]> git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/blob - net/wireless/nl80211.c
projects / mirror_ubuntu-bionic-kernel.git / blob
? search:


b2ac1410b1132bf7548178703a4bb93a42011ec7
[mirror_ubuntu-bionic-kernel.git] / net / wireless / nl80211.c
1 /*
2 * This is the new netlink-based wireless configuration interface.
3 *
4 * Copyright 2006-2010 Johannes Berg <johannes@sipsolutions.net>
5 */
6
7 #include <linux/if.h>
8 #include <linux/module.h>
9 #include <linux/err.h>
10 #include <linux/slab.h>
11 #include <linux/list.h>
12 #include <linux/if_ether.h>
13 #include <linux/ieee80211.h>
14 #include <linux/nl80211.h>
15 #include <linux/rtnetlink.h>
16 #include <linux/netlink.h>
17 #include <linux/etherdevice.h>
18 #include <net/net_namespace.h>
19 #include <net/genetlink.h>
20 #include <net/cfg80211.h>
21 #include <net/sock.h>
22 #include <net/inet_connection_sock.h>
23 #include "core.h"
24 #include "nl80211.h"
25 #include "reg.h"
26 #include "rdev-ops.h"
27
28 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
29 struct genl_info *info,
30 struct cfg80211_crypto_settings *settings,
31 int cipher_limit);
32
33 static int nl80211_pre_doit(const struct genl_ops *ops, struct sk_buff *skb,
34 struct genl_info *info);
35 static void nl80211_post_doit(const struct genl_ops *ops, struct sk_buff *skb,
36 struct genl_info *info);
37
38 /* the netlink family */
39 static struct genl_family nl80211_fam = {
40 .id = GENL_ID_GENERATE, /* don't bother with a hardcoded ID */
41 .name = NL80211_GENL_NAME, /* have users key off the name instead */
42 .hdrsize = 0, /* no private header */
43 .version = 1, /* no particular meaning now */
44 .maxattr = NL80211_ATTR_MAX,
45 .netnsok = true,
46 .pre_doit = nl80211_pre_doit,
47 .post_doit = nl80211_post_doit,
48 };
49
50 /* multicast groups */
51 enum nl80211_multicast_groups {
52 NL80211_MCGRP_CONFIG,
53 NL80211_MCGRP_SCAN,
54 NL80211_MCGRP_REGULATORY,
55 NL80211_MCGRP_MLME,
56 NL80211_MCGRP_VENDOR,
57 NL80211_MCGRP_TESTMODE /* keep last - ifdef! */
58 };
59
60 static const struct genl_multicast_group nl80211_mcgrps[] = {
61 [NL80211_MCGRP_CONFIG] = { .name = "config", },
62 [NL80211_MCGRP_SCAN] = { .name = "scan", },
63 [NL80211_MCGRP_REGULATORY] = { .name = "regulatory", },
64 [NL80211_MCGRP_MLME] = { .name = "mlme", },
65 [NL80211_MCGRP_VENDOR] = { .name = "vendor", },
66 #ifdef CONFIG_NL80211_TESTMODE
67 [NL80211_MCGRP_TESTMODE] = { .name = "testmode", }
68 #endif
69 };
70
71 /* returns ERR_PTR values */
72 static struct wireless_dev *
73 __cfg80211_wdev_from_attrs(struct net *netns, struct nlattr **attrs)
74 {
75 struct cfg80211_registered_device *rdev;
76 struct wireless_dev *result = NULL;
77 bool have_ifidx = attrs[NL80211_ATTR_IFINDEX];
78 bool have_wdev_id = attrs[NL80211_ATTR_WDEV];
79 u64 wdev_id;
80 int wiphy_idx = -1;
81 int ifidx = -1;
82
83 ASSERT_RTNL();
84
85 if (!have_ifidx && !have_wdev_id)
86 return ERR_PTR(-EINVAL);
87
88 if (have_ifidx)
89 ifidx = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
90 if (have_wdev_id) {
91 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
92 wiphy_idx = wdev_id >> 32;
93 }
94
95 list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
96 struct wireless_dev *wdev;
97
98 if (wiphy_net(&rdev->wiphy) != netns)
99 continue;
100
101 if (have_wdev_id && rdev->wiphy_idx != wiphy_idx)
102 continue;
103
104 list_for_each_entry(wdev, &rdev->wdev_list, list) {
105 if (have_ifidx && wdev->netdev &&
106 wdev->netdev->ifindex == ifidx) {
107 result = wdev;
108 break;
109 }
110 if (have_wdev_id && wdev->identifier == (u32)wdev_id) {
111 result = wdev;
112 break;
113 }
114 }
115
116 if (result)
117 break;
118 }
119
120 if (result)
121 return result;
122 return ERR_PTR(-ENODEV);
123 }
124
125 static struct cfg80211_registered_device *
126 __cfg80211_rdev_from_attrs(struct net *netns, struct nlattr **attrs)
127 {
128 struct cfg80211_registered_device *rdev = NULL, *tmp;
129 struct net_device *netdev;
130
131 ASSERT_RTNL();
132
133 if (!attrs[NL80211_ATTR_WIPHY] &&
134 !attrs[NL80211_ATTR_IFINDEX] &&
135 !attrs[NL80211_ATTR_WDEV])
136 return ERR_PTR(-EINVAL);
137
138 if (attrs[NL80211_ATTR_WIPHY])
139 rdev = cfg80211_rdev_by_wiphy_idx(
140 nla_get_u32(attrs[NL80211_ATTR_WIPHY]));
141
142 if (attrs[NL80211_ATTR_WDEV]) {
143 u64 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
144 struct wireless_dev *wdev;
145 bool found = false;
146
147 tmp = cfg80211_rdev_by_wiphy_idx(wdev_id >> 32);
148 if (tmp) {
149 /* make sure wdev exists */
150 list_for_each_entry(wdev, &tmp->wdev_list, list) {
151 if (wdev->identifier != (u32)wdev_id)
152 continue;
153 found = true;
154 break;
155 }
156
157 if (!found)
158 tmp = NULL;
159
160 if (rdev && tmp != rdev)
161 return ERR_PTR(-EINVAL);
162 rdev = tmp;
163 }
164 }
165
166 if (attrs[NL80211_ATTR_IFINDEX]) {
167 int ifindex = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
168 netdev = __dev_get_by_index(netns, ifindex);
169 if (netdev) {
170 if (netdev->ieee80211_ptr)
171 tmp = wiphy_to_dev(
172 netdev->ieee80211_ptr->wiphy);
173 else
174 tmp = NULL;
175
176 /* not wireless device -- return error */
177 if (!tmp)
178 return ERR_PTR(-EINVAL);
179
180 /* mismatch -- return error */
181 if (rdev && tmp != rdev)
182 return ERR_PTR(-EINVAL);
183
184 rdev = tmp;
185 }
186 }
187
188 if (!rdev)
189 return ERR_PTR(-ENODEV);
190
191 if (netns != wiphy_net(&rdev->wiphy))
192 return ERR_PTR(-ENODEV);
193
194 return rdev;
195 }
196
197 /*
198 * This function returns a pointer to the driver
199 * that the genl_info item that is passed refers to.
200 *
201 * The result of this can be a PTR_ERR and hence must
202 * be checked with IS_ERR() for errors.
203 */
204 static struct cfg80211_registered_device *
205 cfg80211_get_dev_from_info(struct net *netns, struct genl_info *info)
206 {
207 return __cfg80211_rdev_from_attrs(netns, info->attrs);
208 }
209
210 /* policy for the attributes */
211 static const struct nla_policy nl80211_policy[NL80211_ATTR_MAX+1] = {
212 [NL80211_ATTR_WIPHY] = { .type = NLA_U32 },
213 [NL80211_ATTR_WIPHY_NAME] = { .type = NLA_NUL_STRING,
214 .len = 20-1 },
215 [NL80211_ATTR_WIPHY_TXQ_PARAMS] = { .type = NLA_NESTED },
216
217 [NL80211_ATTR_WIPHY_FREQ] = { .type = NLA_U32 },
218 [NL80211_ATTR_WIPHY_CHANNEL_TYPE] = { .type = NLA_U32 },
219 [NL80211_ATTR_CHANNEL_WIDTH] = { .type = NLA_U32 },
220 [NL80211_ATTR_CENTER_FREQ1] = { .type = NLA_U32 },
221 [NL80211_ATTR_CENTER_FREQ2] = { .type = NLA_U32 },
222
223 [NL80211_ATTR_WIPHY_RETRY_SHORT] = { .type = NLA_U8 },
224 [NL80211_ATTR_WIPHY_RETRY_LONG] = { .type = NLA_U8 },
225 [NL80211_ATTR_WIPHY_FRAG_THRESHOLD] = { .type = NLA_U32 },
226 [NL80211_ATTR_WIPHY_RTS_THRESHOLD] = { .type = NLA_U32 },
227 [NL80211_ATTR_WIPHY_COVERAGE_CLASS] = { .type = NLA_U8 },
228
229 [NL80211_ATTR_IFTYPE] = { .type = NLA_U32 },
230 [NL80211_ATTR_IFINDEX] = { .type = NLA_U32 },
231 [NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 },
232
233 [NL80211_ATTR_MAC] = { .len = ETH_ALEN },
234 [NL80211_ATTR_PREV_BSSID] = { .len = ETH_ALEN },
235
236 [NL80211_ATTR_KEY] = { .type = NLA_NESTED, },
237 [NL80211_ATTR_KEY_DATA] = { .type = NLA_BINARY,
238 .len = WLAN_MAX_KEY_LEN },
239 [NL80211_ATTR_KEY_IDX] = { .type = NLA_U8 },
240 [NL80211_ATTR_KEY_CIPHER] = { .type = NLA_U32 },
241 [NL80211_ATTR_KEY_DEFAULT] = { .type = NLA_FLAG },
242 [NL80211_ATTR_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
243 [NL80211_ATTR_KEY_TYPE] = { .type = NLA_U32 },
244
245 [NL80211_ATTR_BEACON_INTERVAL] = { .type = NLA_U32 },
246 [NL80211_ATTR_DTIM_PERIOD] = { .type = NLA_U32 },
247 [NL80211_ATTR_BEACON_HEAD] = { .type = NLA_BINARY,
248 .len = IEEE80211_MAX_DATA_LEN },
249 [NL80211_ATTR_BEACON_TAIL] = { .type = NLA_BINARY,
250 .len = IEEE80211_MAX_DATA_LEN },
251 [NL80211_ATTR_STA_AID] = { .type = NLA_U16 },
252 [NL80211_ATTR_STA_FLAGS] = { .type = NLA_NESTED },
253 [NL80211_ATTR_STA_LISTEN_INTERVAL] = { .type = NLA_U16 },
254 [NL80211_ATTR_STA_SUPPORTED_RATES] = { .type = NLA_BINARY,
255 .len = NL80211_MAX_SUPP_RATES },
256 [NL80211_ATTR_STA_PLINK_ACTION] = { .type = NLA_U8 },
257 [NL80211_ATTR_STA_VLAN] = { .type = NLA_U32 },
258 [NL80211_ATTR_MNTR_FLAGS] = { /* NLA_NESTED can't be empty */ },
259 [NL80211_ATTR_MESH_ID] = { .type = NLA_BINARY,
260 .len = IEEE80211_MAX_MESH_ID_LEN },
261 [NL80211_ATTR_MPATH_NEXT_HOP] = { .type = NLA_U32 },
262
263 [NL80211_ATTR_REG_ALPHA2] = { .type = NLA_STRING, .len = 2 },
264 [NL80211_ATTR_REG_RULES] = { .type = NLA_NESTED },
265
266 [NL80211_ATTR_BSS_CTS_PROT] = { .type = NLA_U8 },
267 [NL80211_ATTR_BSS_SHORT_PREAMBLE] = { .type = NLA_U8 },
268 [NL80211_ATTR_BSS_SHORT_SLOT_TIME] = { .type = NLA_U8 },
269 [NL80211_ATTR_BSS_BASIC_RATES] = { .type = NLA_BINARY,
270 .len = NL80211_MAX_SUPP_RATES },
271 [NL80211_ATTR_BSS_HT_OPMODE] = { .type = NLA_U16 },
272
273 [NL80211_ATTR_MESH_CONFIG] = { .type = NLA_NESTED },
274 [NL80211_ATTR_SUPPORT_MESH_AUTH] = { .type = NLA_FLAG },
275
276 [NL80211_ATTR_HT_CAPABILITY] = { .len = NL80211_HT_CAPABILITY_LEN },
277
278 [NL80211_ATTR_MGMT_SUBTYPE] = { .type = NLA_U8 },
279 [NL80211_ATTR_IE] = { .type = NLA_BINARY,
280 .len = IEEE80211_MAX_DATA_LEN },
281 [NL80211_ATTR_SCAN_FREQUENCIES] = { .type = NLA_NESTED },
282 [NL80211_ATTR_SCAN_SSIDS] = { .type = NLA_NESTED },
283
284 [NL80211_ATTR_SSID] = { .type = NLA_BINARY,
285 .len = IEEE80211_MAX_SSID_LEN },
286 [NL80211_ATTR_AUTH_TYPE] = { .type = NLA_U32 },
287 [NL80211_ATTR_REASON_CODE] = { .type = NLA_U16 },
288 [NL80211_ATTR_FREQ_FIXED] = { .type = NLA_FLAG },
289 [NL80211_ATTR_TIMED_OUT] = { .type = NLA_FLAG },
290 [NL80211_ATTR_USE_MFP] = { .type = NLA_U32 },
291 [NL80211_ATTR_STA_FLAGS2] = {
292 .len = sizeof(struct nl80211_sta_flag_update),
293 },
294 [NL80211_ATTR_CONTROL_PORT] = { .type = NLA_FLAG },
295 [NL80211_ATTR_CONTROL_PORT_ETHERTYPE] = { .type = NLA_U16 },
296 [NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT] = { .type = NLA_FLAG },
297 [NL80211_ATTR_PRIVACY] = { .type = NLA_FLAG },
298 [NL80211_ATTR_CIPHER_SUITE_GROUP] = { .type = NLA_U32 },
299 [NL80211_ATTR_WPA_VERSIONS] = { .type = NLA_U32 },
300 [NL80211_ATTR_PID] = { .type = NLA_U32 },
301 [NL80211_ATTR_4ADDR] = { .type = NLA_U8 },
302 [NL80211_ATTR_PMKID] = { .type = NLA_BINARY,
303 .len = WLAN_PMKID_LEN },
304 [NL80211_ATTR_DURATION] = { .type = NLA_U32 },
305 [NL80211_ATTR_COOKIE] = { .type = NLA_U64 },
306 [NL80211_ATTR_TX_RATES] = { .type = NLA_NESTED },
307 [NL80211_ATTR_FRAME] = { .type = NLA_BINARY,
308 .len = IEEE80211_MAX_DATA_LEN },
309 [NL80211_ATTR_FRAME_MATCH] = { .type = NLA_BINARY, },
310 [NL80211_ATTR_PS_STATE] = { .type = NLA_U32 },
311 [NL80211_ATTR_CQM] = { .type = NLA_NESTED, },
312 [NL80211_ATTR_LOCAL_STATE_CHANGE] = { .type = NLA_FLAG },
313 [NL80211_ATTR_AP_ISOLATE] = { .type = NLA_U8 },
314 [NL80211_ATTR_WIPHY_TX_POWER_SETTING] = { .type = NLA_U32 },
315 [NL80211_ATTR_WIPHY_TX_POWER_LEVEL] = { .type = NLA_U32 },
316 [NL80211_ATTR_FRAME_TYPE] = { .type = NLA_U16 },
317 [NL80211_ATTR_WIPHY_ANTENNA_TX] = { .type = NLA_U32 },
318 [NL80211_ATTR_WIPHY_ANTENNA_RX] = { .type = NLA_U32 },
319 [NL80211_ATTR_MCAST_RATE] = { .type = NLA_U32 },
320 [NL80211_ATTR_OFFCHANNEL_TX_OK] = { .type = NLA_FLAG },
321 [NL80211_ATTR_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
322 [NL80211_ATTR_WOWLAN_TRIGGERS] = { .type = NLA_NESTED },
323 [NL80211_ATTR_STA_PLINK_STATE] = { .type = NLA_U8 },
324 [NL80211_ATTR_SCHED_SCAN_INTERVAL] = { .type = NLA_U32 },
325 [NL80211_ATTR_REKEY_DATA] = { .type = NLA_NESTED },
326 [NL80211_ATTR_SCAN_SUPP_RATES] = { .type = NLA_NESTED },
327 [NL80211_ATTR_HIDDEN_SSID] = { .type = NLA_U32 },
328 [NL80211_ATTR_IE_PROBE_RESP] = { .type = NLA_BINARY,
329 .len = IEEE80211_MAX_DATA_LEN },
330 [NL80211_ATTR_IE_ASSOC_RESP] = { .type = NLA_BINARY,
331 .len = IEEE80211_MAX_DATA_LEN },
332 [NL80211_ATTR_ROAM_SUPPORT] = { .type = NLA_FLAG },
333 [NL80211_ATTR_SCHED_SCAN_MATCH] = { .type = NLA_NESTED },
334 [NL80211_ATTR_TX_NO_CCK_RATE] = { .type = NLA_FLAG },
335 [NL80211_ATTR_TDLS_ACTION] = { .type = NLA_U8 },
336 [NL80211_ATTR_TDLS_DIALOG_TOKEN] = { .type = NLA_U8 },
337 [NL80211_ATTR_TDLS_OPERATION] = { .type = NLA_U8 },
338 [NL80211_ATTR_TDLS_SUPPORT] = { .type = NLA_FLAG },
339 [NL80211_ATTR_TDLS_EXTERNAL_SETUP] = { .type = NLA_FLAG },
340 [NL80211_ATTR_DONT_WAIT_FOR_ACK] = { .type = NLA_FLAG },
341 [NL80211_ATTR_PROBE_RESP] = { .type = NLA_BINARY,
342 .len = IEEE80211_MAX_DATA_LEN },
343 [NL80211_ATTR_DFS_REGION] = { .type = NLA_U8 },
344 [NL80211_ATTR_DISABLE_HT] = { .type = NLA_FLAG },
345 [NL80211_ATTR_HT_CAPABILITY_MASK] = {
346 .len = NL80211_HT_CAPABILITY_LEN
347 },
348 [NL80211_ATTR_NOACK_MAP] = { .type = NLA_U16 },
349 [NL80211_ATTR_INACTIVITY_TIMEOUT] = { .type = NLA_U16 },
350 [NL80211_ATTR_BG_SCAN_PERIOD] = { .type = NLA_U16 },
351 [NL80211_ATTR_WDEV] = { .type = NLA_U64 },
352 [NL80211_ATTR_USER_REG_HINT_TYPE] = { .type = NLA_U32 },
353 [NL80211_ATTR_SAE_DATA] = { .type = NLA_BINARY, },
354 [NL80211_ATTR_VHT_CAPABILITY] = { .len = NL80211_VHT_CAPABILITY_LEN },
355 [NL80211_ATTR_SCAN_FLAGS] = { .type = NLA_U32 },
356 [NL80211_ATTR_P2P_CTWINDOW] = { .type = NLA_U8 },
357 [NL80211_ATTR_P2P_OPPPS] = { .type = NLA_U8 },
358 [NL80211_ATTR_ACL_POLICY] = {. type = NLA_U32 },
359 [NL80211_ATTR_MAC_ADDRS] = { .type = NLA_NESTED },
360 [NL80211_ATTR_STA_CAPABILITY] = { .type = NLA_U16 },
361 [NL80211_ATTR_STA_EXT_CAPABILITY] = { .type = NLA_BINARY, },
362 [NL80211_ATTR_SPLIT_WIPHY_DUMP] = { .type = NLA_FLAG, },
363 [NL80211_ATTR_DISABLE_VHT] = { .type = NLA_FLAG },
364 [NL80211_ATTR_VHT_CAPABILITY_MASK] = {
365 .len = NL80211_VHT_CAPABILITY_LEN,
366 },
367 [NL80211_ATTR_MDID] = { .type = NLA_U16 },
368 [NL80211_ATTR_IE_RIC] = { .type = NLA_BINARY,
369 .len = IEEE80211_MAX_DATA_LEN },
370 [NL80211_ATTR_PEER_AID] = { .type = NLA_U16 },
371 [NL80211_ATTR_CH_SWITCH_COUNT] = { .type = NLA_U32 },
372 [NL80211_ATTR_CH_SWITCH_BLOCK_TX] = { .type = NLA_FLAG },
373 [NL80211_ATTR_CSA_IES] = { .type = NLA_NESTED },
374 [NL80211_ATTR_CSA_C_OFF_BEACON] = { .type = NLA_U16 },
375 [NL80211_ATTR_CSA_C_OFF_PRESP] = { .type = NLA_U16 },
376 [NL80211_ATTR_STA_SUPPORTED_CHANNELS] = { .type = NLA_BINARY },
377 [NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES] = { .type = NLA_BINARY },
378 [NL80211_ATTR_HANDLE_DFS] = { .type = NLA_FLAG },
379 [NL80211_ATTR_OPMODE_NOTIF] = { .type = NLA_U8 },
380 [NL80211_ATTR_VENDOR_ID] = { .type = NLA_U32 },
381 [NL80211_ATTR_VENDOR_SUBCMD] = { .type = NLA_U32 },
382 [NL80211_ATTR_VENDOR_DATA] = { .type = NLA_BINARY },
383 [NL80211_ATTR_QOS_MAP] = { .type = NLA_BINARY,
384 .len = IEEE80211_QOS_MAP_LEN_MAX },
385 [NL80211_ATTR_MAC_HINT] = { .len = ETH_ALEN },
386 [NL80211_ATTR_WIPHY_FREQ_HINT] = { .type = NLA_U32 },
387 };
388
389 /* policy for the key attributes */
390 static const struct nla_policy nl80211_key_policy[NL80211_KEY_MAX + 1] = {
391 [NL80211_KEY_DATA] = { .type = NLA_BINARY, .len = WLAN_MAX_KEY_LEN },
392 [NL80211_KEY_IDX] = { .type = NLA_U8 },
393 [NL80211_KEY_CIPHER] = { .type = NLA_U32 },
394 [NL80211_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
395 [NL80211_KEY_DEFAULT] = { .type = NLA_FLAG },
396 [NL80211_KEY_DEFAULT_MGMT] = { .type = NLA_FLAG },
397 [NL80211_KEY_TYPE] = { .type = NLA_U32 },
398 [NL80211_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
399 };
400
401 /* policy for the key default flags */
402 static const struct nla_policy
403 nl80211_key_default_policy[NUM_NL80211_KEY_DEFAULT_TYPES] = {
404 [NL80211_KEY_DEFAULT_TYPE_UNICAST] = { .type = NLA_FLAG },
405 [NL80211_KEY_DEFAULT_TYPE_MULTICAST] = { .type = NLA_FLAG },
406 };
407
408 /* policy for WoWLAN attributes */
409 static const struct nla_policy
410 nl80211_wowlan_policy[NUM_NL80211_WOWLAN_TRIG] = {
411 [NL80211_WOWLAN_TRIG_ANY] = { .type = NLA_FLAG },
412 [NL80211_WOWLAN_TRIG_DISCONNECT] = { .type = NLA_FLAG },
413 [NL80211_WOWLAN_TRIG_MAGIC_PKT] = { .type = NLA_FLAG },
414 [NL80211_WOWLAN_TRIG_PKT_PATTERN] = { .type = NLA_NESTED },
415 [NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE] = { .type = NLA_FLAG },
416 [NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST] = { .type = NLA_FLAG },
417 [NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE] = { .type = NLA_FLAG },
418 [NL80211_WOWLAN_TRIG_RFKILL_RELEASE] = { .type = NLA_FLAG },
419 [NL80211_WOWLAN_TRIG_TCP_CONNECTION] = { .type = NLA_NESTED },
420 };
421
422 static const struct nla_policy
423 nl80211_wowlan_tcp_policy[NUM_NL80211_WOWLAN_TCP] = {
424 [NL80211_WOWLAN_TCP_SRC_IPV4] = { .type = NLA_U32 },
425 [NL80211_WOWLAN_TCP_DST_IPV4] = { .type = NLA_U32 },
426 [NL80211_WOWLAN_TCP_DST_MAC] = { .len = ETH_ALEN },
427 [NL80211_WOWLAN_TCP_SRC_PORT] = { .type = NLA_U16 },
428 [NL80211_WOWLAN_TCP_DST_PORT] = { .type = NLA_U16 },
429 [NL80211_WOWLAN_TCP_DATA_PAYLOAD] = { .len = 1 },
430 [NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ] = {
431 .len = sizeof(struct nl80211_wowlan_tcp_data_seq)
432 },
433 [NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN] = {
434 .len = sizeof(struct nl80211_wowlan_tcp_data_token)
435 },
436 [NL80211_WOWLAN_TCP_DATA_INTERVAL] = { .type = NLA_U32 },
437 [NL80211_WOWLAN_TCP_WAKE_PAYLOAD] = { .len = 1 },
438 [NL80211_WOWLAN_TCP_WAKE_MASK] = { .len = 1 },
439 };
440
441 /* policy for coalesce rule attributes */
442 static const struct nla_policy
443 nl80211_coalesce_policy[NUM_NL80211_ATTR_COALESCE_RULE] = {
444 [NL80211_ATTR_COALESCE_RULE_DELAY] = { .type = NLA_U32 },
445 [NL80211_ATTR_COALESCE_RULE_CONDITION] = { .type = NLA_U32 },
446 [NL80211_ATTR_COALESCE_RULE_PKT_PATTERN] = { .type = NLA_NESTED },
447 };
448
449 /* policy for GTK rekey offload attributes */
450 static const struct nla_policy
451 nl80211_rekey_policy[NUM_NL80211_REKEY_DATA] = {
452 [NL80211_REKEY_DATA_KEK] = { .len = NL80211_KEK_LEN },
453 [NL80211_REKEY_DATA_KCK] = { .len = NL80211_KCK_LEN },
454 [NL80211_REKEY_DATA_REPLAY_CTR] = { .len = NL80211_REPLAY_CTR_LEN },
455 };
456
457 static const struct nla_policy
458 nl80211_match_policy[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1] = {
459 [NL80211_SCHED_SCAN_MATCH_ATTR_SSID] = { .type = NLA_BINARY,
460 .len = IEEE80211_MAX_SSID_LEN },
461 [NL80211_SCHED_SCAN_MATCH_ATTR_RSSI] = { .type = NLA_U32 },
462 };
463
464 static int nl80211_prepare_wdev_dump(struct sk_buff *skb,
465 struct netlink_callback *cb,
466 struct cfg80211_registered_device **rdev,
467 struct wireless_dev **wdev)
468 {
469 int err;
470
471 rtnl_lock();
472
473 if (!cb->args[0]) {
474 err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
475 nl80211_fam.attrbuf, nl80211_fam.maxattr,
476 nl80211_policy);
477 if (err)
478 goto out_unlock;
479
480 *wdev = __cfg80211_wdev_from_attrs(sock_net(skb->sk),
481 nl80211_fam.attrbuf);
482 if (IS_ERR(*wdev)) {
483 err = PTR_ERR(*wdev);
484 goto out_unlock;
485 }
486 *rdev = wiphy_to_dev((*wdev)->wiphy);
487 /* 0 is the first index - add 1 to parse only once */
488 cb->args[0] = (*rdev)->wiphy_idx + 1;
489 cb->args[1] = (*wdev)->identifier;
490 } else {
491 /* subtract the 1 again here */
492 struct wiphy *wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1);
493 struct wireless_dev *tmp;
494
495 if (!wiphy) {
496 err = -ENODEV;
497 goto out_unlock;
498 }
499 *rdev = wiphy_to_dev(wiphy);
500 *wdev = NULL;
501
502 list_for_each_entry(tmp, &(*rdev)->wdev_list, list) {
503 if (tmp->identifier == cb->args[1]) {
504 *wdev = tmp;
505 break;
506 }
507 }
508
509 if (!*wdev) {
510 err = -ENODEV;
511 goto out_unlock;
512 }
513 }
514
515 return 0;
516 out_unlock:
517 rtnl_unlock();
518 return err;
519 }
520
521 static void nl80211_finish_wdev_dump(struct cfg80211_registered_device *rdev)
522 {
523 rtnl_unlock();
524 }
525
526 /* IE validation */
527 static bool is_valid_ie_attr(const struct nlattr *attr)
528 {
529 const u8 *pos;
530 int len;
531
532 if (!attr)
533 return true;
534
535 pos = nla_data(attr);
536 len = nla_len(attr);
537
538 while (len) {
539 u8 elemlen;
540
541 if (len < 2)
542 return false;
543 len -= 2;
544
545 elemlen = pos[1];
546 if (elemlen > len)
547 return false;
548
549 len -= elemlen;
550 pos += 2 + elemlen;
551 }
552
553 return true;
554 }
555
556 /* message building helper */
557 static inline void *nl80211hdr_put(struct sk_buff *skb, u32 portid, u32 seq,
558 int flags, u8 cmd)
559 {
560 /* since there is no private header just add the generic one */
561 return genlmsg_put(skb, portid, seq, &nl80211_fam, flags, cmd);
562 }
563
564 static int nl80211_msg_put_channel(struct sk_buff *msg,
565 struct ieee80211_channel *chan,
566 bool large)
567 {
568 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_FREQ,
569 chan->center_freq))
570 goto nla_put_failure;
571
572 if ((chan->flags & IEEE80211_CHAN_DISABLED) &&
573 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_DISABLED))
574 goto nla_put_failure;
575 if (chan->flags & IEEE80211_CHAN_NO_IR) {
576 if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_IR))
577 goto nla_put_failure;
578 if (nla_put_flag(msg, __NL80211_FREQUENCY_ATTR_NO_IBSS))
579 goto nla_put_failure;
580 }
581 if (chan->flags & IEEE80211_CHAN_RADAR) {
582 if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_RADAR))
583 goto nla_put_failure;
584 if (large) {
585 u32 time;
586
587 time = elapsed_jiffies_msecs(chan->dfs_state_entered);
588
589 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_STATE,
590 chan->dfs_state))
591 goto nla_put_failure;
592 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_TIME,
593 time))
594 goto nla_put_failure;
595 }
596 }
597
598 if (large) {
599 if ((chan->flags & IEEE80211_CHAN_NO_HT40MINUS) &&
600 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_MINUS))
601 goto nla_put_failure;
602 if ((chan->flags & IEEE80211_CHAN_NO_HT40PLUS) &&
603 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_PLUS))
604 goto nla_put_failure;
605 if ((chan->flags & IEEE80211_CHAN_NO_80MHZ) &&
606 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_80MHZ))
607 goto nla_put_failure;
608 if ((chan->flags & IEEE80211_CHAN_NO_160MHZ) &&
609 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_160MHZ))
610 goto nla_put_failure;
611 }
612
613 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_MAX_TX_POWER,
614 DBM_TO_MBM(chan->max_power)))
615 goto nla_put_failure;
616
617 return 0;
618
619 nla_put_failure:
620 return -ENOBUFS;
621 }
622
623 /* netlink command implementations */
624
625 struct key_parse {
626 struct key_params p;
627 int idx;
628 int type;
629 bool def, defmgmt;
630 bool def_uni, def_multi;
631 };
632
633 static int nl80211_parse_key_new(struct nlattr *key, struct key_parse *k)
634 {
635 struct nlattr *tb[NL80211_KEY_MAX + 1];
636 int err = nla_parse_nested(tb, NL80211_KEY_MAX, key,
637 nl80211_key_policy);
638 if (err)
639 return err;
640
641 k->def = !!tb[NL80211_KEY_DEFAULT];
642 k->defmgmt = !!tb[NL80211_KEY_DEFAULT_MGMT];
643
644 if (k->def) {
645 k->def_uni = true;
646 k->def_multi = true;
647 }
648 if (k->defmgmt)
649 k->def_multi = true;
650
651 if (tb[NL80211_KEY_IDX])
652 k->idx = nla_get_u8(tb[NL80211_KEY_IDX]);
653
654 if (tb[NL80211_KEY_DATA]) {
655 k->p.key = nla_data(tb[NL80211_KEY_DATA]);
656 k->p.key_len = nla_len(tb[NL80211_KEY_DATA]);
657 }
658
659 if (tb[NL80211_KEY_SEQ]) {
660 k->p.seq = nla_data(tb[NL80211_KEY_SEQ]);
661 k->p.seq_len = nla_len(tb[NL80211_KEY_SEQ]);
662 }
663
664 if (tb[NL80211_KEY_CIPHER])
665 k->p.cipher = nla_get_u32(tb[NL80211_KEY_CIPHER]);
666
667 if (tb[NL80211_KEY_TYPE]) {
668 k->type = nla_get_u32(tb[NL80211_KEY_TYPE]);
669 if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES)
670 return -EINVAL;
671 }
672
673 if (tb[NL80211_KEY_DEFAULT_TYPES]) {
674 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
675 err = nla_parse_nested(kdt, NUM_NL80211_KEY_DEFAULT_TYPES - 1,
676 tb[NL80211_KEY_DEFAULT_TYPES],
677 nl80211_key_default_policy);
678 if (err)
679 return err;
680
681 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
682 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
683 }
684
685 return 0;
686 }
687
688 static int nl80211_parse_key_old(struct genl_info *info, struct key_parse *k)
689 {
690 if (info->attrs[NL80211_ATTR_KEY_DATA]) {
691 k->p.key = nla_data(info->attrs[NL80211_ATTR_KEY_DATA]);
692 k->p.key_len = nla_len(info->attrs[NL80211_ATTR_KEY_DATA]);
693 }
694
695 if (info->attrs[NL80211_ATTR_KEY_SEQ]) {
696 k->p.seq = nla_data(info->attrs[NL80211_ATTR_KEY_SEQ]);
697 k->p.seq_len = nla_len(info->attrs[NL80211_ATTR_KEY_SEQ]);
698 }
699
700 if (info->attrs[NL80211_ATTR_KEY_IDX])
701 k->idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
702
703 if (info->attrs[NL80211_ATTR_KEY_CIPHER])
704 k->p.cipher = nla_get_u32(info->attrs[NL80211_ATTR_KEY_CIPHER]);
705
706 k->def = !!info->attrs[NL80211_ATTR_KEY_DEFAULT];
707 k->defmgmt = !!info->attrs[NL80211_ATTR_KEY_DEFAULT_MGMT];
708
709 if (k->def) {
710 k->def_uni = true;
711 k->def_multi = true;
712 }
713 if (k->defmgmt)
714 k->def_multi = true;
715
716 if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
717 k->type = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
718 if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES)
719 return -EINVAL;
720 }
721
722 if (info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES]) {
723 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
724 int err = nla_parse_nested(
725 kdt, NUM_NL80211_KEY_DEFAULT_TYPES - 1,
726 info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES],
727 nl80211_key_default_policy);
728 if (err)
729 return err;
730
731 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
732 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
733 }
734
735 return 0;
736 }
737
738 static int nl80211_parse_key(struct genl_info *info, struct key_parse *k)
739 {
740 int err;
741
742 memset(k, 0, sizeof(*k));
743 k->idx = -1;
744 k->type = -1;
745
746 if (info->attrs[NL80211_ATTR_KEY])
747 err = nl80211_parse_key_new(info->attrs[NL80211_ATTR_KEY], k);
748 else
749 err = nl80211_parse_key_old(info, k);
750
751 if (err)
752 return err;
753
754 if (k->def && k->defmgmt)
755 return -EINVAL;
756
757 if (k->defmgmt) {
758 if (k->def_uni || !k->def_multi)
759 return -EINVAL;
760 }
761
762 if (k->idx != -1) {
763 if (k->defmgmt) {
764 if (k->idx < 4 || k->idx > 5)
765 return -EINVAL;
766 } else if (k->def) {
767 if (k->idx < 0 || k->idx > 3)
768 return -EINVAL;
769 } else {
770 if (k->idx < 0 || k->idx > 5)
771 return -EINVAL;
772 }
773 }
774
775 return 0;
776 }
777
778 static struct cfg80211_cached_keys *
779 nl80211_parse_connkeys(struct cfg80211_registered_device *rdev,
780 struct nlattr *keys, bool *no_ht)
781 {
782 struct key_parse parse;
783 struct nlattr *key;
784 struct cfg80211_cached_keys *result;
785 int rem, err, def = 0;
786
787 result = kzalloc(sizeof(*result), GFP_KERNEL);
788 if (!result)
789 return ERR_PTR(-ENOMEM);
790
791 result->def = -1;
792 result->defmgmt = -1;
793
794 nla_for_each_nested(key, keys, rem) {
795 memset(&parse, 0, sizeof(parse));
796 parse.idx = -1;
797
798 err = nl80211_parse_key_new(key, &parse);
799 if (err)
800 goto error;
801 err = -EINVAL;
802 if (!parse.p.key)
803 goto error;
804 if (parse.idx < 0 || parse.idx > 4)
805 goto error;
806 if (parse.def) {
807 if (def)
808 goto error;
809 def = 1;
810 result->def = parse.idx;
811 if (!parse.def_uni || !parse.def_multi)
812 goto error;
813 } else if (parse.defmgmt)
814 goto error;
815 err = cfg80211_validate_key_settings(rdev, &parse.p,
816 parse.idx, false, NULL);
817 if (err)
818 goto error;
819 result->params[parse.idx].cipher = parse.p.cipher;
820 result->params[parse.idx].key_len = parse.p.key_len;
821 result->params[parse.idx].key = result->data[parse.idx];
822 memcpy(result->data[parse.idx], parse.p.key, parse.p.key_len);
823
824 if (parse.p.cipher == WLAN_CIPHER_SUITE_WEP40 ||
825 parse.p.cipher == WLAN_CIPHER_SUITE_WEP104) {
826 if (no_ht)
827 *no_ht = true;
828 }
829 }
830
831 return result;
832 error:
833 kfree(result);
834 return ERR_PTR(err);
835 }
836
837 static int nl80211_key_allowed(struct wireless_dev *wdev)
838 {
839 ASSERT_WDEV_LOCK(wdev);
840
841 switch (wdev->iftype) {
842 case NL80211_IFTYPE_AP:
843 case NL80211_IFTYPE_AP_VLAN:
844 case NL80211_IFTYPE_P2P_GO:
845 case NL80211_IFTYPE_MESH_POINT:
846 break;
847 case NL80211_IFTYPE_ADHOC:
848 case NL80211_IFTYPE_STATION:
849 case NL80211_IFTYPE_P2P_CLIENT:
850 if (!wdev->current_bss)
851 return -ENOLINK;
852 break;
853 default:
854 return -EINVAL;
855 }
856
857 return 0;
858 }
859
860 static int nl80211_put_iftypes(struct sk_buff *msg, u32 attr, u16 ifmodes)
861 {
862 struct nlattr *nl_modes = nla_nest_start(msg, attr);
863 int i;
864
865 if (!nl_modes)
866 goto nla_put_failure;
867
868 i = 0;
869 while (ifmodes) {
870 if ((ifmodes & 1) && nla_put_flag(msg, i))
871 goto nla_put_failure;
872 ifmodes >>= 1;
873 i++;
874 }
875
876 nla_nest_end(msg, nl_modes);
877 return 0;
878
879 nla_put_failure:
880 return -ENOBUFS;
881 }
882
883 static int nl80211_put_iface_combinations(struct wiphy *wiphy,
884 struct sk_buff *msg,
885 bool large)
886 {
887 struct nlattr *nl_combis;
888 int i, j;
889
890 nl_combis = nla_nest_start(msg,
891 NL80211_ATTR_INTERFACE_COMBINATIONS);
892 if (!nl_combis)
893 goto nla_put_failure;
894
895 for (i = 0; i < wiphy->n_iface_combinations; i++) {
896 const struct ieee80211_iface_combination *c;
897 struct nlattr *nl_combi, *nl_limits;
898
899 c = &wiphy->iface_combinations[i];
900
901 nl_combi = nla_nest_start(msg, i + 1);
902 if (!nl_combi)
903 goto nla_put_failure;
904
905 nl_limits = nla_nest_start(msg, NL80211_IFACE_COMB_LIMITS);
906 if (!nl_limits)
907 goto nla_put_failure;
908
909 for (j = 0; j < c->n_limits; j++) {
910 struct nlattr *nl_limit;
911
912 nl_limit = nla_nest_start(msg, j + 1);
913 if (!nl_limit)
914 goto nla_put_failure;
915 if (nla_put_u32(msg, NL80211_IFACE_LIMIT_MAX,
916 c->limits[j].max))
917 goto nla_put_failure;
918 if (nl80211_put_iftypes(msg, NL80211_IFACE_LIMIT_TYPES,
919 c->limits[j].types))
920 goto nla_put_failure;
921 nla_nest_end(msg, nl_limit);
922 }
923
924 nla_nest_end(msg, nl_limits);
925
926 if (c->beacon_int_infra_match &&
927 nla_put_flag(msg, NL80211_IFACE_COMB_STA_AP_BI_MATCH))
928 goto nla_put_failure;
929 if (nla_put_u32(msg, NL80211_IFACE_COMB_NUM_CHANNELS,
930 c->num_different_channels) ||
931 nla_put_u32(msg, NL80211_IFACE_COMB_MAXNUM,
932 c->max_interfaces))
933 goto nla_put_failure;
934 if (large &&
935 nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_WIDTHS,
936 c->radar_detect_widths))
937 goto nla_put_failure;
938
939 nla_nest_end(msg, nl_combi);
940 }
941
942 nla_nest_end(msg, nl_combis);
943
944 return 0;
945 nla_put_failure:
946 return -ENOBUFS;
947 }
948
949 #ifdef CONFIG_PM
950 static int nl80211_send_wowlan_tcp_caps(struct cfg80211_registered_device *rdev,
951 struct sk_buff *msg)
952 {
953 const struct wiphy_wowlan_tcp_support *tcp = rdev->wiphy.wowlan->tcp;
954 struct nlattr *nl_tcp;
955
956 if (!tcp)
957 return 0;
958
959 nl_tcp = nla_nest_start(msg, NL80211_WOWLAN_TRIG_TCP_CONNECTION);
960 if (!nl_tcp)
961 return -ENOBUFS;
962
963 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
964 tcp->data_payload_max))
965 return -ENOBUFS;
966
967 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
968 tcp->data_payload_max))
969 return -ENOBUFS;
970
971 if (tcp->seq && nla_put_flag(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ))
972 return -ENOBUFS;
973
974 if (tcp->tok && nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
975 sizeof(*tcp->tok), tcp->tok))
976 return -ENOBUFS;
977
978 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
979 tcp->data_interval_max))
980 return -ENOBUFS;
981
982 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
983 tcp->wake_payload_max))
984 return -ENOBUFS;
985
986 nla_nest_end(msg, nl_tcp);
987 return 0;
988 }
989
990 static int nl80211_send_wowlan(struct sk_buff *msg,
991 struct cfg80211_registered_device *dev,
992 bool large)
993 {
994 struct nlattr *nl_wowlan;
995
996 if (!dev->wiphy.wowlan)
997 return 0;
998
999 nl_wowlan = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS_SUPPORTED);
1000 if (!nl_wowlan)
1001 return -ENOBUFS;
1002
1003 if (((dev->wiphy.wowlan->flags & WIPHY_WOWLAN_ANY) &&
1004 nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
1005 ((dev->wiphy.wowlan->flags & WIPHY_WOWLAN_DISCONNECT) &&
1006 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
1007 ((dev->wiphy.wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT) &&
1008 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
1009 ((dev->wiphy.wowlan->flags & WIPHY_WOWLAN_SUPPORTS_GTK_REKEY) &&
1010 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED)) ||
1011 ((dev->wiphy.wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE) &&
1012 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
1013 ((dev->wiphy.wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ) &&
1014 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
1015 ((dev->wiphy.wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE) &&
1016 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
1017 ((dev->wiphy.wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE) &&
1018 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
1019 return -ENOBUFS;
1020
1021 if (dev->wiphy.wowlan->n_patterns) {
1022 struct nl80211_pattern_support pat = {
1023 .max_patterns = dev->wiphy.wowlan->n_patterns,
1024 .min_pattern_len = dev->wiphy.wowlan->pattern_min_len,
1025 .max_pattern_len = dev->wiphy.wowlan->pattern_max_len,
1026 .max_pkt_offset = dev->wiphy.wowlan->max_pkt_offset,
1027 };
1028
1029 if (nla_put(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
1030 sizeof(pat), &pat))
1031 return -ENOBUFS;
1032 }
1033
1034 if (large && nl80211_send_wowlan_tcp_caps(dev, msg))
1035 return -ENOBUFS;
1036
1037 nla_nest_end(msg, nl_wowlan);
1038
1039 return 0;
1040 }
1041 #endif
1042
1043 static int nl80211_send_coalesce(struct sk_buff *msg,
1044 struct cfg80211_registered_device *dev)
1045 {
1046 struct nl80211_coalesce_rule_support rule;
1047
1048 if (!dev->wiphy.coalesce)
1049 return 0;
1050
1051 rule.max_rules = dev->wiphy.coalesce->n_rules;
1052 rule.max_delay = dev->wiphy.coalesce->max_delay;
1053 rule.pat.max_patterns = dev->wiphy.coalesce->n_patterns;
1054 rule.pat.min_pattern_len = dev->wiphy.coalesce->pattern_min_len;
1055 rule.pat.max_pattern_len = dev->wiphy.coalesce->pattern_max_len;
1056 rule.pat.max_pkt_offset = dev->wiphy.coalesce->max_pkt_offset;
1057
1058 if (nla_put(msg, NL80211_ATTR_COALESCE_RULE, sizeof(rule), &rule))
1059 return -ENOBUFS;
1060
1061 return 0;
1062 }
1063
1064 static int nl80211_send_band_rateinfo(struct sk_buff *msg,
1065 struct ieee80211_supported_band *sband)
1066 {
1067 struct nlattr *nl_rates, *nl_rate;
1068 struct ieee80211_rate *rate;
1069 int i;
1070
1071 /* add HT info */
1072 if (sband->ht_cap.ht_supported &&
1073 (nla_put(msg, NL80211_BAND_ATTR_HT_MCS_SET,
1074 sizeof(sband->ht_cap.mcs),
1075 &sband->ht_cap.mcs) ||
1076 nla_put_u16(msg, NL80211_BAND_ATTR_HT_CAPA,
1077 sband->ht_cap.cap) ||
1078 nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_FACTOR,
1079 sband->ht_cap.ampdu_factor) ||
1080 nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_DENSITY,
1081 sband->ht_cap.ampdu_density)))
1082 return -ENOBUFS;
1083
1084 /* add VHT info */
1085 if (sband->vht_cap.vht_supported &&
1086 (nla_put(msg, NL80211_BAND_ATTR_VHT_MCS_SET,
1087 sizeof(sband->vht_cap.vht_mcs),
1088 &sband->vht_cap.vht_mcs) ||
1089 nla_put_u32(msg, NL80211_BAND_ATTR_VHT_CAPA,
1090 sband->vht_cap.cap)))
1091 return -ENOBUFS;
1092
1093 /* add bitrates */
1094 nl_rates = nla_nest_start(msg, NL80211_BAND_ATTR_RATES);
1095 if (!nl_rates)
1096 return -ENOBUFS;
1097
1098 for (i = 0; i < sband->n_bitrates; i++) {
1099 nl_rate = nla_nest_start(msg, i);
1100 if (!nl_rate)
1101 return -ENOBUFS;
1102
1103 rate = &sband->bitrates[i];
1104 if (nla_put_u32(msg, NL80211_BITRATE_ATTR_RATE,
1105 rate->bitrate))
1106 return -ENOBUFS;
1107 if ((rate->flags & IEEE80211_RATE_SHORT_PREAMBLE) &&
1108 nla_put_flag(msg,
1109 NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE))
1110 return -ENOBUFS;
1111
1112 nla_nest_end(msg, nl_rate);
1113 }
1114
1115 nla_nest_end(msg, nl_rates);
1116
1117 return 0;
1118 }
1119
1120 static int
1121 nl80211_send_mgmt_stypes(struct sk_buff *msg,
1122 const struct ieee80211_txrx_stypes *mgmt_stypes)
1123 {
1124 u16 stypes;
1125 struct nlattr *nl_ftypes, *nl_ifs;
1126 enum nl80211_iftype ift;
1127 int i;
1128
1129 if (!mgmt_stypes)
1130 return 0;
1131
1132 nl_ifs = nla_nest_start(msg, NL80211_ATTR_TX_FRAME_TYPES);
1133 if (!nl_ifs)
1134 return -ENOBUFS;
1135
1136 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
1137 nl_ftypes = nla_nest_start(msg, ift);
1138 if (!nl_ftypes)
1139 return -ENOBUFS;
1140 i = 0;
1141 stypes = mgmt_stypes[ift].tx;
1142 while (stypes) {
1143 if ((stypes & 1) &&
1144 nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
1145 (i << 4) | IEEE80211_FTYPE_MGMT))
1146 return -ENOBUFS;
1147 stypes >>= 1;
1148 i++;
1149 }
1150 nla_nest_end(msg, nl_ftypes);
1151 }
1152
1153 nla_nest_end(msg, nl_ifs);
1154
1155 nl_ifs = nla_nest_start(msg, NL80211_ATTR_RX_FRAME_TYPES);
1156 if (!nl_ifs)
1157 return -ENOBUFS;
1158
1159 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
1160 nl_ftypes = nla_nest_start(msg, ift);
1161 if (!nl_ftypes)
1162 return -ENOBUFS;
1163 i = 0;
1164 stypes = mgmt_stypes[ift].rx;
1165 while (stypes) {
1166 if ((stypes & 1) &&
1167 nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
1168 (i << 4) | IEEE80211_FTYPE_MGMT))
1169 return -ENOBUFS;
1170 stypes >>= 1;
1171 i++;
1172 }
1173 nla_nest_end(msg, nl_ftypes);
1174 }
1175 nla_nest_end(msg, nl_ifs);
1176
1177 return 0;
1178 }
1179
1180 struct nl80211_dump_wiphy_state {
1181 s64 filter_wiphy;
1182 long start;
1183 long split_start, band_start, chan_start;
1184 bool split;
1185 };
1186
1187 static int nl80211_send_wiphy(struct cfg80211_registered_device *dev,
1188 struct sk_buff *msg, u32 portid, u32 seq,
1189 int flags, struct nl80211_dump_wiphy_state *state)
1190 {
1191 void *hdr;
1192 struct nlattr *nl_bands, *nl_band;
1193 struct nlattr *nl_freqs, *nl_freq;
1194 struct nlattr *nl_cmds;
1195 enum ieee80211_band band;
1196 struct ieee80211_channel *chan;
1197 int i;
1198 const struct ieee80211_txrx_stypes *mgmt_stypes =
1199 dev->wiphy.mgmt_stypes;
1200 u32 features;
1201
1202 hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_WIPHY);
1203 if (!hdr)
1204 return -ENOBUFS;
1205
1206 if (WARN_ON(!state))
1207 return -EINVAL;
1208
1209 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, dev->wiphy_idx) ||
1210 nla_put_string(msg, NL80211_ATTR_WIPHY_NAME,
1211 wiphy_name(&dev->wiphy)) ||
1212 nla_put_u32(msg, NL80211_ATTR_GENERATION,
1213 cfg80211_rdev_list_generation))
1214 goto nla_put_failure;
1215
1216 switch (state->split_start) {
1217 case 0:
1218 if (nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_SHORT,
1219 dev->wiphy.retry_short) ||
1220 nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_LONG,
1221 dev->wiphy.retry_long) ||
1222 nla_put_u32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD,
1223 dev->wiphy.frag_threshold) ||
1224 nla_put_u32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD,
1225 dev->wiphy.rts_threshold) ||
1226 nla_put_u8(msg, NL80211_ATTR_WIPHY_COVERAGE_CLASS,
1227 dev->wiphy.coverage_class) ||
1228 nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCAN_SSIDS,
1229 dev->wiphy.max_scan_ssids) ||
1230 nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS,
1231 dev->wiphy.max_sched_scan_ssids) ||
1232 nla_put_u16(msg, NL80211_ATTR_MAX_SCAN_IE_LEN,
1233 dev->wiphy.max_scan_ie_len) ||
1234 nla_put_u16(msg, NL80211_ATTR_MAX_SCHED_SCAN_IE_LEN,
1235 dev->wiphy.max_sched_scan_ie_len) ||
1236 nla_put_u8(msg, NL80211_ATTR_MAX_MATCH_SETS,
1237 dev->wiphy.max_match_sets))
1238 goto nla_put_failure;
1239
1240 if ((dev->wiphy.flags & WIPHY_FLAG_IBSS_RSN) &&
1241 nla_put_flag(msg, NL80211_ATTR_SUPPORT_IBSS_RSN))
1242 goto nla_put_failure;
1243 if ((dev->wiphy.flags & WIPHY_FLAG_MESH_AUTH) &&
1244 nla_put_flag(msg, NL80211_ATTR_SUPPORT_MESH_AUTH))
1245 goto nla_put_failure;
1246 if ((dev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) &&
1247 nla_put_flag(msg, NL80211_ATTR_SUPPORT_AP_UAPSD))
1248 goto nla_put_failure;
1249 if ((dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_FW_ROAM) &&
1250 nla_put_flag(msg, NL80211_ATTR_ROAM_SUPPORT))
1251 goto nla_put_failure;
1252 if ((dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) &&
1253 nla_put_flag(msg, NL80211_ATTR_TDLS_SUPPORT))
1254 goto nla_put_failure;
1255 if ((dev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP) &&
1256 nla_put_flag(msg, NL80211_ATTR_TDLS_EXTERNAL_SETUP))
1257 goto nla_put_failure;
1258 state->split_start++;
1259 if (state->split)
1260 break;
1261 case 1:
1262 if (nla_put(msg, NL80211_ATTR_CIPHER_SUITES,
1263 sizeof(u32) * dev->wiphy.n_cipher_suites,
1264 dev->wiphy.cipher_suites))
1265 goto nla_put_failure;
1266
1267 if (nla_put_u8(msg, NL80211_ATTR_MAX_NUM_PMKIDS,
1268 dev->wiphy.max_num_pmkids))
1269 goto nla_put_failure;
1270
1271 if ((dev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
1272 nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE))
1273 goto nla_put_failure;
1274
1275 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_TX,
1276 dev->wiphy.available_antennas_tx) ||
1277 nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_RX,
1278 dev->wiphy.available_antennas_rx))
1279 goto nla_put_failure;
1280
1281 if ((dev->wiphy.flags & WIPHY_FLAG_AP_PROBE_RESP_OFFLOAD) &&
1282 nla_put_u32(msg, NL80211_ATTR_PROBE_RESP_OFFLOAD,
1283 dev->wiphy.probe_resp_offload))
1284 goto nla_put_failure;
1285
1286 if ((dev->wiphy.available_antennas_tx ||
1287 dev->wiphy.available_antennas_rx) &&
1288 dev->ops->get_antenna) {
1289 u32 tx_ant = 0, rx_ant = 0;
1290 int res;
1291 res = rdev_get_antenna(dev, &tx_ant, &rx_ant);
1292 if (!res) {
1293 if (nla_put_u32(msg,
1294 NL80211_ATTR_WIPHY_ANTENNA_TX,
1295 tx_ant) ||
1296 nla_put_u32(msg,
1297 NL80211_ATTR_WIPHY_ANTENNA_RX,
1298 rx_ant))
1299 goto nla_put_failure;
1300 }
1301 }
1302
1303 state->split_start++;
1304 if (state->split)
1305 break;
1306 case 2:
1307 if (nl80211_put_iftypes(msg, NL80211_ATTR_SUPPORTED_IFTYPES,
1308 dev->wiphy.interface_modes))
1309 goto nla_put_failure;
1310 state->split_start++;
1311 if (state->split)
1312 break;
1313 case 3:
1314 nl_bands = nla_nest_start(msg, NL80211_ATTR_WIPHY_BANDS);
1315 if (!nl_bands)
1316 goto nla_put_failure;
1317
1318 for (band = state->band_start;
1319 band < IEEE80211_NUM_BANDS; band++) {
1320 struct ieee80211_supported_band *sband;
1321
1322 sband = dev->wiphy.bands[band];
1323
1324 if (!sband)
1325 continue;
1326
1327 nl_band = nla_nest_start(msg, band);
1328 if (!nl_band)
1329 goto nla_put_failure;
1330
1331 switch (state->chan_start) {
1332 case 0:
1333 if (nl80211_send_band_rateinfo(msg, sband))
1334 goto nla_put_failure;
1335 state->chan_start++;
1336 if (state->split)
1337 break;
1338 default:
1339 /* add frequencies */
1340 nl_freqs = nla_nest_start(
1341 msg, NL80211_BAND_ATTR_FREQS);
1342 if (!nl_freqs)
1343 goto nla_put_failure;
1344
1345 for (i = state->chan_start - 1;
1346 i < sband->n_channels;
1347 i++) {
1348 nl_freq = nla_nest_start(msg, i);
1349 if (!nl_freq)
1350 goto nla_put_failure;
1351
1352 chan = &sband->channels[i];
1353
1354 if (nl80211_msg_put_channel(
1355 msg, chan,
1356 state->split))
1357 goto nla_put_failure;
1358
1359 nla_nest_end(msg, nl_freq);
1360 if (state->split)
1361 break;
1362 }
1363 if (i < sband->n_channels)
1364 state->chan_start = i + 2;
1365 else
1366 state->chan_start = 0;
1367 nla_nest_end(msg, nl_freqs);
1368 }
1369
1370 nla_nest_end(msg, nl_band);
1371
1372 if (state->split) {
1373 /* start again here */
1374 if (state->chan_start)
1375 band--;
1376 break;
1377 }
1378 }
1379 nla_nest_end(msg, nl_bands);
1380
1381 if (band < IEEE80211_NUM_BANDS)
1382 state->band_start = band + 1;
1383 else
1384 state->band_start = 0;
1385
1386 /* if bands & channels are done, continue outside */
1387 if (state->band_start == 0 && state->chan_start == 0)
1388 state->split_start++;
1389 if (state->split)
1390 break;
1391 case 4:
1392 nl_cmds = nla_nest_start(msg, NL80211_ATTR_SUPPORTED_COMMANDS);
1393 if (!nl_cmds)
1394 goto nla_put_failure;
1395
1396 i = 0;
1397 #define CMD(op, n) \
1398 do { \
1399 if (dev->ops->op) { \
1400 i++; \
1401 if (nla_put_u32(msg, i, NL80211_CMD_ ## n)) \
1402 goto nla_put_failure; \
1403 } \
1404 } while (0)
1405
1406 CMD(add_virtual_intf, NEW_INTERFACE);
1407 CMD(change_virtual_intf, SET_INTERFACE);
1408 CMD(add_key, NEW_KEY);
1409 CMD(start_ap, START_AP);
1410 CMD(add_station, NEW_STATION);
1411 CMD(add_mpath, NEW_MPATH);
1412 CMD(update_mesh_config, SET_MESH_CONFIG);
1413 CMD(change_bss, SET_BSS);
1414 CMD(auth, AUTHENTICATE);
1415 CMD(assoc, ASSOCIATE);
1416 CMD(deauth, DEAUTHENTICATE);
1417 CMD(disassoc, DISASSOCIATE);
1418 CMD(join_ibss, JOIN_IBSS);
1419 CMD(join_mesh, JOIN_MESH);
1420 CMD(set_pmksa, SET_PMKSA);
1421 CMD(del_pmksa, DEL_PMKSA);
1422 CMD(flush_pmksa, FLUSH_PMKSA);
1423 if (dev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL)
1424 CMD(remain_on_channel, REMAIN_ON_CHANNEL);
1425 CMD(set_bitrate_mask, SET_TX_BITRATE_MASK);
1426 CMD(mgmt_tx, FRAME);
1427 CMD(mgmt_tx_cancel_wait, FRAME_WAIT_CANCEL);
1428 if (dev->wiphy.flags & WIPHY_FLAG_NETNS_OK) {
1429 i++;
1430 if (nla_put_u32(msg, i, NL80211_CMD_SET_WIPHY_NETNS))
1431 goto nla_put_failure;
1432 }
1433 if (dev->ops->set_monitor_channel || dev->ops->start_ap ||
1434 dev->ops->join_mesh) {
1435 i++;
1436 if (nla_put_u32(msg, i, NL80211_CMD_SET_CHANNEL))
1437 goto nla_put_failure;
1438 }
1439 CMD(set_wds_peer, SET_WDS_PEER);
1440 if (dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) {
1441 CMD(tdls_mgmt, TDLS_MGMT);
1442 CMD(tdls_oper, TDLS_OPER);
1443 }
1444 if (dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN)
1445 CMD(sched_scan_start, START_SCHED_SCAN);
1446 CMD(probe_client, PROBE_CLIENT);
1447 CMD(set_noack_map, SET_NOACK_MAP);
1448 if (dev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS) {
1449 i++;
1450 if (nla_put_u32(msg, i, NL80211_CMD_REGISTER_BEACONS))
1451 goto nla_put_failure;
1452 }
1453 CMD(start_p2p_device, START_P2P_DEVICE);
1454 CMD(set_mcast_rate, SET_MCAST_RATE);
1455 if (state->split) {
1456 CMD(crit_proto_start, CRIT_PROTOCOL_START);
1457 CMD(crit_proto_stop, CRIT_PROTOCOL_STOP);
1458 if (dev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH)
1459 CMD(channel_switch, CHANNEL_SWITCH);
1460 }
1461 CMD(set_qos_map, SET_QOS_MAP);
1462
1463 #ifdef CONFIG_NL80211_TESTMODE
1464 CMD(testmode_cmd, TESTMODE);
1465 #endif
1466
1467 #undef CMD
1468
1469 if (dev->ops->connect || dev->ops->auth) {
1470 i++;
1471 if (nla_put_u32(msg, i, NL80211_CMD_CONNECT))
1472 goto nla_put_failure;
1473 }
1474
1475 if (dev->ops->disconnect || dev->ops->deauth) {
1476 i++;
1477 if (nla_put_u32(msg, i, NL80211_CMD_DISCONNECT))
1478 goto nla_put_failure;
1479 }
1480
1481 nla_nest_end(msg, nl_cmds);
1482 state->split_start++;
1483 if (state->split)
1484 break;
1485 case 5:
1486 if (dev->ops->remain_on_channel &&
1487 (dev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL) &&
1488 nla_put_u32(msg,
1489 NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION,
1490 dev->wiphy.max_remain_on_channel_duration))
1491 goto nla_put_failure;
1492
1493 if ((dev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX) &&
1494 nla_put_flag(msg, NL80211_ATTR_OFFCHANNEL_TX_OK))
1495 goto nla_put_failure;
1496
1497 if (nl80211_send_mgmt_stypes(msg, mgmt_stypes))
1498 goto nla_put_failure;
1499 state->split_start++;
1500 if (state->split)
1501 break;
1502 case 6:
1503 #ifdef CONFIG_PM
1504 if (nl80211_send_wowlan(msg, dev, state->split))
1505 goto nla_put_failure;
1506 state->split_start++;
1507 if (state->split)
1508 break;
1509 #else
1510 state->split_start++;
1511 #endif
1512 case 7:
1513 if (nl80211_put_iftypes(msg, NL80211_ATTR_SOFTWARE_IFTYPES,
1514 dev->wiphy.software_iftypes))
1515 goto nla_put_failure;
1516
1517 if (nl80211_put_iface_combinations(&dev->wiphy, msg,
1518 state->split))
1519 goto nla_put_failure;
1520
1521 state->split_start++;
1522 if (state->split)
1523 break;
1524 case 8:
1525 if ((dev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME) &&
1526 nla_put_u32(msg, NL80211_ATTR_DEVICE_AP_SME,
1527 dev->wiphy.ap_sme_capa))
1528 goto nla_put_failure;
1529
1530 features = dev->wiphy.features;
1531 /*
1532 * We can only add the per-channel limit information if the
1533 * dump is split, otherwise it makes it too big. Therefore
1534 * only advertise it in that case.
