]> git.proxmox.com Git - mirror_ubuntu-kernels.git/blob - net/wireless/nl80211.c
projects / mirror_ubuntu-kernels.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge tag 'modules-for-v5.13' of git://git.kernel.org/pub/scm/linux/kernel/git/jeyu...
[mirror_ubuntu-kernels.git] / net / wireless / nl80211.c
1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * This is the new netlink-based wireless configuration interface.
4 *
5 * Copyright 2006-2010 Johannes Berg <johannes@sipsolutions.net>
6 * Copyright 2013-2014 Intel Mobile Communications GmbH
7 * Copyright 2015-2017 Intel Deutschland GmbH
8 * Copyright (C) 2018-2021 Intel Corporation
9 */
10
11 #include <linux/if.h>
12 #include <linux/module.h>
13 #include <linux/err.h>
14 #include <linux/slab.h>
15 #include <linux/list.h>
16 #include <linux/if_ether.h>
17 #include <linux/ieee80211.h>
18 #include <linux/nl80211.h>
19 #include <linux/rtnetlink.h>
20 #include <linux/netlink.h>
21 #include <linux/nospec.h>
22 #include <linux/etherdevice.h>
23 #include <linux/if_vlan.h>
24 #include <net/net_namespace.h>
25 #include <net/genetlink.h>
26 #include <net/cfg80211.h>
27 #include <net/sock.h>
28 #include <net/inet_connection_sock.h>
29 #include "core.h"
30 #include "nl80211.h"
31 #include "reg.h"
32 #include "rdev-ops.h"
33
34 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
35 struct genl_info *info,
36 struct cfg80211_crypto_settings *settings,
37 int cipher_limit);
38
39 /* the netlink family */
40 static struct genl_family nl80211_fam;
41
42 /* multicast groups */
43 enum nl80211_multicast_groups {
44 NL80211_MCGRP_CONFIG,
45 NL80211_MCGRP_SCAN,
46 NL80211_MCGRP_REGULATORY,
47 NL80211_MCGRP_MLME,
48 NL80211_MCGRP_VENDOR,
49 NL80211_MCGRP_NAN,
50 NL80211_MCGRP_TESTMODE /* keep last - ifdef! */
51 };
52
53 static const struct genl_multicast_group nl80211_mcgrps[] = {
54 [NL80211_MCGRP_CONFIG] = { .name = NL80211_MULTICAST_GROUP_CONFIG },
55 [NL80211_MCGRP_SCAN] = { .name = NL80211_MULTICAST_GROUP_SCAN },
56 [NL80211_MCGRP_REGULATORY] = { .name = NL80211_MULTICAST_GROUP_REG },
57 [NL80211_MCGRP_MLME] = { .name = NL80211_MULTICAST_GROUP_MLME },
58 [NL80211_MCGRP_VENDOR] = { .name = NL80211_MULTICAST_GROUP_VENDOR },
59 [NL80211_MCGRP_NAN] = { .name = NL80211_MULTICAST_GROUP_NAN },
60 #ifdef CONFIG_NL80211_TESTMODE
61 [NL80211_MCGRP_TESTMODE] = { .name = NL80211_MULTICAST_GROUP_TESTMODE }
62 #endif
63 };
64
65 /* returns ERR_PTR values */
66 static struct wireless_dev *
67 __cfg80211_wdev_from_attrs(struct cfg80211_registered_device *rdev,
68 struct net *netns, struct nlattr **attrs)
69 {
70 struct wireless_dev *result = NULL;
71 bool have_ifidx = attrs[NL80211_ATTR_IFINDEX];
72 bool have_wdev_id = attrs[NL80211_ATTR_WDEV];
73 u64 wdev_id = 0;
74 int wiphy_idx = -1;
75 int ifidx = -1;
76
77 if (!have_ifidx && !have_wdev_id)
78 return ERR_PTR(-EINVAL);
79
80 if (have_ifidx)
81 ifidx = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
82 if (have_wdev_id) {
83 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
84 wiphy_idx = wdev_id >> 32;
85 }
86
87 if (rdev) {
88 struct wireless_dev *wdev;
89
90 lockdep_assert_held(&rdev->wiphy.mtx);
91
92 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
93 if (have_ifidx && wdev->netdev &&
94 wdev->netdev->ifindex == ifidx) {
95 result = wdev;
96 break;
97 }
98 if (have_wdev_id && wdev->identifier == (u32)wdev_id) {
99 result = wdev;
100 break;
101 }
102 }
103
104 return result ?: ERR_PTR(-ENODEV);
105 }
106
107 ASSERT_RTNL();
108
109 list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
110 struct wireless_dev *wdev;
111
112 if (wiphy_net(&rdev->wiphy) != netns)
113 continue;
114
115 if (have_wdev_id && rdev->wiphy_idx != wiphy_idx)
116 continue;
117
118 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
119 if (have_ifidx && wdev->netdev &&
120 wdev->netdev->ifindex == ifidx) {
121 result = wdev;
122 break;
123 }
124 if (have_wdev_id && wdev->identifier == (u32)wdev_id) {
125 result = wdev;
126 break;
127 }
128 }
129
130 if (result)
131 break;
132 }
133
134 if (result)
135 return result;
136 return ERR_PTR(-ENODEV);
137 }
138
139 static struct cfg80211_registered_device *
140 __cfg80211_rdev_from_attrs(struct net *netns, struct nlattr **attrs)
141 {
142 struct cfg80211_registered_device *rdev = NULL, *tmp;
143 struct net_device *netdev;
144
145 ASSERT_RTNL();
146
147 if (!attrs[NL80211_ATTR_WIPHY] &&
148 !attrs[NL80211_ATTR_IFINDEX] &&
149 !attrs[NL80211_ATTR_WDEV])
150 return ERR_PTR(-EINVAL);
151
152 if (attrs[NL80211_ATTR_WIPHY])
153 rdev = cfg80211_rdev_by_wiphy_idx(
154 nla_get_u32(attrs[NL80211_ATTR_WIPHY]));
155
156 if (attrs[NL80211_ATTR_WDEV]) {
157 u64 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
158 struct wireless_dev *wdev;
159 bool found = false;
160
161 tmp = cfg80211_rdev_by_wiphy_idx(wdev_id >> 32);
162 if (tmp) {
163 /* make sure wdev exists */
164 list_for_each_entry(wdev, &tmp->wiphy.wdev_list, list) {
165 if (wdev->identifier != (u32)wdev_id)
166 continue;
167 found = true;
168 break;
169 }
170
171 if (!found)
172 tmp = NULL;
173
174 if (rdev && tmp != rdev)
175 return ERR_PTR(-EINVAL);
176 rdev = tmp;
177 }
178 }
179
180 if (attrs[NL80211_ATTR_IFINDEX]) {
181 int ifindex = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
182
183 netdev = __dev_get_by_index(netns, ifindex);
184 if (netdev) {
185 if (netdev->ieee80211_ptr)
186 tmp = wiphy_to_rdev(
187 netdev->ieee80211_ptr->wiphy);
188 else
189 tmp = NULL;
190
191 /* not wireless device -- return error */
192 if (!tmp)
193 return ERR_PTR(-EINVAL);
194
195 /* mismatch -- return error */
196 if (rdev && tmp != rdev)
197 return ERR_PTR(-EINVAL);
198
199 rdev = tmp;
200 }
201 }
202
203 if (!rdev)
204 return ERR_PTR(-ENODEV);
205
206 if (netns != wiphy_net(&rdev->wiphy))
207 return ERR_PTR(-ENODEV);
208
209 return rdev;
210 }
211
212 /*
213 * This function returns a pointer to the driver
214 * that the genl_info item that is passed refers to.
215 *
216 * The result of this can be a PTR_ERR and hence must
217 * be checked with IS_ERR() for errors.
218 */
219 static struct cfg80211_registered_device *
220 cfg80211_get_dev_from_info(struct net *netns, struct genl_info *info)
221 {
222 return __cfg80211_rdev_from_attrs(netns, info->attrs);
223 }
224
225 static int validate_beacon_head(const struct nlattr *attr,
226 struct netlink_ext_ack *extack)
227 {
228 const u8 *data = nla_data(attr);
229 unsigned int len = nla_len(attr);
230 const struct element *elem;
231 const struct ieee80211_mgmt *mgmt = (void *)data;
232 unsigned int fixedlen, hdrlen;
233 bool s1g_bcn;
234
235 if (len < offsetofend(typeof(*mgmt), frame_control))
236 goto err;
237
238 s1g_bcn = ieee80211_is_s1g_beacon(mgmt->frame_control);
239 if (s1g_bcn) {
240 fixedlen = offsetof(struct ieee80211_ext,
241 u.s1g_beacon.variable);
242 hdrlen = offsetof(struct ieee80211_ext, u.s1g_beacon);
243 } else {
244 fixedlen = offsetof(struct ieee80211_mgmt,
245 u.beacon.variable);
246 hdrlen = offsetof(struct ieee80211_mgmt, u.beacon);
247 }
248
249 if (len < fixedlen)
250 goto err;
251
252 if (ieee80211_hdrlen(mgmt->frame_control) != hdrlen)
253 goto err;
254
255 data += fixedlen;
256 len -= fixedlen;
257
258 for_each_element(elem, data, len) {
259 /* nothing */
260 }
261
262 if (for_each_element_completed(elem, data, len))
263 return 0;
264
265 err:
266 NL_SET_ERR_MSG_ATTR(extack, attr, "malformed beacon head");
267 return -EINVAL;
268 }
269
270 static int validate_ie_attr(const struct nlattr *attr,
271 struct netlink_ext_ack *extack)
272 {
273 const u8 *data = nla_data(attr);
274 unsigned int len = nla_len(attr);
275 const struct element *elem;
276
277 for_each_element(elem, data, len) {
278 /* nothing */
279 }
280
281 if (for_each_element_completed(elem, data, len))
282 return 0;
283
284 NL_SET_ERR_MSG_ATTR(extack, attr, "malformed information elements");
285 return -EINVAL;
286 }
287
288 /* policy for the attributes */
289 static const struct nla_policy nl80211_policy[NUM_NL80211_ATTR];
290
291 static const struct nla_policy
292 nl80211_ftm_responder_policy[NL80211_FTM_RESP_ATTR_MAX + 1] = {
293 [NL80211_FTM_RESP_ATTR_ENABLED] = { .type = NLA_FLAG, },
294 [NL80211_FTM_RESP_ATTR_LCI] = { .type = NLA_BINARY,
295 .len = U8_MAX },
296 [NL80211_FTM_RESP_ATTR_CIVICLOC] = { .type = NLA_BINARY,
297 .len = U8_MAX },
298 };
299
300 static const struct nla_policy
301 nl80211_pmsr_ftm_req_attr_policy[NL80211_PMSR_FTM_REQ_ATTR_MAX + 1] = {
302 [NL80211_PMSR_FTM_REQ_ATTR_ASAP] = { .type = NLA_FLAG },
303 [NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE] = { .type = NLA_U32 },
304 [NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP] =
305 NLA_POLICY_MAX(NLA_U8, 15),
306 [NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD] = { .type = NLA_U16 },
307 [NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION] =
308 NLA_POLICY_MAX(NLA_U8, 15),
309 [NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST] =
310 NLA_POLICY_MAX(NLA_U8, 31),
311 [NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES] = { .type = NLA_U8 },
312 [NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI] = { .type = NLA_FLAG },
313 [NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC] = { .type = NLA_FLAG },
314 [NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED] = { .type = NLA_FLAG },
315 [NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED] = { .type = NLA_FLAG },
316 [NL80211_PMSR_FTM_REQ_ATTR_LMR_FEEDBACK] = { .type = NLA_FLAG },
317 };
318
319 static const struct nla_policy
320 nl80211_pmsr_req_data_policy[NL80211_PMSR_TYPE_MAX + 1] = {
321 [NL80211_PMSR_TYPE_FTM] =
322 NLA_POLICY_NESTED(nl80211_pmsr_ftm_req_attr_policy),
323 };
324
325 static const struct nla_policy
326 nl80211_pmsr_req_attr_policy[NL80211_PMSR_REQ_ATTR_MAX + 1] = {
327 [NL80211_PMSR_REQ_ATTR_DATA] =
328 NLA_POLICY_NESTED(nl80211_pmsr_req_data_policy),
329 [NL80211_PMSR_REQ_ATTR_GET_AP_TSF] = { .type = NLA_FLAG },
330 };
331
332 static const struct nla_policy
333 nl80211_psmr_peer_attr_policy[NL80211_PMSR_PEER_ATTR_MAX + 1] = {
334 [NL80211_PMSR_PEER_ATTR_ADDR] = NLA_POLICY_ETH_ADDR,
335 [NL80211_PMSR_PEER_ATTR_CHAN] = NLA_POLICY_NESTED(nl80211_policy),
336 [NL80211_PMSR_PEER_ATTR_REQ] =
337 NLA_POLICY_NESTED(nl80211_pmsr_req_attr_policy),
338 [NL80211_PMSR_PEER_ATTR_RESP] = { .type = NLA_REJECT },
339 };
340
341 static const struct nla_policy
342 nl80211_pmsr_attr_policy[NL80211_PMSR_ATTR_MAX + 1] = {
343 [NL80211_PMSR_ATTR_MAX_PEERS] = { .type = NLA_REJECT },
344 [NL80211_PMSR_ATTR_REPORT_AP_TSF] = { .type = NLA_REJECT },
345 [NL80211_PMSR_ATTR_RANDOMIZE_MAC_ADDR] = { .type = NLA_REJECT },
346 [NL80211_PMSR_ATTR_TYPE_CAPA] = { .type = NLA_REJECT },
347 [NL80211_PMSR_ATTR_PEERS] =
348 NLA_POLICY_NESTED_ARRAY(nl80211_psmr_peer_attr_policy),
349 };
350
351 static const struct nla_policy
352 he_obss_pd_policy[NL80211_HE_OBSS_PD_ATTR_MAX + 1] = {
353 [NL80211_HE_OBSS_PD_ATTR_MIN_OFFSET] =
354 NLA_POLICY_RANGE(NLA_U8, 1, 20),
355 [NL80211_HE_OBSS_PD_ATTR_MAX_OFFSET] =
356 NLA_POLICY_RANGE(NLA_U8, 1, 20),
357 [NL80211_HE_OBSS_PD_ATTR_NON_SRG_MAX_OFFSET] =
358 NLA_POLICY_RANGE(NLA_U8, 1, 20),
359 [NL80211_HE_OBSS_PD_ATTR_BSS_COLOR_BITMAP] =
360 NLA_POLICY_EXACT_LEN(8),
361 [NL80211_HE_OBSS_PD_ATTR_PARTIAL_BSSID_BITMAP] =
362 NLA_POLICY_EXACT_LEN(8),
363 [NL80211_HE_OBSS_PD_ATTR_SR_CTRL] = { .type = NLA_U8 },
364 };
365
366 static const struct nla_policy
367 he_bss_color_policy[NL80211_HE_BSS_COLOR_ATTR_MAX + 1] = {
368 [NL80211_HE_BSS_COLOR_ATTR_COLOR] = NLA_POLICY_RANGE(NLA_U8, 1, 63),
369 [NL80211_HE_BSS_COLOR_ATTR_DISABLED] = { .type = NLA_FLAG },
370 [NL80211_HE_BSS_COLOR_ATTR_PARTIAL] = { .type = NLA_FLAG },
371 };
372
373 static const struct nla_policy nl80211_txattr_policy[NL80211_TXRATE_MAX + 1] = {
374 [NL80211_TXRATE_LEGACY] = { .type = NLA_BINARY,
375 .len = NL80211_MAX_SUPP_RATES },
376 [NL80211_TXRATE_HT] = { .type = NLA_BINARY,
377 .len = NL80211_MAX_SUPP_HT_RATES },
378 [NL80211_TXRATE_VHT] = NLA_POLICY_EXACT_LEN_WARN(sizeof(struct nl80211_txrate_vht)),
379 [NL80211_TXRATE_GI] = { .type = NLA_U8 },
380 [NL80211_TXRATE_HE] = NLA_POLICY_EXACT_LEN(sizeof(struct nl80211_txrate_he)),
381 [NL80211_TXRATE_HE_GI] = NLA_POLICY_RANGE(NLA_U8,
382 NL80211_RATE_INFO_HE_GI_0_8,
383 NL80211_RATE_INFO_HE_GI_3_2),
384 [NL80211_TXRATE_HE_LTF] = NLA_POLICY_RANGE(NLA_U8,
385 NL80211_RATE_INFO_HE_1XLTF,
386 NL80211_RATE_INFO_HE_4XLTF),
387 };
388
389 static const struct nla_policy
390 nl80211_tid_config_attr_policy[NL80211_TID_CONFIG_ATTR_MAX + 1] = {
391 [NL80211_TID_CONFIG_ATTR_VIF_SUPP] = { .type = NLA_U64 },
392 [NL80211_TID_CONFIG_ATTR_PEER_SUPP] = { .type = NLA_U64 },
393 [NL80211_TID_CONFIG_ATTR_OVERRIDE] = { .type = NLA_FLAG },
394 [NL80211_TID_CONFIG_ATTR_TIDS] = NLA_POLICY_RANGE(NLA_U16, 1, 0xff),
395 [NL80211_TID_CONFIG_ATTR_NOACK] =
396 NLA_POLICY_MAX(NLA_U8, NL80211_TID_CONFIG_DISABLE),
397 [NL80211_TID_CONFIG_ATTR_RETRY_SHORT] = NLA_POLICY_MIN(NLA_U8, 1),
398 [NL80211_TID_CONFIG_ATTR_RETRY_LONG] = NLA_POLICY_MIN(NLA_U8, 1),
399 [NL80211_TID_CONFIG_ATTR_AMPDU_CTRL] =
400 NLA_POLICY_MAX(NLA_U8, NL80211_TID_CONFIG_DISABLE),
401 [NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL] =
402 NLA_POLICY_MAX(NLA_U8, NL80211_TID_CONFIG_DISABLE),
403 [NL80211_TID_CONFIG_ATTR_AMSDU_CTRL] =
404 NLA_POLICY_MAX(NLA_U8, NL80211_TID_CONFIG_DISABLE),
405 [NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE] =
406 NLA_POLICY_MAX(NLA_U8, NL80211_TX_RATE_FIXED),
407 [NL80211_TID_CONFIG_ATTR_TX_RATE] =
408 NLA_POLICY_NESTED(nl80211_txattr_policy),
409 };
410
411 static const struct nla_policy
412 nl80211_fils_discovery_policy[NL80211_FILS_DISCOVERY_ATTR_MAX + 1] = {
413 [NL80211_FILS_DISCOVERY_ATTR_INT_MIN] = NLA_POLICY_MAX(NLA_U32, 10000),
414 [NL80211_FILS_DISCOVERY_ATTR_INT_MAX] = NLA_POLICY_MAX(NLA_U32, 10000),
415 [NL80211_FILS_DISCOVERY_ATTR_TMPL] =
416 NLA_POLICY_RANGE(NLA_BINARY,
417 NL80211_FILS_DISCOVERY_TMPL_MIN_LEN,
418 IEEE80211_MAX_DATA_LEN),
419 };
420
421 static const struct nla_policy
422 nl80211_unsol_bcast_probe_resp_policy[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_MAX + 1] = {
423 [NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_INT] = NLA_POLICY_MAX(NLA_U32, 20),
424 [NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_TMPL] = { .type = NLA_BINARY,
425 .len = IEEE80211_MAX_DATA_LEN }
426 };
427
428 static const struct nla_policy
429 sar_specs_policy[NL80211_SAR_ATTR_SPECS_MAX + 1] = {
430 [NL80211_SAR_ATTR_SPECS_POWER] = { .type = NLA_S32 },
431 [NL80211_SAR_ATTR_SPECS_RANGE_INDEX] = {.type = NLA_U32 },
432 };
433
434 static const struct nla_policy
435 sar_policy[NL80211_SAR_ATTR_MAX + 1] = {
436 [NL80211_SAR_ATTR_TYPE] = NLA_POLICY_MAX(NLA_U32, NUM_NL80211_SAR_TYPE),
437 [NL80211_SAR_ATTR_SPECS] = NLA_POLICY_NESTED_ARRAY(sar_specs_policy),
438 };
439
440 static const struct nla_policy nl80211_policy[NUM_NL80211_ATTR] = {
441 [0] = { .strict_start_type = NL80211_ATTR_HE_OBSS_PD },
442 [NL80211_ATTR_WIPHY] = { .type = NLA_U32 },
443 [NL80211_ATTR_WIPHY_NAME] = { .type = NLA_NUL_STRING,
444 .len = 20-1 },
445 [NL80211_ATTR_WIPHY_TXQ_PARAMS] = { .type = NLA_NESTED },
446
447 [NL80211_ATTR_WIPHY_FREQ] = { .type = NLA_U32 },
448 [NL80211_ATTR_WIPHY_CHANNEL_TYPE] = { .type = NLA_U32 },
449 [NL80211_ATTR_WIPHY_EDMG_CHANNELS] = NLA_POLICY_RANGE(NLA_U8,
450 NL80211_EDMG_CHANNELS_MIN,
451 NL80211_EDMG_CHANNELS_MAX),
452 [NL80211_ATTR_WIPHY_EDMG_BW_CONFIG] = NLA_POLICY_RANGE(NLA_U8,
453 NL80211_EDMG_BW_CONFIG_MIN,
454 NL80211_EDMG_BW_CONFIG_MAX),
455
456 [NL80211_ATTR_CHANNEL_WIDTH] = { .type = NLA_U32 },
457 [NL80211_ATTR_CENTER_FREQ1] = { .type = NLA_U32 },
458 [NL80211_ATTR_CENTER_FREQ1_OFFSET] = NLA_POLICY_RANGE(NLA_U32, 0, 999),
459 [NL80211_ATTR_CENTER_FREQ2] = { .type = NLA_U32 },
460
461 [NL80211_ATTR_WIPHY_RETRY_SHORT] = NLA_POLICY_MIN(NLA_U8, 1),
462 [NL80211_ATTR_WIPHY_RETRY_LONG] = NLA_POLICY_MIN(NLA_U8, 1),
463 [NL80211_ATTR_WIPHY_FRAG_THRESHOLD] = { .type = NLA_U32 },
464 [NL80211_ATTR_WIPHY_RTS_THRESHOLD] = { .type = NLA_U32 },
465 [NL80211_ATTR_WIPHY_COVERAGE_CLASS] = { .type = NLA_U8 },
466 [NL80211_ATTR_WIPHY_DYN_ACK] = { .type = NLA_FLAG },
467
468 [NL80211_ATTR_IFTYPE] = NLA_POLICY_MAX(NLA_U32, NL80211_IFTYPE_MAX),
469 [NL80211_ATTR_IFINDEX] = { .type = NLA_U32 },
470 [NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 },
471
472 [NL80211_ATTR_MAC] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
473 [NL80211_ATTR_PREV_BSSID] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
474
475 [NL80211_ATTR_KEY] = { .type = NLA_NESTED, },
476 [NL80211_ATTR_KEY_DATA] = { .type = NLA_BINARY,
477 .len = WLAN_MAX_KEY_LEN },
478 [NL80211_ATTR_KEY_IDX] = NLA_POLICY_MAX(NLA_U8, 7),
479 [NL80211_ATTR_KEY_CIPHER] = { .type = NLA_U32 },
480 [NL80211_ATTR_KEY_DEFAULT] = { .type = NLA_FLAG },
481 [NL80211_ATTR_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
482 [NL80211_ATTR_KEY_TYPE] =
483 NLA_POLICY_MAX(NLA_U32, NUM_NL80211_KEYTYPES),
484
485 [NL80211_ATTR_BEACON_INTERVAL] = { .type = NLA_U32 },
486 [NL80211_ATTR_DTIM_PERIOD] = { .type = NLA_U32 },
487 [NL80211_ATTR_BEACON_HEAD] =
488 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_beacon_head,
489 IEEE80211_MAX_DATA_LEN),
490 [NL80211_ATTR_BEACON_TAIL] =
491 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
492 IEEE80211_MAX_DATA_LEN),
493 [NL80211_ATTR_STA_AID] =
494 NLA_POLICY_RANGE(NLA_U16, 1, IEEE80211_MAX_AID),
495 [NL80211_ATTR_STA_FLAGS] = { .type = NLA_NESTED },
496 [NL80211_ATTR_STA_LISTEN_INTERVAL] = { .type = NLA_U16 },
497 [NL80211_ATTR_STA_SUPPORTED_RATES] = { .type = NLA_BINARY,
498 .len = NL80211_MAX_SUPP_RATES },
499 [NL80211_ATTR_STA_PLINK_ACTION] =
500 NLA_POLICY_MAX(NLA_U8, NUM_NL80211_PLINK_ACTIONS - 1),
501 [NL80211_ATTR_STA_TX_POWER_SETTING] =
502 NLA_POLICY_RANGE(NLA_U8,
503 NL80211_TX_POWER_AUTOMATIC,
504 NL80211_TX_POWER_FIXED),
505 [NL80211_ATTR_STA_TX_POWER] = { .type = NLA_S16 },
506 [NL80211_ATTR_STA_VLAN] = { .type = NLA_U32 },
507 [NL80211_ATTR_MNTR_FLAGS] = { /* NLA_NESTED can't be empty */ },
508 [NL80211_ATTR_MESH_ID] = { .type = NLA_BINARY,
509 .len = IEEE80211_MAX_MESH_ID_LEN },
510 [NL80211_ATTR_MPATH_NEXT_HOP] = NLA_POLICY_ETH_ADDR_COMPAT,
511
512 [NL80211_ATTR_REG_ALPHA2] = { .type = NLA_STRING, .len = 2 },
513 [NL80211_ATTR_REG_RULES] = { .type = NLA_NESTED },
514
515 [NL80211_ATTR_BSS_CTS_PROT] = { .type = NLA_U8 },
516 [NL80211_ATTR_BSS_SHORT_PREAMBLE] = { .type = NLA_U8 },
517 [NL80211_ATTR_BSS_SHORT_SLOT_TIME] = { .type = NLA_U8 },
518 [NL80211_ATTR_BSS_BASIC_RATES] = { .type = NLA_BINARY,
519 .len = NL80211_MAX_SUPP_RATES },
520 [NL80211_ATTR_BSS_HT_OPMODE] = { .type = NLA_U16 },
521
522 [NL80211_ATTR_MESH_CONFIG] = { .type = NLA_NESTED },
523 [NL80211_ATTR_SUPPORT_MESH_AUTH] = { .type = NLA_FLAG },
524
525 [NL80211_ATTR_HT_CAPABILITY] = NLA_POLICY_EXACT_LEN_WARN(NL80211_HT_CAPABILITY_LEN),
526
527 [NL80211_ATTR_MGMT_SUBTYPE] = { .type = NLA_U8 },
528 [NL80211_ATTR_IE] = NLA_POLICY_VALIDATE_FN(NLA_BINARY,
529 validate_ie_attr,
530 IEEE80211_MAX_DATA_LEN),
531 [NL80211_ATTR_SCAN_FREQUENCIES] = { .type = NLA_NESTED },
532 [NL80211_ATTR_SCAN_SSIDS] = { .type = NLA_NESTED },
533
534 [NL80211_ATTR_SSID] = { .type = NLA_BINARY,
535 .len = IEEE80211_MAX_SSID_LEN },
536 [NL80211_ATTR_AUTH_TYPE] = { .type = NLA_U32 },
537 [NL80211_ATTR_REASON_CODE] = { .type = NLA_U16 },
538 [NL80211_ATTR_FREQ_FIXED] = { .type = NLA_FLAG },
539 [NL80211_ATTR_TIMED_OUT] = { .type = NLA_FLAG },
540 [NL80211_ATTR_USE_MFP] = NLA_POLICY_RANGE(NLA_U32,
541 NL80211_MFP_NO,
542 NL80211_MFP_OPTIONAL),
543 [NL80211_ATTR_STA_FLAGS2] = {
544 .len = sizeof(struct nl80211_sta_flag_update),
545 },
546 [NL80211_ATTR_CONTROL_PORT] = { .type = NLA_FLAG },
547 [NL80211_ATTR_CONTROL_PORT_ETHERTYPE] = { .type = NLA_U16 },
548 [NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT] = { .type = NLA_FLAG },
549 [NL80211_ATTR_CONTROL_PORT_OVER_NL80211] = { .type = NLA_FLAG },
550 [NL80211_ATTR_PRIVACY] = { .type = NLA_FLAG },
551 [NL80211_ATTR_STATUS_CODE] = { .type = NLA_U16 },
552 [NL80211_ATTR_CIPHER_SUITE_GROUP] = { .type = NLA_U32 },
553 [NL80211_ATTR_WPA_VERSIONS] = { .type = NLA_U32 },
554 [NL80211_ATTR_PID] = { .type = NLA_U32 },
555 [NL80211_ATTR_4ADDR] = { .type = NLA_U8 },
556 [NL80211_ATTR_PMKID] = NLA_POLICY_EXACT_LEN_WARN(WLAN_PMKID_LEN),
557 [NL80211_ATTR_DURATION] = { .type = NLA_U32 },
558 [NL80211_ATTR_COOKIE] = { .type = NLA_U64 },
559 [NL80211_ATTR_TX_RATES] = { .type = NLA_NESTED },
560 [NL80211_ATTR_FRAME] = { .type = NLA_BINARY,
561 .len = IEEE80211_MAX_DATA_LEN },
562 [NL80211_ATTR_FRAME_MATCH] = { .type = NLA_BINARY, },
563 [NL80211_ATTR_PS_STATE] = NLA_POLICY_RANGE(NLA_U32,
564 NL80211_PS_DISABLED,
565 NL80211_PS_ENABLED),
566 [NL80211_ATTR_CQM] = { .type = NLA_NESTED, },
567 [NL80211_ATTR_LOCAL_STATE_CHANGE] = { .type = NLA_FLAG },
568 [NL80211_ATTR_AP_ISOLATE] = { .type = NLA_U8 },
569 [NL80211_ATTR_WIPHY_TX_POWER_SETTING] = { .type = NLA_U32 },
570 [NL80211_ATTR_WIPHY_TX_POWER_LEVEL] = { .type = NLA_U32 },
571 [NL80211_ATTR_FRAME_TYPE] = { .type = NLA_U16 },
572 [NL80211_ATTR_WIPHY_ANTENNA_TX] = { .type = NLA_U32 },
573 [NL80211_ATTR_WIPHY_ANTENNA_RX] = { .type = NLA_U32 },
574 [NL80211_ATTR_MCAST_RATE] = { .type = NLA_U32 },
575 [NL80211_ATTR_OFFCHANNEL_TX_OK] = { .type = NLA_FLAG },
576 [NL80211_ATTR_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
577 [NL80211_ATTR_WOWLAN_TRIGGERS] = { .type = NLA_NESTED },
578 [NL80211_ATTR_STA_PLINK_STATE] =
579 NLA_POLICY_MAX(NLA_U8, NUM_NL80211_PLINK_STATES - 1),
580 [NL80211_ATTR_MEASUREMENT_DURATION] = { .type = NLA_U16 },
581 [NL80211_ATTR_MEASUREMENT_DURATION_MANDATORY] = { .type = NLA_FLAG },
582 [NL80211_ATTR_MESH_PEER_AID] =
583 NLA_POLICY_RANGE(NLA_U16, 1, IEEE80211_MAX_AID),
584 [NL80211_ATTR_SCHED_SCAN_INTERVAL] = { .type = NLA_U32 },
585 [NL80211_ATTR_REKEY_DATA] = { .type = NLA_NESTED },
586 [NL80211_ATTR_SCAN_SUPP_RATES] = { .type = NLA_NESTED },
587 [NL80211_ATTR_HIDDEN_SSID] =
588 NLA_POLICY_RANGE(NLA_U32,
589 NL80211_HIDDEN_SSID_NOT_IN_USE,
590 NL80211_HIDDEN_SSID_ZERO_CONTENTS),
591 [NL80211_ATTR_IE_PROBE_RESP] =
592 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
593 IEEE80211_MAX_DATA_LEN),
594 [NL80211_ATTR_IE_ASSOC_RESP] =
595 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
596 IEEE80211_MAX_DATA_LEN),
597 [NL80211_ATTR_ROAM_SUPPORT] = { .type = NLA_FLAG },
598 [NL80211_ATTR_SCHED_SCAN_MATCH] = { .type = NLA_NESTED },
599 [NL80211_ATTR_TX_NO_CCK_RATE] = { .type = NLA_FLAG },
600 [NL80211_ATTR_TDLS_ACTION] = { .type = NLA_U8 },
601 [NL80211_ATTR_TDLS_DIALOG_TOKEN] = { .type = NLA_U8 },
602 [NL80211_ATTR_TDLS_OPERATION] = { .type = NLA_U8 },
603 [NL80211_ATTR_TDLS_SUPPORT] = { .type = NLA_FLAG },
604 [NL80211_ATTR_TDLS_EXTERNAL_SETUP] = { .type = NLA_FLAG },
605 [NL80211_ATTR_TDLS_INITIATOR] = { .type = NLA_FLAG },
606 [NL80211_ATTR_DONT_WAIT_FOR_ACK] = { .type = NLA_FLAG },
607 [NL80211_ATTR_PROBE_RESP] = { .type = NLA_BINARY,
608 .len = IEEE80211_MAX_DATA_LEN },
609 [NL80211_ATTR_DFS_REGION] = { .type = NLA_U8 },
610 [NL80211_ATTR_DISABLE_HT] = { .type = NLA_FLAG },
611 [NL80211_ATTR_HT_CAPABILITY_MASK] = {
612 .len = NL80211_HT_CAPABILITY_LEN
613 },
614 [NL80211_ATTR_NOACK_MAP] = { .type = NLA_U16 },
615 [NL80211_ATTR_INACTIVITY_TIMEOUT] = { .type = NLA_U16 },
616 [NL80211_ATTR_BG_SCAN_PERIOD] = { .type = NLA_U16 },
617 [NL80211_ATTR_WDEV] = { .type = NLA_U64 },
618 [NL80211_ATTR_USER_REG_HINT_TYPE] = { .type = NLA_U32 },
619
620 /* need to include at least Auth Transaction and Status Code */
621 [NL80211_ATTR_AUTH_DATA] = NLA_POLICY_MIN_LEN(4),
622
623 [NL80211_ATTR_VHT_CAPABILITY] = NLA_POLICY_EXACT_LEN_WARN(NL80211_VHT_CAPABILITY_LEN),
624 [NL80211_ATTR_SCAN_FLAGS] = { .type = NLA_U32 },
625 [NL80211_ATTR_P2P_CTWINDOW] = NLA_POLICY_MAX(NLA_U8, 127),
626 [NL80211_ATTR_P2P_OPPPS] = NLA_POLICY_MAX(NLA_U8, 1),
627 [NL80211_ATTR_LOCAL_MESH_POWER_MODE] =
628 NLA_POLICY_RANGE(NLA_U32,
629 NL80211_MESH_POWER_UNKNOWN + 1,
630 NL80211_MESH_POWER_MAX),
631 [NL80211_ATTR_ACL_POLICY] = {. type = NLA_U32 },
632 [NL80211_ATTR_MAC_ADDRS] = { .type = NLA_NESTED },
633 [NL80211_ATTR_STA_CAPABILITY] = { .type = NLA_U16 },
634 [NL80211_ATTR_STA_EXT_CAPABILITY] = { .type = NLA_BINARY, },
635 [NL80211_ATTR_SPLIT_WIPHY_DUMP] = { .type = NLA_FLAG, },
636 [NL80211_ATTR_DISABLE_VHT] = { .type = NLA_FLAG },
637 [NL80211_ATTR_VHT_CAPABILITY_MASK] = {
638 .len = NL80211_VHT_CAPABILITY_LEN,
639 },
640 [NL80211_ATTR_MDID] = { .type = NLA_U16 },
641 [NL80211_ATTR_IE_RIC] = { .type = NLA_BINARY,
642 .len = IEEE80211_MAX_DATA_LEN },
643 [NL80211_ATTR_CRIT_PROT_ID] = { .type = NLA_U16 },
644 [NL80211_ATTR_MAX_CRIT_PROT_DURATION] =
645 NLA_POLICY_MAX(NLA_U16, NL80211_CRIT_PROTO_MAX_DURATION),
646 [NL80211_ATTR_PEER_AID] =
647 NLA_POLICY_RANGE(NLA_U16, 1, IEEE80211_MAX_AID),
648 [NL80211_ATTR_CH_SWITCH_COUNT] = { .type = NLA_U32 },
649 [NL80211_ATTR_CH_SWITCH_BLOCK_TX] = { .type = NLA_FLAG },
650 [NL80211_ATTR_CSA_IES] = { .type = NLA_NESTED },
651 [NL80211_ATTR_CNTDWN_OFFS_BEACON] = { .type = NLA_BINARY },
652 [NL80211_ATTR_CNTDWN_OFFS_PRESP] = { .type = NLA_BINARY },
653 [NL80211_ATTR_STA_SUPPORTED_CHANNELS] = NLA_POLICY_MIN_LEN(2),
654 /*
655 * The value of the Length field of the Supported Operating
656 * Classes element is between 2 and 253.
657 */
658 [NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES] =
659 NLA_POLICY_RANGE(NLA_BINARY, 2, 253),
660 [NL80211_ATTR_HANDLE_DFS] = { .type = NLA_FLAG },
661 [NL80211_ATTR_OPMODE_NOTIF] = { .type = NLA_U8 },
662 [NL80211_ATTR_VENDOR_ID] = { .type = NLA_U32 },
663 [NL80211_ATTR_VENDOR_SUBCMD] = { .type = NLA_U32 },
664 [NL80211_ATTR_VENDOR_DATA] = { .type = NLA_BINARY },
665 [NL80211_ATTR_QOS_MAP] = NLA_POLICY_RANGE(NLA_BINARY,
666 IEEE80211_QOS_MAP_LEN_MIN,
667 IEEE80211_QOS_MAP_LEN_MAX),
668 [NL80211_ATTR_MAC_HINT] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
669 [NL80211_ATTR_WIPHY_FREQ_HINT] = { .type = NLA_U32 },
670 [NL80211_ATTR_TDLS_PEER_CAPABILITY] = { .type = NLA_U32 },
671 [NL80211_ATTR_SOCKET_OWNER] = { .type = NLA_FLAG },
672 [NL80211_ATTR_CSA_C_OFFSETS_TX] = { .type = NLA_BINARY },
673 [NL80211_ATTR_USE_RRM] = { .type = NLA_FLAG },
674 [NL80211_ATTR_TSID] = NLA_POLICY_MAX(NLA_U8, IEEE80211_NUM_TIDS - 1),
675 [NL80211_ATTR_USER_PRIO] =
676 NLA_POLICY_MAX(NLA_U8, IEEE80211_NUM_UPS - 1),
677 [NL80211_ATTR_ADMITTED_TIME] = { .type = NLA_U16 },
678 [NL80211_ATTR_SMPS_MODE] = { .type = NLA_U8 },
679 [NL80211_ATTR_OPER_CLASS] = { .type = NLA_U8 },
680 [NL80211_ATTR_MAC_MASK] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
681 [NL80211_ATTR_WIPHY_SELF_MANAGED_REG] = { .type = NLA_FLAG },
682 [NL80211_ATTR_NETNS_FD] = { .type = NLA_U32 },
683 [NL80211_ATTR_SCHED_SCAN_DELAY] = { .type = NLA_U32 },
684 [NL80211_ATTR_REG_INDOOR] = { .type = NLA_FLAG },
685 [NL80211_ATTR_PBSS] = { .type = NLA_FLAG },
686 [NL80211_ATTR_BSS_SELECT] = { .type = NLA_NESTED },
687 [NL80211_ATTR_STA_SUPPORT_P2P_PS] =
688 NLA_POLICY_MAX(NLA_U8, NUM_NL80211_P2P_PS_STATUS - 1),
689 [NL80211_ATTR_MU_MIMO_GROUP_DATA] = {
690 .len = VHT_MUMIMO_GROUPS_DATA_LEN
691 },
692 [NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
693 [NL80211_ATTR_NAN_MASTER_PREF] = NLA_POLICY_MIN(NLA_U8, 1),
694 [NL80211_ATTR_BANDS] = { .type = NLA_U32 },
695 [NL80211_ATTR_NAN_FUNC] = { .type = NLA_NESTED },
696 [NL80211_ATTR_FILS_KEK] = { .type = NLA_BINARY,
697 .len = FILS_MAX_KEK_LEN },
698 [NL80211_ATTR_FILS_NONCES] = NLA_POLICY_EXACT_LEN_WARN(2 * FILS_NONCE_LEN),
699 [NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED] = { .type = NLA_FLAG, },
700 [NL80211_ATTR_BSSID] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
701 [NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI] = { .type = NLA_S8 },
702 [NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST] = {
703 .len = sizeof(struct nl80211_bss_select_rssi_adjust)
704 },
705 [NL80211_ATTR_TIMEOUT_REASON] = { .type = NLA_U32 },
706 [NL80211_ATTR_FILS_ERP_USERNAME] = { .type = NLA_BINARY,
707 .len = FILS_ERP_MAX_USERNAME_LEN },
708 [NL80211_ATTR_FILS_ERP_REALM] = { .type = NLA_BINARY,
709 .len = FILS_ERP_MAX_REALM_LEN },
710 [NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] = { .type = NLA_U16 },
711 [NL80211_ATTR_FILS_ERP_RRK] = { .type = NLA_BINARY,
712 .len = FILS_ERP_MAX_RRK_LEN },
713 [NL80211_ATTR_FILS_CACHE_ID] = NLA_POLICY_EXACT_LEN_WARN(2),
714 [NL80211_ATTR_PMK] = { .type = NLA_BINARY, .len = PMK_MAX_LEN },
715 [NL80211_ATTR_PMKR0_NAME] = NLA_POLICY_EXACT_LEN(WLAN_PMK_NAME_LEN),
716 [NL80211_ATTR_SCHED_SCAN_MULTI] = { .type = NLA_FLAG },
717 [NL80211_ATTR_EXTERNAL_AUTH_SUPPORT] = { .type = NLA_FLAG },
718
719 [NL80211_ATTR_TXQ_LIMIT] = { .type = NLA_U32 },
720 [NL80211_ATTR_TXQ_MEMORY_LIMIT] = { .type = NLA_U32 },
721 [NL80211_ATTR_TXQ_QUANTUM] = { .type = NLA_U32 },
722 [NL80211_ATTR_HE_CAPABILITY] =
723 NLA_POLICY_RANGE(NLA_BINARY,
724 NL80211_HE_MIN_CAPABILITY_LEN,
725 NL80211_HE_MAX_CAPABILITY_LEN),
726 [NL80211_ATTR_FTM_RESPONDER] =
727 NLA_POLICY_NESTED(nl80211_ftm_responder_policy),
728 [NL80211_ATTR_TIMEOUT] = NLA_POLICY_MIN(NLA_U32, 1),
729 [NL80211_ATTR_PEER_MEASUREMENTS] =
730 NLA_POLICY_NESTED(nl80211_pmsr_attr_policy),
731 [NL80211_ATTR_AIRTIME_WEIGHT] = NLA_POLICY_MIN(NLA_U16, 1),
732 [NL80211_ATTR_SAE_PASSWORD] = { .type = NLA_BINARY,
733 .len = SAE_PASSWORD_MAX_LEN },
734 [NL80211_ATTR_TWT_RESPONDER] = { .type = NLA_FLAG },
735 [NL80211_ATTR_HE_OBSS_PD] = NLA_POLICY_NESTED(he_obss_pd_policy),
736 [NL80211_ATTR_VLAN_ID] = NLA_POLICY_RANGE(NLA_U16, 1, VLAN_N_VID - 2),
737 [NL80211_ATTR_HE_BSS_COLOR] = NLA_POLICY_NESTED(he_bss_color_policy),
738 [NL80211_ATTR_TID_CONFIG] =
739 NLA_POLICY_NESTED_ARRAY(nl80211_tid_config_attr_policy),
740 [NL80211_ATTR_CONTROL_PORT_NO_PREAUTH] = { .type = NLA_FLAG },
741 [NL80211_ATTR_PMK_LIFETIME] = NLA_POLICY_MIN(NLA_U32, 1),
742 [NL80211_ATTR_PMK_REAUTH_THRESHOLD] = NLA_POLICY_RANGE(NLA_U8, 1, 100),
743 [NL80211_ATTR_RECEIVE_MULTICAST] = { .type = NLA_FLAG },
744 [NL80211_ATTR_WIPHY_FREQ_OFFSET] = NLA_POLICY_RANGE(NLA_U32, 0, 999),
745 [NL80211_ATTR_SCAN_FREQ_KHZ] = { .type = NLA_NESTED },
746 [NL80211_ATTR_HE_6GHZ_CAPABILITY] =
747 NLA_POLICY_EXACT_LEN(sizeof(struct ieee80211_he_6ghz_capa)),
748 [NL80211_ATTR_FILS_DISCOVERY] =
749 NLA_POLICY_NESTED(nl80211_fils_discovery_policy),
750 [NL80211_ATTR_UNSOL_BCAST_PROBE_RESP] =
751 NLA_POLICY_NESTED(nl80211_unsol_bcast_probe_resp_policy),
752 [NL80211_ATTR_S1G_CAPABILITY] =
753 NLA_POLICY_EXACT_LEN(IEEE80211_S1G_CAPABILITY_LEN),
754 [NL80211_ATTR_S1G_CAPABILITY_MASK] =
755 NLA_POLICY_EXACT_LEN(IEEE80211_S1G_CAPABILITY_LEN),
756 [NL80211_ATTR_SAE_PWE] =
757 NLA_POLICY_RANGE(NLA_U8, NL80211_SAE_PWE_HUNT_AND_PECK,
758 NL80211_SAE_PWE_BOTH),
759 [NL80211_ATTR_RECONNECT_REQUESTED] = { .type = NLA_REJECT },
760 [NL80211_ATTR_SAR_SPEC] = NLA_POLICY_NESTED(sar_policy),
761 [NL80211_ATTR_DISABLE_HE] = { .type = NLA_FLAG },
762 };
763
764 /* policy for the key attributes */
765 static const struct nla_policy nl80211_key_policy[NL80211_KEY_MAX + 1] = {
766 [NL80211_KEY_DATA] = { .type = NLA_BINARY, .len = WLAN_MAX_KEY_LEN },
767 [NL80211_KEY_IDX] = { .type = NLA_U8 },
768 [NL80211_KEY_CIPHER] = { .type = NLA_U32 },
769 [NL80211_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
770 [NL80211_KEY_DEFAULT] = { .type = NLA_FLAG },
771 [NL80211_KEY_DEFAULT_MGMT] = { .type = NLA_FLAG },
772 [NL80211_KEY_TYPE] = NLA_POLICY_MAX(NLA_U32, NUM_NL80211_KEYTYPES - 1),
773 [NL80211_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
774 [NL80211_KEY_MODE] = NLA_POLICY_RANGE(NLA_U8, 0, NL80211_KEY_SET_TX),
775 };
776
777 /* policy for the key default flags */
778 static const struct nla_policy
779 nl80211_key_default_policy[NUM_NL80211_KEY_DEFAULT_TYPES] = {
780 [NL80211_KEY_DEFAULT_TYPE_UNICAST] = { .type = NLA_FLAG },
781 [NL80211_KEY_DEFAULT_TYPE_MULTICAST] = { .type = NLA_FLAG },
782 };
783
784 #ifdef CONFIG_PM
785 /* policy for WoWLAN attributes */
786 static const struct nla_policy
787 nl80211_wowlan_policy[NUM_NL80211_WOWLAN_TRIG] = {
788 [NL80211_WOWLAN_TRIG_ANY] = { .type = NLA_FLAG },
789 [NL80211_WOWLAN_TRIG_DISCONNECT] = { .type = NLA_FLAG },
790 [NL80211_WOWLAN_TRIG_MAGIC_PKT] = { .type = NLA_FLAG },
791 [NL80211_WOWLAN_TRIG_PKT_PATTERN] = { .type = NLA_NESTED },
792 [NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE] = { .type = NLA_FLAG },
793 [NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST] = { .type = NLA_FLAG },
794 [NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE] = { .type = NLA_FLAG },
795 [NL80211_WOWLAN_TRIG_RFKILL_RELEASE] = { .type = NLA_FLAG },
796 [NL80211_WOWLAN_TRIG_TCP_CONNECTION] = { .type = NLA_NESTED },
797 [NL80211_WOWLAN_TRIG_NET_DETECT] = { .type = NLA_NESTED },
798 };
799
800 static const struct nla_policy
801 nl80211_wowlan_tcp_policy[NUM_NL80211_WOWLAN_TCP] = {
802 [NL80211_WOWLAN_TCP_SRC_IPV4] = { .type = NLA_U32 },
803 [NL80211_WOWLAN_TCP_DST_IPV4] = { .type = NLA_U32 },
804 [NL80211_WOWLAN_TCP_DST_MAC] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
805 [NL80211_WOWLAN_TCP_SRC_PORT] = { .type = NLA_U16 },
806 [NL80211_WOWLAN_TCP_DST_PORT] = { .type = NLA_U16 },
807 [NL80211_WOWLAN_TCP_DATA_PAYLOAD] = NLA_POLICY_MIN_LEN(1),
808 [NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ] = {
809 .len = sizeof(struct nl80211_wowlan_tcp_data_seq)
810 },
811 [NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN] = {
812 .len = sizeof(struct nl80211_wowlan_tcp_data_token)
813 },
814 [NL80211_WOWLAN_TCP_DATA_INTERVAL] = { .type = NLA_U32 },
815 [NL80211_WOWLAN_TCP_WAKE_PAYLOAD] = NLA_POLICY_MIN_LEN(1),
816 [NL80211_WOWLAN_TCP_WAKE_MASK] = NLA_POLICY_MIN_LEN(1),
817 };
818 #endif /* CONFIG_PM */
819
820 /* policy for coalesce rule attributes */
821 static const struct nla_policy
822 nl80211_coalesce_policy[NUM_NL80211_ATTR_COALESCE_RULE] = {
823 [NL80211_ATTR_COALESCE_RULE_DELAY] = { .type = NLA_U32 },
824 [NL80211_ATTR_COALESCE_RULE_CONDITION] =
825 NLA_POLICY_RANGE(NLA_U32,
826 NL80211_COALESCE_CONDITION_MATCH,
827 NL80211_COALESCE_CONDITION_NO_MATCH),
828 [NL80211_ATTR_COALESCE_RULE_PKT_PATTERN] = { .type = NLA_NESTED },
829 };
830
831 /* policy for GTK rekey offload attributes */
832 static const struct nla_policy
833 nl80211_rekey_policy[NUM_NL80211_REKEY_DATA] = {
834 [NL80211_REKEY_DATA_KEK] = {
835 .type = NLA_BINARY,
836 .len = NL80211_KEK_EXT_LEN
837 },
838 [NL80211_REKEY_DATA_KCK] = {
839 .type = NLA_BINARY,
840 .len = NL80211_KCK_EXT_LEN
841 },
842 [NL80211_REKEY_DATA_REPLAY_CTR] = NLA_POLICY_EXACT_LEN(NL80211_REPLAY_CTR_LEN),
843 [NL80211_REKEY_DATA_AKM] = { .type = NLA_U32 },
844 };
845
846 static const struct nla_policy
847 nl80211_match_band_rssi_policy[NUM_NL80211_BANDS] = {
848 [NL80211_BAND_2GHZ] = { .type = NLA_S32 },
849 [NL80211_BAND_5GHZ] = { .type = NLA_S32 },
850 [NL80211_BAND_6GHZ] = { .type = NLA_S32 },
851 [NL80211_BAND_60GHZ] = { .type = NLA_S32 },
852 };
853
854 static const struct nla_policy
855 nl80211_match_policy[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1] = {
856 [NL80211_SCHED_SCAN_MATCH_ATTR_SSID] = { .type = NLA_BINARY,
857 .len = IEEE80211_MAX_SSID_LEN },
858 [NL80211_SCHED_SCAN_MATCH_ATTR_BSSID] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
859 [NL80211_SCHED_SCAN_MATCH_ATTR_RSSI] = { .type = NLA_U32 },
860 [NL80211_SCHED_SCAN_MATCH_PER_BAND_RSSI] =
861 NLA_POLICY_NESTED(nl80211_match_band_rssi_policy),
862 };
863
864 static const struct nla_policy
865 nl80211_plan_policy[NL80211_SCHED_SCAN_PLAN_MAX + 1] = {
866 [NL80211_SCHED_SCAN_PLAN_INTERVAL] = { .type = NLA_U32 },
867 [NL80211_SCHED_SCAN_PLAN_ITERATIONS] = { .type = NLA_U32 },
868 };
869
870 static const struct nla_policy
871 nl80211_bss_select_policy[NL80211_BSS_SELECT_ATTR_MAX + 1] = {
872 [NL80211_BSS_SELECT_ATTR_RSSI] = { .type = NLA_FLAG },
873 [NL80211_BSS_SELECT_ATTR_BAND_PREF] = { .type = NLA_U32 },
874 [NL80211_BSS_SELECT_ATTR_RSSI_ADJUST] = {
875 .len = sizeof(struct nl80211_bss_select_rssi_adjust)
876 },
877 };
878
879 /* policy for NAN function attributes */
880 static const struct nla_policy
881 nl80211_nan_func_policy[NL80211_NAN_FUNC_ATTR_MAX + 1] = {
882 [NL80211_NAN_FUNC_TYPE] =
883 NLA_POLICY_MAX(NLA_U8, NL80211_NAN_FUNC_MAX_TYPE),
884 [NL80211_NAN_FUNC_SERVICE_ID] = {
885 .len = NL80211_NAN_FUNC_SERVICE_ID_LEN },
886 [NL80211_NAN_FUNC_PUBLISH_TYPE] = { .type = NLA_U8 },
887 [NL80211_NAN_FUNC_PUBLISH_BCAST] = { .type = NLA_FLAG },
888 [NL80211_NAN_FUNC_SUBSCRIBE_ACTIVE] = { .type = NLA_FLAG },
889 [NL80211_NAN_FUNC_FOLLOW_UP_ID] = { .type = NLA_U8 },
890 [NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID] = { .type = NLA_U8 },
891 [NL80211_NAN_FUNC_FOLLOW_UP_DEST] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
892 [NL80211_NAN_FUNC_CLOSE_RANGE] = { .type = NLA_FLAG },
893 [NL80211_NAN_FUNC_TTL] = { .type = NLA_U32 },
894 [NL80211_NAN_FUNC_SERVICE_INFO] = { .type = NLA_BINARY,
895 .len = NL80211_NAN_FUNC_SERVICE_SPEC_INFO_MAX_LEN },
896 [NL80211_NAN_FUNC_SRF] = { .type = NLA_NESTED },
897 [NL80211_NAN_FUNC_RX_MATCH_FILTER] = { .type = NLA_NESTED },
898 [NL80211_NAN_FUNC_TX_MATCH_FILTER] = { .type = NLA_NESTED },
899 [NL80211_NAN_FUNC_INSTANCE_ID] = { .type = NLA_U8 },
900 [NL80211_NAN_FUNC_TERM_REASON] = { .type = NLA_U8 },
901 };
902
903 /* policy for Service Response Filter attributes */
904 static const struct nla_policy
905 nl80211_nan_srf_policy[NL80211_NAN_SRF_ATTR_MAX + 1] = {
906 [NL80211_NAN_SRF_INCLUDE] = { .type = NLA_FLAG },
907 [NL80211_NAN_SRF_BF] = { .type = NLA_BINARY,
908 .len = NL80211_NAN_FUNC_SRF_MAX_LEN },
909 [NL80211_NAN_SRF_BF_IDX] = { .type = NLA_U8 },
910 [NL80211_NAN_SRF_MAC_ADDRS] = { .type = NLA_NESTED },
911 };
912
913 /* policy for packet pattern attributes */
914 static const struct nla_policy
915 nl80211_packet_pattern_policy[MAX_NL80211_PKTPAT + 1] = {
916 [NL80211_PKTPAT_MASK] = { .type = NLA_BINARY, },
917 [NL80211_PKTPAT_PATTERN] = { .type = NLA_BINARY, },
918 [NL80211_PKTPAT_OFFSET] = { .type = NLA_U32 },
919 };
920
921 int nl80211_prepare_wdev_dump(struct netlink_callback *cb,
922 struct cfg80211_registered_device **rdev,
923 struct wireless_dev **wdev)
924 {
925 int err;
926
927 if (!cb->args[0]) {
928 struct nlattr **attrbuf;
929
930 attrbuf = kcalloc(NUM_NL80211_ATTR, sizeof(*attrbuf),
931 GFP_KERNEL);
932 if (!attrbuf)
933 return -ENOMEM;
934
935 err = nlmsg_parse_deprecated(cb->nlh,
936 GENL_HDRLEN + nl80211_fam.hdrsize,
937 attrbuf, nl80211_fam.maxattr,
938 nl80211_policy, NULL);
939 if (err) {
940 kfree(attrbuf);
941 return err;
942 }
943
944 rtnl_lock();
945 *wdev = __cfg80211_wdev_from_attrs(NULL, sock_net(cb->skb->sk),
946 attrbuf);
947 kfree(attrbuf);
948 if (IS_ERR(*wdev)) {
949 rtnl_unlock();
950 return PTR_ERR(*wdev);
951 }
952 *rdev = wiphy_to_rdev((*wdev)->wiphy);
953 mutex_lock(&(*rdev)->wiphy.mtx);
954 rtnl_unlock();
955 /* 0 is the first index - add 1 to parse only once */
956 cb->args[0] = (*rdev)->wiphy_idx + 1;
957 cb->args[1] = (*wdev)->identifier;
958 } else {
959 /* subtract the 1 again here */
960 struct wiphy *wiphy;
961 struct wireless_dev *tmp;
962
963 rtnl_lock();
964 wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1);
965 if (!wiphy) {
966 rtnl_unlock();
967 return -ENODEV;
968 }
969 *rdev = wiphy_to_rdev(wiphy);
970 *wdev = NULL;
971
972 list_for_each_entry(tmp, &(*rdev)->wiphy.wdev_list, list) {
973 if (tmp->identifier == cb->args[1]) {
974 *wdev = tmp;
975 break;
976 }
977 }
978
979 if (!*wdev) {
980 rtnl_unlock();
981 return -ENODEV;
982 }
983 mutex_lock(&(*rdev)->wiphy.mtx);
984 rtnl_unlock();
985 }
986
987 return 0;
988 }
989
990 /* message building helper */
991 void *nl80211hdr_put(struct sk_buff *skb, u32 portid, u32 seq,
992 int flags, u8 cmd)
993 {
994 /* since there is no private header just add the generic one */
995 return genlmsg_put(skb, portid, seq, &nl80211_fam, flags, cmd);
996 }
997
998 static int nl80211_msg_put_wmm_rules(struct sk_buff *msg,
999 const struct ieee80211_reg_rule *rule)
1000 {
1001 int j;
1002 struct nlattr *nl_wmm_rules =
1003 nla_nest_start_noflag(msg, NL80211_FREQUENCY_ATTR_WMM);
1004
1005 if (!nl_wmm_rules)
1006 goto nla_put_failure;
1007
1008 for (j = 0; j < IEEE80211_NUM_ACS; j++) {
1009 struct nlattr *nl_wmm_rule = nla_nest_start_noflag(msg, j);
1010
1011 if (!nl_wmm_rule)
1012 goto nla_put_failure;
1013
1014 if (nla_put_u16(msg, NL80211_WMMR_CW_MIN,
1015 rule->wmm_rule.client[j].cw_min) ||
1016 nla_put_u16(msg, NL80211_WMMR_CW_MAX,
1017 rule->wmm_rule.client[j].cw_max) ||
1018 nla_put_u8(msg, NL80211_WMMR_AIFSN,
1019 rule->wmm_rule.client[j].aifsn) ||
1020 nla_put_u16(msg, NL80211_WMMR_TXOP,
1021 rule->wmm_rule.client[j].cot))
1022 goto nla_put_failure;
1023
1024 nla_nest_end(msg, nl_wmm_rule);
1025 }
1026 nla_nest_end(msg, nl_wmm_rules);
1027
1028 return 0;
1029
1030 nla_put_failure:
1031 return -ENOBUFS;
1032 }
1033
1034 static int nl80211_msg_put_channel(struct sk_buff *msg, struct wiphy *wiphy,
1035 struct ieee80211_channel *chan,
1036 bool large)
1037 {
1038 /* Some channels must be completely excluded from the
1039 * list to protect old user-space tools from breaking
1040 */
1041 if (!large && chan->flags &
1042 (IEEE80211_CHAN_NO_10MHZ | IEEE80211_CHAN_NO_20MHZ))
1043 return 0;
1044 if (!large && chan->freq_offset)
1045 return 0;
1046
1047 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_FREQ,
1048 chan->center_freq))
1049 goto nla_put_failure;
1050
1051 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_OFFSET, chan->freq_offset))
1052 goto nla_put_failure;
1053
1054 if ((chan->flags & IEEE80211_CHAN_DISABLED) &&
1055 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_DISABLED))
1056 goto nla_put_failure;
1057 if (chan->flags & IEEE80211_CHAN_NO_IR) {
1058 if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_IR))
1059 goto nla_put_failure;
1060 if (nla_put_flag(msg, __NL80211_FREQUENCY_ATTR_NO_IBSS))
1061 goto nla_put_failure;
1062 }
1063 if (chan->flags & IEEE80211_CHAN_RADAR) {
1064 if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_RADAR))
1065 goto nla_put_failure;
1066 if (large) {
1067 u32 time;
1068
1069 time = elapsed_jiffies_msecs(chan->dfs_state_entered);
1070
1071 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_STATE,
1072 chan->dfs_state))
1073 goto nla_put_failure;
1074 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_TIME,
1075 time))
1076 goto nla_put_failure;
1077 if (nla_put_u32(msg,
1078 NL80211_FREQUENCY_ATTR_DFS_CAC_TIME,
1079 chan->dfs_cac_ms))
1080 goto nla_put_failure;
1081 }
1082 }
1083
1084 if (large) {
1085 if ((chan->flags & IEEE80211_CHAN_NO_HT40MINUS) &&
1086 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_MINUS))
1087 goto nla_put_failure;
1088 if ((chan->flags & IEEE80211_CHAN_NO_HT40PLUS) &&
1089 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_PLUS))
1090 goto nla_put_failure;
1091 if ((chan->flags & IEEE80211_CHAN_NO_80MHZ) &&
1092 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_80MHZ))
1093 goto nla_put_failure;
1094 if ((chan->flags & IEEE80211_CHAN_NO_160MHZ) &&
1095 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_160MHZ))
1096 goto nla_put_failure;
1097 if ((chan->flags & IEEE80211_CHAN_INDOOR_ONLY) &&
1098 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_INDOOR_ONLY))
1099 goto nla_put_failure;
1100 if ((chan->flags & IEEE80211_CHAN_IR_CONCURRENT) &&
1101 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_IR_CONCURRENT))
1102 goto nla_put_failure;
1103 if ((chan->flags & IEEE80211_CHAN_NO_20MHZ) &&
1104 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_20MHZ))
1105 goto nla_put_failure;
1106 if ((chan->flags & IEEE80211_CHAN_NO_10MHZ) &&
1107 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_10MHZ))
1108 goto nla_put_failure;
1109 if ((chan->flags & IEEE80211_CHAN_NO_HE) &&
1110 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HE))
1111 goto nla_put_failure;
1112 if ((chan->flags & IEEE80211_CHAN_1MHZ) &&
1113 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_1MHZ))
1114 goto nla_put_failure;
1115 if ((chan->flags & IEEE80211_CHAN_2MHZ) &&
1116 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_2MHZ))
1117 goto nla_put_failure;
1118 if ((chan->flags & IEEE80211_CHAN_4MHZ) &&
1119 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_4MHZ))
1120 goto nla_put_failure;
1121 if ((chan->flags & IEEE80211_CHAN_8MHZ) &&
1122 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_8MHZ))
1123 goto nla_put_failure;
1124 if ((chan->flags & IEEE80211_CHAN_16MHZ) &&
1125 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_16MHZ))
1126 goto nla_put_failure;
1127 }
1128
1129 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_MAX_TX_POWER,
1130 DBM_TO_MBM(chan->max_power)))
1131 goto nla_put_failure;
1132
1133 if (large) {
1134 const struct ieee80211_reg_rule *rule =
1135 freq_reg_info(wiphy, MHZ_TO_KHZ(chan->center_freq));
1136
1137 if (!IS_ERR_OR_NULL(rule) && rule->has_wmm) {
1138 if (nl80211_msg_put_wmm_rules(msg, rule))
1139 goto nla_put_failure;
1140 }
1141 }
1142
1143 return 0;
1144
1145 nla_put_failure:
1146 return -ENOBUFS;
1147 }
1148
1149 static bool nl80211_put_txq_stats(struct sk_buff *msg,
1150 struct cfg80211_txq_stats *txqstats,
1151 int attrtype)
1152 {
1153 struct nlattr *txqattr;
1154
1155 #define PUT_TXQVAL_U32(attr, memb) do { \
1156 if (txqstats->filled & BIT(NL80211_TXQ_STATS_ ## attr) && \
1157 nla_put_u32(msg, NL80211_TXQ_STATS_ ## attr, txqstats->memb)) \
1158 return false; \
1159 } while (0)
1160
1161 txqattr = nla_nest_start_noflag(msg, attrtype);
1162 if (!txqattr)
1163 return false;
1164
1165 PUT_TXQVAL_U32(BACKLOG_BYTES, backlog_bytes);
1166 PUT_TXQVAL_U32(BACKLOG_PACKETS, backlog_packets);
1167 PUT_TXQVAL_U32(FLOWS, flows);
1168 PUT_TXQVAL_U32(DROPS, drops);
1169 PUT_TXQVAL_U32(ECN_MARKS, ecn_marks);
1170 PUT_TXQVAL_U32(OVERLIMIT, overlimit);
1171 PUT_TXQVAL_U32(OVERMEMORY, overmemory);
1172 PUT_TXQVAL_U32(COLLISIONS, collisions);
1173 PUT_TXQVAL_U32(TX_BYTES, tx_bytes);
1174 PUT_TXQVAL_U32(TX_PACKETS, tx_packets);
1175 PUT_TXQVAL_U32(MAX_FLOWS, max_flows);
1176 nla_nest_end(msg, txqattr);
1177
1178 #undef PUT_TXQVAL_U32
1179 return true;
1180 }
1181
1182 /* netlink command implementations */
1183
1184 struct key_parse {
1185 struct key_params p;
1186 int idx;
1187 int type;
1188 bool def, defmgmt, defbeacon;
1189 bool def_uni, def_multi;
1190 };
1191
1192 static int nl80211_parse_key_new(struct genl_info *info, struct nlattr *key,
1193 struct key_parse *k)
1194 {
1195 struct nlattr *tb[NL80211_KEY_MAX + 1];
1196 int err = nla_parse_nested_deprecated(tb, NL80211_KEY_MAX, key,
1197 nl80211_key_policy,
1198 info->extack);
1199 if (err)
1200 return err;
1201
1202 k->def = !!tb[NL80211_KEY_DEFAULT];
1203 k->defmgmt = !!tb[NL80211_KEY_DEFAULT_MGMT];
1204 k->defbeacon = !!tb[NL80211_KEY_DEFAULT_BEACON];
1205
1206 if (k->def) {
1207 k->def_uni = true;
1208 k->def_multi = true;
1209 }
1210 if (k->defmgmt || k->defbeacon)
1211 k->def_multi = true;
1212
1213 if (tb[NL80211_KEY_IDX])
1214 k->idx = nla_get_u8(tb[NL80211_KEY_IDX]);
1215
1216 if (tb[NL80211_KEY_DATA]) {
1217 k->p.key = nla_data(tb[NL80211_KEY_DATA]);
1218 k->p.key_len = nla_len(tb[NL80211_KEY_DATA]);
1219 }
1220
1221 if (tb[NL80211_KEY_SEQ]) {
1222 k->p.seq = nla_data(tb[NL80211_KEY_SEQ]);
1223 k->p.seq_len = nla_len(tb[NL80211_KEY_SEQ]);
1224 }
1225
1226 if (tb[NL80211_KEY_CIPHER])
1227 k->p.cipher = nla_get_u32(tb[NL80211_KEY_CIPHER]);
1228
1229 if (tb[NL80211_KEY_TYPE])
1230 k->type = nla_get_u32(tb[NL80211_KEY_TYPE]);
1231
1232 if (tb[NL80211_KEY_DEFAULT_TYPES]) {
1233 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
1234
1235 err = nla_parse_nested_deprecated(kdt,
1236 NUM_NL80211_KEY_DEFAULT_TYPES - 1,
1237 tb[NL80211_KEY_DEFAULT_TYPES],
1238 nl80211_key_default_policy,
1239 info->extack);
1240 if (err)
1241 return err;
1242
1243 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
1244 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
1245 }
1246
1247 if (tb[NL80211_KEY_MODE])
1248 k->p.mode = nla_get_u8(tb[NL80211_KEY_MODE]);
1249
1250 return 0;
1251 }
1252
1253 static int nl80211_parse_key_old(struct genl_info *info, struct key_parse *k)
1254 {
1255 if (info->attrs[NL80211_ATTR_KEY_DATA]) {
1256 k->p.key = nla_data(info->attrs[NL80211_ATTR_KEY_DATA]);
1257 k->p.key_len = nla_len(info->attrs[NL80211_ATTR_KEY_DATA]);
1258 }
1259
1260 if (info->attrs[NL80211_ATTR_KEY_SEQ]) {
1261 k->p.seq = nla_data(info->attrs[NL80211_ATTR_KEY_SEQ]);
1262 k->p.seq_len = nla_len(info->attrs[NL80211_ATTR_KEY_SEQ]);
1263 }
1264
1265 if (info->attrs[NL80211_ATTR_KEY_IDX])
1266 k->idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
1267
1268 if (info->attrs[NL80211_ATTR_KEY_CIPHER])
1269 k->p.cipher = nla_get_u32(info->attrs[NL80211_ATTR_KEY_CIPHER]);
1270
1271 k->def = !!info->attrs[NL80211_ATTR_KEY_DEFAULT];
1272 k->defmgmt = !!info->attrs[NL80211_ATTR_KEY_DEFAULT_MGMT];
1273
1274 if (k->def) {
1275 k->def_uni = true;
1276 k->def_multi = true;
1277 }
1278 if (k->defmgmt)
1279 k->def_multi = true;
1280
1281 if (info->attrs[NL80211_ATTR_KEY_TYPE])
1282 k->type = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
1283
1284 if (info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES]) {
1285 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
1286 int err = nla_parse_nested_deprecated(kdt,
1287 NUM_NL80211_KEY_DEFAULT_TYPES - 1,
1288 info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES],
1289 nl80211_key_default_policy,
1290 info->extack);
1291 if (err)
1292 return err;
1293
1294 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
1295 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
1296 }
1297
1298 return 0;
1299 }
1300
1301 static int nl80211_parse_key(struct genl_info *info, struct key_parse *k)
1302 {
1303 int err;
1304
1305 memset(k, 0, sizeof(*k));
1306 k->idx = -1;
1307 k->type = -1;
1308
1309 if (info->attrs[NL80211_ATTR_KEY])
1310 err = nl80211_parse_key_new(info, info->attrs[NL80211_ATTR_KEY], k);
1311 else
1312 err = nl80211_parse_key_old(info, k);
1313
1314 if (err)
1315 return err;
1316
1317 if ((k->def ? 1 : 0) + (k->defmgmt ? 1 : 0) +
1318 (k->defbeacon ? 1 : 0) > 1) {
1319 GENL_SET_ERR_MSG(info,
1320 "key with multiple default flags is invalid");
1321 return -EINVAL;
1322 }
1323
1324 if (k->defmgmt || k->defbeacon) {
1325 if (k->def_uni || !k->def_multi) {
1326 GENL_SET_ERR_MSG(info,
1327 "defmgmt/defbeacon key must be mcast");
1328 return -EINVAL;
1329 }
1330 }
1331
1332 if (k->idx != -1) {
1333 if (k->defmgmt) {
1334 if (k->idx < 4 || k->idx > 5) {
1335 GENL_SET_ERR_MSG(info,
1336 "defmgmt key idx not 4 or 5");
1337 return -EINVAL;
1338 }
1339 } else if (k->defbeacon) {
1340 if (k->idx < 6 || k->idx > 7) {
1341 GENL_SET_ERR_MSG(info,
1342 "defbeacon key idx not 6 or 7");
1343 return -EINVAL;
1344 }
1345 } else if (k->def) {
1346 if (k->idx < 0 || k->idx > 3) {
1347 GENL_SET_ERR_MSG(info, "def key idx not 0-3");
1348 return -EINVAL;
1349 }
1350 } else {
1351 if (k->idx < 0 || k->idx > 7) {
1352 GENL_SET_ERR_MSG(info, "key idx not 0-7");
1353 return -EINVAL;
1354 }
1355 }
1356 }
1357
1358 return 0;
1359 }
1360
1361 static struct cfg80211_cached_keys *
1362 nl80211_parse_connkeys(struct cfg80211_registered_device *rdev,
1363 struct genl_info *info, bool *no_ht)
1364 {
1365 struct nlattr *keys = info->attrs[NL80211_ATTR_KEYS];
1366 struct key_parse parse;
1367 struct nlattr *key;
1368 struct cfg80211_cached_keys *result;
1369 int rem, err, def = 0;
1370 bool have_key = false;
1371
1372 nla_for_each_nested(key, keys, rem) {
1373 have_key = true;
1374 break;
1375 }
1376
1377 if (!have_key)
1378 return NULL;
1379
1380 result = kzalloc(sizeof(*result), GFP_KERNEL);
1381 if (!result)
1382 return ERR_PTR(-ENOMEM);
1383
1384 result->def = -1;
1385
1386 nla_for_each_nested(key, keys, rem) {
1387 memset(&parse, 0, sizeof(parse));
1388 parse.idx = -1;
1389
1390 err = nl80211_parse_key_new(info, key, &parse);
1391 if (err)
1392 goto error;
1393 err = -EINVAL;
1394 if (!parse.p.key)
1395 goto error;
1396 if (parse.idx < 0 || parse.idx > 3) {
1397 GENL_SET_ERR_MSG(info, "key index out of range [0-3]");
1398 goto error;
1399 }
1400 if (parse.def) {
1401 if (def) {
1402 GENL_SET_ERR_MSG(info,
1403 "only one key can be default");
1404 goto error;
1405 }
1406 def = 1;
1407 result->def = parse.idx;
1408 if (!parse.def_uni || !parse.def_multi)
1409 goto error;
1410 } else if (parse.defmgmt)
1411 goto error;
1412 err = cfg80211_validate_key_settings(rdev, &parse.p,
1413 parse.idx, false, NULL);
1414 if (err)
1415 goto error;
1416 if (parse.p.cipher != WLAN_CIPHER_SUITE_WEP40 &&
1417 parse.p.cipher != WLAN_CIPHER_SUITE_WEP104) {
1418 GENL_SET_ERR_MSG(info, "connect key must be WEP");
1419 err = -EINVAL;
1420 goto error;
1421 }
1422 result->params[parse.idx].cipher = parse.p.cipher;
1423 result->params[parse.idx].key_len = parse.p.key_len;
1424 result->params[parse.idx].key = result->data[parse.idx];
1425 memcpy(result->data[parse.idx], parse.p.key, parse.p.key_len);
1426
1427 /* must be WEP key if we got here */
1428 if (no_ht)
1429 *no_ht = true;
1430 }
1431
1432 if (result->def < 0) {
1433 err = -EINVAL;
1434 GENL_SET_ERR_MSG(info, "need a default/TX key");
1435 goto error;
1436 }
1437
1438 return result;
1439 error:
1440 kfree(result);
1441 return ERR_PTR(err);
1442 }
1443
1444 static int nl80211_key_allowed(struct wireless_dev *wdev)
1445 {
1446 ASSERT_WDEV_LOCK(wdev);
1447
1448 switch (wdev->iftype) {
1449 case NL80211_IFTYPE_AP:
1450 case NL80211_IFTYPE_AP_VLAN:
1451 case NL80211_IFTYPE_P2P_GO:
1452 case NL80211_IFTYPE_MESH_POINT:
1453 break;
1454 case NL80211_IFTYPE_ADHOC:
1455 case NL80211_IFTYPE_STATION:
1456 case NL80211_IFTYPE_P2P_CLIENT:
1457 if (!wdev->current_bss)
1458 return -ENOLINK;
1459 break;
1460 case NL80211_IFTYPE_UNSPECIFIED:
1461 case NL80211_IFTYPE_OCB:
1462 case NL80211_IFTYPE_MONITOR:
1463 case NL80211_IFTYPE_NAN:
1464 case NL80211_IFTYPE_P2P_DEVICE:
1465 case NL80211_IFTYPE_WDS:
1466 case NUM_NL80211_IFTYPES:
1467 return -EINVAL;
1468 }
1469
1470 return 0;
1471 }
1472
1473 static struct ieee80211_channel *nl80211_get_valid_chan(struct wiphy *wiphy,
1474 u32 freq)
1475 {
1476 struct ieee80211_channel *chan;
1477
1478 chan = ieee80211_get_channel_khz(wiphy, freq);
1479 if (!chan || chan->flags & IEEE80211_CHAN_DISABLED)
1480 return NULL;
1481 return chan;
1482 }
1483
1484 static int nl80211_put_iftypes(struct sk_buff *msg, u32 attr, u16 ifmodes)
1485 {
1486 struct nlattr *nl_modes = nla_nest_start_noflag(msg, attr);
1487 int i;
1488
1489 if (!nl_modes)
1490 goto nla_put_failure;
1491
1492 i = 0;
1493 while (ifmodes) {
1494 if ((ifmodes & 1) && nla_put_flag(msg, i))
1495 goto nla_put_failure;
1496 ifmodes >>= 1;
1497 i++;
1498 }
1499
1500 nla_nest_end(msg, nl_modes);
1501 return 0;
1502
1503 nla_put_failure:
1504 return -ENOBUFS;
1505 }
1506
1507 static int nl80211_put_iface_combinations(struct wiphy *wiphy,
1508 struct sk_buff *msg,
1509 bool large)
1510 {
1511 struct nlattr *nl_combis;
1512 int i, j;
1513
1514 nl_combis = nla_nest_start_noflag(msg,
1515 NL80211_ATTR_INTERFACE_COMBINATIONS);
1516 if (!nl_combis)
1517 goto nla_put_failure;
1518
1519 for (i = 0; i < wiphy->n_iface_combinations; i++) {
1520 const struct ieee80211_iface_combination *c;
1521 struct nlattr *nl_combi, *nl_limits;
1522
1523 c = &wiphy->iface_combinations[i];
1524
1525 nl_combi = nla_nest_start_noflag(msg, i + 1);
1526 if (!nl_combi)
1527 goto nla_put_failure;
1528
1529 nl_limits = nla_nest_start_noflag(msg,
1530 NL80211_IFACE_COMB_LIMITS);
1531 if (!nl_limits)
1532 goto nla_put_failure;
1533
1534 for (j = 0; j < c->n_limits; j++) {
1535 struct nlattr *nl_limit;
1536
1537 nl_limit = nla_nest_start_noflag(msg, j + 1);
1538 if (!nl_limit)
1539 goto nla_put_failure;
1540 if (nla_put_u32(msg, NL80211_IFACE_LIMIT_MAX,
1541 c->limits[j].max))
1542 goto nla_put_failure;
1543 if (nl80211_put_iftypes(msg, NL80211_IFACE_LIMIT_TYPES,
1544 c->limits[j].types))
1545 goto nla_put_failure;
1546 nla_nest_end(msg, nl_limit);
1547 }
1548
1549 nla_nest_end(msg, nl_limits);
1550
1551 if (c->beacon_int_infra_match &&
1552 nla_put_flag(msg, NL80211_IFACE_COMB_STA_AP_BI_MATCH))
1553 goto nla_put_failure;
1554 if (nla_put_u32(msg, NL80211_IFACE_COMB_NUM_CHANNELS,
1555 c->num_different_channels) ||
1556 nla_put_u32(msg, NL80211_IFACE_COMB_MAXNUM,
1557 c->max_interfaces))
1558 goto nla_put_failure;
1559 if (large &&
1560 (nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_WIDTHS,
1561 c->radar_detect_widths) ||
1562 nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_REGIONS,
1563 c->radar_detect_regions)))
1564 goto nla_put_failure;
1565 if (c->beacon_int_min_gcd &&
1566 nla_put_u32(msg, NL80211_IFACE_COMB_BI_MIN_GCD,
1567 c->beacon_int_min_gcd))
1568 goto nla_put_failure;
1569
1570 nla_nest_end(msg, nl_combi);
1571 }
1572
1573 nla_nest_end(msg, nl_combis);
1574
1575 return 0;
1576 nla_put_failure:
1577 return -ENOBUFS;
1578 }
1579
1580 #ifdef CONFIG_PM
1581 static int nl80211_send_wowlan_tcp_caps(struct cfg80211_registered_device *rdev,
1582 struct sk_buff *msg)
1583 {
1584 const struct wiphy_wowlan_tcp_support *tcp = rdev->wiphy.wowlan->tcp;
1585 struct nlattr *nl_tcp;
1586
1587 if (!tcp)
1588 return 0;
1589
1590 nl_tcp = nla_nest_start_noflag(msg,
1591 NL80211_WOWLAN_TRIG_TCP_CONNECTION);
1592 if (!nl_tcp)
1593 return -ENOBUFS;
1594
1595 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
1596 tcp->data_payload_max))
1597 return -ENOBUFS;
1598
1599 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
1600 tcp->data_payload_max))
1601 return -ENOBUFS;
1602
1603 if (tcp->seq && nla_put_flag(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ))
1604 return -ENOBUFS;
1605
1606 if (tcp->tok && nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
1607 sizeof(*tcp->tok), tcp->tok))
1608 return -ENOBUFS;
1609
1610 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
1611 tcp->data_interval_max))
1612 return -ENOBUFS;
1613
1614 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
1615 tcp->wake_payload_max))
1616 return -ENOBUFS;
1617
1618 nla_nest_end(msg, nl_tcp);
1619 return 0;
1620 }
1621
1622 static int nl80211_send_wowlan(struct sk_buff *msg,
1623 struct cfg80211_registered_device *rdev,
1624 bool large)
1625 {
1626 struct nlattr *nl_wowlan;
1627
1628 if (!rdev->wiphy.wowlan)
1629 return 0;
1630
1631 nl_wowlan = nla_nest_start_noflag(msg,
1632 NL80211_ATTR_WOWLAN_TRIGGERS_SUPPORTED);
1633 if (!nl_wowlan)
1634 return -ENOBUFS;
1635
1636 if (((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_ANY) &&
1637 nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
1638 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_DISCONNECT) &&
1639 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
1640 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT) &&
1641 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
1642 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_SUPPORTS_GTK_REKEY) &&
1643 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED)) ||
1644 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE) &&
1645 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
1646 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ) &&
1647 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
1648 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE) &&
1649 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
1650 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE) &&
1651 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
1652 return -ENOBUFS;
1653
1654 if (rdev->wiphy.wowlan->n_patterns) {
1655 struct nl80211_pattern_support pat = {
1656 .max_patterns = rdev->wiphy.wowlan->n_patterns,
1657 .min_pattern_len = rdev->wiphy.wowlan->pattern_min_len,
1658 .max_pattern_len = rdev->wiphy.wowlan->pattern_max_len,
1659 .max_pkt_offset = rdev->wiphy.wowlan->max_pkt_offset,
1660 };
1661
1662 if (nla_put(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
1663 sizeof(pat), &pat))
1664 return -ENOBUFS;
1665 }
1666
1667 if ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_NET_DETECT) &&
1668 nla_put_u32(msg, NL80211_WOWLAN_TRIG_NET_DETECT,
1669 rdev->wiphy.wowlan->max_nd_match_sets))
1670 return -ENOBUFS;
1671
1672 if (large && nl80211_send_wowlan_tcp_caps(rdev, msg))
1673 return -ENOBUFS;
1674
1675 nla_nest_end(msg, nl_wowlan);
1676
1677 return 0;
1678 }
1679 #endif
1680
1681 static int nl80211_send_coalesce(struct sk_buff *msg,
1682 struct cfg80211_registered_device *rdev)
1683 {
1684 struct nl80211_coalesce_rule_support rule;
1685
1686 if (!rdev->wiphy.coalesce)
1687 return 0;
1688
1689 rule.max_rules = rdev->wiphy.coalesce->n_rules;
1690 rule.max_delay = rdev->wiphy.coalesce->max_delay;
1691 rule.pat.max_patterns = rdev->wiphy.coalesce->n_patterns;
1692 rule.pat.min_pattern_len = rdev->wiphy.coalesce->pattern_min_len;
1693 rule.pat.max_pattern_len = rdev->wiphy.coalesce->pattern_max_len;
1694 rule.pat.max_pkt_offset = rdev->wiphy.coalesce->max_pkt_offset;
1695
1696 if (nla_put(msg, NL80211_ATTR_COALESCE_RULE, sizeof(rule), &rule))
1697 return -ENOBUFS;
1698
1699 return 0;
1700 }
1701
1702 static int
1703 nl80211_send_iftype_data(struct sk_buff *msg,
1704 const struct ieee80211_supported_band *sband,
1705 const struct ieee80211_sband_iftype_data *iftdata)
1706 {
1707 const struct ieee80211_sta_he_cap *he_cap = &iftdata->he_cap;
1708
1709 if (nl80211_put_iftypes(msg, NL80211_BAND_IFTYPE_ATTR_IFTYPES,
1710 iftdata->types_mask))
1711 return -ENOBUFS;
1712
1713 if (he_cap->has_he) {
1714 if (nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_MAC,
1715 sizeof(he_cap->he_cap_elem.mac_cap_info),
1716 he_cap->he_cap_elem.mac_cap_info) ||
1717 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_PHY,
1718 sizeof(he_cap->he_cap_elem.phy_cap_info),
1719 he_cap->he_cap_elem.phy_cap_info) ||
1720 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_MCS_SET,
1721 sizeof(he_cap->he_mcs_nss_supp),
1722 &he_cap->he_mcs_nss_supp) ||
1723 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_PPE,
1724 sizeof(he_cap->ppe_thres), he_cap->ppe_thres))
1725 return -ENOBUFS;
1726 }
1727
1728 if (sband->band == NL80211_BAND_6GHZ &&
1729 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_6GHZ_CAPA,
1730 sizeof(iftdata->he_6ghz_capa),
1731 &iftdata->he_6ghz_capa))
1732 return -ENOBUFS;
1733
1734 return 0;
1735 }
1736
1737 static int nl80211_send_band_rateinfo(struct sk_buff *msg,
1738 struct ieee80211_supported_band *sband,
1739 bool large)
1740 {
1741 struct nlattr *nl_rates, *nl_rate;
1742 struct ieee80211_rate *rate;
1743 int i;
1744
1745 /* add HT info */
1746 if (sband->ht_cap.ht_supported &&
1747 (nla_put(msg, NL80211_BAND_ATTR_HT_MCS_SET,
1748 sizeof(sband->ht_cap.mcs),
1749 &sband->ht_cap.mcs) ||
1750 nla_put_u16(msg, NL80211_BAND_ATTR_HT_CAPA,
1751 sband->ht_cap.cap) ||
1752 nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_FACTOR,
1753 sband->ht_cap.ampdu_factor) ||
1754 nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_DENSITY,
1755 sband->ht_cap.ampdu_density)))
1756 return -ENOBUFS;
1757
1758 /* add VHT info */
1759 if (sband->vht_cap.vht_supported &&
1760 (nla_put(msg, NL80211_BAND_ATTR_VHT_MCS_SET,
1761 sizeof(sband->vht_cap.vht_mcs),
1762 &sband->vht_cap.vht_mcs) ||
1763 nla_put_u32(msg, NL80211_BAND_ATTR_VHT_CAPA,
1764 sband->vht_cap.cap)))
1765 return -ENOBUFS;
1766
1767 if (large && sband->n_iftype_data) {
1768 struct nlattr *nl_iftype_data =
1769 nla_nest_start_noflag(msg,
1770 NL80211_BAND_ATTR_IFTYPE_DATA);
1771 int err;
1772
1773 if (!nl_iftype_data)
1774 return -ENOBUFS;
1775
1776 for (i = 0; i < sband->n_iftype_data; i++) {
1777 struct nlattr *iftdata;
1778
1779 iftdata = nla_nest_start_noflag(msg, i + 1);
1780 if (!iftdata)
1781 return -ENOBUFS;
1782
1783 err = nl80211_send_iftype_data(msg, sband,
1784 &sband->iftype_data[i]);
1785 if (err)
1786 return err;
1787
1788 nla_nest_end(msg, iftdata);
1789 }
1790
1791 nla_nest_end(msg, nl_iftype_data);
1792 }
1793
1794 /* add EDMG info */
1795 if (large && sband->edmg_cap.channels &&
1796 (nla_put_u8(msg, NL80211_BAND_ATTR_EDMG_CHANNELS,
1797 sband->edmg_cap.channels) ||
1798 nla_put_u8(msg, NL80211_BAND_ATTR_EDMG_BW_CONFIG,
1799 sband->edmg_cap.bw_config)))
1800
1801 return -ENOBUFS;
1802
1803 /* add bitrates */
1804 nl_rates = nla_nest_start_noflag(msg, NL80211_BAND_ATTR_RATES);
1805 if (!nl_rates)
1806 return -ENOBUFS;
1807
1808 for (i = 0; i < sband->n_bitrates; i++) {
1809 nl_rate = nla_nest_start_noflag(msg, i);
1810 if (!nl_rate)
1811 return -ENOBUFS;
1812
1813 rate = &sband->bitrates[i];
1814 if (nla_put_u32(msg, NL80211_BITRATE_ATTR_RATE,
1815 rate->bitrate))
1816 return -ENOBUFS;
1817 if ((rate->flags & IEEE80211_RATE_SHORT_PREAMBLE) &&
1818 nla_put_flag(msg,
1819 NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE))
1820 return -ENOBUFS;
1821
1822 nla_nest_end(msg, nl_rate);
1823 }
1824
1825 nla_nest_end(msg, nl_rates);
1826
1827 return 0;
1828 }
1829
1830 static int
1831 nl80211_send_mgmt_stypes(struct sk_buff *msg,
1832 const struct ieee80211_txrx_stypes *mgmt_stypes)
1833 {
1834 u16 stypes;
1835 struct nlattr *nl_ftypes, *nl_ifs;
1836 enum nl80211_iftype ift;
1837 int i;
1838
1839 if (!mgmt_stypes)
1840 return 0;
1841
1842 nl_ifs = nla_nest_start_noflag(msg, NL80211_ATTR_TX_FRAME_TYPES);
1843 if (!nl_ifs)
1844 return -ENOBUFS;
1845
1846 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
1847 nl_ftypes = nla_nest_start_noflag(msg, ift);
1848 if (!nl_ftypes)
1849 return -ENOBUFS;
1850 i = 0;
1851 stypes = mgmt_stypes[ift].tx;
1852 while (stypes) {
1853 if ((stypes & 1) &&
1854 nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
1855 (i << 4) | IEEE80211_FTYPE_MGMT))
1856 return -ENOBUFS;
1857 stypes >>= 1;
1858 i++;
1859 }
1860 nla_nest_end(msg, nl_ftypes);
1861 }
1862
1863 nla_nest_end(msg, nl_ifs);
1864
1865 nl_ifs = nla_nest_start_noflag(msg, NL80211_ATTR_RX_FRAME_TYPES);
1866 if (!nl_ifs)
1867 return -ENOBUFS;
1868
1869 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
1870 nl_ftypes = nla_nest_start_noflag(msg, ift);
1871 if (!nl_ftypes)
1872 return -ENOBUFS;
1873 i = 0;
1874 stypes = mgmt_stypes[ift].rx;
1875 while (stypes) {
1876 if ((stypes & 1) &&
1877 nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
1878 (i << 4) | IEEE80211_FTYPE_MGMT))
1879 return -ENOBUFS;
1880 stypes >>= 1;
1881 i++;
1882 }
1883 nla_nest_end(msg, nl_ftypes);
1884 }
1885 nla_nest_end(msg, nl_ifs);
1886
1887 return 0;
1888 }
1889
1890 #define CMD(op, n) \
1891 do { \
1892 if (rdev->ops->op) { \
1893 i++; \
1894 if (nla_put_u32(msg, i, NL80211_CMD_ ## n)) \
1895 goto nla_put_failure; \
1896 } \
1897 } while (0)
1898
1899 static int nl80211_add_commands_unsplit(struct cfg80211_registered_device *rdev,
1900 struct sk_buff *msg)
1901 {
1902 int i = 0;
1903
1904 /*
1905 * do *NOT* add anything into this function, new things need to be
1906 * advertised only to new versions of userspace that can deal with
1907 * the split (and they can't possibly care about new features...
