]> git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/blob - net/wireless/nl80211.c
projects / mirror_ubuntu-bionic-kernel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
cfg80211: set preset_chandef after channel switch
[mirror_ubuntu-bionic-kernel.git] / net / wireless / nl80211.c
1 /*
2 * This is the new netlink-based wireless configuration interface.
3 *
4 * Copyright 2006-2010 Johannes Berg <johannes@sipsolutions.net>
5 */
6
7 #include <linux/if.h>
8 #include <linux/module.h>
9 #include <linux/err.h>
10 #include <linux/slab.h>
11 #include <linux/list.h>
12 #include <linux/if_ether.h>
13 #include <linux/ieee80211.h>
14 #include <linux/nl80211.h>
15 #include <linux/rtnetlink.h>
16 #include <linux/netlink.h>
17 #include <linux/etherdevice.h>
18 #include <net/net_namespace.h>
19 #include <net/genetlink.h>
20 #include <net/cfg80211.h>
21 #include <net/sock.h>
22 #include <net/inet_connection_sock.h>
23 #include "core.h"
24 #include "nl80211.h"
25 #include "reg.h"
26 #include "rdev-ops.h"
27
28 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
29 struct genl_info *info,
30 struct cfg80211_crypto_settings *settings,
31 int cipher_limit);
32
33 static int nl80211_pre_doit(const struct genl_ops *ops, struct sk_buff *skb,
34 struct genl_info *info);
35 static void nl80211_post_doit(const struct genl_ops *ops, struct sk_buff *skb,
36 struct genl_info *info);
37
38 /* the netlink family */
39 static struct genl_family nl80211_fam = {
40 .id = GENL_ID_GENERATE, /* don't bother with a hardcoded ID */
41 .name = NL80211_GENL_NAME, /* have users key off the name instead */
42 .hdrsize = 0, /* no private header */
43 .version = 1, /* no particular meaning now */
44 .maxattr = NL80211_ATTR_MAX,
45 .netnsok = true,
46 .pre_doit = nl80211_pre_doit,
47 .post_doit = nl80211_post_doit,
48 };
49
50 /* multicast groups */
51 enum nl80211_multicast_groups {
52 NL80211_MCGRP_CONFIG,
53 NL80211_MCGRP_SCAN,
54 NL80211_MCGRP_REGULATORY,
55 NL80211_MCGRP_MLME,
56 NL80211_MCGRP_VENDOR,
57 NL80211_MCGRP_TESTMODE /* keep last - ifdef! */
58 };
59
60 static const struct genl_multicast_group nl80211_mcgrps[] = {
61 [NL80211_MCGRP_CONFIG] = { .name = "config", },
62 [NL80211_MCGRP_SCAN] = { .name = "scan", },
63 [NL80211_MCGRP_REGULATORY] = { .name = "regulatory", },
64 [NL80211_MCGRP_MLME] = { .name = "mlme", },
65 [NL80211_MCGRP_VENDOR] = { .name = "vendor", },
66 #ifdef CONFIG_NL80211_TESTMODE
67 [NL80211_MCGRP_TESTMODE] = { .name = "testmode", }
68 #endif
69 };
70
71 /* returns ERR_PTR values */
72 static struct wireless_dev *
73 __cfg80211_wdev_from_attrs(struct net *netns, struct nlattr **attrs)
74 {
75 struct cfg80211_registered_device *rdev;
76 struct wireless_dev *result = NULL;
77 bool have_ifidx = attrs[NL80211_ATTR_IFINDEX];
78 bool have_wdev_id = attrs[NL80211_ATTR_WDEV];
79 u64 wdev_id;
80 int wiphy_idx = -1;
81 int ifidx = -1;
82
83 ASSERT_RTNL();
84
85 if (!have_ifidx && !have_wdev_id)
86 return ERR_PTR(-EINVAL);
87
88 if (have_ifidx)
89 ifidx = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
90 if (have_wdev_id) {
91 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
92 wiphy_idx = wdev_id >> 32;
93 }
94
95 list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
96 struct wireless_dev *wdev;
97
98 if (wiphy_net(&rdev->wiphy) != netns)
99 continue;
100
101 if (have_wdev_id && rdev->wiphy_idx != wiphy_idx)
102 continue;
103
104 list_for_each_entry(wdev, &rdev->wdev_list, list) {
105 if (have_ifidx && wdev->netdev &&
106 wdev->netdev->ifindex == ifidx) {
107 result = wdev;
108 break;
109 }
110 if (have_wdev_id && wdev->identifier == (u32)wdev_id) {
111 result = wdev;
112 break;
113 }
114 }
115
116 if (result)
117 break;
118 }
119
120 if (result)
121 return result;
122 return ERR_PTR(-ENODEV);
123 }
124
125 static struct cfg80211_registered_device *
126 __cfg80211_rdev_from_attrs(struct net *netns, struct nlattr **attrs)
127 {
128 struct cfg80211_registered_device *rdev = NULL, *tmp;
129 struct net_device *netdev;
130
131 ASSERT_RTNL();
132
133 if (!attrs[NL80211_ATTR_WIPHY] &&
134 !attrs[NL80211_ATTR_IFINDEX] &&
135 !attrs[NL80211_ATTR_WDEV])
136 return ERR_PTR(-EINVAL);
137
138 if (attrs[NL80211_ATTR_WIPHY])
139 rdev = cfg80211_rdev_by_wiphy_idx(
140 nla_get_u32(attrs[NL80211_ATTR_WIPHY]));
141
142 if (attrs[NL80211_ATTR_WDEV]) {
143 u64 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
144 struct wireless_dev *wdev;
145 bool found = false;
146
147 tmp = cfg80211_rdev_by_wiphy_idx(wdev_id >> 32);
148 if (tmp) {
149 /* make sure wdev exists */
150 list_for_each_entry(wdev, &tmp->wdev_list, list) {
151 if (wdev->identifier != (u32)wdev_id)
152 continue;
153 found = true;
154 break;
155 }
156
157 if (!found)
158 tmp = NULL;
159
160 if (rdev && tmp != rdev)
161 return ERR_PTR(-EINVAL);
162 rdev = tmp;
163 }
164 }
165
166 if (attrs[NL80211_ATTR_IFINDEX]) {
167 int ifindex = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
168 netdev = __dev_get_by_index(netns, ifindex);
169 if (netdev) {
170 if (netdev->ieee80211_ptr)
171 tmp = wiphy_to_dev(
172 netdev->ieee80211_ptr->wiphy);
173 else
174 tmp = NULL;
175
176 /* not wireless device -- return error */
177 if (!tmp)
178 return ERR_PTR(-EINVAL);
179
180 /* mismatch -- return error */
181 if (rdev && tmp != rdev)
182 return ERR_PTR(-EINVAL);
183
184 rdev = tmp;
185 }
186 }
187
188 if (!rdev)
189 return ERR_PTR(-ENODEV);
190
191 if (netns != wiphy_net(&rdev->wiphy))
192 return ERR_PTR(-ENODEV);
193
194 return rdev;
195 }
196
197 /*
198 * This function returns a pointer to the driver
199 * that the genl_info item that is passed refers to.
200 *
201 * The result of this can be a PTR_ERR and hence must
202 * be checked with IS_ERR() for errors.
203 */
204 static struct cfg80211_registered_device *
205 cfg80211_get_dev_from_info(struct net *netns, struct genl_info *info)
206 {
207 return __cfg80211_rdev_from_attrs(netns, info->attrs);
208 }
209
210 /* policy for the attributes */
211 static const struct nla_policy nl80211_policy[NL80211_ATTR_MAX+1] = {
212 [NL80211_ATTR_WIPHY] = { .type = NLA_U32 },
213 [NL80211_ATTR_WIPHY_NAME] = { .type = NLA_NUL_STRING,
214 .len = 20-1 },
215 [NL80211_ATTR_WIPHY_TXQ_PARAMS] = { .type = NLA_NESTED },
216
217 [NL80211_ATTR_WIPHY_FREQ] = { .type = NLA_U32 },
218 [NL80211_ATTR_WIPHY_CHANNEL_TYPE] = { .type = NLA_U32 },
219 [NL80211_ATTR_CHANNEL_WIDTH] = { .type = NLA_U32 },
220 [NL80211_ATTR_CENTER_FREQ1] = { .type = NLA_U32 },
221 [NL80211_ATTR_CENTER_FREQ2] = { .type = NLA_U32 },
222
223 [NL80211_ATTR_WIPHY_RETRY_SHORT] = { .type = NLA_U8 },
224 [NL80211_ATTR_WIPHY_RETRY_LONG] = { .type = NLA_U8 },
225 [NL80211_ATTR_WIPHY_FRAG_THRESHOLD] = { .type = NLA_U32 },
226 [NL80211_ATTR_WIPHY_RTS_THRESHOLD] = { .type = NLA_U32 },
227 [NL80211_ATTR_WIPHY_COVERAGE_CLASS] = { .type = NLA_U8 },
228
229 [NL80211_ATTR_IFTYPE] = { .type = NLA_U32 },
230 [NL80211_ATTR_IFINDEX] = { .type = NLA_U32 },
231 [NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 },
232
233 [NL80211_ATTR_MAC] = { .len = ETH_ALEN },
234 [NL80211_ATTR_PREV_BSSID] = { .len = ETH_ALEN },
235
236 [NL80211_ATTR_KEY] = { .type = NLA_NESTED, },
237 [NL80211_ATTR_KEY_DATA] = { .type = NLA_BINARY,
238 .len = WLAN_MAX_KEY_LEN },
239 [NL80211_ATTR_KEY_IDX] = { .type = NLA_U8 },
240 [NL80211_ATTR_KEY_CIPHER] = { .type = NLA_U32 },
241 [NL80211_ATTR_KEY_DEFAULT] = { .type = NLA_FLAG },
242 [NL80211_ATTR_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
243 [NL80211_ATTR_KEY_TYPE] = { .type = NLA_U32 },
244
245 [NL80211_ATTR_BEACON_INTERVAL] = { .type = NLA_U32 },
246 [NL80211_ATTR_DTIM_PERIOD] = { .type = NLA_U32 },
247 [NL80211_ATTR_BEACON_HEAD] = { .type = NLA_BINARY,
248 .len = IEEE80211_MAX_DATA_LEN },
249 [NL80211_ATTR_BEACON_TAIL] = { .type = NLA_BINARY,
250 .len = IEEE80211_MAX_DATA_LEN },
251 [NL80211_ATTR_STA_AID] = { .type = NLA_U16 },
252 [NL80211_ATTR_STA_FLAGS] = { .type = NLA_NESTED },
253 [NL80211_ATTR_STA_LISTEN_INTERVAL] = { .type = NLA_U16 },
254 [NL80211_ATTR_STA_SUPPORTED_RATES] = { .type = NLA_BINARY,
255 .len = NL80211_MAX_SUPP_RATES },
256 [NL80211_ATTR_STA_PLINK_ACTION] = { .type = NLA_U8 },
257 [NL80211_ATTR_STA_VLAN] = { .type = NLA_U32 },
258 [NL80211_ATTR_MNTR_FLAGS] = { /* NLA_NESTED can't be empty */ },
259 [NL80211_ATTR_MESH_ID] = { .type = NLA_BINARY,
260 .len = IEEE80211_MAX_MESH_ID_LEN },
261 [NL80211_ATTR_MPATH_NEXT_HOP] = { .type = NLA_U32 },
262
263 [NL80211_ATTR_REG_ALPHA2] = { .type = NLA_STRING, .len = 2 },
264 [NL80211_ATTR_REG_RULES] = { .type = NLA_NESTED },
265
266 [NL80211_ATTR_BSS_CTS_PROT] = { .type = NLA_U8 },
267 [NL80211_ATTR_BSS_SHORT_PREAMBLE] = { .type = NLA_U8 },
268 [NL80211_ATTR_BSS_SHORT_SLOT_TIME] = { .type = NLA_U8 },
269 [NL80211_ATTR_BSS_BASIC_RATES] = { .type = NLA_BINARY,
270 .len = NL80211_MAX_SUPP_RATES },
271 [NL80211_ATTR_BSS_HT_OPMODE] = { .type = NLA_U16 },
272
273 [NL80211_ATTR_MESH_CONFIG] = { .type = NLA_NESTED },
274 [NL80211_ATTR_SUPPORT_MESH_AUTH] = { .type = NLA_FLAG },
275
276 [NL80211_ATTR_HT_CAPABILITY] = { .len = NL80211_HT_CAPABILITY_LEN },
277
278 [NL80211_ATTR_MGMT_SUBTYPE] = { .type = NLA_U8 },
279 [NL80211_ATTR_IE] = { .type = NLA_BINARY,
280 .len = IEEE80211_MAX_DATA_LEN },
281 [NL80211_ATTR_SCAN_FREQUENCIES] = { .type = NLA_NESTED },
282 [NL80211_ATTR_SCAN_SSIDS] = { .type = NLA_NESTED },
283
284 [NL80211_ATTR_SSID] = { .type = NLA_BINARY,
285 .len = IEEE80211_MAX_SSID_LEN },
286 [NL80211_ATTR_AUTH_TYPE] = { .type = NLA_U32 },
287 [NL80211_ATTR_REASON_CODE] = { .type = NLA_U16 },
288 [NL80211_ATTR_FREQ_FIXED] = { .type = NLA_FLAG },
289 [NL80211_ATTR_TIMED_OUT] = { .type = NLA_FLAG },
290 [NL80211_ATTR_USE_MFP] = { .type = NLA_U32 },
291 [NL80211_ATTR_STA_FLAGS2] = {
292 .len = sizeof(struct nl80211_sta_flag_update),
293 },
294 [NL80211_ATTR_CONTROL_PORT] = { .type = NLA_FLAG },
295 [NL80211_ATTR_CONTROL_PORT_ETHERTYPE] = { .type = NLA_U16 },
296 [NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT] = { .type = NLA_FLAG },
297 [NL80211_ATTR_PRIVACY] = { .type = NLA_FLAG },
298 [NL80211_ATTR_CIPHER_SUITE_GROUP] = { .type = NLA_U32 },
299 [NL80211_ATTR_WPA_VERSIONS] = { .type = NLA_U32 },
300 [NL80211_ATTR_PID] = { .type = NLA_U32 },
301 [NL80211_ATTR_4ADDR] = { .type = NLA_U8 },
302 [NL80211_ATTR_PMKID] = { .type = NLA_BINARY,
303 .len = WLAN_PMKID_LEN },
304 [NL80211_ATTR_DURATION] = { .type = NLA_U32 },
305 [NL80211_ATTR_COOKIE] = { .type = NLA_U64 },
306 [NL80211_ATTR_TX_RATES] = { .type = NLA_NESTED },
307 [NL80211_ATTR_FRAME] = { .type = NLA_BINARY,
308 .len = IEEE80211_MAX_DATA_LEN },
309 [NL80211_ATTR_FRAME_MATCH] = { .type = NLA_BINARY, },
310 [NL80211_ATTR_PS_STATE] = { .type = NLA_U32 },
311 [NL80211_ATTR_CQM] = { .type = NLA_NESTED, },
312 [NL80211_ATTR_LOCAL_STATE_CHANGE] = { .type = NLA_FLAG },
313 [NL80211_ATTR_AP_ISOLATE] = { .type = NLA_U8 },
314 [NL80211_ATTR_WIPHY_TX_POWER_SETTING] = { .type = NLA_U32 },
315 [NL80211_ATTR_WIPHY_TX_POWER_LEVEL] = { .type = NLA_U32 },
316 [NL80211_ATTR_FRAME_TYPE] = { .type = NLA_U16 },
317 [NL80211_ATTR_WIPHY_ANTENNA_TX] = { .type = NLA_U32 },
318 [NL80211_ATTR_WIPHY_ANTENNA_RX] = { .type = NLA_U32 },
319 [NL80211_ATTR_MCAST_RATE] = { .type = NLA_U32 },
320 [NL80211_ATTR_OFFCHANNEL_TX_OK] = { .type = NLA_FLAG },
321 [NL80211_ATTR_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
322 [NL80211_ATTR_WOWLAN_TRIGGERS] = { .type = NLA_NESTED },
323 [NL80211_ATTR_STA_PLINK_STATE] = { .type = NLA_U8 },
324 [NL80211_ATTR_SCHED_SCAN_INTERVAL] = { .type = NLA_U32 },
325 [NL80211_ATTR_REKEY_DATA] = { .type = NLA_NESTED },
326 [NL80211_ATTR_SCAN_SUPP_RATES] = { .type = NLA_NESTED },
327 [NL80211_ATTR_HIDDEN_SSID] = { .type = NLA_U32 },
328 [NL80211_ATTR_IE_PROBE_RESP] = { .type = NLA_BINARY,
329 .len = IEEE80211_MAX_DATA_LEN },
330 [NL80211_ATTR_IE_ASSOC_RESP] = { .type = NLA_BINARY,
331 .len = IEEE80211_MAX_DATA_LEN },
332 [NL80211_ATTR_ROAM_SUPPORT] = { .type = NLA_FLAG },
333 [NL80211_ATTR_SCHED_SCAN_MATCH] = { .type = NLA_NESTED },
334 [NL80211_ATTR_TX_NO_CCK_RATE] = { .type = NLA_FLAG },
335 [NL80211_ATTR_TDLS_ACTION] = { .type = NLA_U8 },
336 [NL80211_ATTR_TDLS_DIALOG_TOKEN] = { .type = NLA_U8 },
337 [NL80211_ATTR_TDLS_OPERATION] = { .type = NLA_U8 },
338 [NL80211_ATTR_TDLS_SUPPORT] = { .type = NLA_FLAG },
339 [NL80211_ATTR_TDLS_EXTERNAL_SETUP] = { .type = NLA_FLAG },
340 [NL80211_ATTR_DONT_WAIT_FOR_ACK] = { .type = NLA_FLAG },
341 [NL80211_ATTR_PROBE_RESP] = { .type = NLA_BINARY,
342 .len = IEEE80211_MAX_DATA_LEN },
343 [NL80211_ATTR_DFS_REGION] = { .type = NLA_U8 },
344 [NL80211_ATTR_DISABLE_HT] = { .type = NLA_FLAG },
345 [NL80211_ATTR_HT_CAPABILITY_MASK] = {
346 .len = NL80211_HT_CAPABILITY_LEN
347 },
348 [NL80211_ATTR_NOACK_MAP] = { .type = NLA_U16 },
349 [NL80211_ATTR_INACTIVITY_TIMEOUT] = { .type = NLA_U16 },
350 [NL80211_ATTR_BG_SCAN_PERIOD] = { .type = NLA_U16 },
351 [NL80211_ATTR_WDEV] = { .type = NLA_U64 },
352 [NL80211_ATTR_USER_REG_HINT_TYPE] = { .type = NLA_U32 },
353 [NL80211_ATTR_SAE_DATA] = { .type = NLA_BINARY, },
354 [NL80211_ATTR_VHT_CAPABILITY] = { .len = NL80211_VHT_CAPABILITY_LEN },
355 [NL80211_ATTR_SCAN_FLAGS] = { .type = NLA_U32 },
356 [NL80211_ATTR_P2P_CTWINDOW] = { .type = NLA_U8 },
357 [NL80211_ATTR_P2P_OPPPS] = { .type = NLA_U8 },
358 [NL80211_ATTR_ACL_POLICY] = {. type = NLA_U32 },
359 [NL80211_ATTR_MAC_ADDRS] = { .type = NLA_NESTED },
360 [NL80211_ATTR_STA_CAPABILITY] = { .type = NLA_U16 },
361 [NL80211_ATTR_STA_EXT_CAPABILITY] = { .type = NLA_BINARY, },
362 [NL80211_ATTR_SPLIT_WIPHY_DUMP] = { .type = NLA_FLAG, },
363 [NL80211_ATTR_DISABLE_VHT] = { .type = NLA_FLAG },
364 [NL80211_ATTR_VHT_CAPABILITY_MASK] = {
365 .len = NL80211_VHT_CAPABILITY_LEN,
366 },
367 [NL80211_ATTR_MDID] = { .type = NLA_U16 },
368 [NL80211_ATTR_IE_RIC] = { .type = NLA_BINARY,
369 .len = IEEE80211_MAX_DATA_LEN },
370 [NL80211_ATTR_PEER_AID] = { .type = NLA_U16 },
371 [NL80211_ATTR_CH_SWITCH_COUNT] = { .type = NLA_U32 },
372 [NL80211_ATTR_CH_SWITCH_BLOCK_TX] = { .type = NLA_FLAG },
373 [NL80211_ATTR_CSA_IES] = { .type = NLA_NESTED },
374 [NL80211_ATTR_CSA_C_OFF_BEACON] = { .type = NLA_U16 },
375 [NL80211_ATTR_CSA_C_OFF_PRESP] = { .type = NLA_U16 },
376 [NL80211_ATTR_STA_SUPPORTED_CHANNELS] = { .type = NLA_BINARY },
377 [NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES] = { .type = NLA_BINARY },
378 [NL80211_ATTR_HANDLE_DFS] = { .type = NLA_FLAG },
379 [NL80211_ATTR_OPMODE_NOTIF] = { .type = NLA_U8 },
380 [NL80211_ATTR_VENDOR_ID] = { .type = NLA_U32 },
381 [NL80211_ATTR_VENDOR_SUBCMD] = { .type = NLA_U32 },
382 [NL80211_ATTR_VENDOR_DATA] = { .type = NLA_BINARY },
383 [NL80211_ATTR_QOS_MAP] = { .type = NLA_BINARY,
384 .len = IEEE80211_QOS_MAP_LEN_MAX },
385 [NL80211_ATTR_MAC_HINT] = { .len = ETH_ALEN },
386 [NL80211_ATTR_WIPHY_FREQ_HINT] = { .type = NLA_U32 },
387 };
388
389 /* policy for the key attributes */
390 static const struct nla_policy nl80211_key_policy[NL80211_KEY_MAX + 1] = {
391 [NL80211_KEY_DATA] = { .type = NLA_BINARY, .len = WLAN_MAX_KEY_LEN },
392 [NL80211_KEY_IDX] = { .type = NLA_U8 },
393 [NL80211_KEY_CIPHER] = { .type = NLA_U32 },
394 [NL80211_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
395 [NL80211_KEY_DEFAULT] = { .type = NLA_FLAG },
396 [NL80211_KEY_DEFAULT_MGMT] = { .type = NLA_FLAG },
397 [NL80211_KEY_TYPE] = { .type = NLA_U32 },
398 [NL80211_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
399 };
400
401 /* policy for the key default flags */
402 static const struct nla_policy
403 nl80211_key_default_policy[NUM_NL80211_KEY_DEFAULT_TYPES] = {
404 [NL80211_KEY_DEFAULT_TYPE_UNICAST] = { .type = NLA_FLAG },
405 [NL80211_KEY_DEFAULT_TYPE_MULTICAST] = { .type = NLA_FLAG },
406 };
407
408 /* policy for WoWLAN attributes */
409 static const struct nla_policy
410 nl80211_wowlan_policy[NUM_NL80211_WOWLAN_TRIG] = {
411 [NL80211_WOWLAN_TRIG_ANY] = { .type = NLA_FLAG },
412 [NL80211_WOWLAN_TRIG_DISCONNECT] = { .type = NLA_FLAG },
413 [NL80211_WOWLAN_TRIG_MAGIC_PKT] = { .type = NLA_FLAG },
414 [NL80211_WOWLAN_TRIG_PKT_PATTERN] = { .type = NLA_NESTED },
415 [NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE] = { .type = NLA_FLAG },
416 [NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST] = { .type = NLA_FLAG },
417 [NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE] = { .type = NLA_FLAG },
418 [NL80211_WOWLAN_TRIG_RFKILL_RELEASE] = { .type = NLA_FLAG },
419 [NL80211_WOWLAN_TRIG_TCP_CONNECTION] = { .type = NLA_NESTED },
420 };
421
422 static const struct nla_policy
423 nl80211_wowlan_tcp_policy[NUM_NL80211_WOWLAN_TCP] = {
424 [NL80211_WOWLAN_TCP_SRC_IPV4] = { .type = NLA_U32 },
425 [NL80211_WOWLAN_TCP_DST_IPV4] = { .type = NLA_U32 },
426 [NL80211_WOWLAN_TCP_DST_MAC] = { .len = ETH_ALEN },
427 [NL80211_WOWLAN_TCP_SRC_PORT] = { .type = NLA_U16 },
428 [NL80211_WOWLAN_TCP_DST_PORT] = { .type = NLA_U16 },
429 [NL80211_WOWLAN_TCP_DATA_PAYLOAD] = { .len = 1 },
430 [NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ] = {
431 .len = sizeof(struct nl80211_wowlan_tcp_data_seq)
432 },
433 [NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN] = {
434 .len = sizeof(struct nl80211_wowlan_tcp_data_token)
435 },
436 [NL80211_WOWLAN_TCP_DATA_INTERVAL] = { .type = NLA_U32 },
437 [NL80211_WOWLAN_TCP_WAKE_PAYLOAD] = { .len = 1 },
438 [NL80211_WOWLAN_TCP_WAKE_MASK] = { .len = 1 },
439 };
440
441 /* policy for coalesce rule attributes */
442 static const struct nla_policy
443 nl80211_coalesce_policy[NUM_NL80211_ATTR_COALESCE_RULE] = {
444 [NL80211_ATTR_COALESCE_RULE_DELAY] = { .type = NLA_U32 },
445 [NL80211_ATTR_COALESCE_RULE_CONDITION] = { .type = NLA_U32 },
446 [NL80211_ATTR_COALESCE_RULE_PKT_PATTERN] = { .type = NLA_NESTED },
447 };
448
449 /* policy for GTK rekey offload attributes */
450 static const struct nla_policy
451 nl80211_rekey_policy[NUM_NL80211_REKEY_DATA] = {
452 [NL80211_REKEY_DATA_KEK] = { .len = NL80211_KEK_LEN },
453 [NL80211_REKEY_DATA_KCK] = { .len = NL80211_KCK_LEN },
454 [NL80211_REKEY_DATA_REPLAY_CTR] = { .len = NL80211_REPLAY_CTR_LEN },
455 };
456
457 static const struct nla_policy
458 nl80211_match_policy[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1] = {
459 [NL80211_SCHED_SCAN_MATCH_ATTR_SSID] = { .type = NLA_BINARY,
460 .len = IEEE80211_MAX_SSID_LEN },
461 [NL80211_SCHED_SCAN_MATCH_ATTR_RSSI] = { .type = NLA_U32 },
462 };
463
464 static int nl80211_prepare_wdev_dump(struct sk_buff *skb,
465 struct netlink_callback *cb,
466 struct cfg80211_registered_device **rdev,
467 struct wireless_dev **wdev)
468 {
469 int err;
470
471 rtnl_lock();
472
473 if (!cb->args[0]) {
474 err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
475 nl80211_fam.attrbuf, nl80211_fam.maxattr,
476 nl80211_policy);
477 if (err)
478 goto out_unlock;
479
480 *wdev = __cfg80211_wdev_from_attrs(sock_net(skb->sk),
481 nl80211_fam.attrbuf);
482 if (IS_ERR(*wdev)) {
483 err = PTR_ERR(*wdev);
484 goto out_unlock;
485 }
486 *rdev = wiphy_to_dev((*wdev)->wiphy);
487 /* 0 is the first index - add 1 to parse only once */
488 cb->args[0] = (*rdev)->wiphy_idx + 1;
489 cb->args[1] = (*wdev)->identifier;
490 } else {
491 /* subtract the 1 again here */
492 struct wiphy *wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1);
493 struct wireless_dev *tmp;
494
495 if (!wiphy) {
496 err = -ENODEV;
497 goto out_unlock;
498 }
499 *rdev = wiphy_to_dev(wiphy);
500 *wdev = NULL;
501
502 list_for_each_entry(tmp, &(*rdev)->wdev_list, list) {
503 if (tmp->identifier == cb->args[1]) {
504 *wdev = tmp;
505 break;
506 }
507 }
508
509 if (!*wdev) {
510 err = -ENODEV;
511 goto out_unlock;
512 }
513 }
514
515 return 0;
516 out_unlock:
517 rtnl_unlock();
518 return err;
519 }
520
521 static void nl80211_finish_wdev_dump(struct cfg80211_registered_device *rdev)
522 {
523 rtnl_unlock();
524 }
525
526 /* IE validation */
527 static bool is_valid_ie_attr(const struct nlattr *attr)
528 {
529 const u8 *pos;
530 int len;
531
532 if (!attr)
533 return true;
534
535 pos = nla_data(attr);
536 len = nla_len(attr);
537
538 while (len) {
539 u8 elemlen;
540
541 if (len < 2)
542 return false;
543 len -= 2;
544
545 elemlen = pos[1];
546 if (elemlen > len)
547 return false;
548
549 len -= elemlen;
550 pos += 2 + elemlen;
551 }
552
553 return true;
554 }
555
556 /* message building helper */
557 static inline void *nl80211hdr_put(struct sk_buff *skb, u32 portid, u32 seq,
558 int flags, u8 cmd)
559 {
560 /* since there is no private header just add the generic one */
561 return genlmsg_put(skb, portid, seq, &nl80211_fam, flags, cmd);
562 }
563
564 static int nl80211_msg_put_channel(struct sk_buff *msg,
565 struct ieee80211_channel *chan,
566 bool large)
567 {
568 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_FREQ,
569 chan->center_freq))
570 goto nla_put_failure;
571
572 if ((chan->flags & IEEE80211_CHAN_DISABLED) &&
573 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_DISABLED))
574 goto nla_put_failure;
575 if (chan->flags & IEEE80211_CHAN_NO_IR) {
576 if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_IR))
577 goto nla_put_failure;
578 if (nla_put_flag(msg, __NL80211_FREQUENCY_ATTR_NO_IBSS))
579 goto nla_put_failure;
580 }
581 if (chan->flags & IEEE80211_CHAN_RADAR) {
582 if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_RADAR))
583 goto nla_put_failure;
584 if (large) {
585 u32 time;
586
587 time = elapsed_jiffies_msecs(chan->dfs_state_entered);
588
589 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_STATE,
590 chan->dfs_state))
591 goto nla_put_failure;
592 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_TIME,
593 time))
594 goto nla_put_failure;
595 }
596 }
597
598 if (large) {
599 if ((chan->flags & IEEE80211_CHAN_NO_HT40MINUS) &&
600 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_MINUS))
601 goto nla_put_failure;
602 if ((chan->flags & IEEE80211_CHAN_NO_HT40PLUS) &&
603 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_PLUS))
604 goto nla_put_failure;
605 if ((chan->flags & IEEE80211_CHAN_NO_80MHZ) &&
606 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_80MHZ))
607 goto nla_put_failure;
608 if ((chan->flags & IEEE80211_CHAN_NO_160MHZ) &&
609 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_160MHZ))
610 goto nla_put_failure;
611 }
612
613 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_MAX_TX_POWER,
614 DBM_TO_MBM(chan->max_power)))
615 goto nla_put_failure;
616
617 return 0;
618
619 nla_put_failure:
620 return -ENOBUFS;
621 }
622
623 /* netlink command implementations */
624
625 struct key_parse {
626 struct key_params p;
627 int idx;
628 int type;
629 bool def, defmgmt;
630 bool def_uni, def_multi;
631 };
632
633 static int nl80211_parse_key_new(struct nlattr *key, struct key_parse *k)
634 {
635 struct nlattr *tb[NL80211_KEY_MAX + 1];
636 int err = nla_parse_nested(tb, NL80211_KEY_MAX, key,
637 nl80211_key_policy);
638 if (err)
639 return err;
640
641 k->def = !!tb[NL80211_KEY_DEFAULT];
642 k->defmgmt = !!tb[NL80211_KEY_DEFAULT_MGMT];
643
644 if (k->def) {
645 k->def_uni = true;
646 k->def_multi = true;
647 }
648 if (k->defmgmt)
649 k->def_multi = true;
650
651 if (tb[NL80211_KEY_IDX])
652 k->idx = nla_get_u8(tb[NL80211_KEY_IDX]);
653
654 if (tb[NL80211_KEY_DATA]) {
655 k->p.key = nla_data(tb[NL80211_KEY_DATA]);
656 k->p.key_len = nla_len(tb[NL80211_KEY_DATA]);
657 }
658
659 if (tb[NL80211_KEY_SEQ]) {
660 k->p.seq = nla_data(tb[NL80211_KEY_SEQ]);
661 k->p.seq_len = nla_len(tb[NL80211_KEY_SEQ]);
662 }
663
664 if (tb[NL80211_KEY_CIPHER])
665 k->p.cipher = nla_get_u32(tb[NL80211_KEY_CIPHER]);
666
667 if (tb[NL80211_KEY_TYPE]) {
668 k->type = nla_get_u32(tb[NL80211_KEY_TYPE]);
669 if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES)
670 return -EINVAL;
671 }
672
673 if (tb[NL80211_KEY_DEFAULT_TYPES]) {
674 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
675 err = nla_parse_nested(kdt, NUM_NL80211_KEY_DEFAULT_TYPES - 1,
676 tb[NL80211_KEY_DEFAULT_TYPES],
677 nl80211_key_default_policy);
678 if (err)
679 return err;
680
681 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
682 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
683 }
684
685 return 0;
686 }
687
688 static int nl80211_parse_key_old(struct genl_info *info, struct key_parse *k)
689 {
690 if (info->attrs[NL80211_ATTR_KEY_DATA]) {
691 k->p.key = nla_data(info->attrs[NL80211_ATTR_KEY_DATA]);
692 k->p.key_len = nla_len(info->attrs[NL80211_ATTR_KEY_DATA]);
693 }
694
695 if (info->attrs[NL80211_ATTR_KEY_SEQ]) {
696 k->p.seq = nla_data(info->attrs[NL80211_ATTR_KEY_SEQ]);
697 k->p.seq_len = nla_len(info->attrs[NL80211_ATTR_KEY_SEQ]);
698 }
699
700 if (info->attrs[NL80211_ATTR_KEY_IDX])
701 k->idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
702
703 if (info->attrs[NL80211_ATTR_KEY_CIPHER])
704 k->p.cipher = nla_get_u32(info->attrs[NL80211_ATTR_KEY_CIPHER]);
705
706 k->def = !!info->attrs[NL80211_ATTR_KEY_DEFAULT];
707 k->defmgmt = !!info->attrs[NL80211_ATTR_KEY_DEFAULT_MGMT];
708
709 if (k->def) {
710 k->def_uni = true;
711 k->def_multi = true;
712 }
713 if (k->defmgmt)
714 k->def_multi = true;
715
716 if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
717 k->type = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
718 if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES)
719 return -EINVAL;
720 }
721
722 if (info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES]) {
723 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
724 int err = nla_parse_nested(
725 kdt, NUM_NL80211_KEY_DEFAULT_TYPES - 1,
726 info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES],
727 nl80211_key_default_policy);
728 if (err)
729 return err;
730
731 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
732 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
733 }
734
735 return 0;
736 }
737
738 static int nl80211_parse_key(struct genl_info *info, struct key_parse *k)
739 {
740 int err;
741
742 memset(k, 0, sizeof(*k));
743 k->idx = -1;
744 k->type = -1;
745
746 if (info->attrs[NL80211_ATTR_KEY])
747 err = nl80211_parse_key_new(info->attrs[NL80211_ATTR_KEY], k);
748 else
749 err = nl80211_parse_key_old(info, k);
750
751 if (err)
752 return err;
753
754 if (k->def && k->defmgmt)
755 return -EINVAL;
756
757 if (k->defmgmt) {
758 if (k->def_uni || !k->def_multi)
759 return -EINVAL;
760 }
761
762 if (k->idx != -1) {
763 if (k->defmgmt) {
764 if (k->idx < 4 || k->idx > 5)
765 return -EINVAL;
766 } else if (k->def) {
767 if (k->idx < 0 || k->idx > 3)
768 return -EINVAL;
769 } else {
770 if (k->idx < 0 || k->idx > 5)
771 return -EINVAL;
772 }
773 }
774
775 return 0;
776 }
777
778 static struct cfg80211_cached_keys *
779 nl80211_parse_connkeys(struct cfg80211_registered_device *rdev,
780 struct nlattr *keys, bool *no_ht)
781 {
782 struct key_parse parse;
783 struct nlattr *key;
784 struct cfg80211_cached_keys *result;
785 int rem, err, def = 0;
786
787 result = kzalloc(sizeof(*result), GFP_KERNEL);
788 if (!result)
789 return ERR_PTR(-ENOMEM);
790
791 result->def = -1;
792 result->defmgmt = -1;
793
794 nla_for_each_nested(key, keys, rem) {
795 memset(&parse, 0, sizeof(parse));
796 parse.idx = -1;
797
798 err = nl80211_parse_key_new(key, &parse);
799 if (err)
800 goto error;
801 err = -EINVAL;
802 if (!parse.p.key)
803 goto error;
804 if (parse.idx < 0 || parse.idx > 4)
805 goto error;
806 if (parse.def) {
807 if (def)
808 goto error;
809 def = 1;
810 result->def = parse.idx;
811 if (!parse.def_uni || !parse.def_multi)
812 goto error;
813 } else if (parse.defmgmt)
814 goto error;
815 err = cfg80211_validate_key_settings(rdev, &parse.p,
816 parse.idx, false, NULL);
817 if (err)
818 goto error;
819 result->params[parse.idx].cipher = parse.p.cipher;
820 result->params[parse.idx].key_len = parse.p.key_len;
821 result->params[parse.idx].key = result->data[parse.idx];
822 memcpy(result->data[parse.idx], parse.p.key, parse.p.key_len);
823
824 if (parse.p.cipher == WLAN_CIPHER_SUITE_WEP40 ||
825 parse.p.cipher == WLAN_CIPHER_SUITE_WEP104) {
826 if (no_ht)
827 *no_ht = true;
828 }
829 }
830
831 return result;
832 error:
833 kfree(result);
834 return ERR_PTR(err);
835 }
836
837 static int nl80211_key_allowed(struct wireless_dev *wdev)
838 {
839 ASSERT_WDEV_LOCK(wdev);
840
841 switch (wdev->iftype) {
842 case NL80211_IFTYPE_AP:
843 case NL80211_IFTYPE_AP_VLAN:
844 case NL80211_IFTYPE_P2P_GO:
845 case NL80211_IFTYPE_MESH_POINT:
846 break;
847 case NL80211_IFTYPE_ADHOC:
848 case NL80211_IFTYPE_STATION:
849 case NL80211_IFTYPE_P2P_CLIENT:
850 if (!wdev->current_bss)
851 return -ENOLINK;
852 break;
853 default:
854 return -EINVAL;
855 }
856
857 return 0;
858 }
859
860 static struct ieee80211_channel *nl80211_get_valid_chan(struct wiphy *wiphy,
861 struct nlattr *tb)
862 {
863 struct ieee80211_channel *chan;
864
865 if (tb == NULL)
866 return NULL;
867 chan = ieee80211_get_channel(wiphy, nla_get_u32(tb));
868 if (!chan || chan->flags & IEEE80211_CHAN_DISABLED)
869 return NULL;
870 return chan;
871 }
872
873 static int nl80211_put_iftypes(struct sk_buff *msg, u32 attr, u16 ifmodes)
874 {
875 struct nlattr *nl_modes = nla_nest_start(msg, attr);
876 int i;
877
878 if (!nl_modes)
879 goto nla_put_failure;
880
881 i = 0;
882 while (ifmodes) {
883 if ((ifmodes & 1) && nla_put_flag(msg, i))
884 goto nla_put_failure;
885 ifmodes >>= 1;
886 i++;
887 }
888
889 nla_nest_end(msg, nl_modes);
890 return 0;
891
892 nla_put_failure:
893 return -ENOBUFS;
894 }
895
896 static int nl80211_put_iface_combinations(struct wiphy *wiphy,
897 struct sk_buff *msg,
898 bool large)
899 {
900 struct nlattr *nl_combis;
901 int i, j;
902
903 nl_combis = nla_nest_start(msg,
904 NL80211_ATTR_INTERFACE_COMBINATIONS);
905 if (!nl_combis)
906 goto nla_put_failure;
907
908 for (i = 0; i < wiphy->n_iface_combinations; i++) {
909 const struct ieee80211_iface_combination *c;
910 struct nlattr *nl_combi, *nl_limits;
911
912 c = &wiphy->iface_combinations[i];
913
914 nl_combi = nla_nest_start(msg, i + 1);
915 if (!nl_combi)
916 goto nla_put_failure;
917
918 nl_limits = nla_nest_start(msg, NL80211_IFACE_COMB_LIMITS);
919 if (!nl_limits)
920 goto nla_put_failure;
921
922 for (j = 0; j < c->n_limits; j++) {
923 struct nlattr *nl_limit;
924
925 nl_limit = nla_nest_start(msg, j + 1);
926 if (!nl_limit)
927 goto nla_put_failure;
928 if (nla_put_u32(msg, NL80211_IFACE_LIMIT_MAX,
929 c->limits[j].max))
930 goto nla_put_failure;
931 if (nl80211_put_iftypes(msg, NL80211_IFACE_LIMIT_TYPES,
932 c->limits[j].types))
933 goto nla_put_failure;
934 nla_nest_end(msg, nl_limit);
935 }
936
937 nla_nest_end(msg, nl_limits);
938
939 if (c->beacon_int_infra_match &&
940 nla_put_flag(msg, NL80211_IFACE_COMB_STA_AP_BI_MATCH))
941 goto nla_put_failure;
942 if (nla_put_u32(msg, NL80211_IFACE_COMB_NUM_CHANNELS,
943 c->num_different_channels) ||
944 nla_put_u32(msg, NL80211_IFACE_COMB_MAXNUM,
945 c->max_interfaces))
946 goto nla_put_failure;
947 if (large &&
948 nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_WIDTHS,
949 c->radar_detect_widths))
950 goto nla_put_failure;
951
952 nla_nest_end(msg, nl_combi);
953 }
954
955 nla_nest_end(msg, nl_combis);
956
957 return 0;
958 nla_put_failure:
959 return -ENOBUFS;
960 }
961
962 #ifdef CONFIG_PM
963 static int nl80211_send_wowlan_tcp_caps(struct cfg80211_registered_device *rdev,
964 struct sk_buff *msg)
965 {
966 const struct wiphy_wowlan_tcp_support *tcp = rdev->wiphy.wowlan->tcp;
967 struct nlattr *nl_tcp;
968
969 if (!tcp)
970 return 0;
971
972 nl_tcp = nla_nest_start(msg, NL80211_WOWLAN_TRIG_TCP_CONNECTION);
973 if (!nl_tcp)
974 return -ENOBUFS;
975
976 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
977 tcp->data_payload_max))
978 return -ENOBUFS;
979
980 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
981 tcp->data_payload_max))
982 return -ENOBUFS;
983
984 if (tcp->seq && nla_put_flag(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ))
985 return -ENOBUFS;
986
987 if (tcp->tok && nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
988 sizeof(*tcp->tok), tcp->tok))
989 return -ENOBUFS;
990
991 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
992 tcp->data_interval_max))
993 return -ENOBUFS;
994
995 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
996 tcp->wake_payload_max))
997 return -ENOBUFS;
998
999 nla_nest_end(msg, nl_tcp);
1000 return 0;
1001 }
1002
1003 static int nl80211_send_wowlan(struct sk_buff *msg,
1004 struct cfg80211_registered_device *dev,
1005 bool large)
1006 {
1007 struct nlattr *nl_wowlan;
1008
1009 if (!dev->wiphy.wowlan)
1010 return 0;
1011
1012 nl_wowlan = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS_SUPPORTED);
1013 if (!nl_wowlan)
1014 return -ENOBUFS;
1015
1016 if (((dev->wiphy.wowlan->flags & WIPHY_WOWLAN_ANY) &&
1017 nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
1018 ((dev->wiphy.wowlan->flags & WIPHY_WOWLAN_DISCONNECT) &&
1019 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
1020 ((dev->wiphy.wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT) &&
1021 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
1022 ((dev->wiphy.wowlan->flags & WIPHY_WOWLAN_SUPPORTS_GTK_REKEY) &&
1023 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED)) ||
1024 ((dev->wiphy.wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE) &&
1025 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
1026 ((dev->wiphy.wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ) &&
1027 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
1028 ((dev->wiphy.wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE) &&
1029 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
1030 ((dev->wiphy.wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE) &&
1031 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
1032 return -ENOBUFS;
1033
1034 if (dev->wiphy.wowlan->n_patterns) {
1035 struct nl80211_pattern_support pat = {
1036 .max_patterns = dev->wiphy.wowlan->n_patterns,
1037 .min_pattern_len = dev->wiphy.wowlan->pattern_min_len,
1038 .max_pattern_len = dev->wiphy.wowlan->pattern_max_len,
1039 .max_pkt_offset = dev->wiphy.wowlan->max_pkt_offset,
1040 };
1041
1042 if (nla_put(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
1043 sizeof(pat), &pat))
1044 return -ENOBUFS;
1045 }
1046