1535 */
1536 if (state->split)
1537 features |= NL80211_FEATURE_ADVERTISE_CHAN_LIMITS;
1538 if (nla_put_u32(msg, NL80211_ATTR_FEATURE_FLAGS, features))
1539 goto nla_put_failure;
1540
1541 if (dev->wiphy.ht_capa_mod_mask &&
1542 nla_put(msg, NL80211_ATTR_HT_CAPABILITY_MASK,
1543 sizeof(*dev->wiphy.ht_capa_mod_mask),
1544 dev->wiphy.ht_capa_mod_mask))
1545 goto nla_put_failure;
1546
1547 if (dev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME &&
1548 dev->wiphy.max_acl_mac_addrs &&
1549 nla_put_u32(msg, NL80211_ATTR_MAC_ACL_MAX,
1550 dev->wiphy.max_acl_mac_addrs))
1551 goto nla_put_failure;
1552
1553 /*
1554 * Any information below this point is only available to
1555 * applications that can deal with it being split. This
1556 * helps ensure that newly added capabilities don't break
1557 * older tools by overrunning their buffers.
1558 *
1559 * We still increment split_start so that in the split
1560 * case we'll continue with more data in the next round,
1561 * but break unconditionally so unsplit data stops here.
1562 */
1563 state->split_start++;
1564 break;
1565 case 9:
1566 if (dev->wiphy.extended_capabilities &&
1567 (nla_put(msg, NL80211_ATTR_EXT_CAPA,
1568 dev->wiphy.extended_capabilities_len,
1569 dev->wiphy.extended_capabilities) ||
1570 nla_put(msg, NL80211_ATTR_EXT_CAPA_MASK,
1571 dev->wiphy.extended_capabilities_len,
1572 dev->wiphy.extended_capabilities_mask)))
1573 goto nla_put_failure;
1574
1575 if (dev->wiphy.vht_capa_mod_mask &&
1576 nla_put(msg, NL80211_ATTR_VHT_CAPABILITY_MASK,
1577 sizeof(*dev->wiphy.vht_capa_mod_mask),
1578 dev->wiphy.vht_capa_mod_mask))
1579 goto nla_put_failure;
1580
1581 state->split_start++;
1582 break;
1583 case 10:
1584 if (nl80211_send_coalesce(msg, dev))
1585 goto nla_put_failure;
1586
1587 if ((dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ) &&
1588 (nla_put_flag(msg, NL80211_ATTR_SUPPORT_5_MHZ) ||
1589 nla_put_flag(msg, NL80211_ATTR_SUPPORT_10_MHZ)))
1590 goto nla_put_failure;
1591
1592 if (dev->wiphy.max_ap_assoc_sta &&
1593 nla_put_u32(msg, NL80211_ATTR_MAX_AP_ASSOC_STA,
1594 dev->wiphy.max_ap_assoc_sta))
1595 goto nla_put_failure;
1596
1597 state->split_start++;
1598 break;
1599 case 11:
1600 if (dev->wiphy.n_vendor_commands) {
1601 const struct nl80211_vendor_cmd_info *info;
1602 struct nlattr *nested;
1603
1604 nested = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA);
1605 if (!nested)
1606 goto nla_put_failure;
1607
1608 for (i = 0; i < dev->wiphy.n_vendor_commands; i++) {
1609 info = &dev->wiphy.vendor_commands[i].info;
1610 if (nla_put(msg, i + 1, sizeof(*info), info))
1611 goto nla_put_failure;
1612 }
1613 nla_nest_end(msg, nested);
1614 }
1615
1616 if (dev->wiphy.n_vendor_events) {
1617 const struct nl80211_vendor_cmd_info *info;
1618 struct nlattr *nested;
1619
1620 nested = nla_nest_start(msg,
1621 NL80211_ATTR_VENDOR_EVENTS);
1622 if (!nested)
1623 goto nla_put_failure;
1624
1625 for (i = 0; i < dev->wiphy.n_vendor_events; i++) {
1626 info = &dev->wiphy.vendor_events[i];
1627 if (nla_put(msg, i + 1, sizeof(*info), info))
1628 goto nla_put_failure;
1629 }
1630 nla_nest_end(msg, nested);
1631 }
1632
1633 /* done */
1634 state->split_start = 0;
1635 break;
1636 }
1637 return genlmsg_end(msg, hdr);
1638
1639 nla_put_failure:
1640 genlmsg_cancel(msg, hdr);
1641 return -EMSGSIZE;
1642 }
1643
1644 static int nl80211_dump_wiphy_parse(struct sk_buff *skb,
1645 struct netlink_callback *cb,
1646 struct nl80211_dump_wiphy_state *state)
1647 {
1648 struct nlattr **tb = nl80211_fam.attrbuf;
1649 int ret = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
1650 tb, nl80211_fam.maxattr, nl80211_policy);
1651 /* ignore parse errors for backward compatibility */
1652 if (ret)
1653 return 0;
1654
1655 state->split = tb[NL80211_ATTR_SPLIT_WIPHY_DUMP];
1656 if (tb[NL80211_ATTR_WIPHY])
1657 state->filter_wiphy = nla_get_u32(tb[NL80211_ATTR_WIPHY]);
1658 if (tb[NL80211_ATTR_WDEV])
1659 state->filter_wiphy = nla_get_u64(tb[NL80211_ATTR_WDEV]) >> 32;
1660 if (tb[NL80211_ATTR_IFINDEX]) {
1661 struct net_device *netdev;
1662 struct cfg80211_registered_device *rdev;
1663 int ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]);
1664
1665 netdev = __dev_get_by_index(sock_net(skb->sk), ifidx);
1666 if (!netdev)
1667 return -ENODEV;
1668 if (netdev->ieee80211_ptr) {
1669 rdev = wiphy_to_dev(
1670 netdev->ieee80211_ptr->wiphy);
1671 state->filter_wiphy = rdev->wiphy_idx;
1672 }
1673 }
1674
1675 return 0;
1676 }
1677
1678 static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb)
1679 {
1680 int idx = 0, ret;
1681 struct nl80211_dump_wiphy_state *state = (void *)cb->args[0];
1682 struct cfg80211_registered_device *dev;
1683
1684 rtnl_lock();
1685 if (!state) {
1686 state = kzalloc(sizeof(*state), GFP_KERNEL);
1687 if (!state) {
1688 rtnl_unlock();
1689 return -ENOMEM;
1690 }
1691 state->filter_wiphy = -1;
1692 ret = nl80211_dump_wiphy_parse(skb, cb, state);
1693 if (ret) {
1694 kfree(state);
1695 rtnl_unlock();
1696 return ret;
1697 }
1698 cb->args[0] = (long)state;
1699 }
1700
1701 list_for_each_entry(dev, &cfg80211_rdev_list, list) {
1702 if (!net_eq(wiphy_net(&dev->wiphy), sock_net(skb->sk)))
1703 continue;
1704 if (++idx <= state->start)
1705 continue;
1706 if (state->filter_wiphy != -1 &&
1707 state->filter_wiphy != dev->wiphy_idx)
1708 continue;
1709 /* attempt to fit multiple wiphy data chunks into the skb */
1710 do {
1711 ret = nl80211_send_wiphy(dev, skb,
1712 NETLINK_CB(cb->skb).portid,
1713 cb->nlh->nlmsg_seq,
1714 NLM_F_MULTI, state);
1715 if (ret < 0) {
1716 /*
1717 * If sending the wiphy data didn't fit (ENOBUFS
1718 * or EMSGSIZE returned), this SKB is still
1719 * empty (so it's not too big because another
1720 * wiphy dataset is already in the skb) and
1721 * we've not tried to adjust the dump allocation
1722 * yet ... then adjust the alloc size to be
1723 * bigger, and return 1 but with the empty skb.
1724 * This results in an empty message being RX'ed
1725 * in userspace, but that is ignored.
1726 *
1727 * We can then retry with the larger buffer.
1728 */
1729 if ((ret == -ENOBUFS || ret == -EMSGSIZE) &&
1730 !skb->len &&
1731 cb->min_dump_alloc < 4096) {
1732 cb->min_dump_alloc = 4096;
1733 rtnl_unlock();
1734 return 1;
1735 }
1736 idx--;
1737 break;
1738 }
1739 } while (state->split_start > 0);
1740 break;
1741 }
1742 rtnl_unlock();
1743
1744 state->start = idx;
1745
1746 return skb->len;
1747 }
1748
1749 static int nl80211_dump_wiphy_done(struct netlink_callback *cb)
1750 {
1751 kfree((void *)cb->args[0]);
1752 return 0;
1753 }
1754
1755 static int nl80211_get_wiphy(struct sk_buff *skb, struct genl_info *info)
1756 {
1757 struct sk_buff *msg;
1758 struct cfg80211_registered_device *dev = info->user_ptr[0];
1759 struct nl80211_dump_wiphy_state state = {};
1760
1761 msg = nlmsg_new(4096, GFP_KERNEL);
1762 if (!msg)
1763 return -ENOMEM;
1764
1765 if (nl80211_send_wiphy(dev, msg, info->snd_portid, info->snd_seq, 0,
1766 &state) < 0) {
1767 nlmsg_free(msg);
1768 return -ENOBUFS;
1769 }
1770
1771 return genlmsg_reply(msg, info);
1772 }
1773
1774 static const struct nla_policy txq_params_policy[NL80211_TXQ_ATTR_MAX + 1] = {
1775 [NL80211_TXQ_ATTR_QUEUE] = { .type = NLA_U8 },
1776 [NL80211_TXQ_ATTR_TXOP] = { .type = NLA_U16 },
1777 [NL80211_TXQ_ATTR_CWMIN] = { .type = NLA_U16 },
1778 [NL80211_TXQ_ATTR_CWMAX] = { .type = NLA_U16 },
1779 [NL80211_TXQ_ATTR_AIFS] = { .type = NLA_U8 },
1780 };
1781
1782 static int parse_txq_params(struct nlattr *tb[],
1783 struct ieee80211_txq_params *txq_params)
1784 {
1785 if (!tb[NL80211_TXQ_ATTR_AC] || !tb[NL80211_TXQ_ATTR_TXOP] ||
1786 !tb[NL80211_TXQ_ATTR_CWMIN] || !tb[NL80211_TXQ_ATTR_CWMAX] ||
1787 !tb[NL80211_TXQ_ATTR_AIFS])
1788 return -EINVAL;
1789
1790 txq_params->ac = nla_get_u8(tb[NL80211_TXQ_ATTR_AC]);
1791 txq_params->txop = nla_get_u16(tb[NL80211_TXQ_ATTR_TXOP]);
1792 txq_params->cwmin = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMIN]);
1793 txq_params->cwmax = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMAX]);
1794 txq_params->aifs = nla_get_u8(tb[NL80211_TXQ_ATTR_AIFS]);
1795
1796 if (txq_params->ac >= NL80211_NUM_ACS)
1797 return -EINVAL;
1798
1799 return 0;
1800 }
1801
1802 static bool nl80211_can_set_dev_channel(struct wireless_dev *wdev)
1803 {
1804 /*
1805 * You can only set the channel explicitly for WDS interfaces,
1806 * all others have their channel managed via their respective
1807 * "establish a connection" command (connect, join, ...)
1808 *
1809 * For AP/GO and mesh mode, the channel can be set with the
1810 * channel userspace API, but is only stored and passed to the
1811 * low-level driver when the AP starts or the mesh is joined.
1812 * This is for backward compatibility, userspace can also give
1813 * the channel in the start-ap or join-mesh commands instead.
1814 *
1815 * Monitors are special as they are normally slaved to
1816 * whatever else is going on, so they have their own special
1817 * operation to set the monitor channel if possible.
1818 */
1819 return !wdev ||
1820 wdev->iftype == NL80211_IFTYPE_AP ||
1821 wdev->iftype == NL80211_IFTYPE_MESH_POINT ||
1822 wdev->iftype == NL80211_IFTYPE_MONITOR ||
1823 wdev->iftype == NL80211_IFTYPE_P2P_GO;
1824 }
1825
1826 static int nl80211_parse_chandef(struct cfg80211_registered_device *rdev,
1827 struct genl_info *info,
1828 struct cfg80211_chan_def *chandef)
1829 {
1830 u32 control_freq;
1831
1832 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
1833 return -EINVAL;
1834
1835 control_freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]);
1836
1837 chandef->chan = ieee80211_get_channel(&rdev->wiphy, control_freq);
1838 chandef->width = NL80211_CHAN_WIDTH_20_NOHT;
1839 chandef->center_freq1 = control_freq;
1840 chandef->center_freq2 = 0;
1841
1842 /* Primary channel not allowed */
1843 if (!chandef->chan || chandef->chan->flags & IEEE80211_CHAN_DISABLED)
1844 return -EINVAL;
1845
1846 if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
1847 enum nl80211_channel_type chantype;
1848
1849 chantype = nla_get_u32(
1850 info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
1851
1852 switch (chantype) {
1853 case NL80211_CHAN_NO_HT:
1854 case NL80211_CHAN_HT20:
1855 case NL80211_CHAN_HT40PLUS:
1856 case NL80211_CHAN_HT40MINUS:
1857 cfg80211_chandef_create(chandef, chandef->chan,
1858 chantype);
1859 break;
1860 default:
1861 return -EINVAL;
1862 }
1863 } else if (info->attrs[NL80211_ATTR_CHANNEL_WIDTH]) {
1864 chandef->width =
1865 nla_get_u32(info->attrs[NL80211_ATTR_CHANNEL_WIDTH]);
1866 if (info->attrs[NL80211_ATTR_CENTER_FREQ1])
1867 chandef->center_freq1 =
1868 nla_get_u32(
1869 info->attrs[NL80211_ATTR_CENTER_FREQ1]);
1870 if (info->attrs[NL80211_ATTR_CENTER_FREQ2])
1871 chandef->center_freq2 =
1872 nla_get_u32(
1873 info->attrs[NL80211_ATTR_CENTER_FREQ2]);
1874 }
1875
1876 if (!cfg80211_chandef_valid(chandef))
1877 return -EINVAL;
1878
1879 if (!cfg80211_chandef_usable(&rdev->wiphy, chandef,
1880 IEEE80211_CHAN_DISABLED))
1881 return -EINVAL;
1882
1883 if ((chandef->width == NL80211_CHAN_WIDTH_5 ||
1884 chandef->width == NL80211_CHAN_WIDTH_10) &&
1885 !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ))
1886 return -EINVAL;
1887
1888 return 0;
1889 }
1890
1891 static int __nl80211_set_channel(struct cfg80211_registered_device *rdev,
1892 struct wireless_dev *wdev,
1893 struct genl_info *info)
1894 {
1895 struct cfg80211_chan_def chandef;
1896 int result;
1897 enum nl80211_iftype iftype = NL80211_IFTYPE_MONITOR;
1898
1899 if (wdev)
1900 iftype = wdev->iftype;
1901
1902 if (!nl80211_can_set_dev_channel(wdev))
1903 return -EOPNOTSUPP;
1904
1905 result = nl80211_parse_chandef(rdev, info, &chandef);
1906 if (result)
1907 return result;
1908
1909 switch (iftype) {
1910 case NL80211_IFTYPE_AP:
1911 case NL80211_IFTYPE_P2P_GO:
1912 if (wdev->beacon_interval) {
1913 result = -EBUSY;
1914 break;
1915 }
1916 if (!cfg80211_reg_can_beacon(&rdev->wiphy, &chandef)) {
1917 result = -EINVAL;
1918 break;
1919 }
1920 wdev->preset_chandef = chandef;
1921 result = 0;
1922 break;
1923 case NL80211_IFTYPE_MESH_POINT:
1924 result = cfg80211_set_mesh_channel(rdev, wdev, &chandef);
1925 break;
1926 case NL80211_IFTYPE_MONITOR:
1927 result = cfg80211_set_monitor_channel(rdev, &chandef);
1928 break;
1929 default:
1930 result = -EINVAL;
1931 }
1932
1933 return result;
1934 }
1935
1936 static int nl80211_set_channel(struct sk_buff *skb, struct genl_info *info)
1937 {
1938 struct cfg80211_registered_device *rdev = info->user_ptr[0];
1939 struct net_device *netdev = info->user_ptr[1];
1940
1941 return __nl80211_set_channel(rdev, netdev->ieee80211_ptr, info);
1942 }
1943
1944 static int nl80211_set_wds_peer(struct sk_buff *skb, struct genl_info *info)
1945 {
1946 struct cfg80211_registered_device *rdev = info->user_ptr[0];
1947 struct net_device *dev = info->user_ptr[1];
1948 struct wireless_dev *wdev = dev->ieee80211_ptr;
1949 const u8 *bssid;
1950
1951 if (!info->attrs[NL80211_ATTR_MAC])
1952 return -EINVAL;
1953
1954 if (netif_running(dev))
1955 return -EBUSY;
1956
1957 if (!rdev->ops->set_wds_peer)
1958 return -EOPNOTSUPP;
1959
1960 if (wdev->iftype != NL80211_IFTYPE_WDS)
1961 return -EOPNOTSUPP;
1962
1963 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
1964 return rdev_set_wds_peer(rdev, dev, bssid);
1965 }
1966
1967
1968 static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info)
1969 {
1970 struct cfg80211_registered_device *rdev;
1971 struct net_device *netdev = NULL;
1972 struct wireless_dev *wdev;
1973 int result = 0, rem_txq_params = 0;
1974 struct nlattr *nl_txq_params;
1975 u32 changed;
1976 u8 retry_short = 0, retry_long = 0;
1977 u32 frag_threshold = 0, rts_threshold = 0;
1978 u8 coverage_class = 0;
1979
1980 ASSERT_RTNL();
1981
1982 /*
1983 * Try to find the wiphy and netdev. Normally this
1984 * function shouldn't need the netdev, but this is
1985 * done for backward compatibility -- previously
1986 * setting the channel was done per wiphy, but now
1987 * it is per netdev. Previous userland like hostapd
1988 * also passed a netdev to set_wiphy, so that it is
1989 * possible to let that go to the right netdev!
1990 */
1991
1992 if (info->attrs[NL80211_ATTR_IFINDEX]) {
1993 int ifindex = nla_get_u32(info->attrs[NL80211_ATTR_IFINDEX]);
1994
1995 netdev = __dev_get_by_index(genl_info_net(info), ifindex);
1996 if (netdev && netdev->ieee80211_ptr)
1997 rdev = wiphy_to_dev(netdev->ieee80211_ptr->wiphy);
1998 else
1999 netdev = NULL;
2000 }
2001
2002 if (!netdev) {
2003 rdev = __cfg80211_rdev_from_attrs(genl_info_net(info),
2004 info->attrs);
2005 if (IS_ERR(rdev))
2006 return PTR_ERR(rdev);
2007 wdev = NULL;
2008 netdev = NULL;
2009 result = 0;
2010 } else
2011 wdev = netdev->ieee80211_ptr;
2012
2013 /*
2014 * end workaround code, by now the rdev is available
2015 * and locked, and wdev may or may not be NULL.
2016 */
2017
2018 if (info->attrs[NL80211_ATTR_WIPHY_NAME])
2019 result = cfg80211_dev_rename(
2020 rdev, nla_data(info->attrs[NL80211_ATTR_WIPHY_NAME]));
2021
2022 if (result)
2023 return result;
2024
2025 if (info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS]) {
2026 struct ieee80211_txq_params txq_params;
2027 struct nlattr *tb[NL80211_TXQ_ATTR_MAX + 1];
2028
2029 if (!rdev->ops->set_txq_params)
2030 return -EOPNOTSUPP;
2031
2032 if (!netdev)
2033 return -EINVAL;
2034
2035 if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
2036 netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
2037 return -EINVAL;
2038
2039 if (!netif_running(netdev))
2040 return -ENETDOWN;
2041
2042 nla_for_each_nested(nl_txq_params,
2043 info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS],
2044 rem_txq_params) {
2045 nla_parse(tb, NL80211_TXQ_ATTR_MAX,
2046 nla_data(nl_txq_params),
2047 nla_len(nl_txq_params),
2048 txq_params_policy);
2049 result = parse_txq_params(tb, &txq_params);
2050 if (result)
2051 return result;
2052
2053 result = rdev_set_txq_params(rdev, netdev,
2054 &txq_params);
2055 if (result)
2056 return result;
2057 }
2058 }
2059
2060 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
2061 result = __nl80211_set_channel(rdev,
2062 nl80211_can_set_dev_channel(wdev) ? wdev : NULL,
2063 info);
2064 if (result)
2065 return result;
2066 }
2067
2068 if (info->attrs[NL80211_ATTR_WIPHY_TX_POWER_SETTING]) {
2069 struct wireless_dev *txp_wdev = wdev;
2070 enum nl80211_tx_power_setting type;
2071 int idx, mbm = 0;
2072
2073 if (!(rdev->wiphy.features & NL80211_FEATURE_VIF_TXPOWER))
2074 txp_wdev = NULL;
2075
2076 if (!rdev->ops->set_tx_power)
2077 return -EOPNOTSUPP;
2078
2079 idx = NL80211_ATTR_WIPHY_TX_POWER_SETTING;
2080 type = nla_get_u32(info->attrs[idx]);
2081
2082 if (!info->attrs[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] &&
2083 (type != NL80211_TX_POWER_AUTOMATIC))
2084 return -EINVAL;
2085
2086 if (type != NL80211_TX_POWER_AUTOMATIC) {
2087 idx = NL80211_ATTR_WIPHY_TX_POWER_LEVEL;
2088 mbm = nla_get_u32(info->attrs[idx]);
2089 }
2090
2091 result = rdev_set_tx_power(rdev, txp_wdev, type, mbm);
2092 if (result)
2093 return result;
2094 }
2095
2096 if (info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX] &&
2097 info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]) {
2098 u32 tx_ant, rx_ant;
2099 if ((!rdev->wiphy.available_antennas_tx &&
2100 !rdev->wiphy.available_antennas_rx) ||
2101 !rdev->ops->set_antenna)
2102 return -EOPNOTSUPP;
2103
2104 tx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX]);
2105 rx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]);
2106
2107 /* reject antenna configurations which don't match the
2108 * available antenna masks, except for the "all" mask */
2109 if ((~tx_ant && (tx_ant & ~rdev->wiphy.available_antennas_tx)) ||
2110 (~rx_ant && (rx_ant & ~rdev->wiphy.available_antennas_rx)))
2111 return -EINVAL;
2112
2113 tx_ant = tx_ant & rdev->wiphy.available_antennas_tx;
2114 rx_ant = rx_ant & rdev->wiphy.available_antennas_rx;
2115
2116 result = rdev_set_antenna(rdev, tx_ant, rx_ant);
2117 if (result)
2118 return result;
2119 }
2120
2121 changed = 0;
2122
2123 if (info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]) {
2124 retry_short = nla_get_u8(
2125 info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]);
2126 if (retry_short == 0)
2127 return -EINVAL;
2128
2129 changed |= WIPHY_PARAM_RETRY_SHORT;
2130 }
2131
2132 if (info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]) {
2133 retry_long = nla_get_u8(
2134 info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]);
2135 if (retry_long == 0)
2136 return -EINVAL;
2137
2138 changed |= WIPHY_PARAM_RETRY_LONG;
2139 }
2140
2141 if (info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]) {
2142 frag_threshold = nla_get_u32(
2143 info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]);
2144 if (frag_threshold < 256)
2145 return -EINVAL;
2146
2147 if (frag_threshold != (u32) -1) {
2148 /*
2149 * Fragments (apart from the last one) are required to
2150 * have even length. Make the fragmentation code
2151 * simpler by stripping LSB should someone try to use
2152 * odd threshold value.
2153 */
2154 frag_threshold &= ~0x1;
2155 }
2156 changed |= WIPHY_PARAM_FRAG_THRESHOLD;
2157 }
2158
2159 if (info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]) {
2160 rts_threshold = nla_get_u32(
2161 info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]);
2162 changed |= WIPHY_PARAM_RTS_THRESHOLD;
2163 }
2164
2165 if (info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]) {
2166 coverage_class = nla_get_u8(
2167 info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]);
2168 changed |= WIPHY_PARAM_COVERAGE_CLASS;
2169 }
2170
2171 if (changed) {
2172 u8 old_retry_short, old_retry_long;
2173 u32 old_frag_threshold, old_rts_threshold;
2174 u8 old_coverage_class;
2175
2176 if (!rdev->ops->set_wiphy_params)
2177 return -EOPNOTSUPP;
2178
2179 old_retry_short = rdev->wiphy.retry_short;
2180 old_retry_long = rdev->wiphy.retry_long;
2181 old_frag_threshold = rdev->wiphy.frag_threshold;
2182 old_rts_threshold = rdev->wiphy.rts_threshold;
2183 old_coverage_class = rdev->wiphy.coverage_class;
2184
2185 if (changed & WIPHY_PARAM_RETRY_SHORT)
2186 rdev->wiphy.retry_short = retry_short;
2187 if (changed & WIPHY_PARAM_RETRY_LONG)
2188 rdev->wiphy.retry_long = retry_long;
2189 if (changed & WIPHY_PARAM_FRAG_THRESHOLD)
2190 rdev->wiphy.frag_threshold = frag_threshold;
2191 if (changed & WIPHY_PARAM_RTS_THRESHOLD)
2192 rdev->wiphy.rts_threshold = rts_threshold;
2193 if (changed & WIPHY_PARAM_COVERAGE_CLASS)
2194 rdev->wiphy.coverage_class = coverage_class;
2195
2196 result = rdev_set_wiphy_params(rdev, changed);
2197 if (result) {
2198 rdev->wiphy.retry_short = old_retry_short;
2199 rdev->wiphy.retry_long = old_retry_long;
2200 rdev->wiphy.frag_threshold = old_frag_threshold;
2201 rdev->wiphy.rts_threshold = old_rts_threshold;
2202 rdev->wiphy.coverage_class = old_coverage_class;
2203 }
2204 }
2205 return 0;
2206 }
2207
2208 static inline u64 wdev_id(struct wireless_dev *wdev)
2209 {
2210 return (u64)wdev->identifier |
2211 ((u64)wiphy_to_dev(wdev->wiphy)->wiphy_idx << 32);
2212 }
2213
2214 static int nl80211_send_chandef(struct sk_buff *msg,
2215 const struct cfg80211_chan_def *chandef)
2216 {
2217 WARN_ON(!cfg80211_chandef_valid(chandef));
2218
2219 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ,
2220 chandef->chan->center_freq))
2221 return -ENOBUFS;
2222 switch (chandef->width) {
2223 case NL80211_CHAN_WIDTH_20_NOHT:
2224 case NL80211_CHAN_WIDTH_20:
2225 case NL80211_CHAN_WIDTH_40:
2226 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
2227 cfg80211_get_chandef_type(chandef)))
2228 return -ENOBUFS;
2229 break;
2230 default:
2231 break;
2232 }
2233 if (nla_put_u32(msg, NL80211_ATTR_CHANNEL_WIDTH, chandef->width))
2234 return -ENOBUFS;
2235 if (nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ1, chandef->center_freq1))
2236 return -ENOBUFS;
2237 if (chandef->center_freq2 &&
2238 nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ2, chandef->center_freq2))
2239 return -ENOBUFS;
2240 return 0;
2241 }
2242
2243 static int nl80211_send_iface(struct sk_buff *msg, u32 portid, u32 seq, int flags,
2244 struct cfg80211_registered_device *rdev,
2245 struct wireless_dev *wdev)
2246 {
2247 struct net_device *dev = wdev->netdev;
2248 void *hdr;
2249
2250 hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_INTERFACE);
2251 if (!hdr)
2252 return -1;
2253
2254 if (dev &&
2255 (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
2256 nla_put_string(msg, NL80211_ATTR_IFNAME, dev->name)))
2257 goto nla_put_failure;
2258
2259 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
2260 nla_put_u32(msg, NL80211_ATTR_IFTYPE, wdev->iftype) ||
2261 nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)) ||
2262 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, wdev_address(wdev)) ||
2263 nla_put_u32(msg, NL80211_ATTR_GENERATION,
2264 rdev->devlist_generation ^
2265 (cfg80211_rdev_list_generation << 2)))
2266 goto nla_put_failure;
2267
2268 if (rdev->ops->get_channel) {
2269 int ret;
2270 struct cfg80211_chan_def chandef;
2271
2272 ret = rdev_get_channel(rdev, wdev, &chandef);
2273 if (ret == 0) {
2274 if (nl80211_send_chandef(msg, &chandef))
2275 goto nla_put_failure;
2276 }
2277 }
2278
2279 if (wdev->ssid_len) {
2280 if (nla_put(msg, NL80211_ATTR_SSID, wdev->ssid_len, wdev->ssid))
2281 goto nla_put_failure;
2282 }
2283
2284 return genlmsg_end(msg, hdr);
2285
2286 nla_put_failure:
2287 genlmsg_cancel(msg, hdr);
2288 return -EMSGSIZE;
2289 }
2290
2291 static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *cb)
2292 {
2293 int wp_idx = 0;
2294 int if_idx = 0;
2295 int wp_start = cb->args[0];
2296 int if_start = cb->args[1];
2297 struct cfg80211_registered_device *rdev;
2298 struct wireless_dev *wdev;
2299
2300 rtnl_lock();
2301 list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
2302 if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
2303 continue;
2304 if (wp_idx < wp_start) {
2305 wp_idx++;
2306 continue;
2307 }
2308 if_idx = 0;
2309
2310 list_for_each_entry(wdev, &rdev->wdev_list, list) {
2311 if (if_idx < if_start) {
2312 if_idx++;
2313 continue;
2314 }
2315 if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).portid,
2316 cb->nlh->nlmsg_seq, NLM_F_MULTI,
2317 rdev, wdev) < 0) {
2318 goto out;
2319 }
2320 if_idx++;
2321 }
2322
2323 wp_idx++;
2324 }
2325 out:
2326 rtnl_unlock();
2327
2328 cb->args[0] = wp_idx;
2329 cb->args[1] = if_idx;
2330
2331 return skb->len;
2332 }
2333
2334 static int nl80211_get_interface(struct sk_buff *skb, struct genl_info *info)
2335 {
2336 struct sk_buff *msg;
2337 struct cfg80211_registered_device *dev = info->user_ptr[0];
2338 struct wireless_dev *wdev = info->user_ptr[1];
2339
2340 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2341 if (!msg)
2342 return -ENOMEM;
2343
2344 if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
2345 dev, wdev) < 0) {
2346 nlmsg_free(msg);
2347 return -ENOBUFS;
2348 }
2349
2350 return genlmsg_reply(msg, info);
2351 }
2352
2353 static const struct nla_policy mntr_flags_policy[NL80211_MNTR_FLAG_MAX + 1] = {
2354 [NL80211_MNTR_FLAG_FCSFAIL] = { .type = NLA_FLAG },
2355 [NL80211_MNTR_FLAG_PLCPFAIL] = { .type = NLA_FLAG },
2356 [NL80211_MNTR_FLAG_CONTROL] = { .type = NLA_FLAG },
2357 [NL80211_MNTR_FLAG_OTHER_BSS] = { .type = NLA_FLAG },
2358 [NL80211_MNTR_FLAG_COOK_FRAMES] = { .type = NLA_FLAG },
2359 [NL80211_MNTR_FLAG_ACTIVE] = { .type = NLA_FLAG },
2360 };
2361
2362 static int parse_monitor_flags(struct nlattr *nla, u32 *mntrflags)
2363 {
2364 struct nlattr *flags[NL80211_MNTR_FLAG_MAX + 1];
2365 int flag;
2366
2367 *mntrflags = 0;
2368
2369 if (!nla)
2370 return -EINVAL;
2371
2372 if (nla_parse_nested(flags, NL80211_MNTR_FLAG_MAX,
2373 nla, mntr_flags_policy))
2374 return -EINVAL;
2375
2376 for (flag = 1; flag <= NL80211_MNTR_FLAG_MAX; flag++)
2377 if (flags[flag])
2378 *mntrflags |= (1<<flag);
2379
2380 return 0;
2381 }
2382
2383 static int nl80211_valid_4addr(struct cfg80211_registered_device *rdev,
2384 struct net_device *netdev, u8 use_4addr,
2385 enum nl80211_iftype iftype)
2386 {
2387 if (!use_4addr) {
2388 if (netdev && (netdev->priv_flags & IFF_BRIDGE_PORT))
2389 return -EBUSY;
2390 return 0;
2391 }
2392
2393 switch (iftype) {
2394 case NL80211_IFTYPE_AP_VLAN:
2395 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_AP)
2396 return 0;
2397 break;
2398 case NL80211_IFTYPE_STATION:
2399 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_STATION)
2400 return 0;
2401 break;
2402 default:
2403 break;
2404 }
2405
2406 return -EOPNOTSUPP;
2407 }
2408
2409 static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info)
2410 {
2411 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2412 struct vif_params params;
2413 int err;
2414 enum nl80211_iftype otype, ntype;
2415 struct net_device *dev = info->user_ptr[1];
2416 u32 _flags, *flags = NULL;
2417 bool change = false;
2418
2419 memset(&params, 0, sizeof(params));
2420
2421 otype = ntype = dev->ieee80211_ptr->iftype;
2422
2423 if (info->attrs[NL80211_ATTR_IFTYPE]) {
2424 ntype = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
2425 if (otype != ntype)
2426 change = true;
2427 if (ntype > NL80211_IFTYPE_MAX)
2428 return -EINVAL;
2429 }
2430
2431 if (info->attrs[NL80211_ATTR_MESH_ID]) {
2432 struct wireless_dev *wdev = dev->ieee80211_ptr;
2433
2434 if (ntype != NL80211_IFTYPE_MESH_POINT)
2435 return -EINVAL;
2436 if (netif_running(dev))
2437 return -EBUSY;
2438
2439 wdev_lock(wdev);
2440 BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
2441 IEEE80211_MAX_MESH_ID_LEN);
2442 wdev->mesh_id_up_len =
2443 nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
2444 memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
2445 wdev->mesh_id_up_len);
2446 wdev_unlock(wdev);
2447 }
2448
2449 if (info->attrs[NL80211_ATTR_4ADDR]) {
2450 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
2451 change = true;
2452 err = nl80211_valid_4addr(rdev, dev, params.use_4addr, ntype);
2453 if (err)
2454 return err;
2455 } else {
2456 params.use_4addr = -1;
2457 }
2458
2459 if (info->attrs[NL80211_ATTR_MNTR_FLAGS]) {
2460 if (ntype != NL80211_IFTYPE_MONITOR)
2461 return -EINVAL;
2462 err = parse_monitor_flags(info->attrs[NL80211_ATTR_MNTR_FLAGS],
2463 &_flags);
2464 if (err)
2465 return err;
2466
2467 flags = &_flags;
2468 change = true;
2469 }
2470
2471 if (flags && (*flags & MONITOR_FLAG_ACTIVE) &&
2472 !(rdev->wiphy.features & NL80211_FEATURE_ACTIVE_MONITOR))
2473 return -EOPNOTSUPP;
2474
2475 if (change)
2476 err = cfg80211_change_iface(rdev, dev, ntype, flags, &params);
2477 else
2478 err = 0;
2479
2480 if (!err && params.use_4addr != -1)
2481 dev->ieee80211_ptr->use_4addr = params.use_4addr;
2482
2483 return err;
2484 }
2485
2486 static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info)
2487 {
2488 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2489 struct vif_params params;
2490 struct wireless_dev *wdev;
2491 struct sk_buff *msg;
2492 int err;
2493 enum nl80211_iftype type = NL80211_IFTYPE_UNSPECIFIED;
2494 u32 flags;
2495
2496 memset(&params, 0, sizeof(params));
2497
2498 if (!info->attrs[NL80211_ATTR_IFNAME])
2499 return -EINVAL;
2500
2501 if (info->attrs[NL80211_ATTR_IFTYPE]) {
2502 type = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
2503 if (type > NL80211_IFTYPE_MAX)
2504 return -EINVAL;
2505 }
2506
2507 if (!rdev->ops->add_virtual_intf ||
2508 !(rdev->wiphy.interface_modes & (1 << type)))
2509 return -EOPNOTSUPP;
2510
2511 if (type == NL80211_IFTYPE_P2P_DEVICE && info->attrs[NL80211_ATTR_MAC]) {
2512 nla_memcpy(params.macaddr, info->attrs[NL80211_ATTR_MAC],
2513 ETH_ALEN);
2514 if (!is_valid_ether_addr(params.macaddr))
2515 return -EADDRNOTAVAIL;
2516 }
2517
2518 if (info->attrs[NL80211_ATTR_4ADDR]) {
2519 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
2520 err = nl80211_valid_4addr(rdev, NULL, params.use_4addr, type);
2521 if (err)
2522 return err;
2523 }
2524
2525 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2526 if (!msg)
2527 return -ENOMEM;
2528
2529 err = parse_monitor_flags(type == NL80211_IFTYPE_MONITOR ?
2530 info->attrs[NL80211_ATTR_MNTR_FLAGS] : NULL,
2531 &flags);
2532
2533 if (!err && (flags & MONITOR_FLAG_ACTIVE) &&
2534 !(rdev->wiphy.features & NL80211_FEATURE_ACTIVE_MONITOR))
2535 return -EOPNOTSUPP;
2536
2537 wdev = rdev_add_virtual_intf(rdev,
2538 nla_data(info->attrs[NL80211_ATTR_IFNAME]),
2539 type, err ? NULL : &flags, &params);
2540 if (IS_ERR(wdev)) {
2541 nlmsg_free(msg);
2542 return PTR_ERR(wdev);
2543 }
2544
2545 switch (type) {
2546 case NL80211_IFTYPE_MESH_POINT:
2547 if (!info->attrs[NL80211_ATTR_MESH_ID])
2548 break;
2549 wdev_lock(wdev);
2550 BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
2551 IEEE80211_MAX_MESH_ID_LEN);
2552 wdev->mesh_id_up_len =
2553 nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
2554 memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
2555 wdev->mesh_id_up_len);
2556 wdev_unlock(wdev);
2557 break;
2558 case NL80211_IFTYPE_P2P_DEVICE:
2559 /*
2560 * P2P Device doesn't have a netdev, so doesn't go
2561 * through the netdev notifier and must be added here
2562 */
2563 mutex_init(&wdev->mtx);
2564 INIT_LIST_HEAD(&wdev->event_list);
2565 spin_lock_init(&wdev->event_lock);
2566 INIT_LIST_HEAD(&wdev->mgmt_registrations);
2567 spin_lock_init(&wdev->mgmt_registrations_lock);
2568
2569 wdev->identifier = ++rdev->wdev_id;
2570 list_add_rcu(&wdev->list, &rdev->wdev_list);
2571 rdev->devlist_generation++;
2572 break;
2573 default:
2574 break;
2575 }
2576
2577 if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
2578 rdev, wdev) < 0) {
2579 nlmsg_free(msg);
2580 return -ENOBUFS;
2581 }
2582
2583 return genlmsg_reply(msg, info);
2584 }
2585
2586 static int nl80211_del_interface(struct sk_buff *skb, struct genl_info *info)
2587 {
2588 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2589 struct wireless_dev *wdev = info->user_ptr[1];
2590
2591 if (!rdev->ops->del_virtual_intf)
2592 return -EOPNOTSUPP;
2593
2594 /*
2595 * If we remove a wireless device without a netdev then clear
2596 * user_ptr[1] so that nl80211_post_doit won't dereference it
2597 * to check if it needs to do dev_put(). Otherwise it crashes
2598 * since the wdev has been freed, unlike with a netdev where
2599 * we need the dev_put() for the netdev to really be freed.