1908 */
1909 CMD(add_virtual_intf, NEW_INTERFACE);
1910 CMD(change_virtual_intf, SET_INTERFACE);
1911 CMD(add_key, NEW_KEY);
1912 CMD(start_ap, START_AP);
1913 CMD(add_station, NEW_STATION);
1914 CMD(add_mpath, NEW_MPATH);
1915 CMD(update_mesh_config, SET_MESH_CONFIG);
1916 CMD(change_bss, SET_BSS);
1917 CMD(auth, AUTHENTICATE);
1918 CMD(assoc, ASSOCIATE);
1919 CMD(deauth, DEAUTHENTICATE);
1920 CMD(disassoc, DISASSOCIATE);
1921 CMD(join_ibss, JOIN_IBSS);
1922 CMD(join_mesh, JOIN_MESH);
1923 CMD(set_pmksa, SET_PMKSA);
1924 CMD(del_pmksa, DEL_PMKSA);
1925 CMD(flush_pmksa, FLUSH_PMKSA);
1926 if (rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL)
1927 CMD(remain_on_channel, REMAIN_ON_CHANNEL);
1928 CMD(set_bitrate_mask, SET_TX_BITRATE_MASK);
1929 CMD(mgmt_tx, FRAME);
1930 CMD(mgmt_tx_cancel_wait, FRAME_WAIT_CANCEL);
1931 if (rdev->wiphy.flags & WIPHY_FLAG_NETNS_OK) {
1932 i++;
1933 if (nla_put_u32(msg, i, NL80211_CMD_SET_WIPHY_NETNS))
1934 goto nla_put_failure;
1935 }
1936 if (rdev->ops->set_monitor_channel || rdev->ops->start_ap ||
1937 rdev->ops->join_mesh) {
1938 i++;
1939 if (nla_put_u32(msg, i, NL80211_CMD_SET_CHANNEL))
1940 goto nla_put_failure;
1941 }
1942 if (rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) {
1943 CMD(tdls_mgmt, TDLS_MGMT);
1944 CMD(tdls_oper, TDLS_OPER);
1945 }
1946 if (rdev->wiphy.max_sched_scan_reqs)
1947 CMD(sched_scan_start, START_SCHED_SCAN);
1948 CMD(probe_client, PROBE_CLIENT);
1949 CMD(set_noack_map, SET_NOACK_MAP);
1950 if (rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS) {
1951 i++;
1952 if (nla_put_u32(msg, i, NL80211_CMD_REGISTER_BEACONS))
1953 goto nla_put_failure;
1954 }
1955 CMD(start_p2p_device, START_P2P_DEVICE);
1956 CMD(set_mcast_rate, SET_MCAST_RATE);
1957 #ifdef CONFIG_NL80211_TESTMODE
1958 CMD(testmode_cmd, TESTMODE);
1959 #endif
1960
1961 if (rdev->ops->connect || rdev->ops->auth) {
1962 i++;
1963 if (nla_put_u32(msg, i, NL80211_CMD_CONNECT))
1964 goto nla_put_failure;
1965 }
1966
1967 if (rdev->ops->disconnect || rdev->ops->deauth) {
1968 i++;
1969 if (nla_put_u32(msg, i, NL80211_CMD_DISCONNECT))
1970 goto nla_put_failure;
1971 }
1972
1973 return i;
1974 nla_put_failure:
1975 return -ENOBUFS;
1976 }
1977
1978 static int
1979 nl80211_send_pmsr_ftm_capa(const struct cfg80211_pmsr_capabilities *cap,
1980 struct sk_buff *msg)
1981 {
1982 struct nlattr *ftm;
1983
1984 if (!cap->ftm.supported)
1985 return 0;
1986
1987 ftm = nla_nest_start_noflag(msg, NL80211_PMSR_TYPE_FTM);
1988 if (!ftm)
1989 return -ENOBUFS;
1990
1991 if (cap->ftm.asap && nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_ASAP))
1992 return -ENOBUFS;
1993 if (cap->ftm.non_asap &&
1994 nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_NON_ASAP))
1995 return -ENOBUFS;
1996 if (cap->ftm.request_lci &&
1997 nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_REQ_LCI))
1998 return -ENOBUFS;
1999 if (cap->ftm.request_civicloc &&
2000 nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_REQ_CIVICLOC))
2001 return -ENOBUFS;
2002 if (nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_PREAMBLES,
2003 cap->ftm.preambles))
2004 return -ENOBUFS;
2005 if (nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_BANDWIDTHS,
2006 cap->ftm.bandwidths))
2007 return -ENOBUFS;
2008 if (cap->ftm.max_bursts_exponent >= 0 &&
2009 nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_MAX_BURSTS_EXPONENT,
2010 cap->ftm.max_bursts_exponent))
2011 return -ENOBUFS;
2012 if (cap->ftm.max_ftms_per_burst &&
2013 nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_MAX_FTMS_PER_BURST,
2014 cap->ftm.max_ftms_per_burst))
2015 return -ENOBUFS;
2016 if (cap->ftm.trigger_based &&
2017 nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_TRIGGER_BASED))
2018 return -ENOBUFS;
2019 if (cap->ftm.non_trigger_based &&
2020 nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_NON_TRIGGER_BASED))
2021 return -ENOBUFS;
2022
2023 nla_nest_end(msg, ftm);
2024 return 0;
2025 }
2026
2027 static int nl80211_send_pmsr_capa(struct cfg80211_registered_device *rdev,
2028 struct sk_buff *msg)
2029 {
2030 const struct cfg80211_pmsr_capabilities *cap = rdev->wiphy.pmsr_capa;
2031 struct nlattr *pmsr, *caps;
2032
2033 if (!cap)
2034 return 0;
2035
2036 /*
2037 * we don't need to clean up anything here since the caller
2038 * will genlmsg_cancel() if we fail
2039 */
2040
2041 pmsr = nla_nest_start_noflag(msg, NL80211_ATTR_PEER_MEASUREMENTS);
2042 if (!pmsr)
2043 return -ENOBUFS;
2044
2045 if (nla_put_u32(msg, NL80211_PMSR_ATTR_MAX_PEERS, cap->max_peers))
2046 return -ENOBUFS;
2047
2048 if (cap->report_ap_tsf &&
2049 nla_put_flag(msg, NL80211_PMSR_ATTR_REPORT_AP_TSF))
2050 return -ENOBUFS;
2051
2052 if (cap->randomize_mac_addr &&
2053 nla_put_flag(msg, NL80211_PMSR_ATTR_RANDOMIZE_MAC_ADDR))
2054 return -ENOBUFS;
2055
2056 caps = nla_nest_start_noflag(msg, NL80211_PMSR_ATTR_TYPE_CAPA);
2057 if (!caps)
2058 return -ENOBUFS;
2059
2060 if (nl80211_send_pmsr_ftm_capa(cap, msg))
2061 return -ENOBUFS;
2062
2063 nla_nest_end(msg, caps);
2064 nla_nest_end(msg, pmsr);
2065
2066 return 0;
2067 }
2068
2069 static int
2070 nl80211_put_iftype_akm_suites(struct cfg80211_registered_device *rdev,
2071 struct sk_buff *msg)
2072 {
2073 int i;
2074 struct nlattr *nested, *nested_akms;
2075 const struct wiphy_iftype_akm_suites *iftype_akms;
2076
2077 if (!rdev->wiphy.num_iftype_akm_suites ||
2078 !rdev->wiphy.iftype_akm_suites)
2079 return 0;
2080
2081 nested = nla_nest_start(msg, NL80211_ATTR_IFTYPE_AKM_SUITES);
2082 if (!nested)
2083 return -ENOBUFS;
2084
2085 for (i = 0; i < rdev->wiphy.num_iftype_akm_suites; i++) {
2086 nested_akms = nla_nest_start(msg, i + 1);
2087 if (!nested_akms)
2088 return -ENOBUFS;
2089
2090 iftype_akms = &rdev->wiphy.iftype_akm_suites[i];
2091
2092 if (nl80211_put_iftypes(msg, NL80211_IFTYPE_AKM_ATTR_IFTYPES,
2093 iftype_akms->iftypes_mask))
2094 return -ENOBUFS;
2095
2096 if (nla_put(msg, NL80211_IFTYPE_AKM_ATTR_SUITES,
2097 sizeof(u32) * iftype_akms->n_akm_suites,
2098 iftype_akms->akm_suites)) {
2099 return -ENOBUFS;
2100 }
2101 nla_nest_end(msg, nested_akms);
2102 }
2103
2104 nla_nest_end(msg, nested);
2105
2106 return 0;
2107 }
2108
2109 static int
2110 nl80211_put_tid_config_support(struct cfg80211_registered_device *rdev,
2111 struct sk_buff *msg)
2112 {
2113 struct nlattr *supp;
2114
2115 if (!rdev->wiphy.tid_config_support.vif &&
2116 !rdev->wiphy.tid_config_support.peer)
2117 return 0;
2118
2119 supp = nla_nest_start(msg, NL80211_ATTR_TID_CONFIG);
2120 if (!supp)
2121 return -ENOSPC;
2122
2123 if (rdev->wiphy.tid_config_support.vif &&
2124 nla_put_u64_64bit(msg, NL80211_TID_CONFIG_ATTR_VIF_SUPP,
2125 rdev->wiphy.tid_config_support.vif,
2126 NL80211_TID_CONFIG_ATTR_PAD))
2127 goto fail;
2128
2129 if (rdev->wiphy.tid_config_support.peer &&
2130 nla_put_u64_64bit(msg, NL80211_TID_CONFIG_ATTR_PEER_SUPP,
2131 rdev->wiphy.tid_config_support.peer,
2132 NL80211_TID_CONFIG_ATTR_PAD))
2133 goto fail;
2134
2135 /* for now we just use the same value ... makes more sense */
2136 if (nla_put_u8(msg, NL80211_TID_CONFIG_ATTR_RETRY_SHORT,
2137 rdev->wiphy.tid_config_support.max_retry))
2138 goto fail;
2139 if (nla_put_u8(msg, NL80211_TID_CONFIG_ATTR_RETRY_LONG,
2140 rdev->wiphy.tid_config_support.max_retry))
2141 goto fail;
2142
2143 nla_nest_end(msg, supp);
2144
2145 return 0;
2146 fail:
2147 nla_nest_cancel(msg, supp);
2148 return -ENOBUFS;
2149 }
2150
2151 static int
2152 nl80211_put_sar_specs(struct cfg80211_registered_device *rdev,
2153 struct sk_buff *msg)
2154 {
2155 struct nlattr *sar_capa, *specs, *sub_freq_range;
2156 u8 num_freq_ranges;
2157 int i;
2158
2159 if (!rdev->wiphy.sar_capa)
2160 return 0;
2161
2162 num_freq_ranges = rdev->wiphy.sar_capa->num_freq_ranges;
2163
2164 sar_capa = nla_nest_start(msg, NL80211_ATTR_SAR_SPEC);
2165 if (!sar_capa)
2166 return -ENOSPC;
2167
2168 if (nla_put_u32(msg, NL80211_SAR_ATTR_TYPE, rdev->wiphy.sar_capa->type))
2169 goto fail;
2170
2171 specs = nla_nest_start(msg, NL80211_SAR_ATTR_SPECS);
2172 if (!specs)
2173 goto fail;
2174
2175 /* report supported freq_ranges */
2176 for (i = 0; i < num_freq_ranges; i++) {
2177 sub_freq_range = nla_nest_start(msg, i + 1);
2178 if (!sub_freq_range)
2179 goto fail;
2180
2181 if (nla_put_u32(msg, NL80211_SAR_ATTR_SPECS_START_FREQ,
2182 rdev->wiphy.sar_capa->freq_ranges[i].start_freq))
2183 goto fail;
2184
2185 if (nla_put_u32(msg, NL80211_SAR_ATTR_SPECS_END_FREQ,
2186 rdev->wiphy.sar_capa->freq_ranges[i].end_freq))
2187 goto fail;
2188
2189 nla_nest_end(msg, sub_freq_range);
2190 }
2191
2192 nla_nest_end(msg, specs);
2193 nla_nest_end(msg, sar_capa);
2194
2195 return 0;
2196 fail:
2197 nla_nest_cancel(msg, sar_capa);
2198 return -ENOBUFS;
2199 }
2200
2201 struct nl80211_dump_wiphy_state {
2202 s64 filter_wiphy;
2203 long start;
2204 long split_start, band_start, chan_start, capa_start;
2205 bool split;
2206 };
2207
2208 static int nl80211_send_wiphy(struct cfg80211_registered_device *rdev,
2209 enum nl80211_commands cmd,
2210 struct sk_buff *msg, u32 portid, u32 seq,
2211 int flags, struct nl80211_dump_wiphy_state *state)
2212 {
2213 void *hdr;
2214 struct nlattr *nl_bands, *nl_band;
2215 struct nlattr *nl_freqs, *nl_freq;
2216 struct nlattr *nl_cmds;
2217 enum nl80211_band band;
2218 struct ieee80211_channel *chan;
2219 int i;
2220 const struct ieee80211_txrx_stypes *mgmt_stypes =
2221 rdev->wiphy.mgmt_stypes;
2222 u32 features;
2223
2224 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
2225 if (!hdr)
2226 return -ENOBUFS;
2227
2228 if (WARN_ON(!state))
2229 return -EINVAL;
2230
2231 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
2232 nla_put_string(msg, NL80211_ATTR_WIPHY_NAME,
2233 wiphy_name(&rdev->wiphy)) ||
2234 nla_put_u32(msg, NL80211_ATTR_GENERATION,
2235 cfg80211_rdev_list_generation))
2236 goto nla_put_failure;
2237
2238 if (cmd != NL80211_CMD_NEW_WIPHY)
2239 goto finish;
2240
2241 switch (state->split_start) {
2242 case 0:
2243 if (nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_SHORT,
2244 rdev->wiphy.retry_short) ||
2245 nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_LONG,
2246 rdev->wiphy.retry_long) ||
2247 nla_put_u32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD,
2248 rdev->wiphy.frag_threshold) ||
2249 nla_put_u32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD,
2250 rdev->wiphy.rts_threshold) ||
2251 nla_put_u8(msg, NL80211_ATTR_WIPHY_COVERAGE_CLASS,
2252 rdev->wiphy.coverage_class) ||
2253 nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCAN_SSIDS,
2254 rdev->wiphy.max_scan_ssids) ||
2255 nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS,
2256 rdev->wiphy.max_sched_scan_ssids) ||
2257 nla_put_u16(msg, NL80211_ATTR_MAX_SCAN_IE_LEN,
2258 rdev->wiphy.max_scan_ie_len) ||
2259 nla_put_u16(msg, NL80211_ATTR_MAX_SCHED_SCAN_IE_LEN,
2260 rdev->wiphy.max_sched_scan_ie_len) ||
2261 nla_put_u8(msg, NL80211_ATTR_MAX_MATCH_SETS,
2262 rdev->wiphy.max_match_sets))
2263 goto nla_put_failure;
2264
2265 if ((rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN) &&
2266 nla_put_flag(msg, NL80211_ATTR_SUPPORT_IBSS_RSN))
2267 goto nla_put_failure;
2268 if ((rdev->wiphy.flags & WIPHY_FLAG_MESH_AUTH) &&
2269 nla_put_flag(msg, NL80211_ATTR_SUPPORT_MESH_AUTH))
2270 goto nla_put_failure;
2271 if ((rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) &&
2272 nla_put_flag(msg, NL80211_ATTR_SUPPORT_AP_UAPSD))
2273 goto nla_put_failure;
2274 if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_FW_ROAM) &&
2275 nla_put_flag(msg, NL80211_ATTR_ROAM_SUPPORT))
2276 goto nla_put_failure;
2277 if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) &&
2278 nla_put_flag(msg, NL80211_ATTR_TDLS_SUPPORT))
2279 goto nla_put_failure;
2280 if ((rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP) &&
2281 nla_put_flag(msg, NL80211_ATTR_TDLS_EXTERNAL_SETUP))
2282 goto nla_put_failure;
2283 state->split_start++;
2284 if (state->split)
2285 break;
2286 fallthrough;
2287 case 1:
2288 if (nla_put(msg, NL80211_ATTR_CIPHER_SUITES,
2289 sizeof(u32) * rdev->wiphy.n_cipher_suites,
2290 rdev->wiphy.cipher_suites))
2291 goto nla_put_failure;
2292
2293 if (nla_put_u8(msg, NL80211_ATTR_MAX_NUM_PMKIDS,
2294 rdev->wiphy.max_num_pmkids))
2295 goto nla_put_failure;
2296
2297 if ((rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
2298 nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE))
2299 goto nla_put_failure;
2300
2301 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_TX,
2302 rdev->wiphy.available_antennas_tx) ||
2303 nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_RX,
2304 rdev->wiphy.available_antennas_rx))
2305 goto nla_put_failure;
2306
2307 if ((rdev->wiphy.flags & WIPHY_FLAG_AP_PROBE_RESP_OFFLOAD) &&
2308 nla_put_u32(msg, NL80211_ATTR_PROBE_RESP_OFFLOAD,
2309 rdev->wiphy.probe_resp_offload))
2310 goto nla_put_failure;
2311
2312 if ((rdev->wiphy.available_antennas_tx ||
2313 rdev->wiphy.available_antennas_rx) &&
2314 rdev->ops->get_antenna) {
2315 u32 tx_ant = 0, rx_ant = 0;
2316 int res;
2317
2318 res = rdev_get_antenna(rdev, &tx_ant, &rx_ant);
2319 if (!res) {
2320 if (nla_put_u32(msg,
2321 NL80211_ATTR_WIPHY_ANTENNA_TX,
2322 tx_ant) ||
2323 nla_put_u32(msg,
2324 NL80211_ATTR_WIPHY_ANTENNA_RX,
2325 rx_ant))
2326 goto nla_put_failure;
2327 }
2328 }
2329
2330 state->split_start++;
2331 if (state->split)
2332 break;
2333 fallthrough;
2334 case 2:
2335 if (nl80211_put_iftypes(msg, NL80211_ATTR_SUPPORTED_IFTYPES,
2336 rdev->wiphy.interface_modes))
2337 goto nla_put_failure;
2338 state->split_start++;
2339 if (state->split)
2340 break;
2341 fallthrough;
2342 case 3:
2343 nl_bands = nla_nest_start_noflag(msg,
2344 NL80211_ATTR_WIPHY_BANDS);
2345 if (!nl_bands)
2346 goto nla_put_failure;
2347
2348 for (band = state->band_start;
2349 band < NUM_NL80211_BANDS; band++) {
2350 struct ieee80211_supported_band *sband;
2351
2352 /* omit higher bands for ancient software */
2353 if (band > NL80211_BAND_5GHZ && !state->split)
2354 break;
2355
2356 sband = rdev->wiphy.bands[band];
2357
2358 if (!sband)
2359 continue;
2360
2361 nl_band = nla_nest_start_noflag(msg, band);
2362 if (!nl_band)
2363 goto nla_put_failure;
2364
2365 switch (state->chan_start) {
2366 case 0:
2367 if (nl80211_send_band_rateinfo(msg, sband,
2368 state->split))
2369 goto nla_put_failure;
2370 state->chan_start++;
2371 if (state->split)
2372 break;
2373 fallthrough;
2374 default:
2375 /* add frequencies */
2376 nl_freqs = nla_nest_start_noflag(msg,
2377 NL80211_BAND_ATTR_FREQS);
2378 if (!nl_freqs)
2379 goto nla_put_failure;
2380
2381 for (i = state->chan_start - 1;
2382 i < sband->n_channels;
2383 i++) {
2384 nl_freq = nla_nest_start_noflag(msg,
2385 i);
2386 if (!nl_freq)
2387 goto nla_put_failure;
2388
2389 chan = &sband->channels[i];
2390
2391 if (nl80211_msg_put_channel(
2392 msg, &rdev->wiphy, chan,
2393 state->split))
2394 goto nla_put_failure;
2395
2396 nla_nest_end(msg, nl_freq);
2397 if (state->split)
2398 break;
2399 }
2400 if (i < sband->n_channels)
2401 state->chan_start = i + 2;
2402 else
2403 state->chan_start = 0;
2404 nla_nest_end(msg, nl_freqs);
2405 }
2406
2407 nla_nest_end(msg, nl_band);
2408
2409 if (state->split) {
2410 /* start again here */
2411 if (state->chan_start)
2412 band--;
2413 break;
2414 }
2415 }
2416 nla_nest_end(msg, nl_bands);
2417
2418 if (band < NUM_NL80211_BANDS)
2419 state->band_start = band + 1;
2420 else
2421 state->band_start = 0;
2422
2423 /* if bands & channels are done, continue outside */
2424 if (state->band_start == 0 && state->chan_start == 0)
2425 state->split_start++;
2426 if (state->split)
2427 break;
2428 fallthrough;
2429 case 4:
2430 nl_cmds = nla_nest_start_noflag(msg,
2431 NL80211_ATTR_SUPPORTED_COMMANDS);
2432 if (!nl_cmds)
2433 goto nla_put_failure;
2434
2435 i = nl80211_add_commands_unsplit(rdev, msg);
2436 if (i < 0)
2437 goto nla_put_failure;
2438 if (state->split) {
2439 CMD(crit_proto_start, CRIT_PROTOCOL_START);
2440 CMD(crit_proto_stop, CRIT_PROTOCOL_STOP);
2441 if (rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH)
2442 CMD(channel_switch, CHANNEL_SWITCH);
2443 CMD(set_qos_map, SET_QOS_MAP);
2444 if (rdev->wiphy.features &
2445 NL80211_FEATURE_SUPPORTS_WMM_ADMISSION)
2446 CMD(add_tx_ts, ADD_TX_TS);
2447 CMD(set_multicast_to_unicast, SET_MULTICAST_TO_UNICAST);
2448 CMD(update_connect_params, UPDATE_CONNECT_PARAMS);
2449 CMD(update_ft_ies, UPDATE_FT_IES);
2450 if (rdev->wiphy.sar_capa)
2451 CMD(set_sar_specs, SET_SAR_SPECS);
2452 }
2453 #undef CMD
2454
2455 nla_nest_end(msg, nl_cmds);
2456 state->split_start++;
2457 if (state->split)
2458 break;
2459 fallthrough;
2460 case 5:
2461 if (rdev->ops->remain_on_channel &&
2462 (rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL) &&
2463 nla_put_u32(msg,
2464 NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION,
2465 rdev->wiphy.max_remain_on_channel_duration))
2466 goto nla_put_failure;
2467
2468 if ((rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX) &&
2469 nla_put_flag(msg, NL80211_ATTR_OFFCHANNEL_TX_OK))
2470 goto nla_put_failure;
2471
2472 state->split_start++;
2473 if (state->split)
2474 break;
2475 fallthrough;
2476 case 6:
2477 #ifdef CONFIG_PM
2478 if (nl80211_send_wowlan(msg, rdev, state->split))
2479 goto nla_put_failure;
2480 state->split_start++;
2481 if (state->split)
2482 break;
2483 #else
2484 state->split_start++;
2485 #endif
2486 fallthrough;
2487 case 7:
2488 if (nl80211_put_iftypes(msg, NL80211_ATTR_SOFTWARE_IFTYPES,
2489 rdev->wiphy.software_iftypes))
2490 goto nla_put_failure;
2491
2492 if (nl80211_put_iface_combinations(&rdev->wiphy, msg,
2493 state->split))
2494 goto nla_put_failure;
2495
2496 state->split_start++;
2497 if (state->split)
2498 break;
2499 fallthrough;
2500 case 8:
2501 if ((rdev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME) &&
2502 nla_put_u32(msg, NL80211_ATTR_DEVICE_AP_SME,
2503 rdev->wiphy.ap_sme_capa))
2504 goto nla_put_failure;
2505
2506 features = rdev->wiphy.features;
2507 /*
2508 * We can only add the per-channel limit information if the
2509 * dump is split, otherwise it makes it too big. Therefore
2510 * only advertise it in that case.
2511 */
2512 if (state->split)
2513 features |= NL80211_FEATURE_ADVERTISE_CHAN_LIMITS;
2514 if (nla_put_u32(msg, NL80211_ATTR_FEATURE_FLAGS, features))
2515 goto nla_put_failure;
2516
2517 if (rdev->wiphy.ht_capa_mod_mask &&
2518 nla_put(msg, NL80211_ATTR_HT_CAPABILITY_MASK,
2519 sizeof(*rdev->wiphy.ht_capa_mod_mask),
2520 rdev->wiphy.ht_capa_mod_mask))
2521 goto nla_put_failure;
2522
2523 if (rdev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME &&
2524 rdev->wiphy.max_acl_mac_addrs &&
2525 nla_put_u32(msg, NL80211_ATTR_MAC_ACL_MAX,
2526 rdev->wiphy.max_acl_mac_addrs))
2527 goto nla_put_failure;
2528
2529 /*
2530 * Any information below this point is only available to
2531 * applications that can deal with it being split. This
2532 * helps ensure that newly added capabilities don't break
2533 * older tools by overrunning their buffers.
2534 *
2535 * We still increment split_start so that in the split
2536 * case we'll continue with more data in the next round,
2537 * but break unconditionally so unsplit data stops here.
2538 */
2539 if (state->split)
2540 state->split_start++;
2541 else
2542 state->split_start = 0;
2543 break;
2544 case 9:
2545 if (nl80211_send_mgmt_stypes(msg, mgmt_stypes))
2546 goto nla_put_failure;
2547
2548 if (nla_put_u32(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_PLANS,
2549 rdev->wiphy.max_sched_scan_plans) ||
2550 nla_put_u32(msg, NL80211_ATTR_MAX_SCAN_PLAN_INTERVAL,
2551 rdev->wiphy.max_sched_scan_plan_interval) ||
2552 nla_put_u32(msg, NL80211_ATTR_MAX_SCAN_PLAN_ITERATIONS,
2553 rdev->wiphy.max_sched_scan_plan_iterations))
2554 goto nla_put_failure;
2555
2556 if (rdev->wiphy.extended_capabilities &&
2557 (nla_put(msg, NL80211_ATTR_EXT_CAPA,
2558 rdev->wiphy.extended_capabilities_len,
2559 rdev->wiphy.extended_capabilities) ||
2560 nla_put(msg, NL80211_ATTR_EXT_CAPA_MASK,
2561 rdev->wiphy.extended_capabilities_len,
2562 rdev->wiphy.extended_capabilities_mask)))
2563 goto nla_put_failure;
2564
2565 if (rdev->wiphy.vht_capa_mod_mask &&
2566 nla_put(msg, NL80211_ATTR_VHT_CAPABILITY_MASK,
2567 sizeof(*rdev->wiphy.vht_capa_mod_mask),
2568 rdev->wiphy.vht_capa_mod_mask))
2569 goto nla_put_failure;
2570
2571 if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN,
2572 rdev->wiphy.perm_addr))
2573 goto nla_put_failure;
2574
2575 if (!is_zero_ether_addr(rdev->wiphy.addr_mask) &&
2576 nla_put(msg, NL80211_ATTR_MAC_MASK, ETH_ALEN,
2577 rdev->wiphy.addr_mask))
2578 goto nla_put_failure;
2579
2580 if (rdev->wiphy.n_addresses > 1) {
2581 void *attr;
2582
2583 attr = nla_nest_start(msg, NL80211_ATTR_MAC_ADDRS);
2584 if (!attr)
2585 goto nla_put_failure;
2586
2587 for (i = 0; i < rdev->wiphy.n_addresses; i++)
2588 if (nla_put(msg, i + 1, ETH_ALEN,
2589 rdev->wiphy.addresses[i].addr))
2590 goto nla_put_failure;
2591
2592 nla_nest_end(msg, attr);
2593 }
2594
2595 state->split_start++;
2596 break;
2597 case 10:
2598 if (nl80211_send_coalesce(msg, rdev))
2599 goto nla_put_failure;
2600
2601 if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ) &&
2602 (nla_put_flag(msg, NL80211_ATTR_SUPPORT_5_MHZ) ||
2603 nla_put_flag(msg, NL80211_ATTR_SUPPORT_10_MHZ)))
2604 goto nla_put_failure;
2605
2606 if (rdev->wiphy.max_ap_assoc_sta &&
2607 nla_put_u32(msg, NL80211_ATTR_MAX_AP_ASSOC_STA,
2608 rdev->wiphy.max_ap_assoc_sta))
2609 goto nla_put_failure;
2610
2611 state->split_start++;
2612 break;
2613 case 11:
2614 if (rdev->wiphy.n_vendor_commands) {
2615 const struct nl80211_vendor_cmd_info *info;
2616 struct nlattr *nested;
2617
2618 nested = nla_nest_start_noflag(msg,
2619 NL80211_ATTR_VENDOR_DATA);
2620 if (!nested)
2621 goto nla_put_failure;
2622
2623 for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) {
2624 info = &rdev->wiphy.vendor_commands[i].info;
2625 if (nla_put(msg, i + 1, sizeof(*info), info))
2626 goto nla_put_failure;
2627 }
2628 nla_nest_end(msg, nested);
2629 }
2630
2631 if (rdev->wiphy.n_vendor_events) {
2632 const struct nl80211_vendor_cmd_info *info;
2633 struct nlattr *nested;
2634
2635 nested = nla_nest_start_noflag(msg,
2636 NL80211_ATTR_VENDOR_EVENTS);
2637 if (!nested)
2638 goto nla_put_failure;
2639
2640 for (i = 0; i < rdev->wiphy.n_vendor_events; i++) {
2641 info = &rdev->wiphy.vendor_events[i];
2642 if (nla_put(msg, i + 1, sizeof(*info), info))
2643 goto nla_put_failure;
2644 }
2645 nla_nest_end(msg, nested);
2646 }
2647 state->split_start++;
2648 break;
2649 case 12:
2650 if (rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH &&
2651 nla_put_u8(msg, NL80211_ATTR_MAX_CSA_COUNTERS,
2652 rdev->wiphy.max_num_csa_counters))
2653 goto nla_put_failure;
2654
2655 if (rdev->wiphy.regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
2656 nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
2657 goto nla_put_failure;
2658
2659 if (rdev->wiphy.max_sched_scan_reqs &&
2660 nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_MAX_REQS,
2661 rdev->wiphy.max_sched_scan_reqs))
2662 goto nla_put_failure;
2663
2664 if (nla_put(msg, NL80211_ATTR_EXT_FEATURES,
2665 sizeof(rdev->wiphy.ext_features),
2666 rdev->wiphy.ext_features))
2667 goto nla_put_failure;
2668
2669 if (rdev->wiphy.bss_select_support) {
2670 struct nlattr *nested;
2671 u32 bss_select_support = rdev->wiphy.bss_select_support;
2672
2673 nested = nla_nest_start_noflag(msg,
2674 NL80211_ATTR_BSS_SELECT);
2675 if (!nested)
2676 goto nla_put_failure;
2677
2678 i = 0;
2679 while (bss_select_support) {
2680 if ((bss_select_support & 1) &&
2681 nla_put_flag(msg, i))
2682 goto nla_put_failure;
2683 i++;
2684 bss_select_support >>= 1;
2685 }
2686 nla_nest_end(msg, nested);
2687 }
2688
2689 state->split_start++;
2690 break;
2691 case 13:
2692 if (rdev->wiphy.num_iftype_ext_capab &&
2693 rdev->wiphy.iftype_ext_capab) {
2694 struct nlattr *nested_ext_capab, *nested;
2695
2696 nested = nla_nest_start_noflag(msg,
2697 NL80211_ATTR_IFTYPE_EXT_CAPA);
2698 if (!nested)
2699 goto nla_put_failure;
2700
2701 for (i = state->capa_start;
2702 i < rdev->wiphy.num_iftype_ext_capab; i++) {
2703 const struct wiphy_iftype_ext_capab *capab;
2704
2705 capab = &rdev->wiphy.iftype_ext_capab[i];
2706
2707 nested_ext_capab = nla_nest_start_noflag(msg,
2708 i);
2709 if (!nested_ext_capab ||
2710 nla_put_u32(msg, NL80211_ATTR_IFTYPE,
2711 capab->iftype) ||
2712 nla_put(msg, NL80211_ATTR_EXT_CAPA,
2713 capab->extended_capabilities_len,
2714 capab->extended_capabilities) ||
2715 nla_put(msg, NL80211_ATTR_EXT_CAPA_MASK,
2716 capab->extended_capabilities_len,
2717 capab->extended_capabilities_mask))
2718 goto nla_put_failure;
2719
2720 nla_nest_end(msg, nested_ext_capab);
2721 if (state->split)
2722 break;
2723 }
2724 nla_nest_end(msg, nested);
2725 if (i < rdev->wiphy.num_iftype_ext_capab) {
2726 state->capa_start = i + 1;
2727 break;
2728 }
2729 }
2730
2731 if (nla_put_u32(msg, NL80211_ATTR_BANDS,
2732 rdev->wiphy.nan_supported_bands))
2733 goto nla_put_failure;
2734
2735 if (wiphy_ext_feature_isset(&rdev->wiphy,
2736 NL80211_EXT_FEATURE_TXQS)) {
2737 struct cfg80211_txq_stats txqstats = {};
2738 int res;
2739
2740 res = rdev_get_txq_stats(rdev, NULL, &txqstats);
2741 if (!res &&
2742 !nl80211_put_txq_stats(msg, &txqstats,
2743 NL80211_ATTR_TXQ_STATS))
2744 goto nla_put_failure;
2745
2746 if (nla_put_u32(msg, NL80211_ATTR_TXQ_LIMIT,
2747 rdev->wiphy.txq_limit))
2748 goto nla_put_failure;
2749 if (nla_put_u32(msg, NL80211_ATTR_TXQ_MEMORY_LIMIT,
2750 rdev->wiphy.txq_memory_limit))
2751 goto nla_put_failure;
2752 if (nla_put_u32(msg, NL80211_ATTR_TXQ_QUANTUM,
2753 rdev->wiphy.txq_quantum))
2754 goto nla_put_failure;
2755 }
2756
2757 state->split_start++;
2758 break;
2759 case 14:
2760 if (nl80211_send_pmsr_capa(rdev, msg))
2761 goto nla_put_failure;
2762
2763 state->split_start++;
2764 break;
2765 case 15:
2766 if (rdev->wiphy.akm_suites &&
2767 nla_put(msg, NL80211_ATTR_AKM_SUITES,
2768 sizeof(u32) * rdev->wiphy.n_akm_suites,
2769 rdev->wiphy.akm_suites))
2770 goto nla_put_failure;
2771
2772 if (nl80211_put_iftype_akm_suites(rdev, msg))
2773 goto nla_put_failure;
2774
2775 if (nl80211_put_tid_config_support(rdev, msg))
2776 goto nla_put_failure;
2777 state->split_start++;
2778 break;
2779 case 16:
2780 if (nl80211_put_sar_specs(rdev, msg))
2781 goto nla_put_failure;
2782
2783 /* done */
2784 state->split_start = 0;
2785 break;
2786 }
2787 finish:
2788 genlmsg_end(msg, hdr);
2789 return 0;
2790
2791 nla_put_failure:
2792 genlmsg_cancel(msg, hdr);
2793 return -EMSGSIZE;
2794 }
2795
2796 static int nl80211_dump_wiphy_parse(struct sk_buff *skb,
2797 struct netlink_callback *cb,
2798 struct nl80211_dump_wiphy_state *state)
2799 {
2800 struct nlattr **tb = kcalloc(NUM_NL80211_ATTR, sizeof(*tb), GFP_KERNEL);
2801 int ret;
2802
2803 if (!tb)
2804 return -ENOMEM;
2805
2806 ret = nlmsg_parse_deprecated(cb->nlh,
2807 GENL_HDRLEN + nl80211_fam.hdrsize,
2808 tb, nl80211_fam.maxattr,
2809 nl80211_policy, NULL);
2810 /* ignore parse errors for backward compatibility */
2811 if (ret) {
2812 ret = 0;
2813 goto out;
2814 }
2815
2816 state->split = tb[NL80211_ATTR_SPLIT_WIPHY_DUMP];
2817 if (tb[NL80211_ATTR_WIPHY])
2818 state->filter_wiphy = nla_get_u32(tb[NL80211_ATTR_WIPHY]);
2819 if (tb[NL80211_ATTR_WDEV])
2820 state->filter_wiphy = nla_get_u64(tb[NL80211_ATTR_WDEV]) >> 32;
2821 if (tb[NL80211_ATTR_IFINDEX]) {
2822 struct net_device *netdev;
2823 struct cfg80211_registered_device *rdev;
2824 int ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]);
2825
2826 netdev = __dev_get_by_index(sock_net(skb->sk), ifidx);
2827 if (!netdev) {
2828 ret = -ENODEV;
2829 goto out;
2830 }
2831 if (netdev->ieee80211_ptr) {
2832 rdev = wiphy_to_rdev(
2833 netdev->ieee80211_ptr->wiphy);
2834 state->filter_wiphy = rdev->wiphy_idx;
2835 }
2836 }
2837
2838 ret = 0;
2839 out:
2840 kfree(tb);
2841 return ret;
2842 }
2843
2844 static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb)
2845 {
2846 int idx = 0, ret;
2847 struct nl80211_dump_wiphy_state *state = (void *)cb->args[0];
2848 struct cfg80211_registered_device *rdev;
2849
2850 rtnl_lock();
2851 if (!state) {
2852 state = kzalloc(sizeof(*state), GFP_KERNEL);
2853 if (!state) {
2854 rtnl_unlock();
2855 return -ENOMEM;
2856 }
2857 state->filter_wiphy = -1;
2858 ret = nl80211_dump_wiphy_parse(skb, cb, state);
2859 if (ret) {
2860 kfree(state);
2861 rtnl_unlock();
2862 return ret;
2863 }
2864 cb->args[0] = (long)state;
2865 }
2866
2867 list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
2868 if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
2869 continue;
2870 if (++idx <= state->start)
2871 continue;
2872 if (state->filter_wiphy != -1 &&
2873 state->filter_wiphy != rdev->wiphy_idx)
2874 continue;
2875 /* attempt to fit multiple wiphy data chunks into the skb */
2876 do {
2877 ret = nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY,
2878 skb,
2879 NETLINK_CB(cb->skb).portid,
2880 cb->nlh->nlmsg_seq,
2881 NLM_F_MULTI, state);
2882 if (ret < 0) {
2883 /*
2884 * If sending the wiphy data didn't fit (ENOBUFS
2885 * or EMSGSIZE returned), this SKB is still
2886 * empty (so it's not too big because another
2887 * wiphy dataset is already in the skb) and
2888 * we've not tried to adjust the dump allocation
2889 * yet ... then adjust the alloc size to be
2890 * bigger, and return 1 but with the empty skb.
2891 * This results in an empty message being RX'ed
2892 * in userspace, but that is ignored.
2893 *
2894 * We can then retry with the larger buffer.
2895 */
2896 if ((ret == -ENOBUFS || ret == -EMSGSIZE) &&
2897 !skb->len && !state->split &&
2898 cb->min_dump_alloc < 4096) {
2899 cb->min_dump_alloc = 4096;
2900 state->split_start = 0;
2901 rtnl_unlock();
2902 return 1;
2903 }
2904 idx--;
2905 break;
2906 }
2907 } while (state->split_start > 0);
2908 break;
2909 }
2910 rtnl_unlock();
2911
2912 state->start = idx;
2913
2914 return skb->len;
2915 }
2916
2917 static int nl80211_dump_wiphy_done(struct netlink_callback *cb)
2918 {
2919 kfree((void *)cb->args[0]);
2920 return 0;
2921 }
2922
2923 static int nl80211_get_wiphy(struct sk_buff *skb, struct genl_info *info)
2924 {
2925 struct sk_buff *msg;
2926 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2927 struct nl80211_dump_wiphy_state state = {};
2928
2929 msg = nlmsg_new(4096, GFP_KERNEL);
2930 if (!msg)
2931 return -ENOMEM;
2932
2933 if (nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY, msg,
2934 info->snd_portid, info->snd_seq, 0,
2935 &state) < 0) {
2936 nlmsg_free(msg);
2937 return -ENOBUFS;
2938 }
2939
2940 return genlmsg_reply(msg, info);
2941 }
2942
2943 static const struct nla_policy txq_params_policy[NL80211_TXQ_ATTR_MAX + 1] = {
2944 [NL80211_TXQ_ATTR_QUEUE] = { .type = NLA_U8 },
2945 [NL80211_TXQ_ATTR_TXOP] = { .type = NLA_U16 },
2946 [NL80211_TXQ_ATTR_CWMIN] = { .type = NLA_U16 },
2947 [NL80211_TXQ_ATTR_CWMAX] = { .type = NLA_U16 },
2948 [NL80211_TXQ_ATTR_AIFS] = { .type = NLA_U8 },
2949 };
2950
2951 static int parse_txq_params(struct nlattr *tb[],
2952 struct ieee80211_txq_params *txq_params)
2953 {
2954 u8 ac;
2955
2956 if (!tb[NL80211_TXQ_ATTR_AC] || !tb[NL80211_TXQ_ATTR_TXOP] ||
2957 !tb[NL80211_TXQ_ATTR_CWMIN] || !tb[NL80211_TXQ_ATTR_CWMAX] ||
2958 !tb[NL80211_TXQ_ATTR_AIFS])
2959 return -EINVAL;
2960
2961 ac = nla_get_u8(tb[NL80211_TXQ_ATTR_AC]);
2962 txq_params->txop = nla_get_u16(tb[NL80211_TXQ_ATTR_TXOP]);
2963 txq_params->cwmin = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMIN]);
2964 txq_params->cwmax = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMAX]);
2965 txq_params->aifs = nla_get_u8(tb[NL80211_TXQ_ATTR_AIFS]);
2966
2967 if (ac >= NL80211_NUM_ACS)
2968 return -EINVAL;
2969 txq_params->ac = array_index_nospec(ac, NL80211_NUM_ACS);
2970 return 0;
2971 }
2972
2973 static bool nl80211_can_set_dev_channel(struct wireless_dev *wdev)
2974 {
2975 /*
2976 * You can only set the channel explicitly for some interfaces,
2977 * most have their channel managed via their respective
2978 * "establish a connection" command (connect, join, ...)
2979 *
2980 * For AP/GO and mesh mode, the channel can be set with the
2981 * channel userspace API, but is only stored and passed to the
2982 * low-level driver when the AP starts or the mesh is joined.
2983 * This is for backward compatibility, userspace can also give
2984 * the channel in the start-ap or join-mesh commands instead.
2985 *
2986 * Monitors are special as they are normally slaved to
2987 * whatever else is going on, so they have their own special
2988 * operation to set the monitor channel if possible.
2989 */
2990 return !wdev ||
2991 wdev->iftype == NL80211_IFTYPE_AP ||
2992 wdev->iftype == NL80211_IFTYPE_MESH_POINT ||
2993 wdev->iftype == NL80211_IFTYPE_MONITOR ||
2994 wdev->iftype == NL80211_IFTYPE_P2P_GO;
2995 }
2996
2997 int nl80211_parse_chandef(struct cfg80211_registered_device *rdev,
2998 struct genl_info *info,
2999 struct cfg80211_chan_def *chandef)
3000 {
3001 struct netlink_ext_ack *extack = info->extack;
3002 struct nlattr **attrs = info->attrs;
3003 u32 control_freq;
3004
3005 if (!attrs[NL80211_ATTR_WIPHY_FREQ])
3006 return -EINVAL;
3007
3008 control_freq = MHZ_TO_KHZ(
3009 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
3010 if (info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET])
3011 control_freq +=
3012 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET]);
3013
3014 memset(chandef, 0, sizeof(*chandef));
3015 chandef->chan = ieee80211_get_channel_khz(&rdev->wiphy, control_freq);
3016 chandef->width = NL80211_CHAN_WIDTH_20_NOHT;
3017 chandef->center_freq1 = KHZ_TO_MHZ(control_freq);
3018 chandef->freq1_offset = control_freq % 1000;
3019 chandef->center_freq2 = 0;
3020
3021 /* Primary channel not allowed */
3022 if (!chandef->chan || chandef->chan->flags & IEEE80211_CHAN_DISABLED) {
3023 NL_SET_ERR_MSG_ATTR(extack, attrs[NL80211_ATTR_WIPHY_FREQ],
3024 "Channel is disabled");
3025 return -EINVAL;
3026 }
3027
3028 if (attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
3029 enum nl80211_channel_type chantype;
3030
3031 chantype = nla_get_u32(attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
3032
3033 switch (chantype) {
3034 case NL80211_CHAN_NO_HT:
3035 case NL80211_CHAN_HT20:
3036 case NL80211_CHAN_HT40PLUS:
3037 case NL80211_CHAN_HT40MINUS:
3038 cfg80211_chandef_create(chandef, chandef->chan,
3039 chantype);
3040 /* user input for center_freq is incorrect */
3041 if (attrs[NL80211_ATTR_CENTER_FREQ1] &&
3042 chandef->center_freq1 != nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ1])) {
3043 NL_SET_ERR_MSG_ATTR(extack,
3044 attrs[NL80211_ATTR_CENTER_FREQ1],
3045 "bad center frequency 1");
3046 return -EINVAL;
3047 }
3048 /* center_freq2 must be zero */
3049 if (attrs[NL80211_ATTR_CENTER_FREQ2] &&
3050 nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ2])) {
3051 NL_SET_ERR_MSG_ATTR(extack,
3052 attrs[NL80211_ATTR_CENTER_FREQ2],
3053 "center frequency 2 can't be used");
3054 return -EINVAL;
3055 }
3056 break;
3057 default:
3058 NL_SET_ERR_MSG_ATTR(extack,
3059 attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE],
3060 "invalid channel type");
3061 return -EINVAL;
3062 }
3063 } else if (attrs[NL80211_ATTR_CHANNEL_WIDTH]) {
3064 chandef->width =
3065 nla_get_u32(attrs[NL80211_ATTR_CHANNEL_WIDTH]);
3066 if (attrs[NL80211_ATTR_CENTER_FREQ1]) {
3067 chandef->center_freq1 =
3068 nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ1]);
3069 if (attrs[NL80211_ATTR_CENTER_FREQ1_OFFSET])
3070 chandef->freq1_offset = nla_get_u32(
3071 attrs[NL80211_ATTR_CENTER_FREQ1_OFFSET]);
3072 else
3073 chandef->freq1_offset = 0;
3074 }
3075 if (attrs[NL80211_ATTR_CENTER_FREQ2])
3076 chandef->center_freq2 =
3077 nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ2]);
3078 }
3079
3080 if (info->attrs[NL80211_ATTR_WIPHY_EDMG_CHANNELS]) {
3081 chandef->edmg.channels =
3082 nla_get_u8(info->attrs[NL80211_ATTR_WIPHY_EDMG_CHANNELS]);
3083
3084 if (info->attrs[NL80211_ATTR_WIPHY_EDMG_BW_CONFIG])
3085 chandef->edmg.bw_config =
3086 nla_get_u8(info->attrs[NL80211_ATTR_WIPHY_EDMG_BW_CONFIG]);
3087 } else {
3088 chandef->edmg.bw_config = 0;
3089 chandef->edmg.channels = 0;
3090 }
3091
3092 if (!cfg80211_chandef_valid(chandef)) {
3093 NL_SET_ERR_MSG(extack, "invalid channel definition");
3094 return -EINVAL;
3095 }
3096
3097 if (!cfg80211_chandef_usable(&rdev->wiphy, chandef,
3098 IEEE80211_CHAN_DISABLED)) {
3099 NL_SET_ERR_MSG(extack, "(extension) channel is disabled");
3100 return -EINVAL;
3101 }
3102
3103 if ((chandef->width == NL80211_CHAN_WIDTH_5 ||
3104 chandef->width == NL80211_CHAN_WIDTH_10) &&
3105 !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ)) {
3106 NL_SET_ERR_MSG(extack, "5/10 MHz not supported");
3107 return -EINVAL;
3108 }
3109
3110 return 0;
3111 }
3112
3113 static int __nl80211_set_channel(struct cfg80211_registered_device *rdev,
3114 struct net_device *dev,
3115 struct genl_info *info)
3116 {
3117 struct cfg80211_chan_def chandef;
3118 int result;
3119 enum nl80211_iftype iftype = NL80211_IFTYPE_MONITOR;
3120 struct wireless_dev *wdev = NULL;
3121
3122 if (dev)
3123 wdev = dev->ieee80211_ptr;
3124 if (!nl80211_can_set_dev_channel(wdev))
3125 return -EOPNOTSUPP;
3126 if (wdev)
3127 iftype = wdev->iftype;
3128
3129 result = nl80211_parse_chandef(rdev, info, &chandef);
3130 if (result)
3131 return result;
3132
3133 switch (iftype) {
3134 case NL80211_IFTYPE_AP:
3135 case NL80211_IFTYPE_P2P_GO:
3136 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &chandef,
3137 iftype)) {
3138 result = -EINVAL;
3139 break;
3140 }
3141 if (wdev->beacon_interval) {
3142 if (!dev || !rdev->ops->set_ap_chanwidth ||
3143 !(rdev->wiphy.features &
3144 NL80211_FEATURE_AP_MODE_CHAN_WIDTH_CHANGE)) {
3145 result = -EBUSY;
3146 break;
3147 }
3148
3149 /* Only allow dynamic channel width changes */
3150 if (chandef.chan != wdev->preset_chandef.chan) {
3151 result = -EBUSY;
3152 break;
3153 }
3154 result = rdev_set_ap_chanwidth(rdev, dev, &chandef);
3155 if (result)
3156 break;
3157 }
3158 wdev->preset_chandef = chandef;
3159 result = 0;
3160 break;
3161 case NL80211_IFTYPE_MESH_POINT:
3162 result = cfg80211_set_mesh_channel(rdev, wdev, &chandef);
3163 break;
3164 case NL80211_IFTYPE_MONITOR:
3165 result = cfg80211_set_monitor_channel(rdev, &chandef);
3166 break;
3167 default:
3168 result = -EINVAL;
3169 }
3170
3171 return result;
3172 }
3173
3174 static int nl80211_set_channel(struct sk_buff *skb, struct genl_info *info)
3175 {
3176 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3177 struct net_device *netdev = info->user_ptr[1];
3178
3179 return __nl80211_set_channel(rdev, netdev, info);
3180 }
3181
3182 static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info)
3183 {
3184 struct cfg80211_registered_device *rdev = NULL;
3185 struct net_device *netdev = NULL;
3186 struct wireless_dev *wdev;
3187 int result = 0, rem_txq_params = 0;
3188 struct nlattr *nl_txq_params;
3189 u32 changed;
3190 u8 retry_short = 0, retry_long = 0;
3191 u32 frag_threshold = 0, rts_threshold = 0;
3192 u8 coverage_class = 0;
3193 u32 txq_limit = 0, txq_memory_limit = 0, txq_quantum = 0;
3194
3195 rtnl_lock();
3196 /*
3197 * Try to find the wiphy and netdev. Normally this
3198 * function shouldn't need the netdev, but this is
3199 * done for backward compatibility -- previously
3200 * setting the channel was done per wiphy, but now
3201 * it is per netdev. Previous userland like hostapd
3202 * also passed a netdev to set_wiphy, so that it is
3203 * possible to let that go to the right netdev!
3204 */
3205
3206 if (info->attrs[NL80211_ATTR_IFINDEX]) {
3207 int ifindex = nla_get_u32(info->attrs[NL80211_ATTR_IFINDEX]);
3208
3209 netdev = __dev_get_by_index(genl_info_net(info), ifindex);
3210 if (netdev && netdev->ieee80211_ptr)
3211 rdev = wiphy_to_rdev(netdev->ieee80211_ptr->wiphy);
3212 else
3213 netdev = NULL;
3214 }
3215
3216 if (!netdev) {
3217 rdev = __cfg80211_rdev_from_attrs(genl_info_net(info),
3218 info->attrs);
3219 if (IS_ERR(rdev)) {
3220 rtnl_unlock();
3221 return PTR_ERR(rdev);
3222 }
3223 wdev = NULL;
3224 netdev = NULL;
3225 result = 0;
3226 } else
3227 wdev = netdev->ieee80211_ptr;
3228
3229 wiphy_lock(&rdev->wiphy);
3230
3231 /*
3232 * end workaround code, by now the rdev is available
3233 * and locked, and wdev may or may not be NULL.
3234 */
3235
3236 if (info->attrs[NL80211_ATTR_WIPHY_NAME])
3237 result = cfg80211_dev_rename(
3238 rdev, nla_data(info->attrs[NL80211_ATTR_WIPHY_NAME]));
3239 rtnl_unlock();
3240
3241 if (result)
3242 goto out;
3243
3244 if (info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS]) {
3245 struct ieee80211_txq_params txq_params;
3246 struct nlattr *tb[NL80211_TXQ_ATTR_MAX + 1];
3247
3248 if (!rdev->ops->set_txq_params) {
3249 result = -EOPNOTSUPP;
3250 goto out;
3251 }
3252
3253 if (!netdev) {
3254 result = -EINVAL;
3255 goto out;
3256 }
3257
3258 if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
3259 netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) {
3260 result = -EINVAL;
3261 goto out;
3262 }
3263
3264 if (!netif_running(netdev)) {
3265 result = -ENETDOWN;
3266 goto out;
3267 }
3268
3269 nla_for_each_nested(nl_txq_params,
3270 info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS],
3271 rem_txq_params) {
3272 result = nla_parse_nested_deprecated(tb,
3273 NL80211_TXQ_ATTR_MAX,
3274 nl_txq_params,
3275 txq_params_policy,
3276 info->extack);
3277 if (result)
3278 goto out;
3279 result = parse_txq_params(tb, &txq_params);
3280 if (result)
3281 goto out;
3282
3283 result = rdev_set_txq_params(rdev, netdev,
3284 &txq_params);
3285 if (result)
3286 goto out;
3287 }
3288 }
3289
3290 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
3291 result = __nl80211_set_channel(
3292 rdev,
3293 nl80211_can_set_dev_channel(wdev) ? netdev : NULL,
3294 info);
3295 if (result)
3296 goto out;
3297 }
3298
3299 if (info->attrs[NL80211_ATTR_WIPHY_TX_POWER_SETTING]) {
3300 struct wireless_dev *txp_wdev = wdev;
3301 enum nl80211_tx_power_setting type;
3302 int idx, mbm = 0;
3303
3304 if (!(rdev->wiphy.features & NL80211_FEATURE_VIF_TXPOWER))
3305 txp_wdev = NULL;
3306
3307 if (!rdev->ops->set_tx_power) {
3308 result = -EOPNOTSUPP;
3309 goto out;
3310 }
3311
3312 idx = NL80211_ATTR_WIPHY_TX_POWER_SETTING;
3313 type = nla_get_u32(info->attrs[idx]);
3314
3315 if (!info->attrs[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] &&
3316 (type != NL80211_TX_POWER_AUTOMATIC)) {
3317 result = -EINVAL;
3318 goto out;
3319 }
3320
3321 if (type != NL80211_TX_POWER_AUTOMATIC) {
3322 idx = NL80211_ATTR_WIPHY_TX_POWER_LEVEL;
3323 mbm = nla_get_u32(info->attrs[idx]);
3324 }
3325
3326 result = rdev_set_tx_power(rdev, txp_wdev, type, mbm);
3327 if (result)
3328 goto out;
3329 }
3330
3331 if (info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX] &&
3332 info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]) {
3333 u32 tx_ant, rx_ant;
3334
3335 if ((!rdev->wiphy.available_antennas_tx &&
3336 !rdev->wiphy.available_antennas_rx) ||
3337 !rdev->ops->set_antenna) {
3338 result = -EOPNOTSUPP;
3339 goto out;
3340 }
3341
3342 tx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX]);
3343 rx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]);
3344
3345 /* reject antenna configurations which don't match the
3346 * available antenna masks, except for the "all" mask */
3347 if ((~tx_ant && (tx_ant & ~rdev->wiphy.available_antennas_tx)) ||
3348 (~rx_ant && (rx_ant & ~rdev->wiphy.available_antennas_rx))) {
3349 result = -EINVAL;
3350 goto out;
3351 }
3352
3353 tx_ant = tx_ant & rdev->wiphy.available_antennas_tx;
3354 rx_ant = rx_ant & rdev->wiphy.available_antennas_rx;
3355
3356 result = rdev_set_antenna(rdev, tx_ant, rx_ant);
3357 if (result)
3358 goto out;
3359 }
3360
3361 changed = 0;
3362
3363 if (info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]) {
3364 retry_short = nla_get_u8(
3365 info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]);
3366
3367 changed |= WIPHY_PARAM_RETRY_SHORT;
3368 }
3369
3370 if (info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]) {
3371 retry_long = nla_get_u8(
3372 info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]);
3373
3374 changed |= WIPHY_PARAM_RETRY_LONG;
3375 }
3376
3377 if (info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]) {
3378 frag_threshold = nla_get_u32(
3379 info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]);
3380 if (frag_threshold < 256) {
3381 result = -EINVAL;
3382 goto out;
3383 }
3384
3385 if (frag_threshold != (u32) -1) {
3386 /*
3387 * Fragments (apart from the last one) are required to
3388 * have even length. Make the fragmentation code
3389 * simpler by stripping LSB should someone try to use
3390 * odd threshold value.
3391 */
3392 frag_threshold &= ~0x1;
3393 }
3394 changed |= WIPHY_PARAM_FRAG_THRESHOLD;
3395 }
3396
3397 if (info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]) {
3398 rts_threshold = nla_get_u32(
3399 info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]);
3400 changed |= WIPHY_PARAM_RTS_THRESHOLD;
3401 }
3402
3403 if (info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]) {
3404 if (info->attrs[NL80211_ATTR_WIPHY_DYN_ACK]) {
3405 result = -EINVAL;
3406 goto out;
3407 }
3408
3409 coverage_class = nla_get_u8(
3410 info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]);
3411 changed |= WIPHY_PARAM_COVERAGE_CLASS;
3412 }
3413
3414 if (info->attrs[NL80211_ATTR_WIPHY_DYN_ACK]) {
3415 if (!(rdev->wiphy.features & NL80211_FEATURE_ACKTO_ESTIMATION)) {
3416 result = -EOPNOTSUPP;
3417 goto out;
3418 }
3419
3420 changed |= WIPHY_PARAM_DYN_ACK;
3421 }
3422
3423 if (info->attrs[NL80211_ATTR_TXQ_LIMIT]) {
3424 if (!wiphy_ext_feature_isset(&rdev->wiphy,
3425 NL80211_EXT_FEATURE_TXQS)) {
3426 result = -EOPNOTSUPP;
3427 goto out;
3428 }
3429 txq_limit = nla_get_u32(
3430 info->attrs[NL80211_ATTR_TXQ_LIMIT]);
3431 changed |= WIPHY_PARAM_TXQ_LIMIT;
3432 }
3433
3434 if (info->attrs[NL80211_ATTR_TXQ_MEMORY_LIMIT]) {
3435 if (!wiphy_ext_feature_isset(&rdev->wiphy,
3436 NL80211_EXT_FEATURE_TXQS)) {
3437 result = -EOPNOTSUPP;
3438 goto out;
3439 }
3440 txq_memory_limit = nla_get_u32(
3441 info->attrs[NL80211_ATTR_TXQ_MEMORY_LIMIT]);
3442 changed |= WIPHY_PARAM_TXQ_MEMORY_LIMIT;
3443 }
3444
3445 if (info->attrs[NL80211_ATTR_TXQ_QUANTUM]) {
3446 if (!wiphy_ext_feature_isset(&rdev->wiphy,
3447 NL80211_EXT_FEATURE_TXQS)) {
3448 result = -EOPNOTSUPP;
3449 goto out;
3450 }
3451 txq_quantum = nla_get_u32(
3452 info->attrs[NL80211_ATTR_TXQ_QUANTUM]);
3453 changed |= WIPHY_PARAM_TXQ_QUANTUM;
3454 }
3455
3456 if (changed) {
3457 u8 old_retry_short, old_retry_long;
3458 u32 old_frag_threshold, old_rts_threshold;
3459 u8 old_coverage_class;
3460 u32 old_txq_limit, old_txq_memory_limit, old_txq_quantum;
3461
3462 if (!rdev->ops->set_wiphy_params) {
3463 result = -EOPNOTSUPP;
3464 goto out;
3465 }
3466
3467 old_retry_short = rdev->wiphy.retry_short;
3468 old_retry_long = rdev->wiphy.retry_long;
3469 old_frag_threshold = rdev->wiphy.frag_threshold;
3470 old_rts_threshold = rdev->wiphy.rts_threshold;
3471 old_coverage_class = rdev->wiphy.coverage_class;
3472 old_txq_limit = rdev->wiphy.txq_limit;
3473 old_txq_memory_limit = rdev->wiphy.txq_memory_limit;
3474 old_txq_quantum = rdev->wiphy.txq_quantum;
3475
3476 if (changed & WIPHY_PARAM_RETRY_SHORT)
3477 rdev->wiphy.retry_short = retry_short;
3478 if (changed & WIPHY_PARAM_RETRY_LONG)
3479 rdev->wiphy.retry_long = retry_long;
3480 if (changed & WIPHY_PARAM_FRAG_THRESHOLD)
3481 rdev->wiphy.frag_threshold = frag_threshold;
3482 if (changed & WIPHY_PARAM_RTS_THRESHOLD)
3483 rdev->wiphy.rts_threshold = rts_threshold;
3484 if (changed & WIPHY_PARAM_COVERAGE_CLASS)
3485 rdev->wiphy.coverage_class = coverage_class;
3486 if (changed & WIPHY_PARAM_TXQ_LIMIT)
3487 rdev->wiphy.txq_limit = txq_limit;
3488 if (changed & WIPHY_PARAM_TXQ_MEMORY_LIMIT)
3489 rdev->wiphy.txq_memory_limit = txq_memory_limit;
3490 if (changed & WIPHY_PARAM_TXQ_QUANTUM)
3491 rdev->wiphy.txq_quantum = txq_quantum;
3492
3493 result = rdev_set_wiphy_params(rdev, changed);
3494 if (result) {
3495 rdev->wiphy.retry_short = old_retry_short;
3496 rdev->wiphy.retry_long = old_retry_long;
3497 rdev->wiphy.frag_threshold = old_frag_threshold;
3498 rdev->wiphy.rts_threshold = old_rts_threshold;
3499 rdev->wiphy.coverage_class = old_coverage_class;
3500 rdev->wiphy.txq_limit = old_txq_limit;
3501 rdev->wiphy.txq_memory_limit = old_txq_memory_limit;
3502 rdev->wiphy.txq_quantum = old_txq_quantum;
3503 goto out;
3504 }
3505 }
3506
3507 result = 0;
3508
3509 out:
3510 wiphy_unlock(&rdev->wiphy);
3511 return result;
3512 }
3513
3514 static int nl80211_send_chandef(struct sk_buff *msg,
3515 const struct cfg80211_chan_def *chandef)
3516 {
3517 if (WARN_ON(!cfg80211_chandef_valid(chandef)))
3518 return -EINVAL;
3519
3520 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ,
3521 chandef->chan->center_freq))
3522 return -ENOBUFS;
3523 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ_OFFSET,
3524 chandef->chan->freq_offset))
3525 return -ENOBUFS;
3526 switch (chandef->width) {
3527 case NL80211_CHAN_WIDTH_20_NOHT:
3528 case NL80211_CHAN_WIDTH_20:
3529 case NL80211_CHAN_WIDTH_40:
3530 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
3531 cfg80211_get_chandef_type(chandef)))
3532 return -ENOBUFS;
3533 break;
3534 default:
3535 break;
3536 }
3537 if (nla_put_u32(msg, NL80211_ATTR_CHANNEL_WIDTH, chandef->width))
3538 return -ENOBUFS;
3539 if (nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ1, chandef->center_freq1))
3540 return -ENOBUFS;
3541 if (chandef->center_freq2 &&
3542 nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ2, chandef->center_freq2))
3543 return -ENOBUFS;
3544 return 0;
3545 }
3546
3547 static int nl80211_send_iface(struct sk_buff *msg, u32 portid, u32 seq, int flags,
3548 struct cfg80211_registered_device *rdev,
3549 struct wireless_dev *wdev,
3550 enum nl80211_commands cmd)
3551 {
3552 struct net_device *dev = wdev->netdev;
3553 void *hdr;
3554
3555 WARN_ON(cmd != NL80211_CMD_NEW_INTERFACE &&
3556 cmd != NL80211_CMD_DEL_INTERFACE &&
3557 cmd != NL80211_CMD_SET_INTERFACE);
3558
3559 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
3560 if (!hdr)
3561 return -1;
3562
3563 if (dev &&
3564 (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
3565 nla_put_string(msg, NL80211_ATTR_IFNAME, dev->name)))
3566 goto nla_put_failure;
3567
3568 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
3569 nla_put_u32(msg, NL80211_ATTR_IFTYPE, wdev->iftype) ||
3570 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
3571 NL80211_ATTR_PAD) ||
3572 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, wdev_address(wdev)) ||
3573 nla_put_u32(msg, NL80211_ATTR_GENERATION,
3574 rdev->devlist_generation ^
3575 (cfg80211_rdev_list_generation << 2)) ||
3576 nla_put_u8(msg, NL80211_ATTR_4ADDR, wdev->use_4addr))
3577 goto nla_put_failure;
3578
3579 if (rdev->ops->get_channel) {
3580 int ret;
3581 struct cfg80211_chan_def chandef = {};
3582
3583 ret = rdev_get_channel(rdev, wdev, &chandef);
3584 if (ret == 0) {
3585 if (nl80211_send_chandef(msg, &chandef))
3586 goto nla_put_failure;
3587 }
3588 }
3589
3590 if (rdev->ops->get_tx_power) {
3591 int dbm, ret;
3592
3593 ret = rdev_get_tx_power(rdev, wdev, &dbm);
3594 if (ret == 0 &&
3595 nla_put_u32(msg, NL80211_ATTR_WIPHY_TX_POWER_LEVEL,
3596 DBM_TO_MBM(dbm)))
3597 goto nla_put_failure;
3598 }
3599
3600 wdev_lock(wdev);
3601 switch (wdev->iftype) {
3602 case NL80211_IFTYPE_AP:
3603 if (wdev->ssid_len &&
3604 nla_put(msg, NL80211_ATTR_SSID, wdev->ssid_len, wdev->ssid))
3605 goto nla_put_failure_locked;
3606 break;
3607 case NL80211_IFTYPE_STATION:
3608 case NL80211_IFTYPE_P2P_CLIENT:
3609 case NL80211_IFTYPE_ADHOC: {
3610 const u8 *ssid_ie;
3611 if (!wdev->current_bss)
3612 break;
3613 rcu_read_lock();
3614 ssid_ie = ieee80211_bss_get_ie(&wdev->current_bss->pub,
3615 WLAN_EID_SSID);
3616 if (ssid_ie &&
3617 nla_put(msg, NL80211_ATTR_SSID, ssid_ie[1], ssid_ie + 2))
3618 goto nla_put_failure_rcu_locked;
3619 rcu_read_unlock();
3620 break;
3621 }
3622 default:
3623 /* nothing */
3624 break;
3625 }
3626 wdev_unlock(wdev);
3627
3628 if (rdev->ops->get_txq_stats) {
3629 struct cfg80211_txq_stats txqstats = {};
3630 int ret = rdev_get_txq_stats(rdev, wdev, &txqstats);
3631
3632 if (ret == 0 &&
3633 !nl80211_put_txq_stats(msg, &txqstats,
3634 NL80211_ATTR_TXQ_STATS))
3635 goto nla_put_failure;
3636 }
3637
3638 genlmsg_end(msg, hdr);
3639 return 0;
3640
3641 nla_put_failure_rcu_locked:
3642 rcu_read_unlock();
3643 nla_put_failure_locked:
3644 wdev_unlock(wdev);
3645 nla_put_failure:
3646 genlmsg_cancel(msg, hdr);
3647 return -EMSGSIZE;
3648 }
3649
3650 static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *cb)
3651 {
3652 int wp_idx = 0;
3653 int if_idx = 0;
3654 int wp_start = cb->args[0];
3655 int if_start = cb->args[1];
3656 int filter_wiphy = -1;
3657 struct cfg80211_registered_device *rdev;
3658 struct wireless_dev *wdev;
3659 int ret;
3660
3661 rtnl_lock();
3662 if (!cb->args[2]) {
3663 struct nl80211_dump_wiphy_state state = {
3664 .filter_wiphy = -1,
3665 };
3666
3667 ret = nl80211_dump_wiphy_parse(skb, cb, &state);
3668 if (ret)
3669 goto out_unlock;
3670
3671 filter_wiphy = state.filter_wiphy;
3672
3673 /*
3674 * if filtering, set cb->args[2] to +1 since 0 is the default
3675 * value needed to determine that parsing is necessary.
3676 */
3677 if (filter_wiphy >= 0)
3678 cb->args[2] = filter_wiphy + 1;
3679 else
3680 cb->args[2] = -1;
3681 } else if (cb->args[2] > 0) {
3682 filter_wiphy = cb->args[2] - 1;
3683 }
3684
3685 list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
3686 if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
3687 continue;
3688 if (wp_idx < wp_start) {
3689 wp_idx++;
3690 continue;
3691 }
3692
3693 if (filter_wiphy >= 0 && filter_wiphy != rdev->wiphy_idx)
3694 continue;
3695
3696 if_idx = 0;
3697
3698 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
3699 if (if_idx < if_start) {
3700 if_idx++;
3701 continue;
3702 }
3703 if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).portid,
3704 cb->nlh->nlmsg_seq, NLM_F_MULTI,
3705 rdev, wdev,
3706 NL80211_CMD_NEW_INTERFACE) < 0) {
3707 goto out;
3708 }
3709 if_idx++;
3710 }
3711
3712 wp_idx++;
3713 }
3714 out:
3715 cb->args[0] = wp_idx;
3716 cb->args[1] = if_idx;
3717
3718 ret = skb->len;
3719 out_unlock:
3720 rtnl_unlock();
3721
3722 return ret;
3723 }
3724
3725 static int nl80211_get_interface(struct sk_buff *skb, struct genl_info *info)
3726 {
3727 struct sk_buff *msg;
3728 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3729 struct wireless_dev *wdev = info->user_ptr[1];
3730
3731 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3732 if (!msg)
3733 return -ENOMEM;
3734
3735 if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
3736 rdev, wdev, NL80211_CMD_NEW_INTERFACE) < 0) {
3737 nlmsg_free(msg);
3738 return -ENOBUFS;
3739 }
3740
3741 return genlmsg_reply(msg, info);
3742 }
3743
3744 static const struct nla_policy mntr_flags_policy[NL80211_MNTR_FLAG_MAX + 1] = {
3745 [NL80211_MNTR_FLAG_FCSFAIL] = { .type = NLA_FLAG },
3746 [NL80211_MNTR_FLAG_PLCPFAIL] = { .type = NLA_FLAG },
3747 [NL80211_MNTR_FLAG_CONTROL] = { .type = NLA_FLAG },
3748 [NL80211_MNTR_FLAG_OTHER_BSS] = { .type = NLA_FLAG },
3749 [NL80211_MNTR_FLAG_COOK_FRAMES] = { .type = NLA_FLAG },
3750 [NL80211_MNTR_FLAG_ACTIVE] = { .type = NLA_FLAG },
3751 };
3752
3753 static int parse_monitor_flags(struct nlattr *nla, u32 *mntrflags)
3754 {
3755 struct nlattr *flags[NL80211_MNTR_FLAG_MAX + 1];
3756 int flag;
3757
3758 *mntrflags = 0;
3759
3760 if (!nla)
3761 return -EINVAL;
3762
3763 if (nla_parse_nested_deprecated(flags, NL80211_MNTR_FLAG_MAX, nla, mntr_flags_policy, NULL))
3764 return -EINVAL;
3765
3766 for (flag = 1; flag <= NL80211_MNTR_FLAG_MAX; flag++)
3767 if (flags[flag])
3768 *mntrflags |= (1<<flag);
3769
3770 *mntrflags |= MONITOR_FLAG_CHANGED;
3771
3772 return 0;
3773 }
3774
3775 static int nl80211_parse_mon_options(struct cfg80211_registered_device *rdev,
3776 enum nl80211_iftype type,
3777 struct genl_info *info,
3778 struct vif_params *params)
3779 {
3780 bool change = false;
3781 int err;
3782
3783 if (info->attrs[NL80211_ATTR_MNTR_FLAGS]) {
3784 if (type != NL80211_IFTYPE_MONITOR)
3785 return -EINVAL;
3786
3787 err = parse_monitor_flags(info->attrs[NL80211_ATTR_MNTR_FLAGS],
3788 &params->flags);
3789 if (err)
3790 return err;
3791
3792 change = true;
3793 }
3794
3795 if (params->flags & MONITOR_FLAG_ACTIVE &&
3796 !(rdev->wiphy.features & NL80211_FEATURE_ACTIVE_MONITOR))
3797 return -EOPNOTSUPP;
3798
3799 if (info->attrs[NL80211_ATTR_MU_MIMO_GROUP_DATA]) {
3800 const u8 *mumimo_groups;
3801 u32 cap_flag = NL80211_EXT_FEATURE_MU_MIMO_AIR_SNIFFER;
3802
3803 if (type != NL80211_IFTYPE_MONITOR)
3804 return -EINVAL;
3805
3806 if (!wiphy_ext_feature_isset(&rdev->wiphy, cap_flag))
3807 return -EOPNOTSUPP;
3808
3809 mumimo_groups =
3810 nla_data(info->attrs[NL80211_ATTR_MU_MIMO_GROUP_DATA]);
3811
3812 /* bits 0 and 63 are reserved and must be zero */
3813 if ((mumimo_groups[0] & BIT(0)) ||
3814 (mumimo_groups[VHT_MUMIMO_GROUPS_DATA_LEN - 1] & BIT(7)))
3815 return -EINVAL;
3816
3817 params->vht_mumimo_groups = mumimo_groups;
3818 change = true;
3819 }
3820
3821 if (info->attrs[NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR]) {
3822 u32 cap_flag = NL80211_EXT_FEATURE_MU_MIMO_AIR_SNIFFER;
3823
3824 if (type != NL80211_IFTYPE_MONITOR)
3825 return -EINVAL;
3826
3827 if (!wiphy_ext_feature_isset(&rdev->wiphy, cap_flag))
3828 return -EOPNOTSUPP;
3829
3830 params->vht_mumimo_follow_addr =
3831 nla_data(info->attrs[NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR]);
3832 change = true;
3833 }
3834
3835 return change ? 1 : 0;
3836 }
3837
3838 static int nl80211_valid_4addr(struct cfg80211_registered_device *rdev,
3839 struct net_device *netdev, u8 use_4addr,
3840 enum nl80211_iftype iftype)
3841 {
3842 if (!use_4addr) {
3843 if (netdev && netif_is_bridge_port(netdev))
3844 return -EBUSY;
3845 return 0;
3846 }
3847
3848 switch (iftype) {
3849 case NL80211_IFTYPE_AP_VLAN:
3850 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_AP)
3851 return 0;
3852 break;
3853 case NL80211_IFTYPE_STATION:
3854 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_STATION)
3855 return 0;
3856 break;
3857 default:
3858 break;
3859 }
3860
3861 return -EOPNOTSUPP;
3862 }
3863
3864 static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info)
3865 {
3866 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3867 struct vif_params params;
3868 int err;
3869 enum nl80211_iftype otype, ntype;
3870 struct net_device *dev = info->user_ptr[1];
3871 bool change = false;
3872
3873 memset(&params, 0, sizeof(params));
3874
3875 otype = ntype = dev->ieee80211_ptr->iftype;
3876
3877 if (info->attrs[NL80211_ATTR_IFTYPE]) {
3878 ntype = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
3879 if (otype != ntype)
3880 change = true;
3881 }
3882
3883 if (info->attrs[NL80211_ATTR_MESH_ID]) {
3884 struct wireless_dev *wdev = dev->ieee80211_ptr;
3885
3886 if (ntype != NL80211_IFTYPE_MESH_POINT)
3887 return -EINVAL;
3888 if (netif_running(dev))
3889 return -EBUSY;
3890
3891 wdev_lock(wdev);
3892 BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
3893 IEEE80211_MAX_MESH_ID_LEN);
3894 wdev->mesh_id_up_len =
3895 nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
3896 memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
3897 wdev->mesh_id_up_len);
3898 wdev_unlock(wdev);
3899 }
3900
3901 if (info->attrs[NL80211_ATTR_4ADDR]) {
3902 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
3903 change = true;
3904 err = nl80211_valid_4addr(rdev, dev, params.use_4addr, ntype);
3905 if (err)
3906 return err;
3907 } else {
3908 params.use_4addr = -1;
3909 }
3910
3911 err = nl80211_parse_mon_options(rdev, ntype, info, &params);
3912 if (err < 0)
3913 return err;
3914 if (err > 0)
3915 change = true;
3916
3917 if (change)
3918 err = cfg80211_change_iface(rdev, dev, ntype, &params);
3919 else
3920 err = 0;
3921
3922 if (!err && params.use_4addr != -1)
3923 dev->ieee80211_ptr->use_4addr = params.use_4addr;
3924
3925 if (change && !err) {
3926 struct wireless_dev *wdev = dev->ieee80211_ptr;
3927
3928 nl80211_notify_iface(rdev, wdev, NL80211_CMD_SET_INTERFACE);
3929 }
3930
3931 return err;
3932 }
3933
3934 static int _nl80211_new_interface(struct sk_buff *skb, struct genl_info *info)
3935 {
3936 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3937 struct vif_params params;
3938 struct wireless_dev *wdev;
3939 struct sk_buff *msg;
3940 int err;
3941 enum nl80211_iftype type = NL80211_IFTYPE_UNSPECIFIED;
3942
3943 memset(&params, 0, sizeof(params));
3944
3945 if (!info->attrs[NL80211_ATTR_IFNAME])
3946 return -EINVAL;
3947
3948 if (info->attrs[NL80211_ATTR_IFTYPE])
3949 type = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
3950
3951 if (!rdev->ops->add_virtual_intf)
3952 return -EOPNOTSUPP;
3953
3954 if ((type == NL80211_IFTYPE_P2P_DEVICE || type == NL80211_IFTYPE_NAN ||
3955 rdev->wiphy.features & NL80211_FEATURE_MAC_ON_CREATE) &&
3956 info->attrs[NL80211_ATTR_MAC]) {
3957 nla_memcpy(params.macaddr, info->attrs[NL80211_ATTR_MAC],
3958 ETH_ALEN);
3959 if (!is_valid_ether_addr(params.macaddr))
3960 return -EADDRNOTAVAIL;
3961 }
3962
3963 if (info->attrs[NL80211_ATTR_4ADDR]) {
3964 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
3965 err = nl80211_valid_4addr(rdev, NULL, params.use_4addr, type);
3966 if (err)
3967 return err;
3968 }
3969
3970 if (!cfg80211_iftype_allowed(&rdev->wiphy, type, params.use_4addr, 0))
3971 return -EOPNOTSUPP;
3972
3973 err = nl80211_parse_mon_options(rdev, type, info, &params);
3974 if (err < 0)
3975 return err;
3976
3977 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3978 if (!msg)
3979 return -ENOMEM;
3980
3981 wdev = rdev_add_virtual_intf(rdev,
3982 nla_data(info->attrs[NL80211_ATTR_IFNAME]),
3983 NET_NAME_USER, type, &params);
3984 if (WARN_ON(!wdev)) {
3985 nlmsg_free(msg);
3986 return -EPROTO;
3987 } else if (IS_ERR(wdev)) {
3988 nlmsg_free(msg);
3989 return PTR_ERR(wdev);
3990 }
3991
3992 if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
3993 wdev->owner_nlportid = info->snd_portid;
3994
3995 switch (type) {
3996 case NL80211_IFTYPE_MESH_POINT:
3997 if (!info->attrs[NL80211_ATTR_MESH_ID])
3998 break;
3999 wdev_lock(wdev);
4000 BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
4001 IEEE80211_MAX_MESH_ID_LEN);
4002 wdev->mesh_id_up_len =
4003 nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
4004 memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
4005 wdev->mesh_id_up_len);
4006 wdev_unlock(wdev);
4007 break;
4008 case NL80211_IFTYPE_NAN:
4009 case NL80211_IFTYPE_P2P_DEVICE:
4010 /*
4011 * P2P Device and NAN do not have a netdev, so don't go
4012 * through the netdev notifier and must be added here
4013 */
4014 cfg80211_init_wdev(wdev);
4015 cfg80211_register_wdev(rdev, wdev);
4016 break;
4017 default:
4018 break;
4019 }
4020
4021 if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
4022 rdev, wdev, NL80211_CMD_NEW_INTERFACE) < 0) {
4023 nlmsg_free(msg);
4024 return -ENOBUFS;
4025 }
4026
4027 return genlmsg_reply(msg, info);
4028 }
4029
4030 static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info)
4031 {
4032 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4033 int ret;
4034
4035 /* to avoid failing a new interface creation due to pending removal */
4036 cfg80211_destroy_ifaces(rdev);
4037
4038 wiphy_lock(&rdev->wiphy);
4039 ret = _nl80211_new_interface(skb, info);
4040 wiphy_unlock(&rdev->wiphy);
4041
4042 return ret;
4043 }
4044
4045 static int nl80211_del_interface(struct sk_buff *skb, struct genl_info *info)
4046 {
4047 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4048 struct wireless_dev *wdev = info->user_ptr[1];
4049
4050 if (!rdev->ops->del_virtual_intf)
4051 return -EOPNOTSUPP;
4052
4053 /*
4054 * We hold RTNL, so this is safe, without RTNL opencount cannot
4055 * reach 0, and thus the rdev cannot be deleted.