1047 if (large && nl80211_send_wowlan_tcp_caps(dev, msg))
1048 return -ENOBUFS;
1049
1050 nla_nest_end(msg, nl_wowlan);
1051
1052 return 0;
1053 }
1054 #endif
1055
1056 static int nl80211_send_coalesce(struct sk_buff *msg,
1057 struct cfg80211_registered_device *dev)
1058 {
1059 struct nl80211_coalesce_rule_support rule;
1060
1061 if (!dev->wiphy.coalesce)
1062 return 0;
1063
1064 rule.max_rules = dev->wiphy.coalesce->n_rules;
1065 rule.max_delay = dev->wiphy.coalesce->max_delay;
1066 rule.pat.max_patterns = dev->wiphy.coalesce->n_patterns;
1067 rule.pat.min_pattern_len = dev->wiphy.coalesce->pattern_min_len;
1068 rule.pat.max_pattern_len = dev->wiphy.coalesce->pattern_max_len;
1069 rule.pat.max_pkt_offset = dev->wiphy.coalesce->max_pkt_offset;
1070
1071 if (nla_put(msg, NL80211_ATTR_COALESCE_RULE, sizeof(rule), &rule))
1072 return -ENOBUFS;
1073
1074 return 0;
1075 }
1076
1077 static int nl80211_send_band_rateinfo(struct sk_buff *msg,
1078 struct ieee80211_supported_band *sband)
1079 {
1080 struct nlattr *nl_rates, *nl_rate;
1081 struct ieee80211_rate *rate;
1082 int i;
1083
1084 /* add HT info */
1085 if (sband->ht_cap.ht_supported &&
1086 (nla_put(msg, NL80211_BAND_ATTR_HT_MCS_SET,
1087 sizeof(sband->ht_cap.mcs),
1088 &sband->ht_cap.mcs) ||
1089 nla_put_u16(msg, NL80211_BAND_ATTR_HT_CAPA,
1090 sband->ht_cap.cap) ||
1091 nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_FACTOR,
1092 sband->ht_cap.ampdu_factor) ||
1093 nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_DENSITY,
1094 sband->ht_cap.ampdu_density)))
1095 return -ENOBUFS;
1096
1097 /* add VHT info */
1098 if (sband->vht_cap.vht_supported &&
1099 (nla_put(msg, NL80211_BAND_ATTR_VHT_MCS_SET,
1100 sizeof(sband->vht_cap.vht_mcs),
1101 &sband->vht_cap.vht_mcs) ||
1102 nla_put_u32(msg, NL80211_BAND_ATTR_VHT_CAPA,
1103 sband->vht_cap.cap)))
1104 return -ENOBUFS;
1105
1106 /* add bitrates */
1107 nl_rates = nla_nest_start(msg, NL80211_BAND_ATTR_RATES);
1108 if (!nl_rates)
1109 return -ENOBUFS;
1110
1111 for (i = 0; i < sband->n_bitrates; i++) {
1112 nl_rate = nla_nest_start(msg, i);
1113 if (!nl_rate)
1114 return -ENOBUFS;
1115
1116 rate = &sband->bitrates[i];
1117 if (nla_put_u32(msg, NL80211_BITRATE_ATTR_RATE,
1118 rate->bitrate))
1119 return -ENOBUFS;
1120 if ((rate->flags & IEEE80211_RATE_SHORT_PREAMBLE) &&
1121 nla_put_flag(msg,
1122 NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE))
1123 return -ENOBUFS;
1124
1125 nla_nest_end(msg, nl_rate);
1126 }
1127
1128 nla_nest_end(msg, nl_rates);
1129
1130 return 0;
1131 }
1132
1133 static int
1134 nl80211_send_mgmt_stypes(struct sk_buff *msg,
1135 const struct ieee80211_txrx_stypes *mgmt_stypes)
1136 {
1137 u16 stypes;
1138 struct nlattr *nl_ftypes, *nl_ifs;
1139 enum nl80211_iftype ift;
1140 int i;
1141
1142 if (!mgmt_stypes)
1143 return 0;
1144
1145 nl_ifs = nla_nest_start(msg, NL80211_ATTR_TX_FRAME_TYPES);
1146 if (!nl_ifs)
1147 return -ENOBUFS;
1148
1149 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
1150 nl_ftypes = nla_nest_start(msg, ift);
1151 if (!nl_ftypes)
1152 return -ENOBUFS;
1153 i = 0;
1154 stypes = mgmt_stypes[ift].tx;
1155 while (stypes) {
1156 if ((stypes & 1) &&
1157 nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
1158 (i << 4) | IEEE80211_FTYPE_MGMT))
1159 return -ENOBUFS;
1160 stypes >>= 1;
1161 i++;
1162 }
1163 nla_nest_end(msg, nl_ftypes);
1164 }
1165
1166 nla_nest_end(msg, nl_ifs);
1167
1168 nl_ifs = nla_nest_start(msg, NL80211_ATTR_RX_FRAME_TYPES);
1169 if (!nl_ifs)
1170 return -ENOBUFS;
1171
1172 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
1173 nl_ftypes = nla_nest_start(msg, ift);
1174 if (!nl_ftypes)
1175 return -ENOBUFS;
1176 i = 0;
1177 stypes = mgmt_stypes[ift].rx;
1178 while (stypes) {
1179 if ((stypes & 1) &&
1180 nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
1181 (i << 4) | IEEE80211_FTYPE_MGMT))
1182 return -ENOBUFS;
1183 stypes >>= 1;
1184 i++;
1185 }
1186 nla_nest_end(msg, nl_ftypes);
1187 }
1188 nla_nest_end(msg, nl_ifs);
1189
1190 return 0;
1191 }
1192
1193 struct nl80211_dump_wiphy_state {
1194 s64 filter_wiphy;
1195 long start;
1196 long split_start, band_start, chan_start;
1197 bool split;
1198 };
1199
1200 static int nl80211_send_wiphy(struct cfg80211_registered_device *dev,
1201 struct sk_buff *msg, u32 portid, u32 seq,
1202 int flags, struct nl80211_dump_wiphy_state *state)
1203 {
1204 void *hdr;
1205 struct nlattr *nl_bands, *nl_band;
1206 struct nlattr *nl_freqs, *nl_freq;
1207 struct nlattr *nl_cmds;
1208 enum ieee80211_band band;
1209 struct ieee80211_channel *chan;
1210 int i;
1211 const struct ieee80211_txrx_stypes *mgmt_stypes =
1212 dev->wiphy.mgmt_stypes;
1213 u32 features;
1214
1215 hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_WIPHY);
1216 if (!hdr)
1217 return -ENOBUFS;
1218
1219 if (WARN_ON(!state))
1220 return -EINVAL;
1221
1222 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, dev->wiphy_idx) ||
1223 nla_put_string(msg, NL80211_ATTR_WIPHY_NAME,
1224 wiphy_name(&dev->wiphy)) ||
1225 nla_put_u32(msg, NL80211_ATTR_GENERATION,
1226 cfg80211_rdev_list_generation))
1227 goto nla_put_failure;
1228
1229 switch (state->split_start) {
1230 case 0:
1231 if (nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_SHORT,
1232 dev->wiphy.retry_short) ||
1233 nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_LONG,
1234 dev->wiphy.retry_long) ||
1235 nla_put_u32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD,
1236 dev->wiphy.frag_threshold) ||
1237 nla_put_u32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD,
1238 dev->wiphy.rts_threshold) ||
1239 nla_put_u8(msg, NL80211_ATTR_WIPHY_COVERAGE_CLASS,
1240 dev->wiphy.coverage_class) ||
1241 nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCAN_SSIDS,
1242 dev->wiphy.max_scan_ssids) ||
1243 nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS,
1244 dev->wiphy.max_sched_scan_ssids) ||
1245 nla_put_u16(msg, NL80211_ATTR_MAX_SCAN_IE_LEN,
1246 dev->wiphy.max_scan_ie_len) ||
1247 nla_put_u16(msg, NL80211_ATTR_MAX_SCHED_SCAN_IE_LEN,
1248 dev->wiphy.max_sched_scan_ie_len) ||
1249 nla_put_u8(msg, NL80211_ATTR_MAX_MATCH_SETS,
1250 dev->wiphy.max_match_sets))
1251 goto nla_put_failure;
1252
1253 if ((dev->wiphy.flags & WIPHY_FLAG_IBSS_RSN) &&
1254 nla_put_flag(msg, NL80211_ATTR_SUPPORT_IBSS_RSN))
1255 goto nla_put_failure;
1256 if ((dev->wiphy.flags & WIPHY_FLAG_MESH_AUTH) &&
1257 nla_put_flag(msg, NL80211_ATTR_SUPPORT_MESH_AUTH))
1258 goto nla_put_failure;
1259 if ((dev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) &&
1260 nla_put_flag(msg, NL80211_ATTR_SUPPORT_AP_UAPSD))
1261 goto nla_put_failure;
1262 if ((dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_FW_ROAM) &&
1263 nla_put_flag(msg, NL80211_ATTR_ROAM_SUPPORT))
1264 goto nla_put_failure;
1265 if ((dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) &&
1266 nla_put_flag(msg, NL80211_ATTR_TDLS_SUPPORT))
1267 goto nla_put_failure;
1268 if ((dev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP) &&
1269 nla_put_flag(msg, NL80211_ATTR_TDLS_EXTERNAL_SETUP))
1270 goto nla_put_failure;
1271 state->split_start++;
1272 if (state->split)
1273 break;
1274 case 1:
1275 if (nla_put(msg, NL80211_ATTR_CIPHER_SUITES,
1276 sizeof(u32) * dev->wiphy.n_cipher_suites,
1277 dev->wiphy.cipher_suites))
1278 goto nla_put_failure;
1279
1280 if (nla_put_u8(msg, NL80211_ATTR_MAX_NUM_PMKIDS,
1281 dev->wiphy.max_num_pmkids))
1282 goto nla_put_failure;
1283
1284 if ((dev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
1285 nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE))
1286 goto nla_put_failure;
1287
1288 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_TX,
1289 dev->wiphy.available_antennas_tx) ||
1290 nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_RX,
1291 dev->wiphy.available_antennas_rx))
1292 goto nla_put_failure;
1293
1294 if ((dev->wiphy.flags & WIPHY_FLAG_AP_PROBE_RESP_OFFLOAD) &&
1295 nla_put_u32(msg, NL80211_ATTR_PROBE_RESP_OFFLOAD,
1296 dev->wiphy.probe_resp_offload))
1297 goto nla_put_failure;
1298
1299 if ((dev->wiphy.available_antennas_tx ||
1300 dev->wiphy.available_antennas_rx) &&
1301 dev->ops->get_antenna) {
1302 u32 tx_ant = 0, rx_ant = 0;
1303 int res;
1304 res = rdev_get_antenna(dev, &tx_ant, &rx_ant);
1305 if (!res) {
1306 if (nla_put_u32(msg,
1307 NL80211_ATTR_WIPHY_ANTENNA_TX,
1308 tx_ant) ||
1309 nla_put_u32(msg,
1310 NL80211_ATTR_WIPHY_ANTENNA_RX,
1311 rx_ant))
1312 goto nla_put_failure;
1313 }
1314 }
1315
1316 state->split_start++;
1317 if (state->split)
1318 break;
1319 case 2:
1320 if (nl80211_put_iftypes(msg, NL80211_ATTR_SUPPORTED_IFTYPES,
1321 dev->wiphy.interface_modes))
1322 goto nla_put_failure;
1323 state->split_start++;
1324 if (state->split)
1325 break;
1326 case 3:
1327 nl_bands = nla_nest_start(msg, NL80211_ATTR_WIPHY_BANDS);
1328 if (!nl_bands)
1329 goto nla_put_failure;
1330
1331 for (band = state->band_start;
1332 band < IEEE80211_NUM_BANDS; band++) {
1333 struct ieee80211_supported_band *sband;
1334
1335 sband = dev->wiphy.bands[band];
1336
1337 if (!sband)
1338 continue;
1339
1340 nl_band = nla_nest_start(msg, band);
1341 if (!nl_band)
1342 goto nla_put_failure;
1343
1344 switch (state->chan_start) {
1345 case 0:
1346 if (nl80211_send_band_rateinfo(msg, sband))
1347 goto nla_put_failure;
1348 state->chan_start++;
1349 if (state->split)
1350 break;
1351 default:
1352 /* add frequencies */
1353 nl_freqs = nla_nest_start(
1354 msg, NL80211_BAND_ATTR_FREQS);
1355 if (!nl_freqs)
1356 goto nla_put_failure;
1357
1358 for (i = state->chan_start - 1;
1359 i < sband->n_channels;
1360 i++) {
1361 nl_freq = nla_nest_start(msg, i);
1362 if (!nl_freq)
1363 goto nla_put_failure;
1364
1365 chan = &sband->channels[i];
1366
1367 if (nl80211_msg_put_channel(
1368 msg, chan,
1369 state->split))
1370 goto nla_put_failure;
1371
1372 nla_nest_end(msg, nl_freq);
1373 if (state->split)
1374 break;
1375 }
1376 if (i < sband->n_channels)
1377 state->chan_start = i + 2;
1378 else
1379 state->chan_start = 0;
1380 nla_nest_end(msg, nl_freqs);
1381 }
1382
1383 nla_nest_end(msg, nl_band);
1384
1385 if (state->split) {
1386 /* start again here */
1387 if (state->chan_start)
1388 band--;
1389 break;
1390 }
1391 }
1392 nla_nest_end(msg, nl_bands);
1393
1394 if (band < IEEE80211_NUM_BANDS)
1395 state->band_start = band + 1;
1396 else
1397 state->band_start = 0;
1398
1399 /* if bands & channels are done, continue outside */
1400 if (state->band_start == 0 && state->chan_start == 0)
1401 state->split_start++;
1402 if (state->split)
1403 break;
1404 case 4:
1405 nl_cmds = nla_nest_start(msg, NL80211_ATTR_SUPPORTED_COMMANDS);
1406 if (!nl_cmds)
1407 goto nla_put_failure;
1408
1409 i = 0;
1410 #define CMD(op, n) \
1411 do { \
1412 if (dev->ops->op) { \
1413 i++; \
1414 if (nla_put_u32(msg, i, NL80211_CMD_ ## n)) \
1415 goto nla_put_failure; \
1416 } \
1417 } while (0)
1418
1419 CMD(add_virtual_intf, NEW_INTERFACE);
1420 CMD(change_virtual_intf, SET_INTERFACE);
1421 CMD(add_key, NEW_KEY);
1422 CMD(start_ap, START_AP);
1423 CMD(add_station, NEW_STATION);
1424 CMD(add_mpath, NEW_MPATH);
1425 CMD(update_mesh_config, SET_MESH_CONFIG);
1426 CMD(change_bss, SET_BSS);
1427 CMD(auth, AUTHENTICATE);
1428 CMD(assoc, ASSOCIATE);
1429 CMD(deauth, DEAUTHENTICATE);
1430 CMD(disassoc, DISASSOCIATE);
1431 CMD(join_ibss, JOIN_IBSS);
1432 CMD(join_mesh, JOIN_MESH);
1433 CMD(set_pmksa, SET_PMKSA);
1434 CMD(del_pmksa, DEL_PMKSA);
1435 CMD(flush_pmksa, FLUSH_PMKSA);
1436 if (dev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL)
1437 CMD(remain_on_channel, REMAIN_ON_CHANNEL);
1438 CMD(set_bitrate_mask, SET_TX_BITRATE_MASK);
1439 CMD(mgmt_tx, FRAME);
1440 CMD(mgmt_tx_cancel_wait, FRAME_WAIT_CANCEL);
1441 if (dev->wiphy.flags & WIPHY_FLAG_NETNS_OK) {
1442 i++;
1443 if (nla_put_u32(msg, i, NL80211_CMD_SET_WIPHY_NETNS))
1444 goto nla_put_failure;
1445 }
1446 if (dev->ops->set_monitor_channel || dev->ops->start_ap ||
1447 dev->ops->join_mesh) {
1448 i++;
1449 if (nla_put_u32(msg, i, NL80211_CMD_SET_CHANNEL))
1450 goto nla_put_failure;
1451 }
1452 CMD(set_wds_peer, SET_WDS_PEER);
1453 if (dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) {
1454 CMD(tdls_mgmt, TDLS_MGMT);
1455 CMD(tdls_oper, TDLS_OPER);
1456 }
1457 if (dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN)
1458 CMD(sched_scan_start, START_SCHED_SCAN);
1459 CMD(probe_client, PROBE_CLIENT);
1460 CMD(set_noack_map, SET_NOACK_MAP);
1461 if (dev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS) {
1462 i++;
1463 if (nla_put_u32(msg, i, NL80211_CMD_REGISTER_BEACONS))
1464 goto nla_put_failure;
1465 }
1466 CMD(start_p2p_device, START_P2P_DEVICE);
1467 CMD(set_mcast_rate, SET_MCAST_RATE);
1468 if (state->split) {
1469 CMD(crit_proto_start, CRIT_PROTOCOL_START);
1470 CMD(crit_proto_stop, CRIT_PROTOCOL_STOP);
1471 if (dev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH)
1472 CMD(channel_switch, CHANNEL_SWITCH);
1473 }
1474 CMD(set_qos_map, SET_QOS_MAP);
1475
1476 #ifdef CONFIG_NL80211_TESTMODE
1477 CMD(testmode_cmd, TESTMODE);
1478 #endif
1479
1480 #undef CMD
1481
1482 if (dev->ops->connect || dev->ops->auth) {
1483 i++;
1484 if (nla_put_u32(msg, i, NL80211_CMD_CONNECT))
1485 goto nla_put_failure;
1486 }
1487
1488 if (dev->ops->disconnect || dev->ops->deauth) {
1489 i++;
1490 if (nla_put_u32(msg, i, NL80211_CMD_DISCONNECT))
1491 goto nla_put_failure;
1492 }
1493
1494 nla_nest_end(msg, nl_cmds);
1495 state->split_start++;
1496 if (state->split)
1497 break;
1498 case 5:
1499 if (dev->ops->remain_on_channel &&
1500 (dev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL) &&
1501 nla_put_u32(msg,
1502 NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION,
1503 dev->wiphy.max_remain_on_channel_duration))
1504 goto nla_put_failure;
1505
1506 if ((dev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX) &&
1507 nla_put_flag(msg, NL80211_ATTR_OFFCHANNEL_TX_OK))
1508 goto nla_put_failure;
1509
1510 if (nl80211_send_mgmt_stypes(msg, mgmt_stypes))
1511 goto nla_put_failure;
1512 state->split_start++;
1513 if (state->split)
1514 break;
1515 case 6:
1516 #ifdef CONFIG_PM
1517 if (nl80211_send_wowlan(msg, dev, state->split))
1518 goto nla_put_failure;
1519 state->split_start++;
1520 if (state->split)
1521 break;
1522 #else
1523 state->split_start++;
1524 #endif
1525 case 7:
1526 if (nl80211_put_iftypes(msg, NL80211_ATTR_SOFTWARE_IFTYPES,
1527 dev->wiphy.software_iftypes))
1528 goto nla_put_failure;
1529
1530 if (nl80211_put_iface_combinations(&dev->wiphy, msg,
1531 state->split))
1532 goto nla_put_failure;
1533
1534 state->split_start++;
1535 if (state->split)
1536 break;
1537 case 8:
1538 if ((dev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME) &&
1539 nla_put_u32(msg, NL80211_ATTR_DEVICE_AP_SME,
1540 dev->wiphy.ap_sme_capa))
1541 goto nla_put_failure;
1542
1543 features = dev->wiphy.features;
1544 /*
1545 * We can only add the per-channel limit information if the
1546 * dump is split, otherwise it makes it too big. Therefore
1547 * only advertise it in that case.
1548 */
1549 if (state->split)
1550 features |= NL80211_FEATURE_ADVERTISE_CHAN_LIMITS;
1551 if (nla_put_u32(msg, NL80211_ATTR_FEATURE_FLAGS, features))
1552 goto nla_put_failure;
1553
1554 if (dev->wiphy.ht_capa_mod_mask &&
1555 nla_put(msg, NL80211_ATTR_HT_CAPABILITY_MASK,
1556 sizeof(*dev->wiphy.ht_capa_mod_mask),
1557 dev->wiphy.ht_capa_mod_mask))
1558 goto nla_put_failure;
1559
1560 if (dev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME &&
1561 dev->wiphy.max_acl_mac_addrs &&
1562 nla_put_u32(msg, NL80211_ATTR_MAC_ACL_MAX,
1563 dev->wiphy.max_acl_mac_addrs))
1564 goto nla_put_failure;
1565
1566 /*
1567 * Any information below this point is only available to
1568 * applications that can deal with it being split. This
1569 * helps ensure that newly added capabilities don't break
1570 * older tools by overrunning their buffers.
1571 *
1572 * We still increment split_start so that in the split
1573 * case we'll continue with more data in the next round,
1574 * but break unconditionally so unsplit data stops here.
1575 */
1576 state->split_start++;
1577 break;
1578 case 9:
1579 if (dev->wiphy.extended_capabilities &&
1580 (nla_put(msg, NL80211_ATTR_EXT_CAPA,
1581 dev->wiphy.extended_capabilities_len,
1582 dev->wiphy.extended_capabilities) ||
1583 nla_put(msg, NL80211_ATTR_EXT_CAPA_MASK,
1584 dev->wiphy.extended_capabilities_len,
1585 dev->wiphy.extended_capabilities_mask)))
1586 goto nla_put_failure;
1587
1588 if (dev->wiphy.vht_capa_mod_mask &&
1589 nla_put(msg, NL80211_ATTR_VHT_CAPABILITY_MASK,
1590 sizeof(*dev->wiphy.vht_capa_mod_mask),
1591 dev->wiphy.vht_capa_mod_mask))
1592 goto nla_put_failure;
1593
1594 state->split_start++;
1595 break;
1596 case 10:
1597 if (nl80211_send_coalesce(msg, dev))
1598 goto nla_put_failure;
1599
1600 if ((dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ) &&
1601 (nla_put_flag(msg, NL80211_ATTR_SUPPORT_5_MHZ) ||
1602 nla_put_flag(msg, NL80211_ATTR_SUPPORT_10_MHZ)))
1603 goto nla_put_failure;
1604
1605 if (dev->wiphy.max_ap_assoc_sta &&
1606 nla_put_u32(msg, NL80211_ATTR_MAX_AP_ASSOC_STA,
1607 dev->wiphy.max_ap_assoc_sta))
1608 goto nla_put_failure;
1609
1610 state->split_start++;
1611 break;
1612 case 11:
1613 if (dev->wiphy.n_vendor_commands) {
1614 const struct nl80211_vendor_cmd_info *info;
1615 struct nlattr *nested;
1616
1617 nested = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA);
1618 if (!nested)
1619 goto nla_put_failure;
1620
1621 for (i = 0; i < dev->wiphy.n_vendor_commands; i++) {
1622 info = &dev->wiphy.vendor_commands[i].info;
1623 if (nla_put(msg, i + 1, sizeof(*info), info))
1624 goto nla_put_failure;
1625 }
1626 nla_nest_end(msg, nested);
1627 }
1628
1629 if (dev->wiphy.n_vendor_events) {
1630 const struct nl80211_vendor_cmd_info *info;
1631 struct nlattr *nested;
1632
1633 nested = nla_nest_start(msg,
1634 NL80211_ATTR_VENDOR_EVENTS);
1635 if (!nested)
1636 goto nla_put_failure;
1637
1638 for (i = 0; i < dev->wiphy.n_vendor_events; i++) {
1639 info = &dev->wiphy.vendor_events[i];
1640 if (nla_put(msg, i + 1, sizeof(*info), info))
1641 goto nla_put_failure;
1642 }
1643 nla_nest_end(msg, nested);
1644 }
1645
1646 /* done */
1647 state->split_start = 0;
1648 break;
1649 }
1650 return genlmsg_end(msg, hdr);
1651
1652 nla_put_failure:
1653 genlmsg_cancel(msg, hdr);
1654 return -EMSGSIZE;
1655 }
1656
1657 static int nl80211_dump_wiphy_parse(struct sk_buff *skb,
1658 struct netlink_callback *cb,
1659 struct nl80211_dump_wiphy_state *state)
1660 {
1661 struct nlattr **tb = nl80211_fam.attrbuf;
1662 int ret = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
1663 tb, nl80211_fam.maxattr, nl80211_policy);
1664 /* ignore parse errors for backward compatibility */
1665 if (ret)
1666 return 0;
1667
1668 state->split = tb[NL80211_ATTR_SPLIT_WIPHY_DUMP];
1669 if (tb[NL80211_ATTR_WIPHY])
1670 state->filter_wiphy = nla_get_u32(tb[NL80211_ATTR_WIPHY]);
1671 if (tb[NL80211_ATTR_WDEV])
1672 state->filter_wiphy = nla_get_u64(tb[NL80211_ATTR_WDEV]) >> 32;
1673 if (tb[NL80211_ATTR_IFINDEX]) {
1674 struct net_device *netdev;
1675 struct cfg80211_registered_device *rdev;
1676 int ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]);
1677
1678 netdev = __dev_get_by_index(sock_net(skb->sk), ifidx);
1679 if (!netdev)
1680 return -ENODEV;
1681 if (netdev->ieee80211_ptr) {
1682 rdev = wiphy_to_dev(
1683 netdev->ieee80211_ptr->wiphy);
1684 state->filter_wiphy = rdev->wiphy_idx;
1685 }
1686 }
1687
1688 return 0;
1689 }
1690
1691 static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb)
1692 {
1693 int idx = 0, ret;
1694 struct nl80211_dump_wiphy_state *state = (void *)cb->args[0];
1695 struct cfg80211_registered_device *dev;
1696
1697 rtnl_lock();
1698 if (!state) {
1699 state = kzalloc(sizeof(*state), GFP_KERNEL);
1700 if (!state) {
1701 rtnl_unlock();
1702 return -ENOMEM;
1703 }
1704 state->filter_wiphy = -1;
1705 ret = nl80211_dump_wiphy_parse(skb, cb, state);
1706 if (ret) {
1707 kfree(state);
1708 rtnl_unlock();
1709 return ret;
1710 }
1711 cb->args[0] = (long)state;
1712 }
1713
1714 list_for_each_entry(dev, &cfg80211_rdev_list, list) {
1715 if (!net_eq(wiphy_net(&dev->wiphy), sock_net(skb->sk)))
1716 continue;
1717 if (++idx <= state->start)
1718 continue;
1719 if (state->filter_wiphy != -1 &&
1720 state->filter_wiphy != dev->wiphy_idx)
1721 continue;
1722 /* attempt to fit multiple wiphy data chunks into the skb */
1723 do {
1724 ret = nl80211_send_wiphy(dev, skb,
1725 NETLINK_CB(cb->skb).portid,
1726 cb->nlh->nlmsg_seq,
1727 NLM_F_MULTI, state);
1728 if (ret < 0) {
1729 /*
1730 * If sending the wiphy data didn't fit (ENOBUFS
1731 * or EMSGSIZE returned), this SKB is still
1732 * empty (so it's not too big because another
1733 * wiphy dataset is already in the skb) and
1734 * we've not tried to adjust the dump allocation
1735 * yet ... then adjust the alloc size to be
1736 * bigger, and return 1 but with the empty skb.
1737 * This results in an empty message being RX'ed
1738 * in userspace, but that is ignored.
1739 *
1740 * We can then retry with the larger buffer.
1741 */
1742 if ((ret == -ENOBUFS || ret == -EMSGSIZE) &&
1743 !skb->len &&
1744 cb->min_dump_alloc < 4096) {
1745 cb->min_dump_alloc = 4096;
1746 rtnl_unlock();
1747 return 1;
1748 }
1749 idx--;
1750 break;
1751 }
1752 } while (state->split_start > 0);
1753 break;
1754 }
1755 rtnl_unlock();
1756
1757 state->start = idx;
1758
1759 return skb->len;
1760 }
1761
1762 static int nl80211_dump_wiphy_done(struct netlink_callback *cb)
1763 {
1764 kfree((void *)cb->args[0]);
1765 return 0;
1766 }
1767
1768 static int nl80211_get_wiphy(struct sk_buff *skb, struct genl_info *info)
1769 {
1770 struct sk_buff *msg;
1771 struct cfg80211_registered_device *dev = info->user_ptr[0];
1772 struct nl80211_dump_wiphy_state state = {};
1773
1774 msg = nlmsg_new(4096, GFP_KERNEL);
1775 if (!msg)
1776 return -ENOMEM;
1777
1778 if (nl80211_send_wiphy(dev, msg, info->snd_portid, info->snd_seq, 0,
1779 &state) < 0) {
1780 nlmsg_free(msg);
1781 return -ENOBUFS;
1782 }
1783
1784 return genlmsg_reply(msg, info);
1785 }
1786
1787 static const struct nla_policy txq_params_policy[NL80211_TXQ_ATTR_MAX + 1] = {
1788 [NL80211_TXQ_ATTR_QUEUE] = { .type = NLA_U8 },
1789 [NL80211_TXQ_ATTR_TXOP] = { .type = NLA_U16 },
1790 [NL80211_TXQ_ATTR_CWMIN] = { .type = NLA_U16 },
1791 [NL80211_TXQ_ATTR_CWMAX] = { .type = NLA_U16 },
1792 [NL80211_TXQ_ATTR_AIFS] = { .type = NLA_U8 },
1793 };
1794
1795 static int parse_txq_params(struct nlattr *tb[],
1796 struct ieee80211_txq_params *txq_params)
1797 {
1798 if (!tb[NL80211_TXQ_ATTR_AC] || !tb[NL80211_TXQ_ATTR_TXOP] ||
1799 !tb[NL80211_TXQ_ATTR_CWMIN] || !tb[NL80211_TXQ_ATTR_CWMAX] ||
1800 !tb[NL80211_TXQ_ATTR_AIFS])
1801 return -EINVAL;
1802
1803 txq_params->ac = nla_get_u8(tb[NL80211_TXQ_ATTR_AC]);
1804 txq_params->txop = nla_get_u16(tb[NL80211_TXQ_ATTR_TXOP]);
1805 txq_params->cwmin = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMIN]);
1806 txq_params->cwmax = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMAX]);
1807 txq_params->aifs = nla_get_u8(tb[NL80211_TXQ_ATTR_AIFS]);
1808
1809 if (txq_params->ac >= NL80211_NUM_ACS)
1810 return -EINVAL;
1811
1812 return 0;
1813 }
1814
1815 static bool nl80211_can_set_dev_channel(struct wireless_dev *wdev)
1816 {
1817 /*
1818 * You can only set the channel explicitly for WDS interfaces,
1819 * all others have their channel managed via their respective
1820 * "establish a connection" command (connect, join, ...)
1821 *
1822 * For AP/GO and mesh mode, the channel can be set with the
1823 * channel userspace API, but is only stored and passed to the
1824 * low-level driver when the AP starts or the mesh is joined.
1825 * This is for backward compatibility, userspace can also give
1826 * the channel in the start-ap or join-mesh commands instead.
1827 *
1828 * Monitors are special as they are normally slaved to
1829 * whatever else is going on, so they have their own special
1830 * operation to set the monitor channel if possible.
1831 */
1832 return !wdev ||
1833 wdev->iftype == NL80211_IFTYPE_AP ||
1834 wdev->iftype == NL80211_IFTYPE_MESH_POINT ||
1835 wdev->iftype == NL80211_IFTYPE_MONITOR ||
1836 wdev->iftype == NL80211_IFTYPE_P2P_GO;
1837 }
1838
1839 static int nl80211_parse_chandef(struct cfg80211_registered_device *rdev,
1840 struct genl_info *info,
1841 struct cfg80211_chan_def *chandef)
1842 {
1843 u32 control_freq;
1844
1845 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
1846 return -EINVAL;
1847
1848 control_freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]);
1849
1850 chandef->chan = ieee80211_get_channel(&rdev->wiphy, control_freq);
1851 chandef->width = NL80211_CHAN_WIDTH_20_NOHT;
1852 chandef->center_freq1 = control_freq;
1853 chandef->center_freq2 = 0;
1854
1855 /* Primary channel not allowed */
1856 if (!chandef->chan || chandef->chan->flags & IEEE80211_CHAN_DISABLED)
1857 return -EINVAL;
1858
1859 if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
1860 enum nl80211_channel_type chantype;
1861
1862 chantype = nla_get_u32(
1863 info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
1864
1865 switch (chantype) {
1866 case NL80211_CHAN_NO_HT:
1867 case NL80211_CHAN_HT20:
1868 case NL80211_CHAN_HT40PLUS:
1869 case NL80211_CHAN_HT40MINUS:
1870 cfg80211_chandef_create(chandef, chandef->chan,
1871 chantype);
1872 break;
1873 default:
1874 return -EINVAL;
1875 }
1876 } else if (info->attrs[NL80211_ATTR_CHANNEL_WIDTH]) {
1877 chandef->width =
1878 nla_get_u32(info->attrs[NL80211_ATTR_CHANNEL_WIDTH]);
1879 if (info->attrs[NL80211_ATTR_CENTER_FREQ1])
1880 chandef->center_freq1 =
1881 nla_get_u32(
1882 info->attrs[NL80211_ATTR_CENTER_FREQ1]);
1883 if (info->attrs[NL80211_ATTR_CENTER_FREQ2])
1884 chandef->center_freq2 =
1885 nla_get_u32(
1886 info->attrs[NL80211_ATTR_CENTER_FREQ2]);
1887 }
1888
1889 if (!cfg80211_chandef_valid(chandef))
1890 return -EINVAL;
1891
1892 if (!cfg80211_chandef_usable(&rdev->wiphy, chandef,
1893 IEEE80211_CHAN_DISABLED))
1894 return -EINVAL;
1895
1896 if ((chandef->width == NL80211_CHAN_WIDTH_5 ||
1897 chandef->width == NL80211_CHAN_WIDTH_10) &&
1898 !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ))
1899 return -EINVAL;
1900
1901 return 0;
1902 }
1903
1904 static int __nl80211_set_channel(struct cfg80211_registered_device *rdev,
1905 struct wireless_dev *wdev,
1906 struct genl_info *info)
1907 {
1908 struct cfg80211_chan_def chandef;
1909 int result;
1910 enum nl80211_iftype iftype = NL80211_IFTYPE_MONITOR;
1911
1912 if (wdev)
1913 iftype = wdev->iftype;
1914
1915 if (!nl80211_can_set_dev_channel(wdev))
1916 return -EOPNOTSUPP;
1917
1918 result = nl80211_parse_chandef(rdev, info, &chandef);
1919 if (result)
1920 return result;
1921
1922 switch (iftype) {
1923 case NL80211_IFTYPE_AP:
1924 case NL80211_IFTYPE_P2P_GO:
1925 if (wdev->beacon_interval) {
1926 result = -EBUSY;
1927 break;
1928 }
1929 if (!cfg80211_reg_can_beacon(&rdev->wiphy, &chandef)) {
1930 result = -EINVAL;
1931 break;
1932 }
1933 wdev->preset_chandef = chandef;
1934 result = 0;
1935 break;
1936 case NL80211_IFTYPE_MESH_POINT:
1937 result = cfg80211_set_mesh_channel(rdev, wdev, &chandef);
1938 break;
1939 case NL80211_IFTYPE_MONITOR:
1940 result = cfg80211_set_monitor_channel(rdev, &chandef);
1941 break;
1942 default:
1943 result = -EINVAL;
1944 }
1945
1946 return result;
1947 }
1948
1949 static int nl80211_set_channel(struct sk_buff *skb, struct genl_info *info)
1950 {
1951 struct cfg80211_registered_device *rdev = info->user_ptr[0];
1952 struct net_device *netdev = info->user_ptr[1];
1953
1954 return __nl80211_set_channel(rdev, netdev->ieee80211_ptr, info);
1955 }
1956
1957 static int nl80211_set_wds_peer(struct sk_buff *skb, struct genl_info *info)
1958 {
1959 struct cfg80211_registered_device *rdev = info->user_ptr[0];
1960 struct net_device *dev = info->user_ptr[1];
1961 struct wireless_dev *wdev = dev->ieee80211_ptr;
1962 const u8 *bssid;
1963
1964 if (!info->attrs[NL80211_ATTR_MAC])
1965 return -EINVAL;
1966
1967 if (netif_running(dev))
1968 return -EBUSY;
1969
1970 if (!rdev->ops->set_wds_peer)
1971 return -EOPNOTSUPP;
1972
1973 if (wdev->iftype != NL80211_IFTYPE_WDS)
1974 return -EOPNOTSUPP;
1975
1976 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
1977 return rdev_set_wds_peer(rdev, dev, bssid);
1978 }
1979
1980
1981 static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info)
1982 {
1983 struct cfg80211_registered_device *rdev;
1984 struct net_device *netdev = NULL;
1985 struct wireless_dev *wdev;
1986 int result = 0, rem_txq_params = 0;
1987 struct nlattr *nl_txq_params;
1988 u32 changed;
1989 u8 retry_short = 0, retry_long = 0;
1990 u32 frag_threshold = 0, rts_threshold = 0;
1991 u8 coverage_class = 0;
1992
1993 ASSERT_RTNL();
1994
1995 /*
1996 * Try to find the wiphy and netdev. Normally this
1997 * function shouldn't need the netdev, but this is
1998 * done for backward compatibility -- previously
1999 * setting the channel was done per wiphy, but now
2000 * it is per netdev. Previous userland like hostapd
2001 * also passed a netdev to set_wiphy, so that it is
2002 * possible to let that go to the right netdev!
2003 */
2004
2005 if (info->attrs[NL80211_ATTR_IFINDEX]) {
2006 int ifindex = nla_get_u32(info->attrs[NL80211_ATTR_IFINDEX]);
2007
2008 netdev = __dev_get_by_index(genl_info_net(info), ifindex);
2009 if (netdev && netdev->ieee80211_ptr)
2010 rdev = wiphy_to_dev(netdev->ieee80211_ptr->wiphy);
2011 else
2012 netdev = NULL;
2013 }
2014
2015 if (!netdev) {
2016 rdev = __cfg80211_rdev_from_attrs(genl_info_net(info),
2017 info->attrs);
2018 if (IS_ERR(rdev))
2019 return PTR_ERR(rdev);
2020 wdev = NULL;
2021 netdev = NULL;
2022 result = 0;
2023 } else
2024 wdev = netdev->ieee80211_ptr;
2025
2026 /*
2027 * end workaround code, by now the rdev is available
2028 * and locked, and wdev may or may not be NULL.
2029 */
2030
2031 if (info->attrs[NL80211_ATTR_WIPHY_NAME])
2032 result = cfg80211_dev_rename(
2033 rdev, nla_data(info->attrs[NL80211_ATTR_WIPHY_NAME]));
2034
2035 if (result)
2036 return result;
2037
2038 if (info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS]) {
2039 struct ieee80211_txq_params txq_params;
2040 struct nlattr *tb[NL80211_TXQ_ATTR_MAX + 1];
2041
2042 if (!rdev->ops->set_txq_params)
2043 return -EOPNOTSUPP;
2044
2045 if (!netdev)
2046 return -EINVAL;
2047
2048 if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
2049 netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
2050 return -EINVAL;
2051
2052 if (!netif_running(netdev))
2053 return -ENETDOWN;
2054
2055 nla_for_each_nested(nl_txq_params,
2056 info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS],
2057 rem_txq_params) {
2058 result = nla_parse(tb, NL80211_TXQ_ATTR_MAX,
2059 nla_data(nl_txq_params),
2060 nla_len(nl_txq_params),
2061 txq_params_policy);
2062 if (result)
2063 return result;
2064 result = parse_txq_params(tb, &txq_params);
2065 if (result)
2066 return result;
2067
2068 result = rdev_set_txq_params(rdev, netdev,
2069 &txq_params);
2070 if (result)
2071 return result;
2072 }
2073 }
2074
2075 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
2076 result = __nl80211_set_channel(rdev,
2077 nl80211_can_set_dev_channel(wdev) ? wdev : NULL,
2078 info);
2079 if (result)
2080 return result;
2081 }
2082
2083 if (info->attrs[NL80211_ATTR_WIPHY_TX_POWER_SETTING]) {
2084 struct wireless_dev *txp_wdev = wdev;
2085 enum nl80211_tx_power_setting type;
2086 int idx, mbm = 0;
2087
2088 if (!(rdev->wiphy.features & NL80211_FEATURE_VIF_TXPOWER))
2089 txp_wdev = NULL;
2090
2091 if (!rdev->ops->set_tx_power)
2092 return -EOPNOTSUPP;
2093
2094 idx = NL80211_ATTR_WIPHY_TX_POWER_SETTING;
2095 type = nla_get_u32(info->attrs[idx]);
2096
2097 if (!info->attrs[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] &&
2098 (type != NL80211_TX_POWER_AUTOMATIC))
2099 return -EINVAL;
2100
2101 if (type != NL80211_TX_POWER_AUTOMATIC) {
2102 idx = NL80211_ATTR_WIPHY_TX_POWER_LEVEL;
2103 mbm = nla_get_u32(info->attrs[idx]);
2104 }
2105
2106 result = rdev_set_tx_power(rdev, txp_wdev, type, mbm);
2107 if (result)
2108 return result;
2109 }
2110
2111 if (info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX] &&
2112 info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]) {
2113 u32 tx_ant, rx_ant;
2114 if ((!rdev->wiphy.available_antennas_tx &&
2115 !rdev->wiphy.available_antennas_rx) ||
2116 !rdev->ops->set_antenna)
2117 return -EOPNOTSUPP;
2118
2119 tx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX]);
2120 rx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]);
2121
2122 /* reject antenna configurations which don't match the
2123 * available antenna masks, except for the "all" mask */
2124 if ((~tx_ant && (tx_ant & ~rdev->wiphy.available_antennas_tx)) ||
2125 (~rx_ant && (rx_ant & ~rdev->wiphy.available_antennas_rx)))
2126 return -EINVAL;
2127
2128 tx_ant = tx_ant & rdev->wiphy.available_antennas_tx;
2129 rx_ant = rx_ant & rdev->wiphy.available_antennas_rx;
2130
2131 result = rdev_set_antenna(rdev, tx_ant, rx_ant);
2132 if (result)
2133 return result;
2134 }
2135
2136 changed = 0;
2137
2138 if (info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]) {
2139 retry_short = nla_get_u8(
2140 info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]);
2141 if (retry_short == 0)
2142 return -EINVAL;
2143
2144 changed |= WIPHY_PARAM_RETRY_SHORT;
2145 }
2146
2147 if (info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]) {
2148 retry_long = nla_get_u8(
2149 info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]);
2150 if (retry_long == 0)
2151 return -EINVAL;
2152
2153 changed |= WIPHY_PARAM_RETRY_LONG;
2154 }
2155
2156 if (info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]) {
2157 frag_threshold = nla_get_u32(
2158 info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]);
2159 if (frag_threshold < 256)
2160 return -EINVAL;
2161
2162 if (frag_threshold != (u32) -1) {
2163 /*
2164 * Fragments (apart from the last one) are required to
2165 * have even length. Make the fragmentation code
2166 * simpler by stripping LSB should someone try to use
2167 * odd threshold value.