2600 */
2601 if (!wdev->netdev)
2602 info->user_ptr[1] = NULL;
2603
2604 return rdev_del_virtual_intf(rdev, wdev);
2605 }
2606
2607 static int nl80211_set_noack_map(struct sk_buff *skb, struct genl_info *info)
2608 {
2609 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2610 struct net_device *dev = info->user_ptr[1];
2611 u16 noack_map;
2612
2613 if (!info->attrs[NL80211_ATTR_NOACK_MAP])
2614 return -EINVAL;
2615
2616 if (!rdev->ops->set_noack_map)
2617 return -EOPNOTSUPP;
2618
2619 noack_map = nla_get_u16(info->attrs[NL80211_ATTR_NOACK_MAP]);
2620
2621 return rdev_set_noack_map(rdev, dev, noack_map);
2622 }
2623
2624 struct get_key_cookie {
2625 struct sk_buff *msg;
2626 int error;
2627 int idx;
2628 };
2629
2630 static void get_key_callback(void *c, struct key_params *params)
2631 {
2632 struct nlattr *key;
2633 struct get_key_cookie *cookie = c;
2634
2635 if ((params->key &&
2636 nla_put(cookie->msg, NL80211_ATTR_KEY_DATA,
2637 params->key_len, params->key)) ||
2638 (params->seq &&
2639 nla_put(cookie->msg, NL80211_ATTR_KEY_SEQ,
2640 params->seq_len, params->seq)) ||
2641 (params->cipher &&
2642 nla_put_u32(cookie->msg, NL80211_ATTR_KEY_CIPHER,
2643 params->cipher)))
2644 goto nla_put_failure;
2645
2646 key = nla_nest_start(cookie->msg, NL80211_ATTR_KEY);
2647 if (!key)
2648 goto nla_put_failure;
2649
2650 if ((params->key &&
2651 nla_put(cookie->msg, NL80211_KEY_DATA,
2652 params->key_len, params->key)) ||
2653 (params->seq &&
2654 nla_put(cookie->msg, NL80211_KEY_SEQ,
2655 params->seq_len, params->seq)) ||
2656 (params->cipher &&
2657 nla_put_u32(cookie->msg, NL80211_KEY_CIPHER,
2658 params->cipher)))
2659 goto nla_put_failure;
2660
2661 if (nla_put_u8(cookie->msg, NL80211_ATTR_KEY_IDX, cookie->idx))
2662 goto nla_put_failure;
2663
2664 nla_nest_end(cookie->msg, key);
2665
2666 return;
2667 nla_put_failure:
2668 cookie->error = 1;
2669 }
2670
2671 static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info)
2672 {
2673 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2674 int err;
2675 struct net_device *dev = info->user_ptr[1];
2676 u8 key_idx = 0;
2677 const u8 *mac_addr = NULL;
2678 bool pairwise;
2679 struct get_key_cookie cookie = {
2680 .error = 0,
2681 };
2682 void *hdr;
2683 struct sk_buff *msg;
2684
2685 if (info->attrs[NL80211_ATTR_KEY_IDX])
2686 key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
2687
2688 if (key_idx > 5)
2689 return -EINVAL;
2690
2691 if (info->attrs[NL80211_ATTR_MAC])
2692 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2693
2694 pairwise = !!mac_addr;
2695 if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
2696 u32 kt = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
2697 if (kt >= NUM_NL80211_KEYTYPES)
2698 return -EINVAL;
2699 if (kt != NL80211_KEYTYPE_GROUP &&
2700 kt != NL80211_KEYTYPE_PAIRWISE)
2701 return -EINVAL;
2702 pairwise = kt == NL80211_KEYTYPE_PAIRWISE;
2703 }
2704
2705 if (!rdev->ops->get_key)
2706 return -EOPNOTSUPP;
2707
2708 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2709 if (!msg)
2710 return -ENOMEM;
2711
2712 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
2713 NL80211_CMD_NEW_KEY);
2714 if (!hdr)
2715 goto nla_put_failure;
2716
2717 cookie.msg = msg;
2718 cookie.idx = key_idx;
2719
2720 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
2721 nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_idx))
2722 goto nla_put_failure;
2723 if (mac_addr &&
2724 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr))
2725 goto nla_put_failure;
2726
2727 if (pairwise && mac_addr &&
2728 !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
2729 return -ENOENT;
2730
2731 err = rdev_get_key(rdev, dev, key_idx, pairwise, mac_addr, &cookie,
2732 get_key_callback);
2733
2734 if (err)
2735 goto free_msg;
2736
2737 if (cookie.error)
2738 goto nla_put_failure;
2739
2740 genlmsg_end(msg, hdr);
2741 return genlmsg_reply(msg, info);
2742
2743 nla_put_failure:
2744 err = -ENOBUFS;
2745 free_msg:
2746 nlmsg_free(msg);
2747 return err;
2748 }
2749
2750 static int nl80211_set_key(struct sk_buff *skb, struct genl_info *info)
2751 {
2752 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2753 struct key_parse key;
2754 int err;
2755 struct net_device *dev = info->user_ptr[1];
2756
2757 err = nl80211_parse_key(info, &key);
2758 if (err)
2759 return err;
2760
2761 if (key.idx < 0)
2762 return -EINVAL;
2763
2764 /* only support setting default key */
2765 if (!key.def && !key.defmgmt)
2766 return -EINVAL;
2767
2768 wdev_lock(dev->ieee80211_ptr);
2769
2770 if (key.def) {
2771 if (!rdev->ops->set_default_key) {
2772 err = -EOPNOTSUPP;
2773 goto out;
2774 }
2775
2776 err = nl80211_key_allowed(dev->ieee80211_ptr);
2777 if (err)
2778 goto out;
2779
2780 err = rdev_set_default_key(rdev, dev, key.idx,
2781 key.def_uni, key.def_multi);
2782
2783 if (err)
2784 goto out;
2785
2786 #ifdef CONFIG_CFG80211_WEXT
2787 dev->ieee80211_ptr->wext.default_key = key.idx;
2788 #endif
2789 } else {
2790 if (key.def_uni || !key.def_multi) {
2791 err = -EINVAL;
2792 goto out;
2793 }
2794
2795 if (!rdev->ops->set_default_mgmt_key) {
2796 err = -EOPNOTSUPP;
2797 goto out;
2798 }
2799
2800 err = nl80211_key_allowed(dev->ieee80211_ptr);
2801 if (err)
2802 goto out;
2803
2804 err = rdev_set_default_mgmt_key(rdev, dev, key.idx);
2805 if (err)
2806 goto out;
2807
2808 #ifdef CONFIG_CFG80211_WEXT
2809 dev->ieee80211_ptr->wext.default_mgmt_key = key.idx;
2810 #endif
2811 }
2812
2813 out:
2814 wdev_unlock(dev->ieee80211_ptr);
2815
2816 return err;
2817 }
2818
2819 static int nl80211_new_key(struct sk_buff *skb, struct genl_info *info)
2820 {
2821 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2822 int err;
2823 struct net_device *dev = info->user_ptr[1];
2824 struct key_parse key;
2825 const u8 *mac_addr = NULL;
2826
2827 err = nl80211_parse_key(info, &key);
2828 if (err)
2829 return err;
2830
2831 if (!key.p.key)
2832 return -EINVAL;
2833
2834 if (info->attrs[NL80211_ATTR_MAC])
2835 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2836
2837 if (key.type == -1) {
2838 if (mac_addr)
2839 key.type = NL80211_KEYTYPE_PAIRWISE;
2840 else
2841 key.type = NL80211_KEYTYPE_GROUP;
2842 }
2843
2844 /* for now */
2845 if (key.type != NL80211_KEYTYPE_PAIRWISE &&
2846 key.type != NL80211_KEYTYPE_GROUP)
2847 return -EINVAL;
2848
2849 if (!rdev->ops->add_key)
2850 return -EOPNOTSUPP;
2851
2852 if (cfg80211_validate_key_settings(rdev, &key.p, key.idx,
2853 key.type == NL80211_KEYTYPE_PAIRWISE,
2854 mac_addr))
2855 return -EINVAL;
2856
2857 wdev_lock(dev->ieee80211_ptr);
2858 err = nl80211_key_allowed(dev->ieee80211_ptr);
2859 if (!err)
2860 err = rdev_add_key(rdev, dev, key.idx,
2861 key.type == NL80211_KEYTYPE_PAIRWISE,
2862 mac_addr, &key.p);
2863 wdev_unlock(dev->ieee80211_ptr);
2864
2865 return err;
2866 }
2867
2868 static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info)
2869 {
2870 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2871 int err;
2872 struct net_device *dev = info->user_ptr[1];
2873 u8 *mac_addr = NULL;
2874 struct key_parse key;
2875
2876 err = nl80211_parse_key(info, &key);
2877 if (err)
2878 return err;
2879
2880 if (info->attrs[NL80211_ATTR_MAC])
2881 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2882
2883 if (key.type == -1) {
2884 if (mac_addr)
2885 key.type = NL80211_KEYTYPE_PAIRWISE;
2886 else
2887 key.type = NL80211_KEYTYPE_GROUP;
2888 }
2889
2890 /* for now */
2891 if (key.type != NL80211_KEYTYPE_PAIRWISE &&
2892 key.type != NL80211_KEYTYPE_GROUP)
2893 return -EINVAL;
2894
2895 if (!rdev->ops->del_key)
2896 return -EOPNOTSUPP;
2897
2898 wdev_lock(dev->ieee80211_ptr);
2899 err = nl80211_key_allowed(dev->ieee80211_ptr);
2900
2901 if (key.type == NL80211_KEYTYPE_PAIRWISE && mac_addr &&
2902 !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
2903 err = -ENOENT;
2904
2905 if (!err)
2906 err = rdev_del_key(rdev, dev, key.idx,
2907 key.type == NL80211_KEYTYPE_PAIRWISE,
2908 mac_addr);
2909
2910 #ifdef CONFIG_CFG80211_WEXT
2911 if (!err) {
2912 if (key.idx == dev->ieee80211_ptr->wext.default_key)
2913 dev->ieee80211_ptr->wext.default_key = -1;
2914 else if (key.idx == dev->ieee80211_ptr->wext.default_mgmt_key)
2915 dev->ieee80211_ptr->wext.default_mgmt_key = -1;
2916 }
2917 #endif
2918 wdev_unlock(dev->ieee80211_ptr);
2919
2920 return err;
2921 }
2922
2923 /* This function returns an error or the number of nested attributes */
2924 static int validate_acl_mac_addrs(struct nlattr *nl_attr)
2925 {
2926 struct nlattr *attr;
2927 int n_entries = 0, tmp;
2928
2929 nla_for_each_nested(attr, nl_attr, tmp) {
2930 if (nla_len(attr) != ETH_ALEN)
2931 return -EINVAL;
2932
2933 n_entries++;
2934 }
2935
2936 return n_entries;
2937 }
2938
2939 /*
2940 * This function parses ACL information and allocates memory for ACL data.
2941 * On successful return, the calling function is responsible to free the
2942 * ACL buffer returned by this function.
2943 */
2944 static struct cfg80211_acl_data *parse_acl_data(struct wiphy *wiphy,
2945 struct genl_info *info)
2946 {
2947 enum nl80211_acl_policy acl_policy;
2948 struct nlattr *attr;
2949 struct cfg80211_acl_data *acl;
2950 int i = 0, n_entries, tmp;
2951
2952 if (!wiphy->max_acl_mac_addrs)
2953 return ERR_PTR(-EOPNOTSUPP);
2954
2955 if (!info->attrs[NL80211_ATTR_ACL_POLICY])
2956 return ERR_PTR(-EINVAL);
2957
2958 acl_policy = nla_get_u32(info->attrs[NL80211_ATTR_ACL_POLICY]);
2959 if (acl_policy != NL80211_ACL_POLICY_ACCEPT_UNLESS_LISTED &&
2960 acl_policy != NL80211_ACL_POLICY_DENY_UNLESS_LISTED)
2961 return ERR_PTR(-EINVAL);
2962
2963 if (!info->attrs[NL80211_ATTR_MAC_ADDRS])
2964 return ERR_PTR(-EINVAL);
2965
2966 n_entries = validate_acl_mac_addrs(info->attrs[NL80211_ATTR_MAC_ADDRS]);
2967 if (n_entries < 0)
2968 return ERR_PTR(n_entries);
2969
2970 if (n_entries > wiphy->max_acl_mac_addrs)
2971 return ERR_PTR(-ENOTSUPP);
2972
2973 acl = kzalloc(sizeof(*acl) + (sizeof(struct mac_address) * n_entries),
2974 GFP_KERNEL);
2975 if (!acl)
2976 return ERR_PTR(-ENOMEM);
2977
2978 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_MAC_ADDRS], tmp) {
2979 memcpy(acl->mac_addrs[i].addr, nla_data(attr), ETH_ALEN);
2980 i++;
2981 }
2982
2983 acl->n_acl_entries = n_entries;
2984 acl->acl_policy = acl_policy;
2985
2986 return acl;
2987 }
2988
2989 static int nl80211_set_mac_acl(struct sk_buff *skb, struct genl_info *info)
2990 {
2991 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2992 struct net_device *dev = info->user_ptr[1];
2993 struct cfg80211_acl_data *acl;
2994 int err;
2995
2996 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
2997 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
2998 return -EOPNOTSUPP;
2999
3000 if (!dev->ieee80211_ptr->beacon_interval)
3001 return -EINVAL;
3002
3003 acl = parse_acl_data(&rdev->wiphy, info);
3004 if (IS_ERR(acl))
3005 return PTR_ERR(acl);
3006
3007 err = rdev_set_mac_acl(rdev, dev, acl);
3008
3009 kfree(acl);
3010
3011 return err;
3012 }
3013
3014 static int nl80211_parse_beacon(struct nlattr *attrs[],
3015 struct cfg80211_beacon_data *bcn)
3016 {
3017 bool haveinfo = false;
3018
3019 if (!is_valid_ie_attr(attrs[NL80211_ATTR_BEACON_TAIL]) ||
3020 !is_valid_ie_attr(attrs[NL80211_ATTR_IE]) ||
3021 !is_valid_ie_attr(attrs[NL80211_ATTR_IE_PROBE_RESP]) ||
3022 !is_valid_ie_attr(attrs[NL80211_ATTR_IE_ASSOC_RESP]))
3023 return -EINVAL;
3024
3025 memset(bcn, 0, sizeof(*bcn));
3026
3027 if (attrs[NL80211_ATTR_BEACON_HEAD]) {
3028 bcn->head = nla_data(attrs[NL80211_ATTR_BEACON_HEAD]);
3029 bcn->head_len = nla_len(attrs[NL80211_ATTR_BEACON_HEAD]);
3030 if (!bcn->head_len)
3031 return -EINVAL;
3032 haveinfo = true;
3033 }
3034
3035 if (attrs[NL80211_ATTR_BEACON_TAIL]) {
3036 bcn->tail = nla_data(attrs[NL80211_ATTR_BEACON_TAIL]);
3037 bcn->tail_len = nla_len(attrs[NL80211_ATTR_BEACON_TAIL]);
3038 haveinfo = true;
3039 }
3040
3041 if (!haveinfo)
3042 return -EINVAL;
3043
3044 if (attrs[NL80211_ATTR_IE]) {
3045 bcn->beacon_ies = nla_data(attrs[NL80211_ATTR_IE]);
3046 bcn->beacon_ies_len = nla_len(attrs[NL80211_ATTR_IE]);
3047 }
3048
3049 if (attrs[NL80211_ATTR_IE_PROBE_RESP]) {
3050 bcn->proberesp_ies =
3051 nla_data(attrs[NL80211_ATTR_IE_PROBE_RESP]);
3052 bcn->proberesp_ies_len =
3053 nla_len(attrs[NL80211_ATTR_IE_PROBE_RESP]);
3054 }
3055
3056 if (attrs[NL80211_ATTR_IE_ASSOC_RESP]) {
3057 bcn->assocresp_ies =
3058 nla_data(attrs[NL80211_ATTR_IE_ASSOC_RESP]);
3059 bcn->assocresp_ies_len =
3060 nla_len(attrs[NL80211_ATTR_IE_ASSOC_RESP]);
3061 }
3062
3063 if (attrs[NL80211_ATTR_PROBE_RESP]) {
3064 bcn->probe_resp = nla_data(attrs[NL80211_ATTR_PROBE_RESP]);
3065 bcn->probe_resp_len = nla_len(attrs[NL80211_ATTR_PROBE_RESP]);
3066 }
3067
3068 return 0;
3069 }
3070
3071 static bool nl80211_get_ap_channel(struct cfg80211_registered_device *rdev,
3072 struct cfg80211_ap_settings *params)
3073 {
3074 struct wireless_dev *wdev;
3075 bool ret = false;
3076
3077 list_for_each_entry(wdev, &rdev->wdev_list, list) {
3078 if (wdev->iftype != NL80211_IFTYPE_AP &&
3079 wdev->iftype != NL80211_IFTYPE_P2P_GO)
3080 continue;
3081
3082 if (!wdev->preset_chandef.chan)
3083 continue;
3084
3085 params->chandef = wdev->preset_chandef;
3086 ret = true;
3087 break;
3088 }
3089
3090 return ret;
3091 }
3092
3093 static bool nl80211_valid_auth_type(struct cfg80211_registered_device *rdev,
3094 enum nl80211_auth_type auth_type,
3095 enum nl80211_commands cmd)
3096 {
3097 if (auth_type > NL80211_AUTHTYPE_MAX)
3098 return false;
3099
3100 switch (cmd) {
3101 case NL80211_CMD_AUTHENTICATE:
3102 if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) &&
3103 auth_type == NL80211_AUTHTYPE_SAE)
3104 return false;
3105 return true;
3106 case NL80211_CMD_CONNECT:
3107 case NL80211_CMD_START_AP:
3108 /* SAE not supported yet */
3109 if (auth_type == NL80211_AUTHTYPE_SAE)
3110 return false;
3111 return true;
3112 default:
3113 return false;
3114 }
3115 }
3116
3117 static int nl80211_start_ap(struct sk_buff *skb, struct genl_info *info)
3118 {
3119 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3120 struct net_device *dev = info->user_ptr[1];
3121 struct wireless_dev *wdev = dev->ieee80211_ptr;
3122 struct cfg80211_ap_settings params;
3123 int err;
3124 u8 radar_detect_width = 0;
3125
3126 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
3127 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3128 return -EOPNOTSUPP;
3129
3130 if (!rdev->ops->start_ap)
3131 return -EOPNOTSUPP;
3132
3133 if (wdev->beacon_interval)
3134 return -EALREADY;
3135
3136 memset(&params, 0, sizeof(params));
3137
3138 /* these are required for START_AP */
3139 if (!info->attrs[NL80211_ATTR_BEACON_INTERVAL] ||
3140 !info->attrs[NL80211_ATTR_DTIM_PERIOD] ||
3141 !info->attrs[NL80211_ATTR_BEACON_HEAD])
3142 return -EINVAL;
3143
3144 err = nl80211_parse_beacon(info->attrs, &params.beacon);
3145 if (err)
3146 return err;
3147
3148 params.beacon_interval =
3149 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
3150 params.dtim_period =
3151 nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
3152
3153 err = cfg80211_validate_beacon_int(rdev, params.beacon_interval);
3154 if (err)
3155 return err;
3156
3157 /*
3158 * In theory, some of these attributes should be required here
3159 * but since they were not used when the command was originally
3160 * added, keep them optional for old user space programs to let
3161 * them continue to work with drivers that do not need the
3162 * additional information -- drivers must check!
3163 */
3164 if (info->attrs[NL80211_ATTR_SSID]) {
3165 params.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
3166 params.ssid_len =
3167 nla_len(info->attrs[NL80211_ATTR_SSID]);
3168 if (params.ssid_len == 0 ||
3169 params.ssid_len > IEEE80211_MAX_SSID_LEN)
3170 return -EINVAL;
3171 }
3172
3173 if (info->attrs[NL80211_ATTR_HIDDEN_SSID]) {
3174 params.hidden_ssid = nla_get_u32(
3175 info->attrs[NL80211_ATTR_HIDDEN_SSID]);
3176 if (params.hidden_ssid != NL80211_HIDDEN_SSID_NOT_IN_USE &&
3177 params.hidden_ssid != NL80211_HIDDEN_SSID_ZERO_LEN &&
3178 params.hidden_ssid != NL80211_HIDDEN_SSID_ZERO_CONTENTS)
3179 return -EINVAL;
3180 }
3181
3182 params.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
3183
3184 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
3185 params.auth_type = nla_get_u32(
3186 info->attrs[NL80211_ATTR_AUTH_TYPE]);
3187 if (!nl80211_valid_auth_type(rdev, params.auth_type,
3188 NL80211_CMD_START_AP))
3189 return -EINVAL;
3190 } else
3191 params.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
3192
3193 err = nl80211_crypto_settings(rdev, info, &params.crypto,
3194 NL80211_MAX_NR_CIPHER_SUITES);
3195 if (err)
3196 return err;
3197
3198 if (info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]) {
3199 if (!(rdev->wiphy.features & NL80211_FEATURE_INACTIVITY_TIMER))
3200 return -EOPNOTSUPP;
3201 params.inactivity_timeout = nla_get_u16(
3202 info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]);
3203 }
3204
3205 if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
3206 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3207 return -EINVAL;
3208 params.p2p_ctwindow =
3209 nla_get_u8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
3210 if (params.p2p_ctwindow > 127)
3211 return -EINVAL;
3212 if (params.p2p_ctwindow != 0 &&
3213 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN))
3214 return -EINVAL;
3215 }
3216
3217 if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
3218 u8 tmp;
3219
3220 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3221 return -EINVAL;
3222 tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
3223 if (tmp > 1)
3224 return -EINVAL;
3225 params.p2p_opp_ps = tmp;
3226 if (params.p2p_opp_ps != 0 &&
3227 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS))
3228 return -EINVAL;
3229 }
3230
3231 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
3232 err = nl80211_parse_chandef(rdev, info, &params.chandef);
3233 if (err)
3234 return err;
3235 } else if (wdev->preset_chandef.chan) {
3236 params.chandef = wdev->preset_chandef;
3237 } else if (!nl80211_get_ap_channel(rdev, &params))
3238 return -EINVAL;
3239
3240 if (!cfg80211_reg_can_beacon(&rdev->wiphy, &params.chandef))
3241 return -EINVAL;
3242
3243 err = cfg80211_chandef_dfs_required(wdev->wiphy, &params.chandef);
3244 if (err < 0)
3245 return err;
3246 if (err) {
3247 radar_detect_width = BIT(params.chandef.width);
3248 params.radar_required = true;
3249 }
3250
3251 err = cfg80211_can_use_iftype_chan(rdev, wdev, wdev->iftype,
3252 params.chandef.chan,
3253 CHAN_MODE_SHARED,
3254 radar_detect_width);
3255 if (err)
3256 return err;
3257
3258 if (info->attrs[NL80211_ATTR_ACL_POLICY]) {
3259 params.acl = parse_acl_data(&rdev->wiphy, info);
3260 if (IS_ERR(params.acl))
3261 return PTR_ERR(params.acl);
3262 }
3263
3264 wdev_lock(wdev);
3265 err = rdev_start_ap(rdev, dev, &params);
3266 if (!err) {
3267 wdev->preset_chandef = params.chandef;
3268 wdev->beacon_interval = params.beacon_interval;
3269 wdev->channel = params.chandef.chan;
3270 wdev->ssid_len = params.ssid_len;
3271 memcpy(wdev->ssid, params.ssid, wdev->ssid_len);
3272 }
3273 wdev_unlock(wdev);
3274
3275 kfree(params.acl);
3276
3277 return err;
3278 }
3279
3280 static int nl80211_set_beacon(struct sk_buff *skb, struct genl_info *info)
3281 {
3282 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3283 struct net_device *dev = info->user_ptr[1];
3284 struct wireless_dev *wdev = dev->ieee80211_ptr;
3285 struct cfg80211_beacon_data params;
3286 int err;
3287
3288 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
3289 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3290 return -EOPNOTSUPP;
3291
3292 if (!rdev->ops->change_beacon)
3293 return -EOPNOTSUPP;
3294
3295 if (!wdev->beacon_interval)
3296 return -EINVAL;
3297
3298 err = nl80211_parse_beacon(info->attrs, &params);
3299 if (err)
3300 return err;
3301
3302 wdev_lock(wdev);
3303 err = rdev_change_beacon(rdev, dev, &params);
3304 wdev_unlock(wdev);
3305
3306 return err;
3307 }
3308
3309 static int nl80211_stop_ap(struct sk_buff *skb, struct genl_info *info)
3310 {
3311 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3312 struct net_device *dev = info->user_ptr[1];
3313
3314 return cfg80211_stop_ap(rdev, dev);
3315 }
3316
3317 static const struct nla_policy sta_flags_policy[NL80211_STA_FLAG_MAX + 1] = {
3318 [NL80211_STA_FLAG_AUTHORIZED] = { .type = NLA_FLAG },
3319 [NL80211_STA_FLAG_SHORT_PREAMBLE] = { .type = NLA_FLAG },
3320 [NL80211_STA_FLAG_WME] = { .type = NLA_FLAG },
3321 [NL80211_STA_FLAG_MFP] = { .type = NLA_FLAG },
3322 [NL80211_STA_FLAG_AUTHENTICATED] = { .type = NLA_FLAG },
3323 [NL80211_STA_FLAG_TDLS_PEER] = { .type = NLA_FLAG },
3324 };
3325
3326 static int parse_station_flags(struct genl_info *info,
3327 enum nl80211_iftype iftype,
3328 struct station_parameters *params)
3329 {
3330 struct nlattr *flags[NL80211_STA_FLAG_MAX + 1];
3331 struct nlattr *nla;
3332 int flag;
3333
3334 /*
3335 * Try parsing the new attribute first so userspace
3336 * can specify both for older kernels.
3337 */
3338 nla = info->attrs[NL80211_ATTR_STA_FLAGS2];
3339 if (nla) {
3340 struct nl80211_sta_flag_update *sta_flags;
3341
3342 sta_flags = nla_data(nla);
3343 params->sta_flags_mask = sta_flags->mask;
3344 params->sta_flags_set = sta_flags->set;
3345 params->sta_flags_set &= params->sta_flags_mask;
3346 if ((params->sta_flags_mask |
3347 params->sta_flags_set) & BIT(__NL80211_STA_FLAG_INVALID))
3348 return -EINVAL;
3349 return 0;
3350 }
3351
3352 /* if present, parse the old attribute */
3353
3354 nla = info->attrs[NL80211_ATTR_STA_FLAGS];
3355 if (!nla)
3356 return 0;
3357
3358 if (nla_parse_nested(flags, NL80211_STA_FLAG_MAX,
3359 nla, sta_flags_policy))
3360 return -EINVAL;
3361
3362 /*
3363 * Only allow certain flags for interface types so that
3364 * other attributes are silently ignored. Remember that
3365 * this is backward compatibility code with old userspace
3366 * and shouldn't be hit in other cases anyway.
3367 */
3368 switch (iftype) {
3369 case NL80211_IFTYPE_AP:
3370 case NL80211_IFTYPE_AP_VLAN:
3371 case NL80211_IFTYPE_P2P_GO:
3372 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
3373 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
3374 BIT(NL80211_STA_FLAG_WME) |
3375 BIT(NL80211_STA_FLAG_MFP);
3376 break;
3377 case NL80211_IFTYPE_P2P_CLIENT:
3378 case NL80211_IFTYPE_STATION:
3379 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
3380 BIT(NL80211_STA_FLAG_TDLS_PEER);
3381 break;
3382 case NL80211_IFTYPE_MESH_POINT:
3383 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHENTICATED) |
3384 BIT(NL80211_STA_FLAG_MFP) |
3385 BIT(NL80211_STA_FLAG_AUTHORIZED);
3386 default:
3387 return -EINVAL;
3388 }
3389
3390 for (flag = 1; flag <= NL80211_STA_FLAG_MAX; flag++) {
3391 if (flags[flag]) {
3392 params->sta_flags_set |= (1<<flag);
3393
3394 /* no longer support new API additions in old API */
3395 if (flag > NL80211_STA_FLAG_MAX_OLD_API)
3396 return -EINVAL;
3397 }
3398 }
3399
3400 return 0;
3401 }
3402
3403 static bool nl80211_put_sta_rate(struct sk_buff *msg, struct rate_info *info,
3404 int attr)
3405 {
3406 struct nlattr *rate;
3407 u32 bitrate;
3408 u16 bitrate_compat;
3409
3410 rate = nla_nest_start(msg, attr);
3411 if (!rate)
3412 return false;
3413
3414 /* cfg80211_calculate_bitrate will return 0 for mcs >= 32 */
3415 bitrate = cfg80211_calculate_bitrate(info);
3416 /* report 16-bit bitrate only if we can */
3417 bitrate_compat = bitrate < (1UL << 16) ? bitrate : 0;
3418 if (bitrate > 0 &&
3419 nla_put_u32(msg, NL80211_RATE_INFO_BITRATE32, bitrate))
3420 return false;
3421 if (bitrate_compat > 0 &&
3422 nla_put_u16(msg, NL80211_RATE_INFO_BITRATE, bitrate_compat))
3423 return false;
3424
3425 if (info->flags & RATE_INFO_FLAGS_MCS) {
3426 if (nla_put_u8(msg, NL80211_RATE_INFO_MCS, info->mcs))
3427 return false;
3428 if (info->flags & RATE_INFO_FLAGS_40_MHZ_WIDTH &&
3429 nla_put_flag(msg, NL80211_RATE_INFO_40_MHZ_WIDTH))
3430 return false;
3431 if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
3432 nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
3433 return false;
3434 } else if (info->flags & RATE_INFO_FLAGS_VHT_MCS) {
3435 if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_MCS, info->mcs))
3436 return false;
3437 if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_NSS, info->nss))
3438 return false;
3439 if (info->flags & RATE_INFO_FLAGS_40_MHZ_WIDTH &&
3440 nla_put_flag(msg, NL80211_RATE_INFO_40_MHZ_WIDTH))
3441 return false;
3442 if (info->flags & RATE_INFO_FLAGS_80_MHZ_WIDTH &&
3443 nla_put_flag(msg, NL80211_RATE_INFO_80_MHZ_WIDTH))
3444 return false;
3445 if (info->flags & RATE_INFO_FLAGS_80P80_MHZ_WIDTH &&
3446 nla_put_flag(msg, NL80211_RATE_INFO_80P80_MHZ_WIDTH))
3447 return false;
3448 if (info->flags & RATE_INFO_FLAGS_160_MHZ_WIDTH &&
3449 nla_put_flag(msg, NL80211_RATE_INFO_160_MHZ_WIDTH))
3450 return false;
3451 if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
3452 nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
3453 return false;
3454 }
3455
3456 nla_nest_end(msg, rate);
3457 return true;
3458 }
3459
3460 static bool nl80211_put_signal(struct sk_buff *msg, u8 mask, s8 *signal,
3461 int id)
3462 {
3463 void *attr;
3464 int i = 0;
3465
3466 if (!mask)
3467 return true;
3468
3469 attr = nla_nest_start(msg, id);
3470 if (!attr)
3471 return false;
3472
3473 for (i = 0; i < IEEE80211_MAX_CHAINS; i++) {
3474 if (!(mask & BIT(i)))
3475 continue;
3476
3477 if (nla_put_u8(msg, i, signal[i]))
3478 return false;
3479 }
3480
3481 nla_nest_end(msg, attr);
3482
3483 return true;
3484 }
3485
3486 static int nl80211_send_station(struct sk_buff *msg, u32 portid, u32 seq,
3487 int flags,
3488 struct cfg80211_registered_device *rdev,
3489 struct net_device *dev,
3490 const u8 *mac_addr, struct station_info *sinfo)
3491 {
3492 void *hdr;
3493 struct nlattr *sinfoattr, *bss_param;
3494
3495 hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_STATION);
3496 if (!hdr)
3497 return -1;
3498
3499 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
3500 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
3501 nla_put_u32(msg, NL80211_ATTR_GENERATION, sinfo->generation))
3502 goto nla_put_failure;
3503
3504 sinfoattr = nla_nest_start(msg, NL80211_ATTR_STA_INFO);
3505 if (!sinfoattr)
3506 goto nla_put_failure;
3507 if ((sinfo->filled & STATION_INFO_CONNECTED_TIME) &&
3508 nla_put_u32(msg, NL80211_STA_INFO_CONNECTED_TIME,
3509 sinfo->connected_time))
3510 goto nla_put_failure;
3511 if ((sinfo->filled & STATION_INFO_INACTIVE_TIME) &&
3512 nla_put_u32(msg, NL80211_STA_INFO_INACTIVE_TIME,
3513 sinfo->inactive_time))
3514 goto nla_put_failure;
3515 if ((sinfo->filled & (STATION_INFO_RX_BYTES |
3516 STATION_INFO_RX_BYTES64)) &&
3517 nla_put_u32(msg, NL80211_STA_INFO_RX_BYTES,
3518 (u32)sinfo->rx_bytes))
3519 goto nla_put_failure;
3520 if ((sinfo->filled & (STATION_INFO_TX_BYTES |
3521 STATION_INFO_TX_BYTES64)) &&
3522 nla_put_u32(msg, NL80211_STA_INFO_TX_BYTES,
3523 (u32)sinfo->tx_bytes))
3524 goto nla_put_failure;
3525 if ((sinfo->filled & STATION_INFO_RX_BYTES64) &&
3526 nla_put_u64(msg, NL80211_STA_INFO_RX_BYTES64,
3527 sinfo->rx_bytes))
3528 goto nla_put_failure;
3529 if ((sinfo->filled & STATION_INFO_TX_BYTES64) &&
3530 nla_put_u64(msg, NL80211_STA_INFO_TX_BYTES64,
3531 sinfo->tx_bytes))
3532 goto nla_put_failure;
3533 if ((sinfo->filled & STATION_INFO_LLID) &&
3534 nla_put_u16(msg, NL80211_STA_INFO_LLID, sinfo->llid))
3535 goto nla_put_failure;
3536 if ((sinfo->filled & STATION_INFO_PLID) &&
3537 nla_put_u16(msg, NL80211_STA_INFO_PLID, sinfo->plid))
3538 goto nla_put_failure;
3539 if ((sinfo->filled & STATION_INFO_PLINK_STATE) &&
3540 nla_put_u8(msg, NL80211_STA_INFO_PLINK_STATE,
3541 sinfo->plink_state))
3542 goto nla_put_failure;
3543 switch (rdev->wiphy.signal_type) {
3544 case CFG80211_SIGNAL_TYPE_MBM:
3545 if ((sinfo->filled & STATION_INFO_SIGNAL) &&
3546 nla_put_u8(msg, NL80211_STA_INFO_SIGNAL,
3547 sinfo->signal))
3548 goto nla_put_failure;
3549 if ((sinfo->filled & STATION_INFO_SIGNAL_AVG) &&
3550 nla_put_u8(msg, NL80211_STA_INFO_SIGNAL_AVG,
3551 sinfo->signal_avg))
3552 goto nla_put_failure;
3553 break;
3554 default:
3555 break;
3556 }
3557 if (sinfo->filled & STATION_INFO_CHAIN_SIGNAL) {
3558 if (!nl80211_put_signal(msg, sinfo->chains,
3559 sinfo->chain_signal,
3560 NL80211_STA_INFO_CHAIN_SIGNAL))
3561 goto nla_put_failure;
3562 }
3563 if (sinfo->filled & STATION_INFO_CHAIN_SIGNAL_AVG) {
3564 if (!nl80211_put_signal(msg, sinfo->chains,
3565 sinfo->chain_signal_avg,
3566 NL80211_STA_INFO_CHAIN_SIGNAL_AVG))
3567 goto nla_put_failure;
3568 }
3569 if (sinfo->filled & STATION_INFO_TX_BITRATE) {
3570 if (!nl80211_put_sta_rate(msg, &sinfo->txrate,
3571 NL80211_STA_INFO_TX_BITRATE))
3572 goto nla_put_failure;
3573 }
3574 if (sinfo->filled & STATION_INFO_RX_BITRATE) {
3575 if (!nl80211_put_sta_rate(msg, &sinfo->rxrate,
3576 NL80211_STA_INFO_RX_BITRATE))
3577 goto nla_put_failure;
3578 }
3579 if ((sinfo->filled & STATION_INFO_RX_PACKETS) &&
3580 nla_put_u32(msg, NL80211_STA_INFO_RX_PACKETS,
3581 sinfo->rx_packets))
3582 goto nla_put_failure;
3583 if ((sinfo->filled & STATION_INFO_TX_PACKETS) &&
3584 nla_put_u32(msg, NL80211_STA_INFO_TX_PACKETS,
3585 sinfo->tx_packets))
3586 goto nla_put_failure;
3587 if ((sinfo->filled & STATION_INFO_TX_RETRIES) &&
3588 nla_put_u32(msg, NL80211_STA_INFO_TX_RETRIES,
3589 sinfo->tx_retries))
3590 goto nla_put_failure;
3591 if ((sinfo->filled & STATION_INFO_TX_FAILED) &&
3592 nla_put_u32(msg, NL80211_STA_INFO_TX_FAILED,
3593 sinfo->tx_failed))
3594 goto nla_put_failure;
3595 if ((sinfo->filled & STATION_INFO_BEACON_LOSS_COUNT) &&
3596 nla_put_u32(msg, NL80211_STA_INFO_BEACON_LOSS,
3597 sinfo->beacon_loss_count))
3598 goto nla_put_failure;
3599 if ((sinfo->filled & STATION_INFO_LOCAL_PM) &&
3600 nla_put_u32(msg, NL80211_STA_INFO_LOCAL_PM,
3601 sinfo->local_pm))
3602 goto nla_put_failure;
3603 if ((sinfo->filled & STATION_INFO_PEER_PM) &&
3604 nla_put_u32(msg, NL80211_STA_INFO_PEER_PM,
3605 sinfo->peer_pm))
3606 goto nla_put_failure;
3607 if ((sinfo->filled & STATION_INFO_NONPEER_PM) &&
3608 nla_put_u32(msg, NL80211_STA_INFO_NONPEER_PM,
3609 sinfo->nonpeer_pm))
3610 goto nla_put_failure;
3611 if (sinfo->filled & STATION_INFO_BSS_PARAM) {
3612 bss_param = nla_nest_start(msg, NL80211_STA_INFO_BSS_PARAM);
3613 if (!bss_param)
3614 goto nla_put_failure;
3615
3616 if (((sinfo->bss_param.flags & BSS_PARAM_FLAGS_CTS_PROT) &&
3617 nla_put_flag(msg, NL80211_STA_BSS_PARAM_CTS_PROT)) ||
3618 ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_PREAMBLE) &&
3619 nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_PREAMBLE)) ||
3620 ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_SLOT_TIME) &&
3621 nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_SLOT_TIME)) ||
3622 nla_put_u8(msg, NL80211_STA_BSS_PARAM_DTIM_PERIOD,
3623 sinfo->bss_param.dtim_period) ||
3624 nla_put_u16(msg, NL80211_STA_BSS_PARAM_BEACON_INTERVAL,
3625 sinfo->bss_param.beacon_interval))
3626 goto nla_put_failure;
3627
3628 nla_nest_end(msg, bss_param);
3629 }
3630 if ((sinfo->filled & STATION_INFO_STA_FLAGS) &&
3631 nla_put(msg, NL80211_STA_INFO_STA_FLAGS,
3632 sizeof(struct nl80211_sta_flag_update),
3633 &sinfo->sta_flags))
3634 goto nla_put_failure;
3635 if ((sinfo->filled & STATION_INFO_T_OFFSET) &&
3636 nla_put_u64(msg, NL80211_STA_INFO_T_OFFSET,
3637 sinfo->t_offset))
3638 goto nla_put_failure;
3639 nla_nest_end(msg, sinfoattr);
3640
3641 if ((sinfo->filled & STATION_INFO_ASSOC_REQ_IES) &&
3642 nla_put(msg, NL80211_ATTR_IE, sinfo->assoc_req_ies_len,
3643 sinfo->assoc_req_ies))
3644 goto nla_put_failure;
3645
3646 return genlmsg_end(msg, hdr);
3647
3648 nla_put_failure:
3649 genlmsg_cancel(msg, hdr);
3650 return -EMSGSIZE;
3651 }
3652
3653 static int nl80211_dump_station(struct sk_buff *skb,
3654 struct netlink_callback *cb)
3655 {
3656 struct station_info sinfo;
3657 struct cfg80211_registered_device *dev;
3658 struct wireless_dev *wdev;
3659 u8 mac_addr[ETH_ALEN];
3660 int sta_idx = cb->args[2];
3661 int err;
3662
3663 err = nl80211_prepare_wdev_dump(skb, cb, &dev, &wdev);
3664 if (err)
3665 return err;
3666
3667 if (!wdev->netdev) {
3668 err = -EINVAL;
3669 goto out_err;
3670 }
3671
3672 if (!dev->ops->dump_station) {
3673 err = -EOPNOTSUPP;
3674 goto out_err;
3675 }
3676
3677 while (1) {
3678 memset(&sinfo, 0, sizeof(sinfo));
3679 err = rdev_dump_station(dev, wdev->netdev, sta_idx,
3680 mac_addr, &sinfo);
3681 if (err == -ENOENT)
3682 break;
3683 if (err)
3684 goto out_err;
3685
3686 if (nl80211_send_station(skb,
3687 NETLINK_CB(cb->skb).portid,
3688 cb->nlh->nlmsg_seq, NLM_F_MULTI,
3689 dev, wdev->netdev, mac_addr,
3690 &sinfo) < 0)
3691 goto out;
3692
3693 sta_idx++;
3694 }
3695
3696
3697 out:
3698 cb->args[2] = sta_idx;
3699 err = skb->len;
3700 out_err:
3701 nl80211_finish_wdev_dump(dev);
3702
3703 return err;
3704 }
3705
3706 static int nl80211_get_station(struct sk_buff *skb, struct genl_info *info)
3707 {
3708 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3709 struct net_device *dev = info->user_ptr[1];
3710 struct station_info sinfo;
3711 struct sk_buff *msg;
3712 u8 *mac_addr = NULL;
3713 int err;
3714
3715 memset(&sinfo, 0, sizeof(sinfo));
3716
3717 if (!info->attrs[NL80211_ATTR_MAC])
3718 return -EINVAL;
3719
3720 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3721
3722 if (!rdev->ops->get_station)
3723 return -EOPNOTSUPP;
3724
3725 err = rdev_get_station(rdev, dev, mac_addr, &sinfo);
3726 if (err)
3727 return err;
3728
3729 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3730 if (!msg)
3731 return -ENOMEM;
3732
3733 if (nl80211_send_station(msg, info->snd_portid, info->snd_seq, 0,
3734 rdev, dev, mac_addr, &sinfo) < 0) {
3735 nlmsg_free(msg);
3736 return -ENOBUFS;
3737 }
3738
3739 return genlmsg_reply(msg, info);
3740 }
3741
3742 int cfg80211_check_station_change(struct wiphy *wiphy,
3743 struct station_parameters *params,
3744 enum cfg80211_station_type statype)
3745 {
3746 if (params->listen_interval != -1)
3747 return -EINVAL;
3748 if (params->aid)
3749 return -EINVAL;
3750
3751 /* When you run into this, adjust the code below for the new flag */
3752 BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 7);
3753
3754 switch (statype) {
3755 case CFG80211_STA_MESH_PEER_KERNEL:
3756 case CFG80211_STA_MESH_PEER_USER:
3757 /*
3758 * No ignoring the TDLS flag here -- the userspace mesh
3759 * code doesn't have the bug of including TDLS in the
3760 * mask everywhere.
3761 */
3762 if (params->sta_flags_mask &
3763 ~(BIT(NL80211_STA_FLAG_AUTHENTICATED) |
3764 BIT(NL80211_STA_FLAG_MFP) |
3765 BIT(NL80211_STA_FLAG_AUTHORIZED)))
3766 return -EINVAL;
3767 break;
3768 case CFG80211_STA_TDLS_PEER_SETUP:
3769 case CFG80211_STA_TDLS_PEER_ACTIVE:
3770 if (!(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
3771 return -EINVAL;
3772 /* ignore since it can't change */
3773 params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
3774 break;
3775 default:
3776 /* disallow mesh-specific things */
3777 if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION)
3778 return -EINVAL;
3779 if (params->local_pm)
3780 return -EINVAL;
3781 if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE)
3782 return -EINVAL;
3783 }
3784
3785 if (statype != CFG80211_STA_TDLS_PEER_SETUP &&
3786 statype != CFG80211_STA_TDLS_PEER_ACTIVE) {
3787 /* TDLS can't be set, ... */
3788 if (params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))
3789 return -EINVAL;
3790 /*
3791 * ... but don't bother the driver with it. This works around
3792 * a hostapd/wpa_supplicant issue -- it always includes the
3793 * TLDS_PEER flag in the mask even for AP mode.
3794 */
3795 params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
3796 }
3797
3798 if (statype != CFG80211_STA_TDLS_PEER_SETUP) {
3799 /* reject other things that can't change */
3800 if (params->sta_modify_mask & STATION_PARAM_APPLY_UAPSD)
3801 return -EINVAL;
3802 if (params->sta_modify_mask & STATION_PARAM_APPLY_CAPABILITY)
3803 return -EINVAL;
3804 if (params->supported_rates)
3805 return -EINVAL;
3806 if (params->ext_capab || params->ht_capa || params->vht_capa)
3807 return -EINVAL;
3808 }
3809
3810 if (statype != CFG80211_STA_AP_CLIENT) {
3811 if (params->vlan)
3812 return -EINVAL;
3813 }
3814
3815 switch (statype) {
3816 case CFG80211_STA_AP_MLME_CLIENT:
3817 /* Use this only for authorizing/unauthorizing a station */
3818 if (!(params->sta_flags_mask & BIT(NL80211_STA_FLAG_AUTHORIZED)))
3819 return -EOPNOTSUPP;
3820 break;
3821 case CFG80211_STA_AP_CLIENT:
3822 /* accept only the listed bits */
3823 if (params->sta_flags_mask &
3824 ~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
3825 BIT(NL80211_STA_FLAG_AUTHENTICATED) |
3826 BIT(NL80211_STA_FLAG_ASSOCIATED) |
3827 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
3828 BIT(NL80211_STA_FLAG_WME) |
3829 BIT(NL80211_STA_FLAG_MFP)))
3830 return -EINVAL;
3831
3832 /* but authenticated/associated only if driver handles it */
3833 if (!(wiphy->features & NL80211_FEATURE_FULL_AP_CLIENT_STATE) &&
3834 params->sta_flags_mask &
3835 (BIT(NL80211_STA_FLAG_AUTHENTICATED) |
3836 BIT(NL80211_STA_FLAG_ASSOCIATED)))
3837 return -EINVAL;
3838 break;
3839 case CFG80211_STA_IBSS:
3840 case CFG80211_STA_AP_STA:
3841 /* reject any changes other than AUTHORIZED */
3842 if (params->sta_flags_mask & ~BIT(NL80211_STA_FLAG_AUTHORIZED))
3843 return -EINVAL;
3844 break;
3845 case CFG80211_STA_TDLS_PEER_SETUP:
3846 /* reject any changes other than AUTHORIZED or WME */
3847 if (params->sta_flags_mask & ~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
3848 BIT(NL80211_STA_FLAG_WME)))
3849 return -EINVAL;
3850 /* force (at least) rates when authorizing */
3851 if (params->sta_flags_set & BIT(NL80211_STA_FLAG_AUTHORIZED) &&
3852 !params->supported_rates)
3853 return -EINVAL;
3854 break;
3855 case CFG80211_STA_TDLS_PEER_ACTIVE:
3856 /* reject any changes */
3857 return -EINVAL;
3858 case CFG80211_STA_MESH_PEER_KERNEL:
3859 if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE)
3860 return -EINVAL;
3861 break;
3862 case CFG80211_STA_MESH_PEER_USER:
3863 if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION)
3864 return -EINVAL;
3865 break;
3866 }
3867
3868 return 0;
3869 }
3870 EXPORT_SYMBOL(cfg80211_check_station_change);
3871
3872 /*
3873 * Get vlan interface making sure it is running and on the right wiphy.
3874 */
3875 static struct net_device *get_vlan(struct genl_info *info,
3876 struct cfg80211_registered_device *rdev)
3877 {
3878 struct nlattr *vlanattr = info->attrs[NL80211_ATTR_STA_VLAN];
3879 struct net_device *v;
3880 int ret;
3881
3882 if (!vlanattr)
3883 return NULL;
3884
3885 v = dev_get_by_index(genl_info_net(info), nla_get_u32(vlanattr));
3886 if (!v)
3887 return ERR_PTR(-ENODEV);
3888
3889 if (!v->ieee80211_ptr || v->ieee80211_ptr->wiphy != &rdev->wiphy) {
3890 ret = -EINVAL;
3891 goto error;
3892 }
3893
3894 if (v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
3895 v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
3896 v->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) {
3897 ret = -EINVAL;
3898 goto error;
3899 }
3900
3901 if (!netif_running(v)) {
3902 ret = -ENETDOWN;
3903 goto error;
3904 }
3905
3906 return v;
3907 error:
3908 dev_put(v);
3909 return ERR_PTR(ret);
3910 }
3911
3912 static struct nla_policy
3913 nl80211_sta_wme_policy[NL80211_STA_WME_MAX + 1] __read_mostly = {
3914 [NL80211_STA_WME_UAPSD_QUEUES] = { .type = NLA_U8 },
3915 [NL80211_STA_WME_MAX_SP] = { .type = NLA_U8 },
3916 };
3917
3918 static int nl80211_parse_sta_wme(struct genl_info *info,
3919 struct station_parameters *params)
3920 {
3921 struct nlattr *tb[NL80211_STA_WME_MAX + 1];
3922 struct nlattr *nla;
3923 int err;
3924
3925 /* parse WME attributes if present */
3926 if (!info->attrs[NL80211_ATTR_STA_WME])
3927 return 0;
3928
3929 nla = info->attrs[NL80211_ATTR_STA_WME];
3930 err = nla_parse_nested(tb, NL80211_STA_WME_MAX, nla,
3931 nl80211_sta_wme_policy);
3932 if (err)
3933 return err;
3934
3935 if (tb[NL80211_STA_WME_UAPSD_QUEUES])
3936 params->uapsd_queues = nla_get_u8(
3937 tb[NL80211_STA_WME_UAPSD_QUEUES]);
3938 if (params->uapsd_queues & ~IEEE80211_WMM_IE_STA_QOSINFO_AC_MASK)
3939 return -EINVAL;
3940
3941 if (tb[NL80211_STA_WME_MAX_SP])
3942 params->max_sp = nla_get_u8(tb[NL80211_STA_WME_MAX_SP]);
3943
3944 if (params->max_sp & ~IEEE80211_WMM_IE_STA_QOSINFO_SP_MASK)
3945 return -EINVAL;
3946
3947 params->sta_modify_mask |= STATION_PARAM_APPLY_UAPSD;
3948
3949 return 0;
3950 }
3951
3952 static int nl80211_parse_sta_channel_info(struct genl_info *info,
3953 struct station_parameters *params)
3954 {
3955 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]) {
3956 params->supported_channels =
3957 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]);
3958 params->supported_channels_len =
3959 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]);
3960 /*
3961 * Need to include at least one (first channel, number of
3962 * channels) tuple for each subband, and must have proper
3963 * tuples for the rest of the data as well.
3964 */
3965 if (params->supported_channels_len < 2)
3966 return -EINVAL;
3967 if (params->supported_channels_len % 2)
3968 return -EINVAL;
3969 }
3970
3971 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]) {
3972 params->supported_oper_classes =
3973 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]);
3974 params->supported_oper_classes_len =
3975 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]);
3976 /*
3977 * The value of the Length field of the Supported Operating
3978 * Classes element is between 2 and 253.
