPABILITY)
3892 return -EINVAL;
3893 if (params->supported_rates)
3894 return -EINVAL;
3895 if (params->ext_capab || params->ht_capa || params->vht_capa)
3896 return -EINVAL;
3897 }
3898
3899 if (statype != CFG80211_STA_AP_CLIENT) {
3900 if (params->vlan)
3901 return -EINVAL;
3902 }
3903
3904 switch (statype) {
3905 case CFG80211_STA_AP_MLME_CLIENT:
3906 /* Use this only for authorizing/unauthorizing a station */
3907 if (!(params->sta_flags_mask & BIT(NL80211_STA_FLAG_AUTHORIZED)))
3908 return -EOPNOTSUPP;
3909 break;
3910 case CFG80211_STA_AP_CLIENT:
3911 /* accept only the listed bits */
3912 if (params->sta_flags_mask &
3913 ~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
3914 BIT(NL80211_STA_FLAG_AUTHENTICATED) |
3915 BIT(NL80211_STA_FLAG_ASSOCIATED) |
3916 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
3917 BIT(NL80211_STA_FLAG_WME) |
3918 BIT(NL80211_STA_FLAG_MFP)))
3919 return -EINVAL;
3920
3921 /* but authenticated/associated only if driver handles it */
3922 if (!(wiphy->features & NL80211_FEATURE_FULL_AP_CLIENT_STATE) &&
3923 params->sta_flags_mask &
3924 (BIT(NL80211_STA_FLAG_AUTHENTICATED) |
3925 BIT(NL80211_STA_FLAG_ASSOCIATED)))
3926 return -EINVAL;
3927 break;
3928 case CFG80211_STA_IBSS:
3929 case CFG80211_STA_AP_STA:
3930 /* reject any changes other than AUTHORIZED */
3931 if (params->sta_flags_mask & ~BIT(NL80211_STA_FLAG_AUTHORIZED))
3932 return -EINVAL;
3933 break;
3934 case CFG80211_STA_TDLS_PEER_SETUP:
3935 /* reject any changes other than AUTHORIZED or WME */
3936 if (params->sta_flags_mask & ~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
3937 BIT(NL80211_STA_FLAG_WME)))
3938 return -EINVAL;
3939 /* force (at least) rates when authorizing */
3940 if (params->sta_flags_set & BIT(NL80211_STA_FLAG_AUTHORIZED) &&
3941 !params->supported_rates)
3942 return -EINVAL;
3943 break;
3944 case CFG80211_STA_TDLS_PEER_ACTIVE:
3945 /* reject any changes */
3946 return -EINVAL;
3947 case CFG80211_STA_MESH_PEER_KERNEL:
3948 if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE)
3949 return -EINVAL;
3950 break;
3951 case CFG80211_STA_MESH_PEER_USER:
3952 if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION)
3953 return -EINVAL;
3954 break;
3955 }
3956
3957 return 0;
3958 }
3959 EXPORT_SYMBOL(cfg80211_check_station_change);
3960
3961 /*
3962 * Get vlan interface making sure it is running and on the right wiphy.
3963 */
3964 static struct net_device *get_vlan(struct genl_info *info,
3965 struct cfg80211_registered_device *rdev)
3966 {
3967 struct nlattr *vlanattr = info->attrs[NL80211_ATTR_STA_VLAN];
3968 struct net_device *v;
3969 int ret;
3970
3971 if (!vlanattr)
3972 return NULL;
3973
3974 v = dev_get_by_index(genl_info_net(info), nla_get_u32(vlanattr));
3975 if (!v)
3976 return ERR_PTR(-ENODEV);
3977
3978 if (!v->ieee80211_ptr || v->ieee80211_ptr->wiphy != &rdev->wiphy) {
3979 ret = -EINVAL;
3980 goto error;
3981 }
3982
3983 if (v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
3984 v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
3985 v->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) {
3986 ret = -EINVAL;
3987 goto error;
3988 }
3989
3990 if (!netif_running(v)) {
3991 ret = -ENETDOWN;
3992 goto error;
3993 }
3994
3995 return v;
3996 error:
3997 dev_put(v);
3998 return ERR_PTR(ret);
3999 }
4000
4001 static const struct nla_policy
4002 nl80211_sta_wme_policy[NL80211_STA_WME_MAX + 1] = {
4003 [NL80211_STA_WME_UAPSD_QUEUES] = { .type = NLA_U8 },
4004 [NL80211_STA_WME_MAX_SP] = { .type = NLA_U8 },
4005 };
4006
4007 static int nl80211_parse_sta_wme(struct genl_info *info,
4008 struct station_parameters *params)
4009 {
4010 struct nlattr *tb[NL80211_STA_WME_MAX + 1];
4011 struct nlattr *nla;
4012 int err;
4013
4014 /* parse WME attributes if present */
4015 if (!info->attrs[NL80211_ATTR_STA_WME])
4016 return 0;
4017
4018 nla = info->attrs[NL80211_ATTR_STA_WME];
4019 err = nla_parse_nested(tb, NL80211_STA_WME_MAX, nla,
4020 nl80211_sta_wme_policy);
4021 if (err)
4022 return err;
4023
4024 if (tb[NL80211_STA_WME_UAPSD_QUEUES])
4025 params->uapsd_queues = nla_get_u8(
4026 tb[NL80211_STA_WME_UAPSD_QUEUES]);
4027 if (params->uapsd_queues & ~IEEE80211_WMM_IE_STA_QOSINFO_AC_MASK)
4028 return -EINVAL;
4029
4030 if (tb[NL80211_STA_WME_MAX_SP])
4031 params->max_sp = nla_get_u8(tb[NL80211_STA_WME_MAX_SP]);
4032
4033 if (params->max_sp & ~IEEE80211_WMM_IE_STA_QOSINFO_SP_MASK)
4034 return -EINVAL;
4035
4036 params->sta_modify_mask |= STATION_PARAM_APPLY_UAPSD;
4037
4038 return 0;
4039 }
4040
4041 static int nl80211_parse_sta_channel_info(struct genl_info *info,
4042 struct station_parameters *params)
4043 {
4044 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]) {
4045 params->supported_channels =
4046 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]);
4047 params->supported_channels_len =
4048 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]);
4049 /*
4050 * Need to include at least one (first channel, number of
4051 * channels) tuple for each subband, and must have proper
4052 * tuples for the rest of the data as well.
4053 */
4054 if (params->supported_channels_len < 2)
4055 return -EINVAL;
4056 if (params->supported_channels_len % 2)
4057 return -EINVAL;
4058 }
4059
4060 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]) {
4061 params->supported_oper_classes =
4062 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]);
4063 params->supported_oper_classes_len =
4064 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]);
4065 /*
4066 * The value of the Length field of the Supported Operating
4067 * Classes element is between 2 and 253.
4068 */
4069 if (params->supported_oper_classes_len < 2 ||
4070 params->supported_oper_classes_len > 253)
4071 return -EINVAL;
4072 }
4073 return 0;
4074 }
4075
4076 static int nl80211_set_station_tdls(struct genl_info *info,
4077 struct station_parameters *params)
4078 {
4079 int err;
4080 /* Dummy STA entry gets updated once the peer capabilities are known */
4081 if (info->attrs[NL80211_ATTR_PEER_AID])
4082 params->aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
4083 if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
4084 params->ht_capa =
4085 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
4086 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
4087 params->vht_capa =
4088 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
4089
4090 err = nl80211_parse_sta_channel_info(info, params);
4091 if (err)
4092 return err;
4093
4094 return nl80211_parse_sta_wme(info, params);
4095 }
4096
4097 static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info)
4098 {
4099 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4100 struct net_device *dev = info->user_ptr[1];
4101 struct station_parameters params;
4102 u8 *mac_addr;
4103 int err;
4104
4105 memset(&params, 0, sizeof(params));
4106
4107 params.listen_interval = -1;
4108
4109 if (!rdev->ops->change_station)
4110 return -EOPNOTSUPP;
4111
4112 if (info->attrs[NL80211_ATTR_STA_AID])
4113 return -EINVAL;
4114
4115 if (!info->attrs[NL80211_ATTR_MAC])
4116 return -EINVAL;
4117
4118 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4119
4120 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) {
4121 params.supported_rates =
4122 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
4123 params.supported_rates_len =
4124 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
4125 }
4126
4127 if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
4128 params.capability =
4129 nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]);
4130 params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY;
4131 }
4132
4133 if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) {
4134 params.ext_capab =
4135 nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
4136 params.ext_capab_len =
4137 nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
4138 }
4139
4140 if (info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
4141 return -EINVAL;
4142
4143 if (parse_station_flags(info, dev->ieee80211_ptr->iftype, &params))
4144 return -EINVAL;
4145
4146 if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION]) {
4147 params.plink_action =
4148 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
4149 if (params.plink_action >= NUM_NL80211_PLINK_ACTIONS)
4150 return -EINVAL;
4151 }
4152
4153 if (info->attrs[NL80211_ATTR_STA_PLINK_STATE]) {
4154 params.plink_state =
4155 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_STATE]);
4156 if (params.plink_state >= NUM_NL80211_PLINK_STATES)
4157 return -EINVAL;
4158 params.sta_modify_mask |= STATION_PARAM_APPLY_PLINK_STATE;
4159 }
4160
4161 if (info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE]) {
4162 enum nl80211_mesh_power_mode pm = nla_get_u32(
4163 info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE]);
4164
4165 if (pm <= NL80211_MESH_POWER_UNKNOWN ||
4166 pm > NL80211_MESH_POWER_MAX)
4167 return -EINVAL;
4168
4169 params.local_pm = pm;
4170 }
4171
4172 /* Include parameters for TDLS peer (will check later) */
4173 err = nl80211_set_station_tdls(info, &params);
4174 if (err)
4175 return err;
4176
4177 params.vlan = get_vlan(info, rdev);
4178 if (IS_ERR(params.vlan))
4179 return PTR_ERR(params.vlan);
4180
4181 switch (dev->ieee80211_ptr->iftype) {
4182 case NL80211_IFTYPE_AP:
4183 case NL80211_IFTYPE_AP_VLAN:
4184 case NL80211_IFTYPE_P2P_GO:
4185 case NL80211_IFTYPE_P2P_CLIENT:
4186 case NL80211_IFTYPE_STATION:
4187 case NL80211_IFTYPE_ADHOC:
4188 case NL80211_IFTYPE_MESH_POINT:
4189 break;
4190 default:
4191 err = -EOPNOTSUPP;
4192 goto out_put_vlan;
4193 }
4194
4195 /* driver will call cfg80211_check_station_change() */
4196 err = rdev_change_station(rdev, dev, mac_addr, &params);
4197
4198 out_put_vlan:
4199 if (params.vlan)
4200 dev_put(params.vlan);
4201
4202 return err;
4203 }
4204
4205 static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info)
4206 {
4207 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4208 int err;
4209 struct net_device *dev = info->user_ptr[1];
4210 struct station_parameters params;
4211 u8 *mac_addr = NULL;
4212
4213 memset(&params, 0, sizeof(params));
4214
4215 if (!rdev->ops->add_station)
4216 return -EOPNOTSUPP;
4217
4218 if (!info->attrs[NL80211_ATTR_MAC])
4219 return -EINVAL;
4220
4221 if (!info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
4222 return -EINVAL;
4223
4224 if (!info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES])
4225 return -EINVAL;
4226
4227 if (!info->attrs[NL80211_ATTR_STA_AID] &&
4228 !info->attrs[NL80211_ATTR_PEER_AID])
4229 return -EINVAL;
4230
4231 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4232 params.supported_rates =
4233 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
4234 params.supported_rates_len =
4235 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
4236 params.listen_interval =
4237 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
4238
4239 if (info->attrs[NL80211_ATTR_PEER_AID])
4240 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
4241 else
4242 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
4243 if (!params.aid || params.aid > IEEE80211_MAX_AID)
4244 return -EINVAL;
4245
4246 if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
4247 params.capability =
4248 nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]);
4249 params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY;
4250 }
4251
4252 if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) {
4253 params.ext_capab =
4254 nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
4255 params.ext_capab_len =
4256 nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
4257 }
4258
4259 if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
4260 params.ht_capa =
4261 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
4262
4263 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
4264 params.vht_capa =
4265 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
4266
4267 if (info->attrs[NL80211_ATTR_OPMODE_NOTIF]) {
4268 params.opmode_notif_used = true;
4269 params.opmode_notif =
4270 nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]);
4271 }
4272
4273 if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION]) {
4274 params.plink_action =
4275 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
4276 if (params.plink_action >= NUM_NL80211_PLINK_ACTIONS)
4277 return -EINVAL;
4278 }
4279
4280 err = nl80211_parse_sta_channel_info(info, &params);
4281 if (err)
4282 return err;
4283
4284 err = nl80211_parse_sta_wme(info, &params);
4285 if (err)
4286 return err;
4287
4288 if (parse_station_flags(info, dev->ieee80211_ptr->iftype, &params))
4289 return -EINVAL;
4290
4291 /* When you run into this, adjust the code below for the new flag */
4292 BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 7);
4293
4294 switch (dev->ieee80211_ptr->iftype) {
4295 case NL80211_IFTYPE_AP:
4296 case NL80211_IFTYPE_AP_VLAN:
4297 case NL80211_IFTYPE_P2P_GO:
4298 /* ignore WME attributes if iface/sta is not capable */
4299 if (!(rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) ||
4300 !(params.sta_flags_set & BIT(NL80211_STA_FLAG_WME)))
4301 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
4302
4303 /* TDLS peers cannot be added */
4304 if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) ||
4305 info->attrs[NL80211_ATTR_PEER_AID])
4306 return -EINVAL;
4307 /* but don't bother the driver with it */
4308 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
4309
4310 /* allow authenticated/associated only if driver handles it */
4311 if (!(rdev->wiphy.features &
4312 NL80211_FEATURE_FULL_AP_CLIENT_STATE) &&
4313 params.sta_flags_mask &
4314 (BIT(NL80211_STA_FLAG_AUTHENTICATED) |
4315 BIT(NL80211_STA_FLAG_ASSOCIATED)))
4316 return -EINVAL;
4317
4318 /* must be last in here for error handling */
4319 params.vlan = get_vlan(info, rdev);
4320 if (IS_ERR(params.vlan))
4321 return PTR_ERR(params.vlan);
4322 break;
4323 case NL80211_IFTYPE_MESH_POINT:
4324 /* ignore uAPSD data */
4325 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
4326
4327 /* associated is disallowed */
4328 if (params.sta_flags_mask & BIT(NL80211_STA_FLAG_ASSOCIATED))
4329 return -EINVAL;
4330 /* TDLS peers cannot be added */
4331 if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) ||
4332 info->attrs[NL80211_ATTR_PEER_AID])
4333 return -EINVAL;
4334 break;
4335 case NL80211_IFTYPE_STATION:
4336 case NL80211_IFTYPE_P2P_CLIENT:
4337 /* ignore uAPSD data */
4338 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
4339
4340 /* these are disallowed */
4341 if (params.sta_flags_mask &
4342 (BIT(NL80211_STA_FLAG_ASSOCIATED) |
4343 BIT(NL80211_STA_FLAG_AUTHENTICATED)))
4344 return -EINVAL;
4345 /* Only TDLS peers can be added */
4346 if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
4347 return -EINVAL;
4348 /* Can only add if TDLS ... */
4349 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS))
4350 return -EOPNOTSUPP;
4351 /* ... with external setup is supported */
4352 if (!(rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP))
4353 return -EOPNOTSUPP;
4354 /*
4355 * Older wpa_supplicant versions always mark the TDLS peer
4356 * as authorized, but it shouldn't yet be.
4357 */
4358 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_AUTHORIZED);
4359 break;
4360 default:
4361 return -EOPNOTSUPP;
4362 }
4363
4364 /* be aware of params.vlan when changing code here */
4365
4366 err = rdev_add_station(rdev, dev, mac_addr, &params);
4367
4368 if (params.vlan)
4369 dev_put(params.vlan);
4370 return err;
4371 }
4372
4373 static int nl80211_del_station(struct sk_buff *skb, struct genl_info *info)
4374 {
4375 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4376 struct net_device *dev = info->user_ptr[1];
4377 u8 *mac_addr = NULL;
4378
4379 if (info->attrs[NL80211_ATTR_MAC])
4380 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4381
4382 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
4383 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
4384 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
4385 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4386 return -EINVAL;
4387
4388 if (!rdev->ops->del_station)
4389 return -EOPNOTSUPP;
4390
4391 return rdev_del_station(rdev, dev, mac_addr);
4392 }
4393
4394 static int nl80211_send_mpath(struct sk_buff *msg, u32 portid, u32 seq,
4395 int flags, struct net_device *dev,
4396 u8 *dst, u8 *next_hop,
4397 struct mpath_info *pinfo)
4398 {
4399 void *hdr;
4400 struct nlattr *pinfoattr;
4401
4402 hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_STATION);
4403 if (!hdr)
4404 return -1;
4405
4406 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
4407 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, dst) ||
4408 nla_put(msg, NL80211_ATTR_MPATH_NEXT_HOP, ETH_ALEN, next_hop) ||
4409 nla_put_u32(msg, NL80211_ATTR_GENERATION, pinfo->generation))
4410 goto nla_put_failure;
4411
4412 pinfoattr = nla_nest_start(msg, NL80211_ATTR_MPATH_INFO);
4413 if (!pinfoattr)
4414 goto nla_put_failure;
4415 if ((pinfo->filled & MPATH_INFO_FRAME_QLEN) &&
4416 nla_put_u32(msg, NL80211_MPATH_INFO_FRAME_QLEN,
4417 pinfo->frame_qlen))
4418 goto nla_put_failure;
4419 if (((pinfo->filled & MPATH_INFO_SN) &&
4420 nla_put_u32(msg, NL80211_MPATH_INFO_SN, pinfo->sn)) ||
4421 ((pinfo->filled & MPATH_INFO_METRIC) &&
4422 nla_put_u32(msg, NL80211_MPATH_INFO_METRIC,
4423 pinfo->metric)) ||
4424 ((pinfo->filled & MPATH_INFO_EXPTIME) &&
4425 nla_put_u32(msg, NL80211_MPATH_INFO_EXPTIME,
4426 pinfo->exptime)) ||
4427 ((pinfo->filled & MPATH_INFO_FLAGS) &&
4428 nla_put_u8(msg, NL80211_MPATH_INFO_FLAGS,
4429 pinfo->flags)) ||
4430 ((pinfo->filled & MPATH_INFO_DISCOVERY_TIMEOUT) &&
4431 nla_put_u32(msg, NL80211_MPATH_INFO_DISCOVERY_TIMEOUT,
4432 pinfo->discovery_timeout)) ||
4433 ((pinfo->filled & MPATH_INFO_DISCOVERY_RETRIES) &&
4434 nla_put_u8(msg, NL80211_MPATH_INFO_DISCOVERY_RETRIES,
4435 pinfo->discovery_retries)))
4436 goto nla_put_failure;
4437
4438 nla_nest_end(msg, pinfoattr);
4439
4440 return genlmsg_end(msg, hdr);
4441
4442 nla_put_failure:
4443 genlmsg_cancel(msg, hdr);
4444 return -EMSGSIZE;
4445 }
4446
4447 static int nl80211_dump_mpath(struct sk_buff *skb,
4448 struct netlink_callback *cb)
4449 {
4450 struct mpath_info pinfo;
4451 struct cfg80211_registered_device *rdev;
4452 struct wireless_dev *wdev;
4453 u8 dst[ETH_ALEN];
4454 u8 next_hop[ETH_ALEN];
4455 int path_idx = cb->args[2];
4456 int err;
4457
4458 err = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev);
4459 if (err)
4460 return err;
4461
4462 if (!rdev->ops->dump_mpath) {
4463 err = -EOPNOTSUPP;
4464 goto out_err;
4465 }
4466
4467 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) {
4468 err = -EOPNOTSUPP;
4469 goto out_err;
4470 }
4471
4472 while (1) {
4473 err = rdev_dump_mpath(rdev, wdev->netdev, path_idx, dst,
4474 next_hop, &pinfo);
4475 if (err == -ENOENT)
4476 break;
4477 if (err)
4478 goto out_err;
4479
4480 if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid,
4481 cb->nlh->nlmsg_seq, NLM_F_MULTI,
4482 wdev->netdev, dst, next_hop,
4483 &pinfo) < 0)
4484 goto out;
4485
4486 path_idx++;
4487 }
4488
4489
4490 out:
4491 cb->args[2] = path_idx;
4492 err = skb->len;
4493 out_err:
4494 nl80211_finish_wdev_dump(rdev);
4495 return err;
4496 }
4497
4498 static int nl80211_get_mpath(struct sk_buff *skb, struct genl_info *info)
4499 {
4500 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4501 int err;
4502 struct net_device *dev = info->user_ptr[1];
4503 struct mpath_info pinfo;
4504 struct sk_buff *msg;
4505 u8 *dst = NULL;
4506 u8 next_hop[ETH_ALEN];
4507
4508 memset(&pinfo, 0, sizeof(pinfo));
4509
4510 if (!info->attrs[NL80211_ATTR_MAC])
4511 return -EINVAL;
4512
4513 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
4514
4515 if (!rdev->ops->get_mpath)
4516 return -EOPNOTSUPP;
4517
4518 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
4519 return -EOPNOTSUPP;
4520
4521 err = rdev_get_mpath(rdev, dev, dst, next_hop, &pinfo);
4522 if (err)
4523 return err;
4524
4525 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4526 if (!msg)
4527 return -ENOMEM;
4528
4529 if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0,
4530 dev, dst, next_hop, &pinfo) < 0) {
4531 nlmsg_free(msg);
4532 return -ENOBUFS;
4533 }
4534
4535 return genlmsg_reply(msg, info);
4536 }
4537
4538 static int nl80211_set_mpath(struct sk_buff *skb, struct genl_info *info)
4539 {
4540 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4541 struct net_device *dev = info->user_ptr[1];
4542 u8 *dst = NULL;
4543 u8 *next_hop = NULL;
4544
4545 if (!info->attrs[NL80211_ATTR_MAC])
4546 return -EINVAL;
4547
4548 if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
4549 return -EINVAL;
4550
4551 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
4552 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
4553
4554 if (!rdev->ops->change_mpath)
4555 return -EOPNOTSUPP;
4556
4557 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
4558 return -EOPNOTSUPP;
4559
4560 return rdev_change_mpath(rdev, dev, dst, next_hop);
4561 }
4562
4563 static int nl80211_new_mpath(struct sk_buff *skb, struct genl_info *info)
4564 {
4565 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4566 struct net_device *dev = info->user_ptr[1];
4567 u8 *dst = NULL;
4568 u8 *next_hop = NULL;
4569
4570 if (!info->attrs[NL80211_ATTR_MAC])
4571 return -EINVAL;
4572
4573 if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
4574 return -EINVAL;
4575
4576 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
4577 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
4578
4579 if (!rdev->ops->add_mpath)
4580 return -EOPNOTSUPP;
4581
4582 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
4583 return -EOPNOTSUPP;
4584
4585 return rdev_add_mpath(rdev, dev, dst, next_hop);
4586 }
4587
4588 static int nl80211_del_mpath(struct sk_buff *skb, struct genl_info *info)
4589 {
4590 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4591 struct net_device *dev = info->user_ptr[1];
4592 u8 *dst = NULL;
4593
4594 if (info->attrs[NL80211_ATTR_MAC])
4595 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
4596
4597 if (!rdev->ops->del_mpath)
4598 return -EOPNOTSUPP;
4599
4600 return rdev_del_mpath(rdev, dev, dst);
4601 }
4602
4603 static int nl80211_set_bss(struct sk_buff *skb, struct genl_info *info)
4604 {
4605 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4606 struct net_device *dev = info->user_ptr[1];
4607 struct wireless_dev *wdev = dev->ieee80211_ptr;
4608 struct bss_parameters params;
4609 int err;
4610
4611 memset(&params, 0, sizeof(params));
4612 /* default to not changing parameters */
4613 params.use_cts_prot = -1;
4614 params.use_short_preamble = -1;
4615 params.use_short_slot_time = -1;
4616 params.ap_isolate = -1;
4617 params.ht_opmode = -1;
4618 params.p2p_ctwindow = -1;
4619 params.p2p_opp_ps = -1;
4620
4621 if (info->attrs[NL80211_ATTR_BSS_CTS_PROT])
4622 params.use_cts_prot =
4623 nla_get_u8(info->attrs[NL80211_ATTR_BSS_CTS_PROT]);
4624 if (info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE])
4625 params.use_short_preamble =
4626 nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]);
4627 if (info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME])
4628 params.use_short_slot_time =
4629 nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]);
4630 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
4631 params.basic_rates =
4632 nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
4633 params.basic_rates_len =
4634 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
4635 }
4636 if (info->attrs[NL80211_ATTR_AP_ISOLATE])
4637 params.ap_isolate = !!nla_get_u8(info->attrs[NL80211_ATTR_AP_ISOLATE]);
4638 if (info->attrs[NL80211_ATTR_BSS_HT_OPMODE])
4639 params.ht_opmode =
4640 nla_get_u16(info->attrs[NL80211_ATTR_BSS_HT_OPMODE]);
4641
4642 if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
4643 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4644 return -EINVAL;
4645 params.p2p_ctwindow =
4646 nla_get_s8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
4647 if (params.p2p_ctwindow < 0)
4648 return -EINVAL;
4649 if (params.p2p_ctwindow != 0 &&
4650 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN))
4651 return -EINVAL;
4652 }
4653
4654 if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
4655 u8 tmp;
4656
4657 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4658 return -EINVAL;
4659 tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
4660 if (tmp > 1)
4661 return -EINVAL;
4662 params.p2p_opp_ps = tmp;
4663 if (params.p2p_opp_ps &&
4664 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS))
4665 return -EINVAL;
4666 }
4667
4668 if (!rdev->ops->change_bss)
4669 return -EOPNOTSUPP;
4670
4671 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
4672 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4673 return -EOPNOTSUPP;
4674
4675 wdev_lock(wdev);
4676 err = rdev_change_bss(rdev, dev, &params);
4677 wdev_unlock(wdev);
4678
4679 return err;
4680 }
4681
4682 static const struct nla_policy reg_rule_policy[NL80211_REG_RULE_ATTR_MAX + 1] = {
4683 [NL80211_ATTR_REG_RULE_FLAGS] = { .type = NLA_U32 },
4684 [NL80211_ATTR_FREQ_RANGE_START] = { .type = NLA_U32 },
4685 [NL80211_ATTR_FREQ_RANGE_END] = { .type = NLA_U32 },
4686 [NL80211_ATTR_FREQ_RANGE_MAX_BW] = { .type = NLA_U32 },
4687 [NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN] = { .type = NLA_U32 },
4688 [NL80211_ATTR_POWER_RULE_MAX_EIRP] = { .type = NLA_U32 },
4689 [NL80211_ATTR_DFS_CAC_TIME] = { .type = NLA_U32 },
4690 };
4691
4692 static int parse_reg_rule(struct nlattr *tb[],
4693 struct ieee80211_reg_rule *reg_rule)
4694 {
4695 struct ieee80211_freq_range *freq_range = &reg_rule->freq_range;
4696 struct ieee80211_power_rule *power_rule = &reg_rule->power_rule;
4697
4698 if (!tb[NL80211_ATTR_REG_RULE_FLAGS])
4699 return -EINVAL;
4700 if (!tb[NL80211_ATTR_FREQ_RANGE_START])
4701 return -EINVAL;
4702 if (!tb[NL80211_ATTR_FREQ_RANGE_END])
4703 return -EINVAL;
4704 if (!tb[NL80211_ATTR_FREQ_RANGE_MAX_BW])
4705 return -EINVAL;
4706 if (!tb[NL80211_ATTR_POWER_RULE_MAX_EIRP])
4707 return -EINVAL;
4708
4709 reg_rule->flags = nla_get_u32(tb[NL80211_ATTR_REG_RULE_FLAGS]);
4710
4711 freq_range->start_freq_khz =
4712 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]);
4713 freq_range->end_freq_khz =
4714 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]);
4715 freq_range->max_bandwidth_khz =
4716 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]);
4717
4718 power_rule->max_eirp =
4719 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]);
4720
4721 if (tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN])
4722 power_rule->max_antenna_gain =
4723 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]);
4724
4725 if (tb[NL80211_ATTR_DFS_CAC_TIME])
4726 reg_rule->dfs_cac_ms =
4727 nla_get_u32(tb[NL80211_ATTR_DFS_CAC_TIME]);
4728
4729 return 0;
4730 }
4731
4732 static int nl80211_req_set_reg(struct sk_buff *skb, struct genl_info *info)
4733 {
4734 char *data = NULL;
4735 enum nl80211_user_reg_hint_type user_reg_hint_type;
4736
4737 /*
4738 * You should only get this when cfg80211 hasn't yet initialized
4739 * completely when built-in to the kernel right between the time
4740 * window between nl80211_init() and regulatory_init(), if that is
4741 * even possible.