2168 */
2169 frag_threshold &= ~0x1;
2170 }
2171 changed |= WIPHY_PARAM_FRAG_THRESHOLD;
2172 }
2173
2174 if (info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]) {
2175 rts_threshold = nla_get_u32(
2176 info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]);
2177 changed |= WIPHY_PARAM_RTS_THRESHOLD;
2178 }
2179
2180 if (info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]) {
2181 coverage_class = nla_get_u8(
2182 info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]);
2183 changed |= WIPHY_PARAM_COVERAGE_CLASS;
2184 }
2185
2186 if (changed) {
2187 u8 old_retry_short, old_retry_long;
2188 u32 old_frag_threshold, old_rts_threshold;
2189 u8 old_coverage_class;
2190
2191 if (!rdev->ops->set_wiphy_params)
2192 return -EOPNOTSUPP;
2193
2194 old_retry_short = rdev->wiphy.retry_short;
2195 old_retry_long = rdev->wiphy.retry_long;
2196 old_frag_threshold = rdev->wiphy.frag_threshold;
2197 old_rts_threshold = rdev->wiphy.rts_threshold;
2198 old_coverage_class = rdev->wiphy.coverage_class;
2199
2200 if (changed & WIPHY_PARAM_RETRY_SHORT)
2201 rdev->wiphy.retry_short = retry_short;
2202 if (changed & WIPHY_PARAM_RETRY_LONG)
2203 rdev->wiphy.retry_long = retry_long;
2204 if (changed & WIPHY_PARAM_FRAG_THRESHOLD)
2205 rdev->wiphy.frag_threshold = frag_threshold;
2206 if (changed & WIPHY_PARAM_RTS_THRESHOLD)
2207 rdev->wiphy.rts_threshold = rts_threshold;
2208 if (changed & WIPHY_PARAM_COVERAGE_CLASS)
2209 rdev->wiphy.coverage_class = coverage_class;
2210
2211 result = rdev_set_wiphy_params(rdev, changed);
2212 if (result) {
2213 rdev->wiphy.retry_short = old_retry_short;
2214 rdev->wiphy.retry_long = old_retry_long;
2215 rdev->wiphy.frag_threshold = old_frag_threshold;
2216 rdev->wiphy.rts_threshold = old_rts_threshold;
2217 rdev->wiphy.coverage_class = old_coverage_class;
2218 }
2219 }
2220 return 0;
2221 }
2222
2223 static inline u64 wdev_id(struct wireless_dev *wdev)
2224 {
2225 return (u64)wdev->identifier |
2226 ((u64)wiphy_to_dev(wdev->wiphy)->wiphy_idx << 32);
2227 }
2228
2229 static int nl80211_send_chandef(struct sk_buff *msg,
2230 const struct cfg80211_chan_def *chandef)
2231 {
2232 WARN_ON(!cfg80211_chandef_valid(chandef));
2233
2234 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ,
2235 chandef->chan->center_freq))
2236 return -ENOBUFS;
2237 switch (chandef->width) {
2238 case NL80211_CHAN_WIDTH_20_NOHT:
2239 case NL80211_CHAN_WIDTH_20:
2240 case NL80211_CHAN_WIDTH_40:
2241 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
2242 cfg80211_get_chandef_type(chandef)))
2243 return -ENOBUFS;
2244 break;
2245 default:
2246 break;
2247 }
2248 if (nla_put_u32(msg, NL80211_ATTR_CHANNEL_WIDTH, chandef->width))
2249 return -ENOBUFS;
2250 if (nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ1, chandef->center_freq1))
2251 return -ENOBUFS;
2252 if (chandef->center_freq2 &&
2253 nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ2, chandef->center_freq2))
2254 return -ENOBUFS;
2255 return 0;
2256 }
2257
2258 static int nl80211_send_iface(struct sk_buff *msg, u32 portid, u32 seq, int flags,
2259 struct cfg80211_registered_device *rdev,
2260 struct wireless_dev *wdev)
2261 {
2262 struct net_device *dev = wdev->netdev;
2263 void *hdr;
2264
2265 hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_INTERFACE);
2266 if (!hdr)
2267 return -1;
2268
2269 if (dev &&
2270 (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
2271 nla_put_string(msg, NL80211_ATTR_IFNAME, dev->name)))
2272 goto nla_put_failure;
2273
2274 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
2275 nla_put_u32(msg, NL80211_ATTR_IFTYPE, wdev->iftype) ||
2276 nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)) ||
2277 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, wdev_address(wdev)) ||
2278 nla_put_u32(msg, NL80211_ATTR_GENERATION,
2279 rdev->devlist_generation ^
2280 (cfg80211_rdev_list_generation << 2)))
2281 goto nla_put_failure;
2282
2283 if (rdev->ops->get_channel) {
2284 int ret;
2285 struct cfg80211_chan_def chandef;
2286
2287 ret = rdev_get_channel(rdev, wdev, &chandef);
2288 if (ret == 0) {
2289 if (nl80211_send_chandef(msg, &chandef))
2290 goto nla_put_failure;
2291 }
2292 }
2293
2294 if (wdev->ssid_len) {
2295 if (nla_put(msg, NL80211_ATTR_SSID, wdev->ssid_len, wdev->ssid))
2296 goto nla_put_failure;
2297 }
2298
2299 return genlmsg_end(msg, hdr);
2300
2301 nla_put_failure:
2302 genlmsg_cancel(msg, hdr);
2303 return -EMSGSIZE;
2304 }
2305
2306 static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *cb)
2307 {
2308 int wp_idx = 0;
2309 int if_idx = 0;
2310 int wp_start = cb->args[0];
2311 int if_start = cb->args[1];
2312 struct cfg80211_registered_device *rdev;
2313 struct wireless_dev *wdev;
2314
2315 rtnl_lock();
2316 list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
2317 if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
2318 continue;
2319 if (wp_idx < wp_start) {
2320 wp_idx++;
2321 continue;
2322 }
2323 if_idx = 0;
2324
2325 list_for_each_entry(wdev, &rdev->wdev_list, list) {
2326 if (if_idx < if_start) {
2327 if_idx++;
2328 continue;
2329 }
2330 if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).portid,
2331 cb->nlh->nlmsg_seq, NLM_F_MULTI,
2332 rdev, wdev) < 0) {
2333 goto out;
2334 }
2335 if_idx++;
2336 }
2337
2338 wp_idx++;
2339 }
2340 out:
2341 rtnl_unlock();
2342
2343 cb->args[0] = wp_idx;
2344 cb->args[1] = if_idx;
2345
2346 return skb->len;
2347 }
2348
2349 static int nl80211_get_interface(struct sk_buff *skb, struct genl_info *info)
2350 {
2351 struct sk_buff *msg;
2352 struct cfg80211_registered_device *dev = info->user_ptr[0];
2353 struct wireless_dev *wdev = info->user_ptr[1];
2354
2355 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2356 if (!msg)
2357 return -ENOMEM;
2358
2359 if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
2360 dev, wdev) < 0) {
2361 nlmsg_free(msg);
2362 return -ENOBUFS;
2363 }
2364
2365 return genlmsg_reply(msg, info);
2366 }
2367
2368 static const struct nla_policy mntr_flags_policy[NL80211_MNTR_FLAG_MAX + 1] = {
2369 [NL80211_MNTR_FLAG_FCSFAIL] = { .type = NLA_FLAG },
2370 [NL80211_MNTR_FLAG_PLCPFAIL] = { .type = NLA_FLAG },
2371 [NL80211_MNTR_FLAG_CONTROL] = { .type = NLA_FLAG },
2372 [NL80211_MNTR_FLAG_OTHER_BSS] = { .type = NLA_FLAG },
2373 [NL80211_MNTR_FLAG_COOK_FRAMES] = { .type = NLA_FLAG },
2374 [NL80211_MNTR_FLAG_ACTIVE] = { .type = NLA_FLAG },
2375 };
2376
2377 static int parse_monitor_flags(struct nlattr *nla, u32 *mntrflags)
2378 {
2379 struct nlattr *flags[NL80211_MNTR_FLAG_MAX + 1];
2380 int flag;
2381
2382 *mntrflags = 0;
2383
2384 if (!nla)
2385 return -EINVAL;
2386
2387 if (nla_parse_nested(flags, NL80211_MNTR_FLAG_MAX,
2388 nla, mntr_flags_policy))
2389 return -EINVAL;
2390
2391 for (flag = 1; flag <= NL80211_MNTR_FLAG_MAX; flag++)
2392 if (flags[flag])
2393 *mntrflags |= (1<<flag);
2394
2395 return 0;
2396 }
2397
2398 static int nl80211_valid_4addr(struct cfg80211_registered_device *rdev,
2399 struct net_device *netdev, u8 use_4addr,
2400 enum nl80211_iftype iftype)
2401 {
2402 if (!use_4addr) {
2403 if (netdev && (netdev->priv_flags & IFF_BRIDGE_PORT))
2404 return -EBUSY;
2405 return 0;
2406 }
2407
2408 switch (iftype) {
2409 case NL80211_IFTYPE_AP_VLAN:
2410 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_AP)
2411 return 0;
2412 break;
2413 case NL80211_IFTYPE_STATION:
2414 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_STATION)
2415 return 0;
2416 break;
2417 default:
2418 break;
2419 }
2420
2421 return -EOPNOTSUPP;
2422 }
2423
2424 static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info)
2425 {
2426 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2427 struct vif_params params;
2428 int err;
2429 enum nl80211_iftype otype, ntype;
2430 struct net_device *dev = info->user_ptr[1];
2431 u32 _flags, *flags = NULL;
2432 bool change = false;
2433
2434 memset(&params, 0, sizeof(params));
2435
2436 otype = ntype = dev->ieee80211_ptr->iftype;
2437
2438 if (info->attrs[NL80211_ATTR_IFTYPE]) {
2439 ntype = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
2440 if (otype != ntype)
2441 change = true;
2442 if (ntype > NL80211_IFTYPE_MAX)
2443 return -EINVAL;
2444 }
2445
2446 if (info->attrs[NL80211_ATTR_MESH_ID]) {
2447 struct wireless_dev *wdev = dev->ieee80211_ptr;
2448
2449 if (ntype != NL80211_IFTYPE_MESH_POINT)
2450 return -EINVAL;
2451 if (netif_running(dev))
2452 return -EBUSY;
2453
2454 wdev_lock(wdev);
2455 BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
2456 IEEE80211_MAX_MESH_ID_LEN);
2457 wdev->mesh_id_up_len =
2458 nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
2459 memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
2460 wdev->mesh_id_up_len);
2461 wdev_unlock(wdev);
2462 }
2463
2464 if (info->attrs[NL80211_ATTR_4ADDR]) {
2465 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
2466 change = true;
2467 err = nl80211_valid_4addr(rdev, dev, params.use_4addr, ntype);
2468 if (err)
2469 return err;
2470 } else {
2471 params.use_4addr = -1;
2472 }
2473
2474 if (info->attrs[NL80211_ATTR_MNTR_FLAGS]) {
2475 if (ntype != NL80211_IFTYPE_MONITOR)
2476 return -EINVAL;
2477 err = parse_monitor_flags(info->attrs[NL80211_ATTR_MNTR_FLAGS],
2478 &_flags);
2479 if (err)
2480 return err;
2481
2482 flags = &_flags;
2483 change = true;
2484 }
2485
2486 if (flags && (*flags & MONITOR_FLAG_ACTIVE) &&
2487 !(rdev->wiphy.features & NL80211_FEATURE_ACTIVE_MONITOR))
2488 return -EOPNOTSUPP;
2489
2490 if (change)
2491 err = cfg80211_change_iface(rdev, dev, ntype, flags, &params);
2492 else
2493 err = 0;
2494
2495 if (!err && params.use_4addr != -1)
2496 dev->ieee80211_ptr->use_4addr = params.use_4addr;
2497
2498 return err;
2499 }
2500
2501 static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info)
2502 {
2503 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2504 struct vif_params params;
2505 struct wireless_dev *wdev;
2506 struct sk_buff *msg;
2507 int err;
2508 enum nl80211_iftype type = NL80211_IFTYPE_UNSPECIFIED;
2509 u32 flags;
2510
2511 memset(&params, 0, sizeof(params));
2512
2513 if (!info->attrs[NL80211_ATTR_IFNAME])
2514 return -EINVAL;
2515
2516 if (info->attrs[NL80211_ATTR_IFTYPE]) {
2517 type = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
2518 if (type > NL80211_IFTYPE_MAX)
2519 return -EINVAL;
2520 }
2521
2522 if (!rdev->ops->add_virtual_intf ||
2523 !(rdev->wiphy.interface_modes & (1 << type)))
2524 return -EOPNOTSUPP;
2525
2526 if (type == NL80211_IFTYPE_P2P_DEVICE && info->attrs[NL80211_ATTR_MAC]) {
2527 nla_memcpy(params.macaddr, info->attrs[NL80211_ATTR_MAC],
2528 ETH_ALEN);
2529 if (!is_valid_ether_addr(params.macaddr))
2530 return -EADDRNOTAVAIL;
2531 }
2532
2533 if (info->attrs[NL80211_ATTR_4ADDR]) {
2534 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
2535 err = nl80211_valid_4addr(rdev, NULL, params.use_4addr, type);
2536 if (err)
2537 return err;
2538 }
2539
2540 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2541 if (!msg)
2542 return -ENOMEM;
2543
2544 err = parse_monitor_flags(type == NL80211_IFTYPE_MONITOR ?
2545 info->attrs[NL80211_ATTR_MNTR_FLAGS] : NULL,
2546 &flags);
2547
2548 if (!err && (flags & MONITOR_FLAG_ACTIVE) &&
2549 !(rdev->wiphy.features & NL80211_FEATURE_ACTIVE_MONITOR))
2550 return -EOPNOTSUPP;
2551
2552 wdev = rdev_add_virtual_intf(rdev,
2553 nla_data(info->attrs[NL80211_ATTR_IFNAME]),
2554 type, err ? NULL : &flags, &params);
2555 if (IS_ERR(wdev)) {
2556 nlmsg_free(msg);
2557 return PTR_ERR(wdev);
2558 }
2559
2560 switch (type) {
2561 case NL80211_IFTYPE_MESH_POINT:
2562 if (!info->attrs[NL80211_ATTR_MESH_ID])
2563 break;
2564 wdev_lock(wdev);
2565 BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
2566 IEEE80211_MAX_MESH_ID_LEN);
2567 wdev->mesh_id_up_len =
2568 nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
2569 memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
2570 wdev->mesh_id_up_len);
2571 wdev_unlock(wdev);
2572 break;
2573 case NL80211_IFTYPE_P2P_DEVICE:
2574 /*
2575 * P2P Device doesn't have a netdev, so doesn't go
2576 * through the netdev notifier and must be added here
2577 */
2578 mutex_init(&wdev->mtx);
2579 INIT_LIST_HEAD(&wdev->event_list);
2580 spin_lock_init(&wdev->event_lock);
2581 INIT_LIST_HEAD(&wdev->mgmt_registrations);
2582 spin_lock_init(&wdev->mgmt_registrations_lock);
2583
2584 wdev->identifier = ++rdev->wdev_id;
2585 list_add_rcu(&wdev->list, &rdev->wdev_list);
2586 rdev->devlist_generation++;
2587 break;
2588 default:
2589 break;
2590 }
2591
2592 if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
2593 rdev, wdev) < 0) {
2594 nlmsg_free(msg);
2595 return -ENOBUFS;
2596 }
2597
2598 return genlmsg_reply(msg, info);
2599 }
2600
2601 static int nl80211_del_interface(struct sk_buff *skb, struct genl_info *info)
2602 {
2603 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2604 struct wireless_dev *wdev = info->user_ptr[1];
2605
2606 if (!rdev->ops->del_virtual_intf)
2607 return -EOPNOTSUPP;
2608
2609 /*
2610 * If we remove a wireless device without a netdev then clear
2611 * user_ptr[1] so that nl80211_post_doit won't dereference it
2612 * to check if it needs to do dev_put(). Otherwise it crashes
2613 * since the wdev has been freed, unlike with a netdev where
2614 * we need the dev_put() for the netdev to really be freed.
2615 */
2616 if (!wdev->netdev)
2617 info->user_ptr[1] = NULL;
2618
2619 return rdev_del_virtual_intf(rdev, wdev);
2620 }
2621
2622 static int nl80211_set_noack_map(struct sk_buff *skb, struct genl_info *info)
2623 {
2624 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2625 struct net_device *dev = info->user_ptr[1];
2626 u16 noack_map;
2627
2628 if (!info->attrs[NL80211_ATTR_NOACK_MAP])
2629 return -EINVAL;
2630
2631 if (!rdev->ops->set_noack_map)
2632 return -EOPNOTSUPP;
2633
2634 noack_map = nla_get_u16(info->attrs[NL80211_ATTR_NOACK_MAP]);
2635
2636 return rdev_set_noack_map(rdev, dev, noack_map);
2637 }
2638
2639 struct get_key_cookie {
2640 struct sk_buff *msg;
2641 int error;
2642 int idx;
2643 };
2644
2645 static void get_key_callback(void *c, struct key_params *params)
2646 {
2647 struct nlattr *key;
2648 struct get_key_cookie *cookie = c;
2649
2650 if ((params->key &&
2651 nla_put(cookie->msg, NL80211_ATTR_KEY_DATA,
2652 params->key_len, params->key)) ||
2653 (params->seq &&
2654 nla_put(cookie->msg, NL80211_ATTR_KEY_SEQ,
2655 params->seq_len, params->seq)) ||
2656 (params->cipher &&
2657 nla_put_u32(cookie->msg, NL80211_ATTR_KEY_CIPHER,
2658 params->cipher)))
2659 goto nla_put_failure;
2660
2661 key = nla_nest_start(cookie->msg, NL80211_ATTR_KEY);
2662 if (!key)
2663 goto nla_put_failure;
2664
2665 if ((params->key &&
2666 nla_put(cookie->msg, NL80211_KEY_DATA,
2667 params->key_len, params->key)) ||
2668 (params->seq &&
2669 nla_put(cookie->msg, NL80211_KEY_SEQ,
2670 params->seq_len, params->seq)) ||
2671 (params->cipher &&
2672 nla_put_u32(cookie->msg, NL80211_KEY_CIPHER,
2673 params->cipher)))
2674 goto nla_put_failure;
2675
2676 if (nla_put_u8(cookie->msg, NL80211_ATTR_KEY_IDX, cookie->idx))
2677 goto nla_put_failure;
2678
2679 nla_nest_end(cookie->msg, key);
2680
2681 return;
2682 nla_put_failure:
2683 cookie->error = 1;
2684 }
2685
2686 static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info)
2687 {
2688 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2689 int err;
2690 struct net_device *dev = info->user_ptr[1];
2691 u8 key_idx = 0;
2692 const u8 *mac_addr = NULL;
2693 bool pairwise;
2694 struct get_key_cookie cookie = {
2695 .error = 0,
2696 };
2697 void *hdr;
2698 struct sk_buff *msg;
2699
2700 if (info->attrs[NL80211_ATTR_KEY_IDX])
2701 key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
2702
2703 if (key_idx > 5)
2704 return -EINVAL;
2705
2706 if (info->attrs[NL80211_ATTR_MAC])
2707 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2708
2709 pairwise = !!mac_addr;
2710 if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
2711 u32 kt = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
2712 if (kt >= NUM_NL80211_KEYTYPES)
2713 return -EINVAL;
2714 if (kt != NL80211_KEYTYPE_GROUP &&
2715 kt != NL80211_KEYTYPE_PAIRWISE)
2716 return -EINVAL;
2717 pairwise = kt == NL80211_KEYTYPE_PAIRWISE;
2718 }
2719
2720 if (!rdev->ops->get_key)
2721 return -EOPNOTSUPP;
2722
2723 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2724 if (!msg)
2725 return -ENOMEM;
2726
2727 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
2728 NL80211_CMD_NEW_KEY);
2729 if (!hdr)
2730 goto nla_put_failure;
2731
2732 cookie.msg = msg;
2733 cookie.idx = key_idx;
2734
2735 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
2736 nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_idx))
2737 goto nla_put_failure;
2738 if (mac_addr &&
2739 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr))
2740 goto nla_put_failure;
2741
2742 if (pairwise && mac_addr &&
2743 !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
2744 return -ENOENT;
2745
2746 err = rdev_get_key(rdev, dev, key_idx, pairwise, mac_addr, &cookie,
2747 get_key_callback);
2748
2749 if (err)
2750 goto free_msg;
2751
2752 if (cookie.error)
2753 goto nla_put_failure;
2754
2755 genlmsg_end(msg, hdr);
2756 return genlmsg_reply(msg, info);
2757
2758 nla_put_failure:
2759 err = -ENOBUFS;
2760 free_msg:
2761 nlmsg_free(msg);
2762 return err;
2763 }
2764
2765 static int nl80211_set_key(struct sk_buff *skb, struct genl_info *info)
2766 {
2767 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2768 struct key_parse key;
2769 int err;
2770 struct net_device *dev = info->user_ptr[1];
2771
2772 err = nl80211_parse_key(info, &key);
2773 if (err)
2774 return err;
2775
2776 if (key.idx < 0)
2777 return -EINVAL;
2778
2779 /* only support setting default key */
2780 if (!key.def && !key.defmgmt)
2781 return -EINVAL;
2782
2783 wdev_lock(dev->ieee80211_ptr);
2784
2785 if (key.def) {
2786 if (!rdev->ops->set_default_key) {
2787 err = -EOPNOTSUPP;
2788 goto out;
2789 }
2790
2791 err = nl80211_key_allowed(dev->ieee80211_ptr);
2792 if (err)
2793 goto out;
2794
2795 err = rdev_set_default_key(rdev, dev, key.idx,
2796 key.def_uni, key.def_multi);
2797
2798 if (err)
2799 goto out;
2800
2801 #ifdef CONFIG_CFG80211_WEXT
2802 dev->ieee80211_ptr->wext.default_key = key.idx;
2803 #endif
2804 } else {
2805 if (key.def_uni || !key.def_multi) {
2806 err = -EINVAL;
2807 goto out;
2808 }
2809
2810 if (!rdev->ops->set_default_mgmt_key) {
2811 err = -EOPNOTSUPP;
2812 goto out;
2813 }
2814
2815 err = nl80211_key_allowed(dev->ieee80211_ptr);
2816 if (err)
2817 goto out;
2818
2819 err = rdev_set_default_mgmt_key(rdev, dev, key.idx);
2820 if (err)
2821 goto out;
2822
2823 #ifdef CONFIG_CFG80211_WEXT
2824 dev->ieee80211_ptr->wext.default_mgmt_key = key.idx;
2825 #endif
2826 }
2827
2828 out:
2829 wdev_unlock(dev->ieee80211_ptr);
2830
2831 return err;
2832 }
2833
2834 static int nl80211_new_key(struct sk_buff *skb, struct genl_info *info)
2835 {
2836 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2837 int err;
2838 struct net_device *dev = info->user_ptr[1];
2839 struct key_parse key;
2840 const u8 *mac_addr = NULL;
2841
2842 err = nl80211_parse_key(info, &key);
2843 if (err)
2844 return err;
2845
2846 if (!key.p.key)
2847 return -EINVAL;
2848
2849 if (info->attrs[NL80211_ATTR_MAC])
2850 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2851
2852 if (key.type == -1) {
2853 if (mac_addr)
2854 key.type = NL80211_KEYTYPE_PAIRWISE;
2855 else
2856 key.type = NL80211_KEYTYPE_GROUP;
2857 }
2858
2859 /* for now */
2860 if (key.type != NL80211_KEYTYPE_PAIRWISE &&
2861 key.type != NL80211_KEYTYPE_GROUP)
2862 return -EINVAL;
2863
2864 if (!rdev->ops->add_key)
2865 return -EOPNOTSUPP;
2866
2867 if (cfg80211_validate_key_settings(rdev, &key.p, key.idx,
2868 key.type == NL80211_KEYTYPE_PAIRWISE,
2869 mac_addr))
2870 return -EINVAL;
2871
2872 wdev_lock(dev->ieee80211_ptr);
2873 err = nl80211_key_allowed(dev->ieee80211_ptr);
2874 if (!err)
2875 err = rdev_add_key(rdev, dev, key.idx,
2876 key.type == NL80211_KEYTYPE_PAIRWISE,
2877 mac_addr, &key.p);
2878 wdev_unlock(dev->ieee80211_ptr);
2879
2880 return err;
2881 }
2882
2883 static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info)
2884 {
2885 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2886 int err;
2887 struct net_device *dev = info->user_ptr[1];
2888 u8 *mac_addr = NULL;
2889 struct key_parse key;
2890
2891 err = nl80211_parse_key(info, &key);
2892 if (err)
2893 return err;
2894
2895 if (info->attrs[NL80211_ATTR_MAC])
2896 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2897
2898 if (key.type == -1) {
2899 if (mac_addr)
2900 key.type = NL80211_KEYTYPE_PAIRWISE;
2901 else
2902 key.type = NL80211_KEYTYPE_GROUP;
2903 }
2904
2905 /* for now */
2906 if (key.type != NL80211_KEYTYPE_PAIRWISE &&
2907 key.type != NL80211_KEYTYPE_GROUP)
2908 return -EINVAL;
2909
2910 if (!rdev->ops->del_key)
2911 return -EOPNOTSUPP;
2912
2913 wdev_lock(dev->ieee80211_ptr);
2914 err = nl80211_key_allowed(dev->ieee80211_ptr);
2915
2916 if (key.type == NL80211_KEYTYPE_PAIRWISE && mac_addr &&
2917 !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
2918 err = -ENOENT;
2919
2920 if (!err)
2921 err = rdev_del_key(rdev, dev, key.idx,
2922 key.type == NL80211_KEYTYPE_PAIRWISE,
2923 mac_addr);
2924
2925 #ifdef CONFIG_CFG80211_WEXT
2926 if (!err) {
2927 if (key.idx == dev->ieee80211_ptr->wext.default_key)
2928 dev->ieee80211_ptr->wext.default_key = -1;
2929 else if (key.idx == dev->ieee80211_ptr->wext.default_mgmt_key)
2930 dev->ieee80211_ptr->wext.default_mgmt_key = -1;
2931 }
2932 #endif
2933 wdev_unlock(dev->ieee80211_ptr);
2934
2935 return err;
2936 }
2937
2938 /* This function returns an error or the number of nested attributes */
2939 static int validate_acl_mac_addrs(struct nlattr *nl_attr)
2940 {
2941 struct nlattr *attr;
2942 int n_entries = 0, tmp;
2943
2944 nla_for_each_nested(attr, nl_attr, tmp) {
2945 if (nla_len(attr) != ETH_ALEN)
2946 return -EINVAL;
2947
2948 n_entries++;
2949 }
2950
2951 return n_entries;
2952 }
2953
2954 /*
2955 * This function parses ACL information and allocates memory for ACL data.
2956 * On successful return, the calling function is responsible to free the
2957 * ACL buffer returned by this function.
2958 */
2959 static struct cfg80211_acl_data *parse_acl_data(struct wiphy *wiphy,
2960 struct genl_info *info)
2961 {
2962 enum nl80211_acl_policy acl_policy;
2963 struct nlattr *attr;
2964 struct cfg80211_acl_data *acl;
2965 int i = 0, n_entries, tmp;
2966
2967 if (!wiphy->max_acl_mac_addrs)
2968 return ERR_PTR(-EOPNOTSUPP);
2969
2970 if (!info->attrs[NL80211_ATTR_ACL_POLICY])
2971 return ERR_PTR(-EINVAL);
2972
2973 acl_policy = nla_get_u32(info->attrs[NL80211_ATTR_ACL_POLICY]);
2974 if (acl_policy != NL80211_ACL_POLICY_ACCEPT_UNLESS_LISTED &&
2975 acl_policy != NL80211_ACL_POLICY_DENY_UNLESS_LISTED)
2976 return ERR_PTR(-EINVAL);
2977
2978 if (!info->attrs[NL80211_ATTR_MAC_ADDRS])
2979 return ERR_PTR(-EINVAL);
2980
2981 n_entries = validate_acl_mac_addrs(info->attrs[NL80211_ATTR_MAC_ADDRS]);
2982 if (n_entries < 0)
2983 return ERR_PTR(n_entries);
2984
2985 if (n_entries > wiphy->max_acl_mac_addrs)
2986 return ERR_PTR(-ENOTSUPP);
2987
2988 acl = kzalloc(sizeof(*acl) + (sizeof(struct mac_address) * n_entries),
2989 GFP_KERNEL);
2990 if (!acl)
2991 return ERR_PTR(-ENOMEM);
2992
2993 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_MAC_ADDRS], tmp) {
2994 memcpy(acl->mac_addrs[i].addr, nla_data(attr), ETH_ALEN);
2995 i++;
2996 }
2997
2998 acl->n_acl_entries = n_entries;
2999 acl->acl_policy = acl_policy;
3000
3001 return acl;
3002 }
3003
3004 static int nl80211_set_mac_acl(struct sk_buff *skb, struct genl_info *info)
3005 {
3006 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3007 struct net_device *dev = info->user_ptr[1];
3008 struct cfg80211_acl_data *acl;
3009 int err;
3010
3011 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
3012 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3013 return -EOPNOTSUPP;
3014
3015 if (!dev->ieee80211_ptr->beacon_interval)
3016 return -EINVAL;
3017
3018 acl = parse_acl_data(&rdev->wiphy, info);
3019 if (IS_ERR(acl))
3020 return PTR_ERR(acl);
3021
3022 err = rdev_set_mac_acl(rdev, dev, acl);
3023
3024 kfree(acl);
3025
3026 return err;
3027 }
3028
3029 static int nl80211_parse_beacon(struct nlattr *attrs[],
3030 struct cfg80211_beacon_data *bcn)
3031 {
3032 bool haveinfo = false;
3033
3034 if (!is_valid_ie_attr(attrs[NL80211_ATTR_BEACON_TAIL]) ||
3035 !is_valid_ie_attr(attrs[NL80211_ATTR_IE]) ||
3036 !is_valid_ie_attr(attrs[NL80211_ATTR_IE_PROBE_RESP]) ||
3037 !is_valid_ie_attr(attrs[NL80211_ATTR_IE_ASSOC_RESP]))
3038 return -EINVAL;
3039
3040 memset(bcn, 0, sizeof(*bcn));
3041
3042 if (attrs[NL80211_ATTR_BEACON_HEAD]) {
3043 bcn->head = nla_data(attrs[NL80211_ATTR_BEACON_HEAD]);
3044 bcn->head_len = nla_len(attrs[NL80211_ATTR_BEACON_HEAD]);
3045 if (!bcn->head_len)
3046 return -EINVAL;
3047 haveinfo = true;
3048 }
3049
3050 if (attrs[NL80211_ATTR_BEACON_TAIL]) {
3051 bcn->tail = nla_data(attrs[NL80211_ATTR_BEACON_TAIL]);
3052 bcn->tail_len = nla_len(attrs[NL80211_ATTR_BEACON_TAIL]);
3053 haveinfo = true;
3054 }
3055
3056 if (!haveinfo)
3057 return -EINVAL;
3058
3059 if (attrs[NL80211_ATTR_IE]) {
3060 bcn->beacon_ies = nla_data(attrs[NL80211_ATTR_IE]);
3061 bcn->beacon_ies_len = nla_len(attrs[NL80211_ATTR_IE]);
3062 }
3063
3064 if (attrs[NL80211_ATTR_IE_PROBE_RESP]) {
3065 bcn->proberesp_ies =
3066 nla_data(attrs[NL80211_ATTR_IE_PROBE_RESP]);
3067 bcn->proberesp_ies_len =
3068 nla_len(attrs[NL80211_ATTR_IE_PROBE_RESP]);
3069 }
3070
3071 if (attrs[NL80211_ATTR_IE_ASSOC_RESP]) {
3072 bcn->assocresp_ies =
3073 nla_data(attrs[NL80211_ATTR_IE_ASSOC_RESP]);
3074 bcn->assocresp_ies_len =
3075 nla_len(attrs[NL80211_ATTR_IE_ASSOC_RESP]);
3076 }
3077
3078 if (attrs[NL80211_ATTR_PROBE_RESP]) {
3079 bcn->probe_resp = nla_data(attrs[NL80211_ATTR_PROBE_RESP]);
3080 bcn->probe_resp_len = nla_len(attrs[NL80211_ATTR_PROBE_RESP]);
3081 }
3082
3083 return 0;
3084 }
3085
3086 static bool nl80211_get_ap_channel(struct cfg80211_registered_device *rdev,
3087 struct cfg80211_ap_settings *params)
3088 {
3089 struct wireless_dev *wdev;
3090 bool ret = false;
3091
3092 list_for_each_entry(wdev, &rdev->wdev_list, list) {
3093 if (wdev->iftype != NL80211_IFTYPE_AP &&
3094 wdev->iftype != NL80211_IFTYPE_P2P_GO)
3095 continue;
3096
3097 if (!wdev->preset_chandef.chan)
3098 continue;
3099
3100 params->chandef = wdev->preset_chandef;
3101 ret = true;
3102 break;
3103 }
3104
3105 return ret;
3106 }
3107
3108 static bool nl80211_valid_auth_type(struct cfg80211_registered_device *rdev,
3109 enum nl80211_auth_type auth_type,
3110 enum nl80211_commands cmd)
3111 {
3112 if (auth_type > NL80211_AUTHTYPE_MAX)
3113 return false;
3114
3115 switch (cmd) {
3116 case NL80211_CMD_AUTHENTICATE:
3117 if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) &&
3118 auth_type == NL80211_AUTHTYPE_SAE)
3119 return false;
3120 return true;
3121 case NL80211_CMD_CONNECT:
3122 case NL80211_CMD_START_AP:
3123 /* SAE not supported yet */
3124 if (auth_type == NL80211_AUTHTYPE_SAE)
3125 return false;
3126 return true;
3127 default:
3128 return false;
3129 }
3130 }
3131
3132 static int nl80211_start_ap(struct sk_buff *skb, struct genl_info *info)
3133 {
3134 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3135 struct net_device *dev = info->user_ptr[1];
3136 struct wireless_dev *wdev = dev->ieee80211_ptr;
3137 struct cfg80211_ap_settings params;
3138 int err;
3139 u8 radar_detect_width = 0;
3140
3141 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
3142 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3143 return -EOPNOTSUPP;
3144
3145 if (!rdev->ops->start_ap)
3146 return -EOPNOTSUPP;
3147
3148 if (wdev->beacon_interval)
3149 return -EALREADY;
3150
3151 memset(&params, 0, sizeof(params));
3152
3153 /* these are required for START_AP */
3154 if (!info->attrs[NL80211_ATTR_BEACON_INTERVAL] ||
3155 !info->attrs[NL80211_ATTR_DTIM_PERIOD] ||
3156 !info->attrs[NL80211_ATTR_BEACON_HEAD])
3157 return -EINVAL;
3158
3159 err = nl80211_parse_beacon(info->attrs, &params.beacon);
3160 if (err)
3161 return err;
3162
3163 params.beacon_interval =
3164 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
3165 params.dtim_period =
3166 nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
3167
3168 err = cfg80211_validate_beacon_int(rdev, params.beacon_interval);
3169 if (err)
3170 return err;
3171
3172 /*
3173 * In theory, some of these attributes should be required here
3174 * but since they were not used when the command was originally
3175 * added, keep them optional for old user space programs to let
3176 * them continue to work with drivers that do not need the
3177 * additional information -- drivers must check!
3178 */
3179 if (info->attrs[NL80211_ATTR_SSID]) {
3180 params.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
3181 params.ssid_len =
3182 nla_len(info->attrs[NL80211_ATTR_SSID]);
3183 if (params.ssid_len == 0 ||
3184 params.ssid_len > IEEE80211_MAX_SSID_LEN)
3185 return -EINVAL;
3186 }
3187
3188 if (info->attrs[NL80211_ATTR_HIDDEN_SSID]) {
3189 params.hidden_ssid = nla_get_u32(
3190 info->attrs[NL80211_ATTR_HIDDEN_SSID]);
3191 if (params.hidden_ssid != NL80211_HIDDEN_SSID_NOT_IN_USE &&
3192 params.hidden_ssid != NL80211_HIDDEN_SSID_ZERO_LEN &&
3193 params.hidden_ssid != NL80211_HIDDEN_SSID_ZERO_CONTENTS)
3194 return -EINVAL;
3195 }
3196
3197 params.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
3198
3199 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
3200 params.auth_type = nla_get_u32(
3201 info->attrs[NL80211_ATTR_AUTH_TYPE]);
3202 if (!nl80211_valid_auth_type(rdev, params.auth_type,
3203 NL80211_CMD_START_AP))
3204 return -EINVAL;
3205 } else
3206 params.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
3207
3208 err = nl80211_crypto_settings(rdev, info, &params.crypto,
3209 NL80211_MAX_NR_CIPHER_SUITES);
3210 if (err)
3211 return err;
3212
3213 if (info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]) {
3214 if (!(rdev->wiphy.features & NL80211_FEATURE_INACTIVITY_TIMER))
3215 return -EOPNOTSUPP;
3216 params.inactivity_timeout = nla_get_u16(
3217 info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]);
3218 }
3219
3220 if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
3221 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3222 return -EINVAL;
3223 params.p2p_ctwindow =
3224 nla_get_u8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
3225 if (params.p2p_ctwindow > 127)
3226 return -EINVAL;
3227 if (params.p2p_ctwindow != 0 &&
3228 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN))
3229 return -EINVAL;
3230 }
3231
3232 if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
3233 u8 tmp;
3234
3235 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3236 return -EINVAL;
3237 tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
3238 if (tmp > 1)
3239 return -EINVAL;
3240 params.p2p_opp_ps = tmp;
3241 if (params.p2p_opp_ps != 0 &&
3242 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS))
3243 return -EINVAL;
3244 }
3245
3246 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
3247 err = nl80211_parse_chandef(rdev, info, &params.chandef);
3248 if (err)
3249 return err;
3250 } else if (wdev->preset_chandef.chan) {
3251 params.chandef = wdev->preset_chandef;
3252 } else if (!nl80211_get_ap_channel(rdev, &params))
3253 return -EINVAL;
3254
3255 if (!cfg80211_reg_can_beacon(&rdev->wiphy, &params.chandef))
3256 return -EINVAL;
3257
3258 err = cfg80211_chandef_dfs_required(wdev->wiphy, &params.chandef);
3259 if (err < 0)
3260 return err;
3261 if (err) {
3262 radar_detect_width = BIT(params.chandef.width);
3263 params.radar_required = true;
3264 }
3265
3266 err = cfg80211_can_use_iftype_chan(rdev, wdev, wdev->iftype,
3267 params.chandef.chan,
3268 CHAN_MODE_SHARED,
3269 radar_detect_width);
3270 if (err)
3271 return err;
3272
3273 if (info->attrs[NL80211_ATTR_ACL_POLICY]) {
3274 params.acl = parse_acl_data(&rdev->wiphy, info);
3275 if (IS_ERR(params.acl))
3276 return PTR_ERR(params.acl);
3277 }
3278
3279 wdev_lock(wdev);
3280 err = rdev_start_ap(rdev, dev, &params);
3281 if (!err) {
3282 wdev->preset_chandef = params.chandef;
3283 wdev->beacon_interval = params.beacon_interval;
3284 wdev->channel = params.chandef.chan;
3285 wdev->ssid_len = params.ssid_len;
3286 memcpy(wdev->ssid, params.ssid, wdev->ssid_len);
3287 }
3288 wdev_unlock(wdev);
3289
3290 kfree(params.acl);
3291
3292 return err;
3293 }
3294
3295 static int nl80211_set_beacon(struct sk_buff *skb, struct genl_info *info)
3296 {
3297 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3298 struct net_device *dev = info->user_ptr[1];
3299 struct wireless_dev *wdev = dev->ieee80211_ptr;
3300 struct cfg80211_beacon_data params;
3301 int err;
3302
3303 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
3304 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3305 return -EOPNOTSUPP;
3306
3307 if (!rdev->ops->change_beacon)
3308 return -EOPNOTSUPP;
3309
3310 if (!wdev->beacon_interval)
3311 return -EINVAL;
3312
3313 err = nl80211_parse_beacon(info->attrs, &params);
3314 if (err)
3315 return err;
3316
3317 wdev_lock(wdev);
3318 err = rdev_change_beacon(rdev, dev, &params);
3319 wdev_unlock(wdev);
3320
3321 return err;
3322 }
3323
3324 static int nl80211_stop_ap(struct sk_buff *skb, struct genl_info *info)
3325 {
3326 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3327 struct net_device *dev = info->user_ptr[1];
3328
3329 return cfg80211_stop_ap(rdev, dev);
3330 }
3331
3332 static const struct nla_policy sta_flags_policy[NL80211_STA_FLAG_MAX + 1] = {
3333 [NL80211_STA_FLAG_AUTHORIZED] = { .type = NLA_FLAG },
3334 [NL80211_STA_FLAG_SHORT_PREAMBLE] = { .type = NLA_FLAG },
3335 [NL80211_STA_FLAG_WME] = { .type = NLA_FLAG },
3336 [NL80211_STA_FLAG_MFP] = { .type = NLA_FLAG },
3337 [NL80211_STA_FLAG_AUTHENTICATED] = { .type = NLA_FLAG },
3338 [NL80211_STA_FLAG_TDLS_PEER] = { .type = NLA_FLAG },
3339 };
3340
3341 static int parse_station_flags(struct genl_info *info,
3342 enum nl80211_iftype iftype,
3343 struct station_parameters *params)
3344 {
3345 struct nlattr *flags[NL80211_STA_FLAG_MAX + 1];
3346 struct nlattr *nla;
3347 int flag;
3348
3349 /*
3350 * Try parsing the new attribute first so userspace
3351 * can specify both for older kernels.
3352 */
3353 nla = info->attrs[NL80211_ATTR_STA_FLAGS2];
3354 if (nla) {
3355 struct nl80211_sta_flag_update *sta_flags;
3356
3357 sta_flags = nla_data(nla);
3358 params->sta_flags_mask = sta_flags->mask;
3359 params->sta_flags_set = sta_flags->set;
3360 params->sta_flags_set &= params->sta_flags_mask;
3361 if ((params->sta_flags_mask |
3362 params->sta_flags_set) & BIT(__NL80211_STA_FLAG_INVALID))
3363 return -EINVAL;
3364 return 0;
3365 }
3366
3367 /* if present, parse the old attribute */
3368
3369 nla = info->attrs[NL80211_ATTR_STA_FLAGS];
3370 if (!nla)
3371 return 0;
3372
3373 if (nla_parse_nested(flags, NL80211_STA_FLAG_MAX,
3374 nla, sta_flags_policy))
3375 return -EINVAL;
3376
3377 /*
3378 * Only allow certain flags for interface types so that
3379 * other attributes are silently ignored. Remember that
3380 * this is backward compatibility code with old userspace
3381 * and shouldn't be hit in other cases anyway.