3979 */
3980 if (params->supported_oper_classes_len < 2 ||
3981 params->supported_oper_classes_len > 253)
3982 return -EINVAL;
3983 }
3984 return 0;
3985 }
3986
3987 static int nl80211_set_station_tdls(struct genl_info *info,
3988 struct station_parameters *params)
3989 {
3990 int err;
3991 /* Dummy STA entry gets updated once the peer capabilities are known */
3992 if (info->attrs[NL80211_ATTR_PEER_AID])
3993 params->aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
3994 if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
3995 params->ht_capa =
3996 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
3997 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
3998 params->vht_capa =
3999 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
4000
4001 err = nl80211_parse_sta_channel_info(info, params);
4002 if (err)
4003 return err;
4004
4005 return nl80211_parse_sta_wme(info, params);
4006 }
4007
4008 static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info)
4009 {
4010 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4011 struct net_device *dev = info->user_ptr[1];
4012 struct station_parameters params;
4013 u8 *mac_addr;
4014 int err;
4015
4016 memset(&params, 0, sizeof(params));
4017
4018 params.listen_interval = -1;
4019
4020 if (!rdev->ops->change_station)
4021 return -EOPNOTSUPP;
4022
4023 if (info->attrs[NL80211_ATTR_STA_AID])
4024 return -EINVAL;
4025
4026 if (!info->attrs[NL80211_ATTR_MAC])
4027 return -EINVAL;
4028
4029 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4030
4031 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) {
4032 params.supported_rates =
4033 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
4034 params.supported_rates_len =
4035 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
4036 }
4037
4038 if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
4039 params.capability =
4040 nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]);
4041 params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY;
4042 }
4043
4044 if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) {
4045 params.ext_capab =
4046 nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
4047 params.ext_capab_len =
4048 nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
4049 }
4050
4051 if (info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
4052 return -EINVAL;
4053
4054 if (parse_station_flags(info, dev->ieee80211_ptr->iftype, &params))
4055 return -EINVAL;
4056
4057 if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION]) {
4058 params.plink_action =
4059 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
4060 if (params.plink_action >= NUM_NL80211_PLINK_ACTIONS)
4061 return -EINVAL;
4062 }
4063
4064 if (info->attrs[NL80211_ATTR_STA_PLINK_STATE]) {
4065 params.plink_state =
4066 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_STATE]);
4067 if (params.plink_state >= NUM_NL80211_PLINK_STATES)
4068 return -EINVAL;
4069 params.sta_modify_mask |= STATION_PARAM_APPLY_PLINK_STATE;
4070 }
4071
4072 if (info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE]) {
4073 enum nl80211_mesh_power_mode pm = nla_get_u32(
4074 info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE]);
4075
4076 if (pm <= NL80211_MESH_POWER_UNKNOWN ||
4077 pm > NL80211_MESH_POWER_MAX)
4078 return -EINVAL;
4079
4080 params.local_pm = pm;
4081 }
4082
4083 /* Include parameters for TDLS peer (will check later) */
4084 err = nl80211_set_station_tdls(info, &params);
4085 if (err)
4086 return err;
4087
4088 params.vlan = get_vlan(info, rdev);
4089 if (IS_ERR(params.vlan))
4090 return PTR_ERR(params.vlan);
4091
4092 switch (dev->ieee80211_ptr->iftype) {
4093 case NL80211_IFTYPE_AP:
4094 case NL80211_IFTYPE_AP_VLAN:
4095 case NL80211_IFTYPE_P2P_GO:
4096 case NL80211_IFTYPE_P2P_CLIENT:
4097 case NL80211_IFTYPE_STATION:
4098 case NL80211_IFTYPE_ADHOC:
4099 case NL80211_IFTYPE_MESH_POINT:
4100 break;
4101 default:
4102 err = -EOPNOTSUPP;
4103 goto out_put_vlan;
4104 }
4105
4106 /* driver will call cfg80211_check_station_change() */
4107 err = rdev_change_station(rdev, dev, mac_addr, &params);
4108
4109 out_put_vlan:
4110 if (params.vlan)
4111 dev_put(params.vlan);
4112
4113 return err;
4114 }
4115
4116 static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info)
4117 {
4118 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4119 int err;
4120 struct net_device *dev = info->user_ptr[1];
4121 struct station_parameters params;
4122 u8 *mac_addr = NULL;
4123
4124 memset(&params, 0, sizeof(params));
4125
4126 if (!rdev->ops->add_station)
4127 return -EOPNOTSUPP;
4128
4129 if (!info->attrs[NL80211_ATTR_MAC])
4130 return -EINVAL;
4131
4132 if (!info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
4133 return -EINVAL;
4134
4135 if (!info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES])
4136 return -EINVAL;
4137
4138 if (!info->attrs[NL80211_ATTR_STA_AID] &&
4139 !info->attrs[NL80211_ATTR_PEER_AID])
4140 return -EINVAL;
4141
4142 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4143 params.supported_rates =
4144 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
4145 params.supported_rates_len =
4146 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
4147 params.listen_interval =
4148 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
4149
4150 if (info->attrs[NL80211_ATTR_PEER_AID])
4151 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
4152 else
4153 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
4154 if (!params.aid || params.aid > IEEE80211_MAX_AID)
4155 return -EINVAL;
4156
4157 if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
4158 params.capability =
4159 nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]);
4160 params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY;
4161 }
4162
4163 if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) {
4164 params.ext_capab =
4165 nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
4166 params.ext_capab_len =
4167 nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
4168 }
4169
4170 if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
4171 params.ht_capa =
4172 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
4173
4174 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
4175 params.vht_capa =
4176 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
4177
4178 if (info->attrs[NL80211_ATTR_OPMODE_NOTIF]) {
4179 params.opmode_notif_used = true;
4180 params.opmode_notif =
4181 nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]);
4182 }
4183
4184 if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION]) {
4185 params.plink_action =
4186 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
4187 if (params.plink_action >= NUM_NL80211_PLINK_ACTIONS)
4188 return -EINVAL;
4189 }
4190
4191 err = nl80211_parse_sta_channel_info(info, &params);
4192 if (err)
4193 return err;
4194
4195 err = nl80211_parse_sta_wme(info, &params);
4196 if (err)
4197 return err;
4198
4199 if (parse_station_flags(info, dev->ieee80211_ptr->iftype, &params))
4200 return -EINVAL;
4201
4202 /* When you run into this, adjust the code below for the new flag */
4203 BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 7);
4204
4205 switch (dev->ieee80211_ptr->iftype) {
4206 case NL80211_IFTYPE_AP:
4207 case NL80211_IFTYPE_AP_VLAN:
4208 case NL80211_IFTYPE_P2P_GO:
4209 /* ignore WME attributes if iface/sta is not capable */
4210 if (!(rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) ||
4211 !(params.sta_flags_set & BIT(NL80211_STA_FLAG_WME)))
4212 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
4213
4214 /* TDLS peers cannot be added */
4215 if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) ||
4216 info->attrs[NL80211_ATTR_PEER_AID])
4217 return -EINVAL;
4218 /* but don't bother the driver with it */
4219 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
4220
4221 /* allow authenticated/associated only if driver handles it */
4222 if (!(rdev->wiphy.features &
4223 NL80211_FEATURE_FULL_AP_CLIENT_STATE) &&
4224 params.sta_flags_mask &
4225 (BIT(NL80211_STA_FLAG_AUTHENTICATED) |
4226 BIT(NL80211_STA_FLAG_ASSOCIATED)))
4227 return -EINVAL;
4228
4229 /* must be last in here for error handling */
4230 params.vlan = get_vlan(info, rdev);
4231 if (IS_ERR(params.vlan))
4232 return PTR_ERR(params.vlan);
4233 break;
4234 case NL80211_IFTYPE_MESH_POINT:
4235 /* ignore uAPSD data */
4236 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
4237
4238 /* associated is disallowed */
4239 if (params.sta_flags_mask & BIT(NL80211_STA_FLAG_ASSOCIATED))
4240 return -EINVAL;
4241 /* TDLS peers cannot be added */
4242 if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) ||
4243 info->attrs[NL80211_ATTR_PEER_AID])
4244 return -EINVAL;
4245 break;
4246 case NL80211_IFTYPE_STATION:
4247 case NL80211_IFTYPE_P2P_CLIENT:
4248 /* ignore uAPSD data */
4249 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
4250
4251 /* these are disallowed */
4252 if (params.sta_flags_mask &
4253 (BIT(NL80211_STA_FLAG_ASSOCIATED) |
4254 BIT(NL80211_STA_FLAG_AUTHENTICATED)))
4255 return -EINVAL;
4256 /* Only TDLS peers can be added */
4257 if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
4258 return -EINVAL;
4259 /* Can only add if TDLS ... */
4260 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS))
4261 return -EOPNOTSUPP;
4262 /* ... with external setup is supported */
4263 if (!(rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP))
4264 return -EOPNOTSUPP;
4265 /*
4266 * Older wpa_supplicant versions always mark the TDLS peer
4267 * as authorized, but it shouldn't yet be.
4268 */
4269 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_AUTHORIZED);
4270 break;
4271 default:
4272 return -EOPNOTSUPP;
4273 }
4274
4275 /* be aware of params.vlan when changing code here */
4276
4277 err = rdev_add_station(rdev, dev, mac_addr, &params);
4278
4279 if (params.vlan)
4280 dev_put(params.vlan);
4281 return err;
4282 }
4283
4284 static int nl80211_del_station(struct sk_buff *skb, struct genl_info *info)
4285 {
4286 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4287 struct net_device *dev = info->user_ptr[1];
4288 u8 *mac_addr = NULL;
4289
4290 if (info->attrs[NL80211_ATTR_MAC])
4291 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4292
4293 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
4294 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
4295 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
4296 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4297 return -EINVAL;
4298
4299 if (!rdev->ops->del_station)
4300 return -EOPNOTSUPP;
4301
4302 return rdev_del_station(rdev, dev, mac_addr);
4303 }
4304
4305 static int nl80211_send_mpath(struct sk_buff *msg, u32 portid, u32 seq,
4306 int flags, struct net_device *dev,
4307 u8 *dst, u8 *next_hop,
4308 struct mpath_info *pinfo)
4309 {
4310 void *hdr;
4311 struct nlattr *pinfoattr;
4312
4313 hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_STATION);
4314 if (!hdr)
4315 return -1;
4316
4317 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
4318 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, dst) ||
4319 nla_put(msg, NL80211_ATTR_MPATH_NEXT_HOP, ETH_ALEN, next_hop) ||
4320 nla_put_u32(msg, NL80211_ATTR_GENERATION, pinfo->generation))
4321 goto nla_put_failure;
4322
4323 pinfoattr = nla_nest_start(msg, NL80211_ATTR_MPATH_INFO);
4324 if (!pinfoattr)
4325 goto nla_put_failure;
4326 if ((pinfo->filled & MPATH_INFO_FRAME_QLEN) &&
4327 nla_put_u32(msg, NL80211_MPATH_INFO_FRAME_QLEN,
4328 pinfo->frame_qlen))
4329 goto nla_put_failure;
4330 if (((pinfo->filled & MPATH_INFO_SN) &&
4331 nla_put_u32(msg, NL80211_MPATH_INFO_SN, pinfo->sn)) ||
4332 ((pinfo->filled & MPATH_INFO_METRIC) &&
4333 nla_put_u32(msg, NL80211_MPATH_INFO_METRIC,
4334 pinfo->metric)) ||
4335 ((pinfo->filled & MPATH_INFO_EXPTIME) &&
4336 nla_put_u32(msg, NL80211_MPATH_INFO_EXPTIME,
4337 pinfo->exptime)) ||
4338 ((pinfo->filled & MPATH_INFO_FLAGS) &&
4339 nla_put_u8(msg, NL80211_MPATH_INFO_FLAGS,
4340 pinfo->flags)) ||
4341 ((pinfo->filled & MPATH_INFO_DISCOVERY_TIMEOUT) &&
4342 nla_put_u32(msg, NL80211_MPATH_INFO_DISCOVERY_TIMEOUT,
4343 pinfo->discovery_timeout)) ||
4344 ((pinfo->filled & MPATH_INFO_DISCOVERY_RETRIES) &&
4345 nla_put_u8(msg, NL80211_MPATH_INFO_DISCOVERY_RETRIES,
4346 pinfo->discovery_retries)))
4347 goto nla_put_failure;
4348
4349 nla_nest_end(msg, pinfoattr);
4350
4351 return genlmsg_end(msg, hdr);
4352
4353 nla_put_failure:
4354 genlmsg_cancel(msg, hdr);
4355 return -EMSGSIZE;
4356 }
4357
4358 static int nl80211_dump_mpath(struct sk_buff *skb,
4359 struct netlink_callback *cb)
4360 {
4361 struct mpath_info pinfo;
4362 struct cfg80211_registered_device *dev;
4363 struct wireless_dev *wdev;
4364 u8 dst[ETH_ALEN];
4365 u8 next_hop[ETH_ALEN];
4366 int path_idx = cb->args[2];
4367 int err;
4368
4369 err = nl80211_prepare_wdev_dump(skb, cb, &dev, &wdev);
4370 if (err)
4371 return err;
4372
4373 if (!dev->ops->dump_mpath) {
4374 err = -EOPNOTSUPP;
4375 goto out_err;
4376 }
4377
4378 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) {
4379 err = -EOPNOTSUPP;
4380 goto out_err;
4381 }
4382
4383 while (1) {
4384 err = rdev_dump_mpath(dev, wdev->netdev, path_idx, dst,
4385 next_hop, &pinfo);
4386 if (err == -ENOENT)
4387 break;
4388 if (err)
4389 goto out_err;
4390
4391 if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid,
4392 cb->nlh->nlmsg_seq, NLM_F_MULTI,
4393 wdev->netdev, dst, next_hop,
4394 &pinfo) < 0)
4395 goto out;
4396
4397 path_idx++;
4398 }
4399
4400
4401 out:
4402 cb->args[2] = path_idx;
4403 err = skb->len;
4404 out_err:
4405 nl80211_finish_wdev_dump(dev);
4406 return err;
4407 }
4408
4409 static int nl80211_get_mpath(struct sk_buff *skb, struct genl_info *info)
4410 {
4411 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4412 int err;
4413 struct net_device *dev = info->user_ptr[1];
4414 struct mpath_info pinfo;
4415 struct sk_buff *msg;
4416 u8 *dst = NULL;
4417 u8 next_hop[ETH_ALEN];
4418
4419 memset(&pinfo, 0, sizeof(pinfo));
4420
4421 if (!info->attrs[NL80211_ATTR_MAC])
4422 return -EINVAL;
4423
4424 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
4425
4426 if (!rdev->ops->get_mpath)
4427 return -EOPNOTSUPP;
4428
4429 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
4430 return -EOPNOTSUPP;
4431
4432 err = rdev_get_mpath(rdev, dev, dst, next_hop, &pinfo);
4433 if (err)
4434 return err;
4435
4436 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4437 if (!msg)
4438 return -ENOMEM;
4439
4440 if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0,
4441 dev, dst, next_hop, &pinfo) < 0) {
4442 nlmsg_free(msg);
4443 return -ENOBUFS;
4444 }
4445
4446 return genlmsg_reply(msg, info);
4447 }
4448
4449 static int nl80211_set_mpath(struct sk_buff *skb, struct genl_info *info)
4450 {
4451 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4452 struct net_device *dev = info->user_ptr[1];
4453 u8 *dst = NULL;
4454 u8 *next_hop = NULL;
4455
4456 if (!info->attrs[NL80211_ATTR_MAC])
4457 return -EINVAL;
4458
4459 if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
4460 return -EINVAL;
4461
4462 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
4463 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
4464
4465 if (!rdev->ops->change_mpath)
4466 return -EOPNOTSUPP;
4467
4468 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
4469 return -EOPNOTSUPP;
4470
4471 return rdev_change_mpath(rdev, dev, dst, next_hop);
4472 }
4473
4474 static int nl80211_new_mpath(struct sk_buff *skb, struct genl_info *info)
4475 {
4476 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4477 struct net_device *dev = info->user_ptr[1];
4478 u8 *dst = NULL;
4479 u8 *next_hop = NULL;
4480
4481 if (!info->attrs[NL80211_ATTR_MAC])
4482 return -EINVAL;
4483
4484 if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
4485 return -EINVAL;
4486
4487 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
4488 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
4489
4490 if (!rdev->ops->add_mpath)
4491 return -EOPNOTSUPP;
4492
4493 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
4494 return -EOPNOTSUPP;
4495
4496 return rdev_add_mpath(rdev, dev, dst, next_hop);
4497 }
4498
4499 static int nl80211_del_mpath(struct sk_buff *skb, struct genl_info *info)
4500 {
4501 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4502 struct net_device *dev = info->user_ptr[1];
4503 u8 *dst = NULL;
4504
4505 if (info->attrs[NL80211_ATTR_MAC])
4506 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
4507
4508 if (!rdev->ops->del_mpath)
4509 return -EOPNOTSUPP;
4510
4511 return rdev_del_mpath(rdev, dev, dst);
4512 }
4513
4514 static int nl80211_set_bss(struct sk_buff *skb, struct genl_info *info)
4515 {
4516 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4517 struct net_device *dev = info->user_ptr[1];
4518 struct wireless_dev *wdev = dev->ieee80211_ptr;
4519 struct bss_parameters params;
4520 int err;
4521
4522 memset(&params, 0, sizeof(params));
4523 /* default to not changing parameters */
4524 params.use_cts_prot = -1;
4525 params.use_short_preamble = -1;
4526 params.use_short_slot_time = -1;
4527 params.ap_isolate = -1;
4528 params.ht_opmode = -1;
4529 params.p2p_ctwindow = -1;
4530 params.p2p_opp_ps = -1;
4531
4532 if (info->attrs[NL80211_ATTR_BSS_CTS_PROT])
4533 params.use_cts_prot =
4534 nla_get_u8(info->attrs[NL80211_ATTR_BSS_CTS_PROT]);
4535 if (info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE])
4536 params.use_short_preamble =
4537 nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]);
4538 if (info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME])
4539 params.use_short_slot_time =
4540 nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]);
4541 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
4542 params.basic_rates =
4543 nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
4544 params.basic_rates_len =
4545 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
4546 }
4547 if (info->attrs[NL80211_ATTR_AP_ISOLATE])
4548 params.ap_isolate = !!nla_get_u8(info->attrs[NL80211_ATTR_AP_ISOLATE]);
4549 if (info->attrs[NL80211_ATTR_BSS_HT_OPMODE])
4550 params.ht_opmode =
4551 nla_get_u16(info->attrs[NL80211_ATTR_BSS_HT_OPMODE]);
4552
4553 if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
4554 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4555 return -EINVAL;
4556 params.p2p_ctwindow =
4557 nla_get_s8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
4558 if (params.p2p_ctwindow < 0)
4559 return -EINVAL;
4560 if (params.p2p_ctwindow != 0 &&
4561 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN))
4562 return -EINVAL;
4563 }
4564
4565 if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
4566 u8 tmp;
4567
4568 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4569 return -EINVAL;
4570 tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
4571 if (tmp > 1)
4572 return -EINVAL;
4573 params.p2p_opp_ps = tmp;
4574 if (params.p2p_opp_ps &&
4575 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS))
4576 return -EINVAL;
4577 }
4578
4579 if (!rdev->ops->change_bss)
4580 return -EOPNOTSUPP;
4581
4582 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
4583 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4584 return -EOPNOTSUPP;
4585
4586 wdev_lock(wdev);
4587 err = rdev_change_bss(rdev, dev, &params);
4588 wdev_unlock(wdev);
4589
4590 return err;
4591 }
4592
4593 static const struct nla_policy reg_rule_policy[NL80211_REG_RULE_ATTR_MAX + 1] = {
4594 [NL80211_ATTR_REG_RULE_FLAGS] = { .type = NLA_U32 },
4595 [NL80211_ATTR_FREQ_RANGE_START] = { .type = NLA_U32 },
4596 [NL80211_ATTR_FREQ_RANGE_END] = { .type = NLA_U32 },
4597 [NL80211_ATTR_FREQ_RANGE_MAX_BW] = { .type = NLA_U32 },
4598 [NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN] = { .type = NLA_U32 },
4599 [NL80211_ATTR_POWER_RULE_MAX_EIRP] = { .type = NLA_U32 },
4600 };
4601
4602 static int parse_reg_rule(struct nlattr *tb[],
4603 struct ieee80211_reg_rule *reg_rule)
4604 {
4605 struct ieee80211_freq_range *freq_range = &reg_rule->freq_range;
4606 struct ieee80211_power_rule *power_rule = &reg_rule->power_rule;
4607
4608 if (!tb[NL80211_ATTR_REG_RULE_FLAGS])
4609 return -EINVAL;
4610 if (!tb[NL80211_ATTR_FREQ_RANGE_START])
4611 return -EINVAL;
4612 if (!tb[NL80211_ATTR_FREQ_RANGE_END])
4613 return -EINVAL;
4614 if (!tb[NL80211_ATTR_FREQ_RANGE_MAX_BW])
4615 return -EINVAL;
4616 if (!tb[NL80211_ATTR_POWER_RULE_MAX_EIRP])
4617 return -EINVAL;
4618
4619 reg_rule->flags = nla_get_u32(tb[NL80211_ATTR_REG_RULE_FLAGS]);
4620
4621 freq_range->start_freq_khz =
4622 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]);
4623 freq_range->end_freq_khz =
4624 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]);
4625 freq_range->max_bandwidth_khz =
4626 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]);
4627
4628 power_rule->max_eirp =
4629 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]);
4630
4631 if (tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN])
4632 power_rule->max_antenna_gain =
4633 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]);
4634
4635 return 0;
4636 }
4637
4638 static int nl80211_req_set_reg(struct sk_buff *skb, struct genl_info *info)
4639 {
4640 int r;
4641 char *data = NULL;
4642 enum nl80211_user_reg_hint_type user_reg_hint_type;
4643
4644 /*
4645 * You should only get this when cfg80211 hasn't yet initialized
4646 * completely when built-in to the kernel right between the time
4647 * window between nl80211_init() and regulatory_init(), if that is
4648 * even possible.
4649 */
4650 if (unlikely(!rcu_access_pointer(cfg80211_regdomain)))
4651 return -EINPROGRESS;
4652
4653 if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
4654 return -EINVAL;
4655
4656 data = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
4657
4658 if (info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE])
4659 user_reg_hint_type =
4660 nla_get_u32(info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE]);
4661 else
4662 user_reg_hint_type = NL80211_USER_REG_HINT_USER;
4663
4664 switch (user_reg_hint_type) {
4665 case NL80211_USER_REG_HINT_USER:
4666 case NL80211_USER_REG_HINT_CELL_BASE:
4667 break;
4668 default:
4669 return -EINVAL;
4670 }
4671
4672 r = regulatory_hint_user(data, user_reg_hint_type);
4673
4674 return r;
4675 }
4676
4677 static int nl80211_get_mesh_config(struct sk_buff *skb,
4678 struct genl_info *info)
4679 {
4680 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4681 struct net_device *dev = info->user_ptr[1];
4682 struct wireless_dev *wdev = dev->ieee80211_ptr;
4683 struct mesh_config cur_params;
4684 int err = 0;
4685 void *hdr;
4686 struct nlattr *pinfoattr;
4687 struct sk_buff *msg;
4688
4689 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
4690 return -EOPNOTSUPP;
4691
4692 if (!rdev->ops->get_mesh_config)
4693 return -EOPNOTSUPP;
4694
4695 wdev_lock(wdev);
4696 /* If not connected, get default parameters */
4697 if (!wdev->mesh_id_len)
4698 memcpy(&cur_params, &default_mesh_config, sizeof(cur_params));
4699 else
4700 err = rdev_get_mesh_config(rdev, dev, &cur_params);
4701 wdev_unlock(wdev);
4702
4703 if (err)
4704 return err;
4705
4706 /* Draw up a netlink message to send back */
4707 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4708 if (!msg)
4709 return -ENOMEM;
4710 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
4711 NL80211_CMD_GET_MESH_CONFIG);
4712 if (!hdr)
4713 goto out;
4714 pinfoattr = nla_nest_start(msg, NL80211_ATTR_MESH_CONFIG);
4715 if (!pinfoattr)
4716 goto nla_put_failure;
4717 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
4718 nla_put_u16(msg, NL80211_MESHCONF_RETRY_TIMEOUT,
4719 cur_params.dot11MeshRetryTimeout) ||
4720 nla_put_u16(msg, NL80211_MESHCONF_CONFIRM_TIMEOUT,
4721 cur_params.dot11MeshConfirmTimeout) ||
4722 nla_put_u16(msg, NL80211_MESHCONF_HOLDING_TIMEOUT,
4723 cur_params.dot11MeshHoldingTimeout) ||
4724 nla_put_u16(msg, NL80211_MESHCONF_MAX_PEER_LINKS,
4725 cur_params.dot11MeshMaxPeerLinks) ||
4726 nla_put_u8(msg, NL80211_MESHCONF_MAX_RETRIES,
4727 cur_params.dot11MeshMaxRetries) ||
4728 nla_put_u8(msg, NL80211_MESHCONF_TTL,
4729 cur_params.dot11MeshTTL) ||
4730 nla_put_u8(msg, NL80211_MESHCONF_ELEMENT_TTL,
4731 cur_params.element_ttl) ||
4732 nla_put_u8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
4733 cur_params.auto_open_plinks) ||
4734 nla_put_u32(msg, NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
4735 cur_params.dot11MeshNbrOffsetMaxNeighbor) ||
4736 nla_put_u8(msg, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
4737 cur_params.dot11MeshHWMPmaxPREQretries) ||
4738 nla_put_u32(msg, NL80211_MESHCONF_PATH_REFRESH_TIME,
4739 cur_params.path_refresh_time) ||
4740 nla_put_u16(msg, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
4741 cur_params.min_discovery_timeout) ||
4742 nla_put_u32(msg, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
4743 cur_params.dot11MeshHWMPactivePathTimeout) ||
4744 nla_put_u16(msg, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
4745 cur_params.dot11MeshHWMPpreqMinInterval) ||
4746 nla_put_u16(msg, NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
4747 cur_params.dot11MeshHWMPperrMinInterval) ||
4748 nla_put_u16(msg, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
4749 cur_params.dot11MeshHWMPnetDiameterTraversalTime) ||
4750 nla_put_u8(msg, NL80211_MESHCONF_HWMP_ROOTMODE,
4751 cur_params.dot11MeshHWMPRootMode) ||
4752 nla_put_u16(msg, NL80211_MESHCONF_HWMP_RANN_INTERVAL,
4753 cur_params.dot11MeshHWMPRannInterval) ||
4754 nla_put_u8(msg, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
4755 cur_params.dot11MeshGateAnnouncementProtocol) ||
4756 nla_put_u8(msg, NL80211_MESHCONF_FORWARDING,
4757 cur_params.dot11MeshForwarding) ||
4758 nla_put_u32(msg, NL80211_MESHCONF_RSSI_THRESHOLD,
4759 cur_params.rssi_threshold) ||
4760 nla_put_u32(msg, NL80211_MESHCONF_HT_OPMODE,
4761 cur_params.ht_opmode) ||
4762 nla_put_u32(msg, NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
4763 cur_params.dot11MeshHWMPactivePathToRootTimeout) ||
4764 nla_put_u16(msg, NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
4765 cur_params.dot11MeshHWMProotInterval) ||
4766 nla_put_u16(msg, NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
4767 cur_params.dot11MeshHWMPconfirmationInterval) ||
4768 nla_put_u32(msg, NL80211_MESHCONF_POWER_MODE,
4769 cur_params.power_mode) ||
4770 nla_put_u16(msg, NL80211_MESHCONF_AWAKE_WINDOW,
4771 cur_params.dot11MeshAwakeWindowDuration) ||
4772 nla_put_u32(msg, NL80211_MESHCONF_PLINK_TIMEOUT,
4773 cur_params.plink_timeout))
4774 goto nla_put_failure;
4775 nla_nest_end(msg, pinfoattr);
4776 genlmsg_end(msg, hdr);
4777 return genlmsg_reply(msg, info);
4778
4779 nla_put_failure:
4780 genlmsg_cancel(msg, hdr);
4781 out:
4782 nlmsg_free(msg);
4783 return -ENOBUFS;
4784 }
4785
4786 static const struct nla_policy nl80211_meshconf_params_policy[NL80211_MESHCONF_ATTR_MAX+1] = {
4787 [NL80211_MESHCONF_RETRY_TIMEOUT] = { .type = NLA_U16 },
4788 [NL80211_MESHCONF_CONFIRM_TIMEOUT] = { .type = NLA_U16 },
4789 [NL80211_MESHCONF_HOLDING_TIMEOUT] = { .type = NLA_U16 },
4790 [NL80211_MESHCONF_MAX_PEER_LINKS] = { .type = NLA_U16 },
4791 [NL80211_MESHCONF_MAX_RETRIES] = { .type = NLA_U8 },
4792 [NL80211_MESHCONF_TTL] = { .type = NLA_U8 },
4793 [NL80211_MESHCONF_ELEMENT_TTL] = { .type = NLA_U8 },
4794 [NL80211_MESHCONF_AUTO_OPEN_PLINKS] = { .type = NLA_U8 },
4795 [NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR] = { .type = NLA_U32 },
4796 [NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES] = { .type = NLA_U8 },
4797 [NL80211_MESHCONF_PATH_REFRESH_TIME] = { .type = NLA_U32 },
4798 [NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT] = { .type = NLA_U16 },
4799 [NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT] = { .type = NLA_U32 },
4800 [NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL] = { .type = NLA_U16 },
4801 [NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL] = { .type = NLA_U16 },
4802 [NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME] = { .type = NLA_U16 },
4803 [NL80211_MESHCONF_HWMP_ROOTMODE] = { .type = NLA_U8 },
4804 [NL80211_MESHCONF_HWMP_RANN_INTERVAL] = { .type = NLA_U16 },
4805 [NL80211_MESHCONF_GATE_ANNOUNCEMENTS] = { .type = NLA_U8 },
4806 [NL80211_MESHCONF_FORWARDING] = { .type = NLA_U8 },
4807 [NL80211_MESHCONF_RSSI_THRESHOLD] = { .type = NLA_U32 },
4808 [NL80211_MESHCONF_HT_OPMODE] = { .type = NLA_U16 },
4809 [NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT] = { .type = NLA_U32 },
4810 [NL80211_MESHCONF_HWMP_ROOT_INTERVAL] = { .type = NLA_U16 },
4811 [NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL] = { .type = NLA_U16 },
4812 [NL80211_MESHCONF_POWER_MODE] = { .type = NLA_U32 },
4813 [NL80211_MESHCONF_AWAKE_WINDOW] = { .type = NLA_U16 },
4814 [NL80211_MESHCONF_PLINK_TIMEOUT] = { .type = NLA_U32 },
4815 };
4816
4817 static const struct nla_policy
4818 nl80211_mesh_setup_params_policy[NL80211_MESH_SETUP_ATTR_MAX+1] = {
4819 [NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC] = { .type = NLA_U8 },
4820 [NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL] = { .type = NLA_U8 },
4821 [NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC] = { .type = NLA_U8 },
4822 [NL80211_MESH_SETUP_USERSPACE_AUTH] = { .type = NLA_FLAG },
4823 [NL80211_MESH_SETUP_AUTH_PROTOCOL] = { .type = NLA_U8 },
4824 [NL80211_MESH_SETUP_USERSPACE_MPM] = { .type = NLA_FLAG },
4825 [NL80211_MESH_SETUP_IE] = { .type = NLA_BINARY,
4826 .len = IEEE80211_MAX_DATA_LEN },
4827 [NL80211_MESH_SETUP_USERSPACE_AMPE] = { .type = NLA_FLAG },
4828 };
4829
4830 static int nl80211_parse_mesh_config(struct genl_info *info,
4831 struct mesh_config *cfg,
4832 u32 *mask_out)
4833 {
4834 struct nlattr *tb[NL80211_MESHCONF_ATTR_MAX + 1];
4835 u32 mask = 0;
4836
4837 #define FILL_IN_MESH_PARAM_IF_SET(tb, cfg, param, min, max, mask, attr, fn) \
4838 do { \
4839 if (tb[attr]) { \
4840 if (fn(tb[attr]) < min || fn(tb[attr]) > max) \
4841 return -EINVAL; \
4842 cfg->param = fn(tb[attr]); \
4843 mask |= (1 << (attr - 1)); \
4844 } \
4845 } while (0)
4846
4847
4848 if (!info->attrs[NL80211_ATTR_MESH_CONFIG])
4849 return -EINVAL;
4850 if (nla_parse_nested(tb, NL80211_MESHCONF_ATTR_MAX,
4851 info->attrs[NL80211_ATTR_MESH_CONFIG],
4852 nl80211_meshconf_params_policy))
4853 return -EINVAL;
4854
4855 /* This makes sure that there aren't more than 32 mesh config
4856 * parameters (otherwise our bitfield scheme would not work.) */
4857 BUILD_BUG_ON(NL80211_MESHCONF_ATTR_MAX > 32);
4858
4859 /* Fill in the params struct */
4860 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshRetryTimeout, 1, 255,
4861 mask, NL80211_MESHCONF_RETRY_TIMEOUT,
4862 nla_get_u16);
4863 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConfirmTimeout, 1, 255,
4864 mask, NL80211_MESHCONF_CONFIRM_TIMEOUT,
4865 nla_get_u16);
4866 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHoldingTimeout, 1, 255,
4867 mask, NL80211_MESHCONF_HOLDING_TIMEOUT,
4868 nla_get_u16);
4869 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxPeerLinks, 0, 255,
4870 mask, NL80211_MESHCONF_MAX_PEER_LINKS,
4871 nla_get_u16);
4872 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxRetries, 0, 16,
4873 mask, NL80211_MESHCONF_MAX_RETRIES,
4874 nla_get_u8);
4875 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshTTL, 1, 255,
4876 mask, NL80211_MESHCONF_TTL, nla_get_u8);
4877 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, element_ttl, 1, 255,
4878 mask, NL80211_MESHCONF_ELEMENT_TTL,
4879 nla_get_u8);
4880 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, auto_open_plinks, 0, 1,
4881 mask, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
4882 nla_get_u8);
4883 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshNbrOffsetMaxNeighbor,
4884 1, 255, mask,
4885 NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
4886 nla_get_u32);
4887 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPmaxPREQretries, 0, 255,
4888 mask, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
4889 nla_get_u8);
4890 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, path_refresh_time, 1, 65535,
4891 mask, NL80211_MESHCONF_PATH_REFRESH_TIME,
4892 nla_get_u32);
4893 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, min_discovery_timeout, 1, 65535,
4894 mask, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
4895 nla_get_u16);
4896 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathTimeout,
4897 1, 65535, mask,
4898 NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
4899 nla_get_u32);
4900 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPpreqMinInterval,
4901 1, 65535, mask,
4902 NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
4903 nla_get_u16);
4904 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPperrMinInterval,
4905 1, 65535, mask,
4906 NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
4907 nla_get_u16);
4908 FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
4909 dot11MeshHWMPnetDiameterTraversalTime,
4910 1, 65535, mask,
4911 NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
4912 nla_get_u16);
4913 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRootMode, 0, 4,
4914 mask, NL80211_MESHCONF_HWMP_ROOTMODE,
4915 nla_get_u8);
4916 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRannInterval, 1, 65535,
4917 mask, NL80211_MESHCONF_HWMP_RANN_INTERVAL,
4918 nla_get_u16);
4919 FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
4920 dot11MeshGateAnnouncementProtocol, 0, 1,
4921 mask, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
4922 nla_get_u8);
4923 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshForwarding, 0, 1,
4924 mask, NL80211_MESHCONF_FORWARDING,
4925 nla_get_u8);
4926 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, rssi_threshold, -255, 0,
4927 mask, NL80211_MESHCONF_RSSI_THRESHOLD,
4928 nla_get_s32);
4929 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, ht_opmode, 0, 16,
4930 mask, NL80211_MESHCONF_HT_OPMODE,
4931 nla_get_u16);
4932 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathToRootTimeout,
4933 1, 65535, mask,
4934 NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
4935 nla_get_u32);
4936 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMProotInterval, 1, 65535,
4937 mask, NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
4938 nla_get_u16);
4939 FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
4940 dot11MeshHWMPconfirmationInterval,
4941 1, 65535, mask,
4942 NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
4943 nla_get_u16);
4944 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, power_mode,
4945 NL80211_MESH_POWER_ACTIVE,
4946 NL80211_MESH_POWER_MAX,
4947 mask, NL80211_MESHCONF_POWER_MODE,
4948 nla_get_u32);
4949 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshAwakeWindowDuration,
4950 0, 65535, mask,
4951 NL80211_MESHCONF_AWAKE_WINDOW, nla_get_u16);
4952 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, plink_timeout, 1, 0xffffffff,
4953 mask, NL80211_MESHCONF_PLINK_TIMEOUT,
4954 nla_get_u32);
4955 if (mask_out)
4956 *mask_out = mask;
4957
4958 return 0;
4959
4960 #undef FILL_IN_MESH_PARAM_IF_SET
4961 }
4962
4963 static int nl80211_parse_mesh_setup(struct genl_info *info,
4964 struct mesh_setup *setup)
4965 {
4966 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4967 struct nlattr *tb[NL80211_MESH_SETUP_ATTR_MAX + 1];
4968
4969 if (!info->attrs[NL80211_ATTR_MESH_SETUP])
4970 return -EINVAL;
4971 if (nla_parse_nested(tb, NL80211_MESH_SETUP_ATTR_MAX,
4972 info->attrs[NL80211_ATTR_MESH_SETUP],
4973 nl80211_mesh_setup_params_policy))
4974 return -EINVAL;
4975
4976 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])
4977 setup->sync_method =
4978 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])) ?
4979 IEEE80211_SYNC_METHOD_VENDOR :
4980 IEEE80211_SYNC_METHOD_NEIGHBOR_OFFSET;
4981
4982 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])
4983 setup->path_sel_proto =
4984 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])) ?
4985 IEEE80211_PATH_PROTOCOL_VENDOR :
4986 IEEE80211_PATH_PROTOCOL_HWMP;
4987
4988 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])
4989 setup->path_metric =
4990 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])) ?
4991 IEEE80211_PATH_METRIC_VENDOR :
4992 IEEE80211_PATH_METRIC_AIRTIME;
4993
4994
4995 if (tb[NL80211_MESH_SETUP_IE]) {
4996 struct nlattr *ieattr =
4997 tb[NL80211_MESH_SETUP_IE];
4998 if (!is_valid_ie_attr(ieattr))
4999 return -EINVAL;
5000 setup->ie = nla_data(ieattr);
5001 setup->ie_len = nla_len(ieattr);
5002 }
5003 if (tb[NL80211_MESH_SETUP_USERSPACE_MPM] &&
5004 !(rdev->wiphy.features & NL80211_FEATURE_USERSPACE_MPM))
5005 return -EINVAL;
5006 setup->user_mpm = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_MPM]);
5007 setup->is_authenticated = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AUTH]);
5008 setup->is_secure = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AMPE]);
5009 if (setup->is_secure)
5010 setup->user_mpm = true;
5011
5012 if (tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]) {
5013 if (!setup->user_mpm)
5014 return -EINVAL;
5015 setup->auth_id =
5016 nla_get_u8(tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]);
5017 }
5018
5019 return 0;
5020 }
5021
5022 static int nl80211_update_mesh_config(struct sk_buff *skb,
5023 struct genl_info *info)
5024 {
5025 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5026 struct net_device *dev = info->user_ptr[1];
5027 struct wireless_dev *wdev = dev->ieee80211_ptr;
5028 struct mesh_config cfg;
5029 u32 mask;
5030 int err;
5031
5032 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
5033 return -EOPNOTSUPP;
5034
5035 if (!rdev->ops->update_mesh_config)
5036 return -EOPNOTSUPP;
5037
5038 err = nl80211_parse_mesh_config(info, &cfg, &mask);
5039 if (err)
5040 return err;
5041
5042 wdev_lock(wdev);
5043 if (!wdev->mesh_id_len)
5044 err = -ENOLINK;
5045
5046 if (!err)
5047 err = rdev_update_mesh_config(rdev, dev, mask, &cfg);
5048
5049 wdev_unlock(wdev);
5050
5051 return err;
5052 }
5053
5054 static int nl80211_get_reg(struct sk_buff *skb, struct genl_info *info)
5055 {
5056 const struct ieee80211_regdomain *regdom;
5057 struct sk_buff *msg;
5058 void *hdr = NULL;
5059 struct nlattr *nl_reg_rules;
5060 unsigned int i;
5061
5062 if (!cfg80211_regdomain)
5063 return -EINVAL;
5064
5065 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5066 if (!msg)
5067 return -ENOBUFS;
5068
5069 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
5070 NL80211_CMD_GET_REG);
5071 if (!hdr)
5072 goto put_failure;
5073
5074 if (reg_last_request_cell_base() &&
5075 nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE,
5076 NL80211_USER_REG_HINT_CELL_BASE))
5077 goto nla_put_failure;
5078
5079 rcu_read_lock();
5080 regdom = rcu_dereference(cfg80211_regdomain);
5081
5082 if (nla_put_string(msg, NL80211_ATTR_REG_ALPHA2, regdom->alpha2) ||
5083 (regdom->dfs_region &&
5084 nla_put_u8(msg, NL80211_ATTR_DFS_REGION, regdom->dfs_region)))
5085 goto nla_put_failure_rcu;
5086
5087 nl_reg_rules = nla_nest_start(msg, NL80211_ATTR_REG_RULES);
5088 if (!nl_reg_rules)
5089 goto nla_put_failure_rcu;
5090
5091 for (i = 0; i < regdom->n_reg_rules; i++) {
5092 struct nlattr *nl_reg_rule;
5093 const struct ieee80211_reg_rule *reg_rule;
5094 const struct ieee80211_freq_range *freq_range;
5095 const struct ieee80211_power_rule *power_rule;
5096
5097 reg_rule = &regdom->reg_rules[i];
5098 freq_range = &reg_rule->freq_range;
5099 power_rule = &reg_rule->power_rule;
5100
5101 nl_reg_rule = nla_nest_start(msg, i);
5102 if (!nl_reg_rule)
5103 goto nla_put_failure_rcu;
5104
5105 if (nla_put_u32(msg, NL80211_ATTR_REG_RULE_FLAGS,
5106 reg_rule->flags) ||
5107 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_START,
5108 freq_range->start_freq_khz) ||
5109 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_END,
5110 freq_range->end_freq_khz) ||
5111 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_MAX_BW,
5112 freq_range->max_bandwidth_khz) ||
5113 nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN,
5114 power_rule->max_antenna_gain) ||
5115 nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_EIRP,
5116 power_rule->max_eirp))
5117 goto nla_put_failure_rcu;
5118
5119 nla_nest_end(msg, nl_reg_rule);
5120 }
5121 rcu_read_unlock();
5122
5123 nla_nest_end(msg, nl_reg_rules);
5124
5125 genlmsg_end(msg, hdr);
5126 return genlmsg_reply(msg, info);
5127
5128 nla_put_failure_rcu:
5129 rcu_read_unlock();
5130 nla_put_failure:
5131 genlmsg_cancel(msg, hdr);
5132 put_failure:
5133 nlmsg_free(msg);
5134 return -EMSGSIZE;
5135 }
5136
5137 static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info)
5138 {
5139 struct nlattr *tb[NL80211_REG_RULE_ATTR_MAX + 1];
5140 struct nlattr *nl_reg_rule;
5141 char *alpha2 = NULL;
5142 int rem_reg_rules = 0, r = 0;
5143 u32 num_rules = 0, rule_idx = 0, size_of_regd;
5144 enum nl80211_dfs_regions dfs_region = NL80211_DFS_UNSET;
5145 struct ieee80211_regdomain *rd = NULL;
5146
5147 if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
5148 return -EINVAL;
5149
5150 if (!info->attrs[NL80211_ATTR_REG_RULES])
5151 return -EINVAL;
5152
5153 alpha2 = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
5154
5155 if (info->attrs[NL80211_ATTR_DFS_REGION])
5156 dfs_region = nla_get_u8(info->attrs[NL80211_ATTR_DFS_REGION]);
5157
5158 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
5159 rem_reg_rules) {
5160 num_rules++;
5161 if (num_rules > NL80211_MAX_SUPP_REG_RULES)
5162 return -EINVAL;
5163 }
5164
5165 if (!reg_is_valid_request(alpha2))
5166 return -EINVAL;
5167
5168 size_of_regd = sizeof(struct ieee80211_regdomain) +
5169 num_rules * sizeof(struct ieee80211_reg_rule);
5170
5171 rd = kzalloc(size_of_regd, GFP_KERNEL);
5172 if (!rd)
5173 return -ENOMEM;
5174
5175 rd->n_reg_rules = num_rules;
5176 rd->alpha2[0] = alpha2[0];
5177 rd->alpha2[1] = alpha2[1];
5178
5179 /*
5180 * Disable DFS master mode if the DFS region was
5181 * not supported or known on this kernel.
5182 */
5183 if (reg_supported_dfs_region(dfs_region))
5184 rd->dfs_region = dfs_region;
5185
5186 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
5187 rem_reg_rules) {
5188 nla_parse(tb, NL80211_REG_RULE_ATTR_MAX,
5189 nla_data(nl_reg_rule), nla_len(nl_reg_rule),
5190 reg_rule_policy);
5191 r = parse_reg_rule(tb, &rd->reg_rules[rule_idx]);
5192 if (r)
5193 goto bad_reg;
5194
5195 rule_idx++;
5196
5197 if (rule_idx > NL80211_MAX_SUPP_REG_RULES) {
5198 r = -EINVAL;
5199 goto bad_reg;
5200 }
5201 }
5202
5203 r = set_regdom(rd);
5204 /* set_regdom took ownership */
5205 rd = NULL;
5206
5207 bad_reg:
5208 kfree(rd);
5209 return r;
5210 }
5211
5212 static int validate_scan_freqs(struct nlattr *freqs)
5213 {
5214 struct nlattr *attr1, *attr2;
5215 int n_channels = 0, tmp1, tmp2;
5216
5217 nla_for_each_nested(attr1, freqs, tmp1) {
5218 n_channels++;
5219 /*
5220 * Some hardware has a limited channel list for
5221 * scanning, and it is pretty much nonsensical
5222 * to scan for a channel twice, so disallow that
5223 * and don't require drivers to check that the
5224 * channel list they get isn't longer than what
5225 * they can scan, as long as they can scan all
5226 * the channels they registered at once.
5227 */
5228 nla_for_each_nested(attr2, freqs, tmp2)
5229 if (attr1 != attr2 &&
5230 nla_get_u32(attr1) == nla_get_u32(attr2))
5231 return 0;
5232 }
5233
5234 return n_channels;
5235 }
5236
5237 static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info)
5238 {
5239 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5240 struct wireless_dev *wdev = info->user_ptr[1];
5241 struct cfg80211_scan_request *request;
5242 struct nlattr *attr;
5243 struct wiphy *wiphy;
5244 int err, tmp, n_ssids = 0, n_channels, i;
5245 size_t ie_len;
5246
5247 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
5248 return -EINVAL;
5249
5250 wiphy = &rdev->wiphy;
5251
5252 if (!rdev->ops->scan)
5253 return -EOPNOTSUPP;
5254
5255 if (rdev->scan_req) {
5256 err = -EBUSY;
5257 goto unlock;
5258 }
5259
5260 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
5261 n_channels = validate_scan_freqs(
5262 info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
5263 if (!n_channels) {
5264 err = -EINVAL;
5265 goto unlock;
5266 }
5267 } else {
5268 n_channels = ieee80211_get_num_supported_channels(wiphy);
5269 }
5270
5271 if (info->attrs[NL80211_ATTR_SCAN_SSIDS])
5272 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp)
5273 n_ssids++;
5274
5275 if (n_ssids > wiphy->max_scan_ssids) {
5276 err = -EINVAL;
5277 goto unlock;
5278 }
5279
5280 if (info->attrs[NL80211_ATTR_IE])
5281 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
5282 else
5283 ie_len = 0;
5284
5285 if (ie_len > wiphy->max_scan_ie_len) {
5286 err = -EINVAL;
5287 goto unlock;
5288 }
5289
5290 request = kzalloc(sizeof(*request)
5291 + sizeof(*request->ssids) * n_ssids
5292 + sizeof(*request->channels) * n_channels
5293 + ie_len, GFP_KERNEL);
5294 if (!request) {
5295 err = -ENOMEM;
5296 goto unlock;
5297 }
5298
5299 if (n_ssids)
5300 request->ssids = (void *)&request->channels[n_channels];
5301 request->n_ssids = n_ssids;
5302 if (ie_len) {
5303 if (request->ssids)
5304 request->ie = (void *)(request->ssids + n_ssids);
5305 else
5306 request->ie = (void *)(request->channels + n_channels);
5307 }
5308
5309 i = 0;
5310 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
5311 /* user specified, bail out if channel not found */
5312 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_FREQUENCIES], tmp) {
5313 struct ieee80211_channel *chan;
5314
5315 chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
5316
5317 if (!chan) {
5318 err = -EINVAL;
5319 goto out_free;
5320 }
5321
5322 /* ignore disabled channels */
5323 if (chan->flags & IEEE80211_CHAN_DISABLED)
5324 continue;
5325
5326 request->channels[i] = chan;
5327 i++;
5328 }
5329 } else {
5330 enum ieee80211_band band;
5331
5332 /* all channels */
5333 for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
5334 int j;
5335 if (!wiphy->bands[band])
5336 continue;
5337 for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
5338 struct ieee80211_channel *chan;
5339
5340 chan = &wiphy->bands[band]->channels[j];
5341
5342 if (chan->flags & IEEE80211_CHAN_DISABLED)
5343 continue;
5344
5345 request->channels[i] = chan;
5346 i++;
5347 }
5348 }
5349 }
5350
5351 if (!i) {
5352 err = -EINVAL;
5353 goto out_free;
5354 }
5355
5356 request->n_channels = i;
5357
5358 i = 0;
5359 if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) {
5360 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) {
5361 if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
5362 err = -EINVAL;
5363 goto out_free;
5364 }
5365 request->ssids[i].ssid_len = nla_len(attr);
5366 memcpy(request->ssids[i].ssid, nla_data(attr), nla_len(attr));
5367 i++;
5368 }
5369 }
5370
5371 if (info->attrs[NL80211_ATTR_IE]) {
5372 request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
5373 memcpy((void *)request->ie,
5374 nla_data(info->attrs[NL80211_ATTR_IE]),
5375 request->ie_len);
5376 }
5377
5378 for (i = 0; i < IEEE80211_NUM_BANDS; i++)
5379 if (wiphy->bands[i])
5380 request->rates[i] =
5381 (1 << wiphy->bands[i]->n_bitrates) - 1;
5382
5383 if (info->attrs[NL80211_ATTR_SCAN_SUPP_RATES]) {
5384 nla_for_each_nested(attr,
5385 info->attrs[NL80211_ATTR_SCAN_SUPP_RATES],
5386 tmp) {
5387 enum ieee80211_band band = nla_type(attr);
5388
5389 if (band < 0 || band >= IEEE80211_NUM_BANDS) {
5390 err = -EINVAL;
5391 goto out_free;
5392 }
5393
5394 if (!wiphy->bands[band])
5395 continue;
5396
5397 err = ieee80211_get_ratemask(wiphy->bands[band],
5398 nla_data(attr),
5399 nla_len(attr),
5400 &request->rates[band]);
5401 if (err)
5402 goto out_free;
5403 }
5404 }
5405
5406 if (info->attrs[NL80211_ATTR_SCAN_FLAGS]) {
5407 request->flags = nla_get_u32(
5408 info->attrs[NL80211_ATTR_SCAN_FLAGS]);
5409 if ((request->flags & NL80211_SCAN_FLAG_LOW_PRIORITY) &&
5410 !(wiphy->features & NL80211_FEATURE_LOW_PRIORITY_SCAN)) {
5411 err = -EOPNOTSUPP;
5412 goto out_free;
5413 }
5414 }
5415
5416 request->no_cck =
5417 nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
5418
5419 request->wdev = wdev;
5420 request->wiphy = &rdev->wiphy;
5421 request->scan_start = jiffies;
5422
5423 rdev->scan_req = request;
5424 err = rdev_scan(rdev, request);
5425
5426 if (!err) {
5427 nl80211_send_scan_start(rdev, wdev);
5428 if (wdev->netdev)
5429 dev_hold(wdev->netdev);
5430 } else {
5431 out_free:
5432 rdev->scan_req = NULL;
5433 kfree(request);
5434 }
5435
5436 unlock:
5437 return err;
5438 }
5439
5440 static int nl80211_start_sched_scan(struct sk_buff *skb,
5441 struct genl_info *info)
5442 {
5443 struct cfg80211_sched_scan_request *request;
5444 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5445 struct net_device *dev = info->user_ptr[1];
5446 struct nlattr *attr;
5447 struct wiphy *wiphy;
5448 int err, tmp, n_ssids = 0, n_match_sets = 0, n_channels, i;
5449 u32 interval;
5450 enum ieee80211_band band;
5451 size_t ie_len;
5452 struct nlattr *tb[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1];
5453
5454 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) ||
5455 !rdev->ops->sched_scan_start)
5456 return -EOPNOTSUPP;
5457
5458 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
5459 return -EINVAL;
5460
5461 if (!info->attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
5462 return -EINVAL;
5463
5464 interval = nla_get_u32(info->attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]);
5465 if (interval == 0)
5466 return -EINVAL;
5467
5468 wiphy = &rdev->wiphy;
5469
5470 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
5471 n_channels = validate_scan_freqs(
5472 info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
5473 if (!n_channels)
5474 return -EINVAL;
5475 } else {
5476 n_channels = ieee80211_get_num_supported_channels(wiphy);
5477 }
5478
5479 if (info->attrs[NL80211_ATTR_SCAN_SSIDS])
5480 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS],
5481 tmp)
5482 n_ssids++;
5483
5484 if (n_ssids > wiphy->max_sched_scan_ssids)
5485 return -EINVAL;
5486
5487 if (info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH])
5488 nla_for_each_nested(attr,
5489 info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
5490 tmp)
5491 n_match_sets++;
5492
5493 if (n_match_sets > wiphy->max_match_sets)
5494 return -EINVAL;
5495
5496 if (info->attrs[NL80211_ATTR_IE])
5497 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
5498 else
5499 ie_len = 0;
5500
5501 if (ie_len > wiphy->max_sched_scan_ie_len)
5502 return -EINVAL;
5503
5504 if (rdev->sched_scan_req) {
5505 err = -EINPROGRESS;
5506 goto out;
5507 }
5508
5509 request = kzalloc(sizeof(*request)
5510 + sizeof(*request->ssids) * n_ssids
5511 + sizeof(*request->match_sets) * n_match_sets
5512 + sizeof(*request->channels) * n_channels
5513 + ie_len, GFP_KERNEL);
5514 if (!request) {
5515 err = -ENOMEM;
5516 goto out;
5517 }
5518
5519 if (n_ssids)
5520 request->ssids = (void *)&request->channels[n_channels];
5521 request->n_ssids = n_ssids;
5522 if (ie_len) {
5523 if (request->ssids)
5524 request->ie = (void *)(request->ssids + n_ssids);
5525 else
5526 request->ie = (void *)(request->channels + n_channels);
5527 }
5528
5529 if (n_match_sets) {
5530 if (request->ie)
5531 request->match_sets = (void *)(request->ie + ie_len);
5532 else if (request->ssids)
5533 request->match_sets =
5534 (void *)(request->ssids + n_ssids);
5535 else
5536 request->match_sets =
5537 (void *)(request->channels + n_channels);
5538 }
5539 request->n_match_sets = n_match_sets;
5540
5541 i = 0;
5542 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
5543 /* user specified, bail out if channel not found */
5544 nla_for_each_nested(attr,
5545 info->attrs[NL80211_ATTR_SCAN_FREQUENCIES],
5546 tmp) {
5547 struct ieee80211_channel *chan;
5548
5549 chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
5550
5551 if (!chan) {
5552 err = -EINVAL;
5553 goto out_free;
5554 }
5555
5556 /* ignore disabled channels */
5557 if (chan->flags & IEEE80211_CHAN_DISABLED)
5558 continue;
5559
5560 request->channels[i] = chan;
5561 i++;
5562 }
5563 } else {
5564 /* all channels */
5565 for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
5566 int j;
5567 if (!wiphy->bands[band])
5568 continue;
5569 for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
5570 struct ieee80211_channel *chan;
5571
5572 chan = &wiphy->bands[band]->channels[j];
5573
5574 if (chan->flags & IEEE80211_CHAN_DISABLED)
5575 continue;
5576
5577 request->channels[i] = chan;
5578 i++;
5579 }
5580 }
5581 }
5582
5583 if (!i) {
5584 err = -EINVAL;
5585 goto out_free;
5586 }
5587
5588 request->n_channels = i;
5589
5590 i = 0;
5591 if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) {
5592 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS],
5593 tmp) {
5594 if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
5595 err = -EINVAL;
5596 goto out_free;
5597 }
5598 request->ssids[i].ssid_len = nla_len(attr);
5599 memcpy(request->ssids[i].ssid, nla_data(attr),
5600 nla_len(attr));
5601 i++;
5602 }
5603 }
5604
5605 i = 0;
5606 if (info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
5607 nla_for_each_nested(attr,
5608 info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
5609 tmp) {
5610 struct nlattr *ssid, *rssi;
5611
5612 nla_parse(tb, NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
5613 nla_data(attr), nla_len(attr),
5614 nl80211_match_policy);
5615 ssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID];
5616 if (ssid) {
5617 if (nla_len(ssid) > IEEE80211_MAX_SSID_LEN) {
5618 err = -EINVAL;
5619 goto out_free;
5620 }
5621 memcpy(request->match_sets[i].ssid.ssid,
5622 nla_data(ssid), nla_len(ssid));
5623 request->match_sets[i].ssid.ssid_len =
5624 nla_len(ssid);
5625 }
5626 rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
5627 if (rssi)
5628 request->rssi_thold = nla_get_u32(rssi);
5629 else
5630 request->rssi_thold =
5631 NL80211_SCAN_RSSI_THOLD_OFF;
5632 i++;
5633 }
5634 }
5635
5636 if (info->attrs[NL80211_ATTR_IE]) {
5637 request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
5638 memcpy((void *)request->ie,
5639 nla_data(info->attrs[NL80211_ATTR_IE]),
5640 request->ie_len);
5641 }
5642
5643 if (info->attrs[NL80211_ATTR_SCAN_FLAGS]) {
5644 request->flags = nla_get_u32(
5645 info->attrs[NL80211_ATTR_SCAN_FLAGS]);
5646 if ((request->flags & NL80211_SCAN_FLAG_LOW_PRIORITY) &&
5647 !(wiphy->features & NL80211_FEATURE_LOW_PRIORITY_SCAN)) {
5648 err = -EOPNOTSUPP;
5649 goto out_free;
5650 }
5651 }
5652
5653 request->dev = dev;
5654 request->wiphy = &rdev->wiphy;
5655 request->interval = interval;
5656 request->scan_start = jiffies;
5657
5658 err = rdev_sched_scan_start(rdev, dev, request);
5659 if (!err) {
5660 rdev->sched_scan_req = request;
5661 nl80211_send_sched_scan(rdev, dev,
5662 NL80211_CMD_START_SCHED_SCAN);
5663 goto out;
5664 }
5665
5666 out_free:
5667 kfree(request);
5668 out:
5669 return err;
5670 }
5671
5672 static int nl80211_stop_sched_scan(struct sk_buff *skb,
5673 struct genl_info *info)
5674 {
5675 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5676
5677 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) ||
5678 !rdev->ops->sched_scan_stop)
5679 return -EOPNOTSUPP;
5680
5681 return __cfg80211_stop_sched_scan(rdev, false);
5682 }
5683
5684 static int nl80211_start_radar_detection(struct sk_buff *skb,
5685 struct genl_info *info)
5686 {
5687 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5688 struct net_device *dev = info->user_ptr[1];
5689 struct wireless_dev *wdev = dev->ieee80211_ptr;
5690 struct cfg80211_chan_def chandef;
5691 enum nl80211_dfs_regions dfs_region;
5692 int err;
5693
5694 dfs_region = reg_get_dfs_region(wdev->wiphy);
5695 if (dfs_region == NL80211_DFS_UNSET)
5696 return -EINVAL;
5697
5698 err = nl80211_parse_chandef(rdev, info, &chandef);
5699 if (err)
5700 return err;
5701
5702 if (netif_carrier_ok(dev))
5703 return -EBUSY;
5704
5705 if (wdev->cac_started)
5706 return -EBUSY;
5707
5708 err = cfg80211_chandef_dfs_required(wdev->wiphy, &chandef);
5709 if (err < 0)
5710 return err;
5711
5712 if (err == 0)
5713 return -EINVAL;
5714
5715 if (!cfg80211_chandef_dfs_usable(wdev->wiphy, &chandef))
5716 return -EINVAL;
5717
5718 if (!rdev->ops->start_radar_detection)
5719 return -EOPNOTSUPP;
5720
5721 err = cfg80211_can_use_iftype_chan(rdev, wdev, wdev->iftype,
5722 chandef.chan, CHAN_MODE_SHARED,
5723 BIT(chandef.width));
5724 if (err)
5725 return err;
5726
5727 err = rdev->ops->start_radar_detection(&rdev->wiphy, dev, &chandef);
5728 if (!err) {
5729 wdev->channel = chandef.chan;
5730 wdev->cac_started = true;
5731 wdev->cac_start_time = jiffies;
5732 }
5733 return err;
5734 }
5735
5736 static int nl80211_channel_switch(struct sk_buff *skb, struct genl_info *info)
5737 {
5738 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5739 struct net_device *dev = info->user_ptr[1];
5740 struct wireless_dev *wdev = dev->ieee80211_ptr;
5741 struct cfg80211_csa_settings params;
5742 /* csa_attrs is defined static to avoid waste of stack size - this
5743 * function is called under RTNL lock, so this should not be a problem.