4742 */
4743 if (unlikely(!rcu_access_pointer(cfg80211_regdomain)))
4744 return -EINPROGRESS;
4745
4746 if (info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE])
4747 user_reg_hint_type =
4748 nla_get_u32(info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE]);
4749 else
4750 user_reg_hint_type = NL80211_USER_REG_HINT_USER;
4751
4752 switch (user_reg_hint_type) {
4753 case NL80211_USER_REG_HINT_USER:
4754 case NL80211_USER_REG_HINT_CELL_BASE:
4755 if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
4756 return -EINVAL;
4757
4758 data = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
4759 return regulatory_hint_user(data, user_reg_hint_type);
4760 case NL80211_USER_REG_HINT_INDOOR:
4761 return regulatory_hint_indoor_user();
4762 default:
4763 return -EINVAL;
4764 }
4765 }
4766
4767 static int nl80211_get_mesh_config(struct sk_buff *skb,
4768 struct genl_info *info)
4769 {
4770 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4771 struct net_device *dev = info->user_ptr[1];
4772 struct wireless_dev *wdev = dev->ieee80211_ptr;
4773 struct mesh_config cur_params;
4774 int err = 0;
4775 void *hdr;
4776 struct nlattr *pinfoattr;
4777 struct sk_buff *msg;
4778
4779 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
4780 return -EOPNOTSUPP;
4781
4782 if (!rdev->ops->get_mesh_config)
4783 return -EOPNOTSUPP;
4784
4785 wdev_lock(wdev);
4786 /* If not connected, get default parameters */
4787 if (!wdev->mesh_id_len)
4788 memcpy(&cur_params, &default_mesh_config, sizeof(cur_params));
4789 else
4790 err = rdev_get_mesh_config(rdev, dev, &cur_params);
4791 wdev_unlock(wdev);
4792
4793 if (err)
4794 return err;
4795
4796 /* Draw up a netlink message to send back */
4797 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4798 if (!msg)
4799 return -ENOMEM;
4800 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
4801 NL80211_CMD_GET_MESH_CONFIG);
4802 if (!hdr)
4803 goto out;
4804 pinfoattr = nla_nest_start(msg, NL80211_ATTR_MESH_CONFIG);
4805 if (!pinfoattr)
4806 goto nla_put_failure;
4807 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
4808 nla_put_u16(msg, NL80211_MESHCONF_RETRY_TIMEOUT,
4809 cur_params.dot11MeshRetryTimeout) ||
4810 nla_put_u16(msg, NL80211_MESHCONF_CONFIRM_TIMEOUT,
4811 cur_params.dot11MeshConfirmTimeout) ||
4812 nla_put_u16(msg, NL80211_MESHCONF_HOLDING_TIMEOUT,
4813 cur_params.dot11MeshHoldingTimeout) ||
4814 nla_put_u16(msg, NL80211_MESHCONF_MAX_PEER_LINKS,
4815 cur_params.dot11MeshMaxPeerLinks) ||
4816 nla_put_u8(msg, NL80211_MESHCONF_MAX_RETRIES,
4817 cur_params.dot11MeshMaxRetries) ||
4818 nla_put_u8(msg, NL80211_MESHCONF_TTL,
4819 cur_params.dot11MeshTTL) ||
4820 nla_put_u8(msg, NL80211_MESHCONF_ELEMENT_TTL,
4821 cur_params.element_ttl) ||
4822 nla_put_u8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
4823 cur_params.auto_open_plinks) ||
4824 nla_put_u32(msg, NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
4825 cur_params.dot11MeshNbrOffsetMaxNeighbor) ||
4826 nla_put_u8(msg, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
4827 cur_params.dot11MeshHWMPmaxPREQretries) ||
4828 nla_put_u32(msg, NL80211_MESHCONF_PATH_REFRESH_TIME,
4829 cur_params.path_refresh_time) ||
4830 nla_put_u16(msg, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
4831 cur_params.min_discovery_timeout) ||
4832 nla_put_u32(msg, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
4833 cur_params.dot11MeshHWMPactivePathTimeout) ||
4834 nla_put_u16(msg, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
4835 cur_params.dot11MeshHWMPpreqMinInterval) ||
4836 nla_put_u16(msg, NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
4837 cur_params.dot11MeshHWMPperrMinInterval) ||
4838 nla_put_u16(msg, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
4839 cur_params.dot11MeshHWMPnetDiameterTraversalTime) ||
4840 nla_put_u8(msg, NL80211_MESHCONF_HWMP_ROOTMODE,
4841 cur_params.dot11MeshHWMPRootMode) ||
4842 nla_put_u16(msg, NL80211_MESHCONF_HWMP_RANN_INTERVAL,
4843 cur_params.dot11MeshHWMPRannInterval) ||
4844 nla_put_u8(msg, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
4845 cur_params.dot11MeshGateAnnouncementProtocol) ||
4846 nla_put_u8(msg, NL80211_MESHCONF_FORWARDING,
4847 cur_params.dot11MeshForwarding) ||
4848 nla_put_u32(msg, NL80211_MESHCONF_RSSI_THRESHOLD,
4849 cur_params.rssi_threshold) ||
4850 nla_put_u32(msg, NL80211_MESHCONF_HT_OPMODE,
4851 cur_params.ht_opmode) ||
4852 nla_put_u32(msg, NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
4853 cur_params.dot11MeshHWMPactivePathToRootTimeout) ||
4854 nla_put_u16(msg, NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
4855 cur_params.dot11MeshHWMProotInterval) ||
4856 nla_put_u16(msg, NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
4857 cur_params.dot11MeshHWMPconfirmationInterval) ||
4858 nla_put_u32(msg, NL80211_MESHCONF_POWER_MODE,
4859 cur_params.power_mode) ||
4860 nla_put_u16(msg, NL80211_MESHCONF_AWAKE_WINDOW,
4861 cur_params.dot11MeshAwakeWindowDuration) ||
4862 nla_put_u32(msg, NL80211_MESHCONF_PLINK_TIMEOUT,
4863 cur_params.plink_timeout))
4864 goto nla_put_failure;
4865 nla_nest_end(msg, pinfoattr);
4866 genlmsg_end(msg, hdr);
4867 return genlmsg_reply(msg, info);
4868
4869 nla_put_failure:
4870 genlmsg_cancel(msg, hdr);
4871 out:
4872 nlmsg_free(msg);
4873 return -ENOBUFS;
4874 }
4875
4876 static const struct nla_policy nl80211_meshconf_params_policy[NL80211_MESHCONF_ATTR_MAX+1] = {
4877 [NL80211_MESHCONF_RETRY_TIMEOUT] = { .type = NLA_U16 },
4878 [NL80211_MESHCONF_CONFIRM_TIMEOUT] = { .type = NLA_U16 },
4879 [NL80211_MESHCONF_HOLDING_TIMEOUT] = { .type = NLA_U16 },
4880 [NL80211_MESHCONF_MAX_PEER_LINKS] = { .type = NLA_U16 },
4881 [NL80211_MESHCONF_MAX_RETRIES] = { .type = NLA_U8 },
4882 [NL80211_MESHCONF_TTL] = { .type = NLA_U8 },
4883 [NL80211_MESHCONF_ELEMENT_TTL] = { .type = NLA_U8 },
4884 [NL80211_MESHCONF_AUTO_OPEN_PLINKS] = { .type = NLA_U8 },
4885 [NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR] = { .type = NLA_U32 },
4886 [NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES] = { .type = NLA_U8 },
4887 [NL80211_MESHCONF_PATH_REFRESH_TIME] = { .type = NLA_U32 },
4888 [NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT] = { .type = NLA_U16 },
4889 [NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT] = { .type = NLA_U32 },
4890 [NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL] = { .type = NLA_U16 },
4891 [NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL] = { .type = NLA_U16 },
4892 [NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME] = { .type = NLA_U16 },
4893 [NL80211_MESHCONF_HWMP_ROOTMODE] = { .type = NLA_U8 },
4894 [NL80211_MESHCONF_HWMP_RANN_INTERVAL] = { .type = NLA_U16 },
4895 [NL80211_MESHCONF_GATE_ANNOUNCEMENTS] = { .type = NLA_U8 },
4896 [NL80211_MESHCONF_FORWARDING] = { .type = NLA_U8 },
4897 [NL80211_MESHCONF_RSSI_THRESHOLD] = { .type = NLA_U32 },
4898 [NL80211_MESHCONF_HT_OPMODE] = { .type = NLA_U16 },
4899 [NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT] = { .type = NLA_U32 },
4900 [NL80211_MESHCONF_HWMP_ROOT_INTERVAL] = { .type = NLA_U16 },
4901 [NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL] = { .type = NLA_U16 },
4902 [NL80211_MESHCONF_POWER_MODE] = { .type = NLA_U32 },
4903 [NL80211_MESHCONF_AWAKE_WINDOW] = { .type = NLA_U16 },
4904 [NL80211_MESHCONF_PLINK_TIMEOUT] = { .type = NLA_U32 },
4905 };
4906
4907 static const struct nla_policy
4908 nl80211_mesh_setup_params_policy[NL80211_MESH_SETUP_ATTR_MAX+1] = {
4909 [NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC] = { .type = NLA_U8 },
4910 [NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL] = { .type = NLA_U8 },
4911 [NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC] = { .type = NLA_U8 },
4912 [NL80211_MESH_SETUP_USERSPACE_AUTH] = { .type = NLA_FLAG },
4913 [NL80211_MESH_SETUP_AUTH_PROTOCOL] = { .type = NLA_U8 },
4914 [NL80211_MESH_SETUP_USERSPACE_MPM] = { .type = NLA_FLAG },
4915 [NL80211_MESH_SETUP_IE] = { .type = NLA_BINARY,
4916 .len = IEEE80211_MAX_DATA_LEN },
4917 [NL80211_MESH_SETUP_USERSPACE_AMPE] = { .type = NLA_FLAG },
4918 };
4919
4920 static int nl80211_parse_mesh_config(struct genl_info *info,
4921 struct mesh_config *cfg,
4922 u32 *mask_out)
4923 {
4924 struct nlattr *tb[NL80211_MESHCONF_ATTR_MAX + 1];
4925 u32 mask = 0;
4926
4927 #define FILL_IN_MESH_PARAM_IF_SET(tb, cfg, param, min, max, mask, attr, fn) \
4928 do { \
4929 if (tb[attr]) { \
4930 if (fn(tb[attr]) < min || fn(tb[attr]) > max) \
4931 return -EINVAL; \
4932 cfg->param = fn(tb[attr]); \
4933 mask |= (1 << (attr - 1)); \
4934 } \
4935 } while (0)
4936
4937
4938 if (!info->attrs[NL80211_ATTR_MESH_CONFIG])
4939 return -EINVAL;
4940 if (nla_parse_nested(tb, NL80211_MESHCONF_ATTR_MAX,
4941 info->attrs[NL80211_ATTR_MESH_CONFIG],
4942 nl80211_meshconf_params_policy))
4943 return -EINVAL;
4944
4945 /* This makes sure that there aren't more than 32 mesh config
4946 * parameters (otherwise our bitfield scheme would not work.) */
4947 BUILD_BUG_ON(NL80211_MESHCONF_ATTR_MAX > 32);
4948
4949 /* Fill in the params struct */
4950 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshRetryTimeout, 1, 255,
4951 mask, NL80211_MESHCONF_RETRY_TIMEOUT,
4952 nla_get_u16);
4953 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConfirmTimeout, 1, 255,
4954 mask, NL80211_MESHCONF_CONFIRM_TIMEOUT,
4955 nla_get_u16);
4956 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHoldingTimeout, 1, 255,
4957 mask, NL80211_MESHCONF_HOLDING_TIMEOUT,
4958 nla_get_u16);
4959 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxPeerLinks, 0, 255,
4960 mask, NL80211_MESHCONF_MAX_PEER_LINKS,
4961 nla_get_u16);
4962 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxRetries, 0, 16,
4963 mask, NL80211_MESHCONF_MAX_RETRIES,
4964 nla_get_u8);
4965 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshTTL, 1, 255,
4966 mask, NL80211_MESHCONF_TTL, nla_get_u8);
4967 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, element_ttl, 1, 255,
4968 mask, NL80211_MESHCONF_ELEMENT_TTL,
4969 nla_get_u8);
4970 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, auto_open_plinks, 0, 1,
4971 mask, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
4972 nla_get_u8);
4973 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshNbrOffsetMaxNeighbor,
4974 1, 255, mask,
4975 NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
4976 nla_get_u32);
4977 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPmaxPREQretries, 0, 255,
4978 mask, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
4979 nla_get_u8);
4980 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, path_refresh_time, 1, 65535,
4981 mask, NL80211_MESHCONF_PATH_REFRESH_TIME,
4982 nla_get_u32);
4983 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, min_discovery_timeout, 1, 65535,
4984 mask, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
4985 nla_get_u16);
4986 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathTimeout,
4987 1, 65535, mask,
4988 NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
4989 nla_get_u32);
4990 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPpreqMinInterval,
4991 1, 65535, mask,
4992 NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
4993 nla_get_u16);
4994 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPperrMinInterval,
4995 1, 65535, mask,
4996 NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
4997 nla_get_u16);
4998 FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
4999 dot11MeshHWMPnetDiameterTraversalTime,
5000 1, 65535, mask,
5001 NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
5002 nla_get_u16);
5003 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRootMode, 0, 4,
5004 mask, NL80211_MESHCONF_HWMP_ROOTMODE,
5005 nla_get_u8);
5006 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRannInterval, 1, 65535,
5007 mask, NL80211_MESHCONF_HWMP_RANN_INTERVAL,
5008 nla_get_u16);
5009 FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
5010 dot11MeshGateAnnouncementProtocol, 0, 1,
5011 mask, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
5012 nla_get_u8);
5013 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshForwarding, 0, 1,
5014 mask, NL80211_MESHCONF_FORWARDING,
5015 nla_get_u8);
5016 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, rssi_threshold, -255, 0,
5017 mask, NL80211_MESHCONF_RSSI_THRESHOLD,
5018 nla_get_s32);
5019 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, ht_opmode, 0, 16,
5020 mask, NL80211_MESHCONF_HT_OPMODE,
5021 nla_get_u16);
5022 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathToRootTimeout,
5023 1, 65535, mask,
5024 NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
5025 nla_get_u32);
5026 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMProotInterval, 1, 65535,
5027 mask, NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
5028 nla_get_u16);
5029 FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
5030 dot11MeshHWMPconfirmationInterval,
5031 1, 65535, mask,
5032 NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
5033 nla_get_u16);
5034 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, power_mode,
5035 NL80211_MESH_POWER_ACTIVE,
5036 NL80211_MESH_POWER_MAX,
5037 mask, NL80211_MESHCONF_POWER_MODE,
5038 nla_get_u32);
5039 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshAwakeWindowDuration,
5040 0, 65535, mask,
5041 NL80211_MESHCONF_AWAKE_WINDOW, nla_get_u16);
5042 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, plink_timeout, 1, 0xffffffff,
5043 mask, NL80211_MESHCONF_PLINK_TIMEOUT,
5044 nla_get_u32);
5045 if (mask_out)
5046 *mask_out = mask;
5047
5048 return 0;
5049
5050 #undef FILL_IN_MESH_PARAM_IF_SET
5051 }
5052
5053 static int nl80211_parse_mesh_setup(struct genl_info *info,
5054 struct mesh_setup *setup)
5055 {
5056 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5057 struct nlattr *tb[NL80211_MESH_SETUP_ATTR_MAX + 1];
5058
5059 if (!info->attrs[NL80211_ATTR_MESH_SETUP])
5060 return -EINVAL;
5061 if (nla_parse_nested(tb, NL80211_MESH_SETUP_ATTR_MAX,
5062 info->attrs[NL80211_ATTR_MESH_SETUP],
5063 nl80211_mesh_setup_params_policy))
5064 return -EINVAL;
5065
5066 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])
5067 setup->sync_method =
5068 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])) ?
5069 IEEE80211_SYNC_METHOD_VENDOR :
5070 IEEE80211_SYNC_METHOD_NEIGHBOR_OFFSET;
5071
5072 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])
5073 setup->path_sel_proto =
5074 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])) ?
5075 IEEE80211_PATH_PROTOCOL_VENDOR :
5076 IEEE80211_PATH_PROTOCOL_HWMP;
5077
5078 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])
5079 setup->path_metric =
5080 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])) ?
5081 IEEE80211_PATH_METRIC_VENDOR :
5082 IEEE80211_PATH_METRIC_AIRTIME;
5083
5084
5085 if (tb[NL80211_MESH_SETUP_IE]) {
5086 struct nlattr *ieattr =
5087 tb[NL80211_MESH_SETUP_IE];
5088 if (!is_valid_ie_attr(ieattr))
5089 return -EINVAL;
5090 setup->ie = nla_data(ieattr);
5091 setup->ie_len = nla_len(ieattr);
5092 }
5093 if (tb[NL80211_MESH_SETUP_USERSPACE_MPM] &&
5094 !(rdev->wiphy.features & NL80211_FEATURE_USERSPACE_MPM))
5095 return -EINVAL;
5096 setup->user_mpm = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_MPM]);
5097 setup->is_authenticated = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AUTH]);
5098 setup->is_secure = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AMPE]);
5099 if (setup->is_secure)
5100 setup->user_mpm = true;
5101
5102 if (tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]) {
5103 if (!setup->user_mpm)
5104 return -EINVAL;
5105 setup->auth_id =
5106 nla_get_u8(tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]);
5107 }
5108
5109 return 0;
5110 }
5111
5112 static int nl80211_update_mesh_config(struct sk_buff *skb,
5113 struct genl_info *info)
5114 {
5115 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5116 struct net_device *dev = info->user_ptr[1];
5117 struct wireless_dev *wdev = dev->ieee80211_ptr;
5118 struct mesh_config cfg;
5119 u32 mask;
5120 int err;
5121
5122 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
5123 return -EOPNOTSUPP;
5124
5125 if (!rdev->ops->update_mesh_config)
5126 return -EOPNOTSUPP;
5127
5128 err = nl80211_parse_mesh_config(info, &cfg, &mask);
5129 if (err)
5130 return err;
5131
5132 wdev_lock(wdev);
5133 if (!wdev->mesh_id_len)
5134 err = -ENOLINK;
5135
5136 if (!err)
5137 err = rdev_update_mesh_config(rdev, dev, mask, &cfg);
5138
5139 wdev_unlock(wdev);
5140
5141 return err;
5142 }
5143
5144 static int nl80211_get_reg(struct sk_buff *skb, struct genl_info *info)
5145 {
5146 const struct ieee80211_regdomain *regdom;
5147 struct sk_buff *msg;
5148 void *hdr = NULL;
5149 struct nlattr *nl_reg_rules;
5150 unsigned int i;
5151
5152 if (!cfg80211_regdomain)
5153 return -EINVAL;
5154
5155 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5156 if (!msg)
5157 return -ENOBUFS;
5158
5159 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
5160 NL80211_CMD_GET_REG);
5161 if (!hdr)
5162 goto put_failure;
5163
5164 if (reg_last_request_cell_base() &&
5165 nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE,
5166 NL80211_USER_REG_HINT_CELL_BASE))
5167 goto nla_put_failure;
5168
5169 rcu_read_lock();
5170 regdom = rcu_dereference(cfg80211_regdomain);
5171
5172 if (nla_put_string(msg, NL80211_ATTR_REG_ALPHA2, regdom->alpha2) ||
5173 (regdom->dfs_region &&
5174 nla_put_u8(msg, NL80211_ATTR_DFS_REGION, regdom->dfs_region)))
5175 goto nla_put_failure_rcu;
5176
5177 nl_reg_rules = nla_nest_start(msg, NL80211_ATTR_REG_RULES);
5178 if (!nl_reg_rules)
5179 goto nla_put_failure_rcu;
5180
5181 for (i = 0; i < regdom->n_reg_rules; i++) {
5182 struct nlattr *nl_reg_rule;
5183 const struct ieee80211_reg_rule *reg_rule;
5184 const struct ieee80211_freq_range *freq_range;
5185 const struct ieee80211_power_rule *power_rule;
5186 unsigned int max_bandwidth_khz;
5187
5188 reg_rule = &regdom->reg_rules[i];
5189 freq_range = &reg_rule->freq_range;
5190 power_rule = &reg_rule->power_rule;
5191
5192 nl_reg_rule = nla_nest_start(msg, i);
5193 if (!nl_reg_rule)
5194 goto nla_put_failure_rcu;
5195
5196 max_bandwidth_khz = freq_range->max_bandwidth_khz;
5197 if (!max_bandwidth_khz)
5198 max_bandwidth_khz = reg_get_max_bandwidth(regdom,
5199 reg_rule);
5200
5201 if (nla_put_u32(msg, NL80211_ATTR_REG_RULE_FLAGS,
5202 reg_rule->flags) ||
5203 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_START,
5204 freq_range->start_freq_khz) ||
5205 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_END,
5206 freq_range->end_freq_khz) ||
5207 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_MAX_BW,
5208 max_bandwidth_khz) ||
5209 nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN,
5210 power_rule->max_antenna_gain) ||
5211 nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_EIRP,
5212 power_rule->max_eirp) ||
5213 nla_put_u32(msg, NL80211_ATTR_DFS_CAC_TIME,
5214 reg_rule->dfs_cac_ms))
5215 goto nla_put_failure_rcu;
5216
5217 nla_nest_end(msg, nl_reg_rule);
5218 }
5219 rcu_read_unlock();
5220
5221 nla_nest_end(msg, nl_reg_rules);
5222
5223 genlmsg_end(msg, hdr);
5224 return genlmsg_reply(msg, info);
5225
5226 nla_put_failure_rcu:
5227 rcu_read_unlock();
5228 nla_put_failure:
5229 genlmsg_cancel(msg, hdr);
5230 put_failure:
5231 nlmsg_free(msg);
5232 return -EMSGSIZE;
5233 }
5234
5235 static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info)
5236 {
5237 struct nlattr *tb[NL80211_REG_RULE_ATTR_MAX + 1];
5238 struct nlattr *nl_reg_rule;
5239 char *alpha2 = NULL;
5240 int rem_reg_rules = 0, r = 0;
5241 u32 num_rules = 0, rule_idx = 0, size_of_regd;
5242 enum nl80211_dfs_regions dfs_region = NL80211_DFS_UNSET;
5243 struct ieee80211_regdomain *rd = NULL;
5244
5245 if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
5246 return -EINVAL;
5247
5248 if (!info->attrs[NL80211_ATTR_REG_RULES])
5249 return -EINVAL;
5250
5251 alpha2 = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
5252
5253 if (info->attrs[NL80211_ATTR_DFS_REGION])
5254 dfs_region = nla_get_u8(info->attrs[NL80211_ATTR_DFS_REGION]);
5255
5256 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
5257 rem_reg_rules) {
5258 num_rules++;
5259 if (num_rules > NL80211_MAX_SUPP_REG_RULES)
5260 return -EINVAL;
5261 }
5262
5263 if (!reg_is_valid_request(alpha2))
5264 return -EINVAL;
5265
5266 size_of_regd = sizeof(struct ieee80211_regdomain) +
5267 num_rules * sizeof(struct ieee80211_reg_rule);
5268
5269 rd = kzalloc(size_of_regd, GFP_KERNEL);
5270 if (!rd)
5271 return -ENOMEM;
5272
5273 rd->n_reg_rules = num_rules;
5274 rd->alpha2[0] = alpha2[0];
5275 rd->alpha2[1] = alpha2[1];
5276
5277 /*
5278 * Disable DFS master mode if the DFS region was
5279 * not supported or known on this kernel.
5280 */
5281 if (reg_supported_dfs_region(dfs_region))
5282 rd->dfs_region = dfs_region;
5283
5284 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
5285 rem_reg_rules) {
5286 r = nla_parse(tb, NL80211_REG_RULE_ATTR_MAX,
5287 nla_data(nl_reg_rule), nla_len(nl_reg_rule),
5288 reg_rule_policy);
5289 if (r)
5290 goto bad_reg;
5291 r = parse_reg_rule(tb, &rd->reg_rules[rule_idx]);
5292 if (r)
5293 goto bad_reg;
5294
5295 rule_idx++;
5296
5297 if (rule_idx > NL80211_MAX_SUPP_REG_RULES) {
5298 r = -EINVAL;
5299 goto bad_reg;
5300 }
5301 }
5302
5303 r = set_regdom(rd);
5304 /* set_regdom took ownership */
5305 rd = NULL;
5306
5307 bad_reg:
5308 kfree(rd);
5309 return r;
5310 }
5311
5312 static int validate_scan_freqs(struct nlattr *freqs)
5313 {
5314 struct nlattr *attr1, *attr2;
5315 int n_channels = 0, tmp1, tmp2;
5316
5317 nla_for_each_nested(attr1, freqs, tmp1) {
5318 n_channels++;
5319 /*
5320 * Some hardware has a limited channel list for
5321 * scanning, and it is pretty much nonsensical
5322 * to scan for a channel twice, so disallow that
5323 * and don't require drivers to check that the
5324 * channel list they get isn't longer than what
5325 * they can scan, as long as they can scan all
5326 * the channels they registered at once.
5327 */
5328 nla_for_each_nested(attr2, freqs, tmp2)
5329 if (attr1 != attr2 &&
5330 nla_get_u32(attr1) == nla_get_u32(attr2))
5331 return 0;
5332 }
5333
5334 return n_channels;
5335 }
5336
5337 static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info)
5338 {
5339 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5340 struct wireless_dev *wdev = info->user_ptr[1];
5341 struct cfg80211_scan_request *request;
5342 struct nlattr *attr;
5343 struct wiphy *wiphy;
5344 int err, tmp, n_ssids = 0, n_channels, i;
5345 size_t ie_len;
5346
5347 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
5348 return -EINVAL;
5349
5350 wiphy = &rdev->wiphy;
5351
5352 if (!rdev->ops->scan)
5353 return -EOPNOTSUPP;
5354
5355 if (rdev->scan_req || rdev->scan_msg) {
5356 err = -EBUSY;
5357 goto unlock;
5358 }
5359
5360 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
5361 n_channels = validate_scan_freqs(
5362 info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
5363 if (!n_channels) {
5364 err = -EINVAL;
5365 goto unlock;
5366 }
5367 } else {
5368 n_channels = ieee80211_get_num_supported_channels(wiphy);
5369 }
5370
5371 if (info->attrs[NL80211_ATTR_SCAN_SSIDS])
5372 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp)
5373 n_ssids++;
5374
5375 if (n_ssids > wiphy->max_scan_ssids) {
5376 err = -EINVAL;
5377 goto unlock;
5378 }
5379
5380 if (info->attrs[NL80211_ATTR_IE])
5381 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
5382 else
5383 ie_len = 0;
5384
5385 if (ie_len > wiphy->max_scan_ie_len) {
5386 err = -EINVAL;
5387 goto unlock;
5388 }
5389
5390 request = kzalloc(sizeof(*request)
5391 + sizeof(*request->ssids) * n_ssids
5392 + sizeof(*request->channels) * n_channels
5393 + ie_len, GFP_KERNEL);
5394 if (!request) {
5395 err = -ENOMEM;
5396 goto unlock;
5397 }
5398
5399 if (n_ssids)
5400 request->ssids = (void *)&request->channels[n_channels];
5401 request->n_ssids = n_ssids;
5402 if (ie_len) {
5403 if (request->ssids)
5404 request->ie = (void *)(request->ssids + n_ssids);
5405 else
5406 request->ie = (void *)(request->channels + n_channels);
5407 }
5408
5409 i = 0;
5410 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
5411 /* user specified, bail out if channel not found */
5412 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_FREQUENCIES], tmp) {
5413 struct ieee80211_channel *chan;
5414
5415 chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
5416
5417 if (!chan) {
5418 err = -EINVAL;
5419 goto out_free;
5420 }
5421
5422 /* ignore disabled channels */
5423 if (chan->flags & IEEE80211_CHAN_DISABLED)
5424 continue;
5425
5426 request->channels[i] = chan;
5427 i++;
5428 }
5429 } else {
5430 enum ieee80211_band band;
5431
5432 /* all channels */
5433 for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
5434 int j;
5435 if (!wiphy->bands[band])
5436 continue;
5437 for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
5438 struct ieee80211_channel *chan;
5439
5440 chan = &wiphy->bands[band]->channels[j];
5441
5442 if (chan->flags & IEEE80211_CHAN_DISABLED)
5443 continue;
5444
5445 request->channels[i] = chan;
5446 i++;
5447 }
5448 }
5449 }
5450
5451 if (!i) {
5452 err = -EINVAL;
5453 goto out_free;
5454 }
5455
5456 request->n_channels = i;
5457
5458 i = 0;
5459 if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) {
5460 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) {
5461 if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
5462 err = -EINVAL;
5463 goto out_free;
5464 }
5465 request->ssids[i].ssid_len = nla_len(attr);
5466 memcpy(request->ssids[i].ssid, nla_data(attr), nla_len(attr));
5467 i++;
5468 }
5469 }
5470
5471 if (info->attrs[NL80211_ATTR_IE]) {
5472 request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
5473 memcpy((void *)request->ie,
5474 nla_data(info->attrs[NL80211_ATTR_IE]),
5475 request->ie_len);
5476 }
5477
5478 for (i = 0; i < IEEE80211_NUM_BANDS; i++)
5479 if (wiphy->bands[i])
5480 request->rates[i] =
5481 (1 << wiphy->bands[i]->n_bitrates) - 1;
5482
5483 if (info->attrs[NL80211_ATTR_SCAN_SUPP_RATES]) {
5484 nla_for_each_nested(attr,
5485 info->attrs[NL80211_ATTR_SCAN_SUPP_RATES],
5486 tmp) {
5487 enum ieee80211_band band = nla_type(attr);
5488
5489 if (band < 0 || band >= IEEE80211_NUM_BANDS) {
5490 err = -EINVAL;
5491 goto out_free;
5492 }
5493
5494 if (!wiphy->bands[band])
5495 continue;
5496
5497 err = ieee80211_get_ratemask(wiphy->bands[band],
5498 nla_data(attr),
5499 nla_len(attr),
5500 &request->rates[band]);
5501 if (err)
5502 goto out_free;
5503 }
5504 }
5505
5506 if (info->attrs[NL80211_ATTR_SCAN_FLAGS]) {
5507 request->flags = nla_get_u32(
5508 info->attrs[NL80211_ATTR_SCAN_FLAGS]);
5509 if ((request->flags & NL80211_SCAN_FLAG_LOW_PRIORITY) &&
5510 !(wiphy->features & NL80211_FEATURE_LOW_PRIORITY_SCAN)) {
5511 err = -EOPNOTSUPP;
5512 goto out_free;
5513 }
5514 }
5515
5516 request->no_cck =
5517 nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
5518
5519 request->wdev = wdev;
5520 request->wiphy = &rdev->wiphy;
5521 request->scan_start = jiffies;
5522
5523 rdev->scan_req = request;
5524 err = rdev_scan(rdev, request);
5525
5526 if (!err) {
5527 nl80211_send_scan_start(rdev, wdev);
5528 if (wdev->netdev)
5529 dev_hold(wdev->netdev);
5530 } else {
5531 out_free:
5532 rdev->scan_req = NULL;
5533 kfree(request);
5534 }
5535
5536 unlock:
5537 return err;
5538 }
5539
5540 static int nl80211_start_sched_scan(struct sk_buff *skb,
5541 struct genl_info *info)
5542 {
5543 struct cfg80211_sched_scan_request *request;
5544 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5545 struct net_device *dev = info->user_ptr[1];
5546 struct nlattr *attr;
5547 struct wiphy *wiphy;
5548 int err, tmp, n_ssids = 0, n_match_sets = 0, n_channels, i;
5549 u32 interval;
5550 enum ieee80211_band band;
5551 size_t ie_len;
5552 struct nlattr *tb[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1];
5553 s32 default_match_rssi = NL80211_SCAN_RSSI_THOLD_OFF;
5554
5555 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) ||
5556 !rdev->ops->sched_scan_start)
5557 return -EOPNOTSUPP;
5558
5559 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
5560 return -EINVAL;
5561
5562 if (!info->attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
5563 return -EINVAL;
5564
5565 interval = nla_get_u32(info->attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]);
5566 if (interval == 0)
5567 return -EINVAL;
5568
5569 wiphy = &rdev->wiphy;
5570
5571 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
5572 n_channels = validate_scan_freqs(
5573 info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
5574 if (!n_channels)
5575 return -EINVAL;
5576 } else {
5577 n_channels = ieee80211_get_num_supported_channels(wiphy);
5578 }
5579
5580 if (info->attrs[NL80211_ATTR_SCAN_SSIDS])
5581 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS],
5582 tmp)
5583 n_ssids++;
5584
5585 if (n_ssids > wiphy->max_sched_scan_ssids)
5586 return -EINVAL;
5587
5588 /*
5589 * First, count the number of 'real' matchsets. Due to an issue with
5590 * the old implementation, matchsets containing only the RSSI attribute
5591 * (NL80211_SCHED_SCAN_MATCH_ATTR_RSSI) are considered as the 'default'
5592 * RSSI for all matchsets, rather than their own matchset for reporting
5593 * all APs with a strong RSSI. This is needed to be compatible with
5594 * older userspace that treated a matchset with only the RSSI as the
5595 * global RSSI for all other matchsets - if there are other matchsets.
5596 */
5597 if (info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
5598 nla_for_each_nested(attr,
5599 info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
5600 tmp) {
5601 struct nlattr *rssi;
5602
5603 err = nla_parse(tb, NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
5604 nla_data(attr), nla_len(attr),
5605 nl80211_match_policy);
5606 if (err)
5607 return err;
5608 /* add other standalone attributes here */
5609 if (tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID]) {
5610 n_match_sets++;
5611 continue;
5612 }
5613 rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
5614 if (rssi)
5615 default_match_rssi = nla_get_s32(rssi);
5616 }
5617 }
5618
5619 /* However, if there's no other matchset, add the RSSI one */
5620 if (!n_match_sets && default_match_rssi != NL80211_SCAN_RSSI_THOLD_OFF)
5621 n_match_sets = 1;
5622
5623 if (n_match_sets > wiphy->max_match_sets)
5624 return -EINVAL;
5625
5626 if (info->attrs[NL80211_ATTR_IE])
5627 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
5628 else
5629 ie_len = 0;
5630
5631 if (ie_len > wiphy->max_sched_scan_ie_len)
5632 return -EINVAL;
5633
5634 if (rdev->sched_scan_req) {
5635 err = -EINPROGRESS;
5636 goto out;
5637 }
5638
5639 request = kzalloc(sizeof(*request)
5640 + sizeof(*request->ssids) * n_ssids
5641 + sizeof(*request->match_sets) * n_match_sets
5642 + sizeof(*request->channels) * n_channels
5643 + ie_len, GFP_KERNEL);
5644 if (!request) {
5645 err = -ENOMEM;
5646 goto out;
5647 }
5648
5649 if (n_ssids)
5650 request->ssids = (void *)&request->channels[n_channels];
5651 request->n_ssids = n_ssids;
5652 if (ie_len) {
5653 if (request->ssids)
5654 request->ie = (void *)(request->ssids + n_ssids);
5655 else
5656 request->ie = (void *)(request->channels + n_channels);
5657 }
5658
5659 if (n_match_sets) {
5660 if (request->ie)
5661 request->match_sets = (void *)(request->ie + ie_len);
5662 else if (request->ssids)
5663 request->match_sets =
5664 (void *)(request->ssids + n_ssids);
5665 else
5666 request->match_sets =
5667 (void *)(request->channels + n_channels);
5668 }
5669 request->n_match_sets = n_match_sets;
5670
5671 i = 0;
5672 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
5673 /* user specified, bail out if channel not found */
5674 nla_for_each_nested(attr,
5675 info->attrs[NL80211_ATTR_SCAN_FREQUENCIES],
5676 tmp) {
5677 struct ieee80211_channel *chan;
5678
5679 chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
5680
5681 if (!chan) {
5682 err = -EINVAL;
5683 goto out_free;
5684 }
5685
5686 /* ignore disabled channels */
5687 if (chan->flags & IEEE80211_CHAN_DISABLED)
5688 continue;
5689
5690 request->channels[i] = chan;
5691 i++;
5692 }
5693 } else {
5694 /* all channels */
5695 for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
5696 int j;
5697 if (!wiphy->bands[band])
5698 continue;
5699 for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
5700 struct ieee80211_channel *chan;
5701
5702 chan = &wiphy->bands[band]->channels[j];
5703
5704 if (chan->flags & IEEE80211_CHAN_DISABLED)
5705 continue;
5706
5707 request->channels[i] = chan;
5708 i++;
5709 }
5710 }
5711 }
5712
5713 if (!i) {
5714 err = -EINVAL;
5715 goto out_free;
5716 }
5717
5718 request->n_channels = i;
5719
5720 i = 0;
5721 if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) {
5722 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS],
5723 tmp) {
5724 if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
5725 err = -EINVAL;
5726 goto out_free;
5727 }
5728 request->ssids[i].ssid_len = nla_len(attr);
5729 memcpy(request->ssids[i].ssid, nla_data(attr),
5730 nla_len(attr));
5731 i++;
5732 }
5733 }
5734
5735 i = 0;
5736 if (info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
5737 nla_for_each_nested(attr,
5738 info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
5739 tmp) {
5740 struct nlattr *ssid, *rssi;
5741
5742 err = nla_parse(tb, NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
5743 nla_data(attr), nla_len(attr),
5744 nl80211_match_policy);
5745 if (err)
5746 goto out_free;
5747 ssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID];
5748 if (ssid) {
5749 if (WARN_ON(i >= n_match_sets)) {
5750 /* this indicates a programming error,
5751 * the loop above should have verified
5752 * things properly
5753 */
5754 err = -EINVAL;
5755 goto out_free;
5756 }
5757
5758 if (nla_len(ssid) > IEEE80211_MAX_SSID_LEN) {
5759 err = -EINVAL;
5760 goto out_free;
5761 }
5762 memcpy(request->match_sets[i].ssid.ssid,
5763 nla_data(ssid), nla_len(ssid));
5764 request->match_sets[i].ssid.ssid_len =
5765 nla_len(ssid);
5766 /* special attribute - old implemenation w/a */
5767 request->match_sets[i].rssi_thold =
5768 default_match_rssi;
5769 rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
5770 if (rssi)
5771 request->match_sets[i].rssi_thold =
5772 nla_get_s32(rssi);
5773 }
5774 i++;
5775 }
5776
5777 /* there was no other matchset, so the RSSI one is alone */
5778 if (i == 0)
5779 request->match_sets[0].rssi_thold = default_match_rssi;
5780
5781 request->min_rssi_thold = INT_MAX;
5782 for (i = 0; i < n_match_sets; i++)
5783 request->min_rssi_thold =
5784 min(request->match_sets[i].rssi_thold,
5785 request->min_rssi_thold);
5786 } else {
5787 request->min_rssi_thold = NL80211_SCAN_RSSI_THOLD_OFF;
5788 }
5789
5790 if (ie_len) {
5791 request->ie_len = ie_len;
5792 memcpy((void *)request->ie,
5793 nla_data(info->attrs[NL80211_ATTR_IE]),
5794 request->ie_len);
5795 }
5796
5797 if (info->attrs[NL80211_ATTR_SCAN_FLAGS]) {
5798 request->flags = nla_get_u32(
5799 info->attrs[NL80211_ATTR_SCAN_FLAGS]);
5800 if ((request->flags & NL80211_SCAN_FLAG_LOW_PRIORITY) &&
5801 !(wiphy->features & NL80211_FEATURE_LOW_PRIORITY_SCAN)) {
5802 err = -EOPNOTSUPP;
5803 goto out_free;
5804 }
5805 }
5806
5807 request->dev = dev;
5808 request->wiphy = &rdev->wiphy;
5809 request->interval = interval;
5810 request->scan_start = jiffies;
5811
5812 err = rdev_sched_scan_start(rdev, dev, request);
5813 if (!err) {
5814 rdev->sched_scan_req = request;
5815 nl80211_send_sched_scan(rdev, dev,
5816 NL80211_CMD_START_SCHED_SCAN);
5817 goto out;
5818 }
5819
5820 out_free:
5821 kfree(request);
5822 out:
5823 return err;
5824 }
5825
5826 static int nl80211_stop_sched_scan(struct sk_buff *skb,
5827 struct genl_info *info)
5828 {
5829 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5830
5831 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) ||
5832 !rdev->ops->sched_scan_stop)
5833 return -EOPNOTSUPP;
5834
5835 return __cfg80211_stop_sched_scan(rdev, false);
5836 }
5837
5838 static int nl80211_start_radar_detection(struct sk_buff *skb,
5839 struct genl_info *info)
5840 {
5841 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5842 struct net_device *dev = info->user_ptr[1];
5843 struct wireless_dev *wdev = dev->ieee80211_ptr;
5844 struct cfg80211_chan_def chandef;
5845 enum nl80211_dfs_regions dfs_region;
5846 unsigned int cac_time_ms;
5847 int err;
5848
5849 dfs_region = reg_get_dfs_region(wdev->wiphy);
5850 if (dfs_region == NL80211_DFS_UNSET)
5851 return -EINVAL;
5852
5853 err = nl80211_parse_chandef(rdev, info, &chandef);
5854 if (err)
5855 return err;
5856
5857 if (netif_carrier_ok(dev))
5858 return -EBUSY;
5859
5860 if (wdev->cac_started)
5861 return -EBUSY;
5862
5863 err = cfg80211_chandef_dfs_required(wdev->wiphy, &chandef,
5864 wdev->iftype);
5865 if (err < 0)
5866 return err;
5867
5868 if (err == 0)
5869 return -EINVAL;
5870
5871 if (!cfg80211_chandef_dfs_usable(wdev->wiphy, &chandef))
5872 return -EINVAL;
5873
5874 if (!rdev->ops->start_radar_detection)
5875 return -EOPNOTSUPP;
5876
5877 cac_time_ms = cfg80211_chandef_dfs_cac_time(&rdev->wiphy, &chandef);
5878 if (WARN_ON(!cac_time_ms))
5879 cac_time_ms = IEEE80211_DFS_MIN_CAC_TIME_MS;
5880
5881 err = rdev->ops->start_radar_detection(&rdev->wiphy, dev, &chandef,
5882 cac_time_ms);
5883 if (!err) {
5884 wdev->chandef = chandef;
5885 wdev->cac_started = true;
5886 wdev->cac_start_time = jiffies;
5887 wdev->cac_time_ms = cac_time_ms;
5888 }
5889 return err;
5890 }
5891
5892 static int nl80211_channel_switch(struct sk_buff *skb, struct genl_info *info)
5893 {
5894 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5895 struct net_device *dev = info->user_ptr[1];
5896 struct wireless_dev *wdev = dev->ieee80211_ptr;
5897 struct cfg80211_csa_settings params;
5898 /* csa_attrs is defined static to avoid waste of stack size - this
5899 * function is called under RTNL lock, so this should not be a problem.