3382 */
3383 switch (iftype) {
3384 case NL80211_IFTYPE_AP:
3385 case NL80211_IFTYPE_AP_VLAN:
3386 case NL80211_IFTYPE_P2P_GO:
3387 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
3388 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
3389 BIT(NL80211_STA_FLAG_WME) |
3390 BIT(NL80211_STA_FLAG_MFP);
3391 break;
3392 case NL80211_IFTYPE_P2P_CLIENT:
3393 case NL80211_IFTYPE_STATION:
3394 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
3395 BIT(NL80211_STA_FLAG_TDLS_PEER);
3396 break;
3397 case NL80211_IFTYPE_MESH_POINT:
3398 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHENTICATED) |
3399 BIT(NL80211_STA_FLAG_MFP) |
3400 BIT(NL80211_STA_FLAG_AUTHORIZED);
3401 default:
3402 return -EINVAL;
3403 }
3404
3405 for (flag = 1; flag <= NL80211_STA_FLAG_MAX; flag++) {
3406 if (flags[flag]) {
3407 params->sta_flags_set |= (1<<flag);
3408
3409 /* no longer support new API additions in old API */
3410 if (flag > NL80211_STA_FLAG_MAX_OLD_API)
3411 return -EINVAL;
3412 }
3413 }
3414
3415 return 0;
3416 }
3417
3418 static bool nl80211_put_sta_rate(struct sk_buff *msg, struct rate_info *info,
3419 int attr)
3420 {
3421 struct nlattr *rate;
3422 u32 bitrate;
3423 u16 bitrate_compat;
3424
3425 rate = nla_nest_start(msg, attr);
3426 if (!rate)
3427 return false;
3428
3429 /* cfg80211_calculate_bitrate will return 0 for mcs >= 32 */
3430 bitrate = cfg80211_calculate_bitrate(info);
3431 /* report 16-bit bitrate only if we can */
3432 bitrate_compat = bitrate < (1UL << 16) ? bitrate : 0;
3433 if (bitrate > 0 &&
3434 nla_put_u32(msg, NL80211_RATE_INFO_BITRATE32, bitrate))
3435 return false;
3436 if (bitrate_compat > 0 &&
3437 nla_put_u16(msg, NL80211_RATE_INFO_BITRATE, bitrate_compat))
3438 return false;
3439
3440 if (info->flags & RATE_INFO_FLAGS_MCS) {
3441 if (nla_put_u8(msg, NL80211_RATE_INFO_MCS, info->mcs))
3442 return false;
3443 if (info->flags & RATE_INFO_FLAGS_40_MHZ_WIDTH &&
3444 nla_put_flag(msg, NL80211_RATE_INFO_40_MHZ_WIDTH))
3445 return false;
3446 if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
3447 nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
3448 return false;
3449 } else if (info->flags & RATE_INFO_FLAGS_VHT_MCS) {
3450 if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_MCS, info->mcs))
3451 return false;
3452 if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_NSS, info->nss))
3453 return false;
3454 if (info->flags & RATE_INFO_FLAGS_40_MHZ_WIDTH &&
3455 nla_put_flag(msg, NL80211_RATE_INFO_40_MHZ_WIDTH))
3456 return false;
3457 if (info->flags & RATE_INFO_FLAGS_80_MHZ_WIDTH &&
3458 nla_put_flag(msg, NL80211_RATE_INFO_80_MHZ_WIDTH))
3459 return false;
3460 if (info->flags & RATE_INFO_FLAGS_80P80_MHZ_WIDTH &&
3461 nla_put_flag(msg, NL80211_RATE_INFO_80P80_MHZ_WIDTH))
3462 return false;
3463 if (info->flags & RATE_INFO_FLAGS_160_MHZ_WIDTH &&
3464 nla_put_flag(msg, NL80211_RATE_INFO_160_MHZ_WIDTH))
3465 return false;
3466 if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
3467 nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
3468 return false;
3469 }
3470
3471 nla_nest_end(msg, rate);
3472 return true;
3473 }
3474
3475 static bool nl80211_put_signal(struct sk_buff *msg, u8 mask, s8 *signal,
3476 int id)
3477 {
3478 void *attr;
3479 int i = 0;
3480
3481 if (!mask)
3482 return true;
3483
3484 attr = nla_nest_start(msg, id);
3485 if (!attr)
3486 return false;
3487
3488 for (i = 0; i < IEEE80211_MAX_CHAINS; i++) {
3489 if (!(mask & BIT(i)))
3490 continue;
3491
3492 if (nla_put_u8(msg, i, signal[i]))
3493 return false;
3494 }
3495
3496 nla_nest_end(msg, attr);
3497
3498 return true;
3499 }
3500
3501 static int nl80211_send_station(struct sk_buff *msg, u32 portid, u32 seq,
3502 int flags,
3503 struct cfg80211_registered_device *rdev,
3504 struct net_device *dev,
3505 const u8 *mac_addr, struct station_info *sinfo)
3506 {
3507 void *hdr;
3508 struct nlattr *sinfoattr, *bss_param;
3509
3510 hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_STATION);
3511 if (!hdr)
3512 return -1;
3513
3514 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
3515 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
3516 nla_put_u32(msg, NL80211_ATTR_GENERATION, sinfo->generation))
3517 goto nla_put_failure;
3518
3519 sinfoattr = nla_nest_start(msg, NL80211_ATTR_STA_INFO);
3520 if (!sinfoattr)
3521 goto nla_put_failure;
3522 if ((sinfo->filled & STATION_INFO_CONNECTED_TIME) &&
3523 nla_put_u32(msg, NL80211_STA_INFO_CONNECTED_TIME,
3524 sinfo->connected_time))
3525 goto nla_put_failure;
3526 if ((sinfo->filled & STATION_INFO_INACTIVE_TIME) &&
3527 nla_put_u32(msg, NL80211_STA_INFO_INACTIVE_TIME,
3528 sinfo->inactive_time))
3529 goto nla_put_failure;
3530 if ((sinfo->filled & (STATION_INFO_RX_BYTES |
3531 STATION_INFO_RX_BYTES64)) &&
3532 nla_put_u32(msg, NL80211_STA_INFO_RX_BYTES,
3533 (u32)sinfo->rx_bytes))
3534 goto nla_put_failure;
3535 if ((sinfo->filled & (STATION_INFO_TX_BYTES |
3536 STATION_INFO_TX_BYTES64)) &&
3537 nla_put_u32(msg, NL80211_STA_INFO_TX_BYTES,
3538 (u32)sinfo->tx_bytes))
3539 goto nla_put_failure;
3540 if ((sinfo->filled & STATION_INFO_RX_BYTES64) &&
3541 nla_put_u64(msg, NL80211_STA_INFO_RX_BYTES64,
3542 sinfo->rx_bytes))
3543 goto nla_put_failure;
3544 if ((sinfo->filled & STATION_INFO_TX_BYTES64) &&
3545 nla_put_u64(msg, NL80211_STA_INFO_TX_BYTES64,
3546 sinfo->tx_bytes))
3547 goto nla_put_failure;
3548 if ((sinfo->filled & STATION_INFO_LLID) &&
3549 nla_put_u16(msg, NL80211_STA_INFO_LLID, sinfo->llid))
3550 goto nla_put_failure;
3551 if ((sinfo->filled & STATION_INFO_PLID) &&
3552 nla_put_u16(msg, NL80211_STA_INFO_PLID, sinfo->plid))
3553 goto nla_put_failure;
3554 if ((sinfo->filled & STATION_INFO_PLINK_STATE) &&
3555 nla_put_u8(msg, NL80211_STA_INFO_PLINK_STATE,
3556 sinfo->plink_state))
3557 goto nla_put_failure;
3558 switch (rdev->wiphy.signal_type) {
3559 case CFG80211_SIGNAL_TYPE_MBM:
3560 if ((sinfo->filled & STATION_INFO_SIGNAL) &&
3561 nla_put_u8(msg, NL80211_STA_INFO_SIGNAL,
3562 sinfo->signal))
3563 goto nla_put_failure;
3564 if ((sinfo->filled & STATION_INFO_SIGNAL_AVG) &&
3565 nla_put_u8(msg, NL80211_STA_INFO_SIGNAL_AVG,
3566 sinfo->signal_avg))
3567 goto nla_put_failure;
3568 break;
3569 default:
3570 break;
3571 }
3572 if (sinfo->filled & STATION_INFO_CHAIN_SIGNAL) {
3573 if (!nl80211_put_signal(msg, sinfo->chains,
3574 sinfo->chain_signal,
3575 NL80211_STA_INFO_CHAIN_SIGNAL))
3576 goto nla_put_failure;
3577 }
3578 if (sinfo->filled & STATION_INFO_CHAIN_SIGNAL_AVG) {
3579 if (!nl80211_put_signal(msg, sinfo->chains,
3580 sinfo->chain_signal_avg,
3581 NL80211_STA_INFO_CHAIN_SIGNAL_AVG))
3582 goto nla_put_failure;
3583 }
3584 if (sinfo->filled & STATION_INFO_TX_BITRATE) {
3585 if (!nl80211_put_sta_rate(msg, &sinfo->txrate,
3586 NL80211_STA_INFO_TX_BITRATE))
3587 goto nla_put_failure;
3588 }
3589 if (sinfo->filled & STATION_INFO_RX_BITRATE) {
3590 if (!nl80211_put_sta_rate(msg, &sinfo->rxrate,
3591 NL80211_STA_INFO_RX_BITRATE))
3592 goto nla_put_failure;
3593 }
3594 if ((sinfo->filled & STATION_INFO_RX_PACKETS) &&
3595 nla_put_u32(msg, NL80211_STA_INFO_RX_PACKETS,
3596 sinfo->rx_packets))
3597 goto nla_put_failure;
3598 if ((sinfo->filled & STATION_INFO_TX_PACKETS) &&
3599 nla_put_u32(msg, NL80211_STA_INFO_TX_PACKETS,
3600 sinfo->tx_packets))
3601 goto nla_put_failure;
3602 if ((sinfo->filled & STATION_INFO_TX_RETRIES) &&
3603 nla_put_u32(msg, NL80211_STA_INFO_TX_RETRIES,
3604 sinfo->tx_retries))
3605 goto nla_put_failure;
3606 if ((sinfo->filled & STATION_INFO_TX_FAILED) &&
3607 nla_put_u32(msg, NL80211_STA_INFO_TX_FAILED,
3608 sinfo->tx_failed))
3609 goto nla_put_failure;
3610 if ((sinfo->filled & STATION_INFO_BEACON_LOSS_COUNT) &&
3611 nla_put_u32(msg, NL80211_STA_INFO_BEACON_LOSS,
3612 sinfo->beacon_loss_count))
3613 goto nla_put_failure;
3614 if ((sinfo->filled & STATION_INFO_LOCAL_PM) &&
3615 nla_put_u32(msg, NL80211_STA_INFO_LOCAL_PM,
3616 sinfo->local_pm))
3617 goto nla_put_failure;
3618 if ((sinfo->filled & STATION_INFO_PEER_PM) &&
3619 nla_put_u32(msg, NL80211_STA_INFO_PEER_PM,
3620 sinfo->peer_pm))
3621 goto nla_put_failure;
3622 if ((sinfo->filled & STATION_INFO_NONPEER_PM) &&
3623 nla_put_u32(msg, NL80211_STA_INFO_NONPEER_PM,
3624 sinfo->nonpeer_pm))
3625 goto nla_put_failure;
3626 if (sinfo->filled & STATION_INFO_BSS_PARAM) {
3627 bss_param = nla_nest_start(msg, NL80211_STA_INFO_BSS_PARAM);
3628 if (!bss_param)
3629 goto nla_put_failure;
3630
3631 if (((sinfo->bss_param.flags & BSS_PARAM_FLAGS_CTS_PROT) &&
3632 nla_put_flag(msg, NL80211_STA_BSS_PARAM_CTS_PROT)) ||
3633 ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_PREAMBLE) &&
3634 nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_PREAMBLE)) ||
3635 ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_SLOT_TIME) &&
3636 nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_SLOT_TIME)) ||
3637 nla_put_u8(msg, NL80211_STA_BSS_PARAM_DTIM_PERIOD,
3638 sinfo->bss_param.dtim_period) ||
3639 nla_put_u16(msg, NL80211_STA_BSS_PARAM_BEACON_INTERVAL,
3640 sinfo->bss_param.beacon_interval))
3641 goto nla_put_failure;
3642
3643 nla_nest_end(msg, bss_param);
3644 }
3645 if ((sinfo->filled & STATION_INFO_STA_FLAGS) &&
3646 nla_put(msg, NL80211_STA_INFO_STA_FLAGS,
3647 sizeof(struct nl80211_sta_flag_update),
3648 &sinfo->sta_flags))
3649 goto nla_put_failure;
3650 if ((sinfo->filled & STATION_INFO_T_OFFSET) &&
3651 nla_put_u64(msg, NL80211_STA_INFO_T_OFFSET,
3652 sinfo->t_offset))
3653 goto nla_put_failure;
3654 nla_nest_end(msg, sinfoattr);
3655
3656 if ((sinfo->filled & STATION_INFO_ASSOC_REQ_IES) &&
3657 nla_put(msg, NL80211_ATTR_IE, sinfo->assoc_req_ies_len,
3658 sinfo->assoc_req_ies))
3659 goto nla_put_failure;
3660
3661 return genlmsg_end(msg, hdr);
3662
3663 nla_put_failure:
3664 genlmsg_cancel(msg, hdr);
3665 return -EMSGSIZE;
3666 }
3667
3668 static int nl80211_dump_station(struct sk_buff *skb,
3669 struct netlink_callback *cb)
3670 {
3671 struct station_info sinfo;
3672 struct cfg80211_registered_device *dev;
3673 struct wireless_dev *wdev;
3674 u8 mac_addr[ETH_ALEN];
3675 int sta_idx = cb->args[2];
3676 int err;
3677
3678 err = nl80211_prepare_wdev_dump(skb, cb, &dev, &wdev);
3679 if (err)
3680 return err;
3681
3682 if (!wdev->netdev) {
3683 err = -EINVAL;
3684 goto out_err;
3685 }
3686
3687 if (!dev->ops->dump_station) {
3688 err = -EOPNOTSUPP;
3689 goto out_err;
3690 }
3691
3692 while (1) {
3693 memset(&sinfo, 0, sizeof(sinfo));
3694 err = rdev_dump_station(dev, wdev->netdev, sta_idx,
3695 mac_addr, &sinfo);
3696 if (err == -ENOENT)
3697 break;
3698 if (err)
3699 goto out_err;
3700
3701 if (nl80211_send_station(skb,
3702 NETLINK_CB(cb->skb).portid,
3703 cb->nlh->nlmsg_seq, NLM_F_MULTI,
3704 dev, wdev->netdev, mac_addr,
3705 &sinfo) < 0)
3706 goto out;
3707
3708 sta_idx++;
3709 }
3710
3711
3712 out:
3713 cb->args[2] = sta_idx;
3714 err = skb->len;
3715 out_err:
3716 nl80211_finish_wdev_dump(dev);
3717
3718 return err;
3719 }
3720
3721 static int nl80211_get_station(struct sk_buff *skb, struct genl_info *info)
3722 {
3723 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3724 struct net_device *dev = info->user_ptr[1];
3725 struct station_info sinfo;
3726 struct sk_buff *msg;
3727 u8 *mac_addr = NULL;
3728 int err;
3729
3730 memset(&sinfo, 0, sizeof(sinfo));
3731
3732 if (!info->attrs[NL80211_ATTR_MAC])
3733 return -EINVAL;
3734
3735 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3736
3737 if (!rdev->ops->get_station)
3738 return -EOPNOTSUPP;
3739
3740 err = rdev_get_station(rdev, dev, mac_addr, &sinfo);
3741 if (err)
3742 return err;
3743
3744 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3745 if (!msg)
3746 return -ENOMEM;
3747
3748 if (nl80211_send_station(msg, info->snd_portid, info->snd_seq, 0,
3749 rdev, dev, mac_addr, &sinfo) < 0) {
3750 nlmsg_free(msg);
3751 return -ENOBUFS;
3752 }
3753
3754 return genlmsg_reply(msg, info);
3755 }
3756
3757 int cfg80211_check_station_change(struct wiphy *wiphy,
3758 struct station_parameters *params,
3759 enum cfg80211_station_type statype)
3760 {
3761 if (params->listen_interval != -1)
3762 return -EINVAL;
3763 if (params->aid)
3764 return -EINVAL;
3765
3766 /* When you run into this, adjust the code below for the new flag */
3767 BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 7);
3768
3769 switch (statype) {
3770 case CFG80211_STA_MESH_PEER_KERNEL:
3771 case CFG80211_STA_MESH_PEER_USER:
3772 /*
3773 * No ignoring the TDLS flag here -- the userspace mesh
3774 * code doesn't have the bug of including TDLS in the
3775 * mask everywhere.
3776 */
3777 if (params->sta_flags_mask &
3778 ~(BIT(NL80211_STA_FLAG_AUTHENTICATED) |
3779 BIT(NL80211_STA_FLAG_MFP) |
3780 BIT(NL80211_STA_FLAG_AUTHORIZED)))
3781 return -EINVAL;
3782 break;
3783 case CFG80211_STA_TDLS_PEER_SETUP:
3784 case CFG80211_STA_TDLS_PEER_ACTIVE:
3785 if (!(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
3786 return -EINVAL;
3787 /* ignore since it can't change */
3788 params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
3789 break;
3790 default:
3791 /* disallow mesh-specific things */
3792 if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION)
3793 return -EINVAL;
3794 if (params->local_pm)
3795 return -EINVAL;
3796 if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE)
3797 return -EINVAL;
3798 }
3799
3800 if (statype != CFG80211_STA_TDLS_PEER_SETUP &&
3801 statype != CFG80211_STA_TDLS_PEER_ACTIVE) {
3802 /* TDLS can't be set, ... */
3803 if (params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))
3804 return -EINVAL;
3805 /*
3806 * ... but don't bother the driver with it. This works around
3807 * a hostapd/wpa_supplicant issue -- it always includes the
3808 * TLDS_PEER flag in the mask even for AP mode.
3809 */
3810 params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
3811 }
3812
3813 if (statype != CFG80211_STA_TDLS_PEER_SETUP) {
3814 /* reject other things that can't change */
3815 if (params->sta_modify_mask & STATION_PARAM_APPLY_UAPSD)
3816 return -EINVAL;
3817 if (params->sta_modify_mask & STATION_PARAM_APPLY_CAPABILITY)
3818 return -EINVAL;
3819 if (params->supported_rates)
3820 return -EINVAL;
3821 if (params->ext_capab || params->ht_capa || params->vht_capa)
3822 return -EINVAL;
3823 }
3824
3825 if (statype != CFG80211_STA_AP_CLIENT) {
3826 if (params->vlan)
3827 return -EINVAL;
3828 }
3829
3830 switch (statype) {
3831 case CFG80211_STA_AP_MLME_CLIENT:
3832 /* Use this only for authorizing/unauthorizing a station */
3833 if (!(params->sta_flags_mask & BIT(NL80211_STA_FLAG_AUTHORIZED)))
3834 return -EOPNOTSUPP;
3835 break;
3836 case CFG80211_STA_AP_CLIENT:
3837 /* accept only the listed bits */
3838 if (params->sta_flags_mask &
3839 ~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
3840 BIT(NL80211_STA_FLAG_AUTHENTICATED) |
3841 BIT(NL80211_STA_FLAG_ASSOCIATED) |
3842 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
3843 BIT(NL80211_STA_FLAG_WME) |
3844 BIT(NL80211_STA_FLAG_MFP)))
3845 return -EINVAL;
3846
3847 /* but authenticated/associated only if driver handles it */
3848 if (!(wiphy->features & NL80211_FEATURE_FULL_AP_CLIENT_STATE) &&
3849 params->sta_flags_mask &
3850 (BIT(NL80211_STA_FLAG_AUTHENTICATED) |
3851 BIT(NL80211_STA_FLAG_ASSOCIATED)))
3852 return -EINVAL;
3853 break;
3854 case CFG80211_STA_IBSS:
3855 case CFG80211_STA_AP_STA:
3856 /* reject any changes other than AUTHORIZED */
3857 if (params->sta_flags_mask & ~BIT(NL80211_STA_FLAG_AUTHORIZED))
3858 return -EINVAL;
3859 break;
3860 case CFG80211_STA_TDLS_PEER_SETUP:
3861 /* reject any changes other than AUTHORIZED or WME */
3862 if (params->sta_flags_mask & ~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
3863 BIT(NL80211_STA_FLAG_WME)))
3864 return -EINVAL;
3865 /* force (at least) rates when authorizing */
3866 if (params->sta_flags_set & BIT(NL80211_STA_FLAG_AUTHORIZED) &&
3867 !params->supported_rates)
3868 return -EINVAL;
3869 break;
3870 case CFG80211_STA_TDLS_PEER_ACTIVE:
3871 /* reject any changes */
3872 return -EINVAL;
3873 case CFG80211_STA_MESH_PEER_KERNEL:
3874 if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE)
3875 return -EINVAL;
3876 break;
3877 case CFG80211_STA_MESH_PEER_USER:
3878 if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION)
3879 return -EINVAL;
3880 break;
3881 }
3882
3883 return 0;
3884 }
3885 EXPORT_SYMBOL(cfg80211_check_station_change);
3886
3887 /*
3888 * Get vlan interface making sure it is running and on the right wiphy.
3889 */
3890 static struct net_device *get_vlan(struct genl_info *info,
3891 struct cfg80211_registered_device *rdev)
3892 {
3893 struct nlattr *vlanattr = info->attrs[NL80211_ATTR_STA_VLAN];
3894 struct net_device *v;
3895 int ret;
3896
3897 if (!vlanattr)
3898 return NULL;
3899
3900 v = dev_get_by_index(genl_info_net(info), nla_get_u32(vlanattr));
3901 if (!v)
3902 return ERR_PTR(-ENODEV);
3903
3904 if (!v->ieee80211_ptr || v->ieee80211_ptr->wiphy != &rdev->wiphy) {
3905 ret = -EINVAL;
3906 goto error;
3907 }
3908
3909 if (v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
3910 v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
3911 v->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) {
3912 ret = -EINVAL;
3913 goto error;
3914 }
3915
3916 if (!netif_running(v)) {
3917 ret = -ENETDOWN;
3918 goto error;
3919 }
3920
3921 return v;
3922 error:
3923 dev_put(v);
3924 return ERR_PTR(ret);
3925 }
3926
3927 static const struct nla_policy
3928 nl80211_sta_wme_policy[NL80211_STA_WME_MAX + 1] = {
3929 [NL80211_STA_WME_UAPSD_QUEUES] = { .type = NLA_U8 },
3930 [NL80211_STA_WME_MAX_SP] = { .type = NLA_U8 },
3931 };
3932
3933 static int nl80211_parse_sta_wme(struct genl_info *info,
3934 struct station_parameters *params)
3935 {
3936 struct nlattr *tb[NL80211_STA_WME_MAX + 1];
3937 struct nlattr *nla;
3938 int err;
3939
3940 /* parse WME attributes if present */
3941 if (!info->attrs[NL80211_ATTR_STA_WME])
3942 return 0;
3943
3944 nla = info->attrs[NL80211_ATTR_STA_WME];
3945 err = nla_parse_nested(tb, NL80211_STA_WME_MAX, nla,
3946 nl80211_sta_wme_policy);
3947 if (err)
3948 return err;
3949
3950 if (tb[NL80211_STA_WME_UAPSD_QUEUES])
3951 params->uapsd_queues = nla_get_u8(
3952 tb[NL80211_STA_WME_UAPSD_QUEUES]);
3953 if (params->uapsd_queues & ~IEEE80211_WMM_IE_STA_QOSINFO_AC_MASK)
3954 return -EINVAL;
3955
3956 if (tb[NL80211_STA_WME_MAX_SP])
3957 params->max_sp = nla_get_u8(tb[NL80211_STA_WME_MAX_SP]);
3958
3959 if (params->max_sp & ~IEEE80211_WMM_IE_STA_QOSINFO_SP_MASK)
3960 return -EINVAL;
3961
3962 params->sta_modify_mask |= STATION_PARAM_APPLY_UAPSD;
3963
3964 return 0;
3965 }
3966
3967 static int nl80211_parse_sta_channel_info(struct genl_info *info,
3968 struct station_parameters *params)
3969 {
3970 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]) {
3971 params->supported_channels =
3972 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]);
3973 params->supported_channels_len =
3974 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]);
3975 /*
3976 * Need to include at least one (first channel, number of
3977 * channels) tuple for each subband, and must have proper
3978 * tuples for the rest of the data as well.
3979 */
3980 if (params->supported_channels_len < 2)
3981 return -EINVAL;
3982 if (params->supported_channels_len % 2)
3983 return -EINVAL;
3984 }
3985
3986 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]) {
3987 params->supported_oper_classes =
3988 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]);
3989 params->supported_oper_classes_len =
3990 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]);
3991 /*
3992 * The value of the Length field of the Supported Operating
3993 * Classes element is between 2 and 253.
3994 */
3995 if (params->supported_oper_classes_len < 2 ||
3996 params->supported_oper_classes_len > 253)
3997 return -EINVAL;
3998 }
3999 return 0;
4000 }
4001
4002 static int nl80211_set_station_tdls(struct genl_info *info,
4003 struct station_parameters *params)
4004 {
4005 int err;
4006 /* Dummy STA entry gets updated once the peer capabilities are known */
4007 if (info->attrs[NL80211_ATTR_PEER_AID])
4008 params->aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
4009 if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
4010 params->ht_capa =
4011 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
4012 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
4013 params->vht_capa =
4014 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
4015
4016 err = nl80211_parse_sta_channel_info(info, params);
4017 if (err)
4018 return err;
4019
4020 return nl80211_parse_sta_wme(info, params);
4021 }
4022
4023 static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info)
4024 {
4025 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4026 struct net_device *dev = info->user_ptr[1];
4027 struct station_parameters params;
4028 u8 *mac_addr;
4029 int err;
4030
4031 memset(&params, 0, sizeof(params));
4032
4033 params.listen_interval = -1;
4034
4035 if (!rdev->ops->change_station)
4036 return -EOPNOTSUPP;
4037
4038 if (info->attrs[NL80211_ATTR_STA_AID])
4039 return -EINVAL;
4040
4041 if (!info->attrs[NL80211_ATTR_MAC])
4042 return -EINVAL;
4043
4044 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4045
4046 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) {
4047 params.supported_rates =
4048 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
4049 params.supported_rates_len =
4050 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
4051 }
4052
4053 if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
4054 params.capability =
4055 nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]);
4056 params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY;
4057 }
4058
4059 if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) {
4060 params.ext_capab =
4061 nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
4062 params.ext_capab_len =
4063 nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
4064 }
4065
4066 if (info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
4067 return -EINVAL;
4068
4069 if (parse_station_flags(info, dev->ieee80211_ptr->iftype, &params))
4070 return -EINVAL;
4071
4072 if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION]) {
4073 params.plink_action =
4074 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
4075 if (params.plink_action >= NUM_NL80211_PLINK_ACTIONS)
4076 return -EINVAL;
4077 }
4078
4079 if (info->attrs[NL80211_ATTR_STA_PLINK_STATE]) {
4080 params.plink_state =
4081 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_STATE]);
4082 if (params.plink_state >= NUM_NL80211_PLINK_STATES)
4083 return -EINVAL;
4084 params.sta_modify_mask |= STATION_PARAM_APPLY_PLINK_STATE;
4085 }
4086
4087 if (info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE]) {
4088 enum nl80211_mesh_power_mode pm = nla_get_u32(
4089 info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE]);
4090
4091 if (pm <= NL80211_MESH_POWER_UNKNOWN ||
4092 pm > NL80211_MESH_POWER_MAX)
4093 return -EINVAL;
4094
4095 params.local_pm = pm;
4096 }
4097
4098 /* Include parameters for TDLS peer (will check later) */
4099 err = nl80211_set_station_tdls(info, &params);
4100 if (err)
4101 return err;
4102
4103 params.vlan = get_vlan(info, rdev);
4104 if (IS_ERR(params.vlan))
4105 return PTR_ERR(params.vlan);
4106
4107 switch (dev->ieee80211_ptr->iftype) {
4108 case NL80211_IFTYPE_AP:
4109 case NL80211_IFTYPE_AP_VLAN:
4110 case NL80211_IFTYPE_P2P_GO:
4111 case NL80211_IFTYPE_P2P_CLIENT:
4112 case NL80211_IFTYPE_STATION:
4113 case NL80211_IFTYPE_ADHOC:
4114 case NL80211_IFTYPE_MESH_POINT:
4115 break;
4116 default:
4117 err = -EOPNOTSUPP;
4118 goto out_put_vlan;
4119 }
4120
4121 /* driver will call cfg80211_check_station_change() */
4122 err = rdev_change_station(rdev, dev, mac_addr, &params);
4123
4124 out_put_vlan:
4125 if (params.vlan)
4126 dev_put(params.vlan);
4127
4128 return err;
4129 }
4130
4131 static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info)
4132 {
4133 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4134 int err;
4135 struct net_device *dev = info->user_ptr[1];
4136 struct station_parameters params;
4137 u8 *mac_addr = NULL;
4138
4139 memset(&params, 0, sizeof(params));
4140
4141 if (!rdev->ops->add_station)
4142 return -EOPNOTSUPP;
4143
4144 if (!info->attrs[NL80211_ATTR_MAC])
4145 return -EINVAL;
4146
4147 if (!info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
4148 return -EINVAL;
4149
4150 if (!info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES])
4151 return -EINVAL;
4152
4153 if (!info->attrs[NL80211_ATTR_STA_AID] &&
4154 !info->attrs[NL80211_ATTR_PEER_AID])
4155 return -EINVAL;
4156
4157 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4158 params.supported_rates =
4159 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
4160 params.supported_rates_len =
4161 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
4162 params.listen_interval =
4163 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
4164
4165 if (info->attrs[NL80211_ATTR_PEER_AID])
4166 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
4167 else
4168 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
4169 if (!params.aid || params.aid > IEEE80211_MAX_AID)
4170 return -EINVAL;
4171
4172 if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
4173 params.capability =
4174 nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]);
4175 params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY;
4176 }
4177
4178 if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) {
4179 params.ext_capab =
4180 nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
4181 params.ext_capab_len =
4182 nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
4183 }
4184
4185 if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
4186 params.ht_capa =
4187 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
4188
4189 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
4190 params.vht_capa =
4191 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
4192
4193 if (info->attrs[NL80211_ATTR_OPMODE_NOTIF]) {
4194 params.opmode_notif_used = true;
4195 params.opmode_notif =
4196 nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]);
4197 }
4198
4199 if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION]) {
4200 params.plink_action =
4201 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
4202 if (params.plink_action >= NUM_NL80211_PLINK_ACTIONS)
4203 return -EINVAL;
4204 }
4205
4206 err = nl80211_parse_sta_channel_info(info, &params);
4207 if (err)
4208 return err;
4209
4210 err = nl80211_parse_sta_wme(info, &params);
4211 if (err)
4212 return err;
4213
4214 if (parse_station_flags(info, dev->ieee80211_ptr->iftype, &params))
4215 return -EINVAL;
4216
4217 /* When you run into this, adjust the code below for the new flag */
4218 BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 7);
4219
4220 switch (dev->ieee80211_ptr->iftype) {
4221 case NL80211_IFTYPE_AP:
4222 case NL80211_IFTYPE_AP_VLAN:
4223 case NL80211_IFTYPE_P2P_GO:
4224 /* ignore WME attributes if iface/sta is not capable */
4225 if (!(rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) ||
4226 !(params.sta_flags_set & BIT(NL80211_STA_FLAG_WME)))
4227 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
4228
4229 /* TDLS peers cannot be added */
4230 if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) ||
4231 info->attrs[NL80211_ATTR_PEER_AID])
4232 return -EINVAL;
4233 /* but don't bother the driver with it */
4234 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
4235
4236 /* allow authenticated/associated only if driver handles it */
4237 if (!(rdev->wiphy.features &
4238 NL80211_FEATURE_FULL_AP_CLIENT_STATE) &&
4239 params.sta_flags_mask &
4240 (BIT(NL80211_STA_FLAG_AUTHENTICATED) |
4241 BIT(NL80211_STA_FLAG_ASSOCIATED)))
4242 return -EINVAL;
4243
4244 /* must be last in here for error handling */
4245 params.vlan = get_vlan(info, rdev);
4246 if (IS_ERR(params.vlan))
4247 return PTR_ERR(params.vlan);
4248 break;
4249 case NL80211_IFTYPE_MESH_POINT:
4250 /* ignore uAPSD data */
4251 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
4252
4253 /* associated is disallowed */
4254 if (params.sta_flags_mask & BIT(NL80211_STA_FLAG_ASSOCIATED))
4255 return -EINVAL;
4256 /* TDLS peers cannot be added */
4257 if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) ||
4258 info->attrs[NL80211_ATTR_PEER_AID])
4259 return -EINVAL;
4260 break;
4261 case NL80211_IFTYPE_STATION:
4262 case NL80211_IFTYPE_P2P_CLIENT:
4263 /* ignore uAPSD data */
4264 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
4265
4266 /* these are disallowed */
4267 if (params.sta_flags_mask &
4268 (BIT(NL80211_STA_FLAG_ASSOCIATED) |
4269 BIT(NL80211_STA_FLAG_AUTHENTICATED)))
4270 return -EINVAL;
4271 /* Only TDLS peers can be added */
4272 if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
4273 return -EINVAL;
4274 /* Can only add if TDLS ... */
4275 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS))
4276 return -EOPNOTSUPP;
4277 /* ... with external setup is supported */
4278 if (!(rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP))
4279 return -EOPNOTSUPP;
4280 /*
4281 * Older wpa_supplicant versions always mark the TDLS peer
4282 * as authorized, but it shouldn't yet be.
4283 */
4284 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_AUTHORIZED);
4285 break;
4286 default:
4287 return -EOPNOTSUPP;
4288 }
4289
4290 /* be aware of params.vlan when changing code here */
4291
4292 err = rdev_add_station(rdev, dev, mac_addr, &params);
4293
4294 if (params.vlan)
4295 dev_put(params.vlan);
4296 return err;
4297 }
4298
4299 static int nl80211_del_station(struct sk_buff *skb, struct genl_info *info)
4300 {
4301 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4302 struct net_device *dev = info->user_ptr[1];
4303 u8 *mac_addr = NULL;
4304
4305 if (info->attrs[NL80211_ATTR_MAC])
4306 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4307
4308 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
4309 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
4310 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
4311 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4312 return -EINVAL;
4313
4314 if (!rdev->ops->del_station)
4315 return -EOPNOTSUPP;
4316
4317 return rdev_del_station(rdev, dev, mac_addr);
4318 }
4319
4320 static int nl80211_send_mpath(struct sk_buff *msg, u32 portid, u32 seq,
4321 int flags, struct net_device *dev,
4322 u8 *dst, u8 *next_hop,
4323 struct mpath_info *pinfo)
4324 {
4325 void *hdr;
4326 struct nlattr *pinfoattr;
4327
4328 hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_STATION);
4329 if (!hdr)
4330 return -1;
4331
4332 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
4333 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, dst) ||
4334 nla_put(msg, NL80211_ATTR_MPATH_NEXT_HOP, ETH_ALEN, next_hop) ||
4335 nla_put_u32(msg, NL80211_ATTR_GENERATION, pinfo->generation))
4336 goto nla_put_failure;
4337
4338 pinfoattr = nla_nest_start(msg, NL80211_ATTR_MPATH_INFO);
4339 if (!pinfoattr)
4340 goto nla_put_failure;
4341 if ((pinfo->filled & MPATH_INFO_FRAME_QLEN) &&
4342 nla_put_u32(msg, NL80211_MPATH_INFO_FRAME_QLEN,
4343 pinfo->frame_qlen))
4344 goto nla_put_failure;
4345 if (((pinfo->filled & MPATH_INFO_SN) &&
4346 nla_put_u32(msg, NL80211_MPATH_INFO_SN, pinfo->sn)) ||
4347 ((pinfo->filled & MPATH_INFO_METRIC) &&
4348 nla_put_u32(msg, NL80211_MPATH_INFO_METRIC,
4349 pinfo->metric)) ||
4350 ((pinfo->filled & MPATH_INFO_EXPTIME) &&
4351 nla_put_u32(msg, NL80211_MPATH_INFO_EXPTIME,
4352 pinfo->exptime)) ||
4353 ((pinfo->filled & MPATH_INFO_FLAGS) &&
4354 nla_put_u8(msg, NL80211_MPATH_INFO_FLAGS,
4355 pinfo->flags)) ||
4356 ((pinfo->filled & MPATH_INFO_DISCOVERY_TIMEOUT) &&
4357 nla_put_u32(msg, NL80211_MPATH_INFO_DISCOVERY_TIMEOUT,
4358 pinfo->discovery_timeout)) ||
4359 ((pinfo->filled & MPATH_INFO_DISCOVERY_RETRIES) &&
4360 nla_put_u8(msg, NL80211_MPATH_INFO_DISCOVERY_RETRIES,
4361 pinfo->discovery_retries)))
4362 goto nla_put_failure;
4363
4364 nla_nest_end(msg, pinfoattr);
4365
4366 return genlmsg_end(msg, hdr);
4367
4368 nla_put_failure:
4369 genlmsg_cancel(msg, hdr);
4370 return -EMSGSIZE;
4371 }
4372
4373 static int nl80211_dump_mpath(struct sk_buff *skb,
4374 struct netlink_callback *cb)
4375 {
4376 struct mpath_info pinfo;
4377 struct cfg80211_registered_device *dev;
4378 struct wireless_dev *wdev;
4379 u8 dst[ETH_ALEN];
4380 u8 next_hop[ETH_ALEN];
4381 int path_idx = cb->args[2];
4382 int err;
4383
4384 err = nl80211_prepare_wdev_dump(skb, cb, &dev, &wdev);
4385 if (err)
4386 return err;
4387
4388 if (!dev->ops->dump_mpath) {
4389 err = -EOPNOTSUPP;
4390 goto out_err;
4391 }
4392
4393 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) {
4394 err = -EOPNOTSUPP;
4395 goto out_err;
4396 }
4397
4398 while (1) {
4399 err = rdev_dump_mpath(dev, wdev->netdev, path_idx, dst,
4400 next_hop, &pinfo);
4401 if (err == -ENOENT)
4402 break;
4403 if (err)
4404 goto out_err;
4405
4406 if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid,
4407 cb->nlh->nlmsg_seq, NLM_F_MULTI,
4408 wdev->netdev, dst, next_hop,
4409 &pinfo) < 0)
4410 goto out;
4411
4412 path_idx++;
4413 }
4414
4415
4416 out:
4417 cb->args[2] = path_idx;
4418 err = skb->len;
4419 out_err:
4420 nl80211_finish_wdev_dump(dev);
4421 return err;
4422 }
4423
4424 static int nl80211_get_mpath(struct sk_buff *skb, struct genl_info *info)
4425 {
4426 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4427 int err;
4428 struct net_device *dev = info->user_ptr[1];
4429 struct mpath_info pinfo;
4430 struct sk_buff *msg;
4431 u8 *dst = NULL;
4432 u8 next_hop[ETH_ALEN];
4433
4434 memset(&pinfo, 0, sizeof(pinfo));
4435
4436 if (!info->attrs[NL80211_ATTR_MAC])
4437 return -EINVAL;
4438
4439 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
4440
4441 if (!rdev->ops->get_mpath)
4442 return -EOPNOTSUPP;
4443
4444 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
4445 return -EOPNOTSUPP;
4446
4447 err = rdev_get_mpath(rdev, dev, dst, next_hop, &pinfo);
4448 if (err)
4449 return err;
4450
4451 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4452 if (!msg)
4453 return -ENOMEM;
4454
4455 if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0,
4456 dev, dst, next_hop, &pinfo) < 0) {
4457 nlmsg_free(msg);
4458 return -ENOBUFS;
4459 }
4460
4461 return genlmsg_reply(msg, info);
4462 }
4463
4464 static int nl80211_set_mpath(struct sk_buff *skb, struct genl_info *info)
4465 {
4466 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4467 struct net_device *dev = info->user_ptr[1];
4468 u8 *dst = NULL;
4469 u8 *next_hop = NULL;
4470
4471 if (!info->attrs[NL80211_ATTR_MAC])
4472 return -EINVAL;
4473
4474 if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
4475 return -EINVAL;
4476
4477 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
4478 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
4479
4480 if (!rdev->ops->change_mpath)
4481 return -EOPNOTSUPP;
4482
4483 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
4484 return -EOPNOTSUPP;
4485
4486 return rdev_change_mpath(rdev, dev, dst, next_hop);
4487 }
4488
4489 static int nl80211_new_mpath(struct sk_buff *skb, struct genl_info *info)
4490 {
4491 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4492 struct net_device *dev = info->user_ptr[1];
4493 u8 *dst = NULL;
4494 u8 *next_hop = NULL;
4495
4496 if (!info->attrs[NL80211_ATTR_MAC])
4497 return -EINVAL;
4498
4499 if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
4500 return -EINVAL;
4501
4502 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
4503 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
4504
4505 if (!rdev->ops->add_mpath)
4506 return -EOPNOTSUPP;
4507
4508 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
4509 return -EOPNOTSUPP;
4510
4511 return rdev_add_mpath(rdev, dev, dst, next_hop);
4512 }
4513
4514 static int nl80211_del_mpath(struct sk_buff *skb, struct genl_info *info)
4515 {
4516 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4517 struct net_device *dev = info->user_ptr[1];
4518 u8 *dst = NULL;
4519
4520 if (info->attrs[NL80211_ATTR_MAC])
4521 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
4522
4523 if (!rdev->ops->del_mpath)
4524 return -EOPNOTSUPP;
4525
4526 return rdev_del_mpath(rdev, dev, dst);
4527 }
4528
4529 static int nl80211_set_bss(struct sk_buff *skb, struct genl_info *info)
4530 {
4531 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4532 struct net_device *dev = info->user_ptr[1];
4533 struct wireless_dev *wdev = dev->ieee80211_ptr;
4534 struct bss_parameters params;
4535 int err;
4536
4537 memset(&params, 0, sizeof(params));
4538 /* default to not changing parameters */
4539 params.use_cts_prot = -1;
4540 params.use_short_preamble = -1;
4541 params.use_short_slot_time = -1;
4542 params.ap_isolate = -1;
4543 params.ht_opmode = -1;
4544 params.p2p_ctwindow = -1;
4545 params.p2p_opp_ps = -1;
4546
4547 if (info->attrs[NL80211_ATTR_BSS_CTS_PROT])
4548 params.use_cts_prot =
4549 nla_get_u8(info->attrs[NL80211_ATTR_BSS_CTS_PROT]);
4550 if (info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE])
4551 params.use_short_preamble =
4552 nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]);
4553 if (info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME])
4554 params.use_short_slot_time =
4555 nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]);
4556 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
4557 params.basic_rates =
4558 nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
4559 params.basic_rates_len =
4560 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
4561 }
4562 if (info->attrs[NL80211_ATTR_AP_ISOLATE])
4563 params.ap_isolate = !!nla_get_u8(info->attrs[NL80211_ATTR_AP_ISOLATE]);
4564 if (info->attrs[NL80211_ATTR_BSS_HT_OPMODE])
4565 params.ht_opmode =
4566 nla_get_u16(info->attrs[NL80211_ATTR_BSS_HT_OPMODE]);
4567
4568 if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
4569 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4570 return -EINVAL;
4571 params.p2p_ctwindow =
4572 nla_get_s8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
4573 if (params.p2p_ctwindow < 0)
4574 return -EINVAL;
4575 if (params.p2p_ctwindow != 0 &&
4576 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN))
4577 return -EINVAL;
4578 }
4579
4580 if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
4581 u8 tmp;
4582
4583 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4584 return -EINVAL;
4585 tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
4586 if (tmp > 1)
4587 return -EINVAL;
4588 params.p2p_opp_ps = tmp;
4589 if (params.p2p_opp_ps &&
4590 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS))
4591 return -EINVAL;
4592 }
4593
4594 if (!rdev->ops->change_bss)
4595 return -EOPNOTSUPP;
4596
4597 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
4598 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4599 return -EOPNOTSUPP;
4600
4601 wdev_lock(wdev);
4602 err = rdev_change_bss(rdev, dev, &params);
4603 wdev_unlock(wdev);
4604
4605 return err;
4606 }
4607
4608 static const struct nla_policy reg_rule_policy[NL80211_REG_RULE_ATTR_MAX + 1] = {
4609 [NL80211_ATTR_REG_RULE_FLAGS] = { .type = NLA_U32 },
4610 [NL80211_ATTR_FREQ_RANGE_START] = { .type = NLA_U32 },
4611 [NL80211_ATTR_FREQ_RANGE_END] = { .type = NLA_U32 },
4612 [NL80211_ATTR_FREQ_RANGE_MAX_BW] = { .type = NLA_U32 },
4613 [NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN] = { .type = NLA_U32 },
4614 [NL80211_ATTR_POWER_RULE_MAX_EIRP] = { .type = NLA_U32 },
4615 };
4616
4617 static int parse_reg_rule(struct nlattr *tb[],
4618 struct ieee80211_reg_rule *reg_rule)
4619 {
4620 struct ieee80211_freq_range *freq_range = &reg_rule->freq_range;
4621 struct ieee80211_power_rule *power_rule = &reg_rule->power_rule;
4622
4623 if (!tb[NL80211_ATTR_REG_RULE_FLAGS])
4624 return -EINVAL;
4625 if (!tb[NL80211_ATTR_FREQ_RANGE_START])
4626 return -EINVAL;
4627 if (!tb[NL80211_ATTR_FREQ_RANGE_END])
4628 return -EINVAL;
4629 if (!tb[NL80211_ATTR_FREQ_RANGE_MAX_BW])
4630 return -EINVAL;
4631 if (!tb[NL80211_ATTR_POWER_RULE_MAX_EIRP])
4632 return -EINVAL;
4633
4634 reg_rule->flags = nla_get_u32(tb[NL80211_ATTR_REG_RULE_FLAGS]);
4635
4636 freq_range->start_freq_khz =
4637 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]);
4638 freq_range->end_freq_khz =
4639 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]);
4640 freq_range->max_bandwidth_khz =
4641 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]);
4642
4643 power_rule->max_eirp =
4644 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]);
4645
4646 if (tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN])
4647 power_rule->max_antenna_gain =
4648 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]);
4649
4650 return 0;
4651 }
4652
4653 static int nl80211_req_set_reg(struct sk_buff *skb, struct genl_info *info)
4654 {
4655 int r;
4656 char *data = NULL;
4657 enum nl80211_user_reg_hint_type user_reg_hint_type;
4658
4659 /*
4660 * You should only get this when cfg80211 hasn't yet initialized
4661 * completely when built-in to the kernel right between the time
4662 * window between nl80211_init() and regulatory_init(), if that is
4663 * even possible.