5744 */
5745 static struct nlattr *csa_attrs[NL80211_ATTR_MAX+1];
5746 u8 radar_detect_width = 0;
5747 int err;
5748 bool need_new_beacon = false;
5749
5750 if (!rdev->ops->channel_switch ||
5751 !(rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH))
5752 return -EOPNOTSUPP;
5753
5754 switch (dev->ieee80211_ptr->iftype) {
5755 case NL80211_IFTYPE_AP:
5756 case NL80211_IFTYPE_P2P_GO:
5757 need_new_beacon = true;
5758
5759 /* useless if AP is not running */
5760 if (!wdev->beacon_interval)
5761 return -EINVAL;
5762 break;
5763 case NL80211_IFTYPE_ADHOC:
5764 case NL80211_IFTYPE_MESH_POINT:
5765 break;
5766 default:
5767 return -EOPNOTSUPP;
5768 }
5769
5770 memset(&params, 0, sizeof(params));
5771
5772 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
5773 !info->attrs[NL80211_ATTR_CH_SWITCH_COUNT])
5774 return -EINVAL;
5775
5776 /* only important for AP, IBSS and mesh create IEs internally */
5777 if (need_new_beacon && !info->attrs[NL80211_ATTR_CSA_IES])
5778 return -EINVAL;
5779
5780 params.count = nla_get_u32(info->attrs[NL80211_ATTR_CH_SWITCH_COUNT]);
5781
5782 if (!need_new_beacon)
5783 goto skip_beacons;
5784
5785 err = nl80211_parse_beacon(info->attrs, &params.beacon_after);
5786 if (err)
5787 return err;
5788
5789 err = nla_parse_nested(csa_attrs, NL80211_ATTR_MAX,
5790 info->attrs[NL80211_ATTR_CSA_IES],
5791 nl80211_policy);
5792 if (err)
5793 return err;
5794
5795 err = nl80211_parse_beacon(csa_attrs, &params.beacon_csa);
5796 if (err)
5797 return err;
5798
5799 if (!csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON])
5800 return -EINVAL;
5801
5802 params.counter_offset_beacon =
5803 nla_get_u16(csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON]);
5804 if (params.counter_offset_beacon >= params.beacon_csa.tail_len)
5805 return -EINVAL;
5806
5807 /* sanity check - counters should be the same */
5808 if (params.beacon_csa.tail[params.counter_offset_beacon] !=
5809 params.count)
5810 return -EINVAL;
5811
5812 if (csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]) {
5813 params.counter_offset_presp =
5814 nla_get_u16(csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]);
5815 if (params.counter_offset_presp >=
5816 params.beacon_csa.probe_resp_len)
5817 return -EINVAL;
5818
5819 if (params.beacon_csa.probe_resp[params.counter_offset_presp] !=
5820 params.count)
5821 return -EINVAL;
5822 }
5823
5824 skip_beacons:
5825 err = nl80211_parse_chandef(rdev, info, &params.chandef);
5826 if (err)
5827 return err;
5828
5829 if (!cfg80211_reg_can_beacon(&rdev->wiphy, &params.chandef))
5830 return -EINVAL;
5831
5832 if (dev->ieee80211_ptr->iftype == NL80211_IFTYPE_AP ||
5833 dev->ieee80211_ptr->iftype == NL80211_IFTYPE_P2P_GO ||
5834 dev->ieee80211_ptr->iftype == NL80211_IFTYPE_ADHOC) {
5835 err = cfg80211_chandef_dfs_required(wdev->wiphy,
5836 &params.chandef);
5837 if (err < 0) {
5838 return err;
5839 } else if (err) {
5840 radar_detect_width = BIT(params.chandef.width);
5841 params.radar_required = true;
5842 }
5843 }
5844
5845 err = cfg80211_can_use_iftype_chan(rdev, wdev, wdev->iftype,
5846 params.chandef.chan,
5847 CHAN_MODE_SHARED,
5848 radar_detect_width);
5849 if (err)
5850 return err;
5851
5852 if (info->attrs[NL80211_ATTR_CH_SWITCH_BLOCK_TX])
5853 params.block_tx = true;
5854
5855 wdev_lock(wdev);
5856 err = rdev_channel_switch(rdev, dev, &params);
5857 wdev_unlock(wdev);
5858
5859 return err;
5860 }
5861
5862 static int nl80211_send_bss(struct sk_buff *msg, struct netlink_callback *cb,
5863 u32 seq, int flags,
5864 struct cfg80211_registered_device *rdev,
5865 struct wireless_dev *wdev,
5866 struct cfg80211_internal_bss *intbss)
5867 {
5868 struct cfg80211_bss *res = &intbss->pub;
5869 const struct cfg80211_bss_ies *ies;
5870 void *hdr;
5871 struct nlattr *bss;
5872 bool tsf = false;
5873
5874 ASSERT_WDEV_LOCK(wdev);
5875
5876 hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags,
5877 NL80211_CMD_NEW_SCAN_RESULTS);
5878 if (!hdr)
5879 return -1;
5880
5881 genl_dump_check_consistent(cb, hdr, &nl80211_fam);
5882
5883 if (nla_put_u32(msg, NL80211_ATTR_GENERATION, rdev->bss_generation))
5884 goto nla_put_failure;
5885 if (wdev->netdev &&
5886 nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex))
5887 goto nla_put_failure;
5888 if (nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
5889 goto nla_put_failure;
5890
5891 bss = nla_nest_start(msg, NL80211_ATTR_BSS);
5892 if (!bss)
5893 goto nla_put_failure;
5894 if ((!is_zero_ether_addr(res->bssid) &&
5895 nla_put(msg, NL80211_BSS_BSSID, ETH_ALEN, res->bssid)))
5896 goto nla_put_failure;
5897
5898 rcu_read_lock();
5899 ies = rcu_dereference(res->ies);
5900 if (ies) {
5901 if (nla_put_u64(msg, NL80211_BSS_TSF, ies->tsf))
5902 goto fail_unlock_rcu;
5903 tsf = true;
5904 if (ies->len && nla_put(msg, NL80211_BSS_INFORMATION_ELEMENTS,
5905 ies->len, ies->data))
5906 goto fail_unlock_rcu;
5907 }
5908 ies = rcu_dereference(res->beacon_ies);
5909 if (ies) {
5910 if (!tsf && nla_put_u64(msg, NL80211_BSS_TSF, ies->tsf))
5911 goto fail_unlock_rcu;
5912 if (ies->len && nla_put(msg, NL80211_BSS_BEACON_IES,
5913 ies->len, ies->data))
5914 goto fail_unlock_rcu;
5915 }
5916 rcu_read_unlock();
5917
5918 if (res->beacon_interval &&
5919 nla_put_u16(msg, NL80211_BSS_BEACON_INTERVAL, res->beacon_interval))
5920 goto nla_put_failure;
5921 if (nla_put_u16(msg, NL80211_BSS_CAPABILITY, res->capability) ||
5922 nla_put_u32(msg, NL80211_BSS_FREQUENCY, res->channel->center_freq) ||
5923 nla_put_u32(msg, NL80211_BSS_CHAN_WIDTH, res->scan_width) ||
5924 nla_put_u32(msg, NL80211_BSS_SEEN_MS_AGO,
5925 jiffies_to_msecs(jiffies - intbss->ts)))
5926 goto nla_put_failure;
5927
5928 switch (rdev->wiphy.signal_type) {
5929 case CFG80211_SIGNAL_TYPE_MBM:
5930 if (nla_put_u32(msg, NL80211_BSS_SIGNAL_MBM, res->signal))
5931 goto nla_put_failure;
5932 break;
5933 case CFG80211_SIGNAL_TYPE_UNSPEC:
5934 if (nla_put_u8(msg, NL80211_BSS_SIGNAL_UNSPEC, res->signal))
5935 goto nla_put_failure;
5936 break;
5937 default:
5938 break;
5939 }
5940
5941 switch (wdev->iftype) {
5942 case NL80211_IFTYPE_P2P_CLIENT:
5943 case NL80211_IFTYPE_STATION:
5944 if (intbss == wdev->current_bss &&
5945 nla_put_u32(msg, NL80211_BSS_STATUS,
5946 NL80211_BSS_STATUS_ASSOCIATED))
5947 goto nla_put_failure;
5948 break;
5949 case NL80211_IFTYPE_ADHOC:
5950 if (intbss == wdev->current_bss &&
5951 nla_put_u32(msg, NL80211_BSS_STATUS,
5952 NL80211_BSS_STATUS_IBSS_JOINED))
5953 goto nla_put_failure;
5954 break;
5955 default:
5956 break;
5957 }
5958
5959 nla_nest_end(msg, bss);
5960
5961 return genlmsg_end(msg, hdr);
5962
5963 fail_unlock_rcu:
5964 rcu_read_unlock();
5965 nla_put_failure:
5966 genlmsg_cancel(msg, hdr);
5967 return -EMSGSIZE;
5968 }
5969
5970 static int nl80211_dump_scan(struct sk_buff *skb, struct netlink_callback *cb)
5971 {
5972 struct cfg80211_registered_device *rdev;
5973 struct cfg80211_internal_bss *scan;
5974 struct wireless_dev *wdev;
5975 int start = cb->args[2], idx = 0;
5976 int err;
5977
5978 err = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev);
5979 if (err)
5980 return err;
5981
5982 wdev_lock(wdev);
5983 spin_lock_bh(&rdev->bss_lock);
5984 cfg80211_bss_expire(rdev);
5985
5986 cb->seq = rdev->bss_generation;
5987
5988 list_for_each_entry(scan, &rdev->bss_list, list) {
5989 if (++idx <= start)
5990 continue;
5991 if (nl80211_send_bss(skb, cb,
5992 cb->nlh->nlmsg_seq, NLM_F_MULTI,
5993 rdev, wdev, scan) < 0) {
5994 idx--;
5995 break;
5996 }
5997 }
5998
5999 spin_unlock_bh(&rdev->bss_lock);
6000 wdev_unlock(wdev);
6001
6002 cb->args[2] = idx;
6003 nl80211_finish_wdev_dump(rdev);
6004
6005 return skb->len;
6006 }
6007
6008 static int nl80211_send_survey(struct sk_buff *msg, u32 portid, u32 seq,
6009 int flags, struct net_device *dev,
6010 struct survey_info *survey)
6011 {
6012 void *hdr;
6013 struct nlattr *infoattr;
6014
6015 hdr = nl80211hdr_put(msg, portid, seq, flags,
6016 NL80211_CMD_NEW_SURVEY_RESULTS);
6017 if (!hdr)
6018 return -ENOMEM;
6019
6020 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
6021 goto nla_put_failure;
6022
6023 infoattr = nla_nest_start(msg, NL80211_ATTR_SURVEY_INFO);
6024 if (!infoattr)
6025 goto nla_put_failure;
6026
6027 if (nla_put_u32(msg, NL80211_SURVEY_INFO_FREQUENCY,
6028 survey->channel->center_freq))
6029 goto nla_put_failure;
6030
6031 if ((survey->filled & SURVEY_INFO_NOISE_DBM) &&
6032 nla_put_u8(msg, NL80211_SURVEY_INFO_NOISE, survey->noise))
6033 goto nla_put_failure;
6034 if ((survey->filled & SURVEY_INFO_IN_USE) &&
6035 nla_put_flag(msg, NL80211_SURVEY_INFO_IN_USE))
6036 goto nla_put_failure;
6037 if ((survey->filled & SURVEY_INFO_CHANNEL_TIME) &&
6038 nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME,
6039 survey->channel_time))
6040 goto nla_put_failure;
6041 if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_BUSY) &&
6042 nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_BUSY,
6043 survey->channel_time_busy))
6044 goto nla_put_failure;
6045 if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_EXT_BUSY) &&
6046 nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_EXT_BUSY,
6047 survey->channel_time_ext_busy))
6048 goto nla_put_failure;
6049 if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_RX) &&
6050 nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_RX,
6051 survey->channel_time_rx))
6052 goto nla_put_failure;
6053 if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_TX) &&
6054 nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_TX,
6055 survey->channel_time_tx))
6056 goto nla_put_failure;
6057
6058 nla_nest_end(msg, infoattr);
6059
6060 return genlmsg_end(msg, hdr);
6061
6062 nla_put_failure:
6063 genlmsg_cancel(msg, hdr);
6064 return -EMSGSIZE;
6065 }
6066
6067 static int nl80211_dump_survey(struct sk_buff *skb,
6068 struct netlink_callback *cb)
6069 {
6070 struct survey_info survey;
6071 struct cfg80211_registered_device *dev;
6072 struct wireless_dev *wdev;
6073 int survey_idx = cb->args[2];
6074 int res;
6075
6076 res = nl80211_prepare_wdev_dump(skb, cb, &dev, &wdev);
6077 if (res)
6078 return res;
6079
6080 if (!wdev->netdev) {
6081 res = -EINVAL;
6082 goto out_err;
6083 }
6084
6085 if (!dev->ops->dump_survey) {
6086 res = -EOPNOTSUPP;
6087 goto out_err;
6088 }
6089
6090 while (1) {
6091 struct ieee80211_channel *chan;
6092
6093 res = rdev_dump_survey(dev, wdev->netdev, survey_idx, &survey);
6094 if (res == -ENOENT)
6095 break;
6096 if (res)
6097 goto out_err;
6098
6099 /* Survey without a channel doesn't make sense */
6100 if (!survey.channel) {
6101 res = -EINVAL;
6102 goto out;
6103 }
6104
6105 chan = ieee80211_get_channel(&dev->wiphy,
6106 survey.channel->center_freq);
6107 if (!chan || chan->flags & IEEE80211_CHAN_DISABLED) {
6108 survey_idx++;
6109 continue;
6110 }
6111
6112 if (nl80211_send_survey(skb,
6113 NETLINK_CB(cb->skb).portid,
6114 cb->nlh->nlmsg_seq, NLM_F_MULTI,
6115 wdev->netdev, &survey) < 0)
6116 goto out;
6117 survey_idx++;
6118 }
6119
6120 out:
6121 cb->args[2] = survey_idx;
6122 res = skb->len;
6123 out_err:
6124 nl80211_finish_wdev_dump(dev);
6125 return res;
6126 }
6127
6128 static bool nl80211_valid_wpa_versions(u32 wpa_versions)
6129 {
6130 return !(wpa_versions & ~(NL80211_WPA_VERSION_1 |
6131 NL80211_WPA_VERSION_2));
6132 }
6133
6134 static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info)
6135 {
6136 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6137 struct net_device *dev = info->user_ptr[1];
6138 struct ieee80211_channel *chan;
6139 const u8 *bssid, *ssid, *ie = NULL, *sae_data = NULL;
6140 int err, ssid_len, ie_len = 0, sae_data_len = 0;
6141 enum nl80211_auth_type auth_type;
6142 struct key_parse key;
6143 bool local_state_change;
6144
6145 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
6146 return -EINVAL;
6147
6148 if (!info->attrs[NL80211_ATTR_MAC])
6149 return -EINVAL;
6150
6151 if (!info->attrs[NL80211_ATTR_AUTH_TYPE])
6152 return -EINVAL;
6153
6154 if (!info->attrs[NL80211_ATTR_SSID])
6155 return -EINVAL;
6156
6157 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
6158 return -EINVAL;
6159
6160 err = nl80211_parse_key(info, &key);
6161 if (err)
6162 return err;
6163
6164 if (key.idx >= 0) {
6165 if (key.type != -1 && key.type != NL80211_KEYTYPE_GROUP)
6166 return -EINVAL;
6167 if (!key.p.key || !key.p.key_len)
6168 return -EINVAL;
6169 if ((key.p.cipher != WLAN_CIPHER_SUITE_WEP40 ||
6170 key.p.key_len != WLAN_KEY_LEN_WEP40) &&
6171 (key.p.cipher != WLAN_CIPHER_SUITE_WEP104 ||
6172 key.p.key_len != WLAN_KEY_LEN_WEP104))
6173 return -EINVAL;
6174 if (key.idx > 4)
6175 return -EINVAL;
6176 } else {
6177 key.p.key_len = 0;
6178 key.p.key = NULL;
6179 }
6180
6181 if (key.idx >= 0) {
6182 int i;
6183 bool ok = false;
6184 for (i = 0; i < rdev->wiphy.n_cipher_suites; i++) {
6185 if (key.p.cipher == rdev->wiphy.cipher_suites[i]) {
6186 ok = true;
6187 break;
6188 }
6189 }
6190 if (!ok)
6191 return -EINVAL;
6192 }
6193
6194 if (!rdev->ops->auth)
6195 return -EOPNOTSUPP;
6196
6197 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
6198 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
6199 return -EOPNOTSUPP;
6200
6201 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
6202 chan = ieee80211_get_channel(&rdev->wiphy,
6203 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
6204 if (!chan || (chan->flags & IEEE80211_CHAN_DISABLED))
6205 return -EINVAL;
6206
6207 ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
6208 ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
6209
6210 if (info->attrs[NL80211_ATTR_IE]) {
6211 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
6212 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
6213 }
6214
6215 auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
6216 if (!nl80211_valid_auth_type(rdev, auth_type, NL80211_CMD_AUTHENTICATE))
6217 return -EINVAL;
6218
6219 if (auth_type == NL80211_AUTHTYPE_SAE &&
6220 !info->attrs[NL80211_ATTR_SAE_DATA])
6221 return -EINVAL;
6222
6223 if (info->attrs[NL80211_ATTR_SAE_DATA]) {
6224 if (auth_type != NL80211_AUTHTYPE_SAE)
6225 return -EINVAL;
6226 sae_data = nla_data(info->attrs[NL80211_ATTR_SAE_DATA]);
6227 sae_data_len = nla_len(info->attrs[NL80211_ATTR_SAE_DATA]);
6228 /* need to include at least Auth Transaction and Status Code */
6229 if (sae_data_len < 4)
6230 return -EINVAL;
6231 }
6232
6233 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
6234
6235 /*
6236 * Since we no longer track auth state, ignore
6237 * requests to only change local state.
6238 */
6239 if (local_state_change)
6240 return 0;
6241
6242 wdev_lock(dev->ieee80211_ptr);
6243 err = cfg80211_mlme_auth(rdev, dev, chan, auth_type, bssid,
6244 ssid, ssid_len, ie, ie_len,
6245 key.p.key, key.p.key_len, key.idx,
6246 sae_data, sae_data_len);
6247 wdev_unlock(dev->ieee80211_ptr);
6248 return err;
6249 }
6250
6251 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
6252 struct genl_info *info,
6253 struct cfg80211_crypto_settings *settings,
6254 int cipher_limit)
6255 {
6256 memset(settings, 0, sizeof(*settings));
6257
6258 settings->control_port = info->attrs[NL80211_ATTR_CONTROL_PORT];
6259
6260 if (info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) {
6261 u16 proto;
6262 proto = nla_get_u16(
6263 info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]);
6264 settings->control_port_ethertype = cpu_to_be16(proto);
6265 if (!(rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
6266 proto != ETH_P_PAE)
6267 return -EINVAL;
6268 if (info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT])
6269 settings->control_port_no_encrypt = true;
6270 } else
6271 settings->control_port_ethertype = cpu_to_be16(ETH_P_PAE);
6272
6273 if (info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]) {
6274 void *data;
6275 int len, i;
6276
6277 data = nla_data(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
6278 len = nla_len(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
6279 settings->n_ciphers_pairwise = len / sizeof(u32);
6280
6281 if (len % sizeof(u32))
6282 return -EINVAL;
6283
6284 if (settings->n_ciphers_pairwise > cipher_limit)
6285 return -EINVAL;
6286
6287 memcpy(settings->ciphers_pairwise, data, len);
6288
6289 for (i = 0; i < settings->n_ciphers_pairwise; i++)
6290 if (!cfg80211_supported_cipher_suite(
6291 &rdev->wiphy,
6292 settings->ciphers_pairwise[i]))
6293 return -EINVAL;
6294 }
6295
6296 if (info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]) {
6297 settings->cipher_group =
6298 nla_get_u32(info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]);
6299 if (!cfg80211_supported_cipher_suite(&rdev->wiphy,
6300 settings->cipher_group))
6301 return -EINVAL;
6302 }
6303
6304 if (info->attrs[NL80211_ATTR_WPA_VERSIONS]) {
6305 settings->wpa_versions =
6306 nla_get_u32(info->attrs[NL80211_ATTR_WPA_VERSIONS]);
6307 if (!nl80211_valid_wpa_versions(settings->wpa_versions))
6308 return -EINVAL;
6309 }
6310
6311 if (info->attrs[NL80211_ATTR_AKM_SUITES]) {
6312 void *data;
6313 int len;
6314
6315 data = nla_data(info->attrs[NL80211_ATTR_AKM_SUITES]);
6316 len = nla_len(info->attrs[NL80211_ATTR_AKM_SUITES]);
6317 settings->n_akm_suites = len / sizeof(u32);
6318
6319 if (len % sizeof(u32))
6320 return -EINVAL;
6321
6322 if (settings->n_akm_suites > NL80211_MAX_NR_AKM_SUITES)
6323 return -EINVAL;
6324
6325 memcpy(settings->akm_suites, data, len);
6326 }
6327
6328 return 0;
6329 }
6330
6331 static int nl80211_associate(struct sk_buff *skb, struct genl_info *info)
6332 {
6333 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6334 struct net_device *dev = info->user_ptr[1];
6335 struct ieee80211_channel *chan;
6336 struct cfg80211_assoc_request req = {};
6337 const u8 *bssid, *ssid;
6338 int err, ssid_len = 0;
6339
6340 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
6341 return -EINVAL;
6342
6343 if (!info->attrs[NL80211_ATTR_MAC] ||
6344 !info->attrs[NL80211_ATTR_SSID] ||
6345 !info->attrs[NL80211_ATTR_WIPHY_FREQ])
6346 return -EINVAL;
6347
6348 if (!rdev->ops->assoc)
6349 return -EOPNOTSUPP;
6350
6351 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
6352 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
6353 return -EOPNOTSUPP;
6354
6355 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
6356
6357 chan = ieee80211_get_channel(&rdev->wiphy,
6358 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
6359 if (!chan || (chan->flags & IEEE80211_CHAN_DISABLED))
6360 return -EINVAL;
6361
6362 ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
6363 ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
6364
6365 if (info->attrs[NL80211_ATTR_IE]) {
6366 req.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
6367 req.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
6368 }
6369
6370 if (info->attrs[NL80211_ATTR_USE_MFP]) {
6371 enum nl80211_mfp mfp =
6372 nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
6373 if (mfp == NL80211_MFP_REQUIRED)
6374 req.use_mfp = true;
6375 else if (mfp != NL80211_MFP_NO)
6376 return -EINVAL;
6377 }
6378
6379 if (info->attrs[NL80211_ATTR_PREV_BSSID])
6380 req.prev_bssid = nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]);
6381
6382 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
6383 req.flags |= ASSOC_REQ_DISABLE_HT;
6384
6385 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
6386 memcpy(&req.ht_capa_mask,
6387 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
6388 sizeof(req.ht_capa_mask));
6389
6390 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
6391 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
6392 return -EINVAL;
6393 memcpy(&req.ht_capa,
6394 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
6395 sizeof(req.ht_capa));
6396 }
6397
6398 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT]))
6399 req.flags |= ASSOC_REQ_DISABLE_VHT;
6400
6401 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
6402 memcpy(&req.vht_capa_mask,
6403 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]),
6404 sizeof(req.vht_capa_mask));
6405
6406 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {
6407 if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
6408 return -EINVAL;
6409 memcpy(&req.vht_capa,
6410 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]),
6411 sizeof(req.vht_capa));
6412 }
6413
6414 err = nl80211_crypto_settings(rdev, info, &req.crypto, 1);
6415 if (!err) {
6416 wdev_lock(dev->ieee80211_ptr);
6417 err = cfg80211_mlme_assoc(rdev, dev, chan, bssid,
6418 ssid, ssid_len, &req);
6419 wdev_unlock(dev->ieee80211_ptr);
6420 }
6421
6422 return err;
6423 }
6424
6425 static int nl80211_deauthenticate(struct sk_buff *skb, struct genl_info *info)
6426 {
6427 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6428 struct net_device *dev = info->user_ptr[1];
6429 const u8 *ie = NULL, *bssid;
6430 int ie_len = 0, err;
6431 u16 reason_code;
6432 bool local_state_change;
6433
6434 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
6435 return -EINVAL;
6436
6437 if (!info->attrs[NL80211_ATTR_MAC])
6438 return -EINVAL;
6439
6440 if (!info->attrs[NL80211_ATTR_REASON_CODE])
6441 return -EINVAL;
6442
6443 if (!rdev->ops->deauth)
6444 return -EOPNOTSUPP;
6445
6446 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
6447 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
6448 return -EOPNOTSUPP;
6449
6450 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
6451
6452 reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
6453 if (reason_code == 0) {
6454 /* Reason Code 0 is reserved */
6455 return -EINVAL;
6456 }
6457
6458 if (info->attrs[NL80211_ATTR_IE]) {
6459 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
6460 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
6461 }
6462
6463 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
6464
6465 wdev_lock(dev->ieee80211_ptr);
6466 err = cfg80211_mlme_deauth(rdev, dev, bssid, ie, ie_len, reason_code,
6467 local_state_change);
6468 wdev_unlock(dev->ieee80211_ptr);
6469 return err;
6470 }
6471
6472 static int nl80211_disassociate(struct sk_buff *skb, struct genl_info *info)
6473 {
6474 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6475 struct net_device *dev = info->user_ptr[1];
6476 const u8 *ie = NULL, *bssid;
6477 int ie_len = 0, err;
6478 u16 reason_code;
6479 bool local_state_change;
6480
6481 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
6482 return -EINVAL;
6483
6484 if (!info->attrs[NL80211_ATTR_MAC])
6485 return -EINVAL;
6486
6487 if (!info->attrs[NL80211_ATTR_REASON_CODE])
6488 return -EINVAL;
6489
6490 if (!rdev->ops->disassoc)
6491 return -EOPNOTSUPP;
6492
6493 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
6494 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
6495 return -EOPNOTSUPP;
6496
6497 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
6498
6499 reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
6500 if (reason_code == 0) {
6501 /* Reason Code 0 is reserved */
6502 return -EINVAL;
6503 }
6504
6505 if (info->attrs[NL80211_ATTR_IE]) {
6506 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
6507 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
6508 }
6509
6510 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
6511
6512 wdev_lock(dev->ieee80211_ptr);
6513 err = cfg80211_mlme_disassoc(rdev, dev, bssid, ie, ie_len, reason_code,
6514 local_state_change);
6515 wdev_unlock(dev->ieee80211_ptr);
6516 return err;
6517 }
6518
6519 static bool
6520 nl80211_parse_mcast_rate(struct cfg80211_registered_device *rdev,
6521 int mcast_rate[IEEE80211_NUM_BANDS],
6522 int rateval)
6523 {
6524 struct wiphy *wiphy = &rdev->wiphy;
6525 bool found = false;
6526 int band, i;
6527
6528 for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
6529 struct ieee80211_supported_band *sband;
6530
6531 sband = wiphy->bands[band];
6532 if (!sband)
6533 continue;
6534
6535 for (i = 0; i < sband->n_bitrates; i++) {
6536 if (sband->bitrates[i].bitrate == rateval) {
6537 mcast_rate[band] = i + 1;
6538 found = true;
6539 break;
6540 }
6541 }
6542 }
6543
6544 return found;
6545 }
6546
6547 static int nl80211_join_ibss(struct sk_buff *skb, struct genl_info *info)
6548 {
6549 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6550 struct net_device *dev = info->user_ptr[1];
6551 struct cfg80211_ibss_params ibss;
6552 struct wiphy *wiphy;
6553 struct cfg80211_cached_keys *connkeys = NULL;
6554 int err;
6555
6556 memset(&ibss, 0, sizeof(ibss));
6557
6558 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
6559 return -EINVAL;
6560
6561 if (!info->attrs[NL80211_ATTR_SSID] ||
6562 !nla_len(info->attrs[NL80211_ATTR_SSID]))
6563 return -EINVAL;
6564
6565 ibss.beacon_interval = 100;
6566
6567 if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) {
6568 ibss.beacon_interval =
6569 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
6570 if (ibss.beacon_interval < 1 || ibss.beacon_interval > 10000)
6571 return -EINVAL;
6572 }
6573
6574 if (!rdev->ops->join_ibss)
6575 return -EOPNOTSUPP;
6576
6577 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
6578 return -EOPNOTSUPP;
6579
6580 wiphy = &rdev->wiphy;
6581
6582 if (info->attrs[NL80211_ATTR_MAC]) {
6583 ibss.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
6584
6585 if (!is_valid_ether_addr(ibss.bssid))
6586 return -EINVAL;
6587 }
6588 ibss.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
6589 ibss.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
6590
6591 if (info->attrs[NL80211_ATTR_IE]) {
6592 ibss.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
6593 ibss.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
6594 }
6595
6596 err = nl80211_parse_chandef(rdev, info, &ibss.chandef);
6597 if (err)
6598 return err;
6599
6600 if (!cfg80211_reg_can_beacon(&rdev->wiphy, &ibss.chandef))
6601 return -EINVAL;
6602
6603 switch (ibss.chandef.width) {
6604 case NL80211_CHAN_WIDTH_5:
6605 case NL80211_CHAN_WIDTH_10:
6606 case NL80211_CHAN_WIDTH_20_NOHT:
6607 break;
6608 case NL80211_CHAN_WIDTH_20:
6609 case NL80211_CHAN_WIDTH_40:
6610 if (rdev->wiphy.features & NL80211_FEATURE_HT_IBSS)
6611 break;
6612 default:
6613 return -EINVAL;
6614 }
6615
6616 ibss.channel_fixed = !!info->attrs[NL80211_ATTR_FREQ_FIXED];
6617 ibss.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
6618
6619 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
6620 u8 *rates =
6621 nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
6622 int n_rates =
6623 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
6624 struct ieee80211_supported_band *sband =
6625 wiphy->bands[ibss.chandef.chan->band];
6626
6627 err = ieee80211_get_ratemask(sband, rates, n_rates,
6628 &ibss.basic_rates);
6629 if (err)
6630 return err;
6631 }
6632
6633 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
6634 memcpy(&ibss.ht_capa_mask,
6635 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
6636 sizeof(ibss.ht_capa_mask));
6637
6638 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
6639 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
6640 return -EINVAL;
6641 memcpy(&ibss.ht_capa,
6642 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
6643 sizeof(ibss.ht_capa));
6644 }
6645
6646 if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
6647 !nl80211_parse_mcast_rate(rdev, ibss.mcast_rate,
6648 nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
6649 return -EINVAL;
6650
6651 if (ibss.privacy && info->attrs[NL80211_ATTR_KEYS]) {
6652 bool no_ht = false;
6653
6654 connkeys = nl80211_parse_connkeys(rdev,
6655 info->attrs[NL80211_ATTR_KEYS],
6656 &no_ht);
6657 if (IS_ERR(connkeys))
6658 return PTR_ERR(connkeys);
6659
6660 if ((ibss.chandef.width != NL80211_CHAN_WIDTH_20_NOHT) &&
6661 no_ht) {
6662 kfree(connkeys);
6663 return -EINVAL;
6664 }
6665 }
6666
6667 ibss.control_port =
6668 nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT]);
6669
6670 ibss.userspace_handles_dfs =
6671 nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS]);
6672
6673 err = cfg80211_join_ibss(rdev, dev, &ibss, connkeys);
6674 if (err)
6675 kfree(connkeys);
6676 return err;
6677 }
6678
6679 static int nl80211_leave_ibss(struct sk_buff *skb, struct genl_info *info)
6680 {
6681 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6682 struct net_device *dev = info->user_ptr[1];
6683
6684 if (!rdev->ops->leave_ibss)
6685 return -EOPNOTSUPP;
6686
6687 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
6688 return -EOPNOTSUPP;
6689
6690 return cfg80211_leave_ibss(rdev, dev, false);
6691 }
6692
6693 static int nl80211_set_mcast_rate(struct sk_buff *skb, struct genl_info *info)
6694 {
6695 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6696 struct net_device *dev = info->user_ptr[1];
6697 int mcast_rate[IEEE80211_NUM_BANDS];
6698 u32 nla_rate;
6699 int err;
6700
6701 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC &&
6702 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
6703 return -EOPNOTSUPP;
6704
6705 if (!rdev->ops->set_mcast_rate)
6706 return -EOPNOTSUPP;
6707
6708 memset(mcast_rate, 0, sizeof(mcast_rate));
6709
6710 if (!info->attrs[NL80211_ATTR_MCAST_RATE])
6711 return -EINVAL;
6712
6713 nla_rate = nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE]);
6714 if (!nl80211_parse_mcast_rate(rdev, mcast_rate, nla_rate))
6715 return -EINVAL;
6716
6717 err = rdev->ops->set_mcast_rate(&rdev->wiphy, dev, mcast_rate);
6718
6719 return err;
6720 }
6721
6722 static struct sk_buff *
6723 __cfg80211_alloc_vendor_skb(struct cfg80211_registered_device *rdev,
6724 int approxlen, u32 portid, u32 seq,
6725 enum nl80211_commands cmd,
6726 enum nl80211_attrs attr,
6727 const struct nl80211_vendor_cmd_info *info,
6728 gfp_t gfp)
6729 {
6730 struct sk_buff *skb;
6731 void *hdr;
6732 struct nlattr *data;
6733
6734 skb = nlmsg_new(approxlen + 100, gfp);
6735 if (!skb)
6736 return NULL;
6737
6738 hdr = nl80211hdr_put(skb, portid, seq, 0, cmd);
6739 if (!hdr) {
6740 kfree_skb(skb);
6741 return NULL;
6742 }
6743
6744 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
6745 goto nla_put_failure;
6746
6747 if (info) {
6748 if (nla_put_u32(skb, NL80211_ATTR_VENDOR_ID,
6749 info->vendor_id))
6750 goto nla_put_failure;
6751 if (nla_put_u32(skb, NL80211_ATTR_VENDOR_SUBCMD,
6752 info->subcmd))
6753 goto nla_put_failure;
6754 }
6755
6756 data = nla_nest_start(skb, attr);
6757
6758 ((void **)skb->cb)[0] = rdev;
6759 ((void **)skb->cb)[1] = hdr;
6760 ((void **)skb->cb)[2] = data;
6761
6762 return skb;
6763
6764 nla_put_failure:
6765 kfree_skb(skb);
6766 return NULL;
6767 }
6768
6769 struct sk_buff *__cfg80211_alloc_event_skb(struct wiphy *wiphy,
6770 enum nl80211_commands cmd,
6771 enum nl80211_attrs attr,
6772 int vendor_event_idx,
6773 int approxlen, gfp_t gfp)
6774 {
6775 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
6776 const struct nl80211_vendor_cmd_info *info;
6777
6778 switch (cmd) {
6779 case NL80211_CMD_TESTMODE:
6780 if (WARN_ON(vendor_event_idx != -1))
6781 return NULL;
6782 info = NULL;
6783 break;
6784 case NL80211_CMD_VENDOR:
6785 if (WARN_ON(vendor_event_idx < 0 ||
6786 vendor_event_idx >= wiphy->n_vendor_events))
6787 return NULL;
6788 info = &wiphy->vendor_events[vendor_event_idx];
6789 break;
6790 default:
6791 WARN_ON(1);
6792 return NULL;
6793 }
6794
6795 return __cfg80211_alloc_vendor_skb(rdev, approxlen, 0, 0,
6796 cmd, attr, info, gfp);
6797 }
6798 EXPORT_SYMBOL(__cfg80211_alloc_event_skb);
6799
6800 void __cfg80211_send_event_skb(struct sk_buff *skb, gfp_t gfp)
6801 {
6802 struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
6803 void *hdr = ((void **)skb->cb)[1];
6804 struct nlattr *data = ((void **)skb->cb)[2];
6805 enum nl80211_multicast_groups mcgrp = NL80211_MCGRP_TESTMODE;
6806
6807 nla_nest_end(skb, data);
6808 genlmsg_end(skb, hdr);
6809
6810 if (data->nla_type == NL80211_ATTR_VENDOR_DATA)
6811 mcgrp = NL80211_MCGRP_VENDOR;
6812
6813 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), skb, 0,
6814 mcgrp, gfp);
6815 }
6816 EXPORT_SYMBOL(__cfg80211_send_event_skb);
6817
6818 #ifdef CONFIG_NL80211_TESTMODE
6819 static int nl80211_testmode_do(struct sk_buff *skb, struct genl_info *info)
6820 {
6821 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6822 struct wireless_dev *wdev =
6823 __cfg80211_wdev_from_attrs(genl_info_net(info), info->attrs);
6824 int err;
6825
6826 if (!rdev->ops->testmode_cmd)
6827 return -EOPNOTSUPP;
6828
6829 if (IS_ERR(wdev)) {
6830 err = PTR_ERR(wdev);
6831 if (err != -EINVAL)
6832 return err;
6833 wdev = NULL;
6834 } else if (wdev->wiphy != &rdev->wiphy) {
6835 return -EINVAL;
6836 }
6837
6838 if (!info->attrs[NL80211_ATTR_TESTDATA])
6839 return -EINVAL;
6840
6841 rdev->cur_cmd_info = info;
6842 err = rdev_testmode_cmd(rdev, wdev,
6843 nla_data(info->attrs[NL80211_ATTR_TESTDATA]),
6844 nla_len(info->attrs[NL80211_ATTR_TESTDATA]));
6845 rdev->cur_cmd_info = NULL;
6846
6847 return err;
6848 }
6849
6850 static int nl80211_testmode_dump(struct sk_buff *skb,
6851 struct netlink_callback *cb)
6852 {
6853 struct cfg80211_registered_device *rdev;
6854 int err;
6855 long phy_idx;
6856 void *data = NULL;
6857 int data_len = 0;
6858
6859 rtnl_lock();
6860
6861 if (cb->args[0]) {
6862 /*
6863 * 0 is a valid index, but not valid for args[0],
6864 * so we need to offset by 1.
6865 */
6866 phy_idx = cb->args[0] - 1;
6867 } else {
6868 err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
6869 nl80211_fam.attrbuf, nl80211_fam.maxattr,
6870 nl80211_policy);
6871 if (err)
6872 goto out_err;
6873
6874 rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk),
6875 nl80211_fam.attrbuf);
6876 if (IS_ERR(rdev)) {
6877 err = PTR_ERR(rdev);
6878 goto out_err;
6879 }
6880 phy_idx = rdev->wiphy_idx;
6881 rdev = NULL;
6882
6883 if (nl80211_fam.attrbuf[NL80211_ATTR_TESTDATA])
6884 cb->args[1] =
6885 (long)nl80211_fam.attrbuf[NL80211_ATTR_TESTDATA];
6886 }
6887
6888 if (cb->args[1]) {
6889 data = nla_data((void *)cb->args[1]);
6890 data_len = nla_len((void *)cb->args[1]);
6891 }
6892
6893 rdev = cfg80211_rdev_by_wiphy_idx(phy_idx);
6894 if (!rdev) {
6895 err = -ENOENT;
6896 goto out_err;
6897 }
6898
6899 if (!rdev->ops->testmode_dump) {
6900 err = -EOPNOTSUPP;
6901 goto out_err;
6902 }
6903
6904 while (1) {
6905 void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid,
6906 cb->nlh->nlmsg_seq, NLM_F_MULTI,
6907 NL80211_CMD_TESTMODE);
6908 struct nlattr *tmdata;
6909
6910 if (!hdr)
6911 break;
6912
6913 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, phy_idx)) {
6914 genlmsg_cancel(skb, hdr);
6915 break;
6916 }
6917
6918 tmdata = nla_nest_start(skb, NL80211_ATTR_TESTDATA);
6919 if (!tmdata) {
6920 genlmsg_cancel(skb, hdr);
6921 break;
6922 }
6923 err = rdev_testmode_dump(rdev, skb, cb, data, data_len);
6924 nla_nest_end(skb, tmdata);
6925
6926 if (err == -ENOBUFS || err == -ENOENT) {
6927 genlmsg_cancel(skb, hdr);
6928 break;
6929 } else if (err) {
6930 genlmsg_cancel(skb, hdr);
6931 goto out_err;
6932 }
6933
6934 genlmsg_end(skb, hdr);
6935 }
6936
6937 err = skb->len;
6938 /* see above */
6939 cb->args[0] = phy_idx + 1;
6940 out_err:
6941 rtnl_unlock();
6942 return err;
6943 }
6944 #endif
6945
6946 static int nl80211_connect(struct sk_buff *skb, struct genl_info *info)
6947 {
6948 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6949 struct net_device *dev = info->user_ptr[1];
6950 struct cfg80211_connect_params connect;
6951 struct wiphy *wiphy;
6952 struct cfg80211_cached_keys *connkeys = NULL;
6953 int err;
6954
6955 memset(&connect, 0, sizeof(connect));
6956
6957 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
6958 return -EINVAL;
6959
6960 if (!info->attrs[NL80211_ATTR_SSID] ||
6961 !nla_len(info->attrs[NL80211_ATTR_SSID]))
6962 return -EINVAL;
6963
6964 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
6965 connect.auth_type =
6966 nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
6967 if (!nl80211_valid_auth_type(rdev, connect.auth_type,
6968 NL80211_CMD_CONNECT))
6969 return -EINVAL;
6970 } else
6971 connect.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
6972
6973 connect.privacy = info->attrs[NL80211_ATTR_PRIVACY];
6974
6975 err = nl80211_crypto_settings(rdev, info, &connect.crypto,
6976 NL80211_MAX_NR_CIPHER_SUITES);
6977 if (err)
6978 return err;
6979
6980 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
6981 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
6982 return -EOPNOTSUPP;
6983
6984 wiphy = &rdev->wiphy;
6985
6986 connect.bg_scan_period = -1;
6987 if (info->attrs[NL80211_ATTR_BG_SCAN_PERIOD] &&
6988 (wiphy->flags & WIPHY_FLAG_SUPPORTS_FW_ROAM)) {
6989 connect.bg_scan_period =
6990 nla_get_u16(info->attrs[NL80211_ATTR_BG_SCAN_PERIOD]);
6991 }
6992
6993 if (info->attrs[NL80211_ATTR_MAC])
6994 connect.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
6995 else if (info->attrs[NL80211_ATTR_MAC_HINT])
6996 connect.bssid_hint =
6997 nla_data(info->attrs[NL80211_ATTR_MAC_HINT]);
6998 connect.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
6999 connect.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
7000
7001 if (info->attrs[NL80211_ATTR_IE]) {
7002 connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
7003 connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
7004 }
7005
7006 if (info->attrs[NL80211_ATTR_USE_MFP]) {
7007 connect.mfp = nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
7008 if (connect.mfp != NL80211_MFP_REQUIRED &&
7009 connect.mfp != NL80211_MFP_NO)
7010 return -EINVAL;
7011 } else {
7012 connect.mfp = NL80211_MFP_NO;
7013 }
7014
7015 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
7016 connect.channel =
7017 ieee80211_get_channel(wiphy,
7018 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
7019 if (!connect.channel ||
7020 connect.channel->flags & IEEE80211_CHAN_DISABLED)
7021 return -EINVAL;
7022 } else if (info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]) {
7023 connect.channel_hint =
7024 ieee80211_get_channel(wiphy,
7025 nla_get_u32(
7026 info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]));
7027 if (!connect.channel_hint ||
7028 connect.channel_hint->flags & IEEE80211_CHAN_DISABLED)
7029 return -EINVAL;
7030 }
7031
7032 if (connect.privacy && info->attrs[NL80211_ATTR_KEYS]) {
7033 connkeys = nl80211_parse_connkeys(rdev,
7034 info->attrs[NL80211_ATTR_KEYS], NULL);
7035 if (IS_ERR(connkeys))
7036 return PTR_ERR(connkeys);
7037 }
7038
7039 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
7040 connect.flags |= ASSOC_REQ_DISABLE_HT;
7041
7042 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
7043 memcpy(&connect.ht_capa_mask,
7044 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
7045 sizeof(connect.ht_capa_mask));
7046
7047 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
7048 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) {
7049 kfree(connkeys);
7050 return -EINVAL;
7051 }
7052 memcpy(&connect.ht_capa,
7053 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
7054 sizeof(connect.ht_capa));
7055 }
7056
7057 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT]))
7058 connect.flags |= ASSOC_REQ_DISABLE_VHT;
7059
7060 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
7061 memcpy(&connect.vht_capa_mask,
7062 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]),
7063 sizeof(connect.vht_capa_mask));
7064
7065 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {
7066 if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]) {
7067 kfree(connkeys);
7068 return -EINVAL;
7069 }
7070 memcpy(&connect.vht_capa,
7071 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]),
7072 sizeof(connect.vht_capa));
7073 }
7074
7075 wdev_lock(dev->ieee80211_ptr);
7076 err = cfg80211_connect(rdev, dev, &connect, connkeys, NULL);
7077 wdev_unlock(dev->ieee80211_ptr);
7078 if (err)
7079 kfree(connkeys);
7080 return err;
7081 }
7082
7083 static int nl80211_disconnect(struct sk_buff *skb, struct genl_info *info)
7084 {
7085 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7086 struct net_device *dev = info->user_ptr[1];
7087 u16 reason;
7088 int ret;
7089
7090 if (!info->attrs[NL80211_ATTR_REASON_CODE])
7091 reason = WLAN_REASON_DEAUTH_LEAVING;
7092 else
7093 reason = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
7094
7095 if (reason == 0)
7096 return -EINVAL;
7097
7098 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
7099 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
7100 return -EOPNOTSUPP;
7101
7102 wdev_lock(dev->ieee80211_ptr);
7103 ret = cfg80211_disconnect(rdev, dev, reason, true);
7104 wdev_unlock(dev->ieee80211_ptr);
7105 return ret;
7106 }
7107
7108 static int nl80211_wiphy_netns(struct sk_buff *skb, struct genl_info *info)
7109 {
7110 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7111 struct net *net;
7112 int err;
7113 u32 pid;
7114
7115 if (!info->attrs[NL80211_ATTR_PID])
7116 return -EINVAL;
7117
7118 pid = nla_get_u32(info->attrs[NL80211_ATTR_PID]);
7119
7120 net = get_net_ns_by_pid(pid);
7121 if (IS_ERR(net))
7122 return PTR_ERR(net);
7123
7124 err = 0;
7125
7126 /* check if anything to do */
7127 if (!net_eq(wiphy_net(&rdev->wiphy), net))
7128 err = cfg80211_switch_netns(rdev, net);
7129
7130 put_net(net);
7131 return err;
7132 }
7133
7134 static int nl80211_setdel_pmksa(struct sk_buff *skb, struct genl_info *info)
7135 {
7136 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7137 int (*rdev_ops)(struct wiphy *wiphy, struct net_device *dev,
7138 struct cfg80211_pmksa *pmksa) = NULL;
7139 struct net_device *dev = info->user_ptr[1];
7140 struct cfg80211_pmksa pmksa;
7141
7142 memset(&pmksa, 0, sizeof(struct cfg80211_pmksa));
7143
7144 if (!info->attrs[NL80211_ATTR_MAC])
7145 return -EINVAL;
7146
7147 if (!info->attrs[NL80211_ATTR_PMKID])
7148 return -EINVAL;
7149
7150 pmksa.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]);
7151 pmksa.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
7152
7153 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
7154 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
7155 return -EOPNOTSUPP;
7156
7157 switch (info->genlhdr->cmd) {
7158 case NL80211_CMD_SET_PMKSA:
7159 rdev_ops = rdev->ops->set_pmksa;
7160 break;
7161 case NL80211_CMD_DEL_PMKSA:
7162 rdev_ops = rdev->ops->del_pmksa;
7163 break;
7164 default:
7165 WARN_ON(1);
7166 break;
7167 }
7168
7169 if (!rdev_ops)
7170 return -EOPNOTSUPP;
7171
7172 return rdev_ops(&rdev->wiphy, dev, &pmksa);
7173 }
7174
7175 static int nl80211_flush_pmksa(struct sk_buff *skb, struct genl_info *info)
7176 {
7177 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7178 struct net_device *dev = info->user_ptr[1];
7179
7180 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
7181 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
7182 return -EOPNOTSUPP;
7183
7184 if (!rdev->ops->flush_pmksa)
7185 return -EOPNOTSUPP;
7186
7187 return rdev_flush_pmksa(rdev, dev);
7188 }
7189
7190 static int nl80211_tdls_mgmt(struct sk_buff *skb, struct genl_info *info)
7191 {
7192 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7193 struct net_device *dev = info->user_ptr[1];
7194 u8 action_code, dialog_token;
7195 u16 status_code;
7196 u8 *peer;
7197
7198 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
7199 !rdev->ops->tdls_mgmt)
7200 return -EOPNOTSUPP;
7201
7202 if (!info->attrs[NL80211_ATTR_TDLS_ACTION] ||
7203 !info->attrs[NL80211_ATTR_STATUS_CODE] ||
7204 !info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN] ||
7205 !info->attrs[NL80211_ATTR_IE] ||
7206 !info->attrs[NL80211_ATTR_MAC])
7207 return -EINVAL;
7208
7209 peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
7210 action_code = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_ACTION]);
7211 status_code = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
7212 dialog_token = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN]);
7213
7214 return rdev_tdls_mgmt(rdev, dev, peer, action_code,
7215 dialog_token, status_code,
7216 nla_data(info->attrs[NL80211_ATTR_IE]),
7217 nla_len(info->attrs[NL80211_ATTR_IE]));
7218 }
7219
7220 static int nl80211_tdls_oper(struct sk_buff *skb, struct genl_info *info)
7221 {
7222 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7223 struct net_device *dev = info->user_ptr[1];
7224 enum nl80211_tdls_operation operation;
7225 u8 *peer;
7226
7227 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
7228 !rdev->ops->tdls_oper)
7229 return -EOPNOTSUPP;
7230
7231 if (!info->attrs[NL80211_ATTR_TDLS_OPERATION] ||
7232 !info->attrs[NL80211_ATTR_MAC])
7233 return -EINVAL;
7234
7235 operation = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_OPERATION]);
7236 peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
7237
7238 return rdev_tdls_oper(rdev, dev, peer, operation);
7239 }
7240
7241 static int nl80211_remain_on_channel(struct sk_buff *skb,
7242 struct genl_info *info)
7243 {
7244 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7245 struct wireless_dev *wdev = info->user_ptr[1];
7246 struct cfg80211_chan_def chandef;
7247 struct sk_buff *msg;
7248 void *hdr;
7249 u64 cookie;
7250 u32 duration;
7251 int err;
7252
7253 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
7254 !info->attrs[NL80211_ATTR_DURATION])
7255 return -EINVAL;
7256
7257 duration = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
7258
7259 if (!rdev->ops->remain_on_channel ||
7260 !(rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL))
7261 return -EOPNOTSUPP;
7262
7263 /*
7264 * We should be on that channel for at least a minimum amount of
7265 * time (10ms) but no longer than the driver supports.