5900 */
5901 static struct nlattr *csa_attrs[NL80211_ATTR_MAX+1];
5902 u8 radar_detect_width = 0;
5903 int err;
5904 bool need_new_beacon = false;
5905 int len, i;
5906
5907 if (!rdev->ops->channel_switch ||
5908 !(rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH))
5909 return -EOPNOTSUPP;
5910
5911 switch (dev->ieee80211_ptr->iftype) {
5912 case NL80211_IFTYPE_AP:
5913 case NL80211_IFTYPE_P2P_GO:
5914 need_new_beacon = true;
5915
5916 /* useless if AP is not running */
5917 if (!wdev->beacon_interval)
5918 return -ENOTCONN;
5919 break;
5920 case NL80211_IFTYPE_ADHOC:
5921 if (!wdev->ssid_len)
5922 return -ENOTCONN;
5923 break;
5924 case NL80211_IFTYPE_MESH_POINT:
5925 if (!wdev->mesh_id_len)
5926 return -ENOTCONN;
5927 break;
5928 default:
5929 return -EOPNOTSUPP;
5930 }
5931
5932 memset(&params, 0, sizeof(params));
5933
5934 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
5935 !info->attrs[NL80211_ATTR_CH_SWITCH_COUNT])
5936 return -EINVAL;
5937
5938 /* only important for AP, IBSS and mesh create IEs internally */
5939 if (need_new_beacon && !info->attrs[NL80211_ATTR_CSA_IES])
5940 return -EINVAL;
5941
5942 params.count = nla_get_u32(info->attrs[NL80211_ATTR_CH_SWITCH_COUNT]);
5943
5944 if (!need_new_beacon)
5945 goto skip_beacons;
5946
5947 err = nl80211_parse_beacon(info->attrs, &params.beacon_after);
5948 if (err)
5949 return err;
5950
5951 err = nla_parse_nested(csa_attrs, NL80211_ATTR_MAX,
5952 info->attrs[NL80211_ATTR_CSA_IES],
5953 nl80211_policy);
5954 if (err)
5955 return err;
5956
5957 err = nl80211_parse_beacon(csa_attrs, &params.beacon_csa);
5958 if (err)
5959 return err;
5960
5961 if (!csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON])
5962 return -EINVAL;
5963
5964 len = nla_len(csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON]);
5965 if (!len || (len % sizeof(u16)))
5966 return -EINVAL;
5967
5968 params.n_counter_offsets_beacon = len / sizeof(u16);
5969 if (rdev->wiphy.max_num_csa_counters &&
5970 (params.n_counter_offsets_beacon >
5971 rdev->wiphy.max_num_csa_counters))
5972 return -EINVAL;
5973
5974 params.counter_offsets_beacon =
5975 nla_data(csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON]);
5976
5977 /* sanity checks - counters should fit and be the same */
5978 for (i = 0; i < params.n_counter_offsets_beacon; i++) {
5979 u16 offset = params.counter_offsets_beacon[i];
5980
5981 if (offset >= params.beacon_csa.tail_len)
5982 return -EINVAL;
5983
5984 if (params.beacon_csa.tail[offset] != params.count)
5985 return -EINVAL;
5986 }
5987
5988 if (csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]) {
5989 len = nla_len(csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]);
5990 if (!len || (len % sizeof(u16)))
5991 return -EINVAL;
5992
5993 params.n_counter_offsets_presp = len / sizeof(u16);
5994 if (rdev->wiphy.max_num_csa_counters &&
5995 (params.n_counter_offsets_beacon >
5996 rdev->wiphy.max_num_csa_counters))
5997 return -EINVAL;
5998
5999 params.counter_offsets_presp =
6000 nla_data(csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]);
6001
6002 /* sanity checks - counters should fit and be the same */
6003 for (i = 0; i < params.n_counter_offsets_presp; i++) {
6004 u16 offset = params.counter_offsets_presp[i];
6005
6006 if (offset >= params.beacon_csa.probe_resp_len)
6007 return -EINVAL;
6008
6009 if (params.beacon_csa.probe_resp[offset] !=
6010 params.count)
6011 return -EINVAL;
6012 }
6013 }
6014
6015 skip_beacons:
6016 err = nl80211_parse_chandef(rdev, info, &params.chandef);
6017 if (err)
6018 return err;
6019
6020 if (!cfg80211_reg_can_beacon(&rdev->wiphy, &params.chandef,
6021 wdev->iftype))
6022 return -EINVAL;
6023
6024 err = cfg80211_chandef_dfs_required(wdev->wiphy,
6025 &params.chandef,
6026 wdev->iftype);
6027 if (err < 0)
6028 return err;
6029
6030 if (err > 0) {
6031 radar_detect_width = BIT(params.chandef.width);
6032 params.radar_required = true;
6033 }
6034
6035 if (info->attrs[NL80211_ATTR_CH_SWITCH_BLOCK_TX])
6036 params.block_tx = true;
6037
6038 wdev_lock(wdev);
6039 err = rdev_channel_switch(rdev, dev, &params);
6040 wdev_unlock(wdev);
6041
6042 return err;
6043 }
6044
6045 static int nl80211_send_bss(struct sk_buff *msg, struct netlink_callback *cb,
6046 u32 seq, int flags,
6047 struct cfg80211_registered_device *rdev,
6048 struct wireless_dev *wdev,
6049 struct cfg80211_internal_bss *intbss)
6050 {
6051 struct cfg80211_bss *res = &intbss->pub;
6052 const struct cfg80211_bss_ies *ies;
6053 void *hdr;
6054 struct nlattr *bss;
6055
6056 ASSERT_WDEV_LOCK(wdev);
6057
6058 hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags,
6059 NL80211_CMD_NEW_SCAN_RESULTS);
6060 if (!hdr)
6061 return -1;
6062
6063 genl_dump_check_consistent(cb, hdr, &nl80211_fam);
6064
6065 if (nla_put_u32(msg, NL80211_ATTR_GENERATION, rdev->bss_generation))
6066 goto nla_put_failure;
6067 if (wdev->netdev &&
6068 nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex))
6069 goto nla_put_failure;
6070 if (nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
6071 goto nla_put_failure;
6072
6073 bss = nla_nest_start(msg, NL80211_ATTR_BSS);
6074 if (!bss)
6075 goto nla_put_failure;
6076 if ((!is_zero_ether_addr(res->bssid) &&
6077 nla_put(msg, NL80211_BSS_BSSID, ETH_ALEN, res->bssid)))
6078 goto nla_put_failure;
6079
6080 rcu_read_lock();
6081 /* indicate whether we have probe response data or not */
6082 if (rcu_access_pointer(res->proberesp_ies) &&
6083 nla_put_flag(msg, NL80211_BSS_PRESP_DATA))
6084 goto fail_unlock_rcu;
6085
6086 /* this pointer prefers to be pointed to probe response data
6087 * but is always valid
6088 */
6089 ies = rcu_dereference(res->ies);
6090 if (ies) {
6091 if (nla_put_u64(msg, NL80211_BSS_TSF, ies->tsf))
6092 goto fail_unlock_rcu;
6093 if (ies->len && nla_put(msg, NL80211_BSS_INFORMATION_ELEMENTS,
6094 ies->len, ies->data))
6095 goto fail_unlock_rcu;
6096 }
6097
6098 /* and this pointer is always (unless driver didn't know) beacon data */
6099 ies = rcu_dereference(res->beacon_ies);
6100 if (ies && ies->from_beacon) {
6101 if (nla_put_u64(msg, NL80211_BSS_BEACON_TSF, ies->tsf))
6102 goto fail_unlock_rcu;
6103 if (ies->len && nla_put(msg, NL80211_BSS_BEACON_IES,
6104 ies->len, ies->data))
6105 goto fail_unlock_rcu;
6106 }
6107 rcu_read_unlock();
6108
6109 if (res->beacon_interval &&
6110 nla_put_u16(msg, NL80211_BSS_BEACON_INTERVAL, res->beacon_interval))
6111 goto nla_put_failure;
6112 if (nla_put_u16(msg, NL80211_BSS_CAPABILITY, res->capability) ||
6113 nla_put_u32(msg, NL80211_BSS_FREQUENCY, res->channel->center_freq) ||
6114 nla_put_u32(msg, NL80211_BSS_CHAN_WIDTH, res->scan_width) ||
6115 nla_put_u32(msg, NL80211_BSS_SEEN_MS_AGO,
6116 jiffies_to_msecs(jiffies - intbss->ts)))
6117 goto nla_put_failure;
6118
6119 switch (rdev->wiphy.signal_type) {
6120 case CFG80211_SIGNAL_TYPE_MBM:
6121 if (nla_put_u32(msg, NL80211_BSS_SIGNAL_MBM, res->signal))
6122 goto nla_put_failure;
6123 break;
6124 case CFG80211_SIGNAL_TYPE_UNSPEC:
6125 if (nla_put_u8(msg, NL80211_BSS_SIGNAL_UNSPEC, res->signal))
6126 goto nla_put_failure;
6127 break;
6128 default:
6129 break;
6130 }
6131
6132 switch (wdev->iftype) {
6133 case NL80211_IFTYPE_P2P_CLIENT:
6134 case NL80211_IFTYPE_STATION:
6135 if (intbss == wdev->current_bss &&
6136 nla_put_u32(msg, NL80211_BSS_STATUS,
6137 NL80211_BSS_STATUS_ASSOCIATED))
6138 goto nla_put_failure;
6139 break;
6140 case NL80211_IFTYPE_ADHOC:
6141 if (intbss == wdev->current_bss &&
6142 nla_put_u32(msg, NL80211_BSS_STATUS,
6143 NL80211_BSS_STATUS_IBSS_JOINED))
6144 goto nla_put_failure;
6145 break;
6146 default:
6147 break;
6148 }
6149
6150 nla_nest_end(msg, bss);
6151
6152 return genlmsg_end(msg, hdr);
6153
6154 fail_unlock_rcu:
6155 rcu_read_unlock();
6156 nla_put_failure:
6157 genlmsg_cancel(msg, hdr);
6158 return -EMSGSIZE;
6159 }
6160
6161 static int nl80211_dump_scan(struct sk_buff *skb, struct netlink_callback *cb)
6162 {
6163 struct cfg80211_registered_device *rdev;
6164 struct cfg80211_internal_bss *scan;
6165 struct wireless_dev *wdev;
6166 int start = cb->args[2], idx = 0;
6167 int err;
6168
6169 err = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev);
6170 if (err)
6171 return err;
6172
6173 wdev_lock(wdev);
6174 spin_lock_bh(&rdev->bss_lock);
6175 cfg80211_bss_expire(rdev);
6176
6177 cb->seq = rdev->bss_generation;
6178
6179 list_for_each_entry(scan, &rdev->bss_list, list) {
6180 if (++idx <= start)
6181 continue;
6182 if (nl80211_send_bss(skb, cb,
6183 cb->nlh->nlmsg_seq, NLM_F_MULTI,
6184 rdev, wdev, scan) < 0) {
6185 idx--;
6186 break;
6187 }
6188 }
6189
6190 spin_unlock_bh(&rdev->bss_lock);
6191 wdev_unlock(wdev);
6192
6193 cb->args[2] = idx;
6194 nl80211_finish_wdev_dump(rdev);
6195
6196 return skb->len;
6197 }
6198
6199 static int nl80211_send_survey(struct sk_buff *msg, u32 portid, u32 seq,
6200 int flags, struct net_device *dev,
6201 struct survey_info *survey)
6202 {
6203 void *hdr;
6204 struct nlattr *infoattr;
6205
6206 hdr = nl80211hdr_put(msg, portid, seq, flags,
6207 NL80211_CMD_NEW_SURVEY_RESULTS);
6208 if (!hdr)
6209 return -ENOMEM;
6210
6211 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
6212 goto nla_put_failure;
6213
6214 infoattr = nla_nest_start(msg, NL80211_ATTR_SURVEY_INFO);
6215 if (!infoattr)
6216 goto nla_put_failure;
6217
6218 if (nla_put_u32(msg, NL80211_SURVEY_INFO_FREQUENCY,
6219 survey->channel->center_freq))
6220 goto nla_put_failure;
6221
6222 if ((survey->filled & SURVEY_INFO_NOISE_DBM) &&
6223 nla_put_u8(msg, NL80211_SURVEY_INFO_NOISE, survey->noise))
6224 goto nla_put_failure;
6225 if ((survey->filled & SURVEY_INFO_IN_USE) &&
6226 nla_put_flag(msg, NL80211_SURVEY_INFO_IN_USE))
6227 goto nla_put_failure;
6228 if ((survey->filled & SURVEY_INFO_CHANNEL_TIME) &&
6229 nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME,
6230 survey->channel_time))
6231 goto nla_put_failure;
6232 if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_BUSY) &&
6233 nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_BUSY,
6234 survey->channel_time_busy))
6235 goto nla_put_failure;
6236 if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_EXT_BUSY) &&
6237 nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_EXT_BUSY,
6238 survey->channel_time_ext_busy))
6239 goto nla_put_failure;
6240 if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_RX) &&
6241 nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_RX,
6242 survey->channel_time_rx))
6243 goto nla_put_failure;
6244 if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_TX) &&
6245 nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_TX,
6246 survey->channel_time_tx))
6247 goto nla_put_failure;
6248
6249 nla_nest_end(msg, infoattr);
6250
6251 return genlmsg_end(msg, hdr);
6252
6253 nla_put_failure:
6254 genlmsg_cancel(msg, hdr);
6255 return -EMSGSIZE;
6256 }
6257
6258 static int nl80211_dump_survey(struct sk_buff *skb,
6259 struct netlink_callback *cb)
6260 {
6261 struct survey_info survey;
6262 struct cfg80211_registered_device *rdev;
6263 struct wireless_dev *wdev;
6264 int survey_idx = cb->args[2];
6265 int res;
6266
6267 res = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev);
6268 if (res)
6269 return res;
6270
6271 if (!wdev->netdev) {
6272 res = -EINVAL;
6273 goto out_err;
6274 }
6275
6276 if (!rdev->ops->dump_survey) {
6277 res = -EOPNOTSUPP;
6278 goto out_err;
6279 }
6280
6281 while (1) {
6282 struct ieee80211_channel *chan;
6283
6284 res = rdev_dump_survey(rdev, wdev->netdev, survey_idx, &survey);
6285 if (res == -ENOENT)
6286 break;
6287 if (res)
6288 goto out_err;
6289
6290 /* Survey without a channel doesn't make sense */
6291 if (!survey.channel) {
6292 res = -EINVAL;
6293 goto out;
6294 }
6295
6296 chan = ieee80211_get_channel(&rdev->wiphy,
6297 survey.channel->center_freq);
6298 if (!chan || chan->flags & IEEE80211_CHAN_DISABLED) {
6299 survey_idx++;
6300 continue;
6301 }
6302
6303 if (nl80211_send_survey(skb,
6304 NETLINK_CB(cb->skb).portid,
6305 cb->nlh->nlmsg_seq, NLM_F_MULTI,
6306 wdev->netdev, &survey) < 0)
6307 goto out;
6308 survey_idx++;
6309 }
6310
6311 out:
6312 cb->args[2] = survey_idx;
6313 res = skb->len;
6314 out_err:
6315 nl80211_finish_wdev_dump(rdev);
6316 return res;
6317 }
6318
6319 static bool nl80211_valid_wpa_versions(u32 wpa_versions)
6320 {
6321 return !(wpa_versions & ~(NL80211_WPA_VERSION_1 |
6322 NL80211_WPA_VERSION_2));
6323 }
6324
6325 static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info)
6326 {
6327 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6328 struct net_device *dev = info->user_ptr[1];
6329 struct ieee80211_channel *chan;
6330 const u8 *bssid, *ssid, *ie = NULL, *sae_data = NULL;
6331 int err, ssid_len, ie_len = 0, sae_data_len = 0;
6332 enum nl80211_auth_type auth_type;
6333 struct key_parse key;
6334 bool local_state_change;
6335
6336 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
6337 return -EINVAL;
6338
6339 if (!info->attrs[NL80211_ATTR_MAC])
6340 return -EINVAL;
6341
6342 if (!info->attrs[NL80211_ATTR_AUTH_TYPE])
6343 return -EINVAL;
6344
6345 if (!info->attrs[NL80211_ATTR_SSID])
6346 return -EINVAL;
6347
6348 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
6349 return -EINVAL;
6350
6351 err = nl80211_parse_key(info, &key);
6352 if (err)
6353 return err;
6354
6355 if (key.idx >= 0) {
6356 if (key.type != -1 && key.type != NL80211_KEYTYPE_GROUP)
6357 return -EINVAL;
6358 if (!key.p.key || !key.p.key_len)
6359 return -EINVAL;
6360 if ((key.p.cipher != WLAN_CIPHER_SUITE_WEP40 ||
6361 key.p.key_len != WLAN_KEY_LEN_WEP40) &&
6362 (key.p.cipher != WLAN_CIPHER_SUITE_WEP104 ||
6363 key.p.key_len != WLAN_KEY_LEN_WEP104))
6364 return -EINVAL;
6365 if (key.idx > 4)
6366 return -EINVAL;
6367 } else {
6368 key.p.key_len = 0;
6369 key.p.key = NULL;
6370 }
6371
6372 if (key.idx >= 0) {
6373 int i;
6374 bool ok = false;
6375 for (i = 0; i < rdev->wiphy.n_cipher_suites; i++) {
6376 if (key.p.cipher == rdev->wiphy.cipher_suites[i]) {
6377 ok = true;
6378 break;
6379 }
6380 }
6381 if (!ok)
6382 return -EINVAL;
6383 }
6384
6385 if (!rdev->ops->auth)
6386 return -EOPNOTSUPP;
6387
6388 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
6389 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
6390 return -EOPNOTSUPP;
6391
6392 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
6393 chan = nl80211_get_valid_chan(&rdev->wiphy,
6394 info->attrs[NL80211_ATTR_WIPHY_FREQ]);
6395 if (!chan)
6396 return -EINVAL;
6397
6398 ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
6399 ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
6400
6401 if (info->attrs[NL80211_ATTR_IE]) {
6402 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
6403 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
6404 }
6405
6406 auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
6407 if (!nl80211_valid_auth_type(rdev, auth_type, NL80211_CMD_AUTHENTICATE))
6408 return -EINVAL;
6409
6410 if (auth_type == NL80211_AUTHTYPE_SAE &&
6411 !info->attrs[NL80211_ATTR_SAE_DATA])
6412 return -EINVAL;
6413
6414 if (info->attrs[NL80211_ATTR_SAE_DATA]) {
6415 if (auth_type != NL80211_AUTHTYPE_SAE)
6416 return -EINVAL;
6417 sae_data = nla_data(info->attrs[NL80211_ATTR_SAE_DATA]);
6418 sae_data_len = nla_len(info->attrs[NL80211_ATTR_SAE_DATA]);
6419 /* need to include at least Auth Transaction and Status Code */
6420 if (sae_data_len < 4)
6421 return -EINVAL;
6422 }
6423
6424 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
6425
6426 /*
6427 * Since we no longer track auth state, ignore
6428 * requests to only change local state.
6429 */
6430 if (local_state_change)
6431 return 0;
6432
6433 wdev_lock(dev->ieee80211_ptr);
6434 err = cfg80211_mlme_auth(rdev, dev, chan, auth_type, bssid,
6435 ssid, ssid_len, ie, ie_len,
6436 key.p.key, key.p.key_len, key.idx,
6437 sae_data, sae_data_len);
6438 wdev_unlock(dev->ieee80211_ptr);
6439 return err;
6440 }
6441
6442 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
6443 struct genl_info *info,
6444 struct cfg80211_crypto_settings *settings,
6445 int cipher_limit)
6446 {
6447 memset(settings, 0, sizeof(*settings));
6448
6449 settings->control_port = info->attrs[NL80211_ATTR_CONTROL_PORT];
6450
6451 if (info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) {
6452 u16 proto;
6453 proto = nla_get_u16(
6454 info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]);
6455 settings->control_port_ethertype = cpu_to_be16(proto);
6456 if (!(rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
6457 proto != ETH_P_PAE)
6458 return -EINVAL;
6459 if (info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT])
6460 settings->control_port_no_encrypt = true;
6461 } else
6462 settings->control_port_ethertype = cpu_to_be16(ETH_P_PAE);
6463
6464 if (info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]) {
6465 void *data;
6466 int len, i;
6467
6468 data = nla_data(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
6469 len = nla_len(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
6470 settings->n_ciphers_pairwise = len / sizeof(u32);
6471
6472 if (len % sizeof(u32))
6473 return -EINVAL;
6474
6475 if (settings->n_ciphers_pairwise > cipher_limit)
6476 return -EINVAL;
6477
6478 memcpy(settings->ciphers_pairwise, data, len);
6479
6480 for (i = 0; i < settings->n_ciphers_pairwise; i++)
6481 if (!cfg80211_supported_cipher_suite(
6482 &rdev->wiphy,
6483 settings->ciphers_pairwise[i]))
6484 return -EINVAL;
6485 }
6486
6487 if (info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]) {
6488 settings->cipher_group =
6489 nla_get_u32(info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]);
6490 if (!cfg80211_supported_cipher_suite(&rdev->wiphy,
6491 settings->cipher_group))
6492 return -EINVAL;
6493 }
6494
6495 if (info->attrs[NL80211_ATTR_WPA_VERSIONS]) {
6496 settings->wpa_versions =
6497 nla_get_u32(info->attrs[NL80211_ATTR_WPA_VERSIONS]);
6498 if (!nl80211_valid_wpa_versions(settings->wpa_versions))
6499 return -EINVAL;
6500 }
6501
6502 if (info->attrs[NL80211_ATTR_AKM_SUITES]) {
6503 void *data;
6504 int len;
6505
6506 data = nla_data(info->attrs[NL80211_ATTR_AKM_SUITES]);
6507 len = nla_len(info->attrs[NL80211_ATTR_AKM_SUITES]);
6508 settings->n_akm_suites = len / sizeof(u32);
6509
6510 if (len % sizeof(u32))
6511 return -EINVAL;
6512
6513 if (settings->n_akm_suites > NL80211_MAX_NR_AKM_SUITES)
6514 return -EINVAL;
6515
6516 memcpy(settings->akm_suites, data, len);
6517 }
6518
6519 return 0;
6520 }
6521
6522 static int nl80211_associate(struct sk_buff *skb, struct genl_info *info)
6523 {
6524 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6525 struct net_device *dev = info->user_ptr[1];
6526 struct ieee80211_channel *chan;
6527 struct cfg80211_assoc_request req = {};
6528 const u8 *bssid, *ssid;
6529 int err, ssid_len = 0;
6530
6531 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
6532 return -EINVAL;
6533
6534 if (!info->attrs[NL80211_ATTR_MAC] ||
6535 !info->attrs[NL80211_ATTR_SSID] ||
6536 !info->attrs[NL80211_ATTR_WIPHY_FREQ])
6537 return -EINVAL;
6538
6539 if (!rdev->ops->assoc)
6540 return -EOPNOTSUPP;
6541
6542 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
6543 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
6544 return -EOPNOTSUPP;
6545
6546 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
6547
6548 chan = nl80211_get_valid_chan(&rdev->wiphy,
6549 info->attrs[NL80211_ATTR_WIPHY_FREQ]);
6550 if (!chan)
6551 return -EINVAL;
6552
6553 ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
6554 ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
6555
6556 if (info->attrs[NL80211_ATTR_IE]) {
6557 req.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
6558 req.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
6559 }
6560
6561 if (info->attrs[NL80211_ATTR_USE_MFP]) {
6562 enum nl80211_mfp mfp =
6563 nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
6564 if (mfp == NL80211_MFP_REQUIRED)
6565 req.use_mfp = true;
6566 else if (mfp != NL80211_MFP_NO)
6567 return -EINVAL;
6568 }
6569
6570 if (info->attrs[NL80211_ATTR_PREV_BSSID])
6571 req.prev_bssid = nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]);
6572
6573 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
6574 req.flags |= ASSOC_REQ_DISABLE_HT;
6575
6576 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
6577 memcpy(&req.ht_capa_mask,
6578 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
6579 sizeof(req.ht_capa_mask));
6580
6581 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
6582 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
6583 return -EINVAL;
6584 memcpy(&req.ht_capa,
6585 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
6586 sizeof(req.ht_capa));
6587 }
6588
6589 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT]))
6590 req.flags |= ASSOC_REQ_DISABLE_VHT;
6591
6592 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
6593 memcpy(&req.vht_capa_mask,
6594 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]),
6595 sizeof(req.vht_capa_mask));
6596
6597 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {
6598 if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
6599 return -EINVAL;
6600 memcpy(&req.vht_capa,
6601 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]),
6602 sizeof(req.vht_capa));
6603 }
6604
6605 if (nla_get_flag(info->attrs[NL80211_ATTR_USE_RRM])) {
6606 if (!(rdev->wiphy.features &
6607 NL80211_FEATURE_DS_PARAM_SET_IE_IN_PROBES) ||
6608 !(rdev->wiphy.features & NL80211_FEATURE_QUIET))
6609 return -EINVAL;
6610 req.flags |= ASSOC_REQ_USE_RRM;
6611 }
6612
6613 err = nl80211_crypto_settings(rdev, info, &req.crypto, 1);
6614 if (!err) {
6615 wdev_lock(dev->ieee80211_ptr);
6616 err = cfg80211_mlme_assoc(rdev, dev, chan, bssid,
6617 ssid, ssid_len, &req);
6618 wdev_unlock(dev->ieee80211_ptr);
6619 }
6620
6621 return err;
6622 }
6623
6624 static int nl80211_deauthenticate(struct sk_buff *skb, struct genl_info *info)
6625 {
6626 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6627 struct net_device *dev = info->user_ptr[1];
6628 const u8 *ie = NULL, *bssid;
6629 int ie_len = 0, err;
6630 u16 reason_code;
6631 bool local_state_change;
6632
6633 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
6634 return -EINVAL;
6635
6636 if (!info->attrs[NL80211_ATTR_MAC])
6637 return -EINVAL;
6638
6639 if (!info->attrs[NL80211_ATTR_REASON_CODE])
6640 return -EINVAL;
6641
6642 if (!rdev->ops->deauth)
6643 return -EOPNOTSUPP;
6644
6645 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
6646 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
6647 return -EOPNOTSUPP;
6648
6649 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
6650
6651 reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
6652 if (reason_code == 0) {
6653 /* Reason Code 0 is reserved */
6654 return -EINVAL;
6655 }
6656
6657 if (info->attrs[NL80211_ATTR_IE]) {
6658 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
6659 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
6660 }
6661
6662 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
6663
6664 wdev_lock(dev->ieee80211_ptr);
6665 err = cfg80211_mlme_deauth(rdev, dev, bssid, ie, ie_len, reason_code,
6666 local_state_change);
6667 wdev_unlock(dev->ieee80211_ptr);
6668 return err;
6669 }
6670
6671 static int nl80211_disassociate(struct sk_buff *skb, struct genl_info *info)
6672 {
6673 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6674 struct net_device *dev = info->user_ptr[1];
6675 const u8 *ie = NULL, *bssid;
6676 int ie_len = 0, err;
6677 u16 reason_code;
6678 bool local_state_change;
6679
6680 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
6681 return -EINVAL;
6682
6683 if (!info->attrs[NL80211_ATTR_MAC])
6684 return -EINVAL;
6685
6686 if (!info->attrs[NL80211_ATTR_REASON_CODE])
6687 return -EINVAL;
6688
6689 if (!rdev->ops->disassoc)
6690 return -EOPNOTSUPP;
6691
6692 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
6693 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
6694 return -EOPNOTSUPP;
6695
6696 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
6697
6698 reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
6699 if (reason_code == 0) {
6700 /* Reason Code 0 is reserved */
6701 return -EINVAL;
6702 }
6703
6704 if (info->attrs[NL80211_ATTR_IE]) {
6705 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
6706 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
6707 }
6708
6709 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
6710
6711 wdev_lock(dev->ieee80211_ptr);
6712 err = cfg80211_mlme_disassoc(rdev, dev, bssid, ie, ie_len, reason_code,
6713 local_state_change);
6714 wdev_unlock(dev->ieee80211_ptr);
6715 return err;
6716 }
6717
6718 static bool
6719 nl80211_parse_mcast_rate(struct cfg80211_registered_device *rdev,
6720 int mcast_rate[IEEE80211_NUM_BANDS],
6721 int rateval)
6722 {
6723 struct wiphy *wiphy = &rdev->wiphy;
6724 bool found = false;
6725 int band, i;
6726
6727 for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
6728 struct ieee80211_supported_band *sband;
6729
6730 sband = wiphy->bands[band];
6731 if (!sband)
6732 continue;
6733
6734 for (i = 0; i < sband->n_bitrates; i++) {
6735 if (sband->bitrates[i].bitrate == rateval) {
6736 mcast_rate[band] = i + 1;
6737 found = true;
6738 break;
6739 }
6740 }
6741 }
6742
6743 return found;
6744 }
6745
6746 static int nl80211_join_ibss(struct sk_buff *skb, struct genl_info *info)
6747 {
6748 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6749 struct net_device *dev = info->user_ptr[1];
6750 struct cfg80211_ibss_params ibss;
6751 struct wiphy *wiphy;
6752 struct cfg80211_cached_keys *connkeys = NULL;
6753 int err;
6754
6755 memset(&ibss, 0, sizeof(ibss));
6756
6757 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
6758 return -EINVAL;
6759
6760 if (!info->attrs[NL80211_ATTR_SSID] ||
6761 !nla_len(info->attrs[NL80211_ATTR_SSID]))
6762 return -EINVAL;
6763
6764 ibss.beacon_interval = 100;
6765
6766 if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) {
6767 ibss.beacon_interval =
6768 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
6769 if (ibss.beacon_interval < 1 || ibss.beacon_interval > 10000)
6770 return -EINVAL;
6771 }
6772
6773 if (!rdev->ops->join_ibss)
6774 return -EOPNOTSUPP;
6775
6776 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
6777 return -EOPNOTSUPP;
6778
6779 wiphy = &rdev->wiphy;
6780
6781 if (info->attrs[NL80211_ATTR_MAC]) {
6782 ibss.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
6783
6784 if (!is_valid_ether_addr(ibss.bssid))
6785 return -EINVAL;
6786 }
6787 ibss.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
6788 ibss.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
6789
6790 if (info->attrs[NL80211_ATTR_IE]) {
6791 ibss.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
6792 ibss.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
6793 }
6794
6795 err = nl80211_parse_chandef(rdev, info, &ibss.chandef);
6796 if (err)
6797 return err;
6798
6799 if (!cfg80211_reg_can_beacon(&rdev->wiphy, &ibss.chandef,
6800 NL80211_IFTYPE_ADHOC))
6801 return -EINVAL;
6802
6803 switch (ibss.chandef.width) {
6804 case NL80211_CHAN_WIDTH_5:
6805 case NL80211_CHAN_WIDTH_10:
6806 case NL80211_CHAN_WIDTH_20_NOHT:
6807 break;
6808 case NL80211_CHAN_WIDTH_20:
6809 case NL80211_CHAN_WIDTH_40:
6810 if (rdev->wiphy.features & NL80211_FEATURE_HT_IBSS)
6811 break;
6812 default:
6813 return -EINVAL;
6814 }
6815
6816 ibss.channel_fixed = !!info->attrs[NL80211_ATTR_FREQ_FIXED];
6817 ibss.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
6818
6819 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
6820 u8 *rates =
6821 nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
6822 int n_rates =
6823 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
6824 struct ieee80211_supported_band *sband =
6825 wiphy->bands[ibss.chandef.chan->band];
6826
6827 err = ieee80211_get_ratemask(sband, rates, n_rates,
6828 &ibss.basic_rates);
6829 if (err)
6830 return err;
6831 }
6832
6833 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
6834 memcpy(&ibss.ht_capa_mask,
6835 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
6836 sizeof(ibss.ht_capa_mask));
6837
6838 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
6839 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
6840 return -EINVAL;
6841 memcpy(&ibss.ht_capa,
6842 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
6843 sizeof(ibss.ht_capa));
6844 }
6845
6846 if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
6847 !nl80211_parse_mcast_rate(rdev, ibss.mcast_rate,
6848 nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
6849 return -EINVAL;
6850
6851 if (ibss.privacy && info->attrs[NL80211_ATTR_KEYS]) {
6852 bool no_ht = false;
6853
6854 connkeys = nl80211_parse_connkeys(rdev,
6855 info->attrs[NL80211_ATTR_KEYS],
6856 &no_ht);
6857 if (IS_ERR(connkeys))
6858 return PTR_ERR(connkeys);
6859
6860 if ((ibss.chandef.width != NL80211_CHAN_WIDTH_20_NOHT) &&
6861 no_ht) {
6862 kfree(connkeys);
6863 return -EINVAL;
6864 }
6865 }
6866
6867 ibss.control_port =
6868 nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT]);
6869
6870 ibss.userspace_handles_dfs =
6871 nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS]);
6872
6873 err = cfg80211_join_ibss(rdev, dev, &ibss, connkeys);
6874 if (err)
6875 kzfree(connkeys);
6876 return err;
6877 }
6878
6879 static int nl80211_leave_ibss(struct sk_buff *skb, struct genl_info *info)
6880 {
6881 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6882 struct net_device *dev = info->user_ptr[1];
6883
6884 if (!rdev->ops->leave_ibss)
6885 return -EOPNOTSUPP;
6886
6887 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
6888 return -EOPNOTSUPP;
6889
6890 return cfg80211_leave_ibss(rdev, dev, false);
6891 }
6892
6893 static int nl80211_set_mcast_rate(struct sk_buff *skb, struct genl_info *info)
6894 {
6895 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6896 struct net_device *dev = info->user_ptr[1];
6897 int mcast_rate[IEEE80211_NUM_BANDS];
6898 u32 nla_rate;
6899 int err;
6900
6901 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC &&
6902 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
6903 return -EOPNOTSUPP;
6904
6905 if (!rdev->ops->set_mcast_rate)
6906 return -EOPNOTSUPP;
6907
6908 memset(mcast_rate, 0, sizeof(mcast_rate));
6909
6910 if (!info->attrs[NL80211_ATTR_MCAST_RATE])
6911 return -EINVAL;
6912
6913 nla_rate = nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE]);
6914 if (!nl80211_parse_mcast_rate(rdev, mcast_rate, nla_rate))
6915 return -EINVAL;
6916
6917 err = rdev->ops->set_mcast_rate(&rdev->wiphy, dev, mcast_rate);
6918
6919 return err;
6920 }
6921
6922 static struct sk_buff *
6923 __cfg80211_alloc_vendor_skb(struct cfg80211_registered_device *rdev,
6924 int approxlen, u32 portid, u32 seq,
6925 enum nl80211_commands cmd,
6926 enum nl80211_attrs attr,
6927 const struct nl80211_vendor_cmd_info *info,
6928 gfp_t gfp)
6929 {
6930 struct sk_buff *skb;
6931 void *hdr;
6932 struct nlattr *data;
6933
6934 skb = nlmsg_new(approxlen + 100, gfp);
6935 if (!skb)
6936 return NULL;
6937
6938 hdr = nl80211hdr_put(skb, portid, seq, 0, cmd);
6939 if (!hdr) {
6940 kfree_skb(skb);
6941 return NULL;
6942 }
6943
6944 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
6945 goto nla_put_failure;
6946
6947 if (info) {
6948 if (nla_put_u32(skb, NL80211_ATTR_VENDOR_ID,
6949 info->vendor_id))
6950 goto nla_put_failure;
6951 if (nla_put_u32(skb, NL80211_ATTR_VENDOR_SUBCMD,
6952 info->subcmd))
6953 goto nla_put_failure;
6954 }
6955
6956 data = nla_nest_start(skb, attr);
6957
6958 ((void **)skb->cb)[0] = rdev;
6959 ((void **)skb->cb)[1] = hdr;
6960 ((void **)skb->cb)[2] = data;
6961
6962 return skb;
6963
6964 nla_put_failure:
6965 kfree_skb(skb);
6966 return NULL;
6967 }
6968
6969 struct sk_buff *__cfg80211_alloc_event_skb(struct wiphy *wiphy,
6970 enum nl80211_commands cmd,
6971 enum nl80211_attrs attr,
6972 int vendor_event_idx,
6973 int approxlen, gfp_t gfp)
6974 {
6975 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
6976 const struct nl80211_vendor_cmd_info *info;
6977
6978 switch (cmd) {
6979 case NL80211_CMD_TESTMODE:
6980 if (WARN_ON(vendor_event_idx != -1))
6981 return NULL;
6982 info = NULL;
6983 break;
6984 case NL80211_CMD_VENDOR:
6985 if (WARN_ON(vendor_event_idx < 0 ||
6986 vendor_event_idx >= wiphy->n_vendor_events))
6987 return NULL;
6988 info = &wiphy->vendor_events[vendor_event_idx];
6989 break;
6990 default:
6991 WARN_ON(1);
6992 return NULL;
6993 }
6994
6995 return __cfg80211_alloc_vendor_skb(rdev, approxlen, 0, 0,
6996 cmd, attr, info, gfp);
6997 }
6998 EXPORT_SYMBOL(__cfg80211_alloc_event_skb);
6999
7000 void __cfg80211_send_event_skb(struct sk_buff *skb, gfp_t gfp)
7001 {
7002 struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
7003 void *hdr = ((void **)skb->cb)[1];
7004 struct nlattr *data = ((void **)skb->cb)[2];
7005 enum nl80211_multicast_groups mcgrp = NL80211_MCGRP_TESTMODE;
7006
7007 nla_nest_end(skb, data);
7008 genlmsg_end(skb, hdr);
7009
7010 if (data->nla_type == NL80211_ATTR_VENDOR_DATA)
7011 mcgrp = NL80211_MCGRP_VENDOR;
7012
7013 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), skb, 0,
7014 mcgrp, gfp);
7015 }
7016 EXPORT_SYMBOL(__cfg80211_send_event_skb);
7017
7018 #ifdef CONFIG_NL80211_TESTMODE
7019 static int nl80211_testmode_do(struct sk_buff *skb, struct genl_info *info)
7020 {
7021 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7022 struct wireless_dev *wdev =
7023 __cfg80211_wdev_from_attrs(genl_info_net(info), info->attrs);
7024 int err;
7025
7026 if (!rdev->ops->testmode_cmd)
7027 return -EOPNOTSUPP;
7028
7029 if (IS_ERR(wdev)) {
7030 err = PTR_ERR(wdev);
7031 if (err != -EINVAL)
7032 return err;
7033 wdev = NULL;
7034 } else if (wdev->wiphy != &rdev->wiphy) {
7035 return -EINVAL;
7036 }
7037
7038 if (!info->attrs[NL80211_ATTR_TESTDATA])
7039 return -EINVAL;
7040
7041 rdev->cur_cmd_info = info;
7042 err = rdev_testmode_cmd(rdev, wdev,
7043 nla_data(info->attrs[NL80211_ATTR_TESTDATA]),
7044 nla_len(info->attrs[NL80211_ATTR_TESTDATA]));
7045 rdev->cur_cmd_info = NULL;
7046
7047 return err;
7048 }
7049
7050 static int nl80211_testmode_dump(struct sk_buff *skb,
7051 struct netlink_callback *cb)
7052 {
7053 struct cfg80211_registered_device *rdev;
7054 int err;
7055 long phy_idx;
7056 void *data = NULL;
7057 int data_len = 0;
7058
7059 rtnl_lock();
7060
7061 if (cb->args[0]) {
7062 /*
7063 * 0 is a valid index, but not valid for args[0],
7064 * so we need to offset by 1.