4664 */
4665 if (unlikely(!rcu_access_pointer(cfg80211_regdomain)))
4666 return -EINPROGRESS;
4667
4668 if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
4669 return -EINVAL;
4670
4671 data = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
4672
4673 if (info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE])
4674 user_reg_hint_type =
4675 nla_get_u32(info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE]);
4676 else
4677 user_reg_hint_type = NL80211_USER_REG_HINT_USER;
4678
4679 switch (user_reg_hint_type) {
4680 case NL80211_USER_REG_HINT_USER:
4681 case NL80211_USER_REG_HINT_CELL_BASE:
4682 break;
4683 default:
4684 return -EINVAL;
4685 }
4686
4687 r = regulatory_hint_user(data, user_reg_hint_type);
4688
4689 return r;
4690 }
4691
4692 static int nl80211_get_mesh_config(struct sk_buff *skb,
4693 struct genl_info *info)
4694 {
4695 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4696 struct net_device *dev = info->user_ptr[1];
4697 struct wireless_dev *wdev = dev->ieee80211_ptr;
4698 struct mesh_config cur_params;
4699 int err = 0;
4700 void *hdr;
4701 struct nlattr *pinfoattr;
4702 struct sk_buff *msg;
4703
4704 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
4705 return -EOPNOTSUPP;
4706
4707 if (!rdev->ops->get_mesh_config)
4708 return -EOPNOTSUPP;
4709
4710 wdev_lock(wdev);
4711 /* If not connected, get default parameters */
4712 if (!wdev->mesh_id_len)
4713 memcpy(&cur_params, &default_mesh_config, sizeof(cur_params));
4714 else
4715 err = rdev_get_mesh_config(rdev, dev, &cur_params);
4716 wdev_unlock(wdev);
4717
4718 if (err)
4719 return err;
4720
4721 /* Draw up a netlink message to send back */
4722 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4723 if (!msg)
4724 return -ENOMEM;
4725 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
4726 NL80211_CMD_GET_MESH_CONFIG);
4727 if (!hdr)
4728 goto out;
4729 pinfoattr = nla_nest_start(msg, NL80211_ATTR_MESH_CONFIG);
4730 if (!pinfoattr)
4731 goto nla_put_failure;
4732 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
4733 nla_put_u16(msg, NL80211_MESHCONF_RETRY_TIMEOUT,
4734 cur_params.dot11MeshRetryTimeout) ||
4735 nla_put_u16(msg, NL80211_MESHCONF_CONFIRM_TIMEOUT,
4736 cur_params.dot11MeshConfirmTimeout) ||
4737 nla_put_u16(msg, NL80211_MESHCONF_HOLDING_TIMEOUT,
4738 cur_params.dot11MeshHoldingTimeout) ||
4739 nla_put_u16(msg, NL80211_MESHCONF_MAX_PEER_LINKS,
4740 cur_params.dot11MeshMaxPeerLinks) ||
4741 nla_put_u8(msg, NL80211_MESHCONF_MAX_RETRIES,
4742 cur_params.dot11MeshMaxRetries) ||
4743 nla_put_u8(msg, NL80211_MESHCONF_TTL,
4744 cur_params.dot11MeshTTL) ||
4745 nla_put_u8(msg, NL80211_MESHCONF_ELEMENT_TTL,
4746 cur_params.element_ttl) ||
4747 nla_put_u8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
4748 cur_params.auto_open_plinks) ||
4749 nla_put_u32(msg, NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
4750 cur_params.dot11MeshNbrOffsetMaxNeighbor) ||
4751 nla_put_u8(msg, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
4752 cur_params.dot11MeshHWMPmaxPREQretries) ||
4753 nla_put_u32(msg, NL80211_MESHCONF_PATH_REFRESH_TIME,
4754 cur_params.path_refresh_time) ||
4755 nla_put_u16(msg, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
4756 cur_params.min_discovery_timeout) ||
4757 nla_put_u32(msg, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
4758 cur_params.dot11MeshHWMPactivePathTimeout) ||
4759 nla_put_u16(msg, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
4760 cur_params.dot11MeshHWMPpreqMinInterval) ||
4761 nla_put_u16(msg, NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
4762 cur_params.dot11MeshHWMPperrMinInterval) ||
4763 nla_put_u16(msg, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
4764 cur_params.dot11MeshHWMPnetDiameterTraversalTime) ||
4765 nla_put_u8(msg, NL80211_MESHCONF_HWMP_ROOTMODE,
4766 cur_params.dot11MeshHWMPRootMode) ||
4767 nla_put_u16(msg, NL80211_MESHCONF_HWMP_RANN_INTERVAL,
4768 cur_params.dot11MeshHWMPRannInterval) ||
4769 nla_put_u8(msg, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
4770 cur_params.dot11MeshGateAnnouncementProtocol) ||
4771 nla_put_u8(msg, NL80211_MESHCONF_FORWARDING,
4772 cur_params.dot11MeshForwarding) ||
4773 nla_put_u32(msg, NL80211_MESHCONF_RSSI_THRESHOLD,
4774 cur_params.rssi_threshold) ||
4775 nla_put_u32(msg, NL80211_MESHCONF_HT_OPMODE,
4776 cur_params.ht_opmode) ||
4777 nla_put_u32(msg, NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
4778 cur_params.dot11MeshHWMPactivePathToRootTimeout) ||
4779 nla_put_u16(msg, NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
4780 cur_params.dot11MeshHWMProotInterval) ||
4781 nla_put_u16(msg, NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
4782 cur_params.dot11MeshHWMPconfirmationInterval) ||
4783 nla_put_u32(msg, NL80211_MESHCONF_POWER_MODE,
4784 cur_params.power_mode) ||
4785 nla_put_u16(msg, NL80211_MESHCONF_AWAKE_WINDOW,
4786 cur_params.dot11MeshAwakeWindowDuration) ||
4787 nla_put_u32(msg, NL80211_MESHCONF_PLINK_TIMEOUT,
4788 cur_params.plink_timeout))
4789 goto nla_put_failure;
4790 nla_nest_end(msg, pinfoattr);
4791 genlmsg_end(msg, hdr);
4792 return genlmsg_reply(msg, info);
4793
4794 nla_put_failure:
4795 genlmsg_cancel(msg, hdr);
4796 out:
4797 nlmsg_free(msg);
4798 return -ENOBUFS;
4799 }
4800
4801 static const struct nla_policy nl80211_meshconf_params_policy[NL80211_MESHCONF_ATTR_MAX+1] = {
4802 [NL80211_MESHCONF_RETRY_TIMEOUT] = { .type = NLA_U16 },
4803 [NL80211_MESHCONF_CONFIRM_TIMEOUT] = { .type = NLA_U16 },
4804 [NL80211_MESHCONF_HOLDING_TIMEOUT] = { .type = NLA_U16 },
4805 [NL80211_MESHCONF_MAX_PEER_LINKS] = { .type = NLA_U16 },
4806 [NL80211_MESHCONF_MAX_RETRIES] = { .type = NLA_U8 },
4807 [NL80211_MESHCONF_TTL] = { .type = NLA_U8 },
4808 [NL80211_MESHCONF_ELEMENT_TTL] = { .type = NLA_U8 },
4809 [NL80211_MESHCONF_AUTO_OPEN_PLINKS] = { .type = NLA_U8 },
4810 [NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR] = { .type = NLA_U32 },
4811 [NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES] = { .type = NLA_U8 },
4812 [NL80211_MESHCONF_PATH_REFRESH_TIME] = { .type = NLA_U32 },
4813 [NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT] = { .type = NLA_U16 },
4814 [NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT] = { .type = NLA_U32 },
4815 [NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL] = { .type = NLA_U16 },
4816 [NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL] = { .type = NLA_U16 },
4817 [NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME] = { .type = NLA_U16 },
4818 [NL80211_MESHCONF_HWMP_ROOTMODE] = { .type = NLA_U8 },
4819 [NL80211_MESHCONF_HWMP_RANN_INTERVAL] = { .type = NLA_U16 },
4820 [NL80211_MESHCONF_GATE_ANNOUNCEMENTS] = { .type = NLA_U8 },
4821 [NL80211_MESHCONF_FORWARDING] = { .type = NLA_U8 },
4822 [NL80211_MESHCONF_RSSI_THRESHOLD] = { .type = NLA_U32 },
4823 [NL80211_MESHCONF_HT_OPMODE] = { .type = NLA_U16 },
4824 [NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT] = { .type = NLA_U32 },
4825 [NL80211_MESHCONF_HWMP_ROOT_INTERVAL] = { .type = NLA_U16 },
4826 [NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL] = { .type = NLA_U16 },
4827 [NL80211_MESHCONF_POWER_MODE] = { .type = NLA_U32 },
4828 [NL80211_MESHCONF_AWAKE_WINDOW] = { .type = NLA_U16 },
4829 [NL80211_MESHCONF_PLINK_TIMEOUT] = { .type = NLA_U32 },
4830 };
4831
4832 static const struct nla_policy
4833 nl80211_mesh_setup_params_policy[NL80211_MESH_SETUP_ATTR_MAX+1] = {
4834 [NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC] = { .type = NLA_U8 },
4835 [NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL] = { .type = NLA_U8 },
4836 [NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC] = { .type = NLA_U8 },
4837 [NL80211_MESH_SETUP_USERSPACE_AUTH] = { .type = NLA_FLAG },
4838 [NL80211_MESH_SETUP_AUTH_PROTOCOL] = { .type = NLA_U8 },
4839 [NL80211_MESH_SETUP_USERSPACE_MPM] = { .type = NLA_FLAG },
4840 [NL80211_MESH_SETUP_IE] = { .type = NLA_BINARY,
4841 .len = IEEE80211_MAX_DATA_LEN },
4842 [NL80211_MESH_SETUP_USERSPACE_AMPE] = { .type = NLA_FLAG },
4843 };
4844
4845 static int nl80211_parse_mesh_config(struct genl_info *info,
4846 struct mesh_config *cfg,
4847 u32 *mask_out)
4848 {
4849 struct nlattr *tb[NL80211_MESHCONF_ATTR_MAX + 1];
4850 u32 mask = 0;
4851
4852 #define FILL_IN_MESH_PARAM_IF_SET(tb, cfg, param, min, max, mask, attr, fn) \
4853 do { \
4854 if (tb[attr]) { \
4855 if (fn(tb[attr]) < min || fn(tb[attr]) > max) \
4856 return -EINVAL; \
4857 cfg->param = fn(tb[attr]); \
4858 mask |= (1 << (attr - 1)); \
4859 } \
4860 } while (0)
4861
4862
4863 if (!info->attrs[NL80211_ATTR_MESH_CONFIG])
4864 return -EINVAL;
4865 if (nla_parse_nested(tb, NL80211_MESHCONF_ATTR_MAX,
4866 info->attrs[NL80211_ATTR_MESH_CONFIG],
4867 nl80211_meshconf_params_policy))
4868 return -EINVAL;
4869
4870 /* This makes sure that there aren't more than 32 mesh config
4871 * parameters (otherwise our bitfield scheme would not work.) */
4872 BUILD_BUG_ON(NL80211_MESHCONF_ATTR_MAX > 32);
4873
4874 /* Fill in the params struct */
4875 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshRetryTimeout, 1, 255,
4876 mask, NL80211_MESHCONF_RETRY_TIMEOUT,
4877 nla_get_u16);
4878 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConfirmTimeout, 1, 255,
4879 mask, NL80211_MESHCONF_CONFIRM_TIMEOUT,
4880 nla_get_u16);
4881 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHoldingTimeout, 1, 255,
4882 mask, NL80211_MESHCONF_HOLDING_TIMEOUT,
4883 nla_get_u16);
4884 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxPeerLinks, 0, 255,
4885 mask, NL80211_MESHCONF_MAX_PEER_LINKS,
4886 nla_get_u16);
4887 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxRetries, 0, 16,
4888 mask, NL80211_MESHCONF_MAX_RETRIES,
4889 nla_get_u8);
4890 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshTTL, 1, 255,
4891 mask, NL80211_MESHCONF_TTL, nla_get_u8);
4892 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, element_ttl, 1, 255,
4893 mask, NL80211_MESHCONF_ELEMENT_TTL,
4894 nla_get_u8);
4895 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, auto_open_plinks, 0, 1,
4896 mask, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
4897 nla_get_u8);
4898 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshNbrOffsetMaxNeighbor,
4899 1, 255, mask,
4900 NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
4901 nla_get_u32);
4902 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPmaxPREQretries, 0, 255,
4903 mask, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
4904 nla_get_u8);
4905 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, path_refresh_time, 1, 65535,
4906 mask, NL80211_MESHCONF_PATH_REFRESH_TIME,
4907 nla_get_u32);
4908 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, min_discovery_timeout, 1, 65535,
4909 mask, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
4910 nla_get_u16);
4911 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathTimeout,
4912 1, 65535, mask,
4913 NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
4914 nla_get_u32);
4915 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPpreqMinInterval,
4916 1, 65535, mask,
4917 NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
4918 nla_get_u16);
4919 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPperrMinInterval,
4920 1, 65535, mask,
4921 NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
4922 nla_get_u16);
4923 FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
4924 dot11MeshHWMPnetDiameterTraversalTime,
4925 1, 65535, mask,
4926 NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
4927 nla_get_u16);
4928 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRootMode, 0, 4,
4929 mask, NL80211_MESHCONF_HWMP_ROOTMODE,
4930 nla_get_u8);
4931 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRannInterval, 1, 65535,
4932 mask, NL80211_MESHCONF_HWMP_RANN_INTERVAL,
4933 nla_get_u16);
4934 FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
4935 dot11MeshGateAnnouncementProtocol, 0, 1,
4936 mask, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
4937 nla_get_u8);
4938 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshForwarding, 0, 1,
4939 mask, NL80211_MESHCONF_FORWARDING,
4940 nla_get_u8);
4941 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, rssi_threshold, -255, 0,
4942 mask, NL80211_MESHCONF_RSSI_THRESHOLD,
4943 nla_get_s32);
4944 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, ht_opmode, 0, 16,
4945 mask, NL80211_MESHCONF_HT_OPMODE,
4946 nla_get_u16);
4947 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathToRootTimeout,
4948 1, 65535, mask,
4949 NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
4950 nla_get_u32);
4951 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMProotInterval, 1, 65535,
4952 mask, NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
4953 nla_get_u16);
4954 FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
4955 dot11MeshHWMPconfirmationInterval,
4956 1, 65535, mask,
4957 NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
4958 nla_get_u16);
4959 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, power_mode,
4960 NL80211_MESH_POWER_ACTIVE,
4961 NL80211_MESH_POWER_MAX,
4962 mask, NL80211_MESHCONF_POWER_MODE,
4963 nla_get_u32);
4964 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshAwakeWindowDuration,
4965 0, 65535, mask,
4966 NL80211_MESHCONF_AWAKE_WINDOW, nla_get_u16);
4967 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, plink_timeout, 1, 0xffffffff,
4968 mask, NL80211_MESHCONF_PLINK_TIMEOUT,
4969 nla_get_u32);
4970 if (mask_out)
4971 *mask_out = mask;
4972
4973 return 0;
4974
4975 #undef FILL_IN_MESH_PARAM_IF_SET
4976 }
4977
4978 static int nl80211_parse_mesh_setup(struct genl_info *info,
4979 struct mesh_setup *setup)
4980 {
4981 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4982 struct nlattr *tb[NL80211_MESH_SETUP_ATTR_MAX + 1];
4983
4984 if (!info->attrs[NL80211_ATTR_MESH_SETUP])
4985 return -EINVAL;
4986 if (nla_parse_nested(tb, NL80211_MESH_SETUP_ATTR_MAX,
4987 info->attrs[NL80211_ATTR_MESH_SETUP],
4988 nl80211_mesh_setup_params_policy))
4989 return -EINVAL;
4990
4991 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])
4992 setup->sync_method =
4993 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])) ?
4994 IEEE80211_SYNC_METHOD_VENDOR :
4995 IEEE80211_SYNC_METHOD_NEIGHBOR_OFFSET;
4996
4997 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])
4998 setup->path_sel_proto =
4999 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])) ?
5000 IEEE80211_PATH_PROTOCOL_VENDOR :
5001 IEEE80211_PATH_PROTOCOL_HWMP;
5002
5003 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])
5004 setup->path_metric =
5005 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])) ?
5006 IEEE80211_PATH_METRIC_VENDOR :
5007 IEEE80211_PATH_METRIC_AIRTIME;
5008
5009
5010 if (tb[NL80211_MESH_SETUP_IE]) {
5011 struct nlattr *ieattr =
5012 tb[NL80211_MESH_SETUP_IE];
5013 if (!is_valid_ie_attr(ieattr))
5014 return -EINVAL;
5015 setup->ie = nla_data(ieattr);
5016 setup->ie_len = nla_len(ieattr);
5017 }
5018 if (tb[NL80211_MESH_SETUP_USERSPACE_MPM] &&
5019 !(rdev->wiphy.features & NL80211_FEATURE_USERSPACE_MPM))
5020 return -EINVAL;
5021 setup->user_mpm = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_MPM]);
5022 setup->is_authenticated = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AUTH]);
5023 setup->is_secure = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AMPE]);
5024 if (setup->is_secure)
5025 setup->user_mpm = true;
5026
5027 if (tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]) {
5028 if (!setup->user_mpm)
5029 return -EINVAL;
5030 setup->auth_id =
5031 nla_get_u8(tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]);
5032 }
5033
5034 return 0;
5035 }
5036
5037 static int nl80211_update_mesh_config(struct sk_buff *skb,
5038 struct genl_info *info)
5039 {
5040 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5041 struct net_device *dev = info->user_ptr[1];
5042 struct wireless_dev *wdev = dev->ieee80211_ptr;
5043 struct mesh_config cfg;
5044 u32 mask;
5045 int err;
5046
5047 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
5048 return -EOPNOTSUPP;
5049
5050 if (!rdev->ops->update_mesh_config)
5051 return -EOPNOTSUPP;
5052
5053 err = nl80211_parse_mesh_config(info, &cfg, &mask);
5054 if (err)
5055 return err;
5056
5057 wdev_lock(wdev);
5058 if (!wdev->mesh_id_len)
5059 err = -ENOLINK;
5060
5061 if (!err)
5062 err = rdev_update_mesh_config(rdev, dev, mask, &cfg);
5063
5064 wdev_unlock(wdev);
5065
5066 return err;
5067 }
5068
5069 static int nl80211_get_reg(struct sk_buff *skb, struct genl_info *info)
5070 {
5071 const struct ieee80211_regdomain *regdom;
5072 struct sk_buff *msg;
5073 void *hdr = NULL;
5074 struct nlattr *nl_reg_rules;
5075 unsigned int i;
5076
5077 if (!cfg80211_regdomain)
5078 return -EINVAL;
5079
5080 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5081 if (!msg)
5082 return -ENOBUFS;
5083
5084 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
5085 NL80211_CMD_GET_REG);
5086 if (!hdr)
5087 goto put_failure;
5088
5089 if (reg_last_request_cell_base() &&
5090 nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE,
5091 NL80211_USER_REG_HINT_CELL_BASE))
5092 goto nla_put_failure;
5093
5094 rcu_read_lock();
5095 regdom = rcu_dereference(cfg80211_regdomain);
5096
5097 if (nla_put_string(msg, NL80211_ATTR_REG_ALPHA2, regdom->alpha2) ||
5098 (regdom->dfs_region &&
5099 nla_put_u8(msg, NL80211_ATTR_DFS_REGION, regdom->dfs_region)))
5100 goto nla_put_failure_rcu;
5101
5102 nl_reg_rules = nla_nest_start(msg, NL80211_ATTR_REG_RULES);
5103 if (!nl_reg_rules)
5104 goto nla_put_failure_rcu;
5105
5106 for (i = 0; i < regdom->n_reg_rules; i++) {
5107 struct nlattr *nl_reg_rule;
5108 const struct ieee80211_reg_rule *reg_rule;
5109 const struct ieee80211_freq_range *freq_range;
5110 const struct ieee80211_power_rule *power_rule;
5111
5112 reg_rule = &regdom->reg_rules[i];
5113 freq_range = &reg_rule->freq_range;
5114 power_rule = &reg_rule->power_rule;
5115
5116 nl_reg_rule = nla_nest_start(msg, i);
5117 if (!nl_reg_rule)
5118 goto nla_put_failure_rcu;
5119
5120 if (nla_put_u32(msg, NL80211_ATTR_REG_RULE_FLAGS,
5121 reg_rule->flags) ||
5122 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_START,
5123 freq_range->start_freq_khz) ||
5124 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_END,
5125 freq_range->end_freq_khz) ||
5126 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_MAX_BW,
5127 freq_range->max_bandwidth_khz) ||
5128 nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN,
5129 power_rule->max_antenna_gain) ||
5130 nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_EIRP,
5131 power_rule->max_eirp))
5132 goto nla_put_failure_rcu;
5133
5134 nla_nest_end(msg, nl_reg_rule);
5135 }
5136 rcu_read_unlock();
5137
5138 nla_nest_end(msg, nl_reg_rules);
5139
5140 genlmsg_end(msg, hdr);
5141 return genlmsg_reply(msg, info);
5142
5143 nla_put_failure_rcu:
5144 rcu_read_unlock();
5145 nla_put_failure:
5146 genlmsg_cancel(msg, hdr);
5147 put_failure:
5148 nlmsg_free(msg);
5149 return -EMSGSIZE;
5150 }
5151
5152 static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info)
5153 {
5154 struct nlattr *tb[NL80211_REG_RULE_ATTR_MAX + 1];
5155 struct nlattr *nl_reg_rule;
5156 char *alpha2 = NULL;
5157 int rem_reg_rules = 0, r = 0;
5158 u32 num_rules = 0, rule_idx = 0, size_of_regd;
5159 enum nl80211_dfs_regions dfs_region = NL80211_DFS_UNSET;
5160 struct ieee80211_regdomain *rd = NULL;
5161
5162 if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
5163 return -EINVAL;
5164
5165 if (!info->attrs[NL80211_ATTR_REG_RULES])
5166 return -EINVAL;
5167
5168 alpha2 = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
5169
5170 if (info->attrs[NL80211_ATTR_DFS_REGION])
5171 dfs_region = nla_get_u8(info->attrs[NL80211_ATTR_DFS_REGION]);
5172
5173 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
5174 rem_reg_rules) {
5175 num_rules++;
5176 if (num_rules > NL80211_MAX_SUPP_REG_RULES)
5177 return -EINVAL;
5178 }
5179
5180 if (!reg_is_valid_request(alpha2))
5181 return -EINVAL;
5182
5183 size_of_regd = sizeof(struct ieee80211_regdomain) +
5184 num_rules * sizeof(struct ieee80211_reg_rule);
5185
5186 rd = kzalloc(size_of_regd, GFP_KERNEL);
5187 if (!rd)
5188 return -ENOMEM;
5189
5190 rd->n_reg_rules = num_rules;
5191 rd->alpha2[0] = alpha2[0];
5192 rd->alpha2[1] = alpha2[1];
5193
5194 /*
5195 * Disable DFS master mode if the DFS region was
5196 * not supported or known on this kernel.
5197 */
5198 if (reg_supported_dfs_region(dfs_region))
5199 rd->dfs_region = dfs_region;
5200
5201 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
5202 rem_reg_rules) {
5203 r = nla_parse(tb, NL80211_REG_RULE_ATTR_MAX,
5204 nla_data(nl_reg_rule), nla_len(nl_reg_rule),
5205 reg_rule_policy);
5206 if (r)
5207 goto bad_reg;
5208 r = parse_reg_rule(tb, &rd->reg_rules[rule_idx]);
5209 if (r)
5210 goto bad_reg;
5211
5212 rule_idx++;
5213
5214 if (rule_idx > NL80211_MAX_SUPP_REG_RULES) {
5215 r = -EINVAL;
5216 goto bad_reg;
5217 }
5218 }
5219
5220 r = set_regdom(rd);
5221 /* set_regdom took ownership */
5222 rd = NULL;
5223
5224 bad_reg:
5225 kfree(rd);
5226 return r;
5227 }
5228
5229 static int validate_scan_freqs(struct nlattr *freqs)
5230 {
5231 struct nlattr *attr1, *attr2;
5232 int n_channels = 0, tmp1, tmp2;
5233
5234 nla_for_each_nested(attr1, freqs, tmp1) {
5235 n_channels++;
5236 /*
5237 * Some hardware has a limited channel list for
5238 * scanning, and it is pretty much nonsensical
5239 * to scan for a channel twice, so disallow that
5240 * and don't require drivers to check that the
5241 * channel list they get isn't longer than what
5242 * they can scan, as long as they can scan all
5243 * the channels they registered at once.
5244 */
5245 nla_for_each_nested(attr2, freqs, tmp2)
5246 if (attr1 != attr2 &&
5247 nla_get_u32(attr1) == nla_get_u32(attr2))
5248 return 0;
5249 }
5250
5251 return n_channels;
5252 }
5253
5254 static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info)
5255 {
5256 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5257 struct wireless_dev *wdev = info->user_ptr[1];
5258 struct cfg80211_scan_request *request;
5259 struct nlattr *attr;
5260 struct wiphy *wiphy;
5261 int err, tmp, n_ssids = 0, n_channels, i;
5262 size_t ie_len;
5263
5264 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
5265 return -EINVAL;
5266
5267 wiphy = &rdev->wiphy;
5268
5269 if (!rdev->ops->scan)
5270 return -EOPNOTSUPP;
5271
5272 if (rdev->scan_req) {
5273 err = -EBUSY;
5274 goto unlock;
5275 }
5276
5277 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
5278 n_channels = validate_scan_freqs(
5279 info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
5280 if (!n_channels) {
5281 err = -EINVAL;
5282 goto unlock;
5283 }
5284 } else {
5285 n_channels = ieee80211_get_num_supported_channels(wiphy);
5286 }
5287
5288 if (info->attrs[NL80211_ATTR_SCAN_SSIDS])
5289 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp)
5290 n_ssids++;
5291
5292 if (n_ssids > wiphy->max_scan_ssids) {
5293 err = -EINVAL;
5294 goto unlock;
5295 }
5296
5297 if (info->attrs[NL80211_ATTR_IE])
5298 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
5299 else
5300 ie_len = 0;
5301
5302 if (ie_len > wiphy->max_scan_ie_len) {
5303 err = -EINVAL;
5304 goto unlock;
5305 }
5306
5307 request = kzalloc(sizeof(*request)
5308 + sizeof(*request->ssids) * n_ssids
5309 + sizeof(*request->channels) * n_channels
5310 + ie_len, GFP_KERNEL);
5311 if (!request) {
5312 err = -ENOMEM;
5313 goto unlock;
5314 }
5315
5316 if (n_ssids)
5317 request->ssids = (void *)&request->channels[n_channels];
5318 request->n_ssids = n_ssids;
5319 if (ie_len) {
5320 if (request->ssids)
5321 request->ie = (void *)(request->ssids + n_ssids);
5322 else
5323 request->ie = (void *)(request->channels + n_channels);
5324 }
5325
5326 i = 0;
5327 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
5328 /* user specified, bail out if channel not found */
5329 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_FREQUENCIES], tmp) {
5330 struct ieee80211_channel *chan;
5331
5332 chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
5333
5334 if (!chan) {
5335 err = -EINVAL;
5336 goto out_free;
5337 }
5338
5339 /* ignore disabled channels */
5340 if (chan->flags & IEEE80211_CHAN_DISABLED)
5341 continue;
5342
5343 request->channels[i] = chan;
5344 i++;
5345 }
5346 } else {
5347 enum ieee80211_band band;
5348
5349 /* all channels */
5350 for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
5351 int j;
5352 if (!wiphy->bands[band])
5353 continue;
5354 for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
5355 struct ieee80211_channel *chan;
5356
5357 chan = &wiphy->bands[band]->channels[j];
5358
5359 if (chan->flags & IEEE80211_CHAN_DISABLED)
5360 continue;
5361
5362 request->channels[i] = chan;
5363 i++;
5364 }
5365 }
5366 }
5367
5368 if (!i) {
5369 err = -EINVAL;
5370 goto out_free;
5371 }
5372
5373 request->n_channels = i;
5374
5375 i = 0;
5376 if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) {
5377 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) {
5378 if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
5379 err = -EINVAL;
5380 goto out_free;
5381 }
5382 request->ssids[i].ssid_len = nla_len(attr);
5383 memcpy(request->ssids[i].ssid, nla_data(attr), nla_len(attr));
5384 i++;
5385 }
5386 }
5387
5388 if (info->attrs[NL80211_ATTR_IE]) {
5389 request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
5390 memcpy((void *)request->ie,
5391 nla_data(info->attrs[NL80211_ATTR_IE]),
5392 request->ie_len);
5393 }
5394
5395 for (i = 0; i < IEEE80211_NUM_BANDS; i++)
5396 if (wiphy->bands[i])
5397 request->rates[i] =
5398 (1 << wiphy->bands[i]->n_bitrates) - 1;
5399
5400 if (info->attrs[NL80211_ATTR_SCAN_SUPP_RATES]) {
5401 nla_for_each_nested(attr,
5402 info->attrs[NL80211_ATTR_SCAN_SUPP_RATES],
5403 tmp) {
5404 enum ieee80211_band band = nla_type(attr);
5405
5406 if (band < 0 || band >= IEEE80211_NUM_BANDS) {
5407 err = -EINVAL;
5408 goto out_free;
5409 }
5410
5411 if (!wiphy->bands[band])
5412 continue;
5413
5414 err = ieee80211_get_ratemask(wiphy->bands[band],
5415 nla_data(attr),
5416 nla_len(attr),
5417 &request->rates[band]);
5418 if (err)
5419 goto out_free;
5420 }
5421 }
5422
5423 if (info->attrs[NL80211_ATTR_SCAN_FLAGS]) {
5424 request->flags = nla_get_u32(
5425 info->attrs[NL80211_ATTR_SCAN_FLAGS]);
5426 if ((request->flags & NL80211_SCAN_FLAG_LOW_PRIORITY) &&
5427 !(wiphy->features & NL80211_FEATURE_LOW_PRIORITY_SCAN)) {
5428 err = -EOPNOTSUPP;
5429 goto out_free;
5430 }
5431 }
5432
5433 request->no_cck =
5434 nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
5435
5436 request->wdev = wdev;
5437 request->wiphy = &rdev->wiphy;
5438 request->scan_start = jiffies;
5439
5440 rdev->scan_req = request;
5441 err = rdev_scan(rdev, request);
5442
5443 if (!err) {
5444 nl80211_send_scan_start(rdev, wdev);
5445 if (wdev->netdev)
5446 dev_hold(wdev->netdev);
5447 } else {
5448 out_free:
5449 rdev->scan_req = NULL;
5450 kfree(request);
5451 }
5452
5453 unlock:
5454 return err;
5455 }
5456
5457 static int nl80211_start_sched_scan(struct sk_buff *skb,
5458 struct genl_info *info)
5459 {
5460 struct cfg80211_sched_scan_request *request;
5461 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5462 struct net_device *dev = info->user_ptr[1];
5463 struct nlattr *attr;
5464 struct wiphy *wiphy;
5465 int err, tmp, n_ssids = 0, n_match_sets = 0, n_channels, i;
5466 u32 interval;
5467 enum ieee80211_band band;
5468 size_t ie_len;
5469 struct nlattr *tb[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1];
5470 s32 default_match_rssi = NL80211_SCAN_RSSI_THOLD_OFF;
5471
5472 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) ||
5473 !rdev->ops->sched_scan_start)
5474 return -EOPNOTSUPP;
5475
5476 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
5477 return -EINVAL;
5478
5479 if (!info->attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
5480 return -EINVAL;
5481
5482 interval = nla_get_u32(info->attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]);
5483 if (interval == 0)
5484 return -EINVAL;
5485
5486 wiphy = &rdev->wiphy;
5487
5488 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
5489 n_channels = validate_scan_freqs(
5490 info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
5491 if (!n_channels)
5492 return -EINVAL;
5493 } else {
5494 n_channels = ieee80211_get_num_supported_channels(wiphy);
5495 }
5496
5497 if (info->attrs[NL80211_ATTR_SCAN_SSIDS])
5498 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS],
5499 tmp)
5500 n_ssids++;
5501
5502 if (n_ssids > wiphy->max_sched_scan_ssids)
5503 return -EINVAL;
5504
5505 /*
5506 * First, count the number of 'real' matchsets. Due to an issue with
5507 * the old implementation, matchsets containing only the RSSI attribute
5508 * (NL80211_SCHED_SCAN_MATCH_ATTR_RSSI) are considered as the 'default'
5509 * RSSI for all matchsets, rather than their own matchset for reporting
5510 * all APs with a strong RSSI. This is needed to be compatible with
5511 * older userspace that treated a matchset with only the RSSI as the
5512 * global RSSI for all other matchsets - if there are other matchsets.
5513 */
5514 if (info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
5515 nla_for_each_nested(attr,
5516 info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
5517 tmp) {
5518 struct nlattr *rssi;
5519
5520 err = nla_parse(tb, NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
5521 nla_data(attr), nla_len(attr),
5522 nl80211_match_policy);
5523 if (err)
5524 return err;
5525 /* add other standalone attributes here */
5526 if (tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID]) {
5527 n_match_sets++;
5528 continue;
5529 }
5530 rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
5531 if (rssi)
5532 default_match_rssi = nla_get_s32(rssi);
5533 }
5534 }
5535
5536 /* However, if there's no other matchset, add the RSSI one */
5537 if (!n_match_sets && default_match_rssi != NL80211_SCAN_RSSI_THOLD_OFF)
5538 n_match_sets = 1;
5539
5540 if (n_match_sets > wiphy->max_match_sets)
5541 return -EINVAL;
5542
5543 if (info->attrs[NL80211_ATTR_IE])
5544 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
5545 else
5546 ie_len = 0;
5547
5548 if (ie_len > wiphy->max_sched_scan_ie_len)
5549 return -EINVAL;
5550
5551 if (rdev->sched_scan_req) {
5552 err = -EINPROGRESS;
5553 goto out;
5554 }
5555
5556 request = kzalloc(sizeof(*request)
5557 + sizeof(*request->ssids) * n_ssids
5558 + sizeof(*request->match_sets) * n_match_sets
5559 + sizeof(*request->channels) * n_channels
5560 + ie_len, GFP_KERNEL);
5561 if (!request) {
5562 err = -ENOMEM;
5563 goto out;
5564 }
5565
5566 if (n_ssids)
5567 request->ssids = (void *)&request->channels[n_channels];
5568 request->n_ssids = n_ssids;
5569 if (ie_len) {
5570 if (request->ssids)
5571 request->ie = (void *)(request->ssids + n_ssids);
5572 else
5573 request->ie = (void *)(request->channels + n_channels);
5574 }
5575
5576 if (n_match_sets) {
5577 if (request->ie)
5578 request->match_sets = (void *)(request->ie + ie_len);
5579 else if (request->ssids)
5580 request->match_sets =
5581 (void *)(request->ssids + n_ssids);
5582 else
5583 request->match_sets =
5584 (void *)(request->channels + n_channels);
5585 }
5586 request->n_match_sets = n_match_sets;
5587
5588 i = 0;
5589 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
5590 /* user specified, bail out if channel not found */
5591 nla_for_each_nested(attr,
5592 info->attrs[NL80211_ATTR_SCAN_FREQUENCIES],
5593 tmp) {
5594 struct ieee80211_channel *chan;
5595
5596 chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
5597
5598 if (!chan) {
5599 err = -EINVAL;
5600 goto out_free;
5601 }
5602
5603 /* ignore disabled channels */
5604 if (chan->flags & IEEE80211_CHAN_DISABLED)
5605 continue;
5606
5607 request->channels[i] = chan;
5608 i++;
5609 }
5610 } else {
5611 /* all channels */
5612 for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
5613 int j;
5614 if (!wiphy->bands[band])
5615 continue;
5616 for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
5617 struct ieee80211_channel *chan;
5618
5619 chan = &wiphy->bands[band]->channels[j];
5620
5621 if (chan->flags & IEEE80211_CHAN_DISABLED)
5622 continue;
5623
5624 request->channels[i] = chan;
5625 i++;
5626 }
5627 }
5628 }
5629
5630 if (!i) {
5631 err = -EINVAL;
5632 goto out_free;
5633 }
5634
5635 request->n_channels = i;
5636
5637 i = 0;
5638 if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) {
5639 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS],
5640 tmp) {
5641 if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
5642 err = -EINVAL;
5643 goto out_free;
5644 }
5645 request->ssids[i].ssid_len = nla_len(attr);
5646 memcpy(request->ssids[i].ssid, nla_data(attr),
5647 nla_len(attr));
5648 i++;
5649 }
5650 }
5651
5652 i = 0;
5653 if (info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
5654 nla_for_each_nested(attr,
5655 info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
5656 tmp) {
5657 struct nlattr *ssid, *rssi;
5658
5659 err = nla_parse(tb, NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
5660 nla_data(attr), nla_len(attr),
5661 nl80211_match_policy);
5662 if (err)
5663 goto out_free;
5664 ssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID];
5665 if (ssid) {
5666 if (WARN_ON(i >= n_match_sets)) {
5667 /* this indicates a programming error,
5668 * the loop above should have verified
5669 * things properly
5670 */
5671 err = -EINVAL;
5672 goto out_free;
5673 }
5674
5675 if (nla_len(ssid) > IEEE80211_MAX_SSID_LEN) {
5676 err = -EINVAL;
5677 goto out_free;
5678 }
5679 memcpy(request->match_sets[i].ssid.ssid,
5680 nla_data(ssid), nla_len(ssid));
5681 request->match_sets[i].ssid.ssid_len =
5682 nla_len(ssid);
5683 /* special attribute - old implemenation w/a */
5684 request->match_sets[i].rssi_thold =
5685 default_match_rssi;
5686 rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
5687 if (rssi)
5688 request->match_sets[i].rssi_thold =
5689 nla_get_s32(rssi);
5690 }
5691 i++;
5692 }
5693
5694 /* there was no other matchset, so the RSSI one is alone */
5695 if (i == 0)
5696 request->match_sets[0].rssi_thold = default_match_rssi;
5697
5698 request->min_rssi_thold = INT_MAX;
5699 for (i = 0; i < n_match_sets; i++)
5700 request->min_rssi_thold =
5701 min(request->match_sets[i].rssi_thold,
5702 request->min_rssi_thold);
5703 } else {
5704 request->min_rssi_thold = NL80211_SCAN_RSSI_THOLD_OFF;
5705 }
5706
5707 if (info->attrs[NL80211_ATTR_IE]) {
5708 request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
5709 memcpy((void *)request->ie,
5710 nla_data(info->attrs[NL80211_ATTR_IE]),
5711 request->ie_len);
5712 }
5713
5714 if (info->attrs[NL80211_ATTR_SCAN_FLAGS]) {
5715 request->flags = nla_get_u32(
5716 info->attrs[NL80211_ATTR_SCAN_FLAGS]);
5717 if ((request->flags & NL80211_SCAN_FLAG_LOW_PRIORITY) &&
5718 !(wiphy->features & NL80211_FEATURE_LOW_PRIORITY_SCAN)) {
5719 err = -EOPNOTSUPP;
5720 goto out_free;
5721 }
5722 }
5723
5724 request->dev = dev;
5725 request->wiphy = &rdev->wiphy;
5726 request->interval = interval;
5727 request->scan_start = jiffies;
5728
5729 err = rdev_sched_scan_start(rdev, dev, request);
5730 if (!err) {
5731 rdev->sched_scan_req = request;
5732 nl80211_send_sched_scan(rdev, dev,
5733 NL80211_CMD_START_SCHED_SCAN);
5734 goto out;
5735 }
5736
5737 out_free:
5738 kfree(request);
5739 out:
5740 return err;
5741 }
5742
5743 static int nl80211_stop_sched_scan(struct sk_buff *skb,
5744 struct genl_info *info)
5745 {
5746 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5747
5748 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) ||
5749 !rdev->ops->sched_scan_stop)
5750 return -EOPNOTSUPP;
5751
5752 return __cfg80211_stop_sched_scan(rdev, false);
5753 }
5754
5755 static int nl80211_start_radar_detection(struct sk_buff *skb,
5756 struct genl_info *info)
5757 {
5758 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5759 struct net_device *dev = info->user_ptr[1];
5760 struct wireless_dev *wdev = dev->ieee80211_ptr;
5761 struct cfg80211_chan_def chandef;
5762 enum nl80211_dfs_regions dfs_region;
5763 int err;
5764
5765 dfs_region = reg_get_dfs_region(wdev->wiphy);
5766 if (dfs_region == NL80211_DFS_UNSET)
5767 return -EINVAL;
5768
5769 err = nl80211_parse_chandef(rdev, info, &chandef);
5770 if (err)
5771 return err;
5772
5773 if (netif_carrier_ok(dev))
5774 return -EBUSY;
5775
5776 if (wdev->cac_started)
5777 return -EBUSY;
5778
5779 err = cfg80211_chandef_dfs_required(wdev->wiphy, &chandef);
5780 if (err < 0)
5781 return err;
5782
5783 if (err == 0)
5784 return -EINVAL;
5785
5786 if (!cfg80211_chandef_dfs_usable(wdev->wiphy, &chandef))
5787 return -EINVAL;
5788
5789 if (!rdev->ops->start_radar_detection)
5790 return -EOPNOTSUPP;
5791
5792 err = cfg80211_can_use_iftype_chan(rdev, wdev, wdev->iftype,
5793 chandef.chan, CHAN_MODE_SHARED,
5794 BIT(chandef.width));
5795 if (err)
5796 return err;
5797
5798 err = rdev->ops->start_radar_detection(&rdev->wiphy, dev, &chandef);
5799 if (!err) {
5800 wdev->channel = chandef.chan;
5801 wdev->cac_started = true;
5802 wdev->cac_start_time = jiffies;
5803 }
5804 return err;
5805 }
5806
5807 static int nl80211_channel_switch(struct sk_buff *skb, struct genl_info *info)
5808 {
5809 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5810 struct net_device *dev = info->user_ptr[1];
5811 struct wireless_dev *wdev = dev->ieee80211_ptr;
5812 struct cfg80211_csa_settings params;
5813 /* csa_attrs is defined static to avoid waste of stack size - this
5814 * function is called under RTNL lock, so this should not be a problem.