4056 *
4057 * We need to do it for the dev_close(), since that will call
4058 * the netdev notifiers, and we need to acquire the mutex there
4059 * but don't know if we get there from here or from some other
4060 * place (e.g. "ip link set ... down").
4061 */
4062 mutex_unlock(&rdev->wiphy.mtx);
4063
4064 /*
4065 * If we remove a wireless device without a netdev then clear
4066 * user_ptr[1] so that nl80211_post_doit won't dereference it
4067 * to check if it needs to do dev_put(). Otherwise it crashes
4068 * since the wdev has been freed, unlike with a netdev where
4069 * we need the dev_put() for the netdev to really be freed.
4070 */
4071 if (!wdev->netdev)
4072 info->user_ptr[1] = NULL;
4073 else
4074 dev_close(wdev->netdev);
4075
4076 mutex_lock(&rdev->wiphy.mtx);
4077
4078 return rdev_del_virtual_intf(rdev, wdev);
4079 }
4080
4081 static int nl80211_set_noack_map(struct sk_buff *skb, struct genl_info *info)
4082 {
4083 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4084 struct net_device *dev = info->user_ptr[1];
4085 u16 noack_map;
4086
4087 if (!info->attrs[NL80211_ATTR_NOACK_MAP])
4088 return -EINVAL;
4089
4090 if (!rdev->ops->set_noack_map)
4091 return -EOPNOTSUPP;
4092
4093 noack_map = nla_get_u16(info->attrs[NL80211_ATTR_NOACK_MAP]);
4094
4095 return rdev_set_noack_map(rdev, dev, noack_map);
4096 }
4097
4098 struct get_key_cookie {
4099 struct sk_buff *msg;
4100 int error;
4101 int idx;
4102 };
4103
4104 static void get_key_callback(void *c, struct key_params *params)
4105 {
4106 struct nlattr *key;
4107 struct get_key_cookie *cookie = c;
4108
4109 if ((params->key &&
4110 nla_put(cookie->msg, NL80211_ATTR_KEY_DATA,
4111 params->key_len, params->key)) ||
4112 (params->seq &&
4113 nla_put(cookie->msg, NL80211_ATTR_KEY_SEQ,
4114 params->seq_len, params->seq)) ||
4115 (params->cipher &&
4116 nla_put_u32(cookie->msg, NL80211_ATTR_KEY_CIPHER,
4117 params->cipher)))
4118 goto nla_put_failure;
4119
4120 key = nla_nest_start_noflag(cookie->msg, NL80211_ATTR_KEY);
4121 if (!key)
4122 goto nla_put_failure;
4123
4124 if ((params->key &&
4125 nla_put(cookie->msg, NL80211_KEY_DATA,
4126 params->key_len, params->key)) ||
4127 (params->seq &&
4128 nla_put(cookie->msg, NL80211_KEY_SEQ,
4129 params->seq_len, params->seq)) ||
4130 (params->cipher &&
4131 nla_put_u32(cookie->msg, NL80211_KEY_CIPHER,
4132 params->cipher)))
4133 goto nla_put_failure;
4134
4135 if (nla_put_u8(cookie->msg, NL80211_KEY_IDX, cookie->idx))
4136 goto nla_put_failure;
4137
4138 nla_nest_end(cookie->msg, key);
4139
4140 return;
4141 nla_put_failure:
4142 cookie->error = 1;
4143 }
4144
4145 static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info)
4146 {
4147 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4148 int err;
4149 struct net_device *dev = info->user_ptr[1];
4150 u8 key_idx = 0;
4151 const u8 *mac_addr = NULL;
4152 bool pairwise;
4153 struct get_key_cookie cookie = {
4154 .error = 0,
4155 };
4156 void *hdr;
4157 struct sk_buff *msg;
4158 bool bigtk_support = false;
4159
4160 if (wiphy_ext_feature_isset(&rdev->wiphy,
4161 NL80211_EXT_FEATURE_BEACON_PROTECTION))
4162 bigtk_support = true;
4163
4164 if ((dev->ieee80211_ptr->iftype == NL80211_IFTYPE_STATION ||
4165 dev->ieee80211_ptr->iftype == NL80211_IFTYPE_P2P_CLIENT) &&
4166 wiphy_ext_feature_isset(&rdev->wiphy,
4167 NL80211_EXT_FEATURE_BEACON_PROTECTION_CLIENT))
4168 bigtk_support = true;
4169
4170 if (info->attrs[NL80211_ATTR_KEY_IDX]) {
4171 key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
4172
4173 if (key_idx >= 6 && key_idx <= 7 && !bigtk_support) {
4174 GENL_SET_ERR_MSG(info, "BIGTK not supported");
4175 return -EINVAL;
4176 }
4177 }
4178
4179 if (info->attrs[NL80211_ATTR_MAC])
4180 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4181
4182 pairwise = !!mac_addr;
4183 if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
4184 u32 kt = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
4185
4186 if (kt != NL80211_KEYTYPE_GROUP &&
4187 kt != NL80211_KEYTYPE_PAIRWISE)
4188 return -EINVAL;
4189 pairwise = kt == NL80211_KEYTYPE_PAIRWISE;
4190 }
4191
4192 if (!rdev->ops->get_key)
4193 return -EOPNOTSUPP;
4194
4195 if (!pairwise && mac_addr && !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
4196 return -ENOENT;
4197
4198 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4199 if (!msg)
4200 return -ENOMEM;
4201
4202 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
4203 NL80211_CMD_NEW_KEY);
4204 if (!hdr)
4205 goto nla_put_failure;
4206
4207 cookie.msg = msg;
4208 cookie.idx = key_idx;
4209
4210 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
4211 nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_idx))
4212 goto nla_put_failure;
4213 if (mac_addr &&
4214 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr))
4215 goto nla_put_failure;
4216
4217 err = rdev_get_key(rdev, dev, key_idx, pairwise, mac_addr, &cookie,
4218 get_key_callback);
4219
4220 if (err)
4221 goto free_msg;
4222
4223 if (cookie.error)
4224 goto nla_put_failure;
4225
4226 genlmsg_end(msg, hdr);
4227 return genlmsg_reply(msg, info);
4228
4229 nla_put_failure:
4230 err = -ENOBUFS;
4231 free_msg:
4232 nlmsg_free(msg);
4233 return err;
4234 }
4235
4236 static int nl80211_set_key(struct sk_buff *skb, struct genl_info *info)
4237 {
4238 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4239 struct key_parse key;
4240 int err;
4241 struct net_device *dev = info->user_ptr[1];
4242
4243 err = nl80211_parse_key(info, &key);
4244 if (err)
4245 return err;
4246
4247 if (key.idx < 0)
4248 return -EINVAL;
4249
4250 /* Only support setting default key and
4251 * Extended Key ID action NL80211_KEY_SET_TX.
4252 */
4253 if (!key.def && !key.defmgmt && !key.defbeacon &&
4254 !(key.p.mode == NL80211_KEY_SET_TX))
4255 return -EINVAL;
4256
4257 wdev_lock(dev->ieee80211_ptr);
4258
4259 if (key.def) {
4260 if (!rdev->ops->set_default_key) {
4261 err = -EOPNOTSUPP;
4262 goto out;
4263 }
4264
4265 err = nl80211_key_allowed(dev->ieee80211_ptr);
4266 if (err)
4267 goto out;
4268
4269 err = rdev_set_default_key(rdev, dev, key.idx,
4270 key.def_uni, key.def_multi);
4271
4272 if (err)
4273 goto out;
4274
4275 #ifdef CONFIG_CFG80211_WEXT
4276 dev->ieee80211_ptr->wext.default_key = key.idx;
4277 #endif
4278 } else if (key.defmgmt) {
4279 if (key.def_uni || !key.def_multi) {
4280 err = -EINVAL;
4281 goto out;
4282 }
4283
4284 if (!rdev->ops->set_default_mgmt_key) {
4285 err = -EOPNOTSUPP;
4286 goto out;
4287 }
4288
4289 err = nl80211_key_allowed(dev->ieee80211_ptr);
4290 if (err)
4291 goto out;
4292
4293 err = rdev_set_default_mgmt_key(rdev, dev, key.idx);
4294 if (err)
4295 goto out;
4296
4297 #ifdef CONFIG_CFG80211_WEXT
4298 dev->ieee80211_ptr->wext.default_mgmt_key = key.idx;
4299 #endif
4300 } else if (key.defbeacon) {
4301 if (key.def_uni || !key.def_multi) {
4302 err = -EINVAL;
4303 goto out;
4304 }
4305
4306 if (!rdev->ops->set_default_beacon_key) {
4307 err = -EOPNOTSUPP;
4308 goto out;
4309 }
4310
4311 err = nl80211_key_allowed(dev->ieee80211_ptr);
4312 if (err)
4313 goto out;
4314
4315 err = rdev_set_default_beacon_key(rdev, dev, key.idx);
4316 if (err)
4317 goto out;
4318 } else if (key.p.mode == NL80211_KEY_SET_TX &&
4319 wiphy_ext_feature_isset(&rdev->wiphy,
4320 NL80211_EXT_FEATURE_EXT_KEY_ID)) {
4321 u8 *mac_addr = NULL;
4322
4323 if (info->attrs[NL80211_ATTR_MAC])
4324 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4325
4326 if (!mac_addr || key.idx < 0 || key.idx > 1) {
4327 err = -EINVAL;
4328 goto out;
4329 }
4330
4331 err = rdev_add_key(rdev, dev, key.idx,
4332 NL80211_KEYTYPE_PAIRWISE,
4333 mac_addr, &key.p);
4334 } else {
4335 err = -EINVAL;
4336 }
4337 out:
4338 wdev_unlock(dev->ieee80211_ptr);
4339
4340 return err;
4341 }
4342
4343 static int nl80211_new_key(struct sk_buff *skb, struct genl_info *info)
4344 {
4345 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4346 int err;
4347 struct net_device *dev = info->user_ptr[1];
4348 struct key_parse key;
4349 const u8 *mac_addr = NULL;
4350
4351 err = nl80211_parse_key(info, &key);
4352 if (err)
4353 return err;
4354
4355 if (!key.p.key) {
4356 GENL_SET_ERR_MSG(info, "no key");
4357 return -EINVAL;
4358 }
4359
4360 if (info->attrs[NL80211_ATTR_MAC])
4361 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4362
4363 if (key.type == -1) {
4364 if (mac_addr)
4365 key.type = NL80211_KEYTYPE_PAIRWISE;
4366 else
4367 key.type = NL80211_KEYTYPE_GROUP;
4368 }
4369
4370 /* for now */
4371 if (key.type != NL80211_KEYTYPE_PAIRWISE &&
4372 key.type != NL80211_KEYTYPE_GROUP) {
4373 GENL_SET_ERR_MSG(info, "key type not pairwise or group");
4374 return -EINVAL;
4375 }
4376
4377 if (key.type == NL80211_KEYTYPE_GROUP &&
4378 info->attrs[NL80211_ATTR_VLAN_ID])
4379 key.p.vlan_id = nla_get_u16(info->attrs[NL80211_ATTR_VLAN_ID]);
4380
4381 if (!rdev->ops->add_key)
4382 return -EOPNOTSUPP;
4383
4384 if (cfg80211_validate_key_settings(rdev, &key.p, key.idx,
4385 key.type == NL80211_KEYTYPE_PAIRWISE,
4386 mac_addr)) {
4387 GENL_SET_ERR_MSG(info, "key setting validation failed");
4388 return -EINVAL;
4389 }
4390
4391 wdev_lock(dev->ieee80211_ptr);
4392 err = nl80211_key_allowed(dev->ieee80211_ptr);
4393 if (err)
4394 GENL_SET_ERR_MSG(info, "key not allowed");
4395 if (!err) {
4396 err = rdev_add_key(rdev, dev, key.idx,
4397 key.type == NL80211_KEYTYPE_PAIRWISE,
4398 mac_addr, &key.p);
4399 if (err)
4400 GENL_SET_ERR_MSG(info, "key addition failed");
4401 }
4402 wdev_unlock(dev->ieee80211_ptr);
4403
4404 return err;
4405 }
4406
4407 static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info)
4408 {
4409 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4410 int err;
4411 struct net_device *dev = info->user_ptr[1];
4412 u8 *mac_addr = NULL;
4413 struct key_parse key;
4414
4415 err = nl80211_parse_key(info, &key);
4416 if (err)
4417 return err;
4418
4419 if (info->attrs[NL80211_ATTR_MAC])
4420 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4421
4422 if (key.type == -1) {
4423 if (mac_addr)
4424 key.type = NL80211_KEYTYPE_PAIRWISE;
4425 else
4426 key.type = NL80211_KEYTYPE_GROUP;
4427 }
4428
4429 /* for now */
4430 if (key.type != NL80211_KEYTYPE_PAIRWISE &&
4431 key.type != NL80211_KEYTYPE_GROUP)
4432 return -EINVAL;
4433
4434 if (!cfg80211_valid_key_idx(rdev, key.idx,
4435 key.type == NL80211_KEYTYPE_PAIRWISE))
4436 return -EINVAL;
4437
4438 if (!rdev->ops->del_key)
4439 return -EOPNOTSUPP;
4440
4441 wdev_lock(dev->ieee80211_ptr);
4442 err = nl80211_key_allowed(dev->ieee80211_ptr);
4443
4444 if (key.type == NL80211_KEYTYPE_GROUP && mac_addr &&
4445 !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
4446 err = -ENOENT;
4447
4448 if (!err)
4449 err = rdev_del_key(rdev, dev, key.idx,
4450 key.type == NL80211_KEYTYPE_PAIRWISE,
4451 mac_addr);
4452
4453 #ifdef CONFIG_CFG80211_WEXT
4454 if (!err) {
4455 if (key.idx == dev->ieee80211_ptr->wext.default_key)
4456 dev->ieee80211_ptr->wext.default_key = -1;
4457 else if (key.idx == dev->ieee80211_ptr->wext.default_mgmt_key)
4458 dev->ieee80211_ptr->wext.default_mgmt_key = -1;
4459 }
4460 #endif
4461 wdev_unlock(dev->ieee80211_ptr);
4462
4463 return err;
4464 }
4465
4466 /* This function returns an error or the number of nested attributes */
4467 static int validate_acl_mac_addrs(struct nlattr *nl_attr)
4468 {
4469 struct nlattr *attr;
4470 int n_entries = 0, tmp;
4471
4472 nla_for_each_nested(attr, nl_attr, tmp) {
4473 if (nla_len(attr) != ETH_ALEN)
4474 return -EINVAL;
4475
4476 n_entries++;
4477 }
4478
4479 return n_entries;
4480 }
4481
4482 /*
4483 * This function parses ACL information and allocates memory for ACL data.
4484 * On successful return, the calling function is responsible to free the
4485 * ACL buffer returned by this function.
4486 */
4487 static struct cfg80211_acl_data *parse_acl_data(struct wiphy *wiphy,
4488 struct genl_info *info)
4489 {
4490 enum nl80211_acl_policy acl_policy;
4491 struct nlattr *attr;
4492 struct cfg80211_acl_data *acl;
4493 int i = 0, n_entries, tmp;
4494
4495 if (!wiphy->max_acl_mac_addrs)
4496 return ERR_PTR(-EOPNOTSUPP);
4497
4498 if (!info->attrs[NL80211_ATTR_ACL_POLICY])
4499 return ERR_PTR(-EINVAL);
4500
4501 acl_policy = nla_get_u32(info->attrs[NL80211_ATTR_ACL_POLICY]);
4502 if (acl_policy != NL80211_ACL_POLICY_ACCEPT_UNLESS_LISTED &&
4503 acl_policy != NL80211_ACL_POLICY_DENY_UNLESS_LISTED)
4504 return ERR_PTR(-EINVAL);
4505
4506 if (!info->attrs[NL80211_ATTR_MAC_ADDRS])
4507 return ERR_PTR(-EINVAL);
4508
4509 n_entries = validate_acl_mac_addrs(info->attrs[NL80211_ATTR_MAC_ADDRS]);
4510 if (n_entries < 0)
4511 return ERR_PTR(n_entries);
4512
4513 if (n_entries > wiphy->max_acl_mac_addrs)
4514 return ERR_PTR(-ENOTSUPP);
4515
4516 acl = kzalloc(struct_size(acl, mac_addrs, n_entries), GFP_KERNEL);
4517 if (!acl)
4518 return ERR_PTR(-ENOMEM);
4519
4520 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_MAC_ADDRS], tmp) {
4521 memcpy(acl->mac_addrs[i].addr, nla_data(attr), ETH_ALEN);
4522 i++;
4523 }
4524
4525 acl->n_acl_entries = n_entries;
4526 acl->acl_policy = acl_policy;
4527
4528 return acl;
4529 }
4530
4531 static int nl80211_set_mac_acl(struct sk_buff *skb, struct genl_info *info)
4532 {
4533 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4534 struct net_device *dev = info->user_ptr[1];
4535 struct cfg80211_acl_data *acl;
4536 int err;
4537
4538 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
4539 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4540 return -EOPNOTSUPP;
4541
4542 if (!dev->ieee80211_ptr->beacon_interval)
4543 return -EINVAL;
4544
4545 acl = parse_acl_data(&rdev->wiphy, info);
4546 if (IS_ERR(acl))
4547 return PTR_ERR(acl);
4548
4549 err = rdev_set_mac_acl(rdev, dev, acl);
4550
4551 kfree(acl);
4552
4553 return err;
4554 }
4555
4556 static u32 rateset_to_mask(struct ieee80211_supported_band *sband,
4557 u8 *rates, u8 rates_len)
4558 {
4559 u8 i;
4560 u32 mask = 0;
4561
4562 for (i = 0; i < rates_len; i++) {
4563 int rate = (rates[i] & 0x7f) * 5;
4564 int ridx;
4565
4566 for (ridx = 0; ridx < sband->n_bitrates; ridx++) {
4567 struct ieee80211_rate *srate =
4568 &sband->bitrates[ridx];
4569 if (rate == srate->bitrate) {
4570 mask |= 1 << ridx;
4571 break;
4572 }
4573 }
4574 if (ridx == sband->n_bitrates)
4575 return 0; /* rate not found */
4576 }
4577
4578 return mask;
4579 }
4580
4581 static bool ht_rateset_to_mask(struct ieee80211_supported_band *sband,
4582 u8 *rates, u8 rates_len,
4583 u8 mcs[IEEE80211_HT_MCS_MASK_LEN])
4584 {
4585 u8 i;
4586
4587 memset(mcs, 0, IEEE80211_HT_MCS_MASK_LEN);
4588
4589 for (i = 0; i < rates_len; i++) {
4590 int ridx, rbit;
4591
4592 ridx = rates[i] / 8;
4593 rbit = BIT(rates[i] % 8);
4594
4595 /* check validity */
4596 if ((ridx < 0) || (ridx >= IEEE80211_HT_MCS_MASK_LEN))
4597 return false;
4598
4599 /* check availability */
4600 ridx = array_index_nospec(ridx, IEEE80211_HT_MCS_MASK_LEN);
4601 if (sband->ht_cap.mcs.rx_mask[ridx] & rbit)
4602 mcs[ridx] |= rbit;
4603 else
4604 return false;
4605 }
4606
4607 return true;
4608 }
4609
4610 static u16 vht_mcs_map_to_mcs_mask(u8 vht_mcs_map)
4611 {
4612 u16 mcs_mask = 0;
4613
4614 switch (vht_mcs_map) {
4615 case IEEE80211_VHT_MCS_NOT_SUPPORTED:
4616 break;
4617 case IEEE80211_VHT_MCS_SUPPORT_0_7:
4618 mcs_mask = 0x00FF;
4619 break;
4620 case IEEE80211_VHT_MCS_SUPPORT_0_8:
4621 mcs_mask = 0x01FF;
4622 break;
4623 case IEEE80211_VHT_MCS_SUPPORT_0_9:
4624 mcs_mask = 0x03FF;
4625 break;
4626 default:
4627 break;
4628 }
4629
4630 return mcs_mask;
4631 }
4632
4633 static void vht_build_mcs_mask(u16 vht_mcs_map,
4634 u16 vht_mcs_mask[NL80211_VHT_NSS_MAX])
4635 {
4636 u8 nss;
4637
4638 for (nss = 0; nss < NL80211_VHT_NSS_MAX; nss++) {
4639 vht_mcs_mask[nss] = vht_mcs_map_to_mcs_mask(vht_mcs_map & 0x03);
4640 vht_mcs_map >>= 2;
4641 }
4642 }
4643
4644 static bool vht_set_mcs_mask(struct ieee80211_supported_band *sband,
4645 struct nl80211_txrate_vht *txrate,
4646 u16 mcs[NL80211_VHT_NSS_MAX])
4647 {
4648 u16 tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
4649 u16 tx_mcs_mask[NL80211_VHT_NSS_MAX] = {};
4650 u8 i;
4651
4652 if (!sband->vht_cap.vht_supported)
4653 return false;
4654
4655 memset(mcs, 0, sizeof(u16) * NL80211_VHT_NSS_MAX);
4656
4657 /* Build vht_mcs_mask from VHT capabilities */
4658 vht_build_mcs_mask(tx_mcs_map, tx_mcs_mask);
4659
4660 for (i = 0; i < NL80211_VHT_NSS_MAX; i++) {
4661 if ((tx_mcs_mask[i] & txrate->mcs[i]) == txrate->mcs[i])
4662 mcs[i] = txrate->mcs[i];
4663 else
4664 return false;
4665 }
4666
4667 return true;
4668 }
4669
4670 static u16 he_mcs_map_to_mcs_mask(u8 he_mcs_map)
4671 {
4672 switch (he_mcs_map) {
4673 case IEEE80211_HE_MCS_NOT_SUPPORTED:
4674 return 0;
4675 case IEEE80211_HE_MCS_SUPPORT_0_7:
4676 return 0x00FF;
4677 case IEEE80211_HE_MCS_SUPPORT_0_9:
4678 return 0x03FF;
4679 case IEEE80211_HE_MCS_SUPPORT_0_11:
4680 return 0xFFF;
4681 default:
4682 break;
4683 }
4684 return 0;
4685 }
4686
4687 static void he_build_mcs_mask(u16 he_mcs_map,
4688 u16 he_mcs_mask[NL80211_HE_NSS_MAX])
4689 {
4690 u8 nss;
4691
4692 for (nss = 0; nss < NL80211_HE_NSS_MAX; nss++) {
4693 he_mcs_mask[nss] = he_mcs_map_to_mcs_mask(he_mcs_map & 0x03);
4694 he_mcs_map >>= 2;
4695 }
4696 }
4697
4698 static u16 he_get_txmcsmap(struct genl_info *info,
4699 const struct ieee80211_sta_he_cap *he_cap)
4700 {
4701 struct net_device *dev = info->user_ptr[1];
4702 struct wireless_dev *wdev = dev->ieee80211_ptr;
4703 __le16 tx_mcs;
4704
4705 switch (wdev->chandef.width) {
4706 case NL80211_CHAN_WIDTH_80P80:
4707 tx_mcs = he_cap->he_mcs_nss_supp.tx_mcs_80p80;
4708 break;
4709 case NL80211_CHAN_WIDTH_160:
4710 tx_mcs = he_cap->he_mcs_nss_supp.tx_mcs_160;
4711 break;
4712 default:
4713 tx_mcs = he_cap->he_mcs_nss_supp.tx_mcs_80;
4714 break;
4715 }
4716 return le16_to_cpu(tx_mcs);
4717 }
4718
4719 static bool he_set_mcs_mask(struct genl_info *info,
4720 struct wireless_dev *wdev,
4721 struct ieee80211_supported_band *sband,
4722 struct nl80211_txrate_he *txrate,
4723 u16 mcs[NL80211_HE_NSS_MAX])
4724 {
4725 const struct ieee80211_sta_he_cap *he_cap;
4726 u16 tx_mcs_mask[NL80211_HE_NSS_MAX] = {};
4727 u16 tx_mcs_map = 0;
4728 u8 i;
4729
4730 he_cap = ieee80211_get_he_iftype_cap(sband, wdev->iftype);
4731 if (!he_cap)
4732 return false;
4733
4734 memset(mcs, 0, sizeof(u16) * NL80211_HE_NSS_MAX);
4735
4736 tx_mcs_map = he_get_txmcsmap(info, he_cap);
4737
4738 /* Build he_mcs_mask from HE capabilities */
4739 he_build_mcs_mask(tx_mcs_map, tx_mcs_mask);
4740
4741 for (i = 0; i < NL80211_HE_NSS_MAX; i++) {
4742 if ((tx_mcs_mask[i] & txrate->mcs[i]) == txrate->mcs[i])
4743 mcs[i] = txrate->mcs[i];
4744 else
4745 return false;
4746 }
4747
4748 return true;
4749 }
4750
4751 static int nl80211_parse_tx_bitrate_mask(struct genl_info *info,
4752 struct nlattr *attrs[],
4753 enum nl80211_attrs attr,
4754 struct cfg80211_bitrate_mask *mask,
4755 struct net_device *dev,
4756 bool default_all_enabled)
4757 {
4758 struct nlattr *tb[NL80211_TXRATE_MAX + 1];
4759 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4760 struct wireless_dev *wdev = dev->ieee80211_ptr;
4761 int rem, i;
4762 struct nlattr *tx_rates;
4763 struct ieee80211_supported_band *sband;
4764 u16 vht_tx_mcs_map, he_tx_mcs_map;
4765
4766 memset(mask, 0, sizeof(*mask));
4767 /* Default to all rates enabled */
4768 for (i = 0; i < NUM_NL80211_BANDS; i++) {
4769 const struct ieee80211_sta_he_cap *he_cap;
4770
4771 if (!default_all_enabled)
4772 break;
4773
4774 sband = rdev->wiphy.bands[i];
4775
4776 if (!sband)
4777 continue;
4778
4779 mask->control[i].legacy = (1 << sband->n_bitrates) - 1;
4780 memcpy(mask->control[i].ht_mcs,
4781 sband->ht_cap.mcs.rx_mask,
4782 sizeof(mask->control[i].ht_mcs));
4783
4784 if (!sband->vht_cap.vht_supported)
4785 continue;
4786
4787 vht_tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
4788 vht_build_mcs_mask(vht_tx_mcs_map, mask->control[i].vht_mcs);
4789
4790 he_cap = ieee80211_get_he_iftype_cap(sband, wdev->iftype);
4791 if (!he_cap)
4792 continue;
4793
4794 he_tx_mcs_map = he_get_txmcsmap(info, he_cap);
4795 he_build_mcs_mask(he_tx_mcs_map, mask->control[i].he_mcs);
4796
4797 mask->control[i].he_gi = 0xFF;
4798 mask->control[i].he_ltf = 0xFF;
4799 }
4800
4801 /* if no rates are given set it back to the defaults */
4802 if (!attrs[attr])
4803 goto out;
4804
4805 /* The nested attribute uses enum nl80211_band as the index. This maps
4806 * directly to the enum nl80211_band values used in cfg80211.
4807 */
4808 BUILD_BUG_ON(NL80211_MAX_SUPP_HT_RATES > IEEE80211_HT_MCS_MASK_LEN * 8);
4809 nla_for_each_nested(tx_rates, attrs[attr], rem) {
4810 enum nl80211_band band = nla_type(tx_rates);
4811 int err;
4812
4813 if (band < 0 || band >= NUM_NL80211_BANDS)
4814 return -EINVAL;
4815 sband = rdev->wiphy.bands[band];
4816 if (sband == NULL)
4817 return -EINVAL;
4818 err = nla_parse_nested_deprecated(tb, NL80211_TXRATE_MAX,
4819 tx_rates,
4820 nl80211_txattr_policy,
4821 info->extack);
4822 if (err)
4823 return err;
4824 if (tb[NL80211_TXRATE_LEGACY]) {
4825 mask->control[band].legacy = rateset_to_mask(
4826 sband,
4827 nla_data(tb[NL80211_TXRATE_LEGACY]),
4828 nla_len(tb[NL80211_TXRATE_LEGACY]));
4829 if ((mask->control[band].legacy == 0) &&
4830 nla_len(tb[NL80211_TXRATE_LEGACY]))
4831 return -EINVAL;
4832 }
4833 if (tb[NL80211_TXRATE_HT]) {
4834 if (!ht_rateset_to_mask(
4835 sband,
4836 nla_data(tb[NL80211_TXRATE_HT]),
4837 nla_len(tb[NL80211_TXRATE_HT]),
4838 mask->control[band].ht_mcs))
4839 return -EINVAL;
4840 }
4841
4842 if (tb[NL80211_TXRATE_VHT]) {
4843 if (!vht_set_mcs_mask(
4844 sband,
4845 nla_data(tb[NL80211_TXRATE_VHT]),
4846 mask->control[band].vht_mcs))
4847 return -EINVAL;
4848 }
4849
4850 if (tb[NL80211_TXRATE_GI]) {
4851 mask->control[band].gi =
4852 nla_get_u8(tb[NL80211_TXRATE_GI]);
4853 if (mask->control[band].gi > NL80211_TXRATE_FORCE_LGI)
4854 return -EINVAL;
4855 }
4856 if (tb[NL80211_TXRATE_HE] &&
4857 !he_set_mcs_mask(info, wdev, sband,
4858 nla_data(tb[NL80211_TXRATE_HE]),
4859 mask->control[band].he_mcs))
4860 return -EINVAL;
4861
4862 if (tb[NL80211_TXRATE_HE_GI])
4863 mask->control[band].he_gi =
4864 nla_get_u8(tb[NL80211_TXRATE_HE_GI]);
4865 if (tb[NL80211_TXRATE_HE_LTF])
4866 mask->control[band].he_ltf =
4867 nla_get_u8(tb[NL80211_TXRATE_HE_LTF]);
4868
4869 if (mask->control[band].legacy == 0) {
4870 /* don't allow empty legacy rates if HT, VHT or HE
4871 * are not even supported.
4872 */
4873 if (!(rdev->wiphy.bands[band]->ht_cap.ht_supported ||
4874 rdev->wiphy.bands[band]->vht_cap.vht_supported ||
4875 ieee80211_get_he_iftype_cap(sband, wdev->iftype)))
4876 return -EINVAL;
4877
4878 for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++)
4879 if (mask->control[band].ht_mcs[i])
4880 goto out;
4881
4882 for (i = 0; i < NL80211_VHT_NSS_MAX; i++)
4883 if (mask->control[band].vht_mcs[i])
4884 goto out;
4885
4886 for (i = 0; i < NL80211_HE_NSS_MAX; i++)
4887 if (mask->control[band].he_mcs[i])
4888 goto out;
4889
4890 /* legacy and mcs rates may not be both empty */
4891 return -EINVAL;
4892 }
4893 }
4894
4895 out:
4896 return 0;
4897 }
4898
4899 static int validate_beacon_tx_rate(struct cfg80211_registered_device *rdev,
4900 enum nl80211_band band,
4901 struct cfg80211_bitrate_mask *beacon_rate)
4902 {
4903 u32 count_ht, count_vht, count_he, i;
4904 u32 rate = beacon_rate->control[band].legacy;
4905
4906 /* Allow only one rate */
4907 if (hweight32(rate) > 1)
4908 return -EINVAL;
4909
4910 count_ht = 0;
4911 for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++) {
4912 if (hweight8(beacon_rate->control[band].ht_mcs[i]) > 1) {
4913 return -EINVAL;
4914 } else if (beacon_rate->control[band].ht_mcs[i]) {
4915 count_ht++;
4916 if (count_ht > 1)
4917 return -EINVAL;
4918 }
4919 if (count_ht && rate)
4920 return -EINVAL;
4921 }
4922
4923 count_vht = 0;
4924 for (i = 0; i < NL80211_VHT_NSS_MAX; i++) {
4925 if (hweight16(beacon_rate->control[band].vht_mcs[i]) > 1) {
4926 return -EINVAL;
4927 } else if (beacon_rate->control[band].vht_mcs[i]) {
4928 count_vht++;
4929 if (count_vht > 1)
4930 return -EINVAL;
4931 }
4932 if (count_vht && rate)
4933 return -EINVAL;
4934 }
4935
4936 count_he = 0;
4937 for (i = 0; i < NL80211_HE_NSS_MAX; i++) {
4938 if (hweight16(beacon_rate->control[band].he_mcs[i]) > 1) {
4939 return -EINVAL;
4940 } else if (beacon_rate->control[band].he_mcs[i]) {
4941 count_he++;
4942 if (count_he > 1)
4943 return -EINVAL;
4944 }
4945 if (count_he && rate)
4946 return -EINVAL;
4947 }
4948
4949 if ((count_ht && count_vht && count_he) ||
4950 (!rate && !count_ht && !count_vht && !count_he))
4951 return -EINVAL;
4952
4953 if (rate &&
4954 !wiphy_ext_feature_isset(&rdev->wiphy,
4955 NL80211_EXT_FEATURE_BEACON_RATE_LEGACY))
4956 return -EINVAL;
4957 if (count_ht &&
4958 !wiphy_ext_feature_isset(&rdev->wiphy,
4959 NL80211_EXT_FEATURE_BEACON_RATE_HT))
4960 return -EINVAL;
4961 if (count_vht &&
4962 !wiphy_ext_feature_isset(&rdev->wiphy,
4963 NL80211_EXT_FEATURE_BEACON_RATE_VHT))
4964 return -EINVAL;
4965 if (count_he &&
4966 !wiphy_ext_feature_isset(&rdev->wiphy,
4967 NL80211_EXT_FEATURE_BEACON_RATE_HE))
4968 return -EINVAL;
4969
4970 return 0;
4971 }
4972
4973 static int nl80211_parse_beacon(struct cfg80211_registered_device *rdev,
4974 struct nlattr *attrs[],
4975 struct cfg80211_beacon_data *bcn)
4976 {
4977 bool haveinfo = false;
4978 int err;
4979
4980 memset(bcn, 0, sizeof(*bcn));
4981
4982 if (attrs[NL80211_ATTR_BEACON_HEAD]) {
4983 bcn->head = nla_data(attrs[NL80211_ATTR_BEACON_HEAD]);
4984 bcn->head_len = nla_len(attrs[NL80211_ATTR_BEACON_HEAD]);
4985 if (!bcn->head_len)
4986 return -EINVAL;
4987 haveinfo = true;
4988 }
4989
4990 if (attrs[NL80211_ATTR_BEACON_TAIL]) {
4991 bcn->tail = nla_data(attrs[NL80211_ATTR_BEACON_TAIL]);
4992 bcn->tail_len = nla_len(attrs[NL80211_ATTR_BEACON_TAIL]);
4993 haveinfo = true;
4994 }
4995
4996 if (!haveinfo)
4997 return -EINVAL;
4998
4999 if (attrs[NL80211_ATTR_IE]) {
5000 bcn->beacon_ies = nla_data(attrs[NL80211_ATTR_IE]);
5001 bcn->beacon_ies_len = nla_len(attrs[NL80211_ATTR_IE]);
5002 }
5003
5004 if (attrs[NL80211_ATTR_IE_PROBE_RESP]) {
5005 bcn->proberesp_ies =
5006 nla_data(attrs[NL80211_ATTR_IE_PROBE_RESP]);
5007 bcn->proberesp_ies_len =
5008 nla_len(attrs[NL80211_ATTR_IE_PROBE_RESP]);
5009 }
5010
5011 if (attrs[NL80211_ATTR_IE_ASSOC_RESP]) {
5012 bcn->assocresp_ies =
5013 nla_data(attrs[NL80211_ATTR_IE_ASSOC_RESP]);
5014 bcn->assocresp_ies_len =
5015 nla_len(attrs[NL80211_ATTR_IE_ASSOC_RESP]);
5016 }
5017
5018 if (attrs[NL80211_ATTR_PROBE_RESP]) {
5019 bcn->probe_resp = nla_data(attrs[NL80211_ATTR_PROBE_RESP]);
5020 bcn->probe_resp_len = nla_len(attrs[NL80211_ATTR_PROBE_RESP]);
5021 }
5022
5023 if (attrs[NL80211_ATTR_FTM_RESPONDER]) {
5024 struct nlattr *tb[NL80211_FTM_RESP_ATTR_MAX + 1];
5025
5026 err = nla_parse_nested_deprecated(tb,
5027 NL80211_FTM_RESP_ATTR_MAX,
5028 attrs[NL80211_ATTR_FTM_RESPONDER],
5029 NULL, NULL);
5030 if (err)
5031 return err;
5032
5033 if (tb[NL80211_FTM_RESP_ATTR_ENABLED] &&
5034 wiphy_ext_feature_isset(&rdev->wiphy,
5035 NL80211_EXT_FEATURE_ENABLE_FTM_RESPONDER))
5036 bcn->ftm_responder = 1;
5037 else
5038 return -EOPNOTSUPP;
5039
5040 if (tb[NL80211_FTM_RESP_ATTR_LCI]) {
5041 bcn->lci = nla_data(tb[NL80211_FTM_RESP_ATTR_LCI]);
5042 bcn->lci_len = nla_len(tb[NL80211_FTM_RESP_ATTR_LCI]);
5043 }
5044
5045 if (tb[NL80211_FTM_RESP_ATTR_CIVICLOC]) {
5046 bcn->civicloc = nla_data(tb[NL80211_FTM_RESP_ATTR_CIVICLOC]);
5047 bcn->civicloc_len = nla_len(tb[NL80211_FTM_RESP_ATTR_CIVICLOC]);
5048 }
5049 } else {
5050 bcn->ftm_responder = -1;
5051 }
5052
5053 return 0;
5054 }
5055
5056 static int nl80211_parse_he_obss_pd(struct nlattr *attrs,
5057 struct ieee80211_he_obss_pd *he_obss_pd)
5058 {
5059 struct nlattr *tb[NL80211_HE_OBSS_PD_ATTR_MAX + 1];
5060 int err;
5061
5062 err = nla_parse_nested(tb, NL80211_HE_OBSS_PD_ATTR_MAX, attrs,
5063 he_obss_pd_policy, NULL);
5064 if (err)
5065 return err;
5066
5067 if (!tb[NL80211_HE_OBSS_PD_ATTR_SR_CTRL])
5068 return -EINVAL;
5069
5070 he_obss_pd->sr_ctrl = nla_get_u8(tb[NL80211_HE_OBSS_PD_ATTR_SR_CTRL]);
5071
5072 if (tb[NL80211_HE_OBSS_PD_ATTR_MIN_OFFSET])
5073 he_obss_pd->min_offset =
5074 nla_get_u8(tb[NL80211_HE_OBSS_PD_ATTR_MIN_OFFSET]);
5075 if (tb[NL80211_HE_OBSS_PD_ATTR_MAX_OFFSET])
5076 he_obss_pd->max_offset =
5077 nla_get_u8(tb[NL80211_HE_OBSS_PD_ATTR_MAX_OFFSET]);
5078 if (tb[NL80211_HE_OBSS_PD_ATTR_NON_SRG_MAX_OFFSET])
5079 he_obss_pd->non_srg_max_offset =
5080 nla_get_u8(tb[NL80211_HE_OBSS_PD_ATTR_NON_SRG_MAX_OFFSET]);
5081
5082 if (he_obss_pd->min_offset > he_obss_pd->max_offset)
5083 return -EINVAL;
5084
5085 if (tb[NL80211_HE_OBSS_PD_ATTR_BSS_COLOR_BITMAP])
5086 memcpy(he_obss_pd->bss_color_bitmap,
5087 nla_data(tb[NL80211_HE_OBSS_PD_ATTR_BSS_COLOR_BITMAP]),
5088 sizeof(he_obss_pd->bss_color_bitmap));
5089
5090 if (tb[NL80211_HE_OBSS_PD_ATTR_PARTIAL_BSSID_BITMAP])
5091 memcpy(he_obss_pd->partial_bssid_bitmap,
5092 nla_data(tb[NL80211_HE_OBSS_PD_ATTR_PARTIAL_BSSID_BITMAP]),
5093 sizeof(he_obss_pd->partial_bssid_bitmap));
5094
5095 he_obss_pd->enable = true;
5096
5097 return 0;
5098 }
5099
5100 static int nl80211_parse_he_bss_color(struct nlattr *attrs,
5101 struct cfg80211_he_bss_color *he_bss_color)
5102 {
5103 struct nlattr *tb[NL80211_HE_BSS_COLOR_ATTR_MAX + 1];
5104 int err;
5105
5106 err = nla_parse_nested(tb, NL80211_HE_BSS_COLOR_ATTR_MAX, attrs,
5107 he_bss_color_policy, NULL);
5108 if (err)
5109 return err;
5110
5111 if (!tb[NL80211_HE_BSS_COLOR_ATTR_COLOR])
5112 return -EINVAL;
5113
5114 he_bss_color->color =
5115 nla_get_u8(tb[NL80211_HE_BSS_COLOR_ATTR_COLOR]);
5116 he_bss_color->enabled =
5117 !nla_get_flag(tb[NL80211_HE_BSS_COLOR_ATTR_DISABLED]);
5118 he_bss_color->partial =
5119 nla_get_flag(tb[NL80211_HE_BSS_COLOR_ATTR_PARTIAL]);
5120
5121 return 0;
5122 }
5123
5124 static int nl80211_parse_fils_discovery(struct cfg80211_registered_device *rdev,
5125 struct nlattr *attrs,
5126 struct cfg80211_ap_settings *params)
5127 {
5128 struct nlattr *tb[NL80211_FILS_DISCOVERY_ATTR_MAX + 1];
5129 int ret;
5130 struct cfg80211_fils_discovery *fd = &params->fils_discovery;
5131
5132 if (!wiphy_ext_feature_isset(&rdev->wiphy,
5133 NL80211_EXT_FEATURE_FILS_DISCOVERY))
5134 return -EINVAL;
5135
5136 ret = nla_parse_nested(tb, NL80211_FILS_DISCOVERY_ATTR_MAX, attrs,
5137 NULL, NULL);
5138 if (ret)
5139 return ret;
5140
5141 if (!tb[NL80211_FILS_DISCOVERY_ATTR_INT_MIN] ||
5142 !tb[NL80211_FILS_DISCOVERY_ATTR_INT_MAX] ||
5143 !tb[NL80211_FILS_DISCOVERY_ATTR_TMPL])
5144 return -EINVAL;
5145
5146 fd->tmpl_len = nla_len(tb[NL80211_FILS_DISCOVERY_ATTR_TMPL]);
5147 fd->tmpl = nla_data(tb[NL80211_FILS_DISCOVERY_ATTR_TMPL]);
5148 fd->min_interval = nla_get_u32(tb[NL80211_FILS_DISCOVERY_ATTR_INT_MIN]);
5149 fd->max_interval = nla_get_u32(tb[NL80211_FILS_DISCOVERY_ATTR_INT_MAX]);
5150
5151 return 0;
5152 }
5153
5154 static int
5155 nl80211_parse_unsol_bcast_probe_resp(struct cfg80211_registered_device *rdev,
5156 struct nlattr *attrs,
5157 struct cfg80211_ap_settings *params)
5158 {
5159 struct nlattr *tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_MAX + 1];
5160 int ret;
5161 struct cfg80211_unsol_bcast_probe_resp *presp =
5162 &params->unsol_bcast_probe_resp;
5163
5164 if (!wiphy_ext_feature_isset(&rdev->wiphy,
5165 NL80211_EXT_FEATURE_UNSOL_BCAST_PROBE_RESP))
5166 return -EINVAL;
5167
5168 ret = nla_parse_nested(tb, NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_MAX,
5169 attrs, NULL, NULL);
5170 if (ret)
5171 return ret;
5172
5173 if (!tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_INT] ||
5174 !tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_TMPL])
5175 return -EINVAL;
5176
5177 presp->tmpl = nla_data(tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_TMPL]);
5178 presp->tmpl_len = nla_len(tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_TMPL]);
5179 presp->interval = nla_get_u32(tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_INT]);
5180 return 0;
5181 }
5182
5183 static void nl80211_check_ap_rate_selectors(struct cfg80211_ap_settings *params,
5184 const u8 *rates)
5185 {
5186 int i;
5187
5188 if (!rates)
5189 return;
5190
5191 for (i = 0; i < rates[1]; i++) {
5192 if (rates[2 + i] == BSS_MEMBERSHIP_SELECTOR_HT_PHY)
5193 params->ht_required = true;
5194 if (rates[2 + i] == BSS_MEMBERSHIP_SELECTOR_VHT_PHY)
5195 params->vht_required = true;
5196 if (rates[2 + i] == BSS_MEMBERSHIP_SELECTOR_HE_PHY)
5197 params->he_required = true;
5198 if (rates[2 + i] == BSS_MEMBERSHIP_SELECTOR_SAE_H2E)
5199 params->sae_h2e_required = true;
5200 }
5201 }
5202
5203 /*
5204 * Since the nl80211 API didn't include, from the beginning, attributes about
5205 * HT/VHT requirements/capabilities, we parse them out of the IEs for the
5206 * benefit of drivers that rebuild IEs in the firmware.
5207 */
5208 static void nl80211_calculate_ap_params(struct cfg80211_ap_settings *params)
5209 {
5210 const struct cfg80211_beacon_data *bcn = &params->beacon;
5211 size_t ies_len = bcn->tail_len;
5212 const u8 *ies = bcn->tail;
5213 const u8 *rates;
5214 const u8 *cap;
5215
5216 rates = cfg80211_find_ie(WLAN_EID_SUPP_RATES, ies, ies_len);
5217 nl80211_check_ap_rate_selectors(params, rates);
5218
5219 rates = cfg80211_find_ie(WLAN_EID_EXT_SUPP_RATES, ies, ies_len);
5220 nl80211_check_ap_rate_selectors(params, rates);
5221
5222 cap = cfg80211_find_ie(WLAN_EID_HT_CAPABILITY, ies, ies_len);
5223 if (cap && cap[1] >= sizeof(*params->ht_cap))
5224 params->ht_cap = (void *)(cap + 2);
5225 cap = cfg80211_find_ie(WLAN_EID_VHT_CAPABILITY, ies, ies_len);
5226 if (cap && cap[1] >= sizeof(*params->vht_cap))
5227 params->vht_cap = (void *)(cap + 2);
5228 cap = cfg80211_find_ext_ie(WLAN_EID_EXT_HE_CAPABILITY, ies, ies_len);
5229 if (cap && cap[1] >= sizeof(*params->he_cap) + 1)
5230 params->he_cap = (void *)(cap + 3);
5231 cap = cfg80211_find_ext_ie(WLAN_EID_EXT_HE_OPERATION, ies, ies_len);
5232 if (cap && cap[1] >= sizeof(*params->he_oper) + 1)
5233 params->he_oper = (void *)(cap + 3);
5234 }
5235
5236 static bool nl80211_get_ap_channel(struct cfg80211_registered_device *rdev,
5237 struct cfg80211_ap_settings *params)
5238 {
5239 struct wireless_dev *wdev;
5240 bool ret = false;
5241
5242 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
5243 if (wdev->iftype != NL80211_IFTYPE_AP &&
5244 wdev->iftype != NL80211_IFTYPE_P2P_GO)
5245 continue;
5246
5247 if (!wdev->preset_chandef.chan)
5248 continue;
5249
5250 params->chandef = wdev->preset_chandef;
5251 ret = true;
5252 break;
5253 }
5254
5255 return ret;
5256 }
5257
5258 static bool nl80211_valid_auth_type(struct cfg80211_registered_device *rdev,
5259 enum nl80211_auth_type auth_type,
5260 enum nl80211_commands cmd)
5261 {
5262 if (auth_type > NL80211_AUTHTYPE_MAX)
5263 return false;
5264
5265 switch (cmd) {
5266 case NL80211_CMD_AUTHENTICATE:
5267 if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) &&
5268 auth_type == NL80211_AUTHTYPE_SAE)
5269 return false;
5270 if (!wiphy_ext_feature_isset(&rdev->wiphy,
5271 NL80211_EXT_FEATURE_FILS_STA) &&
5272 (auth_type == NL80211_AUTHTYPE_FILS_SK ||
5273 auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
5274 auth_type == NL80211_AUTHTYPE_FILS_PK))
5275 return false;
5276 return true;
5277 case NL80211_CMD_CONNECT:
5278 if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) &&
5279 !wiphy_ext_feature_isset(&rdev->wiphy,
5280 NL80211_EXT_FEATURE_SAE_OFFLOAD) &&
5281 auth_type == NL80211_AUTHTYPE_SAE)
5282 return false;
5283
5284 /* FILS with SK PFS or PK not supported yet */
5285 if (auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
5286 auth_type == NL80211_AUTHTYPE_FILS_PK)
5287 return false;
5288 if (!wiphy_ext_feature_isset(
5289 &rdev->wiphy,
5290 NL80211_EXT_FEATURE_FILS_SK_OFFLOAD) &&
5291 auth_type == NL80211_AUTHTYPE_FILS_SK)
5292 return false;
5293 return true;
5294 case NL80211_CMD_START_AP:
5295 if (!wiphy_ext_feature_isset(&rdev->wiphy,
5296 NL80211_EXT_FEATURE_SAE_OFFLOAD_AP) &&
5297 auth_type == NL80211_AUTHTYPE_SAE)
5298 return false;
5299 /* FILS not supported yet */
5300 if (auth_type == NL80211_AUTHTYPE_FILS_SK ||
5301 auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
5302 auth_type == NL80211_AUTHTYPE_FILS_PK)
5303 return false;
5304 return true;
5305 default:
5306 return false;
5307 }
5308 }
5309
5310 static int nl80211_start_ap(struct sk_buff *skb, struct genl_info *info)
5311 {
5312 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5313 struct net_device *dev = info->user_ptr[1];
5314 struct wireless_dev *wdev = dev->ieee80211_ptr;
5315 struct cfg80211_ap_settings params;
5316 int err;
5317
5318 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
5319 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
5320 return -EOPNOTSUPP;
5321
5322 if (!rdev->ops->start_ap)
5323 return -EOPNOTSUPP;
5324
5325 if (wdev->beacon_interval)
5326 return -EALREADY;
5327
5328 memset(&params, 0, sizeof(params));
5329
5330 /* these are required for START_AP */
5331 if (!info->attrs[NL80211_ATTR_BEACON_INTERVAL] ||
5332 !info->attrs[NL80211_ATTR_DTIM_PERIOD] ||
5333 !info->attrs[NL80211_ATTR_BEACON_HEAD])
5334 return -EINVAL;
5335
5336 err = nl80211_parse_beacon(rdev, info->attrs, &params.beacon);
5337 if (err)
5338 return err;
5339
5340 params.beacon_interval =
5341 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
5342 params.dtim_period =
5343 nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
5344
5345 err = cfg80211_validate_beacon_int(rdev, dev->ieee80211_ptr->iftype,
5346 params.beacon_interval);
5347 if (err)
5348 return err;
5349
5350 /*
5351 * In theory, some of these attributes should be required here
5352 * but since they were not used when the command was originally
5353 * added, keep them optional for old user space programs to let
5354 * them continue to work with drivers that do not need the
5355 * additional information -- drivers must check!
5356 */
5357 if (info->attrs[NL80211_ATTR_SSID]) {
5358 params.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
5359 params.ssid_len =
5360 nla_len(info->attrs[NL80211_ATTR_SSID]);
5361 if (params.ssid_len == 0)
5362 return -EINVAL;
5363 }
5364
5365 if (info->attrs[NL80211_ATTR_HIDDEN_SSID])
5366 params.hidden_ssid = nla_get_u32(
5367 info->attrs[NL80211_ATTR_HIDDEN_SSID]);
5368
5369 params.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
5370
5371 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
5372 params.auth_type = nla_get_u32(
5373 info->attrs[NL80211_ATTR_AUTH_TYPE]);
5374 if (!nl80211_valid_auth_type(rdev, params.auth_type,
5375 NL80211_CMD_START_AP))
5376 return -EINVAL;
5377 } else
5378 params.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
5379
5380 err = nl80211_crypto_settings(rdev, info, &params.crypto,
5381 NL80211_MAX_NR_CIPHER_SUITES);
5382 if (err)
5383 return err;
5384
5385 if (info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]) {
5386 if (!(rdev->wiphy.features & NL80211_FEATURE_INACTIVITY_TIMER))
5387 return -EOPNOTSUPP;
5388 params.inactivity_timeout = nla_get_u16(
5389 info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]);
5390 }
5391
5392 if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
5393 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
5394 return -EINVAL;
5395 params.p2p_ctwindow =
5396 nla_get_u8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
5397 if (params.p2p_ctwindow != 0 &&
5398 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN))
5399 return -EINVAL;
5400 }
5401
5402 if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
5403 u8 tmp;
5404
5405 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
5406 return -EINVAL;
5407 tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
5408 params.p2p_opp_ps = tmp;
5409 if (params.p2p_opp_ps != 0 &&
5410 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS))
5411 return -EINVAL;
5412 }
5413
5414 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
5415 err = nl80211_parse_chandef(rdev, info, &params.chandef);
5416 if (err)
5417 return err;
5418 } else if (wdev->preset_chandef.chan) {
5419 params.chandef = wdev->preset_chandef;
5420 } else if (!nl80211_get_ap_channel(rdev, &params))
5421 return -EINVAL;
5422
5423 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &params.chandef,
5424 wdev->iftype))
5425 return -EINVAL;
5426
5427 if (info->attrs[NL80211_ATTR_TX_RATES]) {
5428 err = nl80211_parse_tx_bitrate_mask(info, info->attrs,
5429 NL80211_ATTR_TX_RATES,
5430 &params.beacon_rate,
5431 dev, false);
5432 if (err)
5433 return err;
5434
5435 err = validate_beacon_tx_rate(rdev, params.chandef.chan->band,
5436 &params.beacon_rate);
5437 if (err)
5438 return err;
5439 }
5440
5441 if (info->attrs[NL80211_ATTR_SMPS_MODE]) {
5442 params.smps_mode =
5443 nla_get_u8(info->attrs[NL80211_ATTR_SMPS_MODE]);
5444 switch (params.smps_mode) {
5445 case NL80211_SMPS_OFF:
5446 break;
5447 case NL80211_SMPS_STATIC:
5448 if (!(rdev->wiphy.features &
5449 NL80211_FEATURE_STATIC_SMPS))
5450 return -EINVAL;
5451 break;
5452 case NL80211_SMPS_DYNAMIC:
5453 if (!(rdev->wiphy.features &
5454 NL80211_FEATURE_DYNAMIC_SMPS))
5455 return -EINVAL;
5456 break;
5457 default:
5458 return -EINVAL;
5459 }
5460 } else {
5461 params.smps_mode = NL80211_SMPS_OFF;
5462 }
5463
5464 params.pbss = nla_get_flag(info->attrs[NL80211_ATTR_PBSS]);
5465 if (params.pbss && !rdev->wiphy.bands[NL80211_BAND_60GHZ])
5466 return -EOPNOTSUPP;
5467
5468 if (info->attrs[NL80211_ATTR_ACL_POLICY]) {
5469 params.acl = parse_acl_data(&rdev->wiphy, info);
5470 if (IS_ERR(params.acl))
5471 return PTR_ERR(params.acl);
5472 }
5473
5474 params.twt_responder =
5475 nla_get_flag(info->attrs[NL80211_ATTR_TWT_RESPONDER]);
5476
5477 if (info->attrs[NL80211_ATTR_HE_OBSS_PD]) {
5478 err = nl80211_parse_he_obss_pd(
5479 info->attrs[NL80211_ATTR_HE_OBSS_PD],
5480 &params.he_obss_pd);
5481 if (err)
5482 goto out;
5483 }
5484
5485 if (info->attrs[NL80211_ATTR_HE_BSS_COLOR]) {
5486 err = nl80211_parse_he_bss_color(
5487 info->attrs[NL80211_ATTR_HE_BSS_COLOR],
5488 &params.he_bss_color);
5489 if (err)
5490 goto out;
5491 }
5492
5493 if (info->attrs[NL80211_ATTR_FILS_DISCOVERY]) {
5494 err = nl80211_parse_fils_discovery(rdev,
5495 info->attrs[NL80211_ATTR_FILS_DISCOVERY],
5496 &params);
5497 if (err)
5498 goto out;
5499 }
5500
5501 if (info->attrs[NL80211_ATTR_UNSOL_BCAST_PROBE_RESP]) {
5502 err = nl80211_parse_unsol_bcast_probe_resp(
5503 rdev, info->attrs[NL80211_ATTR_UNSOL_BCAST_PROBE_RESP],
5504 &params);
5505 if (err)
5506 goto out;
5507 }
5508
5509 nl80211_calculate_ap_params(&params);
5510
5511 if (info->attrs[NL80211_ATTR_EXTERNAL_AUTH_SUPPORT])
5512 params.flags |= AP_SETTINGS_EXTERNAL_AUTH_SUPPORT;
5513
5514 wdev_lock(wdev);
5515 err = rdev_start_ap(rdev, dev, &params);
5516 if (!err) {
5517 wdev->preset_chandef = params.chandef;
5518 wdev->beacon_interval = params.beacon_interval;
5519 wdev->chandef = params.chandef;
5520 wdev->ssid_len = params.ssid_len;
5521 memcpy(wdev->ssid, params.ssid, wdev->ssid_len);
5522
5523 if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
5524 wdev->conn_owner_nlportid = info->snd_portid;
5525 }
5526 wdev_unlock(wdev);
5527
5528 out:
5529 kfree(params.acl);
5530
5531 return err;
5532 }
5533
5534 static int nl80211_set_beacon(struct sk_buff *skb, struct genl_info *info)
5535 {
5536 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5537 struct net_device *dev = info->user_ptr[1];
5538 struct wireless_dev *wdev = dev->ieee80211_ptr;
5539 struct cfg80211_beacon_data params;
5540 int err;
5541
5542 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
5543 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
5544 return -EOPNOTSUPP;
5545
5546 if (!rdev->ops->change_beacon)
5547 return -EOPNOTSUPP;
5548
5549 if (!wdev->beacon_interval)
5550 return -EINVAL;
5551
5552 err = nl80211_parse_beacon(rdev, info->attrs, &params);
5553 if (err)
5554 return err;
5555
5556 wdev_lock(wdev);
5557 err = rdev_change_beacon(rdev, dev, &params);
5558 wdev_unlock(wdev);
5559
5560 return err;
5561 }
5562
5563 static int nl80211_stop_ap(struct sk_buff *skb, struct genl_info *info)
5564 {
5565 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5566 struct net_device *dev = info->user_ptr[1];
5567
5568 return cfg80211_stop_ap(rdev, dev, false);
5569 }
5570
5571 static const struct nla_policy sta_flags_policy[NL80211_STA_FLAG_MAX + 1] = {
5572 [NL80211_STA_FLAG_AUTHORIZED] = { .type = NLA_FLAG },
5573 [NL80211_STA_FLAG_SHORT_PREAMBLE] = { .type = NLA_FLAG },
5574 [NL80211_STA_FLAG_WME] = { .type = NLA_FLAG },
5575 [NL80211_STA_FLAG_MFP] = { .type = NLA_FLAG },
5576 [NL80211_STA_FLAG_AUTHENTICATED] = { .type = NLA_FLAG },
5577 [NL80211_STA_FLAG_TDLS_PEER] = { .type = NLA_FLAG },
5578 };
5579
5580 static int parse_station_flags(struct genl_info *info,
5581 enum nl80211_iftype iftype,
5582 struct station_parameters *params)
5583 {
5584 struct nlattr *flags[NL80211_STA_FLAG_MAX + 1];
5585 struct nlattr *nla;
5586 int flag;
5587
5588 /*
5589 * Try parsing the new attribute first so userspace
5590 * can specify both for older kernels.
5591 */
5592 nla = info->attrs[NL80211_ATTR_STA_FLAGS2];
5593 if (nla) {
5594 struct nl80211_sta_flag_update *sta_flags;
5595
5596 sta_flags = nla_data(nla);
5597 params->sta_flags_mask = sta_flags->mask;
5598 params->sta_flags_set = sta_flags->set;
5599 params->sta_flags_set &= params->sta_flags_mask;
5600 if ((params->sta_flags_mask |
5601 params->sta_flags_set) & BIT(__NL80211_STA_FLAG_INVALID))
5602 return -EINVAL;
5603 return 0;
5604 }
5605
5606 /* if present, parse the old attribute */
5607
5608 nla = info->attrs[NL80211_ATTR_STA_FLAGS];
5609 if (!nla)
5610 return 0;
5611
5612 if (nla_parse_nested_deprecated(flags, NL80211_STA_FLAG_MAX, nla, sta_flags_policy, info->extack))
5613 return -EINVAL;
5614
5615 /*
5616 * Only allow certain flags for interface types so that
5617 * other attributes are silently ignored. Remember that
5618 * this is backward compatibility code with old userspace
5619 * and shouldn't be hit in other cases anyway.
5620 */
5621 switch (iftype) {
5622 case NL80211_IFTYPE_AP:
5623 case NL80211_IFTYPE_AP_VLAN:
5624 case NL80211_IFTYPE_P2P_GO:
5625 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
5626 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
5627 BIT(NL80211_STA_FLAG_WME) |
5628 BIT(NL80211_STA_FLAG_MFP);
5629 break;
5630 case NL80211_IFTYPE_P2P_CLIENT:
5631 case NL80211_IFTYPE_STATION:
5632 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
5633 BIT(NL80211_STA_FLAG_TDLS_PEER);
5634 break;
5635 case NL80211_IFTYPE_MESH_POINT:
5636 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHENTICATED) |
5637 BIT(NL80211_STA_FLAG_MFP) |
5638 BIT(NL80211_STA_FLAG_AUTHORIZED);
5639 break;
5640 default:
5641 return -EINVAL;
5642 }
5643
5644 for (flag = 1; flag <= NL80211_STA_FLAG_MAX; flag++) {
5645 if (flags[flag]) {
5646 params->sta_flags_set |= (1<<flag);
5647
5648 /* no longer support new API additions in old API */
5649 if (flag > NL80211_STA_FLAG_MAX_OLD_API)
5650 return -EINVAL;
5651 }
5652 }
5653
5654 return 0;
5655 }
5656
5657 bool nl80211_put_sta_rate(struct sk_buff *msg, struct rate_info *info, int attr)
5658 {
5659 struct nlattr *rate;
5660 u32 bitrate;
5661 u16 bitrate_compat;
5662 enum nl80211_rate_info rate_flg;
5663
5664 rate = nla_nest_start_noflag(msg, attr);
5665 if (!rate)
5666 return false;
5667
5668 /* cfg80211_calculate_bitrate will return 0 for mcs >= 32 */
5669 bitrate = cfg80211_calculate_bitrate(info);
5670 /* report 16-bit bitrate only if we can */
5671 bitrate_compat = bitrate < (1UL << 16) ? bitrate : 0;
5672 if (bitrate > 0 &&
5673 nla_put_u32(msg, NL80211_RATE_INFO_BITRATE32, bitrate))
5674 return false;
5675 if (bitrate_compat > 0 &&
5676 nla_put_u16(msg, NL80211_RATE_INFO_BITRATE, bitrate_compat))
5677 return false;
5678
5679 switch (info->bw) {
5680 case RATE_INFO_BW_5:
5681 rate_flg = NL80211_RATE_INFO_5_MHZ_WIDTH;
5682 break;
5683 case RATE_INFO_BW_10:
5684 rate_flg = NL80211_RATE_INFO_10_MHZ_WIDTH;
5685 break;
5686 default:
5687 WARN_ON(1);
5688 fallthrough;
5689 case RATE_INFO_BW_20:
5690 rate_flg = 0;
5691 break;
5692 case RATE_INFO_BW_40:
5693 rate_flg = NL80211_RATE_INFO_40_MHZ_WIDTH;
5694 break;
5695 case RATE_INFO_BW_80:
5696 rate_flg = NL80211_RATE_INFO_80_MHZ_WIDTH;
5697 break;
5698 case RATE_INFO_BW_160:
5699 rate_flg = NL80211_RATE_INFO_160_MHZ_WIDTH;
5700 break;
5701 case RATE_INFO_BW_HE_RU:
5702 rate_flg = 0;
5703 WARN_ON(!(info->flags & RATE_INFO_FLAGS_HE_MCS));
5704 }
5705
5706 if (rate_flg && nla_put_flag(msg, rate_flg))
5707 return false;
5708
5709 if (info->flags & RATE_INFO_FLAGS_MCS) {
5710 if (nla_put_u8(msg, NL80211_RATE_INFO_MCS, info->mcs))
5711 return false;
5712 if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
5713 nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
5714 return false;
5715 } else if (info->flags & RATE_INFO_FLAGS_VHT_MCS) {
5716 if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_MCS, info->mcs))
5717 return false;
5718 if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_NSS, info->nss))
5719 return false;
5720 if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
5721 nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
5722 return false;
5723 } else if (info->flags & RATE_INFO_FLAGS_HE_MCS) {
5724 if (nla_put_u8(msg, NL80211_RATE_INFO_HE_MCS, info->mcs))
5725 return false;
5726 if (nla_put_u8(msg, NL80211_RATE_INFO_HE_NSS, info->nss))
5727 return false;
5728 if (nla_put_u8(msg, NL80211_RATE_INFO_HE_GI, info->he_gi))
5729 return false;
5730 if (nla_put_u8(msg, NL80211_RATE_INFO_HE_DCM, info->he_dcm))
5731 return false;
5732 if (info->bw == RATE_INFO_BW_HE_RU &&
5733 nla_put_u8(msg, NL80211_RATE_INFO_HE_RU_ALLOC,
5734 info->he_ru_alloc))
5735 return false;
5736 }
5737
5738 nla_nest_end(msg, rate);
5739 return true;
5740 }
5741
5742 static bool nl80211_put_signal(struct sk_buff *msg, u8 mask, s8 *signal,
5743 int id)
5744 {
5745 void *attr;
5746 int i = 0;
5747
5748 if (!mask)
5749 return true;
5750
5751 attr = nla_nest_start_noflag(msg, id);
5752 if (!attr)
5753 return false;
5754
5755 for (i = 0; i < IEEE80211_MAX_CHAINS; i++) {
5756 if (!(mask & BIT(i)))
5757 continue;
5758
5759 if (nla_put_u8(msg, i, signal[i]))
5760 return false;
5761 }
5762
5763 nla_nest_end(msg, attr);
5764
5765 return true;
5766 }
5767
5768 static int nl80211_send_station(struct sk_buff *msg, u32 cmd, u32 portid,
5769 u32 seq, int flags,
5770 struct cfg80211_registered_device *rdev,
5771 struct net_device *dev,
5772 const u8 *mac_addr, struct station_info *sinfo)
5773 {
5774 void *hdr;
5775 struct nlattr *sinfoattr, *bss_param;
5776
5777 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
5778 if (!hdr) {
5779 cfg80211_sinfo_release_content(sinfo);
5780 return -1;
5781 }
5782
5783 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
5784 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
5785 nla_put_u32(msg, NL80211_ATTR_GENERATION, sinfo->generation))
5786 goto nla_put_failure;
5787
5788 sinfoattr = nla_nest_start_noflag(msg, NL80211_ATTR_STA_INFO);
5789 if (!sinfoattr)
5790 goto nla_put_failure;
5791
5792 #define PUT_SINFO(attr, memb, type) do { \
5793 BUILD_BUG_ON(sizeof(type) == sizeof(u64)); \
5794 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_ ## attr) && \
5795 nla_put_ ## type(msg, NL80211_STA_INFO_ ## attr, \
5796 sinfo->memb)) \
5797 goto nla_put_failure; \
5798 } while (0)
5799 #define PUT_SINFO_U64(attr, memb) do { \
5800 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_ ## attr) && \
5801 nla_put_u64_64bit(msg, NL80211_STA_INFO_ ## attr, \
5802 sinfo->memb, NL80211_STA_INFO_PAD)) \
5803 goto nla_put_failure; \
5804 } while (0)
5805
5806 PUT_SINFO(CONNECTED_TIME, connected_time, u32);
5807 PUT_SINFO(INACTIVE_TIME, inactive_time, u32);
5808 PUT_SINFO_U64(ASSOC_AT_BOOTTIME, assoc_at);
5809
5810 if (sinfo->filled & (BIT_ULL(NL80211_STA_INFO_RX_BYTES) |
5811 BIT_ULL(NL80211_STA_INFO_RX_BYTES64)) &&
5812 nla_put_u32(msg, NL80211_STA_INFO_RX_BYTES,
5813 (u32)sinfo->rx_bytes))
5814 goto nla_put_failure;
5815
5816 if (sinfo->filled & (BIT_ULL(NL80211_STA_INFO_TX_BYTES) |
5817 BIT_ULL(NL80211_STA_INFO_TX_BYTES64)) &&
5818 nla_put_u32(msg, NL80211_STA_INFO_TX_BYTES,
5819 (u32)sinfo->tx_bytes))
5820 goto nla_put_failure;
5821
5822 PUT_SINFO_U64(RX_BYTES64, rx_bytes);
5823 PUT_SINFO_U64(TX_BYTES64, tx_bytes);
5824 PUT_SINFO(LLID, llid, u16);
5825 PUT_SINFO(PLID, plid, u16);
5826 PUT_SINFO(PLINK_STATE, plink_state, u8);
5827 PUT_SINFO_U64(RX_DURATION, rx_duration);
5828 PUT_SINFO_U64(TX_DURATION, tx_duration);
5829
5830 if (wiphy_ext_feature_isset(&rdev->wiphy,
5831 NL80211_EXT_FEATURE_AIRTIME_FAIRNESS))
5832 PUT_SINFO(AIRTIME_WEIGHT, airtime_weight, u16);
5833
5834 switch (rdev->wiphy.signal_type) {
5835 case CFG80211_SIGNAL_TYPE_MBM:
5836 PUT_SINFO(SIGNAL, signal, u8);
5837 PUT_SINFO(SIGNAL_AVG, signal_avg, u8);
5838 break;
5839 default:
5840 break;
5841 }
5842 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_CHAIN_SIGNAL)) {
5843 if (!nl80211_put_signal(msg, sinfo->chains,
5844 sinfo->chain_signal,
5845 NL80211_STA_INFO_CHAIN_SIGNAL))
5846 goto nla_put_failure;
5847 }
5848 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_CHAIN_SIGNAL_AVG)) {
5849 if (!nl80211_put_signal(msg, sinfo->chains,
5850 sinfo->chain_signal_avg,
5851 NL80211_STA_INFO_CHAIN_SIGNAL_AVG))
5852 goto nla_put_failure;
5853 }
5854 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_TX_BITRATE)) {
5855 if (!nl80211_put_sta_rate(msg, &sinfo->txrate,
5856 NL80211_STA_INFO_TX_BITRATE))
5857 goto nla_put_failure;
5858 }
5859 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_RX_BITRATE)) {
5860 if (!nl80211_put_sta_rate(msg, &sinfo->rxrate,
5861 NL80211_STA_INFO_RX_BITRATE))
5862 goto nla_put_failure;
5863 }
5864
5865 PUT_SINFO(RX_PACKETS, rx_packets, u32);
5866 PUT_SINFO(TX_PACKETS, tx_packets, u32);
5867 PUT_SINFO(TX_RETRIES, tx_retries, u32);
5868 PUT_SINFO(TX_FAILED, tx_failed, u32);
5869 PUT_SINFO(EXPECTED_THROUGHPUT, expected_throughput, u32);
5870 PUT_SINFO(AIRTIME_LINK_METRIC, airtime_link_metric, u32);
5871 PUT_SINFO(BEACON_LOSS, beacon_loss_count, u32);
5872 PUT_SINFO(LOCAL_PM, local_pm, u32);
5873 PUT_SINFO(PEER_PM, peer_pm, u32);
5874 PUT_SINFO(NONPEER_PM, nonpeer_pm, u32);
5875 PUT_SINFO(CONNECTED_TO_GATE, connected_to_gate, u8);
5876 PUT_SINFO(CONNECTED_TO_AS, connected_to_as, u8);
5877
5878 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_BSS_PARAM)) {
5879 bss_param = nla_nest_start_noflag(msg,
5880 NL80211_STA_INFO_BSS_PARAM);
5881 if (!bss_param)
5882 goto nla_put_failure;
5883
5884 if (((sinfo->bss_param.flags & BSS_PARAM_FLAGS_CTS_PROT) &&
5885 nla_put_flag(msg, NL80211_STA_BSS_PARAM_CTS_PROT)) ||
5886 ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_PREAMBLE) &&
5887 nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_PREAMBLE)) ||
5888 ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_SLOT_TIME) &&
5889 nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_SLOT_TIME)) ||
5890 nla_put_u8(msg, NL80211_STA_BSS_PARAM_DTIM_PERIOD,
5891 sinfo->bss_param.dtim_period) ||
5892 nla_put_u16(msg, NL80211_STA_BSS_PARAM_BEACON_INTERVAL,
5893 sinfo->bss_param.beacon_interval))
5894 goto nla_put_failure;
5895
5896 nla_nest_end(msg, bss_param);
5897 }
5898 if ((sinfo->filled & BIT_ULL(NL80211_STA_INFO_STA_FLAGS)) &&
5899 nla_put(msg, NL80211_STA_INFO_STA_FLAGS,
5900 sizeof(struct nl80211_sta_flag_update),
5901 &sinfo->sta_flags))
5902 goto nla_put_failure;
5903
5904 PUT_SINFO_U64(T_OFFSET, t_offset);
5905 PUT_SINFO_U64(RX_DROP_MISC, rx_dropped_misc);
5906 PUT_SINFO_U64(BEACON_RX, rx_beacon);
5907 PUT_SINFO(BEACON_SIGNAL_AVG, rx_beacon_signal_avg, u8);
5908 PUT_SINFO(RX_MPDUS, rx_mpdu_count, u32);
5909 PUT_SINFO(FCS_ERROR_COUNT, fcs_err_count, u32);
5910 if (wiphy_ext_feature_isset(&rdev->wiphy,
5911 NL80211_EXT_FEATURE_ACK_SIGNAL_SUPPORT)) {
5912 PUT_SINFO(ACK_SIGNAL, ack_signal, u8);
5913 PUT_SINFO(ACK_SIGNAL_AVG, avg_ack_signal, s8);
5914 }
5915
5916 #undef PUT_SINFO
5917 #undef PUT_SINFO_U64
5918
5919 if (sinfo->pertid) {
5920 struct nlattr *tidsattr;
5921 int tid;
5922
5923 tidsattr = nla_nest_start_noflag(msg,
5924 NL80211_STA_INFO_TID_STATS);
5925 if (!tidsattr)
5926 goto nla_put_failure;
5927
5928 for (tid = 0; tid < IEEE80211_NUM_TIDS + 1; tid++) {
5929 struct cfg80211_tid_stats *tidstats;
5930 struct nlattr *tidattr;
5931
5932 tidstats = &sinfo->pertid[tid];
5933
5934 if (!tidstats->filled)
5935 continue;
5936
5937 tidattr = nla_nest_start_noflag(msg, tid + 1);
5938 if (!tidattr)
5939 goto nla_put_failure;
5940
5941 #define PUT_TIDVAL_U64(attr, memb) do { \
5942 if (tidstats->filled & BIT(NL80211_TID_STATS_ ## attr) && \
5943 nla_put_u64_64bit(msg, NL80211_TID_STATS_ ## attr, \
5944 tidstats->memb, NL80211_TID_STATS_PAD)) \
5945 goto nla_put_failure; \
5946 } while (0)
5947
5948 PUT_TIDVAL_U64(RX_MSDU, rx_msdu);
5949 PUT_TIDVAL_U64(TX_MSDU, tx_msdu);
5950 PUT_TIDVAL_U64(TX_MSDU_RETRIES, tx_msdu_retries);
5951 PUT_TIDVAL_U64(TX_MSDU_FAILED, tx_msdu_failed);
5952
5953 #undef PUT_TIDVAL_U64
5954 if ((tidstats->filled &
5955 BIT(NL80211_TID_STATS_TXQ_STATS)) &&
5956 !nl80211_put_txq_stats(msg, &tidstats->txq_stats,
5957 NL80211_TID_STATS_TXQ_STATS))
5958 goto nla_put_failure;
5959
5960 nla_nest_end(msg, tidattr);
5961 }
5962
5963 nla_nest_end(msg, tidsattr);
5964 }
5965
5966 nla_nest_end(msg, sinfoattr);
5967
5968 if (sinfo->assoc_req_ies_len &&
5969 nla_put(msg, NL80211_ATTR_IE, sinfo->assoc_req_ies_len,
5970 sinfo->assoc_req_ies))
5971 goto nla_put_failure;
5972
5973 cfg80211_sinfo_release_content(sinfo);
5974 genlmsg_end(msg, hdr);
5975 return 0;
5976
5977 nla_put_failure:
5978 cfg80211_sinfo_release_content(sinfo);
5979 genlmsg_cancel(msg, hdr);
5980 return -EMSGSIZE;
5981 }
5982
5983 static int nl80211_dump_station(struct sk_buff *skb,
5984 struct netlink_callback *cb)
5985 {
5986 struct station_info sinfo;
5987 struct cfg80211_registered_device *rdev;
5988 struct wireless_dev *wdev;
5989 u8 mac_addr[ETH_ALEN];
5990 int sta_idx = cb->args[2];
5991 int err;
5992
5993 err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev);
5994 if (err)
5995 return err;
5996 /* nl80211_prepare_wdev_dump acquired it in the successful case */
5997 __acquire(&rdev->wiphy.mtx);
5998
5999 if (!wdev->netdev) {
6000 err = -EINVAL;
6001 goto out_err;
6002 }
6003
6004 if (!rdev->ops->dump_station) {
6005 err = -EOPNOTSUPP;
6006 goto out_err;
6007 }
6008
6009 while (1) {
6010 memset(&sinfo, 0, sizeof(sinfo));
6011 err = rdev_dump_station(rdev, wdev->netdev, sta_idx,
6012 mac_addr, &sinfo);
6013 if (err == -ENOENT)
6014 break;
6015 if (err)
6016 goto out_err;
6017
6018 if (nl80211_send_station(skb, NL80211_CMD_NEW_STATION,
6019 NETLINK_CB(cb->skb).portid,
6020 cb->nlh->nlmsg_seq, NLM_F_MULTI,
6021 rdev, wdev->netdev, mac_addr,
6022 &sinfo) < 0)
6023 goto out;
6024
6025 sta_idx++;
6026 }
6027
6028 out:
6029 cb->args[2] = sta_idx;
6030 err = skb->len;
6031 out_err:
6032 wiphy_unlock(&rdev->wiphy);
6033
6034 return err;
6035 }
6036
6037 static int nl80211_get_station(struct sk_buff *skb, struct genl_info *info)
6038 {
6039 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6040 struct net_device *dev = info->user_ptr[1];
6041 struct station_info sinfo;
6042 struct sk_buff *msg;
6043 u8 *mac_addr = NULL;
6044 int err;
6045
6046 memset(&sinfo, 0, sizeof(sinfo));
6047
6048 if (!info->attrs[NL80211_ATTR_MAC])
6049 return -EINVAL;
6050
6051 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
6052
6053 if (!rdev->ops->get_station)
6054 return -EOPNOTSUPP;
6055
6056 err = rdev_get_station(rdev, dev, mac_addr, &sinfo);
6057 if (err)
6058 return err;
6059
6060 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
6061 if (!msg) {
6062 cfg80211_sinfo_release_content(&sinfo);
6063 return -ENOMEM;
6064 }
6065
6066 if (nl80211_send_station(msg, NL80211_CMD_NEW_STATION,
6067 info->snd_portid, info->snd_seq, 0,
6068 rdev, dev, mac_addr, &sinfo) < 0) {
6069 nlmsg_free(msg);
6070 return -ENOBUFS;
6071 }
6072
6073 return genlmsg_reply(msg, info);
6074 }
6075
6076 int cfg80211_check_station_change(struct wiphy *wiphy,
6077 struct station_parameters *params,
6078 enum cfg80211_station_type statype)
6079 {
6080 if (params->listen_interval != -1 &&
6081 statype != CFG80211_STA_AP_CLIENT_UNASSOC)
6082 return -EINVAL;
6083
6084 if (params->support_p2p_ps != -1 &&
6085 statype != CFG80211_STA_AP_CLIENT_UNASSOC)
6086 return -EINVAL;
6087
6088 if (params->aid &&
6089 !(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) &&
6090 statype != CFG80211_STA_AP_CLIENT_UNASSOC)
6091 return -EINVAL;
6092
6093 /* When you run into this, adjust the code below for the new flag */
6094 BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 7);
6095
6096 switch (statype) {
6097 case CFG80211_STA_MESH_PEER_KERNEL:
6098 case CFG80211_STA_MESH_PEER_USER:
6099 /*
6100 * No ignoring the TDLS flag here -- the userspace mesh
6101 * code doesn't have the bug of including TDLS in the
6102 * mask everywhere.
6103 */
6104 if (params->sta_flags_mask &
6105 ~(BIT(NL80211_STA_FLAG_AUTHENTICATED) |
6106 BIT(NL80211_STA_FLAG_MFP) |
6107 BIT(NL80211_STA_FLAG_AUTHORIZED)))
6108 return -EINVAL;
6109 break;
6110 case CFG80211_STA_TDLS_PEER_SETUP:
6111 case CFG80211_STA_TDLS_PEER_ACTIVE:
6112 if (!(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
6113 return -EINVAL;
6114 /* ignore since it can't change */
6115 params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
6116 break;
6117 default:
6118 /* disallow mesh-specific things */
6119 if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION)
6120 return -EINVAL;
6121 if (params->local_pm)
6122 return -EINVAL;
6123 if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE)
6124 return -EINVAL;
6125 }
6126
6127 if (statype != CFG80211_STA_TDLS_PEER_SETUP &&
6128 statype != CFG80211_STA_TDLS_PEER_ACTIVE) {
6129 /* TDLS can't be set, ... */
6130 if (params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))
6131 return -EINVAL;
6132 /*
6133 * ... but don't bother the driver with it. This works around
6134 * a hostapd/wpa_supplicant issue -- it always includes the
6135 * TLDS_PEER flag in the mask even for AP mode.
6136 */
6137 params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
6138 }
6139
6140 if (statype != CFG80211_STA_TDLS_PEER_SETUP &&
6141 statype != CFG80211_STA_AP_CLIENT_UNASSOC) {
6142 /* reject other things that can't change */
6143 if (params->sta_modify_mask & STATION_PARAM_APPLY_UAPSD)
6144 return -EINVAL;
6145 if (params->sta_modify_mask & STATION_PARAM_APPLY_CAPABILITY)
6146 return -EINVAL;
6147 if (params->supported_rates)
6148 return -EINVAL;
6149 if (params->ext_capab || params->ht_capa || params->vht_capa ||
6150 params->he_capa)
6151 return -EINVAL;
6152 }
6153
6154 if (statype != CFG80211_STA_AP_CLIENT &&
6155 statype != CFG80211_STA_AP_CLIENT_UNASSOC) {
6156 if (params->vlan)
6157 return -EINVAL;
6158 }
6159
6160 switch (statype) {
6161 case CFG80211_STA_AP_MLME_CLIENT:
6162 /* Use this only for authorizing/unauthorizing a station */
6163 if (!(params->sta_flags_mask & BIT(NL80211_STA_FLAG_AUTHORIZED)))
6164 return -EOPNOTSUPP;
6165 break;
6166 case CFG80211_STA_AP_CLIENT:
6167 case CFG80211_STA_AP_CLIENT_UNASSOC:
6168 /* accept only the listed bits */
6169 if (params->sta_flags_mask &
6170 ~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
6171 BIT(NL80211_STA_FLAG_AUTHENTICATED) |
6172 BIT(NL80211_STA_FLAG_ASSOCIATED) |
6173 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
6174 BIT(NL80211_STA_FLAG_WME) |
6175 BIT(NL80211_STA_FLAG_MFP)))
6176 return -EINVAL;
6177
6178 /* but authenticated/associated only if driver handles it */
6179 if (!(wiphy->features & NL80211_FEATURE_FULL_AP_CLIENT_STATE) &&
6180 params->sta_flags_mask &
6181 (BIT(NL80211_STA_FLAG_AUTHENTICATED) |
6182 BIT(NL80211_STA_FLAG_ASSOCIATED)))
6183 return -EINVAL;
6184 break;
6185 case CFG80211_STA_IBSS:
6186 case CFG80211_STA_AP_STA:
6187 /* reject any changes other than AUTHORIZED */
6188 if (params->sta_flags_mask & ~BIT(NL80211_STA_FLAG_AUTHORIZED))
6189 return -EINVAL;
6190 break;
6191 case CFG80211_STA_TDLS_PEER_SETUP:
6192 /* reject any changes other than AUTHORIZED or WME */
6193 if (params->sta_flags_mask & ~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
6194 BIT(NL80211_STA_FLAG_WME)))
6195 return -EINVAL;
6196 /* force (at least) rates when authorizing */
6197 if (params->sta_flags_set & BIT(NL80211_STA_FLAG_AUTHORIZED) &&
6198 !params->supported_rates)
6199 return -EINVAL;
6200 break;
6201 case CFG80211_STA_TDLS_PEER_ACTIVE:
6202 /* reject any changes */
6203 return -EINVAL;
6204 case CFG80211_STA_MESH_PEER_KERNEL:
6205 if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE)
6206 return -EINVAL;
6207 break;
6208 case CFG80211_STA_MESH_PEER_USER:
6209 if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION &&
6210 params->plink_action != NL80211_PLINK_ACTION_BLOCK)
6211 return -EINVAL;
6212 break;
6213 }
6214
6215 /*
6216 * Older kernel versions ignored this attribute entirely, so don't
6217 * reject attempts to update it but mark it as unused instead so the
6218 * driver won't look at the data.