7266 */
7267 if (duration < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
7268 duration > rdev->wiphy.max_remain_on_channel_duration)
7269 return -EINVAL;
7270
7271 err = nl80211_parse_chandef(rdev, info, &chandef);
7272 if (err)
7273 return err;
7274
7275 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
7276 if (!msg)
7277 return -ENOMEM;
7278
7279 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
7280 NL80211_CMD_REMAIN_ON_CHANNEL);
7281 if (!hdr) {
7282 err = -ENOBUFS;
7283 goto free_msg;
7284 }
7285
7286 err = rdev_remain_on_channel(rdev, wdev, chandef.chan,
7287 duration, &cookie);
7288
7289 if (err)
7290 goto free_msg;
7291
7292 if (nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie))
7293 goto nla_put_failure;
7294
7295 genlmsg_end(msg, hdr);
7296
7297 return genlmsg_reply(msg, info);
7298
7299 nla_put_failure:
7300 err = -ENOBUFS;
7301 free_msg:
7302 nlmsg_free(msg);
7303 return err;
7304 }
7305
7306 static int nl80211_cancel_remain_on_channel(struct sk_buff *skb,
7307 struct genl_info *info)
7308 {
7309 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7310 struct wireless_dev *wdev = info->user_ptr[1];
7311 u64 cookie;
7312
7313 if (!info->attrs[NL80211_ATTR_COOKIE])
7314 return -EINVAL;
7315
7316 if (!rdev->ops->cancel_remain_on_channel)
7317 return -EOPNOTSUPP;
7318
7319 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
7320
7321 return rdev_cancel_remain_on_channel(rdev, wdev, cookie);
7322 }
7323
7324 static u32 rateset_to_mask(struct ieee80211_supported_band *sband,
7325 u8 *rates, u8 rates_len)
7326 {
7327 u8 i;
7328 u32 mask = 0;
7329
7330 for (i = 0; i < rates_len; i++) {
7331 int rate = (rates[i] & 0x7f) * 5;
7332 int ridx;
7333 for (ridx = 0; ridx < sband->n_bitrates; ridx++) {
7334 struct ieee80211_rate *srate =
7335 &sband->bitrates[ridx];
7336 if (rate == srate->bitrate) {
7337 mask |= 1 << ridx;
7338 break;
7339 }
7340 }
7341 if (ridx == sband->n_bitrates)
7342 return 0; /* rate not found */
7343 }
7344
7345 return mask;
7346 }
7347
7348 static bool ht_rateset_to_mask(struct ieee80211_supported_band *sband,
7349 u8 *rates, u8 rates_len,
7350 u8 mcs[IEEE80211_HT_MCS_MASK_LEN])
7351 {
7352 u8 i;
7353
7354 memset(mcs, 0, IEEE80211_HT_MCS_MASK_LEN);
7355
7356 for (i = 0; i < rates_len; i++) {
7357 int ridx, rbit;
7358
7359 ridx = rates[i] / 8;
7360 rbit = BIT(rates[i] % 8);
7361
7362 /* check validity */
7363 if ((ridx < 0) || (ridx >= IEEE80211_HT_MCS_MASK_LEN))
7364 return false;
7365
7366 /* check availability */
7367 if (sband->ht_cap.mcs.rx_mask[ridx] & rbit)
7368 mcs[ridx] |= rbit;
7369 else
7370 return false;
7371 }
7372
7373 return true;
7374 }
7375
7376 static u16 vht_mcs_map_to_mcs_mask(u8 vht_mcs_map)
7377 {
7378 u16 mcs_mask = 0;
7379
7380 switch (vht_mcs_map) {
7381 case IEEE80211_VHT_MCS_NOT_SUPPORTED:
7382 break;
7383 case IEEE80211_VHT_MCS_SUPPORT_0_7:
7384 mcs_mask = 0x00FF;
7385 break;
7386 case IEEE80211_VHT_MCS_SUPPORT_0_8:
7387 mcs_mask = 0x01FF;
7388 break;
7389 case IEEE80211_VHT_MCS_SUPPORT_0_9:
7390 mcs_mask = 0x03FF;
7391 break;
7392 default:
7393 break;
7394 }
7395
7396 return mcs_mask;
7397 }
7398
7399 static void vht_build_mcs_mask(u16 vht_mcs_map,
7400 u16 vht_mcs_mask[NL80211_VHT_NSS_MAX])
7401 {
7402 u8 nss;
7403
7404 for (nss = 0; nss < NL80211_VHT_NSS_MAX; nss++) {
7405 vht_mcs_mask[nss] = vht_mcs_map_to_mcs_mask(vht_mcs_map & 0x03);
7406 vht_mcs_map >>= 2;
7407 }
7408 }
7409
7410 static bool vht_set_mcs_mask(struct ieee80211_supported_band *sband,
7411 struct nl80211_txrate_vht *txrate,
7412 u16 mcs[NL80211_VHT_NSS_MAX])
7413 {
7414 u16 tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
7415 u16 tx_mcs_mask[NL80211_VHT_NSS_MAX] = {};
7416 u8 i;
7417
7418 if (!sband->vht_cap.vht_supported)
7419 return false;
7420
7421 memset(mcs, 0, sizeof(u16) * NL80211_VHT_NSS_MAX);
7422
7423 /* Build vht_mcs_mask from VHT capabilities */
7424 vht_build_mcs_mask(tx_mcs_map, tx_mcs_mask);
7425
7426 for (i = 0; i < NL80211_VHT_NSS_MAX; i++) {
7427 if ((tx_mcs_mask[i] & txrate->mcs[i]) == txrate->mcs[i])
7428 mcs[i] = txrate->mcs[i];
7429 else
7430 return false;
7431 }
7432
7433 return true;
7434 }
7435
7436 static const struct nla_policy nl80211_txattr_policy[NL80211_TXRATE_MAX + 1] = {
7437 [NL80211_TXRATE_LEGACY] = { .type = NLA_BINARY,
7438 .len = NL80211_MAX_SUPP_RATES },
7439 [NL80211_TXRATE_HT] = { .type = NLA_BINARY,
7440 .len = NL80211_MAX_SUPP_HT_RATES },
7441 [NL80211_TXRATE_VHT] = { .len = sizeof(struct nl80211_txrate_vht)},
7442 };
7443
7444 static int nl80211_set_tx_bitrate_mask(struct sk_buff *skb,
7445 struct genl_info *info)
7446 {
7447 struct nlattr *tb[NL80211_TXRATE_MAX + 1];
7448 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7449 struct cfg80211_bitrate_mask mask;
7450 int rem, i;
7451 struct net_device *dev = info->user_ptr[1];
7452 struct nlattr *tx_rates;
7453 struct ieee80211_supported_band *sband;
7454 u16 vht_tx_mcs_map;
7455
7456 if (!rdev->ops->set_bitrate_mask)
7457 return -EOPNOTSUPP;
7458
7459 memset(&mask, 0, sizeof(mask));
7460 /* Default to all rates enabled */
7461 for (i = 0; i < IEEE80211_NUM_BANDS; i++) {
7462 sband = rdev->wiphy.bands[i];
7463
7464 if (!sband)
7465 continue;
7466
7467 mask.control[i].legacy = (1 << sband->n_bitrates) - 1;
7468 memcpy(mask.control[i].ht_mcs,
7469 sband->ht_cap.mcs.rx_mask,
7470 sizeof(mask.control[i].ht_mcs));
7471
7472 if (!sband->vht_cap.vht_supported)
7473 continue;
7474
7475 vht_tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
7476 vht_build_mcs_mask(vht_tx_mcs_map, mask.control[i].vht_mcs);
7477 }
7478
7479 /* if no rates are given set it back to the defaults */
7480 if (!info->attrs[NL80211_ATTR_TX_RATES])
7481 goto out;
7482
7483 /*
7484 * The nested attribute uses enum nl80211_band as the index. This maps
7485 * directly to the enum ieee80211_band values used in cfg80211.
7486 */
7487 BUILD_BUG_ON(NL80211_MAX_SUPP_HT_RATES > IEEE80211_HT_MCS_MASK_LEN * 8);
7488 nla_for_each_nested(tx_rates, info->attrs[NL80211_ATTR_TX_RATES], rem)
7489 {
7490 enum ieee80211_band band = nla_type(tx_rates);
7491 if (band < 0 || band >= IEEE80211_NUM_BANDS)
7492 return -EINVAL;
7493 sband = rdev->wiphy.bands[band];
7494 if (sband == NULL)
7495 return -EINVAL;
7496 nla_parse(tb, NL80211_TXRATE_MAX, nla_data(tx_rates),
7497 nla_len(tx_rates), nl80211_txattr_policy);
7498 if (tb[NL80211_TXRATE_LEGACY]) {
7499 mask.control[band].legacy = rateset_to_mask(
7500 sband,
7501 nla_data(tb[NL80211_TXRATE_LEGACY]),
7502 nla_len(tb[NL80211_TXRATE_LEGACY]));
7503 if ((mask.control[band].legacy == 0) &&
7504 nla_len(tb[NL80211_TXRATE_LEGACY]))
7505 return -EINVAL;
7506 }
7507 if (tb[NL80211_TXRATE_HT]) {
7508 if (!ht_rateset_to_mask(
7509 sband,
7510 nla_data(tb[NL80211_TXRATE_HT]),
7511 nla_len(tb[NL80211_TXRATE_HT]),
7512 mask.control[band].ht_mcs))
7513 return -EINVAL;
7514 }
7515 if (tb[NL80211_TXRATE_VHT]) {
7516 if (!vht_set_mcs_mask(
7517 sband,
7518 nla_data(tb[NL80211_TXRATE_VHT]),
7519 mask.control[band].vht_mcs))
7520 return -EINVAL;
7521 }
7522
7523 if (mask.control[band].legacy == 0) {
7524 /* don't allow empty legacy rates if HT or VHT
7525 * are not even supported.
7526 */
7527 if (!(rdev->wiphy.bands[band]->ht_cap.ht_supported ||
7528 rdev->wiphy.bands[band]->vht_cap.vht_supported))
7529 return -EINVAL;
7530
7531 for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++)
7532 if (mask.control[band].ht_mcs[i])
7533 goto out;
7534
7535 for (i = 0; i < NL80211_VHT_NSS_MAX; i++)
7536 if (mask.control[band].vht_mcs[i])
7537 goto out;
7538
7539 /* legacy and mcs rates may not be both empty */
7540 return -EINVAL;
7541 }
7542 }
7543
7544 out:
7545 return rdev_set_bitrate_mask(rdev, dev, NULL, &mask);
7546 }
7547
7548 static int nl80211_register_mgmt(struct sk_buff *skb, struct genl_info *info)
7549 {
7550 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7551 struct wireless_dev *wdev = info->user_ptr[1];
7552 u16 frame_type = IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_ACTION;
7553
7554 if (!info->attrs[NL80211_ATTR_FRAME_MATCH])
7555 return -EINVAL;
7556
7557 if (info->attrs[NL80211_ATTR_FRAME_TYPE])
7558 frame_type = nla_get_u16(info->attrs[NL80211_ATTR_FRAME_TYPE]);
7559
7560 switch (wdev->iftype) {
7561 case NL80211_IFTYPE_STATION:
7562 case NL80211_IFTYPE_ADHOC:
7563 case NL80211_IFTYPE_P2P_CLIENT:
7564 case NL80211_IFTYPE_AP:
7565 case NL80211_IFTYPE_AP_VLAN:
7566 case NL80211_IFTYPE_MESH_POINT:
7567 case NL80211_IFTYPE_P2P_GO:
7568 case NL80211_IFTYPE_P2P_DEVICE:
7569 break;
7570 default:
7571 return -EOPNOTSUPP;
7572 }
7573
7574 /* not much point in registering if we can't reply */
7575 if (!rdev->ops->mgmt_tx)
7576 return -EOPNOTSUPP;
7577
7578 return cfg80211_mlme_register_mgmt(wdev, info->snd_portid, frame_type,
7579 nla_data(info->attrs[NL80211_ATTR_FRAME_MATCH]),
7580 nla_len(info->attrs[NL80211_ATTR_FRAME_MATCH]));
7581 }
7582
7583 static int nl80211_tx_mgmt(struct sk_buff *skb, struct genl_info *info)
7584 {
7585 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7586 struct wireless_dev *wdev = info->user_ptr[1];
7587 struct cfg80211_chan_def chandef;
7588 int err;
7589 void *hdr = NULL;
7590 u64 cookie;
7591 struct sk_buff *msg = NULL;
7592 struct cfg80211_mgmt_tx_params params = {
7593 .dont_wait_for_ack =
7594 info->attrs[NL80211_ATTR_DONT_WAIT_FOR_ACK],
7595 };
7596
7597 if (!info->attrs[NL80211_ATTR_FRAME])
7598 return -EINVAL;
7599
7600 if (!rdev->ops->mgmt_tx)
7601 return -EOPNOTSUPP;
7602
7603 switch (wdev->iftype) {
7604 case NL80211_IFTYPE_P2P_DEVICE:
7605 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
7606 return -EINVAL;
7607 case NL80211_IFTYPE_STATION:
7608 case NL80211_IFTYPE_ADHOC:
7609 case NL80211_IFTYPE_P2P_CLIENT:
7610 case NL80211_IFTYPE_AP:
7611 case NL80211_IFTYPE_AP_VLAN:
7612 case NL80211_IFTYPE_MESH_POINT:
7613 case NL80211_IFTYPE_P2P_GO:
7614 break;
7615 default:
7616 return -EOPNOTSUPP;
7617 }
7618
7619 if (info->attrs[NL80211_ATTR_DURATION]) {
7620 if (!(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
7621 return -EINVAL;
7622 params.wait = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
7623
7624 /*
7625 * We should wait on the channel for at least a minimum amount
7626 * of time (10ms) but no longer than the driver supports.
7627 */
7628 if (params.wait < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
7629 params.wait > rdev->wiphy.max_remain_on_channel_duration)
7630 return -EINVAL;
7631
7632 }
7633
7634 params.offchan = info->attrs[NL80211_ATTR_OFFCHANNEL_TX_OK];
7635
7636 if (params.offchan && !(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
7637 return -EINVAL;
7638
7639 params.no_cck = nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
7640
7641 /* get the channel if any has been specified, otherwise pass NULL to
7642 * the driver. The latter will use the current one
7643 */
7644 chandef.chan = NULL;
7645 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
7646 err = nl80211_parse_chandef(rdev, info, &chandef);
7647 if (err)
7648 return err;
7649 }
7650
7651 if (!chandef.chan && params.offchan)
7652 return -EINVAL;
7653
7654 if (!params.dont_wait_for_ack) {
7655 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
7656 if (!msg)
7657 return -ENOMEM;
7658
7659 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
7660 NL80211_CMD_FRAME);
7661 if (!hdr) {
7662 err = -ENOBUFS;
7663 goto free_msg;
7664 }
7665 }
7666
7667 params.buf = nla_data(info->attrs[NL80211_ATTR_FRAME]);
7668 params.len = nla_len(info->attrs[NL80211_ATTR_FRAME]);
7669 params.chan = chandef.chan;
7670 err = cfg80211_mlme_mgmt_tx(rdev, wdev, &params, &cookie);
7671 if (err)
7672 goto free_msg;
7673
7674 if (msg) {
7675 if (nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie))
7676 goto nla_put_failure;
7677
7678 genlmsg_end(msg, hdr);
7679 return genlmsg_reply(msg, info);
7680 }
7681
7682 return 0;
7683
7684 nla_put_failure:
7685 err = -ENOBUFS;
7686 free_msg:
7687 nlmsg_free(msg);
7688 return err;
7689 }
7690
7691 static int nl80211_tx_mgmt_cancel_wait(struct sk_buff *skb, struct genl_info *info)
7692 {
7693 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7694 struct wireless_dev *wdev = info->user_ptr[1];
7695 u64 cookie;
7696
7697 if (!info->attrs[NL80211_ATTR_COOKIE])
7698 return -EINVAL;
7699
7700 if (!rdev->ops->mgmt_tx_cancel_wait)
7701 return -EOPNOTSUPP;
7702
7703 switch (wdev->iftype) {
7704 case NL80211_IFTYPE_STATION:
7705 case NL80211_IFTYPE_ADHOC:
7706 case NL80211_IFTYPE_P2P_CLIENT:
7707 case NL80211_IFTYPE_AP:
7708 case NL80211_IFTYPE_AP_VLAN:
7709 case NL80211_IFTYPE_P2P_GO:
7710 case NL80211_IFTYPE_P2P_DEVICE:
7711 break;
7712 default:
7713 return -EOPNOTSUPP;
7714 }
7715
7716 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
7717
7718 return rdev_mgmt_tx_cancel_wait(rdev, wdev, cookie);
7719 }
7720
7721 static int nl80211_set_power_save(struct sk_buff *skb, struct genl_info *info)
7722 {
7723 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7724 struct wireless_dev *wdev;
7725 struct net_device *dev = info->user_ptr[1];
7726 u8 ps_state;
7727 bool state;
7728 int err;
7729
7730 if (!info->attrs[NL80211_ATTR_PS_STATE])
7731 return -EINVAL;
7732
7733 ps_state = nla_get_u32(info->attrs[NL80211_ATTR_PS_STATE]);
7734
7735 if (ps_state != NL80211_PS_DISABLED && ps_state != NL80211_PS_ENABLED)
7736 return -EINVAL;
7737
7738 wdev = dev->ieee80211_ptr;
7739
7740 if (!rdev->ops->set_power_mgmt)
7741 return -EOPNOTSUPP;
7742
7743 state = (ps_state == NL80211_PS_ENABLED) ? true : false;
7744
7745 if (state == wdev->ps)
7746 return 0;
7747
7748 err = rdev_set_power_mgmt(rdev, dev, state, wdev->ps_timeout);
7749 if (!err)
7750 wdev->ps = state;
7751 return err;
7752 }
7753
7754 static int nl80211_get_power_save(struct sk_buff *skb, struct genl_info *info)
7755 {
7756 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7757 enum nl80211_ps_state ps_state;
7758 struct wireless_dev *wdev;
7759 struct net_device *dev = info->user_ptr[1];
7760 struct sk_buff *msg;
7761 void *hdr;
7762 int err;
7763
7764 wdev = dev->ieee80211_ptr;
7765
7766 if (!rdev->ops->set_power_mgmt)
7767 return -EOPNOTSUPP;
7768
7769 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
7770 if (!msg)
7771 return -ENOMEM;
7772
7773 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
7774 NL80211_CMD_GET_POWER_SAVE);
7775 if (!hdr) {
7776 err = -ENOBUFS;
7777 goto free_msg;
7778 }
7779
7780 if (wdev->ps)
7781 ps_state = NL80211_PS_ENABLED;
7782 else
7783 ps_state = NL80211_PS_DISABLED;
7784
7785 if (nla_put_u32(msg, NL80211_ATTR_PS_STATE, ps_state))
7786 goto nla_put_failure;
7787
7788 genlmsg_end(msg, hdr);
7789 return genlmsg_reply(msg, info);
7790
7791 nla_put_failure:
7792 err = -ENOBUFS;
7793 free_msg:
7794 nlmsg_free(msg);
7795 return err;
7796 }
7797
7798 static struct nla_policy
7799 nl80211_attr_cqm_policy[NL80211_ATTR_CQM_MAX + 1] __read_mostly = {
7800 [NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_U32 },
7801 [NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U32 },
7802 [NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 },
7803 [NL80211_ATTR_CQM_TXE_RATE] = { .type = NLA_U32 },
7804 [NL80211_ATTR_CQM_TXE_PKTS] = { .type = NLA_U32 },
7805 [NL80211_ATTR_CQM_TXE_INTVL] = { .type = NLA_U32 },
7806 };
7807
7808 static int nl80211_set_cqm_txe(struct genl_info *info,
7809 u32 rate, u32 pkts, u32 intvl)
7810 {
7811 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7812 struct net_device *dev = info->user_ptr[1];
7813 struct wireless_dev *wdev = dev->ieee80211_ptr;
7814
7815 if (rate > 100 || intvl > NL80211_CQM_TXE_MAX_INTVL)
7816 return -EINVAL;
7817
7818 if (!rdev->ops->set_cqm_txe_config)
7819 return -EOPNOTSUPP;
7820
7821 if (wdev->iftype != NL80211_IFTYPE_STATION &&
7822 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
7823 return -EOPNOTSUPP;
7824
7825 return rdev_set_cqm_txe_config(rdev, dev, rate, pkts, intvl);
7826 }
7827
7828 static int nl80211_set_cqm_rssi(struct genl_info *info,
7829 s32 threshold, u32 hysteresis)
7830 {
7831 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7832 struct net_device *dev = info->user_ptr[1];
7833 struct wireless_dev *wdev = dev->ieee80211_ptr;
7834
7835 if (threshold > 0)
7836 return -EINVAL;
7837
7838 /* disabling - hysteresis should also be zero then */
7839 if (threshold == 0)
7840 hysteresis = 0;
7841
7842 if (!rdev->ops->set_cqm_rssi_config)
7843 return -EOPNOTSUPP;
7844
7845 if (wdev->iftype != NL80211_IFTYPE_STATION &&
7846 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
7847 return -EOPNOTSUPP;
7848
7849 return rdev_set_cqm_rssi_config(rdev, dev, threshold, hysteresis);
7850 }
7851
7852 static int nl80211_set_cqm(struct sk_buff *skb, struct genl_info *info)
7853 {
7854 struct nlattr *attrs[NL80211_ATTR_CQM_MAX + 1];
7855 struct nlattr *cqm;
7856 int err;
7857
7858 cqm = info->attrs[NL80211_ATTR_CQM];
7859 if (!cqm)
7860 return -EINVAL;
7861
7862 err = nla_parse_nested(attrs, NL80211_ATTR_CQM_MAX, cqm,
7863 nl80211_attr_cqm_policy);
7864 if (err)
7865 return err;
7866
7867 if (attrs[NL80211_ATTR_CQM_RSSI_THOLD] &&
7868 attrs[NL80211_ATTR_CQM_RSSI_HYST]) {
7869 s32 threshold = nla_get_s32(attrs[NL80211_ATTR_CQM_RSSI_THOLD]);
7870 u32 hysteresis = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_HYST]);
7871
7872 return nl80211_set_cqm_rssi(info, threshold, hysteresis);
7873 }
7874
7875 if (attrs[NL80211_ATTR_CQM_TXE_RATE] &&
7876 attrs[NL80211_ATTR_CQM_TXE_PKTS] &&
7877 attrs[NL80211_ATTR_CQM_TXE_INTVL]) {
7878 u32 rate = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_RATE]);
7879 u32 pkts = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_PKTS]);
7880 u32 intvl = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_INTVL]);
7881
7882 return nl80211_set_cqm_txe(info, rate, pkts, intvl);
7883 }
7884
7885 return -EINVAL;
7886 }
7887
7888 static int nl80211_join_mesh(struct sk_buff *skb, struct genl_info *info)
7889 {
7890 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7891 struct net_device *dev = info->user_ptr[1];
7892 struct mesh_config cfg;
7893 struct mesh_setup setup;
7894 int err;
7895
7896 /* start with default */
7897 memcpy(&cfg, &default_mesh_config, sizeof(cfg));
7898 memcpy(&setup, &default_mesh_setup, sizeof(setup));
7899
7900 if (info->attrs[NL80211_ATTR_MESH_CONFIG]) {
7901 /* and parse parameters if given */
7902 err = nl80211_parse_mesh_config(info, &cfg, NULL);
7903 if (err)
7904 return err;
7905 }
7906
7907 if (!info->attrs[NL80211_ATTR_MESH_ID] ||
7908 !nla_len(info->attrs[NL80211_ATTR_MESH_ID]))
7909 return -EINVAL;
7910
7911 setup.mesh_id = nla_data(info->attrs[NL80211_ATTR_MESH_ID]);
7912 setup.mesh_id_len = nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
7913
7914 if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
7915 !nl80211_parse_mcast_rate(rdev, setup.mcast_rate,
7916 nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
7917 return -EINVAL;
7918
7919 if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) {
7920 setup.beacon_interval =
7921 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
7922 if (setup.beacon_interval < 10 ||
7923 setup.beacon_interval > 10000)
7924 return -EINVAL;
7925 }
7926
7927 if (info->attrs[NL80211_ATTR_DTIM_PERIOD]) {
7928 setup.dtim_period =
7929 nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
7930 if (setup.dtim_period < 1 || setup.dtim_period > 100)
7931 return -EINVAL;
7932 }
7933
7934 if (info->attrs[NL80211_ATTR_MESH_SETUP]) {
7935 /* parse additional setup parameters if given */
7936 err = nl80211_parse_mesh_setup(info, &setup);
7937 if (err)
7938 return err;
7939 }
7940
7941 if (setup.user_mpm)
7942 cfg.auto_open_plinks = false;
7943
7944 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
7945 err = nl80211_parse_chandef(rdev, info, &setup.chandef);
7946 if (err)
7947 return err;
7948 } else {
7949 /* cfg80211_join_mesh() will sort it out */
7950 setup.chandef.chan = NULL;
7951 }
7952
7953 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
7954 u8 *rates = nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
7955 int n_rates =
7956 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
7957 struct ieee80211_supported_band *sband;
7958
7959 if (!setup.chandef.chan)
7960 return -EINVAL;
7961
7962 sband = rdev->wiphy.bands[setup.chandef.chan->band];
7963
7964 err = ieee80211_get_ratemask(sband, rates, n_rates,
7965 &setup.basic_rates);
7966 if (err)
7967 return err;
7968 }
7969
7970 return cfg80211_join_mesh(rdev, dev, &setup, &cfg);
7971 }
7972
7973 static int nl80211_leave_mesh(struct sk_buff *skb, struct genl_info *info)
7974 {
7975 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7976 struct net_device *dev = info->user_ptr[1];
7977
7978 return cfg80211_leave_mesh(rdev, dev);
7979 }
7980
7981 #ifdef CONFIG_PM
7982 static int nl80211_send_wowlan_patterns(struct sk_buff *msg,
7983 struct cfg80211_registered_device *rdev)
7984 {
7985 struct cfg80211_wowlan *wowlan = rdev->wiphy.wowlan_config;
7986 struct nlattr *nl_pats, *nl_pat;
7987 int i, pat_len;
7988
7989 if (!wowlan->n_patterns)
7990 return 0;
7991
7992 nl_pats = nla_nest_start(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN);
7993 if (!nl_pats)
7994 return -ENOBUFS;
7995
7996 for (i = 0; i < wowlan->n_patterns; i++) {
7997 nl_pat = nla_nest_start(msg, i + 1);
7998 if (!nl_pat)
7999 return -ENOBUFS;
8000 pat_len = wowlan->patterns[i].pattern_len;
8001 if (nla_put(msg, NL80211_PKTPAT_MASK, DIV_ROUND_UP(pat_len, 8),
8002 wowlan->patterns[i].mask) ||
8003 nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len,
8004 wowlan->patterns[i].pattern) ||
8005 nla_put_u32(msg, NL80211_PKTPAT_OFFSET,
8006 wowlan->patterns[i].pkt_offset))
8007 return -ENOBUFS;
8008 nla_nest_end(msg, nl_pat);
8009 }
8010 nla_nest_end(msg, nl_pats);
8011
8012 return 0;
8013 }
8014
8015 static int nl80211_send_wowlan_tcp(struct sk_buff *msg,
8016 struct cfg80211_wowlan_tcp *tcp)
8017 {
8018 struct nlattr *nl_tcp;
8019
8020 if (!tcp)
8021 return 0;
8022
8023 nl_tcp = nla_nest_start(msg, NL80211_WOWLAN_TRIG_TCP_CONNECTION);
8024 if (!nl_tcp)
8025 return -ENOBUFS;
8026
8027 if (nla_put_be32(msg, NL80211_WOWLAN_TCP_SRC_IPV4, tcp->src) ||
8028 nla_put_be32(msg, NL80211_WOWLAN_TCP_DST_IPV4, tcp->dst) ||
8029 nla_put(msg, NL80211_WOWLAN_TCP_DST_MAC, ETH_ALEN, tcp->dst_mac) ||
8030 nla_put_u16(msg, NL80211_WOWLAN_TCP_SRC_PORT, tcp->src_port) ||
8031 nla_put_u16(msg, NL80211_WOWLAN_TCP_DST_PORT, tcp->dst_port) ||
8032 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
8033 tcp->payload_len, tcp->payload) ||
8034 nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
8035 tcp->data_interval) ||
8036 nla_put(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
8037 tcp->wake_len, tcp->wake_data) ||
8038 nla_put(msg, NL80211_WOWLAN_TCP_WAKE_MASK,
8039 DIV_ROUND_UP(tcp->wake_len, 8), tcp->wake_mask))
8040 return -ENOBUFS;
8041
8042 if (tcp->payload_seq.len &&
8043 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ,
8044 sizeof(tcp->payload_seq), &tcp->payload_seq))
8045 return -ENOBUFS;
8046
8047 if (tcp->payload_tok.len &&
8048 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
8049 sizeof(tcp->payload_tok) + tcp->tokens_size,
8050 &tcp->payload_tok))
8051 return -ENOBUFS;
8052
8053 nla_nest_end(msg, nl_tcp);
8054
8055 return 0;
8056 }
8057
8058 static int nl80211_get_wowlan(struct sk_buff *skb, struct genl_info *info)
8059 {
8060 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8061 struct sk_buff *msg;
8062 void *hdr;
8063 u32 size = NLMSG_DEFAULT_SIZE;
8064
8065 if (!rdev->wiphy.wowlan)
8066 return -EOPNOTSUPP;
8067
8068 if (rdev->wiphy.wowlan_config && rdev->wiphy.wowlan_config->tcp) {
8069 /* adjust size to have room for all the data */
8070 size += rdev->wiphy.wowlan_config->tcp->tokens_size +
8071 rdev->wiphy.wowlan_config->tcp->payload_len +
8072 rdev->wiphy.wowlan_config->tcp->wake_len +
8073 rdev->wiphy.wowlan_config->tcp->wake_len / 8;
8074 }
8075
8076 msg = nlmsg_new(size, GFP_KERNEL);
8077 if (!msg)
8078 return -ENOMEM;
8079
8080 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
8081 NL80211_CMD_GET_WOWLAN);
8082 if (!hdr)
8083 goto nla_put_failure;
8084
8085 if (rdev->wiphy.wowlan_config) {
8086 struct nlattr *nl_wowlan;
8087
8088 nl_wowlan = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS);
8089 if (!nl_wowlan)
8090 goto nla_put_failure;
8091
8092 if ((rdev->wiphy.wowlan_config->any &&
8093 nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
8094 (rdev->wiphy.wowlan_config->disconnect &&
8095 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
8096 (rdev->wiphy.wowlan_config->magic_pkt &&
8097 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
8098 (rdev->wiphy.wowlan_config->gtk_rekey_failure &&
8099 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
8100 (rdev->wiphy.wowlan_config->eap_identity_req &&
8101 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
8102 (rdev->wiphy.wowlan_config->four_way_handshake &&
8103 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
8104 (rdev->wiphy.wowlan_config->rfkill_release &&
8105 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
8106 goto nla_put_failure;
8107
8108 if (nl80211_send_wowlan_patterns(msg, rdev))
8109 goto nla_put_failure;
8110
8111 if (nl80211_send_wowlan_tcp(msg,
8112 rdev->wiphy.wowlan_config->tcp))
8113 goto nla_put_failure;
8114
8115 nla_nest_end(msg, nl_wowlan);
8116 }
8117
8118 genlmsg_end(msg, hdr);
8119 return genlmsg_reply(msg, info);
8120
8121 nla_put_failure:
8122 nlmsg_free(msg);
8123 return -ENOBUFS;
8124 }
8125
8126 static int nl80211_parse_wowlan_tcp(struct cfg80211_registered_device *rdev,
8127 struct nlattr *attr,
8128 struct cfg80211_wowlan *trig)
8129 {
8130 struct nlattr *tb[NUM_NL80211_WOWLAN_TCP];
8131 struct cfg80211_wowlan_tcp *cfg;
8132 struct nl80211_wowlan_tcp_data_token *tok = NULL;
8133 struct nl80211_wowlan_tcp_data_seq *seq = NULL;
8134 u32 size;
8135 u32 data_size, wake_size, tokens_size = 0, wake_mask_size;
8136 int err, port;
8137
8138 if (!rdev->wiphy.wowlan->tcp)
8139 return -EINVAL;
8140
8141 err = nla_parse(tb, MAX_NL80211_WOWLAN_TCP,
8142 nla_data(attr), nla_len(attr),
8143 nl80211_wowlan_tcp_policy);
8144 if (err)
8145 return err;
8146
8147 if (!tb[NL80211_WOWLAN_TCP_SRC_IPV4] ||
8148 !tb[NL80211_WOWLAN_TCP_DST_IPV4] ||
8149 !tb[NL80211_WOWLAN_TCP_DST_MAC] ||
8150 !tb[NL80211_WOWLAN_TCP_DST_PORT] ||
8151 !tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD] ||
8152 !tb[NL80211_WOWLAN_TCP_DATA_INTERVAL] ||
8153 !tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD] ||
8154 !tb[NL80211_WOWLAN_TCP_WAKE_MASK])
8155 return -EINVAL;
8156
8157 data_size = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]);
8158 if (data_size > rdev->wiphy.wowlan->tcp->data_payload_max)
8159 return -EINVAL;
8160
8161 if (nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) >
8162 rdev->wiphy.wowlan->tcp->data_interval_max ||
8163 nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) == 0)
8164 return -EINVAL;
8165
8166 wake_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]);
8167 if (wake_size > rdev->wiphy.wowlan->tcp->wake_payload_max)
8168 return -EINVAL;
8169
8170 wake_mask_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_MASK]);
8171 if (wake_mask_size != DIV_ROUND_UP(wake_size, 8))
8172 return -EINVAL;
8173
8174 if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]) {
8175 u32 tokln = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]);
8176
8177 tok = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]);
8178 tokens_size = tokln - sizeof(*tok);
8179
8180 if (!tok->len || tokens_size % tok->len)
8181 return -EINVAL;
8182 if (!rdev->wiphy.wowlan->tcp->tok)
8183 return -EINVAL;
8184 if (tok->len > rdev->wiphy.wowlan->tcp->tok->max_len)
8185 return -EINVAL;
8186 if (tok->len < rdev->wiphy.wowlan->tcp->tok->min_len)
8187 return -EINVAL;
8188 if (tokens_size > rdev->wiphy.wowlan->tcp->tok->bufsize)
8189 return -EINVAL;
8190 if (tok->offset + tok->len > data_size)
8191 return -EINVAL;
8192 }
8193
8194 if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]) {
8195 seq = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]);
8196 if (!rdev->wiphy.wowlan->tcp->seq)
8197 return -EINVAL;
8198 if (seq->len == 0 || seq->len > 4)
8199 return -EINVAL;
8200 if (seq->len + seq->offset > data_size)
8201 return -EINVAL;
8202 }
8203
8204 size = sizeof(*cfg);
8205 size += data_size;
8206 size += wake_size + wake_mask_size;
8207 size += tokens_size;
8208
8209 cfg = kzalloc(size, GFP_KERNEL);
8210 if (!cfg)
8211 return -ENOMEM;
8212 cfg->src = nla_get_be32(tb[NL80211_WOWLAN_TCP_SRC_IPV4]);
8213 cfg->dst = nla_get_be32(tb[NL80211_WOWLAN_TCP_DST_IPV4]);
8214 memcpy(cfg->dst_mac, nla_data(tb[NL80211_WOWLAN_TCP_DST_MAC]),
8215 ETH_ALEN);
8216 if (tb[NL80211_WOWLAN_TCP_SRC_PORT])
8217 port = nla_get_u16(tb[NL80211_WOWLAN_TCP_SRC_PORT]);
8218 else
8219 port = 0;
8220 #ifdef CONFIG_INET
8221 /* allocate a socket and port for it and use it */
8222 err = __sock_create(wiphy_net(&rdev->wiphy), PF_INET, SOCK_STREAM,
8223 IPPROTO_TCP, &cfg->sock, 1);
8224 if (err) {
8225 kfree(cfg);
8226 return err;
8227 }
8228 if (inet_csk_get_port(cfg->sock->sk, port)) {
8229 sock_release(cfg->sock);
8230 kfree(cfg);
8231 return -EADDRINUSE;
8232 }
8233 cfg->src_port = inet_sk(cfg->sock->sk)->inet_num;
8234 #else
8235 if (!port) {
8236 kfree(cfg);
8237 return -EINVAL;
8238 }
8239 cfg->src_port = port;
8240 #endif
8241
8242 cfg->dst_port = nla_get_u16(tb[NL80211_WOWLAN_TCP_DST_PORT]);
8243 cfg->payload_len = data_size;
8244 cfg->payload = (u8 *)cfg + sizeof(*cfg) + tokens_size;
8245 memcpy((void *)cfg->payload,
8246 nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]),
8247 data_size);
8248 if (seq)
8249 cfg->payload_seq = *seq;
8250 cfg->data_interval = nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]);
8251 cfg->wake_len = wake_size;
8252 cfg->wake_data = (u8 *)cfg + sizeof(*cfg) + tokens_size + data_size;
8253 memcpy((void *)cfg->wake_data,
8254 nla_data(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]),
8255 wake_size);
8256 cfg->wake_mask = (u8 *)cfg + sizeof(*cfg) + tokens_size +
8257 data_size + wake_size;
8258 memcpy((void *)cfg->wake_mask,
8259 nla_data(tb[NL80211_WOWLAN_TCP_WAKE_MASK]),
8260 wake_mask_size);
8261 if (tok) {
8262 cfg->tokens_size = tokens_size;
8263 memcpy(&cfg->payload_tok, tok, sizeof(*tok) + tokens_size);
8264 }
8265
8266 trig->tcp = cfg;
8267
8268 return 0;
8269 }
8270
8271 static int nl80211_set_wowlan(struct sk_buff *skb, struct genl_info *info)
8272 {
8273 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8274 struct nlattr *tb[NUM_NL80211_WOWLAN_TRIG];
8275 struct cfg80211_wowlan new_triggers = {};
8276 struct cfg80211_wowlan *ntrig;
8277 const struct wiphy_wowlan_support *wowlan = rdev->wiphy.wowlan;
8278 int err, i;
8279 bool prev_enabled = rdev->wiphy.wowlan_config;
8280
8281 if (!wowlan)
8282 return -EOPNOTSUPP;
8283
8284 if (!info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]) {
8285 cfg80211_rdev_free_wowlan(rdev);
8286 rdev->wiphy.wowlan_config = NULL;
8287 goto set_wakeup;
8288 }
8289
8290 err = nla_parse(tb, MAX_NL80211_WOWLAN_TRIG,
8291 nla_data(info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]),
8292 nla_len(info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]),
8293 nl80211_wowlan_policy);
8294 if (err)
8295 return err;
8296
8297 if (tb[NL80211_WOWLAN_TRIG_ANY]) {
8298 if (!(wowlan->flags & WIPHY_WOWLAN_ANY))
8299 return -EINVAL;
8300 new_triggers.any = true;
8301 }
8302
8303 if (tb[NL80211_WOWLAN_TRIG_DISCONNECT]) {
8304 if (!(wowlan->flags & WIPHY_WOWLAN_DISCONNECT))
8305 return -EINVAL;
8306 new_triggers.disconnect = true;
8307 }
8308
8309 if (tb[NL80211_WOWLAN_TRIG_MAGIC_PKT]) {
8310 if (!(wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT))
8311 return -EINVAL;
8312 new_triggers.magic_pkt = true;
8313 }
8314
8315 if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED])
8316 return -EINVAL;
8317
8318 if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE]) {
8319 if (!(wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE))
8320 return -EINVAL;
8321 new_triggers.gtk_rekey_failure = true;
8322 }
8323
8324 if (tb[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST]) {
8325 if (!(wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ))
8326 return -EINVAL;
8327 new_triggers.eap_identity_req = true;
8328 }
8329
8330 if (tb[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE]) {
8331 if (!(wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE))
8332 return -EINVAL;
8333 new_triggers.four_way_handshake = true;
8334 }
8335
8336 if (tb[NL80211_WOWLAN_TRIG_RFKILL_RELEASE]) {
8337 if (!(wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE))
8338 return -EINVAL;
8339 new_triggers.rfkill_release = true;
8340 }
8341
8342 if (tb[NL80211_WOWLAN_TRIG_PKT_PATTERN]) {
8343 struct nlattr *pat;
8344 int n_patterns = 0;
8345 int rem, pat_len, mask_len, pkt_offset;
8346 struct nlattr *pat_tb[NUM_NL80211_PKTPAT];
8347
8348 nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
8349 rem)
8350 n_patterns++;
8351 if (n_patterns > wowlan->n_patterns)
8352 return -EINVAL;
8353
8354 new_triggers.patterns = kcalloc(n_patterns,
8355 sizeof(new_triggers.patterns[0]),
8356 GFP_KERNEL);
8357 if (!new_triggers.patterns)
8358 return -ENOMEM;
8359
8360 new_triggers.n_patterns = n_patterns;
8361 i = 0;
8362
8363 nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
8364 rem) {
8365 nla_parse(pat_tb, MAX_NL80211_PKTPAT, nla_data(pat),
8366 nla_len(pat), NULL);
8367 err = -EINVAL;
8368 if (!pat_tb[NL80211_PKTPAT_MASK] ||
8369 !pat_tb[NL80211_PKTPAT_PATTERN])
8370 goto error;
8371 pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]);
8372 mask_len = DIV_ROUND_UP(pat_len, 8);
8373 if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len)
8374 goto error;
8375 if (pat_len > wowlan->pattern_max_len ||
8376 pat_len < wowlan->pattern_min_len)
8377 goto error;
8378
8379 if (!pat_tb[NL80211_PKTPAT_OFFSET])
8380 pkt_offset = 0;
8381 else
8382 pkt_offset = nla_get_u32(
8383 pat_tb[NL80211_PKTPAT_OFFSET]);
8384 if (pkt_offset > wowlan->max_pkt_offset)
8385 goto error;
8386 new_triggers.patterns[i].pkt_offset = pkt_offset;
8387
8388 new_triggers.patterns[i].mask =
8389 kmalloc(mask_len + pat_len, GFP_KERNEL);
8390 if (!new_triggers.patterns[i].mask) {
8391 err = -ENOMEM;
8392 goto error;
8393 }
8394 new_triggers.patterns[i].pattern =
8395 new_triggers.patterns[i].mask + mask_len;
8396 memcpy(new_triggers.patterns[i].mask,
8397 nla_data(pat_tb[NL80211_PKTPAT_MASK]),
8398 mask_len);
8399 new_triggers.patterns[i].pattern_len = pat_len;
8400 memcpy(new_triggers.patterns[i].pattern,
8401 nla_data(pat_tb[NL80211_PKTPAT_PATTERN]),
8402 pat_len);
8403 i++;
8404 }
8405 }
8406
8407 if (tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION]) {
8408 err = nl80211_parse_wowlan_tcp(
8409 rdev, tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION],
8410 &new_triggers);
8411 if (err)
8412 goto error;
8413 }
8414
8415 ntrig = kmemdup(&new_triggers, sizeof(new_triggers), GFP_KERNEL);
8416 if (!ntrig) {
8417 err = -ENOMEM;
8418 goto error;
8419 }
8420 cfg80211_rdev_free_wowlan(rdev);
8421 rdev->wiphy.wowlan_config = ntrig;
8422
8423 set_wakeup:
8424 if (rdev->ops->set_wakeup &&
8425 prev_enabled != !!rdev->wiphy.wowlan_config)
8426 rdev_set_wakeup(rdev, rdev->wiphy.wowlan_config);
8427
8428 return 0;
8429 error:
8430 for (i = 0; i < new_triggers.n_patterns; i++)
8431 kfree(new_triggers.patterns[i].mask);
8432 kfree(new_triggers.patterns);
8433 if (new_triggers.tcp && new_triggers.tcp->sock)
8434 sock_release(new_triggers.tcp->sock);
8435 kfree(new_triggers.tcp);
8436 return err;
8437 }
8438 #endif
8439
8440 static int nl80211_send_coalesce_rules(struct sk_buff *msg,
8441 struct cfg80211_registered_device *rdev)
8442 {
8443 struct nlattr *nl_pats, *nl_pat, *nl_rule, *nl_rules;
8444 int i, j, pat_len;
8445 struct cfg80211_coalesce_rules *rule;
8446
8447 if (!rdev->coalesce->n_rules)
8448 return 0;
8449
8450 nl_rules = nla_nest_start(msg, NL80211_ATTR_COALESCE_RULE);
8451 if (!nl_rules)
8452 return -ENOBUFS;
8453
8454 for (i = 0; i < rdev->coalesce->n_rules; i++) {
8455 nl_rule = nla_nest_start(msg, i + 1);
8456 if (!nl_rule)
8457 return -ENOBUFS;
8458
8459 rule = &rdev->coalesce->rules[i];
8460 if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_DELAY,
8461 rule->delay))
8462 return -ENOBUFS;
8463
8464 if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_CONDITION,
8465 rule->condition))
8466 return -ENOBUFS;
8467
8468 nl_pats = nla_nest_start(msg,
8469 NL80211_ATTR_COALESCE_RULE_PKT_PATTERN);
8470 if (!nl_pats)
8471 return -ENOBUFS;
8472
8473 for (j = 0; j < rule->n_patterns; j++) {
8474 nl_pat = nla_nest_start(msg, j + 1);
8475 if (!nl_pat)
8476 return -ENOBUFS;
8477 pat_len = rule->patterns[j].pattern_len;
8478 if (nla_put(msg, NL80211_PKTPAT_MASK,
8479 DIV_ROUND_UP(pat_len, 8),
8480 rule->patterns[j].mask) ||
8481 nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len,
8482 rule->patterns[j].pattern) ||
8483 nla_put_u32(msg, NL80211_PKTPAT_OFFSET,
8484 rule->patterns[j].pkt_offset))
8485 return -ENOBUFS;
8486 nla_nest_end(msg, nl_pat);
8487 }
8488 nla_nest_end(msg, nl_pats);
8489 nla_nest_end(msg, nl_rule);
8490 }
8491 nla_nest_end(msg, nl_rules);
8492
8493 return 0;
8494 }
8495
8496 static int nl80211_get_coalesce(struct sk_buff *skb, struct genl_info *info)
8497 {
8498 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8499 struct sk_buff *msg;
8500 void *hdr;
8501
8502 if (!rdev->wiphy.coalesce)
8503 return -EOPNOTSUPP;
8504
8505 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
8506 if (!msg)
8507 return -ENOMEM;
8508
8509 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
8510 NL80211_CMD_GET_COALESCE);
8511 if (!hdr)
8512 goto nla_put_failure;
8513
8514 if (rdev->coalesce && nl80211_send_coalesce_rules(msg, rdev))
8515 goto nla_put_failure;
8516
8517 genlmsg_end(msg, hdr);
8518 return genlmsg_reply(msg, info);
8519
8520 nla_put_failure:
8521 nlmsg_free(msg);
8522 return -ENOBUFS;
8523 }
8524
8525 void cfg80211_rdev_free_coalesce(struct cfg80211_registered_device *rdev)
8526 {
8527 struct cfg80211_coalesce *coalesce = rdev->coalesce;
8528 int i, j;
8529 struct cfg80211_coalesce_rules *rule;
8530
8531 if (!coalesce)
8532 return;
8533
8534 for (i = 0; i < coalesce->n_rules; i++) {
8535 rule = &coalesce->rules[i];
8536 for (j = 0; j < rule->n_patterns; j++)
8537 kfree(rule->patterns[j].mask);
8538 kfree(rule->patterns);
8539 }
8540 kfree(coalesce->rules);
8541 kfree(coalesce);
8542 rdev->coalesce = NULL;
8543 }
8544
8545 static int nl80211_parse_coalesce_rule(struct cfg80211_registered_device *rdev,
8546 struct nlattr *rule,
8547 struct cfg80211_coalesce_rules *new_rule)
8548 {
8549 int err, i;
8550 const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce;
8551 struct nlattr *tb[NUM_NL80211_ATTR_COALESCE_RULE], *pat;
8552 int rem, pat_len, mask_len, pkt_offset, n_patterns = 0;
8553 struct nlattr *pat_tb[NUM_NL80211_PKTPAT];
8554
8555 err = nla_parse(tb, NL80211_ATTR_COALESCE_RULE_MAX, nla_data(rule),
8556 nla_len(rule), nl80211_coalesce_policy);
8557 if (err)
8558 return err;
8559
8560 if (tb[NL80211_ATTR_COALESCE_RULE_DELAY])
8561 new_rule->delay =
8562 nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_DELAY]);
8563 if (new_rule->delay > coalesce->max_delay)
8564 return -EINVAL;
8565
8566 if (tb[NL80211_ATTR_COALESCE_RULE_CONDITION])
8567 new_rule->condition =
8568 nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_CONDITION]);
8569 if (new_rule->condition != NL80211_COALESCE_CONDITION_MATCH &&
8570 new_rule->condition != NL80211_COALESCE_CONDITION_NO_MATCH)
8571 return -EINVAL;
8572
8573 if (!tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN])
8574 return -EINVAL;
8575
8576 nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN],
8577 rem)
8578 n_patterns++;
8579 if (n_patterns > coalesce->n_patterns)
8580 return -EINVAL;
8581
8582 new_rule->patterns = kcalloc(n_patterns, sizeof(new_rule->patterns[0]),
8583 GFP_KERNEL);
8584 if (!new_rule->patterns)
8585 return -ENOMEM;
8586
8587 new_rule->n_patterns = n_patterns;
8588 i = 0;
8589
8590 nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN],
8591 rem) {
8592 nla_parse(pat_tb, MAX_NL80211_PKTPAT, nla_data(pat),
8593 nla_len(pat), NULL);
8594 if (!pat_tb[NL80211_PKTPAT_MASK] ||
8595 !pat_tb[NL80211_PKTPAT_PATTERN])
8596 return -EINVAL;
8597 pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]);
8598 mask_len = DIV_ROUND_UP(pat_len, 8);
8599 if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len)
8600 return -EINVAL;
8601 if (pat_len > coalesce->pattern_max_len ||
8602 pat_len < coalesce->pattern_min_len)
8603 return -EINVAL;
8604
8605 if (!pat_tb[NL80211_PKTPAT_OFFSET])
8606 pkt_offset = 0;
8607 else
8608 pkt_offset = nla_get_u32(pat_tb[NL80211_PKTPAT_OFFSET]);
8609 if (pkt_offset > coalesce->max_pkt_offset)
8610 return -EINVAL;
8611 new_rule->patterns[i].pkt_offset = pkt_offset;
8612
8613 new_rule->patterns[i].mask =
8614 kmalloc(mask_len + pat_len, GFP_KERNEL);
8615 if (!new_rule->patterns[i].mask)
8616 return -ENOMEM;
8617 new_rule->patterns[i].pattern =
8618 new_rule->patterns[i].mask + mask_len;
8619 memcpy(new_rule->patterns[i].mask,
8620 nla_data(pat_tb[NL80211_PKTPAT_MASK]), mask_len);
8621 new_rule->patterns[i].pattern_len = pat_len;
8622 memcpy(new_rule->patterns[i].pattern,
8623 nla_data(pat_tb[NL80211_PKTPAT_PATTERN]), pat_len);
8624 i++;
8625 }
8626
8627 return 0;
8628 }
8629
8630 static int nl80211_set_coalesce(struct sk_buff *skb, struct genl_info *info)
8631 {
8632 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8633 const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce;
8634 struct cfg80211_coalesce new_coalesce = {};
8635 struct cfg80211_coalesce *n_coalesce;
8636 int err, rem_rule, n_rules = 0, i, j;
8637 struct nlattr *rule;