5815 */
5816 static struct nlattr *csa_attrs[NL80211_ATTR_MAX+1];
5817 u8 radar_detect_width = 0;
5818 int err;
5819 bool need_new_beacon = false;
5820
5821 if (!rdev->ops->channel_switch ||
5822 !(rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH))
5823 return -EOPNOTSUPP;
5824
5825 switch (dev->ieee80211_ptr->iftype) {
5826 case NL80211_IFTYPE_AP:
5827 case NL80211_IFTYPE_P2P_GO:
5828 need_new_beacon = true;
5829
5830 /* useless if AP is not running */
5831 if (!wdev->beacon_interval)
5832 return -ENOTCONN;
5833 break;
5834 case NL80211_IFTYPE_ADHOC:
5835 if (!wdev->ssid_len)
5836 return -ENOTCONN;
5837 break;
5838 case NL80211_IFTYPE_MESH_POINT:
5839 if (!wdev->mesh_id_len)
5840 return -ENOTCONN;
5841 break;
5842 default:
5843 return -EOPNOTSUPP;
5844 }
5845
5846 memset(&params, 0, sizeof(params));
5847
5848 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
5849 !info->attrs[NL80211_ATTR_CH_SWITCH_COUNT])
5850 return -EINVAL;
5851
5852 /* only important for AP, IBSS and mesh create IEs internally */
5853 if (need_new_beacon && !info->attrs[NL80211_ATTR_CSA_IES])
5854 return -EINVAL;
5855
5856 params.count = nla_get_u32(info->attrs[NL80211_ATTR_CH_SWITCH_COUNT]);
5857
5858 if (!need_new_beacon)
5859 goto skip_beacons;
5860
5861 err = nl80211_parse_beacon(info->attrs, &params.beacon_after);
5862 if (err)
5863 return err;
5864
5865 err = nla_parse_nested(csa_attrs, NL80211_ATTR_MAX,
5866 info->attrs[NL80211_ATTR_CSA_IES],
5867 nl80211_policy);
5868 if (err)
5869 return err;
5870
5871 err = nl80211_parse_beacon(csa_attrs, &params.beacon_csa);
5872 if (err)
5873 return err;
5874
5875 if (!csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON])
5876 return -EINVAL;
5877
5878 params.counter_offset_beacon =
5879 nla_get_u16(csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON]);
5880 if (params.counter_offset_beacon >= params.beacon_csa.tail_len)
5881 return -EINVAL;
5882
5883 /* sanity check - counters should be the same */
5884 if (params.beacon_csa.tail[params.counter_offset_beacon] !=
5885 params.count)
5886 return -EINVAL;
5887
5888 if (csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]) {
5889 params.counter_offset_presp =
5890 nla_get_u16(csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]);
5891 if (params.counter_offset_presp >=
5892 params.beacon_csa.probe_resp_len)
5893 return -EINVAL;
5894
5895 if (params.beacon_csa.probe_resp[params.counter_offset_presp] !=
5896 params.count)
5897 return -EINVAL;
5898 }
5899
5900 skip_beacons:
5901 err = nl80211_parse_chandef(rdev, info, &params.chandef);
5902 if (err)
5903 return err;
5904
5905 if (!cfg80211_reg_can_beacon(&rdev->wiphy, &params.chandef))
5906 return -EINVAL;
5907
5908 if (dev->ieee80211_ptr->iftype == NL80211_IFTYPE_AP ||
5909 dev->ieee80211_ptr->iftype == NL80211_IFTYPE_P2P_GO ||
5910 dev->ieee80211_ptr->iftype == NL80211_IFTYPE_ADHOC) {
5911 err = cfg80211_chandef_dfs_required(wdev->wiphy,
5912 &params.chandef);
5913 if (err < 0) {
5914 return err;
5915 } else if (err) {
5916 radar_detect_width = BIT(params.chandef.width);
5917 params.radar_required = true;
5918 }
5919 }
5920
5921 err = cfg80211_can_use_iftype_chan(rdev, wdev, wdev->iftype,
5922 params.chandef.chan,
5923 CHAN_MODE_SHARED,
5924 radar_detect_width);
5925 if (err)
5926 return err;
5927
5928 if (info->attrs[NL80211_ATTR_CH_SWITCH_BLOCK_TX])
5929 params.block_tx = true;
5930
5931 wdev_lock(wdev);
5932 err = rdev_channel_switch(rdev, dev, &params);
5933 wdev_unlock(wdev);
5934
5935 return err;
5936 }
5937
5938 static int nl80211_send_bss(struct sk_buff *msg, struct netlink_callback *cb,
5939 u32 seq, int flags,
5940 struct cfg80211_registered_device *rdev,
5941 struct wireless_dev *wdev,
5942 struct cfg80211_internal_bss *intbss)
5943 {
5944 struct cfg80211_bss *res = &intbss->pub;
5945 const struct cfg80211_bss_ies *ies;
5946 void *hdr;
5947 struct nlattr *bss;
5948 bool tsf = false;
5949
5950 ASSERT_WDEV_LOCK(wdev);
5951
5952 hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags,
5953 NL80211_CMD_NEW_SCAN_RESULTS);
5954 if (!hdr)
5955 return -1;
5956
5957 genl_dump_check_consistent(cb, hdr, &nl80211_fam);
5958
5959 if (nla_put_u32(msg, NL80211_ATTR_GENERATION, rdev->bss_generation))
5960 goto nla_put_failure;
5961 if (wdev->netdev &&
5962 nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex))
5963 goto nla_put_failure;
5964 if (nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
5965 goto nla_put_failure;
5966
5967 bss = nla_nest_start(msg, NL80211_ATTR_BSS);
5968 if (!bss)
5969 goto nla_put_failure;
5970 if ((!is_zero_ether_addr(res->bssid) &&
5971 nla_put(msg, NL80211_BSS_BSSID, ETH_ALEN, res->bssid)))
5972 goto nla_put_failure;
5973
5974 rcu_read_lock();
5975 ies = rcu_dereference(res->ies);
5976 if (ies) {
5977 if (nla_put_u64(msg, NL80211_BSS_TSF, ies->tsf))
5978 goto fail_unlock_rcu;
5979 tsf = true;
5980 if (ies->len && nla_put(msg, NL80211_BSS_INFORMATION_ELEMENTS,
5981 ies->len, ies->data))
5982 goto fail_unlock_rcu;
5983 }
5984 ies = rcu_dereference(res->beacon_ies);
5985 if (ies) {
5986 if (!tsf && nla_put_u64(msg, NL80211_BSS_TSF, ies->tsf))
5987 goto fail_unlock_rcu;
5988 if (ies->len && nla_put(msg, NL80211_BSS_BEACON_IES,
5989 ies->len, ies->data))
5990 goto fail_unlock_rcu;
5991 }
5992 rcu_read_unlock();
5993
5994 if (res->beacon_interval &&
5995 nla_put_u16(msg, NL80211_BSS_BEACON_INTERVAL, res->beacon_interval))
5996 goto nla_put_failure;
5997 if (nla_put_u16(msg, NL80211_BSS_CAPABILITY, res->capability) ||
5998 nla_put_u32(msg, NL80211_BSS_FREQUENCY, res->channel->center_freq) ||
5999 nla_put_u32(msg, NL80211_BSS_CHAN_WIDTH, res->scan_width) ||
6000 nla_put_u32(msg, NL80211_BSS_SEEN_MS_AGO,
6001 jiffies_to_msecs(jiffies - intbss->ts)))
6002 goto nla_put_failure;
6003
6004 switch (rdev->wiphy.signal_type) {
6005 case CFG80211_SIGNAL_TYPE_MBM:
6006 if (nla_put_u32(msg, NL80211_BSS_SIGNAL_MBM, res->signal))
6007 goto nla_put_failure;
6008 break;
6009 case CFG80211_SIGNAL_TYPE_UNSPEC:
6010 if (nla_put_u8(msg, NL80211_BSS_SIGNAL_UNSPEC, res->signal))
6011 goto nla_put_failure;
6012 break;
6013 default:
6014 break;
6015 }
6016
6017 switch (wdev->iftype) {
6018 case NL80211_IFTYPE_P2P_CLIENT:
6019 case NL80211_IFTYPE_STATION:
6020 if (intbss == wdev->current_bss &&
6021 nla_put_u32(msg, NL80211_BSS_STATUS,
6022 NL80211_BSS_STATUS_ASSOCIATED))
6023 goto nla_put_failure;
6024 break;
6025 case NL80211_IFTYPE_ADHOC:
6026 if (intbss == wdev->current_bss &&
6027 nla_put_u32(msg, NL80211_BSS_STATUS,
6028 NL80211_BSS_STATUS_IBSS_JOINED))
6029 goto nla_put_failure;
6030 break;
6031 default:
6032 break;
6033 }
6034
6035 nla_nest_end(msg, bss);
6036
6037 return genlmsg_end(msg, hdr);
6038
6039 fail_unlock_rcu:
6040 rcu_read_unlock();
6041 nla_put_failure:
6042 genlmsg_cancel(msg, hdr);
6043 return -EMSGSIZE;
6044 }
6045
6046 static int nl80211_dump_scan(struct sk_buff *skb, struct netlink_callback *cb)
6047 {
6048 struct cfg80211_registered_device *rdev;
6049 struct cfg80211_internal_bss *scan;
6050 struct wireless_dev *wdev;
6051 int start = cb->args[2], idx = 0;
6052 int err;
6053
6054 err = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev);
6055 if (err)
6056 return err;
6057
6058 wdev_lock(wdev);
6059 spin_lock_bh(&rdev->bss_lock);
6060 cfg80211_bss_expire(rdev);
6061
6062 cb->seq = rdev->bss_generation;
6063
6064 list_for_each_entry(scan, &rdev->bss_list, list) {
6065 if (++idx <= start)
6066 continue;
6067 if (nl80211_send_bss(skb, cb,
6068 cb->nlh->nlmsg_seq, NLM_F_MULTI,
6069 rdev, wdev, scan) < 0) {
6070 idx--;
6071 break;
6072 }
6073 }
6074
6075 spin_unlock_bh(&rdev->bss_lock);
6076 wdev_unlock(wdev);
6077
6078 cb->args[2] = idx;
6079 nl80211_finish_wdev_dump(rdev);
6080
6081 return skb->len;
6082 }
6083
6084 static int nl80211_send_survey(struct sk_buff *msg, u32 portid, u32 seq,
6085 int flags, struct net_device *dev,
6086 struct survey_info *survey)
6087 {
6088 void *hdr;
6089 struct nlattr *infoattr;
6090
6091 hdr = nl80211hdr_put(msg, portid, seq, flags,
6092 NL80211_CMD_NEW_SURVEY_RESULTS);
6093 if (!hdr)
6094 return -ENOMEM;
6095
6096 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
6097 goto nla_put_failure;
6098
6099 infoattr = nla_nest_start(msg, NL80211_ATTR_SURVEY_INFO);
6100 if (!infoattr)
6101 goto nla_put_failure;
6102
6103 if (nla_put_u32(msg, NL80211_SURVEY_INFO_FREQUENCY,
6104 survey->channel->center_freq))
6105 goto nla_put_failure;
6106
6107 if ((survey->filled & SURVEY_INFO_NOISE_DBM) &&
6108 nla_put_u8(msg, NL80211_SURVEY_INFO_NOISE, survey->noise))
6109 goto nla_put_failure;
6110 if ((survey->filled & SURVEY_INFO_IN_USE) &&
6111 nla_put_flag(msg, NL80211_SURVEY_INFO_IN_USE))
6112 goto nla_put_failure;
6113 if ((survey->filled & SURVEY_INFO_CHANNEL_TIME) &&
6114 nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME,
6115 survey->channel_time))
6116 goto nla_put_failure;
6117 if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_BUSY) &&
6118 nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_BUSY,
6119 survey->channel_time_busy))
6120 goto nla_put_failure;
6121 if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_EXT_BUSY) &&
6122 nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_EXT_BUSY,
6123 survey->channel_time_ext_busy))
6124 goto nla_put_failure;
6125 if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_RX) &&
6126 nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_RX,
6127 survey->channel_time_rx))
6128 goto nla_put_failure;
6129 if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_TX) &&
6130 nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_TX,
6131 survey->channel_time_tx))
6132 goto nla_put_failure;
6133
6134 nla_nest_end(msg, infoattr);
6135
6136 return genlmsg_end(msg, hdr);
6137
6138 nla_put_failure:
6139 genlmsg_cancel(msg, hdr);
6140 return -EMSGSIZE;
6141 }
6142
6143 static int nl80211_dump_survey(struct sk_buff *skb,
6144 struct netlink_callback *cb)
6145 {
6146 struct survey_info survey;
6147 struct cfg80211_registered_device *dev;
6148 struct wireless_dev *wdev;
6149 int survey_idx = cb->args[2];
6150 int res;
6151
6152 res = nl80211_prepare_wdev_dump(skb, cb, &dev, &wdev);
6153 if (res)
6154 return res;
6155
6156 if (!wdev->netdev) {
6157 res = -EINVAL;
6158 goto out_err;
6159 }
6160
6161 if (!dev->ops->dump_survey) {
6162 res = -EOPNOTSUPP;
6163 goto out_err;
6164 }
6165
6166 while (1) {
6167 struct ieee80211_channel *chan;
6168
6169 res = rdev_dump_survey(dev, wdev->netdev, survey_idx, &survey);
6170 if (res == -ENOENT)
6171 break;
6172 if (res)
6173 goto out_err;
6174
6175 /* Survey without a channel doesn't make sense */
6176 if (!survey.channel) {
6177 res = -EINVAL;
6178 goto out;
6179 }
6180
6181 chan = ieee80211_get_channel(&dev->wiphy,
6182 survey.channel->center_freq);
6183 if (!chan || chan->flags & IEEE80211_CHAN_DISABLED) {
6184 survey_idx++;
6185 continue;
6186 }
6187
6188 if (nl80211_send_survey(skb,
6189 NETLINK_CB(cb->skb).portid,
6190 cb->nlh->nlmsg_seq, NLM_F_MULTI,
6191 wdev->netdev, &survey) < 0)
6192 goto out;
6193 survey_idx++;
6194 }
6195
6196 out:
6197 cb->args[2] = survey_idx;
6198 res = skb->len;
6199 out_err:
6200 nl80211_finish_wdev_dump(dev);
6201 return res;
6202 }
6203
6204 static bool nl80211_valid_wpa_versions(u32 wpa_versions)
6205 {
6206 return !(wpa_versions & ~(NL80211_WPA_VERSION_1 |
6207 NL80211_WPA_VERSION_2));
6208 }
6209
6210 static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info)
6211 {
6212 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6213 struct net_device *dev = info->user_ptr[1];
6214 struct ieee80211_channel *chan;
6215 const u8 *bssid, *ssid, *ie = NULL, *sae_data = NULL;
6216 int err, ssid_len, ie_len = 0, sae_data_len = 0;
6217 enum nl80211_auth_type auth_type;
6218 struct key_parse key;
6219 bool local_state_change;
6220
6221 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
6222 return -EINVAL;
6223
6224 if (!info->attrs[NL80211_ATTR_MAC])
6225 return -EINVAL;
6226
6227 if (!info->attrs[NL80211_ATTR_AUTH_TYPE])
6228 return -EINVAL;
6229
6230 if (!info->attrs[NL80211_ATTR_SSID])
6231 return -EINVAL;
6232
6233 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
6234 return -EINVAL;
6235
6236 err = nl80211_parse_key(info, &key);
6237 if (err)
6238 return err;
6239
6240 if (key.idx >= 0) {
6241 if (key.type != -1 && key.type != NL80211_KEYTYPE_GROUP)
6242 return -EINVAL;
6243 if (!key.p.key || !key.p.key_len)
6244 return -EINVAL;
6245 if ((key.p.cipher != WLAN_CIPHER_SUITE_WEP40 ||
6246 key.p.key_len != WLAN_KEY_LEN_WEP40) &&
6247 (key.p.cipher != WLAN_CIPHER_SUITE_WEP104 ||
6248 key.p.key_len != WLAN_KEY_LEN_WEP104))
6249 return -EINVAL;
6250 if (key.idx > 4)
6251 return -EINVAL;
6252 } else {
6253 key.p.key_len = 0;
6254 key.p.key = NULL;
6255 }
6256
6257 if (key.idx >= 0) {
6258 int i;
6259 bool ok = false;
6260 for (i = 0; i < rdev->wiphy.n_cipher_suites; i++) {
6261 if (key.p.cipher == rdev->wiphy.cipher_suites[i]) {
6262 ok = true;
6263 break;
6264 }
6265 }
6266 if (!ok)
6267 return -EINVAL;
6268 }
6269
6270 if (!rdev->ops->auth)
6271 return -EOPNOTSUPP;
6272
6273 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
6274 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
6275 return -EOPNOTSUPP;
6276
6277 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
6278 chan = nl80211_get_valid_chan(&rdev->wiphy,
6279 info->attrs[NL80211_ATTR_WIPHY_FREQ]);
6280 if (!chan)
6281 return -EINVAL;
6282
6283 ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
6284 ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
6285
6286 if (info->attrs[NL80211_ATTR_IE]) {
6287 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
6288 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
6289 }
6290
6291 auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
6292 if (!nl80211_valid_auth_type(rdev, auth_type, NL80211_CMD_AUTHENTICATE))
6293 return -EINVAL;
6294
6295 if (auth_type == NL80211_AUTHTYPE_SAE &&
6296 !info->attrs[NL80211_ATTR_SAE_DATA])
6297 return -EINVAL;
6298
6299 if (info->attrs[NL80211_ATTR_SAE_DATA]) {
6300 if (auth_type != NL80211_AUTHTYPE_SAE)
6301 return -EINVAL;
6302 sae_data = nla_data(info->attrs[NL80211_ATTR_SAE_DATA]);
6303 sae_data_len = nla_len(info->attrs[NL80211_ATTR_SAE_DATA]);
6304 /* need to include at least Auth Transaction and Status Code */
6305 if (sae_data_len < 4)
6306 return -EINVAL;
6307 }
6308
6309 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
6310
6311 /*
6312 * Since we no longer track auth state, ignore
6313 * requests to only change local state.
6314 */
6315 if (local_state_change)
6316 return 0;
6317
6318 wdev_lock(dev->ieee80211_ptr);
6319 err = cfg80211_mlme_auth(rdev, dev, chan, auth_type, bssid,
6320 ssid, ssid_len, ie, ie_len,
6321 key.p.key, key.p.key_len, key.idx,
6322 sae_data, sae_data_len);
6323 wdev_unlock(dev->ieee80211_ptr);
6324 return err;
6325 }
6326
6327 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
6328 struct genl_info *info,
6329 struct cfg80211_crypto_settings *settings,
6330 int cipher_limit)
6331 {
6332 memset(settings, 0, sizeof(*settings));
6333
6334 settings->control_port = info->attrs[NL80211_ATTR_CONTROL_PORT];
6335
6336 if (info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) {
6337 u16 proto;
6338 proto = nla_get_u16(
6339 info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]);
6340 settings->control_port_ethertype = cpu_to_be16(proto);
6341 if (!(rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
6342 proto != ETH_P_PAE)
6343 return -EINVAL;
6344 if (info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT])
6345 settings->control_port_no_encrypt = true;
6346 } else
6347 settings->control_port_ethertype = cpu_to_be16(ETH_P_PAE);
6348
6349 if (info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]) {
6350 void *data;
6351 int len, i;
6352
6353 data = nla_data(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
6354 len = nla_len(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
6355 settings->n_ciphers_pairwise = len / sizeof(u32);
6356
6357 if (len % sizeof(u32))
6358 return -EINVAL;
6359
6360 if (settings->n_ciphers_pairwise > cipher_limit)
6361 return -EINVAL;
6362
6363 memcpy(settings->ciphers_pairwise, data, len);
6364
6365 for (i = 0; i < settings->n_ciphers_pairwise; i++)
6366 if (!cfg80211_supported_cipher_suite(
6367 &rdev->wiphy,
6368 settings->ciphers_pairwise[i]))
6369 return -EINVAL;
6370 }
6371
6372 if (info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]) {
6373 settings->cipher_group =
6374 nla_get_u32(info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]);
6375 if (!cfg80211_supported_cipher_suite(&rdev->wiphy,
6376 settings->cipher_group))
6377 return -EINVAL;
6378 }
6379
6380 if (info->attrs[NL80211_ATTR_WPA_VERSIONS]) {
6381 settings->wpa_versions =
6382 nla_get_u32(info->attrs[NL80211_ATTR_WPA_VERSIONS]);
6383 if (!nl80211_valid_wpa_versions(settings->wpa_versions))
6384 return -EINVAL;
6385 }
6386
6387 if (info->attrs[NL80211_ATTR_AKM_SUITES]) {
6388 void *data;
6389 int len;
6390
6391 data = nla_data(info->attrs[NL80211_ATTR_AKM_SUITES]);
6392 len = nla_len(info->attrs[NL80211_ATTR_AKM_SUITES]);
6393 settings->n_akm_suites = len / sizeof(u32);
6394
6395 if (len % sizeof(u32))
6396 return -EINVAL;
6397
6398 if (settings->n_akm_suites > NL80211_MAX_NR_AKM_SUITES)
6399 return -EINVAL;
6400
6401 memcpy(settings->akm_suites, data, len);
6402 }
6403
6404 return 0;
6405 }
6406
6407 static int nl80211_associate(struct sk_buff *skb, struct genl_info *info)
6408 {
6409 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6410 struct net_device *dev = info->user_ptr[1];
6411 struct ieee80211_channel *chan;
6412 struct cfg80211_assoc_request req = {};
6413 const u8 *bssid, *ssid;
6414 int err, ssid_len = 0;
6415
6416 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
6417 return -EINVAL;
6418
6419 if (!info->attrs[NL80211_ATTR_MAC] ||
6420 !info->attrs[NL80211_ATTR_SSID] ||
6421 !info->attrs[NL80211_ATTR_WIPHY_FREQ])
6422 return -EINVAL;
6423
6424 if (!rdev->ops->assoc)
6425 return -EOPNOTSUPP;
6426
6427 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
6428 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
6429 return -EOPNOTSUPP;
6430
6431 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
6432
6433 chan = nl80211_get_valid_chan(&rdev->wiphy,
6434 info->attrs[NL80211_ATTR_WIPHY_FREQ]);
6435 if (!chan)
6436 return -EINVAL;
6437
6438 ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
6439 ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
6440
6441 if (info->attrs[NL80211_ATTR_IE]) {
6442 req.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
6443 req.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
6444 }
6445
6446 if (info->attrs[NL80211_ATTR_USE_MFP]) {
6447 enum nl80211_mfp mfp =
6448 nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
6449 if (mfp == NL80211_MFP_REQUIRED)
6450 req.use_mfp = true;
6451 else if (mfp != NL80211_MFP_NO)
6452 return -EINVAL;
6453 }
6454
6455 if (info->attrs[NL80211_ATTR_PREV_BSSID])
6456 req.prev_bssid = nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]);
6457
6458 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
6459 req.flags |= ASSOC_REQ_DISABLE_HT;
6460
6461 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
6462 memcpy(&req.ht_capa_mask,
6463 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
6464 sizeof(req.ht_capa_mask));
6465
6466 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
6467 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
6468 return -EINVAL;
6469 memcpy(&req.ht_capa,
6470 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
6471 sizeof(req.ht_capa));
6472 }
6473
6474 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT]))
6475 req.flags |= ASSOC_REQ_DISABLE_VHT;
6476
6477 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
6478 memcpy(&req.vht_capa_mask,
6479 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]),
6480 sizeof(req.vht_capa_mask));
6481
6482 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {
6483 if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
6484 return -EINVAL;
6485 memcpy(&req.vht_capa,
6486 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]),
6487 sizeof(req.vht_capa));
6488 }
6489
6490 err = nl80211_crypto_settings(rdev, info, &req.crypto, 1);
6491 if (!err) {
6492 wdev_lock(dev->ieee80211_ptr);
6493 err = cfg80211_mlme_assoc(rdev, dev, chan, bssid,
6494 ssid, ssid_len, &req);
6495 wdev_unlock(dev->ieee80211_ptr);
6496 }
6497
6498 return err;
6499 }
6500
6501 static int nl80211_deauthenticate(struct sk_buff *skb, struct genl_info *info)
6502 {
6503 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6504 struct net_device *dev = info->user_ptr[1];
6505 const u8 *ie = NULL, *bssid;
6506 int ie_len = 0, err;
6507 u16 reason_code;
6508 bool local_state_change;
6509
6510 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
6511 return -EINVAL;
6512
6513 if (!info->attrs[NL80211_ATTR_MAC])
6514 return -EINVAL;
6515
6516 if (!info->attrs[NL80211_ATTR_REASON_CODE])
6517 return -EINVAL;
6518
6519 if (!rdev->ops->deauth)
6520 return -EOPNOTSUPP;
6521
6522 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
6523 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
6524 return -EOPNOTSUPP;
6525
6526 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
6527
6528 reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
6529 if (reason_code == 0) {
6530 /* Reason Code 0 is reserved */
6531 return -EINVAL;
6532 }
6533
6534 if (info->attrs[NL80211_ATTR_IE]) {
6535 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
6536 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
6537 }
6538
6539 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
6540
6541 wdev_lock(dev->ieee80211_ptr);
6542 err = cfg80211_mlme_deauth(rdev, dev, bssid, ie, ie_len, reason_code,
6543 local_state_change);
6544 wdev_unlock(dev->ieee80211_ptr);
6545 return err;
6546 }
6547
6548 static int nl80211_disassociate(struct sk_buff *skb, struct genl_info *info)
6549 {
6550 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6551 struct net_device *dev = info->user_ptr[1];
6552 const u8 *ie = NULL, *bssid;
6553 int ie_len = 0, err;
6554 u16 reason_code;
6555 bool local_state_change;
6556
6557 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
6558 return -EINVAL;
6559
6560 if (!info->attrs[NL80211_ATTR_MAC])
6561 return -EINVAL;
6562
6563 if (!info->attrs[NL80211_ATTR_REASON_CODE])
6564 return -EINVAL;
6565
6566 if (!rdev->ops->disassoc)
6567 return -EOPNOTSUPP;
6568
6569 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
6570 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
6571 return -EOPNOTSUPP;
6572
6573 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
6574
6575 reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
6576 if (reason_code == 0) {
6577 /* Reason Code 0 is reserved */
6578 return -EINVAL;
6579 }
6580
6581 if (info->attrs[NL80211_ATTR_IE]) {
6582 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
6583 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
6584 }
6585
6586 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
6587
6588 wdev_lock(dev->ieee80211_ptr);
6589 err = cfg80211_mlme_disassoc(rdev, dev, bssid, ie, ie_len, reason_code,
6590 local_state_change);
6591 wdev_unlock(dev->ieee80211_ptr);
6592 return err;
6593 }
6594
6595 static bool
6596 nl80211_parse_mcast_rate(struct cfg80211_registered_device *rdev,
6597 int mcast_rate[IEEE80211_NUM_BANDS],
6598 int rateval)
6599 {
6600 struct wiphy *wiphy = &rdev->wiphy;
6601 bool found = false;
6602 int band, i;
6603
6604 for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
6605 struct ieee80211_supported_band *sband;
6606
6607 sband = wiphy->bands[band];
6608 if (!sband)
6609 continue;
6610
6611 for (i = 0; i < sband->n_bitrates; i++) {
6612 if (sband->bitrates[i].bitrate == rateval) {
6613 mcast_rate[band] = i + 1;
6614 found = true;
6615 break;
6616 }
6617 }
6618 }
6619
6620 return found;
6621 }
6622
6623 static int nl80211_join_ibss(struct sk_buff *skb, struct genl_info *info)
6624 {
6625 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6626 struct net_device *dev = info->user_ptr[1];
6627 struct cfg80211_ibss_params ibss;
6628 struct wiphy *wiphy;
6629 struct cfg80211_cached_keys *connkeys = NULL;
6630 int err;
6631
6632 memset(&ibss, 0, sizeof(ibss));
6633
6634 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
6635 return -EINVAL;
6636
6637 if (!info->attrs[NL80211_ATTR_SSID] ||
6638 !nla_len(info->attrs[NL80211_ATTR_SSID]))
6639 return -EINVAL;
6640
6641 ibss.beacon_interval = 100;
6642
6643 if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) {
6644 ibss.beacon_interval =
6645 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
6646 if (ibss.beacon_interval < 1 || ibss.beacon_interval > 10000)
6647 return -EINVAL;
6648 }
6649
6650 if (!rdev->ops->join_ibss)
6651 return -EOPNOTSUPP;
6652
6653 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
6654 return -EOPNOTSUPP;
6655
6656 wiphy = &rdev->wiphy;
6657
6658 if (info->attrs[NL80211_ATTR_MAC]) {
6659 ibss.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
6660
6661 if (!is_valid_ether_addr(ibss.bssid))
6662 return -EINVAL;
6663 }
6664 ibss.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
6665 ibss.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
6666
6667 if (info->attrs[NL80211_ATTR_IE]) {
6668 ibss.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
6669 ibss.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
6670 }
6671
6672 err = nl80211_parse_chandef(rdev, info, &ibss.chandef);
6673 if (err)
6674 return err;
6675
6676 if (!cfg80211_reg_can_beacon(&rdev->wiphy, &ibss.chandef))
6677 return -EINVAL;
6678
6679 switch (ibss.chandef.width) {
6680 case NL80211_CHAN_WIDTH_5:
6681 case NL80211_CHAN_WIDTH_10:
6682 case NL80211_CHAN_WIDTH_20_NOHT:
6683 break;
6684 case NL80211_CHAN_WIDTH_20:
6685 case NL80211_CHAN_WIDTH_40:
6686 if (rdev->wiphy.features & NL80211_FEATURE_HT_IBSS)
6687 break;
6688 default:
6689 return -EINVAL;
6690 }
6691
6692 ibss.channel_fixed = !!info->attrs[NL80211_ATTR_FREQ_FIXED];
6693 ibss.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
6694
6695 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
6696 u8 *rates =
6697 nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
6698 int n_rates =
6699 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
6700 struct ieee80211_supported_band *sband =
6701 wiphy->bands[ibss.chandef.chan->band];
6702
6703 err = ieee80211_get_ratemask(sband, rates, n_rates,
6704 &ibss.basic_rates);
6705 if (err)
6706 return err;
6707 }
6708
6709 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
6710 memcpy(&ibss.ht_capa_mask,
6711 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
6712 sizeof(ibss.ht_capa_mask));
6713
6714 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
6715 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
6716 return -EINVAL;
6717 memcpy(&ibss.ht_capa,
6718 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
6719 sizeof(ibss.ht_capa));
6720 }
6721
6722 if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
6723 !nl80211_parse_mcast_rate(rdev, ibss.mcast_rate,
6724 nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
6725 return -EINVAL;
6726
6727 if (ibss.privacy && info->attrs[NL80211_ATTR_KEYS]) {
6728 bool no_ht = false;
6729
6730 connkeys = nl80211_parse_connkeys(rdev,
6731 info->attrs[NL80211_ATTR_KEYS],
6732 &no_ht);
6733 if (IS_ERR(connkeys))
6734 return PTR_ERR(connkeys);
6735
6736 if ((ibss.chandef.width != NL80211_CHAN_WIDTH_20_NOHT) &&
6737 no_ht) {
6738 kfree(connkeys);
6739 return -EINVAL;
6740 }
6741 }
6742
6743 ibss.control_port =
6744 nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT]);
6745
6746 ibss.userspace_handles_dfs =
6747 nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS]);
6748
6749 err = cfg80211_join_ibss(rdev, dev, &ibss, connkeys);
6750 if (err)
6751 kfree(connkeys);
6752 return err;
6753 }
6754
6755 static int nl80211_leave_ibss(struct sk_buff *skb, struct genl_info *info)
6756 {
6757 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6758 struct net_device *dev = info->user_ptr[1];
6759
6760 if (!rdev->ops->leave_ibss)
6761 return -EOPNOTSUPP;
6762
6763 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
6764 return -EOPNOTSUPP;
6765
6766 return cfg80211_leave_ibss(rdev, dev, false);
6767 }
6768
6769 static int nl80211_set_mcast_rate(struct sk_buff *skb, struct genl_info *info)
6770 {
6771 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6772 struct net_device *dev = info->user_ptr[1];
6773 int mcast_rate[IEEE80211_NUM_BANDS];
6774 u32 nla_rate;
6775 int err;
6776
6777 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC &&
6778 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
6779 return -EOPNOTSUPP;
6780
6781 if (!rdev->ops->set_mcast_rate)
6782 return -EOPNOTSUPP;
6783
6784 memset(mcast_rate, 0, sizeof(mcast_rate));
6785
6786 if (!info->attrs[NL80211_ATTR_MCAST_RATE])
6787 return -EINVAL;
6788
6789 nla_rate = nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE]);
6790 if (!nl80211_parse_mcast_rate(rdev, mcast_rate, nla_rate))
6791 return -EINVAL;
6792
6793 err = rdev->ops->set_mcast_rate(&rdev->wiphy, dev, mcast_rate);
6794
6795 return err;
6796 }
6797
6798 static struct sk_buff *
6799 __cfg80211_alloc_vendor_skb(struct cfg80211_registered_device *rdev,
6800 int approxlen, u32 portid, u32 seq,
6801 enum nl80211_commands cmd,
6802 enum nl80211_attrs attr,
6803 const struct nl80211_vendor_cmd_info *info,
6804 gfp_t gfp)
6805 {
6806 struct sk_buff *skb;
6807 void *hdr;
6808 struct nlattr *data;
6809
6810 skb = nlmsg_new(approxlen + 100, gfp);
6811 if (!skb)
6812 return NULL;
6813
6814 hdr = nl80211hdr_put(skb, portid, seq, 0, cmd);
6815 if (!hdr) {
6816 kfree_skb(skb);
6817 return NULL;
6818 }
6819
6820 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
6821 goto nla_put_failure;
6822
6823 if (info) {
6824 if (nla_put_u32(skb, NL80211_ATTR_VENDOR_ID,
6825 info->vendor_id))
6826 goto nla_put_failure;
6827 if (nla_put_u32(skb, NL80211_ATTR_VENDOR_SUBCMD,
6828 info->subcmd))
6829 goto nla_put_failure;
6830 }
6831
6832 data = nla_nest_start(skb, attr);
6833
6834 ((void **)skb->cb)[0] = rdev;
6835 ((void **)skb->cb)[1] = hdr;
6836 ((void **)skb->cb)[2] = data;
6837
6838 return skb;
6839
6840 nla_put_failure:
6841 kfree_skb(skb);
6842 return NULL;
6843 }
6844
6845 struct sk_buff *__cfg80211_alloc_event_skb(struct wiphy *wiphy,
6846 enum nl80211_commands cmd,
6847 enum nl80211_attrs attr,
6848 int vendor_event_idx,
6849 int approxlen, gfp_t gfp)
6850 {
6851 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
6852 const struct nl80211_vendor_cmd_info *info;
6853
6854 switch (cmd) {
6855 case NL80211_CMD_TESTMODE:
6856 if (WARN_ON(vendor_event_idx != -1))
6857 return NULL;
6858 info = NULL;
6859 break;
6860 case NL80211_CMD_VENDOR:
6861 if (WARN_ON(vendor_event_idx < 0 ||
6862 vendor_event_idx >= wiphy->n_vendor_events))
6863 return NULL;
6864 info = &wiphy->vendor_events[vendor_event_idx];
6865 break;
6866 default:
6867 WARN_ON(1);
6868 return NULL;
6869 }
6870
6871 return __cfg80211_alloc_vendor_skb(rdev, approxlen, 0, 0,
6872 cmd, attr, info, gfp);
6873 }
6874 EXPORT_SYMBOL(__cfg80211_alloc_event_skb);
6875
6876 void __cfg80211_send_event_skb(struct sk_buff *skb, gfp_t gfp)
6877 {
6878 struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
6879 void *hdr = ((void **)skb->cb)[1];
6880 struct nlattr *data = ((void **)skb->cb)[2];
6881 enum nl80211_multicast_groups mcgrp = NL80211_MCGRP_TESTMODE;
6882
6883 nla_nest_end(skb, data);
6884 genlmsg_end(skb, hdr);
6885
6886 if (data->nla_type == NL80211_ATTR_VENDOR_DATA)
6887 mcgrp = NL80211_MCGRP_VENDOR;
6888
6889 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), skb, 0,
6890 mcgrp, gfp);
6891 }
6892 EXPORT_SYMBOL(__cfg80211_send_event_skb);
6893
6894 #ifdef CONFIG_NL80211_TESTMODE
6895 static int nl80211_testmode_do(struct sk_buff *skb, struct genl_info *info)
6896 {
6897 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6898 struct wireless_dev *wdev =
6899 __cfg80211_wdev_from_attrs(genl_info_net(info), info->attrs);
6900 int err;
6901
6902 if (!rdev->ops->testmode_cmd)
6903 return -EOPNOTSUPP;
6904
6905 if (IS_ERR(wdev)) {
6906 err = PTR_ERR(wdev);
6907 if (err != -EINVAL)
6908 return err;
6909 wdev = NULL;
6910 } else if (wdev->wiphy != &rdev->wiphy) {
6911 return -EINVAL;
6912 }
6913
6914 if (!info->attrs[NL80211_ATTR_TESTDATA])
6915 return -EINVAL;
6916
6917 rdev->cur_cmd_info = info;
6918 err = rdev_testmode_cmd(rdev, wdev,
6919 nla_data(info->attrs[NL80211_ATTR_TESTDATA]),
6920 nla_len(info->attrs[NL80211_ATTR_TESTDATA]));
6921 rdev->cur_cmd_info = NULL;
6922
6923 return err;
6924 }
6925
6926 static int nl80211_testmode_dump(struct sk_buff *skb,
6927 struct netlink_callback *cb)
6928 {
6929 struct cfg80211_registered_device *rdev;
6930 int err;
6931 long phy_idx;
6932 void *data = NULL;
6933 int data_len = 0;
6934
6935 rtnl_lock();
6936
6937 if (cb->args[0]) {
6938 /*
6939 * 0 is a valid index, but not valid for args[0],
6940 * so we need to offset by 1.
6941 */
6942 phy_idx = cb->args[0] - 1;
6943 } else {
6944 err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
6945 nl80211_fam.attrbuf, nl80211_fam.maxattr,
6946 nl80211_policy);
6947 if (err)
6948 goto out_err;
6949
6950 rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk),
6951 nl80211_fam.attrbuf);
6952 if (IS_ERR(rdev)) {
6953 err = PTR_ERR(rdev);
6954 goto out_err;
6955 }
6956 phy_idx = rdev->wiphy_idx;
6957 rdev = NULL;
6958
6959 if (nl80211_fam.attrbuf[NL80211_ATTR_TESTDATA])
6960 cb->args[1] =
6961 (long)nl80211_fam.attrbuf[NL80211_ATTR_TESTDATA];
6962 }
6963
6964 if (cb->args[1]) {
6965 data = nla_data((void *)cb->args[1]);
6966 data_len = nla_len((void *)cb->args[1]);
6967 }
6968
6969 rdev = cfg80211_rdev_by_wiphy_idx(phy_idx);
6970 if (!rdev) {
6971 err = -ENOENT;
6972 goto out_err;
6973 }
6974
6975 if (!rdev->ops->testmode_dump) {
6976 err = -EOPNOTSUPP;
6977 goto out_err;
6978 }
6979
6980 while (1) {
6981 void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid,
6982 cb->nlh->nlmsg_seq, NLM_F_MULTI,
6983 NL80211_CMD_TESTMODE);
6984 struct nlattr *tmdata;
6985
6986 if (!hdr)
6987 break;
6988
6989 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, phy_idx)) {
6990 genlmsg_cancel(skb, hdr);
6991 break;
6992 }
6993
6994 tmdata = nla_nest_start(skb, NL80211_ATTR_TESTDATA);
6995 if (!tmdata) {
6996 genlmsg_cancel(skb, hdr);
6997 break;
6998 }
6999 err = rdev_testmode_dump(rdev, skb, cb, data, data_len);
7000 nla_nest_end(skb, tmdata);
7001
7002 if (err == -ENOBUFS || err == -ENOENT) {
7003 genlmsg_cancel(skb, hdr);
7004 break;
7005 } else if (err) {
7006 genlmsg_cancel(skb, hdr);
7007 goto out_err;
7008 }
7009
7010 genlmsg_end(skb, hdr);
7011 }
7012
7013 err = skb->len;
7014 /* see above */
7015 cb->args[0] = phy_idx + 1;
7016 out_err:
7017 rtnl_unlock();
7018 return err;
7019 }
7020 #endif
7021
7022 static int nl80211_connect(struct sk_buff *skb, struct genl_info *info)
7023 {
7024 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7025 struct net_device *dev = info->user_ptr[1];
7026 struct cfg80211_connect_params connect;
7027 struct wiphy *wiphy;
7028 struct cfg80211_cached_keys *connkeys = NULL;
7029 int err;
7030
7031 memset(&connect, 0, sizeof(connect));
7032
7033 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
7034 return -EINVAL;
7035
7036 if (!info->attrs[NL80211_ATTR_SSID] ||
7037 !nla_len(info->attrs[NL80211_ATTR_SSID]))
7038 return -EINVAL;
7039
7040 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
7041 connect.auth_type =
7042 nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
7043 if (!nl80211_valid_auth_type(rdev, connect.auth_type,
7044 NL80211_CMD_CONNECT))
7045 return -EINVAL;
7046 } else
7047 connect.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
7048
7049 connect.privacy = info->attrs[NL80211_ATTR_PRIVACY];
7050
7051 err = nl80211_crypto_settings(rdev, info, &connect.crypto,
7052 NL80211_MAX_NR_CIPHER_SUITES);
7053 if (err)
7054 return err;
7055
7056 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
7057 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
7058 return -EOPNOTSUPP;
7059
7060 wiphy = &rdev->wiphy;
7061
7062 connect.bg_scan_period = -1;
7063 if (info->attrs[NL80211_ATTR_BG_SCAN_PERIOD] &&
7064 (wiphy->flags & WIPHY_FLAG_SUPPORTS_FW_ROAM)) {
7065 connect.bg_scan_period =
7066 nla_get_u16(info->attrs[NL80211_ATTR_BG_SCAN_PERIOD]);
7067 }
7068
7069 if (info->attrs[NL80211_ATTR_MAC])
7070 connect.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
7071 else if (info->attrs[NL80211_ATTR_MAC_HINT])
7072 connect.bssid_hint =
7073 nla_data(info->attrs[NL80211_ATTR_MAC_HINT]);
7074 connect.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
7075 connect.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
7076
7077 if (info->attrs[NL80211_ATTR_IE]) {
7078 connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
7079 connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
7080 }
7081
7082 if (info->attrs[NL80211_ATTR_USE_MFP]) {
7083 connect.mfp = nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
7084 if (connect.mfp != NL80211_MFP_REQUIRED &&
7085 connect.mfp != NL80211_MFP_NO)
7086 return -EINVAL;
7087 } else {
7088 connect.mfp = NL80211_MFP_NO;
7089 }
7090
7091 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
7092 connect.channel = nl80211_get_valid_chan(
7093 wiphy, info->attrs[NL80211_ATTR_WIPHY_FREQ]);
7094 if (!connect.channel)
7095 return -EINVAL;
7096 } else if (info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]) {
7097 connect.channel_hint = nl80211_get_valid_chan(
7098 wiphy, info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]);
7099 if (!connect.channel_hint)
7100 return -EINVAL;
7101 }
7102
7103 if (connect.privacy && info->attrs[NL80211_ATTR_KEYS]) {
7104 connkeys = nl80211_parse_connkeys(rdev,
7105 info->attrs[NL80211_ATTR_KEYS], NULL);
7106 if (IS_ERR(connkeys))
7107 return PTR_ERR(connkeys);
7108 }
7109
7110 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
7111 connect.flags |= ASSOC_REQ_DISABLE_HT;
7112
7113 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
7114 memcpy(&connect.ht_capa_mask,
7115 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
7116 sizeof(connect.ht_capa_mask));
7117
7118 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
7119 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) {
7120 kfree(connkeys);
7121 return -EINVAL;
7122 }
7123 memcpy(&connect.ht_capa,
7124 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
7125 sizeof(connect.ht_capa));
7126 }
7127
7128 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT]))
7129 connect.flags |= ASSOC_REQ_DISABLE_VHT;
7130
7131 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
7132 memcpy(&connect.vht_capa_mask,
7133 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]),
7134 sizeof(connect.vht_capa_mask));
7135
7136 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {
7137 if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]) {
7138 kfree(connkeys);
7139 return -EINVAL;
7140 }
7141 memcpy(&connect.vht_capa,
7142 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]),
7143 sizeof(connect.vht_capa));
7144 }
7145
7146 wdev_lock(dev->ieee80211_ptr);
7147 err = cfg80211_connect(rdev, dev, &connect, connkeys, NULL);
7148 wdev_unlock(dev->ieee80211_ptr);
7149 if (err)
7150 kfree(connkeys);
7151 return err;
7152 }
7153
7154 static int nl80211_disconnect(struct sk_buff *skb, struct genl_info *info)
7155 {
7156 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7157 struct net_device *dev = info->user_ptr[1];
7158 u16 reason;
7159 int ret;
7160
7161 if (!info->attrs[NL80211_ATTR_REASON_CODE])
7162 reason = WLAN_REASON_DEAUTH_LEAVING;
7163 else
7164 reason = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
7165
7166 if (reason == 0)
7167 return -EINVAL;
7168
7169 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
7170 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
7171 return -EOPNOTSUPP;
7172
7173 wdev_lock(dev->ieee80211_ptr);
7174 ret = cfg80211_disconnect(rdev, dev, reason, true);
7175 wdev_unlock(dev->ieee80211_ptr);
7176 return ret;
7177 }
7178
7179 static int nl80211_wiphy_netns(struct sk_buff *skb, struct genl_info *info)
7180 {
7181 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7182 struct net *net;
7183 int err;
7184 u32 pid;
7185
7186 if (!info->attrs[NL80211_ATTR_PID])
7187 return -EINVAL;
7188
7189 pid = nla_get_u32(info->attrs[NL80211_ATTR_PID]);
7190
7191 net = get_net_ns_by_pid(pid);
7192 if (IS_ERR(net))
7193 return PTR_ERR(net);
7194
7195 err = 0;
7196
7197 /* check if anything to do */
7198 if (!net_eq(wiphy_net(&rdev->wiphy), net))
7199 err = cfg80211_switch_netns(rdev, net);
7200
7201 put_net(net);
7202 return err;
7203 }
7204
7205 static int nl80211_setdel_pmksa(struct sk_buff *skb, struct genl_info *info)
7206 {
7207 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7208 int (*rdev_ops)(struct wiphy *wiphy, struct net_device *dev,
7209 struct cfg80211_pmksa *pmksa) = NULL;
7210 struct net_device *dev = info->user_ptr[1];
7211 struct cfg80211_pmksa pmksa;
7212
7213 memset(&pmksa, 0, sizeof(struct cfg80211_pmksa));
7214
7215 if (!info->attrs[NL80211_ATTR_MAC])
7216 return -EINVAL;
7217
7218 if (!info->attrs[NL80211_ATTR_PMKID])
7219 return -EINVAL;
7220
7221 pmksa.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]);
7222 pmksa.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
7223
7224 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
7225 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
7226 return -EOPNOTSUPP;
7227
7228 switch (info->genlhdr->cmd) {
7229 case NL80211_CMD_SET_PMKSA:
7230 rdev_ops = rdev->ops->set_pmksa;
7231 break;
7232 case NL80211_CMD_DEL_PMKSA:
7233 rdev_ops = rdev->ops->del_pmksa;
7234 break;
7235 default:
7236 WARN_ON(1);
7237 break;
7238 }
7239
7240 if (!rdev_ops)
7241 return -EOPNOTSUPP;
7242
7243 return rdev_ops(&rdev->wiphy, dev, &pmksa);
7244 }
7245
7246 static int nl80211_flush_pmksa(struct sk_buff *skb, struct genl_info *info)
7247 {
7248 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7249 struct net_device *dev = info->user_ptr[1];
7250
7251 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
7252 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
7253 return -EOPNOTSUPP;
7254
7255 if (!rdev->ops->flush_pmksa)
7256 return -EOPNOTSUPP;
7257
7258 return rdev_flush_pmksa(rdev, dev);
7259 }
7260
7261 static int nl80211_tdls_mgmt(struct sk_buff *skb, struct genl_info *info)
7262 {
7263 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7264 struct net_device *dev = info->user_ptr[1];
7265 u8 action_code, dialog_token;
7266 u16 status_code;
7267 u8 *peer;
7268
7269 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
7270 !rdev->ops->tdls_mgmt)
7271 return -EOPNOTSUPP;
7272
7273 if (!info->attrs[NL80211_ATTR_TDLS_ACTION] ||
7274 !info->attrs[NL80211_ATTR_STATUS_CODE] ||
7275 !info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN] ||
7276 !info->attrs[NL80211_ATTR_IE] ||
7277 !info->attrs[NL80211_ATTR_MAC])
7278 return -EINVAL;
7279
7280 peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
7281 action_code = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_ACTION]);
7282 status_code = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
7283 dialog_token = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN]);
7284
7285 return rdev_tdls_mgmt(rdev, dev, peer, action_code,
7286 dialog_token, status_code,
7287 nla_data(info->attrs[NL80211_ATTR_IE]),
7288 nla_len(info->attrs[NL80211_ATTR_IE]));
7289 }
7290
7291 static int nl80211_tdls_oper(struct sk_buff *skb, struct genl_info *info)
7292 {
7293 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7294 struct net_device *dev = info->user_ptr[1];
7295 enum nl80211_tdls_operation operation;
7296 u8 *peer;
7297
7298 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
7299 !rdev->ops->tdls_oper)
7300 return -EOPNOTSUPP;
7301
7302 if (!info->attrs[NL80211_ATTR_TDLS_OPERATION] ||
7303 !info->attrs[NL80211_ATTR_MAC])
7304 return -EINVAL;
7305
7306 operation = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_OPERATION]);
7307 peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
7308
7309 return rdev_tdls_oper(rdev, dev, peer, operation);
7310 }
7311
7312 static int nl80211_remain_on_channel(struct sk_buff *skb,
7313 struct genl_info *info)
7314 {
7315 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7316 struct wireless_dev *wdev = info->user_ptr[1];
7317 struct cfg80211_chan_def chandef;
7318 struct sk_buff *msg;
7319 void *hdr;
7320 u64 cookie;
7321 u32 duration;
7322 int err;
7323
7324 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
7325 !info->attrs[NL80211_ATTR_DURATION])
7326 return -EINVAL;
7327
7328 duration = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
7329
7330 if (!rdev->ops->remain_on_channel ||
7331 !(rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL))
7332 return -EOPNOTSUPP;
7333
7334 /*
7335 * We should be on that channel for at least a minimum amount of
7336 * time (10ms) but no longer than the driver supports.