7065 */
7066 phy_idx = cb->args[0] - 1;
7067 } else {
7068 err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
7069 nl80211_fam.attrbuf, nl80211_fam.maxattr,
7070 nl80211_policy);
7071 if (err)
7072 goto out_err;
7073
7074 rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk),
7075 nl80211_fam.attrbuf);
7076 if (IS_ERR(rdev)) {
7077 err = PTR_ERR(rdev);
7078 goto out_err;
7079 }
7080 phy_idx = rdev->wiphy_idx;
7081 rdev = NULL;
7082
7083 if (nl80211_fam.attrbuf[NL80211_ATTR_TESTDATA])
7084 cb->args[1] =
7085 (long)nl80211_fam.attrbuf[NL80211_ATTR_TESTDATA];
7086 }
7087
7088 if (cb->args[1]) {
7089 data = nla_data((void *)cb->args[1]);
7090 data_len = nla_len((void *)cb->args[1]);
7091 }
7092
7093 rdev = cfg80211_rdev_by_wiphy_idx(phy_idx);
7094 if (!rdev) {
7095 err = -ENOENT;
7096 goto out_err;
7097 }
7098
7099 if (!rdev->ops->testmode_dump) {
7100 err = -EOPNOTSUPP;
7101 goto out_err;
7102 }
7103
7104 while (1) {
7105 void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid,
7106 cb->nlh->nlmsg_seq, NLM_F_MULTI,
7107 NL80211_CMD_TESTMODE);
7108 struct nlattr *tmdata;
7109
7110 if (!hdr)
7111 break;
7112
7113 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, phy_idx)) {
7114 genlmsg_cancel(skb, hdr);
7115 break;
7116 }
7117
7118 tmdata = nla_nest_start(skb, NL80211_ATTR_TESTDATA);
7119 if (!tmdata) {
7120 genlmsg_cancel(skb, hdr);
7121 break;
7122 }
7123 err = rdev_testmode_dump(rdev, skb, cb, data, data_len);
7124 nla_nest_end(skb, tmdata);
7125
7126 if (err == -ENOBUFS || err == -ENOENT) {
7127 genlmsg_cancel(skb, hdr);
7128 break;
7129 } else if (err) {
7130 genlmsg_cancel(skb, hdr);
7131 goto out_err;
7132 }
7133
7134 genlmsg_end(skb, hdr);
7135 }
7136
7137 err = skb->len;
7138 /* see above */
7139 cb->args[0] = phy_idx + 1;
7140 out_err:
7141 rtnl_unlock();
7142 return err;
7143 }
7144 #endif
7145
7146 static int nl80211_connect(struct sk_buff *skb, struct genl_info *info)
7147 {
7148 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7149 struct net_device *dev = info->user_ptr[1];
7150 struct cfg80211_connect_params connect;
7151 struct wiphy *wiphy;
7152 struct cfg80211_cached_keys *connkeys = NULL;
7153 int err;
7154
7155 memset(&connect, 0, sizeof(connect));
7156
7157 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
7158 return -EINVAL;
7159
7160 if (!info->attrs[NL80211_ATTR_SSID] ||
7161 !nla_len(info->attrs[NL80211_ATTR_SSID]))
7162 return -EINVAL;
7163
7164 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
7165 connect.auth_type =
7166 nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
7167 if (!nl80211_valid_auth_type(rdev, connect.auth_type,
7168 NL80211_CMD_CONNECT))
7169 return -EINVAL;
7170 } else
7171 connect.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
7172
7173 connect.privacy = info->attrs[NL80211_ATTR_PRIVACY];
7174
7175 err = nl80211_crypto_settings(rdev, info, &connect.crypto,
7176 NL80211_MAX_NR_CIPHER_SUITES);
7177 if (err)
7178 return err;
7179
7180 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
7181 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
7182 return -EOPNOTSUPP;
7183
7184 wiphy = &rdev->wiphy;
7185
7186 connect.bg_scan_period = -1;
7187 if (info->attrs[NL80211_ATTR_BG_SCAN_PERIOD] &&
7188 (wiphy->flags & WIPHY_FLAG_SUPPORTS_FW_ROAM)) {
7189 connect.bg_scan_period =
7190 nla_get_u16(info->attrs[NL80211_ATTR_BG_SCAN_PERIOD]);
7191 }
7192
7193 if (info->attrs[NL80211_ATTR_MAC])
7194 connect.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
7195 else if (info->attrs[NL80211_ATTR_MAC_HINT])
7196 connect.bssid_hint =
7197 nla_data(info->attrs[NL80211_ATTR_MAC_HINT]);
7198 connect.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
7199 connect.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
7200
7201 if (info->attrs[NL80211_ATTR_IE]) {
7202 connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
7203 connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
7204 }
7205
7206 if (info->attrs[NL80211_ATTR_USE_MFP]) {
7207 connect.mfp = nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
7208 if (connect.mfp != NL80211_MFP_REQUIRED &&
7209 connect.mfp != NL80211_MFP_NO)
7210 return -EINVAL;
7211 } else {
7212 connect.mfp = NL80211_MFP_NO;
7213 }
7214
7215 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
7216 connect.channel = nl80211_get_valid_chan(
7217 wiphy, info->attrs[NL80211_ATTR_WIPHY_FREQ]);
7218 if (!connect.channel)
7219 return -EINVAL;
7220 } else if (info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]) {
7221 connect.channel_hint = nl80211_get_valid_chan(
7222 wiphy, info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]);
7223 if (!connect.channel_hint)
7224 return -EINVAL;
7225 }
7226
7227 if (connect.privacy && info->attrs[NL80211_ATTR_KEYS]) {
7228 connkeys = nl80211_parse_connkeys(rdev,
7229 info->attrs[NL80211_ATTR_KEYS], NULL);
7230 if (IS_ERR(connkeys))
7231 return PTR_ERR(connkeys);
7232 }
7233
7234 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
7235 connect.flags |= ASSOC_REQ_DISABLE_HT;
7236
7237 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
7238 memcpy(&connect.ht_capa_mask,
7239 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
7240 sizeof(connect.ht_capa_mask));
7241
7242 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
7243 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) {
7244 kzfree(connkeys);
7245 return -EINVAL;
7246 }
7247 memcpy(&connect.ht_capa,
7248 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
7249 sizeof(connect.ht_capa));
7250 }
7251
7252 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT]))
7253 connect.flags |= ASSOC_REQ_DISABLE_VHT;
7254
7255 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
7256 memcpy(&connect.vht_capa_mask,
7257 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]),
7258 sizeof(connect.vht_capa_mask));
7259
7260 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {
7261 if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]) {
7262 kzfree(connkeys);
7263 return -EINVAL;
7264 }
7265 memcpy(&connect.vht_capa,
7266 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]),
7267 sizeof(connect.vht_capa));
7268 }
7269
7270 if (nla_get_flag(info->attrs[NL80211_ATTR_USE_RRM])) {
7271 if (!(rdev->wiphy.features &
7272 NL80211_FEATURE_DS_PARAM_SET_IE_IN_PROBES) ||
7273 !(rdev->wiphy.features & NL80211_FEATURE_QUIET))
7274 return -EINVAL;
7275 connect.flags |= ASSOC_REQ_USE_RRM;
7276 }
7277
7278 wdev_lock(dev->ieee80211_ptr);
7279 err = cfg80211_connect(rdev, dev, &connect, connkeys, NULL);
7280 wdev_unlock(dev->ieee80211_ptr);
7281 if (err)
7282 kzfree(connkeys);
7283 return err;
7284 }
7285
7286 static int nl80211_disconnect(struct sk_buff *skb, struct genl_info *info)
7287 {
7288 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7289 struct net_device *dev = info->user_ptr[1];
7290 u16 reason;
7291 int ret;
7292
7293 if (!info->attrs[NL80211_ATTR_REASON_CODE])
7294 reason = WLAN_REASON_DEAUTH_LEAVING;
7295 else
7296 reason = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
7297
7298 if (reason == 0)
7299 return -EINVAL;
7300
7301 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
7302 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
7303 return -EOPNOTSUPP;
7304
7305 wdev_lock(dev->ieee80211_ptr);
7306 ret = cfg80211_disconnect(rdev, dev, reason, true);
7307 wdev_unlock(dev->ieee80211_ptr);
7308 return ret;
7309 }
7310
7311 static int nl80211_wiphy_netns(struct sk_buff *skb, struct genl_info *info)
7312 {
7313 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7314 struct net *net;
7315 int err;
7316 u32 pid;
7317
7318 if (!info->attrs[NL80211_ATTR_PID])
7319 return -EINVAL;
7320
7321 pid = nla_get_u32(info->attrs[NL80211_ATTR_PID]);
7322
7323 net = get_net_ns_by_pid(pid);
7324 if (IS_ERR(net))
7325 return PTR_ERR(net);
7326
7327 err = 0;
7328
7329 /* check if anything to do */
7330 if (!net_eq(wiphy_net(&rdev->wiphy), net))
7331 err = cfg80211_switch_netns(rdev, net);
7332
7333 put_net(net);
7334 return err;
7335 }
7336
7337 static int nl80211_setdel_pmksa(struct sk_buff *skb, struct genl_info *info)
7338 {
7339 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7340 int (*rdev_ops)(struct wiphy *wiphy, struct net_device *dev,
7341 struct cfg80211_pmksa *pmksa) = NULL;
7342 struct net_device *dev = info->user_ptr[1];
7343 struct cfg80211_pmksa pmksa;
7344
7345 memset(&pmksa, 0, sizeof(struct cfg80211_pmksa));
7346
7347 if (!info->attrs[NL80211_ATTR_MAC])
7348 return -EINVAL;
7349
7350 if (!info->attrs[NL80211_ATTR_PMKID])
7351 return -EINVAL;
7352
7353 pmksa.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]);
7354 pmksa.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
7355
7356 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
7357 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
7358 return -EOPNOTSUPP;
7359
7360 switch (info->genlhdr->cmd) {
7361 case NL80211_CMD_SET_PMKSA:
7362 rdev_ops = rdev->ops->set_pmksa;
7363 break;
7364 case NL80211_CMD_DEL_PMKSA:
7365 rdev_ops = rdev->ops->del_pmksa;
7366 break;
7367 default:
7368 WARN_ON(1);
7369 break;
7370 }
7371
7372 if (!rdev_ops)
7373 return -EOPNOTSUPP;
7374
7375 return rdev_ops(&rdev->wiphy, dev, &pmksa);
7376 }
7377
7378 static int nl80211_flush_pmksa(struct sk_buff *skb, struct genl_info *info)
7379 {
7380 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7381 struct net_device *dev = info->user_ptr[1];
7382
7383 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
7384 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
7385 return -EOPNOTSUPP;
7386
7387 if (!rdev->ops->flush_pmksa)
7388 return -EOPNOTSUPP;
7389
7390 return rdev_flush_pmksa(rdev, dev);
7391 }
7392
7393 static int nl80211_tdls_mgmt(struct sk_buff *skb, struct genl_info *info)
7394 {
7395 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7396 struct net_device *dev = info->user_ptr[1];
7397 u8 action_code, dialog_token;
7398 u32 peer_capability = 0;
7399 u16 status_code;
7400 u8 *peer;
7401 bool initiator;
7402
7403 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
7404 !rdev->ops->tdls_mgmt)
7405 return -EOPNOTSUPP;
7406
7407 if (!info->attrs[NL80211_ATTR_TDLS_ACTION] ||
7408 !info->attrs[NL80211_ATTR_STATUS_CODE] ||
7409 !info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN] ||
7410 !info->attrs[NL80211_ATTR_IE] ||
7411 !info->attrs[NL80211_ATTR_MAC])
7412 return -EINVAL;
7413
7414 peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
7415 action_code = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_ACTION]);
7416 status_code = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
7417 dialog_token = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN]);
7418 initiator = nla_get_flag(info->attrs[NL80211_ATTR_TDLS_INITIATOR]);
7419 if (info->attrs[NL80211_ATTR_TDLS_PEER_CAPABILITY])
7420 peer_capability =
7421 nla_get_u32(info->attrs[NL80211_ATTR_TDLS_PEER_CAPABILITY]);
7422
7423 return rdev_tdls_mgmt(rdev, dev, peer, action_code,
7424 dialog_token, status_code, peer_capability,
7425 initiator,
7426 nla_data(info->attrs[NL80211_ATTR_IE]),
7427 nla_len(info->attrs[NL80211_ATTR_IE]));
7428 }
7429
7430 static int nl80211_tdls_oper(struct sk_buff *skb, struct genl_info *info)
7431 {
7432 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7433 struct net_device *dev = info->user_ptr[1];
7434 enum nl80211_tdls_operation operation;
7435 u8 *peer;
7436
7437 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
7438 !rdev->ops->tdls_oper)
7439 return -EOPNOTSUPP;
7440
7441 if (!info->attrs[NL80211_ATTR_TDLS_OPERATION] ||
7442 !info->attrs[NL80211_ATTR_MAC])
7443 return -EINVAL;
7444
7445 operation = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_OPERATION]);
7446 peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
7447
7448 return rdev_tdls_oper(rdev, dev, peer, operation);
7449 }
7450
7451 static int nl80211_remain_on_channel(struct sk_buff *skb,
7452 struct genl_info *info)
7453 {
7454 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7455 struct wireless_dev *wdev = info->user_ptr[1];
7456 struct cfg80211_chan_def chandef;
7457 struct sk_buff *msg;
7458 void *hdr;
7459 u64 cookie;
7460 u32 duration;
7461 int err;
7462
7463 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
7464 !info->attrs[NL80211_ATTR_DURATION])
7465 return -EINVAL;
7466
7467 duration = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
7468
7469 if (!rdev->ops->remain_on_channel ||
7470 !(rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL))
7471 return -EOPNOTSUPP;
7472
7473 /*
7474 * We should be on that channel for at least a minimum amount of
7475 * time (10ms) but no longer than the driver supports.
7476 */
7477 if (duration < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
7478 duration > rdev->wiphy.max_remain_on_channel_duration)
7479 return -EINVAL;
7480
7481 err = nl80211_parse_chandef(rdev, info, &chandef);
7482 if (err)
7483 return err;
7484
7485 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
7486 if (!msg)
7487 return -ENOMEM;
7488
7489 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
7490 NL80211_CMD_REMAIN_ON_CHANNEL);
7491 if (!hdr) {
7492 err = -ENOBUFS;
7493 goto free_msg;
7494 }
7495
7496 err = rdev_remain_on_channel(rdev, wdev, chandef.chan,
7497 duration, &cookie);
7498
7499 if (err)
7500 goto free_msg;
7501
7502 if (nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie))
7503 goto nla_put_failure;
7504
7505 genlmsg_end(msg, hdr);
7506
7507 return genlmsg_reply(msg, info);
7508
7509 nla_put_failure:
7510 err = -ENOBUFS;
7511 free_msg:
7512 nlmsg_free(msg);
7513 return err;
7514 }
7515
7516 static int nl80211_cancel_remain_on_channel(struct sk_buff *skb,
7517 struct genl_info *info)
7518 {
7519 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7520 struct wireless_dev *wdev = info->user_ptr[1];
7521 u64 cookie;
7522
7523 if (!info->attrs[NL80211_ATTR_COOKIE])
7524 return -EINVAL;
7525
7526 if (!rdev->ops->cancel_remain_on_channel)
7527 return -EOPNOTSUPP;
7528
7529 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
7530
7531 return rdev_cancel_remain_on_channel(rdev, wdev, cookie);
7532 }
7533
7534 static u32 rateset_to_mask(struct ieee80211_supported_band *sband,
7535 u8 *rates, u8 rates_len)
7536 {
7537 u8 i;
7538 u32 mask = 0;
7539
7540 for (i = 0; i < rates_len; i++) {
7541 int rate = (rates[i] & 0x7f) * 5;
7542 int ridx;
7543 for (ridx = 0; ridx < sband->n_bitrates; ridx++) {
7544 struct ieee80211_rate *srate =
7545 &sband->bitrates[ridx];
7546 if (rate == srate->bitrate) {
7547 mask |= 1 << ridx;
7548 break;
7549 }
7550 }
7551 if (ridx == sband->n_bitrates)
7552 return 0; /* rate not found */
7553 }
7554
7555 return mask;
7556 }
7557
7558 static bool ht_rateset_to_mask(struct ieee80211_supported_band *sband,
7559 u8 *rates, u8 rates_len,
7560 u8 mcs[IEEE80211_HT_MCS_MASK_LEN])
7561 {
7562 u8 i;
7563
7564 memset(mcs, 0, IEEE80211_HT_MCS_MASK_LEN);
7565
7566 for (i = 0; i < rates_len; i++) {
7567 int ridx, rbit;
7568
7569 ridx = rates[i] / 8;
7570 rbit = BIT(rates[i] % 8);
7571
7572 /* check validity */
7573 if ((ridx < 0) || (ridx >= IEEE80211_HT_MCS_MASK_LEN))
7574 return false;
7575
7576 /* check availability */
7577 if (sband->ht_cap.mcs.rx_mask[ridx] & rbit)
7578 mcs[ridx] |= rbit;
7579 else
7580 return false;
7581 }
7582
7583 return true;
7584 }
7585
7586 static u16 vht_mcs_map_to_mcs_mask(u8 vht_mcs_map)
7587 {
7588 u16 mcs_mask = 0;
7589
7590 switch (vht_mcs_map) {
7591 case IEEE80211_VHT_MCS_NOT_SUPPORTED:
7592 break;
7593 case IEEE80211_VHT_MCS_SUPPORT_0_7:
7594 mcs_mask = 0x00FF;
7595 break;
7596 case IEEE80211_VHT_MCS_SUPPORT_0_8:
7597 mcs_mask = 0x01FF;
7598 break;
7599 case IEEE80211_VHT_MCS_SUPPORT_0_9:
7600 mcs_mask = 0x03FF;
7601 break;
7602 default:
7603 break;
7604 }
7605
7606 return mcs_mask;
7607 }
7608
7609 static void vht_build_mcs_mask(u16 vht_mcs_map,
7610 u16 vht_mcs_mask[NL80211_VHT_NSS_MAX])
7611 {
7612 u8 nss;
7613
7614 for (nss = 0; nss < NL80211_VHT_NSS_MAX; nss++) {
7615 vht_mcs_mask[nss] = vht_mcs_map_to_mcs_mask(vht_mcs_map & 0x03);
7616 vht_mcs_map >>= 2;
7617 }
7618 }
7619
7620 static bool vht_set_mcs_mask(struct ieee80211_supported_band *sband,
7621 struct nl80211_txrate_vht *txrate,
7622 u16 mcs[NL80211_VHT_NSS_MAX])
7623 {
7624 u16 tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
7625 u16 tx_mcs_mask[NL80211_VHT_NSS_MAX] = {};
7626 u8 i;
7627
7628 if (!sband->vht_cap.vht_supported)
7629 return false;
7630
7631 memset(mcs, 0, sizeof(u16) * NL80211_VHT_NSS_MAX);
7632
7633 /* Build vht_mcs_mask from VHT capabilities */
7634 vht_build_mcs_mask(tx_mcs_map, tx_mcs_mask);
7635
7636 for (i = 0; i < NL80211_VHT_NSS_MAX; i++) {
7637 if ((tx_mcs_mask[i] & txrate->mcs[i]) == txrate->mcs[i])
7638 mcs[i] = txrate->mcs[i];
7639 else
7640 return false;
7641 }
7642
7643 return true;
7644 }
7645
7646 static const struct nla_policy nl80211_txattr_policy[NL80211_TXRATE_MAX + 1] = {
7647 [NL80211_TXRATE_LEGACY] = { .type = NLA_BINARY,
7648 .len = NL80211_MAX_SUPP_RATES },
7649 [NL80211_TXRATE_HT] = { .type = NLA_BINARY,
7650 .len = NL80211_MAX_SUPP_HT_RATES },
7651 [NL80211_TXRATE_VHT] = { .len = sizeof(struct nl80211_txrate_vht)},
7652 [NL80211_TXRATE_GI] = { .type = NLA_U8 },
7653 };
7654
7655 static int nl80211_set_tx_bitrate_mask(struct sk_buff *skb,
7656 struct genl_info *info)
7657 {
7658 struct nlattr *tb[NL80211_TXRATE_MAX + 1];
7659 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7660 struct cfg80211_bitrate_mask mask;
7661 int rem, i;
7662 struct net_device *dev = info->user_ptr[1];
7663 struct nlattr *tx_rates;
7664 struct ieee80211_supported_band *sband;
7665 u16 vht_tx_mcs_map;
7666
7667 if (!rdev->ops->set_bitrate_mask)
7668 return -EOPNOTSUPP;
7669
7670 memset(&mask, 0, sizeof(mask));
7671 /* Default to all rates enabled */
7672 for (i = 0; i < IEEE80211_NUM_BANDS; i++) {
7673 sband = rdev->wiphy.bands[i];
7674
7675 if (!sband)
7676 continue;
7677
7678 mask.control[i].legacy = (1 << sband->n_bitrates) - 1;
7679 memcpy(mask.control[i].ht_mcs,
7680 sband->ht_cap.mcs.rx_mask,
7681 sizeof(mask.control[i].ht_mcs));
7682
7683 if (!sband->vht_cap.vht_supported)
7684 continue;
7685
7686 vht_tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
7687 vht_build_mcs_mask(vht_tx_mcs_map, mask.control[i].vht_mcs);
7688 }
7689
7690 /* if no rates are given set it back to the defaults */
7691 if (!info->attrs[NL80211_ATTR_TX_RATES])
7692 goto out;
7693
7694 /*
7695 * The nested attribute uses enum nl80211_band as the index. This maps
7696 * directly to the enum ieee80211_band values used in cfg80211.
7697 */
7698 BUILD_BUG_ON(NL80211_MAX_SUPP_HT_RATES > IEEE80211_HT_MCS_MASK_LEN * 8);
7699 nla_for_each_nested(tx_rates, info->attrs[NL80211_ATTR_TX_RATES], rem) {
7700 enum ieee80211_band band = nla_type(tx_rates);
7701 int err;
7702
7703 if (band < 0 || band >= IEEE80211_NUM_BANDS)
7704 return -EINVAL;
7705 sband = rdev->wiphy.bands[band];
7706 if (sband == NULL)
7707 return -EINVAL;
7708 err = nla_parse(tb, NL80211_TXRATE_MAX, nla_data(tx_rates),
7709 nla_len(tx_rates), nl80211_txattr_policy);
7710 if (err)
7711 return err;
7712 if (tb[NL80211_TXRATE_LEGACY]) {
7713 mask.control[band].legacy = rateset_to_mask(
7714 sband,
7715 nla_data(tb[NL80211_TXRATE_LEGACY]),
7716 nla_len(tb[NL80211_TXRATE_LEGACY]));
7717 if ((mask.control[band].legacy == 0) &&
7718 nla_len(tb[NL80211_TXRATE_LEGACY]))
7719 return -EINVAL;
7720 }
7721 if (tb[NL80211_TXRATE_HT]) {
7722 if (!ht_rateset_to_mask(
7723 sband,
7724 nla_data(tb[NL80211_TXRATE_HT]),
7725 nla_len(tb[NL80211_TXRATE_HT]),
7726 mask.control[band].ht_mcs))
7727 return -EINVAL;
7728 }
7729 if (tb[NL80211_TXRATE_VHT]) {
7730 if (!vht_set_mcs_mask(
7731 sband,
7732 nla_data(tb[NL80211_TXRATE_VHT]),
7733 mask.control[band].vht_mcs))
7734 return -EINVAL;
7735 }
7736 if (tb[NL80211_TXRATE_GI]) {
7737 mask.control[band].gi =
7738 nla_get_u8(tb[NL80211_TXRATE_GI]);
7739 if (mask.control[band].gi > NL80211_TXRATE_FORCE_LGI)
7740 return -EINVAL;
7741 }
7742
7743 if (mask.control[band].legacy == 0) {
7744 /* don't allow empty legacy rates if HT or VHT
7745 * are not even supported.
7746 */
7747 if (!(rdev->wiphy.bands[band]->ht_cap.ht_supported ||
7748 rdev->wiphy.bands[band]->vht_cap.vht_supported))
7749 return -EINVAL;
7750
7751 for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++)
7752 if (mask.control[band].ht_mcs[i])
7753 goto out;
7754
7755 for (i = 0; i < NL80211_VHT_NSS_MAX; i++)
7756 if (mask.control[band].vht_mcs[i])
7757 goto out;
7758
7759 /* legacy and mcs rates may not be both empty */
7760 return -EINVAL;
7761 }
7762 }
7763
7764 out:
7765 return rdev_set_bitrate_mask(rdev, dev, NULL, &mask);
7766 }
7767
7768 static int nl80211_register_mgmt(struct sk_buff *skb, struct genl_info *info)
7769 {
7770 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7771 struct wireless_dev *wdev = info->user_ptr[1];
7772 u16 frame_type = IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_ACTION;
7773
7774 if (!info->attrs[NL80211_ATTR_FRAME_MATCH])
7775 return -EINVAL;
7776
7777 if (info->attrs[NL80211_ATTR_FRAME_TYPE])
7778 frame_type = nla_get_u16(info->attrs[NL80211_ATTR_FRAME_TYPE]);
7779
7780 switch (wdev->iftype) {
7781 case NL80211_IFTYPE_STATION:
7782 case NL80211_IFTYPE_ADHOC:
7783 case NL80211_IFTYPE_P2P_CLIENT:
7784 case NL80211_IFTYPE_AP:
7785 case NL80211_IFTYPE_AP_VLAN:
7786 case NL80211_IFTYPE_MESH_POINT:
7787 case NL80211_IFTYPE_P2P_GO:
7788 case NL80211_IFTYPE_P2P_DEVICE:
7789 break;
7790 default:
7791 return -EOPNOTSUPP;
7792 }
7793
7794 /* not much point in registering if we can't reply */
7795 if (!rdev->ops->mgmt_tx)
7796 return -EOPNOTSUPP;
7797
7798 return cfg80211_mlme_register_mgmt(wdev, info->snd_portid, frame_type,
7799 nla_data(info->attrs[NL80211_ATTR_FRAME_MATCH]),
7800 nla_len(info->attrs[NL80211_ATTR_FRAME_MATCH]));
7801 }
7802
7803 static int nl80211_tx_mgmt(struct sk_buff *skb, struct genl_info *info)
7804 {
7805 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7806 struct wireless_dev *wdev = info->user_ptr[1];
7807 struct cfg80211_chan_def chandef;
7808 int err;
7809 void *hdr = NULL;
7810 u64 cookie;
7811 struct sk_buff *msg = NULL;
7812 struct cfg80211_mgmt_tx_params params = {
7813 .dont_wait_for_ack =
7814 info->attrs[NL80211_ATTR_DONT_WAIT_FOR_ACK],
7815 };
7816
7817 if (!info->attrs[NL80211_ATTR_FRAME])
7818 return -EINVAL;
7819
7820 if (!rdev->ops->mgmt_tx)
7821 return -EOPNOTSUPP;
7822
7823 switch (wdev->iftype) {
7824 case NL80211_IFTYPE_P2P_DEVICE:
7825 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
7826 return -EINVAL;
7827 case NL80211_IFTYPE_STATION:
7828 case NL80211_IFTYPE_ADHOC:
7829 case NL80211_IFTYPE_P2P_CLIENT:
7830 case NL80211_IFTYPE_AP:
7831 case NL80211_IFTYPE_AP_VLAN:
7832 case NL80211_IFTYPE_MESH_POINT:
7833 case NL80211_IFTYPE_P2P_GO:
7834 break;
7835 default:
7836 return -EOPNOTSUPP;
7837 }
7838
7839 if (info->attrs[NL80211_ATTR_DURATION]) {
7840 if (!(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
7841 return -EINVAL;
7842 params.wait = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
7843
7844 /*
7845 * We should wait on the channel for at least a minimum amount
7846 * of time (10ms) but no longer than the driver supports.