6219 */
6220 if (statype != CFG80211_STA_AP_CLIENT_UNASSOC &&
6221 statype != CFG80211_STA_TDLS_PEER_SETUP)
6222 params->opmode_notif_used = false;
6223
6224 return 0;
6225 }
6226 EXPORT_SYMBOL(cfg80211_check_station_change);
6227
6228 /*
6229 * Get vlan interface making sure it is running and on the right wiphy.
6230 */
6231 static struct net_device *get_vlan(struct genl_info *info,
6232 struct cfg80211_registered_device *rdev)
6233 {
6234 struct nlattr *vlanattr = info->attrs[NL80211_ATTR_STA_VLAN];
6235 struct net_device *v;
6236 int ret;
6237
6238 if (!vlanattr)
6239 return NULL;
6240
6241 v = dev_get_by_index(genl_info_net(info), nla_get_u32(vlanattr));
6242 if (!v)
6243 return ERR_PTR(-ENODEV);
6244
6245 if (!v->ieee80211_ptr || v->ieee80211_ptr->wiphy != &rdev->wiphy) {
6246 ret = -EINVAL;
6247 goto error;
6248 }
6249
6250 if (v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
6251 v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
6252 v->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) {
6253 ret = -EINVAL;
6254 goto error;
6255 }
6256
6257 if (!netif_running(v)) {
6258 ret = -ENETDOWN;
6259 goto error;
6260 }
6261
6262 return v;
6263 error:
6264 dev_put(v);
6265 return ERR_PTR(ret);
6266 }
6267
6268 static const struct nla_policy
6269 nl80211_sta_wme_policy[NL80211_STA_WME_MAX + 1] = {
6270 [NL80211_STA_WME_UAPSD_QUEUES] = { .type = NLA_U8 },
6271 [NL80211_STA_WME_MAX_SP] = { .type = NLA_U8 },
6272 };
6273
6274 static int nl80211_parse_sta_wme(struct genl_info *info,
6275 struct station_parameters *params)
6276 {
6277 struct nlattr *tb[NL80211_STA_WME_MAX + 1];
6278 struct nlattr *nla;
6279 int err;
6280
6281 /* parse WME attributes if present */
6282 if (!info->attrs[NL80211_ATTR_STA_WME])
6283 return 0;
6284
6285 nla = info->attrs[NL80211_ATTR_STA_WME];
6286 err = nla_parse_nested_deprecated(tb, NL80211_STA_WME_MAX, nla,
6287 nl80211_sta_wme_policy,
6288 info->extack);
6289 if (err)
6290 return err;
6291
6292 if (tb[NL80211_STA_WME_UAPSD_QUEUES])
6293 params->uapsd_queues = nla_get_u8(
6294 tb[NL80211_STA_WME_UAPSD_QUEUES]);
6295 if (params->uapsd_queues & ~IEEE80211_WMM_IE_STA_QOSINFO_AC_MASK)
6296 return -EINVAL;
6297
6298 if (tb[NL80211_STA_WME_MAX_SP])
6299 params->max_sp = nla_get_u8(tb[NL80211_STA_WME_MAX_SP]);
6300
6301 if (params->max_sp & ~IEEE80211_WMM_IE_STA_QOSINFO_SP_MASK)
6302 return -EINVAL;
6303
6304 params->sta_modify_mask |= STATION_PARAM_APPLY_UAPSD;
6305
6306 return 0;
6307 }
6308
6309 static int nl80211_parse_sta_channel_info(struct genl_info *info,
6310 struct station_parameters *params)
6311 {
6312 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]) {
6313 params->supported_channels =
6314 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]);
6315 params->supported_channels_len =
6316 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]);
6317 /*
6318 * Need to include at least one (first channel, number of
6319 * channels) tuple for each subband (checked in policy),
6320 * and must have proper tuples for the rest of the data as well.
6321 */
6322 if (params->supported_channels_len % 2)
6323 return -EINVAL;
6324 }
6325
6326 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]) {
6327 params->supported_oper_classes =
6328 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]);
6329 params->supported_oper_classes_len =
6330 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]);
6331 }
6332 return 0;
6333 }
6334
6335 static int nl80211_set_station_tdls(struct genl_info *info,
6336 struct station_parameters *params)
6337 {
6338 int err;
6339 /* Dummy STA entry gets updated once the peer capabilities are known */
6340 if (info->attrs[NL80211_ATTR_PEER_AID])
6341 params->aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
6342 if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
6343 params->ht_capa =
6344 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
6345 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
6346 params->vht_capa =
6347 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
6348 if (info->attrs[NL80211_ATTR_HE_CAPABILITY]) {
6349 params->he_capa =
6350 nla_data(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
6351 params->he_capa_len =
6352 nla_len(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
6353 }
6354
6355 err = nl80211_parse_sta_channel_info(info, params);
6356 if (err)
6357 return err;
6358
6359 return nl80211_parse_sta_wme(info, params);
6360 }
6361
6362 static int nl80211_parse_sta_txpower_setting(struct genl_info *info,
6363 struct station_parameters *params)
6364 {
6365 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6366 int idx;
6367
6368 if (info->attrs[NL80211_ATTR_STA_TX_POWER_SETTING]) {
6369 if (!rdev->ops->set_tx_power ||
6370 !wiphy_ext_feature_isset(&rdev->wiphy,
6371 NL80211_EXT_FEATURE_STA_TX_PWR))
6372 return -EOPNOTSUPP;
6373
6374 idx = NL80211_ATTR_STA_TX_POWER_SETTING;
6375 params->txpwr.type = nla_get_u8(info->attrs[idx]);
6376
6377 if (params->txpwr.type == NL80211_TX_POWER_LIMITED) {
6378 idx = NL80211_ATTR_STA_TX_POWER;
6379
6380 if (info->attrs[idx])
6381 params->txpwr.power =
6382 nla_get_s16(info->attrs[idx]);
6383 else
6384 return -EINVAL;
6385 }
6386 params->sta_modify_mask |= STATION_PARAM_APPLY_STA_TXPOWER;
6387 }
6388
6389 return 0;
6390 }
6391
6392 static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info)
6393 {
6394 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6395 struct net_device *dev = info->user_ptr[1];
6396 struct station_parameters params;
6397 u8 *mac_addr;
6398 int err;
6399
6400 memset(&params, 0, sizeof(params));
6401
6402 if (!rdev->ops->change_station)
6403 return -EOPNOTSUPP;
6404
6405 /*
6406 * AID and listen_interval properties can be set only for unassociated
6407 * station. Include these parameters here and will check them in
6408 * cfg80211_check_station_change().
6409 */
6410 if (info->attrs[NL80211_ATTR_STA_AID])
6411 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
6412
6413 if (info->attrs[NL80211_ATTR_VLAN_ID])
6414 params.vlan_id = nla_get_u16(info->attrs[NL80211_ATTR_VLAN_ID]);
6415
6416 if (info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
6417 params.listen_interval =
6418 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
6419 else
6420 params.listen_interval = -1;
6421
6422 if (info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS])
6423 params.support_p2p_ps =
6424 nla_get_u8(info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]);
6425 else
6426 params.support_p2p_ps = -1;
6427
6428 if (!info->attrs[NL80211_ATTR_MAC])
6429 return -EINVAL;
6430
6431 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
6432
6433 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) {
6434 params.supported_rates =
6435 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
6436 params.supported_rates_len =
6437 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
6438 }
6439
6440 if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
6441 params.capability =
6442 nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]);
6443 params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY;
6444 }
6445
6446 if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) {
6447 params.ext_capab =
6448 nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
6449 params.ext_capab_len =
6450 nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
6451 }
6452
6453 if (parse_station_flags(info, dev->ieee80211_ptr->iftype, &params))
6454 return -EINVAL;
6455
6456 if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION])
6457 params.plink_action =
6458 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
6459
6460 if (info->attrs[NL80211_ATTR_STA_PLINK_STATE]) {
6461 params.plink_state =
6462 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_STATE]);
6463 if (info->attrs[NL80211_ATTR_MESH_PEER_AID])
6464 params.peer_aid = nla_get_u16(
6465 info->attrs[NL80211_ATTR_MESH_PEER_AID]);
6466 params.sta_modify_mask |= STATION_PARAM_APPLY_PLINK_STATE;
6467 }
6468
6469 if (info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE])
6470 params.local_pm = nla_get_u32(
6471 info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE]);
6472
6473 if (info->attrs[NL80211_ATTR_OPMODE_NOTIF]) {
6474 params.opmode_notif_used = true;
6475 params.opmode_notif =
6476 nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]);
6477 }
6478
6479 if (info->attrs[NL80211_ATTR_HE_6GHZ_CAPABILITY])
6480 params.he_6ghz_capa =
6481 nla_data(info->attrs[NL80211_ATTR_HE_6GHZ_CAPABILITY]);
6482
6483 if (info->attrs[NL80211_ATTR_AIRTIME_WEIGHT])
6484 params.airtime_weight =
6485 nla_get_u16(info->attrs[NL80211_ATTR_AIRTIME_WEIGHT]);
6486
6487 if (params.airtime_weight &&
6488 !wiphy_ext_feature_isset(&rdev->wiphy,
6489 NL80211_EXT_FEATURE_AIRTIME_FAIRNESS))
6490 return -EOPNOTSUPP;
6491
6492 err = nl80211_parse_sta_txpower_setting(info, &params);
6493 if (err)
6494 return err;
6495
6496 /* Include parameters for TDLS peer (will check later) */
6497 err = nl80211_set_station_tdls(info, &params);
6498 if (err)
6499 return err;
6500
6501 params.vlan = get_vlan(info, rdev);
6502 if (IS_ERR(params.vlan))
6503 return PTR_ERR(params.vlan);
6504
6505 switch (dev->ieee80211_ptr->iftype) {
6506 case NL80211_IFTYPE_AP:
6507 case NL80211_IFTYPE_AP_VLAN:
6508 case NL80211_IFTYPE_P2P_GO:
6509 case NL80211_IFTYPE_P2P_CLIENT:
6510 case NL80211_IFTYPE_STATION:
6511 case NL80211_IFTYPE_ADHOC:
6512 case NL80211_IFTYPE_MESH_POINT:
6513 break;
6514 default:
6515 err = -EOPNOTSUPP;
6516 goto out_put_vlan;
6517 }
6518
6519 /* driver will call cfg80211_check_station_change() */
6520 err = rdev_change_station(rdev, dev, mac_addr, &params);
6521
6522 out_put_vlan:
6523 if (params.vlan)
6524 dev_put(params.vlan);
6525
6526 return err;
6527 }
6528
6529 static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info)
6530 {
6531 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6532 int err;
6533 struct net_device *dev = info->user_ptr[1];
6534 struct station_parameters params;
6535 u8 *mac_addr = NULL;
6536 u32 auth_assoc = BIT(NL80211_STA_FLAG_AUTHENTICATED) |
6537 BIT(NL80211_STA_FLAG_ASSOCIATED);
6538
6539 memset(&params, 0, sizeof(params));
6540
6541 if (!rdev->ops->add_station)
6542 return -EOPNOTSUPP;
6543
6544 if (!info->attrs[NL80211_ATTR_MAC])
6545 return -EINVAL;
6546
6547 if (!info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
6548 return -EINVAL;
6549
6550 if (!info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES])
6551 return -EINVAL;
6552
6553 if (!info->attrs[NL80211_ATTR_STA_AID] &&
6554 !info->attrs[NL80211_ATTR_PEER_AID])
6555 return -EINVAL;
6556
6557 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
6558 params.supported_rates =
6559 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
6560 params.supported_rates_len =
6561 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
6562 params.listen_interval =
6563 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
6564
6565 if (info->attrs[NL80211_ATTR_VLAN_ID])
6566 params.vlan_id = nla_get_u16(info->attrs[NL80211_ATTR_VLAN_ID]);
6567
6568 if (info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]) {
6569 params.support_p2p_ps =
6570 nla_get_u8(info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]);
6571 } else {
6572 /*
6573 * if not specified, assume it's supported for P2P GO interface,
6574 * and is NOT supported for AP interface
6575 */
6576 params.support_p2p_ps =
6577 dev->ieee80211_ptr->iftype == NL80211_IFTYPE_P2P_GO;
6578 }
6579
6580 if (info->attrs[NL80211_ATTR_PEER_AID])
6581 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
6582 else
6583 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
6584
6585 if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
6586 params.capability =
6587 nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]);
6588 params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY;
6589 }
6590
6591 if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) {
6592 params.ext_capab =
6593 nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
6594 params.ext_capab_len =
6595 nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
6596 }
6597
6598 if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
6599 params.ht_capa =
6600 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
6601
6602 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
6603 params.vht_capa =
6604 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
6605
6606 if (info->attrs[NL80211_ATTR_HE_CAPABILITY]) {
6607 params.he_capa =
6608 nla_data(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
6609 params.he_capa_len =
6610 nla_len(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
6611 }
6612
6613 if (info->attrs[NL80211_ATTR_HE_6GHZ_CAPABILITY])
6614 params.he_6ghz_capa =
6615 nla_data(info->attrs[NL80211_ATTR_HE_6GHZ_CAPABILITY]);
6616
6617 if (info->attrs[NL80211_ATTR_OPMODE_NOTIF]) {
6618 params.opmode_notif_used = true;
6619 params.opmode_notif =
6620 nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]);
6621 }
6622
6623 if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION])
6624 params.plink_action =
6625 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
6626
6627 if (info->attrs[NL80211_ATTR_AIRTIME_WEIGHT])
6628 params.airtime_weight =
6629 nla_get_u16(info->attrs[NL80211_ATTR_AIRTIME_WEIGHT]);
6630
6631 if (params.airtime_weight &&
6632 !wiphy_ext_feature_isset(&rdev->wiphy,
6633 NL80211_EXT_FEATURE_AIRTIME_FAIRNESS))
6634 return -EOPNOTSUPP;
6635
6636 err = nl80211_parse_sta_txpower_setting(info, &params);
6637 if (err)
6638 return err;
6639
6640 err = nl80211_parse_sta_channel_info(info, &params);
6641 if (err)
6642 return err;
6643
6644 err = nl80211_parse_sta_wme(info, &params);
6645 if (err)
6646 return err;
6647
6648 if (parse_station_flags(info, dev->ieee80211_ptr->iftype, &params))
6649 return -EINVAL;
6650
6651 /* HT/VHT requires QoS, but if we don't have that just ignore HT/VHT
6652 * as userspace might just pass through the capabilities from the IEs
6653 * directly, rather than enforcing this restriction and returning an
6654 * error in this case.
6655 */
6656 if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_WME))) {
6657 params.ht_capa = NULL;
6658 params.vht_capa = NULL;
6659
6660 /* HE requires WME */
6661 if (params.he_capa_len || params.he_6ghz_capa)
6662 return -EINVAL;
6663 }
6664
6665 /* Ensure that HT/VHT capabilities are not set for 6 GHz HE STA */
6666 if (params.he_6ghz_capa && (params.ht_capa || params.vht_capa))
6667 return -EINVAL;
6668
6669 /* When you run into this, adjust the code below for the new flag */
6670 BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 7);
6671
6672 switch (dev->ieee80211_ptr->iftype) {
6673 case NL80211_IFTYPE_AP:
6674 case NL80211_IFTYPE_AP_VLAN:
6675 case NL80211_IFTYPE_P2P_GO:
6676 /* ignore WME attributes if iface/sta is not capable */
6677 if (!(rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) ||
6678 !(params.sta_flags_set & BIT(NL80211_STA_FLAG_WME)))
6679 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
6680
6681 /* TDLS peers cannot be added */
6682 if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) ||
6683 info->attrs[NL80211_ATTR_PEER_AID])
6684 return -EINVAL;
6685 /* but don't bother the driver with it */
6686 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
6687
6688 /* allow authenticated/associated only if driver handles it */
6689 if (!(rdev->wiphy.features &
6690 NL80211_FEATURE_FULL_AP_CLIENT_STATE) &&
6691 params.sta_flags_mask & auth_assoc)
6692 return -EINVAL;
6693
6694 /* Older userspace, or userspace wanting to be compatible with
6695 * !NL80211_FEATURE_FULL_AP_CLIENT_STATE, will not set the auth
6696 * and assoc flags in the mask, but assumes the station will be
6697 * added as associated anyway since this was the required driver
6698 * behaviour before NL80211_FEATURE_FULL_AP_CLIENT_STATE was
6699 * introduced.
6700 * In order to not bother drivers with this quirk in the API
6701 * set the flags in both the mask and set for new stations in
6702 * this case.
6703 */
6704 if (!(params.sta_flags_mask & auth_assoc)) {
6705 params.sta_flags_mask |= auth_assoc;
6706 params.sta_flags_set |= auth_assoc;
6707 }
6708
6709 /* must be last in here for error handling */
6710 params.vlan = get_vlan(info, rdev);
6711 if (IS_ERR(params.vlan))
6712 return PTR_ERR(params.vlan);
6713 break;
6714 case NL80211_IFTYPE_MESH_POINT:
6715 /* ignore uAPSD data */
6716 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
6717
6718 /* associated is disallowed */
6719 if (params.sta_flags_mask & BIT(NL80211_STA_FLAG_ASSOCIATED))
6720 return -EINVAL;
6721 /* TDLS peers cannot be added */
6722 if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) ||
6723 info->attrs[NL80211_ATTR_PEER_AID])
6724 return -EINVAL;
6725 break;
6726 case NL80211_IFTYPE_STATION:
6727 case NL80211_IFTYPE_P2P_CLIENT:
6728 /* ignore uAPSD data */
6729 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
6730
6731 /* these are disallowed */
6732 if (params.sta_flags_mask &
6733 (BIT(NL80211_STA_FLAG_ASSOCIATED) |
6734 BIT(NL80211_STA_FLAG_AUTHENTICATED)))
6735 return -EINVAL;
6736 /* Only TDLS peers can be added */
6737 if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
6738 return -EINVAL;
6739 /* Can only add if TDLS ... */
6740 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS))
6741 return -EOPNOTSUPP;
6742 /* ... with external setup is supported */
6743 if (!(rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP))
6744 return -EOPNOTSUPP;
6745 /*
6746 * Older wpa_supplicant versions always mark the TDLS peer
6747 * as authorized, but it shouldn't yet be.
6748 */
6749 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_AUTHORIZED);
6750 break;
6751 default:
6752 return -EOPNOTSUPP;
6753 }
6754
6755 /* be aware of params.vlan when changing code here */
6756
6757 err = rdev_add_station(rdev, dev, mac_addr, &params);
6758
6759 if (params.vlan)
6760 dev_put(params.vlan);
6761 return err;
6762 }
6763
6764 static int nl80211_del_station(struct sk_buff *skb, struct genl_info *info)
6765 {
6766 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6767 struct net_device *dev = info->user_ptr[1];
6768 struct station_del_parameters params;
6769
6770 memset(&params, 0, sizeof(params));
6771
6772 if (info->attrs[NL80211_ATTR_MAC])
6773 params.mac = nla_data(info->attrs[NL80211_ATTR_MAC]);
6774
6775 switch (dev->ieee80211_ptr->iftype) {
6776 case NL80211_IFTYPE_AP:
6777 case NL80211_IFTYPE_AP_VLAN:
6778 case NL80211_IFTYPE_MESH_POINT:
6779 case NL80211_IFTYPE_P2P_GO:
6780 /* always accept these */
6781 break;
6782 case NL80211_IFTYPE_ADHOC:
6783 /* conditionally accept */
6784 if (wiphy_ext_feature_isset(&rdev->wiphy,
6785 NL80211_EXT_FEATURE_DEL_IBSS_STA))
6786 break;
6787 return -EINVAL;
6788 default:
6789 return -EINVAL;
6790 }
6791
6792 if (!rdev->ops->del_station)
6793 return -EOPNOTSUPP;
6794
6795 if (info->attrs[NL80211_ATTR_MGMT_SUBTYPE]) {
6796 params.subtype =
6797 nla_get_u8(info->attrs[NL80211_ATTR_MGMT_SUBTYPE]);
6798 if (params.subtype != IEEE80211_STYPE_DISASSOC >> 4 &&
6799 params.subtype != IEEE80211_STYPE_DEAUTH >> 4)
6800 return -EINVAL;
6801 } else {
6802 /* Default to Deauthentication frame */
6803 params.subtype = IEEE80211_STYPE_DEAUTH >> 4;
6804 }
6805
6806 if (info->attrs[NL80211_ATTR_REASON_CODE]) {
6807 params.reason_code =
6808 nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
6809 if (params.reason_code == 0)
6810 return -EINVAL; /* 0 is reserved */
6811 } else {
6812 /* Default to reason code 2 */
6813 params.reason_code = WLAN_REASON_PREV_AUTH_NOT_VALID;
6814 }
6815
6816 return rdev_del_station(rdev, dev, &params);
6817 }
6818
6819 static int nl80211_send_mpath(struct sk_buff *msg, u32 portid, u32 seq,
6820 int flags, struct net_device *dev,
6821 u8 *dst, u8 *next_hop,
6822 struct mpath_info *pinfo)
6823 {
6824 void *hdr;
6825 struct nlattr *pinfoattr;
6826
6827 hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_MPATH);
6828 if (!hdr)
6829 return -1;
6830
6831 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
6832 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, dst) ||
6833 nla_put(msg, NL80211_ATTR_MPATH_NEXT_HOP, ETH_ALEN, next_hop) ||
6834 nla_put_u32(msg, NL80211_ATTR_GENERATION, pinfo->generation))
6835 goto nla_put_failure;
6836
6837 pinfoattr = nla_nest_start_noflag(msg, NL80211_ATTR_MPATH_INFO);
6838 if (!pinfoattr)
6839 goto nla_put_failure;
6840 if ((pinfo->filled & MPATH_INFO_FRAME_QLEN) &&
6841 nla_put_u32(msg, NL80211_MPATH_INFO_FRAME_QLEN,
6842 pinfo->frame_qlen))
6843 goto nla_put_failure;
6844 if (((pinfo->filled & MPATH_INFO_SN) &&
6845 nla_put_u32(msg, NL80211_MPATH_INFO_SN, pinfo->sn)) ||
6846 ((pinfo->filled & MPATH_INFO_METRIC) &&
6847 nla_put_u32(msg, NL80211_MPATH_INFO_METRIC,
6848 pinfo->metric)) ||
6849 ((pinfo->filled & MPATH_INFO_EXPTIME) &&
6850 nla_put_u32(msg, NL80211_MPATH_INFO_EXPTIME,
6851 pinfo->exptime)) ||
6852 ((pinfo->filled & MPATH_INFO_FLAGS) &&
6853 nla_put_u8(msg, NL80211_MPATH_INFO_FLAGS,
6854 pinfo->flags)) ||
6855 ((pinfo->filled & MPATH_INFO_DISCOVERY_TIMEOUT) &&
6856 nla_put_u32(msg, NL80211_MPATH_INFO_DISCOVERY_TIMEOUT,
6857 pinfo->discovery_timeout)) ||
6858 ((pinfo->filled & MPATH_INFO_DISCOVERY_RETRIES) &&
6859 nla_put_u8(msg, NL80211_MPATH_INFO_DISCOVERY_RETRIES,
6860 pinfo->discovery_retries)) ||
6861 ((pinfo->filled & MPATH_INFO_HOP_COUNT) &&
6862 nla_put_u8(msg, NL80211_MPATH_INFO_HOP_COUNT,
6863 pinfo->hop_count)) ||
6864 ((pinfo->filled & MPATH_INFO_PATH_CHANGE) &&
6865 nla_put_u32(msg, NL80211_MPATH_INFO_PATH_CHANGE,
6866 pinfo->path_change_count)))
6867 goto nla_put_failure;
6868
6869 nla_nest_end(msg, pinfoattr);
6870
6871 genlmsg_end(msg, hdr);
6872 return 0;
6873
6874 nla_put_failure:
6875 genlmsg_cancel(msg, hdr);
6876 return -EMSGSIZE;
6877 }
6878
6879 static int nl80211_dump_mpath(struct sk_buff *skb,
6880 struct netlink_callback *cb)
6881 {
6882 struct mpath_info pinfo;
6883 struct cfg80211_registered_device *rdev;
6884 struct wireless_dev *wdev;
6885 u8 dst[ETH_ALEN];
6886 u8 next_hop[ETH_ALEN];
6887 int path_idx = cb->args[2];
6888 int err;
6889
6890 err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev);
6891 if (err)
6892 return err;
6893 /* nl80211_prepare_wdev_dump acquired it in the successful case */
6894 __acquire(&rdev->wiphy.mtx);
6895
6896 if (!rdev->ops->dump_mpath) {
6897 err = -EOPNOTSUPP;
6898 goto out_err;
6899 }
6900
6901 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) {
6902 err = -EOPNOTSUPP;
6903 goto out_err;
6904 }
6905
6906 while (1) {
6907 err = rdev_dump_mpath(rdev, wdev->netdev, path_idx, dst,
6908 next_hop, &pinfo);
6909 if (err == -ENOENT)
6910 break;
6911 if (err)
6912 goto out_err;
6913
6914 if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid,
6915 cb->nlh->nlmsg_seq, NLM_F_MULTI,
6916 wdev->netdev, dst, next_hop,
6917 &pinfo) < 0)
6918 goto out;
6919
6920 path_idx++;
6921 }
6922
6923 out:
6924 cb->args[2] = path_idx;
6925 err = skb->len;
6926 out_err:
6927 wiphy_unlock(&rdev->wiphy);
6928 return err;
6929 }
6930
6931 static int nl80211_get_mpath(struct sk_buff *skb, struct genl_info *info)
6932 {
6933 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6934 int err;
6935 struct net_device *dev = info->user_ptr[1];
6936 struct mpath_info pinfo;
6937 struct sk_buff *msg;
6938 u8 *dst = NULL;
6939 u8 next_hop[ETH_ALEN];
6940
6941 memset(&pinfo, 0, sizeof(pinfo));
6942
6943 if (!info->attrs[NL80211_ATTR_MAC])
6944 return -EINVAL;
6945
6946 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
6947
6948 if (!rdev->ops->get_mpath)
6949 return -EOPNOTSUPP;
6950
6951 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
6952 return -EOPNOTSUPP;
6953
6954 err = rdev_get_mpath(rdev, dev, dst, next_hop, &pinfo);
6955 if (err)
6956 return err;
6957
6958 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
6959 if (!msg)
6960 return -ENOMEM;
6961
6962 if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0,
6963 dev, dst, next_hop, &pinfo) < 0) {
6964 nlmsg_free(msg);
6965 return -ENOBUFS;
6966 }
6967
6968 return genlmsg_reply(msg, info);
6969 }
6970
6971 static int nl80211_set_mpath(struct sk_buff *skb, struct genl_info *info)
6972 {
6973 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6974 struct net_device *dev = info->user_ptr[1];
6975 u8 *dst = NULL;
6976 u8 *next_hop = NULL;
6977
6978 if (!info->attrs[NL80211_ATTR_MAC])
6979 return -EINVAL;
6980
6981 if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
6982 return -EINVAL;
6983
6984 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
6985 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
6986
6987 if (!rdev->ops->change_mpath)
6988 return -EOPNOTSUPP;
6989
6990 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
6991 return -EOPNOTSUPP;
6992
6993 return rdev_change_mpath(rdev, dev, dst, next_hop);
6994 }
6995
6996 static int nl80211_new_mpath(struct sk_buff *skb, struct genl_info *info)
6997 {
6998 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6999 struct net_device *dev = info->user_ptr[1];
7000 u8 *dst = NULL;
7001 u8 *next_hop = NULL;
7002
7003 if (!info->attrs[NL80211_ATTR_MAC])
7004 return -EINVAL;
7005
7006 if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
7007 return -EINVAL;
7008
7009 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
7010 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
7011
7012 if (!rdev->ops->add_mpath)
7013 return -EOPNOTSUPP;
7014
7015 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
7016 return -EOPNOTSUPP;
7017
7018 return rdev_add_mpath(rdev, dev, dst, next_hop);
7019 }
7020
7021 static int nl80211_del_mpath(struct sk_buff *skb, struct genl_info *info)
7022 {
7023 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7024 struct net_device *dev = info->user_ptr[1];
7025 u8 *dst = NULL;
7026
7027 if (info->attrs[NL80211_ATTR_MAC])
7028 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
7029
7030 if (!rdev->ops->del_mpath)
7031 return -EOPNOTSUPP;
7032
7033 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
7034 return -EOPNOTSUPP;
7035
7036 return rdev_del_mpath(rdev, dev, dst);
7037 }
7038
7039 static int nl80211_get_mpp(struct sk_buff *skb, struct genl_info *info)
7040 {
7041 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7042 int err;
7043 struct net_device *dev = info->user_ptr[1];
7044 struct mpath_info pinfo;
7045 struct sk_buff *msg;
7046 u8 *dst = NULL;
7047 u8 mpp[ETH_ALEN];
7048
7049 memset(&pinfo, 0, sizeof(pinfo));
7050
7051 if (!info->attrs[NL80211_ATTR_MAC])
7052 return -EINVAL;
7053
7054 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
7055
7056 if (!rdev->ops->get_mpp)
7057 return -EOPNOTSUPP;
7058
7059 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
7060 return -EOPNOTSUPP;
7061
7062 err = rdev_get_mpp(rdev, dev, dst, mpp, &pinfo);
7063 if (err)
7064 return err;
7065
7066 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
7067 if (!msg)
7068 return -ENOMEM;
7069
7070 if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0,
7071 dev, dst, mpp, &pinfo) < 0) {
7072 nlmsg_free(msg);
7073 return -ENOBUFS;
7074 }
7075
7076 return genlmsg_reply(msg, info);
7077 }
7078
7079 static int nl80211_dump_mpp(struct sk_buff *skb,
7080 struct netlink_callback *cb)
7081 {
7082 struct mpath_info pinfo;
7083 struct cfg80211_registered_device *rdev;
7084 struct wireless_dev *wdev;
7085 u8 dst[ETH_ALEN];
7086 u8 mpp[ETH_ALEN];
7087 int path_idx = cb->args[2];
7088 int err;
7089
7090 err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev);
7091 if (err)
7092 return err;
7093 /* nl80211_prepare_wdev_dump acquired it in the successful case */
7094 __acquire(&rdev->wiphy.mtx);
7095
7096 if (!rdev->ops->dump_mpp) {
7097 err = -EOPNOTSUPP;
7098 goto out_err;
7099 }
7100
7101 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) {
7102 err = -EOPNOTSUPP;
7103 goto out_err;
7104 }
7105
7106 while (1) {
7107 err = rdev_dump_mpp(rdev, wdev->netdev, path_idx, dst,
7108 mpp, &pinfo);
7109 if (err == -ENOENT)
7110 break;
7111 if (err)
7112 goto out_err;
7113
7114 if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid,
7115 cb->nlh->nlmsg_seq, NLM_F_MULTI,
7116 wdev->netdev, dst, mpp,
7117 &pinfo) < 0)
7118 goto out;
7119
7120 path_idx++;
7121 }
7122
7123 out:
7124 cb->args[2] = path_idx;
7125 err = skb->len;
7126 out_err:
7127 wiphy_unlock(&rdev->wiphy);
7128 return err;
7129 }
7130
7131 static int nl80211_set_bss(struct sk_buff *skb, struct genl_info *info)
7132 {
7133 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7134 struct net_device *dev = info->user_ptr[1];
7135 struct wireless_dev *wdev = dev->ieee80211_ptr;
7136 struct bss_parameters params;
7137 int err;
7138
7139 memset(&params, 0, sizeof(params));
7140 /* default to not changing parameters */
7141 params.use_cts_prot = -1;
7142 params.use_short_preamble = -1;
7143 params.use_short_slot_time = -1;
7144 params.ap_isolate = -1;
7145 params.ht_opmode = -1;
7146 params.p2p_ctwindow = -1;
7147 params.p2p_opp_ps = -1;
7148
7149 if (info->attrs[NL80211_ATTR_BSS_CTS_PROT])
7150 params.use_cts_prot =
7151 nla_get_u8(info->attrs[NL80211_ATTR_BSS_CTS_PROT]);
7152 if (info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE])
7153 params.use_short_preamble =
7154 nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]);
7155 if (info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME])
7156 params.use_short_slot_time =
7157 nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]);
7158 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
7159 params.basic_rates =
7160 nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
7161 params.basic_rates_len =
7162 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
7163 }
7164 if (info->attrs[NL80211_ATTR_AP_ISOLATE])
7165 params.ap_isolate = !!nla_get_u8(info->attrs[NL80211_ATTR_AP_ISOLATE]);
7166 if (info->attrs[NL80211_ATTR_BSS_HT_OPMODE])
7167 params.ht_opmode =
7168 nla_get_u16(info->attrs[NL80211_ATTR_BSS_HT_OPMODE]);
7169
7170 if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
7171 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
7172 return -EINVAL;
7173 params.p2p_ctwindow =
7174 nla_get_u8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
7175 if (params.p2p_ctwindow != 0 &&
7176 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN))
7177 return -EINVAL;
7178 }
7179
7180 if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
7181 u8 tmp;
7182
7183 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
7184 return -EINVAL;
7185 tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
7186 params.p2p_opp_ps = tmp;
7187 if (params.p2p_opp_ps &&
7188 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS))
7189 return -EINVAL;
7190 }
7191
7192 if (!rdev->ops->change_bss)
7193 return -EOPNOTSUPP;
7194
7195 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
7196 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
7197 return -EOPNOTSUPP;
7198
7199 wdev_lock(wdev);
7200 err = rdev_change_bss(rdev, dev, &params);
7201 wdev_unlock(wdev);
7202
7203 return err;
7204 }
7205
7206 static int nl80211_req_set_reg(struct sk_buff *skb, struct genl_info *info)
7207 {
7208 char *data = NULL;
7209 bool is_indoor;
7210 enum nl80211_user_reg_hint_type user_reg_hint_type;
7211 u32 owner_nlportid;
7212
7213 /*
7214 * You should only get this when cfg80211 hasn't yet initialized
7215 * completely when built-in to the kernel right between the time
7216 * window between nl80211_init() and regulatory_init(), if that is
7217 * even possible.
7218 */
7219 if (unlikely(!rcu_access_pointer(cfg80211_regdomain)))
7220 return -EINPROGRESS;
7221
7222 if (info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE])
7223 user_reg_hint_type =
7224 nla_get_u32(info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE]);
7225 else
7226 user_reg_hint_type = NL80211_USER_REG_HINT_USER;
7227
7228 switch (user_reg_hint_type) {
7229 case NL80211_USER_REG_HINT_USER:
7230 case NL80211_USER_REG_HINT_CELL_BASE:
7231 if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
7232 return -EINVAL;
7233
7234 data = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
7235 return regulatory_hint_user(data, user_reg_hint_type);
7236 case NL80211_USER_REG_HINT_INDOOR:
7237 if (info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
7238 owner_nlportid = info->snd_portid;
7239 is_indoor = !!info->attrs[NL80211_ATTR_REG_INDOOR];
7240 } else {
7241 owner_nlportid = 0;
7242 is_indoor = true;
7243 }
7244
7245 return regulatory_hint_indoor(is_indoor, owner_nlportid);
7246 default:
7247 return -EINVAL;
7248 }
7249 }
7250
7251 static int nl80211_reload_regdb(struct sk_buff *skb, struct genl_info *info)
7252 {
7253 return reg_reload_regdb();
7254 }
7255
7256 static int nl80211_get_mesh_config(struct sk_buff *skb,
7257 struct genl_info *info)
7258 {
7259 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7260 struct net_device *dev = info->user_ptr[1];
7261 struct wireless_dev *wdev = dev->ieee80211_ptr;
7262 struct mesh_config cur_params;
7263 int err = 0;
7264 void *hdr;
7265 struct nlattr *pinfoattr;
7266 struct sk_buff *msg;
7267
7268 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
7269 return -EOPNOTSUPP;
7270
7271 if (!rdev->ops->get_mesh_config)
7272 return -EOPNOTSUPP;
7273
7274 wdev_lock(wdev);
7275 /* If not connected, get default parameters */
7276 if (!wdev->mesh_id_len)
7277 memcpy(&cur_params, &default_mesh_config, sizeof(cur_params));
7278 else
7279 err = rdev_get_mesh_config(rdev, dev, &cur_params);
7280 wdev_unlock(wdev);
7281
7282 if (err)
7283 return err;
7284
7285 /* Draw up a netlink message to send back */
7286 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
7287 if (!msg)
7288 return -ENOMEM;
7289 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
7290 NL80211_CMD_GET_MESH_CONFIG);
7291 if (!hdr)
7292 goto out;
7293 pinfoattr = nla_nest_start_noflag(msg, NL80211_ATTR_MESH_CONFIG);
7294 if (!pinfoattr)
7295 goto nla_put_failure;
7296 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
7297 nla_put_u16(msg, NL80211_MESHCONF_RETRY_TIMEOUT,
7298 cur_params.dot11MeshRetryTimeout) ||
7299 nla_put_u16(msg, NL80211_MESHCONF_CONFIRM_TIMEOUT,
7300 cur_params.dot11MeshConfirmTimeout) ||
7301 nla_put_u16(msg, NL80211_MESHCONF_HOLDING_TIMEOUT,
7302 cur_params.dot11MeshHoldingTimeout) ||
7303 nla_put_u16(msg, NL80211_MESHCONF_MAX_PEER_LINKS,
7304 cur_params.dot11MeshMaxPeerLinks) ||
7305 nla_put_u8(msg, NL80211_MESHCONF_MAX_RETRIES,
7306 cur_params.dot11MeshMaxRetries) ||
7307 nla_put_u8(msg, NL80211_MESHCONF_TTL,
7308 cur_params.dot11MeshTTL) ||
7309 nla_put_u8(msg, NL80211_MESHCONF_ELEMENT_TTL,
7310 cur_params.element_ttl) ||
7311 nla_put_u8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
7312 cur_params.auto_open_plinks) ||
7313 nla_put_u32(msg, NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
7314 cur_params.dot11MeshNbrOffsetMaxNeighbor) ||
7315 nla_put_u8(msg, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
7316 cur_params.dot11MeshHWMPmaxPREQretries) ||
7317 nla_put_u32(msg, NL80211_MESHCONF_PATH_REFRESH_TIME,
7318 cur_params.path_refresh_time) ||
7319 nla_put_u16(msg, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
7320 cur_params.min_discovery_timeout) ||
7321 nla_put_u32(msg, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
7322 cur_params.dot11MeshHWMPactivePathTimeout) ||
7323 nla_put_u16(msg, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
7324 cur_params.dot11MeshHWMPpreqMinInterval) ||
7325 nla_put_u16(msg, NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
7326 cur_params.dot11MeshHWMPperrMinInterval) ||
7327 nla_put_u16(msg, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
7328 cur_params.dot11MeshHWMPnetDiameterTraversalTime) ||
7329 nla_put_u8(msg, NL80211_MESHCONF_HWMP_ROOTMODE,
7330 cur_params.dot11MeshHWMPRootMode) ||
7331 nla_put_u16(msg, NL80211_MESHCONF_HWMP_RANN_INTERVAL,
7332 cur_params.dot11MeshHWMPRannInterval) ||
7333 nla_put_u8(msg, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
7334 cur_params.dot11MeshGateAnnouncementProtocol) ||
7335 nla_put_u8(msg, NL80211_MESHCONF_FORWARDING,
7336 cur_params.dot11MeshForwarding) ||
7337 nla_put_s32(msg, NL80211_MESHCONF_RSSI_THRESHOLD,
7338 cur_params.rssi_threshold) ||
7339 nla_put_u32(msg, NL80211_MESHCONF_HT_OPMODE,
7340 cur_params.ht_opmode) ||
7341 nla_put_u32(msg, NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
7342 cur_params.dot11MeshHWMPactivePathToRootTimeout) ||
7343 nla_put_u16(msg, NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
7344 cur_params.dot11MeshHWMProotInterval) ||
7345 nla_put_u16(msg, NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
7346 cur_params.dot11MeshHWMPconfirmationInterval) ||
7347 nla_put_u32(msg, NL80211_MESHCONF_POWER_MODE,
7348 cur_params.power_mode) ||
7349 nla_put_u16(msg, NL80211_MESHCONF_AWAKE_WINDOW,
7350 cur_params.dot11MeshAwakeWindowDuration) ||
7351 nla_put_u32(msg, NL80211_MESHCONF_PLINK_TIMEOUT,
7352 cur_params.plink_timeout) ||
7353 nla_put_u8(msg, NL80211_MESHCONF_CONNECTED_TO_GATE,
7354 cur_params.dot11MeshConnectedToMeshGate) ||
7355 nla_put_u8(msg, NL80211_MESHCONF_NOLEARN,
7356 cur_params.dot11MeshNolearn) ||
7357 nla_put_u8(msg, NL80211_MESHCONF_CONNECTED_TO_AS,
7358 cur_params.dot11MeshConnectedToAuthServer))
7359 goto nla_put_failure;
7360 nla_nest_end(msg, pinfoattr);
7361 genlmsg_end(msg, hdr);
7362 return genlmsg_reply(msg, info);
7363
7364 nla_put_failure:
7365 out:
7366 nlmsg_free(msg);
7367 return -ENOBUFS;
7368 }
7369
7370 static const struct nla_policy
7371 nl80211_meshconf_params_policy[NL80211_MESHCONF_ATTR_MAX+1] = {
7372 [NL80211_MESHCONF_RETRY_TIMEOUT] =
7373 NLA_POLICY_RANGE(NLA_U16, 1, 255),
7374 [NL80211_MESHCONF_CONFIRM_TIMEOUT] =
7375 NLA_POLICY_RANGE(NLA_U16, 1, 255),
7376 [NL80211_MESHCONF_HOLDING_TIMEOUT] =
7377 NLA_POLICY_RANGE(NLA_U16, 1, 255),
7378 [NL80211_MESHCONF_MAX_PEER_LINKS] =
7379 NLA_POLICY_RANGE(NLA_U16, 0, 255),
7380 [NL80211_MESHCONF_MAX_RETRIES] = NLA_POLICY_MAX(NLA_U8, 16),
7381 [NL80211_MESHCONF_TTL] = NLA_POLICY_MIN(NLA_U8, 1),
7382 [NL80211_MESHCONF_ELEMENT_TTL] = NLA_POLICY_MIN(NLA_U8, 1),
7383 [NL80211_MESHCONF_AUTO_OPEN_PLINKS] = NLA_POLICY_MAX(NLA_U8, 1),
7384 [NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR] =
7385 NLA_POLICY_RANGE(NLA_U32, 1, 255),
7386 [NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES] = { .type = NLA_U8 },
7387 [NL80211_MESHCONF_PATH_REFRESH_TIME] = { .type = NLA_U32 },
7388 [NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT] = NLA_POLICY_MIN(NLA_U16, 1),
7389 [NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT] = { .type = NLA_U32 },
7390 [NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL] =
7391 NLA_POLICY_MIN(NLA_U16, 1),
7392 [NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL] =
7393 NLA_POLICY_MIN(NLA_U16, 1),
7394 [NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME] =
7395 NLA_POLICY_MIN(NLA_U16, 1),
7396 [NL80211_MESHCONF_HWMP_ROOTMODE] = NLA_POLICY_MAX(NLA_U8, 4),
7397 [NL80211_MESHCONF_HWMP_RANN_INTERVAL] =
7398 NLA_POLICY_MIN(NLA_U16, 1),
7399 [NL80211_MESHCONF_GATE_ANNOUNCEMENTS] = NLA_POLICY_MAX(NLA_U8, 1),
7400 [NL80211_MESHCONF_FORWARDING] = NLA_POLICY_MAX(NLA_U8, 1),
7401 [NL80211_MESHCONF_RSSI_THRESHOLD] =
7402 NLA_POLICY_RANGE(NLA_S32, -255, 0),
7403 [NL80211_MESHCONF_HT_OPMODE] = { .type = NLA_U16 },
7404 [NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT] = { .type = NLA_U32 },
7405 [NL80211_MESHCONF_HWMP_ROOT_INTERVAL] =
7406 NLA_POLICY_MIN(NLA_U16, 1),
7407 [NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL] =
7408 NLA_POLICY_MIN(NLA_U16, 1),
7409 [NL80211_MESHCONF_POWER_MODE] =
7410 NLA_POLICY_RANGE(NLA_U32,
7411 NL80211_MESH_POWER_ACTIVE,
7412 NL80211_MESH_POWER_MAX),
7413 [NL80211_MESHCONF_AWAKE_WINDOW] = { .type = NLA_U16 },
7414 [NL80211_MESHCONF_PLINK_TIMEOUT] = { .type = NLA_U32 },
7415 [NL80211_MESHCONF_CONNECTED_TO_GATE] = NLA_POLICY_RANGE(NLA_U8, 0, 1),
7416 [NL80211_MESHCONF_NOLEARN] = NLA_POLICY_RANGE(NLA_U8, 0, 1),
7417 [NL80211_MESHCONF_CONNECTED_TO_AS] = NLA_POLICY_RANGE(NLA_U8, 0, 1),
7418 };
7419
7420 static const struct nla_policy
7421 nl80211_mesh_setup_params_policy[NL80211_MESH_SETUP_ATTR_MAX+1] = {
7422 [NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC] = { .type = NLA_U8 },
7423 [NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL] = { .type = NLA_U8 },
7424 [NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC] = { .type = NLA_U8 },
7425 [NL80211_MESH_SETUP_USERSPACE_AUTH] = { .type = NLA_FLAG },
7426 [NL80211_MESH_SETUP_AUTH_PROTOCOL] = { .type = NLA_U8 },
7427 [NL80211_MESH_SETUP_USERSPACE_MPM] = { .type = NLA_FLAG },
7428 [NL80211_MESH_SETUP_IE] =
7429 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
7430 IEEE80211_MAX_DATA_LEN),
7431 [NL80211_MESH_SETUP_USERSPACE_AMPE] = { .type = NLA_FLAG },
7432 };
7433
7434 static int nl80211_parse_mesh_config(struct genl_info *info,
7435 struct mesh_config *cfg,
7436 u32 *mask_out)
7437 {
7438 struct nlattr *tb[NL80211_MESHCONF_ATTR_MAX + 1];
7439 u32 mask = 0;
7440 u16 ht_opmode;
7441
7442 #define FILL_IN_MESH_PARAM_IF_SET(tb, cfg, param, mask, attr, fn) \
7443 do { \
7444 if (tb[attr]) { \
7445 cfg->param = fn(tb[attr]); \
7446 mask |= BIT((attr) - 1); \
7447 } \
7448 } while (0)
7449
7450 if (!info->attrs[NL80211_ATTR_MESH_CONFIG])
7451 return -EINVAL;
7452 if (nla_parse_nested_deprecated(tb, NL80211_MESHCONF_ATTR_MAX, info->attrs[NL80211_ATTR_MESH_CONFIG], nl80211_meshconf_params_policy, info->extack))
7453 return -EINVAL;
7454
7455 /* This makes sure that there aren't more than 32 mesh config
7456 * parameters (otherwise our bitfield scheme would not work.) */
7457 BUILD_BUG_ON(NL80211_MESHCONF_ATTR_MAX > 32);
7458
7459 /* Fill in the params struct */
7460 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshRetryTimeout, mask,
7461 NL80211_MESHCONF_RETRY_TIMEOUT, nla_get_u16);
7462 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConfirmTimeout, mask,
7463 NL80211_MESHCONF_CONFIRM_TIMEOUT,
7464 nla_get_u16);
7465 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHoldingTimeout, mask,
7466 NL80211_MESHCONF_HOLDING_TIMEOUT,
7467 nla_get_u16);
7468 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxPeerLinks, mask,
7469 NL80211_MESHCONF_MAX_PEER_LINKS,
7470 nla_get_u16);
7471 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxRetries, mask,
7472 NL80211_MESHCONF_MAX_RETRIES, nla_get_u8);
7473 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshTTL, mask,
7474 NL80211_MESHCONF_TTL, nla_get_u8);
7475 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, element_ttl, mask,
7476 NL80211_MESHCONF_ELEMENT_TTL, nla_get_u8);
7477 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, auto_open_plinks, mask,
7478 NL80211_MESHCONF_AUTO_OPEN_PLINKS,
7479 nla_get_u8);
7480 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshNbrOffsetMaxNeighbor,
7481 mask,
7482 NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
7483 nla_get_u32);
7484 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPmaxPREQretries, mask,
7485 NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
7486 nla_get_u8);
7487 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, path_refresh_time, mask,
7488 NL80211_MESHCONF_PATH_REFRESH_TIME,
7489 nla_get_u32);
7490 if (mask & BIT(NL80211_MESHCONF_PATH_REFRESH_TIME) &&
7491 (cfg->path_refresh_time < 1 || cfg->path_refresh_time > 65535))
7492 return -EINVAL;
7493 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, min_discovery_timeout, mask,
7494 NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
7495 nla_get_u16);
7496 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathTimeout,
7497 mask,
7498 NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
7499 nla_get_u32);
7500 if (mask & BIT(NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT) &&
7501 (cfg->dot11MeshHWMPactivePathTimeout < 1 ||
7502 cfg->dot11MeshHWMPactivePathTimeout > 65535))
7503 return -EINVAL;
7504 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPpreqMinInterval, mask,
7505 NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
7506 nla_get_u16);
7507 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPperrMinInterval, mask,
7508 NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
7509 nla_get_u16);
7510 FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
7511 dot11MeshHWMPnetDiameterTraversalTime, mask,
7512 NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
7513 nla_get_u16);
7514 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRootMode, mask,
7515 NL80211_MESHCONF_HWMP_ROOTMODE, nla_get_u8);
7516 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRannInterval, mask,
7517 NL80211_MESHCONF_HWMP_RANN_INTERVAL,
7518 nla_get_u16);
7519 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshGateAnnouncementProtocol,
7520 mask, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
7521 nla_get_u8);
7522 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshForwarding, mask,
7523 NL80211_MESHCONF_FORWARDING, nla_get_u8);
7524 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, rssi_threshold, mask,
7525 NL80211_MESHCONF_RSSI_THRESHOLD,
7526 nla_get_s32);
7527 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConnectedToMeshGate, mask,
7528 NL80211_MESHCONF_CONNECTED_TO_GATE,
7529 nla_get_u8);
7530 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConnectedToAuthServer, mask,
7531 NL80211_MESHCONF_CONNECTED_TO_AS,
7532 nla_get_u8);
7533 /*
7534 * Check HT operation mode based on
7535 * IEEE 802.11-2016 9.4.2.57 HT Operation element.
7536 */
7537 if (tb[NL80211_MESHCONF_HT_OPMODE]) {
7538 ht_opmode = nla_get_u16(tb[NL80211_MESHCONF_HT_OPMODE]);
7539
7540 if (ht_opmode & ~(IEEE80211_HT_OP_MODE_PROTECTION |
7541 IEEE80211_HT_OP_MODE_NON_GF_STA_PRSNT |
7542 IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT))
7543 return -EINVAL;
7544
7545 /* NON_HT_STA bit is reserved, but some programs set it */
7546 ht_opmode &= ~IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT;
7547
7548 cfg->ht_opmode = ht_opmode;
7549 mask |= (1 << (NL80211_MESHCONF_HT_OPMODE - 1));
7550 }
7551 FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
7552 dot11MeshHWMPactivePathToRootTimeout, mask,
7553 NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
7554 nla_get_u32);
7555 if (mask & BIT(NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT) &&
7556 (cfg->dot11MeshHWMPactivePathToRootTimeout < 1 ||
7557 cfg->dot11MeshHWMPactivePathToRootTimeout > 65535))
7558 return -EINVAL;
7559 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMProotInterval, mask,
7560 NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
7561 nla_get_u16);
7562 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPconfirmationInterval,
7563 mask,
7564 NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
7565 nla_get_u16);
7566 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, power_mode, mask,
7567 NL80211_MESHCONF_POWER_MODE, nla_get_u32);
7568 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshAwakeWindowDuration, mask,
7569 NL80211_MESHCONF_AWAKE_WINDOW, nla_get_u16);
7570 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, plink_timeout, mask,
7571 NL80211_MESHCONF_PLINK_TIMEOUT, nla_get_u32);
7572 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshNolearn, mask,
7573 NL80211_MESHCONF_NOLEARN, nla_get_u8);
7574 if (mask_out)
7575 *mask_out = mask;
7576
7577 return 0;
7578
7579 #undef FILL_IN_MESH_PARAM_IF_SET
7580 }
7581
7582 static int nl80211_parse_mesh_setup(struct genl_info *info,
7583 struct mesh_setup *setup)
7584 {
7585 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7586 struct nlattr *tb[NL80211_MESH_SETUP_ATTR_MAX + 1];
7587
7588 if (!info->attrs[NL80211_ATTR_MESH_SETUP])
7589 return -EINVAL;
7590 if (nla_parse_nested_deprecated(tb, NL80211_MESH_SETUP_ATTR_MAX, info->attrs[NL80211_ATTR_MESH_SETUP], nl80211_mesh_setup_params_policy, info->extack))
7591 return -EINVAL;
7592
7593 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])
7594 setup->sync_method =
7595 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])) ?
7596 IEEE80211_SYNC_METHOD_VENDOR :
7597 IEEE80211_SYNC_METHOD_NEIGHBOR_OFFSET;
7598
7599 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])
7600 setup->path_sel_proto =
7601 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])) ?
7602 IEEE80211_PATH_PROTOCOL_VENDOR :
7603 IEEE80211_PATH_PROTOCOL_HWMP;
7604
7605 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])
7606 setup->path_metric =
7607 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])) ?
7608 IEEE80211_PATH_METRIC_VENDOR :
7609 IEEE80211_PATH_METRIC_AIRTIME;
7610
7611 if (tb[NL80211_MESH_SETUP_IE]) {
7612 struct nlattr *ieattr =
7613 tb[NL80211_MESH_SETUP_IE];
7614 setup->ie = nla_data(ieattr);
7615 setup->ie_len = nla_len(ieattr);
7616 }
7617 if (tb[NL80211_MESH_SETUP_USERSPACE_MPM] &&
7618 !(rdev->wiphy.features & NL80211_FEATURE_USERSPACE_MPM))
7619 return -EINVAL;
7620 setup->user_mpm = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_MPM]);
7621 setup->is_authenticated = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AUTH]);
7622 setup->is_secure = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AMPE]);
7623 if (setup->is_secure)
7624 setup->user_mpm = true;
7625
7626 if (tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]) {
7627 if (!setup->user_mpm)
7628 return -EINVAL;
7629 setup->auth_id =
7630 nla_get_u8(tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]);
7631 }
7632
7633 return 0;
7634 }
7635
7636 static int nl80211_update_mesh_config(struct sk_buff *skb,
7637 struct genl_info *info)
7638 {
7639 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7640 struct net_device *dev = info->user_ptr[1];
7641 struct wireless_dev *wdev = dev->ieee80211_ptr;
7642 struct mesh_config cfg;
7643 u32 mask;
7644 int err;
7645
7646 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
7647 return -EOPNOTSUPP;
7648
7649 if (!rdev->ops->update_mesh_config)
7650 return -EOPNOTSUPP;
7651
7652 err = nl80211_parse_mesh_config(info, &cfg, &mask);
7653 if (err)
7654 return err;
7655
7656 wdev_lock(wdev);
7657 if (!wdev->mesh_id_len)
7658 err = -ENOLINK;
7659
7660 if (!err)
7661 err = rdev_update_mesh_config(rdev, dev, mask, &cfg);
7662
7663 wdev_unlock(wdev);
7664
7665 return err;
7666 }
7667
7668 static int nl80211_put_regdom(const struct ieee80211_regdomain *regdom,
7669 struct sk_buff *msg)
7670 {
7671 struct nlattr *nl_reg_rules;
7672 unsigned int i;
7673
7674 if (nla_put_string(msg, NL80211_ATTR_REG_ALPHA2, regdom->alpha2) ||
7675 (regdom->dfs_region &&
7676 nla_put_u8(msg, NL80211_ATTR_DFS_REGION, regdom->dfs_region)))
7677 goto nla_put_failure;
7678
7679 nl_reg_rules = nla_nest_start_noflag(msg, NL80211_ATTR_REG_RULES);
7680 if (!nl_reg_rules)
7681 goto nla_put_failure;
7682
7683 for (i = 0; i < regdom->n_reg_rules; i++) {
7684 struct nlattr *nl_reg_rule;
7685 const struct ieee80211_reg_rule *reg_rule;
7686 const struct ieee80211_freq_range *freq_range;
7687 const struct ieee80211_power_rule *power_rule;
7688 unsigned int max_bandwidth_khz;
7689
7690 reg_rule = &regdom->reg_rules[i];
7691 freq_range = &reg_rule->freq_range;
7692 power_rule = &reg_rule->power_rule;
7693
7694 nl_reg_rule = nla_nest_start_noflag(msg, i);
7695 if (!nl_reg_rule)
7696 goto nla_put_failure;
7697
7698 max_bandwidth_khz = freq_range->max_bandwidth_khz;
7699 if (!max_bandwidth_khz)
7700 max_bandwidth_khz = reg_get_max_bandwidth(regdom,
7701 reg_rule);
7702
7703 if (nla_put_u32(msg, NL80211_ATTR_REG_RULE_FLAGS,
7704 reg_rule->flags) ||
7705 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_START,
7706 freq_range->start_freq_khz) ||
7707 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_END,
7708 freq_range->end_freq_khz) ||
7709 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_MAX_BW,
7710 max_bandwidth_khz) ||
7711 nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN,
7712 power_rule->max_antenna_gain) ||
7713 nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_EIRP,
7714 power_rule->max_eirp) ||
7715 nla_put_u32(msg, NL80211_ATTR_DFS_CAC_TIME,
7716 reg_rule->dfs_cac_ms))
7717 goto nla_put_failure;
7718
7719 nla_nest_end(msg, nl_reg_rule);
7720 }
7721
7722 nla_nest_end(msg, nl_reg_rules);
7723 return 0;
7724
7725 nla_put_failure:
7726 return -EMSGSIZE;
7727 }
7728
7729 static int nl80211_get_reg_do(struct sk_buff *skb, struct genl_info *info)
7730 {
7731 const struct ieee80211_regdomain *regdom = NULL;
7732 struct cfg80211_registered_device *rdev;
7733 struct wiphy *wiphy = NULL;
7734 struct sk_buff *msg;
7735 void *hdr;
7736
7737 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
7738 if (!msg)
7739 return -ENOBUFS;
7740
7741 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
7742 NL80211_CMD_GET_REG);
7743 if (!hdr)
7744 goto put_failure;
7745
7746 rtnl_lock();
7747
7748 if (info->attrs[NL80211_ATTR_WIPHY]) {
7749 bool self_managed;
7750
7751 rdev = cfg80211_get_dev_from_info(genl_info_net(info), info);
7752 if (IS_ERR(rdev)) {
7753 nlmsg_free(msg);
7754 rtnl_unlock();
7755 return PTR_ERR(rdev);
7756 }
7757
7758 wiphy = &rdev->wiphy;
7759 self_managed = wiphy->regulatory_flags &
7760 REGULATORY_WIPHY_SELF_MANAGED;
7761 regdom = get_wiphy_regdom(wiphy);
7762
7763 /* a self-managed-reg device must have a private regdom */
7764 if (WARN_ON(!regdom && self_managed)) {
7765 nlmsg_free(msg);
7766 rtnl_unlock();
7767 return -EINVAL;
7768 }
7769
7770 if (regdom &&
7771 nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
7772 goto nla_put_failure;
7773 }
7774
7775 if (!wiphy && reg_last_request_cell_base() &&
7776 nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE,
7777 NL80211_USER_REG_HINT_CELL_BASE))
7778 goto nla_put_failure;
7779
7780 rcu_read_lock();
7781
7782 if (!regdom)
7783 regdom = rcu_dereference(cfg80211_regdomain);
7784
7785 if (nl80211_put_regdom(regdom, msg))
7786 goto nla_put_failure_rcu;
7787
7788 rcu_read_unlock();
7789
7790 genlmsg_end(msg, hdr);
7791 rtnl_unlock();
7792 return genlmsg_reply(msg, info);
7793
7794 nla_put_failure_rcu:
7795 rcu_read_unlock();
7796 nla_put_failure:
7797 rtnl_unlock();
7798 put_failure:
7799 nlmsg_free(msg);
7800 return -EMSGSIZE;
7801 }
7802
7803 static int nl80211_send_regdom(struct sk_buff *msg, struct netlink_callback *cb,
7804 u32 seq, int flags, struct wiphy *wiphy,
7805 const struct ieee80211_regdomain *regdom)
7806 {
7807 void *hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags,
7808 NL80211_CMD_GET_REG);
7809
7810 if (!hdr)
7811 return -1;
7812
7813 genl_dump_check_consistent(cb, hdr);
7814
7815 if (nl80211_put_regdom(regdom, msg))
7816 goto nla_put_failure;
7817
7818 if (!wiphy && reg_last_request_cell_base() &&
7819 nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE,
7820 NL80211_USER_REG_HINT_CELL_BASE))
7821 goto nla_put_failure;
7822
7823 if (wiphy &&
7824 nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
7825 goto nla_put_failure;
7826
7827 if (wiphy && wiphy->regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
7828 nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
7829 goto nla_put_failure;
7830
7831 genlmsg_end(msg, hdr);
7832 return 0;
7833
7834 nla_put_failure:
7835 genlmsg_cancel(msg, hdr);
7836 return -EMSGSIZE;
7837 }
7838
7839 static int nl80211_get_reg_dump(struct sk_buff *skb,
7840 struct netlink_callback *cb)
7841 {
7842 const struct ieee80211_regdomain *regdom = NULL;
7843 struct cfg80211_registered_device *rdev;
7844 int err, reg_idx, start = cb->args[2];
7845
7846 rtnl_lock();
7847
7848 if (cfg80211_regdomain && start == 0) {
7849 err = nl80211_send_regdom(skb, cb, cb->nlh->nlmsg_seq,
7850 NLM_F_MULTI, NULL,
7851 rtnl_dereference(cfg80211_regdomain));
7852 if (err < 0)
7853 goto out_err;
7854 }
7855
7856 /* the global regdom is idx 0 */
7857 reg_idx = 1;
7858 list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
7859 regdom = get_wiphy_regdom(&rdev->wiphy);
7860 if (!regdom)
7861 continue;
7862
7863 if (++reg_idx <= start)
7864 continue;
7865
7866 err = nl80211_send_regdom(skb, cb, cb->nlh->nlmsg_seq,
7867 NLM_F_MULTI, &rdev->wiphy, regdom);
7868 if (err < 0) {
7869 reg_idx--;
7870 break;
7871 }
7872 }
7873
7874 cb->args[2] = reg_idx;
7875 err = skb->len;
7876 out_err:
7877 rtnl_unlock();
7878 return err;
7879 }
7880
7881 #ifdef CONFIG_CFG80211_CRDA_SUPPORT
7882 static const struct nla_policy reg_rule_policy[NL80211_REG_RULE_ATTR_MAX + 1] = {
7883 [NL80211_ATTR_REG_RULE_FLAGS] = { .type = NLA_U32 },
7884 [NL80211_ATTR_FREQ_RANGE_START] = { .type = NLA_U32 },
7885 [NL80211_ATTR_FREQ_RANGE_END] = { .type = NLA_U32 },
7886 [NL80211_ATTR_FREQ_RANGE_MAX_BW] = { .type = NLA_U32 },
7887 [NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN] = { .type = NLA_U32 },
7888 [NL80211_ATTR_POWER_RULE_MAX_EIRP] = { .type = NLA_U32 },
7889 [NL80211_ATTR_DFS_CAC_TIME] = { .type = NLA_U32 },
7890 };
7891
7892 static int parse_reg_rule(struct nlattr *tb[],
7893 struct ieee80211_reg_rule *reg_rule)
7894 {
7895 struct ieee80211_freq_range *freq_range = &reg_rule->freq_range;
7896 struct ieee80211_power_rule *power_rule = &reg_rule->power_rule;
7897
7898 if (!tb[NL80211_ATTR_REG_RULE_FLAGS])
7899 return -EINVAL;
7900 if (!tb[NL80211_ATTR_FREQ_RANGE_START])
7901 return -EINVAL;
7902 if (!tb[NL80211_ATTR_FREQ_RANGE_END])
7903 return -EINVAL;
7904 if (!tb[NL80211_ATTR_FREQ_RANGE_MAX_BW])
7905 return -EINVAL;
7906 if (!tb[NL80211_ATTR_POWER_RULE_MAX_EIRP])
7907 return -EINVAL;
7908
7909 reg_rule->flags = nla_get_u32(tb[NL80211_ATTR_REG_RULE_FLAGS]);
7910
7911 freq_range->start_freq_khz =
7912 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]);
7913 freq_range->end_freq_khz =
7914 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]);
7915 freq_range->max_bandwidth_khz =
7916 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]);
7917
7918 power_rule->max_eirp =
7919 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]);
7920
7921 if (tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN])
7922 power_rule->max_antenna_gain =
7923 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]);
7924
7925 if (tb[NL80211_ATTR_DFS_CAC_TIME])
7926 reg_rule->dfs_cac_ms =
7927 nla_get_u32(tb[NL80211_ATTR_DFS_CAC_TIME]);
7928
7929 return 0;
7930 }
7931
7932 static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info)
7933 {
7934 struct nlattr *tb[NL80211_REG_RULE_ATTR_MAX + 1];
7935 struct nlattr *nl_reg_rule;
7936 char *alpha2;
7937 int rem_reg_rules, r;
7938 u32 num_rules = 0, rule_idx = 0;
7939 enum nl80211_dfs_regions dfs_region = NL80211_DFS_UNSET;
7940 struct ieee80211_regdomain *rd;
7941
7942 if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
7943 return -EINVAL;
7944
7945 if (!info->attrs[NL80211_ATTR_REG_RULES])
7946 return -EINVAL;
7947
7948 alpha2 = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
7949
7950 if (info->attrs[NL80211_ATTR_DFS_REGION])
7951 dfs_region = nla_get_u8(info->attrs[NL80211_ATTR_DFS_REGION]);
7952
7953 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
7954 rem_reg_rules) {
7955 num_rules++;
7956 if (num_rules > NL80211_MAX_SUPP_REG_RULES)
7957 return -EINVAL;
7958 }
7959
7960 rtnl_lock();
7961 if (!reg_is_valid_request(alpha2)) {
7962 r = -EINVAL;
7963 goto out;
7964 }
7965
7966 rd = kzalloc(struct_size(rd, reg_rules, num_rules), GFP_KERNEL);
7967 if (!rd) {
7968 r = -ENOMEM;
7969 goto out;
7970 }
7971
7972 rd->n_reg_rules = num_rules;
7973 rd->alpha2[0] = alpha2[0];
7974 rd->alpha2[1] = alpha2[1];
7975
7976 /*
7977 * Disable DFS master mode if the DFS region was
7978 * not supported or known on this kernel.
7979 */
7980 if (reg_supported_dfs_region(dfs_region))
7981 rd->dfs_region = dfs_region;
7982
7983 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
7984 rem_reg_rules) {
7985 r = nla_parse_nested_deprecated(tb, NL80211_REG_RULE_ATTR_MAX,
7986 nl_reg_rule, reg_rule_policy,
7987 info->extack);
7988 if (r)
7989 goto bad_reg;
7990 r = parse_reg_rule(tb, &rd->reg_rules[rule_idx]);
7991 if (r)
7992 goto bad_reg;
7993
7994 rule_idx++;
7995
7996 if (rule_idx > NL80211_MAX_SUPP_REG_RULES) {
7997 r = -EINVAL;
7998 goto bad_reg;
7999 }
8000 }
8001
8002 r = set_regdom(rd, REGD_SOURCE_CRDA);
8003 /* set_regdom takes ownership of rd */
8004 rd = NULL;
8005 bad_reg:
8006 kfree(rd);
8007 out:
8008 rtnl_unlock();
8009 return r;
8010 }
8011 #endif /* CONFIG_CFG80211_CRDA_SUPPORT */
8012
8013 static int validate_scan_freqs(struct nlattr *freqs)
8014 {
8015 struct nlattr *attr1, *attr2;
8016 int n_channels = 0, tmp1, tmp2;
8017
8018 nla_for_each_nested(attr1, freqs, tmp1)
8019 if (nla_len(attr1) != sizeof(u32))
8020 return 0;
8021
8022 nla_for_each_nested(attr1, freqs, tmp1) {
8023 n_channels++;
8024 /*
8025 * Some hardware has a limited channel list for
8026 * scanning, and it is pretty much nonsensical
8027 * to scan for a channel twice, so disallow that
8028 * and don't require drivers to check that the
8029 * channel list they get isn't longer than what
8030 * they can scan, as long as they can scan all
8031 * the channels they registered at once.
8032 */
8033 nla_for_each_nested(attr2, freqs, tmp2)
8034 if (attr1 != attr2 &&
8035 nla_get_u32(attr1) == nla_get_u32(attr2))
8036 return 0;
8037 }
8038
8039 return n_channels;
8040 }
8041
8042 static bool is_band_valid(struct wiphy *wiphy, enum nl80211_band b)
8043 {
8044 return b < NUM_NL80211_BANDS && wiphy->bands[b];
8045 }
8046
8047 static int parse_bss_select(struct nlattr *nla, struct wiphy *wiphy,
8048 struct cfg80211_bss_selection *bss_select)
8049 {
8050 struct nlattr *attr[NL80211_BSS_SELECT_ATTR_MAX + 1];
8051 struct nlattr *nest;
8052 int err;
8053 bool found = false;
8054 int i;
8055
8056 /* only process one nested attribute */
8057 nest = nla_data(nla);
8058 if (!nla_ok(nest, nla_len(nest)))
8059 return -EINVAL;
8060
8061 err = nla_parse_nested_deprecated(attr, NL80211_BSS_SELECT_ATTR_MAX,
8062 nest, nl80211_bss_select_policy,
8063 NULL);
8064 if (err)
8065 return err;
8066
8067 /* only one attribute may be given */
8068 for (i = 0; i <= NL80211_BSS_SELECT_ATTR_MAX; i++) {
8069 if (attr[i]) {
8070 if (found)
8071 return -EINVAL;
8072 found = true;
8073 }
8074 }
8075
8076 bss_select->behaviour = __NL80211_BSS_SELECT_ATTR_INVALID;
8077
8078 if (attr[NL80211_BSS_SELECT_ATTR_RSSI])
8079 bss_select->behaviour = NL80211_BSS_SELECT_ATTR_RSSI;
8080
8081 if (attr[NL80211_BSS_SELECT_ATTR_BAND_PREF]) {
8082 bss_select->behaviour = NL80211_BSS_SELECT_ATTR_BAND_PREF;
8083 bss_select->param.band_pref =
8084 nla_get_u32(attr[NL80211_BSS_SELECT_ATTR_BAND_PREF]);
8085 if (!is_band_valid(wiphy, bss_select->param.band_pref))
8086 return -EINVAL;
8087 }
8088
8089 if (attr[NL80211_BSS_SELECT_ATTR_RSSI_ADJUST]) {
8090 struct nl80211_bss_select_rssi_adjust *adj_param;
8091
8092 adj_param = nla_data(attr[NL80211_BSS_SELECT_ATTR_RSSI_ADJUST]);
8093 bss_select->behaviour = NL80211_BSS_SELECT_ATTR_RSSI_ADJUST;
8094 bss_select->param.adjust.band = adj_param->band;
8095 bss_select->param.adjust.delta = adj_param->delta;
8096 if (!is_band_valid(wiphy, bss_select->param.adjust.band))
8097 return -EINVAL;
8098 }
8099
8100 /* user-space did not provide behaviour attribute */
8101 if (bss_select->behaviour == __NL80211_BSS_SELECT_ATTR_INVALID)
8102 return -EINVAL;
8103
8104 if (!(wiphy->bss_select_support & BIT(bss_select->behaviour)))
8105 return -EINVAL;
8106
8107 return 0;
8108 }
8109
8110 int nl80211_parse_random_mac(struct nlattr **attrs,
8111 u8 *mac_addr, u8 *mac_addr_mask)
8112 {
8113 int i;
8114
8115 if (!attrs[NL80211_ATTR_MAC] && !attrs[NL80211_ATTR_MAC_MASK]) {
8116 eth_zero_addr(mac_addr);
8117 eth_zero_addr(mac_addr_mask);
8118 mac_addr[0] = 0x2;
8119 mac_addr_mask[0] = 0x3;
8120
8121 return 0;
8122 }
8123
8124 /* need both or none */
8125 if (!attrs[NL80211_ATTR_MAC] || !attrs[NL80211_ATTR_MAC_MASK])
8126 return -EINVAL;
8127
8128 memcpy(mac_addr, nla_data(attrs[NL80211_ATTR_MAC]), ETH_ALEN);
8129 memcpy(mac_addr_mask, nla_data(attrs[NL80211_ATTR_MAC_MASK]), ETH_ALEN);
8130
8131 /* don't allow or configure an mcast address */
8132 if (!is_multicast_ether_addr(mac_addr_mask) ||
8133 is_multicast_ether_addr(mac_addr))
8134 return -EINVAL;
8135
8136 /*
8137 * allow users to pass a MAC address that has bits set outside
8138 * of the mask, but don't bother drivers with having to deal
8139 * with such bits
8140 */
8141 for (i = 0; i < ETH_ALEN; i++)
8142 mac_addr[i] &= mac_addr_mask[i];
8143
8144 return 0;
8145 }
8146
8147 static bool cfg80211_off_channel_oper_allowed(struct wireless_dev *wdev)
8148 {
8149 ASSERT_WDEV_LOCK(wdev);
8150
8151 if (!cfg80211_beaconing_iface_active(wdev))
8152 return true;
8153
8154 if (!(wdev->chandef.chan->flags & IEEE80211_CHAN_RADAR))
8155 return true;
8156
8157 return regulatory_pre_cac_allowed(wdev->wiphy);
8158 }
8159
8160 static bool nl80211_check_scan_feat(struct wiphy *wiphy, u32 flags, u32 flag,
8161 enum nl80211_ext_feature_index feat)
8162 {
8163 if (!(flags & flag))
8164 return true;
8165 if (wiphy_ext_feature_isset(wiphy, feat))
8166 return true;
8167 return false;
8168 }
8169
8170 static int
8171 nl80211_check_scan_flags(struct wiphy *wiphy, struct wireless_dev *wdev,
8172 void *request, struct nlattr **attrs,
8173 bool is_sched_scan)
8174 {
8175 u8 *mac_addr, *mac_addr_mask;
8176 u32 *flags;
8177 enum nl80211_feature_flags randomness_flag;
8178
8179 if (!attrs[NL80211_ATTR_SCAN_FLAGS])
8180 return 0;
8181
8182 if (is_sched_scan) {
8183 struct cfg80211_sched_scan_request *req = request;
8184
8185 randomness_flag = wdev ?
8186 NL80211_FEATURE_SCHED_SCAN_RANDOM_MAC_ADDR :
8187 NL80211_FEATURE_ND_RANDOM_MAC_ADDR;
8188 flags = &req->flags;
8189 mac_addr = req->mac_addr;
8190 mac_addr_mask = req->mac_addr_mask;
8191 } else {
8192 struct cfg80211_scan_request *req = request;
8193
8194 randomness_flag = NL80211_FEATURE_SCAN_RANDOM_MAC_ADDR;
8195 flags = &req->flags;
8196 mac_addr = req->mac_addr;
8197 mac_addr_mask = req->mac_addr_mask;
8198 }
8199
8200 *flags = nla_get_u32(attrs[NL80211_ATTR_SCAN_FLAGS]);
8201
8202 if (((*flags & NL80211_SCAN_FLAG_LOW_PRIORITY) &&
8203 !(wiphy->features & NL80211_FEATURE_LOW_PRIORITY_SCAN)) ||
8204 !nl80211_check_scan_feat(wiphy, *flags,
8205 NL80211_SCAN_FLAG_LOW_SPAN,
8206 NL80211_EXT_FEATURE_LOW_SPAN_SCAN) ||
8207 !nl80211_check_scan_feat(wiphy, *flags,
8208 NL80211_SCAN_FLAG_LOW_POWER,
8209 NL80211_EXT_FEATURE_LOW_POWER_SCAN) ||
8210 !nl80211_check_scan_feat(wiphy, *flags,
8211 NL80211_SCAN_FLAG_HIGH_ACCURACY,
8212 NL80211_EXT_FEATURE_HIGH_ACCURACY_SCAN) ||
8213 !nl80211_check_scan_feat(wiphy, *flags,
8214 NL80211_SCAN_FLAG_FILS_MAX_CHANNEL_TIME,
8215 NL80211_EXT_FEATURE_FILS_MAX_CHANNEL_TIME) ||
8216 !nl80211_check_scan_feat(wiphy, *flags,
8217 NL80211_SCAN_FLAG_ACCEPT_BCAST_PROBE_RESP,
8218 NL80211_EXT_FEATURE_ACCEPT_BCAST_PROBE_RESP) ||
8219 !nl80211_check_scan_feat(wiphy, *flags,
8220 NL80211_SCAN_FLAG_OCE_PROBE_REQ_DEFERRAL_SUPPRESSION,
8221 NL80211_EXT_FEATURE_OCE_PROBE_REQ_DEFERRAL_SUPPRESSION) ||
8222 !nl80211_check_scan_feat(wiphy, *flags,
8223 NL80211_SCAN_FLAG_OCE_PROBE_REQ_HIGH_TX_RATE,
8224 NL80211_EXT_FEATURE_OCE_PROBE_REQ_HIGH_TX_RATE) ||
8225 !nl80211_check_scan_feat(wiphy, *flags,
8226 NL80211_SCAN_FLAG_RANDOM_SN,
8227 NL80211_EXT_FEATURE_SCAN_RANDOM_SN) ||
8228 !nl80211_check_scan_feat(wiphy, *flags,
8229 NL80211_SCAN_FLAG_MIN_PREQ_CONTENT,
8230 NL80211_EXT_FEATURE_SCAN_MIN_PREQ_CONTENT))
8231 return -EOPNOTSUPP;
8232
8233 if (*flags & NL80211_SCAN_FLAG_RANDOM_ADDR) {
8234 int err;
8235
8236 if (!(wiphy->features & randomness_flag) ||
8237 (wdev && wdev->current_bss))
8238 return -EOPNOTSUPP;
8239
8240 err = nl80211_parse_random_mac(attrs, mac_addr, mac_addr_mask);
8241 if (err)
8242 return err;
8243 }
8244
8245 return 0;
8246 }
8247
8248 static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info)
8249 {
8250 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8251 struct wireless_dev *wdev = info->user_ptr[1];
8252 struct cfg80211_scan_request *request;
8253 struct nlattr *scan_freqs = NULL;
8254 bool scan_freqs_khz = false;
8255 struct nlattr *attr;
8256 struct wiphy *wiphy;
8257 int err, tmp, n_ssids = 0, n_channels, i;
8258 size_t ie_len;
8259
8260 wiphy = &rdev->wiphy;
8261
8262 if (wdev->iftype == NL80211_IFTYPE_NAN)
8263 return -EOPNOTSUPP;
8264
8265 if (!rdev->ops->scan)
8266 return -EOPNOTSUPP;
8267
8268 if (rdev->scan_req || rdev->scan_msg)
8269 return -EBUSY;
8270
8271 if (info->attrs[NL80211_ATTR_SCAN_FREQ_KHZ]) {
8272 if (!wiphy_ext_feature_isset(wiphy,
8273 NL80211_EXT_FEATURE_SCAN_FREQ_KHZ))
8274 return -EOPNOTSUPP;
8275 scan_freqs = info->attrs[NL80211_ATTR_SCAN_FREQ_KHZ];
8276 scan_freqs_khz = true;
8277 } else if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES])
8278 scan_freqs = info->attrs[NL80211_ATTR_SCAN_FREQUENCIES];
8279
8280 if (scan_freqs) {
8281 n_channels = validate_scan_freqs(scan_freqs);
8282 if (!n_channels)
8283 return -EINVAL;
8284 } else {
8285 n_channels = ieee80211_get_num_supported_channels(wiphy);
8286 }
8287
8288 if (info->attrs[NL80211_ATTR_SCAN_SSIDS])
8289 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp)
8290 n_ssids++;
8291
8292 if (n_ssids > wiphy->max_scan_ssids)
8293 return -EINVAL;
8294
8295 if (info->attrs[NL80211_ATTR_IE])
8296 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
8297 else
8298 ie_len = 0;
8299
8300 if (ie_len > wiphy->max_scan_ie_len)
8301 return -EINVAL;
8302
8303 request = kzalloc(sizeof(*request)
8304 + sizeof(*request->ssids) * n_ssids
8305 + sizeof(*request->channels) * n_channels
8306 + ie_len, GFP_KERNEL);
8307 if (!request)
8308 return -ENOMEM;
8309
8310 if (n_ssids)
8311 request->ssids = (void *)&request->channels[n_channels];
8312 request->n_ssids = n_ssids;
8313 if (ie_len) {
8314 if (n_ssids)
8315 request->ie = (void *)(request->ssids + n_ssids);
8316 else
8317 request->ie = (void *)(request->channels + n_channels);
8318 }
8319
8320 i = 0;
8321 if (scan_freqs) {
8322 /* user specified, bail out if channel not found */
8323 nla_for_each_nested(attr, scan_freqs, tmp) {
8324 struct ieee80211_channel *chan;
8325 int freq = nla_get_u32(attr);
8326
8327 if (!scan_freqs_khz)
8328 freq = MHZ_TO_KHZ(freq);
8329
8330 chan = ieee80211_get_channel_khz(wiphy, freq);
8331 if (!chan) {
8332 err = -EINVAL;
8333 goto out_free;
8334 }
8335
8336 /* ignore disabled channels */
8337 if (chan->flags & IEEE80211_CHAN_DISABLED)
8338 continue;
8339
8340 request->channels[i] = chan;
8341 i++;
8342 }
8343 } else {
8344 enum nl80211_band band;
8345
8346 /* all channels */
8347 for (band = 0; band < NUM_NL80211_BANDS; band++) {
8348 int j;
8349
8350 if (!wiphy->bands[band])
8351 continue;
8352 for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
8353 struct ieee80211_channel *chan;
8354
8355 chan = &wiphy->bands[band]->channels[j];
8356
8357 if (chan->flags & IEEE80211_CHAN_DISABLED)
8358 continue;
8359
8360 request->channels[i] = chan;
8361 i++;
8362 }
8363 }
8364 }
8365
8366 if (!i) {
8367 err = -EINVAL;
8368 goto out_free;
8369 }
8370
8371 request->n_channels = i;
8372
8373 wdev_lock(wdev);
8374 if (!cfg80211_off_channel_oper_allowed(wdev)) {
8375 struct ieee80211_channel *chan;
8376
8377 if (request->n_channels != 1) {
8378 wdev_unlock(wdev);
8379 err = -EBUSY;
8380 goto out_free;
8381 }
8382
8383 chan = request->channels[0];
8384 if (chan->center_freq != wdev->chandef.chan->center_freq) {
8385 wdev_unlock(wdev);
8386 err = -EBUSY;
8387 goto out_free;
8388 }
8389 }
8390 wdev_unlock(wdev);
8391
8392 i = 0;
8393 if (n_ssids) {
8394 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) {
8395 if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
8396 err = -EINVAL;
8397 goto out_free;
8398 }
8399 request->ssids[i].ssid_len = nla_len(attr);
8400 memcpy(request->ssids[i].ssid, nla_data(attr), nla_len(attr));
8401 i++;
8402 }
8403 }
8404
8405 if (info->attrs[NL80211_ATTR_IE]) {
8406 request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
8407 memcpy((void *)request->ie,
8408 nla_data(info->attrs[NL80211_ATTR_IE]),
8409 request->ie_len);
8410 }
8411
8412 for (i = 0; i < NUM_NL80211_BANDS; i++)
8413 if (wiphy->bands[i])
8414 request->rates[i] =
8415 (1 << wiphy->bands[i]->n_bitrates) - 1;
8416
8417 if (info->attrs[NL80211_ATTR_SCAN_SUPP_RATES]) {
8418 nla_for_each_nested(attr,
8419 info->attrs[NL80211_ATTR_SCAN_SUPP_RATES],
8420 tmp) {
8421 enum nl80211_band band = nla_type(attr);
8422
8423 if (band < 0 || band >= NUM_NL80211_BANDS) {
8424 err = -EINVAL;
8425 goto out_free;
8426 }
8427
8428 if (!wiphy->bands[band])
8429 continue;
8430
8431 err = ieee80211_get_ratemask(wiphy->bands[band],
8432 nla_data(attr),
8433 nla_len(attr),
8434 &request->rates[band]);
8435 if (err)
8436 goto out_free;
8437 }
8438 }
8439
8440 if (info->attrs[NL80211_ATTR_MEASUREMENT_DURATION]) {
8441 request->duration =
8442 nla_get_u16(info->attrs[NL80211_ATTR_MEASUREMENT_DURATION]);
8443 request->duration_mandatory =
8444 nla_get_flag(info->attrs[NL80211_ATTR_MEASUREMENT_DURATION_MANDATORY]);
8445 }
8446
8447 err = nl80211_check_scan_flags(wiphy, wdev, request, info->attrs,
8448 false);
8449 if (err)
8450 goto out_free;
8451
8452 request->no_cck =
8453 nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
8454
8455 /* Initial implementation used NL80211_ATTR_MAC to set the specific
8456 * BSSID to scan for. This was problematic because that same attribute
8457 * was already used for another purpose (local random MAC address). The
8458 * NL80211_ATTR_BSSID attribute was added to fix this. For backwards
8459 * compatibility with older userspace components, also use the
8460 * NL80211_ATTR_MAC value here if it can be determined to be used for
8461 * the specific BSSID use case instead of the random MAC address
8462 * (NL80211_ATTR_SCAN_FLAGS is used to enable random MAC address use).