8638 struct cfg80211_coalesce_rules *tmp_rule;
8639
8640 if (!rdev->wiphy.coalesce || !rdev->ops->set_coalesce)
8641 return -EOPNOTSUPP;
8642
8643 if (!info->attrs[NL80211_ATTR_COALESCE_RULE]) {
8644 cfg80211_rdev_free_coalesce(rdev);
8645 rdev->ops->set_coalesce(&rdev->wiphy, NULL);
8646 return 0;
8647 }
8648
8649 nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE],
8650 rem_rule)
8651 n_rules++;
8652 if (n_rules > coalesce->n_rules)
8653 return -EINVAL;
8654
8655 new_coalesce.rules = kcalloc(n_rules, sizeof(new_coalesce.rules[0]),
8656 GFP_KERNEL);
8657 if (!new_coalesce.rules)
8658 return -ENOMEM;
8659
8660 new_coalesce.n_rules = n_rules;
8661 i = 0;
8662
8663 nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE],
8664 rem_rule) {
8665 err = nl80211_parse_coalesce_rule(rdev, rule,
8666 &new_coalesce.rules[i]);
8667 if (err)
8668 goto error;
8669
8670 i++;
8671 }
8672
8673 err = rdev->ops->set_coalesce(&rdev->wiphy, &new_coalesce);
8674 if (err)
8675 goto error;
8676
8677 n_coalesce = kmemdup(&new_coalesce, sizeof(new_coalesce), GFP_KERNEL);
8678 if (!n_coalesce) {
8679 err = -ENOMEM;
8680 goto error;
8681 }
8682 cfg80211_rdev_free_coalesce(rdev);
8683 rdev->coalesce = n_coalesce;
8684
8685 return 0;
8686 error:
8687 for (i = 0; i < new_coalesce.n_rules; i++) {
8688 tmp_rule = &new_coalesce.rules[i];
8689 for (j = 0; j < tmp_rule->n_patterns; j++)
8690 kfree(tmp_rule->patterns[j].mask);
8691 kfree(tmp_rule->patterns);
8692 }
8693 kfree(new_coalesce.rules);
8694
8695 return err;
8696 }
8697
8698 static int nl80211_set_rekey_data(struct sk_buff *skb, struct genl_info *info)
8699 {
8700 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8701 struct net_device *dev = info->user_ptr[1];
8702 struct wireless_dev *wdev = dev->ieee80211_ptr;
8703 struct nlattr *tb[NUM_NL80211_REKEY_DATA];
8704 struct cfg80211_gtk_rekey_data rekey_data;
8705 int err;
8706
8707 if (!info->attrs[NL80211_ATTR_REKEY_DATA])
8708 return -EINVAL;
8709
8710 err = nla_parse(tb, MAX_NL80211_REKEY_DATA,
8711 nla_data(info->attrs[NL80211_ATTR_REKEY_DATA]),
8712 nla_len(info->attrs[NL80211_ATTR_REKEY_DATA]),
8713 nl80211_rekey_policy);
8714 if (err)
8715 return err;
8716
8717 if (nla_len(tb[NL80211_REKEY_DATA_REPLAY_CTR]) != NL80211_REPLAY_CTR_LEN)
8718 return -ERANGE;
8719 if (nla_len(tb[NL80211_REKEY_DATA_KEK]) != NL80211_KEK_LEN)
8720 return -ERANGE;
8721 if (nla_len(tb[NL80211_REKEY_DATA_KCK]) != NL80211_KCK_LEN)
8722 return -ERANGE;
8723
8724 memcpy(rekey_data.kek, nla_data(tb[NL80211_REKEY_DATA_KEK]),
8725 NL80211_KEK_LEN);
8726 memcpy(rekey_data.kck, nla_data(tb[NL80211_REKEY_DATA_KCK]),
8727 NL80211_KCK_LEN);
8728 memcpy(rekey_data.replay_ctr,
8729 nla_data(tb[NL80211_REKEY_DATA_REPLAY_CTR]),
8730 NL80211_REPLAY_CTR_LEN);
8731
8732 wdev_lock(wdev);
8733 if (!wdev->current_bss) {
8734 err = -ENOTCONN;
8735 goto out;
8736 }
8737
8738 if (!rdev->ops->set_rekey_data) {
8739 err = -EOPNOTSUPP;
8740 goto out;
8741 }
8742
8743 err = rdev_set_rekey_data(rdev, dev, &rekey_data);
8744 out:
8745 wdev_unlock(wdev);
8746 return err;
8747 }
8748
8749 static int nl80211_register_unexpected_frame(struct sk_buff *skb,
8750 struct genl_info *info)
8751 {
8752 struct net_device *dev = info->user_ptr[1];
8753 struct wireless_dev *wdev = dev->ieee80211_ptr;
8754
8755 if (wdev->iftype != NL80211_IFTYPE_AP &&
8756 wdev->iftype != NL80211_IFTYPE_P2P_GO)
8757 return -EINVAL;
8758
8759 if (wdev->ap_unexpected_nlportid)
8760 return -EBUSY;
8761
8762 wdev->ap_unexpected_nlportid = info->snd_portid;
8763 return 0;
8764 }
8765
8766 static int nl80211_probe_client(struct sk_buff *skb,
8767 struct genl_info *info)
8768 {
8769 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8770 struct net_device *dev = info->user_ptr[1];
8771 struct wireless_dev *wdev = dev->ieee80211_ptr;
8772 struct sk_buff *msg;
8773 void *hdr;
8774 const u8 *addr;
8775 u64 cookie;
8776 int err;
8777
8778 if (wdev->iftype != NL80211_IFTYPE_AP &&
8779 wdev->iftype != NL80211_IFTYPE_P2P_GO)
8780 return -EOPNOTSUPP;
8781
8782 if (!info->attrs[NL80211_ATTR_MAC])
8783 return -EINVAL;
8784
8785 if (!rdev->ops->probe_client)
8786 return -EOPNOTSUPP;
8787
8788 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
8789 if (!msg)
8790 return -ENOMEM;
8791
8792 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
8793 NL80211_CMD_PROBE_CLIENT);
8794 if (!hdr) {
8795 err = -ENOBUFS;
8796 goto free_msg;
8797 }
8798
8799 addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
8800
8801 err = rdev_probe_client(rdev, dev, addr, &cookie);
8802 if (err)
8803 goto free_msg;
8804
8805 if (nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie))
8806 goto nla_put_failure;
8807
8808 genlmsg_end(msg, hdr);
8809
8810 return genlmsg_reply(msg, info);
8811
8812 nla_put_failure:
8813 err = -ENOBUFS;
8814 free_msg:
8815 nlmsg_free(msg);
8816 return err;
8817 }
8818
8819 static int nl80211_register_beacons(struct sk_buff *skb, struct genl_info *info)
8820 {
8821 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8822 struct cfg80211_beacon_registration *reg, *nreg;
8823 int rv;
8824
8825 if (!(rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS))
8826 return -EOPNOTSUPP;
8827
8828 nreg = kzalloc(sizeof(*nreg), GFP_KERNEL);
8829 if (!nreg)
8830 return -ENOMEM;
8831
8832 /* First, check if already registered. */
8833 spin_lock_bh(&rdev->beacon_registrations_lock);
8834 list_for_each_entry(reg, &rdev->beacon_registrations, list) {
8835 if (reg->nlportid == info->snd_portid) {
8836 rv = -EALREADY;
8837 goto out_err;
8838 }
8839 }
8840 /* Add it to the list */
8841 nreg->nlportid = info->snd_portid;
8842 list_add(&nreg->list, &rdev->beacon_registrations);
8843
8844 spin_unlock_bh(&rdev->beacon_registrations_lock);
8845
8846 return 0;
8847 out_err:
8848 spin_unlock_bh(&rdev->beacon_registrations_lock);
8849 kfree(nreg);
8850 return rv;
8851 }
8852
8853 static int nl80211_start_p2p_device(struct sk_buff *skb, struct genl_info *info)
8854 {
8855 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8856 struct wireless_dev *wdev = info->user_ptr[1];
8857 int err;
8858
8859 if (!rdev->ops->start_p2p_device)
8860 return -EOPNOTSUPP;
8861
8862 if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
8863 return -EOPNOTSUPP;
8864
8865 if (wdev->p2p_started)
8866 return 0;
8867
8868 err = cfg80211_can_add_interface(rdev, wdev->iftype);
8869 if (err)
8870 return err;
8871
8872 err = rdev_start_p2p_device(rdev, wdev);
8873 if (err)
8874 return err;
8875
8876 wdev->p2p_started = true;
8877 rdev->opencount++;
8878
8879 return 0;
8880 }
8881
8882 static int nl80211_stop_p2p_device(struct sk_buff *skb, struct genl_info *info)
8883 {
8884 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8885 struct wireless_dev *wdev = info->user_ptr[1];
8886
8887 if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
8888 return -EOPNOTSUPP;
8889
8890 if (!rdev->ops->stop_p2p_device)
8891 return -EOPNOTSUPP;
8892
8893 cfg80211_stop_p2p_device(rdev, wdev);
8894
8895 return 0;
8896 }
8897
8898 static int nl80211_get_protocol_features(struct sk_buff *skb,
8899 struct genl_info *info)
8900 {
8901 void *hdr;
8902 struct sk_buff *msg;
8903
8904 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
8905 if (!msg)
8906 return -ENOMEM;
8907
8908 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
8909 NL80211_CMD_GET_PROTOCOL_FEATURES);
8910 if (!hdr)
8911 goto nla_put_failure;
8912
8913 if (nla_put_u32(msg, NL80211_ATTR_PROTOCOL_FEATURES,
8914 NL80211_PROTOCOL_FEATURE_SPLIT_WIPHY_DUMP))
8915 goto nla_put_failure;
8916
8917 genlmsg_end(msg, hdr);
8918 return genlmsg_reply(msg, info);
8919
8920 nla_put_failure:
8921 kfree_skb(msg);
8922 return -ENOBUFS;
8923 }
8924
8925 static int nl80211_update_ft_ies(struct sk_buff *skb, struct genl_info *info)
8926 {
8927 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8928 struct cfg80211_update_ft_ies_params ft_params;
8929 struct net_device *dev = info->user_ptr[1];
8930
8931 if (!rdev->ops->update_ft_ies)
8932 return -EOPNOTSUPP;
8933
8934 if (!info->attrs[NL80211_ATTR_MDID] ||
8935 !is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
8936 return -EINVAL;
8937
8938 memset(&ft_params, 0, sizeof(ft_params));
8939 ft_params.md = nla_get_u16(info->attrs[NL80211_ATTR_MDID]);
8940 ft_params.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
8941 ft_params.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
8942
8943 return rdev_update_ft_ies(rdev, dev, &ft_params);
8944 }
8945
8946 static int nl80211_crit_protocol_start(struct sk_buff *skb,
8947 struct genl_info *info)
8948 {
8949 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8950 struct wireless_dev *wdev = info->user_ptr[1];
8951 enum nl80211_crit_proto_id proto = NL80211_CRIT_PROTO_UNSPEC;
8952 u16 duration;
8953 int ret;
8954
8955 if (!rdev->ops->crit_proto_start)
8956 return -EOPNOTSUPP;
8957
8958 if (WARN_ON(!rdev->ops->crit_proto_stop))
8959 return -EINVAL;
8960
8961 if (rdev->crit_proto_nlportid)
8962 return -EBUSY;
8963
8964 /* determine protocol if provided */
8965 if (info->attrs[NL80211_ATTR_CRIT_PROT_ID])
8966 proto = nla_get_u16(info->attrs[NL80211_ATTR_CRIT_PROT_ID]);
8967
8968 if (proto >= NUM_NL80211_CRIT_PROTO)
8969 return -EINVAL;
8970
8971 /* timeout must be provided */
8972 if (!info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION])
8973 return -EINVAL;
8974
8975 duration =
8976 nla_get_u16(info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION]);
8977
8978 if (duration > NL80211_CRIT_PROTO_MAX_DURATION)
8979 return -ERANGE;
8980
8981 ret = rdev_crit_proto_start(rdev, wdev, proto, duration);
8982 if (!ret)
8983 rdev->crit_proto_nlportid = info->snd_portid;
8984
8985 return ret;
8986 }
8987
8988 static int nl80211_crit_protocol_stop(struct sk_buff *skb,
8989 struct genl_info *info)
8990 {
8991 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8992 struct wireless_dev *wdev = info->user_ptr[1];
8993
8994 if (!rdev->ops->crit_proto_stop)
8995 return -EOPNOTSUPP;
8996
8997 if (rdev->crit_proto_nlportid) {
8998 rdev->crit_proto_nlportid = 0;
8999 rdev_crit_proto_stop(rdev, wdev);
9000 }
9001 return 0;
9002 }
9003
9004 static int nl80211_vendor_cmd(struct sk_buff *skb, struct genl_info *info)
9005 {
9006 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9007 struct wireless_dev *wdev =
9008 __cfg80211_wdev_from_attrs(genl_info_net(info), info->attrs);
9009 int i, err;
9010 u32 vid, subcmd;
9011
9012 if (!rdev->wiphy.vendor_commands)
9013 return -EOPNOTSUPP;
9014
9015 if (IS_ERR(wdev)) {
9016 err = PTR_ERR(wdev);
9017 if (err != -EINVAL)
9018 return err;
9019 wdev = NULL;
9020 } else if (wdev->wiphy != &rdev->wiphy) {
9021 return -EINVAL;
9022 }
9023
9024 if (!info->attrs[NL80211_ATTR_VENDOR_ID] ||
9025 !info->attrs[NL80211_ATTR_VENDOR_SUBCMD])
9026 return -EINVAL;
9027
9028 vid = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_ID]);
9029 subcmd = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_SUBCMD]);
9030 for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) {
9031 const struct wiphy_vendor_command *vcmd;
9032 void *data = NULL;
9033 int len = 0;
9034
9035 vcmd = &rdev->wiphy.vendor_commands[i];
9036
9037 if (vcmd->info.vendor_id != vid || vcmd->info.subcmd != subcmd)
9038 continue;
9039
9040 if (vcmd->flags & (WIPHY_VENDOR_CMD_NEED_WDEV |
9041 WIPHY_VENDOR_CMD_NEED_NETDEV)) {
9042 if (!wdev)
9043 return -EINVAL;
9044 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_NETDEV &&
9045 !wdev->netdev)
9046 return -EINVAL;
9047
9048 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_RUNNING) {
9049 if (wdev->netdev &&
9050 !netif_running(wdev->netdev))
9051 return -ENETDOWN;
9052 if (!wdev->netdev && !wdev->p2p_started)
9053 return -ENETDOWN;
9054 }
9055 } else {
9056 wdev = NULL;
9057 }
9058
9059 if (info->attrs[NL80211_ATTR_VENDOR_DATA]) {
9060 data = nla_data(info->attrs[NL80211_ATTR_VENDOR_DATA]);
9061 len = nla_len(info->attrs[NL80211_ATTR_VENDOR_DATA]);
9062 }
9063
9064 rdev->cur_cmd_info = info;
9065 err = rdev->wiphy.vendor_commands[i].doit(&rdev->wiphy, wdev,
9066 data, len);
9067 rdev->cur_cmd_info = NULL;
9068 return err;
9069 }
9070
9071 return -EOPNOTSUPP;
9072 }
9073
9074 struct sk_buff *__cfg80211_alloc_reply_skb(struct wiphy *wiphy,
9075 enum nl80211_commands cmd,
9076 enum nl80211_attrs attr,
9077 int approxlen)
9078 {
9079 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
9080
9081 if (WARN_ON(!rdev->cur_cmd_info))
9082 return NULL;
9083
9084 return __cfg80211_alloc_vendor_skb(rdev, approxlen,
9085 rdev->cur_cmd_info->snd_portid,
9086 rdev->cur_cmd_info->snd_seq,
9087 cmd, attr, NULL, GFP_KERNEL);
9088 }
9089 EXPORT_SYMBOL(__cfg80211_alloc_reply_skb);
9090
9091 int cfg80211_vendor_cmd_reply(struct sk_buff *skb)
9092 {
9093 struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
9094 void *hdr = ((void **)skb->cb)[1];
9095 struct nlattr *data = ((void **)skb->cb)[2];
9096
9097 if (WARN_ON(!rdev->cur_cmd_info)) {
9098 kfree_skb(skb);
9099 return -EINVAL;
9100 }
9101
9102 nla_nest_end(skb, data);
9103 genlmsg_end(skb, hdr);
9104 return genlmsg_reply(skb, rdev->cur_cmd_info);
9105 }
9106 EXPORT_SYMBOL_GPL(cfg80211_vendor_cmd_reply);
9107
9108
9109 static int nl80211_set_qos_map(struct sk_buff *skb,
9110 struct genl_info *info)
9111 {
9112 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9113 struct cfg80211_qos_map *qos_map = NULL;
9114 struct net_device *dev = info->user_ptr[1];
9115 u8 *pos, len, num_des, des_len, des;
9116 int ret;
9117
9118 if (!rdev->ops->set_qos_map)
9119 return -EOPNOTSUPP;
9120
9121 if (info->attrs[NL80211_ATTR_QOS_MAP]) {
9122 pos = nla_data(info->attrs[NL80211_ATTR_QOS_MAP]);
9123 len = nla_len(info->attrs[NL80211_ATTR_QOS_MAP]);
9124
9125 if (len % 2 || len < IEEE80211_QOS_MAP_LEN_MIN ||
9126 len > IEEE80211_QOS_MAP_LEN_MAX)
9127 return -EINVAL;
9128
9129 qos_map = kzalloc(sizeof(struct cfg80211_qos_map), GFP_KERNEL);
9130 if (!qos_map)
9131 return -ENOMEM;
9132
9133 num_des = (len - IEEE80211_QOS_MAP_LEN_MIN) >> 1;
9134 if (num_des) {
9135 des_len = num_des *
9136 sizeof(struct cfg80211_dscp_exception);
9137 memcpy(qos_map->dscp_exception, pos, des_len);
9138 qos_map->num_des = num_des;
9139 for (des = 0; des < num_des; des++) {
9140 if (qos_map->dscp_exception[des].up > 7) {
9141 kfree(qos_map);
9142 return -EINVAL;
9143 }
9144 }
9145 pos += des_len;
9146 }
9147 memcpy(qos_map->up, pos, IEEE80211_QOS_MAP_LEN_MIN);
9148 }
9149
9150 wdev_lock(dev->ieee80211_ptr);
9151 ret = nl80211_key_allowed(dev->ieee80211_ptr);
9152 if (!ret)
9153 ret = rdev_set_qos_map(rdev, dev, qos_map);
9154 wdev_unlock(dev->ieee80211_ptr);
9155
9156 kfree(qos_map);
9157 return ret;
9158 }
9159
9160 #define NL80211_FLAG_NEED_WIPHY 0x01
9161 #define NL80211_FLAG_NEED_NETDEV 0x02
9162 #define NL80211_FLAG_NEED_RTNL 0x04
9163 #define NL80211_FLAG_CHECK_NETDEV_UP 0x08
9164 #define NL80211_FLAG_NEED_NETDEV_UP (NL80211_FLAG_NEED_NETDEV |\
9165 NL80211_FLAG_CHECK_NETDEV_UP)
9166 #define NL80211_FLAG_NEED_WDEV 0x10
9167 /* If a netdev is associated, it must be UP, P2P must be started */
9168 #define NL80211_FLAG_NEED_WDEV_UP (NL80211_FLAG_NEED_WDEV |\
9169 NL80211_FLAG_CHECK_NETDEV_UP)
9170
9171 static int nl80211_pre_doit(const struct genl_ops *ops, struct sk_buff *skb,
9172 struct genl_info *info)
9173 {
9174 struct cfg80211_registered_device *rdev;
9175 struct wireless_dev *wdev;
9176 struct net_device *dev;
9177 bool rtnl = ops->internal_flags & NL80211_FLAG_NEED_RTNL;
9178
9179 if (rtnl)
9180 rtnl_lock();
9181
9182 if (ops->internal_flags & NL80211_FLAG_NEED_WIPHY) {
9183 rdev = cfg80211_get_dev_from_info(genl_info_net(info), info);
9184 if (IS_ERR(rdev)) {
9185 if (rtnl)
9186 rtnl_unlock();
9187 return PTR_ERR(rdev);
9188 }
9189 info->user_ptr[0] = rdev;
9190 } else if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV ||
9191 ops->internal_flags & NL80211_FLAG_NEED_WDEV) {
9192 ASSERT_RTNL();
9193
9194 wdev = __cfg80211_wdev_from_attrs(genl_info_net(info),
9195 info->attrs);
9196 if (IS_ERR(wdev)) {
9197 if (rtnl)
9198 rtnl_unlock();
9199 return PTR_ERR(wdev);
9200 }
9201
9202 dev = wdev->netdev;
9203 rdev = wiphy_to_dev(wdev->wiphy);
9204
9205 if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV) {
9206 if (!dev) {
9207 if (rtnl)
9208 rtnl_unlock();
9209 return -EINVAL;
9210 }
9211
9212 info->user_ptr[1] = dev;
9213 } else {
9214 info->user_ptr[1] = wdev;
9215 }
9216
9217 if (dev) {
9218 if (ops->internal_flags & NL80211_FLAG_CHECK_NETDEV_UP &&
9219 !netif_running(dev)) {
9220 if (rtnl)
9221 rtnl_unlock();
9222 return -ENETDOWN;
9223 }
9224
9225 dev_hold(dev);
9226 } else if (ops->internal_flags & NL80211_FLAG_CHECK_NETDEV_UP) {
9227 if (!wdev->p2p_started) {
9228 if (rtnl)
9229 rtnl_unlock();
9230 return -ENETDOWN;
9231 }
9232 }
9233
9234 info->user_ptr[0] = rdev;
9235 }
9236
9237 return 0;
9238 }
9239
9240 static void nl80211_post_doit(const struct genl_ops *ops, struct sk_buff *skb,
9241 struct genl_info *info)
9242 {
9243 if (info->user_ptr[1]) {
9244 if (ops->internal_flags & NL80211_FLAG_NEED_WDEV) {
9245 struct wireless_dev *wdev = info->user_ptr[1];
9246
9247 if (wdev->netdev)
9248 dev_put(wdev->netdev);
9249 } else {
9250 dev_put(info->user_ptr[1]);
9251 }
9252 }
9253 if (ops->internal_flags & NL80211_FLAG_NEED_RTNL)
9254 rtnl_unlock();
9255 }
9256
9257 static const struct genl_ops nl80211_ops[] = {
9258 {
9259 .cmd = NL80211_CMD_GET_WIPHY,
9260 .doit = nl80211_get_wiphy,
9261 .dumpit = nl80211_dump_wiphy,
9262 .done = nl80211_dump_wiphy_done,
9263 .policy = nl80211_policy,
9264 /* can be retrieved by unprivileged users */
9265 .internal_flags = NL80211_FLAG_NEED_WIPHY |
9266 NL80211_FLAG_NEED_RTNL,
9267 },
9268 {
9269 .cmd = NL80211_CMD_SET_WIPHY,
9270 .doit = nl80211_set_wiphy,
9271 .policy = nl80211_policy,
9272 .flags = GENL_ADMIN_PERM,
9273 .internal_flags = NL80211_FLAG_NEED_RTNL,
9274 },
9275 {
9276 .cmd = NL80211_CMD_GET_INTERFACE,
9277 .doit = nl80211_get_interface,
9278 .dumpit = nl80211_dump_interface,
9279 .policy = nl80211_policy,
9280 /* can be retrieved by unprivileged users */
9281 .internal_flags = NL80211_FLAG_NEED_WDEV |
9282 NL80211_FLAG_NEED_RTNL,
9283 },
9284 {
9285 .cmd = NL80211_CMD_SET_INTERFACE,
9286 .doit = nl80211_set_interface,
9287 .policy = nl80211_policy,
9288 .flags = GENL_ADMIN_PERM,
9289 .internal_flags = NL80211_FLAG_NEED_NETDEV |
9290 NL80211_FLAG_NEED_RTNL,
9291 },
9292 {
9293 .cmd = NL80211_CMD_NEW_INTERFACE,
9294 .doit = nl80211_new_interface,
9295 .policy = nl80211_policy,
9296 .flags = GENL_ADMIN_PERM,
9297 .internal_flags = NL80211_FLAG_NEED_WIPHY |
9298 NL80211_FLAG_NEED_RTNL,
9299 },
9300 {
9301 .cmd = NL80211_CMD_DEL_INTERFACE,
9302 .doit = nl80211_del_interface,
9303 .policy = nl80211_policy,
9304 .flags = GENL_ADMIN_PERM,
9305 .internal_flags = NL80211_FLAG_NEED_WDEV |
9306 NL80211_FLAG_NEED_RTNL,
9307 },
9308 {
9309 .cmd = NL80211_CMD_GET_KEY,
9310 .doit = nl80211_get_key,
9311 .policy = nl80211_policy,
9312 .flags = GENL_ADMIN_PERM,
9313 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9314 NL80211_FLAG_NEED_RTNL,
9315 },
9316 {
9317 .cmd = NL80211_CMD_SET_KEY,
9318 .doit = nl80211_set_key,
9319 .policy = nl80211_policy,
9320 .flags = GENL_ADMIN_PERM,
9321 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9322 NL80211_FLAG_NEED_RTNL,
9323 },
9324 {
9325 .cmd = NL80211_CMD_NEW_KEY,
9326 .doit = nl80211_new_key,
9327 .policy = nl80211_policy,
9328 .flags = GENL_ADMIN_PERM,
9329 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9330 NL80211_FLAG_NEED_RTNL,
9331 },
9332 {
9333 .cmd = NL80211_CMD_DEL_KEY,
9334 .doit = nl80211_del_key,
9335 .policy = nl80211_policy,
9336 .flags = GENL_ADMIN_PERM,
9337 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9338 NL80211_FLAG_NEED_RTNL,
9339 },
9340 {
9341 .cmd = NL80211_CMD_SET_BEACON,
9342 .policy = nl80211_policy,
9343 .flags = GENL_ADMIN_PERM,
9344 .doit = nl80211_set_beacon,
9345 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9346 NL80211_FLAG_NEED_RTNL,
9347 },
9348 {
9349 .cmd = NL80211_CMD_START_AP,
9350 .policy = nl80211_policy,
9351 .flags = GENL_ADMIN_PERM,
9352 .doit = nl80211_start_ap,
9353 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9354 NL80211_FLAG_NEED_RTNL,
9355 },
9356 {
9357 .cmd = NL80211_CMD_STOP_AP,
9358 .policy = nl80211_policy,
9359 .flags = GENL_ADMIN_PERM,
9360 .doit = nl80211_stop_ap,
9361 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9362 NL80211_FLAG_NEED_RTNL,
9363 },
9364 {
9365 .cmd = NL80211_CMD_GET_STATION,
9366 .doit = nl80211_get_station,
9367 .dumpit = nl80211_dump_station,
9368 .policy = nl80211_policy,
9369 .internal_flags = NL80211_FLAG_NEED_NETDEV |
9370 NL80211_FLAG_NEED_RTNL,
9371 },
9372 {
9373 .cmd = NL80211_CMD_SET_STATION,
9374 .doit = nl80211_set_station,
9375 .policy = nl80211_policy,
9376 .flags = GENL_ADMIN_PERM,
9377 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9378 NL80211_FLAG_NEED_RTNL,
9379 },
9380 {
9381 .cmd = NL80211_CMD_NEW_STATION,
9382 .doit = nl80211_new_station,
9383 .policy = nl80211_policy,
9384 .flags = GENL_ADMIN_PERM,
9385 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9386 NL80211_FLAG_NEED_RTNL,
9387 },
9388 {
9389 .cmd = NL80211_CMD_DEL_STATION,
9390 .doit = nl80211_del_station,
9391 .policy = nl80211_policy,
9392 .flags = GENL_ADMIN_PERM,
9393 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9394 NL80211_FLAG_NEED_RTNL,
9395 },
9396 {
9397 .cmd = NL80211_CMD_GET_MPATH,
9398 .doit = nl80211_get_mpath,
9399 .dumpit = nl80211_dump_mpath,
9400 .policy = nl80211_policy,
9401 .flags = GENL_ADMIN_PERM,
9402 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9403 NL80211_FLAG_NEED_RTNL,
9404 },
9405 {
9406 .cmd = NL80211_CMD_SET_MPATH,
9407 .doit = nl80211_set_mpath,
9408 .policy = nl80211_policy,
9409 .flags = GENL_ADMIN_PERM,
9410 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9411 NL80211_FLAG_NEED_RTNL,
9412 },
9413 {
9414 .cmd = NL80211_CMD_NEW_MPATH,
9415 .doit = nl80211_new_mpath,
9416 .policy = nl80211_policy,
9417 .flags = GENL_ADMIN_PERM,
9418 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9419 NL80211_FLAG_NEED_RTNL,
9420 },
9421 {
9422 .cmd = NL80211_CMD_DEL_MPATH,
9423 .doit = nl80211_del_mpath,
9424 .policy = nl80211_policy,
9425 .flags = GENL_ADMIN_PERM,
9426 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9427 NL80211_FLAG_NEED_RTNL,
9428 },
9429 {
9430 .cmd = NL80211_CMD_SET_BSS,
9431 .doit = nl80211_set_bss,
9432 .policy = nl80211_policy,
9433 .flags = GENL_ADMIN_PERM,
9434 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9435 NL80211_FLAG_NEED_RTNL,
9436 },
9437 {
9438 .cmd = NL80211_CMD_GET_REG,
9439 .doit = nl80211_get_reg,
9440 .policy = nl80211_policy,
9441 .internal_flags = NL80211_FLAG_NEED_RTNL,
9442 /* can be retrieved by unprivileged users */
9443 },
9444 {
9445 .cmd = NL80211_CMD_SET_REG,
9446 .doit = nl80211_set_reg,
9447 .policy = nl80211_policy,
9448 .flags = GENL_ADMIN_PERM,
9449 .internal_flags = NL80211_FLAG_NEED_RTNL,
9450 },
9451 {
9452 .cmd = NL80211_CMD_REQ_SET_REG,
9453 .doit = nl80211_req_set_reg,
9454 .policy = nl80211_policy,
9455 .flags = GENL_ADMIN_PERM,
9456 },
9457 {
9458 .cmd = NL80211_CMD_GET_MESH_CONFIG,
9459 .doit = nl80211_get_mesh_config,
9460 .policy = nl80211_policy,
9461 /* can be retrieved by unprivileged users */
9462 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9463 NL80211_FLAG_NEED_RTNL,
9464 },
9465 {
9466 .cmd = NL80211_CMD_SET_MESH_CONFIG,
9467 .doit = nl80211_update_mesh_config,
9468 .policy = nl80211_policy,
9469 .flags = GENL_ADMIN_PERM,
9470 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9471 NL80211_FLAG_NEED_RTNL,
9472 },
9473 {
9474 .cmd = NL80211_CMD_TRIGGER_SCAN,
9475 .doit = nl80211_trigger_scan,
9476 .policy = nl80211_policy,
9477 .flags = GENL_ADMIN_PERM,
9478 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
9479 NL80211_FLAG_NEED_RTNL,
9480 },
9481 {
9482 .cmd = NL80211_CMD_GET_SCAN,
9483 .policy = nl80211_policy,
9484 .dumpit = nl80211_dump_scan,
9485 },
9486 {
9487 .cmd = NL80211_CMD_START_SCHED_SCAN,
9488 .doit = nl80211_start_sched_scan,
9489 .policy = nl80211_policy,
9490 .flags = GENL_ADMIN_PERM,
9491 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9492 NL80211_FLAG_NEED_RTNL,
9493 },
9494 {
9495 .cmd = NL80211_CMD_STOP_SCHED_SCAN,
9496 .doit = nl80211_stop_sched_scan,
9497 .policy = nl80211_policy,
9498 .flags = GENL_ADMIN_PERM,
9499 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9500 NL80211_FLAG_NEED_RTNL,
9501 },
9502 {
9503 .cmd = NL80211_CMD_AUTHENTICATE,
9504 .doit = nl80211_authenticate,
9505 .policy = nl80211_policy,
9506 .flags = GENL_ADMIN_PERM,
9507 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9508 NL80211_FLAG_NEED_RTNL,
9509 },
9510 {
9511 .cmd = NL80211_CMD_ASSOCIATE,
9512 .doit = nl80211_associate,
9513 .policy = nl80211_policy,
9514 .flags = GENL_ADMIN_PERM,
9515 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9516 NL80211_FLAG_NEED_RTNL,
9517 },
9518 {
9519 .cmd = NL80211_CMD_DEAUTHENTICATE,
9520 .doit = nl80211_deauthenticate,
9521 .policy = nl80211_policy,
9522 .flags = GENL_ADMIN_PERM,
9523 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9524 NL80211_FLAG_NEED_RTNL,
9525 },
9526 {
9527 .cmd = NL80211_CMD_DISASSOCIATE,
9528 .doit = nl80211_disassociate,
9529 .policy = nl80211_policy,
9530 .flags = GENL_ADMIN_PERM,
9531 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9532 NL80211_FLAG_NEED_RTNL,
9533 },
9534 {
9535 .cmd = NL80211_CMD_JOIN_IBSS,
9536 .doit = nl80211_join_ibss,
9537 .policy = nl80211_policy,
9538 .flags = GENL_ADMIN_PERM,
9539 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9540 NL80211_FLAG_NEED_RTNL,
9541 },
9542 {
9543 .cmd = NL80211_CMD_LEAVE_IBSS,
9544 .doit = nl80211_leave_ibss,
9545 .policy = nl80211_policy,
9546 .flags = GENL_ADMIN_PERM,
9547 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9548 NL80211_FLAG_NEED_RTNL,
9549 },
9550 #ifdef CONFIG_NL80211_TESTMODE
9551 {
9552 .cmd = NL80211_CMD_TESTMODE,
9553 .doit = nl80211_testmode_do,
9554 .dumpit = nl80211_testmode_dump,
9555 .policy = nl80211_policy,
9556 .flags = GENL_ADMIN_PERM,
9557 .internal_flags = NL80211_FLAG_NEED_WIPHY |
9558 NL80211_FLAG_NEED_RTNL,
9559 },
9560 #endif
9561 {
9562 .cmd = NL80211_CMD_CONNECT,
9563 .doit = nl80211_connect,
9564 .policy = nl80211_policy,
9565 .flags = GENL_ADMIN_PERM,
9566 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9567 NL80211_FLAG_NEED_RTNL,
9568 },
9569 {
9570 .cmd = NL80211_CMD_DISCONNECT,
9571 .doit = nl80211_disconnect,
9572 .policy = nl80211_policy,
9573 .flags = GENL_ADMIN_PERM,
9574 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9575 NL80211_FLAG_NEED_RTNL,
9576 },
9577 {
9578 .cmd = NL80211_CMD_SET_WIPHY_NETNS,
9579 .doit = nl80211_wiphy_netns,
9580 .policy = nl80211_policy,
9581 .flags = GENL_ADMIN_PERM,
9582 .internal_flags = NL80211_FLAG_NEED_WIPHY |
9583 NL80211_FLAG_NEED_RTNL,
9584 },
9585 {
9586 .cmd = NL80211_CMD_GET_SURVEY,
9587 .policy = nl80211_policy,
9588 .dumpit = nl80211_dump_survey,
9589 },
9590 {
9591 .cmd = NL80211_CMD_SET_PMKSA,
9592 .doit = nl80211_setdel_pmksa,
9593 .policy = nl80211_policy,
9594 .flags = GENL_ADMIN_PERM,
9595 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9596 NL80211_FLAG_NEED_RTNL,
9597 },
9598 {
9599 .cmd = NL80211_CMD_DEL_PMKSA,
9600 .doit = nl80211_setdel_pmksa,
9601 .policy = nl80211_policy,
9602 .flags = GENL_ADMIN_PERM,
9603 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9604 NL80211_FLAG_NEED_RTNL,
9605 },
9606 {
9607 .cmd = NL80211_CMD_FLUSH_PMKSA,
9608 .doit = nl80211_flush_pmksa,
9609 .policy = nl80211_policy,
9610 .flags = GENL_ADMIN_PERM,
9611 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9612 NL80211_FLAG_NEED_RTNL,
9613 },
9614 {
9615 .cmd = NL80211_CMD_REMAIN_ON_CHANNEL,
9616 .doit = nl80211_remain_on_channel,
9617 .policy = nl80211_policy,
9618 .flags = GENL_ADMIN_PERM,
9619 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
9620 NL80211_FLAG_NEED_RTNL,
9621 },
9622 {
9623 .cmd = NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
9624 .doit = nl80211_cancel_remain_on_channel,
9625 .policy = nl80211_policy,
9626 .flags = GENL_ADMIN_PERM,
9627 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
9628 NL80211_FLAG_NEED_RTNL,
9629 },
9630 {
9631 .cmd = NL80211_CMD_SET_TX_BITRATE_MASK,
9632 .doit = nl80211_set_tx_bitrate_mask,
9633 .policy = nl80211_policy,
9634 .flags = GENL_ADMIN_PERM,
9635 .internal_flags = NL80211_FLAG_NEED_NETDEV |
9636 NL80211_FLAG_NEED_RTNL,
9637 },
9638 {
9639 .cmd = NL80211_CMD_REGISTER_FRAME,
9640 .doit = nl80211_register_mgmt,
9641 .policy = nl80211_policy,
9642 .flags = GENL_ADMIN_PERM,
9643 .internal_flags = NL80211_FLAG_NEED_WDEV |
9644 NL80211_FLAG_NEED_RTNL,
9645 },
9646 {
9647 .cmd = NL80211_CMD_FRAME,
9648 .doit = nl80211_tx_mgmt,
9649 .policy = nl80211_policy,
9650 .flags = GENL_ADMIN_PERM,
9651 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
9652 NL80211_FLAG_NEED_RTNL,
9653 },
9654 {
9655 .cmd = NL80211_CMD_FRAME_WAIT_CANCEL,
9656 .doit = nl80211_tx_mgmt_cancel_wait,
9657 .policy = nl80211_policy,
9658 .flags = GENL_ADMIN_PERM,
9659 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
9660 NL80211_FLAG_NEED_RTNL,
9661 },
9662 {
9663 .cmd = NL80211_CMD_SET_POWER_SAVE,
9664 .doit = nl80211_set_power_save,
9665 .policy = nl80211_policy,
9666 .flags = GENL_ADMIN_PERM,
9667 .internal_flags = NL80211_FLAG_NEED_NETDEV |
9668 NL80211_FLAG_NEED_RTNL,
9669 },
9670 {
9671 .cmd = NL80211_CMD_GET_POWER_SAVE,
9672 .doit = nl80211_get_power_save,
9673 .policy = nl80211_policy,
9674 /* can be retrieved by unprivileged users */
9675 .internal_flags = NL80211_FLAG_NEED_NETDEV |
9676 NL80211_FLAG_NEED_RTNL,
9677 },
9678 {
9679 .cmd = NL80211_CMD_SET_CQM,
9680 .doit = nl80211_set_cqm,
9681 .policy = nl80211_policy,
9682 .flags = GENL_ADMIN_PERM,
9683 .internal_flags = NL80211_FLAG_NEED_NETDEV |
9684 NL80211_FLAG_NEED_RTNL,
9685 },
9686 {
9687 .cmd = NL80211_CMD_SET_CHANNEL,
9688 .doit = nl80211_set_channel,
9689 .policy = nl80211_policy,
9690 .flags = GENL_ADMIN_PERM,
9691 .internal_flags = NL80211_FLAG_NEED_NETDEV |
9692 NL80211_FLAG_NEED_RTNL,
9693 },
9694 {
9695 .cmd = NL80211_CMD_SET_WDS_PEER,
9696 .doit = nl80211_set_wds_peer,
9697 .policy = nl80211_policy,
9698 .flags = GENL_ADMIN_PERM,
9699 .internal_flags = NL80211_FLAG_NEED_NETDEV |
9700 NL80211_FLAG_NEED_RTNL,
9701 },
9702 {
9703 .cmd = NL80211_CMD_JOIN_MESH,
9704 .doit = nl80211_join_mesh,
9705 .policy = nl80211_policy,
9706 .flags = GENL_ADMIN_PERM,
9707 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9708 NL80211_FLAG_NEED_RTNL,
9709 },
9710 {
9711 .cmd = NL80211_CMD_LEAVE_MESH,
9712 .doit = nl80211_leave_mesh,
9713 .policy = nl80211_policy,
9714 .flags = GENL_ADMIN_PERM,
9715 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9716 NL80211_FLAG_NEED_RTNL,
9717 },
9718 #ifdef CONFIG_PM
9719 {
9720 .cmd = NL80211_CMD_GET_WOWLAN,
9721 .doit = nl80211_get_wowlan,
9722 .policy = nl80211_policy,
9723 /* can be retrieved by unprivileged users */
9724 .internal_flags = NL80211_FLAG_NEED_WIPHY |
9725 NL80211_FLAG_NEED_RTNL,
9726 },
9727 {
9728 .cmd = NL80211_CMD_SET_WOWLAN,
9729 .doit = nl80211_set_wowlan,
9730 .policy = nl80211_policy,
9731 .flags = GENL_ADMIN_PERM,
9732 .internal_flags = NL80211_FLAG_NEED_WIPHY |
9733 NL80211_FLAG_NEED_RTNL,
9734 },
9735 #endif
9736 {
9737 .cmd = NL80211_CMD_SET_REKEY_OFFLOAD,
9738 .doit = nl80211_set_rekey_data,
9739 .policy = nl80211_policy,
9740 .flags = GENL_ADMIN_PERM,
9741 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9742 NL80211_FLAG_NEED_RTNL,
9743 },
9744 {
9745 .cmd = NL80211_CMD_TDLS_MGMT,
9746 .doit = nl80211_tdls_mgmt,
9747 .policy = nl80211_policy,
9748 .flags = GENL_ADMIN_PERM,
9749 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9750 NL80211_FLAG_NEED_RTNL,
9751 },
9752 {
9753 .cmd = NL80211_CMD_TDLS_OPER,
9754 .doit = nl80211_tdls_oper,
9755 .policy = nl80211_policy,
9756 .flags = GENL_ADMIN_PERM,
9757 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9758 NL80211_FLAG_NEED_RTNL,
9759 },
9760 {
9761 .cmd = NL80211_CMD_UNEXPECTED_FRAME,
9762 .doit = nl80211_register_unexpected_frame,
9763 .policy = nl80211_policy,
9764 .flags = GENL_ADMIN_PERM,
9765 .internal_flags = NL80211_FLAG_NEED_NETDEV |
9766 NL80211_FLAG_NEED_RTNL,
9767 },
9768 {
9769 .cmd = NL80211_CMD_PROBE_CLIENT,
9770 .doit = nl80211_probe_client,
9771 .policy = nl80211_policy,
9772 .flags = GENL_ADMIN_PERM,
9773 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9774 NL80211_FLAG_NEED_RTNL,
9775 },
9776 {
9777 .cmd = NL80211_CMD_REGISTER_BEACONS,
9778 .doit = nl80211_register_beacons,
9779 .policy = nl80211_policy,
9780 .flags = GENL_ADMIN_PERM,
9781 .internal_flags = NL80211_FLAG_NEED_WIPHY |
9782 NL80211_FLAG_NEED_RTNL,
9783 },
9784 {
9785 .cmd = NL80211_CMD_SET_NOACK_MAP,
9786 .doit = nl80211_set_noack_map,
9787 .policy = nl80211_policy,
9788 .flags = GENL_ADMIN_PERM,
9789 .internal_flags = NL80211_FLAG_NEED_NETDEV |
9790 NL80211_FLAG_NEED_RTNL,
9791 },
9792 {
9793 .cmd = NL80211_CMD_START_P2P_DEVICE,
9794 .doit = nl80211_start_p2p_device,
9795 .policy = nl80211_policy,
9796 .flags = GENL_ADMIN_PERM,
9797 .internal_flags = NL80211_FLAG_NEED_WDEV |
9798 NL80211_FLAG_NEED_RTNL,
9799 },
9800 {
9801 .cmd = NL80211_CMD_STOP_P2P_DEVICE,
9802 .doit = nl80211_stop_p2p_device,
9803 .policy = nl80211_policy,
9804 .flags = GENL_ADMIN_PERM,
9805 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
9806 NL80211_FLAG_NEED_RTNL,
9807 },
9808 {
9809 .cmd = NL80211_CMD_SET_MCAST_RATE,
9810 .doit = nl80211_set_mcast_rate,
9811 .policy = nl80211_policy,
9812 .flags = GENL_ADMIN_PERM,
9813 .internal_flags = NL80211_FLAG_NEED_NETDEV |
9814 NL80211_FLAG_NEED_RTNL,
9815 },
9816 {
9817 .cmd = NL80211_CMD_SET_MAC_ACL,
9818 .doit = nl80211_set_mac_acl,
9819 .policy = nl80211_policy,
9820 .flags = GENL_ADMIN_PERM,
9821 .internal_flags = NL80211_FLAG_NEED_NETDEV |
9822 NL80211_FLAG_NEED_RTNL,
9823 },
9824 {
9825 .cmd = NL80211_CMD_RADAR_DETECT,
9826 .doit = nl80211_start_radar_detection,
9827 .policy = nl80211_policy,
9828 .flags = GENL_ADMIN_PERM,
9829 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9830 NL80211_FLAG_NEED_RTNL,
9831 },
9832 {
9833 .cmd = NL80211_CMD_GET_PROTOCOL_FEATURES,
9834 .doit = nl80211_get_protocol_features,
9835 .policy = nl80211_policy,
9836 },
9837 {
9838 .cmd = NL80211_CMD_UPDATE_FT_IES,
9839 .doit = nl80211_update_ft_ies,
9840 .policy = nl80211_policy,
9841 .flags = GENL_ADMIN_PERM,
9842 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9843 NL80211_FLAG_NEED_RTNL,
9844 },
9845 {
9846 .cmd = NL80211_CMD_CRIT_PROTOCOL_START,
9847 .doit = nl80211_crit_protocol_start,
9848 .policy = nl80211_policy,
9849 .flags = GENL_ADMIN_PERM,
9850 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
9851 NL80211_FLAG_NEED_RTNL,
9852 },
9853 {
9854 .cmd = NL80211_CMD_CRIT_PROTOCOL_STOP,
9855 .doit = nl80211_crit_protocol_stop,
9856 .policy = nl80211_policy,
9857 .flags = GENL_ADMIN_PERM,
9858 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
9859 NL80211_FLAG_NEED_RTNL,
9860 },
9861 {
9862 .cmd = NL80211_CMD_GET_COALESCE,
9863 .doit = nl80211_get_coalesce,
9864 .policy = nl80211_policy,
9865 .internal_flags = NL80211_FLAG_NEED_WIPHY |
9866 NL80211_FLAG_NEED_RTNL,
9867 },
9868 {
9869 .cmd = NL80211_CMD_SET_COALESCE,
9870 .doit = nl80211_set_coalesce,
9871 .policy = nl80211_policy,
9872 .flags = GENL_ADMIN_PERM,
9873 .internal_flags = NL80211_FLAG_NEED_WIPHY |
9874 NL80211_FLAG_NEED_RTNL,
9875 },
9876 {
9877 .cmd = NL80211_CMD_CHANNEL_SWITCH,
9878 .doit = nl80211_channel_switch,
9879 .policy = nl80211_policy,
9880 .flags = GENL_ADMIN_PERM,
9881 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9882 NL80211_FLAG_NEED_RTNL,
9883 },
9884 {
9885 .cmd = NL80211_CMD_VENDOR,
9886 .doit = nl80211_vendor_cmd,
9887 .policy = nl80211_policy,
9888 .flags = GENL_ADMIN_PERM,
9889 .internal_flags = NL80211_FLAG_NEED_WIPHY |
9890 NL80211_FLAG_NEED_RTNL,
9891 },
9892 {
9893 .cmd = NL80211_CMD_SET_QOS_MAP,
9894 .doit = nl80211_set_qos_map,
9895 .policy = nl80211_policy,
9896 .flags = GENL_ADMIN_PERM,
9897 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9898 NL80211_FLAG_NEED_RTNL,
9899 },
9900 };
9901
9902 /* notification functions */
9903
9904 void nl80211_notify_dev_rename(struct cfg80211_registered_device *rdev)
9905 {
9906 struct sk_buff *msg;
9907 struct nl80211_dump_wiphy_state state = {};
9908
9909 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
9910 if (!msg)
9911 return;
9912
9913 if (nl80211_send_wiphy(rdev, msg, 0, 0, 0, &state) < 0) {
9914 nlmsg_free(msg);
9915 return;
9916 }
9917
9918 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
9919 NL80211_MCGRP_CONFIG, GFP_KERNEL);
9920 }
9921
9922 static int nl80211_add_scan_req(struct sk_buff *msg,
9923 struct cfg80211_registered_device *rdev)
9924 {
9925 struct cfg80211_scan_request *req = rdev->scan_req;
9926 struct nlattr *nest;
9927 int i;
9928
9929 if (WARN_ON(!req))
9930 return 0;
9931
9932 nest = nla_nest_start(msg, NL80211_ATTR_SCAN_SSIDS);
9933 if (!nest)
9934 goto nla_put_failure;
9935 for (i = 0; i < req->n_ssids; i++) {
9936 if (nla_put(msg, i, req->ssids[i].ssid_len, req->ssids[i].ssid))
9937 goto nla_put_failure;
9938 }
9939 nla_nest_end(msg, nest);
9940
9941 nest = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQUENCIES);
9942 if (!nest)
9943 goto nla_put_failure;
9944 for (i = 0; i < req->n_channels; i++) {
9945 if (nla_put_u32(msg, i, req->channels[i]->center_freq))
9946 goto nla_put_failure;
9947 }
9948 nla_nest_end(msg, nest);
9949
9950 if (req->ie &&
9951 nla_put(msg, NL80211_ATTR_IE, req->ie_len, req->ie))
9952 goto nla_put_failure;
9953
9954 if (req->flags &&
9955 nla_put_u32(msg, NL80211_ATTR_SCAN_FLAGS, req->flags))
9956 goto nla_put_failure;
9957
9958 return 0;
9959 nla_put_failure:
9960 return -ENOBUFS;
9961 }
9962
9963 static int nl80211_send_scan_msg(struct sk_buff *msg,
9964 struct cfg80211_registered_device *rdev,
9965 struct wireless_dev *wdev,
9966 u32 portid, u32 seq, int flags,
9967 u32 cmd)
9968 {
9969 void *hdr;
9970
9971 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
9972 if (!hdr)
9973 return -1;
9974
9975 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
9976 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
9977 wdev->netdev->ifindex)) ||
9978 nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
9979 goto nla_put_failure;
9980
9981 /* ignore errors and send incomplete event anyway */
9982 nl80211_add_scan_req(msg, rdev);
9983
9984 return genlmsg_end(msg, hdr);
9985
9986 nla_put_failure:
9987 genlmsg_cancel(msg, hdr);
9988 return -EMSGSIZE;
9989 }
9990
9991 static int
9992 nl80211_send_sched_scan_msg(struct sk_buff *msg,
9993 struct cfg80211_registered_device *rdev,
9994 struct net_device *netdev,
9995 u32 portid, u32 seq, int flags, u32 cmd)
9996 {
9997 void *hdr;
9998
9999 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
10000 if (!hdr)
10001 return -1;
10002
10003 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10004 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
10005 goto nla_put_failure;
10006
10007 return genlmsg_end(msg, hdr);
10008
10009 nla_put_failure:
10010 genlmsg_cancel(msg, hdr);
10011 return -EMSGSIZE;
10012 }
10013
10014 void nl80211_send_scan_start(struct cfg80211_registered_device *rdev,
10015 struct wireless_dev *wdev)
10016 {
10017 struct sk_buff *msg;
10018
10019 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
10020 if (!msg)
10021 return;
10022
10023 if (nl80211_send_scan_msg(msg, rdev, wdev, 0, 0, 0,
10024 NL80211_CMD_TRIGGER_SCAN) < 0) {
10025 nlmsg_free(msg);
10026 return;
10027 }
10028
10029 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10030 NL80211_MCGRP_SCAN, GFP_KERNEL);
10031 }
10032
10033 void nl80211_send_scan_done(struct cfg80211_registered_device *rdev,
10034 struct wireless_dev *wdev)
10035 {
10036 struct sk_buff *msg;
10037
10038 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
10039 if (!msg)
10040 return;
10041
10042 if (nl80211_send_scan_msg(msg, rdev, wdev, 0, 0, 0,
10043 NL80211_CMD_NEW_SCAN_RESULTS) < 0) {
10044 nlmsg_free(msg);
10045 return;
10046 }
10047
10048 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10049 NL80211_MCGRP_SCAN, GFP_KERNEL);
10050 }
10051
10052 void nl80211_send_scan_aborted(struct cfg80211_registered_device *rdev,
10053 struct wireless_dev *wdev)
10054 {
10055 struct sk_buff *msg;
10056
10057 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
10058 if (!msg)
10059 return;
10060
10061 if (nl80211_send_scan_msg(msg, rdev, wdev, 0, 0, 0,
10062 NL80211_CMD_SCAN_ABORTED) < 0) {
10063 nlmsg_free(msg);
10064 return;
10065 }
10066
10067 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10068 NL80211_MCGRP_SCAN, GFP_KERNEL);
10069 }
10070
10071 void nl80211_send_sched_scan_results(struct cfg80211_registered_device *rdev,
10072 struct net_device *netdev)
10073 {
10074 struct sk_buff *msg;
10075
10076 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
10077 if (!msg)
10078 return;
10079
10080 if (nl80211_send_sched_scan_msg(msg, rdev, netdev, 0, 0, 0,
10081 NL80211_CMD_SCHED_SCAN_RESULTS) < 0) {
10082 nlmsg_free(msg);
10083 return;
10084 }
10085
10086 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10087 NL80211_MCGRP_SCAN, GFP_KERNEL);
10088 }
10089
10090 void nl80211_send_sched_scan(struct cfg80211_registered_device *rdev,
10091 struct net_device *netdev, u32 cmd)
10092 {
10093 struct sk_buff *msg;
10094
10095 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
10096 if (!msg)
10097 return;
10098
10099 if (nl80211_send_sched_scan_msg(msg, rdev, netdev, 0, 0, 0, cmd) < 0) {
10100 nlmsg_free(msg);
10101 return;
10102 }
10103
10104 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10105 NL80211_MCGRP_SCAN, GFP_KERNEL);
10106 }
10107
10108 /*
10109 * This can happen on global regulatory changes or device specific settings
10110 * based on custom world regulatory domains.