7847 */
7848 if (params.wait < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
7849 params.wait > rdev->wiphy.max_remain_on_channel_duration)
7850 return -EINVAL;
7851
7852 }
7853
7854 params.offchan = info->attrs[NL80211_ATTR_OFFCHANNEL_TX_OK];
7855
7856 if (params.offchan && !(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
7857 return -EINVAL;
7858
7859 params.no_cck = nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
7860
7861 /* get the channel if any has been specified, otherwise pass NULL to
7862 * the driver. The latter will use the current one
7863 */
7864 chandef.chan = NULL;
7865 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
7866 err = nl80211_parse_chandef(rdev, info, &chandef);
7867 if (err)
7868 return err;
7869 }
7870
7871 if (!chandef.chan && params.offchan)
7872 return -EINVAL;
7873
7874 params.buf = nla_data(info->attrs[NL80211_ATTR_FRAME]);
7875 params.len = nla_len(info->attrs[NL80211_ATTR_FRAME]);
7876
7877 if (info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]) {
7878 int len = nla_len(info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]);
7879 int i;
7880
7881 if (len % sizeof(u16))
7882 return -EINVAL;
7883
7884 params.n_csa_offsets = len / sizeof(u16);
7885 params.csa_offsets =
7886 nla_data(info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]);
7887
7888 /* check that all the offsets fit the frame */
7889 for (i = 0; i < params.n_csa_offsets; i++) {
7890 if (params.csa_offsets[i] >= params.len)
7891 return -EINVAL;
7892 }
7893 }
7894
7895 if (!params.dont_wait_for_ack) {
7896 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
7897 if (!msg)
7898 return -ENOMEM;
7899
7900 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
7901 NL80211_CMD_FRAME);
7902 if (!hdr) {
7903 err = -ENOBUFS;
7904 goto free_msg;
7905 }
7906 }
7907
7908 params.chan = chandef.chan;
7909 err = cfg80211_mlme_mgmt_tx(rdev, wdev, &params, &cookie);
7910 if (err)
7911 goto free_msg;
7912
7913 if (msg) {
7914 if (nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie))
7915 goto nla_put_failure;
7916
7917 genlmsg_end(msg, hdr);
7918 return genlmsg_reply(msg, info);
7919 }
7920
7921 return 0;
7922
7923 nla_put_failure:
7924 err = -ENOBUFS;
7925 free_msg:
7926 nlmsg_free(msg);
7927 return err;
7928 }
7929
7930 static int nl80211_tx_mgmt_cancel_wait(struct sk_buff *skb, struct genl_info *info)
7931 {
7932 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7933 struct wireless_dev *wdev = info->user_ptr[1];
7934 u64 cookie;
7935
7936 if (!info->attrs[NL80211_ATTR_COOKIE])
7937 return -EINVAL;
7938
7939 if (!rdev->ops->mgmt_tx_cancel_wait)
7940 return -EOPNOTSUPP;
7941
7942 switch (wdev->iftype) {
7943 case NL80211_IFTYPE_STATION:
7944 case NL80211_IFTYPE_ADHOC:
7945 case NL80211_IFTYPE_P2P_CLIENT:
7946 case NL80211_IFTYPE_AP:
7947 case NL80211_IFTYPE_AP_VLAN:
7948 case NL80211_IFTYPE_P2P_GO:
7949 case NL80211_IFTYPE_P2P_DEVICE:
7950 break;
7951 default:
7952 return -EOPNOTSUPP;
7953 }
7954
7955 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
7956
7957 return rdev_mgmt_tx_cancel_wait(rdev, wdev, cookie);
7958 }
7959
7960 static int nl80211_set_power_save(struct sk_buff *skb, struct genl_info *info)
7961 {
7962 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7963 struct wireless_dev *wdev;
7964 struct net_device *dev = info->user_ptr[1];
7965 u8 ps_state;
7966 bool state;
7967 int err;
7968
7969 if (!info->attrs[NL80211_ATTR_PS_STATE])
7970 return -EINVAL;
7971
7972 ps_state = nla_get_u32(info->attrs[NL80211_ATTR_PS_STATE]);
7973
7974 if (ps_state != NL80211_PS_DISABLED && ps_state != NL80211_PS_ENABLED)
7975 return -EINVAL;
7976
7977 wdev = dev->ieee80211_ptr;
7978
7979 if (!rdev->ops->set_power_mgmt)
7980 return -EOPNOTSUPP;
7981
7982 state = (ps_state == NL80211_PS_ENABLED) ? true : false;
7983
7984 if (state == wdev->ps)
7985 return 0;
7986
7987 err = rdev_set_power_mgmt(rdev, dev, state, wdev->ps_timeout);
7988 if (!err)
7989 wdev->ps = state;
7990 return err;
7991 }
7992
7993 static int nl80211_get_power_save(struct sk_buff *skb, struct genl_info *info)
7994 {
7995 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7996 enum nl80211_ps_state ps_state;
7997 struct wireless_dev *wdev;
7998 struct net_device *dev = info->user_ptr[1];
7999 struct sk_buff *msg;
8000 void *hdr;
8001 int err;
8002
8003 wdev = dev->ieee80211_ptr;
8004
8005 if (!rdev->ops->set_power_mgmt)
8006 return -EOPNOTSUPP;
8007
8008 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
8009 if (!msg)
8010 return -ENOMEM;
8011
8012 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
8013 NL80211_CMD_GET_POWER_SAVE);
8014 if (!hdr) {
8015 err = -ENOBUFS;
8016 goto free_msg;
8017 }
8018
8019 if (wdev->ps)
8020 ps_state = NL80211_PS_ENABLED;
8021 else
8022 ps_state = NL80211_PS_DISABLED;
8023
8024 if (nla_put_u32(msg, NL80211_ATTR_PS_STATE, ps_state))
8025 goto nla_put_failure;
8026
8027 genlmsg_end(msg, hdr);
8028 return genlmsg_reply(msg, info);
8029
8030 nla_put_failure:
8031 err = -ENOBUFS;
8032 free_msg:
8033 nlmsg_free(msg);
8034 return err;
8035 }
8036
8037 static const struct nla_policy
8038 nl80211_attr_cqm_policy[NL80211_ATTR_CQM_MAX + 1] = {
8039 [NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_U32 },
8040 [NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U32 },
8041 [NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 },
8042 [NL80211_ATTR_CQM_TXE_RATE] = { .type = NLA_U32 },
8043 [NL80211_ATTR_CQM_TXE_PKTS] = { .type = NLA_U32 },
8044 [NL80211_ATTR_CQM_TXE_INTVL] = { .type = NLA_U32 },
8045 };
8046
8047 static int nl80211_set_cqm_txe(struct genl_info *info,
8048 u32 rate, u32 pkts, u32 intvl)
8049 {
8050 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8051 struct net_device *dev = info->user_ptr[1];
8052 struct wireless_dev *wdev = dev->ieee80211_ptr;
8053
8054 if (rate > 100 || intvl > NL80211_CQM_TXE_MAX_INTVL)
8055 return -EINVAL;
8056
8057 if (!rdev->ops->set_cqm_txe_config)
8058 return -EOPNOTSUPP;
8059
8060 if (wdev->iftype != NL80211_IFTYPE_STATION &&
8061 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
8062 return -EOPNOTSUPP;
8063
8064 return rdev_set_cqm_txe_config(rdev, dev, rate, pkts, intvl);
8065 }
8066
8067 static int nl80211_set_cqm_rssi(struct genl_info *info,
8068 s32 threshold, u32 hysteresis)
8069 {
8070 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8071 struct net_device *dev = info->user_ptr[1];
8072 struct wireless_dev *wdev = dev->ieee80211_ptr;
8073
8074 if (threshold > 0)
8075 return -EINVAL;
8076
8077 /* disabling - hysteresis should also be zero then */
8078 if (threshold == 0)
8079 hysteresis = 0;
8080
8081 if (!rdev->ops->set_cqm_rssi_config)
8082 return -EOPNOTSUPP;
8083
8084 if (wdev->iftype != NL80211_IFTYPE_STATION &&
8085 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
8086 return -EOPNOTSUPP;
8087
8088 return rdev_set_cqm_rssi_config(rdev, dev, threshold, hysteresis);
8089 }
8090
8091 static int nl80211_set_cqm(struct sk_buff *skb, struct genl_info *info)
8092 {
8093 struct nlattr *attrs[NL80211_ATTR_CQM_MAX + 1];
8094 struct nlattr *cqm;
8095 int err;
8096
8097 cqm = info->attrs[NL80211_ATTR_CQM];
8098 if (!cqm)
8099 return -EINVAL;
8100
8101 err = nla_parse_nested(attrs, NL80211_ATTR_CQM_MAX, cqm,
8102 nl80211_attr_cqm_policy);
8103 if (err)
8104 return err;
8105
8106 if (attrs[NL80211_ATTR_CQM_RSSI_THOLD] &&
8107 attrs[NL80211_ATTR_CQM_RSSI_HYST]) {
8108 s32 threshold = nla_get_s32(attrs[NL80211_ATTR_CQM_RSSI_THOLD]);
8109 u32 hysteresis = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_HYST]);
8110
8111 return nl80211_set_cqm_rssi(info, threshold, hysteresis);
8112 }
8113
8114 if (attrs[NL80211_ATTR_CQM_TXE_RATE] &&
8115 attrs[NL80211_ATTR_CQM_TXE_PKTS] &&
8116 attrs[NL80211_ATTR_CQM_TXE_INTVL]) {
8117 u32 rate = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_RATE]);
8118 u32 pkts = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_PKTS]);
8119 u32 intvl = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_INTVL]);
8120
8121 return nl80211_set_cqm_txe(info, rate, pkts, intvl);
8122 }
8123
8124 return -EINVAL;
8125 }
8126
8127 static int nl80211_join_mesh(struct sk_buff *skb, struct genl_info *info)
8128 {
8129 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8130 struct net_device *dev = info->user_ptr[1];
8131 struct mesh_config cfg;
8132 struct mesh_setup setup;
8133 int err;
8134
8135 /* start with default */
8136 memcpy(&cfg, &default_mesh_config, sizeof(cfg));
8137 memcpy(&setup, &default_mesh_setup, sizeof(setup));
8138
8139 if (info->attrs[NL80211_ATTR_MESH_CONFIG]) {
8140 /* and parse parameters if given */
8141 err = nl80211_parse_mesh_config(info, &cfg, NULL);
8142 if (err)
8143 return err;
8144 }
8145
8146 if (!info->attrs[NL80211_ATTR_MESH_ID] ||
8147 !nla_len(info->attrs[NL80211_ATTR_MESH_ID]))
8148 return -EINVAL;
8149
8150 setup.mesh_id = nla_data(info->attrs[NL80211_ATTR_MESH_ID]);
8151 setup.mesh_id_len = nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
8152
8153 if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
8154 !nl80211_parse_mcast_rate(rdev, setup.mcast_rate,
8155 nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
8156 return -EINVAL;
8157
8158 if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) {
8159 setup.beacon_interval =
8160 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
8161 if (setup.beacon_interval < 10 ||
8162 setup.beacon_interval > 10000)
8163 return -EINVAL;
8164 }
8165
8166 if (info->attrs[NL80211_ATTR_DTIM_PERIOD]) {
8167 setup.dtim_period =
8168 nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
8169 if (setup.dtim_period < 1 || setup.dtim_period > 100)
8170 return -EINVAL;
8171 }
8172
8173 if (info->attrs[NL80211_ATTR_MESH_SETUP]) {
8174 /* parse additional setup parameters if given */
8175 err = nl80211_parse_mesh_setup(info, &setup);
8176 if (err)
8177 return err;
8178 }
8179
8180 if (setup.user_mpm)
8181 cfg.auto_open_plinks = false;
8182
8183 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
8184 err = nl80211_parse_chandef(rdev, info, &setup.chandef);
8185 if (err)
8186 return err;
8187 } else {
8188 /* cfg80211_join_mesh() will sort it out */
8189 setup.chandef.chan = NULL;
8190 }
8191
8192 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
8193 u8 *rates = nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
8194 int n_rates =
8195 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
8196 struct ieee80211_supported_band *sband;
8197
8198 if (!setup.chandef.chan)
8199 return -EINVAL;
8200
8201 sband = rdev->wiphy.bands[setup.chandef.chan->band];
8202
8203 err = ieee80211_get_ratemask(sband, rates, n_rates,
8204 &setup.basic_rates);
8205 if (err)
8206 return err;
8207 }
8208
8209 return cfg80211_join_mesh(rdev, dev, &setup, &cfg);
8210 }
8211
8212 static int nl80211_leave_mesh(struct sk_buff *skb, struct genl_info *info)
8213 {
8214 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8215 struct net_device *dev = info->user_ptr[1];
8216
8217 return cfg80211_leave_mesh(rdev, dev);
8218 }
8219
8220 #ifdef CONFIG_PM
8221 static int nl80211_send_wowlan_patterns(struct sk_buff *msg,
8222 struct cfg80211_registered_device *rdev)
8223 {
8224 struct cfg80211_wowlan *wowlan = rdev->wiphy.wowlan_config;
8225 struct nlattr *nl_pats, *nl_pat;
8226 int i, pat_len;
8227
8228 if (!wowlan->n_patterns)
8229 return 0;
8230
8231 nl_pats = nla_nest_start(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN);
8232 if (!nl_pats)
8233 return -ENOBUFS;
8234
8235 for (i = 0; i < wowlan->n_patterns; i++) {
8236 nl_pat = nla_nest_start(msg, i + 1);
8237 if (!nl_pat)
8238 return -ENOBUFS;
8239 pat_len = wowlan->patterns[i].pattern_len;
8240 if (nla_put(msg, NL80211_PKTPAT_MASK, DIV_ROUND_UP(pat_len, 8),
8241 wowlan->patterns[i].mask) ||
8242 nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len,
8243 wowlan->patterns[i].pattern) ||
8244 nla_put_u32(msg, NL80211_PKTPAT_OFFSET,
8245 wowlan->patterns[i].pkt_offset))
8246 return -ENOBUFS;
8247 nla_nest_end(msg, nl_pat);
8248 }
8249 nla_nest_end(msg, nl_pats);
8250
8251 return 0;
8252 }
8253
8254 static int nl80211_send_wowlan_tcp(struct sk_buff *msg,
8255 struct cfg80211_wowlan_tcp *tcp)
8256 {
8257 struct nlattr *nl_tcp;
8258
8259 if (!tcp)
8260 return 0;
8261
8262 nl_tcp = nla_nest_start(msg, NL80211_WOWLAN_TRIG_TCP_CONNECTION);
8263 if (!nl_tcp)
8264 return -ENOBUFS;
8265
8266 if (nla_put_be32(msg, NL80211_WOWLAN_TCP_SRC_IPV4, tcp->src) ||
8267 nla_put_be32(msg, NL80211_WOWLAN_TCP_DST_IPV4, tcp->dst) ||
8268 nla_put(msg, NL80211_WOWLAN_TCP_DST_MAC, ETH_ALEN, tcp->dst_mac) ||
8269 nla_put_u16(msg, NL80211_WOWLAN_TCP_SRC_PORT, tcp->src_port) ||
8270 nla_put_u16(msg, NL80211_WOWLAN_TCP_DST_PORT, tcp->dst_port) ||
8271 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
8272 tcp->payload_len, tcp->payload) ||
8273 nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
8274 tcp->data_interval) ||
8275 nla_put(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
8276 tcp->wake_len, tcp->wake_data) ||
8277 nla_put(msg, NL80211_WOWLAN_TCP_WAKE_MASK,
8278 DIV_ROUND_UP(tcp->wake_len, 8), tcp->wake_mask))
8279 return -ENOBUFS;
8280
8281 if (tcp->payload_seq.len &&
8282 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ,
8283 sizeof(tcp->payload_seq), &tcp->payload_seq))
8284 return -ENOBUFS;
8285
8286 if (tcp->payload_tok.len &&
8287 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
8288 sizeof(tcp->payload_tok) + tcp->tokens_size,
8289 &tcp->payload_tok))
8290 return -ENOBUFS;
8291
8292 nla_nest_end(msg, nl_tcp);
8293
8294 return 0;
8295 }
8296
8297 static int nl80211_get_wowlan(struct sk_buff *skb, struct genl_info *info)
8298 {
8299 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8300 struct sk_buff *msg;
8301 void *hdr;
8302 u32 size = NLMSG_DEFAULT_SIZE;
8303
8304 if (!rdev->wiphy.wowlan)
8305 return -EOPNOTSUPP;
8306
8307 if (rdev->wiphy.wowlan_config && rdev->wiphy.wowlan_config->tcp) {
8308 /* adjust size to have room for all the data */
8309 size += rdev->wiphy.wowlan_config->tcp->tokens_size +
8310 rdev->wiphy.wowlan_config->tcp->payload_len +
8311 rdev->wiphy.wowlan_config->tcp->wake_len +
8312 rdev->wiphy.wowlan_config->tcp->wake_len / 8;
8313 }
8314
8315 msg = nlmsg_new(size, GFP_KERNEL);
8316 if (!msg)
8317 return -ENOMEM;
8318
8319 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
8320 NL80211_CMD_GET_WOWLAN);
8321 if (!hdr)
8322 goto nla_put_failure;
8323
8324 if (rdev->wiphy.wowlan_config) {
8325 struct nlattr *nl_wowlan;
8326
8327 nl_wowlan = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS);
8328 if (!nl_wowlan)
8329 goto nla_put_failure;
8330
8331 if ((rdev->wiphy.wowlan_config->any &&
8332 nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
8333 (rdev->wiphy.wowlan_config->disconnect &&
8334 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
8335 (rdev->wiphy.wowlan_config->magic_pkt &&
8336 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
8337 (rdev->wiphy.wowlan_config->gtk_rekey_failure &&
8338 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
8339 (rdev->wiphy.wowlan_config->eap_identity_req &&
8340 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
8341 (rdev->wiphy.wowlan_config->four_way_handshake &&
8342 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
8343 (rdev->wiphy.wowlan_config->rfkill_release &&
8344 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
8345 goto nla_put_failure;
8346
8347 if (nl80211_send_wowlan_patterns(msg, rdev))
8348 goto nla_put_failure;
8349
8350 if (nl80211_send_wowlan_tcp(msg,
8351 rdev->wiphy.wowlan_config->tcp))
8352 goto nla_put_failure;
8353
8354 nla_nest_end(msg, nl_wowlan);
8355 }
8356
8357 genlmsg_end(msg, hdr);
8358 return genlmsg_reply(msg, info);
8359
8360 nla_put_failure:
8361 nlmsg_free(msg);
8362 return -ENOBUFS;
8363 }
8364
8365 static int nl80211_parse_wowlan_tcp(struct cfg80211_registered_device *rdev,
8366 struct nlattr *attr,
8367 struct cfg80211_wowlan *trig)
8368 {
8369 struct nlattr *tb[NUM_NL80211_WOWLAN_TCP];
8370 struct cfg80211_wowlan_tcp *cfg;
8371 struct nl80211_wowlan_tcp_data_token *tok = NULL;
8372 struct nl80211_wowlan_tcp_data_seq *seq = NULL;
8373 u32 size;
8374 u32 data_size, wake_size, tokens_size = 0, wake_mask_size;
8375 int err, port;
8376
8377 if (!rdev->wiphy.wowlan->tcp)
8378 return -EINVAL;
8379
8380 err = nla_parse(tb, MAX_NL80211_WOWLAN_TCP,
8381 nla_data(attr), nla_len(attr),
8382 nl80211_wowlan_tcp_policy);
8383 if (err)
8384 return err;
8385
8386 if (!tb[NL80211_WOWLAN_TCP_SRC_IPV4] ||
8387 !tb[NL80211_WOWLAN_TCP_DST_IPV4] ||
8388 !tb[NL80211_WOWLAN_TCP_DST_MAC] ||
8389 !tb[NL80211_WOWLAN_TCP_DST_PORT] ||
8390 !tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD] ||
8391 !tb[NL80211_WOWLAN_TCP_DATA_INTERVAL] ||
8392 !tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD] ||
8393 !tb[NL80211_WOWLAN_TCP_WAKE_MASK])
8394 return -EINVAL;
8395
8396 data_size = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]);
8397 if (data_size > rdev->wiphy.wowlan->tcp->data_payload_max)
8398 return -EINVAL;
8399
8400 if (nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) >
8401 rdev->wiphy.wowlan->tcp->data_interval_max ||
8402 nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) == 0)
8403 return -EINVAL;
8404
8405 wake_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]);
8406 if (wake_size > rdev->wiphy.wowlan->tcp->wake_payload_max)
8407 return -EINVAL;
8408
8409 wake_mask_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_MASK]);
8410 if (wake_mask_size != DIV_ROUND_UP(wake_size, 8))
8411 return -EINVAL;
8412
8413 if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]) {
8414 u32 tokln = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]);
8415
8416 tok = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]);
8417 tokens_size = tokln - sizeof(*tok);
8418
8419 if (!tok->len || tokens_size % tok->len)
8420 return -EINVAL;
8421 if (!rdev->wiphy.wowlan->tcp->tok)
8422 return -EINVAL;
8423 if (tok->len > rdev->wiphy.wowlan->tcp->tok->max_len)
8424 return -EINVAL;
8425 if (tok->len < rdev->wiphy.wowlan->tcp->tok->min_len)
8426 return -EINVAL;
8427 if (tokens_size > rdev->wiphy.wowlan->tcp->tok->bufsize)
8428 return -EINVAL;
8429 if (tok->offset + tok->len > data_size)
8430 return -EINVAL;
8431 }
8432
8433 if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]) {
8434 seq = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]);
8435 if (!rdev->wiphy.wowlan->tcp->seq)
8436 return -EINVAL;
8437 if (seq->len == 0 || seq->len > 4)
8438 return -EINVAL;
8439 if (seq->len + seq->offset > data_size)
8440 return -EINVAL;
8441 }
8442
8443 size = sizeof(*cfg);
8444 size += data_size;
8445 size += wake_size + wake_mask_size;
8446 size += tokens_size;
8447
8448 cfg = kzalloc(size, GFP_KERNEL);
8449 if (!cfg)
8450 return -ENOMEM;
8451 cfg->src = nla_get_be32(tb[NL80211_WOWLAN_TCP_SRC_IPV4]);
8452 cfg->dst = nla_get_be32(tb[NL80211_WOWLAN_TCP_DST_IPV4]);
8453 memcpy(cfg->dst_mac, nla_data(tb[NL80211_WOWLAN_TCP_DST_MAC]),
8454 ETH_ALEN);
8455 if (tb[NL80211_WOWLAN_TCP_SRC_PORT])
8456 port = nla_get_u16(tb[NL80211_WOWLAN_TCP_SRC_PORT]);
8457 else
8458 port = 0;
8459 #ifdef CONFIG_INET
8460 /* allocate a socket and port for it and use it */
8461 err = __sock_create(wiphy_net(&rdev->wiphy), PF_INET, SOCK_STREAM,
8462 IPPROTO_TCP, &cfg->sock, 1);
8463 if (err) {
8464 kfree(cfg);
8465 return err;
8466 }
8467 if (inet_csk_get_port(cfg->sock->sk, port)) {
8468 sock_release(cfg->sock);
8469 kfree(cfg);
8470 return -EADDRINUSE;
8471 }
8472 cfg->src_port = inet_sk(cfg->sock->sk)->inet_num;
8473 #else
8474 if (!port) {
8475 kfree(cfg);
8476 return -EINVAL;
8477 }
8478 cfg->src_port = port;
8479 #endif
8480
8481 cfg->dst_port = nla_get_u16(tb[NL80211_WOWLAN_TCP_DST_PORT]);
8482 cfg->payload_len = data_size;
8483 cfg->payload = (u8 *)cfg + sizeof(*cfg) + tokens_size;
8484 memcpy((void *)cfg->payload,
8485 nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]),
8486 data_size);
8487 if (seq)
8488 cfg->payload_seq = *seq;
8489 cfg->data_interval = nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]);
8490 cfg->wake_len = wake_size;
8491 cfg->wake_data = (u8 *)cfg + sizeof(*cfg) + tokens_size + data_size;
8492 memcpy((void *)cfg->wake_data,
8493 nla_data(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]),
8494 wake_size);
8495 cfg->wake_mask = (u8 *)cfg + sizeof(*cfg) + tokens_size +
8496 data_size + wake_size;
8497 memcpy((void *)cfg->wake_mask,
8498 nla_data(tb[NL80211_WOWLAN_TCP_WAKE_MASK]),
8499 wake_mask_size);
8500 if (tok) {
8501 cfg->tokens_size = tokens_size;
8502 memcpy(&cfg->payload_tok, tok, sizeof(*tok) + tokens_size);
8503 }
8504
8505 trig->tcp = cfg;
8506
8507 return 0;
8508 }
8509
8510 static int nl80211_set_wowlan(struct sk_buff *skb, struct genl_info *info)
8511 {
8512 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8513 struct nlattr *tb[NUM_NL80211_WOWLAN_TRIG];
8514 struct cfg80211_wowlan new_triggers = {};
8515 struct cfg80211_wowlan *ntrig;
8516 const struct wiphy_wowlan_support *wowlan = rdev->wiphy.wowlan;
8517 int err, i;
8518 bool prev_enabled = rdev->wiphy.wowlan_config;
8519
8520 if (!wowlan)
8521 return -EOPNOTSUPP;
8522
8523 if (!info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]) {
8524 cfg80211_rdev_free_wowlan(rdev);
8525 rdev->wiphy.wowlan_config = NULL;
8526 goto set_wakeup;
8527 }
8528
8529 err = nla_parse(tb, MAX_NL80211_WOWLAN_TRIG,
8530 nla_data(info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]),
8531 nla_len(info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]),
8532 nl80211_wowlan_policy);
8533 if (err)
8534 return err;
8535
8536 if (tb[NL80211_WOWLAN_TRIG_ANY]) {
8537 if (!(wowlan->flags & WIPHY_WOWLAN_ANY))
8538 return -EINVAL;
8539 new_triggers.any = true;
8540 }
8541
8542 if (tb[NL80211_WOWLAN_TRIG_DISCONNECT]) {
8543 if (!(wowlan->flags & WIPHY_WOWLAN_DISCONNECT))
8544 return -EINVAL;
8545 new_triggers.disconnect = true;
8546 }
8547
8548 if (tb[NL80211_WOWLAN_TRIG_MAGIC_PKT]) {
8549 if (!(wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT))
8550 return -EINVAL;
8551 new_triggers.magic_pkt = true;
8552 }
8553
8554 if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED])
8555 return -EINVAL;
8556
8557 if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE]) {
8558 if (!(wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE))
8559 return -EINVAL;
8560 new_triggers.gtk_rekey_failure = true;
8561 }
8562
8563 if (tb[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST]) {
8564 if (!(wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ))
8565 return -EINVAL;
8566 new_triggers.eap_identity_req = true;
8567 }
8568
8569 if (tb[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE]) {
8570 if (!(wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE))
8571 return -EINVAL;
8572 new_triggers.four_way_handshake = true;
8573 }
8574
8575 if (tb[NL80211_WOWLAN_TRIG_RFKILL_RELEASE]) {
8576 if (!(wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE))
8577 return -EINVAL;
8578 new_triggers.rfkill_release = true;
8579 }
8580
8581 if (tb[NL80211_WOWLAN_TRIG_PKT_PATTERN]) {
8582 struct nlattr *pat;
8583 int n_patterns = 0;
8584 int rem, pat_len, mask_len, pkt_offset;
8585 struct nlattr *pat_tb[NUM_NL80211_PKTPAT];
8586
8587 nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
8588 rem)
8589 n_patterns++;
8590 if (n_patterns > wowlan->n_patterns)
8591 return -EINVAL;
8592
8593 new_triggers.patterns = kcalloc(n_patterns,
8594 sizeof(new_triggers.patterns[0]),
8595 GFP_KERNEL);
8596 if (!new_triggers.patterns)
8597 return -ENOMEM;
8598
8599 new_triggers.n_patterns = n_patterns;
8600 i = 0;
8601
8602 nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
8603 rem) {
8604 u8 *mask_pat;
8605
8606 nla_parse(pat_tb, MAX_NL80211_PKTPAT, nla_data(pat),
8607 nla_len(pat), NULL);
8608 err = -EINVAL;
8609 if (!pat_tb[NL80211_PKTPAT_MASK] ||
8610 !pat_tb[NL80211_PKTPAT_PATTERN])
8611 goto error;
8612 pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]);
8613 mask_len = DIV_ROUND_UP(pat_len, 8);
8614 if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len)
8615 goto error;
8616 if (pat_len > wowlan->pattern_max_len ||
8617 pat_len < wowlan->pattern_min_len)
8618 goto error;
8619
8620 if (!pat_tb[NL80211_PKTPAT_OFFSET])
8621 pkt_offset = 0;
8622 else
8623 pkt_offset = nla_get_u32(
8624 pat_tb[NL80211_PKTPAT_OFFSET]);
8625 if (pkt_offset > wowlan->max_pkt_offset)
8626 goto error;
8627 new_triggers.patterns[i].pkt_offset = pkt_offset;
8628
8629 mask_pat = kmalloc(mask_len + pat_len, GFP_KERNEL);
8630 if (!mask_pat) {
8631 err = -ENOMEM;
8632 goto error;
8633 }
8634 new_triggers.patterns[i].mask = mask_pat;
8635 memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_MASK]),
8636 mask_len);
8637 mask_pat += mask_len;
8638 new_triggers.patterns[i].pattern = mask_pat;
8639 new_triggers.patterns[i].pattern_len = pat_len;
8640 memcpy(mask_pat,
8641 nla_data(pat_tb[NL80211_PKTPAT_PATTERN]),
8642 pat_len);
8643 i++;
8644 }
8645 }
8646
8647 if (tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION]) {
8648 err = nl80211_parse_wowlan_tcp(
8649 rdev, tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION],
8650 &new_triggers);
8651 if (err)
8652 goto error;
8653 }
8654
8655 ntrig = kmemdup(&new_triggers, sizeof(new_triggers), GFP_KERNEL);
8656 if (!ntrig) {
8657 err = -ENOMEM;
8658 goto error;
8659 }
8660 cfg80211_rdev_free_wowlan(rdev);
8661 rdev->wiphy.wowlan_config = ntrig;
8662
8663 set_wakeup:
8664 if (rdev->ops->set_wakeup &&
8665 prev_enabled != !!rdev->wiphy.wowlan_config)
8666 rdev_set_wakeup(rdev, rdev->wiphy.wowlan_config);
8667
8668 return 0;
8669 error:
8670 for (i = 0; i < new_triggers.n_patterns; i++)
8671 kfree(new_triggers.patterns[i].mask);
8672 kfree(new_triggers.patterns);
8673 if (new_triggers.tcp && new_triggers.tcp->sock)
8674 sock_release(new_triggers.tcp->sock);
8675 kfree(new_triggers.tcp);
8676 return err;
8677 }
8678 #endif
8679
8680 static int nl80211_send_coalesce_rules(struct sk_buff *msg,
8681 struct cfg80211_registered_device *rdev)
8682 {
8683 struct nlattr *nl_pats, *nl_pat, *nl_rule, *nl_rules;
8684 int i, j, pat_len;
8685 struct cfg80211_coalesce_rules *rule;
8686
8687 if (!rdev->coalesce->n_rules)
8688 return 0;
8689
8690 nl_rules = nla_nest_start(msg, NL80211_ATTR_COALESCE_RULE);
8691 if (!nl_rules)
8692 return -ENOBUFS;
8693
8694 for (i = 0; i < rdev->coalesce->n_rules; i++) {
8695 nl_rule = nla_nest_start(msg, i + 1);
8696 if (!nl_rule)
8697 return -ENOBUFS;
8698
8699 rule = &rdev->coalesce->rules[i];
8700 if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_DELAY,
8701 rule->delay))
8702 return -ENOBUFS;
8703
8704 if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_CONDITION,
8705 rule->condition))
8706 return -ENOBUFS;
8707
8708 nl_pats = nla_nest_start(msg,
8709 NL80211_ATTR_COALESCE_RULE_PKT_PATTERN);
8710 if (!nl_pats)
8711 return -ENOBUFS;
8712
8713 for (j = 0; j < rule->n_patterns; j++) {
8714 nl_pat = nla_nest_start(msg, j + 1);
8715 if (!nl_pat)
8716 return -ENOBUFS;
8717 pat_len = rule->patterns[j].pattern_len;
8718 if (nla_put(msg, NL80211_PKTPAT_MASK,
8719 DIV_ROUND_UP(pat_len, 8),
8720 rule->patterns[j].mask) ||
8721 nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len,
8722 rule->patterns[j].pattern) ||
8723 nla_put_u32(msg, NL80211_PKTPAT_OFFSET,
8724 rule->patterns[j].pkt_offset))
8725 return -ENOBUFS;
8726 nla_nest_end(msg, nl_pat);
8727 }
8728 nla_nest_end(msg, nl_pats);
8729 nla_nest_end(msg, nl_rule);
8730 }
8731 nla_nest_end(msg, nl_rules);
8732
8733 return 0;
8734 }
8735
8736 static int nl80211_get_coalesce(struct sk_buff *skb, struct genl_info *info)
8737 {
8738 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8739 struct sk_buff *msg;
8740 void *hdr;
8741
8742 if (!rdev->wiphy.coalesce)
8743 return -EOPNOTSUPP;
8744
8745 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
8746 if (!msg)
8747 return -ENOMEM;
8748
8749 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
8750 NL80211_CMD_GET_COALESCE);
8751 if (!hdr)
8752 goto nla_put_failure;
8753
8754 if (rdev->coalesce && nl80211_send_coalesce_rules(msg, rdev))
8755 goto nla_put_failure;
8756
8757 genlmsg_end(msg, hdr);
8758 return genlmsg_reply(msg, info);
8759
8760 nla_put_failure:
8761 nlmsg_free(msg);
8762 return -ENOBUFS;
8763 }
8764
8765 void cfg80211_rdev_free_coalesce(struct cfg80211_registered_device *rdev)
8766 {
8767 struct cfg80211_coalesce *coalesce = rdev->coalesce;
8768 int i, j;
8769 struct cfg80211_coalesce_rules *rule;
8770
8771 if (!coalesce)
8772 return;
8773
8774 for (i = 0; i < coalesce->n_rules; i++) {
8775 rule = &coalesce->rules[i];
8776 for (j = 0; j < rule->n_patterns; j++)
8777 kfree(rule->patterns[j].mask);
8778 kfree(rule->patterns);
8779 }
8780 kfree(coalesce->rules);
8781 kfree(coalesce);
8782 rdev->coalesce = NULL;
8783 }
8784
8785 static int nl80211_parse_coalesce_rule(struct cfg80211_registered_device *rdev,
8786 struct nlattr *rule,
8787 struct cfg80211_coalesce_rules *new_rule)
8788 {
8789 int err, i;
8790 const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce;
8791 struct nlattr *tb[NUM_NL80211_ATTR_COALESCE_RULE], *pat;
8792 int rem, pat_len, mask_len, pkt_offset, n_patterns = 0;
8793 struct nlattr *pat_tb[NUM_NL80211_PKTPAT];
8794
8795 err = nla_parse(tb, NL80211_ATTR_COALESCE_RULE_MAX, nla_data(rule),
8796 nla_len(rule), nl80211_coalesce_policy);
8797 if (err)
8798 return err;
8799
8800 if (tb[NL80211_ATTR_COALESCE_RULE_DELAY])
8801 new_rule->delay =
8802 nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_DELAY]);
8803 if (new_rule->delay > coalesce->max_delay)
8804 return -EINVAL;
8805
8806 if (tb[NL80211_ATTR_COALESCE_RULE_CONDITION])
8807 new_rule->condition =
8808 nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_CONDITION]);
8809 if (new_rule->condition != NL80211_COALESCE_CONDITION_MATCH &&
8810 new_rule->condition != NL80211_COALESCE_CONDITION_NO_MATCH)
8811 return -EINVAL;
8812
8813 if (!tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN])
8814 return -EINVAL;
8815
8816 nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN],
8817 rem)
8818 n_patterns++;
8819 if (n_patterns > coalesce->n_patterns)
8820 return -EINVAL;
8821
8822 new_rule->patterns = kcalloc(n_patterns, sizeof(new_rule->patterns[0]),
8823 GFP_KERNEL);
8824 if (!new_rule->patterns)
8825 return -ENOMEM;
8826
8827 new_rule->n_patterns = n_patterns;
8828 i = 0;
8829
8830 nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN],
8831 rem) {
8832 u8 *mask_pat;
8833
8834 nla_parse(pat_tb, MAX_NL80211_PKTPAT, nla_data(pat),
8835 nla_len(pat), NULL);
8836 if (!pat_tb[NL80211_PKTPAT_MASK] ||
8837 !pat_tb[NL80211_PKTPAT_PATTERN])
8838 return -EINVAL;
8839 pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]);
8840 mask_len = DIV_ROUND_UP(pat_len, 8);
8841 if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len)
8842 return -EINVAL;
8843 if (pat_len > coalesce->pattern_max_len ||
8844 pat_len < coalesce->pattern_min_len)
8845 return -EINVAL;
8846
8847 if (!pat_tb[NL80211_PKTPAT_OFFSET])
8848 pkt_offset = 0;
8849 else
8850 pkt_offset = nla_get_u32(pat_tb[NL80211_PKTPAT_OFFSET]);
8851 if (pkt_offset > coalesce->max_pkt_offset)
8852 return -EINVAL;
8853 new_rule->patterns[i].pkt_offset = pkt_offset;
8854
8855 mask_pat = kmalloc(mask_len + pat_len, GFP_KERNEL);
8856 if (!mask_pat)
8857 return -ENOMEM;
8858
8859 new_rule->patterns[i].mask = mask_pat;
8860 memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_MASK]),
8861 mask_len);
8862
8863 mask_pat += mask_len;