8463 */
8464 if (info->attrs[NL80211_ATTR_BSSID])
8465 memcpy(request->bssid,
8466 nla_data(info->attrs[NL80211_ATTR_BSSID]), ETH_ALEN);
8467 else if (!(request->flags & NL80211_SCAN_FLAG_RANDOM_ADDR) &&
8468 info->attrs[NL80211_ATTR_MAC])
8469 memcpy(request->bssid, nla_data(info->attrs[NL80211_ATTR_MAC]),
8470 ETH_ALEN);
8471 else
8472 eth_broadcast_addr(request->bssid);
8473
8474 request->wdev = wdev;
8475 request->wiphy = &rdev->wiphy;
8476 request->scan_start = jiffies;
8477
8478 rdev->scan_req = request;
8479 err = cfg80211_scan(rdev);
8480
8481 if (err)
8482 goto out_free;
8483
8484 nl80211_send_scan_start(rdev, wdev);
8485 if (wdev->netdev)
8486 dev_hold(wdev->netdev);
8487
8488 return 0;
8489
8490 out_free:
8491 rdev->scan_req = NULL;
8492 kfree(request);
8493
8494 return err;
8495 }
8496
8497 static int nl80211_abort_scan(struct sk_buff *skb, struct genl_info *info)
8498 {
8499 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8500 struct wireless_dev *wdev = info->user_ptr[1];
8501
8502 if (!rdev->ops->abort_scan)
8503 return -EOPNOTSUPP;
8504
8505 if (rdev->scan_msg)
8506 return 0;
8507
8508 if (!rdev->scan_req)
8509 return -ENOENT;
8510
8511 rdev_abort_scan(rdev, wdev);
8512 return 0;
8513 }
8514
8515 static int
8516 nl80211_parse_sched_scan_plans(struct wiphy *wiphy, int n_plans,
8517 struct cfg80211_sched_scan_request *request,
8518 struct nlattr **attrs)
8519 {
8520 int tmp, err, i = 0;
8521 struct nlattr *attr;
8522
8523 if (!attrs[NL80211_ATTR_SCHED_SCAN_PLANS]) {
8524 u32 interval;
8525
8526 /*
8527 * If scan plans are not specified,
8528 * %NL80211_ATTR_SCHED_SCAN_INTERVAL will be specified. In this
8529 * case one scan plan will be set with the specified scan
8530 * interval and infinite number of iterations.
8531 */
8532 interval = nla_get_u32(attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]);
8533 if (!interval)
8534 return -EINVAL;
8535
8536 request->scan_plans[0].interval =
8537 DIV_ROUND_UP(interval, MSEC_PER_SEC);
8538 if (!request->scan_plans[0].interval)
8539 return -EINVAL;
8540
8541 if (request->scan_plans[0].interval >
8542 wiphy->max_sched_scan_plan_interval)
8543 request->scan_plans[0].interval =
8544 wiphy->max_sched_scan_plan_interval;
8545
8546 return 0;
8547 }
8548
8549 nla_for_each_nested(attr, attrs[NL80211_ATTR_SCHED_SCAN_PLANS], tmp) {
8550 struct nlattr *plan[NL80211_SCHED_SCAN_PLAN_MAX + 1];
8551
8552 if (WARN_ON(i >= n_plans))
8553 return -EINVAL;
8554
8555 err = nla_parse_nested_deprecated(plan,
8556 NL80211_SCHED_SCAN_PLAN_MAX,
8557 attr, nl80211_plan_policy,
8558 NULL);
8559 if (err)
8560 return err;
8561
8562 if (!plan[NL80211_SCHED_SCAN_PLAN_INTERVAL])
8563 return -EINVAL;
8564
8565 request->scan_plans[i].interval =
8566 nla_get_u32(plan[NL80211_SCHED_SCAN_PLAN_INTERVAL]);
8567 if (!request->scan_plans[i].interval ||
8568 request->scan_plans[i].interval >
8569 wiphy->max_sched_scan_plan_interval)
8570 return -EINVAL;
8571
8572 if (plan[NL80211_SCHED_SCAN_PLAN_ITERATIONS]) {
8573 request->scan_plans[i].iterations =
8574 nla_get_u32(plan[NL80211_SCHED_SCAN_PLAN_ITERATIONS]);
8575 if (!request->scan_plans[i].iterations ||
8576 (request->scan_plans[i].iterations >
8577 wiphy->max_sched_scan_plan_iterations))
8578 return -EINVAL;
8579 } else if (i < n_plans - 1) {
8580 /*
8581 * All scan plans but the last one must specify
8582 * a finite number of iterations
8583 */
8584 return -EINVAL;
8585 }
8586
8587 i++;
8588 }
8589
8590 /*
8591 * The last scan plan must not specify the number of
8592 * iterations, it is supposed to run infinitely
8593 */
8594 if (request->scan_plans[n_plans - 1].iterations)
8595 return -EINVAL;
8596
8597 return 0;
8598 }
8599
8600 static int
8601 nl80211_parse_sched_scan_per_band_rssi(struct wiphy *wiphy,
8602 struct cfg80211_match_set *match_sets,
8603 struct nlattr *tb_band_rssi,
8604 s32 rssi_thold)
8605 {
8606 struct nlattr *attr;
8607 int i, tmp, ret = 0;
8608
8609 if (!wiphy_ext_feature_isset(wiphy,
8610 NL80211_EXT_FEATURE_SCHED_SCAN_BAND_SPECIFIC_RSSI_THOLD)) {
8611 if (tb_band_rssi)
8612 ret = -EOPNOTSUPP;
8613 else
8614 for (i = 0; i < NUM_NL80211_BANDS; i++)
8615 match_sets->per_band_rssi_thold[i] =
8616 NL80211_SCAN_RSSI_THOLD_OFF;
8617 return ret;
8618 }
8619
8620 for (i = 0; i < NUM_NL80211_BANDS; i++)
8621 match_sets->per_band_rssi_thold[i] = rssi_thold;
8622
8623 nla_for_each_nested(attr, tb_band_rssi, tmp) {
8624 enum nl80211_band band = nla_type(attr);
8625
8626 if (band < 0 || band >= NUM_NL80211_BANDS)
8627 return -EINVAL;
8628
8629 match_sets->per_band_rssi_thold[band] = nla_get_s32(attr);
8630 }
8631
8632 return 0;
8633 }
8634
8635 static struct cfg80211_sched_scan_request *
8636 nl80211_parse_sched_scan(struct wiphy *wiphy, struct wireless_dev *wdev,
8637 struct nlattr **attrs, int max_match_sets)
8638 {
8639 struct cfg80211_sched_scan_request *request;
8640 struct nlattr *attr;
8641 int err, tmp, n_ssids = 0, n_match_sets = 0, n_channels, i, n_plans = 0;
8642 enum nl80211_band band;
8643 size_t ie_len;
8644 struct nlattr *tb[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1];
8645 s32 default_match_rssi = NL80211_SCAN_RSSI_THOLD_OFF;
8646
8647 if (attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
8648 n_channels = validate_scan_freqs(
8649 attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
8650 if (!n_channels)
8651 return ERR_PTR(-EINVAL);
8652 } else {
8653 n_channels = ieee80211_get_num_supported_channels(wiphy);
8654 }
8655
8656 if (attrs[NL80211_ATTR_SCAN_SSIDS])
8657 nla_for_each_nested(attr, attrs[NL80211_ATTR_SCAN_SSIDS],
8658 tmp)
8659 n_ssids++;
8660
8661 if (n_ssids > wiphy->max_sched_scan_ssids)
8662 return ERR_PTR(-EINVAL);
8663
8664 /*
8665 * First, count the number of 'real' matchsets. Due to an issue with
8666 * the old implementation, matchsets containing only the RSSI attribute
8667 * (NL80211_SCHED_SCAN_MATCH_ATTR_RSSI) are considered as the 'default'
8668 * RSSI for all matchsets, rather than their own matchset for reporting
8669 * all APs with a strong RSSI. This is needed to be compatible with
8670 * older userspace that treated a matchset with only the RSSI as the
8671 * global RSSI for all other matchsets - if there are other matchsets.
8672 */
8673 if (attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
8674 nla_for_each_nested(attr,
8675 attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
8676 tmp) {
8677 struct nlattr *rssi;
8678
8679 err = nla_parse_nested_deprecated(tb,
8680 NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
8681 attr,
8682 nl80211_match_policy,
8683 NULL);
8684 if (err)
8685 return ERR_PTR(err);
8686
8687 /* SSID and BSSID are mutually exclusive */
8688 if (tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID] &&
8689 tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID])
8690 return ERR_PTR(-EINVAL);
8691
8692 /* add other standalone attributes here */
8693 if (tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID] ||
8694 tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID]) {
8695 n_match_sets++;
8696 continue;
8697 }
8698 rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
8699 if (rssi)
8700 default_match_rssi = nla_get_s32(rssi);
8701 }
8702 }
8703
8704 /* However, if there's no other matchset, add the RSSI one */
8705 if (!n_match_sets && default_match_rssi != NL80211_SCAN_RSSI_THOLD_OFF)
8706 n_match_sets = 1;
8707
8708 if (n_match_sets > max_match_sets)
8709 return ERR_PTR(-EINVAL);
8710
8711 if (attrs[NL80211_ATTR_IE])
8712 ie_len = nla_len(attrs[NL80211_ATTR_IE]);
8713 else
8714 ie_len = 0;
8715
8716 if (ie_len > wiphy->max_sched_scan_ie_len)
8717 return ERR_PTR(-EINVAL);
8718
8719 if (attrs[NL80211_ATTR_SCHED_SCAN_PLANS]) {
8720 /*
8721 * NL80211_ATTR_SCHED_SCAN_INTERVAL must not be specified since
8722 * each scan plan already specifies its own interval
8723 */
8724 if (attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
8725 return ERR_PTR(-EINVAL);
8726
8727 nla_for_each_nested(attr,
8728 attrs[NL80211_ATTR_SCHED_SCAN_PLANS], tmp)
8729 n_plans++;
8730 } else {
8731 /*
8732 * The scan interval attribute is kept for backward
8733 * compatibility. If no scan plans are specified and sched scan
8734 * interval is specified, one scan plan will be set with this
8735 * scan interval and infinite number of iterations.
8736 */
8737 if (!attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
8738 return ERR_PTR(-EINVAL);
8739
8740 n_plans = 1;
8741 }
8742
8743 if (!n_plans || n_plans > wiphy->max_sched_scan_plans)
8744 return ERR_PTR(-EINVAL);
8745
8746 if (!wiphy_ext_feature_isset(
8747 wiphy, NL80211_EXT_FEATURE_SCHED_SCAN_RELATIVE_RSSI) &&
8748 (attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI] ||
8749 attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]))
8750 return ERR_PTR(-EINVAL);
8751
8752 request = kzalloc(sizeof(*request)
8753 + sizeof(*request->ssids) * n_ssids
8754 + sizeof(*request->match_sets) * n_match_sets
8755 + sizeof(*request->scan_plans) * n_plans
8756 + sizeof(*request->channels) * n_channels
8757 + ie_len, GFP_KERNEL);
8758 if (!request)
8759 return ERR_PTR(-ENOMEM);
8760
8761 if (n_ssids)
8762 request->ssids = (void *)&request->channels[n_channels];
8763 request->n_ssids = n_ssids;
8764 if (ie_len) {
8765 if (n_ssids)
8766 request->ie = (void *)(request->ssids + n_ssids);
8767 else
8768 request->ie = (void *)(request->channels + n_channels);
8769 }
8770
8771 if (n_match_sets) {
8772 if (request->ie)
8773 request->match_sets = (void *)(request->ie + ie_len);
8774 else if (n_ssids)
8775 request->match_sets =
8776 (void *)(request->ssids + n_ssids);
8777 else
8778 request->match_sets =
8779 (void *)(request->channels + n_channels);
8780 }
8781 request->n_match_sets = n_match_sets;
8782
8783 if (n_match_sets)
8784 request->scan_plans = (void *)(request->match_sets +
8785 n_match_sets);
8786 else if (request->ie)
8787 request->scan_plans = (void *)(request->ie + ie_len);
8788 else if (n_ssids)
8789 request->scan_plans = (void *)(request->ssids + n_ssids);
8790 else
8791 request->scan_plans = (void *)(request->channels + n_channels);
8792
8793 request->n_scan_plans = n_plans;
8794
8795 i = 0;
8796 if (attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
8797 /* user specified, bail out if channel not found */
8798 nla_for_each_nested(attr,
8799 attrs[NL80211_ATTR_SCAN_FREQUENCIES],
8800 tmp) {
8801 struct ieee80211_channel *chan;
8802
8803 chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
8804
8805 if (!chan) {
8806 err = -EINVAL;
8807 goto out_free;
8808 }
8809
8810 /* ignore disabled channels */
8811 if (chan->flags & IEEE80211_CHAN_DISABLED)
8812 continue;
8813
8814 request->channels[i] = chan;
8815 i++;
8816 }
8817 } else {
8818 /* all channels */
8819 for (band = 0; band < NUM_NL80211_BANDS; band++) {
8820 int j;
8821
8822 if (!wiphy->bands[band])
8823 continue;
8824 for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
8825 struct ieee80211_channel *chan;
8826
8827 chan = &wiphy->bands[band]->channels[j];
8828
8829 if (chan->flags & IEEE80211_CHAN_DISABLED)
8830 continue;
8831
8832 request->channels[i] = chan;
8833 i++;
8834 }
8835 }
8836 }
8837
8838 if (!i) {
8839 err = -EINVAL;
8840 goto out_free;
8841 }
8842
8843 request->n_channels = i;
8844
8845 i = 0;
8846 if (n_ssids) {
8847 nla_for_each_nested(attr, attrs[NL80211_ATTR_SCAN_SSIDS],
8848 tmp) {
8849 if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
8850 err = -EINVAL;
8851 goto out_free;
8852 }
8853 request->ssids[i].ssid_len = nla_len(attr);
8854 memcpy(request->ssids[i].ssid, nla_data(attr),
8855 nla_len(attr));
8856 i++;
8857 }
8858 }
8859
8860 i = 0;
8861 if (attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
8862 nla_for_each_nested(attr,
8863 attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
8864 tmp) {
8865 struct nlattr *ssid, *bssid, *rssi;
8866
8867 err = nla_parse_nested_deprecated(tb,
8868 NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
8869 attr,
8870 nl80211_match_policy,
8871 NULL);
8872 if (err)
8873 goto out_free;
8874 ssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID];
8875 bssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID];
8876
8877 if (!ssid && !bssid) {
8878 i++;
8879 continue;
8880 }
8881
8882 if (WARN_ON(i >= n_match_sets)) {
8883 /* this indicates a programming error,
8884 * the loop above should have verified
8885 * things properly
8886 */
8887 err = -EINVAL;
8888 goto out_free;
8889 }
8890
8891 if (ssid) {
8892 memcpy(request->match_sets[i].ssid.ssid,
8893 nla_data(ssid), nla_len(ssid));
8894 request->match_sets[i].ssid.ssid_len =
8895 nla_len(ssid);
8896 }
8897 if (bssid)
8898 memcpy(request->match_sets[i].bssid,
8899 nla_data(bssid), ETH_ALEN);
8900
8901 /* special attribute - old implementation w/a */
8902 request->match_sets[i].rssi_thold = default_match_rssi;
8903 rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
8904 if (rssi)
8905 request->match_sets[i].rssi_thold =
8906 nla_get_s32(rssi);
8907
8908 /* Parse per band RSSI attribute */
8909 err = nl80211_parse_sched_scan_per_band_rssi(wiphy,
8910 &request->match_sets[i],
8911 tb[NL80211_SCHED_SCAN_MATCH_PER_BAND_RSSI],
8912 request->match_sets[i].rssi_thold);
8913 if (err)
8914 goto out_free;
8915
8916 i++;
8917 }
8918
8919 /* there was no other matchset, so the RSSI one is alone */
8920 if (i == 0 && n_match_sets)
8921 request->match_sets[0].rssi_thold = default_match_rssi;
8922
8923 request->min_rssi_thold = INT_MAX;
8924 for (i = 0; i < n_match_sets; i++)
8925 request->min_rssi_thold =
8926 min(request->match_sets[i].rssi_thold,
8927 request->min_rssi_thold);
8928 } else {
8929 request->min_rssi_thold = NL80211_SCAN_RSSI_THOLD_OFF;
8930 }
8931
8932 if (ie_len) {
8933 request->ie_len = ie_len;
8934 memcpy((void *)request->ie,
8935 nla_data(attrs[NL80211_ATTR_IE]),
8936 request->ie_len);
8937 }
8938
8939 err = nl80211_check_scan_flags(wiphy, wdev, request, attrs, true);
8940 if (err)
8941 goto out_free;
8942
8943 if (attrs[NL80211_ATTR_SCHED_SCAN_DELAY])
8944 request->delay =
8945 nla_get_u32(attrs[NL80211_ATTR_SCHED_SCAN_DELAY]);
8946
8947 if (attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI]) {
8948 request->relative_rssi = nla_get_s8(
8949 attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI]);
8950 request->relative_rssi_set = true;
8951 }
8952
8953 if (request->relative_rssi_set &&
8954 attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]) {
8955 struct nl80211_bss_select_rssi_adjust *rssi_adjust;
8956
8957 rssi_adjust = nla_data(
8958 attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]);
8959 request->rssi_adjust.band = rssi_adjust->band;
8960 request->rssi_adjust.delta = rssi_adjust->delta;
8961 if (!is_band_valid(wiphy, request->rssi_adjust.band)) {
8962 err = -EINVAL;
8963 goto out_free;
8964 }
8965 }
8966
8967 err = nl80211_parse_sched_scan_plans(wiphy, n_plans, request, attrs);
8968 if (err)
8969 goto out_free;
8970
8971 request->scan_start = jiffies;
8972
8973 return request;
8974
8975 out_free:
8976 kfree(request);
8977 return ERR_PTR(err);
8978 }
8979
8980 static int nl80211_start_sched_scan(struct sk_buff *skb,
8981 struct genl_info *info)
8982 {
8983 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8984 struct net_device *dev = info->user_ptr[1];
8985 struct wireless_dev *wdev = dev->ieee80211_ptr;
8986 struct cfg80211_sched_scan_request *sched_scan_req;
8987 bool want_multi;
8988 int err;
8989
8990 if (!rdev->wiphy.max_sched_scan_reqs || !rdev->ops->sched_scan_start)
8991 return -EOPNOTSUPP;
8992
8993 want_multi = info->attrs[NL80211_ATTR_SCHED_SCAN_MULTI];
8994 err = cfg80211_sched_scan_req_possible(rdev, want_multi);
8995 if (err)
8996 return err;
8997
8998 sched_scan_req = nl80211_parse_sched_scan(&rdev->wiphy, wdev,
8999 info->attrs,
9000 rdev->wiphy.max_match_sets);
9001
9002 err = PTR_ERR_OR_ZERO(sched_scan_req);
9003 if (err)
9004 goto out_err;
9005
9006 /* leave request id zero for legacy request
9007 * or if driver does not support multi-scheduled scan
9008 */
9009 if (want_multi && rdev->wiphy.max_sched_scan_reqs > 1)
9010 sched_scan_req->reqid = cfg80211_assign_cookie(rdev);
9011
9012 err = rdev_sched_scan_start(rdev, dev, sched_scan_req);
9013 if (err)
9014 goto out_free;
9015
9016 sched_scan_req->dev = dev;
9017 sched_scan_req->wiphy = &rdev->wiphy;
9018
9019 if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
9020 sched_scan_req->owner_nlportid = info->snd_portid;
9021
9022 cfg80211_add_sched_scan_req(rdev, sched_scan_req);
9023
9024 nl80211_send_sched_scan(sched_scan_req, NL80211_CMD_START_SCHED_SCAN);
9025 return 0;
9026
9027 out_free:
9028 kfree(sched_scan_req);
9029 out_err:
9030 return err;
9031 }
9032
9033 static int nl80211_stop_sched_scan(struct sk_buff *skb,
9034 struct genl_info *info)
9035 {
9036 struct cfg80211_sched_scan_request *req;
9037 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9038 u64 cookie;
9039
9040 if (!rdev->wiphy.max_sched_scan_reqs || !rdev->ops->sched_scan_stop)
9041 return -EOPNOTSUPP;
9042
9043 if (info->attrs[NL80211_ATTR_COOKIE]) {
9044 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
9045 return __cfg80211_stop_sched_scan(rdev, cookie, false);
9046 }
9047
9048 req = list_first_or_null_rcu(&rdev->sched_scan_req_list,
9049 struct cfg80211_sched_scan_request,
9050 list);
9051 if (!req || req->reqid ||
9052 (req->owner_nlportid &&
9053 req->owner_nlportid != info->snd_portid))
9054 return -ENOENT;
9055
9056 return cfg80211_stop_sched_scan_req(rdev, req, false);
9057 }
9058
9059 static int nl80211_start_radar_detection(struct sk_buff *skb,
9060 struct genl_info *info)
9061 {
9062 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9063 struct net_device *dev = info->user_ptr[1];
9064 struct wireless_dev *wdev = dev->ieee80211_ptr;
9065 struct wiphy *wiphy = wdev->wiphy;
9066 struct cfg80211_chan_def chandef;
9067 enum nl80211_dfs_regions dfs_region;
9068 unsigned int cac_time_ms;
9069 int err;
9070
9071 dfs_region = reg_get_dfs_region(wiphy);
9072 if (dfs_region == NL80211_DFS_UNSET)
9073 return -EINVAL;
9074
9075 err = nl80211_parse_chandef(rdev, info, &chandef);
9076 if (err)
9077 return err;
9078
9079 if (netif_carrier_ok(dev))
9080 return -EBUSY;
9081
9082 if (wdev->cac_started)
9083 return -EBUSY;
9084
9085 err = cfg80211_chandef_dfs_required(wiphy, &chandef, wdev->iftype);
9086 if (err < 0)
9087 return err;
9088
9089 if (err == 0)
9090 return -EINVAL;
9091
9092 if (!cfg80211_chandef_dfs_usable(wiphy, &chandef))
9093 return -EINVAL;
9094
9095 /* CAC start is offloaded to HW and can't be started manually */
9096 if (wiphy_ext_feature_isset(wiphy, NL80211_EXT_FEATURE_DFS_OFFLOAD))
9097 return -EOPNOTSUPP;
9098
9099 if (!rdev->ops->start_radar_detection)
9100 return -EOPNOTSUPP;
9101
9102 cac_time_ms = cfg80211_chandef_dfs_cac_time(&rdev->wiphy, &chandef);
9103 if (WARN_ON(!cac_time_ms))
9104 cac_time_ms = IEEE80211_DFS_MIN_CAC_TIME_MS;
9105
9106 err = rdev_start_radar_detection(rdev, dev, &chandef, cac_time_ms);
9107 if (!err) {
9108 wdev->chandef = chandef;
9109 wdev->cac_started = true;
9110 wdev->cac_start_time = jiffies;
9111 wdev->cac_time_ms = cac_time_ms;
9112 }
9113 return err;
9114 }
9115
9116 static int nl80211_notify_radar_detection(struct sk_buff *skb,
9117 struct genl_info *info)
9118 {
9119 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9120 struct net_device *dev = info->user_ptr[1];
9121 struct wireless_dev *wdev = dev->ieee80211_ptr;
9122 struct wiphy *wiphy = wdev->wiphy;
9123 struct cfg80211_chan_def chandef;
9124 enum nl80211_dfs_regions dfs_region;
9125 int err;
9126
9127 dfs_region = reg_get_dfs_region(wiphy);
9128 if (dfs_region == NL80211_DFS_UNSET) {
9129 GENL_SET_ERR_MSG(info,
9130 "DFS Region is not set. Unexpected Radar indication");
9131 return -EINVAL;
9132 }
9133
9134 err = nl80211_parse_chandef(rdev, info, &chandef);
9135 if (err) {
9136 GENL_SET_ERR_MSG(info, "Unable to extract chandef info");
9137 return err;
9138 }
9139
9140 err = cfg80211_chandef_dfs_required(wiphy, &chandef, wdev->iftype);
9141 if (err < 0) {
9142 GENL_SET_ERR_MSG(info, "chandef is invalid");
9143 return err;
9144 }
9145
9146 if (err == 0) {
9147 GENL_SET_ERR_MSG(info,
9148 "Unexpected Radar indication for chandef/iftype");
9149 return -EINVAL;
9150 }
9151
9152 /* Do not process this notification if radar is already detected
9153 * by kernel on this channel, and return success.
9154 */
9155 if (chandef.chan->dfs_state == NL80211_DFS_UNAVAILABLE)
9156 return 0;
9157
9158 cfg80211_set_dfs_state(wiphy, &chandef, NL80211_DFS_UNAVAILABLE);
9159
9160 cfg80211_sched_dfs_chan_update(rdev);
9161
9162 rdev->radar_chandef = chandef;
9163
9164 /* Propagate this notification to other radios as well */
9165 queue_work(cfg80211_wq, &rdev->propagate_radar_detect_wk);
9166
9167 return 0;
9168 }
9169
9170 static int nl80211_channel_switch(struct sk_buff *skb, struct genl_info *info)
9171 {
9172 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9173 struct net_device *dev = info->user_ptr[1];
9174 struct wireless_dev *wdev = dev->ieee80211_ptr;
9175 struct cfg80211_csa_settings params;
9176 struct nlattr **csa_attrs = NULL;
9177 int err;
9178 bool need_new_beacon = false;
9179 bool need_handle_dfs_flag = true;
9180 int len, i;
9181 u32 cs_count;
9182
9183 if (!rdev->ops->channel_switch ||
9184 !(rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH))
9185 return -EOPNOTSUPP;
9186
9187 switch (dev->ieee80211_ptr->iftype) {
9188 case NL80211_IFTYPE_AP:
9189 case NL80211_IFTYPE_P2P_GO:
9190 need_new_beacon = true;
9191 /* For all modes except AP the handle_dfs flag needs to be
9192 * supplied to tell the kernel that userspace will handle radar
9193 * events when they happen. Otherwise a switch to a channel
9194 * requiring DFS will be rejected.
9195 */
9196 need_handle_dfs_flag = false;
9197
9198 /* useless if AP is not running */
9199 if (!wdev->beacon_interval)
9200 return -ENOTCONN;
9201 break;
9202 case NL80211_IFTYPE_ADHOC:
9203 if (!wdev->ssid_len)
9204 return -ENOTCONN;
9205 break;
9206 case NL80211_IFTYPE_MESH_POINT:
9207 if (!wdev->mesh_id_len)
9208 return -ENOTCONN;
9209 break;
9210 default:
9211 return -EOPNOTSUPP;
9212 }
9213
9214 memset(&params, 0, sizeof(params));
9215 params.beacon_csa.ftm_responder = -1;
9216
9217 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
9218 !info->attrs[NL80211_ATTR_CH_SWITCH_COUNT])
9219 return -EINVAL;
9220
9221 /* only important for AP, IBSS and mesh create IEs internally */
9222 if (need_new_beacon && !info->attrs[NL80211_ATTR_CSA_IES])
9223 return -EINVAL;
9224
9225 /* Even though the attribute is u32, the specification says
9226 * u8, so let's make sure we don't overflow.
9227 */
9228 cs_count = nla_get_u32(info->attrs[NL80211_ATTR_CH_SWITCH_COUNT]);
9229 if (cs_count > 255)
9230 return -EINVAL;
9231
9232 params.count = cs_count;
9233
9234 if (!need_new_beacon)
9235 goto skip_beacons;
9236
9237 err = nl80211_parse_beacon(rdev, info->attrs, &params.beacon_after);
9238 if (err)
9239 return err;
9240
9241 csa_attrs = kcalloc(NL80211_ATTR_MAX + 1, sizeof(*csa_attrs),
9242 GFP_KERNEL);
9243 if (!csa_attrs)
9244 return -ENOMEM;
9245
9246 err = nla_parse_nested_deprecated(csa_attrs, NL80211_ATTR_MAX,
9247 info->attrs[NL80211_ATTR_CSA_IES],
9248 nl80211_policy, info->extack);
9249 if (err)
9250 goto free;
9251
9252 err = nl80211_parse_beacon(rdev, csa_attrs, &params.beacon_csa);
9253 if (err)
9254 goto free;
9255
9256 if (!csa_attrs[NL80211_ATTR_CNTDWN_OFFS_BEACON]) {
9257 err = -EINVAL;
9258 goto free;
9259 }
9260
9261 len = nla_len(csa_attrs[NL80211_ATTR_CNTDWN_OFFS_BEACON]);
9262 if (!len || (len % sizeof(u16))) {
9263 err = -EINVAL;
9264 goto free;
9265 }
9266
9267 params.n_counter_offsets_beacon = len / sizeof(u16);
9268 if (rdev->wiphy.max_num_csa_counters &&
9269 (params.n_counter_offsets_beacon >
9270 rdev->wiphy.max_num_csa_counters)) {
9271 err = -EINVAL;
9272 goto free;
9273 }
9274
9275 params.counter_offsets_beacon =
9276 nla_data(csa_attrs[NL80211_ATTR_CNTDWN_OFFS_BEACON]);
9277
9278 /* sanity checks - counters should fit and be the same */
9279 for (i = 0; i < params.n_counter_offsets_beacon; i++) {
9280 u16 offset = params.counter_offsets_beacon[i];
9281
9282 if (offset >= params.beacon_csa.tail_len) {
9283 err = -EINVAL;
9284 goto free;
9285 }
9286
9287 if (params.beacon_csa.tail[offset] != params.count) {
9288 err = -EINVAL;
9289 goto free;
9290 }
9291 }
9292
9293 if (csa_attrs[NL80211_ATTR_CNTDWN_OFFS_PRESP]) {
9294 len = nla_len(csa_attrs[NL80211_ATTR_CNTDWN_OFFS_PRESP]);
9295 if (!len || (len % sizeof(u16))) {
9296 err = -EINVAL;
9297 goto free;
9298 }
9299
9300 params.n_counter_offsets_presp = len / sizeof(u16);
9301 if (rdev->wiphy.max_num_csa_counters &&
9302 (params.n_counter_offsets_presp >
9303 rdev->wiphy.max_num_csa_counters)) {
9304 err = -EINVAL;
9305 goto free;
9306 }
9307
9308 params.counter_offsets_presp =
9309 nla_data(csa_attrs[NL80211_ATTR_CNTDWN_OFFS_PRESP]);
9310
9311 /* sanity checks - counters should fit and be the same */
9312 for (i = 0; i < params.n_counter_offsets_presp; i++) {
9313 u16 offset = params.counter_offsets_presp[i];
9314
9315 if (offset >= params.beacon_csa.probe_resp_len) {
9316 err = -EINVAL;
9317 goto free;
9318 }
9319
9320 if (params.beacon_csa.probe_resp[offset] !=
9321 params.count) {
9322 err = -EINVAL;
9323 goto free;
9324 }
9325 }
9326 }
9327
9328 skip_beacons:
9329 err = nl80211_parse_chandef(rdev, info, &params.chandef);
9330 if (err)
9331 goto free;
9332
9333 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &params.chandef,
9334 wdev->iftype)) {
9335 err = -EINVAL;
9336 goto free;
9337 }
9338
9339 err = cfg80211_chandef_dfs_required(wdev->wiphy,
9340 &params.chandef,
9341 wdev->iftype);
9342 if (err < 0)
9343 goto free;
9344
9345 if (err > 0) {
9346 params.radar_required = true;
9347 if (need_handle_dfs_flag &&
9348 !nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS])) {
9349 err = -EINVAL;
9350 goto free;
9351 }
9352 }
9353
9354 if (info->attrs[NL80211_ATTR_CH_SWITCH_BLOCK_TX])
9355 params.block_tx = true;
9356
9357 wdev_lock(wdev);
9358 err = rdev_channel_switch(rdev, dev, &params);
9359 wdev_unlock(wdev);
9360
9361 free:
9362 kfree(csa_attrs);
9363 return err;
9364 }
9365
9366 static int nl80211_send_bss(struct sk_buff *msg, struct netlink_callback *cb,
9367 u32 seq, int flags,
9368 struct cfg80211_registered_device *rdev,
9369 struct wireless_dev *wdev,
9370 struct cfg80211_internal_bss *intbss)
9371 {
9372 struct cfg80211_bss *res = &intbss->pub;
9373 const struct cfg80211_bss_ies *ies;
9374 void *hdr;
9375 struct nlattr *bss;
9376
9377 ASSERT_WDEV_LOCK(wdev);
9378
9379 hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags,
9380 NL80211_CMD_NEW_SCAN_RESULTS);
9381 if (!hdr)
9382 return -1;
9383
9384 genl_dump_check_consistent(cb, hdr);
9385
9386 if (nla_put_u32(msg, NL80211_ATTR_GENERATION, rdev->bss_generation))
9387 goto nla_put_failure;
9388 if (wdev->netdev &&
9389 nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex))
9390 goto nla_put_failure;
9391 if (nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
9392 NL80211_ATTR_PAD))
9393 goto nla_put_failure;
9394
9395 bss = nla_nest_start_noflag(msg, NL80211_ATTR_BSS);
9396 if (!bss)
9397 goto nla_put_failure;
9398 if ((!is_zero_ether_addr(res->bssid) &&
9399 nla_put(msg, NL80211_BSS_BSSID, ETH_ALEN, res->bssid)))
9400 goto nla_put_failure;
9401
9402 rcu_read_lock();
9403 /* indicate whether we have probe response data or not */
9404 if (rcu_access_pointer(res->proberesp_ies) &&
9405 nla_put_flag(msg, NL80211_BSS_PRESP_DATA))
9406 goto fail_unlock_rcu;
9407
9408 /* this pointer prefers to be pointed to probe response data
9409 * but is always valid
9410 */
9411 ies = rcu_dereference(res->ies);
9412 if (ies) {
9413 if (nla_put_u64_64bit(msg, NL80211_BSS_TSF, ies->tsf,
9414 NL80211_BSS_PAD))
9415 goto fail_unlock_rcu;
9416 if (ies->len && nla_put(msg, NL80211_BSS_INFORMATION_ELEMENTS,
9417 ies->len, ies->data))
9418 goto fail_unlock_rcu;
9419 }
9420
9421 /* and this pointer is always (unless driver didn't know) beacon data */
9422 ies = rcu_dereference(res->beacon_ies);
9423 if (ies && ies->from_beacon) {
9424 if (nla_put_u64_64bit(msg, NL80211_BSS_BEACON_TSF, ies->tsf,
9425 NL80211_BSS_PAD))
9426 goto fail_unlock_rcu;
9427 if (ies->len && nla_put(msg, NL80211_BSS_BEACON_IES,
9428 ies->len, ies->data))
9429 goto fail_unlock_rcu;
9430 }
9431 rcu_read_unlock();
9432
9433 if (res->beacon_interval &&
9434 nla_put_u16(msg, NL80211_BSS_BEACON_INTERVAL, res->beacon_interval))
9435 goto nla_put_failure;
9436 if (nla_put_u16(msg, NL80211_BSS_CAPABILITY, res->capability) ||
9437 nla_put_u32(msg, NL80211_BSS_FREQUENCY, res->channel->center_freq) ||
9438 nla_put_u32(msg, NL80211_BSS_FREQUENCY_OFFSET,
9439 res->channel->freq_offset) ||
9440 nla_put_u32(msg, NL80211_BSS_CHAN_WIDTH, res->scan_width) ||
9441 nla_put_u32(msg, NL80211_BSS_SEEN_MS_AGO,
9442 jiffies_to_msecs(jiffies - intbss->ts)))
9443 goto nla_put_failure;
9444
9445 if (intbss->parent_tsf &&
9446 (nla_put_u64_64bit(msg, NL80211_BSS_PARENT_TSF,
9447 intbss->parent_tsf, NL80211_BSS_PAD) ||
9448 nla_put(msg, NL80211_BSS_PARENT_BSSID, ETH_ALEN,
9449 intbss->parent_bssid)))
9450 goto nla_put_failure;
9451
9452 if (intbss->ts_boottime &&
9453 nla_put_u64_64bit(msg, NL80211_BSS_LAST_SEEN_BOOTTIME,
9454 intbss->ts_boottime, NL80211_BSS_PAD))
9455 goto nla_put_failure;
9456
9457 if (!nl80211_put_signal(msg, intbss->pub.chains,
9458 intbss->pub.chain_signal,
9459 NL80211_BSS_CHAIN_SIGNAL))
9460 goto nla_put_failure;
9461
9462 switch (rdev->wiphy.signal_type) {
9463 case CFG80211_SIGNAL_TYPE_MBM:
9464 if (nla_put_u32(msg, NL80211_BSS_SIGNAL_MBM, res->signal))
9465 goto nla_put_failure;
9466 break;
9467 case CFG80211_SIGNAL_TYPE_UNSPEC:
9468 if (nla_put_u8(msg, NL80211_BSS_SIGNAL_UNSPEC, res->signal))
9469 goto nla_put_failure;
9470 break;
9471 default:
9472 break;
9473 }
9474
9475 switch (wdev->iftype) {
9476 case NL80211_IFTYPE_P2P_CLIENT:
9477 case NL80211_IFTYPE_STATION:
9478 if (intbss == wdev->current_bss &&
9479 nla_put_u32(msg, NL80211_BSS_STATUS,
9480 NL80211_BSS_STATUS_ASSOCIATED))
9481 goto nla_put_failure;
9482 break;
9483 case NL80211_IFTYPE_ADHOC:
9484 if (intbss == wdev->current_bss &&
9485 nla_put_u32(msg, NL80211_BSS_STATUS,
9486 NL80211_BSS_STATUS_IBSS_JOINED))
9487 goto nla_put_failure;
9488 break;
9489 default:
9490 break;
9491 }
9492
9493 nla_nest_end(msg, bss);
9494
9495 genlmsg_end(msg, hdr);
9496 return 0;
9497
9498 fail_unlock_rcu:
9499 rcu_read_unlock();
9500 nla_put_failure:
9501 genlmsg_cancel(msg, hdr);
9502 return -EMSGSIZE;
9503 }
9504
9505 static int nl80211_dump_scan(struct sk_buff *skb, struct netlink_callback *cb)
9506 {
9507 struct cfg80211_registered_device *rdev;
9508 struct cfg80211_internal_bss *scan;
9509 struct wireless_dev *wdev;
9510 int start = cb->args[2], idx = 0;
9511 int err;
9512
9513 err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev);
9514 if (err)
9515 return err;
9516 /* nl80211_prepare_wdev_dump acquired it in the successful case */
9517 __acquire(&rdev->wiphy.mtx);
9518
9519 wdev_lock(wdev);
9520 spin_lock_bh(&rdev->bss_lock);
9521
9522 /*
9523 * dump_scan will be called multiple times to break up the scan results
9524 * into multiple messages. It is unlikely that any more bss-es will be
9525 * expired after the first call, so only call only call this on the
9526 * first dump_scan invocation.
9527 */
9528 if (start == 0)
9529 cfg80211_bss_expire(rdev);
9530
9531 cb->seq = rdev->bss_generation;
9532
9533 list_for_each_entry(scan, &rdev->bss_list, list) {
9534 if (++idx <= start)
9535 continue;
9536 if (nl80211_send_bss(skb, cb,
9537 cb->nlh->nlmsg_seq, NLM_F_MULTI,
9538 rdev, wdev, scan) < 0) {
9539 idx--;
9540 break;
9541 }
9542 }
9543
9544 spin_unlock_bh(&rdev->bss_lock);
9545 wdev_unlock(wdev);
9546
9547 cb->args[2] = idx;
9548 wiphy_unlock(&rdev->wiphy);
9549
9550 return skb->len;
9551 }
9552
9553 static int nl80211_send_survey(struct sk_buff *msg, u32 portid, u32 seq,
9554 int flags, struct net_device *dev,
9555 bool allow_radio_stats,
9556 struct survey_info *survey)
9557 {
9558 void *hdr;
9559 struct nlattr *infoattr;
9560
9561 /* skip radio stats if userspace didn't request them */
9562 if (!survey->channel && !allow_radio_stats)
9563 return 0;
9564
9565 hdr = nl80211hdr_put(msg, portid, seq, flags,
9566 NL80211_CMD_NEW_SURVEY_RESULTS);
9567 if (!hdr)
9568 return -ENOMEM;
9569
9570 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
9571 goto nla_put_failure;
9572
9573 infoattr = nla_nest_start_noflag(msg, NL80211_ATTR_SURVEY_INFO);
9574 if (!infoattr)
9575 goto nla_put_failure;
9576
9577 if (survey->channel &&
9578 nla_put_u32(msg, NL80211_SURVEY_INFO_FREQUENCY,
9579 survey->channel->center_freq))
9580 goto nla_put_failure;
9581
9582 if (survey->channel && survey->channel->freq_offset &&
9583 nla_put_u32(msg, NL80211_SURVEY_INFO_FREQUENCY_OFFSET,
9584 survey->channel->freq_offset))
9585 goto nla_put_failure;
9586
9587 if ((survey->filled & SURVEY_INFO_NOISE_DBM) &&
9588 nla_put_u8(msg, NL80211_SURVEY_INFO_NOISE, survey->noise))
9589 goto nla_put_failure;
9590 if ((survey->filled & SURVEY_INFO_IN_USE) &&
9591 nla_put_flag(msg, NL80211_SURVEY_INFO_IN_USE))
9592 goto nla_put_failure;
9593 if ((survey->filled & SURVEY_INFO_TIME) &&
9594 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME,
9595 survey->time, NL80211_SURVEY_INFO_PAD))
9596 goto nla_put_failure;
9597 if ((survey->filled & SURVEY_INFO_TIME_BUSY) &&
9598 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_BUSY,
9599 survey->time_busy, NL80211_SURVEY_INFO_PAD))
9600 goto nla_put_failure;
9601 if ((survey->filled & SURVEY_INFO_TIME_EXT_BUSY) &&
9602 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_EXT_BUSY,
9603 survey->time_ext_busy, NL80211_SURVEY_INFO_PAD))
9604 goto nla_put_failure;
9605 if ((survey->filled & SURVEY_INFO_TIME_RX) &&
9606 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_RX,
9607 survey->time_rx, NL80211_SURVEY_INFO_PAD))
9608 goto nla_put_failure;
9609 if ((survey->filled & SURVEY_INFO_TIME_TX) &&
9610 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_TX,
9611 survey->time_tx, NL80211_SURVEY_INFO_PAD))
9612 goto nla_put_failure;
9613 if ((survey->filled & SURVEY_INFO_TIME_SCAN) &&
9614 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_SCAN,
9615 survey->time_scan, NL80211_SURVEY_INFO_PAD))
9616 goto nla_put_failure;
9617 if ((survey->filled & SURVEY_INFO_TIME_BSS_RX) &&
9618 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_BSS_RX,
9619 survey->time_bss_rx, NL80211_SURVEY_INFO_PAD))
9620 goto nla_put_failure;
9621
9622 nla_nest_end(msg, infoattr);
9623
9624 genlmsg_end(msg, hdr);
9625 return 0;
9626
9627 nla_put_failure:
9628 genlmsg_cancel(msg, hdr);
9629 return -EMSGSIZE;
9630 }
9631
9632 static int nl80211_dump_survey(struct sk_buff *skb, struct netlink_callback *cb)
9633 {
9634 struct nlattr **attrbuf;
9635 struct survey_info survey;
9636 struct cfg80211_registered_device *rdev;
9637 struct wireless_dev *wdev;
9638 int survey_idx = cb->args[2];
9639 int res;
9640 bool radio_stats;
9641
9642 attrbuf = kcalloc(NUM_NL80211_ATTR, sizeof(*attrbuf), GFP_KERNEL);
9643 if (!attrbuf)
9644 return -ENOMEM;
9645
9646 res = nl80211_prepare_wdev_dump(cb, &rdev, &wdev);
9647 if (res) {
9648 kfree(attrbuf);
9649 return res;
9650 }
9651 /* nl80211_prepare_wdev_dump acquired it in the successful case */
9652 __acquire(&rdev->wiphy.mtx);
9653
9654 /* prepare_wdev_dump parsed the attributes */
9655 radio_stats = attrbuf[NL80211_ATTR_SURVEY_RADIO_STATS];
9656
9657 if (!wdev->netdev) {
9658 res = -EINVAL;
9659 goto out_err;
9660 }
9661
9662 if (!rdev->ops->dump_survey) {
9663 res = -EOPNOTSUPP;
9664 goto out_err;
9665 }
9666
9667 while (1) {
9668 res = rdev_dump_survey(rdev, wdev->netdev, survey_idx, &survey);
9669 if (res == -ENOENT)
9670 break;
9671 if (res)
9672 goto out_err;
9673
9674 /* don't send disabled channels, but do send non-channel data */
9675 if (survey.channel &&
9676 survey.channel->flags & IEEE80211_CHAN_DISABLED) {
9677 survey_idx++;
9678 continue;
9679 }
9680
9681 if (nl80211_send_survey(skb,
9682 NETLINK_CB(cb->skb).portid,
9683 cb->nlh->nlmsg_seq, NLM_F_MULTI,
9684 wdev->netdev, radio_stats, &survey) < 0)
9685 goto out;
9686 survey_idx++;
9687 }
9688
9689 out:
9690 cb->args[2] = survey_idx;
9691 res = skb->len;
9692 out_err:
9693 kfree(attrbuf);
9694 wiphy_unlock(&rdev->wiphy);
9695 return res;
9696 }
9697
9698 static bool nl80211_valid_wpa_versions(u32 wpa_versions)
9699 {
9700 return !(wpa_versions & ~(NL80211_WPA_VERSION_1 |
9701 NL80211_WPA_VERSION_2 |
9702 NL80211_WPA_VERSION_3));
9703 }
9704
9705 static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info)
9706 {
9707 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9708 struct net_device *dev = info->user_ptr[1];
9709 struct ieee80211_channel *chan;
9710 const u8 *bssid, *ssid, *ie = NULL, *auth_data = NULL;
9711 int err, ssid_len, ie_len = 0, auth_data_len = 0;
9712 enum nl80211_auth_type auth_type;
9713 struct key_parse key;
9714 bool local_state_change;
9715 u32 freq;
9716
9717 if (!info->attrs[NL80211_ATTR_MAC])
9718 return -EINVAL;
9719
9720 if (!info->attrs[NL80211_ATTR_AUTH_TYPE])
9721 return -EINVAL;
9722
9723 if (!info->attrs[NL80211_ATTR_SSID])
9724 return -EINVAL;
9725
9726 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
9727 return -EINVAL;
9728
9729 err = nl80211_parse_key(info, &key);
9730 if (err)
9731 return err;
9732
9733 if (key.idx >= 0) {
9734 if (key.type != -1 && key.type != NL80211_KEYTYPE_GROUP)
9735 return -EINVAL;
9736 if (!key.p.key || !key.p.key_len)
9737 return -EINVAL;
9738 if ((key.p.cipher != WLAN_CIPHER_SUITE_WEP40 ||
9739 key.p.key_len != WLAN_KEY_LEN_WEP40) &&
9740 (key.p.cipher != WLAN_CIPHER_SUITE_WEP104 ||
9741 key.p.key_len != WLAN_KEY_LEN_WEP104))
9742 return -EINVAL;
9743 if (key.idx > 3)
9744 return -EINVAL;
9745 } else {
9746 key.p.key_len = 0;
9747 key.p.key = NULL;
9748 }
9749
9750 if (key.idx >= 0) {
9751 int i;
9752 bool ok = false;
9753
9754 for (i = 0; i < rdev->wiphy.n_cipher_suites; i++) {
9755 if (key.p.cipher == rdev->wiphy.cipher_suites[i]) {
9756 ok = true;
9757 break;
9758 }
9759 }
9760 if (!ok)
9761 return -EINVAL;
9762 }
9763
9764 if (!rdev->ops->auth)
9765 return -EOPNOTSUPP;
9766
9767 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
9768 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
9769 return -EOPNOTSUPP;
9770
9771 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
9772 freq = MHZ_TO_KHZ(nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
9773 if (info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET])
9774 freq +=
9775 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET]);
9776
9777 chan = nl80211_get_valid_chan(&rdev->wiphy, freq);
9778 if (!chan)
9779 return -EINVAL;
9780
9781 ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
9782 ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
9783
9784 if (info->attrs[NL80211_ATTR_IE]) {
9785 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
9786 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
9787 }
9788
9789 auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
9790 if (!nl80211_valid_auth_type(rdev, auth_type, NL80211_CMD_AUTHENTICATE))
9791 return -EINVAL;
9792
9793 if ((auth_type == NL80211_AUTHTYPE_SAE ||
9794 auth_type == NL80211_AUTHTYPE_FILS_SK ||
9795 auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
9796 auth_type == NL80211_AUTHTYPE_FILS_PK) &&
9797 !info->attrs[NL80211_ATTR_AUTH_DATA])
9798 return -EINVAL;
9799
9800 if (info->attrs[NL80211_ATTR_AUTH_DATA]) {
9801 if (auth_type != NL80211_AUTHTYPE_SAE &&
9802 auth_type != NL80211_AUTHTYPE_FILS_SK &&
9803 auth_type != NL80211_AUTHTYPE_FILS_SK_PFS &&
9804 auth_type != NL80211_AUTHTYPE_FILS_PK)
9805 return -EINVAL;
9806 auth_data = nla_data(info->attrs[NL80211_ATTR_AUTH_DATA]);
9807 auth_data_len = nla_len(info->attrs[NL80211_ATTR_AUTH_DATA]);
9808 }
9809
9810 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
9811
9812 /*
9813 * Since we no longer track auth state, ignore
9814 * requests to only change local state.
9815 */
9816 if (local_state_change)
9817 return 0;
9818
9819 wdev_lock(dev->ieee80211_ptr);
9820 err = cfg80211_mlme_auth(rdev, dev, chan, auth_type, bssid,
9821 ssid, ssid_len, ie, ie_len,
9822 key.p.key, key.p.key_len, key.idx,
9823 auth_data, auth_data_len);
9824 wdev_unlock(dev->ieee80211_ptr);
9825 return err;
9826 }
9827
9828 static int validate_pae_over_nl80211(struct cfg80211_registered_device *rdev,
9829 struct genl_info *info)
9830 {
9831 if (!info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
9832 GENL_SET_ERR_MSG(info, "SOCKET_OWNER not set");
9833 return -EINVAL;
9834 }
9835
9836 if (!rdev->ops->tx_control_port ||
9837 !wiphy_ext_feature_isset(&rdev->wiphy,
9838 NL80211_EXT_FEATURE_CONTROL_PORT_OVER_NL80211))
9839 return -EOPNOTSUPP;
9840
9841 return 0;
9842 }
9843
9844 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
9845 struct genl_info *info,
9846 struct cfg80211_crypto_settings *settings,
9847 int cipher_limit)
9848 {
9849 memset(settings, 0, sizeof(*settings));
9850
9851 settings->control_port = info->attrs[NL80211_ATTR_CONTROL_PORT];
9852
9853 if (info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) {
9854 u16 proto;
9855
9856 proto = nla_get_u16(
9857 info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]);
9858 settings->control_port_ethertype = cpu_to_be16(proto);
9859 if (!(rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
9860 proto != ETH_P_PAE)
9861 return -EINVAL;
9862 if (info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT])
9863 settings->control_port_no_encrypt = true;
9864 } else
9865 settings->control_port_ethertype = cpu_to_be16(ETH_P_PAE);
9866
9867 if (info->attrs[NL80211_ATTR_CONTROL_PORT_OVER_NL80211]) {
9868 int r = validate_pae_over_nl80211(rdev, info);
9869
9870 if (r < 0)
9871 return r;
9872
9873 settings->control_port_over_nl80211 = true;
9874
9875 if (info->attrs[NL80211_ATTR_CONTROL_PORT_NO_PREAUTH])
9876 settings->control_port_no_preauth = true;
9877 }
9878
9879 if (info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]) {
9880 void *data;
9881 int len, i;
9882
9883 data = nla_data(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
9884 len = nla_len(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
9885 settings->n_ciphers_pairwise = len / sizeof(u32);
9886
9887 if (len % sizeof(u32))
9888 return -EINVAL;
9889
9890 if (settings->n_ciphers_pairwise > cipher_limit)
9891 return -EINVAL;
9892
9893 memcpy(settings->ciphers_pairwise, data, len);
9894
9895 for (i = 0; i < settings->n_ciphers_pairwise; i++)
9896 if (!cfg80211_supported_cipher_suite(
9897 &rdev->wiphy,
9898 settings->ciphers_pairwise[i]))
9899 return -EINVAL;
9900 }
9901
9902 if (info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]) {
9903 settings->cipher_group =
9904 nla_get_u32(info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]);
9905 if (!cfg80211_supported_cipher_suite(&rdev->wiphy,
9906 settings->cipher_group))
9907 return -EINVAL;
9908 }
9909
9910 if (info->attrs[NL80211_ATTR_WPA_VERSIONS]) {
9911 settings->wpa_versions =
9912 nla_get_u32(info->attrs[NL80211_ATTR_WPA_VERSIONS]);
9913 if (!nl80211_valid_wpa_versions(settings->wpa_versions))
9914 return -EINVAL;
9915 }
9916
9917 if (info->attrs[NL80211_ATTR_AKM_SUITES]) {
9918 void *data;
9919 int len;
9920
9921 data = nla_data(info->attrs[NL80211_ATTR_AKM_SUITES]);
9922 len = nla_len(info->attrs[NL80211_ATTR_AKM_SUITES]);
9923 settings->n_akm_suites = len / sizeof(u32);
9924
9925 if (len % sizeof(u32))
9926 return -EINVAL;
9927
9928 if (settings->n_akm_suites > NL80211_MAX_NR_AKM_SUITES)
9929 return -EINVAL;
9930
9931 memcpy(settings->akm_suites, data, len);
9932 }
9933
9934 if (info->attrs[NL80211_ATTR_PMK]) {
9935 if (nla_len(info->attrs[NL80211_ATTR_PMK]) != WLAN_PMK_LEN)
9936 return -EINVAL;
9937 if (!wiphy_ext_feature_isset(&rdev->wiphy,
9938 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_PSK) &&
9939 !wiphy_ext_feature_isset(&rdev->wiphy,
9940 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_AP_PSK))
9941 return -EINVAL;
9942 settings->psk = nla_data(info->attrs[NL80211_ATTR_PMK]);
9943 }
9944
9945 if (info->attrs[NL80211_ATTR_SAE_PASSWORD]) {
9946 if (!wiphy_ext_feature_isset(&rdev->wiphy,
9947 NL80211_EXT_FEATURE_SAE_OFFLOAD) &&
9948 !wiphy_ext_feature_isset(&rdev->wiphy,
9949 NL80211_EXT_FEATURE_SAE_OFFLOAD_AP))
9950 return -EINVAL;
9951 settings->sae_pwd =
9952 nla_data(info->attrs[NL80211_ATTR_SAE_PASSWORD]);
9953 settings->sae_pwd_len =
9954 nla_len(info->attrs[NL80211_ATTR_SAE_PASSWORD]);
9955 }
9956
9957 if (info->attrs[NL80211_ATTR_SAE_PWE])
9958 settings->sae_pwe =
9959 nla_get_u8(info->attrs[NL80211_ATTR_SAE_PWE]);
9960 else
9961 settings->sae_pwe = NL80211_SAE_PWE_UNSPECIFIED;
9962
9963 return 0;
9964 }
9965
9966 static int nl80211_associate(struct sk_buff *skb, struct genl_info *info)
9967 {
9968 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9969 struct net_device *dev = info->user_ptr[1];
9970 struct ieee80211_channel *chan;
9971 struct cfg80211_assoc_request req = {};
9972 const u8 *bssid, *ssid;
9973 int err, ssid_len = 0;
9974 u32 freq;
9975
9976 if (dev->ieee80211_ptr->conn_owner_nlportid &&
9977 dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
9978 return -EPERM;
9979
9980 if (!info->attrs[NL80211_ATTR_MAC] ||
9981 !info->attrs[NL80211_ATTR_SSID] ||
9982 !info->attrs[NL80211_ATTR_WIPHY_FREQ])
9983 return -EINVAL;
9984
9985 if (!rdev->ops->assoc)
9986 return -EOPNOTSUPP;
9987
9988 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
9989 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
9990 return -EOPNOTSUPP;
9991
9992 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
9993
9994 freq = MHZ_TO_KHZ(nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
9995 if (info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET])
9996 freq +=
9997 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET]);
9998 chan = nl80211_get_valid_chan(&rdev->wiphy, freq);
9999 if (!chan)
10000 return -EINVAL;
10001
10002 ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
10003 ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
10004
10005 if (info->attrs[NL80211_ATTR_IE]) {
10006 req.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
10007 req.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
10008 }
10009
10010 if (info->attrs[NL80211_ATTR_USE_MFP]) {
10011 enum nl80211_mfp mfp =
10012 nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
10013 if (mfp == NL80211_MFP_REQUIRED)
10014 req.use_mfp = true;
10015 else if (mfp != NL80211_MFP_NO)
10016 return -EINVAL;
10017 }
10018
10019 if (info->attrs[NL80211_ATTR_PREV_BSSID])
10020 req.prev_bssid = nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]);
10021
10022 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
10023 req.flags |= ASSOC_REQ_DISABLE_HT;
10024
10025 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
10026 memcpy(&req.ht_capa_mask,
10027 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
10028 sizeof(req.ht_capa_mask));
10029
10030 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
10031 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
10032 return -EINVAL;
10033 memcpy(&req.ht_capa,
10034 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
10035 sizeof(req.ht_capa));
10036 }
10037
10038 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT]))
10039 req.flags |= ASSOC_REQ_DISABLE_VHT;
10040
10041 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HE]))
10042 req.flags |= ASSOC_REQ_DISABLE_HE;
10043
10044 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
10045 memcpy(&req.vht_capa_mask,
10046 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]),
10047 sizeof(req.vht_capa_mask));
10048
10049 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {
10050 if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
10051 return -EINVAL;
10052 memcpy(&req.vht_capa,
10053 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]),
10054 sizeof(req.vht_capa));
10055 }
10056
10057 if (nla_get_flag(info->attrs[NL80211_ATTR_USE_RRM])) {
10058 if (!((rdev->wiphy.features &
10059 NL80211_FEATURE_DS_PARAM_SET_IE_IN_PROBES) &&
10060 (rdev->wiphy.features & NL80211_FEATURE_QUIET)) &&
10061 !wiphy_ext_feature_isset(&rdev->wiphy,
10062 NL80211_EXT_FEATURE_RRM))
10063 return -EINVAL;
10064 req.flags |= ASSOC_REQ_USE_RRM;
10065 }
10066
10067 if (info->attrs[NL80211_ATTR_FILS_KEK]) {
10068 req.fils_kek = nla_data(info->attrs[NL80211_ATTR_FILS_KEK]);
10069 req.fils_kek_len = nla_len(info->attrs[NL80211_ATTR_FILS_KEK]);
10070 if (!info->attrs[NL80211_ATTR_FILS_NONCES])
10071 return -EINVAL;
10072 req.fils_nonces =
10073 nla_data(info->attrs[NL80211_ATTR_FILS_NONCES]);
10074 }
10075
10076 if (info->attrs[NL80211_ATTR_S1G_CAPABILITY_MASK]) {
10077 if (!info->attrs[NL80211_ATTR_S1G_CAPABILITY])
10078 return -EINVAL;
10079 memcpy(&req.s1g_capa_mask,
10080 nla_data(info->attrs[NL80211_ATTR_S1G_CAPABILITY_MASK]),
10081 sizeof(req.s1g_capa_mask));
10082 }
10083
10084 if (info->attrs[NL80211_ATTR_S1G_CAPABILITY]) {
10085 if (!info->attrs[NL80211_ATTR_S1G_CAPABILITY_MASK])
10086 return -EINVAL;
10087 memcpy(&req.s1g_capa,
10088 nla_data(info->attrs[NL80211_ATTR_S1G_CAPABILITY]),
10089 sizeof(req.s1g_capa));
10090 }
10091
10092 err = nl80211_crypto_settings(rdev, info, &req.crypto, 1);
10093 if (!err) {
10094 wdev_lock(dev->ieee80211_ptr);
10095
10096 err = cfg80211_mlme_assoc(rdev, dev, chan, bssid,
10097 ssid, ssid_len, &req);
10098
10099 if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
10100 dev->ieee80211_ptr->conn_owner_nlportid =
10101 info->snd_portid;
10102 memcpy(dev->ieee80211_ptr->disconnect_bssid,
10103 bssid, ETH_ALEN);
10104 }
10105
10106 wdev_unlock(dev->ieee80211_ptr);
10107 }
10108
10109 return err;
10110 }
10111
10112 static int nl80211_deauthenticate(struct sk_buff *skb, struct genl_info *info)
10113 {
10114 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10115 struct net_device *dev = info->user_ptr[1];
10116 const u8 *ie = NULL, *bssid;
10117 int ie_len = 0, err;
10118 u16 reason_code;
10119 bool local_state_change;
10120
10121 if (dev->ieee80211_ptr->conn_owner_nlportid &&
10122 dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
10123 return -EPERM;
10124
10125 if (!info->attrs[NL80211_ATTR_MAC])
10126 return -EINVAL;
10127
10128 if (!info->attrs[NL80211_ATTR_REASON_CODE])
10129 return -EINVAL;
10130
10131 if (!rdev->ops->deauth)
10132 return -EOPNOTSUPP;
10133
10134 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
10135 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
10136 return -EOPNOTSUPP;
10137
10138 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
10139
10140 reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
10141 if (reason_code == 0) {
10142 /* Reason Code 0 is reserved */
10143 return -EINVAL;
10144 }
10145
10146 if (info->attrs[NL80211_ATTR_IE]) {
10147 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
10148 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
10149 }
10150
10151 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
10152
10153 wdev_lock(dev->ieee80211_ptr);
10154 err = cfg80211_mlme_deauth(rdev, dev, bssid, ie, ie_len, reason_code,
10155 local_state_change);
10156 wdev_unlock(dev->ieee80211_ptr);
10157 return err;
10158 }
10159
10160 static int nl80211_disassociate(struct sk_buff *skb, struct genl_info *info)
10161 {
10162 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10163 struct net_device *dev = info->user_ptr[1];
10164 const u8 *ie = NULL, *bssid;
10165 int ie_len = 0, err;
10166 u16 reason_code;
10167 bool local_state_change;
10168
10169 if (dev->ieee80211_ptr->conn_owner_nlportid &&
10170 dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
10171 return -EPERM;
10172
10173 if (!info->attrs[NL80211_ATTR_MAC])
10174 return -EINVAL;
10175
10176 if (!info->attrs[NL80211_ATTR_REASON_CODE])
10177 return -EINVAL;
10178
10179 if (!rdev->ops->disassoc)
10180 return -EOPNOTSUPP;
10181
10182 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
10183 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
10184 return -EOPNOTSUPP;
10185
10186 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
10187
10188 reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
10189 if (reason_code == 0) {
10190 /* Reason Code 0 is reserved */
10191 return -EINVAL;
10192 }
10193
10194 if (info->attrs[NL80211_ATTR_IE]) {
10195 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
10196 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
10197 }
10198
10199 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
10200
10201 wdev_lock(dev->ieee80211_ptr);
10202 err = cfg80211_mlme_disassoc(rdev, dev, bssid, ie, ie_len, reason_code,
10203 local_state_change);
10204 wdev_unlock(dev->ieee80211_ptr);
10205 return err;
10206 }
10207
10208 static bool
10209 nl80211_parse_mcast_rate(struct cfg80211_registered_device *rdev,
10210 int mcast_rate[NUM_NL80211_BANDS],
10211 int rateval)
10212 {
10213 struct wiphy *wiphy = &rdev->wiphy;
10214 bool found = false;
10215 int band, i;
10216
10217 for (band = 0; band < NUM_NL80211_BANDS; band++) {
10218 struct ieee80211_supported_band *sband;
10219
10220 sband = wiphy->bands[band];
10221 if (!sband)
10222 continue;
10223
10224 for (i = 0; i < sband->n_bitrates; i++) {
10225 if (sband->bitrates[i].bitrate == rateval) {
10226 mcast_rate[band] = i + 1;
10227 found = true;
10228 break;
10229 }
10230 }
10231 }
10232
10233 return found;
10234 }
10235
10236 static int nl80211_join_ibss(struct sk_buff *skb, struct genl_info *info)
10237 {
10238 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10239 struct net_device *dev = info->user_ptr[1];
10240 struct cfg80211_ibss_params ibss;
10241 struct wiphy *wiphy;
10242 struct cfg80211_cached_keys *connkeys = NULL;
10243 int err;
10244
10245 memset(&ibss, 0, sizeof(ibss));
10246
10247 if (!info->attrs[NL80211_ATTR_SSID] ||
10248 !nla_len(info->attrs[NL80211_ATTR_SSID]))
10249 return -EINVAL;
10250
10251 ibss.beacon_interval = 100;
10252
10253 if (info->attrs[NL80211_ATTR_BEACON_INTERVAL])
10254 ibss.beacon_interval =
10255 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
10256
10257 err = cfg80211_validate_beacon_int(rdev, NL80211_IFTYPE_ADHOC,
10258 ibss.beacon_interval);
10259 if (err)
10260 return err;
10261
10262 if (!rdev->ops->join_ibss)
10263 return -EOPNOTSUPP;
10264
10265 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
10266 return -EOPNOTSUPP;
10267
10268 wiphy = &rdev->wiphy;
10269
10270 if (info->attrs[NL80211_ATTR_MAC]) {
10271 ibss.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
10272
10273 if (!is_valid_ether_addr(ibss.bssid))
10274 return -EINVAL;
10275 }
10276 ibss.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
10277 ibss.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
10278
10279 if (info->attrs[NL80211_ATTR_IE]) {
10280 ibss.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
10281 ibss.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
10282 }
10283
10284 err = nl80211_parse_chandef(rdev, info, &ibss.chandef);
10285 if (err)
10286 return err;
10287
10288 if (!cfg80211_reg_can_beacon(&rdev->wiphy, &ibss.chandef,
10289 NL80211_IFTYPE_ADHOC))
10290 return -EINVAL;
10291
10292 switch (ibss.chandef.width) {
10293 case NL80211_CHAN_WIDTH_5:
10294 case NL80211_CHAN_WIDTH_10:
10295 case NL80211_CHAN_WIDTH_20_NOHT:
10296 break;
10297 case NL80211_CHAN_WIDTH_20:
10298 case NL80211_CHAN_WIDTH_40:
10299 if (!(rdev->wiphy.features & NL80211_FEATURE_HT_IBSS))
10300 return -EINVAL;
10301 break;
10302 case NL80211_CHAN_WIDTH_80:
10303 case NL80211_CHAN_WIDTH_80P80:
10304 case NL80211_CHAN_WIDTH_160:
10305 if (!(rdev->wiphy.features & NL80211_FEATURE_HT_IBSS))
10306 return -EINVAL;
10307 if (!wiphy_ext_feature_isset(&rdev->wiphy,
10308 NL80211_EXT_FEATURE_VHT_IBSS))
10309 return -EINVAL;
10310 break;
10311 default:
10312 return -EINVAL;
10313 }
10314
10315 ibss.channel_fixed = !!info->attrs[NL80211_ATTR_FREQ_FIXED];
10316 ibss.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
10317
10318 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
10319 u8 *rates =
10320 nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
10321 int n_rates =
10322 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
10323 struct ieee80211_supported_band *sband =
10324 wiphy->bands[ibss.chandef.chan->band];
10325
10326 err = ieee80211_get_ratemask(sband, rates, n_rates,
10327 &ibss.basic_rates);
10328 if (err)
10329 return err;
10330 }
10331
10332 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
10333 memcpy(&ibss.ht_capa_mask,
10334 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
10335 sizeof(ibss.ht_capa_mask));
10336
10337 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
10338 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
10339 return -EINVAL;
10340 memcpy(&ibss.ht_capa,
10341 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
10342 sizeof(ibss.ht_capa));
10343 }
10344
10345 if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
10346 !nl80211_parse_mcast_rate(rdev, ibss.mcast_rate,
10347 nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
10348 return -EINVAL;
10349
10350 if (ibss.privacy && info->attrs[NL80211_ATTR_KEYS]) {
10351 bool no_ht = false;
10352
10353 connkeys = nl80211_parse_connkeys(rdev, info, &no_ht);
10354 if (IS_ERR(connkeys))
10355 return PTR_ERR(connkeys);
10356
10357 if ((ibss.chandef.width != NL80211_CHAN_WIDTH_20_NOHT) &&
10358 no_ht) {
10359 kfree_sensitive(connkeys);
10360 return -EINVAL;
10361 }
10362 }
10363
10364 ibss.control_port =
10365 nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT]);
10366
10367 if (info->attrs[NL80211_ATTR_CONTROL_PORT_OVER_NL80211]) {
10368 int r = validate_pae_over_nl80211(rdev, info);
10369
10370 if (r < 0) {
10371 kfree_sensitive(connkeys);
10372 return r;
10373 }
10374
10375 ibss.control_port_over_nl80211 = true;
10376 }
10377
10378 ibss.userspace_handles_dfs =
10379 nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS]);
10380
10381 wdev_lock(dev->ieee80211_ptr);
10382 err = __cfg80211_join_ibss(rdev, dev, &ibss, connkeys);
10383 if (err)
10384 kfree_sensitive(connkeys);
10385 else if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
10386 dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid;
10387 wdev_unlock(dev->ieee80211_ptr);
10388
10389 return err;
10390 }
10391
10392 static int nl80211_leave_ibss(struct sk_buff *skb, struct genl_info *info)
10393 {
10394 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10395 struct net_device *dev = info->user_ptr[1];
10396
10397 if (!rdev->ops->leave_ibss)
10398 return -EOPNOTSUPP;
10399
10400 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
10401 return -EOPNOTSUPP;
10402
10403 return cfg80211_leave_ibss(rdev, dev, false);
10404 }
10405
10406 static int nl80211_set_mcast_rate(struct sk_buff *skb, struct genl_info *info)
10407 {
10408 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10409 struct net_device *dev = info->user_ptr[1];
10410 int mcast_rate[NUM_NL80211_BANDS];
10411 u32 nla_rate;
10412 int err;
10413
10414 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC &&
10415 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
10416 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_OCB)
10417 return -EOPNOTSUPP;
10418
10419 if (!rdev->ops->set_mcast_rate)
10420 return -EOPNOTSUPP;
10421
10422 memset(mcast_rate, 0, sizeof(mcast_rate));
10423
10424 if (!info->attrs[NL80211_ATTR_MCAST_RATE])
10425 return -EINVAL;
10426
10427 nla_rate = nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE]);
10428 if (!nl80211_parse_mcast_rate(rdev, mcast_rate, nla_rate))
10429 return -EINVAL;
10430
10431 err = rdev_set_mcast_rate(rdev, dev, mcast_rate);
10432
10433 return err;
10434 }
10435
10436 static struct sk_buff *
10437 __cfg80211_alloc_vendor_skb(struct cfg80211_registered_device *rdev,
10438 struct wireless_dev *wdev, int approxlen,
10439 u32 portid, u32 seq, enum nl80211_commands cmd,
10440 enum nl80211_attrs attr,
10441 const struct nl80211_vendor_cmd_info *info,
10442 gfp_t gfp)
10443 {
10444 struct sk_buff *skb;
10445 void *hdr;
10446 struct nlattr *data;
10447
10448 skb = nlmsg_new(approxlen + 100, gfp);
10449 if (!skb)
10450 return NULL;
10451
10452 hdr = nl80211hdr_put(skb, portid, seq, 0, cmd);
10453 if (!hdr) {
10454 kfree_skb(skb);
10455 return NULL;
10456 }
10457
10458 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
10459 goto nla_put_failure;
10460
10461 if (info) {
10462 if (nla_put_u32(skb, NL80211_ATTR_VENDOR_ID,
10463 info->vendor_id))
10464 goto nla_put_failure;
10465 if (nla_put_u32(skb, NL80211_ATTR_VENDOR_SUBCMD,
10466 info->subcmd))
10467 goto nla_put_failure;
10468 }
10469
10470 if (wdev) {
10471 if (nla_put_u64_64bit(skb, NL80211_ATTR_WDEV,
10472 wdev_id(wdev), NL80211_ATTR_PAD))
10473 goto nla_put_failure;
10474 if (wdev->netdev &&
10475 nla_put_u32(skb, NL80211_ATTR_IFINDEX,
10476 wdev->netdev->ifindex))
10477 goto nla_put_failure;
10478 }
10479
10480 data = nla_nest_start_noflag(skb, attr);
10481 if (!data)
10482 goto nla_put_failure;
10483
10484 ((void **)skb->cb)[0] = rdev;
10485 ((void **)skb->cb)[1] = hdr;
10486 ((void **)skb->cb)[2] = data;
10487
10488 return skb;
10489
10490 nla_put_failure:
10491 kfree_skb(skb);
10492 return NULL;
10493 }
10494
10495 struct sk_buff *__cfg80211_alloc_event_skb(struct wiphy *wiphy,
10496 struct wireless_dev *wdev,
10497 enum nl80211_commands cmd,
10498 enum nl80211_attrs attr,
10499 unsigned int portid,
10500 int vendor_event_idx,
10501 int approxlen, gfp_t gfp)
10502 {
10503 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
10504 const struct nl80211_vendor_cmd_info *info;
10505
10506 switch (cmd) {
10507 case NL80211_CMD_TESTMODE:
10508 if (WARN_ON(vendor_event_idx != -1))
10509 return NULL;
10510 info = NULL;
10511 break;
10512 case NL80211_CMD_VENDOR:
10513 if (WARN_ON(vendor_event_idx < 0 ||
10514 vendor_event_idx >= wiphy->n_vendor_events))
10515 return NULL;
10516 info = &wiphy->vendor_events[vendor_event_idx];
10517 break;
10518 default:
10519 WARN_ON(1);
10520 return NULL;
10521 }
10522
10523 return __cfg80211_alloc_vendor_skb(rdev, wdev, approxlen, portid, 0,
10524 cmd, attr, info, gfp);
10525 }
10526 EXPORT_SYMBOL(__cfg80211_alloc_event_skb);
10527
10528 void __cfg80211_send_event_skb(struct sk_buff *skb, gfp_t gfp)
10529 {
10530 struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
10531 void *hdr = ((void **)skb->cb)[1];
10532 struct nlmsghdr *nlhdr = nlmsg_hdr(skb);
10533 struct nlattr *data = ((void **)skb->cb)[2];
10534 enum nl80211_multicast_groups mcgrp = NL80211_MCGRP_TESTMODE;
10535
10536 /* clear CB data for netlink core to own from now on */
10537 memset(skb->cb, 0, sizeof(skb->cb));
10538
10539 nla_nest_end(skb, data);
10540 genlmsg_end(skb, hdr);
10541
10542 if (nlhdr->nlmsg_pid) {
10543 genlmsg_unicast(wiphy_net(&rdev->wiphy), skb,
10544 nlhdr->nlmsg_pid);
10545 } else {
10546 if (data->nla_type == NL80211_ATTR_VENDOR_DATA)
10547 mcgrp = NL80211_MCGRP_VENDOR;
10548
10549 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
10550 skb, 0, mcgrp, gfp);
10551 }
10552 }
10553 EXPORT_SYMBOL(__cfg80211_send_event_skb);
10554
10555 #ifdef CONFIG_NL80211_TESTMODE
10556 static int nl80211_testmode_do(struct sk_buff *skb, struct genl_info *info)
10557 {
10558 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10559 struct wireless_dev *wdev;
10560 int err;
10561
10562 lockdep_assert_held(&rdev->wiphy.mtx);
10563
10564 wdev = __cfg80211_wdev_from_attrs(rdev, genl_info_net(info),
10565 info->attrs);
10566
10567 if (!rdev->ops->testmode_cmd)
10568 return -EOPNOTSUPP;
10569
10570 if (IS_ERR(wdev)) {
10571 err = PTR_ERR(wdev);
10572 if (err != -EINVAL)
10573 return err;
10574 wdev = NULL;
10575 } else if (wdev->wiphy != &rdev->wiphy) {
10576 return -EINVAL;
10577 }
10578
10579 if (!info->attrs[NL80211_ATTR_TESTDATA])
10580 return -EINVAL;
10581
10582 rdev->cur_cmd_info = info;
10583 err = rdev_testmode_cmd(rdev, wdev,
10584 nla_data(info->attrs[NL80211_ATTR_TESTDATA]),
10585 nla_len(info->attrs[NL80211_ATTR_TESTDATA]));
10586 rdev->cur_cmd_info = NULL;
10587
10588 return err;
10589 }
10590
10591 static int nl80211_testmode_dump(struct sk_buff *skb,
10592 struct netlink_callback *cb)
10593 {
10594 struct cfg80211_registered_device *rdev;
10595 struct nlattr **attrbuf = NULL;
10596 int err;
10597 long phy_idx;
10598 void *data = NULL;
10599 int data_len = 0;
10600
10601 rtnl_lock();
10602
10603 if (cb->args[0]) {
10604 /*
10605 * 0 is a valid index, but not valid for args[0],
10606 * so we need to offset by 1.
10607 */
10608 phy_idx = cb->args[0] - 1;
10609
10610 rdev = cfg80211_rdev_by_wiphy_idx(phy_idx);
10611 if (!rdev) {
10612 err = -ENOENT;
10613 goto out_err;
10614 }
10615 } else {
10616 attrbuf = kcalloc(NUM_NL80211_ATTR, sizeof(*attrbuf),
10617 GFP_KERNEL);
10618 if (!attrbuf) {
10619 err = -ENOMEM;
10620 goto out_err;
10621 }
10622
10623 err = nlmsg_parse_deprecated(cb->nlh,
10624 GENL_HDRLEN + nl80211_fam.hdrsize,
10625 attrbuf, nl80211_fam.maxattr,
10626 nl80211_policy, NULL);
10627 if (err)
10628 goto out_err;
10629
10630 rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk), attrbuf);
10631 if (IS_ERR(rdev)) {
10632 err = PTR_ERR(rdev);
10633 goto out_err;
10634 }
10635 phy_idx = rdev->wiphy_idx;
10636
10637 if (attrbuf[NL80211_ATTR_TESTDATA])
10638 cb->args[1] = (long)attrbuf[NL80211_ATTR_TESTDATA];
10639 }
10640
10641 if (cb->args[1]) {
10642 data = nla_data((void *)cb->args[1]);
10643 data_len = nla_len((void *)cb->args[1]);
10644 }
10645
10646 if (!rdev->ops->testmode_dump) {
10647 err = -EOPNOTSUPP;
10648 goto out_err;
10649 }
10650
10651 while (1) {
10652 void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid,
10653 cb->nlh->nlmsg_seq, NLM_F_MULTI,
10654 NL80211_CMD_TESTMODE);
10655 struct nlattr *tmdata;
10656
10657 if (!hdr)
10658 break;
10659
10660 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, phy_idx)) {
10661 genlmsg_cancel(skb, hdr);
10662 break;
10663 }
10664
10665 tmdata = nla_nest_start_noflag(skb, NL80211_ATTR_TESTDATA);
10666 if (!tmdata) {
10667 genlmsg_cancel(skb, hdr);
10668 break;
10669 }
10670 err = rdev_testmode_dump(rdev, skb, cb, data, data_len);
10671 nla_nest_end(skb, tmdata);
10672
10673 if (err == -ENOBUFS || err == -ENOENT) {
10674 genlmsg_cancel(skb, hdr);
10675 break;
10676 } else if (err) {
10677 genlmsg_cancel(skb, hdr);
10678 goto out_err;
10679 }
10680
10681 genlmsg_end(skb, hdr);
10682 }
10683
10684 err = skb->len;
10685 /* see above */
10686 cb->args[0] = phy_idx + 1;
10687 out_err:
10688 kfree(attrbuf);
10689 rtnl_unlock();
10690 return err;
10691 }
10692 #endif
10693
10694 static int nl80211_connect(struct sk_buff *skb, struct genl_info *info)
10695 {
10696 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10697 struct net_device *dev = info->user_ptr[1];
10698 struct cfg80211_connect_params connect;
10699 struct wiphy *wiphy;
10700 struct cfg80211_cached_keys *connkeys = NULL;
10701 u32 freq = 0;
10702 int err;
10703
10704 memset(&connect, 0, sizeof(connect));
10705
10706 if (!info->attrs[NL80211_ATTR_SSID] ||
10707 !nla_len(info->attrs[NL80211_ATTR_SSID]))
10708 return -EINVAL;
10709
10710 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
10711 connect.auth_type =
10712 nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
10713 if (!nl80211_valid_auth_type(rdev, connect.auth_type,
10714 NL80211_CMD_CONNECT))
10715 return -EINVAL;
10716 } else
10717 connect.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
10718
10719 connect.privacy = info->attrs[NL80211_ATTR_PRIVACY];
10720
10721 if (info->attrs[NL80211_ATTR_WANT_1X_4WAY_HS] &&
10722 !wiphy_ext_feature_isset(&rdev->wiphy,
10723 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
10724 return -EINVAL;
10725 connect.want_1x = info->attrs[NL80211_ATTR_WANT_1X_4WAY_HS];
10726
10727 err = nl80211_crypto_settings(rdev, info, &connect.crypto,
10728 NL80211_MAX_NR_CIPHER_SUITES);
10729 if (err)
10730 return err;
10731
10732 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
10733 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
10734 return -EOPNOTSUPP;
10735
10736 wiphy = &rdev->wiphy;
10737
10738 connect.bg_scan_period = -1;
10739 if (info->attrs[NL80211_ATTR_BG_SCAN_PERIOD] &&
10740 (wiphy->flags & WIPHY_FLAG_SUPPORTS_FW_ROAM)) {
10741 connect.bg_scan_period =
10742 nla_get_u16(info->attrs[NL80211_ATTR_BG_SCAN_PERIOD]);
10743 }
10744
10745 if (info->attrs[NL80211_ATTR_MAC])
10746 connect.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
10747 else if (info->attrs[NL80211_ATTR_MAC_HINT])
10748 connect.bssid_hint =
10749 nla_data(info->attrs[NL80211_ATTR_MAC_HINT]);
10750 connect.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
10751 connect.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
10752
10753 if (info->attrs[NL80211_ATTR_IE]) {
10754 connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
10755 connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
10756 }
10757
10758 if (info->attrs[NL80211_ATTR_USE_MFP]) {
10759 connect.mfp = nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
10760 if (connect.mfp == NL80211_MFP_OPTIONAL &&
10761 !wiphy_ext_feature_isset(&rdev->wiphy,
10762 NL80211_EXT_FEATURE_MFP_OPTIONAL))
10763 return -EOPNOTSUPP;
10764 } else {
10765 connect.mfp = NL80211_MFP_NO;
10766 }
10767
10768 if (info->attrs[NL80211_ATTR_PREV_BSSID])
10769 connect.prev_bssid =
10770 nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]);
10771
10772 if (info->attrs[NL80211_ATTR_WIPHY_FREQ])
10773 freq = MHZ_TO_KHZ(nla_get_u32(
10774 info->attrs[NL80211_ATTR_WIPHY_FREQ]));
10775 if (info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET])
10776 freq +=
10777 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET]);
10778
10779 if (freq) {
10780 connect.channel = nl80211_get_valid_chan(wiphy, freq);
10781 if (!connect.channel)
10782 return -EINVAL;
10783 } else if (info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]) {
10784 freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]);
10785 freq = MHZ_TO_KHZ(freq);
10786 connect.channel_hint = nl80211_get_valid_chan(wiphy, freq);
10787 if (!connect.channel_hint)
10788 return -EINVAL;
10789 }
10790
10791 if (info->attrs[NL80211_ATTR_WIPHY_EDMG_CHANNELS]) {
10792 connect.edmg.channels =
10793 nla_get_u8(info->attrs[NL80211_ATTR_WIPHY_EDMG_CHANNELS]);
10794
10795 if (info->attrs[NL80211_ATTR_WIPHY_EDMG_BW_CONFIG])
10796 connect.edmg.bw_config =
10797 nla_get_u8(info->attrs[NL80211_ATTR_WIPHY_EDMG_BW_CONFIG]);
10798 }
10799
10800 if (connect.privacy && info->attrs[NL80211_ATTR_KEYS]) {
10801 connkeys = nl80211_parse_connkeys(rdev, info, NULL);
10802 if (IS_ERR(connkeys))
10803 return PTR_ERR(connkeys);
10804 }
10805
10806 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
10807 connect.flags |= ASSOC_REQ_DISABLE_HT;
10808
10809 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
10810 memcpy(&connect.ht_capa_mask,
10811 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
10812 sizeof(connect.ht_capa_mask));
10813
10814 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
10815 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) {
10816 kfree_sensitive(connkeys);
10817 return -EINVAL;
10818 }
10819 memcpy(&connect.ht_capa,
10820 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
10821 sizeof(connect.ht_capa));
10822 }
10823
10824 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT]))
10825 connect.flags |= ASSOC_REQ_DISABLE_VHT;
10826
10827 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HE]))
10828 connect.flags |= ASSOC_REQ_DISABLE_HE;
10829
10830 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
10831 memcpy(&connect.vht_capa_mask,
10832 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]),
10833 sizeof(connect.vht_capa_mask));
10834
10835 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {
10836 if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]) {
10837 kfree_sensitive(connkeys);
10838 return -EINVAL;
10839 }
10840 memcpy(&connect.vht_capa,
10841 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]),
10842 sizeof(connect.vht_capa));
10843 }
10844
10845 if (nla_get_flag(info->attrs[NL80211_ATTR_USE_RRM])) {
10846 if (!((rdev->wiphy.features &
10847 NL80211_FEATURE_DS_PARAM_SET_IE_IN_PROBES) &&
10848 (rdev->wiphy.features & NL80211_FEATURE_QUIET)) &&
10849 !wiphy_ext_feature_isset(&rdev->wiphy,
10850 NL80211_EXT_FEATURE_RRM)) {
10851 kfree_sensitive(connkeys);
10852 return -EINVAL;
10853 }
10854 connect.flags |= ASSOC_REQ_USE_RRM;
10855 }
10856
10857 connect.pbss = nla_get_flag(info->attrs[NL80211_ATTR_PBSS]);
10858 if (connect.pbss && !rdev->wiphy.bands[NL80211_BAND_60GHZ]) {
10859 kfree_sensitive(connkeys);
10860 return -EOPNOTSUPP;
10861 }
10862
10863 if (info->attrs[NL80211_ATTR_BSS_SELECT]) {
10864 /* bss selection makes no sense if bssid is set */
10865 if (connect.bssid) {
10866 kfree_sensitive(connkeys);
10867 return -EINVAL;
10868 }
10869
10870 err = parse_bss_select(info->attrs[NL80211_ATTR_BSS_SELECT],
10871 wiphy, &connect.bss_select);
10872 if (err) {
10873 kfree_sensitive(connkeys);
10874 return err;
10875 }
10876 }
10877
10878 if (wiphy_ext_feature_isset(&rdev->wiphy,
10879 NL80211_EXT_FEATURE_FILS_SK_OFFLOAD) &&
10880 info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] &&
10881 info->attrs[NL80211_ATTR_FILS_ERP_REALM] &&
10882 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] &&
10883 info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
10884 connect.fils_erp_username =
10885 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
10886 connect.fils_erp_username_len =
10887 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
10888 connect.fils_erp_realm =
10889 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
10890 connect.fils_erp_realm_len =
10891 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
10892 connect.fils_erp_next_seq_num =
10893 nla_get_u16(
10894 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM]);
10895 connect.fils_erp_rrk =
10896 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
10897 connect.fils_erp_rrk_len =
10898 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
10899 } else if (info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] ||
10900 info->attrs[NL80211_ATTR_FILS_ERP_REALM] ||
10901 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] ||
10902 info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
10903 kfree_sensitive(connkeys);
10904 return -EINVAL;
10905 }
10906
10907 if (nla_get_flag(info->attrs[NL80211_ATTR_EXTERNAL_AUTH_SUPPORT])) {
10908 if (!info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
10909 kfree_sensitive(connkeys);
10910 GENL_SET_ERR_MSG(info,
10911 "external auth requires connection ownership");
10912 return -EINVAL;
10913 }
10914 connect.flags |= CONNECT_REQ_EXTERNAL_AUTH_SUPPORT;
10915 }
10916
10917 wdev_lock(dev->ieee80211_ptr);
10918
10919 err = cfg80211_connect(rdev, dev, &connect, connkeys,
10920 connect.prev_bssid);
10921 if (err)
10922 kfree_sensitive(connkeys);
10923
10924 if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
10925 dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid;
10926 if (connect.bssid)
10927 memcpy(dev->ieee80211_ptr->disconnect_bssid,
10928 connect.bssid, ETH_ALEN);
10929 else
10930 eth_zero_addr(dev->ieee80211_ptr->disconnect_bssid);
10931 }
10932
10933 wdev_unlock(dev->ieee80211_ptr);
10934
10935 return err;
10936 }
10937
10938 static int nl80211_update_connect_params(struct sk_buff *skb,
10939 struct genl_info *info)
10940 {
10941 struct cfg80211_connect_params connect = {};
10942 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10943 struct net_device *dev = info->user_ptr[1];
10944 struct wireless_dev *wdev = dev->ieee80211_ptr;
10945 bool fils_sk_offload;
10946 u32 auth_type;
10947 u32 changed = 0;
10948 int ret;
10949
10950 if (!rdev->ops->update_connect_params)
10951 return -EOPNOTSUPP;
10952
10953 if (info->attrs[NL80211_ATTR_IE]) {
10954 connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
10955 connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
10956 changed |= UPDATE_ASSOC_IES;
10957 }
10958
10959 fils_sk_offload = wiphy_ext_feature_isset(&rdev->wiphy,
10960 NL80211_EXT_FEATURE_FILS_SK_OFFLOAD);
10961
10962 /*
10963 * when driver supports fils-sk offload all attributes must be
10964 * provided. So the else covers "fils-sk-not-all" and
10965 * "no-fils-sk-any".