7337 */
7338 if (duration < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
7339 duration > rdev->wiphy.max_remain_on_channel_duration)
7340 return -EINVAL;
7341
7342 err = nl80211_parse_chandef(rdev, info, &chandef);
7343 if (err)
7344 return err;
7345
7346 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
7347 if (!msg)
7348 return -ENOMEM;
7349
7350 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
7351 NL80211_CMD_REMAIN_ON_CHANNEL);
7352 if (!hdr) {
7353 err = -ENOBUFS;
7354 goto free_msg;
7355 }
7356
7357 err = rdev_remain_on_channel(rdev, wdev, chandef.chan,
7358 duration, &cookie);
7359
7360 if (err)
7361 goto free_msg;
7362
7363 if (nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie))
7364 goto nla_put_failure;
7365
7366 genlmsg_end(msg, hdr);
7367
7368 return genlmsg_reply(msg, info);
7369
7370 nla_put_failure:
7371 err = -ENOBUFS;
7372 free_msg:
7373 nlmsg_free(msg);
7374 return err;
7375 }
7376
7377 static int nl80211_cancel_remain_on_channel(struct sk_buff *skb,
7378 struct genl_info *info)
7379 {
7380 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7381 struct wireless_dev *wdev = info->user_ptr[1];
7382 u64 cookie;
7383
7384 if (!info->attrs[NL80211_ATTR_COOKIE])
7385 return -EINVAL;
7386
7387 if (!rdev->ops->cancel_remain_on_channel)
7388 return -EOPNOTSUPP;
7389
7390 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
7391
7392 return rdev_cancel_remain_on_channel(rdev, wdev, cookie);
7393 }
7394
7395 static u32 rateset_to_mask(struct ieee80211_supported_band *sband,
7396 u8 *rates, u8 rates_len)
7397 {
7398 u8 i;
7399 u32 mask = 0;
7400
7401 for (i = 0; i < rates_len; i++) {
7402 int rate = (rates[i] & 0x7f) * 5;
7403 int ridx;
7404 for (ridx = 0; ridx < sband->n_bitrates; ridx++) {
7405 struct ieee80211_rate *srate =
7406 &sband->bitrates[ridx];
7407 if (rate == srate->bitrate) {
7408 mask |= 1 << ridx;
7409 break;
7410 }
7411 }
7412 if (ridx == sband->n_bitrates)
7413 return 0; /* rate not found */
7414 }
7415
7416 return mask;
7417 }
7418
7419 static bool ht_rateset_to_mask(struct ieee80211_supported_band *sband,
7420 u8 *rates, u8 rates_len,
7421 u8 mcs[IEEE80211_HT_MCS_MASK_LEN])
7422 {
7423 u8 i;
7424
7425 memset(mcs, 0, IEEE80211_HT_MCS_MASK_LEN);
7426
7427 for (i = 0; i < rates_len; i++) {
7428 int ridx, rbit;
7429
7430 ridx = rates[i] / 8;
7431 rbit = BIT(rates[i] % 8);
7432
7433 /* check validity */
7434 if ((ridx < 0) || (ridx >= IEEE80211_HT_MCS_MASK_LEN))
7435 return false;
7436
7437 /* check availability */
7438 if (sband->ht_cap.mcs.rx_mask[ridx] & rbit)
7439 mcs[ridx] |= rbit;
7440 else
7441 return false;
7442 }
7443
7444 return true;
7445 }
7446
7447 static u16 vht_mcs_map_to_mcs_mask(u8 vht_mcs_map)
7448 {
7449 u16 mcs_mask = 0;
7450
7451 switch (vht_mcs_map) {
7452 case IEEE80211_VHT_MCS_NOT_SUPPORTED:
7453 break;
7454 case IEEE80211_VHT_MCS_SUPPORT_0_7:
7455 mcs_mask = 0x00FF;
7456 break;
7457 case IEEE80211_VHT_MCS_SUPPORT_0_8:
7458 mcs_mask = 0x01FF;
7459 break;
7460 case IEEE80211_VHT_MCS_SUPPORT_0_9:
7461 mcs_mask = 0x03FF;
7462 break;
7463 default:
7464 break;
7465 }
7466
7467 return mcs_mask;
7468 }
7469
7470 static void vht_build_mcs_mask(u16 vht_mcs_map,
7471 u16 vht_mcs_mask[NL80211_VHT_NSS_MAX])
7472 {
7473 u8 nss;
7474
7475 for (nss = 0; nss < NL80211_VHT_NSS_MAX; nss++) {
7476 vht_mcs_mask[nss] = vht_mcs_map_to_mcs_mask(vht_mcs_map & 0x03);
7477 vht_mcs_map >>= 2;
7478 }
7479 }
7480
7481 static bool vht_set_mcs_mask(struct ieee80211_supported_band *sband,
7482 struct nl80211_txrate_vht *txrate,
7483 u16 mcs[NL80211_VHT_NSS_MAX])
7484 {
7485 u16 tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
7486 u16 tx_mcs_mask[NL80211_VHT_NSS_MAX] = {};
7487 u8 i;
7488
7489 if (!sband->vht_cap.vht_supported)
7490 return false;
7491
7492 memset(mcs, 0, sizeof(u16) * NL80211_VHT_NSS_MAX);
7493
7494 /* Build vht_mcs_mask from VHT capabilities */
7495 vht_build_mcs_mask(tx_mcs_map, tx_mcs_mask);
7496
7497 for (i = 0; i < NL80211_VHT_NSS_MAX; i++) {
7498 if ((tx_mcs_mask[i] & txrate->mcs[i]) == txrate->mcs[i])
7499 mcs[i] = txrate->mcs[i];
7500 else
7501 return false;
7502 }
7503
7504 return true;
7505 }
7506
7507 static const struct nla_policy nl80211_txattr_policy[NL80211_TXRATE_MAX + 1] = {
7508 [NL80211_TXRATE_LEGACY] = { .type = NLA_BINARY,
7509 .len = NL80211_MAX_SUPP_RATES },
7510 [NL80211_TXRATE_HT] = { .type = NLA_BINARY,
7511 .len = NL80211_MAX_SUPP_HT_RATES },
7512 [NL80211_TXRATE_VHT] = { .len = sizeof(struct nl80211_txrate_vht)},
7513 [NL80211_TXRATE_GI] = { .type = NLA_U8 },
7514 };
7515
7516 static int nl80211_set_tx_bitrate_mask(struct sk_buff *skb,
7517 struct genl_info *info)
7518 {
7519 struct nlattr *tb[NL80211_TXRATE_MAX + 1];
7520 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7521 struct cfg80211_bitrate_mask mask;
7522 int rem, i;
7523 struct net_device *dev = info->user_ptr[1];
7524 struct nlattr *tx_rates;
7525 struct ieee80211_supported_band *sband;
7526 u16 vht_tx_mcs_map;
7527
7528 if (!rdev->ops->set_bitrate_mask)
7529 return -EOPNOTSUPP;
7530
7531 memset(&mask, 0, sizeof(mask));
7532 /* Default to all rates enabled */
7533 for (i = 0; i < IEEE80211_NUM_BANDS; i++) {
7534 sband = rdev->wiphy.bands[i];
7535
7536 if (!sband)
7537 continue;
7538
7539 mask.control[i].legacy = (1 << sband->n_bitrates) - 1;
7540 memcpy(mask.control[i].ht_mcs,
7541 sband->ht_cap.mcs.rx_mask,
7542 sizeof(mask.control[i].ht_mcs));
7543
7544 if (!sband->vht_cap.vht_supported)
7545 continue;
7546
7547 vht_tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
7548 vht_build_mcs_mask(vht_tx_mcs_map, mask.control[i].vht_mcs);
7549 }
7550
7551 /* if no rates are given set it back to the defaults */
7552 if (!info->attrs[NL80211_ATTR_TX_RATES])
7553 goto out;
7554
7555 /*
7556 * The nested attribute uses enum nl80211_band as the index. This maps
7557 * directly to the enum ieee80211_band values used in cfg80211.
7558 */
7559 BUILD_BUG_ON(NL80211_MAX_SUPP_HT_RATES > IEEE80211_HT_MCS_MASK_LEN * 8);
7560 nla_for_each_nested(tx_rates, info->attrs[NL80211_ATTR_TX_RATES], rem) {
7561 enum ieee80211_band band = nla_type(tx_rates);
7562 int err;
7563
7564 if (band < 0 || band >= IEEE80211_NUM_BANDS)
7565 return -EINVAL;
7566 sband = rdev->wiphy.bands[band];
7567 if (sband == NULL)
7568 return -EINVAL;
7569 err = nla_parse(tb, NL80211_TXRATE_MAX, nla_data(tx_rates),
7570 nla_len(tx_rates), nl80211_txattr_policy);
7571 if (err)
7572 return err;
7573 if (tb[NL80211_TXRATE_LEGACY]) {
7574 mask.control[band].legacy = rateset_to_mask(
7575 sband,
7576 nla_data(tb[NL80211_TXRATE_LEGACY]),
7577 nla_len(tb[NL80211_TXRATE_LEGACY]));
7578 if ((mask.control[band].legacy == 0) &&
7579 nla_len(tb[NL80211_TXRATE_LEGACY]))
7580 return -EINVAL;
7581 }
7582 if (tb[NL80211_TXRATE_HT]) {
7583 if (!ht_rateset_to_mask(
7584 sband,
7585 nla_data(tb[NL80211_TXRATE_HT]),
7586 nla_len(tb[NL80211_TXRATE_HT]),
7587 mask.control[band].ht_mcs))
7588 return -EINVAL;
7589 }
7590 if (tb[NL80211_TXRATE_VHT]) {
7591 if (!vht_set_mcs_mask(
7592 sband,
7593 nla_data(tb[NL80211_TXRATE_VHT]),
7594 mask.control[band].vht_mcs))
7595 return -EINVAL;
7596 }
7597 if (tb[NL80211_TXRATE_GI]) {
7598 mask.control[band].gi =
7599 nla_get_u8(tb[NL80211_TXRATE_GI]);
7600 if (mask.control[band].gi > NL80211_TXRATE_FORCE_LGI)
7601 return -EINVAL;
7602 }
7603
7604 if (mask.control[band].legacy == 0) {
7605 /* don't allow empty legacy rates if HT or VHT
7606 * are not even supported.
7607 */
7608 if (!(rdev->wiphy.bands[band]->ht_cap.ht_supported ||
7609 rdev->wiphy.bands[band]->vht_cap.vht_supported))
7610 return -EINVAL;
7611
7612 for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++)
7613 if (mask.control[band].ht_mcs[i])
7614 goto out;
7615
7616 for (i = 0; i < NL80211_VHT_NSS_MAX; i++)
7617 if (mask.control[band].vht_mcs[i])
7618 goto out;
7619
7620 /* legacy and mcs rates may not be both empty */
7621 return -EINVAL;
7622 }
7623 }
7624
7625 out:
7626 return rdev_set_bitrate_mask(rdev, dev, NULL, &mask);
7627 }
7628
7629 static int nl80211_register_mgmt(struct sk_buff *skb, struct genl_info *info)
7630 {
7631 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7632 struct wireless_dev *wdev = info->user_ptr[1];
7633 u16 frame_type = IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_ACTION;
7634
7635 if (!info->attrs[NL80211_ATTR_FRAME_MATCH])
7636 return -EINVAL;
7637
7638 if (info->attrs[NL80211_ATTR_FRAME_TYPE])
7639 frame_type = nla_get_u16(info->attrs[NL80211_ATTR_FRAME_TYPE]);
7640
7641 switch (wdev->iftype) {
7642 case NL80211_IFTYPE_STATION:
7643 case NL80211_IFTYPE_ADHOC:
7644 case NL80211_IFTYPE_P2P_CLIENT:
7645 case NL80211_IFTYPE_AP:
7646 case NL80211_IFTYPE_AP_VLAN:
7647 case NL80211_IFTYPE_MESH_POINT:
7648 case NL80211_IFTYPE_P2P_GO:
7649 case NL80211_IFTYPE_P2P_DEVICE:
7650 break;
7651 default:
7652 return -EOPNOTSUPP;
7653 }
7654
7655 /* not much point in registering if we can't reply */
7656 if (!rdev->ops->mgmt_tx)
7657 return -EOPNOTSUPP;
7658
7659 return cfg80211_mlme_register_mgmt(wdev, info->snd_portid, frame_type,
7660 nla_data(info->attrs[NL80211_ATTR_FRAME_MATCH]),
7661 nla_len(info->attrs[NL80211_ATTR_FRAME_MATCH]));
7662 }
7663
7664 static int nl80211_tx_mgmt(struct sk_buff *skb, struct genl_info *info)
7665 {
7666 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7667 struct wireless_dev *wdev = info->user_ptr[1];
7668 struct cfg80211_chan_def chandef;
7669 int err;
7670 void *hdr = NULL;
7671 u64 cookie;
7672 struct sk_buff *msg = NULL;
7673 struct cfg80211_mgmt_tx_params params = {
7674 .dont_wait_for_ack =
7675 info->attrs[NL80211_ATTR_DONT_WAIT_FOR_ACK],
7676 };
7677
7678 if (!info->attrs[NL80211_ATTR_FRAME])
7679 return -EINVAL;
7680
7681 if (!rdev->ops->mgmt_tx)
7682 return -EOPNOTSUPP;
7683
7684 switch (wdev->iftype) {
7685 case NL80211_IFTYPE_P2P_DEVICE:
7686 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
7687 return -EINVAL;
7688 case NL80211_IFTYPE_STATION:
7689 case NL80211_IFTYPE_ADHOC:
7690 case NL80211_IFTYPE_P2P_CLIENT:
7691 case NL80211_IFTYPE_AP:
7692 case NL80211_IFTYPE_AP_VLAN:
7693 case NL80211_IFTYPE_MESH_POINT:
7694 case NL80211_IFTYPE_P2P_GO:
7695 break;
7696 default:
7697 return -EOPNOTSUPP;
7698 }
7699
7700 if (info->attrs[NL80211_ATTR_DURATION]) {
7701 if (!(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
7702 return -EINVAL;
7703 params.wait = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
7704
7705 /*
7706 * We should wait on the channel for at least a minimum amount
7707 * of time (10ms) but no longer than the driver supports.
7708 */
7709 if (params.wait < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
7710 params.wait > rdev->wiphy.max_remain_on_channel_duration)
7711 return -EINVAL;
7712
7713 }
7714
7715 params.offchan = info->attrs[NL80211_ATTR_OFFCHANNEL_TX_OK];
7716
7717 if (params.offchan && !(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
7718 return -EINVAL;
7719
7720 params.no_cck = nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
7721
7722 /* get the channel if any has been specified, otherwise pass NULL to
7723 * the driver. The latter will use the current one
7724 */
7725 chandef.chan = NULL;
7726 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
7727 err = nl80211_parse_chandef(rdev, info, &chandef);
7728 if (err)
7729 return err;
7730 }
7731
7732 if (!chandef.chan && params.offchan)
7733 return -EINVAL;
7734
7735 if (!params.dont_wait_for_ack) {
7736 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
7737 if (!msg)
7738 return -ENOMEM;
7739
7740 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
7741 NL80211_CMD_FRAME);
7742 if (!hdr) {
7743 err = -ENOBUFS;
7744 goto free_msg;
7745 }
7746 }
7747
7748 params.buf = nla_data(info->attrs[NL80211_ATTR_FRAME]);
7749 params.len = nla_len(info->attrs[NL80211_ATTR_FRAME]);
7750 params.chan = chandef.chan;
7751 err = cfg80211_mlme_mgmt_tx(rdev, wdev, &params, &cookie);
7752 if (err)
7753 goto free_msg;
7754
7755 if (msg) {
7756 if (nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie))
7757 goto nla_put_failure;
7758
7759 genlmsg_end(msg, hdr);
7760 return genlmsg_reply(msg, info);
7761 }
7762
7763 return 0;
7764
7765 nla_put_failure:
7766 err = -ENOBUFS;
7767 free_msg:
7768 nlmsg_free(msg);
7769 return err;
7770 }
7771
7772 static int nl80211_tx_mgmt_cancel_wait(struct sk_buff *skb, struct genl_info *info)
7773 {
7774 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7775 struct wireless_dev *wdev = info->user_ptr[1];
7776 u64 cookie;
7777
7778 if (!info->attrs[NL80211_ATTR_COOKIE])
7779 return -EINVAL;
7780
7781 if (!rdev->ops->mgmt_tx_cancel_wait)
7782 return -EOPNOTSUPP;
7783
7784 switch (wdev->iftype) {
7785 case NL80211_IFTYPE_STATION:
7786 case NL80211_IFTYPE_ADHOC:
7787 case NL80211_IFTYPE_P2P_CLIENT:
7788 case NL80211_IFTYPE_AP:
7789 case NL80211_IFTYPE_AP_VLAN:
7790 case NL80211_IFTYPE_P2P_GO:
7791 case NL80211_IFTYPE_P2P_DEVICE:
7792 break;
7793 default:
7794 return -EOPNOTSUPP;
7795 }
7796
7797 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
7798
7799 return rdev_mgmt_tx_cancel_wait(rdev, wdev, cookie);
7800 }
7801
7802 static int nl80211_set_power_save(struct sk_buff *skb, struct genl_info *info)
7803 {
7804 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7805 struct wireless_dev *wdev;
7806 struct net_device *dev = info->user_ptr[1];
7807 u8 ps_state;
7808 bool state;
7809 int err;
7810
7811 if (!info->attrs[NL80211_ATTR_PS_STATE])
7812 return -EINVAL;
7813
7814 ps_state = nla_get_u32(info->attrs[NL80211_ATTR_PS_STATE]);
7815
7816 if (ps_state != NL80211_PS_DISABLED && ps_state != NL80211_PS_ENABLED)
7817 return -EINVAL;
7818
7819 wdev = dev->ieee80211_ptr;
7820
7821 if (!rdev->ops->set_power_mgmt)
7822 return -EOPNOTSUPP;
7823
7824 state = (ps_state == NL80211_PS_ENABLED) ? true : false;
7825
7826 if (state == wdev->ps)
7827 return 0;
7828
7829 err = rdev_set_power_mgmt(rdev, dev, state, wdev->ps_timeout);
7830 if (!err)
7831 wdev->ps = state;
7832 return err;
7833 }
7834
7835 static int nl80211_get_power_save(struct sk_buff *skb, struct genl_info *info)
7836 {
7837 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7838 enum nl80211_ps_state ps_state;
7839 struct wireless_dev *wdev;
7840 struct net_device *dev = info->user_ptr[1];
7841 struct sk_buff *msg;
7842 void *hdr;
7843 int err;
7844
7845 wdev = dev->ieee80211_ptr;
7846
7847 if (!rdev->ops->set_power_mgmt)
7848 return -EOPNOTSUPP;
7849
7850 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
7851 if (!msg)
7852 return -ENOMEM;
7853
7854 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
7855 NL80211_CMD_GET_POWER_SAVE);
7856 if (!hdr) {
7857 err = -ENOBUFS;
7858 goto free_msg;
7859 }
7860
7861 if (wdev->ps)
7862 ps_state = NL80211_PS_ENABLED;
7863 else
7864 ps_state = NL80211_PS_DISABLED;
7865
7866 if (nla_put_u32(msg, NL80211_ATTR_PS_STATE, ps_state))
7867 goto nla_put_failure;
7868
7869 genlmsg_end(msg, hdr);
7870 return genlmsg_reply(msg, info);
7871
7872 nla_put_failure:
7873 err = -ENOBUFS;
7874 free_msg:
7875 nlmsg_free(msg);
7876 return err;
7877 }
7878
7879 static const struct nla_policy
7880 nl80211_attr_cqm_policy[NL80211_ATTR_CQM_MAX + 1] = {
7881 [NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_U32 },
7882 [NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U32 },
7883 [NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 },
7884 [NL80211_ATTR_CQM_TXE_RATE] = { .type = NLA_U32 },
7885 [NL80211_ATTR_CQM_TXE_PKTS] = { .type = NLA_U32 },
7886 [NL80211_ATTR_CQM_TXE_INTVL] = { .type = NLA_U32 },
7887 };
7888
7889 static int nl80211_set_cqm_txe(struct genl_info *info,
7890 u32 rate, u32 pkts, u32 intvl)
7891 {
7892 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7893 struct net_device *dev = info->user_ptr[1];
7894 struct wireless_dev *wdev = dev->ieee80211_ptr;
7895
7896 if (rate > 100 || intvl > NL80211_CQM_TXE_MAX_INTVL)
7897 return -EINVAL;
7898
7899 if (!rdev->ops->set_cqm_txe_config)
7900 return -EOPNOTSUPP;
7901
7902 if (wdev->iftype != NL80211_IFTYPE_STATION &&
7903 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
7904 return -EOPNOTSUPP;
7905
7906 return rdev_set_cqm_txe_config(rdev, dev, rate, pkts, intvl);
7907 }
7908
7909 static int nl80211_set_cqm_rssi(struct genl_info *info,
7910 s32 threshold, u32 hysteresis)
7911 {
7912 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7913 struct net_device *dev = info->user_ptr[1];
7914 struct wireless_dev *wdev = dev->ieee80211_ptr;
7915
7916 if (threshold > 0)
7917 return -EINVAL;
7918
7919 /* disabling - hysteresis should also be zero then */
7920 if (threshold == 0)
7921 hysteresis = 0;
7922
7923 if (!rdev->ops->set_cqm_rssi_config)
7924 return -EOPNOTSUPP;
7925
7926 if (wdev->iftype != NL80211_IFTYPE_STATION &&
7927 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
7928 return -EOPNOTSUPP;
7929
7930 return rdev_set_cqm_rssi_config(rdev, dev, threshold, hysteresis);
7931 }
7932
7933 static int nl80211_set_cqm(struct sk_buff *skb, struct genl_info *info)
7934 {
7935 struct nlattr *attrs[NL80211_ATTR_CQM_MAX + 1];
7936 struct nlattr *cqm;
7937 int err;
7938
7939 cqm = info->attrs[NL80211_ATTR_CQM];
7940 if (!cqm)
7941 return -EINVAL;
7942
7943 err = nla_parse_nested(attrs, NL80211_ATTR_CQM_MAX, cqm,
7944 nl80211_attr_cqm_policy);
7945 if (err)
7946 return err;
7947
7948 if (attrs[NL80211_ATTR_CQM_RSSI_THOLD] &&
7949 attrs[NL80211_ATTR_CQM_RSSI_HYST]) {
7950 s32 threshold = nla_get_s32(attrs[NL80211_ATTR_CQM_RSSI_THOLD]);
7951 u32 hysteresis = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_HYST]);
7952
7953 return nl80211_set_cqm_rssi(info, threshold, hysteresis);
7954 }
7955
7956 if (attrs[NL80211_ATTR_CQM_TXE_RATE] &&
7957 attrs[NL80211_ATTR_CQM_TXE_PKTS] &&
7958 attrs[NL80211_ATTR_CQM_TXE_INTVL]) {
7959 u32 rate = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_RATE]);
7960 u32 pkts = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_PKTS]);
7961 u32 intvl = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_INTVL]);
7962
7963 return nl80211_set_cqm_txe(info, rate, pkts, intvl);
7964 }
7965
7966 return -EINVAL;
7967 }
7968
7969 static int nl80211_join_mesh(struct sk_buff *skb, struct genl_info *info)
7970 {
7971 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7972 struct net_device *dev = info->user_ptr[1];
7973 struct mesh_config cfg;
7974 struct mesh_setup setup;
7975 int err;
7976
7977 /* start with default */
7978 memcpy(&cfg, &default_mesh_config, sizeof(cfg));
7979 memcpy(&setup, &default_mesh_setup, sizeof(setup));
7980
7981 if (info->attrs[NL80211_ATTR_MESH_CONFIG]) {
7982 /* and parse parameters if given */
7983 err = nl80211_parse_mesh_config(info, &cfg, NULL);
7984 if (err)
7985 return err;
7986 }
7987
7988 if (!info->attrs[NL80211_ATTR_MESH_ID] ||
7989 !nla_len(info->attrs[NL80211_ATTR_MESH_ID]))
7990 return -EINVAL;
7991
7992 setup.mesh_id = nla_data(info->attrs[NL80211_ATTR_MESH_ID]);
7993 setup.mesh_id_len = nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
7994
7995 if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
7996 !nl80211_parse_mcast_rate(rdev, setup.mcast_rate,
7997 nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
7998 return -EINVAL;
7999
8000 if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) {
8001 setup.beacon_interval =
8002 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
8003 if (setup.beacon_interval < 10 ||
8004 setup.beacon_interval > 10000)
8005 return -EINVAL;
8006 }
8007
8008 if (info->attrs[NL80211_ATTR_DTIM_PERIOD]) {
8009 setup.dtim_period =
8010 nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
8011 if (setup.dtim_period < 1 || setup.dtim_period > 100)
8012 return -EINVAL;
8013 }
8014
8015 if (info->attrs[NL80211_ATTR_MESH_SETUP]) {
8016 /* parse additional setup parameters if given */
8017 err = nl80211_parse_mesh_setup(info, &setup);
8018 if (err)
8019 return err;
8020 }
8021
8022 if (setup.user_mpm)
8023 cfg.auto_open_plinks = false;
8024
8025 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
8026 err = nl80211_parse_chandef(rdev, info, &setup.chandef);
8027 if (err)
8028 return err;
8029 } else {
8030 /* cfg80211_join_mesh() will sort it out */
8031 setup.chandef.chan = NULL;
8032 }
8033
8034 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
8035 u8 *rates = nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
8036 int n_rates =
8037 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
8038 struct ieee80211_supported_band *sband;
8039
8040 if (!setup.chandef.chan)
8041 return -EINVAL;
8042
8043 sband = rdev->wiphy.bands[setup.chandef.chan->band];
8044
8045 err = ieee80211_get_ratemask(sband, rates, n_rates,
8046 &setup.basic_rates);
8047 if (err)
8048 return err;
8049 }
8050
8051 return cfg80211_join_mesh(rdev, dev, &setup, &cfg);
8052 }
8053
8054 static int nl80211_leave_mesh(struct sk_buff *skb, struct genl_info *info)
8055 {
8056 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8057 struct net_device *dev = info->user_ptr[1];
8058
8059 return cfg80211_leave_mesh(rdev, dev);
8060 }
8061
8062 #ifdef CONFIG_PM
8063 static int nl80211_send_wowlan_patterns(struct sk_buff *msg,
8064 struct cfg80211_registered_device *rdev)
8065 {
8066 struct cfg80211_wowlan *wowlan = rdev->wiphy.wowlan_config;
8067 struct nlattr *nl_pats, *nl_pat;
8068 int i, pat_len;
8069
8070 if (!wowlan->n_patterns)
8071 return 0;
8072
8073 nl_pats = nla_nest_start(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN);
8074 if (!nl_pats)
8075 return -ENOBUFS;
8076
8077 for (i = 0; i < wowlan->n_patterns; i++) {
8078 nl_pat = nla_nest_start(msg, i + 1);
8079 if (!nl_pat)
8080 return -ENOBUFS;
8081 pat_len = wowlan->patterns[i].pattern_len;
8082 if (nla_put(msg, NL80211_PKTPAT_MASK, DIV_ROUND_UP(pat_len, 8),
8083 wowlan->patterns[i].mask) ||
8084 nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len,
8085 wowlan->patterns[i].pattern) ||
8086 nla_put_u32(msg, NL80211_PKTPAT_OFFSET,
8087 wowlan->patterns[i].pkt_offset))
8088 return -ENOBUFS;
8089 nla_nest_end(msg, nl_pat);
8090 }
8091 nla_nest_end(msg, nl_pats);
8092
8093 return 0;
8094 }
8095
8096 static int nl80211_send_wowlan_tcp(struct sk_buff *msg,
8097 struct cfg80211_wowlan_tcp *tcp)
8098 {
8099 struct nlattr *nl_tcp;
8100
8101 if (!tcp)
8102 return 0;
8103
8104 nl_tcp = nla_nest_start(msg, NL80211_WOWLAN_TRIG_TCP_CONNECTION);
8105 if (!nl_tcp)
8106 return -ENOBUFS;
8107
8108 if (nla_put_be32(msg, NL80211_WOWLAN_TCP_SRC_IPV4, tcp->src) ||
8109 nla_put_be32(msg, NL80211_WOWLAN_TCP_DST_IPV4, tcp->dst) ||
8110 nla_put(msg, NL80211_WOWLAN_TCP_DST_MAC, ETH_ALEN, tcp->dst_mac) ||
8111 nla_put_u16(msg, NL80211_WOWLAN_TCP_SRC_PORT, tcp->src_port) ||
8112 nla_put_u16(msg, NL80211_WOWLAN_TCP_DST_PORT, tcp->dst_port) ||
8113 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
8114 tcp->payload_len, tcp->payload) ||
8115 nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
8116 tcp->data_interval) ||
8117 nla_put(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
8118 tcp->wake_len, tcp->wake_data) ||
8119 nla_put(msg, NL80211_WOWLAN_TCP_WAKE_MASK,
8120 DIV_ROUND_UP(tcp->wake_len, 8), tcp->wake_mask))
8121 return -ENOBUFS;
8122
8123 if (tcp->payload_seq.len &&
8124 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ,
8125 sizeof(tcp->payload_seq), &tcp->payload_seq))
8126 return -ENOBUFS;
8127
8128 if (tcp->payload_tok.len &&
8129 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
8130 sizeof(tcp->payload_tok) + tcp->tokens_size,
8131 &tcp->payload_tok))
8132 return -ENOBUFS;
8133
8134 nla_nest_end(msg, nl_tcp);
8135
8136 return 0;
8137 }
8138
8139 static int nl80211_get_wowlan(struct sk_buff *skb, struct genl_info *info)
8140 {
8141 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8142 struct sk_buff *msg;
8143 void *hdr;
8144 u32 size = NLMSG_DEFAULT_SIZE;
8145
8146 if (!rdev->wiphy.wowlan)
8147 return -EOPNOTSUPP;
8148
8149 if (rdev->wiphy.wowlan_config && rdev->wiphy.wowlan_config->tcp) {
8150 /* adjust size to have room for all the data */
8151 size += rdev->wiphy.wowlan_config->tcp->tokens_size +
8152 rdev->wiphy.wowlan_config->tcp->payload_len +
8153 rdev->wiphy.wowlan_config->tcp->wake_len +
8154 rdev->wiphy.wowlan_config->tcp->wake_len / 8;
8155 }
8156
8157 msg = nlmsg_new(size, GFP_KERNEL);
8158 if (!msg)
8159 return -ENOMEM;
8160
8161 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
8162 NL80211_CMD_GET_WOWLAN);
8163 if (!hdr)
8164 goto nla_put_failure;
8165
8166 if (rdev->wiphy.wowlan_config) {
8167 struct nlattr *nl_wowlan;
8168
8169 nl_wowlan = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS);
8170 if (!nl_wowlan)
8171 goto nla_put_failure;
8172
8173 if ((rdev->wiphy.wowlan_config->any &&
8174 nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
8175 (rdev->wiphy.wowlan_config->disconnect &&
8176 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
8177 (rdev->wiphy.wowlan_config->magic_pkt &&
8178 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
8179 (rdev->wiphy.wowlan_config->gtk_rekey_failure &&
8180 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
8181 (rdev->wiphy.wowlan_config->eap_identity_req &&
8182 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
8183 (rdev->wiphy.wowlan_config->four_way_handshake &&
8184 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
8185 (rdev->wiphy.wowlan_config->rfkill_release &&
8186 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
8187 goto nla_put_failure;
8188
8189 if (nl80211_send_wowlan_patterns(msg, rdev))
8190 goto nla_put_failure;
8191
8192 if (nl80211_send_wowlan_tcp(msg,
8193 rdev->wiphy.wowlan_config->tcp))
8194 goto nla_put_failure;
8195
8196 nla_nest_end(msg, nl_wowlan);
8197 }
8198
8199 genlmsg_end(msg, hdr);
8200 return genlmsg_reply(msg, info);
8201
8202 nla_put_failure:
8203 nlmsg_free(msg);
8204 return -ENOBUFS;
8205 }
8206
8207 static int nl80211_parse_wowlan_tcp(struct cfg80211_registered_device *rdev,
8208 struct nlattr *attr,
8209 struct cfg80211_wowlan *trig)
8210 {
8211 struct nlattr *tb[NUM_NL80211_WOWLAN_TCP];
8212 struct cfg80211_wowlan_tcp *cfg;
8213 struct nl80211_wowlan_tcp_data_token *tok = NULL;
8214 struct nl80211_wowlan_tcp_data_seq *seq = NULL;
8215 u32 size;
8216 u32 data_size, wake_size, tokens_size = 0, wake_mask_size;
8217 int err, port;
8218
8219 if (!rdev->wiphy.wowlan->tcp)
8220 return -EINVAL;
8221
8222 err = nla_parse(tb, MAX_NL80211_WOWLAN_TCP,
8223 nla_data(attr), nla_len(attr),
8224 nl80211_wowlan_tcp_policy);
8225 if (err)
8226 return err;
8227
8228 if (!tb[NL80211_WOWLAN_TCP_SRC_IPV4] ||
8229 !tb[NL80211_WOWLAN_TCP_DST_IPV4] ||
8230 !tb[NL80211_WOWLAN_TCP_DST_MAC] ||
8231 !tb[NL80211_WOWLAN_TCP_DST_PORT] ||
8232 !tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD] ||
8233 !tb[NL80211_WOWLAN_TCP_DATA_INTERVAL] ||
8234 !tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD] ||
8235 !tb[NL80211_WOWLAN_TCP_WAKE_MASK])
8236 return -EINVAL;
8237
8238 data_size = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]);
8239 if (data_size > rdev->wiphy.wowlan->tcp->data_payload_max)
8240 return -EINVAL;
8241
8242 if (nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) >
8243 rdev->wiphy.wowlan->tcp->data_interval_max ||
8244 nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) == 0)
8245 return -EINVAL;
8246
8247 wake_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]);
8248 if (wake_size > rdev->wiphy.wowlan->tcp->wake_payload_max)
8249 return -EINVAL;
8250
8251 wake_mask_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_MASK]);
8252 if (wake_mask_size != DIV_ROUND_UP(wake_size, 8))
8253 return -EINVAL;
8254
8255 if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]) {
8256 u32 tokln = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]);
8257
8258 tok = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]);
8259 tokens_size = tokln - sizeof(*tok);
8260
8261 if (!tok->len || tokens_size % tok->len)
8262 return -EINVAL;
8263 if (!rdev->wiphy.wowlan->tcp->tok)
8264 return -EINVAL;
8265 if (tok->len > rdev->wiphy.wowlan->tcp->tok->max_len)
8266 return -EINVAL;
8267 if (tok->len < rdev->wiphy.wowlan->tcp->tok->min_len)
8268 return -EINVAL;
8269 if (tokens_size > rdev->wiphy.wowlan->tcp->tok->bufsize)
8270 return -EINVAL;
8271 if (tok->offset + tok->len > data_size)
8272 return -EINVAL;
8273 }
8274
8275 if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]) {
8276 seq = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]);
8277 if (!rdev->wiphy.wowlan->tcp->seq)
8278 return -EINVAL;
8279 if (seq->len == 0 || seq->len > 4)
8280 return -EINVAL;
8281 if (seq->len + seq->offset > data_size)
8282 return -EINVAL;
8283 }
8284
8285 size = sizeof(*cfg);
8286 size += data_size;
8287 size += wake_size + wake_mask_size;
8288 size += tokens_size;
8289
8290 cfg = kzalloc(size, GFP_KERNEL);
8291 if (!cfg)
8292 return -ENOMEM;
8293 cfg->src = nla_get_be32(tb[NL80211_WOWLAN_TCP_SRC_IPV4]);
8294 cfg->dst = nla_get_be32(tb[NL80211_WOWLAN_TCP_DST_IPV4]);
8295 memcpy(cfg->dst_mac, nla_data(tb[NL80211_WOWLAN_TCP_DST_MAC]),
8296 ETH_ALEN);
8297 if (tb[NL80211_WOWLAN_TCP_SRC_PORT])
8298 port = nla_get_u16(tb[NL80211_WOWLAN_TCP_SRC_PORT]);
8299 else
8300 port = 0;
8301 #ifdef CONFIG_INET
8302 /* allocate a socket and port for it and use it */
8303 err = __sock_create(wiphy_net(&rdev->wiphy), PF_INET, SOCK_STREAM,
8304 IPPROTO_TCP, &cfg->sock, 1);
8305 if (err) {
8306 kfree(cfg);
8307 return err;
8308 }
8309 if (inet_csk_get_port(cfg->sock->sk, port)) {
8310 sock_release(cfg->sock);
8311 kfree(cfg);
8312 return -EADDRINUSE;
8313 }
8314 cfg->src_port = inet_sk(cfg->sock->sk)->inet_num;
8315 #else
8316 if (!port) {
8317 kfree(cfg);
8318 return -EINVAL;
8319 }
8320 cfg->src_port = port;
8321 #endif
8322
8323 cfg->dst_port = nla_get_u16(tb[NL80211_WOWLAN_TCP_DST_PORT]);
8324 cfg->payload_len = data_size;
8325 cfg->payload = (u8 *)cfg + sizeof(*cfg) + tokens_size;
8326 memcpy((void *)cfg->payload,
8327 nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]),
8328 data_size);
8329 if (seq)
8330 cfg->payload_seq = *seq;
8331 cfg->data_interval = nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]);
8332 cfg->wake_len = wake_size;
8333 cfg->wake_data = (u8 *)cfg + sizeof(*cfg) + tokens_size + data_size;
8334 memcpy((void *)cfg->wake_data,
8335 nla_data(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]),
8336 wake_size);
8337 cfg->wake_mask = (u8 *)cfg + sizeof(*cfg) + tokens_size +
8338 data_size + wake_size;
8339 memcpy((void *)cfg->wake_mask,
8340 nla_data(tb[NL80211_WOWLAN_TCP_WAKE_MASK]),
8341 wake_mask_size);
8342 if (tok) {
8343 cfg->tokens_size = tokens_size;
8344 memcpy(&cfg->payload_tok, tok, sizeof(*tok) + tokens_size);
8345 }
8346
8347 trig->tcp = cfg;
8348
8349 return 0;
8350 }
8351
8352 static int nl80211_set_wowlan(struct sk_buff *skb, struct genl_info *info)
8353 {
8354 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8355 struct nlattr *tb[NUM_NL80211_WOWLAN_TRIG];
8356 struct cfg80211_wowlan new_triggers = {};
8357 struct cfg80211_wowlan *ntrig;
8358 const struct wiphy_wowlan_support *wowlan = rdev->wiphy.wowlan;
8359 int err, i;
8360 bool prev_enabled = rdev->wiphy.wowlan_config;
8361
8362 if (!wowlan)
8363 return -EOPNOTSUPP;
8364
8365 if (!info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]) {
8366 cfg80211_rdev_free_wowlan(rdev);
8367 rdev->wiphy.wowlan_config = NULL;
8368 goto set_wakeup;
8369 }
8370
8371 err = nla_parse(tb, MAX_NL80211_WOWLAN_TRIG,
8372 nla_data(info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]),
8373 nla_len(info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]),
8374 nl80211_wowlan_policy);
8375 if (err)
8376 return err;
8377
8378 if (tb[NL80211_WOWLAN_TRIG_ANY]) {
8379 if (!(wowlan->flags & WIPHY_WOWLAN_ANY))
8380 return -EINVAL;
8381 new_triggers.any = true;
8382 }
8383
8384 if (tb[NL80211_WOWLAN_TRIG_DISCONNECT]) {
8385 if (!(wowlan->flags & WIPHY_WOWLAN_DISCONNECT))
8386 return -EINVAL;
8387 new_triggers.disconnect = true;
8388 }
8389
8390 if (tb[NL80211_WOWLAN_TRIG_MAGIC_PKT]) {
8391 if (!(wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT))
8392 return -EINVAL;
8393 new_triggers.magic_pkt = true;
8394 }
8395
8396 if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED])
8397 return -EINVAL;
8398
8399 if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE]) {
8400 if (!(wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE))
8401 return -EINVAL;
8402 new_triggers.gtk_rekey_failure = true;
8403 }
8404
8405 if (tb[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST]) {
8406 if (!(wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ))
8407 return -EINVAL;
8408 new_triggers.eap_identity_req = true;
8409 }
8410
8411 if (tb[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE]) {
8412 if (!(wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE))
8413 return -EINVAL;
8414 new_triggers.four_way_handshake = true;
8415 }
8416
8417 if (tb[NL80211_WOWLAN_TRIG_RFKILL_RELEASE]) {
8418 if (!(wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE))
8419 return -EINVAL;
8420 new_triggers.rfkill_release = true;
8421 }
8422
8423 if (tb[NL80211_WOWLAN_TRIG_PKT_PATTERN]) {
8424 struct nlattr *pat;
8425 int n_patterns = 0;
8426 int rem, pat_len, mask_len, pkt_offset;
8427 struct nlattr *pat_tb[NUM_NL80211_PKTPAT];
8428
8429 nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
8430 rem)
8431 n_patterns++;
8432 if (n_patterns > wowlan->n_patterns)
8433 return -EINVAL;
8434
8435 new_triggers.patterns = kcalloc(n_patterns,