8864 new_rule->patterns[i].pattern = mask_pat;
8865 new_rule->patterns[i].pattern_len = pat_len;
8866 memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_PATTERN]),
8867 pat_len);
8868 i++;
8869 }
8870
8871 return 0;
8872 }
8873
8874 static int nl80211_set_coalesce(struct sk_buff *skb, struct genl_info *info)
8875 {
8876 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8877 const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce;
8878 struct cfg80211_coalesce new_coalesce = {};
8879 struct cfg80211_coalesce *n_coalesce;
8880 int err, rem_rule, n_rules = 0, i, j;
8881 struct nlattr *rule;
8882 struct cfg80211_coalesce_rules *tmp_rule;
8883
8884 if (!rdev->wiphy.coalesce || !rdev->ops->set_coalesce)
8885 return -EOPNOTSUPP;
8886
8887 if (!info->attrs[NL80211_ATTR_COALESCE_RULE]) {
8888 cfg80211_rdev_free_coalesce(rdev);
8889 rdev->ops->set_coalesce(&rdev->wiphy, NULL);
8890 return 0;
8891 }
8892
8893 nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE],
8894 rem_rule)
8895 n_rules++;
8896 if (n_rules > coalesce->n_rules)
8897 return -EINVAL;
8898
8899 new_coalesce.rules = kcalloc(n_rules, sizeof(new_coalesce.rules[0]),
8900 GFP_KERNEL);
8901 if (!new_coalesce.rules)
8902 return -ENOMEM;
8903
8904 new_coalesce.n_rules = n_rules;
8905 i = 0;
8906
8907 nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE],
8908 rem_rule) {
8909 err = nl80211_parse_coalesce_rule(rdev, rule,
8910 &new_coalesce.rules[i]);
8911 if (err)
8912 goto error;
8913
8914 i++;
8915 }
8916
8917 err = rdev->ops->set_coalesce(&rdev->wiphy, &new_coalesce);
8918 if (err)
8919 goto error;
8920
8921 n_coalesce = kmemdup(&new_coalesce, sizeof(new_coalesce), GFP_KERNEL);
8922 if (!n_coalesce) {
8923 err = -ENOMEM;
8924 goto error;
8925 }
8926 cfg80211_rdev_free_coalesce(rdev);
8927 rdev->coalesce = n_coalesce;
8928
8929 return 0;
8930 error:
8931 for (i = 0; i < new_coalesce.n_rules; i++) {
8932 tmp_rule = &new_coalesce.rules[i];
8933 for (j = 0; j < tmp_rule->n_patterns; j++)
8934 kfree(tmp_rule->patterns[j].mask);
8935 kfree(tmp_rule->patterns);
8936 }
8937 kfree(new_coalesce.rules);
8938
8939 return err;
8940 }
8941
8942 static int nl80211_set_rekey_data(struct sk_buff *skb, struct genl_info *info)
8943 {
8944 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8945 struct net_device *dev = info->user_ptr[1];
8946 struct wireless_dev *wdev = dev->ieee80211_ptr;
8947 struct nlattr *tb[NUM_NL80211_REKEY_DATA];
8948 struct cfg80211_gtk_rekey_data rekey_data;
8949 int err;
8950
8951 if (!info->attrs[NL80211_ATTR_REKEY_DATA])
8952 return -EINVAL;
8953
8954 err = nla_parse(tb, MAX_NL80211_REKEY_DATA,
8955 nla_data(info->attrs[NL80211_ATTR_REKEY_DATA]),
8956 nla_len(info->attrs[NL80211_ATTR_REKEY_DATA]),
8957 nl80211_rekey_policy);
8958 if (err)
8959 return err;
8960
8961 if (nla_len(tb[NL80211_REKEY_DATA_REPLAY_CTR]) != NL80211_REPLAY_CTR_LEN)
8962 return -ERANGE;
8963 if (nla_len(tb[NL80211_REKEY_DATA_KEK]) != NL80211_KEK_LEN)
8964 return -ERANGE;
8965 if (nla_len(tb[NL80211_REKEY_DATA_KCK]) != NL80211_KCK_LEN)
8966 return -ERANGE;
8967
8968 rekey_data.kek = nla_data(tb[NL80211_REKEY_DATA_KEK]);
8969 rekey_data.kck = nla_data(tb[NL80211_REKEY_DATA_KCK]);
8970 rekey_data.replay_ctr = nla_data(tb[NL80211_REKEY_DATA_REPLAY_CTR]);
8971
8972 wdev_lock(wdev);
8973 if (!wdev->current_bss) {
8974 err = -ENOTCONN;
8975 goto out;
8976 }
8977
8978 if (!rdev->ops->set_rekey_data) {
8979 err = -EOPNOTSUPP;
8980 goto out;
8981 }
8982
8983 err = rdev_set_rekey_data(rdev, dev, &rekey_data);
8984 out:
8985 wdev_unlock(wdev);
8986 return err;
8987 }
8988
8989 static int nl80211_register_unexpected_frame(struct sk_buff *skb,
8990 struct genl_info *info)
8991 {
8992 struct net_device *dev = info->user_ptr[1];
8993 struct wireless_dev *wdev = dev->ieee80211_ptr;
8994
8995 if (wdev->iftype != NL80211_IFTYPE_AP &&
8996 wdev->iftype != NL80211_IFTYPE_P2P_GO)
8997 return -EINVAL;
8998
8999 if (wdev->ap_unexpected_nlportid)
9000 return -EBUSY;
9001
9002 wdev->ap_unexpected_nlportid = info->snd_portid;
9003 return 0;
9004 }
9005
9006 static int nl80211_probe_client(struct sk_buff *skb,
9007 struct genl_info *info)
9008 {
9009 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9010 struct net_device *dev = info->user_ptr[1];
9011 struct wireless_dev *wdev = dev->ieee80211_ptr;
9012 struct sk_buff *msg;
9013 void *hdr;
9014 const u8 *addr;
9015 u64 cookie;
9016 int err;
9017
9018 if (wdev->iftype != NL80211_IFTYPE_AP &&
9019 wdev->iftype != NL80211_IFTYPE_P2P_GO)
9020 return -EOPNOTSUPP;
9021
9022 if (!info->attrs[NL80211_ATTR_MAC])
9023 return -EINVAL;
9024
9025 if (!rdev->ops->probe_client)
9026 return -EOPNOTSUPP;
9027
9028 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
9029 if (!msg)
9030 return -ENOMEM;
9031
9032 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
9033 NL80211_CMD_PROBE_CLIENT);
9034 if (!hdr) {
9035 err = -ENOBUFS;
9036 goto free_msg;
9037 }
9038
9039 addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
9040
9041 err = rdev_probe_client(rdev, dev, addr, &cookie);
9042 if (err)
9043 goto free_msg;
9044
9045 if (nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie))
9046 goto nla_put_failure;
9047
9048 genlmsg_end(msg, hdr);
9049
9050 return genlmsg_reply(msg, info);
9051
9052 nla_put_failure:
9053 err = -ENOBUFS;
9054 free_msg:
9055 nlmsg_free(msg);
9056 return err;
9057 }
9058
9059 static int nl80211_register_beacons(struct sk_buff *skb, struct genl_info *info)
9060 {
9061 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9062 struct cfg80211_beacon_registration *reg, *nreg;
9063 int rv;
9064
9065 if (!(rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS))
9066 return -EOPNOTSUPP;
9067
9068 nreg = kzalloc(sizeof(*nreg), GFP_KERNEL);
9069 if (!nreg)
9070 return -ENOMEM;
9071
9072 /* First, check if already registered. */
9073 spin_lock_bh(&rdev->beacon_registrations_lock);
9074 list_for_each_entry(reg, &rdev->beacon_registrations, list) {
9075 if (reg->nlportid == info->snd_portid) {
9076 rv = -EALREADY;
9077 goto out_err;
9078 }
9079 }
9080 /* Add it to the list */
9081 nreg->nlportid = info->snd_portid;
9082 list_add(&nreg->list, &rdev->beacon_registrations);
9083
9084 spin_unlock_bh(&rdev->beacon_registrations_lock);
9085
9086 return 0;
9087 out_err:
9088 spin_unlock_bh(&rdev->beacon_registrations_lock);
9089 kfree(nreg);
9090 return rv;
9091 }
9092
9093 static int nl80211_start_p2p_device(struct sk_buff *skb, struct genl_info *info)
9094 {
9095 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9096 struct wireless_dev *wdev = info->user_ptr[1];
9097 int err;
9098
9099 if (!rdev->ops->start_p2p_device)
9100 return -EOPNOTSUPP;
9101
9102 if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
9103 return -EOPNOTSUPP;
9104
9105 if (wdev->p2p_started)
9106 return 0;
9107
9108 if (rfkill_blocked(rdev->rfkill))
9109 return -ERFKILL;
9110
9111 err = rdev_start_p2p_device(rdev, wdev);
9112 if (err)
9113 return err;
9114
9115 wdev->p2p_started = true;
9116 rdev->opencount++;
9117
9118 return 0;
9119 }
9120
9121 static int nl80211_stop_p2p_device(struct sk_buff *skb, struct genl_info *info)
9122 {
9123 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9124 struct wireless_dev *wdev = info->user_ptr[1];
9125
9126 if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
9127 return -EOPNOTSUPP;
9128
9129 if (!rdev->ops->stop_p2p_device)
9130 return -EOPNOTSUPP;
9131
9132 cfg80211_stop_p2p_device(rdev, wdev);
9133
9134 return 0;
9135 }
9136
9137 static int nl80211_get_protocol_features(struct sk_buff *skb,
9138 struct genl_info *info)
9139 {
9140 void *hdr;
9141 struct sk_buff *msg;
9142
9143 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
9144 if (!msg)
9145 return -ENOMEM;
9146
9147 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
9148 NL80211_CMD_GET_PROTOCOL_FEATURES);
9149 if (!hdr)
9150 goto nla_put_failure;
9151
9152 if (nla_put_u32(msg, NL80211_ATTR_PROTOCOL_FEATURES,
9153 NL80211_PROTOCOL_FEATURE_SPLIT_WIPHY_DUMP))
9154 goto nla_put_failure;
9155
9156 genlmsg_end(msg, hdr);
9157 return genlmsg_reply(msg, info);
9158
9159 nla_put_failure:
9160 kfree_skb(msg);
9161 return -ENOBUFS;
9162 }
9163
9164 static int nl80211_update_ft_ies(struct sk_buff *skb, struct genl_info *info)
9165 {
9166 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9167 struct cfg80211_update_ft_ies_params ft_params;
9168 struct net_device *dev = info->user_ptr[1];
9169
9170 if (!rdev->ops->update_ft_ies)
9171 return -EOPNOTSUPP;
9172
9173 if (!info->attrs[NL80211_ATTR_MDID] ||
9174 !is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
9175 return -EINVAL;
9176
9177 memset(&ft_params, 0, sizeof(ft_params));
9178 ft_params.md = nla_get_u16(info->attrs[NL80211_ATTR_MDID]);
9179 ft_params.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
9180 ft_params.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
9181
9182 return rdev_update_ft_ies(rdev, dev, &ft_params);
9183 }
9184
9185 static int nl80211_crit_protocol_start(struct sk_buff *skb,
9186 struct genl_info *info)
9187 {
9188 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9189 struct wireless_dev *wdev = info->user_ptr[1];
9190 enum nl80211_crit_proto_id proto = NL80211_CRIT_PROTO_UNSPEC;
9191 u16 duration;
9192 int ret;
9193
9194 if (!rdev->ops->crit_proto_start)
9195 return -EOPNOTSUPP;
9196
9197 if (WARN_ON(!rdev->ops->crit_proto_stop))
9198 return -EINVAL;
9199
9200 if (rdev->crit_proto_nlportid)
9201 return -EBUSY;
9202
9203 /* determine protocol if provided */
9204 if (info->attrs[NL80211_ATTR_CRIT_PROT_ID])
9205 proto = nla_get_u16(info->attrs[NL80211_ATTR_CRIT_PROT_ID]);
9206
9207 if (proto >= NUM_NL80211_CRIT_PROTO)
9208 return -EINVAL;
9209
9210 /* timeout must be provided */
9211 if (!info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION])
9212 return -EINVAL;
9213
9214 duration =
9215 nla_get_u16(info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION]);
9216
9217 if (duration > NL80211_CRIT_PROTO_MAX_DURATION)
9218 return -ERANGE;
9219
9220 ret = rdev_crit_proto_start(rdev, wdev, proto, duration);
9221 if (!ret)
9222 rdev->crit_proto_nlportid = info->snd_portid;
9223
9224 return ret;
9225 }
9226
9227 static int nl80211_crit_protocol_stop(struct sk_buff *skb,
9228 struct genl_info *info)
9229 {
9230 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9231 struct wireless_dev *wdev = info->user_ptr[1];
9232
9233 if (!rdev->ops->crit_proto_stop)
9234 return -EOPNOTSUPP;
9235
9236 if (rdev->crit_proto_nlportid) {
9237 rdev->crit_proto_nlportid = 0;
9238 rdev_crit_proto_stop(rdev, wdev);
9239 }
9240 return 0;
9241 }
9242
9243 static int nl80211_vendor_cmd(struct sk_buff *skb, struct genl_info *info)
9244 {
9245 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9246 struct wireless_dev *wdev =
9247 __cfg80211_wdev_from_attrs(genl_info_net(info), info->attrs);
9248 int i, err;
9249 u32 vid, subcmd;
9250
9251 if (!rdev->wiphy.vendor_commands)
9252 return -EOPNOTSUPP;
9253
9254 if (IS_ERR(wdev)) {
9255 err = PTR_ERR(wdev);
9256 if (err != -EINVAL)
9257 return err;
9258 wdev = NULL;
9259 } else if (wdev->wiphy != &rdev->wiphy) {
9260 return -EINVAL;
9261 }
9262
9263 if (!info->attrs[NL80211_ATTR_VENDOR_ID] ||
9264 !info->attrs[NL80211_ATTR_VENDOR_SUBCMD])
9265 return -EINVAL;
9266
9267 vid = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_ID]);
9268 subcmd = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_SUBCMD]);
9269 for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) {
9270 const struct wiphy_vendor_command *vcmd;
9271 void *data = NULL;
9272 int len = 0;
9273
9274 vcmd = &rdev->wiphy.vendor_commands[i];
9275
9276 if (vcmd->info.vendor_id != vid || vcmd->info.subcmd != subcmd)
9277 continue;
9278
9279 if (vcmd->flags & (WIPHY_VENDOR_CMD_NEED_WDEV |
9280 WIPHY_VENDOR_CMD_NEED_NETDEV)) {
9281 if (!wdev)
9282 return -EINVAL;
9283 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_NETDEV &&
9284 !wdev->netdev)
9285 return -EINVAL;
9286
9287 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_RUNNING) {
9288 if (wdev->netdev &&
9289 !netif_running(wdev->netdev))
9290 return -ENETDOWN;
9291 if (!wdev->netdev && !wdev->p2p_started)
9292 return -ENETDOWN;
9293 }
9294 } else {
9295 wdev = NULL;
9296 }
9297
9298 if (info->attrs[NL80211_ATTR_VENDOR_DATA]) {
9299 data = nla_data(info->attrs[NL80211_ATTR_VENDOR_DATA]);
9300 len = nla_len(info->attrs[NL80211_ATTR_VENDOR_DATA]);
9301 }
9302
9303 rdev->cur_cmd_info = info;
9304 err = rdev->wiphy.vendor_commands[i].doit(&rdev->wiphy, wdev,
9305 data, len);
9306 rdev->cur_cmd_info = NULL;
9307 return err;
9308 }
9309
9310 return -EOPNOTSUPP;
9311 }
9312
9313 struct sk_buff *__cfg80211_alloc_reply_skb(struct wiphy *wiphy,
9314 enum nl80211_commands cmd,
9315 enum nl80211_attrs attr,
9316 int approxlen)
9317 {
9318 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
9319
9320 if (WARN_ON(!rdev->cur_cmd_info))
9321 return NULL;
9322
9323 return __cfg80211_alloc_vendor_skb(rdev, approxlen,
9324 rdev->cur_cmd_info->snd_portid,
9325 rdev->cur_cmd_info->snd_seq,
9326 cmd, attr, NULL, GFP_KERNEL);
9327 }
9328 EXPORT_SYMBOL(__cfg80211_alloc_reply_skb);
9329
9330 int cfg80211_vendor_cmd_reply(struct sk_buff *skb)
9331 {
9332 struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
9333 void *hdr = ((void **)skb->cb)[1];
9334 struct nlattr *data = ((void **)skb->cb)[2];
9335
9336 if (WARN_ON(!rdev->cur_cmd_info)) {
9337 kfree_skb(skb);
9338 return -EINVAL;
9339 }
9340
9341 nla_nest_end(skb, data);
9342 genlmsg_end(skb, hdr);
9343 return genlmsg_reply(skb, rdev->cur_cmd_info);
9344 }
9345 EXPORT_SYMBOL_GPL(cfg80211_vendor_cmd_reply);
9346
9347
9348 static int nl80211_set_qos_map(struct sk_buff *skb,
9349 struct genl_info *info)
9350 {
9351 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9352 struct cfg80211_qos_map *qos_map = NULL;
9353 struct net_device *dev = info->user_ptr[1];
9354 u8 *pos, len, num_des, des_len, des;
9355 int ret;
9356
9357 if (!rdev->ops->set_qos_map)
9358 return -EOPNOTSUPP;
9359
9360 if (info->attrs[NL80211_ATTR_QOS_MAP]) {
9361 pos = nla_data(info->attrs[NL80211_ATTR_QOS_MAP]);
9362 len = nla_len(info->attrs[NL80211_ATTR_QOS_MAP]);
9363
9364 if (len % 2 || len < IEEE80211_QOS_MAP_LEN_MIN ||
9365 len > IEEE80211_QOS_MAP_LEN_MAX)
9366 return -EINVAL;
9367
9368 qos_map = kzalloc(sizeof(struct cfg80211_qos_map), GFP_KERNEL);
9369 if (!qos_map)
9370 return -ENOMEM;
9371
9372 num_des = (len - IEEE80211_QOS_MAP_LEN_MIN) >> 1;
9373 if (num_des) {
9374 des_len = num_des *
9375 sizeof(struct cfg80211_dscp_exception);
9376 memcpy(qos_map->dscp_exception, pos, des_len);
9377 qos_map->num_des = num_des;
9378 for (des = 0; des < num_des; des++) {
9379 if (qos_map->dscp_exception[des].up > 7) {
9380 kfree(qos_map);
9381 return -EINVAL;
9382 }
9383 }
9384 pos += des_len;
9385 }
9386 memcpy(qos_map->up, pos, IEEE80211_QOS_MAP_LEN_MIN);
9387 }
9388
9389 wdev_lock(dev->ieee80211_ptr);
9390 ret = nl80211_key_allowed(dev->ieee80211_ptr);
9391 if (!ret)
9392 ret = rdev_set_qos_map(rdev, dev, qos_map);
9393 wdev_unlock(dev->ieee80211_ptr);
9394
9395 kfree(qos_map);
9396 return ret;
9397 }
9398
9399 static int nl80211_add_tx_ts(struct sk_buff *skb, struct genl_info *info)
9400 {
9401 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9402 struct net_device *dev = info->user_ptr[1];
9403 struct wireless_dev *wdev = dev->ieee80211_ptr;
9404 const u8 *peer;
9405 u8 tsid, up;
9406 u16 admitted_time = 0;
9407 int err;
9408
9409 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_WMM_ADMISSION))
9410 return -EOPNOTSUPP;
9411
9412 if (!info->attrs[NL80211_ATTR_TSID] || !info->attrs[NL80211_ATTR_MAC] ||
9413 !info->attrs[NL80211_ATTR_USER_PRIO])
9414 return -EINVAL;
9415
9416 tsid = nla_get_u8(info->attrs[NL80211_ATTR_TSID]);
9417 if (tsid >= IEEE80211_NUM_TIDS)
9418 return -EINVAL;
9419
9420 up = nla_get_u8(info->attrs[NL80211_ATTR_USER_PRIO]);
9421 if (up >= IEEE80211_NUM_UPS)
9422 return -EINVAL;
9423
9424 /* WMM uses TIDs 0-7 even for TSPEC */
9425 if (tsid < IEEE80211_FIRST_TSPEC_TSID) {
9426 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_WMM_ADMISSION))
9427 return -EINVAL;
9428 } else {
9429 /* TODO: handle 802.11 TSPEC/admission control
9430 * need more attributes for that (e.g. BA session requirement)
9431 */
9432 return -EINVAL;
9433 }
9434
9435 peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
9436
9437 if (info->attrs[NL80211_ATTR_ADMITTED_TIME]) {
9438 admitted_time =
9439 nla_get_u16(info->attrs[NL80211_ATTR_ADMITTED_TIME]);
9440 if (!admitted_time)
9441 return -EINVAL;
9442 }
9443
9444 wdev_lock(wdev);
9445 switch (wdev->iftype) {
9446 case NL80211_IFTYPE_STATION:
9447 case NL80211_IFTYPE_P2P_CLIENT:
9448 if (wdev->current_bss)
9449 break;
9450 err = -ENOTCONN;
9451 goto out;
9452 default:
9453 err = -EOPNOTSUPP;
9454 goto out;
9455 }
9456
9457 err = rdev_add_tx_ts(rdev, dev, tsid, peer, up, admitted_time);
9458
9459 out:
9460 wdev_unlock(wdev);
9461 return err;
9462 }
9463
9464 static int nl80211_del_tx_ts(struct sk_buff *skb, struct genl_info *info)
9465 {
9466 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9467 struct net_device *dev = info->user_ptr[1];
9468 struct wireless_dev *wdev = dev->ieee80211_ptr;
9469 const u8 *peer;
9470 u8 tsid;
9471 int err;
9472
9473 if (!info->attrs[NL80211_ATTR_TSID] || !info->attrs[NL80211_ATTR_MAC])
9474 return -EINVAL;
9475
9476 tsid = nla_get_u8(info->attrs[NL80211_ATTR_TSID]);
9477 peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
9478
9479 wdev_lock(wdev);
9480 err = rdev_del_tx_ts(rdev, dev, tsid, peer);
9481 wdev_unlock(wdev);
9482
9483 return err;
9484 }
9485
9486 #define NL80211_FLAG_NEED_WIPHY 0x01
9487 #define NL80211_FLAG_NEED_NETDEV 0x02
9488 #define NL80211_FLAG_NEED_RTNL 0x04
9489 #define NL80211_FLAG_CHECK_NETDEV_UP 0x08
9490 #define NL80211_FLAG_NEED_NETDEV_UP (NL80211_FLAG_NEED_NETDEV |\
9491 NL80211_FLAG_CHECK_NETDEV_UP)
9492 #define NL80211_FLAG_NEED_WDEV 0x10
9493 /* If a netdev is associated, it must be UP, P2P must be started */
9494 #define NL80211_FLAG_NEED_WDEV_UP (NL80211_FLAG_NEED_WDEV |\
9495 NL80211_FLAG_CHECK_NETDEV_UP)
9496 #define NL80211_FLAG_CLEAR_SKB 0x20
9497
9498 static int nl80211_pre_doit(const struct genl_ops *ops, struct sk_buff *skb,
9499 struct genl_info *info)
9500 {
9501 struct cfg80211_registered_device *rdev;
9502 struct wireless_dev *wdev;
9503 struct net_device *dev;
9504 bool rtnl = ops->internal_flags & NL80211_FLAG_NEED_RTNL;
9505
9506 if (rtnl)
9507 rtnl_lock();
9508
9509 if (ops->internal_flags & NL80211_FLAG_NEED_WIPHY) {
9510 rdev = cfg80211_get_dev_from_info(genl_info_net(info), info);
9511 if (IS_ERR(rdev)) {
9512 if (rtnl)
9513 rtnl_unlock();
9514 return PTR_ERR(rdev);
9515 }
9516 info->user_ptr[0] = rdev;
9517 } else if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV ||
9518 ops->internal_flags & NL80211_FLAG_NEED_WDEV) {
9519 ASSERT_RTNL();
9520
9521 wdev = __cfg80211_wdev_from_attrs(genl_info_net(info),
9522 info->attrs);
9523 if (IS_ERR(wdev)) {
9524 if (rtnl)
9525 rtnl_unlock();
9526 return PTR_ERR(wdev);
9527 }
9528
9529 dev = wdev->netdev;
9530 rdev = wiphy_to_rdev(wdev->wiphy);
9531
9532 if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV) {
9533 if (!dev) {
9534 if (rtnl)
9535 rtnl_unlock();
9536 return -EINVAL;
9537 }
9538
9539 info->user_ptr[1] = dev;
9540 } else {
9541 info->user_ptr[1] = wdev;
9542 }
9543
9544 if (dev) {
9545 if (ops->internal_flags & NL80211_FLAG_CHECK_NETDEV_UP &&
9546 !netif_running(dev)) {
9547 if (rtnl)
9548 rtnl_unlock();
9549 return -ENETDOWN;
9550 }
9551
9552 dev_hold(dev);
9553 } else if (ops->internal_flags & NL80211_FLAG_CHECK_NETDEV_UP) {
9554 if (!wdev->p2p_started) {
9555 if (rtnl)
9556 rtnl_unlock();
9557 return -ENETDOWN;
9558 }
9559 }
9560
9561 info->user_ptr[0] = rdev;
9562 }
9563
9564 return 0;
9565 }
9566
9567 static void nl80211_post_doit(const struct genl_ops *ops, struct sk_buff *skb,
9568 struct genl_info *info)
9569 {
9570 if (info->user_ptr[1]) {
9571 if (ops->internal_flags & NL80211_FLAG_NEED_WDEV) {
9572 struct wireless_dev *wdev = info->user_ptr[1];
9573
9574 if (wdev->netdev)
9575 dev_put(wdev->netdev);
9576 } else {
9577 dev_put(info->user_ptr[1]);
9578 }
9579 }
9580
9581 if (ops->internal_flags & NL80211_FLAG_NEED_RTNL)
9582 rtnl_unlock();
9583
9584 /* If needed, clear the netlink message payload from the SKB
9585 * as it might contain key data that shouldn't stick around on
9586 * the heap after the SKB is freed. The netlink message header
9587 * is still needed for further processing, so leave it intact.
9588 */
9589 if (ops->internal_flags & NL80211_FLAG_CLEAR_SKB) {
9590 struct nlmsghdr *nlh = nlmsg_hdr(skb);
9591
9592 memset(nlmsg_data(nlh), 0, nlmsg_len(nlh));
9593 }
9594 }
9595
9596 static const struct genl_ops nl80211_ops[] = {
9597 {
9598 .cmd = NL80211_CMD_GET_WIPHY,
9599 .doit = nl80211_get_wiphy,
9600 .dumpit = nl80211_dump_wiphy,
9601 .done = nl80211_dump_wiphy_done,
9602 .policy = nl80211_policy,
9603 /* can be retrieved by unprivileged users */
9604 .internal_flags = NL80211_FLAG_NEED_WIPHY |
9605 NL80211_FLAG_NEED_RTNL,
9606 },
9607 {
9608 .cmd = NL80211_CMD_SET_WIPHY,
9609 .doit = nl80211_set_wiphy,
9610 .policy = nl80211_policy,
9611 .flags = GENL_ADMIN_PERM,
9612 .internal_flags = NL80211_FLAG_NEED_RTNL,
9613 },
9614 {
9615 .cmd = NL80211_CMD_GET_INTERFACE,
9616 .doit = nl80211_get_interface,
9617 .dumpit = nl80211_dump_interface,
9618 .policy = nl80211_policy,
9619 /* can be retrieved by unprivileged users */
9620 .internal_flags = NL80211_FLAG_NEED_WDEV |
9621 NL80211_FLAG_NEED_RTNL,
9622 },
9623 {
9624 .cmd = NL80211_CMD_SET_INTERFACE,
9625 .doit = nl80211_set_interface,
9626 .policy = nl80211_policy,
9627 .flags = GENL_ADMIN_PERM,
9628 .internal_flags = NL80211_FLAG_NEED_NETDEV |
9629 NL80211_FLAG_NEED_RTNL,
9630 },
9631 {
9632 .cmd = NL80211_CMD_NEW_INTERFACE,
9633 .doit = nl80211_new_interface,
9634 .policy = nl80211_policy,
9635 .flags = GENL_ADMIN_PERM,
9636 .internal_flags = NL80211_FLAG_NEED_WIPHY |
9637 NL80211_FLAG_NEED_RTNL,
9638 },
9639 {
9640 .cmd = NL80211_CMD_DEL_INTERFACE,
9641 .doit = nl80211_del_interface,
9642 .policy = nl80211_policy,
9643 .flags = GENL_ADMIN_PERM,
9644 .internal_flags = NL80211_FLAG_NEED_WDEV |
9645 NL80211_FLAG_NEED_RTNL,
9646 },
9647 {
9648 .cmd = NL80211_CMD_GET_KEY,
9649 .doit = nl80211_get_key,
9650 .policy = nl80211_policy,
9651 .flags = GENL_ADMIN_PERM,
9652 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9653 NL80211_FLAG_NEED_RTNL,
9654 },
9655 {
9656 .cmd = NL80211_CMD_SET_KEY,
9657 .doit = nl80211_set_key,
9658 .policy = nl80211_policy,
9659 .flags = GENL_ADMIN_PERM,
9660 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9661 NL80211_FLAG_NEED_RTNL |
9662 NL80211_FLAG_CLEAR_SKB,
9663 },
9664 {
9665 .cmd = NL80211_CMD_NEW_KEY,
9666 .doit = nl80211_new_key,
9667 .policy = nl80211_policy,
9668 .flags = GENL_ADMIN_PERM,
9669 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9670 NL80211_FLAG_NEED_RTNL |
9671 NL80211_FLAG_CLEAR_SKB,
9672 },
9673 {
9674 .cmd = NL80211_CMD_DEL_KEY,
9675 .doit = nl80211_del_key,
9676 .policy = nl80211_policy,
9677 .flags = GENL_ADMIN_PERM,
9678 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9679 NL80211_FLAG_NEED_RTNL,
9680 },
9681 {
9682 .cmd = NL80211_CMD_SET_BEACON,
9683 .policy = nl80211_policy,
9684 .flags = GENL_ADMIN_PERM,
9685 .doit = nl80211_set_beacon,
9686 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9687 NL80211_FLAG_NEED_RTNL,
9688 },
9689 {
9690 .cmd = NL80211_CMD_START_AP,
9691 .policy = nl80211_policy,
9692 .flags = GENL_ADMIN_PERM,
9693 .doit = nl80211_start_ap,
9694 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9695 NL80211_FLAG_NEED_RTNL,
9696 },
9697 {
9698 .cmd = NL80211_CMD_STOP_AP,
9699 .policy = nl80211_policy,
9700 .flags = GENL_ADMIN_PERM,
9701 .doit = nl80211_stop_ap,
9702 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9703 NL80211_FLAG_NEED_RTNL,
9704 },
9705 {
9706 .cmd = NL80211_CMD_GET_STATION,
9707 .doit = nl80211_get_station,
9708 .dumpit = nl80211_dump_station,
9709 .policy = nl80211_policy,
9710 .internal_flags = NL80211_FLAG_NEED_NETDEV |
9711 NL80211_FLAG_NEED_RTNL,
9712 },
9713 {
9714 .cmd = NL80211_CMD_SET_STATION,
9715 .doit = nl80211_set_station,
9716 .policy = nl80211_policy,
9717 .flags = GENL_ADMIN_PERM,
9718 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9719 NL80211_FLAG_NEED_RTNL,
9720 },
9721 {
9722 .cmd = NL80211_CMD_NEW_STATION,
9723 .doit = nl80211_new_station,
9724 .policy = nl80211_policy,
9725 .flags = GENL_ADMIN_PERM,
9726 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9727 NL80211_FLAG_NEED_RTNL,
9728 },
9729 {
9730 .cmd = NL80211_CMD_DEL_STATION,
9731 .doit = nl80211_del_station,
9732 .policy = nl80211_policy,
9733 .flags = GENL_ADMIN_PERM,
9734 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9735 NL80211_FLAG_NEED_RTNL,
9736 },
9737 {
9738 .cmd = NL80211_CMD_GET_MPATH,
9739 .doit = nl80211_get_mpath,
9740 .dumpit = nl80211_dump_mpath,
9741 .policy = nl80211_policy,
9742 .flags = GENL_ADMIN_PERM,
9743 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9744 NL80211_FLAG_NEED_RTNL,
9745 },
9746 {
9747 .cmd = NL80211_CMD_SET_MPATH,
9748 .doit = nl80211_set_mpath,
9749 .policy = nl80211_policy,
9750 .flags = GENL_ADMIN_PERM,
9751 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9752 NL80211_FLAG_NEED_RTNL,
9753 },
9754 {
9755 .cmd = NL80211_CMD_NEW_MPATH,
9756 .doit = nl80211_new_mpath,
9757 .policy = nl80211_policy,
9758 .flags = GENL_ADMIN_PERM,
9759 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9760 NL80211_FLAG_NEED_RTNL,
9761 },
9762 {
9763 .cmd = NL80211_CMD_DEL_MPATH,
9764 .doit = nl80211_del_mpath,
9765 .policy = nl80211_policy,
9766 .flags = GENL_ADMIN_PERM,
9767 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9768 NL80211_FLAG_NEED_RTNL,
9769 },
9770 {
9771 .cmd = NL80211_CMD_SET_BSS,
9772 .doit = nl80211_set_bss,
9773 .policy = nl80211_policy,
9774 .flags = GENL_ADMIN_PERM,
9775 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9776 NL80211_FLAG_NEED_RTNL,
9777 },
9778 {
9779 .cmd = NL80211_CMD_GET_REG,
9780 .doit = nl80211_get_reg,
9781 .policy = nl80211_policy,
9782 .internal_flags = NL80211_FLAG_NEED_RTNL,
9783 /* can be retrieved by unprivileged users */
9784 },
9785 {
9786 .cmd = NL80211_CMD_SET_REG,
9787 .doit = nl80211_set_reg,
9788 .policy = nl80211_policy,
9789 .flags = GENL_ADMIN_PERM,
9790 .internal_flags = NL80211_FLAG_NEED_RTNL,
9791 },
9792 {
9793 .cmd = NL80211_CMD_REQ_SET_REG,
9794 .doit = nl80211_req_set_reg,
9795 .policy = nl80211_policy,
9796 .flags = GENL_ADMIN_PERM,
9797 },
9798 {
9799 .cmd = NL80211_CMD_GET_MESH_CONFIG,
9800 .doit = nl80211_get_mesh_config,
9801 .policy = nl80211_policy,
9802 /* can be retrieved by unprivileged users */
9803 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9804 NL80211_FLAG_NEED_RTNL,
9805 },
9806 {
9807 .cmd = NL80211_CMD_SET_MESH_CONFIG,
9808 .doit = nl80211_update_mesh_config,
9809 .policy = nl80211_policy,
9810 .flags = GENL_ADMIN_PERM,
9811 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9812 NL80211_FLAG_NEED_RTNL,
9813 },
9814 {
9815 .cmd = NL80211_CMD_TRIGGER_SCAN,
9816 .doit = nl80211_trigger_scan,
9817 .policy = nl80211_policy,
9818 .flags = GENL_ADMIN_PERM,
9819 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
9820 NL80211_FLAG_NEED_RTNL,
9821 },
9822 {
9823 .cmd = NL80211_CMD_GET_SCAN,
9824 .policy = nl80211_policy,
9825 .dumpit = nl80211_dump_scan,
9826 },
9827 {
9828 .cmd = NL80211_CMD_START_SCHED_SCAN,
9829 .doit = nl80211_start_sched_scan,
9830 .policy = nl80211_policy,
9831 .flags = GENL_ADMIN_PERM,
9832 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9833 NL80211_FLAG_NEED_RTNL,
9834 },
9835 {
9836 .cmd = NL80211_CMD_STOP_SCHED_SCAN,
9837 .doit = nl80211_stop_sched_scan,
9838 .policy = nl80211_policy,
9839 .flags = GENL_ADMIN_PERM,
9840 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9841 NL80211_FLAG_NEED_RTNL,
9842 },
9843 {
9844 .cmd = NL80211_CMD_AUTHENTICATE,
9845 .doit = nl80211_authenticate,
9846 .policy = nl80211_policy,
9847 .flags = GENL_ADMIN_PERM,
9848 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9849 NL80211_FLAG_NEED_RTNL |
9850 NL80211_FLAG_CLEAR_SKB,
9851 },
9852 {
9853 .cmd = NL80211_CMD_ASSOCIATE,
9854 .doit = nl80211_associate,
9855 .policy = nl80211_policy,
9856 .flags = GENL_ADMIN_PERM,
9857 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9858 NL80211_FLAG_NEED_RTNL,
9859 },
9860 {
9861 .cmd = NL80211_CMD_DEAUTHENTICATE,
9862 .doit = nl80211_deauthenticate,
9863 .policy = nl80211_policy,
9864 .flags = GENL_ADMIN_PERM,
9865 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9866 NL80211_FLAG_NEED_RTNL,
9867 },
9868 {
9869 .cmd = NL80211_CMD_DISASSOCIATE,
9870 .doit = nl80211_disassociate,
9871 .policy = nl80211_policy,
9872 .flags = GENL_ADMIN_PERM,
9873 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9874 NL80211_FLAG_NEED_RTNL,
9875 },
9876 {
9877 .cmd = NL80211_CMD_JOIN_IBSS,
9878 .doit = nl80211_join_ibss,
9879 .policy = nl80211_policy,
9880 .flags = GENL_ADMIN_PERM,
9881 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9882 NL80211_FLAG_NEED_RTNL,
9883 },
9884 {
9885 .cmd = NL80211_CMD_LEAVE_IBSS,
9886 .doit = nl80211_leave_ibss,
9887 .policy = nl80211_policy,
9888 .flags = GENL_ADMIN_PERM,
9889 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9890 NL80211_FLAG_NEED_RTNL,
9891 },
9892 #ifdef CONFIG_NL80211_TESTMODE
9893 {
9894 .cmd = NL80211_CMD_TESTMODE,
9895 .doit = nl80211_testmode_do,
9896 .dumpit = nl80211_testmode_dump,
9897 .policy = nl80211_policy,
9898 .flags = GENL_ADMIN_PERM,
9899 .internal_flags = NL80211_FLAG_NEED_WIPHY |
9900 NL80211_FLAG_NEED_RTNL,
9901 },
9902 #endif
9903 {
9904 .cmd = NL80211_CMD_CONNECT,
9905 .doit = nl80211_connect,
9906 .policy = nl80211_policy,
9907 .flags = GENL_ADMIN_PERM,
9908 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9909 NL80211_FLAG_NEED_RTNL,
9910 },
9911 {
9912 .cmd = NL80211_CMD_DISCONNECT,
9913 .doit = nl80211_disconnect,
9914 .policy = nl80211_policy,
9915 .flags = GENL_ADMIN_PERM,
9916 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9917 NL80211_FLAG_NEED_RTNL,
9918 },
9919 {
9920 .cmd = NL80211_CMD_SET_WIPHY_NETNS,
9921 .doit = nl80211_wiphy_netns,
9922 .policy = nl80211_policy,
9923 .flags = GENL_ADMIN_PERM,
9924 .internal_flags = NL80211_FLAG_NEED_WIPHY |
9925 NL80211_FLAG_NEED_RTNL,
9926 },
9927 {
9928 .cmd = NL80211_CMD_GET_SURVEY,
9929 .policy = nl80211_policy,
9930 .dumpit = nl80211_dump_survey,
9931 },
9932 {
9933 .cmd = NL80211_CMD_SET_PMKSA,
9934 .doit = nl80211_setdel_pmksa,
9935 .policy = nl80211_policy,
9936 .flags = GENL_ADMIN_PERM,
9937 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9938 NL80211_FLAG_NEED_RTNL,
9939 },
9940 {
9941 .cmd = NL80211_CMD_DEL_PMKSA,
9942 .doit = nl80211_setdel_pmksa,
9943 .policy = nl80211_policy,
9944 .flags = GENL_ADMIN_PERM,
9945 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9946 NL80211_FLAG_NEED_RTNL,
9947 },
9948 {
9949 .cmd = NL80211_CMD_FLUSH_PMKSA,
9950 .doit = nl80211_flush_pmksa,
9951 .policy = nl80211_policy,
9952 .flags = GENL_ADMIN_PERM,
9953 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9954 NL80211_FLAG_NEED_RTNL,
9955 },
9956 {
9957 .cmd = NL80211_CMD_REMAIN_ON_CHANNEL,
9958 .doit = nl80211_remain_on_channel,
9959 .policy = nl80211_policy,
9960 .flags = GENL_ADMIN_PERM,
9961 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
9962 NL80211_FLAG_NEED_RTNL,
9963 },
9964 {
9965 .cmd = NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