10966 */
10967 if (fils_sk_offload &&
10968 info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] &&
10969 info->attrs[NL80211_ATTR_FILS_ERP_REALM] &&
10970 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] &&
10971 info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
10972 connect.fils_erp_username =
10973 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
10974 connect.fils_erp_username_len =
10975 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
10976 connect.fils_erp_realm =
10977 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
10978 connect.fils_erp_realm_len =
10979 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
10980 connect.fils_erp_next_seq_num =
10981 nla_get_u16(
10982 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM]);
10983 connect.fils_erp_rrk =
10984 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
10985 connect.fils_erp_rrk_len =
10986 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
10987 changed |= UPDATE_FILS_ERP_INFO;
10988 } else if (info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] ||
10989 info->attrs[NL80211_ATTR_FILS_ERP_REALM] ||
10990 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] ||
10991 info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
10992 return -EINVAL;
10993 }
10994
10995 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
10996 auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
10997 if (!nl80211_valid_auth_type(rdev, auth_type,
10998 NL80211_CMD_CONNECT))
10999 return -EINVAL;
11000
11001 if (auth_type == NL80211_AUTHTYPE_FILS_SK &&
11002 fils_sk_offload && !(changed & UPDATE_FILS_ERP_INFO))
11003 return -EINVAL;
11004
11005 connect.auth_type = auth_type;
11006 changed |= UPDATE_AUTH_TYPE;
11007 }
11008
11009 wdev_lock(dev->ieee80211_ptr);
11010 if (!wdev->current_bss)
11011 ret = -ENOLINK;
11012 else
11013 ret = rdev_update_connect_params(rdev, dev, &connect, changed);
11014 wdev_unlock(dev->ieee80211_ptr);
11015
11016 return ret;
11017 }
11018
11019 static int nl80211_disconnect(struct sk_buff *skb, struct genl_info *info)
11020 {
11021 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11022 struct net_device *dev = info->user_ptr[1];
11023 u16 reason;
11024 int ret;
11025
11026 if (dev->ieee80211_ptr->conn_owner_nlportid &&
11027 dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
11028 return -EPERM;
11029
11030 if (!info->attrs[NL80211_ATTR_REASON_CODE])
11031 reason = WLAN_REASON_DEAUTH_LEAVING;
11032 else
11033 reason = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
11034
11035 if (reason == 0)
11036 return -EINVAL;
11037
11038 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
11039 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
11040 return -EOPNOTSUPP;
11041
11042 wdev_lock(dev->ieee80211_ptr);
11043 ret = cfg80211_disconnect(rdev, dev, reason, true);
11044 wdev_unlock(dev->ieee80211_ptr);
11045 return ret;
11046 }
11047
11048 static int nl80211_wiphy_netns(struct sk_buff *skb, struct genl_info *info)
11049 {
11050 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11051 struct net *net;
11052 int err;
11053
11054 if (info->attrs[NL80211_ATTR_PID]) {
11055 u32 pid = nla_get_u32(info->attrs[NL80211_ATTR_PID]);
11056
11057 net = get_net_ns_by_pid(pid);
11058 } else if (info->attrs[NL80211_ATTR_NETNS_FD]) {
11059 u32 fd = nla_get_u32(info->attrs[NL80211_ATTR_NETNS_FD]);
11060
11061 net = get_net_ns_by_fd(fd);
11062 } else {
11063 return -EINVAL;
11064 }
11065
11066 if (IS_ERR(net))
11067 return PTR_ERR(net);
11068
11069 err = 0;
11070
11071 /* check if anything to do */
11072 if (!net_eq(wiphy_net(&rdev->wiphy), net))
11073 err = cfg80211_switch_netns(rdev, net);
11074
11075 put_net(net);
11076 return err;
11077 }
11078
11079 static int nl80211_setdel_pmksa(struct sk_buff *skb, struct genl_info *info)
11080 {
11081 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11082 int (*rdev_ops)(struct wiphy *wiphy, struct net_device *dev,
11083 struct cfg80211_pmksa *pmksa) = NULL;
11084 struct net_device *dev = info->user_ptr[1];
11085 struct cfg80211_pmksa pmksa;
11086
11087 memset(&pmksa, 0, sizeof(struct cfg80211_pmksa));
11088
11089 if (!info->attrs[NL80211_ATTR_PMKID])
11090 return -EINVAL;
11091
11092 pmksa.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]);
11093
11094 if (info->attrs[NL80211_ATTR_MAC]) {
11095 pmksa.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
11096 } else if (info->attrs[NL80211_ATTR_SSID] &&
11097 info->attrs[NL80211_ATTR_FILS_CACHE_ID] &&
11098 (info->genlhdr->cmd == NL80211_CMD_DEL_PMKSA ||
11099 info->attrs[NL80211_ATTR_PMK])) {
11100 pmksa.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
11101 pmksa.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
11102 pmksa.cache_id =
11103 nla_data(info->attrs[NL80211_ATTR_FILS_CACHE_ID]);
11104 } else {
11105 return -EINVAL;
11106 }
11107 if (info->attrs[NL80211_ATTR_PMK]) {
11108 pmksa.pmk = nla_data(info->attrs[NL80211_ATTR_PMK]);
11109 pmksa.pmk_len = nla_len(info->attrs[NL80211_ATTR_PMK]);
11110 }
11111
11112 if (info->attrs[NL80211_ATTR_PMK_LIFETIME])
11113 pmksa.pmk_lifetime =
11114 nla_get_u32(info->attrs[NL80211_ATTR_PMK_LIFETIME]);
11115
11116 if (info->attrs[NL80211_ATTR_PMK_REAUTH_THRESHOLD])
11117 pmksa.pmk_reauth_threshold =
11118 nla_get_u8(
11119 info->attrs[NL80211_ATTR_PMK_REAUTH_THRESHOLD]);
11120
11121 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
11122 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT &&
11123 !(dev->ieee80211_ptr->iftype == NL80211_IFTYPE_AP &&
11124 wiphy_ext_feature_isset(&rdev->wiphy,
11125 NL80211_EXT_FEATURE_AP_PMKSA_CACHING)))
11126 return -EOPNOTSUPP;
11127
11128 switch (info->genlhdr->cmd) {
11129 case NL80211_CMD_SET_PMKSA:
11130 rdev_ops = rdev->ops->set_pmksa;
11131 break;
11132 case NL80211_CMD_DEL_PMKSA:
11133 rdev_ops = rdev->ops->del_pmksa;
11134 break;
11135 default:
11136 WARN_ON(1);
11137 break;
11138 }
11139
11140 if (!rdev_ops)
11141 return -EOPNOTSUPP;
11142
11143 return rdev_ops(&rdev->wiphy, dev, &pmksa);
11144 }
11145
11146 static int nl80211_flush_pmksa(struct sk_buff *skb, struct genl_info *info)
11147 {
11148 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11149 struct net_device *dev = info->user_ptr[1];
11150
11151 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
11152 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
11153 return -EOPNOTSUPP;
11154
11155 if (!rdev->ops->flush_pmksa)
11156 return -EOPNOTSUPP;
11157
11158 return rdev_flush_pmksa(rdev, dev);
11159 }
11160
11161 static int nl80211_tdls_mgmt(struct sk_buff *skb, struct genl_info *info)
11162 {
11163 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11164 struct net_device *dev = info->user_ptr[1];
11165 u8 action_code, dialog_token;
11166 u32 peer_capability = 0;
11167 u16 status_code;
11168 u8 *peer;
11169 bool initiator;
11170
11171 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
11172 !rdev->ops->tdls_mgmt)
11173 return -EOPNOTSUPP;
11174
11175 if (!info->attrs[NL80211_ATTR_TDLS_ACTION] ||
11176 !info->attrs[NL80211_ATTR_STATUS_CODE] ||
11177 !info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN] ||
11178 !info->attrs[NL80211_ATTR_IE] ||
11179 !info->attrs[NL80211_ATTR_MAC])
11180 return -EINVAL;
11181
11182 peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
11183 action_code = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_ACTION]);
11184 status_code = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
11185 dialog_token = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN]);
11186 initiator = nla_get_flag(info->attrs[NL80211_ATTR_TDLS_INITIATOR]);
11187 if (info->attrs[NL80211_ATTR_TDLS_PEER_CAPABILITY])
11188 peer_capability =
11189 nla_get_u32(info->attrs[NL80211_ATTR_TDLS_PEER_CAPABILITY]);
11190
11191 return rdev_tdls_mgmt(rdev, dev, peer, action_code,
11192 dialog_token, status_code, peer_capability,
11193 initiator,
11194 nla_data(info->attrs[NL80211_ATTR_IE]),
11195 nla_len(info->attrs[NL80211_ATTR_IE]));
11196 }
11197
11198 static int nl80211_tdls_oper(struct sk_buff *skb, struct genl_info *info)
11199 {
11200 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11201 struct net_device *dev = info->user_ptr[1];
11202 enum nl80211_tdls_operation operation;
11203 u8 *peer;
11204
11205 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
11206 !rdev->ops->tdls_oper)
11207 return -EOPNOTSUPP;
11208
11209 if (!info->attrs[NL80211_ATTR_TDLS_OPERATION] ||
11210 !info->attrs[NL80211_ATTR_MAC])
11211 return -EINVAL;
11212
11213 operation = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_OPERATION]);
11214 peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
11215
11216 return rdev_tdls_oper(rdev, dev, peer, operation);
11217 }
11218
11219 static int nl80211_remain_on_channel(struct sk_buff *skb,
11220 struct genl_info *info)
11221 {
11222 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11223 struct wireless_dev *wdev = info->user_ptr[1];
11224 struct cfg80211_chan_def chandef;
11225 const struct cfg80211_chan_def *compat_chandef;
11226 struct sk_buff *msg;
11227 void *hdr;
11228 u64 cookie;
11229 u32 duration;
11230 int err;
11231
11232 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
11233 !info->attrs[NL80211_ATTR_DURATION])
11234 return -EINVAL;
11235
11236 duration = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
11237
11238 if (!rdev->ops->remain_on_channel ||
11239 !(rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL))
11240 return -EOPNOTSUPP;
11241
11242 /*
11243 * We should be on that channel for at least a minimum amount of
11244 * time (10ms) but no longer than the driver supports.
11245 */
11246 if (duration < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
11247 duration > rdev->wiphy.max_remain_on_channel_duration)
11248 return -EINVAL;
11249
11250 err = nl80211_parse_chandef(rdev, info, &chandef);
11251 if (err)
11252 return err;
11253
11254 wdev_lock(wdev);
11255 if (!cfg80211_off_channel_oper_allowed(wdev) &&
11256 !cfg80211_chandef_identical(&wdev->chandef, &chandef)) {
11257 compat_chandef = cfg80211_chandef_compatible(&wdev->chandef,
11258 &chandef);
11259 if (compat_chandef != &chandef) {
11260 wdev_unlock(wdev);
11261 return -EBUSY;
11262 }
11263 }
11264 wdev_unlock(wdev);
11265
11266 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
11267 if (!msg)
11268 return -ENOMEM;
11269
11270 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
11271 NL80211_CMD_REMAIN_ON_CHANNEL);
11272 if (!hdr) {
11273 err = -ENOBUFS;
11274 goto free_msg;
11275 }
11276
11277 err = rdev_remain_on_channel(rdev, wdev, chandef.chan,
11278 duration, &cookie);
11279
11280 if (err)
11281 goto free_msg;
11282
11283 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
11284 NL80211_ATTR_PAD))
11285 goto nla_put_failure;
11286
11287 genlmsg_end(msg, hdr);
11288
11289 return genlmsg_reply(msg, info);
11290
11291 nla_put_failure:
11292 err = -ENOBUFS;
11293 free_msg:
11294 nlmsg_free(msg);
11295 return err;
11296 }
11297
11298 static int nl80211_cancel_remain_on_channel(struct sk_buff *skb,
11299 struct genl_info *info)
11300 {
11301 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11302 struct wireless_dev *wdev = info->user_ptr[1];
11303 u64 cookie;
11304
11305 if (!info->attrs[NL80211_ATTR_COOKIE])
11306 return -EINVAL;
11307
11308 if (!rdev->ops->cancel_remain_on_channel)
11309 return -EOPNOTSUPP;
11310
11311 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
11312
11313 return rdev_cancel_remain_on_channel(rdev, wdev, cookie);
11314 }
11315
11316 static int nl80211_set_tx_bitrate_mask(struct sk_buff *skb,
11317 struct genl_info *info)
11318 {
11319 struct cfg80211_bitrate_mask mask;
11320 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11321 struct net_device *dev = info->user_ptr[1];
11322 int err;
11323
11324 if (!rdev->ops->set_bitrate_mask)
11325 return -EOPNOTSUPP;
11326
11327 err = nl80211_parse_tx_bitrate_mask(info, info->attrs,
11328 NL80211_ATTR_TX_RATES, &mask,
11329 dev, true);
11330 if (err)
11331 return err;
11332
11333 return rdev_set_bitrate_mask(rdev, dev, NULL, &mask);
11334 }
11335
11336 static int nl80211_register_mgmt(struct sk_buff *skb, struct genl_info *info)
11337 {
11338 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11339 struct wireless_dev *wdev = info->user_ptr[1];
11340 u16 frame_type = IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_ACTION;
11341
11342 if (!info->attrs[NL80211_ATTR_FRAME_MATCH])
11343 return -EINVAL;
11344
11345 if (info->attrs[NL80211_ATTR_FRAME_TYPE])
11346 frame_type = nla_get_u16(info->attrs[NL80211_ATTR_FRAME_TYPE]);
11347
11348 switch (wdev->iftype) {
11349 case NL80211_IFTYPE_STATION:
11350 case NL80211_IFTYPE_ADHOC:
11351 case NL80211_IFTYPE_P2P_CLIENT:
11352 case NL80211_IFTYPE_AP:
11353 case NL80211_IFTYPE_AP_VLAN:
11354 case NL80211_IFTYPE_MESH_POINT:
11355 case NL80211_IFTYPE_P2P_GO:
11356 case NL80211_IFTYPE_P2P_DEVICE:
11357 break;
11358 case NL80211_IFTYPE_NAN:
11359 default:
11360 return -EOPNOTSUPP;
11361 }
11362
11363 /* not much point in registering if we can't reply */
11364 if (!rdev->ops->mgmt_tx)
11365 return -EOPNOTSUPP;
11366
11367 if (info->attrs[NL80211_ATTR_RECEIVE_MULTICAST] &&
11368 !wiphy_ext_feature_isset(&rdev->wiphy,
11369 NL80211_EXT_FEATURE_MULTICAST_REGISTRATIONS)) {
11370 GENL_SET_ERR_MSG(info,
11371 "multicast RX registrations are not supported");
11372 return -EOPNOTSUPP;
11373 }
11374
11375 return cfg80211_mlme_register_mgmt(wdev, info->snd_portid, frame_type,
11376 nla_data(info->attrs[NL80211_ATTR_FRAME_MATCH]),
11377 nla_len(info->attrs[NL80211_ATTR_FRAME_MATCH]),
11378 info->attrs[NL80211_ATTR_RECEIVE_MULTICAST],
11379 info->extack);
11380 }
11381
11382 static int nl80211_tx_mgmt(struct sk_buff *skb, struct genl_info *info)
11383 {
11384 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11385 struct wireless_dev *wdev = info->user_ptr[1];
11386 struct cfg80211_chan_def chandef;
11387 int err;
11388 void *hdr = NULL;
11389 u64 cookie;
11390 struct sk_buff *msg = NULL;
11391 struct cfg80211_mgmt_tx_params params = {
11392 .dont_wait_for_ack =
11393 info->attrs[NL80211_ATTR_DONT_WAIT_FOR_ACK],
11394 };
11395
11396 if (!info->attrs[NL80211_ATTR_FRAME])
11397 return -EINVAL;
11398
11399 if (!rdev->ops->mgmt_tx)
11400 return -EOPNOTSUPP;
11401
11402 switch (wdev->iftype) {
11403 case NL80211_IFTYPE_P2P_DEVICE:
11404 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
11405 return -EINVAL;
11406 break;
11407 case NL80211_IFTYPE_STATION:
11408 case NL80211_IFTYPE_ADHOC:
11409 case NL80211_IFTYPE_P2P_CLIENT:
11410 case NL80211_IFTYPE_AP:
11411 case NL80211_IFTYPE_AP_VLAN:
11412 case NL80211_IFTYPE_MESH_POINT:
11413 case NL80211_IFTYPE_P2P_GO:
11414 break;
11415 case NL80211_IFTYPE_NAN:
11416 default:
11417 return -EOPNOTSUPP;
11418 }
11419
11420 if (info->attrs[NL80211_ATTR_DURATION]) {
11421 if (!(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
11422 return -EINVAL;
11423 params.wait = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
11424
11425 /*
11426 * We should wait on the channel for at least a minimum amount
11427 * of time (10ms) but no longer than the driver supports.
11428 */
11429 if (params.wait < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
11430 params.wait > rdev->wiphy.max_remain_on_channel_duration)
11431 return -EINVAL;
11432 }
11433
11434 params.offchan = info->attrs[NL80211_ATTR_OFFCHANNEL_TX_OK];
11435
11436 if (params.offchan && !(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
11437 return -EINVAL;
11438
11439 params.no_cck = nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
11440
11441 /* get the channel if any has been specified, otherwise pass NULL to
11442 * the driver. The latter will use the current one
11443 */
11444 chandef.chan = NULL;
11445 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
11446 err = nl80211_parse_chandef(rdev, info, &chandef);
11447 if (err)
11448 return err;
11449 }
11450
11451 if (!chandef.chan && params.offchan)
11452 return -EINVAL;
11453
11454 wdev_lock(wdev);
11455 if (params.offchan && !cfg80211_off_channel_oper_allowed(wdev)) {
11456 wdev_unlock(wdev);
11457 return -EBUSY;
11458 }
11459 wdev_unlock(wdev);
11460
11461 params.buf = nla_data(info->attrs[NL80211_ATTR_FRAME]);
11462 params.len = nla_len(info->attrs[NL80211_ATTR_FRAME]);
11463
11464 if (info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]) {
11465 int len = nla_len(info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]);
11466 int i;
11467
11468 if (len % sizeof(u16))
11469 return -EINVAL;
11470
11471 params.n_csa_offsets = len / sizeof(u16);
11472 params.csa_offsets =
11473 nla_data(info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]);
11474
11475 /* check that all the offsets fit the frame */
11476 for (i = 0; i < params.n_csa_offsets; i++) {
11477 if (params.csa_offsets[i] >= params.len)
11478 return -EINVAL;
11479 }
11480 }
11481
11482 if (!params.dont_wait_for_ack) {
11483 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
11484 if (!msg)
11485 return -ENOMEM;
11486
11487 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
11488 NL80211_CMD_FRAME);
11489 if (!hdr) {
11490 err = -ENOBUFS;
11491 goto free_msg;
11492 }
11493 }
11494
11495 params.chan = chandef.chan;
11496 err = cfg80211_mlme_mgmt_tx(rdev, wdev, &params, &cookie);
11497 if (err)
11498 goto free_msg;
11499
11500 if (msg) {
11501 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
11502 NL80211_ATTR_PAD))
11503 goto nla_put_failure;
11504
11505 genlmsg_end(msg, hdr);
11506 return genlmsg_reply(msg, info);
11507 }
11508
11509 return 0;
11510
11511 nla_put_failure:
11512 err = -ENOBUFS;
11513 free_msg:
11514 nlmsg_free(msg);
11515 return err;
11516 }
11517
11518 static int nl80211_tx_mgmt_cancel_wait(struct sk_buff *skb, struct genl_info *info)
11519 {
11520 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11521 struct wireless_dev *wdev = info->user_ptr[1];
11522 u64 cookie;
11523
11524 if (!info->attrs[NL80211_ATTR_COOKIE])
11525 return -EINVAL;
11526
11527 if (!rdev->ops->mgmt_tx_cancel_wait)
11528 return -EOPNOTSUPP;
11529
11530 switch (wdev->iftype) {
11531 case NL80211_IFTYPE_STATION:
11532 case NL80211_IFTYPE_ADHOC:
11533 case NL80211_IFTYPE_P2P_CLIENT:
11534 case NL80211_IFTYPE_AP:
11535 case NL80211_IFTYPE_AP_VLAN:
11536 case NL80211_IFTYPE_P2P_GO:
11537 case NL80211_IFTYPE_P2P_DEVICE:
11538 break;
11539 case NL80211_IFTYPE_NAN:
11540 default:
11541 return -EOPNOTSUPP;
11542 }
11543
11544 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
11545
11546 return rdev_mgmt_tx_cancel_wait(rdev, wdev, cookie);
11547 }
11548
11549 static int nl80211_set_power_save(struct sk_buff *skb, struct genl_info *info)
11550 {
11551 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11552 struct wireless_dev *wdev;
11553 struct net_device *dev = info->user_ptr[1];
11554 u8 ps_state;
11555 bool state;
11556 int err;
11557
11558 if (!info->attrs[NL80211_ATTR_PS_STATE])
11559 return -EINVAL;
11560
11561 ps_state = nla_get_u32(info->attrs[NL80211_ATTR_PS_STATE]);
11562
11563 wdev = dev->ieee80211_ptr;
11564
11565 if (!rdev->ops->set_power_mgmt)
11566 return -EOPNOTSUPP;
11567
11568 state = (ps_state == NL80211_PS_ENABLED) ? true : false;
11569
11570 if (state == wdev->ps)
11571 return 0;
11572
11573 err = rdev_set_power_mgmt(rdev, dev, state, wdev->ps_timeout);
11574 if (!err)
11575 wdev->ps = state;
11576 return err;
11577 }
11578
11579 static int nl80211_get_power_save(struct sk_buff *skb, struct genl_info *info)
11580 {
11581 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11582 enum nl80211_ps_state ps_state;
11583 struct wireless_dev *wdev;
11584 struct net_device *dev = info->user_ptr[1];
11585 struct sk_buff *msg;
11586 void *hdr;
11587 int err;
11588
11589 wdev = dev->ieee80211_ptr;
11590
11591 if (!rdev->ops->set_power_mgmt)
11592 return -EOPNOTSUPP;
11593
11594 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
11595 if (!msg)
11596 return -ENOMEM;
11597
11598 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
11599 NL80211_CMD_GET_POWER_SAVE);
11600 if (!hdr) {
11601 err = -ENOBUFS;
11602 goto free_msg;
11603 }
11604
11605 if (wdev->ps)
11606 ps_state = NL80211_PS_ENABLED;
11607 else
11608 ps_state = NL80211_PS_DISABLED;
11609
11610 if (nla_put_u32(msg, NL80211_ATTR_PS_STATE, ps_state))
11611 goto nla_put_failure;
11612
11613 genlmsg_end(msg, hdr);
11614 return genlmsg_reply(msg, info);
11615
11616 nla_put_failure:
11617 err = -ENOBUFS;
11618 free_msg:
11619 nlmsg_free(msg);
11620 return err;
11621 }
11622
11623 static const struct nla_policy
11624 nl80211_attr_cqm_policy[NL80211_ATTR_CQM_MAX + 1] = {
11625 [NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_BINARY },
11626 [NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U32 },
11627 [NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 },
11628 [NL80211_ATTR_CQM_TXE_RATE] = { .type = NLA_U32 },
11629 [NL80211_ATTR_CQM_TXE_PKTS] = { .type = NLA_U32 },
11630 [NL80211_ATTR_CQM_TXE_INTVL] = { .type = NLA_U32 },
11631 [NL80211_ATTR_CQM_RSSI_LEVEL] = { .type = NLA_S32 },
11632 };
11633
11634 static int nl80211_set_cqm_txe(struct genl_info *info,
11635 u32 rate, u32 pkts, u32 intvl)
11636 {
11637 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11638 struct net_device *dev = info->user_ptr[1];
11639 struct wireless_dev *wdev = dev->ieee80211_ptr;
11640
11641 if (rate > 100 || intvl > NL80211_CQM_TXE_MAX_INTVL)
11642 return -EINVAL;
11643
11644 if (!rdev->ops->set_cqm_txe_config)
11645 return -EOPNOTSUPP;
11646
11647 if (wdev->iftype != NL80211_IFTYPE_STATION &&
11648 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
11649 return -EOPNOTSUPP;
11650
11651 return rdev_set_cqm_txe_config(rdev, dev, rate, pkts, intvl);
11652 }
11653
11654 static int cfg80211_cqm_rssi_update(struct cfg80211_registered_device *rdev,
11655 struct net_device *dev)
11656 {
11657 struct wireless_dev *wdev = dev->ieee80211_ptr;
11658 s32 last, low, high;
11659 u32 hyst;
11660 int i, n, low_index;
11661 int err;
11662
11663 /* RSSI reporting disabled? */
11664 if (!wdev->cqm_config)
11665 return rdev_set_cqm_rssi_range_config(rdev, dev, 0, 0);
11666
11667 /*
11668 * Obtain current RSSI value if possible, if not and no RSSI threshold
11669 * event has been received yet, we should receive an event after a
11670 * connection is established and enough beacons received to calculate
11671 * the average.
11672 */
11673 if (!wdev->cqm_config->last_rssi_event_value && wdev->current_bss &&
11674 rdev->ops->get_station) {
11675 struct station_info sinfo = {};
11676 u8 *mac_addr;
11677
11678 mac_addr = wdev->current_bss->pub.bssid;
11679
11680 err = rdev_get_station(rdev, dev, mac_addr, &sinfo);
11681 if (err)
11682 return err;
11683
11684 cfg80211_sinfo_release_content(&sinfo);
11685 if (sinfo.filled & BIT_ULL(NL80211_STA_INFO_BEACON_SIGNAL_AVG))
11686 wdev->cqm_config->last_rssi_event_value =
11687 (s8) sinfo.rx_beacon_signal_avg;
11688 }
11689
11690 last = wdev->cqm_config->last_rssi_event_value;
11691 hyst = wdev->cqm_config->rssi_hyst;
11692 n = wdev->cqm_config->n_rssi_thresholds;
11693
11694 for (i = 0; i < n; i++) {
11695 i = array_index_nospec(i, n);
11696 if (last < wdev->cqm_config->rssi_thresholds[i])
11697 break;
11698 }
11699
11700 low_index = i - 1;
11701 if (low_index >= 0) {
11702 low_index = array_index_nospec(low_index, n);
11703 low = wdev->cqm_config->rssi_thresholds[low_index] - hyst;
11704 } else {
11705 low = S32_MIN;
11706 }
11707 if (i < n) {
11708 i = array_index_nospec(i, n);
11709 high = wdev->cqm_config->rssi_thresholds[i] + hyst - 1;
11710 } else {
11711 high = S32_MAX;
11712 }
11713
11714 return rdev_set_cqm_rssi_range_config(rdev, dev, low, high);
11715 }
11716
11717 static int nl80211_set_cqm_rssi(struct genl_info *info,
11718 const s32 *thresholds, int n_thresholds,
11719 u32 hysteresis)
11720 {
11721 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11722 struct net_device *dev = info->user_ptr[1];
11723 struct wireless_dev *wdev = dev->ieee80211_ptr;
11724 int i, err;
11725 s32 prev = S32_MIN;
11726
11727 /* Check all values negative and sorted */
11728 for (i = 0; i < n_thresholds; i++) {
11729 if (thresholds[i] > 0 || thresholds[i] <= prev)
11730 return -EINVAL;
11731
11732 prev = thresholds[i];
11733 }
11734
11735 if (wdev->iftype != NL80211_IFTYPE_STATION &&
11736 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
11737 return -EOPNOTSUPP;
11738
11739 wdev_lock(wdev);
11740 cfg80211_cqm_config_free(wdev);
11741 wdev_unlock(wdev);
11742
11743 if (n_thresholds <= 1 && rdev->ops->set_cqm_rssi_config) {
11744 if (n_thresholds == 0 || thresholds[0] == 0) /* Disabling */
11745 return rdev_set_cqm_rssi_config(rdev, dev, 0, 0);
11746
11747 return rdev_set_cqm_rssi_config(rdev, dev,
11748 thresholds[0], hysteresis);
11749 }
11750
11751 if (!wiphy_ext_feature_isset(&rdev->wiphy,
11752 NL80211_EXT_FEATURE_CQM_RSSI_LIST))
11753 return -EOPNOTSUPP;
11754
11755 if (n_thresholds == 1 && thresholds[0] == 0) /* Disabling */
11756 n_thresholds = 0;
11757
11758 wdev_lock(wdev);
11759 if (n_thresholds) {
11760 struct cfg80211_cqm_config *cqm_config;
11761
11762 cqm_config = kzalloc(sizeof(struct cfg80211_cqm_config) +
11763 n_thresholds * sizeof(s32), GFP_KERNEL);
11764 if (!cqm_config) {
11765 err = -ENOMEM;
11766 goto unlock;
11767 }
11768
11769 cqm_config->rssi_hyst = hysteresis;
11770 cqm_config->n_rssi_thresholds = n_thresholds;
11771 memcpy(cqm_config->rssi_thresholds, thresholds,
11772 n_thresholds * sizeof(s32));
11773
11774 wdev->cqm_config = cqm_config;
11775 }
11776
11777 err = cfg80211_cqm_rssi_update(rdev, dev);
11778
11779 unlock:
11780 wdev_unlock(wdev);
11781
11782 return err;
11783 }
11784
11785 static int nl80211_set_cqm(struct sk_buff *skb, struct genl_info *info)
11786 {
11787 struct nlattr *attrs[NL80211_ATTR_CQM_MAX + 1];
11788 struct nlattr *cqm;
11789 int err;
11790
11791 cqm = info->attrs[NL80211_ATTR_CQM];
11792 if (!cqm)
11793 return -EINVAL;
11794
11795 err = nla_parse_nested_deprecated(attrs, NL80211_ATTR_CQM_MAX, cqm,
11796 nl80211_attr_cqm_policy,
11797 info->extack);
11798 if (err)
11799 return err;
11800
11801 if (attrs[NL80211_ATTR_CQM_RSSI_THOLD] &&
11802 attrs[NL80211_ATTR_CQM_RSSI_HYST]) {
11803 const s32 *thresholds =
11804 nla_data(attrs[NL80211_ATTR_CQM_RSSI_THOLD]);
11805 int len = nla_len(attrs[NL80211_ATTR_CQM_RSSI_THOLD]);
11806 u32 hysteresis = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_HYST]);
11807
11808 if (len % 4)
11809 return -EINVAL;
11810
11811 return nl80211_set_cqm_rssi(info, thresholds, len / 4,
11812 hysteresis);
11813 }
11814
11815 if (attrs[NL80211_ATTR_CQM_TXE_RATE] &&
11816 attrs[NL80211_ATTR_CQM_TXE_PKTS] &&
11817 attrs[NL80211_ATTR_CQM_TXE_INTVL]) {
11818 u32 rate = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_RATE]);
11819 u32 pkts = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_PKTS]);
11820 u32 intvl = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_INTVL]);
11821
11822 return nl80211_set_cqm_txe(info, rate, pkts, intvl);
11823 }
11824
11825 return -EINVAL;
11826 }
11827
11828 static int nl80211_join_ocb(struct sk_buff *skb, struct genl_info *info)
11829 {
11830 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11831 struct net_device *dev = info->user_ptr[1];
11832 struct ocb_setup setup = {};
11833 int err;
11834
11835 err = nl80211_parse_chandef(rdev, info, &setup.chandef);
11836 if (err)
11837 return err;
11838
11839 return cfg80211_join_ocb(rdev, dev, &setup);
11840 }
11841
11842 static int nl80211_leave_ocb(struct sk_buff *skb, struct genl_info *info)
11843 {
11844 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11845 struct net_device *dev = info->user_ptr[1];
11846
11847 return cfg80211_leave_ocb(rdev, dev);
11848 }
11849
11850 static int nl80211_join_mesh(struct sk_buff *skb, struct genl_info *info)
11851 {
11852 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11853 struct net_device *dev = info->user_ptr[1];
11854 struct mesh_config cfg;
11855 struct mesh_setup setup;
11856 int err;
11857
11858 /* start with default */
11859 memcpy(&cfg, &default_mesh_config, sizeof(cfg));
11860 memcpy(&setup, &default_mesh_setup, sizeof(setup));
11861
11862 if (info->attrs[NL80211_ATTR_MESH_CONFIG]) {
11863 /* and parse parameters if given */
11864 err = nl80211_parse_mesh_config(info, &cfg, NULL);
11865 if (err)
11866 return err;
11867 }
11868
11869 if (!info->attrs[NL80211_ATTR_MESH_ID] ||
11870 !nla_len(info->attrs[NL80211_ATTR_MESH_ID]))
11871 return -EINVAL;
11872
11873 setup.mesh_id = nla_data(info->attrs[NL80211_ATTR_MESH_ID]);
11874 setup.mesh_id_len = nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
11875
11876 if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
11877 !nl80211_parse_mcast_rate(rdev, setup.mcast_rate,
11878 nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
11879 return -EINVAL;
11880
11881 if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) {
11882 setup.beacon_interval =
11883 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
11884
11885 err = cfg80211_validate_beacon_int(rdev,
11886 NL80211_IFTYPE_MESH_POINT,
11887 setup.beacon_interval);
11888 if (err)
11889 return err;
11890 }
11891
11892 if (info->attrs[NL80211_ATTR_DTIM_PERIOD]) {
11893 setup.dtim_period =
11894 nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
11895 if (setup.dtim_period < 1 || setup.dtim_period > 100)
11896 return -EINVAL;
11897 }
11898
11899 if (info->attrs[NL80211_ATTR_MESH_SETUP]) {
11900 /* parse additional setup parameters if given */
11901 err = nl80211_parse_mesh_setup(info, &setup);
11902 if (err)
11903 return err;
11904 }
11905
11906 if (setup.user_mpm)
11907 cfg.auto_open_plinks = false;
11908
11909 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
11910 err = nl80211_parse_chandef(rdev, info, &setup.chandef);
11911 if (err)
11912 return err;
11913 } else {
11914 /* __cfg80211_join_mesh() will sort it out */
11915 setup.chandef.chan = NULL;
11916 }
11917
11918 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
11919 u8 *rates = nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
11920 int n_rates =
11921 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
11922 struct ieee80211_supported_band *sband;
11923
11924 if (!setup.chandef.chan)
11925 return -EINVAL;
11926
11927 sband = rdev->wiphy.bands[setup.chandef.chan->band];
11928
11929 err = ieee80211_get_ratemask(sband, rates, n_rates,
11930 &setup.basic_rates);
11931 if (err)
11932 return err;
11933 }
11934
11935 if (info->attrs[NL80211_ATTR_TX_RATES]) {
11936 err = nl80211_parse_tx_bitrate_mask(info, info->attrs,
11937 NL80211_ATTR_TX_RATES,
11938 &setup.beacon_rate,
11939 dev, false);
11940 if (err)
11941 return err;
11942
11943 if (!setup.chandef.chan)
11944 return -EINVAL;
11945
11946 err = validate_beacon_tx_rate(rdev, setup.chandef.chan->band,
11947 &setup.beacon_rate);
11948 if (err)
11949 return err;
11950 }
11951
11952 setup.userspace_handles_dfs =
11953 nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS]);
11954
11955 if (info->attrs[NL80211_ATTR_CONTROL_PORT_OVER_NL80211]) {
11956 int r = validate_pae_over_nl80211(rdev, info);
11957
11958 if (r < 0)
11959 return r;
11960
11961 setup.control_port_over_nl80211 = true;
11962 }
11963
11964 wdev_lock(dev->ieee80211_ptr);
11965 err = __cfg80211_join_mesh(rdev, dev, &setup, &cfg);
11966 if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER])
11967 dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid;
11968 wdev_unlock(dev->ieee80211_ptr);
11969
11970 return err;
11971 }
11972
11973 static int nl80211_leave_mesh(struct sk_buff *skb, struct genl_info *info)
11974 {
11975 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11976 struct net_device *dev = info->user_ptr[1];
11977
11978 return cfg80211_leave_mesh(rdev, dev);
11979 }
11980
11981 #ifdef CONFIG_PM
11982 static int nl80211_send_wowlan_patterns(struct sk_buff *msg,
11983 struct cfg80211_registered_device *rdev)
11984 {
11985 struct cfg80211_wowlan *wowlan = rdev->wiphy.wowlan_config;
11986 struct nlattr *nl_pats, *nl_pat;
11987 int i, pat_len;
11988
11989 if (!wowlan->n_patterns)
11990 return 0;
11991
11992 nl_pats = nla_nest_start_noflag(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN);
11993 if (!nl_pats)
11994 return -ENOBUFS;
11995
11996 for (i = 0; i < wowlan->n_patterns; i++) {
11997 nl_pat = nla_nest_start_noflag(msg, i + 1);
11998 if (!nl_pat)
11999 return -ENOBUFS;
12000 pat_len = wowlan->patterns[i].pattern_len;
12001 if (nla_put(msg, NL80211_PKTPAT_MASK, DIV_ROUND_UP(pat_len, 8),
12002 wowlan->patterns[i].mask) ||
12003 nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len,
12004 wowlan->patterns[i].pattern) ||
12005 nla_put_u32(msg, NL80211_PKTPAT_OFFSET,
12006 wowlan->patterns[i].pkt_offset))
12007 return -ENOBUFS;
12008 nla_nest_end(msg, nl_pat);
12009 }
12010 nla_nest_end(msg, nl_pats);
12011
12012 return 0;
12013 }
12014
12015 static int nl80211_send_wowlan_tcp(struct sk_buff *msg,
12016 struct cfg80211_wowlan_tcp *tcp)
12017 {
12018 struct nlattr *nl_tcp;
12019
12020 if (!tcp)
12021 return 0;
12022
12023 nl_tcp = nla_nest_start_noflag(msg,
12024 NL80211_WOWLAN_TRIG_TCP_CONNECTION);
12025 if (!nl_tcp)
12026 return -ENOBUFS;
12027
12028 if (nla_put_in_addr(msg, NL80211_WOWLAN_TCP_SRC_IPV4, tcp->src) ||
12029 nla_put_in_addr(msg, NL80211_WOWLAN_TCP_DST_IPV4, tcp->dst) ||
12030 nla_put(msg, NL80211_WOWLAN_TCP_DST_MAC, ETH_ALEN, tcp->dst_mac) ||
12031 nla_put_u16(msg, NL80211_WOWLAN_TCP_SRC_PORT, tcp->src_port) ||
12032 nla_put_u16(msg, NL80211_WOWLAN_TCP_DST_PORT, tcp->dst_port) ||
12033 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
12034 tcp->payload_len, tcp->payload) ||
12035 nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
12036 tcp->data_interval) ||
12037 nla_put(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
12038 tcp->wake_len, tcp->wake_data) ||
12039 nla_put(msg, NL80211_WOWLAN_TCP_WAKE_MASK,
12040 DIV_ROUND_UP(tcp->wake_len, 8), tcp->wake_mask))
12041 return -ENOBUFS;
12042
12043 if (tcp->payload_seq.len &&
12044 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ,
12045 sizeof(tcp->payload_seq), &tcp->payload_seq))
12046 return -ENOBUFS;
12047
12048 if (tcp->payload_tok.len &&
12049 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
12050 sizeof(tcp->payload_tok) + tcp->tokens_size,
12051 &tcp->payload_tok))
12052 return -ENOBUFS;
12053
12054 nla_nest_end(msg, nl_tcp);
12055
12056 return 0;
12057 }
12058
12059 static int nl80211_send_wowlan_nd(struct sk_buff *msg,
12060 struct cfg80211_sched_scan_request *req)
12061 {
12062 struct nlattr *nd, *freqs, *matches, *match, *scan_plans, *scan_plan;
12063 int i;
12064
12065 if (!req)
12066 return 0;
12067
12068 nd = nla_nest_start_noflag(msg, NL80211_WOWLAN_TRIG_NET_DETECT);
12069 if (!nd)
12070 return -ENOBUFS;
12071
12072 if (req->n_scan_plans == 1 &&
12073 nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_INTERVAL,
12074 req->scan_plans[0].interval * 1000))
12075 return -ENOBUFS;
12076
12077 if (nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_DELAY, req->delay))
12078 return -ENOBUFS;
12079
12080 if (req->relative_rssi_set) {
12081 struct nl80211_bss_select_rssi_adjust rssi_adjust;
12082
12083 if (nla_put_s8(msg, NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI,
12084 req->relative_rssi))
12085 return -ENOBUFS;
12086
12087 rssi_adjust.band = req->rssi_adjust.band;
12088 rssi_adjust.delta = req->rssi_adjust.delta;
12089 if (nla_put(msg, NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST,
12090 sizeof(rssi_adjust), &rssi_adjust))
12091 return -ENOBUFS;
12092 }
12093
12094 freqs = nla_nest_start_noflag(msg, NL80211_ATTR_SCAN_FREQUENCIES);
12095 if (!freqs)
12096 return -ENOBUFS;
12097
12098 for (i = 0; i < req->n_channels; i++) {
12099 if (nla_put_u32(msg, i, req->channels[i]->center_freq))
12100 return -ENOBUFS;
12101 }
12102
12103 nla_nest_end(msg, freqs);
12104
12105 if (req->n_match_sets) {
12106 matches = nla_nest_start_noflag(msg,
12107 NL80211_ATTR_SCHED_SCAN_MATCH);
12108 if (!matches)
12109 return -ENOBUFS;
12110
12111 for (i = 0; i < req->n_match_sets; i++) {
12112 match = nla_nest_start_noflag(msg, i);
12113 if (!match)
12114 return -ENOBUFS;
12115
12116 if (nla_put(msg, NL80211_SCHED_SCAN_MATCH_ATTR_SSID,
12117 req->match_sets[i].ssid.ssid_len,
12118 req->match_sets[i].ssid.ssid))
12119 return -ENOBUFS;
12120 nla_nest_end(msg, match);
12121 }
12122 nla_nest_end(msg, matches);
12123 }
12124
12125 scan_plans = nla_nest_start_noflag(msg, NL80211_ATTR_SCHED_SCAN_PLANS);
12126 if (!scan_plans)
12127 return -ENOBUFS;
12128
12129 for (i = 0; i < req->n_scan_plans; i++) {
12130 scan_plan = nla_nest_start_noflag(msg, i + 1);
12131 if (!scan_plan)
12132 return -ENOBUFS;
12133
12134 if (nla_put_u32(msg, NL80211_SCHED_SCAN_PLAN_INTERVAL,
12135 req->scan_plans[i].interval) ||
12136 (req->scan_plans[i].iterations &&
12137 nla_put_u32(msg, NL80211_SCHED_SCAN_PLAN_ITERATIONS,
12138 req->scan_plans[i].iterations)))
12139 return -ENOBUFS;
12140 nla_nest_end(msg, scan_plan);
12141 }
12142 nla_nest_end(msg, scan_plans);
12143
12144 nla_nest_end(msg, nd);
12145
12146 return 0;
12147 }
12148
12149 static int nl80211_get_wowlan(struct sk_buff *skb, struct genl_info *info)
12150 {
12151 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12152 struct sk_buff *msg;
12153 void *hdr;
12154 u32 size = NLMSG_DEFAULT_SIZE;
12155
12156 if (!rdev->wiphy.wowlan)
12157 return -EOPNOTSUPP;
12158
12159 if (rdev->wiphy.wowlan_config && rdev->wiphy.wowlan_config->tcp) {
12160 /* adjust size to have room for all the data */
12161 size += rdev->wiphy.wowlan_config->tcp->tokens_size +
12162 rdev->wiphy.wowlan_config->tcp->payload_len +
12163 rdev->wiphy.wowlan_config->tcp->wake_len +
12164 rdev->wiphy.wowlan_config->tcp->wake_len / 8;
12165 }
12166
12167 msg = nlmsg_new(size, GFP_KERNEL);
12168 if (!msg)
12169 return -ENOMEM;
12170
12171 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
12172 NL80211_CMD_GET_WOWLAN);
12173 if (!hdr)
12174 goto nla_put_failure;
12175
12176 if (rdev->wiphy.wowlan_config) {
12177 struct nlattr *nl_wowlan;
12178
12179 nl_wowlan = nla_nest_start_noflag(msg,
12180 NL80211_ATTR_WOWLAN_TRIGGERS);
12181 if (!nl_wowlan)
12182 goto nla_put_failure;
12183
12184 if ((rdev->wiphy.wowlan_config->any &&
12185 nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
12186 (rdev->wiphy.wowlan_config->disconnect &&
12187 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
12188 (rdev->wiphy.wowlan_config->magic_pkt &&
12189 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
12190 (rdev->wiphy.wowlan_config->gtk_rekey_failure &&
12191 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
12192 (rdev->wiphy.wowlan_config->eap_identity_req &&
12193 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
12194 (rdev->wiphy.wowlan_config->four_way_handshake &&
12195 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
12196 (rdev->wiphy.wowlan_config->rfkill_release &&
12197 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
12198 goto nla_put_failure;
12199
12200 if (nl80211_send_wowlan_patterns(msg, rdev))
12201 goto nla_put_failure;
12202
12203 if (nl80211_send_wowlan_tcp(msg,
12204 rdev->wiphy.wowlan_config->tcp))
12205 goto nla_put_failure;
12206
12207 if (nl80211_send_wowlan_nd(
12208 msg,
12209 rdev->wiphy.wowlan_config->nd_config))
12210 goto nla_put_failure;
12211
12212 nla_nest_end(msg, nl_wowlan);
12213 }
12214
12215 genlmsg_end(msg, hdr);
12216 return genlmsg_reply(msg, info);
12217
12218 nla_put_failure:
12219 nlmsg_free(msg);
12220 return -ENOBUFS;
12221 }
12222
12223 static int nl80211_parse_wowlan_tcp(struct cfg80211_registered_device *rdev,
12224 struct nlattr *attr,
12225 struct cfg80211_wowlan *trig)
12226 {
12227 struct nlattr *tb[NUM_NL80211_WOWLAN_TCP];
12228 struct cfg80211_wowlan_tcp *cfg;
12229 struct nl80211_wowlan_tcp_data_token *tok = NULL;
12230 struct nl80211_wowlan_tcp_data_seq *seq = NULL;
12231 u32 size;
12232 u32 data_size, wake_size, tokens_size = 0, wake_mask_size;
12233 int err, port;
12234
12235 if (!rdev->wiphy.wowlan->tcp)
12236 return -EINVAL;
12237
12238 err = nla_parse_nested_deprecated(tb, MAX_NL80211_WOWLAN_TCP, attr,
12239 nl80211_wowlan_tcp_policy, NULL);
12240 if (err)
12241 return err;
12242
12243 if (!tb[NL80211_WOWLAN_TCP_SRC_IPV4] ||
12244 !tb[NL80211_WOWLAN_TCP_DST_IPV4] ||
12245 !tb[NL80211_WOWLAN_TCP_DST_MAC] ||
12246 !tb[NL80211_WOWLAN_TCP_DST_PORT] ||
12247 !tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD] ||
12248 !tb[NL80211_WOWLAN_TCP_DATA_INTERVAL] ||
12249 !tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD] ||
12250 !tb[NL80211_WOWLAN_TCP_WAKE_MASK])
12251 return -EINVAL;
12252
12253 data_size = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]);
12254 if (data_size > rdev->wiphy.wowlan->tcp->data_payload_max)
12255 return -EINVAL;
12256
12257 if (nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) >
12258 rdev->wiphy.wowlan->tcp->data_interval_max ||
12259 nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) == 0)
12260 return -EINVAL;
12261
12262 wake_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]);
12263 if (wake_size > rdev->wiphy.wowlan->tcp->wake_payload_max)
12264 return -EINVAL;
12265
12266 wake_mask_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_MASK]);
12267 if (wake_mask_size != DIV_ROUND_UP(wake_size, 8))
12268 return -EINVAL;
12269
12270 if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]) {
12271 u32 tokln = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]);
12272
12273 tok = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]);
12274 tokens_size = tokln - sizeof(*tok);
12275
12276 if (!tok->len || tokens_size % tok->len)
12277 return -EINVAL;
12278 if (!rdev->wiphy.wowlan->tcp->tok)
12279 return -EINVAL;
12280 if (tok->len > rdev->wiphy.wowlan->tcp->tok->max_len)
12281 return -EINVAL;
12282 if (tok->len < rdev->wiphy.wowlan->tcp->tok->min_len)
12283 return -EINVAL;
12284 if (tokens_size > rdev->wiphy.wowlan->tcp->tok->bufsize)
12285 return -EINVAL;
12286 if (tok->offset + tok->len > data_size)
12287 return -EINVAL;
12288 }
12289
12290 if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]) {
12291 seq = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]);
12292 if (!rdev->wiphy.wowlan->tcp->seq)
12293 return -EINVAL;
12294 if (seq->len == 0 || seq->len > 4)
12295 return -EINVAL;
12296 if (seq->len + seq->offset > data_size)
12297 return -EINVAL;
12298 }
12299
12300 size = sizeof(*cfg);
12301 size += data_size;
12302 size += wake_size + wake_mask_size;
12303 size += tokens_size;
12304
12305 cfg = kzalloc(size, GFP_KERNEL);
12306 if (!cfg)
12307 return -ENOMEM;
12308 cfg->src = nla_get_in_addr(tb[NL80211_WOWLAN_TCP_SRC_IPV4]);
12309 cfg->dst = nla_get_in_addr(tb[NL80211_WOWLAN_TCP_DST_IPV4]);
12310 memcpy(cfg->dst_mac, nla_data(tb[NL80211_WOWLAN_TCP_DST_MAC]),
12311 ETH_ALEN);
12312 if (tb[NL80211_WOWLAN_TCP_SRC_PORT])
12313 port = nla_get_u16(tb[NL80211_WOWLAN_TCP_SRC_PORT]);
12314 else
12315 port = 0;
12316 #ifdef CONFIG_INET
12317 /* allocate a socket and port for it and use it */
12318 err = __sock_create(wiphy_net(&rdev->wiphy), PF_INET, SOCK_STREAM,
12319 IPPROTO_TCP, &cfg->sock, 1);
12320 if (err) {
12321 kfree(cfg);
12322 return err;
12323 }
12324 if (inet_csk_get_port(cfg->sock->sk, port)) {
12325 sock_release(cfg->sock);
12326 kfree(cfg);
12327 return -EADDRINUSE;
12328 }
12329 cfg->src_port = inet_sk(cfg->sock->sk)->inet_num;
12330 #else
12331 if (!port) {
12332 kfree(cfg);
12333 return -EINVAL;
12334 }
12335 cfg->src_port = port;
12336 #endif
12337
12338 cfg->dst_port = nla_get_u16(tb[NL80211_WOWLAN_TCP_DST_PORT]);
12339 cfg->payload_len = data_size;
12340 cfg->payload = (u8 *)cfg + sizeof(*cfg) + tokens_size;
12341 memcpy((void *)cfg->payload,
12342 nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]),
12343 data_size);
12344 if (seq)
12345 cfg->payload_seq = *seq;
12346 cfg->data_interval = nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]);
12347 cfg->wake_len = wake_size;
12348 cfg->wake_data = (u8 *)cfg + sizeof(*cfg) + tokens_size + data_size;
12349 memcpy((void *)cfg->wake_data,
12350 nla_data(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]),
12351 wake_size);
12352 cfg->wake_mask = (u8 *)cfg + sizeof(*cfg) + tokens_size +
12353 data_size + wake_size;
12354 memcpy((void *)cfg->wake_mask,
12355 nla_data(tb[NL80211_WOWLAN_TCP_WAKE_MASK]),
12356 wake_mask_size);
12357 if (tok) {
12358 cfg->tokens_size = tokens_size;
12359 memcpy(&cfg->payload_tok, tok, sizeof(*tok) + tokens_size);
12360 }
12361
12362 trig->tcp = cfg;
12363
12364 return 0;
12365 }
12366
12367 static int nl80211_parse_wowlan_nd(struct cfg80211_registered_device *rdev,
12368 const struct wiphy_wowlan_support *wowlan,
12369 struct nlattr *attr,
12370 struct cfg80211_wowlan *trig)
12371 {
12372 struct nlattr **tb;
12373 int err;
12374
12375 tb = kcalloc(NUM_NL80211_ATTR, sizeof(*tb), GFP_KERNEL);
12376 if (!tb)
12377 return -ENOMEM;
12378
12379 if (!(wowlan->flags & WIPHY_WOWLAN_NET_DETECT)) {
12380 err = -EOPNOTSUPP;
12381 goto out;
12382 }
12383
12384 err = nla_parse_nested_deprecated(tb, NL80211_ATTR_MAX, attr,
12385 nl80211_policy, NULL);
12386 if (err)
12387 goto out;
12388
12389 trig->nd_config = nl80211_parse_sched_scan(&rdev->wiphy, NULL, tb,
12390 wowlan->max_nd_match_sets);
12391 err = PTR_ERR_OR_ZERO(trig->nd_config);
12392 if (err)
12393 trig->nd_config = NULL;
12394
12395 out:
12396 kfree(tb);
12397 return err;
12398 }
12399
12400 static int nl80211_set_wowlan(struct sk_buff *skb, struct genl_info *info)
12401 {
12402 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12403 struct nlattr *tb[NUM_NL80211_WOWLAN_TRIG];
12404 struct cfg80211_wowlan new_triggers = {};
12405 struct cfg80211_wowlan *ntrig;
12406 const struct wiphy_wowlan_support *wowlan = rdev->wiphy.wowlan;
12407 int err, i;
12408 bool prev_enabled = rdev->wiphy.wowlan_config;
12409 bool regular = false;
12410
12411 if (!wowlan)
12412 return -EOPNOTSUPP;
12413
12414 if (!info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]) {
12415 cfg80211_rdev_free_wowlan(rdev);
12416 rdev->wiphy.wowlan_config = NULL;
12417 goto set_wakeup;
12418 }
12419
12420 err = nla_parse_nested_deprecated(tb, MAX_NL80211_WOWLAN_TRIG,
12421 info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS],
12422 nl80211_wowlan_policy, info->extack);
12423 if (err)
12424 return err;
12425
12426 if (tb[NL80211_WOWLAN_TRIG_ANY]) {
12427 if (!(wowlan->flags & WIPHY_WOWLAN_ANY))
12428 return -EINVAL;
12429 new_triggers.any = true;
12430 }
12431
12432 if (tb[NL80211_WOWLAN_TRIG_DISCONNECT]) {
12433 if (!(wowlan->flags & WIPHY_WOWLAN_DISCONNECT))
12434 return -EINVAL;
12435 new_triggers.disconnect = true;
12436 regular = true;
12437 }
12438
12439 if (tb[NL80211_WOWLAN_TRIG_MAGIC_PKT]) {
12440 if (!(wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT))
12441 return -EINVAL;
12442 new_triggers.magic_pkt = true;
12443 regular = true;
12444 }
12445
12446 if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED])
12447 return -EINVAL;
12448
12449 if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE]) {
12450 if (!(wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE))
12451 return -EINVAL;
12452 new_triggers.gtk_rekey_failure = true;
12453 regular = true;
12454 }
12455
12456 if (tb[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST]) {
12457 if (!(wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ))
12458 return -EINVAL;
12459 new_triggers.eap_identity_req = true;
12460 regular = true;
12461 }
12462
12463 if (tb[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE]) {
12464 if (!(wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE))
12465 return -EINVAL;
12466 new_triggers.four_way_handshake = true;
12467 regular = true;
12468 }
12469
12470 if (tb[NL80211_WOWLAN_TRIG_RFKILL_RELEASE]) {
12471 if (!(wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE))
12472 return -EINVAL;
12473 new_triggers.rfkill_release = true;
12474 regular = true;
12475 }
12476
12477 if (tb[NL80211_WOWLAN_TRIG_PKT_PATTERN]) {
12478 struct nlattr *pat;
12479 int n_patterns = 0;
12480 int rem, pat_len, mask_len, pkt_offset;
12481 struct nlattr *pat_tb[NUM_NL80211_PKTPAT];
12482
12483 regular = true;
12484
12485 nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
12486 rem)
12487 n_patterns++;
12488 if (n_patterns > wowlan->n_patterns)
12489 return -EINVAL;
12490
12491 new_triggers.patterns = kcalloc(n_patterns,
12492 sizeof(new_triggers.patterns[0]),
12493 GFP_KERNEL);
12494 if (!new_triggers.patterns)
12495 return -ENOMEM;
12496
12497 new_triggers.n_patterns = n_patterns;
12498 i = 0;
12499
12500 nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
12501 rem) {
12502 u8 *mask_pat;
12503
12504 err = nla_parse_nested_deprecated(pat_tb,
12505 MAX_NL80211_PKTPAT,
12506 pat,
12507 nl80211_packet_pattern_policy,
12508 info->extack);
12509 if (err)
12510 goto error;
12511
12512 err = -EINVAL;
12513 if (!pat_tb[NL80211_PKTPAT_MASK] ||
12514 !pat_tb[NL80211_PKTPAT_PATTERN])
12515 goto error;
12516 pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]);
12517 mask_len = DIV_ROUND_UP(pat_len, 8);
12518 if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len)
12519 goto error;
12520 if (pat_len > wowlan->pattern_max_len ||
12521 pat_len < wowlan->pattern_min_len)
12522 goto error;
12523
12524 if (!pat_tb[NL80211_PKTPAT_OFFSET])
12525 pkt_offset = 0;
12526 else
12527 pkt_offset = nla_get_u32(
12528 pat_tb[NL80211_PKTPAT_OFFSET]);
12529 if (pkt_offset > wowlan->max_pkt_offset)
12530 goto error;
12531 new_triggers.patterns[i].pkt_offset = pkt_offset;
12532
12533 mask_pat = kmalloc(mask_len + pat_len, GFP_KERNEL);
12534 if (!mask_pat) {
12535 err = -ENOMEM;
12536 goto error;
12537 }
12538 new_triggers.patterns[i].mask = mask_pat;
12539 memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_MASK]),
12540 mask_len);
12541 mask_pat += mask_len;
12542 new_triggers.patterns[i].pattern = mask_pat;
12543 new_triggers.patterns[i].pattern_len = pat_len;
12544 memcpy(mask_pat,
12545 nla_data(pat_tb[NL80211_PKTPAT_PATTERN]),
12546 pat_len);
12547 i++;
12548 }
12549 }
12550
12551 if (tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION]) {
12552 regular = true;
12553 err = nl80211_parse_wowlan_tcp(
12554 rdev, tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION],
12555 &new_triggers);
12556 if (err)
12557 goto error;
12558 }
12559
12560 if (tb[NL80211_WOWLAN_TRIG_NET_DETECT]) {
12561 regular = true;
12562 err = nl80211_parse_wowlan_nd(
12563 rdev, wowlan, tb[NL80211_WOWLAN_TRIG_NET_DETECT],
12564 &new_triggers);
12565 if (err)
12566 goto error;
12567 }
12568
12569 /* The 'any' trigger means the device continues operating more or less
12570 * as in its normal operation mode and wakes up the host on most of the
12571 * normal interrupts (like packet RX, ...)
12572 * It therefore makes little sense to combine with the more constrained
12573 * wakeup trigger modes.