10111 */
10112 void nl80211_send_reg_change_event(struct regulatory_request *request)
10113 {
10114 struct sk_buff *msg;
10115 void *hdr;
10116
10117 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
10118 if (!msg)
10119 return;
10120
10121 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_CHANGE);
10122 if (!hdr) {
10123 nlmsg_free(msg);
10124 return;
10125 }
10126
10127 /* Userspace can always count this one always being set */
10128 if (nla_put_u8(msg, NL80211_ATTR_REG_INITIATOR, request->initiator))
10129 goto nla_put_failure;
10130
10131 if (request->alpha2[0] == '0' && request->alpha2[1] == '0') {
10132 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
10133 NL80211_REGDOM_TYPE_WORLD))
10134 goto nla_put_failure;
10135 } else if (request->alpha2[0] == '9' && request->alpha2[1] == '9') {
10136 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
10137 NL80211_REGDOM_TYPE_CUSTOM_WORLD))
10138 goto nla_put_failure;
10139 } else if ((request->alpha2[0] == '9' && request->alpha2[1] == '8') ||
10140 request->intersect) {
10141 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
10142 NL80211_REGDOM_TYPE_INTERSECTION))
10143 goto nla_put_failure;
10144 } else {
10145 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
10146 NL80211_REGDOM_TYPE_COUNTRY) ||
10147 nla_put_string(msg, NL80211_ATTR_REG_ALPHA2,
10148 request->alpha2))
10149 goto nla_put_failure;
10150 }
10151
10152 if (request->wiphy_idx != WIPHY_IDX_INVALID &&
10153 nla_put_u32(msg, NL80211_ATTR_WIPHY, request->wiphy_idx))
10154 goto nla_put_failure;
10155
10156 genlmsg_end(msg, hdr);
10157
10158 rcu_read_lock();
10159 genlmsg_multicast_allns(&nl80211_fam, msg, 0,
10160 NL80211_MCGRP_REGULATORY, GFP_ATOMIC);
10161 rcu_read_unlock();
10162
10163 return;
10164
10165 nla_put_failure:
10166 genlmsg_cancel(msg, hdr);
10167 nlmsg_free(msg);
10168 }
10169
10170 static void nl80211_send_mlme_event(struct cfg80211_registered_device *rdev,
10171 struct net_device *netdev,
10172 const u8 *buf, size_t len,
10173 enum nl80211_commands cmd, gfp_t gfp)
10174 {
10175 struct sk_buff *msg;
10176 void *hdr;
10177
10178 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10179 if (!msg)
10180 return;
10181
10182 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
10183 if (!hdr) {
10184 nlmsg_free(msg);
10185 return;
10186 }
10187
10188 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10189 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
10190 nla_put(msg, NL80211_ATTR_FRAME, len, buf))
10191 goto nla_put_failure;
10192
10193 genlmsg_end(msg, hdr);
10194
10195 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10196 NL80211_MCGRP_MLME, gfp);
10197 return;
10198
10199 nla_put_failure:
10200 genlmsg_cancel(msg, hdr);
10201 nlmsg_free(msg);
10202 }
10203
10204 void nl80211_send_rx_auth(struct cfg80211_registered_device *rdev,
10205 struct net_device *netdev, const u8 *buf,
10206 size_t len, gfp_t gfp)
10207 {
10208 nl80211_send_mlme_event(rdev, netdev, buf, len,
10209 NL80211_CMD_AUTHENTICATE, gfp);
10210 }
10211
10212 void nl80211_send_rx_assoc(struct cfg80211_registered_device *rdev,
10213 struct net_device *netdev, const u8 *buf,
10214 size_t len, gfp_t gfp)
10215 {
10216 nl80211_send_mlme_event(rdev, netdev, buf, len,
10217 NL80211_CMD_ASSOCIATE, gfp);
10218 }
10219
10220 void nl80211_send_deauth(struct cfg80211_registered_device *rdev,
10221 struct net_device *netdev, const u8 *buf,
10222 size_t len, gfp_t gfp)
10223 {
10224 nl80211_send_mlme_event(rdev, netdev, buf, len,
10225 NL80211_CMD_DEAUTHENTICATE, gfp);
10226 }
10227
10228 void nl80211_send_disassoc(struct cfg80211_registered_device *rdev,
10229 struct net_device *netdev, const u8 *buf,
10230 size_t len, gfp_t gfp)
10231 {
10232 nl80211_send_mlme_event(rdev, netdev, buf, len,
10233 NL80211_CMD_DISASSOCIATE, gfp);
10234 }
10235
10236 void cfg80211_rx_unprot_mlme_mgmt(struct net_device *dev, const u8 *buf,
10237 size_t len)
10238 {
10239 struct wireless_dev *wdev = dev->ieee80211_ptr;
10240 struct wiphy *wiphy = wdev->wiphy;
10241 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
10242 const struct ieee80211_mgmt *mgmt = (void *)buf;
10243 u32 cmd;
10244
10245 if (WARN_ON(len < 2))
10246 return;
10247
10248 if (ieee80211_is_deauth(mgmt->frame_control))
10249 cmd = NL80211_CMD_UNPROT_DEAUTHENTICATE;
10250 else
10251 cmd = NL80211_CMD_UNPROT_DISASSOCIATE;
10252
10253 trace_cfg80211_rx_unprot_mlme_mgmt(dev, buf, len);
10254 nl80211_send_mlme_event(rdev, dev, buf, len, cmd, GFP_ATOMIC);
10255 }
10256 EXPORT_SYMBOL(cfg80211_rx_unprot_mlme_mgmt);
10257
10258 static void nl80211_send_mlme_timeout(struct cfg80211_registered_device *rdev,
10259 struct net_device *netdev, int cmd,
10260 const u8 *addr, gfp_t gfp)
10261 {
10262 struct sk_buff *msg;
10263 void *hdr;
10264
10265 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10266 if (!msg)
10267 return;
10268
10269 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
10270 if (!hdr) {
10271 nlmsg_free(msg);
10272 return;
10273 }
10274
10275 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10276 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
10277 nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) ||
10278 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
10279 goto nla_put_failure;
10280
10281 genlmsg_end(msg, hdr);
10282
10283 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10284 NL80211_MCGRP_MLME, gfp);
10285 return;
10286
10287 nla_put_failure:
10288 genlmsg_cancel(msg, hdr);
10289 nlmsg_free(msg);
10290 }
10291
10292 void nl80211_send_auth_timeout(struct cfg80211_registered_device *rdev,
10293 struct net_device *netdev, const u8 *addr,
10294 gfp_t gfp)
10295 {
10296 nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_AUTHENTICATE,
10297 addr, gfp);
10298 }
10299
10300 void nl80211_send_assoc_timeout(struct cfg80211_registered_device *rdev,
10301 struct net_device *netdev, const u8 *addr,
10302 gfp_t gfp)
10303 {
10304 nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_ASSOCIATE,
10305 addr, gfp);
10306 }
10307
10308 void nl80211_send_connect_result(struct cfg80211_registered_device *rdev,
10309 struct net_device *netdev, const u8 *bssid,
10310 const u8 *req_ie, size_t req_ie_len,
10311 const u8 *resp_ie, size_t resp_ie_len,
10312 u16 status, gfp_t gfp)
10313 {
10314 struct sk_buff *msg;
10315 void *hdr;
10316
10317 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10318 if (!msg)
10319 return;
10320
10321 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONNECT);
10322 if (!hdr) {
10323 nlmsg_free(msg);
10324 return;
10325 }
10326
10327 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10328 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
10329 (bssid && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid)) ||
10330 nla_put_u16(msg, NL80211_ATTR_STATUS_CODE, status) ||
10331 (req_ie &&
10332 nla_put(msg, NL80211_ATTR_REQ_IE, req_ie_len, req_ie)) ||
10333 (resp_ie &&
10334 nla_put(msg, NL80211_ATTR_RESP_IE, resp_ie_len, resp_ie)))
10335 goto nla_put_failure;
10336
10337 genlmsg_end(msg, hdr);
10338
10339 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10340 NL80211_MCGRP_MLME, gfp);
10341 return;
10342
10343 nla_put_failure:
10344 genlmsg_cancel(msg, hdr);
10345 nlmsg_free(msg);
10346
10347 }
10348
10349 void nl80211_send_roamed(struct cfg80211_registered_device *rdev,
10350 struct net_device *netdev, const u8 *bssid,
10351 const u8 *req_ie, size_t req_ie_len,
10352 const u8 *resp_ie, size_t resp_ie_len, gfp_t gfp)
10353 {
10354 struct sk_buff *msg;
10355 void *hdr;
10356
10357 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10358 if (!msg)
10359 return;
10360
10361 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ROAM);
10362 if (!hdr) {
10363 nlmsg_free(msg);
10364 return;
10365 }
10366
10367 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10368 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
10369 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid) ||
10370 (req_ie &&
10371 nla_put(msg, NL80211_ATTR_REQ_IE, req_ie_len, req_ie)) ||
10372 (resp_ie &&
10373 nla_put(msg, NL80211_ATTR_RESP_IE, resp_ie_len, resp_ie)))
10374 goto nla_put_failure;
10375
10376 genlmsg_end(msg, hdr);
10377
10378 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10379 NL80211_MCGRP_MLME, gfp);
10380 return;
10381
10382 nla_put_failure:
10383 genlmsg_cancel(msg, hdr);
10384 nlmsg_free(msg);
10385
10386 }
10387
10388 void nl80211_send_disconnected(struct cfg80211_registered_device *rdev,
10389 struct net_device *netdev, u16 reason,
10390 const u8 *ie, size_t ie_len, bool from_ap)
10391 {
10392 struct sk_buff *msg;
10393 void *hdr;
10394
10395 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
10396 if (!msg)
10397 return;
10398
10399 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DISCONNECT);
10400 if (!hdr) {
10401 nlmsg_free(msg);
10402 return;
10403 }
10404
10405 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10406 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
10407 (from_ap && reason &&
10408 nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason)) ||
10409 (from_ap &&
10410 nla_put_flag(msg, NL80211_ATTR_DISCONNECTED_BY_AP)) ||
10411 (ie && nla_put(msg, NL80211_ATTR_IE, ie_len, ie)))
10412 goto nla_put_failure;
10413
10414 genlmsg_end(msg, hdr);
10415
10416 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10417 NL80211_MCGRP_MLME, GFP_KERNEL);
10418 return;
10419
10420 nla_put_failure:
10421 genlmsg_cancel(msg, hdr);
10422 nlmsg_free(msg);
10423
10424 }
10425
10426 void nl80211_send_ibss_bssid(struct cfg80211_registered_device *rdev,
10427 struct net_device *netdev, const u8 *bssid,
10428 gfp_t gfp)
10429 {
10430 struct sk_buff *msg;
10431 void *hdr;
10432
10433 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10434 if (!msg)
10435 return;
10436
10437 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_JOIN_IBSS);
10438 if (!hdr) {
10439 nlmsg_free(msg);
10440 return;
10441 }
10442
10443 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10444 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
10445 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
10446 goto nla_put_failure;
10447
10448 genlmsg_end(msg, hdr);
10449
10450 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10451 NL80211_MCGRP_MLME, gfp);
10452 return;
10453
10454 nla_put_failure:
10455 genlmsg_cancel(msg, hdr);
10456 nlmsg_free(msg);
10457 }
10458
10459 void cfg80211_notify_new_peer_candidate(struct net_device *dev, const u8 *addr,
10460 const u8* ie, u8 ie_len, gfp_t gfp)
10461 {
10462 struct wireless_dev *wdev = dev->ieee80211_ptr;
10463 struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy);
10464 struct sk_buff *msg;
10465 void *hdr;
10466
10467 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_MESH_POINT))
10468 return;
10469
10470 trace_cfg80211_notify_new_peer_candidate(dev, addr);
10471
10472 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10473 if (!msg)
10474 return;
10475
10476 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NEW_PEER_CANDIDATE);
10477 if (!hdr) {
10478 nlmsg_free(msg);
10479 return;
10480 }
10481
10482 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10483 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
10484 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
10485 (ie_len && ie &&
10486 nla_put(msg, NL80211_ATTR_IE, ie_len , ie)))
10487 goto nla_put_failure;
10488
10489 genlmsg_end(msg, hdr);
10490
10491 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10492 NL80211_MCGRP_MLME, gfp);
10493 return;
10494
10495 nla_put_failure:
10496 genlmsg_cancel(msg, hdr);
10497 nlmsg_free(msg);
10498 }
10499 EXPORT_SYMBOL(cfg80211_notify_new_peer_candidate);
10500
10501 void nl80211_michael_mic_failure(struct cfg80211_registered_device *rdev,
10502 struct net_device *netdev, const u8 *addr,
10503 enum nl80211_key_type key_type, int key_id,
10504 const u8 *tsc, gfp_t gfp)
10505 {
10506 struct sk_buff *msg;
10507 void *hdr;
10508
10509 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10510 if (!msg)
10511 return;
10512
10513 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_MICHAEL_MIC_FAILURE);
10514 if (!hdr) {
10515 nlmsg_free(msg);
10516 return;
10517 }
10518
10519 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10520 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
10521 (addr && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) ||
10522 nla_put_u32(msg, NL80211_ATTR_KEY_TYPE, key_type) ||
10523 (key_id != -1 &&
10524 nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_id)) ||
10525 (tsc && nla_put(msg, NL80211_ATTR_KEY_SEQ, 6, tsc)))
10526 goto nla_put_failure;
10527
10528 genlmsg_end(msg, hdr);
10529
10530 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10531 NL80211_MCGRP_MLME, gfp);
10532 return;
10533
10534 nla_put_failure:
10535 genlmsg_cancel(msg, hdr);
10536 nlmsg_free(msg);
10537 }
10538
10539 void nl80211_send_beacon_hint_event(struct wiphy *wiphy,
10540 struct ieee80211_channel *channel_before,
10541 struct ieee80211_channel *channel_after)
10542 {
10543 struct sk_buff *msg;
10544 void *hdr;
10545 struct nlattr *nl_freq;
10546
10547 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC);
10548 if (!msg)
10549 return;
10550
10551 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_BEACON_HINT);
10552 if (!hdr) {
10553 nlmsg_free(msg);
10554 return;
10555 }
10556
10557 /*
10558 * Since we are applying the beacon hint to a wiphy we know its
10559 * wiphy_idx is valid
10560 */
10561 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
10562 goto nla_put_failure;
10563
10564 /* Before */
10565 nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_BEFORE);
10566 if (!nl_freq)
10567 goto nla_put_failure;
10568 if (nl80211_msg_put_channel(msg, channel_before, false))
10569 goto nla_put_failure;
10570 nla_nest_end(msg, nl_freq);
10571
10572 /* After */
10573 nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_AFTER);
10574 if (!nl_freq)
10575 goto nla_put_failure;
10576 if (nl80211_msg_put_channel(msg, channel_after, false))
10577 goto nla_put_failure;
10578 nla_nest_end(msg, nl_freq);
10579
10580 genlmsg_end(msg, hdr);
10581
10582 rcu_read_lock();
10583 genlmsg_multicast_allns(&nl80211_fam, msg, 0,
10584 NL80211_MCGRP_REGULATORY, GFP_ATOMIC);
10585 rcu_read_unlock();
10586
10587 return;
10588
10589 nla_put_failure:
10590 genlmsg_cancel(msg, hdr);
10591 nlmsg_free(msg);
10592 }
10593
10594 static void nl80211_send_remain_on_chan_event(
10595 int cmd, struct cfg80211_registered_device *rdev,
10596 struct wireless_dev *wdev, u64 cookie,
10597 struct ieee80211_channel *chan,
10598 unsigned int duration, gfp_t gfp)
10599 {
10600 struct sk_buff *msg;
10601 void *hdr;
10602
10603 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10604 if (!msg)
10605 return;
10606
10607 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
10608 if (!hdr) {
10609 nlmsg_free(msg);
10610 return;
10611 }
10612
10613 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10614 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
10615 wdev->netdev->ifindex)) ||
10616 nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)) ||
10617 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, chan->center_freq) ||
10618 nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
10619 NL80211_CHAN_NO_HT) ||
10620 nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie))
10621 goto nla_put_failure;
10622
10623 if (cmd == NL80211_CMD_REMAIN_ON_CHANNEL &&
10624 nla_put_u32(msg, NL80211_ATTR_DURATION, duration))
10625 goto nla_put_failure;
10626
10627 genlmsg_end(msg, hdr);
10628
10629 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10630 NL80211_MCGRP_MLME, gfp);
10631 return;
10632
10633 nla_put_failure:
10634 genlmsg_cancel(msg, hdr);
10635 nlmsg_free(msg);
10636 }
10637
10638 void cfg80211_ready_on_channel(struct wireless_dev *wdev, u64 cookie,
10639 struct ieee80211_channel *chan,
10640 unsigned int duration, gfp_t gfp)
10641 {
10642 struct wiphy *wiphy = wdev->wiphy;
10643 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
10644
10645 trace_cfg80211_ready_on_channel(wdev, cookie, chan, duration);
10646 nl80211_send_remain_on_chan_event(NL80211_CMD_REMAIN_ON_CHANNEL,
10647 rdev, wdev, cookie, chan,
10648 duration, gfp);
10649 }
10650 EXPORT_SYMBOL(cfg80211_ready_on_channel);
10651
10652 void cfg80211_remain_on_channel_expired(struct wireless_dev *wdev, u64 cookie,
10653 struct ieee80211_channel *chan,
10654 gfp_t gfp)
10655 {
10656 struct wiphy *wiphy = wdev->wiphy;
10657 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
10658
10659 trace_cfg80211_ready_on_channel_expired(wdev, cookie, chan);
10660 nl80211_send_remain_on_chan_event(NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
10661 rdev, wdev, cookie, chan, 0, gfp);
10662 }
10663 EXPORT_SYMBOL(cfg80211_remain_on_channel_expired);
10664
10665 void cfg80211_new_sta(struct net_device *dev, const u8 *mac_addr,
10666 struct station_info *sinfo, gfp_t gfp)
10667 {
10668 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
10669 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
10670 struct sk_buff *msg;
10671
10672 trace_cfg80211_new_sta(dev, mac_addr, sinfo);
10673
10674 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10675 if (!msg)
10676 return;
10677
10678 if (nl80211_send_station(msg, 0, 0, 0,
10679 rdev, dev, mac_addr, sinfo) < 0) {
10680 nlmsg_free(msg);
10681 return;
10682 }
10683
10684 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10685 NL80211_MCGRP_MLME, gfp);
10686 }
10687 EXPORT_SYMBOL(cfg80211_new_sta);
10688
10689 void cfg80211_del_sta(struct net_device *dev, const u8 *mac_addr, gfp_t gfp)
10690 {
10691 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
10692 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
10693 struct sk_buff *msg;
10694 void *hdr;
10695
10696 trace_cfg80211_del_sta(dev, mac_addr);
10697
10698 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10699 if (!msg)
10700 return;
10701
10702 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DEL_STATION);
10703 if (!hdr) {
10704 nlmsg_free(msg);
10705 return;
10706 }
10707
10708 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
10709 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr))
10710 goto nla_put_failure;
10711
10712 genlmsg_end(msg, hdr);
10713
10714 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10715 NL80211_MCGRP_MLME, gfp);
10716 return;
10717
10718 nla_put_failure:
10719 genlmsg_cancel(msg, hdr);
10720 nlmsg_free(msg);
10721 }
10722 EXPORT_SYMBOL(cfg80211_del_sta);
10723
10724 void cfg80211_conn_failed(struct net_device *dev, const u8 *mac_addr,
10725 enum nl80211_connect_failed_reason reason,
10726 gfp_t gfp)
10727 {
10728 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
10729 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
10730 struct sk_buff *msg;
10731 void *hdr;
10732
10733 msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
10734 if (!msg)
10735 return;
10736
10737 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONN_FAILED);
10738 if (!hdr) {
10739 nlmsg_free(msg);
10740 return;
10741 }
10742
10743 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
10744 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
10745 nla_put_u32(msg, NL80211_ATTR_CONN_FAILED_REASON, reason))
10746 goto nla_put_failure;
10747
10748 genlmsg_end(msg, hdr);
10749
10750 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10751 NL80211_MCGRP_MLME, gfp);
10752 return;
10753
10754 nla_put_failure:
10755 genlmsg_cancel(msg, hdr);
10756 nlmsg_free(msg);
10757 }
10758 EXPORT_SYMBOL(cfg80211_conn_failed);
10759
10760 static bool __nl80211_unexpected_frame(struct net_device *dev, u8 cmd,
10761 const u8 *addr, gfp_t gfp)
10762 {
10763 struct wireless_dev *wdev = dev->ieee80211_ptr;
10764 struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy);
10765 struct sk_buff *msg;
10766 void *hdr;
10767 u32 nlportid = ACCESS_ONCE(wdev->ap_unexpected_nlportid);
10768
10769 if (!nlportid)
10770 return false;
10771
10772 msg = nlmsg_new(100, gfp);
10773 if (!msg)
10774 return true;
10775
10776 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
10777 if (!hdr) {
10778 nlmsg_free(msg);
10779 return true;
10780 }
10781
10782 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10783 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
10784 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
10785 goto nla_put_failure;
10786
10787 genlmsg_end(msg, hdr);
10788 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
10789 return true;
10790
10791 nla_put_failure:
10792 genlmsg_cancel(msg, hdr);
10793 nlmsg_free(msg);
10794 return true;
10795 }
10796
10797 bool cfg80211_rx_spurious_frame(struct net_device *dev,
10798 const u8 *addr, gfp_t gfp)
10799 {
10800 struct wireless_dev *wdev = dev->ieee80211_ptr;
10801 bool ret;
10802
10803 trace_cfg80211_rx_spurious_frame(dev, addr);
10804
10805 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
10806 wdev->iftype != NL80211_IFTYPE_P2P_GO)) {
10807 trace_cfg80211_return_bool(false);
10808 return false;
10809 }
10810 ret = __nl80211_unexpected_frame(dev, NL80211_CMD_UNEXPECTED_FRAME,
10811 addr, gfp);
10812 trace_cfg80211_return_bool(ret);
10813 return ret;
10814 }
10815 EXPORT_SYMBOL(cfg80211_rx_spurious_frame);
10816
10817 bool cfg80211_rx_unexpected_4addr_frame(struct net_device *dev,
10818 const u8 *addr, gfp_t gfp)
10819 {
10820 struct wireless_dev *wdev = dev->ieee80211_ptr;
10821 bool ret;
10822
10823 trace_cfg80211_rx_unexpected_4addr_frame(dev, addr);
10824
10825 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
10826 wdev->iftype != NL80211_IFTYPE_P2P_GO &&
10827 wdev->iftype != NL80211_IFTYPE_AP_VLAN)) {
10828 trace_cfg80211_return_bool(false);
10829 return false;
10830 }
10831 ret = __nl80211_unexpected_frame(dev,
10832 NL80211_CMD_UNEXPECTED_4ADDR_FRAME,
10833 addr, gfp);
10834 trace_cfg80211_return_bool(ret);
10835 return ret;
10836 }
10837 EXPORT_SYMBOL(cfg80211_rx_unexpected_4addr_frame);
10838
10839 int nl80211_send_mgmt(struct cfg80211_registered_device *rdev,
10840 struct wireless_dev *wdev, u32 nlportid,
10841 int freq, int sig_dbm,
10842 const u8 *buf, size_t len, u32 flags, gfp_t gfp)
10843 {
10844 struct net_device *netdev = wdev->netdev;
10845 struct sk_buff *msg;
10846 void *hdr;
10847
10848 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10849 if (!msg)
10850 return -ENOMEM;
10851
10852 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
10853 if (!hdr) {
10854 nlmsg_free(msg);
10855 return -ENOMEM;
10856 }
10857
10858 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10859 (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
10860 netdev->ifindex)) ||
10861 nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)) ||
10862 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq) ||
10863 (sig_dbm &&
10864 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) ||
10865 nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
10866 (flags &&
10867 nla_put_u32(msg, NL80211_ATTR_RXMGMT_FLAGS, flags)))
10868 goto nla_put_failure;
10869
10870 genlmsg_end(msg, hdr);
10871
10872 return genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
10873
10874 nla_put_failure:
10875 genlmsg_cancel(msg, hdr);
10876 nlmsg_free(msg);
10877 return -ENOBUFS;
10878 }
10879
10880 void cfg80211_mgmt_tx_status(struct wireless_dev *wdev, u64 cookie,
10881 const u8 *buf, size_t len, bool ack, gfp_t gfp)
10882 {
10883 struct wiphy *wiphy = wdev->wiphy;
10884 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
10885 struct net_device *netdev = wdev->netdev;
10886 struct sk_buff *msg;
10887 void *hdr;
10888
10889 trace_cfg80211_mgmt_tx_status(wdev, cookie, ack);
10890
10891 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10892 if (!msg)
10893 return;
10894
10895 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME_TX_STATUS);
10896 if (!hdr) {
10897 nlmsg_free(msg);
10898 return;
10899 }
10900
10901 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10902 (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
10903 netdev->ifindex)) ||
10904 nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)) ||
10905 nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
10906 nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie) ||
10907 (ack && nla_put_flag(msg, NL80211_ATTR_ACK)))
10908 goto nla_put_failure;
10909
10910 genlmsg_end(msg, hdr);
10911
10912 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10913 NL80211_MCGRP_MLME, gfp);
10914 return;
10915
10916 nla_put_failure:
10917 genlmsg_cancel(msg, hdr);
10918 nlmsg_free(msg);
10919 }
10920 EXPORT_SYMBOL(cfg80211_mgmt_tx_status);
10921
10922 void cfg80211_cqm_rssi_notify(struct net_device *dev,
10923 enum nl80211_cqm_rssi_threshold_event rssi_event,
10924 gfp_t gfp)
10925 {
10926 struct wireless_dev *wdev = dev->ieee80211_ptr;
10927 struct wiphy *wiphy = wdev->wiphy;
10928 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
10929 struct sk_buff *msg;
10930 struct nlattr *pinfoattr;
10931 void *hdr;
10932
10933 trace_cfg80211_cqm_rssi_notify(dev, rssi_event);
10934
10935 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10936 if (!msg)
10937 return;
10938
10939 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM);
10940 if (!hdr) {
10941 nlmsg_free(msg);
10942 return;
10943 }
10944
10945 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10946 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
10947 goto nla_put_failure;
10948
10949 pinfoattr = nla_nest_start(msg, NL80211_ATTR_CQM);
10950 if (!pinfoattr)
10951 goto nla_put_failure;
10952
10953 if (nla_put_u32(msg, NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT,
10954 rssi_event))
10955 goto nla_put_failure;
10956
10957 nla_nest_end(msg, pinfoattr);
10958
10959 genlmsg_end(msg, hdr);
10960
10961 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10962 NL80211_MCGRP_MLME, gfp);
10963 return;
10964
10965 nla_put_failure:
10966 genlmsg_cancel(msg, hdr);
10967 nlmsg_free(msg);
10968 }
10969 EXPORT_SYMBOL(cfg80211_cqm_rssi_notify);
10970
10971 static void nl80211_gtk_rekey_notify(struct cfg80211_registered_device *rdev,
10972 struct net_device *netdev, const u8 *bssid,
10973 const u8 *replay_ctr, gfp_t gfp)
10974 {
10975 struct sk_buff *msg;
10976 struct nlattr *rekey_attr;
10977 void *hdr;
10978
10979 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10980 if (!msg)
10981 return;
10982
10983 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_REKEY_OFFLOAD);
10984 if (!hdr) {
10985 nlmsg_free(msg);
10986 return;
10987 }
10988
10989 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10990 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
10991 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
10992 goto nla_put_failure;
10993
10994 rekey_attr = nla_nest_start(msg, NL80211_ATTR_REKEY_DATA);
10995 if (!rekey_attr)
10996 goto nla_put_failure;
10997
10998 if (nla_put(msg, NL80211_REKEY_DATA_REPLAY_CTR,
10999 NL80211_REPLAY_CTR_LEN, replay_ctr))
11000 goto nla_put_failure;
11001
11002 nla_nest_end(msg, rekey_attr);
11003
11004 genlmsg_end(msg, hdr);
11005
11006 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11007 NL80211_MCGRP_MLME, gfp);
11008 return;
11009
11010 nla_put_failure:
11011 genlmsg_cancel(msg, hdr);
11012 nlmsg_free(msg);
11013 }
11014
11015 void cfg80211_gtk_rekey_notify(struct net_device *dev, const u8 *bssid,
11016 const u8 *replay_ctr, gfp_t gfp)
11017 {
11018 struct wireless_dev *wdev = dev->ieee80211_ptr;
11019 struct wiphy *wiphy = wdev->wiphy;
11020 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
11021
11022 trace_cfg80211_gtk_rekey_notify(dev, bssid);
11023 nl80211_gtk_rekey_notify(rdev, dev, bssid, replay_ctr, gfp);
11024 }
11025 EXPORT_SYMBOL(cfg80211_gtk_rekey_notify);
11026
11027 static void
11028 nl80211_pmksa_candidate_notify(struct cfg80211_registered_device *rdev,
11029 struct net_device *netdev, int index,
11030 const u8 *bssid, bool preauth, gfp_t gfp)
11031 {
11032 struct sk_buff *msg;
11033 struct nlattr *attr;
11034 void *hdr;
11035
11036 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11037 if (!msg)
11038 return;
11039
11040 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PMKSA_CANDIDATE);
11041 if (!hdr) {
11042 nlmsg_free(msg);
11043 return;
11044 }
11045
11046 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11047 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
11048 goto nla_put_failure;
11049
11050 attr = nla_nest_start(msg, NL80211_ATTR_PMKSA_CANDIDATE);
11051 if (!attr)
11052 goto nla_put_failure;
11053
11054 if (nla_put_u32(msg, NL80211_PMKSA_CANDIDATE_INDEX, index) ||
11055 nla_put(msg, NL80211_PMKSA_CANDIDATE_BSSID, ETH_ALEN, bssid) ||
11056 (preauth &&
11057 nla_put_flag(msg, NL80211_PMKSA_CANDIDATE_PREAUTH)))
11058 goto nla_put_failure;
11059
11060 nla_nest_end(msg, attr);
11061
11062 genlmsg_end(msg, hdr);
11063
11064 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11065 NL80211_MCGRP_MLME, gfp);
11066 return;
11067
11068 nla_put_failure:
11069 genlmsg_cancel(msg, hdr);
11070 nlmsg_free(msg);
11071 }
11072
11073 void cfg80211_pmksa_candidate_notify(struct net_device *dev, int index,
11074 const u8 *bssid, bool preauth, gfp_t gfp)
11075 {
11076 struct wireless_dev *wdev = dev->ieee80211_ptr;
11077 struct wiphy *wiphy = wdev->wiphy;
11078 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
11079
11080 trace_cfg80211_pmksa_candidate_notify(dev, index, bssid, preauth);
11081 nl80211_pmksa_candidate_notify(rdev, dev, index, bssid, preauth, gfp);
11082 }
11083 EXPORT_SYMBOL(cfg80211_pmksa_candidate_notify);
11084
11085 static void nl80211_ch_switch_notify(struct cfg80211_registered_device *rdev,
11086 struct net_device *netdev,
11087 struct cfg80211_chan_def *chandef,
11088 gfp_t gfp)
11089 {
11090 struct sk_buff *msg;
11091 void *hdr;
11092
11093 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11094 if (!msg)
11095 return;
11096
11097 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CH_SWITCH_NOTIFY);
11098 if (!hdr) {
11099 nlmsg_free(msg);
11100 return;
11101 }
11102
11103 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
11104 goto nla_put_failure;
11105
11106 if (nl80211_send_chandef(msg, chandef))
11107 goto nla_put_failure;
11108
11109 genlmsg_end(msg, hdr);
11110
11111 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11112 NL80211_MCGRP_MLME, gfp);
11113 return;
11114
11115 nla_put_failure:
11116 genlmsg_cancel(msg, hdr);
11117 nlmsg_free(msg);
11118 }
11119
11120 void cfg80211_ch_switch_notify(struct net_device *dev,
11121 struct cfg80211_chan_def *chandef)
11122 {
11123 struct wireless_dev *wdev = dev->ieee80211_ptr;
11124 struct wiphy *wiphy = wdev->wiphy;
11125 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
11126
11127 ASSERT_WDEV_LOCK(wdev);
11128
11129 trace_cfg80211_ch_switch_notify(dev, chandef);
11130
11131 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
11132 wdev->iftype != NL80211_IFTYPE_P2P_GO &&
11133 wdev->iftype != NL80211_IFTYPE_ADHOC &&
11134 wdev->iftype != NL80211_IFTYPE_MESH_POINT))
11135 return;
11136
11137 wdev->channel = chandef->chan;
11138 nl80211_ch_switch_notify(rdev, dev, chandef, GFP_KERNEL);
11139 }
11140 EXPORT_SYMBOL(cfg80211_ch_switch_notify);
11141
11142 void cfg80211_cqm_txe_notify(struct net_device *dev,
11143 const u8 *peer, u32 num_packets,
11144 u32 rate, u32 intvl, gfp_t gfp)
11145 {
11146 struct wireless_dev *wdev = dev->ieee80211_ptr;
11147 struct wiphy *wiphy = wdev->wiphy;
11148 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
11149 struct sk_buff *msg;
11150 struct nlattr *pinfoattr;
11151 void *hdr;
11152
11153 msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
11154 if (!msg)
11155 return;
11156
11157 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM);
11158 if (!hdr) {
11159 nlmsg_free(msg);
11160 return;
11161 }
11162
11163 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11164 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
11165 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer))
11166 goto nla_put_failure;
11167
11168 pinfoattr = nla_nest_start(msg, NL80211_ATTR_CQM);
11169 if (!pinfoattr)
11170 goto nla_put_failure;
11171
11172 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_PKTS, num_packets))
11173 goto nla_put_failure;
11174
11175 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_RATE, rate))
11176 goto nla_put_failure;
11177
11178 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_INTVL, intvl))
11179 goto nla_put_failure;
11180
11181 nla_nest_end(msg, pinfoattr);
11182
11183 genlmsg_end(msg, hdr);
11184
11185 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11186 NL80211_MCGRP_MLME, gfp);
11187 return;
11188
11189 nla_put_failure:
11190 genlmsg_cancel(msg, hdr);
11191 nlmsg_free(msg);
11192 }
11193 EXPORT_SYMBOL(cfg80211_cqm_txe_notify);
11194
11195 void
11196 nl80211_radar_notify(struct cfg80211_registered_device *rdev,
11197 const struct cfg80211_chan_def *chandef,
11198 enum nl80211_radar_event event,
11199 struct net_device *netdev, gfp_t gfp)
11200 {
11201 struct sk_buff *msg;
11202 void *hdr;
11203
11204 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11205 if (!msg)
11206 return;
11207
11208 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_RADAR_DETECT);
11209 if (!hdr) {
11210 nlmsg_free(msg);
11211 return;
11212 }
11213
11214 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
11215 goto nla_put_failure;
11216
11217 /* NOP and radar events don't need a netdev parameter */
11218 if (netdev) {
11219 struct wireless_dev *wdev = netdev->ieee80211_ptr;
11220
11221 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
11222 nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
11223 goto nla_put_failure;
11224 }
11225
11226 if (nla_put_u32(msg, NL80211_ATTR_RADAR_EVENT, event))
11227 goto nla_put_failure;
11228
11229 if (nl80211_send_chandef(msg, chandef))
11230 goto nla_put_failure;
11231
11232 genlmsg_end(msg, hdr);
11233
11234 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11235 NL80211_MCGRP_MLME, gfp);
11236 return;
11237
11238 nla_put_failure:
11239 genlmsg_cancel(msg, hdr);
11240 nlmsg_free(msg);
11241 }
11242
11243 void cfg80211_cqm_pktloss_notify(struct net_device *dev,
11244 const u8 *peer, u32 num_packets, gfp_t gfp)
11245 {
11246 struct wireless_dev *wdev = dev->ieee80211_ptr;
11247 struct wiphy *wiphy = wdev->wiphy;
11248 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
11249 struct sk_buff *msg;
11250 struct nlattr *pinfoattr;
11251 void *hdr;
11252
11253 trace_cfg80211_cqm_pktloss_notify(dev, peer, num_packets);
11254
11255 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11256 if (!msg)
11257 return;
11258
11259 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM);
11260 if (!hdr) {
11261 nlmsg_free(msg);
11262 return;
11263 }
11264
11265 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11266 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
11267 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer))
11268 goto nla_put_failure;
11269
11270 pinfoattr = nla_nest_start(msg, NL80211_ATTR_CQM);
11271 if (!pinfoattr)
11272 goto nla_put_failure;
11273
11274 if (nla_put_u32(msg, NL80211_ATTR_CQM_PKT_LOSS_EVENT, num_packets))
11275 goto nla_put_failure;
11276
11277 nla_nest_end(msg, pinfoattr);
11278
11279 genlmsg_end(msg, hdr);
11280
11281 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11282 NL80211_MCGRP_MLME, gfp);
11283 return;
11284
11285 nla_put_failure:
11286 genlmsg_cancel(msg, hdr);
11287 nlmsg_free(msg);
11288 }
11289 EXPORT_SYMBOL(cfg80211_cqm_pktloss_notify);
11290
11291 void cfg80211_probe_status(struct net_device *dev, const u8 *addr,
11292 u64 cookie, bool acked, gfp_t gfp)
11293 {
11294 struct wireless_dev *wdev = dev->ieee80211_ptr;
11295 struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy);
11296 struct sk_buff *msg;
11297 void *hdr;
11298
11299 trace_cfg80211_probe_status(dev, addr, cookie, acked);
11300
11301 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11302
11303 if (!msg)
11304 return;
11305
11306 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PROBE_CLIENT);
11307 if (!hdr) {
11308 nlmsg_free(msg);
11309 return;
11310 }
11311
11312 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11313 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
11314 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
11315 nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie) ||
11316 (acked && nla_put_flag(msg, NL80211_ATTR_ACK)))
11317 goto nla_put_failure;
11318
11319 genlmsg_end(msg, hdr);
11320
11321 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11322 NL80211_MCGRP_MLME, gfp);
11323 return;
11324
11325 nla_put_failure:
11326 genlmsg_cancel(msg, hdr);
11327 nlmsg_free(msg);
11328 }
11329 EXPORT_SYMBOL(cfg80211_probe_status);
11330
11331 void cfg80211_report_obss_beacon(struct wiphy *wiphy,
11332 const u8 *frame, size_t len,
11333 int freq, int sig_dbm)
11334 {
11335 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
11336 struct sk_buff *msg;
11337 void *hdr;
11338 struct cfg80211_beacon_registration *reg;
11339
11340 trace_cfg80211_report_obss_beacon(wiphy, frame, len, freq, sig_dbm);
11341
11342 spin_lock_bh(&rdev->beacon_registrations_lock);
11343 list_for_each_entry(reg, &rdev->beacon_registrations, list) {
11344 msg = nlmsg_new(len + 100, GFP_ATOMIC);
11345 if (!msg) {
11346 spin_unlock_bh(&rdev->beacon_registrations_lock);
11347 return;
11348 }
11349
11350 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
11351 if (!hdr)
11352 goto nla_put_failure;
11353
11354 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11355 (freq &&
11356 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq)) ||
11357 (sig_dbm &&
11358 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) ||
11359 nla_put(msg, NL80211_ATTR_FRAME, len, frame))
11360 goto nla_put_failure;
11361
11362 genlmsg_end(msg, hdr);
11363
11364 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, reg->nlportid);
11365 }
11366 spin_unlock_bh(&rdev->beacon_registrations_lock);
11367 return;
11368
11369 nla_put_failure:
11370 spin_unlock_bh(&rdev->beacon_registrations_lock);
11371 if (hdr)
11372 genlmsg_cancel(msg, hdr);
11373 nlmsg_free(msg);
11374 }
11375 EXPORT_SYMBOL(cfg80211_report_obss_beacon);
11376
11377 #ifdef CONFIG_PM
11378 void cfg80211_report_wowlan_wakeup(struct wireless_dev *wdev,
11379 struct cfg80211_wowlan_wakeup *wakeup,
11380 gfp_t gfp)
11381 {
11382 struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy);
11383 struct sk_buff *msg;
11384 void *hdr;
11385 int size = 200;
11386
11387 trace_cfg80211_report_wowlan_wakeup(wdev->wiphy, wdev, wakeup);
11388
11389 if (wakeup)
11390 size += wakeup->packet_present_len;
11391
11392 msg = nlmsg_new(size, gfp);
11393 if (!msg)
11394 return;
11395
11396 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_WOWLAN);
11397 if (!hdr)
11398 goto free_msg;
11399
11400 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11401 nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
11402 goto free_msg;
11403
11404 if (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
11405 wdev->netdev->ifindex))
11406 goto free_msg;
11407
11408 if (wakeup) {
11409 struct nlattr *reasons;
11410
11411 reasons = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS);
11412 if (!reasons)
11413 goto free_msg;
11414
11415 if (wakeup->disconnect &&
11416 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT))
11417 goto free_msg;
11418 if (wakeup->magic_pkt &&
11419 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT))
11420 goto free_msg;
11421 if (wakeup->gtk_rekey_failure &&
11422 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE))
11423 goto free_msg;
11424 if (wakeup->eap_identity_req &&
11425 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST))
11426 goto free_msg;
11427 if (wakeup->four_way_handshake &&
11428 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE))
11429 goto free_msg;
11430 if (wakeup->rfkill_release &&
11431 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE))
11432 goto free_msg;
11433
11434 if (wakeup->pattern_idx >= 0 &&
11435 nla_put_u32(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
11436 wakeup->pattern_idx))
11437 goto free_msg;
11438
11439 if (wakeup->tcp_match &&
11440 nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_MATCH))
11441 goto free_msg;
11442
11443 if (wakeup->tcp_connlost &&
11444 nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_CONNLOST))
11445 goto free_msg;
11446
11447 if (wakeup->tcp_nomoretokens &&
11448 nla_put_flag(msg,
11449 NL80211_WOWLAN_TRIG_WAKEUP_TCP_NOMORETOKENS))
11450 goto free_msg;
11451
11452 if (wakeup->packet) {
11453 u32 pkt_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211;
11454 u32 len_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211_LEN;
11455
11456 if (!wakeup->packet_80211) {
11457 pkt_attr =
11458 NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023;
11459 len_attr =
11460 NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023_LEN;
11461 }
11462
11463 if (wakeup->packet_len &&
11464 nla_put_u32(msg, len_attr, wakeup->packet_len))
11465 goto free_msg;
11466
11467 if (nla_put(msg, pkt_attr, wakeup->packet_present_len,
11468 wakeup->packet))
11469 goto free_msg;
11470 }
11471
11472 nla_nest_end(msg, reasons);
11473 }
11474
11475 genlmsg_end(msg, hdr);
11476
11477 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11478 NL80211_MCGRP_MLME, gfp);
11479 return;
11480
11481 free_msg:
11482 nlmsg_free(msg);
11483 }
11484 EXPORT_SYMBOL(cfg80211_report_wowlan_wakeup);
11485 #endif
11486
11487 void cfg80211_tdls_oper_request(struct net_device *dev, const u8 *peer,
11488 enum nl80211_tdls_operation oper,
11489 u16 reason_code, gfp_t gfp)
11490 {
11491 struct wireless_dev *wdev = dev->ieee80211_ptr;
11492 struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy);
11493 struct sk_buff *msg;
11494 void *hdr;
11495
11496 trace_cfg80211_tdls_oper_request(wdev->wiphy, dev, peer, oper,
11497 reason_code);
11498
11499 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11500 if (!msg)
11501 return;
11502
11503 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_TDLS_OPER);
11504 if (!hdr) {
11505 nlmsg_free(msg);
11506 return;
11507 }
11508
11509 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11510 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
11511 nla_put_u8(msg, NL80211_ATTR_TDLS_OPERATION, oper) ||
11512 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer) ||
11513 (reason_code > 0 &&
11514 nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason_code)))
11515 goto nla_put_failure;
11516
11517 genlmsg_end(msg, hdr);
11518
11519 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11520 NL80211_MCGRP_MLME, gfp);
11521 return;
11522
11523 nla_put_failure:
11524 genlmsg_cancel(msg, hdr);
11525 nlmsg_free(msg);
11526 }
11527 EXPORT_SYMBOL(cfg80211_tdls_oper_request);
11528
11529 static int nl80211_netlink_notify(struct notifier_block * nb,
11530 unsigned long state,
11531 void *_notify)
11532 {
11533 struct netlink_notify *notify = _notify;
11534 struct cfg80211_registered_device *rdev;
11535 struct wireless_dev *wdev;
11536 struct cfg80211_beacon_registration *reg, *tmp;
11537
11538 if (state != NETLINK_URELEASE)
11539 return NOTIFY_DONE;
11540
11541 rcu_read_lock();
11542
11543 list_for_each_entry_rcu(rdev, &cfg80211_rdev_list, list) {
11544 list_for_each_entry_rcu(wdev, &rdev->wdev_list, list)
11545 cfg80211_mlme_unregister_socket(wdev, notify->portid);
11546
11547 spin_lock_bh(&rdev->beacon_registrations_lock);
11548 list_for_each_entry_safe(reg, tmp, &rdev->beacon_registrations,
11549 list) {
11550 if (reg->nlportid == notify->portid) {
11551 list_del(&reg->list);
11552 kfree(reg);
11553 break;
11554 }
11555 }
11556 spin_unlock_bh(&rdev->beacon_registrations_lock);
11557 }
11558
11559 rcu_read_unlock();
11560
11561 return NOTIFY_DONE;
11562 }
11563
11564 static struct notifier_block nl80211_netlink_notifier = {
11565 .notifier_call = nl80211_netlink_notify,
11566 };
11567
11568 void cfg80211_ft_event(struct net_device *netdev,
11569 struct cfg80211_ft_event_params *ft_event)
11570 {
11571 struct wiphy *wiphy = netdev->ieee80211_ptr->wiphy;
11572 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
11573 struct sk_buff *msg;
11574 void *hdr;
11575
11576 trace_cfg80211_ft_event(wiphy, netdev, ft_event);
11577
11578 if (!ft_event->target_ap)
11579 return;
11580
11581 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
11582 if (!msg)
11583 return;
11584
11585 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FT_EVENT);
11586 if (!hdr)
11587 goto out;
11588
11589 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11590 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
11591 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, ft_event->target_ap))
11592 goto out;
11593
11594 if (ft_event->ies &&
11595 nla_put(msg, NL80211_ATTR_IE, ft_event->ies_len, ft_event->ies))
11596 goto out;
11597 if (ft_event->ric_ies &&
11598 nla_put(msg, NL80211_ATTR_IE_RIC, ft_event->ric_ies_len,
11599 ft_event->ric_ies))
11600 goto out;
11601
11602 genlmsg_end(msg, hdr);
11603
11604 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11605 NL80211_MCGRP_MLME, GFP_KERNEL);
11606 return;
11607 out:
11608 nlmsg_free(msg);
11609 }
11610 EXPORT_SYMBOL(cfg80211_ft_event);
11611
11612 void cfg80211_crit_proto_stopped(struct wireless_dev *wdev, gfp_t gfp)
11613 {
11614 struct cfg80211_registered_device *rdev;
11615 struct sk_buff *msg;
11616 void *hdr;
11617 u32 nlportid;
11618
11619 rdev = wiphy_to_dev(wdev->wiphy);
11620 if (!rdev->crit_proto_nlportid)
11621 return;
11622
11623 nlportid = rdev->crit_proto_nlportid;
11624 rdev->crit_proto_nlportid = 0;
11625
11626 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11627 if (!msg)
11628 return;
11629
11630 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CRIT_PROTOCOL_STOP);
11631 if (!hdr)
11632 goto nla_put_failure;
11633
11634 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11635 nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
11636 goto nla_put_failure;
11637
11638 genlmsg_end(msg, hdr);
11639
11640 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
11641 return;
11642
11643 nla_put_failure:
11644 if (hdr)
11645 genlmsg_cancel(msg, hdr);
11646 nlmsg_free(msg);
11647
11648 }
11649 EXPORT_SYMBOL(cfg80211_crit_proto_stopped);
11650
11651 /* initialisation/exit functions */
11652
11653 int nl80211_init(void)
11654 {
11655 int err;
11656
11657 err = genl_register_family_with_ops_groups(&nl80211_fam, nl80211_ops,
11658 nl80211_mcgrps);
11659 if (err)
11660 return err;
11661
11662 err = netlink_register_notifier(&nl80211_netlink_notifier);
11663 if (err)
11664 goto err_out;
11665
11666 return 0;
11667 err_out:
11668 genl_unregister_family(&nl80211_fam);
11669 return err;
11670 }
11671
11672 void nl80211_exit(void)
11673 {
11674 netlink_unregister_notifier(&nl80211_netlink_notifier);
11675 genl_unregister_family(&nl80211_fam);
11676 }
ubuntu-bionic-kernel mirror