9966 .doit = nl80211_cancel_remain_on_channel,
9967 .policy = nl80211_policy,
9968 .flags = GENL_ADMIN_PERM,
9969 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
9970 NL80211_FLAG_NEED_RTNL,
9971 },
9972 {
9973 .cmd = NL80211_CMD_SET_TX_BITRATE_MASK,
9974 .doit = nl80211_set_tx_bitrate_mask,
9975 .policy = nl80211_policy,
9976 .flags = GENL_ADMIN_PERM,
9977 .internal_flags = NL80211_FLAG_NEED_NETDEV |
9978 NL80211_FLAG_NEED_RTNL,
9979 },
9980 {
9981 .cmd = NL80211_CMD_REGISTER_FRAME,
9982 .doit = nl80211_register_mgmt,
9983 .policy = nl80211_policy,
9984 .flags = GENL_ADMIN_PERM,
9985 .internal_flags = NL80211_FLAG_NEED_WDEV |
9986 NL80211_FLAG_NEED_RTNL,
9987 },
9988 {
9989 .cmd = NL80211_CMD_FRAME,
9990 .doit = nl80211_tx_mgmt,
9991 .policy = nl80211_policy,
9992 .flags = GENL_ADMIN_PERM,
9993 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
9994 NL80211_FLAG_NEED_RTNL,
9995 },
9996 {
9997 .cmd = NL80211_CMD_FRAME_WAIT_CANCEL,
9998 .doit = nl80211_tx_mgmt_cancel_wait,
9999 .policy = nl80211_policy,
10000 .flags = GENL_ADMIN_PERM,
10001 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
10002 NL80211_FLAG_NEED_RTNL,
10003 },
10004 {
10005 .cmd = NL80211_CMD_SET_POWER_SAVE,
10006 .doit = nl80211_set_power_save,
10007 .policy = nl80211_policy,
10008 .flags = GENL_ADMIN_PERM,
10009 .internal_flags = NL80211_FLAG_NEED_NETDEV |
10010 NL80211_FLAG_NEED_RTNL,
10011 },
10012 {
10013 .cmd = NL80211_CMD_GET_POWER_SAVE,
10014 .doit = nl80211_get_power_save,
10015 .policy = nl80211_policy,
10016 /* can be retrieved by unprivileged users */
10017 .internal_flags = NL80211_FLAG_NEED_NETDEV |
10018 NL80211_FLAG_NEED_RTNL,
10019 },
10020 {
10021 .cmd = NL80211_CMD_SET_CQM,
10022 .doit = nl80211_set_cqm,
10023 .policy = nl80211_policy,
10024 .flags = GENL_ADMIN_PERM,
10025 .internal_flags = NL80211_FLAG_NEED_NETDEV |
10026 NL80211_FLAG_NEED_RTNL,
10027 },
10028 {
10029 .cmd = NL80211_CMD_SET_CHANNEL,
10030 .doit = nl80211_set_channel,
10031 .policy = nl80211_policy,
10032 .flags = GENL_ADMIN_PERM,
10033 .internal_flags = NL80211_FLAG_NEED_NETDEV |
10034 NL80211_FLAG_NEED_RTNL,
10035 },
10036 {
10037 .cmd = NL80211_CMD_SET_WDS_PEER,
10038 .doit = nl80211_set_wds_peer,
10039 .policy = nl80211_policy,
10040 .flags = GENL_ADMIN_PERM,
10041 .internal_flags = NL80211_FLAG_NEED_NETDEV |
10042 NL80211_FLAG_NEED_RTNL,
10043 },
10044 {
10045 .cmd = NL80211_CMD_JOIN_MESH,
10046 .doit = nl80211_join_mesh,
10047 .policy = nl80211_policy,
10048 .flags = GENL_ADMIN_PERM,
10049 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10050 NL80211_FLAG_NEED_RTNL,
10051 },
10052 {
10053 .cmd = NL80211_CMD_LEAVE_MESH,
10054 .doit = nl80211_leave_mesh,
10055 .policy = nl80211_policy,
10056 .flags = GENL_ADMIN_PERM,
10057 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10058 NL80211_FLAG_NEED_RTNL,
10059 },
10060 #ifdef CONFIG_PM
10061 {
10062 .cmd = NL80211_CMD_GET_WOWLAN,
10063 .doit = nl80211_get_wowlan,
10064 .policy = nl80211_policy,
10065 /* can be retrieved by unprivileged users */
10066 .internal_flags = NL80211_FLAG_NEED_WIPHY |
10067 NL80211_FLAG_NEED_RTNL,
10068 },
10069 {
10070 .cmd = NL80211_CMD_SET_WOWLAN,
10071 .doit = nl80211_set_wowlan,
10072 .policy = nl80211_policy,
10073 .flags = GENL_ADMIN_PERM,
10074 .internal_flags = NL80211_FLAG_NEED_WIPHY |
10075 NL80211_FLAG_NEED_RTNL,
10076 },
10077 #endif
10078 {
10079 .cmd = NL80211_CMD_SET_REKEY_OFFLOAD,
10080 .doit = nl80211_set_rekey_data,
10081 .policy = nl80211_policy,
10082 .flags = GENL_ADMIN_PERM,
10083 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10084 NL80211_FLAG_NEED_RTNL |
10085 NL80211_FLAG_CLEAR_SKB,
10086 },
10087 {
10088 .cmd = NL80211_CMD_TDLS_MGMT,
10089 .doit = nl80211_tdls_mgmt,
10090 .policy = nl80211_policy,
10091 .flags = GENL_ADMIN_PERM,
10092 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10093 NL80211_FLAG_NEED_RTNL,
10094 },
10095 {
10096 .cmd = NL80211_CMD_TDLS_OPER,
10097 .doit = nl80211_tdls_oper,
10098 .policy = nl80211_policy,
10099 .flags = GENL_ADMIN_PERM,
10100 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10101 NL80211_FLAG_NEED_RTNL,
10102 },
10103 {
10104 .cmd = NL80211_CMD_UNEXPECTED_FRAME,
10105 .doit = nl80211_register_unexpected_frame,
10106 .policy = nl80211_policy,
10107 .flags = GENL_ADMIN_PERM,
10108 .internal_flags = NL80211_FLAG_NEED_NETDEV |
10109 NL80211_FLAG_NEED_RTNL,
10110 },
10111 {
10112 .cmd = NL80211_CMD_PROBE_CLIENT,
10113 .doit = nl80211_probe_client,
10114 .policy = nl80211_policy,
10115 .flags = GENL_ADMIN_PERM,
10116 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10117 NL80211_FLAG_NEED_RTNL,
10118 },
10119 {
10120 .cmd = NL80211_CMD_REGISTER_BEACONS,
10121 .doit = nl80211_register_beacons,
10122 .policy = nl80211_policy,
10123 .flags = GENL_ADMIN_PERM,
10124 .internal_flags = NL80211_FLAG_NEED_WIPHY |
10125 NL80211_FLAG_NEED_RTNL,
10126 },
10127 {
10128 .cmd = NL80211_CMD_SET_NOACK_MAP,
10129 .doit = nl80211_set_noack_map,
10130 .policy = nl80211_policy,
10131 .flags = GENL_ADMIN_PERM,
10132 .internal_flags = NL80211_FLAG_NEED_NETDEV |
10133 NL80211_FLAG_NEED_RTNL,
10134 },
10135 {
10136 .cmd = NL80211_CMD_START_P2P_DEVICE,
10137 .doit = nl80211_start_p2p_device,
10138 .policy = nl80211_policy,
10139 .flags = GENL_ADMIN_PERM,
10140 .internal_flags = NL80211_FLAG_NEED_WDEV |
10141 NL80211_FLAG_NEED_RTNL,
10142 },
10143 {
10144 .cmd = NL80211_CMD_STOP_P2P_DEVICE,
10145 .doit = nl80211_stop_p2p_device,
10146 .policy = nl80211_policy,
10147 .flags = GENL_ADMIN_PERM,
10148 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
10149 NL80211_FLAG_NEED_RTNL,
10150 },
10151 {
10152 .cmd = NL80211_CMD_SET_MCAST_RATE,
10153 .doit = nl80211_set_mcast_rate,
10154 .policy = nl80211_policy,
10155 .flags = GENL_ADMIN_PERM,
10156 .internal_flags = NL80211_FLAG_NEED_NETDEV |
10157 NL80211_FLAG_NEED_RTNL,
10158 },
10159 {
10160 .cmd = NL80211_CMD_SET_MAC_ACL,
10161 .doit = nl80211_set_mac_acl,
10162 .policy = nl80211_policy,
10163 .flags = GENL_ADMIN_PERM,
10164 .internal_flags = NL80211_FLAG_NEED_NETDEV |
10165 NL80211_FLAG_NEED_RTNL,
10166 },
10167 {
10168 .cmd = NL80211_CMD_RADAR_DETECT,
10169 .doit = nl80211_start_radar_detection,
10170 .policy = nl80211_policy,
10171 .flags = GENL_ADMIN_PERM,
10172 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10173 NL80211_FLAG_NEED_RTNL,
10174 },
10175 {
10176 .cmd = NL80211_CMD_GET_PROTOCOL_FEATURES,
10177 .doit = nl80211_get_protocol_features,
10178 .policy = nl80211_policy,
10179 },
10180 {
10181 .cmd = NL80211_CMD_UPDATE_FT_IES,
10182 .doit = nl80211_update_ft_ies,
10183 .policy = nl80211_policy,
10184 .flags = GENL_ADMIN_PERM,
10185 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10186 NL80211_FLAG_NEED_RTNL,
10187 },
10188 {
10189 .cmd = NL80211_CMD_CRIT_PROTOCOL_START,
10190 .doit = nl80211_crit_protocol_start,
10191 .policy = nl80211_policy,
10192 .flags = GENL_ADMIN_PERM,
10193 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
10194 NL80211_FLAG_NEED_RTNL,
10195 },
10196 {
10197 .cmd = NL80211_CMD_CRIT_PROTOCOL_STOP,
10198 .doit = nl80211_crit_protocol_stop,
10199 .policy = nl80211_policy,
10200 .flags = GENL_ADMIN_PERM,
10201 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
10202 NL80211_FLAG_NEED_RTNL,
10203 },
10204 {
10205 .cmd = NL80211_CMD_GET_COALESCE,
10206 .doit = nl80211_get_coalesce,
10207 .policy = nl80211_policy,
10208 .internal_flags = NL80211_FLAG_NEED_WIPHY |
10209 NL80211_FLAG_NEED_RTNL,
10210 },
10211 {
10212 .cmd = NL80211_CMD_SET_COALESCE,
10213 .doit = nl80211_set_coalesce,
10214 .policy = nl80211_policy,
10215 .flags = GENL_ADMIN_PERM,
10216 .internal_flags = NL80211_FLAG_NEED_WIPHY |
10217 NL80211_FLAG_NEED_RTNL,
10218 },
10219 {
10220 .cmd = NL80211_CMD_CHANNEL_SWITCH,
10221 .doit = nl80211_channel_switch,
10222 .policy = nl80211_policy,
10223 .flags = GENL_ADMIN_PERM,
10224 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10225 NL80211_FLAG_NEED_RTNL,
10226 },
10227 {
10228 .cmd = NL80211_CMD_VENDOR,
10229 .doit = nl80211_vendor_cmd,
10230 .policy = nl80211_policy,
10231 .flags = GENL_ADMIN_PERM,
10232 .internal_flags = NL80211_FLAG_NEED_WIPHY |
10233 NL80211_FLAG_NEED_RTNL,
10234 },
10235 {
10236 .cmd = NL80211_CMD_SET_QOS_MAP,
10237 .doit = nl80211_set_qos_map,
10238 .policy = nl80211_policy,
10239 .flags = GENL_ADMIN_PERM,
10240 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10241 NL80211_FLAG_NEED_RTNL,
10242 },
10243 {
10244 .cmd = NL80211_CMD_ADD_TX_TS,
10245 .doit = nl80211_add_tx_ts,
10246 .policy = nl80211_policy,
10247 .flags = GENL_ADMIN_PERM,
10248 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10249 NL80211_FLAG_NEED_RTNL,
10250 },
10251 {
10252 .cmd = NL80211_CMD_DEL_TX_TS,
10253 .doit = nl80211_del_tx_ts,
10254 .policy = nl80211_policy,
10255 .flags = GENL_ADMIN_PERM,
10256 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10257 NL80211_FLAG_NEED_RTNL,
10258 },
10259 };
10260
10261 /* notification functions */
10262
10263 void nl80211_notify_wiphy(struct cfg80211_registered_device *rdev,
10264 enum nl80211_commands cmd)
10265 {
10266 struct sk_buff *msg;
10267 struct nl80211_dump_wiphy_state state = {};
10268
10269 WARN_ON(cmd != NL80211_CMD_NEW_WIPHY &&
10270 cmd != NL80211_CMD_DEL_WIPHY);
10271
10272 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
10273 if (!msg)
10274 return;
10275
10276 if (nl80211_send_wiphy(rdev, cmd, msg, 0, 0, 0, &state) < 0) {
10277 nlmsg_free(msg);
10278 return;
10279 }
10280
10281 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10282 NL80211_MCGRP_CONFIG, GFP_KERNEL);
10283 }
10284
10285 static int nl80211_add_scan_req(struct sk_buff *msg,
10286 struct cfg80211_registered_device *rdev)
10287 {
10288 struct cfg80211_scan_request *req = rdev->scan_req;
10289 struct nlattr *nest;
10290 int i;
10291
10292 if (WARN_ON(!req))
10293 return 0;
10294
10295 nest = nla_nest_start(msg, NL80211_ATTR_SCAN_SSIDS);
10296 if (!nest)
10297 goto nla_put_failure;
10298 for (i = 0; i < req->n_ssids; i++) {
10299 if (nla_put(msg, i, req->ssids[i].ssid_len, req->ssids[i].ssid))
10300 goto nla_put_failure;
10301 }
10302 nla_nest_end(msg, nest);
10303
10304 nest = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQUENCIES);
10305 if (!nest)
10306 goto nla_put_failure;
10307 for (i = 0; i < req->n_channels; i++) {
10308 if (nla_put_u32(msg, i, req->channels[i]->center_freq))
10309 goto nla_put_failure;
10310 }
10311 nla_nest_end(msg, nest);
10312
10313 if (req->ie &&
10314 nla_put(msg, NL80211_ATTR_IE, req->ie_len, req->ie))
10315 goto nla_put_failure;
10316
10317 if (req->flags &&
10318 nla_put_u32(msg, NL80211_ATTR_SCAN_FLAGS, req->flags))
10319 goto nla_put_failure;
10320
10321 return 0;
10322 nla_put_failure:
10323 return -ENOBUFS;
10324 }
10325
10326 static int nl80211_send_scan_msg(struct sk_buff *msg,
10327 struct cfg80211_registered_device *rdev,
10328 struct wireless_dev *wdev,
10329 u32 portid, u32 seq, int flags,
10330 u32 cmd)
10331 {
10332 void *hdr;
10333
10334 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
10335 if (!hdr)
10336 return -1;
10337
10338 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10339 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
10340 wdev->netdev->ifindex)) ||
10341 nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
10342 goto nla_put_failure;
10343
10344 /* ignore errors and send incomplete event anyway */
10345 nl80211_add_scan_req(msg, rdev);
10346
10347 return genlmsg_end(msg, hdr);
10348
10349 nla_put_failure:
10350 genlmsg_cancel(msg, hdr);
10351 return -EMSGSIZE;
10352 }
10353
10354 static int
10355 nl80211_send_sched_scan_msg(struct sk_buff *msg,
10356 struct cfg80211_registered_device *rdev,
10357 struct net_device *netdev,
10358 u32 portid, u32 seq, int flags, u32 cmd)
10359 {
10360 void *hdr;
10361
10362 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
10363 if (!hdr)
10364 return -1;
10365
10366 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10367 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
10368 goto nla_put_failure;
10369
10370 return genlmsg_end(msg, hdr);
10371
10372 nla_put_failure:
10373 genlmsg_cancel(msg, hdr);
10374 return -EMSGSIZE;
10375 }
10376
10377 void nl80211_send_scan_start(struct cfg80211_registered_device *rdev,
10378 struct wireless_dev *wdev)
10379 {
10380 struct sk_buff *msg;
10381
10382 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
10383 if (!msg)
10384 return;
10385
10386 if (nl80211_send_scan_msg(msg, rdev, wdev, 0, 0, 0,
10387 NL80211_CMD_TRIGGER_SCAN) < 0) {
10388 nlmsg_free(msg);
10389 return;
10390 }
10391
10392 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10393 NL80211_MCGRP_SCAN, GFP_KERNEL);
10394 }
10395
10396 struct sk_buff *nl80211_build_scan_msg(struct cfg80211_registered_device *rdev,
10397 struct wireless_dev *wdev, bool aborted)
10398 {
10399 struct sk_buff *msg;
10400
10401 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
10402 if (!msg)
10403 return NULL;
10404
10405 if (nl80211_send_scan_msg(msg, rdev, wdev, 0, 0, 0,
10406 aborted ? NL80211_CMD_SCAN_ABORTED :
10407 NL80211_CMD_NEW_SCAN_RESULTS) < 0) {
10408 nlmsg_free(msg);
10409 return NULL;
10410 }
10411
10412 return msg;
10413 }
10414
10415 void nl80211_send_scan_result(struct cfg80211_registered_device *rdev,
10416 struct sk_buff *msg)
10417 {
10418 if (!msg)
10419 return;
10420
10421 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10422 NL80211_MCGRP_SCAN, GFP_KERNEL);
10423 }
10424
10425 void nl80211_send_sched_scan_results(struct cfg80211_registered_device *rdev,
10426 struct net_device *netdev)
10427 {
10428 struct sk_buff *msg;
10429
10430 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
10431 if (!msg)
10432 return;
10433
10434 if (nl80211_send_sched_scan_msg(msg, rdev, netdev, 0, 0, 0,
10435 NL80211_CMD_SCHED_SCAN_RESULTS) < 0) {
10436 nlmsg_free(msg);
10437 return;
10438 }
10439
10440 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10441 NL80211_MCGRP_SCAN, GFP_KERNEL);
10442 }
10443
10444 void nl80211_send_sched_scan(struct cfg80211_registered_device *rdev,
10445 struct net_device *netdev, u32 cmd)
10446 {
10447 struct sk_buff *msg;
10448
10449 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
10450 if (!msg)
10451 return;
10452
10453 if (nl80211_send_sched_scan_msg(msg, rdev, netdev, 0, 0, 0, cmd) < 0) {
10454 nlmsg_free(msg);
10455 return;
10456 }
10457
10458 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10459 NL80211_MCGRP_SCAN, GFP_KERNEL);
10460 }
10461
10462 /*
10463 * This can happen on global regulatory changes or device specific settings
10464 * based on custom world regulatory domains.
10465 */
10466 void nl80211_send_reg_change_event(struct regulatory_request *request)
10467 {
10468 struct sk_buff *msg;
10469 void *hdr;
10470
10471 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
10472 if (!msg)
10473 return;
10474
10475 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_CHANGE);
10476 if (!hdr) {
10477 nlmsg_free(msg);
10478 return;
10479 }
10480
10481 /* Userspace can always count this one always being set */
10482 if (nla_put_u8(msg, NL80211_ATTR_REG_INITIATOR, request->initiator))
10483 goto nla_put_failure;
10484
10485 if (request->alpha2[0] == '0' && request->alpha2[1] == '0') {
10486 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
10487 NL80211_REGDOM_TYPE_WORLD))
10488 goto nla_put_failure;
10489 } else if (request->alpha2[0] == '9' && request->alpha2[1] == '9') {
10490 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
10491 NL80211_REGDOM_TYPE_CUSTOM_WORLD))
10492 goto nla_put_failure;
10493 } else if ((request->alpha2[0] == '9' && request->alpha2[1] == '8') ||
10494 request->intersect) {
10495 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
10496 NL80211_REGDOM_TYPE_INTERSECTION))
10497 goto nla_put_failure;
10498 } else {
10499 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
10500 NL80211_REGDOM_TYPE_COUNTRY) ||
10501 nla_put_string(msg, NL80211_ATTR_REG_ALPHA2,
10502 request->alpha2))
10503 goto nla_put_failure;
10504 }
10505
10506 if (request->wiphy_idx != WIPHY_IDX_INVALID &&
10507 nla_put_u32(msg, NL80211_ATTR_WIPHY, request->wiphy_idx))
10508 goto nla_put_failure;
10509
10510 genlmsg_end(msg, hdr);
10511
10512 rcu_read_lock();
10513 genlmsg_multicast_allns(&nl80211_fam, msg, 0,
10514 NL80211_MCGRP_REGULATORY, GFP_ATOMIC);
10515 rcu_read_unlock();
10516
10517 return;
10518
10519 nla_put_failure:
10520 genlmsg_cancel(msg, hdr);
10521 nlmsg_free(msg);
10522 }
10523
10524 static void nl80211_send_mlme_event(struct cfg80211_registered_device *rdev,
10525 struct net_device *netdev,
10526 const u8 *buf, size_t len,
10527 enum nl80211_commands cmd, gfp_t gfp)
10528 {
10529 struct sk_buff *msg;
10530 void *hdr;
10531
10532 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10533 if (!msg)
10534 return;
10535
10536 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
10537 if (!hdr) {
10538 nlmsg_free(msg);
10539 return;
10540 }
10541
10542 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10543 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
10544 nla_put(msg, NL80211_ATTR_FRAME, len, buf))
10545 goto nla_put_failure;
10546
10547 genlmsg_end(msg, hdr);
10548
10549 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10550 NL80211_MCGRP_MLME, gfp);
10551 return;
10552
10553 nla_put_failure:
10554 genlmsg_cancel(msg, hdr);
10555 nlmsg_free(msg);
10556 }
10557
10558 void nl80211_send_rx_auth(struct cfg80211_registered_device *rdev,
10559 struct net_device *netdev, const u8 *buf,
10560 size_t len, gfp_t gfp)
10561 {
10562 nl80211_send_mlme_event(rdev, netdev, buf, len,
10563 NL80211_CMD_AUTHENTICATE, gfp);
10564 }
10565
10566 void nl80211_send_rx_assoc(struct cfg80211_registered_device *rdev,
10567 struct net_device *netdev, const u8 *buf,
10568 size_t len, gfp_t gfp)
10569 {
10570 nl80211_send_mlme_event(rdev, netdev, buf, len,
10571 NL80211_CMD_ASSOCIATE, gfp);
10572 }
10573
10574 void nl80211_send_deauth(struct cfg80211_registered_device *rdev,
10575 struct net_device *netdev, const u8 *buf,
10576 size_t len, gfp_t gfp)
10577 {
10578 nl80211_send_mlme_event(rdev, netdev, buf, len,
10579 NL80211_CMD_DEAUTHENTICATE, gfp);
10580 }
10581
10582 void nl80211_send_disassoc(struct cfg80211_registered_device *rdev,
10583 struct net_device *netdev, const u8 *buf,
10584 size_t len, gfp_t gfp)
10585 {
10586 nl80211_send_mlme_event(rdev, netdev, buf, len,
10587 NL80211_CMD_DISASSOCIATE, gfp);
10588 }
10589
10590 void cfg80211_rx_unprot_mlme_mgmt(struct net_device *dev, const u8 *buf,
10591 size_t len)
10592 {
10593 struct wireless_dev *wdev = dev->ieee80211_ptr;
10594 struct wiphy *wiphy = wdev->wiphy;
10595 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
10596 const struct ieee80211_mgmt *mgmt = (void *)buf;
10597 u32 cmd;
10598
10599 if (WARN_ON(len < 2))
10600 return;
10601
10602 if (ieee80211_is_deauth(mgmt->frame_control))
10603 cmd = NL80211_CMD_UNPROT_DEAUTHENTICATE;
10604 else
10605 cmd = NL80211_CMD_UNPROT_DISASSOCIATE;
10606
10607 trace_cfg80211_rx_unprot_mlme_mgmt(dev, buf, len);
10608 nl80211_send_mlme_event(rdev, dev, buf, len, cmd, GFP_ATOMIC);
10609 }
10610 EXPORT_SYMBOL(cfg80211_rx_unprot_mlme_mgmt);
10611
10612 static void nl80211_send_mlme_timeout(struct cfg80211_registered_device *rdev,
10613 struct net_device *netdev, int cmd,
10614 const u8 *addr, gfp_t gfp)
10615 {
10616 struct sk_buff *msg;
10617 void *hdr;
10618
10619 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10620 if (!msg)
10621 return;
10622
10623 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
10624 if (!hdr) {
10625 nlmsg_free(msg);
10626 return;
10627 }
10628
10629 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10630 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
10631 nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) ||
10632 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
10633 goto nla_put_failure;
10634
10635 genlmsg_end(msg, hdr);
10636
10637 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10638 NL80211_MCGRP_MLME, gfp);
10639 return;
10640
10641 nla_put_failure:
10642 genlmsg_cancel(msg, hdr);
10643 nlmsg_free(msg);
10644 }
10645
10646 void nl80211_send_auth_timeout(struct cfg80211_registered_device *rdev,
10647 struct net_device *netdev, const u8 *addr,
10648 gfp_t gfp)
10649 {
10650 nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_AUTHENTICATE,
10651 addr, gfp);
10652 }
10653
10654 void nl80211_send_assoc_timeout(struct cfg80211_registered_device *rdev,
10655 struct net_device *netdev, const u8 *addr,
10656 gfp_t gfp)
10657 {
10658 nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_ASSOCIATE,
10659 addr, gfp);
10660 }
10661
10662 void nl80211_send_connect_result(struct cfg80211_registered_device *rdev,
10663 struct net_device *netdev, const u8 *bssid,
10664 const u8 *req_ie, size_t req_ie_len,
10665 const u8 *resp_ie, size_t resp_ie_len,
10666 u16 status, gfp_t gfp)
10667 {
10668 struct sk_buff *msg;
10669 void *hdr;
10670
10671 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10672 if (!msg)
10673 return;
10674
10675 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONNECT);
10676 if (!hdr) {
10677 nlmsg_free(msg);
10678 return;
10679 }
10680
10681 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10682 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
10683 (bssid && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid)) ||
10684 nla_put_u16(msg, NL80211_ATTR_STATUS_CODE, status) ||
10685 (req_ie &&
10686 nla_put(msg, NL80211_ATTR_REQ_IE, req_ie_len, req_ie)) ||
10687 (resp_ie &&
10688 nla_put(msg, NL80211_ATTR_RESP_IE, resp_ie_len, resp_ie)))
10689 goto nla_put_failure;
10690
10691 genlmsg_end(msg, hdr);
10692
10693 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10694 NL80211_MCGRP_MLME, gfp);
10695 return;
10696
10697 nla_put_failure:
10698 genlmsg_cancel(msg, hdr);
10699 nlmsg_free(msg);
10700
10701 }
10702
10703 void nl80211_send_roamed(struct cfg80211_registered_device *rdev,
10704 struct net_device *netdev, const u8 *bssid,
10705 const u8 *req_ie, size_t req_ie_len,
10706 const u8 *resp_ie, size_t resp_ie_len, gfp_t gfp)
10707 {
10708 struct sk_buff *msg;
10709 void *hdr;
10710
10711 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10712 if (!msg)
10713 return;
10714
10715 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ROAM);
10716 if (!hdr) {
10717 nlmsg_free(msg);
10718 return;
10719 }
10720
10721 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10722 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
10723 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid) ||
10724 (req_ie &&
10725 nla_put(msg, NL80211_ATTR_REQ_IE, req_ie_len, req_ie)) ||
10726 (resp_ie &&
10727 nla_put(msg, NL80211_ATTR_RESP_IE, resp_ie_len, resp_ie)))
10728 goto nla_put_failure;
10729
10730 genlmsg_end(msg, hdr);
10731
10732 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10733 NL80211_MCGRP_MLME, gfp);
10734 return;
10735
10736 nla_put_failure:
10737 genlmsg_cancel(msg, hdr);
10738 nlmsg_free(msg);
10739
10740 }
10741
10742 void nl80211_send_disconnected(struct cfg80211_registered_device *rdev,
10743 struct net_device *netdev, u16 reason,
10744 const u8 *ie, size_t ie_len, bool from_ap)
10745 {
10746 struct sk_buff *msg;
10747 void *hdr;
10748
10749 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
10750 if (!msg)
10751 return;
10752
10753 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DISCONNECT);
10754 if (!hdr) {
10755 nlmsg_free(msg);
10756 return;
10757 }
10758
10759 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10760 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
10761 (from_ap && reason &&
10762 nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason)) ||
10763 (from_ap &&
10764 nla_put_flag(msg, NL80211_ATTR_DISCONNECTED_BY_AP)) ||
10765 (ie && nla_put(msg, NL80211_ATTR_IE, ie_len, ie)))
10766 goto nla_put_failure;
10767
10768 genlmsg_end(msg, hdr);
10769
10770 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10771 NL80211_MCGRP_MLME, GFP_KERNEL);
10772 return;
10773
10774 nla_put_failure:
10775 genlmsg_cancel(msg, hdr);
10776 nlmsg_free(msg);
10777
10778 }
10779
10780 void nl80211_send_ibss_bssid(struct cfg80211_registered_device *rdev,
10781 struct net_device *netdev, const u8 *bssid,
10782 gfp_t gfp)
10783 {
10784 struct sk_buff *msg;
10785 void *hdr;
10786
10787 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10788 if (!msg)
10789 return;
10790
10791 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_JOIN_IBSS);
10792 if (!hdr) {
10793 nlmsg_free(msg);
10794 return;
10795 }
10796
10797 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10798 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
10799 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
10800 goto nla_put_failure;
10801
10802 genlmsg_end(msg, hdr);
10803
10804 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10805 NL80211_MCGRP_MLME, gfp);
10806 return;
10807
10808 nla_put_failure:
10809 genlmsg_cancel(msg, hdr);
10810 nlmsg_free(msg);
10811 }
10812
10813 void cfg80211_notify_new_peer_candidate(struct net_device *dev, const u8 *addr,
10814 const u8* ie, u8 ie_len, gfp_t gfp)
10815 {
10816 struct wireless_dev *wdev = dev->ieee80211_ptr;
10817 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
10818 struct sk_buff *msg;
10819 void *hdr;
10820
10821 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_MESH_POINT))
10822 return;
10823
10824 trace_cfg80211_notify_new_peer_candidate(dev, addr);
10825
10826 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10827 if (!msg)
10828 return;
10829
10830 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NEW_PEER_CANDIDATE);
10831 if (!hdr) {
10832 nlmsg_free(msg);
10833 return;
10834 }
10835
10836 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10837 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
10838 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
10839 (ie_len && ie &&
10840 nla_put(msg, NL80211_ATTR_IE, ie_len , ie)))
10841 goto nla_put_failure;
10842
10843 genlmsg_end(msg, hdr);
10844
10845 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10846 NL80211_MCGRP_MLME, gfp);
10847 return;
10848
10849 nla_put_failure:
10850 genlmsg_cancel(msg, hdr);
10851 nlmsg_free(msg);
10852 }
10853 EXPORT_SYMBOL(cfg80211_notify_new_peer_candidate);
10854
10855 void nl80211_michael_mic_failure(struct cfg80211_registered_device *rdev,
10856 struct net_device *netdev, const u8 *addr,
10857 enum nl80211_key_type key_type, int key_id,
10858 const u8 *tsc, gfp_t gfp)
10859 {
10860 struct sk_buff *msg;
10861 void *hdr;
10862
10863 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10864 if (!msg)
10865 return;
10866
10867 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_MICHAEL_MIC_FAILURE);
10868 if (!hdr) {
10869 nlmsg_free(msg);
10870 return;
10871 }
10872
10873 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10874 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
10875 (addr && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) ||
10876 nla_put_u32(msg, NL80211_ATTR_KEY_TYPE, key_type) ||
10877 (key_id != -1 &&
10878 nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_id)) ||
10879 (tsc && nla_put(msg, NL80211_ATTR_KEY_SEQ, 6, tsc)))
10880 goto nla_put_failure;
10881
10882 genlmsg_end(msg, hdr);
10883
10884 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10885 NL80211_MCGRP_MLME, gfp);
10886 return;
10887
10888 nla_put_failure:
10889 genlmsg_cancel(msg, hdr);
10890 nlmsg_free(msg);
10891 }
10892
10893 void nl80211_send_beacon_hint_event(struct wiphy *wiphy,
10894 struct ieee80211_channel *channel_before,
10895 struct ieee80211_channel *channel_after)
10896 {
10897 struct sk_buff *msg;
10898 void *hdr;
10899 struct nlattr *nl_freq;
10900
10901 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC);
10902 if (!msg)
10903 return;
10904
10905 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_BEACON_HINT);
10906 if (!hdr) {
10907 nlmsg_free(msg);
10908 return;
10909 }
10910
10911 /*
10912 * Since we are applying the beacon hint to a wiphy we know its
10913 * wiphy_idx is valid
10914 */
10915 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
10916 goto nla_put_failure;
10917
10918 /* Before */
10919 nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_BEFORE);
10920 if (!nl_freq)
10921 goto nla_put_failure;
10922 if (nl80211_msg_put_channel(msg, channel_before, false))
10923 goto nla_put_failure;
10924 nla_nest_end(msg, nl_freq);
10925
10926 /* After */
10927 nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_AFTER);
10928 if (!nl_freq)
10929 goto nla_put_failure;
10930 if (nl80211_msg_put_channel(msg, channel_after, false))
10931 goto nla_put_failure;
10932 nla_nest_end(msg, nl_freq);
10933
10934 genlmsg_end(msg, hdr);
10935
10936 rcu_read_lock();
10937 genlmsg_multicast_allns(&nl80211_fam, msg, 0,
10938 NL80211_MCGRP_REGULATORY, GFP_ATOMIC);
10939 rcu_read_unlock();
10940
10941 return;
10942
10943 nla_put_failure:
10944 genlmsg_cancel(msg, hdr);
10945 nlmsg_free(msg);
10946 }
10947
10948 static void nl80211_send_remain_on_chan_event(
10949 int cmd, struct cfg80211_registered_device *rdev,
10950 struct wireless_dev *wdev, u64 cookie,
10951 struct ieee80211_channel *chan,
10952 unsigned int duration, gfp_t gfp)
10953 {
10954 struct sk_buff *msg;
10955 void *hdr;
10956
10957 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10958 if (!msg)
10959 return;
10960
10961 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
10962 if (!hdr) {
10963 nlmsg_free(msg);
10964 return;
10965 }
10966
10967 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10968 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
10969 wdev->netdev->ifindex)) ||
10970 nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)) ||
10971 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, chan->center_freq) ||
10972 nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
10973 NL80211_CHAN_NO_HT) ||
10974 nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie))
10975 goto nla_put_failure;
10976
10977 if (cmd == NL80211_CMD_REMAIN_ON_CHANNEL &&
10978 nla_put_u32(msg, NL80211_ATTR_DURATION, duration))
10979 goto nla_put_failure;
10980
10981 genlmsg_end(msg, hdr);
10982
10983 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10984 NL80211_MCGRP_MLME, gfp);
10985 return;
10986
10987 nla_put_failure:
10988 genlmsg_cancel(msg, hdr);
10989 nlmsg_free(msg);
10990 }
10991
10992 void cfg80211_ready_on_channel(struct wireless_dev *wdev, u64 cookie,
10993 struct ieee80211_channel *chan,
10994 unsigned int duration, gfp_t gfp)
10995 {
10996 struct wiphy *wiphy = wdev->wiphy;
10997 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
10998
10999 trace_cfg80211_ready_on_channel(wdev, cookie, chan, duration);
11000 nl80211_send_remain_on_chan_event(NL80211_CMD_REMAIN_ON_CHANNEL,
11001 rdev, wdev, cookie, chan,
11002 duration, gfp);
11003 }
11004 EXPORT_SYMBOL(cfg80211_ready_on_channel);
11005
11006 void cfg80211_remain_on_channel_expired(struct wireless_dev *wdev, u64 cookie,
11007 struct ieee80211_channel *chan,
11008 gfp_t gfp)
11009 {
11010 struct wiphy *wiphy = wdev->wiphy;
11011 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
11012
11013 trace_cfg80211_ready_on_channel_expired(wdev, cookie, chan);
11014 nl80211_send_remain_on_chan_event(NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
11015 rdev, wdev, cookie, chan, 0, gfp);
11016 }
11017 EXPORT_SYMBOL(cfg80211_remain_on_channel_expired);
11018
11019 void cfg80211_new_sta(struct net_device *dev, const u8 *mac_addr,