12574 */
12575 if (new_triggers.any && regular) {
12576 err = -EINVAL;
12577 goto error;
12578 }
12579
12580 ntrig = kmemdup(&new_triggers, sizeof(new_triggers), GFP_KERNEL);
12581 if (!ntrig) {
12582 err = -ENOMEM;
12583 goto error;
12584 }
12585 cfg80211_rdev_free_wowlan(rdev);
12586 rdev->wiphy.wowlan_config = ntrig;
12587
12588 set_wakeup:
12589 if (rdev->ops->set_wakeup &&
12590 prev_enabled != !!rdev->wiphy.wowlan_config)
12591 rdev_set_wakeup(rdev, rdev->wiphy.wowlan_config);
12592
12593 return 0;
12594 error:
12595 for (i = 0; i < new_triggers.n_patterns; i++)
12596 kfree(new_triggers.patterns[i].mask);
12597 kfree(new_triggers.patterns);
12598 if (new_triggers.tcp && new_triggers.tcp->sock)
12599 sock_release(new_triggers.tcp->sock);
12600 kfree(new_triggers.tcp);
12601 kfree(new_triggers.nd_config);
12602 return err;
12603 }
12604 #endif
12605
12606 static int nl80211_send_coalesce_rules(struct sk_buff *msg,
12607 struct cfg80211_registered_device *rdev)
12608 {
12609 struct nlattr *nl_pats, *nl_pat, *nl_rule, *nl_rules;
12610 int i, j, pat_len;
12611 struct cfg80211_coalesce_rules *rule;
12612
12613 if (!rdev->coalesce->n_rules)
12614 return 0;
12615
12616 nl_rules = nla_nest_start_noflag(msg, NL80211_ATTR_COALESCE_RULE);
12617 if (!nl_rules)
12618 return -ENOBUFS;
12619
12620 for (i = 0; i < rdev->coalesce->n_rules; i++) {
12621 nl_rule = nla_nest_start_noflag(msg, i + 1);
12622 if (!nl_rule)
12623 return -ENOBUFS;
12624
12625 rule = &rdev->coalesce->rules[i];
12626 if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_DELAY,
12627 rule->delay))
12628 return -ENOBUFS;
12629
12630 if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_CONDITION,
12631 rule->condition))
12632 return -ENOBUFS;
12633
12634 nl_pats = nla_nest_start_noflag(msg,
12635 NL80211_ATTR_COALESCE_RULE_PKT_PATTERN);
12636 if (!nl_pats)
12637 return -ENOBUFS;
12638
12639 for (j = 0; j < rule->n_patterns; j++) {
12640 nl_pat = nla_nest_start_noflag(msg, j + 1);
12641 if (!nl_pat)
12642 return -ENOBUFS;
12643 pat_len = rule->patterns[j].pattern_len;
12644 if (nla_put(msg, NL80211_PKTPAT_MASK,
12645 DIV_ROUND_UP(pat_len, 8),
12646 rule->patterns[j].mask) ||
12647 nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len,
12648 rule->patterns[j].pattern) ||
12649 nla_put_u32(msg, NL80211_PKTPAT_OFFSET,
12650 rule->patterns[j].pkt_offset))
12651 return -ENOBUFS;
12652 nla_nest_end(msg, nl_pat);
12653 }
12654 nla_nest_end(msg, nl_pats);
12655 nla_nest_end(msg, nl_rule);
12656 }
12657 nla_nest_end(msg, nl_rules);
12658
12659 return 0;
12660 }
12661
12662 static int nl80211_get_coalesce(struct sk_buff *skb, struct genl_info *info)
12663 {
12664 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12665 struct sk_buff *msg;
12666 void *hdr;
12667
12668 if (!rdev->wiphy.coalesce)
12669 return -EOPNOTSUPP;
12670
12671 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
12672 if (!msg)
12673 return -ENOMEM;
12674
12675 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
12676 NL80211_CMD_GET_COALESCE);
12677 if (!hdr)
12678 goto nla_put_failure;
12679
12680 if (rdev->coalesce && nl80211_send_coalesce_rules(msg, rdev))
12681 goto nla_put_failure;
12682
12683 genlmsg_end(msg, hdr);
12684 return genlmsg_reply(msg, info);
12685
12686 nla_put_failure:
12687 nlmsg_free(msg);
12688 return -ENOBUFS;
12689 }
12690
12691 void cfg80211_rdev_free_coalesce(struct cfg80211_registered_device *rdev)
12692 {
12693 struct cfg80211_coalesce *coalesce = rdev->coalesce;
12694 int i, j;
12695 struct cfg80211_coalesce_rules *rule;
12696
12697 if (!coalesce)
12698 return;
12699
12700 for (i = 0; i < coalesce->n_rules; i++) {
12701 rule = &coalesce->rules[i];
12702 for (j = 0; j < rule->n_patterns; j++)
12703 kfree(rule->patterns[j].mask);
12704 kfree(rule->patterns);
12705 }
12706 kfree(coalesce->rules);
12707 kfree(coalesce);
12708 rdev->coalesce = NULL;
12709 }
12710
12711 static int nl80211_parse_coalesce_rule(struct cfg80211_registered_device *rdev,
12712 struct nlattr *rule,
12713 struct cfg80211_coalesce_rules *new_rule)
12714 {
12715 int err, i;
12716 const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce;
12717 struct nlattr *tb[NUM_NL80211_ATTR_COALESCE_RULE], *pat;
12718 int rem, pat_len, mask_len, pkt_offset, n_patterns = 0;
12719 struct nlattr *pat_tb[NUM_NL80211_PKTPAT];
12720
12721 err = nla_parse_nested_deprecated(tb, NL80211_ATTR_COALESCE_RULE_MAX,
12722 rule, nl80211_coalesce_policy, NULL);
12723 if (err)
12724 return err;
12725
12726 if (tb[NL80211_ATTR_COALESCE_RULE_DELAY])
12727 new_rule->delay =
12728 nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_DELAY]);
12729 if (new_rule->delay > coalesce->max_delay)
12730 return -EINVAL;
12731
12732 if (tb[NL80211_ATTR_COALESCE_RULE_CONDITION])
12733 new_rule->condition =
12734 nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_CONDITION]);
12735
12736 if (!tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN])
12737 return -EINVAL;
12738
12739 nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN],
12740 rem)
12741 n_patterns++;
12742 if (n_patterns > coalesce->n_patterns)
12743 return -EINVAL;
12744
12745 new_rule->patterns = kcalloc(n_patterns, sizeof(new_rule->patterns[0]),
12746 GFP_KERNEL);
12747 if (!new_rule->patterns)
12748 return -ENOMEM;
12749
12750 new_rule->n_patterns = n_patterns;
12751 i = 0;
12752
12753 nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN],
12754 rem) {
12755 u8 *mask_pat;
12756
12757 err = nla_parse_nested_deprecated(pat_tb, MAX_NL80211_PKTPAT,
12758 pat,
12759 nl80211_packet_pattern_policy,
12760 NULL);
12761 if (err)
12762 return err;
12763
12764 if (!pat_tb[NL80211_PKTPAT_MASK] ||
12765 !pat_tb[NL80211_PKTPAT_PATTERN])
12766 return -EINVAL;
12767 pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]);
12768 mask_len = DIV_ROUND_UP(pat_len, 8);
12769 if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len)
12770 return -EINVAL;
12771 if (pat_len > coalesce->pattern_max_len ||
12772 pat_len < coalesce->pattern_min_len)
12773 return -EINVAL;
12774
12775 if (!pat_tb[NL80211_PKTPAT_OFFSET])
12776 pkt_offset = 0;
12777 else
12778 pkt_offset = nla_get_u32(pat_tb[NL80211_PKTPAT_OFFSET]);
12779 if (pkt_offset > coalesce->max_pkt_offset)
12780 return -EINVAL;
12781 new_rule->patterns[i].pkt_offset = pkt_offset;
12782
12783 mask_pat = kmalloc(mask_len + pat_len, GFP_KERNEL);
12784 if (!mask_pat)
12785 return -ENOMEM;
12786
12787 new_rule->patterns[i].mask = mask_pat;
12788 memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_MASK]),
12789 mask_len);
12790
12791 mask_pat += mask_len;
12792 new_rule->patterns[i].pattern = mask_pat;
12793 new_rule->patterns[i].pattern_len = pat_len;
12794 memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_PATTERN]),
12795 pat_len);
12796 i++;
12797 }
12798
12799 return 0;
12800 }
12801
12802 static int nl80211_set_coalesce(struct sk_buff *skb, struct genl_info *info)
12803 {
12804 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12805 const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce;
12806 struct cfg80211_coalesce new_coalesce = {};
12807 struct cfg80211_coalesce *n_coalesce;
12808 int err, rem_rule, n_rules = 0, i, j;
12809 struct nlattr *rule;
12810 struct cfg80211_coalesce_rules *tmp_rule;
12811
12812 if (!rdev->wiphy.coalesce || !rdev->ops->set_coalesce)
12813 return -EOPNOTSUPP;
12814
12815 if (!info->attrs[NL80211_ATTR_COALESCE_RULE]) {
12816 cfg80211_rdev_free_coalesce(rdev);
12817 rdev_set_coalesce(rdev, NULL);
12818 return 0;
12819 }
12820
12821 nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE],
12822 rem_rule)
12823 n_rules++;
12824 if (n_rules > coalesce->n_rules)
12825 return -EINVAL;
12826
12827 new_coalesce.rules = kcalloc(n_rules, sizeof(new_coalesce.rules[0]),
12828 GFP_KERNEL);
12829 if (!new_coalesce.rules)
12830 return -ENOMEM;
12831
12832 new_coalesce.n_rules = n_rules;
12833 i = 0;
12834
12835 nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE],
12836 rem_rule) {
12837 err = nl80211_parse_coalesce_rule(rdev, rule,
12838 &new_coalesce.rules[i]);
12839 if (err)
12840 goto error;
12841
12842 i++;
12843 }
12844
12845 err = rdev_set_coalesce(rdev, &new_coalesce);
12846 if (err)
12847 goto error;
12848
12849 n_coalesce = kmemdup(&new_coalesce, sizeof(new_coalesce), GFP_KERNEL);
12850 if (!n_coalesce) {
12851 err = -ENOMEM;
12852 goto error;
12853 }
12854 cfg80211_rdev_free_coalesce(rdev);
12855 rdev->coalesce = n_coalesce;
12856
12857 return 0;
12858 error:
12859 for (i = 0; i < new_coalesce.n_rules; i++) {
12860 tmp_rule = &new_coalesce.rules[i];
12861 for (j = 0; j < tmp_rule->n_patterns; j++)
12862 kfree(tmp_rule->patterns[j].mask);
12863 kfree(tmp_rule->patterns);
12864 }
12865 kfree(new_coalesce.rules);
12866
12867 return err;
12868 }
12869
12870 static int nl80211_set_rekey_data(struct sk_buff *skb, struct genl_info *info)
12871 {
12872 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12873 struct net_device *dev = info->user_ptr[1];
12874 struct wireless_dev *wdev = dev->ieee80211_ptr;
12875 struct nlattr *tb[NUM_NL80211_REKEY_DATA];
12876 struct cfg80211_gtk_rekey_data rekey_data = {};
12877 int err;
12878
12879 if (!info->attrs[NL80211_ATTR_REKEY_DATA])
12880 return -EINVAL;
12881
12882 err = nla_parse_nested_deprecated(tb, MAX_NL80211_REKEY_DATA,
12883 info->attrs[NL80211_ATTR_REKEY_DATA],
12884 nl80211_rekey_policy, info->extack);
12885 if (err)
12886 return err;
12887
12888 if (!tb[NL80211_REKEY_DATA_REPLAY_CTR] || !tb[NL80211_REKEY_DATA_KEK] ||
12889 !tb[NL80211_REKEY_DATA_KCK])
12890 return -EINVAL;
12891 if (nla_len(tb[NL80211_REKEY_DATA_KEK]) != NL80211_KEK_LEN &&
12892 !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_EXT_KEK_KCK &&
12893 nla_len(tb[NL80211_REKEY_DATA_KEK]) == NL80211_KEK_EXT_LEN))
12894 return -ERANGE;
12895 if (nla_len(tb[NL80211_REKEY_DATA_KCK]) != NL80211_KCK_LEN &&
12896 !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_EXT_KEK_KCK &&
12897 nla_len(tb[NL80211_REKEY_DATA_KEK]) == NL80211_KCK_EXT_LEN))
12898 return -ERANGE;
12899
12900 rekey_data.kek = nla_data(tb[NL80211_REKEY_DATA_KEK]);
12901 rekey_data.kck = nla_data(tb[NL80211_REKEY_DATA_KCK]);
12902 rekey_data.replay_ctr = nla_data(tb[NL80211_REKEY_DATA_REPLAY_CTR]);
12903 rekey_data.kek_len = nla_len(tb[NL80211_REKEY_DATA_KEK]);
12904 rekey_data.kck_len = nla_len(tb[NL80211_REKEY_DATA_KCK]);
12905 if (tb[NL80211_REKEY_DATA_AKM])
12906 rekey_data.akm = nla_get_u32(tb[NL80211_REKEY_DATA_AKM]);
12907
12908 wdev_lock(wdev);
12909 if (!wdev->current_bss) {
12910 err = -ENOTCONN;
12911 goto out;
12912 }
12913
12914 if (!rdev->ops->set_rekey_data) {
12915 err = -EOPNOTSUPP;
12916 goto out;
12917 }
12918
12919 err = rdev_set_rekey_data(rdev, dev, &rekey_data);
12920 out:
12921 wdev_unlock(wdev);
12922 return err;
12923 }
12924
12925 static int nl80211_register_unexpected_frame(struct sk_buff *skb,
12926 struct genl_info *info)
12927 {
12928 struct net_device *dev = info->user_ptr[1];
12929 struct wireless_dev *wdev = dev->ieee80211_ptr;
12930
12931 if (wdev->iftype != NL80211_IFTYPE_AP &&
12932 wdev->iftype != NL80211_IFTYPE_P2P_GO)
12933 return -EINVAL;
12934
12935 if (wdev->ap_unexpected_nlportid)
12936 return -EBUSY;
12937
12938 wdev->ap_unexpected_nlportid = info->snd_portid;
12939 return 0;
12940 }
12941
12942 static int nl80211_probe_client(struct sk_buff *skb,
12943 struct genl_info *info)
12944 {
12945 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12946 struct net_device *dev = info->user_ptr[1];
12947 struct wireless_dev *wdev = dev->ieee80211_ptr;
12948 struct sk_buff *msg;
12949 void *hdr;
12950 const u8 *addr;
12951 u64 cookie;
12952 int err;
12953
12954 if (wdev->iftype != NL80211_IFTYPE_AP &&
12955 wdev->iftype != NL80211_IFTYPE_P2P_GO)
12956 return -EOPNOTSUPP;
12957
12958 if (!info->attrs[NL80211_ATTR_MAC])
12959 return -EINVAL;
12960
12961 if (!rdev->ops->probe_client)
12962 return -EOPNOTSUPP;
12963
12964 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
12965 if (!msg)
12966 return -ENOMEM;
12967
12968 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
12969 NL80211_CMD_PROBE_CLIENT);
12970 if (!hdr) {
12971 err = -ENOBUFS;
12972 goto free_msg;
12973 }
12974
12975 addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
12976
12977 err = rdev_probe_client(rdev, dev, addr, &cookie);
12978 if (err)
12979 goto free_msg;
12980
12981 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
12982 NL80211_ATTR_PAD))
12983 goto nla_put_failure;
12984
12985 genlmsg_end(msg, hdr);
12986
12987 return genlmsg_reply(msg, info);
12988
12989 nla_put_failure:
12990 err = -ENOBUFS;
12991 free_msg:
12992 nlmsg_free(msg);
12993 return err;
12994 }
12995
12996 static int nl80211_register_beacons(struct sk_buff *skb, struct genl_info *info)
12997 {
12998 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12999 struct cfg80211_beacon_registration *reg, *nreg;
13000 int rv;
13001
13002 if (!(rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS))
13003 return -EOPNOTSUPP;
13004
13005 nreg = kzalloc(sizeof(*nreg), GFP_KERNEL);
13006 if (!nreg)
13007 return -ENOMEM;
13008
13009 /* First, check if already registered. */
13010 spin_lock_bh(&rdev->beacon_registrations_lock);
13011 list_for_each_entry(reg, &rdev->beacon_registrations, list) {
13012 if (reg->nlportid == info->snd_portid) {
13013 rv = -EALREADY;
13014 goto out_err;
13015 }
13016 }
13017 /* Add it to the list */
13018 nreg->nlportid = info->snd_portid;
13019 list_add(&nreg->list, &rdev->beacon_registrations);
13020
13021 spin_unlock_bh(&rdev->beacon_registrations_lock);
13022
13023 return 0;
13024 out_err:
13025 spin_unlock_bh(&rdev->beacon_registrations_lock);
13026 kfree(nreg);
13027 return rv;
13028 }
13029
13030 static int nl80211_start_p2p_device(struct sk_buff *skb, struct genl_info *info)
13031 {
13032 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13033 struct wireless_dev *wdev = info->user_ptr[1];
13034 int err;
13035
13036 if (!rdev->ops->start_p2p_device)
13037 return -EOPNOTSUPP;
13038
13039 if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
13040 return -EOPNOTSUPP;
13041
13042 if (wdev_running(wdev))
13043 return 0;
13044
13045 if (rfkill_blocked(rdev->rfkill))
13046 return -ERFKILL;
13047
13048 err = rdev_start_p2p_device(rdev, wdev);
13049 if (err)
13050 return err;
13051
13052 wdev->is_running = true;
13053 rdev->opencount++;
13054
13055 return 0;
13056 }
13057
13058 static int nl80211_stop_p2p_device(struct sk_buff *skb, struct genl_info *info)
13059 {
13060 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13061 struct wireless_dev *wdev = info->user_ptr[1];
13062
13063 if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
13064 return -EOPNOTSUPP;
13065
13066 if (!rdev->ops->stop_p2p_device)
13067 return -EOPNOTSUPP;
13068
13069 cfg80211_stop_p2p_device(rdev, wdev);
13070
13071 return 0;
13072 }
13073
13074 static int nl80211_start_nan(struct sk_buff *skb, struct genl_info *info)
13075 {
13076 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13077 struct wireless_dev *wdev = info->user_ptr[1];
13078 struct cfg80211_nan_conf conf = {};
13079 int err;
13080
13081 if (wdev->iftype != NL80211_IFTYPE_NAN)
13082 return -EOPNOTSUPP;
13083
13084 if (wdev_running(wdev))
13085 return -EEXIST;
13086
13087 if (rfkill_blocked(rdev->rfkill))
13088 return -ERFKILL;
13089
13090 if (!info->attrs[NL80211_ATTR_NAN_MASTER_PREF])
13091 return -EINVAL;
13092
13093 conf.master_pref =
13094 nla_get_u8(info->attrs[NL80211_ATTR_NAN_MASTER_PREF]);
13095
13096 if (info->attrs[NL80211_ATTR_BANDS]) {
13097 u32 bands = nla_get_u32(info->attrs[NL80211_ATTR_BANDS]);
13098
13099 if (bands & ~(u32)wdev->wiphy->nan_supported_bands)
13100 return -EOPNOTSUPP;
13101
13102 if (bands && !(bands & BIT(NL80211_BAND_2GHZ)))
13103 return -EINVAL;
13104
13105 conf.bands = bands;
13106 }
13107
13108 err = rdev_start_nan(rdev, wdev, &conf);
13109 if (err)
13110 return err;
13111
13112 wdev->is_running = true;
13113 rdev->opencount++;
13114
13115 return 0;
13116 }
13117
13118 static int nl80211_stop_nan(struct sk_buff *skb, struct genl_info *info)
13119 {
13120 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13121 struct wireless_dev *wdev = info->user_ptr[1];
13122
13123 if (wdev->iftype != NL80211_IFTYPE_NAN)
13124 return -EOPNOTSUPP;
13125
13126 cfg80211_stop_nan(rdev, wdev);
13127
13128 return 0;
13129 }
13130
13131 static int validate_nan_filter(struct nlattr *filter_attr)
13132 {
13133 struct nlattr *attr;
13134 int len = 0, n_entries = 0, rem;
13135
13136 nla_for_each_nested(attr, filter_attr, rem) {
13137 len += nla_len(attr);
13138 n_entries++;
13139 }
13140
13141 if (len >= U8_MAX)
13142 return -EINVAL;
13143
13144 return n_entries;
13145 }
13146
13147 static int handle_nan_filter(struct nlattr *attr_filter,
13148 struct cfg80211_nan_func *func,
13149 bool tx)
13150 {
13151 struct nlattr *attr;
13152 int n_entries, rem, i;
13153 struct cfg80211_nan_func_filter *filter;
13154
13155 n_entries = validate_nan_filter(attr_filter);
13156 if (n_entries < 0)
13157 return n_entries;
13158
13159 BUILD_BUG_ON(sizeof(*func->rx_filters) != sizeof(*func->tx_filters));
13160
13161 filter = kcalloc(n_entries, sizeof(*func->rx_filters), GFP_KERNEL);
13162 if (!filter)
13163 return -ENOMEM;
13164
13165 i = 0;
13166 nla_for_each_nested(attr, attr_filter, rem) {
13167 filter[i].filter = nla_memdup(attr, GFP_KERNEL);
13168 filter[i].len = nla_len(attr);
13169 i++;
13170 }
13171 if (tx) {
13172 func->num_tx_filters = n_entries;
13173 func->tx_filters = filter;
13174 } else {
13175 func->num_rx_filters = n_entries;
13176 func->rx_filters = filter;
13177 }
13178
13179 return 0;
13180 }
13181
13182 static int nl80211_nan_add_func(struct sk_buff *skb,
13183 struct genl_info *info)
13184 {
13185 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13186 struct wireless_dev *wdev = info->user_ptr[1];
13187 struct nlattr *tb[NUM_NL80211_NAN_FUNC_ATTR], *func_attr;
13188 struct cfg80211_nan_func *func;
13189 struct sk_buff *msg = NULL;
13190 void *hdr = NULL;
13191 int err = 0;
13192
13193 if (wdev->iftype != NL80211_IFTYPE_NAN)
13194 return -EOPNOTSUPP;
13195
13196 if (!wdev_running(wdev))
13197 return -ENOTCONN;
13198
13199 if (!info->attrs[NL80211_ATTR_NAN_FUNC])
13200 return -EINVAL;
13201
13202 err = nla_parse_nested_deprecated(tb, NL80211_NAN_FUNC_ATTR_MAX,
13203 info->attrs[NL80211_ATTR_NAN_FUNC],
13204 nl80211_nan_func_policy,
13205 info->extack);
13206 if (err)
13207 return err;
13208
13209 func = kzalloc(sizeof(*func), GFP_KERNEL);
13210 if (!func)
13211 return -ENOMEM;
13212
13213 func->cookie = cfg80211_assign_cookie(rdev);
13214
13215 if (!tb[NL80211_NAN_FUNC_TYPE]) {
13216 err = -EINVAL;
13217 goto out;
13218 }
13219
13220
13221 func->type = nla_get_u8(tb[NL80211_NAN_FUNC_TYPE]);
13222
13223 if (!tb[NL80211_NAN_FUNC_SERVICE_ID]) {
13224 err = -EINVAL;
13225 goto out;
13226 }
13227
13228 memcpy(func->service_id, nla_data(tb[NL80211_NAN_FUNC_SERVICE_ID]),
13229 sizeof(func->service_id));
13230
13231 func->close_range =
13232 nla_get_flag(tb[NL80211_NAN_FUNC_CLOSE_RANGE]);
13233
13234 if (tb[NL80211_NAN_FUNC_SERVICE_INFO]) {
13235 func->serv_spec_info_len =
13236 nla_len(tb[NL80211_NAN_FUNC_SERVICE_INFO]);
13237 func->serv_spec_info =
13238 kmemdup(nla_data(tb[NL80211_NAN_FUNC_SERVICE_INFO]),
13239 func->serv_spec_info_len,
13240 GFP_KERNEL);
13241 if (!func->serv_spec_info) {
13242 err = -ENOMEM;
13243 goto out;
13244 }
13245 }
13246
13247 if (tb[NL80211_NAN_FUNC_TTL])
13248 func->ttl = nla_get_u32(tb[NL80211_NAN_FUNC_TTL]);
13249
13250 switch (func->type) {
13251 case NL80211_NAN_FUNC_PUBLISH:
13252 if (!tb[NL80211_NAN_FUNC_PUBLISH_TYPE]) {
13253 err = -EINVAL;
13254 goto out;
13255 }
13256
13257 func->publish_type =
13258 nla_get_u8(tb[NL80211_NAN_FUNC_PUBLISH_TYPE]);
13259 func->publish_bcast =
13260 nla_get_flag(tb[NL80211_NAN_FUNC_PUBLISH_BCAST]);
13261
13262 if ((!(func->publish_type & NL80211_NAN_SOLICITED_PUBLISH)) &&
13263 func->publish_bcast) {
13264 err = -EINVAL;
13265 goto out;
13266 }
13267 break;
13268 case NL80211_NAN_FUNC_SUBSCRIBE:
13269 func->subscribe_active =
13270 nla_get_flag(tb[NL80211_NAN_FUNC_SUBSCRIBE_ACTIVE]);
13271 break;
13272 case NL80211_NAN_FUNC_FOLLOW_UP:
13273 if (!tb[NL80211_NAN_FUNC_FOLLOW_UP_ID] ||
13274 !tb[NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID] ||
13275 !tb[NL80211_NAN_FUNC_FOLLOW_UP_DEST]) {
13276 err = -EINVAL;
13277 goto out;
13278 }
13279
13280 func->followup_id =
13281 nla_get_u8(tb[NL80211_NAN_FUNC_FOLLOW_UP_ID]);
13282 func->followup_reqid =
13283 nla_get_u8(tb[NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID]);
13284 memcpy(func->followup_dest.addr,
13285 nla_data(tb[NL80211_NAN_FUNC_FOLLOW_UP_DEST]),
13286 sizeof(func->followup_dest.addr));
13287 if (func->ttl) {
13288 err = -EINVAL;
13289 goto out;
13290 }
13291 break;
13292 default:
13293 err = -EINVAL;
13294 goto out;
13295 }
13296
13297 if (tb[NL80211_NAN_FUNC_SRF]) {
13298 struct nlattr *srf_tb[NUM_NL80211_NAN_SRF_ATTR];
13299
13300 err = nla_parse_nested_deprecated(srf_tb,
13301 NL80211_NAN_SRF_ATTR_MAX,
13302 tb[NL80211_NAN_FUNC_SRF],
13303 nl80211_nan_srf_policy,
13304 info->extack);
13305 if (err)
13306 goto out;
13307
13308 func->srf_include =
13309 nla_get_flag(srf_tb[NL80211_NAN_SRF_INCLUDE]);
13310
13311 if (srf_tb[NL80211_NAN_SRF_BF]) {
13312 if (srf_tb[NL80211_NAN_SRF_MAC_ADDRS] ||
13313 !srf_tb[NL80211_NAN_SRF_BF_IDX]) {
13314 err = -EINVAL;
13315 goto out;
13316 }
13317
13318 func->srf_bf_len =
13319 nla_len(srf_tb[NL80211_NAN_SRF_BF]);
13320 func->srf_bf =
13321 kmemdup(nla_data(srf_tb[NL80211_NAN_SRF_BF]),
13322 func->srf_bf_len, GFP_KERNEL);
13323 if (!func->srf_bf) {
13324 err = -ENOMEM;
13325 goto out;
13326 }
13327
13328 func->srf_bf_idx =
13329 nla_get_u8(srf_tb[NL80211_NAN_SRF_BF_IDX]);
13330 } else {
13331 struct nlattr *attr, *mac_attr =
13332 srf_tb[NL80211_NAN_SRF_MAC_ADDRS];
13333 int n_entries, rem, i = 0;
13334
13335 if (!mac_attr) {
13336 err = -EINVAL;
13337 goto out;
13338 }
13339
13340 n_entries = validate_acl_mac_addrs(mac_attr);
13341 if (n_entries <= 0) {
13342 err = -EINVAL;
13343 goto out;
13344 }
13345
13346 func->srf_num_macs = n_entries;
13347 func->srf_macs =
13348 kcalloc(n_entries, sizeof(*func->srf_macs),
13349 GFP_KERNEL);
13350 if (!func->srf_macs) {
13351 err = -ENOMEM;
13352 goto out;
13353 }
13354
13355 nla_for_each_nested(attr, mac_attr, rem)
13356 memcpy(func->srf_macs[i++].addr, nla_data(attr),
13357 sizeof(*func->srf_macs));
13358 }
13359 }
13360
13361 if (tb[NL80211_NAN_FUNC_TX_MATCH_FILTER]) {
13362 err = handle_nan_filter(tb[NL80211_NAN_FUNC_TX_MATCH_FILTER],
13363 func, true);
13364 if (err)
13365 goto out;
13366 }
13367
13368 if (tb[NL80211_NAN_FUNC_RX_MATCH_FILTER]) {
13369 err = handle_nan_filter(tb[NL80211_NAN_FUNC_RX_MATCH_FILTER],
13370 func, false);
13371 if (err)
13372 goto out;
13373 }
13374
13375 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
13376 if (!msg) {
13377 err = -ENOMEM;
13378 goto out;
13379 }
13380
13381 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
13382 NL80211_CMD_ADD_NAN_FUNCTION);
13383 /* This can't really happen - we just allocated 4KB */
13384 if (WARN_ON(!hdr)) {
13385 err = -ENOMEM;
13386 goto out;
13387 }
13388
13389 err = rdev_add_nan_func(rdev, wdev, func);
13390 out:
13391 if (err < 0) {
13392 cfg80211_free_nan_func(func);
13393 nlmsg_free(msg);
13394 return err;
13395 }
13396
13397 /* propagate the instance id and cookie to userspace */
13398 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, func->cookie,
13399 NL80211_ATTR_PAD))
13400 goto nla_put_failure;
13401
13402 func_attr = nla_nest_start_noflag(msg, NL80211_ATTR_NAN_FUNC);
13403 if (!func_attr)
13404 goto nla_put_failure;
13405
13406 if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID,
13407 func->instance_id))
13408 goto nla_put_failure;
13409
13410 nla_nest_end(msg, func_attr);
13411
13412 genlmsg_end(msg, hdr);
13413 return genlmsg_reply(msg, info);
13414
13415 nla_put_failure:
13416 nlmsg_free(msg);
13417 return -ENOBUFS;
13418 }
13419
13420 static int nl80211_nan_del_func(struct sk_buff *skb,
13421 struct genl_info *info)
13422 {
13423 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13424 struct wireless_dev *wdev = info->user_ptr[1];
13425 u64 cookie;
13426
13427 if (wdev->iftype != NL80211_IFTYPE_NAN)
13428 return -EOPNOTSUPP;
13429
13430 if (!wdev_running(wdev))
13431 return -ENOTCONN;
13432
13433 if (!info->attrs[NL80211_ATTR_COOKIE])
13434 return -EINVAL;
13435
13436 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
13437
13438 rdev_del_nan_func(rdev, wdev, cookie);
13439
13440 return 0;
13441 }
13442
13443 static int nl80211_nan_change_config(struct sk_buff *skb,
13444 struct genl_info *info)
13445 {
13446 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13447 struct wireless_dev *wdev = info->user_ptr[1];
13448 struct cfg80211_nan_conf conf = {};
13449 u32 changed = 0;
13450
13451 if (wdev->iftype != NL80211_IFTYPE_NAN)
13452 return -EOPNOTSUPP;
13453
13454 if (!wdev_running(wdev))
13455 return -ENOTCONN;
13456
13457 if (info->attrs[NL80211_ATTR_NAN_MASTER_PREF]) {
13458 conf.master_pref =
13459 nla_get_u8(info->attrs[NL80211_ATTR_NAN_MASTER_PREF]);
13460 if (conf.master_pref <= 1 || conf.master_pref == 255)
13461 return -EINVAL;
13462
13463 changed |= CFG80211_NAN_CONF_CHANGED_PREF;
13464 }
13465
13466 if (info->attrs[NL80211_ATTR_BANDS]) {
13467 u32 bands = nla_get_u32(info->attrs[NL80211_ATTR_BANDS]);
13468
13469 if (bands & ~(u32)wdev->wiphy->nan_supported_bands)
13470 return -EOPNOTSUPP;
13471
13472 if (bands && !(bands & BIT(NL80211_BAND_2GHZ)))
13473 return -EINVAL;
13474
13475 conf.bands = bands;
13476 changed |= CFG80211_NAN_CONF_CHANGED_BANDS;
13477 }
13478
13479 if (!changed)
13480 return -EINVAL;
13481
13482 return rdev_nan_change_conf(rdev, wdev, &conf, changed);
13483 }
13484
13485 void cfg80211_nan_match(struct wireless_dev *wdev,
13486 struct cfg80211_nan_match_params *match, gfp_t gfp)
13487 {
13488 struct wiphy *wiphy = wdev->wiphy;
13489 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
13490 struct nlattr *match_attr, *local_func_attr, *peer_func_attr;
13491 struct sk_buff *msg;
13492 void *hdr;
13493
13494 if (WARN_ON(!match->inst_id || !match->peer_inst_id || !match->addr))
13495 return;
13496
13497 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
13498 if (!msg)
13499 return;
13500
13501 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NAN_MATCH);
13502 if (!hdr) {
13503 nlmsg_free(msg);
13504 return;
13505 }
13506
13507 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
13508 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
13509 wdev->netdev->ifindex)) ||
13510 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
13511 NL80211_ATTR_PAD))
13512 goto nla_put_failure;
13513
13514 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, match->cookie,
13515 NL80211_ATTR_PAD) ||
13516 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, match->addr))
13517 goto nla_put_failure;
13518
13519 match_attr = nla_nest_start_noflag(msg, NL80211_ATTR_NAN_MATCH);
13520 if (!match_attr)
13521 goto nla_put_failure;
13522
13523 local_func_attr = nla_nest_start_noflag(msg,
13524 NL80211_NAN_MATCH_FUNC_LOCAL);
13525 if (!local_func_attr)
13526 goto nla_put_failure;
13527
13528 if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, match->inst_id))
13529 goto nla_put_failure;
13530
13531 nla_nest_end(msg, local_func_attr);
13532
13533 peer_func_attr = nla_nest_start_noflag(msg,
13534 NL80211_NAN_MATCH_FUNC_PEER);
13535 if (!peer_func_attr)
13536 goto nla_put_failure;
13537
13538 if (nla_put_u8(msg, NL80211_NAN_FUNC_TYPE, match->type) ||
13539 nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, match->peer_inst_id))
13540 goto nla_put_failure;
13541
13542 if (match->info && match->info_len &&
13543 nla_put(msg, NL80211_NAN_FUNC_SERVICE_INFO, match->info_len,
13544 match->info))
13545 goto nla_put_failure;
13546
13547 nla_nest_end(msg, peer_func_attr);
13548 nla_nest_end(msg, match_attr);
13549 genlmsg_end(msg, hdr);
13550
13551 if (!wdev->owner_nlportid)
13552 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
13553 msg, 0, NL80211_MCGRP_NAN, gfp);
13554 else
13555 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg,
13556 wdev->owner_nlportid);
13557
13558 return;
13559
13560 nla_put_failure:
13561 nlmsg_free(msg);
13562 }
13563 EXPORT_SYMBOL(cfg80211_nan_match);
13564
13565 void cfg80211_nan_func_terminated(struct wireless_dev *wdev,
13566 u8 inst_id,
13567 enum nl80211_nan_func_term_reason reason,
13568 u64 cookie, gfp_t gfp)
13569 {
13570 struct wiphy *wiphy = wdev->wiphy;
13571 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
13572 struct sk_buff *msg;
13573 struct nlattr *func_attr;
13574 void *hdr;
13575
13576 if (WARN_ON(!inst_id))
13577 return;
13578
13579 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
13580 if (!msg)
13581 return;
13582
13583 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DEL_NAN_FUNCTION);
13584 if (!hdr) {
13585 nlmsg_free(msg);
13586 return;
13587 }
13588
13589 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
13590 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
13591 wdev->netdev->ifindex)) ||
13592 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
13593 NL80211_ATTR_PAD))
13594 goto nla_put_failure;
13595
13596 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
13597 NL80211_ATTR_PAD))
13598 goto nla_put_failure;
13599
13600 func_attr = nla_nest_start_noflag(msg, NL80211_ATTR_NAN_FUNC);
13601 if (!func_attr)
13602 goto nla_put_failure;
13603
13604 if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, inst_id) ||
13605 nla_put_u8(msg, NL80211_NAN_FUNC_TERM_REASON, reason))
13606 goto nla_put_failure;
13607
13608 nla_nest_end(msg, func_attr);
13609 genlmsg_end(msg, hdr);
13610
13611 if (!wdev->owner_nlportid)
13612 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
13613 msg, 0, NL80211_MCGRP_NAN, gfp);
13614 else
13615 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg,
13616 wdev->owner_nlportid);
13617
13618 return;
13619
13620 nla_put_failure:
13621 nlmsg_free(msg);
13622 }
13623 EXPORT_SYMBOL(cfg80211_nan_func_terminated);
13624
13625 static int nl80211_get_protocol_features(struct sk_buff *skb,
13626 struct genl_info *info)
13627 {
13628 void *hdr;
13629 struct sk_buff *msg;
13630
13631 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
13632 if (!msg)
13633 return -ENOMEM;
13634
13635 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
13636 NL80211_CMD_GET_PROTOCOL_FEATURES);
13637 if (!hdr)
13638 goto nla_put_failure;
13639
13640 if (nla_put_u32(msg, NL80211_ATTR_PROTOCOL_FEATURES,
13641 NL80211_PROTOCOL_FEATURE_SPLIT_WIPHY_DUMP))
13642 goto nla_put_failure;
13643
13644 genlmsg_end(msg, hdr);
13645 return genlmsg_reply(msg, info);
13646
13647 nla_put_failure:
13648 kfree_skb(msg);
13649 return -ENOBUFS;
13650 }
13651
13652 static int nl80211_update_ft_ies(struct sk_buff *skb, struct genl_info *info)
13653 {
13654 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13655 struct cfg80211_update_ft_ies_params ft_params;
13656 struct net_device *dev = info->user_ptr[1];
13657
13658 if (!rdev->ops->update_ft_ies)
13659 return -EOPNOTSUPP;
13660
13661 if (!info->attrs[NL80211_ATTR_MDID] ||
13662 !info->attrs[NL80211_ATTR_IE])
13663 return -EINVAL;
13664
13665 memset(&ft_params, 0, sizeof(ft_params));
13666 ft_params.md = nla_get_u16(info->attrs[NL80211_ATTR_MDID]);
13667 ft_params.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
13668 ft_params.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
13669
13670 return rdev_update_ft_ies(rdev, dev, &ft_params);
13671 }
13672
13673 static int nl80211_crit_protocol_start(struct sk_buff *skb,
13674 struct genl_info *info)
13675 {
13676 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13677 struct wireless_dev *wdev = info->user_ptr[1];
13678 enum nl80211_crit_proto_id proto = NL80211_CRIT_PROTO_UNSPEC;
13679 u16 duration;
13680 int ret;
13681
13682 if (!rdev->ops->crit_proto_start)
13683 return -EOPNOTSUPP;
13684
13685 if (WARN_ON(!rdev->ops->crit_proto_stop))
13686 return -EINVAL;
13687
13688 if (rdev->crit_proto_nlportid)
13689 return -EBUSY;
13690
13691 /* determine protocol if provided */
13692 if (info->attrs[NL80211_ATTR_CRIT_PROT_ID])
13693 proto = nla_get_u16(info->attrs[NL80211_ATTR_CRIT_PROT_ID]);
13694
13695 if (proto >= NUM_NL80211_CRIT_PROTO)
13696 return -EINVAL;
13697
13698 /* timeout must be provided */
13699 if (!info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION])
13700 return -EINVAL;
13701
13702 duration =
13703 nla_get_u16(info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION]);
13704
13705 ret = rdev_crit_proto_start(rdev, wdev, proto, duration);
13706 if (!ret)
13707 rdev->crit_proto_nlportid = info->snd_portid;
13708
13709 return ret;
13710 }
13711
13712 static int nl80211_crit_protocol_stop(struct sk_buff *skb,
13713 struct genl_info *info)
13714 {
13715 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13716 struct wireless_dev *wdev = info->user_ptr[1];
13717
13718 if (!rdev->ops->crit_proto_stop)
13719 return -EOPNOTSUPP;
13720
13721 if (rdev->crit_proto_nlportid) {
13722 rdev->crit_proto_nlportid = 0;
13723 rdev_crit_proto_stop(rdev, wdev);
13724 }
13725 return 0;
13726 }
13727
13728 static int nl80211_vendor_check_policy(const struct wiphy_vendor_command *vcmd,
13729 struct nlattr *attr,
13730 struct netlink_ext_ack *extack)
13731 {
13732 if (vcmd->policy == VENDOR_CMD_RAW_DATA) {
13733 if (attr->nla_type & NLA_F_NESTED) {
13734 NL_SET_ERR_MSG_ATTR(extack, attr,
13735 "unexpected nested data");
13736 return -EINVAL;
13737 }
13738
13739 return 0;
13740 }
13741
13742 if (!(attr->nla_type & NLA_F_NESTED)) {
13743 NL_SET_ERR_MSG_ATTR(extack, attr, "expected nested data");
13744 return -EINVAL;
13745 }
13746
13747 return nla_validate_nested(attr, vcmd->maxattr, vcmd->policy, extack);
13748 }
13749
13750 static int nl80211_vendor_cmd(struct sk_buff *skb, struct genl_info *info)
13751 {
13752 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13753 struct wireless_dev *wdev =
13754 __cfg80211_wdev_from_attrs(rdev, genl_info_net(info),
13755 info->attrs);
13756 int i, err;
13757 u32 vid, subcmd;
13758
13759 if (!rdev->wiphy.vendor_commands)
13760 return -EOPNOTSUPP;
13761
13762 if (IS_ERR(wdev)) {
13763 err = PTR_ERR(wdev);
13764 if (err != -EINVAL)
13765 return err;
13766 wdev = NULL;
13767 } else if (wdev->wiphy != &rdev->wiphy) {
13768 return -EINVAL;
13769 }
13770
13771 if (!info->attrs[NL80211_ATTR_VENDOR_ID] ||
13772 !info->attrs[NL80211_ATTR_VENDOR_SUBCMD])
13773 return -EINVAL;
13774
13775 vid = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_ID]);
13776 subcmd = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_SUBCMD]);
13777 for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) {
13778 const struct wiphy_vendor_command *vcmd;
13779 void *data = NULL;
13780 int len = 0;
13781
13782 vcmd = &rdev->wiphy.vendor_commands[i];
13783
13784 if (vcmd->info.vendor_id != vid || vcmd->info.subcmd != subcmd)
13785 continue;
13786
13787 if (vcmd->flags & (WIPHY_VENDOR_CMD_NEED_WDEV |
13788 WIPHY_VENDOR_CMD_NEED_NETDEV)) {
13789 if (!wdev)
13790 return -EINVAL;
13791 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_NETDEV &&
13792 !wdev->netdev)
13793 return -EINVAL;
13794
13795 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_RUNNING) {
13796 if (!wdev_running(wdev))
13797 return -ENETDOWN;
13798 }
13799 } else {
13800 wdev = NULL;
13801 }
13802
13803 if (!vcmd->doit)
13804 return -EOPNOTSUPP;
13805
13806 if (info->attrs[NL80211_ATTR_VENDOR_DATA]) {
13807 data = nla_data(info->attrs[NL80211_ATTR_VENDOR_DATA]);
13808 len = nla_len(info->attrs[NL80211_ATTR_VENDOR_DATA]);
13809
13810 err = nl80211_vendor_check_policy(vcmd,
13811 info->attrs[NL80211_ATTR_VENDOR_DATA],
13812 info->extack);
13813 if (err)
13814 return err;
13815 }
13816
13817 rdev->cur_cmd_info = info;
13818 err = vcmd->doit(&rdev->wiphy, wdev, data, len);
13819 rdev->cur_cmd_info = NULL;
13820 return err;
13821 }
13822
13823 return -EOPNOTSUPP;
13824 }
13825
13826 static int nl80211_prepare_vendor_dump(struct sk_buff *skb,
13827 struct netlink_callback *cb,
13828 struct cfg80211_registered_device **rdev,
13829 struct wireless_dev **wdev)
13830 {
13831 struct nlattr **attrbuf;
13832 u32 vid, subcmd;
13833 unsigned int i;
13834 int vcmd_idx = -1;
13835 int err;
13836 void *data = NULL;
13837 unsigned int data_len = 0;
13838
13839 if (cb->args[0]) {
13840 /* subtract the 1 again here */
13841 struct wiphy *wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1);
13842 struct wireless_dev *tmp;
13843
13844 if (!wiphy)
13845 return -ENODEV;
13846 *rdev = wiphy_to_rdev(wiphy);
13847 *wdev = NULL;
13848
13849 if (cb->args[1]) {
13850 list_for_each_entry(tmp, &wiphy->wdev_list, list) {
13851 if (tmp->identifier == cb->args[1] - 1) {
13852 *wdev = tmp;
13853 break;
13854 }
13855 }
13856 }
13857
13858 /* keep rtnl locked in successful case */
13859 return 0;
13860 }
13861
13862 attrbuf = kcalloc(NUM_NL80211_ATTR, sizeof(*attrbuf), GFP_KERNEL);
13863 if (!attrbuf)
13864 return -ENOMEM;
13865
13866 err = nlmsg_parse_deprecated(cb->nlh,
13867 GENL_HDRLEN + nl80211_fam.hdrsize,
13868 attrbuf, nl80211_fam.maxattr,
13869 nl80211_policy, NULL);
13870 if (err)
13871 goto out;
13872
13873 if (!attrbuf[NL80211_ATTR_VENDOR_ID] ||
13874 !attrbuf[NL80211_ATTR_VENDOR_SUBCMD]) {
13875 err = -EINVAL;
13876 goto out;
13877 }
13878
13879 *wdev = __cfg80211_wdev_from_attrs(NULL, sock_net(skb->sk), attrbuf);
13880 if (IS_ERR(*wdev))
13881 *wdev = NULL;
13882
13883 *rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk), attrbuf);
13884 if (IS_ERR(*rdev)) {
13885 err = PTR_ERR(*rdev);
13886 goto out;
13887 }
13888
13889 vid = nla_get_u32(attrbuf[NL80211_ATTR_VENDOR_ID]);
13890 subcmd = nla_get_u32(attrbuf[NL80211_ATTR_VENDOR_SUBCMD]);
13891
13892 for (i = 0; i < (*rdev)->wiphy.n_vendor_commands; i++) {
13893 const struct wiphy_vendor_command *vcmd;
13894
13895 vcmd = &(*rdev)->wiphy.vendor_commands[i];
13896
13897 if (vcmd->info.vendor_id != vid || vcmd->info.subcmd != subcmd)
13898 continue;
13899
13900 if (!vcmd->dumpit) {
13901 err = -EOPNOTSUPP;
13902 goto out;
13903 }
13904
13905 vcmd_idx = i;
13906 break;
13907 }
13908
13909 if (vcmd_idx < 0) {
13910 err = -EOPNOTSUPP;
13911 goto out;
13912 }
13913
13914 if (attrbuf[NL80211_ATTR_VENDOR_DATA]) {
13915 data = nla_data(attrbuf[NL80211_ATTR_VENDOR_DATA]);
13916 data_len = nla_len(attrbuf[NL80211_ATTR_VENDOR_DATA]);
13917
13918 err = nl80211_vendor_check_policy(
13919 &(*rdev)->wiphy.vendor_commands[vcmd_idx],
13920 attrbuf[NL80211_ATTR_VENDOR_DATA],
13921 cb->extack);
13922 if (err)
13923 goto out;
13924 }
13925
13926 /* 0 is the first index - add 1 to parse only once */
13927 cb->args[0] = (*rdev)->wiphy_idx + 1;
13928 /* add 1 to know if it was NULL */
13929 cb->args[1] = *wdev ? (*wdev)->identifier + 1 : 0;
13930 cb->args[2] = vcmd_idx;
13931 cb->args[3] = (unsigned long)data;
13932 cb->args[4] = data_len;
13933
13934 /* keep rtnl locked in successful case */
13935 err = 0;
13936 out:
13937 kfree(attrbuf);
13938 return err;
13939 }
13940
13941 static int nl80211_vendor_cmd_dump(struct sk_buff *skb,
13942 struct netlink_callback *cb)
13943 {
13944 struct cfg80211_registered_device *rdev;
13945 struct wireless_dev *wdev;
13946 unsigned int vcmd_idx;
13947 const struct wiphy_vendor_command *vcmd;
13948 void *data;
13949 int data_len;
13950 int err;
13951 struct nlattr *vendor_data;
13952
13953 rtnl_lock();
13954 err = nl80211_prepare_vendor_dump(skb, cb, &rdev, &wdev);
13955 if (err)
13956 goto out;
13957
13958 vcmd_idx = cb->args[2];
13959 data = (void *)cb->args[3];
13960 data_len = cb->args[4];
13961 vcmd = &rdev->wiphy.vendor_commands[vcmd_idx];
13962
13963 if (vcmd->flags & (WIPHY_VENDOR_CMD_NEED_WDEV |
13964 WIPHY_VENDOR_CMD_NEED_NETDEV)) {
13965 if (!wdev) {
13966 err = -EINVAL;
13967 goto out;
13968 }
13969 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_NETDEV &&
13970 !wdev->netdev) {
13971 err = -EINVAL;
13972 goto out;
13973 }
13974
13975 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_RUNNING) {
13976 if (!wdev_running(wdev)) {
13977 err = -ENETDOWN;
13978 goto out;
13979 }
13980 }
13981 }
13982
13983 while (1) {
13984 void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid,
13985 cb->nlh->nlmsg_seq, NLM_F_MULTI,
13986 NL80211_CMD_VENDOR);
13987 if (!hdr)
13988 break;
13989
13990 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
13991 (wdev && nla_put_u64_64bit(skb, NL80211_ATTR_WDEV,
13992 wdev_id(wdev),
13993 NL80211_ATTR_PAD))) {
13994 genlmsg_cancel(skb, hdr);
13995 break;
13996 }
13997
13998 vendor_data = nla_nest_start_noflag(skb,
13999 NL80211_ATTR_VENDOR_DATA);
14000 if (!vendor_data) {
14001 genlmsg_cancel(skb, hdr);
14002 break;
14003 }
14004
14005 err = vcmd->dumpit(&rdev->wiphy, wdev, skb, data, data_len,
14006 (unsigned long *)&cb->args[5]);
14007 nla_nest_end(skb, vendor_data);
14008
14009 if (err == -ENOBUFS || err == -ENOENT) {
14010 genlmsg_cancel(skb, hdr);
14011 break;
14012 } else if (err <= 0) {
14013 genlmsg_cancel(skb, hdr);
14014 goto out;
14015 }
14016
14017 genlmsg_end(skb, hdr);
14018 }
14019
14020 err = skb->len;
14021 out:
14022 rtnl_unlock();
14023 return err;
14024 }
14025
14026 struct sk_buff *__cfg80211_alloc_reply_skb(struct wiphy *wiphy,
14027 enum nl80211_commands cmd,
14028 enum nl80211_attrs attr,
14029 int approxlen)
14030 {
14031 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
14032
14033 if (WARN_ON(!rdev->cur_cmd_info))
14034 return NULL;
14035
14036 return __cfg80211_alloc_vendor_skb(rdev, NULL, approxlen,
14037 rdev->cur_cmd_info->snd_portid,
14038 rdev->cur_cmd_info->snd_seq,
14039 cmd, attr, NULL, GFP_KERNEL);
14040 }
14041 EXPORT_SYMBOL(__cfg80211_alloc_reply_skb);
14042
14043 int cfg80211_vendor_cmd_reply(struct sk_buff *skb)
14044 {
14045 struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
14046 void *hdr = ((void **)skb->cb)[1];
14047 struct nlattr *data = ((void **)skb->cb)[2];
14048
14049 /* clear CB data for netlink core to own from now on */
14050 memset(skb->cb, 0, sizeof(skb->cb));
14051
14052 if (WARN_ON(!rdev->cur_cmd_info)) {
14053 kfree_skb(skb);
14054 return -EINVAL;
14055 }
14056
14057 nla_nest_end(skb, data);
14058 genlmsg_end(skb, hdr);
14059 return genlmsg_reply(skb, rdev->cur_cmd_info);
14060 }
14061 EXPORT_SYMBOL_GPL(cfg80211_vendor_cmd_reply);
14062
14063 unsigned int cfg80211_vendor_cmd_get_sender(struct wiphy *wiphy)
14064 {
14065 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
14066
14067 if (WARN_ON(!rdev->cur_cmd_info))
14068 return 0;
14069
14070 return rdev->cur_cmd_info->snd_portid;
14071 }
14072 EXPORT_SYMBOL_GPL(cfg80211_vendor_cmd_get_sender);
14073
14074 static int nl80211_set_qos_map(struct sk_buff *skb,
14075 struct genl_info *info)
14076 {
14077 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14078 struct cfg80211_qos_map *qos_map = NULL;
14079 struct net_device *dev = info->user_ptr[1];
14080 u8 *pos, len, num_des, des_len, des;
14081 int ret;
14082
14083 if (!rdev->ops->set_qos_map)
14084 return -EOPNOTSUPP;
14085
14086 if (info->attrs[NL80211_ATTR_QOS_MAP]) {
14087 pos = nla_data(info->attrs[NL80211_ATTR_QOS_MAP]);
14088 len = nla_len(info->attrs[NL80211_ATTR_QOS_MAP]);
14089
14090 if (len % 2)
14091 return -EINVAL;
14092
14093 qos_map = kzalloc(sizeof(struct cfg80211_qos_map), GFP_KERNEL);
14094 if (!qos_map)
14095 return -ENOMEM;
14096
14097 num_des = (len - IEEE80211_QOS_MAP_LEN_MIN) >> 1;
14098 if (num_des) {
14099 des_len = num_des *
14100 sizeof(struct cfg80211_dscp_exception);
14101 memcpy(qos_map->dscp_exception, pos, des_len);
14102 qos_map->num_des = num_des;
14103 for (des = 0; des < num_des; des++) {
14104 if (qos_map->dscp_exception[des].up > 7) {
14105 kfree(qos_map);
14106 return -EINVAL;
14107 }
14108 }
14109 pos += des_len;
14110 }
14111 memcpy(qos_map->up, pos, IEEE80211_QOS_MAP_LEN_MIN);
14112 }
14113
14114 wdev_lock(dev->ieee80211_ptr);
14115 ret = nl80211_key_allowed(dev->ieee80211_ptr);
14116 if (!ret)
14117 ret = rdev_set_qos_map(rdev, dev, qos_map);
14118 wdev_unlock(dev->ieee80211_ptr);
14119
14120 kfree(qos_map);
14121 return ret;
14122 }
14123
14124 static int nl80211_add_tx_ts(struct sk_buff *skb, struct genl_info *info)
14125 {
14126 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14127 struct net_device *dev = info->user_ptr[1];
14128 struct wireless_dev *wdev = dev->ieee80211_ptr;
14129 const u8 *peer;
14130 u8 tsid, up;
14131 u16 admitted_time = 0;
14132 int err;
14133
14134 if (!(rdev->wiphy.features & NL80211_FEATURE_SUPPORTS_WMM_ADMISSION))
14135 return -EOPNOTSUPP;
14136
14137 if (!info->attrs[NL80211_ATTR_TSID] || !info->attrs[NL80211_ATTR_MAC] ||
14138 !info->attrs[NL80211_ATTR_USER_PRIO])
14139 return -EINVAL;
14140
14141 tsid = nla_get_u8(info->attrs[NL80211_ATTR_TSID]);
14142 up = nla_get_u8(info->attrs[NL80211_ATTR_USER_PRIO]);
14143
14144 /* WMM uses TIDs 0-7 even for TSPEC */
14145 if (tsid >= IEEE80211_FIRST_TSPEC_TSID) {
14146 /* TODO: handle 802.11 TSPEC/admission control
14147 * need more attributes for that (e.g. BA session requirement);
14148 * change the WMM adminssion test above to allow both then
14149 */
14150 return -EINVAL;
14151 }
14152
14153 peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
14154
14155 if (info->attrs[NL80211_ATTR_ADMITTED_TIME]) {
14156 admitted_time =
14157 nla_get_u16(info->attrs[NL80211_ATTR_ADMITTED_TIME]);
14158 if (!admitted_time)
14159 return -EINVAL;
14160 }
14161
14162 wdev_lock(wdev);
14163 switch (wdev->iftype) {
14164 case NL80211_IFTYPE_STATION:
14165 case NL80211_IFTYPE_P2P_CLIENT:
14166 if (wdev->current_bss)
14167 break;
14168 err = -ENOTCONN;
14169 goto out;
14170 default:
14171 err = -EOPNOTSUPP;
14172 goto out;
14173 }
14174
14175 err = rdev_add_tx_ts(rdev, dev, tsid, peer, up, admitted_time);
14176
14177 out:
14178 wdev_unlock(wdev);
14179 return err;
14180 }
14181
14182 static int nl80211_del_tx_ts(struct sk_buff *skb, struct genl_info *info)
14183 {
14184 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14185 struct net_device *dev = info->user_ptr[1];
14186 struct wireless_dev *wdev = dev->ieee80211_ptr;
14187 const u8 *peer;
14188 u8 tsid;
14189 int err;
14190
14191 if (!info->attrs[NL80211_ATTR_TSID] || !info->attrs[NL80211_ATTR_MAC])
14192 return -EINVAL;
14193
14194 tsid = nla_get_u8(info->attrs[NL80211_ATTR_TSID]);
14195 peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
14196
14197 wdev_lock(wdev);
14198 err = rdev_del_tx_ts(rdev, dev, tsid, peer);
14199 wdev_unlock(wdev);
14200
14201 return err;
14202 }
14203
14204 static int nl80211_tdls_channel_switch(struct sk_buff *skb,
14205 struct genl_info *info)
14206 {
14207 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14208 struct net_device *dev = info->user_ptr[1];
14209 struct wireless_dev *wdev = dev->ieee80211_ptr;
14210 struct cfg80211_chan_def chandef = {};
14211 const u8 *addr;
14212 u8 oper_class;
14213 int err;
14214
14215 if (!rdev->ops->tdls_channel_switch ||
14216 !(rdev->wiphy.features & NL80211_FEATURE_TDLS_CHANNEL_SWITCH))
14217 return -EOPNOTSUPP;
14218
14219 switch (dev->ieee80211_ptr->iftype) {
14220 case NL80211_IFTYPE_STATION:
14221 case NL80211_IFTYPE_P2P_CLIENT:
14222 break;
14223 default:
14224 return -EOPNOTSUPP;
14225 }
14226
14227 if (!info->attrs[NL80211_ATTR_MAC] ||
14228 !info->attrs[NL80211_ATTR_OPER_CLASS])
14229 return -EINVAL;
14230
14231 err = nl80211_parse_chandef(rdev, info, &chandef);
14232 if (err)
14233 return err;
14234
14235 /*
14236 * Don't allow wide channels on the 2.4Ghz band, as per IEEE802.11-2012
14237 * section 10.22.6.2.1. Disallow 5/10Mhz channels as well for now, the
14238 * specification is not defined for them.
14239 */
14240 if (chandef.chan->band == NL80211_BAND_2GHZ &&
14241 chandef.width != NL80211_CHAN_WIDTH_20_NOHT &&
14242 chandef.width != NL80211_CHAN_WIDTH_20)
14243 return -EINVAL;
14244
14245 /* we will be active on the TDLS link */
14246 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &chandef,
14247 wdev->iftype))
14248 return -EINVAL;
14249
14250 /* don't allow switching to DFS channels */
14251 if (cfg80211_chandef_dfs_required(wdev->wiphy, &chandef, wdev->iftype))
14252 return -EINVAL;
14253
14254 addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
14255 oper_class = nla_get_u8(info->attrs[NL80211_ATTR_OPER_CLASS]);
14256
14257 wdev_lock(wdev);
14258 err = rdev_tdls_channel_switch(rdev, dev, addr, oper_class, &chandef);
14259 wdev_unlock(wdev);
14260
14261 return err;
14262 }
14263
14264 static int nl80211_tdls_cancel_channel_switch(struct sk_buff *skb,
14265 struct genl_info *info)
14266 {
14267 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14268 struct net_device *dev = info->user_ptr[1];
14269 struct wireless_dev *wdev = dev->ieee80211_ptr;
14270 const u8 *addr;
14271
14272 if (!rdev->ops->tdls_channel_switch ||
14273 !rdev->ops->tdls_cancel_channel_switch ||
14274 !(rdev->wiphy.features & NL80211_FEATURE_TDLS_CHANNEL_SWITCH))
14275 return -EOPNOTSUPP;
14276
14277 switch (dev->ieee80211_ptr->iftype) {
14278 case NL80211_IFTYPE_STATION:
14279 case NL80211_IFTYPE_P2P_CLIENT:
14280 break;
14281 default:
14282 return -EOPNOTSUPP;
14283 }
14284
14285 if (!info->attrs[NL80211_ATTR_MAC])
14286 return -EINVAL;
14287
14288 addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
14289
14290 wdev_lock(wdev);
14291 rdev_tdls_cancel_channel_switch(rdev, dev, addr);
14292 wdev_unlock(wdev);
14293
14294 return 0;
14295 }
14296
14297 static int nl80211_set_multicast_to_unicast(struct sk_buff *skb,
14298 struct genl_info *info)
14299 {
14300 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14301 struct net_device *dev = info->user_ptr[1];
14302 struct wireless_dev *wdev = dev->ieee80211_ptr;
14303 const struct nlattr *nla;
14304 bool enabled;
14305
14306 if (!rdev->ops->set_multicast_to_unicast)
14307 return -EOPNOTSUPP;
14308
14309 if (wdev->iftype != NL80211_IFTYPE_AP &&
14310 wdev->iftype != NL80211_IFTYPE_P2P_GO)
14311 return -EOPNOTSUPP;
14312
14313 nla = info->attrs[NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED];
14314 enabled = nla_get_flag(nla);
14315
14316 return rdev_set_multicast_to_unicast(rdev, dev, enabled);
14317 }
14318
14319 static int nl80211_set_pmk(struct sk_buff *skb, struct genl_info *info)
14320 {
14321 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14322 struct net_device *dev = info->user_ptr[1];
14323 struct wireless_dev *wdev = dev->ieee80211_ptr;
14324 struct cfg80211_pmk_conf pmk_conf = {};
14325 int ret;
14326
14327 if (wdev->iftype != NL80211_IFTYPE_STATION &&
14328 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
14329 return -EOPNOTSUPP;
14330
14331 if (!wiphy_ext_feature_isset(&rdev->wiphy,
14332 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
14333 return -EOPNOTSUPP;
14334
14335 if (!info->attrs[NL80211_ATTR_MAC] || !info->attrs[NL80211_ATTR_PMK])
14336 return -EINVAL;
14337
14338 wdev_lock(wdev);
14339 if (!wdev->current_bss) {
14340 ret = -ENOTCONN;
14341 goto out;
14342 }
14343
14344 pmk_conf.aa = nla_data(info->attrs[NL80211_ATTR_MAC]);
14345 if (memcmp(pmk_conf.aa, wdev->current_bss->pub.bssid, ETH_ALEN)) {
14346 ret = -EINVAL;
14347 goto out;
14348 }
14349
14350 pmk_conf.pmk = nla_data(info->attrs[NL80211_ATTR_PMK]);
14351 pmk_conf.pmk_len = nla_len(info->attrs[NL80211_ATTR_PMK]);
14352 if (pmk_conf.pmk_len != WLAN_PMK_LEN &&
14353 pmk_conf.pmk_len != WLAN_PMK_LEN_SUITE_B_192) {
14354 ret = -EINVAL;
14355 goto out;
14356 }
14357
14358 if (info->attrs[NL80211_ATTR_PMKR0_NAME])
14359 pmk_conf.pmk_r0_name =
14360 nla_data(info->attrs[NL80211_ATTR_PMKR0_NAME]);
14361
14362 ret = rdev_set_pmk(rdev, dev, &pmk_conf);
14363 out:
14364 wdev_unlock(wdev);
14365 return ret;
14366 }
14367
14368 static int nl80211_del_pmk(struct sk_buff *skb, struct genl_info *info)
14369 {
14370 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14371 struct net_device *dev = info->user_ptr[1];
14372 struct wireless_dev *wdev = dev->ieee80211_ptr;
14373 const u8 *aa;
14374 int ret;
14375
14376 if (wdev->iftype != NL80211_IFTYPE_STATION &&
14377 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
14378 return -EOPNOTSUPP;
14379
14380 if (!wiphy_ext_feature_isset(&rdev->wiphy,
14381 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
14382 return -EOPNOTSUPP;
14383
14384 if (!info->attrs[NL80211_ATTR_MAC])
14385 return -EINVAL;
14386
14387 wdev_lock(wdev);
14388 aa = nla_data(info->attrs[NL80211_ATTR_MAC]);
14389 ret = rdev_del_pmk(rdev, dev, aa);
14390 wdev_unlock(wdev);
14391
14392 return ret;
14393 }
14394
14395 static int nl80211_external_auth(struct sk_buff *skb, struct genl_info *info)
14396 {
14397 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14398 struct net_device *dev = info->user_ptr[1];
14399 struct cfg80211_external_auth_params params;
14400
14401 if (!rdev->ops->external_auth)
14402 return -EOPNOTSUPP;
14403
14404 if (!info->attrs[NL80211_ATTR_SSID] &&
14405 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
14406 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
14407 return -EINVAL;
14408
14409 if (!info->attrs[NL80211_ATTR_BSSID])
14410 return -EINVAL;
14411
14412 if (!info->attrs[NL80211_ATTR_STATUS_CODE])
14413 return -EINVAL;
14414
14415 memset(&params, 0, sizeof(params));
14416
14417 if (info->attrs[NL80211_ATTR_SSID]) {
14418 params.ssid.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
14419 if (params.ssid.ssid_len == 0)
14420 return -EINVAL;
14421 memcpy(params.ssid.ssid,
14422 nla_data(info->attrs[NL80211_ATTR_SSID]),
14423 params.ssid.ssid_len);
14424 }
14425
14426 memcpy(params.bssid, nla_data(info->attrs[NL80211_ATTR_BSSID]),
14427 ETH_ALEN);
14428
14429 params.status = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
14430
14431 if (info->attrs[NL80211_ATTR_PMKID])
14432 params.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]);
14433
14434 return rdev_external_auth(rdev, dev, &params);
14435 }
14436
14437 static int nl80211_tx_control_port(struct sk_buff *skb, struct genl_info *info)
14438 {
14439 bool dont_wait_for_ack = info->attrs[NL80211_ATTR_DONT_WAIT_FOR_ACK];
14440 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14441 struct net_device *dev = info->user_ptr[1];
14442 struct wireless_dev *wdev = dev->ieee80211_ptr;
14443 const u8 *buf;
14444 size_t len;
14445 u8 *dest;
14446 u16 proto;
14447 bool noencrypt;
14448 u64 cookie = 0;
14449 int err;
14450
14451 if (!wiphy_ext_feature_isset(&rdev->wiphy,
14452 NL80211_EXT_FEATURE_CONTROL_PORT_OVER_NL80211))
14453 return -EOPNOTSUPP;
14454
14455 if (!rdev->ops->tx_control_port)
14456 return -EOPNOTSUPP;
14457
14458 if (!info->attrs[NL80211_ATTR_FRAME] ||
14459 !info->attrs[NL80211_ATTR_MAC] ||
14460 !info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) {
14461 GENL_SET_ERR_MSG(info, "Frame, MAC or ethertype missing");
14462 return -EINVAL;
14463 }
14464
14465 wdev_lock(wdev);
14466
14467 switch (wdev->iftype) {
14468 case NL80211_IFTYPE_AP:
14469 case NL80211_IFTYPE_P2P_GO:
14470 case NL80211_IFTYPE_MESH_POINT:
14471 break;
14472 case NL80211_IFTYPE_ADHOC:
14473 case NL80211_IFTYPE_STATION:
14474 case NL80211_IFTYPE_P2P_CLIENT:
14475 if (wdev->current_bss)
14476 break;
14477 err = -ENOTCONN;
14478 goto out;
14479 default:
14480 err = -EOPNOTSUPP;
14481 goto out;
14482 }
14483
14484 wdev_unlock(wdev);
14485
14486 buf = nla_data(info->attrs[NL80211_ATTR_FRAME]);
14487 len = nla_len(info->attrs[NL80211_ATTR_FRAME]);
14488 dest = nla_data(info->attrs[NL80211_ATTR_MAC]);
14489 proto = nla_get_u16(info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]);
14490 noencrypt =
14491 nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT]);
14492
14493 err = rdev_tx_control_port(rdev, dev, buf, len,
14494 dest, cpu_to_be16(proto), noencrypt,
14495 dont_wait_for_ack ? NULL : &cookie);
14496 if (!err && !dont_wait_for_ack)
14497 nl_set_extack_cookie_u64(info->extack, cookie);
14498 return err;
14499 out:
14500 wdev_unlock(wdev);
14501 return err;
14502 }
14503
14504 static int nl80211_get_ftm_responder_stats(struct sk_buff *skb,
14505 struct genl_info *info)
14506 {
14507 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14508 struct net_device *dev = info->user_ptr[1];
14509 struct wireless_dev *wdev = dev->ieee80211_ptr;
14510 struct cfg80211_ftm_responder_stats ftm_stats = {};
14511 struct sk_buff *msg;
14512 void *hdr;
14513 struct nlattr *ftm_stats_attr;
14514 int err;
14515
14516 if (wdev->iftype != NL80211_IFTYPE_AP || !wdev->beacon_interval)
14517 return -EOPNOTSUPP;
14518
14519 err = rdev_get_ftm_responder_stats(rdev, dev, &ftm_stats);
14520 if (err)
14521 return err;
14522
14523 if (!ftm_stats.filled)
14524 return -ENODATA;
14525
14526 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
14527 if (!msg)
14528 return -ENOMEM;
14529
14530 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
14531 NL80211_CMD_GET_FTM_RESPONDER_STATS);
14532 if (!hdr)
14533 goto nla_put_failure;
14534
14535 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
14536 goto nla_put_failure;
14537
14538 ftm_stats_attr = nla_nest_start_noflag(msg,
14539 NL80211_ATTR_FTM_RESPONDER_STATS);
14540 if (!ftm_stats_attr)
14541 goto nla_put_failure;
14542
14543 #define SET_FTM(field, name, type) \
14544 do { if ((ftm_stats.filled & BIT(NL80211_FTM_STATS_ ## name)) && \
14545 nla_put_ ## type(msg, NL80211_FTM_STATS_ ## name, \
14546 ftm_stats.field)) \
14547 goto nla_put_failure; } while (0)
14548 #define SET_FTM_U64(field, name) \
14549 do { if ((ftm_stats.filled & BIT(NL80211_FTM_STATS_ ## name)) && \
14550 nla_put_u64_64bit(msg, NL80211_FTM_STATS_ ## name, \
14551 ftm_stats.field, NL80211_FTM_STATS_PAD)) \
14552 goto nla_put_failure; } while (0)
14553
14554 SET_FTM(success_num, SUCCESS_NUM, u32);
14555 SET_FTM(partial_num, PARTIAL_NUM, u32);
14556 SET_FTM(failed_num, FAILED_NUM, u32);
14557 SET_FTM(asap_num, ASAP_NUM, u32);
14558 SET_FTM(non_asap_num, NON_ASAP_NUM, u32);
14559 SET_FTM_U64(total_duration_ms, TOTAL_DURATION_MSEC);
14560 SET_FTM(unknown_triggers_num, UNKNOWN_TRIGGERS_NUM, u32);
14561 SET_FTM(reschedule_requests_num, RESCHEDULE_REQUESTS_NUM, u32);
14562 SET_FTM(out_of_window_triggers_num, OUT_OF_WINDOW_TRIGGERS_NUM, u32);
14563 #undef SET_FTM
14564
14565 nla_nest_end(msg, ftm_stats_attr);
14566
14567 genlmsg_end(msg, hdr);
14568 return genlmsg_reply(msg, info);
14569
14570 nla_put_failure:
14571 nlmsg_free(msg);
14572 return -ENOBUFS;
14573 }
14574
14575 static int nl80211_update_owe_info(struct sk_buff *skb, struct genl_info *info)
14576 {
14577 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14578 struct cfg80211_update_owe_info owe_info;
14579 struct net_device *dev = info->user_ptr[1];
14580
14581 if (!rdev->ops->update_owe_info)
14582 return -EOPNOTSUPP;
14583
14584 if (!info->attrs[NL80211_ATTR_STATUS_CODE] ||
14585 !info->attrs[NL80211_ATTR_MAC])
14586 return -EINVAL;
14587
14588 memset(&owe_info, 0, sizeof(owe_info));
14589 owe_info.status = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
14590 nla_memcpy(owe_info.peer, info->attrs[NL80211_ATTR_MAC], ETH_ALEN);
14591
14592 if (info->attrs[NL80211_ATTR_IE]) {
14593 owe_info.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
14594 owe_info.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
14595 }
14596
14597 return rdev_update_owe_info(rdev, dev, &owe_info);
14598 }
14599
14600 static int nl80211_probe_mesh_link(struct sk_buff *skb, struct genl_info *info)
14601 {
14602 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14603 struct net_device *dev = info->user_ptr[1];
14604 struct wireless_dev *wdev = dev->ieee80211_ptr;
14605 struct station_info sinfo = {};
14606 const u8 *buf;
14607 size_t len;
14608 u8 *dest;
14609 int err;
14610
14611 if (!rdev->ops->probe_mesh_link || !rdev->ops->get_station)
14612 return -EOPNOTSUPP;
14613
14614 if (!info->attrs[NL80211_ATTR_MAC] ||
14615 !info->attrs[NL80211_ATTR_FRAME]) {
14616 GENL_SET_ERR_MSG(info, "Frame or MAC missing");
14617 return -EINVAL;
14618 }
14619
14620 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
14621 return -EOPNOTSUPP;
14622
14623 dest = nla_data(info->attrs[NL80211_ATTR_MAC]);
14624 buf = nla_data(info->attrs[NL80211_ATTR_FRAME]);
14625 len = nla_len(info->attrs[NL80211_ATTR_FRAME]);
14626
14627 if (len < sizeof(struct ethhdr))
14628 return -EINVAL;
14629
14630 if (!ether_addr_equal(buf, dest) || is_multicast_ether_addr(buf) ||
14631 !ether_addr_equal(buf + ETH_ALEN, dev->dev_addr))
14632 return -EINVAL;
14633
14634 err = rdev_get_station(rdev, dev, dest, &sinfo);
14635 if (err)
14636 return err;
14637
14638 cfg80211_sinfo_release_content(&sinfo);
14639
14640 return rdev_probe_mesh_link(rdev, dev, dest, buf, len);
14641 }
14642
14643 static int parse_tid_conf(struct cfg80211_registered_device *rdev,
14644 struct nlattr *attrs[], struct net_device *dev,
14645 struct cfg80211_tid_cfg *tid_conf,
14646 struct genl_info *info, const u8 *peer)
14647 {
14648 struct netlink_ext_ack *extack = info->extack;
14649 u64 mask;
14650 int err;
14651
14652 if (!attrs[NL80211_TID_CONFIG_ATTR_TIDS])
14653 return -EINVAL;
14654
14655 tid_conf->config_override =
14656 nla_get_flag(attrs[NL80211_TID_CONFIG_ATTR_OVERRIDE]);
14657 tid_conf->tids = nla_get_u16(attrs[NL80211_TID_CONFIG_ATTR_TIDS]);
14658
14659 if (tid_conf->config_override) {
14660 if (rdev->ops->reset_tid_config) {
14661 err = rdev_reset_tid_config(rdev, dev, peer,
14662 tid_conf->tids);
14663 if (err)
14664 return err;
14665 } else {
14666 return -EINVAL;
14667 }
14668 }
14669
14670 if (attrs[NL80211_TID_CONFIG_ATTR_NOACK]) {
14671 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_NOACK);
14672 tid_conf->noack =
14673 nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_NOACK]);
14674 }
14675
14676 if (attrs[NL80211_TID_CONFIG_ATTR_RETRY_SHORT]) {
14677 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_RETRY_SHORT);
14678 tid_conf->retry_short =
14679 nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_RETRY_SHORT]);
14680
14681 if (tid_conf->retry_short > rdev->wiphy.max_data_retry_count)
14682 return -EINVAL;
14683 }
14684
14685 if (attrs[NL80211_TID_CONFIG_ATTR_RETRY_LONG]) {
14686 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_RETRY_LONG);
14687 tid_conf->retry_long =
14688 nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_RETRY_LONG]);
14689
14690 if (tid_conf->retry_long > rdev->wiphy.max_data_retry_count)
14691 return -EINVAL;
14692 }
14693
14694 if (attrs[NL80211_TID_CONFIG_ATTR_AMPDU_CTRL]) {
14695 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL);
14696 tid_conf->ampdu =
14697 nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_AMPDU_CTRL]);
14698 }
14699
14700 if (attrs[NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL]) {
14701 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL);
14702 tid_conf->rtscts =
14703 nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL]);
14704 }
14705
14706 if (attrs[NL80211_TID_CONFIG_ATTR_AMSDU_CTRL]) {
14707 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_AMSDU_CTRL);
14708 tid_conf->amsdu =
14709 nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_AMSDU_CTRL]);
14710 }
14711
14712 if (attrs[NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE]) {
14713 u32 idx = NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE, attr;
14714
14715 tid_conf->txrate_type = nla_get_u8(attrs[idx]);
14716
14717 if (tid_conf->txrate_type != NL80211_TX_RATE_AUTOMATIC) {
14718 attr = NL80211_TID_CONFIG_ATTR_TX_RATE;
14719 err = nl80211_parse_tx_bitrate_mask(info, attrs, attr,
14720 &tid_conf->txrate_mask, dev,
14721 true);
14722 if (err)
14723 return err;
14724
14725 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_TX_RATE);
14726 }
14727 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE);
14728 }
14729
14730 if (peer)
14731 mask = rdev->wiphy.tid_config_support.peer;
14732 else
14733 mask = rdev->wiphy.tid_config_support.vif;
14734
14735 if (tid_conf->mask & ~mask) {
14736 NL_SET_ERR_MSG(extack, "unsupported TID configuration");
14737 return -ENOTSUPP;
14738 }
14739
14740 return 0;
14741 }
14742
14743 static int nl80211_set_tid_config(struct sk_buff *skb,
14744 struct genl_info *info)
14745 {
14746 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14747 struct nlattr *attrs[NL80211_TID_CONFIG_ATTR_MAX + 1];
14748 struct net_device *dev = info->user_ptr[1];
14749 struct cfg80211_tid_config *tid_config;
14750 struct nlattr *tid;
14751 int conf_idx = 0, rem_conf;
14752 int ret = -EINVAL;
14753 u32 num_conf = 0;
14754
14755 if (!info->attrs[NL80211_ATTR_TID_CONFIG])
14756 return -EINVAL;
14757
14758 if (!rdev->ops->set_tid_config)
14759 return -EOPNOTSUPP;
14760
14761 nla_for_each_nested(tid, info->attrs[NL80211_ATTR_TID_CONFIG],
14762 rem_conf)
14763 num_conf++;
14764
14765 tid_config = kzalloc(struct_size(tid_config, tid_conf, num_conf),
14766 GFP_KERNEL);
14767 if (!tid_config)
14768 return -ENOMEM;
14769
14770 tid_config->n_tid_conf = num_conf;
14771
14772 if (info->attrs[NL80211_ATTR_MAC])
14773 tid_config->peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
14774
14775 nla_for_each_nested(tid, info->attrs[NL80211_ATTR_TID_CONFIG],
14776 rem_conf) {
14777 ret = nla_parse_nested(attrs, NL80211_TID_CONFIG_ATTR_MAX,
14778 tid, NULL, NULL);
14779
14780 if (ret)
14781 goto bad_tid_conf;
14782
14783 ret = parse_tid_conf(rdev, attrs, dev,
14784 &tid_config->tid_conf[conf_idx],
14785 info, tid_config->peer);
14786 if (ret)
14787 goto bad_tid_conf;
14788
14789 conf_idx++;
14790 }
14791
14792 ret = rdev_set_tid_config(rdev, dev, tid_config);
14793
14794 bad_tid_conf:
14795 kfree(tid_config);
14796 return ret;
14797 }
14798
14799 #define NL80211_FLAG_NEED_WIPHY 0x01
14800 #define NL80211_FLAG_NEED_NETDEV 0x02
14801 #define NL80211_FLAG_NEED_RTNL 0x04
14802 #define NL80211_FLAG_CHECK_NETDEV_UP 0x08
14803 #define NL80211_FLAG_NEED_NETDEV_UP (NL80211_FLAG_NEED_NETDEV |\
14804 NL80211_FLAG_CHECK_NETDEV_UP)
14805 #define NL80211_FLAG_NEED_WDEV 0x10
14806 /* If a netdev is associated, it must be UP, P2P must be started */
14807 #define NL80211_FLAG_NEED_WDEV_UP (NL80211_FLAG_NEED_WDEV |\
14808 NL80211_FLAG_CHECK_NETDEV_UP)
14809 #define NL80211_FLAG_CLEAR_SKB 0x20
14810 #define NL80211_FLAG_NO_WIPHY_MTX 0x40
14811
14812 static int nl80211_pre_doit(const struct genl_ops *ops, struct sk_buff *skb,
14813 struct genl_info *info)
14814 {
14815 struct cfg80211_registered_device *rdev = NULL;
14816 struct wireless_dev *wdev;
14817 struct net_device *dev;
14818
14819 rtnl_lock();
14820 if (ops->internal_flags & NL80211_FLAG_NEED_WIPHY) {
14821 rdev = cfg80211_get_dev_from_info(genl_info_net(info), info);
14822 if (IS_ERR(rdev)) {
14823 rtnl_unlock();
14824 return PTR_ERR(rdev);
14825 }
14826 info->user_ptr[0] = rdev;
14827 } else if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV ||
14828 ops->internal_flags & NL80211_FLAG_NEED_WDEV) {
14829 wdev = __cfg80211_wdev_from_attrs(NULL, genl_info_net(info),
14830 info->attrs);
14831 if (IS_ERR(wdev)) {
14832 rtnl_unlock();
14833 return PTR_ERR(wdev);
14834 }
14835
14836 dev = wdev->netdev;
14837 rdev = wiphy_to_rdev(wdev->wiphy);
14838
14839 if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV) {
14840 if (!dev) {
14841 rtnl_unlock();
14842 return -EINVAL;
14843 }
14844
14845 info->user_ptr[1] = dev;
14846 } else {
14847 info->user_ptr[1] = wdev;
14848 }
14849
14850 if (ops->internal_flags & NL80211_FLAG_CHECK_NETDEV_UP &&
14851 !wdev_running(wdev)) {
14852 rtnl_unlock();
14853 return -ENETDOWN;
14854 }
14855
14856 if (dev)
14857 dev_hold(dev);
14858
14859 info->user_ptr[0] = rdev;
14860 }
14861
14862 if (rdev && !(ops->internal_flags & NL80211_FLAG_NO_WIPHY_MTX)) {
14863 wiphy_lock(&rdev->wiphy);
14864 /* we keep the mutex locked until post_doit */
14865 __release(&rdev->wiphy.mtx);
14866 }
14867 if (!(ops->internal_flags & NL80211_FLAG_NEED_RTNL))
14868 rtnl_unlock();
14869
14870 return 0;
14871 }
14872
14873 static void nl80211_post_doit(const struct genl_ops *ops, struct sk_buff *skb,
14874 struct genl_info *info)
14875 {
14876 if (info->user_ptr[1]) {
14877 if (ops->internal_flags & NL80211_FLAG_NEED_WDEV) {
14878 struct wireless_dev *wdev = info->user_ptr[1];
14879
14880 if (wdev->netdev)
14881 dev_put(wdev->netdev);
14882 } else {
14883 dev_put(info->user_ptr[1]);
14884 }
14885 }
14886
14887 if (info->user_ptr[0] &&
14888 !(ops->internal_flags & NL80211_FLAG_NO_WIPHY_MTX)) {
14889 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14890
14891 /* we kept the mutex locked since pre_doit */
14892 __acquire(&rdev->wiphy.mtx);
14893 wiphy_unlock(&rdev->wiphy);
14894 }
14895
14896 if (ops->internal_flags & NL80211_FLAG_NEED_RTNL)
14897 rtnl_unlock();
14898
14899 /* If needed, clear the netlink message payload from the SKB
14900 * as it might contain key data that shouldn't stick around on
14901 * the heap after the SKB is freed. The netlink message header
14902 * is still needed for further processing, so leave it intact.
14903 */
14904 if (ops->internal_flags & NL80211_FLAG_CLEAR_SKB) {
14905 struct nlmsghdr *nlh = nlmsg_hdr(skb);
14906
14907 memset(nlmsg_data(nlh), 0, nlmsg_len(nlh));
14908 }
14909 }
14910
14911 static int nl80211_set_sar_sub_specs(struct cfg80211_registered_device *rdev,
14912 struct cfg80211_sar_specs *sar_specs,
14913 struct nlattr *spec[], int index)
14914 {
14915 u32 range_index, i;
14916
14917 if (!sar_specs || !spec)
14918 return -EINVAL;
14919
14920 if (!spec[NL80211_SAR_ATTR_SPECS_POWER] ||
14921 !spec[NL80211_SAR_ATTR_SPECS_RANGE_INDEX])
14922 return -EINVAL;
14923
14924 range_index = nla_get_u32(spec[NL80211_SAR_ATTR_SPECS_RANGE_INDEX]);
14925
14926 /* check if range_index exceeds num_freq_ranges */
14927 if (range_index >= rdev->wiphy.sar_capa->num_freq_ranges)
14928 return -EINVAL;
14929
14930 /* check if range_index duplicates */
14931 for (i = 0; i < index; i++) {
14932 if (sar_specs->sub_specs[i].freq_range_index == range_index)
14933 return -EINVAL;
14934 }
14935
14936 sar_specs->sub_specs[index].power =
14937 nla_get_s32(spec[NL80211_SAR_ATTR_SPECS_POWER]);
14938
14939 sar_specs->sub_specs[index].freq_range_index = range_index;
14940
14941 return 0;
14942 }
14943
14944 static int nl80211_set_sar_specs(struct sk_buff *skb, struct genl_info *info)
14945 {
14946 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14947 struct nlattr *spec[NL80211_SAR_ATTR_SPECS_MAX + 1];
14948 struct nlattr *tb[NL80211_SAR_ATTR_MAX + 1];
14949 struct cfg80211_sar_specs *sar_spec;
14950 enum nl80211_sar_type type;
14951 struct nlattr *spec_list;
14952 u32 specs;
14953 int rem, err;
14954
14955 if (!rdev->wiphy.sar_capa || !rdev->ops->set_sar_specs)
14956 return -EOPNOTSUPP;
14957
14958 if (!info->attrs[NL80211_ATTR_SAR_SPEC])
14959 return -EINVAL;
14960
14961 nla_parse_nested(tb, NL80211_SAR_ATTR_MAX,
14962 info->attrs[NL80211_ATTR_SAR_SPEC],
14963 NULL, NULL);
14964
14965 if (!tb[NL80211_SAR_ATTR_TYPE] || !tb[NL80211_SAR_ATTR_SPECS])
14966 return -EINVAL;
14967
14968 type = nla_get_u32(tb[NL80211_SAR_ATTR_TYPE]);
14969 if (type != rdev->wiphy.sar_capa->type)
14970 return -EINVAL;
14971
14972 specs = 0;
14973 nla_for_each_nested(spec_list, tb[NL80211_SAR_ATTR_SPECS], rem)
14974 specs++;
14975
14976 if (specs > rdev->wiphy.sar_capa->num_freq_ranges)
14977 return -EINVAL;
14978
14979 sar_spec = kzalloc(sizeof(*sar_spec) +
14980 specs * sizeof(struct cfg80211_sar_sub_specs),
14981 GFP_KERNEL);
14982 if (!sar_spec)
14983 return -ENOMEM;
14984
14985 sar_spec->type = type;
14986 specs = 0;
14987 nla_for_each_nested(spec_list, tb[NL80211_SAR_ATTR_SPECS], rem) {
14988 nla_parse_nested(spec, NL80211_SAR_ATTR_SPECS_MAX,
14989 spec_list, NULL, NULL);
14990
14991 switch (type) {
14992 case NL80211_SAR_TYPE_POWER:
14993 if (nl80211_set_sar_sub_specs(rdev, sar_spec,
14994 spec, specs)) {
14995 err = -EINVAL;
14996 goto error;
14997 }
14998 break;
14999 default:
15000 err = -EINVAL;
15001 goto error;
15002 }
15003 specs++;
15004 }
15005
15006 sar_spec->num_sub_specs = specs;
15007
15008 rdev->cur_cmd_info = info;
15009 err = rdev_set_sar_specs(rdev, sar_spec);
15010 rdev->cur_cmd_info = NULL;
15011 error:
15012 kfree(sar_spec);
15013 return err;
15014 }
15015
15016 static const struct genl_ops nl80211_ops[] = {
15017 {
15018 .cmd = NL80211_CMD_GET_WIPHY,
15019 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15020 .doit = nl80211_get_wiphy,
15021 .dumpit = nl80211_dump_wiphy,
15022 .done = nl80211_dump_wiphy_done,
15023 /* can be retrieved by unprivileged users */
15024 .internal_flags = NL80211_FLAG_NEED_WIPHY,
15025 },
15026 };
15027
15028 static const struct genl_small_ops nl80211_small_ops[] = {
15029 {
15030 .cmd = NL80211_CMD_SET_WIPHY,
15031 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15032 .doit = nl80211_set_wiphy,
15033 .flags = GENL_UNS_ADMIN_PERM,
15034 },
15035 {
15036 .cmd = NL80211_CMD_GET_INTERFACE,
15037 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15038 .doit = nl80211_get_interface,
15039 .dumpit = nl80211_dump_interface,
15040 /* can be retrieved by unprivileged users */
15041 .internal_flags = NL80211_FLAG_NEED_WDEV,
15042 },
15043 {
15044 .cmd = NL80211_CMD_SET_INTERFACE,
15045 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15046 .doit = nl80211_set_interface,
15047 .flags = GENL_UNS_ADMIN_PERM,
15048 .internal_flags = NL80211_FLAG_NEED_NETDEV |
15049 NL80211_FLAG_NEED_RTNL,
15050 },
15051 {
15052 .cmd = NL80211_CMD_NEW_INTERFACE,
15053 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15054 .doit = nl80211_new_interface,
15055 .flags = GENL_UNS_ADMIN_PERM,
15056 .internal_flags = NL80211_FLAG_NEED_WIPHY |
15057 NL80211_FLAG_NEED_RTNL |
15058 /* we take the wiphy mutex later ourselves */
15059 NL80211_FLAG_NO_WIPHY_MTX,
15060 },
15061 {
15062 .cmd = NL80211_CMD_DEL_INTERFACE,
15063 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15064 .doit = nl80211_del_interface,
15065 .flags = GENL_UNS_ADMIN_PERM,
15066 .internal_flags = NL80211_FLAG_NEED_WDEV |
15067 NL80211_FLAG_NEED_RTNL,
15068 },
15069 {
15070 .cmd = NL80211_CMD_GET_KEY,
15071 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15072 .doit = nl80211_get_key,
15073 .flags = GENL_UNS_ADMIN_PERM,
15074 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15075 },
15076 {
15077 .cmd = NL80211_CMD_SET_KEY,
15078 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15079 .doit = nl80211_set_key,
15080 .flags = GENL_UNS_ADMIN_PERM,
15081 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15082 NL80211_FLAG_CLEAR_SKB,
15083 },
15084 {
15085 .cmd = NL80211_CMD_NEW_KEY,
15086 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15087 .doit = nl80211_new_key,
15088 .flags = GENL_UNS_ADMIN_PERM,
15089 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15090 NL80211_FLAG_CLEAR_SKB,
15091 },
15092 {
15093 .cmd = NL80211_CMD_DEL_KEY,
15094 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15095 .doit = nl80211_del_key,
15096 .flags = GENL_UNS_ADMIN_PERM,
15097 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15098 },
15099 {
15100 .cmd = NL80211_CMD_SET_BEACON,
15101 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15102 .flags = GENL_UNS_ADMIN_PERM,
15103 .doit = nl80211_set_beacon,
15104 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15105 },
15106 {
15107 .cmd = NL80211_CMD_START_AP,
15108 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15109 .flags = GENL_UNS_ADMIN_PERM,
15110 .doit = nl80211_start_ap,
15111 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15112 },
15113 {
15114 .cmd = NL80211_CMD_STOP_AP,
15115 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15116 .flags = GENL_UNS_ADMIN_PERM,
15117 .doit = nl80211_stop_ap,
15118 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15119 },
15120 {
15121 .cmd = NL80211_CMD_GET_STATION,
15122 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15123 .doit = nl80211_get_station,
15124 .dumpit = nl80211_dump_station,
15125 .internal_flags = NL80211_FLAG_NEED_NETDEV,
15126 },
15127 {
15128 .cmd = NL80211_CMD_SET_STATION,
15129 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15130 .doit = nl80211_set_station,
15131 .flags = GENL_UNS_ADMIN_PERM,
15132 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15133 },
15134 {
15135 .cmd = NL80211_CMD_NEW_STATION,
15136 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15137 .doit = nl80211_new_station,
15138 .flags = GENL_UNS_ADMIN_PERM,
15139 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15140 },
15141 {
15142 .cmd = NL80211_CMD_DEL_STATION,
15143 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15144 .doit = nl80211_del_station,
15145 .flags = GENL_UNS_ADMIN_PERM,
15146 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15147 },
15148 {
15149 .cmd = NL80211_CMD_GET_MPATH,
15150 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15151 .doit = nl80211_get_mpath,
15152 .dumpit = nl80211_dump_mpath,
15153 .flags = GENL_UNS_ADMIN_PERM,
15154 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15155 },
15156 {
15157 .cmd = NL80211_CMD_GET_MPP,
15158 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15159 .doit = nl80211_get_mpp,
15160 .dumpit = nl80211_dump_mpp,
15161 .flags = GENL_UNS_ADMIN_PERM,
15162 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15163 },
15164 {
15165 .cmd = NL80211_CMD_SET_MPATH,
15166 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15167 .doit = nl80211_set_mpath,
15168 .flags = GENL_UNS_ADMIN_PERM,
15169 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15170 },
15171 {
15172 .cmd = NL80211_CMD_NEW_MPATH,
15173 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15174 .doit = nl80211_new_mpath,
15175 .flags = GENL_UNS_ADMIN_PERM,
15176 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15177 },
15178 {
15179 .cmd = NL80211_CMD_DEL_MPATH,
15180 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15181 .doit = nl80211_del_mpath,
15182 .flags = GENL_UNS_ADMIN_PERM,
15183 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15184 },
15185 {
15186 .cmd = NL80211_CMD_SET_BSS,
15187 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15188 .doit = nl80211_set_bss,
15189 .flags = GENL_UNS_ADMIN_PERM,
15190 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15191 },
15192 {
15193 .cmd = NL80211_CMD_GET_REG,
15194 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15195 .doit = nl80211_get_reg_do,
15196 .dumpit = nl80211_get_reg_dump,
15197 .internal_flags = 0,
15198 /* can be retrieved by unprivileged users */
15199 },
15200 #ifdef CONFIG_CFG80211_CRDA_SUPPORT
15201 {
15202 .cmd = NL80211_CMD_SET_REG,
15203 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15204 .doit = nl80211_set_reg,
15205 .flags = GENL_ADMIN_PERM,
15206 .internal_flags = 0,
15207 },
15208 #endif
15209 {
15210 .cmd = NL80211_CMD_REQ_SET_REG,
15211 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15212 .doit = nl80211_req_set_reg,
15213 .flags = GENL_ADMIN_PERM,
15214 },
15215 {
15216 .cmd = NL80211_CMD_RELOAD_REGDB,
15217 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15218 .doit = nl80211_reload_regdb,
15219 .flags = GENL_ADMIN_PERM,
15220 },
15221 {
15222 .cmd = NL80211_CMD_GET_MESH_CONFIG,
15223 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15224 .doit = nl80211_get_mesh_config,
15225 /* can be retrieved by unprivileged users */
15226 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15227 },
15228 {
15229 .cmd = NL80211_CMD_SET_MESH_CONFIG,
15230 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15231 .doit = nl80211_update_mesh_config,
15232 .flags = GENL_UNS_ADMIN_PERM,
15233 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15234 },
15235 {
15236 .cmd = NL80211_CMD_TRIGGER_SCAN,
15237 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15238 .doit = nl80211_trigger_scan,
15239 .flags = GENL_UNS_ADMIN_PERM,
15240 .internal_flags = NL80211_FLAG_NEED_WDEV_UP,
15241 },
15242 {
15243 .cmd = NL80211_CMD_ABORT_SCAN,
15244 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15245 .doit = nl80211_abort_scan,
15246 .flags = GENL_UNS_ADMIN_PERM,
15247 .internal_flags = NL80211_FLAG_NEED_WDEV_UP,
15248 },
15249 {
15250 .cmd = NL80211_CMD_GET_SCAN,
15251 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15252 .dumpit = nl80211_dump_scan,
15253 },
15254 {
15255 .cmd = NL80211_CMD_START_SCHED_SCAN,
15256 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15257 .doit = nl80211_start_sched_scan,
15258 .flags = GENL_UNS_ADMIN_PERM,
15259 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15260 },
15261 {
15262 .cmd = NL80211_CMD_STOP_SCHED_SCAN,
15263 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15264 .doit = nl80211_stop_sched_scan,
15265 .flags = GENL_UNS_ADMIN_PERM,
15266 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15267 },
15268 {
15269 .cmd = NL80211_CMD_AUTHENTICATE,
15270 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15271 .doit = nl80211_authenticate,
15272 .flags = GENL_UNS_ADMIN_PERM,
15273 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15274 0 |
15275 NL80211_FLAG_CLEAR_SKB,
15276 },
15277 {
15278 .cmd = NL80211_CMD_ASSOCIATE,
15279 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15280 .doit = nl80211_associate,
15281 .flags = GENL_UNS_ADMIN_PERM,
15282 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15283 0 |
15284 NL80211_FLAG_CLEAR_SKB,
15285 },
15286 {
15287 .cmd = NL80211_CMD_DEAUTHENTICATE,
15288 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15289 .doit = nl80211_deauthenticate,
15290 .flags = GENL_UNS_ADMIN_PERM,
15291 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15292 },
15293 {
15294 .cmd = NL80211_CMD_DISASSOCIATE,
15295 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15296 .doit = nl80211_disassociate,
15297 .flags = GENL_UNS_ADMIN_PERM,
15298 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15299 },
15300 {
15301 .cmd = NL80211_CMD_JOIN_IBSS,
15302 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15303 .doit = nl80211_join_ibss,
15304 .flags = GENL_UNS_ADMIN_PERM,
15305 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15306 },
15307 {
15308 .cmd = NL80211_CMD_LEAVE_IBSS,
15309 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15310 .doit = nl80211_leave_ibss,
15311 .flags = GENL_UNS_ADMIN_PERM,
15312 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15313 },
15314 #ifdef CONFIG_NL80211_TESTMODE
15315 {
15316 .cmd = NL80211_CMD_TESTMODE,
15317 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15318 .doit = nl80211_testmode_do,
15319 .dumpit = nl80211_testmode_dump,
15320 .flags = GENL_UNS_ADMIN_PERM,
15321 .internal_flags = NL80211_FLAG_NEED_WIPHY,
15322 },
15323 #endif
15324 {
15325 .cmd = NL80211_CMD_CONNECT,
15326 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15327 .doit = nl80211_connect,
15328 .flags = GENL_UNS_ADMIN_PERM,
15329 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15330 0 |
15331 NL80211_FLAG_CLEAR_SKB,
15332 },
15333 {
15334 .cmd = NL80211_CMD_UPDATE_CONNECT_PARAMS,
15335 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15336 .doit = nl80211_update_connect_params,
15337 .flags = GENL_ADMIN_PERM,
15338 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15339 0 |
15340 NL80211_FLAG_CLEAR_SKB,
15341 },
15342 {
15343 .cmd = NL80211_CMD_DISCONNECT,
15344 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15345 .doit = nl80211_disconnect,
15346 .flags = GENL_UNS_ADMIN_PERM,
15347 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15348 },
15349 {
15350 .cmd = NL80211_CMD_SET_WIPHY_NETNS,
15351 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15352 .doit = nl80211_wiphy_netns,
15353 .flags = GENL_UNS_ADMIN_PERM,
15354 .internal_flags = NL80211_FLAG_NEED_WIPHY |
15355 NL80211_FLAG_NEED_RTNL |
15356 NL80211_FLAG_NO_WIPHY_MTX,
15357 },
15358 {
15359 .cmd = NL80211_CMD_GET_SURVEY,
15360 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15361 .dumpit = nl80211_dump_survey,
15362 },
15363 {
15364 .cmd = NL80211_CMD_SET_PMKSA,
15365 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15366 .doit = nl80211_setdel_pmksa,
15367 .flags = GENL_UNS_ADMIN_PERM,
15368 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15369 0 |
15370 NL80211_FLAG_CLEAR_SKB,
15371 },
15372 {
15373 .cmd = NL80211_CMD_DEL_PMKSA,
15374 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15375 .doit = nl80211_setdel_pmksa,
15376 .flags = GENL_UNS_ADMIN_PERM,
15377 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15378 },
15379 {
15380 .cmd = NL80211_CMD_FLUSH_PMKSA,
15381 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15382 .doit = nl80211_flush_pmksa,
15383 .flags = GENL_UNS_ADMIN_PERM,
15384 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15385 },
15386 {
15387 .cmd = NL80211_CMD_REMAIN_ON_CHANNEL,
15388 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15389 .doit = nl80211_remain_on_channel,
15390 .flags = GENL_UNS_ADMIN_PERM,
15391 .internal_flags = NL80211_FLAG_NEED_WDEV_UP,
15392 },
15393 {
15394 .cmd = NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
15395 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15396 .doit = nl80211_cancel_remain_on_channel,
15397 .flags = GENL_UNS_ADMIN_PERM,
15398 .internal_flags = NL80211_FLAG_NEED_WDEV_UP,
15399 },
15400 {
15401 .cmd = NL80211_CMD_SET_TX_BITRATE_MASK,
15402 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15403 .doit = nl80211_set_tx_bitrate_mask,
15404 .flags = GENL_UNS_ADMIN_PERM,
15405 .internal_flags = NL80211_FLAG_NEED_NETDEV,
15406 },
15407 {
15408 .cmd = NL80211_CMD_REGISTER_FRAME,
15409 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15410 .doit = nl80211_register_mgmt,
15411 .flags = GENL_UNS_ADMIN_PERM,
15412 .internal_flags = NL80211_FLAG_NEED_WDEV,
15413 },
15414 {
15415 .cmd = NL80211_CMD_FRAME,
15416 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15417 .doit = nl80211_tx_mgmt,
15418 .flags = GENL_UNS_ADMIN_PERM,
15419 .internal_flags = NL80211_FLAG_NEED_WDEV_UP,
15420 },
15421 {
15422 .cmd = NL80211_CMD_FRAME_WAIT_CANCEL,
15423 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15424 .doit = nl80211_tx_mgmt_cancel_wait,
15425 .flags = GENL_UNS_ADMIN_PERM,
15426 .internal_flags = NL80211_FLAG_NEED_WDEV_UP,
15427 },
15428 {
15429 .cmd = NL80211_CMD_SET_POWER_SAVE,
15430 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15431 .doit = nl80211_set_power_save,
15432 .flags = GENL_UNS_ADMIN_PERM,
15433 .internal_flags = NL80211_FLAG_NEED_NETDEV,
15434 },
15435 {
15436 .cmd = NL80211_CMD_GET_POWER_SAVE,
15437 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15438 .doit = nl80211_get_power_save,
15439 /* can be retrieved by unprivileged users */
15440 .internal_flags = NL80211_FLAG_NEED_NETDEV,
15441 },
15442 {
15443 .cmd = NL80211_CMD_SET_CQM,
15444 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15445 .doit = nl80211_set_cqm,
15446 .flags = GENL_UNS_ADMIN_PERM,
15447 .internal_flags = NL80211_FLAG_NEED_NETDEV,
15448 },
15449 {
15450 .cmd = NL80211_CMD_SET_CHANNEL,
15451 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15452 .doit = nl80211_set_channel,
15453 .flags = GENL_UNS_ADMIN_PERM,
15454 .internal_flags = NL80211_FLAG_NEED_NETDEV,
15455 },
15456 {
15457 .cmd = NL80211_CMD_JOIN_MESH,
15458 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15459 .doit = nl80211_join_mesh,
15460 .flags = GENL_UNS_ADMIN_PERM,
15461 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15462 },
15463 {
15464 .cmd = NL80211_CMD_LEAVE_MESH,
15465 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15466 .doit = nl80211_leave_mesh,
15467 .flags = GENL_UNS_ADMIN_PERM,
15468 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15469 },
15470 {
15471 .cmd = NL80211_CMD_JOIN_OCB,
15472 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15473 .doit = nl80211_join_ocb,
15474 .flags = GENL_UNS_ADMIN_PERM,
15475 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15476 },
15477 {
15478 .cmd = NL80211_CMD_LEAVE_OCB,
15479 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15480 .doit = nl80211_leave_ocb,
15481 .flags = GENL_UNS_ADMIN_PERM,
15482 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15483 },
15484 #ifdef CONFIG_PM
15485 {
15486 .cmd = NL80211_CMD_GET_WOWLAN,
15487 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15488 .doit = nl80211_get_wowlan,
15489 /* can be retrieved by unprivileged users */
15490 .internal_flags = NL80211_FLAG_NEED_WIPHY,
15491 },
15492 {
15493 .cmd = NL80211_CMD_SET_WOWLAN,
15494 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15495 .doit = nl80211_set_wowlan,
15496 .flags = GENL_UNS_ADMIN_PERM,
15497 .internal_flags = NL80211_FLAG_NEED_WIPHY,
15498 },
15499 #endif
15500 {
15501 .cmd = NL80211_CMD_SET_REKEY_OFFLOAD,
15502 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15503 .doit = nl80211_set_rekey_data,
15504 .flags = GENL_UNS_ADMIN_PERM,
15505 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15506 0 |
15507 NL80211_FLAG_CLEAR_SKB,
15508 },
15509 {
15510 .cmd = NL80211_CMD_TDLS_MGMT,
15511 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15512 .doit = nl80211_tdls_mgmt,
15513 .flags = GENL_UNS_ADMIN_PERM,
15514 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15515 },
15516 {
15517 .cmd = NL80211_CMD_TDLS_OPER,
15518 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15519 .doit = nl80211_tdls_oper,
15520 .flags = GENL_UNS_ADMIN_PERM,
15521 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15522 },
15523 {
15524 .cmd = NL80211_CMD_UNEXPECTED_FRAME,
15525 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15526 .doit = nl80211_register_unexpected_frame,
15527 .flags = GENL_UNS_ADMIN_PERM,
15528 .internal_flags = NL80211_FLAG_NEED_NETDEV,
15529 },
15530 {
15531 .cmd = NL80211_CMD_PROBE_CLIENT,
15532 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15533 .doit = nl80211_probe_client,
15534 .flags = GENL_UNS_ADMIN_PERM,
15535 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15536 },
15537 {
15538 .cmd = NL80211_CMD_REGISTER_BEACONS,
15539 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15540 .doit = nl80211_register_beacons,
15541 .flags = GENL_UNS_ADMIN_PERM,
15542 .internal_flags = NL80211_FLAG_NEED_WIPHY,
15543 },
15544 {
15545 .cmd = NL80211_CMD_SET_NOACK_MAP,
15546 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15547 .doit = nl80211_set_noack_map,
15548 .flags = GENL_UNS_ADMIN_PERM,
15549 .internal_flags = NL80211_FLAG_NEED_NETDEV,
15550 },
15551 {
15552 .cmd = NL80211_CMD_START_P2P_DEVICE,
15553 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15554 .doit = nl80211_start_p2p_device,
15555 .flags = GENL_UNS_ADMIN_PERM,
15556 .internal_flags = NL80211_FLAG_NEED_WDEV |
15557 NL80211_FLAG_NEED_RTNL,
15558 },
15559 {
15560 .cmd = NL80211_CMD_STOP_P2P_DEVICE,
15561 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15562 .doit = nl80211_stop_p2p_device,
15563 .flags = GENL_UNS_ADMIN_PERM,
15564 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
15565 NL80211_FLAG_NEED_RTNL,
15566 },
15567 {
15568 .cmd = NL80211_CMD_START_NAN,
15569 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15570 .doit = nl80211_start_nan,
15571 .flags = GENL_ADMIN_PERM,
15572 .internal_flags = NL80211_FLAG_NEED_WDEV |
15573 NL80211_FLAG_NEED_RTNL,
15574 },
15575 {
15576 .cmd = NL80211_CMD_STOP_NAN,
15577 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15578 .doit = nl80211_stop_nan,
15579 .flags = GENL_ADMIN_PERM,
15580 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
15581 NL80211_FLAG_NEED_RTNL,
15582 },
15583 {
15584 .cmd = NL80211_CMD_ADD_NAN_FUNCTION,
15585 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15586 .doit = nl80211_nan_add_func,
15587 .flags = GENL_ADMIN_PERM,
15588 .internal_flags = NL80211_FLAG_NEED_WDEV_UP,
15589 },
15590 {
15591 .cmd = NL80211_CMD_DEL_NAN_FUNCTION,
15592 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15593 .doit = nl80211_nan_del_func,
15594 .flags = GENL_ADMIN_PERM,
15595 .internal_flags = NL80211_FLAG_NEED_WDEV_UP,
15596 },
15597 {
15598 .cmd = NL80211_CMD_CHANGE_NAN_CONFIG,
15599 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15600 .doit = nl80211_nan_change_config,
15601 .flags = GENL_ADMIN_PERM,
15602 .internal_flags = NL80211_FLAG_NEED_WDEV_UP,
15603 },
15604 {
15605 .cmd = NL80211_CMD_SET_MCAST_RATE,
15606 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15607 .doit = nl80211_set_mcast_rate,
15608 .flags = GENL_UNS_ADMIN_PERM,
15609 .internal_flags = NL80211_FLAG_NEED_NETDEV,
15610 },
15611 {
15612 .cmd = NL80211_CMD_SET_MAC_ACL,
15613 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15614 .doit = nl80211_set_mac_acl,
15615 .flags = GENL_UNS_ADMIN_PERM,
15616 .internal_flags = NL80211_FLAG_NEED_NETDEV,
15617 },
15618 {
15619 .cmd = NL80211_CMD_RADAR_DETECT,
15620 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15621 .doit = nl80211_start_radar_detection,
15622 .flags = GENL_UNS_ADMIN_PERM,
15623 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15624 },
15625 {
15626 .cmd = NL80211_CMD_GET_PROTOCOL_FEATURES,
15627 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15628 .doit = nl80211_get_protocol_features,
15629 },
15630 {
15631 .cmd = NL80211_CMD_UPDATE_FT_IES,
15632 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15633 .doit = nl80211_update_ft_ies,
15634 .flags = GENL_UNS_ADMIN_PERM,
15635 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15636 },
15637 {
15638 .cmd = NL80211_CMD_CRIT_PROTOCOL_START,
15639 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15640 .doit = nl80211_crit_protocol_start,
15641 .flags = GENL_UNS_ADMIN_PERM,
15642 .internal_flags = NL80211_FLAG_NEED_WDEV_UP,
15643 },
15644 {
15645 .cmd = NL80211_CMD_CRIT_PROTOCOL_STOP,
15646 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15647 .doit = nl80211_crit_protocol_stop,
15648 .flags = GENL_UNS_ADMIN_PERM,
15649 .internal_flags = NL80211_FLAG_NEED_WDEV_UP,
15650 },
15651 {
15652 .cmd = NL80211_CMD_GET_COALESCE,
15653 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15654 .doit = nl80211_get_coalesce,
15655 .internal_flags = NL80211_FLAG_NEED_WIPHY,
15656 },
15657 {
15658 .cmd = NL80211_CMD_SET_COALESCE,
15659 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15660 .doit = nl80211_set_coalesce,
15661 .flags = GENL_UNS_ADMIN_PERM,
15662 .internal_flags = NL80211_FLAG_NEED_WIPHY,
15663 },
15664 {
15665 .cmd = NL80211_CMD_CHANNEL_SWITCH,
15666 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15667 .doit = nl80211_channel_switch,
15668 .flags = GENL_UNS_ADMIN_PERM,
15669 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15670 },
15671 {
15672 .cmd = NL80211_CMD_VENDOR,
15673 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15674 .doit = nl80211_vendor_cmd,
15675 .dumpit = nl80211_vendor_cmd_dump,
15676 .flags = GENL_UNS_ADMIN_PERM,
15677 .internal_flags = NL80211_FLAG_NEED_WIPHY |
15678 0 |
15679 NL80211_FLAG_CLEAR_SKB,
15680 },
15681 {
15682 .cmd = NL80211_CMD_SET_QOS_MAP,
15683 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15684 .doit = nl80211_set_qos_map,
15685 .flags = GENL_UNS_ADMIN_PERM,
15686 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15687 },
15688 {
15689 .cmd = NL80211_CMD_ADD_TX_TS,
15690 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15691 .doit = nl80211_add_tx_ts,
15692 .flags = GENL_UNS_ADMIN_PERM,
15693 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15694 },
15695 {
15696 .cmd = NL80211_CMD_DEL_TX_TS,
15697 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15698 .doit = nl80211_del_tx_ts,
15699 .flags = GENL_UNS_ADMIN_PERM,
15700 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15701 },
15702 {
15703 .cmd = NL80211_CMD_TDLS_CHANNEL_SWITCH,
15704 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15705 .doit = nl80211_tdls_channel_switch,
15706 .flags = GENL_UNS_ADMIN_PERM,
15707 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15708 },
15709 {
15710 .cmd = NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH,
15711 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15712 .doit = nl80211_tdls_cancel_channel_switch,
15713 .flags = GENL_UNS_ADMIN_PERM,
15714 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15715 },
15716 {
15717 .cmd = NL80211_CMD_SET_MULTICAST_TO_UNICAST,
15718 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15719 .doit = nl80211_set_multicast_to_unicast,
15720 .flags = GENL_UNS_ADMIN_PERM,
15721 .internal_flags = NL80211_FLAG_NEED_NETDEV,
15722 },
15723 {
15724 .cmd = NL80211_CMD_SET_PMK,
15725 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15726 .doit = nl80211_set_pmk,
15727 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15728 0 |
15729 NL80211_FLAG_CLEAR_SKB,
15730 },
15731 {
15732 .cmd = NL80211_CMD_DEL_PMK,
15733 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15734 .doit = nl80211_del_pmk,
15735 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15736 },
15737 {
15738 .cmd = NL80211_CMD_EXTERNAL_AUTH,
15739 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15740 .doit = nl80211_external_auth,
15741 .flags = GENL_ADMIN_PERM,
15742 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15743 },
15744 {
15745 .cmd = NL80211_CMD_CONTROL_PORT_FRAME,
15746 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15747 .doit = nl80211_tx_control_port,
15748 .flags = GENL_UNS_ADMIN_PERM,
15749 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15750 },
15751 {
15752 .cmd = NL80211_CMD_GET_FTM_RESPONDER_STATS,
15753 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15754 .doit = nl80211_get_ftm_responder_stats,
15755 .internal_flags = NL80211_FLAG_NEED_NETDEV,
15756 },
15757 {
15758 .cmd = NL80211_CMD_PEER_MEASUREMENT_START,
15759 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15760 .doit = nl80211_pmsr_start,
15761 .flags = GENL_UNS_ADMIN_PERM,
15762 .internal_flags = NL80211_FLAG_NEED_WDEV_UP,
15763 },
15764 {
15765 .cmd = NL80211_CMD_NOTIFY_RADAR,
15766 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15767 .doit = nl80211_notify_radar_detection,
15768 .flags = GENL_UNS_ADMIN_PERM,
15769 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15770 },
15771 {
15772 .cmd = NL80211_CMD_UPDATE_OWE_INFO,
15773 .doit = nl80211_update_owe_info,
15774 .flags = GENL_ADMIN_PERM,
15775 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15776 },
15777 {
15778 .cmd = NL80211_CMD_PROBE_MESH_LINK,
15779 .doit = nl80211_probe_mesh_link,
15780 .flags = GENL_UNS_ADMIN_PERM,
15781 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15782 },
15783 {
15784 .cmd = NL80211_CMD_SET_TID_CONFIG,
15785 .doit = nl80211_set_tid_config,
15786 .flags = GENL_UNS_ADMIN_PERM,
15787 .internal_flags = NL80211_FLAG_NEED_NETDEV,
15788 },
15789 {
15790 .cmd = NL80211_CMD_SET_SAR_SPECS,
15791 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15792 .doit = nl80211_set_sar_specs,
15793 .flags = GENL_UNS_ADMIN_PERM,
15794 .internal_flags = NL80211_FLAG_NEED_WIPHY |
15795 NL80211_FLAG_NEED_RTNL,
15796 },
15797 };
15798
15799 static struct genl_family nl80211_fam __ro_after_init = {
15800 .name = NL80211_GENL_NAME, /* have users key off the name instead */
15801 .hdrsize = 0, /* no private header */
15802 .version = 1, /* no particular meaning now */
15803 .maxattr = NL80211_ATTR_MAX,
15804 .policy = nl80211_policy,
15805 .netnsok = true,
15806 .pre_doit = nl80211_pre_doit,
15807 .post_doit = nl80211_post_doit,
15808 .module = THIS_MODULE,
15809 .ops = nl80211_ops,
15810 .n_ops = ARRAY_SIZE(nl80211_ops),
15811 .small_ops = nl80211_small_ops,
15812 .n_small_ops = ARRAY_SIZE(nl80211_small_ops),
15813 .mcgrps = nl80211_mcgrps,
15814 .n_mcgrps = ARRAY_SIZE(nl80211_mcgrps),
15815 .parallel_ops = true,
15816 };
15817
15818 /* notification functions */
15819
15820 void nl80211_notify_wiphy(struct cfg80211_registered_device *rdev,
15821 enum nl80211_commands cmd)
15822 {
15823 struct sk_buff *msg;
15824 struct nl80211_dump_wiphy_state state = {};
15825
15826 WARN_ON(cmd != NL80211_CMD_NEW_WIPHY &&
15827 cmd != NL80211_CMD_DEL_WIPHY);
15828
15829 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
15830 if (!msg)
15831 return;
15832
15833 if (nl80211_send_wiphy(rdev, cmd, msg, 0, 0, 0, &state) < 0) {
15834 nlmsg_free(msg);
15835 return;
15836 }
15837
15838 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15839 NL80211_MCGRP_CONFIG, GFP_KERNEL);
15840 }
15841
15842 void nl80211_notify_iface(struct cfg80211_registered_device *rdev,
15843 struct wireless_dev *wdev,
15844 enum nl80211_commands cmd)
15845 {
15846 struct sk_buff *msg;
15847
15848 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
15849 if (!msg)
15850 return;
15851
15852 if (nl80211_send_iface(msg, 0, 0, 0, rdev, wdev, cmd) < 0) {
15853 nlmsg_free(msg);
15854 return;
15855 }
15856
15857 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15858 NL80211_MCGRP_CONFIG, GFP_KERNEL);
15859 }
15860
15861 static int nl80211_add_scan_req(struct sk_buff *msg,
15862 struct cfg80211_registered_device *rdev)
15863 {
15864 struct cfg80211_scan_request *req = rdev->scan_req;
15865 struct nlattr *nest;
15866 int i;
15867 struct cfg80211_scan_info *info;
15868
15869 if (WARN_ON(!req))
15870 return 0;
15871
15872 nest = nla_nest_start_noflag(msg, NL80211_ATTR_SCAN_SSIDS);
15873 if (!nest)
15874 goto nla_put_failure;
15875 for (i = 0; i < req->n_ssids; i++) {
15876 if (nla_put(msg, i, req->ssids[i].ssid_len, req->ssids[i].ssid))
15877 goto nla_put_failure;
15878 }
15879 nla_nest_end(msg, nest);
15880
15881 if (req->flags & NL80211_SCAN_FLAG_FREQ_KHZ) {
15882 nest = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQ_KHZ);
15883 if (!nest)
15884 goto nla_put_failure;
15885 for (i = 0; i < req->n_channels; i++) {
15886 if (nla_put_u32(msg, i,
15887 ieee80211_channel_to_khz(req->channels[i])))
15888 goto nla_put_failure;
15889 }
15890 nla_nest_end(msg, nest);
15891 } else {
15892 nest = nla_nest_start_noflag(msg,
15893 NL80211_ATTR_SCAN_FREQUENCIES);
15894 if (!nest)
15895 goto nla_put_failure;
15896 for (i = 0; i < req->n_channels; i++) {
15897 if (nla_put_u32(msg, i, req->channels[i]->center_freq))
15898 goto nla_put_failure;
15899 }
15900 nla_nest_end(msg, nest);
15901 }
15902
15903 if (req->ie &&
15904 nla_put(msg, NL80211_ATTR_IE, req->ie_len, req->ie))
15905 goto nla_put_failure;
15906
15907 if (req->flags &&
15908 nla_put_u32(msg, NL80211_ATTR_SCAN_FLAGS, req->flags))
15909 goto nla_put_failure;
15910
15911 info = rdev->int_scan_req ? &rdev->int_scan_req->info :
15912 &rdev->scan_req->info;
15913 if (info->scan_start_tsf &&
15914 (nla_put_u64_64bit(msg, NL80211_ATTR_SCAN_START_TIME_TSF,
15915 info->scan_start_tsf, NL80211_BSS_PAD) ||
15916 nla_put(msg, NL80211_ATTR_SCAN_START_TIME_TSF_BSSID, ETH_ALEN,
15917 info->tsf_bssid)))
15918 goto nla_put_failure;
15919
15920 return 0;
15921 nla_put_failure:
15922 return -ENOBUFS;
15923 }
15924
15925 static int nl80211_prep_scan_msg(struct sk_buff *msg,
15926 struct cfg80211_registered_device *rdev,
15927 struct wireless_dev *wdev,
15928 u32 portid, u32 seq, int flags,
15929 u32 cmd)
15930 {
15931 void *hdr;
15932
15933 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
15934 if (!hdr)
15935 return -1;
15936
15937 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15938 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
15939 wdev->netdev->ifindex)) ||
15940 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
15941 NL80211_ATTR_PAD))
15942 goto nla_put_failure;
15943
15944 /* ignore errors and send incomplete event anyway */
15945 nl80211_add_scan_req(msg, rdev);
15946
15947 genlmsg_end(msg, hdr);
15948 return 0;
15949
15950 nla_put_failure:
15951 genlmsg_cancel(msg, hdr);
15952 return -EMSGSIZE;
15953 }
15954
15955 static int
15956 nl80211_prep_sched_scan_msg(struct sk_buff *msg,
15957 struct cfg80211_sched_scan_request *req, u32 cmd)
15958 {
15959 void *hdr;
15960
15961 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
15962 if (!hdr)
15963 return -1;
15964
15965 if (nla_put_u32(msg, NL80211_ATTR_WIPHY,
15966 wiphy_to_rdev(req->wiphy)->wiphy_idx) ||
15967 nla_put_u32(msg, NL80211_ATTR_IFINDEX, req->dev->ifindex) ||
15968 nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, req->reqid,
15969 NL80211_ATTR_PAD))
15970 goto nla_put_failure;
15971
15972 genlmsg_end(msg, hdr);
15973 return 0;
15974
15975 nla_put_failure:
15976 genlmsg_cancel(msg, hdr);
15977 return -EMSGSIZE;
15978 }
15979
15980 void nl80211_send_scan_start(struct cfg80211_registered_device *rdev,
15981 struct wireless_dev *wdev)
15982 {
15983 struct sk_buff *msg;
15984
15985 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
15986 if (!msg)
15987 return;
15988
15989 if (nl80211_prep_scan_msg(msg, rdev, wdev, 0, 0, 0,
15990 NL80211_CMD_TRIGGER_SCAN) < 0) {
15991 nlmsg_free(msg);
15992 return;
15993 }
15994
15995 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15996 NL80211_MCGRP_SCAN, GFP_KERNEL);
15997 }
15998
15999 struct sk_buff *nl80211_build_scan_msg(struct cfg80211_registered_device *rdev,
16000 struct wireless_dev *wdev, bool aborted)
16001 {
16002 struct sk_buff *msg;
16003
16004 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
16005 if (!msg)
16006 return NULL;
16007
16008 if (nl80211_prep_scan_msg(msg, rdev, wdev, 0, 0, 0,
16009 aborted ? NL80211_CMD_SCAN_ABORTED :
16010 NL80211_CMD_NEW_SCAN_RESULTS) < 0) {
16011 nlmsg_free(msg);
16012 return NULL;
16013 }
16014
16015 return msg;
16016 }
16017
16018 /* send message created by nl80211_build_scan_msg() */
16019 void nl80211_send_scan_msg(struct cfg80211_registered_device *rdev,
16020 struct sk_buff *msg)
16021 {
16022 if (!msg)
16023 return;
16024
16025 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16026 NL80211_MCGRP_SCAN, GFP_KERNEL);
16027 }
16028
16029 void nl80211_send_sched_scan(struct cfg80211_sched_scan_request *req, u32 cmd)
16030 {
16031 struct sk_buff *msg;
16032
16033 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
16034 if (!msg)
16035 return;
16036
16037 if (nl80211_prep_sched_scan_msg(msg, req, cmd) < 0) {
16038 nlmsg_free(msg);
16039 return;
16040 }
16041
16042 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(req->wiphy), msg, 0,
16043 NL80211_MCGRP_SCAN, GFP_KERNEL);
16044 }
16045
16046 static bool nl80211_reg_change_event_fill(struct sk_buff *msg,
16047 struct regulatory_request *request)
16048 {
16049 /* Userspace can always count this one always being set */
16050 if (nla_put_u8(msg, NL80211_ATTR_REG_INITIATOR, request->initiator))
16051 goto nla_put_failure;
16052
16053 if (request->alpha2[0] == '0' && request->alpha2[1] == '0') {
16054 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
16055 NL80211_REGDOM_TYPE_WORLD))
16056 goto nla_put_failure;
16057 } else if (request->alpha2[0] == '9' && request->alpha2[1] == '9') {
16058 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
16059 NL80211_REGDOM_TYPE_CUSTOM_WORLD))
16060 goto nla_put_failure;
16061 } else if ((request->alpha2[0] == '9' && request->alpha2[1] == '8') ||
16062 request->intersect) {
16063 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
16064 NL80211_REGDOM_TYPE_INTERSECTION))
16065 goto nla_put_failure;
16066 } else {
16067 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
16068 NL80211_REGDOM_TYPE_COUNTRY) ||
16069 nla_put_string(msg, NL80211_ATTR_REG_ALPHA2,
16070 request->alpha2))
16071 goto nla_put_failure;
16072 }
16073
16074 if (request->wiphy_idx != WIPHY_IDX_INVALID) {
16075 struct wiphy *wiphy = wiphy_idx_to_wiphy(request->wiphy_idx);
16076
16077 if (wiphy &&
16078 nla_put_u32(msg, NL80211_ATTR_WIPHY, request->wiphy_idx))
16079 goto nla_put_failure;
16080
16081 if (wiphy &&
16082 wiphy->regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
16083 nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
16084 goto nla_put_failure;
16085 }
16086
16087 return true;
16088
16089 nla_put_failure:
16090 return false;
16091 }
16092
16093 /*
16094 * This can happen on global regulatory changes or device specific settings
16095 * based on custom regulatory domains.