11020 struct station_info *sinfo, gfp_t gfp)
11021 {
11022 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
11023 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
11024 struct sk_buff *msg;
11025
11026 trace_cfg80211_new_sta(dev, mac_addr, sinfo);
11027
11028 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11029 if (!msg)
11030 return;
11031
11032 if (nl80211_send_station(msg, 0, 0, 0,
11033 rdev, dev, mac_addr, sinfo) < 0) {
11034 nlmsg_free(msg);
11035 return;
11036 }
11037
11038 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11039 NL80211_MCGRP_MLME, gfp);
11040 }
11041 EXPORT_SYMBOL(cfg80211_new_sta);
11042
11043 void cfg80211_del_sta(struct net_device *dev, const u8 *mac_addr, gfp_t gfp)
11044 {
11045 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
11046 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
11047 struct sk_buff *msg;
11048 void *hdr;
11049
11050 trace_cfg80211_del_sta(dev, mac_addr);
11051
11052 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11053 if (!msg)
11054 return;
11055
11056 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DEL_STATION);
11057 if (!hdr) {
11058 nlmsg_free(msg);
11059 return;
11060 }
11061
11062 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
11063 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr))
11064 goto nla_put_failure;
11065
11066 genlmsg_end(msg, hdr);
11067
11068 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11069 NL80211_MCGRP_MLME, gfp);
11070 return;
11071
11072 nla_put_failure:
11073 genlmsg_cancel(msg, hdr);
11074 nlmsg_free(msg);
11075 }
11076 EXPORT_SYMBOL(cfg80211_del_sta);
11077
11078 void cfg80211_conn_failed(struct net_device *dev, const u8 *mac_addr,
11079 enum nl80211_connect_failed_reason reason,
11080 gfp_t gfp)
11081 {
11082 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
11083 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
11084 struct sk_buff *msg;
11085 void *hdr;
11086
11087 msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
11088 if (!msg)
11089 return;
11090
11091 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONN_FAILED);
11092 if (!hdr) {
11093 nlmsg_free(msg);
11094 return;
11095 }
11096
11097 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
11098 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
11099 nla_put_u32(msg, NL80211_ATTR_CONN_FAILED_REASON, reason))
11100 goto nla_put_failure;
11101
11102 genlmsg_end(msg, hdr);
11103
11104 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11105 NL80211_MCGRP_MLME, gfp);
11106 return;
11107
11108 nla_put_failure:
11109 genlmsg_cancel(msg, hdr);
11110 nlmsg_free(msg);
11111 }
11112 EXPORT_SYMBOL(cfg80211_conn_failed);
11113
11114 static bool __nl80211_unexpected_frame(struct net_device *dev, u8 cmd,
11115 const u8 *addr, gfp_t gfp)
11116 {
11117 struct wireless_dev *wdev = dev->ieee80211_ptr;
11118 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
11119 struct sk_buff *msg;
11120 void *hdr;
11121 u32 nlportid = ACCESS_ONCE(wdev->ap_unexpected_nlportid);
11122
11123 if (!nlportid)
11124 return false;
11125
11126 msg = nlmsg_new(100, gfp);
11127 if (!msg)
11128 return true;
11129
11130 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
11131 if (!hdr) {
11132 nlmsg_free(msg);
11133 return true;
11134 }
11135
11136 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11137 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
11138 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
11139 goto nla_put_failure;
11140
11141 genlmsg_end(msg, hdr);
11142 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
11143 return true;
11144
11145 nla_put_failure:
11146 genlmsg_cancel(msg, hdr);
11147 nlmsg_free(msg);
11148 return true;
11149 }
11150
11151 bool cfg80211_rx_spurious_frame(struct net_device *dev,
11152 const u8 *addr, gfp_t gfp)
11153 {
11154 struct wireless_dev *wdev = dev->ieee80211_ptr;
11155 bool ret;
11156
11157 trace_cfg80211_rx_spurious_frame(dev, addr);
11158
11159 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
11160 wdev->iftype != NL80211_IFTYPE_P2P_GO)) {
11161 trace_cfg80211_return_bool(false);
11162 return false;
11163 }
11164 ret = __nl80211_unexpected_frame(dev, NL80211_CMD_UNEXPECTED_FRAME,
11165 addr, gfp);
11166 trace_cfg80211_return_bool(ret);
11167 return ret;
11168 }
11169 EXPORT_SYMBOL(cfg80211_rx_spurious_frame);
11170
11171 bool cfg80211_rx_unexpected_4addr_frame(struct net_device *dev,
11172 const u8 *addr, gfp_t gfp)
11173 {
11174 struct wireless_dev *wdev = dev->ieee80211_ptr;
11175 bool ret;
11176
11177 trace_cfg80211_rx_unexpected_4addr_frame(dev, addr);
11178
11179 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
11180 wdev->iftype != NL80211_IFTYPE_P2P_GO &&
11181 wdev->iftype != NL80211_IFTYPE_AP_VLAN)) {
11182 trace_cfg80211_return_bool(false);
11183 return false;
11184 }
11185 ret = __nl80211_unexpected_frame(dev,
11186 NL80211_CMD_UNEXPECTED_4ADDR_FRAME,
11187 addr, gfp);
11188 trace_cfg80211_return_bool(ret);
11189 return ret;
11190 }
11191 EXPORT_SYMBOL(cfg80211_rx_unexpected_4addr_frame);
11192
11193 int nl80211_send_mgmt(struct cfg80211_registered_device *rdev,
11194 struct wireless_dev *wdev, u32 nlportid,
11195 int freq, int sig_dbm,
11196 const u8 *buf, size_t len, u32 flags, gfp_t gfp)
11197 {
11198 struct net_device *netdev = wdev->netdev;
11199 struct sk_buff *msg;
11200 void *hdr;
11201
11202 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11203 if (!msg)
11204 return -ENOMEM;
11205
11206 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
11207 if (!hdr) {
11208 nlmsg_free(msg);
11209 return -ENOMEM;
11210 }
11211
11212 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11213 (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
11214 netdev->ifindex)) ||
11215 nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)) ||
11216 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq) ||
11217 (sig_dbm &&
11218 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) ||
11219 nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
11220 (flags &&
11221 nla_put_u32(msg, NL80211_ATTR_RXMGMT_FLAGS, flags)))
11222 goto nla_put_failure;
11223
11224 genlmsg_end(msg, hdr);
11225
11226 return genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
11227
11228 nla_put_failure:
11229 genlmsg_cancel(msg, hdr);
11230 nlmsg_free(msg);
11231 return -ENOBUFS;
11232 }
11233
11234 void cfg80211_mgmt_tx_status(struct wireless_dev *wdev, u64 cookie,
11235 const u8 *buf, size_t len, bool ack, gfp_t gfp)
11236 {
11237 struct wiphy *wiphy = wdev->wiphy;
11238 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
11239 struct net_device *netdev = wdev->netdev;
11240 struct sk_buff *msg;
11241 void *hdr;
11242
11243 trace_cfg80211_mgmt_tx_status(wdev, cookie, ack);
11244
11245 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11246 if (!msg)
11247 return;
11248
11249 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME_TX_STATUS);
11250 if (!hdr) {
11251 nlmsg_free(msg);
11252 return;
11253 }
11254
11255 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11256 (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
11257 netdev->ifindex)) ||
11258 nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)) ||
11259 nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
11260 nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie) ||
11261 (ack && nla_put_flag(msg, NL80211_ATTR_ACK)))
11262 goto nla_put_failure;
11263
11264 genlmsg_end(msg, hdr);
11265
11266 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11267 NL80211_MCGRP_MLME, gfp);
11268 return;
11269
11270 nla_put_failure:
11271 genlmsg_cancel(msg, hdr);
11272 nlmsg_free(msg);
11273 }
11274 EXPORT_SYMBOL(cfg80211_mgmt_tx_status);
11275
11276 void cfg80211_cqm_rssi_notify(struct net_device *dev,
11277 enum nl80211_cqm_rssi_threshold_event rssi_event,
11278 gfp_t gfp)
11279 {
11280 struct wireless_dev *wdev = dev->ieee80211_ptr;
11281 struct wiphy *wiphy = wdev->wiphy;
11282 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
11283 struct sk_buff *msg;
11284 struct nlattr *pinfoattr;
11285 void *hdr;
11286
11287 trace_cfg80211_cqm_rssi_notify(dev, rssi_event);
11288
11289 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11290 if (!msg)
11291 return;
11292
11293 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM);
11294 if (!hdr) {
11295 nlmsg_free(msg);
11296 return;
11297 }
11298
11299 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11300 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
11301 goto nla_put_failure;
11302
11303 pinfoattr = nla_nest_start(msg, NL80211_ATTR_CQM);
11304 if (!pinfoattr)
11305 goto nla_put_failure;
11306
11307 if (nla_put_u32(msg, NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT,
11308 rssi_event))
11309 goto nla_put_failure;
11310
11311 nla_nest_end(msg, pinfoattr);
11312
11313 genlmsg_end(msg, hdr);
11314
11315 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11316 NL80211_MCGRP_MLME, gfp);
11317 return;
11318
11319 nla_put_failure:
11320 genlmsg_cancel(msg, hdr);
11321 nlmsg_free(msg);
11322 }
11323 EXPORT_SYMBOL(cfg80211_cqm_rssi_notify);
11324
11325 static void nl80211_gtk_rekey_notify(struct cfg80211_registered_device *rdev,
11326 struct net_device *netdev, const u8 *bssid,
11327 const u8 *replay_ctr, gfp_t gfp)
11328 {
11329 struct sk_buff *msg;
11330 struct nlattr *rekey_attr;
11331 void *hdr;
11332
11333 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11334 if (!msg)
11335 return;
11336
11337 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_REKEY_OFFLOAD);
11338 if (!hdr) {
11339 nlmsg_free(msg);
11340 return;
11341 }
11342
11343 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11344 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
11345 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
11346 goto nla_put_failure;
11347
11348 rekey_attr = nla_nest_start(msg, NL80211_ATTR_REKEY_DATA);
11349 if (!rekey_attr)
11350 goto nla_put_failure;
11351
11352 if (nla_put(msg, NL80211_REKEY_DATA_REPLAY_CTR,
11353 NL80211_REPLAY_CTR_LEN, replay_ctr))
11354 goto nla_put_failure;
11355
11356 nla_nest_end(msg, rekey_attr);
11357
11358 genlmsg_end(msg, hdr);
11359
11360 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11361 NL80211_MCGRP_MLME, gfp);
11362 return;
11363
11364 nla_put_failure:
11365 genlmsg_cancel(msg, hdr);
11366 nlmsg_free(msg);
11367 }
11368
11369 void cfg80211_gtk_rekey_notify(struct net_device *dev, const u8 *bssid,
11370 const u8 *replay_ctr, gfp_t gfp)
11371 {
11372 struct wireless_dev *wdev = dev->ieee80211_ptr;
11373 struct wiphy *wiphy = wdev->wiphy;
11374 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
11375
11376 trace_cfg80211_gtk_rekey_notify(dev, bssid);
11377 nl80211_gtk_rekey_notify(rdev, dev, bssid, replay_ctr, gfp);
11378 }
11379 EXPORT_SYMBOL(cfg80211_gtk_rekey_notify);
11380
11381 static void
11382 nl80211_pmksa_candidate_notify(struct cfg80211_registered_device *rdev,
11383 struct net_device *netdev, int index,
11384 const u8 *bssid, bool preauth, gfp_t gfp)
11385 {
11386 struct sk_buff *msg;
11387 struct nlattr *attr;
11388 void *hdr;
11389
11390 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11391 if (!msg)
11392 return;
11393
11394 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PMKSA_CANDIDATE);
11395 if (!hdr) {
11396 nlmsg_free(msg);
11397 return;
11398 }
11399
11400 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11401 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
11402 goto nla_put_failure;
11403
11404 attr = nla_nest_start(msg, NL80211_ATTR_PMKSA_CANDIDATE);
11405 if (!attr)
11406 goto nla_put_failure;
11407
11408 if (nla_put_u32(msg, NL80211_PMKSA_CANDIDATE_INDEX, index) ||
11409 nla_put(msg, NL80211_PMKSA_CANDIDATE_BSSID, ETH_ALEN, bssid) ||
11410 (preauth &&
11411 nla_put_flag(msg, NL80211_PMKSA_CANDIDATE_PREAUTH)))
11412 goto nla_put_failure;
11413
11414 nla_nest_end(msg, attr);
11415
11416 genlmsg_end(msg, hdr);
11417
11418 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11419 NL80211_MCGRP_MLME, gfp);
11420 return;
11421
11422 nla_put_failure:
11423 genlmsg_cancel(msg, hdr);
11424 nlmsg_free(msg);
11425 }
11426
11427 void cfg80211_pmksa_candidate_notify(struct net_device *dev, int index,
11428 const u8 *bssid, bool preauth, gfp_t gfp)
11429 {
11430 struct wireless_dev *wdev = dev->ieee80211_ptr;
11431 struct wiphy *wiphy = wdev->wiphy;
11432 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
11433
11434 trace_cfg80211_pmksa_candidate_notify(dev, index, bssid, preauth);
11435 nl80211_pmksa_candidate_notify(rdev, dev, index, bssid, preauth, gfp);
11436 }
11437 EXPORT_SYMBOL(cfg80211_pmksa_candidate_notify);
11438
11439 static void nl80211_ch_switch_notify(struct cfg80211_registered_device *rdev,
11440 struct net_device *netdev,
11441 struct cfg80211_chan_def *chandef,
11442 gfp_t gfp)
11443 {
11444 struct sk_buff *msg;
11445 void *hdr;
11446
11447 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11448 if (!msg)
11449 return;
11450
11451 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CH_SWITCH_NOTIFY);
11452 if (!hdr) {
11453 nlmsg_free(msg);
11454 return;
11455 }
11456
11457 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
11458 goto nla_put_failure;
11459
11460 if (nl80211_send_chandef(msg, chandef))
11461 goto nla_put_failure;
11462
11463 genlmsg_end(msg, hdr);
11464
11465 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11466 NL80211_MCGRP_MLME, gfp);
11467 return;
11468
11469 nla_put_failure:
11470 genlmsg_cancel(msg, hdr);
11471 nlmsg_free(msg);
11472 }
11473
11474 void cfg80211_ch_switch_notify(struct net_device *dev,
11475 struct cfg80211_chan_def *chandef)
11476 {
11477 struct wireless_dev *wdev = dev->ieee80211_ptr;
11478 struct wiphy *wiphy = wdev->wiphy;
11479 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
11480
11481 ASSERT_WDEV_LOCK(wdev);
11482
11483 trace_cfg80211_ch_switch_notify(dev, chandef);
11484
11485 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
11486 wdev->iftype != NL80211_IFTYPE_P2P_GO &&
11487 wdev->iftype != NL80211_IFTYPE_ADHOC &&
11488 wdev->iftype != NL80211_IFTYPE_MESH_POINT))
11489 return;
11490
11491 wdev->chandef = *chandef;
11492 wdev->preset_chandef = *chandef;
11493 nl80211_ch_switch_notify(rdev, dev, chandef, GFP_KERNEL);
11494 }
11495 EXPORT_SYMBOL(cfg80211_ch_switch_notify);
11496
11497 void cfg80211_cqm_txe_notify(struct net_device *dev,
11498 const u8 *peer, u32 num_packets,
11499 u32 rate, u32 intvl, gfp_t gfp)
11500 {
11501 struct wireless_dev *wdev = dev->ieee80211_ptr;
11502 struct wiphy *wiphy = wdev->wiphy;
11503 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
11504 struct sk_buff *msg;
11505 struct nlattr *pinfoattr;
11506 void *hdr;
11507
11508 msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
11509 if (!msg)
11510 return;
11511
11512 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM);
11513 if (!hdr) {
11514 nlmsg_free(msg);
11515 return;
11516 }
11517
11518 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11519 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
11520 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer))
11521 goto nla_put_failure;
11522
11523 pinfoattr = nla_nest_start(msg, NL80211_ATTR_CQM);
11524 if (!pinfoattr)
11525 goto nla_put_failure;
11526
11527 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_PKTS, num_packets))
11528 goto nla_put_failure;
11529
11530 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_RATE, rate))
11531 goto nla_put_failure;
11532
11533 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_INTVL, intvl))
11534 goto nla_put_failure;
11535
11536 nla_nest_end(msg, pinfoattr);
11537
11538 genlmsg_end(msg, hdr);
11539
11540 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11541 NL80211_MCGRP_MLME, gfp);
11542 return;
11543
11544 nla_put_failure:
11545 genlmsg_cancel(msg, hdr);
11546 nlmsg_free(msg);
11547 }
11548 EXPORT_SYMBOL(cfg80211_cqm_txe_notify);
11549
11550 void
11551 nl80211_radar_notify(struct cfg80211_registered_device *rdev,
11552 const struct cfg80211_chan_def *chandef,
11553 enum nl80211_radar_event event,
11554 struct net_device *netdev, gfp_t gfp)
11555 {
11556 struct sk_buff *msg;
11557 void *hdr;
11558
11559 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11560 if (!msg)
11561 return;
11562
11563 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_RADAR_DETECT);
11564 if (!hdr) {
11565 nlmsg_free(msg);
11566 return;
11567 }
11568
11569 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
11570 goto nla_put_failure;
11571
11572 /* NOP and radar events don't need a netdev parameter */
11573 if (netdev) {
11574 struct wireless_dev *wdev = netdev->ieee80211_ptr;
11575
11576 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
11577 nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
11578 goto nla_put_failure;
11579 }
11580
11581 if (nla_put_u32(msg, NL80211_ATTR_RADAR_EVENT, event))
11582 goto nla_put_failure;
11583
11584 if (nl80211_send_chandef(msg, chandef))
11585 goto nla_put_failure;
11586
11587 genlmsg_end(msg, hdr);
11588
11589 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11590 NL80211_MCGRP_MLME, gfp);
11591 return;
11592
11593 nla_put_failure:
11594 genlmsg_cancel(msg, hdr);
11595 nlmsg_free(msg);
11596 }
11597
11598 void cfg80211_cqm_pktloss_notify(struct net_device *dev,
11599 const u8 *peer, u32 num_packets, gfp_t gfp)
11600 {
11601 struct wireless_dev *wdev = dev->ieee80211_ptr;
11602 struct wiphy *wiphy = wdev->wiphy;
11603 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
11604 struct sk_buff *msg;
11605 struct nlattr *pinfoattr;
11606 void *hdr;
11607
11608 trace_cfg80211_cqm_pktloss_notify(dev, peer, num_packets);
11609
11610 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11611 if (!msg)
11612 return;
11613
11614 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM);
11615 if (!hdr) {
11616 nlmsg_free(msg);
11617 return;
11618 }
11619
11620 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11621 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
11622 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer))
11623 goto nla_put_failure;
11624
11625 pinfoattr = nla_nest_start(msg, NL80211_ATTR_CQM);
11626 if (!pinfoattr)
11627 goto nla_put_failure;
11628
11629 if (nla_put_u32(msg, NL80211_ATTR_CQM_PKT_LOSS_EVENT, num_packets))
11630 goto nla_put_failure;
11631
11632 nla_nest_end(msg, pinfoattr);
11633
11634 genlmsg_end(msg, hdr);
11635
11636 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11637 NL80211_MCGRP_MLME, gfp);
11638 return;
11639
11640 nla_put_failure:
11641 genlmsg_cancel(msg, hdr);
11642 nlmsg_free(msg);
11643 }
11644 EXPORT_SYMBOL(cfg80211_cqm_pktloss_notify);
11645
11646 void cfg80211_probe_status(struct net_device *dev, const u8 *addr,
11647 u64 cookie, bool acked, gfp_t gfp)
11648 {
11649 struct wireless_dev *wdev = dev->ieee80211_ptr;
11650 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
11651 struct sk_buff *msg;
11652 void *hdr;
11653
11654 trace_cfg80211_probe_status(dev, addr, cookie, acked);
11655
11656 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11657
11658 if (!msg)
11659 return;
11660
11661 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PROBE_CLIENT);
11662 if (!hdr) {
11663 nlmsg_free(msg);
11664 return;
11665 }
11666
11667 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11668 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
11669 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
11670 nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie) ||
11671 (acked && nla_put_flag(msg, NL80211_ATTR_ACK)))
11672 goto nla_put_failure;
11673
11674 genlmsg_end(msg, hdr);
11675
11676 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11677 NL80211_MCGRP_MLME, gfp);
11678 return;
11679
11680 nla_put_failure:
11681 genlmsg_cancel(msg, hdr);
11682 nlmsg_free(msg);
11683 }
11684 EXPORT_SYMBOL(cfg80211_probe_status);
11685
11686 void cfg80211_report_obss_beacon(struct wiphy *wiphy,
11687 const u8 *frame, size_t len,
11688 int freq, int sig_dbm)
11689 {
11690 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
11691 struct sk_buff *msg;
11692 void *hdr;
11693 struct cfg80211_beacon_registration *reg;
11694
11695 trace_cfg80211_report_obss_beacon(wiphy, frame, len, freq, sig_dbm);
11696
11697 spin_lock_bh(&rdev->beacon_registrations_lock);
11698 list_for_each_entry(reg, &rdev->beacon_registrations, list) {
11699 msg = nlmsg_new(len + 100, GFP_ATOMIC);
11700 if (!msg) {
11701 spin_unlock_bh(&rdev->beacon_registrations_lock);
11702 return;
11703 }
11704
11705 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
11706 if (!hdr)
11707 goto nla_put_failure;
11708
11709 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11710 (freq &&
11711 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq)) ||
11712 (sig_dbm &&
11713 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) ||
11714 nla_put(msg, NL80211_ATTR_FRAME, len, frame))
11715 goto nla_put_failure;
11716
11717 genlmsg_end(msg, hdr);
11718
11719 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, reg->nlportid);
11720 }
11721 spin_unlock_bh(&rdev->beacon_registrations_lock);
11722 return;
11723
11724 nla_put_failure:
11725 spin_unlock_bh(&rdev->beacon_registrations_lock);
11726 if (hdr)
11727 genlmsg_cancel(msg, hdr);
11728 nlmsg_free(msg);
11729 }
11730 EXPORT_SYMBOL(cfg80211_report_obss_beacon);
11731
11732 #ifdef CONFIG_PM
11733 void cfg80211_report_wowlan_wakeup(struct wireless_dev *wdev,
11734 struct cfg80211_wowlan_wakeup *wakeup,
11735 gfp_t gfp)
11736 {
11737 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
11738 struct sk_buff *msg;
11739 void *hdr;
11740 int size = 200;
11741
11742 trace_cfg80211_report_wowlan_wakeup(wdev->wiphy, wdev, wakeup);
11743
11744 if (wakeup)
11745 size += wakeup->packet_present_len;
11746
11747 msg = nlmsg_new(size, gfp);
11748 if (!msg)
11749 return;
11750
11751 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_WOWLAN);
11752 if (!hdr)
11753 goto free_msg;
11754
11755 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11756 nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
11757 goto free_msg;
11758
11759 if (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
11760 wdev->netdev->ifindex))
11761 goto free_msg;
11762
11763 if (wakeup) {
11764 struct nlattr *reasons;
11765
11766 reasons = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS);
11767 if (!reasons)
11768 goto free_msg;
11769
11770 if (wakeup->disconnect &&
11771 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT))
11772 goto free_msg;
11773 if (wakeup->magic_pkt &&
11774 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT))
11775 goto free_msg;
11776 if (wakeup->gtk_rekey_failure &&
11777 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE))
11778 goto free_msg;
11779 if (wakeup->eap_identity_req &&
11780 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST))
11781 goto free_msg;
11782 if (wakeup->four_way_handshake &&
11783 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE))
11784 goto free_msg;
11785 if (wakeup->rfkill_release &&
11786 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE))
11787 goto free_msg;
11788
11789 if (wakeup->pattern_idx >= 0 &&
11790 nla_put_u32(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
11791 wakeup->pattern_idx))
11792 goto free_msg;
11793
11794 if (wakeup->tcp_match &&
11795 nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_MATCH))
11796 goto free_msg;
11797
11798 if (wakeup->tcp_connlost &&
11799 nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_CONNLOST))
11800 goto free_msg;
11801
11802 if (wakeup->tcp_nomoretokens &&
11803 nla_put_flag(msg,
11804 NL80211_WOWLAN_TRIG_WAKEUP_TCP_NOMORETOKENS))
11805 goto free_msg;
11806
11807 if (wakeup->packet) {
11808 u32 pkt_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211;
11809 u32 len_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211_LEN;
11810
11811 if (!wakeup->packet_80211) {
11812 pkt_attr =
11813 NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023;
11814 len_attr =
11815 NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023_LEN;
11816 }
11817
11818 if (wakeup->packet_len &&
11819 nla_put_u32(msg, len_attr, wakeup->packet_len))
11820 goto free_msg;
11821
11822 if (nla_put(msg, pkt_attr, wakeup->packet_present_len,
11823 wakeup->packet))
11824 goto free_msg;
11825 }
11826
11827 nla_nest_end(msg, reasons);
11828 }
11829
11830 genlmsg_end(msg, hdr);
11831
11832 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11833 NL80211_MCGRP_MLME, gfp);
11834 return;
11835
11836 free_msg:
11837 nlmsg_free(msg);
11838 }
11839 EXPORT_SYMBOL(cfg80211_report_wowlan_wakeup);
11840 #endif
11841
11842 void cfg80211_tdls_oper_request(struct net_device *dev, const u8 *peer,
11843 enum nl80211_tdls_operation oper,
11844 u16 reason_code, gfp_t gfp)
11845 {
11846 struct wireless_dev *wdev = dev->ieee80211_ptr;
11847 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
11848 struct sk_buff *msg;
11849 void *hdr;
11850
11851 trace_cfg80211_tdls_oper_request(wdev->wiphy, dev, peer, oper,
11852 reason_code);
11853
11854 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11855 if (!msg)
11856 return;
11857
11858 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_TDLS_OPER);
11859 if (!hdr) {
11860 nlmsg_free(msg);
11861 return;
11862 }
11863
11864 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11865 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
11866 nla_put_u8(msg, NL80211_ATTR_TDLS_OPERATION, oper) ||
11867 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer) ||
11868 (reason_code > 0 &&
11869 nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason_code)))
11870 goto nla_put_failure;
11871
11872 genlmsg_end(msg, hdr);
11873
11874 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11875 NL80211_MCGRP_MLME, gfp);
11876 return;
11877
11878 nla_put_failure:
11879 genlmsg_cancel(msg, hdr);
11880 nlmsg_free(msg);
11881 }
11882 EXPORT_SYMBOL(cfg80211_tdls_oper_request);
11883
11884 static int nl80211_netlink_notify(struct notifier_block * nb,
11885 unsigned long state,
11886 void *_notify)
11887 {
11888 struct netlink_notify *notify = _notify;
11889 struct cfg80211_registered_device *rdev;
11890 struct wireless_dev *wdev;
11891 struct cfg80211_beacon_registration *reg, *tmp;
11892
11893 if (state != NETLINK_URELEASE)
11894 return NOTIFY_DONE;
11895
11896 rcu_read_lock();
11897
11898 list_for_each_entry_rcu(rdev, &cfg80211_rdev_list, list) {
11899 bool schedule_destroy_work = false;
11900
11901 list_for_each_entry_rcu(wdev, &rdev->wdev_list, list) {
11902 cfg80211_mlme_unregister_socket(wdev, notify->portid);
11903
11904 if (wdev->owner_nlportid == notify->portid)
11905 schedule_destroy_work = true;
11906 }
11907
11908 spin_lock_bh(&rdev->beacon_registrations_lock);
11909 list_for_each_entry_safe(reg, tmp, &rdev->beacon_registrations,
11910 list) {
11911 if (reg->nlportid == notify->portid) {
11912 list_del(&reg->list);
11913 kfree(reg);
11914 break;
11915 }
11916 }
11917 spin_unlock_bh(&rdev->beacon_registrations_lock);
11918
11919 if (schedule_destroy_work) {
11920 struct cfg80211_iface_destroy *destroy;
11921
11922 destroy = kzalloc(sizeof(*destroy), GFP_ATOMIC);
11923 if (destroy) {
11924 destroy->nlportid = notify->portid;
11925 spin_lock(&rdev->destroy_list_lock);
11926 list_add(&destroy->list, &rdev->destroy_list);
11927 spin_unlock(&rdev->destroy_list_lock);
11928 schedule_work(&rdev->destroy_work);
11929 }
11930 }
11931 }
11932
11933 rcu_read_unlock();
11934
11935 return NOTIFY_OK;
11936 }
11937
11938 static struct notifier_block nl80211_netlink_notifier = {
11939 .notifier_call = nl80211_netlink_notify,
11940 };
11941
11942 void cfg80211_ft_event(struct net_device *netdev,
11943 struct cfg80211_ft_event_params *ft_event)
11944 {
11945 struct wiphy *wiphy = netdev->ieee80211_ptr->wiphy;
11946 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
11947 struct sk_buff *msg;
11948 void *hdr;
11949
11950 trace_cfg80211_ft_event(wiphy, netdev, ft_event);
11951
11952 if (!ft_event->target_ap)
11953 return;
11954
11955 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
11956 if (!msg)
11957 return;
11958
11959 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FT_EVENT);
11960 if (!hdr)
11961 goto out;
11962
11963 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11964 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
11965 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, ft_event->target_ap))
11966 goto out;
11967
11968 if (ft_event->ies &&
11969 nla_put(msg, NL80211_ATTR_IE, ft_event->ies_len, ft_event->ies))
11970 goto out;
11971 if (ft_event->ric_ies &&
11972 nla_put(msg, NL80211_ATTR_IE_RIC, ft_event->ric_ies_len,
11973 ft_event->ric_ies))
11974 goto out;
11975
11976 genlmsg_end(msg, hdr);
11977
11978 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11979 NL80211_MCGRP_MLME, GFP_KERNEL);
11980 return;
11981 out:
11982 nlmsg_free(msg);
11983 }
11984 EXPORT_SYMBOL(cfg80211_ft_event);
11985
11986 void cfg80211_crit_proto_stopped(struct wireless_dev *wdev, gfp_t gfp)
11987 {
11988 struct cfg80211_registered_device *rdev;
11989 struct sk_buff *msg;
11990 void *hdr;
11991 u32 nlportid;
11992
11993 rdev = wiphy_to_rdev(wdev->wiphy);
11994 if (!rdev->crit_proto_nlportid)
11995 return;
11996
11997 nlportid = rdev->crit_proto_nlportid;
11998 rdev->crit_proto_nlportid = 0;
11999
12000 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12001 if (!msg)
12002 return;
12003
12004 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CRIT_PROTOCOL_STOP);
12005 if (!hdr)
12006 goto nla_put_failure;
12007
12008 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12009 nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
12010 goto nla_put_failure;
12011
12012 genlmsg_end(msg, hdr);
12013
12014 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
12015 return;
12016
12017 nla_put_failure:
12018 if (hdr)
12019 genlmsg_cancel(msg, hdr);
12020 nlmsg_free(msg);
12021
12022 }
12023 EXPORT_SYMBOL(cfg80211_crit_proto_stopped);
12024
12025 void nl80211_send_ap_stopped(struct wireless_dev *wdev)
12026 {
12027 struct wiphy *wiphy = wdev->wiphy;
12028 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12029 struct sk_buff *msg;
12030 void *hdr;
12031
12032 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
12033 if (!msg)
12034 return;
12035
12036 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_STOP_AP);
12037 if (!hdr)
12038 goto out;
12039
12040 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12041 nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex) ||
12042 nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
12043 goto out;
12044
12045 genlmsg_end(msg, hdr);
12046
12047 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(wiphy), msg, 0,
12048 NL80211_MCGRP_MLME, GFP_KERNEL);
12049 return;
12050 out:
12051 nlmsg_free(msg);
12052 }
12053
12054 /* initialisation/exit functions */
12055
12056 int nl80211_init(void)
12057 {
12058 int err;
12059
12060 err = genl_register_family_with_ops_groups(&nl80211_fam, nl80211_ops,
12061 nl80211_mcgrps);
12062 if (err)
12063 return err;
12064
12065 err = netlink_register_notifier(&nl80211_netlink_notifier);
12066 if (err)
12067 goto err_out;
12068
12069 return 0;
12070 err_out:
12071 genl_unregister_family(&nl80211_fam);
12072 return err;
12073 }
12074
12075 void nl80211_exit(void)
12076 {
12077 netlink_unregister_notifier(&nl80211_netlink_notifier);
12078 genl_unregister_family(&nl80211_fam);
12079 }
ubuntu-bionic-kernel mirror