16096 */
16097 void nl80211_common_reg_change_event(enum nl80211_commands cmd_id,
16098 struct regulatory_request *request)
16099 {
16100 struct sk_buff *msg;
16101 void *hdr;
16102
16103 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
16104 if (!msg)
16105 return;
16106
16107 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd_id);
16108 if (!hdr)
16109 goto nla_put_failure;
16110
16111 if (!nl80211_reg_change_event_fill(msg, request))
16112 goto nla_put_failure;
16113
16114 genlmsg_end(msg, hdr);
16115
16116 rcu_read_lock();
16117 genlmsg_multicast_allns(&nl80211_fam, msg, 0,
16118 NL80211_MCGRP_REGULATORY, GFP_ATOMIC);
16119 rcu_read_unlock();
16120
16121 return;
16122
16123 nla_put_failure:
16124 nlmsg_free(msg);
16125 }
16126
16127 static void nl80211_send_mlme_event(struct cfg80211_registered_device *rdev,
16128 struct net_device *netdev,
16129 const u8 *buf, size_t len,
16130 enum nl80211_commands cmd, gfp_t gfp,
16131 int uapsd_queues, const u8 *req_ies,
16132 size_t req_ies_len, bool reconnect)
16133 {
16134 struct sk_buff *msg;
16135 void *hdr;
16136
16137 msg = nlmsg_new(100 + len + req_ies_len, gfp);
16138 if (!msg)
16139 return;
16140
16141 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
16142 if (!hdr) {
16143 nlmsg_free(msg);
16144 return;
16145 }
16146
16147 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16148 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
16149 nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
16150 (req_ies &&
16151 nla_put(msg, NL80211_ATTR_REQ_IE, req_ies_len, req_ies)))
16152 goto nla_put_failure;
16153
16154 if (reconnect && nla_put_flag(msg, NL80211_ATTR_RECONNECT_REQUESTED))
16155 goto nla_put_failure;
16156
16157 if (uapsd_queues >= 0) {
16158 struct nlattr *nla_wmm =
16159 nla_nest_start_noflag(msg, NL80211_ATTR_STA_WME);
16160 if (!nla_wmm)
16161 goto nla_put_failure;
16162
16163 if (nla_put_u8(msg, NL80211_STA_WME_UAPSD_QUEUES,
16164 uapsd_queues))
16165 goto nla_put_failure;
16166
16167 nla_nest_end(msg, nla_wmm);
16168 }
16169
16170 genlmsg_end(msg, hdr);
16171
16172 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16173 NL80211_MCGRP_MLME, gfp);
16174 return;
16175
16176 nla_put_failure:
16177 nlmsg_free(msg);
16178 }
16179
16180 void nl80211_send_rx_auth(struct cfg80211_registered_device *rdev,
16181 struct net_device *netdev, const u8 *buf,
16182 size_t len, gfp_t gfp)
16183 {
16184 nl80211_send_mlme_event(rdev, netdev, buf, len,
16185 NL80211_CMD_AUTHENTICATE, gfp, -1, NULL, 0,
16186 false);
16187 }
16188
16189 void nl80211_send_rx_assoc(struct cfg80211_registered_device *rdev,
16190 struct net_device *netdev, const u8 *buf,
16191 size_t len, gfp_t gfp, int uapsd_queues,
16192 const u8 *req_ies, size_t req_ies_len)
16193 {
16194 nl80211_send_mlme_event(rdev, netdev, buf, len,
16195 NL80211_CMD_ASSOCIATE, gfp, uapsd_queues,
16196 req_ies, req_ies_len, false);
16197 }
16198
16199 void nl80211_send_deauth(struct cfg80211_registered_device *rdev,
16200 struct net_device *netdev, const u8 *buf,
16201 size_t len, bool reconnect, gfp_t gfp)
16202 {
16203 nl80211_send_mlme_event(rdev, netdev, buf, len,
16204 NL80211_CMD_DEAUTHENTICATE, gfp, -1, NULL, 0,
16205 reconnect);
16206 }
16207
16208 void nl80211_send_disassoc(struct cfg80211_registered_device *rdev,
16209 struct net_device *netdev, const u8 *buf,
16210 size_t len, bool reconnect, gfp_t gfp)
16211 {
16212 nl80211_send_mlme_event(rdev, netdev, buf, len,
16213 NL80211_CMD_DISASSOCIATE, gfp, -1, NULL, 0,
16214 reconnect);
16215 }
16216
16217 void cfg80211_rx_unprot_mlme_mgmt(struct net_device *dev, const u8 *buf,
16218 size_t len)
16219 {
16220 struct wireless_dev *wdev = dev->ieee80211_ptr;
16221 struct wiphy *wiphy = wdev->wiphy;
16222 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16223 const struct ieee80211_mgmt *mgmt = (void *)buf;
16224 u32 cmd;
16225
16226 if (WARN_ON(len < 2))
16227 return;
16228
16229 if (ieee80211_is_deauth(mgmt->frame_control)) {
16230 cmd = NL80211_CMD_UNPROT_DEAUTHENTICATE;
16231 } else if (ieee80211_is_disassoc(mgmt->frame_control)) {
16232 cmd = NL80211_CMD_UNPROT_DISASSOCIATE;
16233 } else if (ieee80211_is_beacon(mgmt->frame_control)) {
16234 if (wdev->unprot_beacon_reported &&
16235 elapsed_jiffies_msecs(wdev->unprot_beacon_reported) < 10000)
16236 return;
16237 cmd = NL80211_CMD_UNPROT_BEACON;
16238 wdev->unprot_beacon_reported = jiffies;
16239 } else {
16240 return;
16241 }
16242
16243 trace_cfg80211_rx_unprot_mlme_mgmt(dev, buf, len);
16244 nl80211_send_mlme_event(rdev, dev, buf, len, cmd, GFP_ATOMIC, -1,
16245 NULL, 0, false);
16246 }
16247 EXPORT_SYMBOL(cfg80211_rx_unprot_mlme_mgmt);
16248
16249 static void nl80211_send_mlme_timeout(struct cfg80211_registered_device *rdev,
16250 struct net_device *netdev, int cmd,
16251 const u8 *addr, gfp_t gfp)
16252 {
16253 struct sk_buff *msg;
16254 void *hdr;
16255
16256 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16257 if (!msg)
16258 return;
16259
16260 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
16261 if (!hdr) {
16262 nlmsg_free(msg);
16263 return;
16264 }
16265
16266 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16267 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
16268 nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) ||
16269 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
16270 goto nla_put_failure;
16271
16272 genlmsg_end(msg, hdr);
16273
16274 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16275 NL80211_MCGRP_MLME, gfp);
16276 return;
16277
16278 nla_put_failure:
16279 nlmsg_free(msg);
16280 }
16281
16282 void nl80211_send_auth_timeout(struct cfg80211_registered_device *rdev,
16283 struct net_device *netdev, const u8 *addr,
16284 gfp_t gfp)
16285 {
16286 nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_AUTHENTICATE,
16287 addr, gfp);
16288 }
16289
16290 void nl80211_send_assoc_timeout(struct cfg80211_registered_device *rdev,
16291 struct net_device *netdev, const u8 *addr,
16292 gfp_t gfp)
16293 {
16294 nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_ASSOCIATE,
16295 addr, gfp);
16296 }
16297
16298 void nl80211_send_connect_result(struct cfg80211_registered_device *rdev,
16299 struct net_device *netdev,
16300 struct cfg80211_connect_resp_params *cr,
16301 gfp_t gfp)
16302 {
16303 struct sk_buff *msg;
16304 void *hdr;
16305
16306 msg = nlmsg_new(100 + cr->req_ie_len + cr->resp_ie_len +
16307 cr->fils.kek_len + cr->fils.pmk_len +
16308 (cr->fils.pmkid ? WLAN_PMKID_LEN : 0), gfp);
16309 if (!msg)
16310 return;
16311
16312 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONNECT);
16313 if (!hdr) {
16314 nlmsg_free(msg);
16315 return;
16316 }
16317
16318 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16319 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
16320 (cr->bssid &&
16321 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, cr->bssid)) ||
16322 nla_put_u16(msg, NL80211_ATTR_STATUS_CODE,
16323 cr->status < 0 ? WLAN_STATUS_UNSPECIFIED_FAILURE :
16324 cr->status) ||
16325 (cr->status < 0 &&
16326 (nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) ||
16327 nla_put_u32(msg, NL80211_ATTR_TIMEOUT_REASON,
16328 cr->timeout_reason))) ||
16329 (cr->req_ie &&
16330 nla_put(msg, NL80211_ATTR_REQ_IE, cr->req_ie_len, cr->req_ie)) ||
16331 (cr->resp_ie &&
16332 nla_put(msg, NL80211_ATTR_RESP_IE, cr->resp_ie_len,
16333 cr->resp_ie)) ||
16334 (cr->fils.update_erp_next_seq_num &&
16335 nla_put_u16(msg, NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM,
16336 cr->fils.erp_next_seq_num)) ||
16337 (cr->status == WLAN_STATUS_SUCCESS &&
16338 ((cr->fils.kek &&
16339 nla_put(msg, NL80211_ATTR_FILS_KEK, cr->fils.kek_len,
16340 cr->fils.kek)) ||
16341 (cr->fils.pmk &&
16342 nla_put(msg, NL80211_ATTR_PMK, cr->fils.pmk_len, cr->fils.pmk)) ||
16343 (cr->fils.pmkid &&
16344 nla_put(msg, NL80211_ATTR_PMKID, WLAN_PMKID_LEN, cr->fils.pmkid)))))
16345 goto nla_put_failure;
16346
16347 genlmsg_end(msg, hdr);
16348
16349 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16350 NL80211_MCGRP_MLME, gfp);
16351 return;
16352
16353 nla_put_failure:
16354 nlmsg_free(msg);
16355 }
16356
16357 void nl80211_send_roamed(struct cfg80211_registered_device *rdev,
16358 struct net_device *netdev,
16359 struct cfg80211_roam_info *info, gfp_t gfp)
16360 {
16361 struct sk_buff *msg;
16362 void *hdr;
16363 const u8 *bssid = info->bss ? info->bss->bssid : info->bssid;
16364
16365 msg = nlmsg_new(100 + info->req_ie_len + info->resp_ie_len +
16366 info->fils.kek_len + info->fils.pmk_len +
16367 (info->fils.pmkid ? WLAN_PMKID_LEN : 0), gfp);
16368 if (!msg)
16369 return;
16370
16371 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ROAM);
16372 if (!hdr) {
16373 nlmsg_free(msg);
16374 return;
16375 }
16376
16377 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16378 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
16379 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid) ||
16380 (info->req_ie &&
16381 nla_put(msg, NL80211_ATTR_REQ_IE, info->req_ie_len,
16382 info->req_ie)) ||
16383 (info->resp_ie &&
16384 nla_put(msg, NL80211_ATTR_RESP_IE, info->resp_ie_len,
16385 info->resp_ie)) ||
16386 (info->fils.update_erp_next_seq_num &&
16387 nla_put_u16(msg, NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM,
16388 info->fils.erp_next_seq_num)) ||
16389 (info->fils.kek &&
16390 nla_put(msg, NL80211_ATTR_FILS_KEK, info->fils.kek_len,
16391 info->fils.kek)) ||
16392 (info->fils.pmk &&
16393 nla_put(msg, NL80211_ATTR_PMK, info->fils.pmk_len, info->fils.pmk)) ||
16394 (info->fils.pmkid &&
16395 nla_put(msg, NL80211_ATTR_PMKID, WLAN_PMKID_LEN, info->fils.pmkid)))
16396 goto nla_put_failure;
16397
16398 genlmsg_end(msg, hdr);
16399
16400 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16401 NL80211_MCGRP_MLME, gfp);
16402 return;
16403
16404 nla_put_failure:
16405 nlmsg_free(msg);
16406 }
16407
16408 void nl80211_send_port_authorized(struct cfg80211_registered_device *rdev,
16409 struct net_device *netdev, const u8 *bssid)
16410 {
16411 struct sk_buff *msg;
16412 void *hdr;
16413
16414 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
16415 if (!msg)
16416 return;
16417
16418 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PORT_AUTHORIZED);
16419 if (!hdr) {
16420 nlmsg_free(msg);
16421 return;
16422 }
16423
16424 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16425 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
16426 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
16427 goto nla_put_failure;
16428
16429 genlmsg_end(msg, hdr);
16430
16431 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16432 NL80211_MCGRP_MLME, GFP_KERNEL);
16433 return;
16434
16435 nla_put_failure:
16436 nlmsg_free(msg);
16437 }
16438
16439 void nl80211_send_disconnected(struct cfg80211_registered_device *rdev,
16440 struct net_device *netdev, u16 reason,
16441 const u8 *ie, size_t ie_len, bool from_ap)
16442 {
16443 struct sk_buff *msg;
16444 void *hdr;
16445
16446 msg = nlmsg_new(100 + ie_len, GFP_KERNEL);
16447 if (!msg)
16448 return;
16449
16450 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DISCONNECT);
16451 if (!hdr) {
16452 nlmsg_free(msg);
16453 return;
16454 }
16455
16456 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16457 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
16458 (reason &&
16459 nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason)) ||
16460 (from_ap &&
16461 nla_put_flag(msg, NL80211_ATTR_DISCONNECTED_BY_AP)) ||
16462 (ie && nla_put(msg, NL80211_ATTR_IE, ie_len, ie)))
16463 goto nla_put_failure;
16464
16465 genlmsg_end(msg, hdr);
16466
16467 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16468 NL80211_MCGRP_MLME, GFP_KERNEL);
16469 return;
16470
16471 nla_put_failure:
16472 nlmsg_free(msg);
16473 }
16474
16475 void nl80211_send_ibss_bssid(struct cfg80211_registered_device *rdev,
16476 struct net_device *netdev, const u8 *bssid,
16477 gfp_t gfp)
16478 {
16479 struct sk_buff *msg;
16480 void *hdr;
16481
16482 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16483 if (!msg)
16484 return;
16485
16486 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_JOIN_IBSS);
16487 if (!hdr) {
16488 nlmsg_free(msg);
16489 return;
16490 }
16491
16492 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16493 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
16494 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
16495 goto nla_put_failure;
16496
16497 genlmsg_end(msg, hdr);
16498
16499 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16500 NL80211_MCGRP_MLME, gfp);
16501 return;
16502
16503 nla_put_failure:
16504 nlmsg_free(msg);
16505 }
16506
16507 void cfg80211_notify_new_peer_candidate(struct net_device *dev, const u8 *addr,
16508 const u8 *ie, u8 ie_len,
16509 int sig_dbm, gfp_t gfp)
16510 {
16511 struct wireless_dev *wdev = dev->ieee80211_ptr;
16512 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
16513 struct sk_buff *msg;
16514 void *hdr;
16515
16516 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_MESH_POINT))
16517 return;
16518
16519 trace_cfg80211_notify_new_peer_candidate(dev, addr);
16520
16521 msg = nlmsg_new(100 + ie_len, gfp);
16522 if (!msg)
16523 return;
16524
16525 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NEW_PEER_CANDIDATE);
16526 if (!hdr) {
16527 nlmsg_free(msg);
16528 return;
16529 }
16530
16531 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16532 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
16533 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
16534 (ie_len && ie &&
16535 nla_put(msg, NL80211_ATTR_IE, ie_len, ie)) ||
16536 (sig_dbm &&
16537 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)))
16538 goto nla_put_failure;
16539
16540 genlmsg_end(msg, hdr);
16541
16542 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16543 NL80211_MCGRP_MLME, gfp);
16544 return;
16545
16546 nla_put_failure:
16547 nlmsg_free(msg);
16548 }
16549 EXPORT_SYMBOL(cfg80211_notify_new_peer_candidate);
16550
16551 void nl80211_michael_mic_failure(struct cfg80211_registered_device *rdev,
16552 struct net_device *netdev, const u8 *addr,
16553 enum nl80211_key_type key_type, int key_id,
16554 const u8 *tsc, gfp_t gfp)
16555 {
16556 struct sk_buff *msg;
16557 void *hdr;
16558
16559 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16560 if (!msg)
16561 return;
16562
16563 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_MICHAEL_MIC_FAILURE);
16564 if (!hdr) {
16565 nlmsg_free(msg);
16566 return;
16567 }
16568
16569 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16570 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
16571 (addr && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) ||
16572 nla_put_u32(msg, NL80211_ATTR_KEY_TYPE, key_type) ||
16573 (key_id != -1 &&
16574 nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_id)) ||
16575 (tsc && nla_put(msg, NL80211_ATTR_KEY_SEQ, 6, tsc)))
16576 goto nla_put_failure;
16577
16578 genlmsg_end(msg, hdr);
16579
16580 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16581 NL80211_MCGRP_MLME, gfp);
16582 return;
16583
16584 nla_put_failure:
16585 nlmsg_free(msg);
16586 }
16587
16588 void nl80211_send_beacon_hint_event(struct wiphy *wiphy,
16589 struct ieee80211_channel *channel_before,
16590 struct ieee80211_channel *channel_after)
16591 {
16592 struct sk_buff *msg;
16593 void *hdr;
16594 struct nlattr *nl_freq;
16595
16596 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC);
16597 if (!msg)
16598 return;
16599
16600 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_BEACON_HINT);
16601 if (!hdr) {
16602 nlmsg_free(msg);
16603 return;
16604 }
16605
16606 /*
16607 * Since we are applying the beacon hint to a wiphy we know its
16608 * wiphy_idx is valid
16609 */
16610 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
16611 goto nla_put_failure;
16612
16613 /* Before */
16614 nl_freq = nla_nest_start_noflag(msg, NL80211_ATTR_FREQ_BEFORE);
16615 if (!nl_freq)
16616 goto nla_put_failure;
16617
16618 if (nl80211_msg_put_channel(msg, wiphy, channel_before, false))
16619 goto nla_put_failure;
16620 nla_nest_end(msg, nl_freq);
16621
16622 /* After */
16623 nl_freq = nla_nest_start_noflag(msg, NL80211_ATTR_FREQ_AFTER);
16624 if (!nl_freq)
16625 goto nla_put_failure;
16626
16627 if (nl80211_msg_put_channel(msg, wiphy, channel_after, false))
16628 goto nla_put_failure;
16629 nla_nest_end(msg, nl_freq);
16630
16631 genlmsg_end(msg, hdr);
16632
16633 rcu_read_lock();
16634 genlmsg_multicast_allns(&nl80211_fam, msg, 0,
16635 NL80211_MCGRP_REGULATORY, GFP_ATOMIC);
16636 rcu_read_unlock();
16637
16638 return;
16639
16640 nla_put_failure:
16641 nlmsg_free(msg);
16642 }
16643
16644 static void nl80211_send_remain_on_chan_event(
16645 int cmd, struct cfg80211_registered_device *rdev,
16646 struct wireless_dev *wdev, u64 cookie,
16647 struct ieee80211_channel *chan,
16648 unsigned int duration, gfp_t gfp)
16649 {
16650 struct sk_buff *msg;
16651 void *hdr;
16652
16653 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16654 if (!msg)
16655 return;
16656
16657 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
16658 if (!hdr) {
16659 nlmsg_free(msg);
16660 return;
16661 }
16662
16663 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16664 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
16665 wdev->netdev->ifindex)) ||
16666 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
16667 NL80211_ATTR_PAD) ||
16668 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, chan->center_freq) ||
16669 nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
16670 NL80211_CHAN_NO_HT) ||
16671 nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
16672 NL80211_ATTR_PAD))
16673 goto nla_put_failure;
16674
16675 if (cmd == NL80211_CMD_REMAIN_ON_CHANNEL &&
16676 nla_put_u32(msg, NL80211_ATTR_DURATION, duration))
16677 goto nla_put_failure;
16678
16679 genlmsg_end(msg, hdr);
16680
16681 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16682 NL80211_MCGRP_MLME, gfp);
16683 return;
16684
16685 nla_put_failure:
16686 nlmsg_free(msg);
16687 }
16688
16689 void cfg80211_ready_on_channel(struct wireless_dev *wdev, u64 cookie,
16690 struct ieee80211_channel *chan,
16691 unsigned int duration, gfp_t gfp)
16692 {
16693 struct wiphy *wiphy = wdev->wiphy;
16694 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16695
16696 trace_cfg80211_ready_on_channel(wdev, cookie, chan, duration);
16697 nl80211_send_remain_on_chan_event(NL80211_CMD_REMAIN_ON_CHANNEL,
16698 rdev, wdev, cookie, chan,
16699 duration, gfp);
16700 }
16701 EXPORT_SYMBOL(cfg80211_ready_on_channel);
16702
16703 void cfg80211_remain_on_channel_expired(struct wireless_dev *wdev, u64 cookie,
16704 struct ieee80211_channel *chan,
16705 gfp_t gfp)
16706 {
16707 struct wiphy *wiphy = wdev->wiphy;
16708 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16709
16710 trace_cfg80211_ready_on_channel_expired(wdev, cookie, chan);
16711 nl80211_send_remain_on_chan_event(NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
16712 rdev, wdev, cookie, chan, 0, gfp);
16713 }
16714 EXPORT_SYMBOL(cfg80211_remain_on_channel_expired);
16715
16716 void cfg80211_tx_mgmt_expired(struct wireless_dev *wdev, u64 cookie,
16717 struct ieee80211_channel *chan,
16718 gfp_t gfp)
16719 {
16720 struct wiphy *wiphy = wdev->wiphy;
16721 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16722
16723 trace_cfg80211_tx_mgmt_expired(wdev, cookie, chan);
16724 nl80211_send_remain_on_chan_event(NL80211_CMD_FRAME_WAIT_CANCEL,
16725 rdev, wdev, cookie, chan, 0, gfp);
16726 }
16727 EXPORT_SYMBOL(cfg80211_tx_mgmt_expired);
16728
16729 void cfg80211_new_sta(struct net_device *dev, const u8 *mac_addr,
16730 struct station_info *sinfo, gfp_t gfp)
16731 {
16732 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
16733 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16734 struct sk_buff *msg;
16735
16736 trace_cfg80211_new_sta(dev, mac_addr, sinfo);
16737
16738 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16739 if (!msg)
16740 return;
16741
16742 if (nl80211_send_station(msg, NL80211_CMD_NEW_STATION, 0, 0, 0,
16743 rdev, dev, mac_addr, sinfo) < 0) {
16744 nlmsg_free(msg);
16745 return;
16746 }
16747
16748 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16749 NL80211_MCGRP_MLME, gfp);
16750 }
16751 EXPORT_SYMBOL(cfg80211_new_sta);
16752
16753 void cfg80211_del_sta_sinfo(struct net_device *dev, const u8 *mac_addr,
16754 struct station_info *sinfo, gfp_t gfp)
16755 {
16756 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
16757 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16758 struct sk_buff *msg;
16759 struct station_info empty_sinfo = {};
16760
16761 if (!sinfo)
16762 sinfo = &empty_sinfo;
16763
16764 trace_cfg80211_del_sta(dev, mac_addr);
16765
16766 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16767 if (!msg) {
16768 cfg80211_sinfo_release_content(sinfo);
16769 return;
16770 }
16771
16772 if (nl80211_send_station(msg, NL80211_CMD_DEL_STATION, 0, 0, 0,
16773 rdev, dev, mac_addr, sinfo) < 0) {
16774 nlmsg_free(msg);
16775 return;
16776 }
16777
16778 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16779 NL80211_MCGRP_MLME, gfp);
16780 }
16781 EXPORT_SYMBOL(cfg80211_del_sta_sinfo);
16782
16783 void cfg80211_conn_failed(struct net_device *dev, const u8 *mac_addr,
16784 enum nl80211_connect_failed_reason reason,
16785 gfp_t gfp)
16786 {
16787 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
16788 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16789 struct sk_buff *msg;
16790 void *hdr;
16791
16792 msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
16793 if (!msg)
16794 return;
16795
16796 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONN_FAILED);
16797 if (!hdr) {
16798 nlmsg_free(msg);
16799 return;
16800 }
16801
16802 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
16803 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
16804 nla_put_u32(msg, NL80211_ATTR_CONN_FAILED_REASON, reason))
16805 goto nla_put_failure;
16806
16807 genlmsg_end(msg, hdr);
16808
16809 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16810 NL80211_MCGRP_MLME, gfp);
16811 return;
16812
16813 nla_put_failure:
16814 nlmsg_free(msg);
16815 }
16816 EXPORT_SYMBOL(cfg80211_conn_failed);
16817
16818 static bool __nl80211_unexpected_frame(struct net_device *dev, u8 cmd,
16819 const u8 *addr, gfp_t gfp)
16820 {
16821 struct wireless_dev *wdev = dev->ieee80211_ptr;
16822 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
16823 struct sk_buff *msg;
16824 void *hdr;
16825 u32 nlportid = READ_ONCE(wdev->ap_unexpected_nlportid);
16826
16827 if (!nlportid)
16828 return false;
16829
16830 msg = nlmsg_new(100, gfp);
16831 if (!msg)
16832 return true;
16833
16834 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
16835 if (!hdr) {
16836 nlmsg_free(msg);
16837 return true;
16838 }
16839
16840 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16841 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
16842 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
16843 goto nla_put_failure;
16844
16845 genlmsg_end(msg, hdr);
16846 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
16847 return true;
16848
16849 nla_put_failure:
16850 nlmsg_free(msg);
16851 return true;
16852 }
16853
16854 bool cfg80211_rx_spurious_frame(struct net_device *dev,
16855 const u8 *addr, gfp_t gfp)
16856 {
16857 struct wireless_dev *wdev = dev->ieee80211_ptr;
16858 bool ret;
16859
16860 trace_cfg80211_rx_spurious_frame(dev, addr);
16861
16862 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
16863 wdev->iftype != NL80211_IFTYPE_P2P_GO)) {
16864 trace_cfg80211_return_bool(false);
16865 return false;
16866 }
16867 ret = __nl80211_unexpected_frame(dev, NL80211_CMD_UNEXPECTED_FRAME,
16868 addr, gfp);
16869 trace_cfg80211_return_bool(ret);
16870 return ret;
16871 }
16872 EXPORT_SYMBOL(cfg80211_rx_spurious_frame);
16873
16874 bool cfg80211_rx_unexpected_4addr_frame(struct net_device *dev,
16875 const u8 *addr, gfp_t gfp)
16876 {
16877 struct wireless_dev *wdev = dev->ieee80211_ptr;
16878 bool ret;
16879
16880 trace_cfg80211_rx_unexpected_4addr_frame(dev, addr);
16881
16882 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
16883 wdev->iftype != NL80211_IFTYPE_P2P_GO &&
16884 wdev->iftype != NL80211_IFTYPE_AP_VLAN)) {
16885 trace_cfg80211_return_bool(false);
16886 return false;
16887 }
16888 ret = __nl80211_unexpected_frame(dev,
16889 NL80211_CMD_UNEXPECTED_4ADDR_FRAME,
16890 addr, gfp);
16891 trace_cfg80211_return_bool(ret);
16892 return ret;
16893 }
16894 EXPORT_SYMBOL(cfg80211_rx_unexpected_4addr_frame);
16895
16896 int nl80211_send_mgmt(struct cfg80211_registered_device *rdev,
16897 struct wireless_dev *wdev, u32 nlportid,
16898 int freq, int sig_dbm,
16899 const u8 *buf, size_t len, u32 flags, gfp_t gfp)
16900 {
16901 struct net_device *netdev = wdev->netdev;
16902 struct sk_buff *msg;
16903 void *hdr;
16904
16905 msg = nlmsg_new(100 + len, gfp);
16906 if (!msg)
16907 return -ENOMEM;
16908
16909 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
16910 if (!hdr) {
16911 nlmsg_free(msg);
16912 return -ENOMEM;
16913 }
16914
16915 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16916 (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
16917 netdev->ifindex)) ||
16918 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
16919 NL80211_ATTR_PAD) ||
16920 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, KHZ_TO_MHZ(freq)) ||
16921 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ_OFFSET, freq % 1000) ||
16922 (sig_dbm &&
16923 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) ||
16924 nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
16925 (flags &&
16926 nla_put_u32(msg, NL80211_ATTR_RXMGMT_FLAGS, flags)))
16927 goto nla_put_failure;
16928
16929 genlmsg_end(msg, hdr);
16930
16931 return genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
16932
16933 nla_put_failure:
16934 nlmsg_free(msg);
16935 return -ENOBUFS;
16936 }
16937
16938 static void nl80211_frame_tx_status(struct wireless_dev *wdev, u64 cookie,
16939 const u8 *buf, size_t len, bool ack,
16940 gfp_t gfp, enum nl80211_commands command)
16941 {
16942 struct wiphy *wiphy = wdev->wiphy;
16943 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16944 struct net_device *netdev = wdev->netdev;
16945 struct sk_buff *msg;
16946 void *hdr;
16947
16948 if (command == NL80211_CMD_FRAME_TX_STATUS)
16949 trace_cfg80211_mgmt_tx_status(wdev, cookie, ack);
16950 else
16951 trace_cfg80211_control_port_tx_status(wdev, cookie, ack);
16952
16953 msg = nlmsg_new(100 + len, gfp);
16954 if (!msg)
16955 return;
16956
16957 hdr = nl80211hdr_put(msg, 0, 0, 0, command);
16958 if (!hdr) {
16959 nlmsg_free(msg);
16960 return;
16961 }
16962
16963 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16964 (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
16965 netdev->ifindex)) ||
16966 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
16967 NL80211_ATTR_PAD) ||
16968 nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
16969 nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
16970 NL80211_ATTR_PAD) ||
16971 (ack && nla_put_flag(msg, NL80211_ATTR_ACK)))
16972 goto nla_put_failure;
16973
16974 genlmsg_end(msg, hdr);
16975
16976 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16977 NL80211_MCGRP_MLME, gfp);
16978 return;
16979
16980 nla_put_failure:
16981 nlmsg_free(msg);
16982 }
16983
16984 void cfg80211_control_port_tx_status(struct wireless_dev *wdev, u64 cookie,
16985 const u8 *buf, size_t len, bool ack,
16986 gfp_t gfp)
16987 {
16988 nl80211_frame_tx_status(wdev, cookie, buf, len, ack, gfp,
16989 NL80211_CMD_CONTROL_PORT_FRAME_TX_STATUS);
16990 }
16991 EXPORT_SYMBOL(cfg80211_control_port_tx_status);
16992
16993 void cfg80211_mgmt_tx_status(struct wireless_dev *wdev, u64 cookie,
16994 const u8 *buf, size_t len, bool ack, gfp_t gfp)
16995 {
16996 nl80211_frame_tx_status(wdev, cookie, buf, len, ack, gfp,
16997 NL80211_CMD_FRAME_TX_STATUS);
16998 }
16999 EXPORT_SYMBOL(cfg80211_mgmt_tx_status);
17000
17001 static int __nl80211_rx_control_port(struct net_device *dev,
17002 struct sk_buff *skb,
17003 bool unencrypted, gfp_t gfp)
17004 {
17005 struct wireless_dev *wdev = dev->ieee80211_ptr;
17006 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
17007 struct ethhdr *ehdr = eth_hdr(skb);
17008 const u8 *addr = ehdr->h_source;
17009 u16 proto = be16_to_cpu(skb->protocol);
17010 struct sk_buff *msg;
17011 void *hdr;
17012 struct nlattr *frame;
17013
17014 u32 nlportid = READ_ONCE(wdev->conn_owner_nlportid);
17015
17016 if (!nlportid)
17017 return -ENOENT;
17018
17019 msg = nlmsg_new(100 + skb->len, gfp);
17020 if (!msg)
17021 return -ENOMEM;
17022
17023 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONTROL_PORT_FRAME);
17024 if (!hdr) {
17025 nlmsg_free(msg);
17026 return -ENOBUFS;
17027 }
17028
17029 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
17030 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
17031 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
17032 NL80211_ATTR_PAD) ||
17033 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
17034 nla_put_u16(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE, proto) ||
17035 (unencrypted && nla_put_flag(msg,
17036 NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT)))
17037 goto nla_put_failure;
17038
17039 frame = nla_reserve(msg, NL80211_ATTR_FRAME, skb->len);
17040 if (!frame)
17041 goto nla_put_failure;
17042
17043 skb_copy_bits(skb, 0, nla_data(frame), skb->len);
17044 genlmsg_end(msg, hdr);
17045
17046 return genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
17047
17048 nla_put_failure:
17049 nlmsg_free(msg);
17050 return -ENOBUFS;
17051 }
17052
17053 bool cfg80211_rx_control_port(struct net_device *dev,
17054 struct sk_buff *skb, bool unencrypted)
17055 {
17056 int ret;
17057
17058 trace_cfg80211_rx_control_port(dev, skb, unencrypted);
17059 ret = __nl80211_rx_control_port(dev, skb, unencrypted, GFP_ATOMIC);
17060 trace_cfg80211_return_bool(ret == 0);
17061 return ret == 0;
17062 }
17063 EXPORT_SYMBOL(cfg80211_rx_control_port);
17064
17065 static struct sk_buff *cfg80211_prepare_cqm(struct net_device *dev,
17066 const char *mac, gfp_t gfp)
17067 {
17068 struct wireless_dev *wdev = dev->ieee80211_ptr;
17069 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
17070 struct sk_buff *msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
17071 void **cb;
17072
17073 if (!msg)
17074 return NULL;
17075
17076 cb = (void **)msg->cb;
17077
17078 cb[0] = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM);
17079 if (!cb[0]) {
17080 nlmsg_free(msg);
17081 return NULL;
17082 }
17083
17084 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
17085 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
17086 goto nla_put_failure;
17087
17088 if (mac && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac))
17089 goto nla_put_failure;
17090
17091 cb[1] = nla_nest_start_noflag(msg, NL80211_ATTR_CQM);
17092 if (!cb[1])
17093 goto nla_put_failure;
17094
17095 cb[2] = rdev;
17096
17097 return msg;
17098 nla_put_failure:
17099 nlmsg_free(msg);
17100 return NULL;
17101 }
17102
17103 static void cfg80211_send_cqm(struct sk_buff *msg, gfp_t gfp)
17104 {
17105 void **cb = (void **)msg->cb;
17106 struct cfg80211_registered_device *rdev = cb[2];
17107
17108 nla_nest_end(msg, cb[1]);
17109 genlmsg_end(msg, cb[0]);
17110
17111 memset(msg->cb, 0, sizeof(msg->cb));
17112
17113 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
17114 NL80211_MCGRP_MLME, gfp);
17115 }
17116
17117 void cfg80211_cqm_rssi_notify(struct net_device *dev,
17118 enum nl80211_cqm_rssi_threshold_event rssi_event,
17119 s32 rssi_level, gfp_t gfp)
17120 {
17121 struct sk_buff *msg;
17122 struct wireless_dev *wdev = dev->ieee80211_ptr;
17123 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
17124
17125 trace_cfg80211_cqm_rssi_notify(dev, rssi_event, rssi_level);
17126
17127 if (WARN_ON(rssi_event != NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW &&
17128 rssi_event != NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH))
17129 return;
17130
17131 if (wdev->cqm_config) {
17132 wdev->cqm_config->last_rssi_event_value = rssi_level;
17133
17134 cfg80211_cqm_rssi_update(rdev, dev);
17135
17136 if (rssi_level == 0)
17137 rssi_level = wdev->cqm_config->last_rssi_event_value;
17138 }
17139
17140 msg = cfg80211_prepare_cqm(dev, NULL, gfp);
17141 if (!msg)
17142 return;
17143
17144 if (nla_put_u32(msg, NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT,
17145 rssi_event))
17146 goto nla_put_failure;
17147
17148 if (rssi_level && nla_put_s32(msg, NL80211_ATTR_CQM_RSSI_LEVEL,
17149 rssi_level))
17150 goto nla_put_failure;
17151
17152 cfg80211_send_cqm(msg, gfp);
17153
17154 return;
17155
17156 nla_put_failure:
17157 nlmsg_free(msg);
17158 }
17159 EXPORT_SYMBOL(cfg80211_cqm_rssi_notify);
17160
17161 void cfg80211_cqm_txe_notify(struct net_device *dev,
17162 const u8 *peer, u32 num_packets,
17163 u32 rate, u32 intvl, gfp_t gfp)
17164 {
17165 struct sk_buff *msg;
17166
17167 msg = cfg80211_prepare_cqm(dev, peer, gfp);
17168 if (!msg)
17169 return;
17170
17171 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_PKTS, num_packets))
17172 goto nla_put_failure;
17173
17174 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_RATE, rate))
17175 goto nla_put_failure;
17176
17177 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_INTVL, intvl))
17178 goto nla_put_failure;
17179
17180 cfg80211_send_cqm(msg, gfp);
17181 return;
17182
17183 nla_put_failure:
17184 nlmsg_free(msg);
17185 }
17186 EXPORT_SYMBOL(cfg80211_cqm_txe_notify);
17187
17188 void cfg80211_cqm_pktloss_notify(struct net_device *dev,
17189 const u8 *peer, u32 num_packets, gfp_t gfp)
17190 {
17191 struct sk_buff *msg;
17192
17193 trace_cfg80211_cqm_pktloss_notify(dev, peer, num_packets);
17194
17195 msg = cfg80211_prepare_cqm(dev, peer, gfp);
17196 if (!msg)
17197 return;
17198
17199 if (nla_put_u32(msg, NL80211_ATTR_CQM_PKT_LOSS_EVENT, num_packets))
17200 goto nla_put_failure;
17201
17202 cfg80211_send_cqm(msg, gfp);
17203 return;
17204
17205 nla_put_failure:
17206 nlmsg_free(msg);
17207 }
17208 EXPORT_SYMBOL(cfg80211_cqm_pktloss_notify);
17209
17210 void cfg80211_cqm_beacon_loss_notify(struct net_device *dev, gfp_t gfp)
17211 {
17212 struct sk_buff *msg;
17213
17214 msg = cfg80211_prepare_cqm(dev, NULL, gfp);
17215 if (!msg)
17216 return;
17217
17218 if (nla_put_flag(msg, NL80211_ATTR_CQM_BEACON_LOSS_EVENT))
17219 goto nla_put_failure;
17220
17221 cfg80211_send_cqm(msg, gfp);
17222 return;
17223
17224 nla_put_failure:
17225 nlmsg_free(msg);
17226 }
17227 EXPORT_SYMBOL(cfg80211_cqm_beacon_loss_notify);
17228
17229 static void nl80211_gtk_rekey_notify(struct cfg80211_registered_device *rdev,
17230 struct net_device *netdev, const u8 *bssid,
17231 const u8 *replay_ctr, gfp_t gfp)
17232 {
17233 struct sk_buff *msg;
17234 struct nlattr *rekey_attr;
17235 void *hdr;
17236
17237 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
17238 if (!msg)
17239 return;
17240
17241 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_REKEY_OFFLOAD);
17242 if (!hdr) {
17243 nlmsg_free(msg);
17244 return;
17245 }
17246
17247 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
17248 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
17249 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
17250 goto nla_put_failure;
17251
17252 rekey_attr = nla_nest_start_noflag(msg, NL80211_ATTR_REKEY_DATA);
17253 if (!rekey_attr)
17254 goto nla_put_failure;
17255
17256 if (nla_put(msg, NL80211_REKEY_DATA_REPLAY_CTR,
17257 NL80211_REPLAY_CTR_LEN, replay_ctr))
17258 goto nla_put_failure;
17259
17260 nla_nest_end(msg, rekey_attr);
17261
17262 genlmsg_end(msg, hdr);
17263
17264 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
17265 NL80211_MCGRP_MLME, gfp);
17266 return;
17267
17268 nla_put_failure:
17269 nlmsg_free(msg);
17270 }
17271
17272 void cfg80211_gtk_rekey_notify(struct net_device *dev, const u8 *bssid,
17273 const u8 *replay_ctr, gfp_t gfp)
17274 {
17275 struct wireless_dev *wdev = dev->ieee80211_ptr;
17276 struct wiphy *wiphy = wdev->wiphy;
17277 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
17278
17279 trace_cfg80211_gtk_rekey_notify(dev, bssid);
17280 nl80211_gtk_rekey_notify(rdev, dev, bssid, replay_ctr, gfp);
17281 }
17282 EXPORT_SYMBOL(cfg80211_gtk_rekey_notify);
17283
17284 static void
17285 nl80211_pmksa_candidate_notify(struct cfg80211_registered_device *rdev,
17286 struct net_device *netdev, int index,
17287 const u8 *bssid, bool preauth, gfp_t gfp)
17288 {
17289 struct sk_buff *msg;
17290 struct nlattr *attr;
17291 void *hdr;
17292
17293 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
17294 if (!msg)
17295 return;
17296
17297 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PMKSA_CANDIDATE);
17298 if (!hdr) {
17299 nlmsg_free(msg);
17300 return;
17301 }
17302
17303 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
17304 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
17305 goto nla_put_failure;
17306
17307 attr = nla_nest_start_noflag(msg, NL80211_ATTR_PMKSA_CANDIDATE);
17308 if (!attr)
17309 goto nla_put_failure;
17310
17311 if (nla_put_u32(msg, NL80211_PMKSA_CANDIDATE_INDEX, index) ||
17312 nla_put(msg, NL80211_PMKSA_CANDIDATE_BSSID, ETH_ALEN, bssid) ||
17313 (preauth &&
17314 nla_put_flag(msg, NL80211_PMKSA_CANDIDATE_PREAUTH)))
17315 goto nla_put_failure;
17316
17317 nla_nest_end(msg, attr);
17318
17319 genlmsg_end(msg, hdr);
17320
17321 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
17322 NL80211_MCGRP_MLME, gfp);
17323 return;
17324
17325 nla_put_failure:
17326 nlmsg_free(msg);
17327 }
17328
17329 void cfg80211_pmksa_candidate_notify(struct net_device *dev, int index,
17330 const u8 *bssid, bool preauth, gfp_t gfp)
17331 {
17332 struct wireless_dev *wdev = dev->ieee80211_ptr;
17333 struct wiphy *wiphy = wdev->wiphy;
17334 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
17335
17336 trace_cfg80211_pmksa_candidate_notify(dev, index, bssid, preauth);
17337 nl80211_pmksa_candidate_notify(rdev, dev, index, bssid, preauth, gfp);
17338 }
17339 EXPORT_SYMBOL(cfg80211_pmksa_candidate_notify);
17340
17341 static void nl80211_ch_switch_notify(struct cfg80211_registered_device *rdev,
17342 struct net_device *netdev,
17343 struct cfg80211_chan_def *chandef,
17344 gfp_t gfp,
17345 enum nl80211_commands notif,
17346 u8 count, bool quiet)
17347 {
17348 struct sk_buff *msg;
17349 void *hdr;
17350
17351 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
17352 if (!msg)
17353 return;
17354
17355 hdr = nl80211hdr_put(msg, 0, 0, 0, notif);
17356 if (!hdr) {
17357 nlmsg_free(msg);
17358 return;
17359 }
17360
17361 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
17362 goto nla_put_failure;
17363
17364 if (nl80211_send_chandef(msg, chandef))
17365 goto nla_put_failure;
17366
17367 if (notif == NL80211_CMD_CH_SWITCH_STARTED_NOTIFY) {
17368 if (nla_put_u32(msg, NL80211_ATTR_CH_SWITCH_COUNT, count))
17369 goto nla_put_failure;
17370 if (quiet &&
17371 nla_put_flag(msg, NL80211_ATTR_CH_SWITCH_BLOCK_TX))
17372 goto nla_put_failure;
17373 }
17374
17375 genlmsg_end(msg, hdr);
17376
17377 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
17378 NL80211_MCGRP_MLME, gfp);
17379 return;
17380
17381 nla_put_failure:
17382 nlmsg_free(msg);
17383 }
17384
17385 void cfg80211_ch_switch_notify(struct net_device *dev,
17386 struct cfg80211_chan_def *chandef)
17387 {
17388 struct wireless_dev *wdev = dev->ieee80211_ptr;
17389 struct wiphy *wiphy = wdev->wiphy;
17390 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
17391
17392 ASSERT_WDEV_LOCK(wdev);
17393
17394 trace_cfg80211_ch_switch_notify(dev, chandef);
17395
17396 wdev->chandef = *chandef;
17397 wdev->preset_chandef = *chandef;
17398
17399 if (wdev->iftype == NL80211_IFTYPE_STATION &&
17400 !WARN_ON(!wdev->current_bss))
17401 cfg80211_update_assoc_bss_entry(wdev, chandef->chan);
17402
17403 cfg80211_sched_dfs_chan_update(rdev);
17404
17405 nl80211_ch_switch_notify(rdev, dev, chandef, GFP_KERNEL,
17406 NL80211_CMD_CH_SWITCH_NOTIFY, 0, false);
17407 }
17408 EXPORT_SYMBOL(cfg80211_ch_switch_notify);
17409
17410 void cfg80211_ch_switch_started_notify(struct net_device *dev,
17411 struct cfg80211_chan_def *chandef,
17412 u8 count, bool quiet)
17413 {
17414 struct wireless_dev *wdev = dev->ieee80211_ptr;
17415 struct wiphy *wiphy = wdev->wiphy;
17416 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
17417
17418 trace_cfg80211_ch_switch_started_notify(dev, chandef);
17419
17420 nl80211_ch_switch_notify(rdev, dev, chandef, GFP_KERNEL,
17421 NL80211_CMD_CH_SWITCH_STARTED_NOTIFY,
17422 count, quiet);
17423 }
17424 EXPORT_SYMBOL(cfg80211_ch_switch_started_notify);
17425
17426 void
17427 nl80211_radar_notify(struct cfg80211_registered_device *rdev,
17428 const struct cfg80211_chan_def *chandef,
17429 enum nl80211_radar_event event,
17430 struct net_device *netdev, gfp_t gfp)
17431 {
17432 struct sk_buff *msg;
17433 void *hdr;
17434
17435 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
17436 if (!msg)
17437 return;
17438
17439 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_RADAR_DETECT);
17440 if (!hdr) {
17441 nlmsg_free(msg);
17442 return;
17443 }
17444
17445 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
17446 goto nla_put_failure;
17447
17448 /* NOP and radar events don't need a netdev parameter */
17449 if (netdev) {
17450 struct wireless_dev *wdev = netdev->ieee80211_ptr;
17451
17452 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
17453 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
17454 NL80211_ATTR_PAD))
17455 goto nla_put_failure;
17456 }
17457
17458 if (nla_put_u32(msg, NL80211_ATTR_RADAR_EVENT, event))
17459 goto nla_put_failure;
17460
17461 if (nl80211_send_chandef(msg, chandef))
17462 goto nla_put_failure;
17463
17464 genlmsg_end(msg, hdr);
17465
17466 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
17467 NL80211_MCGRP_MLME, gfp);
17468 return;
17469
17470 nla_put_failure:
17471 nlmsg_free(msg);
17472 }
17473
17474 void cfg80211_sta_opmode_change_notify(struct net_device *dev, const u8 *mac,
17475 struct sta_opmode_info *sta_opmode,
17476 gfp_t gfp)
17477 {
17478 struct sk_buff *msg;
17479 struct wireless_dev *wdev = dev->ieee80211_ptr;
17480 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
17481 void *hdr;
17482
17483 if (WARN_ON(!mac))
17484 return;
17485
17486 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
17487 if (!msg)
17488 return;
17489
17490 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_STA_OPMODE_CHANGED);
17491 if (!hdr) {
17492 nlmsg_free(msg);
17493 return;
17494 }
17495
17496 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
17497 goto nla_put_failure;
17498
17499 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
17500 goto nla_put_failure;
17501
17502 if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac))
17503 goto nla_put_failure;
17504
17505 if ((sta_opmode->changed & STA_OPMODE_SMPS_MODE_CHANGED) &&
17506 nla_put_u8(msg, NL80211_ATTR_SMPS_MODE, sta_opmode->smps_mode))
17507 goto nla_put_failure;
17508
17509 if ((sta_opmode->changed & STA_OPMODE_MAX_BW_CHANGED) &&
17510 nla_put_u32(msg, NL80211_ATTR_CHANNEL_WIDTH, sta_opmode->bw))
17511 goto nla_put_failure;
17512
17513 if ((sta_opmode->changed & STA_OPMODE_N_SS_CHANGED) &&
17514 nla_put_u8(msg, NL80211_ATTR_NSS, sta_opmode->rx_nss))
17515 goto nla_put_failure;
17516
17517 genlmsg_end(msg, hdr);
17518
17519 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
17520 NL80211_MCGRP_MLME, gfp);
17521
17522 return;
17523
17524 nla_put_failure:
17525 nlmsg_free(msg);
17526 }
17527 EXPORT_SYMBOL(cfg80211_sta_opmode_change_notify);
17528
17529 void cfg80211_probe_status(struct net_device *dev, const u8 *addr,
17530 u64 cookie, bool acked, s32 ack_signal,
17531 bool is_valid_ack_signal, gfp_t gfp)
17532 {
17533 struct wireless_dev *wdev = dev->ieee80211_ptr;
17534 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
17535 struct sk_buff *msg;
17536 void *hdr;
17537
17538 trace_cfg80211_probe_status(dev, addr, cookie, acked);
17539
17540 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
17541
17542 if (!msg)
17543 return;
17544
17545 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PROBE_CLIENT);
17546 if (!hdr) {
17547 nlmsg_free(msg);
17548 return;
17549 }
17550
17551 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
17552 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
17553 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
17554 nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
17555 NL80211_ATTR_PAD) ||
17556 (acked && nla_put_flag(msg, NL80211_ATTR_ACK)) ||
17557 (is_valid_ack_signal && nla_put_s32(msg, NL80211_ATTR_ACK_SIGNAL,
17558 ack_signal)))
17559 goto nla_put_failure;
17560
17561 genlmsg_end(msg, hdr);
17562
17563 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
17564 NL80211_MCGRP_MLME, gfp);
17565 return;
17566
17567 nla_put_failure:
17568 nlmsg_free(msg);
17569 }
17570 EXPORT_SYMBOL(cfg80211_probe_status);
17571
17572 void cfg80211_report_obss_beacon_khz(struct wiphy *wiphy, const u8 *frame,
17573 size_t len, int freq, int sig_dbm)
17574 {
17575 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
17576 struct sk_buff *msg;
17577 void *hdr;
17578 struct cfg80211_beacon_registration *reg;
17579
17580 trace_cfg80211_report_obss_beacon(wiphy, frame, len, freq, sig_dbm);
17581
17582 spin_lock_bh(&rdev->beacon_registrations_lock);
17583 list_for_each_entry(reg, &rdev->beacon_registrations, list) {
17584 msg = nlmsg_new(len + 100, GFP_ATOMIC);
17585 if (!msg) {
17586 spin_unlock_bh(&rdev->beacon_registrations_lock);
17587 return;
17588 }
17589
17590 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
17591 if (!hdr)
17592 goto nla_put_failure;
17593
17594 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
17595 (freq &&
17596 (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ,
17597 KHZ_TO_MHZ(freq)) ||
17598 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ_OFFSET,
17599 freq % 1000))) ||
17600 (sig_dbm &&
17601 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) ||
17602 nla_put(msg, NL80211_ATTR_FRAME, len, frame))
17603 goto nla_put_failure;
17604
17605 genlmsg_end(msg, hdr);
17606
17607 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, reg->nlportid);
17608 }
17609 spin_unlock_bh(&rdev->beacon_registrations_lock);
17610 return;
17611
17612 nla_put_failure:
17613 spin_unlock_bh(&rdev->beacon_registrations_lock);
17614 nlmsg_free(msg);
17615 }
17616 EXPORT_SYMBOL(cfg80211_report_obss_beacon_khz);
17617
17618 #ifdef CONFIG_PM
17619 static int cfg80211_net_detect_results(struct sk_buff *msg,
17620 struct cfg80211_wowlan_wakeup *wakeup)
17621 {
17622 struct cfg80211_wowlan_nd_info *nd = wakeup->net_detect;
17623 struct nlattr *nl_results, *nl_match, *nl_freqs;
17624 int i, j;
17625
17626 nl_results = nla_nest_start_noflag(msg,
17627 NL80211_WOWLAN_TRIG_NET_DETECT_RESULTS);
17628 if (!nl_results)
17629 return -EMSGSIZE;
17630
17631 for (i = 0; i < nd->n_matches; i++) {
17632 struct cfg80211_wowlan_nd_match *match = nd->matches[i];
17633
17634 nl_match = nla_nest_start_noflag(msg, i);
17635 if (!nl_match)
17636 break;
17637
17638 /* The SSID attribute is optional in nl80211, but for
17639 * simplicity reasons it's always present in the
17640 * cfg80211 structure. If a driver can't pass the
17641 * SSID, that needs to be changed. A zero length SSID
17642 * is still a valid SSID (wildcard), so it cannot be
17643 * used for this purpose.
17644 */
17645 if (nla_put(msg, NL80211_ATTR_SSID, match->ssid.ssid_len,
17646 match->ssid.ssid)) {
17647 nla_nest_cancel(msg, nl_match);
17648 goto out;
17649 }
17650
17651 if (match->n_channels) {
17652 nl_freqs = nla_nest_start_noflag(msg,
17653 NL80211_ATTR_SCAN_FREQUENCIES);
17654 if (!nl_freqs) {
17655 nla_nest_cancel(msg, nl_match);
17656 goto out;
17657 }
17658
17659 for (j = 0; j < match->n_channels; j++) {
17660 if (nla_put_u32(msg, j, match->channels[j])) {
17661 nla_nest_cancel(msg, nl_freqs);
17662 nla_nest_cancel(msg, nl_match);
17663 goto out;
17664 }
17665 }
17666
17667 nla_nest_end(msg, nl_freqs);
17668 }
17669
17670 nla_nest_end(msg, nl_match);
17671 }
17672
17673 out:
17674 nla_nest_end(msg, nl_results);
17675 return 0;
17676 }
17677
17678 void cfg80211_report_wowlan_wakeup(struct wireless_dev *wdev,
17679 struct cfg80211_wowlan_wakeup *wakeup,
17680 gfp_t gfp)
17681 {
17682 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
17683 struct sk_buff *msg;
17684 void *hdr;
17685 int size = 200;
17686
17687 trace_cfg80211_report_wowlan_wakeup(wdev->wiphy, wdev, wakeup);
17688
17689 if (wakeup)
17690 size += wakeup->packet_present_len;
17691
17692 msg = nlmsg_new(size, gfp);
17693 if (!msg)
17694 return;
17695
17696 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_WOWLAN);
17697 if (!hdr)
17698 goto free_msg;
17699
17700 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
17701 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
17702 NL80211_ATTR_PAD))
17703 goto free_msg;
17704
17705 if (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
17706 wdev->netdev->ifindex))
17707 goto free_msg;
17708
17709 if (wakeup) {
17710 struct nlattr *reasons;
17711
17712 reasons = nla_nest_start_noflag(msg,
17713 NL80211_ATTR_WOWLAN_TRIGGERS);
17714 if (!reasons)
17715 goto free_msg;
17716
17717 if (wakeup->disconnect &&
17718 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT))
17719 goto free_msg;
17720 if (wakeup->magic_pkt &&
17721 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT))
17722 goto free_msg;
17723 if (wakeup->gtk_rekey_failure &&
17724 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE))
17725 goto free_msg;
17726 if (wakeup->eap_identity_req &&
17727 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST))
17728 goto free_msg;
17729 if (wakeup->four_way_handshake &&
17730 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE))
17731 goto free_msg;
17732 if (wakeup->rfkill_release &&
17733 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE))
17734 goto free_msg;
17735
17736 if (wakeup->pattern_idx >= 0 &&
17737 nla_put_u32(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
17738 wakeup->pattern_idx))
17739 goto free_msg;
17740
17741 if (wakeup->tcp_match &&
17742 nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_MATCH))
17743 goto free_msg;
17744
17745 if (wakeup->tcp_connlost &&
17746 nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_CONNLOST))
17747 goto free_msg;
17748
17749 if (wakeup->tcp_nomoretokens &&
17750 nla_put_flag(msg,
17751 NL80211_WOWLAN_TRIG_WAKEUP_TCP_NOMORETOKENS))
17752 goto free_msg;
17753
17754 if (wakeup->packet) {
17755 u32 pkt_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211;
17756 u32 len_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211_LEN;
17757
17758 if (!wakeup->packet_80211) {
17759 pkt_attr =
17760 NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023;
17761 len_attr =
17762 NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023_LEN;
17763 }
17764
17765 if (wakeup->packet_len &&
17766 nla_put_u32(msg, len_attr, wakeup->packet_len))
17767 goto free_msg;
17768
17769 if (nla_put(msg, pkt_attr, wakeup->packet_present_len,
17770 wakeup->packet))
17771 goto free_msg;
17772 }
17773
17774 if (wakeup->net_detect &&
17775 cfg80211_net_detect_results(msg, wakeup))
17776 goto free_msg;
17777
17778 nla_nest_end(msg, reasons);
17779 }
17780
17781 genlmsg_end(msg, hdr);
17782
17783 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
17784 NL80211_MCGRP_MLME, gfp);
17785 return;
17786
17787 free_msg:
17788 nlmsg_free(msg);
17789 }
17790 EXPORT_SYMBOL(cfg80211_report_wowlan_wakeup);
17791 #endif
17792
17793 void cfg80211_tdls_oper_request(struct net_device *dev, const u8 *peer,
17794 enum nl80211_tdls_operation oper,
17795 u16 reason_code, gfp_t gfp)
17796 {
17797 struct wireless_dev *wdev = dev->ieee80211_ptr;
17798 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
17799 struct sk_buff *msg;
17800 void *hdr;
17801
17802 trace_cfg80211_tdls_oper_request(wdev->wiphy, dev, peer, oper,
17803 reason_code);
17804
17805 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
17806 if (!msg)
17807 return;
17808
17809 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_TDLS_OPER);
17810 if (!hdr) {
17811 nlmsg_free(msg);
17812 return;
17813 }
17814
17815 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
17816 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
17817 nla_put_u8(msg, NL80211_ATTR_TDLS_OPERATION, oper) ||
17818 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer) ||
17819 (reason_code > 0 &&
17820 nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason_code)))
17821 goto nla_put_failure;
17822
17823 genlmsg_end(msg, hdr);
17824
17825 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
17826 NL80211_MCGRP_MLME, gfp);
17827 return;
17828
17829 nla_put_failure:
17830 nlmsg_free(msg);
17831 }
17832 EXPORT_SYMBOL(cfg80211_tdls_oper_request);
17833
17834 static int nl80211_netlink_notify(struct notifier_block * nb,
17835 unsigned long state,
17836 void *_notify)
17837 {
17838 struct netlink_notify *notify = _notify;
17839 struct cfg80211_registered_device *rdev;
17840 struct wireless_dev *wdev;
17841 struct cfg80211_beacon_registration *reg, *tmp;
17842
17843 if (state != NETLINK_URELEASE || notify->protocol != NETLINK_GENERIC)
17844 return NOTIFY_DONE;
17845
17846 rcu_read_lock();
17847
17848 list_for_each_entry_rcu(rdev, &cfg80211_rdev_list, list) {
17849 struct cfg80211_sched_scan_request *sched_scan_req;
17850
17851 list_for_each_entry_rcu(sched_scan_req,
17852 &rdev->sched_scan_req_list,
17853 list) {
17854 if (sched_scan_req->owner_nlportid == notify->portid) {
17855 sched_scan_req->nl_owner_dead = true;
17856 schedule_work(&rdev->sched_scan_stop_wk);
17857 }
17858 }
17859
17860 list_for_each_entry_rcu(wdev, &rdev->wiphy.wdev_list, list) {
17861 cfg80211_mlme_unregister_socket(wdev, notify->portid);
17862
17863 if (wdev->owner_nlportid == notify->portid) {
17864 wdev->nl_owner_dead = true;
17865 schedule_work(&rdev->destroy_work);
17866 } else if (wdev->conn_owner_nlportid == notify->portid) {
17867 schedule_work(&wdev->disconnect_wk);
17868 }
17869
17870 cfg80211_release_pmsr(wdev, notify->portid);
17871 }
17872
17873 spin_lock_bh(&rdev->beacon_registrations_lock);
17874 list_for_each_entry_safe(reg, tmp, &rdev->beacon_registrations,
17875 list) {
17876 if (reg->nlportid == notify->portid) {
17877 list_del(&reg->list);
17878 kfree(reg);
17879 break;
17880 }
17881 }
17882 spin_unlock_bh(&rdev->beacon_registrations_lock);
17883 }
17884
17885 rcu_read_unlock();
17886
17887 /*
17888 * It is possible that the user space process that is controlling the
17889 * indoor setting disappeared, so notify the regulatory core.
17890 */
17891 regulatory_netlink_notify(notify->portid);
17892 return NOTIFY_OK;
17893 }
17894
17895 static struct notifier_block nl80211_netlink_notifier = {
17896 .notifier_call = nl80211_netlink_notify,
17897 };
17898
17899 void cfg80211_ft_event(struct net_device *netdev,
17900 struct cfg80211_ft_event_params *ft_event)
17901 {
17902 struct wiphy *wiphy = netdev->ieee80211_ptr->wiphy;
17903 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
17904 struct sk_buff *msg;
17905 void *hdr;
17906
17907 trace_cfg80211_ft_event(wiphy, netdev, ft_event);
17908
17909 if (!ft_event->target_ap)
17910 return;
17911
17912 msg = nlmsg_new(100 + ft_event->ies_len + ft_event->ric_ies_len,
17913 GFP_KERNEL);
17914 if (!msg)
17915 return;
17916
17917 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FT_EVENT);
17918 if (!hdr)
17919 goto out;
17920
17921 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
17922 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
17923 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, ft_event->target_ap))
17924 goto out;
17925
17926 if (ft_event->ies &&
17927 nla_put(msg, NL80211_ATTR_IE, ft_event->ies_len, ft_event->ies))
17928 goto out;
17929 if (ft_event->ric_ies &&
17930 nla_put(msg, NL80211_ATTR_IE_RIC, ft_event->ric_ies_len,
17931 ft_event->ric_ies))
17932 goto out;
17933
17934 genlmsg_end(msg, hdr);
17935
17936 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
17937 NL80211_MCGRP_MLME, GFP_KERNEL);
17938 return;
17939 out:
17940 nlmsg_free(msg);
17941 }
17942 EXPORT_SYMBOL(cfg80211_ft_event);
17943
17944 void cfg80211_crit_proto_stopped(struct wireless_dev *wdev, gfp_t gfp)
17945 {
17946 struct cfg80211_registered_device *rdev;
17947 struct sk_buff *msg;
17948 void *hdr;
17949 u32 nlportid;
17950
17951 rdev = wiphy_to_rdev(wdev->wiphy);
17952 if (!rdev->crit_proto_nlportid)
17953 return;
17954
17955 nlportid = rdev->crit_proto_nlportid;
17956 rdev->crit_proto_nlportid = 0;
17957
17958 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
17959 if (!msg)
17960 return;
17961
17962 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CRIT_PROTOCOL_STOP);
17963 if (!hdr)
17964 goto nla_put_failure;
17965
17966 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
17967 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
17968 NL80211_ATTR_PAD))
17969 goto nla_put_failure;
17970
17971 genlmsg_end(msg, hdr);
17972
17973 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
17974 return;
17975
17976 nla_put_failure:
17977 nlmsg_free(msg);
17978 }
17979 EXPORT_SYMBOL(cfg80211_crit_proto_stopped);
17980
17981 void nl80211_send_ap_stopped(struct wireless_dev *wdev)
17982 {
17983 struct wiphy *wiphy = wdev->wiphy;
17984 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
17985 struct sk_buff *msg;
17986 void *hdr;
17987
17988 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
17989 if (!msg)
17990 return;
17991
17992 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_STOP_AP);
17993 if (!hdr)
17994 goto out;
17995
17996 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
17997 nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex) ||
17998 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
17999 NL80211_ATTR_PAD))
18000 goto out;
18001
18002 genlmsg_end(msg, hdr);
18003
18004 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(wiphy), msg, 0,
18005 NL80211_MCGRP_MLME, GFP_KERNEL);
18006 return;
18007 out:
18008 nlmsg_free(msg);
18009 }
18010
18011 int cfg80211_external_auth_request(struct net_device *dev,
18012 struct cfg80211_external_auth_params *params,
18013 gfp_t gfp)
18014 {
18015 struct wireless_dev *wdev = dev->ieee80211_ptr;
18016 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
18017 struct sk_buff *msg;
18018 void *hdr;
18019
18020 if (!wdev->conn_owner_nlportid)
18021 return -EINVAL;
18022
18023 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
18024 if (!msg)
18025 return -ENOMEM;
18026
18027 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_EXTERNAL_AUTH);
18028 if (!hdr)
18029 goto nla_put_failure;
18030
18031 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
18032 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
18033 nla_put_u32(msg, NL80211_ATTR_AKM_SUITES, params->key_mgmt_suite) ||
18034 nla_put_u32(msg, NL80211_ATTR_EXTERNAL_AUTH_ACTION,
18035 params->action) ||
18036 nla_put(msg, NL80211_ATTR_BSSID, ETH_ALEN, params->bssid) ||
18037 nla_put(msg, NL80211_ATTR_SSID, params->ssid.ssid_len,
18038 params->ssid.ssid))
18039 goto nla_put_failure;
18040
18041 genlmsg_end(msg, hdr);
18042 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg,
18043 wdev->conn_owner_nlportid);
18044 return 0;
18045
18046 nla_put_failure:
18047 nlmsg_free(msg);
18048 return -ENOBUFS;
18049 }
18050 EXPORT_SYMBOL(cfg80211_external_auth_request);
18051
18052 void cfg80211_update_owe_info_event(struct net_device *netdev,
18053 struct cfg80211_update_owe_info *owe_info,
18054 gfp_t gfp)
18055 {
18056 struct wiphy *wiphy = netdev->ieee80211_ptr->wiphy;
18057 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
18058 struct sk_buff *msg;
18059 void *hdr;
18060
18061 trace_cfg80211_update_owe_info_event(wiphy, netdev, owe_info);
18062
18063 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
18064 if (!msg)
18065 return;
18066
18067 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_UPDATE_OWE_INFO);
18068 if (!hdr)
18069 goto nla_put_failure;
18070
18071 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
18072 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
18073 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, owe_info->peer))
18074 goto nla_put_failure;
18075
18076 if (!owe_info->ie_len ||
18077 nla_put(msg, NL80211_ATTR_IE, owe_info->ie_len, owe_info->ie))
18078 goto nla_put_failure;
18079
18080 genlmsg_end(msg, hdr);
18081
18082 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
18083 NL80211_MCGRP_MLME, gfp);
18084 return;
18085
18086 nla_put_failure:
18087 genlmsg_cancel(msg, hdr);
18088 nlmsg_free(msg);
18089 }
18090 EXPORT_SYMBOL(cfg80211_update_owe_info_event);
18091
18092 /* initialisation/exit functions */
18093
18094 int __init nl80211_init(void)
18095 {
18096 int err;
18097
18098 err = genl_register_family(&nl80211_fam);
18099 if (err)
18100 return err;
18101
18102 err = netlink_register_notifier(&nl80211_netlink_notifier);
18103 if (err)
18104 goto err_out;
18105
18106 return 0;
18107 err_out:
18108 genl_unregister_family(&nl80211_fam);
18109 return err;
18110 }
18111
18112 void nl80211_exit(void)
18113 {
18114 netlink_unregister_notifier(&nl80211_netlink_notifier);
18115 genl_unregister_family(&nl80211_fam);
18116 }
Ubuntu combined Linux kernel mirror