8436 sizeof(new_triggers.patterns[0]),
8437 GFP_KERNEL);
8438 if (!new_triggers.patterns)
8439 return -ENOMEM;
8440
8441 new_triggers.n_patterns = n_patterns;
8442 i = 0;
8443
8444 nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
8445 rem) {
8446 nla_parse(pat_tb, MAX_NL80211_PKTPAT, nla_data(pat),
8447 nla_len(pat), NULL);
8448 err = -EINVAL;
8449 if (!pat_tb[NL80211_PKTPAT_MASK] ||
8450 !pat_tb[NL80211_PKTPAT_PATTERN])
8451 goto error;
8452 pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]);
8453 mask_len = DIV_ROUND_UP(pat_len, 8);
8454 if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len)
8455 goto error;
8456 if (pat_len > wowlan->pattern_max_len ||
8457 pat_len < wowlan->pattern_min_len)
8458 goto error;
8459
8460 if (!pat_tb[NL80211_PKTPAT_OFFSET])
8461 pkt_offset = 0;
8462 else
8463 pkt_offset = nla_get_u32(
8464 pat_tb[NL80211_PKTPAT_OFFSET]);
8465 if (pkt_offset > wowlan->max_pkt_offset)
8466 goto error;
8467 new_triggers.patterns[i].pkt_offset = pkt_offset;
8468
8469 new_triggers.patterns[i].mask =
8470 kmalloc(mask_len + pat_len, GFP_KERNEL);
8471 if (!new_triggers.patterns[i].mask) {
8472 err = -ENOMEM;
8473 goto error;
8474 }
8475 new_triggers.patterns[i].pattern =
8476 new_triggers.patterns[i].mask + mask_len;
8477 memcpy(new_triggers.patterns[i].mask,
8478 nla_data(pat_tb[NL80211_PKTPAT_MASK]),
8479 mask_len);
8480 new_triggers.patterns[i].pattern_len = pat_len;
8481 memcpy(new_triggers.patterns[i].pattern,
8482 nla_data(pat_tb[NL80211_PKTPAT_PATTERN]),
8483 pat_len);
8484 i++;
8485 }
8486 }
8487
8488 if (tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION]) {
8489 err = nl80211_parse_wowlan_tcp(
8490 rdev, tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION],
8491 &new_triggers);
8492 if (err)
8493 goto error;
8494 }
8495
8496 ntrig = kmemdup(&new_triggers, sizeof(new_triggers), GFP_KERNEL);
8497 if (!ntrig) {
8498 err = -ENOMEM;
8499 goto error;
8500 }
8501 cfg80211_rdev_free_wowlan(rdev);
8502 rdev->wiphy.wowlan_config = ntrig;
8503
8504 set_wakeup:
8505 if (rdev->ops->set_wakeup &&
8506 prev_enabled != !!rdev->wiphy.wowlan_config)
8507 rdev_set_wakeup(rdev, rdev->wiphy.wowlan_config);
8508
8509 return 0;
8510 error:
8511 for (i = 0; i < new_triggers.n_patterns; i++)
8512 kfree(new_triggers.patterns[i].mask);
8513 kfree(new_triggers.patterns);
8514 if (new_triggers.tcp && new_triggers.tcp->sock)
8515 sock_release(new_triggers.tcp->sock);
8516 kfree(new_triggers.tcp);
8517 return err;
8518 }
8519 #endif
8520
8521 static int nl80211_send_coalesce_rules(struct sk_buff *msg,
8522 struct cfg80211_registered_device *rdev)
8523 {
8524 struct nlattr *nl_pats, *nl_pat, *nl_rule, *nl_rules;
8525 int i, j, pat_len;
8526 struct cfg80211_coalesce_rules *rule;
8527
8528 if (!rdev->coalesce->n_rules)
8529 return 0;
8530
8531 nl_rules = nla_nest_start(msg, NL80211_ATTR_COALESCE_RULE);
8532 if (!nl_rules)
8533 return -ENOBUFS;
8534
8535 for (i = 0; i < rdev->coalesce->n_rules; i++) {
8536 nl_rule = nla_nest_start(msg, i + 1);
8537 if (!nl_rule)
8538 return -ENOBUFS;
8539
8540 rule = &rdev->coalesce->rules[i];
8541 if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_DELAY,
8542 rule->delay))
8543 return -ENOBUFS;
8544
8545 if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_CONDITION,
8546 rule->condition))
8547 return -ENOBUFS;
8548
8549 nl_pats = nla_nest_start(msg,
8550 NL80211_ATTR_COALESCE_RULE_PKT_PATTERN);
8551 if (!nl_pats)
8552 return -ENOBUFS;
8553
8554 for (j = 0; j < rule->n_patterns; j++) {
8555 nl_pat = nla_nest_start(msg, j + 1);
8556 if (!nl_pat)
8557 return -ENOBUFS;
8558 pat_len = rule->patterns[j].pattern_len;
8559 if (nla_put(msg, NL80211_PKTPAT_MASK,
8560 DIV_ROUND_UP(pat_len, 8),
8561 rule->patterns[j].mask) ||
8562 nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len,
8563 rule->patterns[j].pattern) ||
8564 nla_put_u32(msg, NL80211_PKTPAT_OFFSET,
8565 rule->patterns[j].pkt_offset))
8566 return -ENOBUFS;
8567 nla_nest_end(msg, nl_pat);
8568 }
8569 nla_nest_end(msg, nl_pats);
8570 nla_nest_end(msg, nl_rule);
8571 }
8572 nla_nest_end(msg, nl_rules);
8573
8574 return 0;
8575 }
8576
8577 static int nl80211_get_coalesce(struct sk_buff *skb, struct genl_info *info)
8578 {
8579 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8580 struct sk_buff *msg;
8581 void *hdr;
8582
8583 if (!rdev->wiphy.coalesce)
8584 return -EOPNOTSUPP;
8585
8586 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
8587 if (!msg)
8588 return -ENOMEM;
8589
8590 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
8591 NL80211_CMD_GET_COALESCE);
8592 if (!hdr)
8593 goto nla_put_failure;
8594
8595 if (rdev->coalesce && nl80211_send_coalesce_rules(msg, rdev))
8596 goto nla_put_failure;
8597
8598 genlmsg_end(msg, hdr);
8599 return genlmsg_reply(msg, info);
8600
8601 nla_put_failure:
8602 nlmsg_free(msg);
8603 return -ENOBUFS;
8604 }
8605
8606 void cfg80211_rdev_free_coalesce(struct cfg80211_registered_device *rdev)
8607 {
8608 struct cfg80211_coalesce *coalesce = rdev->coalesce;
8609 int i, j;
8610 struct cfg80211_coalesce_rules *rule;
8611
8612 if (!coalesce)
8613 return;
8614
8615 for (i = 0; i < coalesce->n_rules; i++) {
8616 rule = &coalesce->rules[i];
8617 for (j = 0; j < rule->n_patterns; j++)
8618 kfree(rule->patterns[j].mask);
8619 kfree(rule->patterns);
8620 }
8621 kfree(coalesce->rules);
8622 kfree(coalesce);
8623 rdev->coalesce = NULL;
8624 }
8625
8626 static int nl80211_parse_coalesce_rule(struct cfg80211_registered_device *rdev,
8627 struct nlattr *rule,
8628 struct cfg80211_coalesce_rules *new_rule)
8629 {
8630 int err, i;
8631 const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce;
8632 struct nlattr *tb[NUM_NL80211_ATTR_COALESCE_RULE], *pat;
8633 int rem, pat_len, mask_len, pkt_offset, n_patterns = 0;
8634 struct nlattr *pat_tb[NUM_NL80211_PKTPAT];
8635
8636 err = nla_parse(tb, NL80211_ATTR_COALESCE_RULE_MAX, nla_data(rule),
8637 nla_len(rule), nl80211_coalesce_policy);
8638 if (err)
8639 return err;
8640
8641 if (tb[NL80211_ATTR_COALESCE_RULE_DELAY])
8642 new_rule->delay =
8643 nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_DELAY]);
8644 if (new_rule->delay > coalesce->max_delay)
8645 return -EINVAL;
8646
8647 if (tb[NL80211_ATTR_COALESCE_RULE_CONDITION])
8648 new_rule->condition =
8649 nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_CONDITION]);
8650 if (new_rule->condition != NL80211_COALESCE_CONDITION_MATCH &&
8651 new_rule->condition != NL80211_COALESCE_CONDITION_NO_MATCH)
8652 return -EINVAL;
8653
8654 if (!tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN])
8655 return -EINVAL;
8656
8657 nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN],
8658 rem)
8659 n_patterns++;
8660 if (n_patterns > coalesce->n_patterns)
8661 return -EINVAL;
8662
8663 new_rule->patterns = kcalloc(n_patterns, sizeof(new_rule->patterns[0]),
8664 GFP_KERNEL);
8665 if (!new_rule->patterns)
8666 return -ENOMEM;
8667
8668 new_rule->n_patterns = n_patterns;
8669 i = 0;
8670
8671 nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN],
8672 rem) {
8673 nla_parse(pat_tb, MAX_NL80211_PKTPAT, nla_data(pat),
8674 nla_len(pat), NULL);
8675 if (!pat_tb[NL80211_PKTPAT_MASK] ||
8676 !pat_tb[NL80211_PKTPAT_PATTERN])
8677 return -EINVAL;
8678 pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]);
8679 mask_len = DIV_ROUND_UP(pat_len, 8);
8680 if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len)
8681 return -EINVAL;
8682 if (pat_len > coalesce->pattern_max_len ||
8683 pat_len < coalesce->pattern_min_len)
8684 return -EINVAL;
8685
8686 if (!pat_tb[NL80211_PKTPAT_OFFSET])
8687 pkt_offset = 0;
8688 else
8689 pkt_offset = nla_get_u32(pat_tb[NL80211_PKTPAT_OFFSET]);
8690 if (pkt_offset > coalesce->max_pkt_offset)
8691 return -EINVAL;
8692 new_rule->patterns[i].pkt_offset = pkt_offset;
8693
8694 new_rule->patterns[i].mask =
8695 kmalloc(mask_len + pat_len, GFP_KERNEL);
8696 if (!new_rule->patterns[i].mask)
8697 return -ENOMEM;
8698 new_rule->patterns[i].pattern =
8699 new_rule->patterns[i].mask + mask_len;
8700 memcpy(new_rule->patterns[i].mask,
8701 nla_data(pat_tb[NL80211_PKTPAT_MASK]), mask_len);
8702 new_rule->patterns[i].pattern_len = pat_len;
8703 memcpy(new_rule->patterns[i].pattern,
8704 nla_data(pat_tb[NL80211_PKTPAT_PATTERN]), pat_len);
8705 i++;
8706 }
8707
8708 return 0;
8709 }
8710
8711 static int nl80211_set_coalesce(struct sk_buff *skb, struct genl_info *info)
8712 {
8713 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8714 const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce;
8715 struct cfg80211_coalesce new_coalesce = {};
8716 struct cfg80211_coalesce *n_coalesce;
8717 int err, rem_rule, n_rules = 0, i, j;
8718 struct nlattr *rule;
8719 struct cfg80211_coalesce_rules *tmp_rule;
8720
8721 if (!rdev->wiphy.coalesce || !rdev->ops->set_coalesce)
8722 return -EOPNOTSUPP;
8723
8724 if (!info->attrs[NL80211_ATTR_COALESCE_RULE]) {
8725 cfg80211_rdev_free_coalesce(rdev);
8726 rdev->ops->set_coalesce(&rdev->wiphy, NULL);
8727 return 0;
8728 }
8729
8730 nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE],
8731 rem_rule)
8732 n_rules++;
8733 if (n_rules > coalesce->n_rules)
8734 return -EINVAL;
8735
8736 new_coalesce.rules = kcalloc(n_rules, sizeof(new_coalesce.rules[0]),
8737 GFP_KERNEL);
8738 if (!new_coalesce.rules)
8739 return -ENOMEM;
8740
8741 new_coalesce.n_rules = n_rules;
8742 i = 0;
8743
8744 nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE],
8745 rem_rule) {
8746 err = nl80211_parse_coalesce_rule(rdev, rule,
8747 &new_coalesce.rules[i]);
8748 if (err)
8749 goto error;
8750
8751 i++;
8752 }
8753
8754 err = rdev->ops->set_coalesce(&rdev->wiphy, &new_coalesce);
8755 if (err)
8756 goto error;
8757
8758 n_coalesce = kmemdup(&new_coalesce, sizeof(new_coalesce), GFP_KERNEL);
8759 if (!n_coalesce) {
8760 err = -ENOMEM;
8761 goto error;
8762 }
8763 cfg80211_rdev_free_coalesce(rdev);
8764 rdev->coalesce = n_coalesce;
8765
8766 return 0;
8767 error:
8768 for (i = 0; i < new_coalesce.n_rules; i++) {
8769 tmp_rule = &new_coalesce.rules[i];
8770 for (j = 0; j < tmp_rule->n_patterns; j++)
8771 kfree(tmp_rule->patterns[j].mask);
8772 kfree(tmp_rule->patterns);
8773 }
8774 kfree(new_coalesce.rules);
8775
8776 return err;
8777 }
8778
8779 static int nl80211_set_rekey_data(struct sk_buff *skb, struct genl_info *info)
8780 {
8781 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8782 struct net_device *dev = info->user_ptr[1];
8783 struct wireless_dev *wdev = dev->ieee80211_ptr;
8784 struct nlattr *tb[NUM_NL80211_REKEY_DATA];
8785 struct cfg80211_gtk_rekey_data rekey_data;
8786 int err;
8787
8788 if (!info->attrs[NL80211_ATTR_REKEY_DATA])
8789 return -EINVAL;
8790
8791 err = nla_parse(tb, MAX_NL80211_REKEY_DATA,
8792 nla_data(info->attrs[NL80211_ATTR_REKEY_DATA]),
8793 nla_len(info->attrs[NL80211_ATTR_REKEY_DATA]),
8794 nl80211_rekey_policy);
8795 if (err)
8796 return err;
8797
8798 if (nla_len(tb[NL80211_REKEY_DATA_REPLAY_CTR]) != NL80211_REPLAY_CTR_LEN)
8799 return -ERANGE;
8800 if (nla_len(tb[NL80211_REKEY_DATA_KEK]) != NL80211_KEK_LEN)
8801 return -ERANGE;
8802 if (nla_len(tb[NL80211_REKEY_DATA_KCK]) != NL80211_KCK_LEN)
8803 return -ERANGE;
8804
8805 memcpy(rekey_data.kek, nla_data(tb[NL80211_REKEY_DATA_KEK]),
8806 NL80211_KEK_LEN);
8807 memcpy(rekey_data.kck, nla_data(tb[NL80211_REKEY_DATA_KCK]),
8808 NL80211_KCK_LEN);
8809 memcpy(rekey_data.replay_ctr,
8810 nla_data(tb[NL80211_REKEY_DATA_REPLAY_CTR]),
8811 NL80211_REPLAY_CTR_LEN);
8812
8813 wdev_lock(wdev);
8814 if (!wdev->current_bss) {
8815 err = -ENOTCONN;
8816 goto out;
8817 }
8818
8819 if (!rdev->ops->set_rekey_data) {
8820 err = -EOPNOTSUPP;
8821 goto out;
8822 }
8823
8824 err = rdev_set_rekey_data(rdev, dev, &rekey_data);
8825 out:
8826 wdev_unlock(wdev);
8827 return err;
8828 }
8829
8830 static int nl80211_register_unexpected_frame(struct sk_buff *skb,
8831 struct genl_info *info)
8832 {
8833 struct net_device *dev = info->user_ptr[1];
8834 struct wireless_dev *wdev = dev->ieee80211_ptr;
8835
8836 if (wdev->iftype != NL80211_IFTYPE_AP &&
8837 wdev->iftype != NL80211_IFTYPE_P2P_GO)
8838 return -EINVAL;
8839
8840 if (wdev->ap_unexpected_nlportid)
8841 return -EBUSY;
8842
8843 wdev->ap_unexpected_nlportid = info->snd_portid;
8844 return 0;
8845 }
8846
8847 static int nl80211_probe_client(struct sk_buff *skb,
8848 struct genl_info *info)
8849 {
8850 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8851 struct net_device *dev = info->user_ptr[1];
8852 struct wireless_dev *wdev = dev->ieee80211_ptr;
8853 struct sk_buff *msg;
8854 void *hdr;
8855 const u8 *addr;
8856 u64 cookie;
8857 int err;
8858
8859 if (wdev->iftype != NL80211_IFTYPE_AP &&
8860 wdev->iftype != NL80211_IFTYPE_P2P_GO)
8861 return -EOPNOTSUPP;
8862
8863 if (!info->attrs[NL80211_ATTR_MAC])
8864 return -EINVAL;
8865
8866 if (!rdev->ops->probe_client)
8867 return -EOPNOTSUPP;
8868
8869 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
8870 if (!msg)
8871 return -ENOMEM;
8872
8873 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
8874 NL80211_CMD_PROBE_CLIENT);
8875 if (!hdr) {
8876 err = -ENOBUFS;
8877 goto free_msg;
8878 }
8879
8880 addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
8881
8882 err = rdev_probe_client(rdev, dev, addr, &cookie);
8883 if (err)
8884 goto free_msg;
8885
8886 if (nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie))
8887 goto nla_put_failure;
8888
8889 genlmsg_end(msg, hdr);
8890
8891 return genlmsg_reply(msg, info);
8892
8893 nla_put_failure:
8894 err = -ENOBUFS;
8895 free_msg:
8896 nlmsg_free(msg);
8897 return err;
8898 }
8899
8900 static int nl80211_register_beacons(struct sk_buff *skb, struct genl_info *info)
8901 {
8902 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8903 struct cfg80211_beacon_registration *reg, *nreg;
8904 int rv;
8905
8906 if (!(rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS))
8907 return -EOPNOTSUPP;
8908
8909 nreg = kzalloc(sizeof(*nreg), GFP_KERNEL);
8910 if (!nreg)
8911 return -ENOMEM;
8912
8913 /* First, check if already registered. */
8914 spin_lock_bh(&rdev->beacon_registrations_lock);
8915 list_for_each_entry(reg, &rdev->beacon_registrations, list) {
8916 if (reg->nlportid == info->snd_portid) {
8917 rv = -EALREADY;
8918 goto out_err;
8919 }
8920 }
8921 /* Add it to the list */
8922 nreg->nlportid = info->snd_portid;
8923 list_add(&nreg->list, &rdev->beacon_registrations);
8924
8925 spin_unlock_bh(&rdev->beacon_registrations_lock);
8926
8927 return 0;
8928 out_err:
8929 spin_unlock_bh(&rdev->beacon_registrations_lock);
8930 kfree(nreg);
8931 return rv;
8932 }
8933
8934 static int nl80211_start_p2p_device(struct sk_buff *skb, struct genl_info *info)
8935 {
8936 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8937 struct wireless_dev *wdev = info->user_ptr[1];
8938 int err;
8939
8940 if (!rdev->ops->start_p2p_device)
8941 return -EOPNOTSUPP;
8942
8943 if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
8944 return -EOPNOTSUPP;
8945
8946 if (wdev->p2p_started)
8947 return 0;
8948
8949 err = cfg80211_can_add_interface(rdev, wdev->iftype);
8950 if (err)
8951 return err;
8952
8953 err = rdev_start_p2p_device(rdev, wdev);
8954 if (err)
8955 return err;
8956
8957 wdev->p2p_started = true;
8958 rdev->opencount++;
8959
8960 return 0;
8961 }
8962
8963 static int nl80211_stop_p2p_device(struct sk_buff *skb, struct genl_info *info)
8964 {
8965 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8966 struct wireless_dev *wdev = info->user_ptr[1];
8967
8968 if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
8969 return -EOPNOTSUPP;
8970
8971 if (!rdev->ops->stop_p2p_device)
8972 return -EOPNOTSUPP;
8973
8974 cfg80211_stop_p2p_device(rdev, wdev);
8975
8976 return 0;
8977 }
8978
8979 static int nl80211_get_protocol_features(struct sk_buff *skb,
8980 struct genl_info *info)
8981 {
8982 void *hdr;
8983 struct sk_buff *msg;
8984
8985 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
8986 if (!msg)
8987 return -ENOMEM;
8988
8989 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
8990 NL80211_CMD_GET_PROTOCOL_FEATURES);
8991 if (!hdr)
8992 goto nla_put_failure;
8993
8994 if (nla_put_u32(msg, NL80211_ATTR_PROTOCOL_FEATURES,
8995 NL80211_PROTOCOL_FEATURE_SPLIT_WIPHY_DUMP))
8996 goto nla_put_failure;
8997
8998 genlmsg_end(msg, hdr);
8999 return genlmsg_reply(msg, info);
9000
9001 nla_put_failure:
9002 kfree_skb(msg);
9003 return -ENOBUFS;
9004 }
9005
9006 static int nl80211_update_ft_ies(struct sk_buff *skb, struct genl_info *info)
9007 {
9008 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9009 struct cfg80211_update_ft_ies_params ft_params;
9010 struct net_device *dev = info->user_ptr[1];
9011
9012 if (!rdev->ops->update_ft_ies)
9013 return -EOPNOTSUPP;
9014
9015 if (!info->attrs[NL80211_ATTR_MDID] ||
9016 !is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
9017 return -EINVAL;
9018
9019 memset(&ft_params, 0, sizeof(ft_params));
9020 ft_params.md = nla_get_u16(info->attrs[NL80211_ATTR_MDID]);
9021 ft_params.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
9022 ft_params.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
9023
9024 return rdev_update_ft_ies(rdev, dev, &ft_params);
9025 }
9026
9027 static int nl80211_crit_protocol_start(struct sk_buff *skb,
9028 struct genl_info *info)
9029 {
9030 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9031 struct wireless_dev *wdev = info->user_ptr[1];
9032 enum nl80211_crit_proto_id proto = NL80211_CRIT_PROTO_UNSPEC;
9033 u16 duration;
9034 int ret;
9035
9036 if (!rdev->ops->crit_proto_start)
9037 return -EOPNOTSUPP;
9038
9039 if (WARN_ON(!rdev->ops->crit_proto_stop))
9040 return -EINVAL;
9041
9042 if (rdev->crit_proto_nlportid)
9043 return -EBUSY;
9044
9045 /* determine protocol if provided */
9046 if (info->attrs[NL80211_ATTR_CRIT_PROT_ID])
9047 proto = nla_get_u16(info->attrs[NL80211_ATTR_CRIT_PROT_ID]);
9048
9049 if (proto >= NUM_NL80211_CRIT_PROTO)
9050 return -EINVAL;
9051
9052 /* timeout must be provided */
9053 if (!info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION])
9054 return -EINVAL;
9055
9056 duration =
9057 nla_get_u16(info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION]);
9058
9059 if (duration > NL80211_CRIT_PROTO_MAX_DURATION)
9060 return -ERANGE;
9061
9062 ret = rdev_crit_proto_start(rdev, wdev, proto, duration);
9063 if (!ret)
9064 rdev->crit_proto_nlportid = info->snd_portid;
9065
9066 return ret;
9067 }
9068
9069 static int nl80211_crit_protocol_stop(struct sk_buff *skb,
9070 struct genl_info *info)
9071 {
9072 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9073 struct wireless_dev *wdev = info->user_ptr[1];
9074
9075 if (!rdev->ops->crit_proto_stop)
9076 return -EOPNOTSUPP;
9077
9078 if (rdev->crit_proto_nlportid) {
9079 rdev->crit_proto_nlportid = 0;
9080 rdev_crit_proto_stop(rdev, wdev);
9081 }
9082 return 0;
9083 }
9084
9085 static int nl80211_vendor_cmd(struct sk_buff *skb, struct genl_info *info)
9086 {
9087 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9088 struct wireless_dev *wdev =
9089 __cfg80211_wdev_from_attrs(genl_info_net(info), info->attrs);
9090 int i, err;
9091 u32 vid, subcmd;
9092
9093 if (!rdev->wiphy.vendor_commands)
9094 return -EOPNOTSUPP;
9095
9096 if (IS_ERR(wdev)) {
9097 err = PTR_ERR(wdev);
9098 if (err != -EINVAL)
9099 return err;
9100 wdev = NULL;
9101 } else if (wdev->wiphy != &rdev->wiphy) {
9102 return -EINVAL;
9103 }
9104
9105 if (!info->attrs[NL80211_ATTR_VENDOR_ID] ||
9106 !info->attrs[NL80211_ATTR_VENDOR_SUBCMD])
9107 return -EINVAL;
9108
9109 vid = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_ID]);
9110 subcmd = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_SUBCMD]);
9111 for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) {
9112 const struct wiphy_vendor_command *vcmd;
9113 void *data = NULL;
9114 int len = 0;
9115
9116 vcmd = &rdev->wiphy.vendor_commands[i];
9117
9118 if (vcmd->info.vendor_id != vid || vcmd->info.subcmd != subcmd)
9119 continue;
9120
9121 if (vcmd->flags & (WIPHY_VENDOR_CMD_NEED_WDEV |
9122 WIPHY_VENDOR_CMD_NEED_NETDEV)) {
9123 if (!wdev)
9124 return -EINVAL;
9125 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_NETDEV &&
9126 !wdev->netdev)
9127 return -EINVAL;
9128
9129 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_RUNNING) {
9130 if (wdev->netdev &&
9131 !netif_running(wdev->netdev))
9132 return -ENETDOWN;
9133 if (!wdev->netdev && !wdev->p2p_started)
9134 return -ENETDOWN;
9135 }
9136 } else {
9137 wdev = NULL;
9138 }
9139
9140 if (info->attrs[NL80211_ATTR_VENDOR_DATA]) {
9141 data = nla_data(info->attrs[NL80211_ATTR_VENDOR_DATA]);
9142 len = nla_len(info->attrs[NL80211_ATTR_VENDOR_DATA]);
9143 }
9144
9145 rdev->cur_cmd_info = info;
9146 err = rdev->wiphy.vendor_commands[i].doit(&rdev->wiphy, wdev,
9147 data, len);
9148 rdev->cur_cmd_info = NULL;
9149 return err;
9150 }
9151
9152 return -EOPNOTSUPP;
9153 }
9154
9155 struct sk_buff *__cfg80211_alloc_reply_skb(struct wiphy *wiphy,
9156 enum nl80211_commands cmd,
9157 enum nl80211_attrs attr,
9158 int approxlen)
9159 {
9160 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
9161
9162 if (WARN_ON(!rdev->cur_cmd_info))
9163 return NULL;
9164
9165 return __cfg80211_alloc_vendor_skb(rdev, approxlen,
9166 rdev->cur_cmd_info->snd_portid,
9167 rdev->cur_cmd_info->snd_seq,
9168 cmd, attr, NULL, GFP_KERNEL);
9169 }
9170 EXPORT_SYMBOL(__cfg80211_alloc_reply_skb);
9171
9172 int cfg80211_vendor_cmd_reply(struct sk_buff *skb)
9173 {
9174 struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
9175 void *hdr = ((void **)skb->cb)[1];
9176 struct nlattr *data = ((void **)skb->cb)[2];
9177
9178 if (WARN_ON(!rdev->cur_cmd_info)) {
9179 kfree_skb(skb);
9180 return -EINVAL;
9181 }
9182
9183 nla_nest_end(skb, data);
9184 genlmsg_end(skb, hdr);
9185 return genlmsg_reply(skb, rdev->cur_cmd_info);
9186 }
9187 EXPORT_SYMBOL_GPL(cfg80211_vendor_cmd_reply);
9188
9189
9190 static int nl80211_set_qos_map(struct sk_buff *skb,
9191 struct genl_info *info)
9192 {
9193 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9194 struct cfg80211_qos_map *qos_map = NULL;
9195 struct net_device *dev = info->user_ptr[1];
9196 u8 *pos, len, num_des, des_len, des;
9197 int ret;
9198
9199 if (!rdev->ops->set_qos_map)
9200 return -EOPNOTSUPP;
9201
9202 if (info->attrs[NL80211_ATTR_QOS_MAP]) {
9203 pos = nla_data(info->attrs[NL80211_ATTR_QOS_MAP]);
9204 len = nla_len(info->attrs[NL80211_ATTR_QOS_MAP]);
9205
9206 if (len % 2 || len < IEEE80211_QOS_MAP_LEN_MIN ||
9207 len > IEEE80211_QOS_MAP_LEN_MAX)
9208 return -EINVAL;
9209
9210 qos_map = kzalloc(sizeof(struct cfg80211_qos_map), GFP_KERNEL);
9211 if (!qos_map)
9212 return -ENOMEM;
9213
9214 num_des = (len - IEEE80211_QOS_MAP_LEN_MIN) >> 1;
9215 if (num_des) {
9216 des_len = num_des *
9217 sizeof(struct cfg80211_dscp_exception);
9218 memcpy(qos_map->dscp_exception, pos, des_len);
9219 qos_map->num_des = num_des;
9220 for (des = 0; des < num_des; des++) {
9221 if (qos_map->dscp_exception[des].up > 7) {
9222 kfree(qos_map);
9223 return -EINVAL;
9224 }
9225 }
9226 pos += des_len;
9227 }
9228 memcpy(qos_map->up, pos, IEEE80211_QOS_MAP_LEN_MIN);
9229 }
9230
9231 wdev_lock(dev->ieee80211_ptr);
9232 ret = nl80211_key_allowed(dev->ieee80211_ptr);
9233 if (!ret)
9234 ret = rdev_set_qos_map(rdev, dev, qos_map);
9235 wdev_unlock(dev->ieee80211_ptr);
9236
9237 kfree(qos_map);
9238 return ret;
9239 }
9240
9241 #define NL80211_FLAG_NEED_WIPHY 0x01
9242 #define NL80211_FLAG_NEED_NETDEV 0x02
9243 #define NL80211_FLAG_NEED_RTNL 0x04
9244 #define NL80211_FLAG_CHECK_NETDEV_UP 0x08
9245 #define NL80211_FLAG_NEED_NETDEV_UP (NL80211_FLAG_NEED_NETDEV |\
9246 NL80211_FLAG_CHECK_NETDEV_UP)
9247 #define NL80211_FLAG_NEED_WDEV 0x10
9248 /* If a netdev is associated, it must be UP, P2P must be started */
9249 #define NL80211_FLAG_NEED_WDEV_UP (NL80211_FLAG_NEED_WDEV |\
9250 NL80211_FLAG_CHECK_NETDEV_UP)
9251
9252 static int nl80211_pre_doit(const struct genl_ops *ops, struct sk_buff *skb,
9253 struct genl_info *info)
9254 {
9255 struct cfg80211_registered_device *rdev;
9256 struct wireless_dev *wdev;
9257 struct net_device *dev;
9258 bool rtnl = ops->internal_flags & NL80211_FLAG_NEED_RTNL;
9259
9260 if (rtnl)
9261 rtnl_lock();
9262
9263 if (ops->internal_flags & NL80211_FLAG_NEED_WIPHY) {
9264 rdev = cfg80211_get_dev_from_info(genl_info_net(info), info);
9265 if (IS_ERR(rdev)) {
9266 if (rtnl)
9267 rtnl_unlock();
9268 return PTR_ERR(rdev);
9269 }
9270 info->user_ptr[0] = rdev;
9271 } else if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV ||
9272 ops->internal_flags & NL80211_FLAG_NEED_WDEV) {
9273 ASSERT_RTNL();
9274
9275 wdev = __cfg80211_wdev_from_attrs(genl_info_net(info),
9276 info->attrs);
9277 if (IS_ERR(wdev)) {
9278 if (rtnl)
9279 rtnl_unlock();
9280 return PTR_ERR(wdev);
9281 }
9282
9283 dev = wdev->netdev;
9284 rdev = wiphy_to_dev(wdev->wiphy);
9285
9286 if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV) {
9287 if (!dev) {
9288 if (rtnl)
9289 rtnl_unlock();
9290 return -EINVAL;
9291 }
9292
9293 info->user_ptr[1] = dev;
9294 } else {
9295 info->user_ptr[1] = wdev;
9296 }
9297
9298 if (dev) {
9299 if (ops->internal_flags & NL80211_FLAG_CHECK_NETDEV_UP &&
9300 !netif_running(dev)) {
9301 if (rtnl)
9302 rtnl_unlock();
9303 return -ENETDOWN;
9304 }
9305
9306 dev_hold(dev);
9307 } else if (ops->internal_flags & NL80211_FLAG_CHECK_NETDEV_UP) {
9308 if (!wdev->p2p_started) {
9309 if (rtnl)
9310 rtnl_unlock();
9311 return -ENETDOWN;
9312 }
9313 }
9314
9315 info->user_ptr[0] = rdev;
9316 }
9317
9318 return 0;
9319 }
9320
9321 static void nl80211_post_doit(const struct genl_ops *ops, struct sk_buff *skb,
9322 struct genl_info *info)
9323 {
9324 if (info->user_ptr[1]) {
9325 if (ops->internal_flags & NL80211_FLAG_NEED_WDEV) {
9326 struct wireless_dev *wdev = info->user_ptr[1];
9327
9328 if (wdev->netdev)
9329 dev_put(wdev->netdev);
9330 } else {
9331 dev_put(info->user_ptr[1]);
9332 }
9333 }
9334 if (ops->internal_flags & NL80211_FLAG_NEED_RTNL)
9335 rtnl_unlock();
9336 }
9337
9338 static const struct genl_ops nl80211_ops[] = {
9339 {
9340 .cmd = NL80211_CMD_GET_WIPHY,
9341 .doit = nl80211_get_wiphy,
9342 .dumpit = nl80211_dump_wiphy,
9343 .done = nl80211_dump_wiphy_done,
9344 .policy = nl80211_policy,
9345 /* can be retrieved by unprivileged users */
9346 .internal_flags = NL80211_FLAG_NEED_WIPHY |
9347 NL80211_FLAG_NEED_RTNL,
9348 },
9349 {
9350 .cmd = NL80211_CMD_SET_WIPHY,
9351 .doit = nl80211_set_wiphy,
9352 .policy = nl80211_policy,
9353 .flags = GENL_ADMIN_PERM,
9354 .internal_flags = NL80211_FLAG_NEED_RTNL,
9355 },
9356 {
9357 .cmd = NL80211_CMD_GET_INTERFACE,
9358 .doit = nl80211_get_interface,
9359 .dumpit = nl80211_dump_interface,
9360 .policy = nl80211_policy,
9361 /* can be retrieved by unprivileged users */
9362 .internal_flags = NL80211_FLAG_NEED_WDEV |
9363 NL80211_FLAG_NEED_RTNL,
9364 },
9365 {
9366 .cmd = NL80211_CMD_SET_INTERFACE,
9367 .doit = nl80211_set_interface,
9368 .policy = nl80211_policy,
9369 .flags = GENL_ADMIN_PERM,
9370 .internal_flags = NL80211_FLAG_NEED_NETDEV |
9371 NL80211_FLAG_NEED_RTNL,
9372 },
9373 {
9374 .cmd = NL80211_CMD_NEW_INTERFACE,
9375 .doit = nl80211_new_interface,
9376 .policy = nl80211_policy,
9377 .flags = GENL_ADMIN_PERM,
9378 .internal_flags = NL80211_FLAG_NEED_WIPHY |
9379 NL80211_FLAG_NEED_RTNL,
9380 },
9381 {
9382 .cmd = NL80211_CMD_DEL_INTERFACE,
9383 .doit = nl80211_del_interface,
9384 .policy = nl80211_policy,
9385 .flags = GENL_ADMIN_PERM,
9386 .internal_flags = NL80211_FLAG_NEED_WDEV |
9387 NL80211_FLAG_NEED_RTNL,
9388 },
9389 {
9390 .cmd = NL80211_CMD_GET_KEY,
9391 .doit = nl80211_get_key,
9392 .policy = nl80211_policy,
9393 .flags = GENL_ADMIN_PERM,
9394 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9395 NL80211_FLAG_NEED_RTNL,
9396 },
9397 {
9398 .cmd = NL80211_CMD_SET_KEY,
9399 .doit = nl80211_set_key,
9400 .policy = nl80211_policy,
9401 .flags = GENL_ADMIN_PERM,
9402 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9403 NL80211_FLAG_NEED_RTNL,
9404 },
9405 {
9406 .cmd = NL80211_CMD_NEW_KEY,
9407 .doit = nl80211_new_key,
9408 .policy = nl80211_policy,
9409 .flags = GENL_ADMIN_PERM,
9410 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9411 NL80211_FLAG_NEED_RTNL,
9412 },
9413 {
9414 .cmd = NL80211_CMD_DEL_KEY,
9415 .doit = nl80211_del_key,
9416 .policy = nl80211_policy,
9417 .flags = GENL_ADMIN_PERM,
9418 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9419 NL80211_FLAG_NEED_RTNL,
9420 },
9421 {
9422 .cmd = NL80211_CMD_SET_BEACON,
9423 .policy = nl80211_policy,
9424 .flags = GENL_ADMIN_PERM,
9425 .doit = nl80211_set_beacon,
9426 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9427 NL80211_FLAG_NEED_RTNL,
9428 },
9429 {
9430 .cmd = NL80211_CMD_START_AP,
9431 .policy = nl80211_policy,
9432 .flags = GENL_ADMIN_PERM,
9433 .doit = nl80211_start_ap,
9434 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9435 NL80211_FLAG_NEED_RTNL,
9436 },
9437 {
9438 .cmd = NL80211_CMD_STOP_AP,
9439 .policy = nl80211_policy,
9440 .flags = GENL_ADMIN_PERM,
9441 .doit = nl80211_stop_ap,
9442 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9443 NL80211_FLAG_NEED_RTNL,
9444 },
9445 {
9446 .cmd = NL80211_CMD_GET_STATION,
9447 .doit = nl80211_get_station,
9448 .dumpit = nl80211_dump_station,
9449 .policy = nl80211_policy,
9450 .internal_flags = NL80211_FLAG_NEED_NETDEV |
9451 NL80211_FLAG_NEED_RTNL,
9452 },
9453 {
9454 .cmd = NL80211_CMD_SET_STATION,
9455 .doit = nl80211_set_station,
9456 .policy = nl80211_policy,
9457 .flags = GENL_ADMIN_PERM,
9458 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9459 NL80211_FLAG_NEED_RTNL,
9460 },
9461 {
9462 .cmd = NL80211_CMD_NEW_STATION,
9463 .doit = nl80211_new_station,
9464 .policy = nl80211_policy,
9465 .flags = GENL_ADMIN_PERM,
9466 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9467 NL80211_FLAG_NEED_RTNL,
9468 },
9469 {
9470 .cmd = NL80211_CMD_DEL_STATION,
9471 .doit = nl80211_del_station,
9472 .policy = nl80211_policy,
9473 .flags = GENL_ADMIN_PERM,
9474 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9475 NL80211_FLAG_NEED_RTNL,
9476 },
9477 {
9478 .cmd = NL80211_CMD_GET_MPATH,
9479 .doit = nl80211_get_mpath,
9480 .dumpit = nl80211_dump_mpath,
9481 .policy = nl80211_policy,
9482 .flags = GENL_ADMIN_PERM,
9483 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9484 NL80211_FLAG_NEED_RTNL,
9485 },
9486 {
9487 .cmd = NL80211_CMD_SET_MPATH,
9488 .doit = nl80211_set_mpath,
9489 .policy = nl80211_policy,
9490 .flags = GENL_ADMIN_PERM,
9491 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9492 NL80211_FLAG_NEED_RTNL,
9493 },
9494 {
9495 .cmd = NL80211_CMD_NEW_MPATH,
9496 .doit = nl80211_new_mpath,
9497 .policy = nl80211_policy,
9498 .flags = GENL_ADMIN_PERM,
9499 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9500 NL80211_FLAG_NEED_RTNL,
9501 },
9502 {
9503 .cmd = NL80211_CMD_DEL_MPATH,
9504 .doit = nl80211_del_mpath,
9505 .policy = nl80211_policy,
9506 .flags = GENL_ADMIN_PERM,
9507 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9508 NL80211_FLAG_NEED_RTNL,
9509 },
9510 {
9511 .cmd = NL80211_CMD_SET_BSS,
9512 .doit = nl80211_set_bss,
9513 .policy = nl80211_policy,
9514 .flags = GENL_ADMIN_PERM,
9515 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9516 NL80211_FLAG_NEED_RTNL,
9517 },
9518 {
9519 .cmd = NL80211_CMD_GET_REG,
9520 .doit = nl80211_get_reg,
9521 .policy = nl80211_policy,
9522 .internal_flags = NL80211_FLAG_NEED_RTNL,
9523 /* can be retrieved by unprivileged users */
9524 },
9525 {
9526 .cmd = NL80211_CMD_SET_REG,
9527 .doit = nl80211_set_reg,
9528 .policy = nl80211_policy,
9529 .flags = GENL_ADMIN_PERM,
9530 .internal_flags = NL80211_FLAG_NEED_RTNL,
9531 },
9532 {
9533 .cmd = NL80211_CMD_REQ_SET_REG,
9534 .doit = nl80211_req_set_reg,
9535 .policy = nl80211_policy,
9536 .flags = GENL_ADMIN_PERM,
9537 },
9538 {
9539 .cmd = NL80211_CMD_GET_MESH_CONFIG,
9540 .doit = nl80211_get_mesh_config,
9541 .policy = nl80211_policy,
9542 /* can be retrieved by unprivileged users */
9543 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9544 NL80211_FLAG_NEED_RTNL,
9545 },
9546 {
9547 .cmd = NL80211_CMD_SET_MESH_CONFIG,
9548 .doit = nl80211_update_mesh_config,
9549 .policy = nl80211_policy,
9550 .flags = GENL_ADMIN_PERM,
9551 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9552 NL80211_FLAG_NEED_RTNL,
9553 },
9554 {
9555 .cmd = NL80211_CMD_TRIGGER_SCAN,
9556 .doit = nl80211_trigger_scan,
9557 .policy = nl80211_policy,
9558 .flags = GENL_ADMIN_PERM,
9559 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
9560 NL80211_FLAG_NEED_RTNL,
9561 },
9562 {
9563 .cmd = NL80211_CMD_GET_SCAN,
9564 .policy = nl80211_policy,
9565 .dumpit = nl80211_dump_scan,
9566 },
9567 {
9568 .cmd = NL80211_CMD_START_SCHED_SCAN,
9569 .doit = nl80211_start_sched_scan,
9570 .policy = nl80211_policy,
9571 .flags = GENL_ADMIN_PERM,
9572 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9573 NL80211_FLAG_NEED_RTNL,
9574 },
9575 {
9576 .cmd = NL80211_CMD_STOP_SCHED_SCAN,
9577 .doit = nl80211_stop_sched_scan,
9578 .policy = nl80211_policy,
9579 .flags = GENL_ADMIN_PERM,
9580 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9581 NL80211_FLAG_NEED_RTNL,
9582 },
9583 {
9584 .cmd = NL80211_CMD_AUTHENTICATE,
9585 .doit = nl80211_authenticate,
9586 .policy = nl80211_policy,
9587 .flags = GENL_ADMIN_PERM,
9588 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9589 NL80211_FLAG_NEED_RTNL,
9590 },
9591 {
9592 .cmd = NL80211_CMD_ASSOCIATE,
9593 .doit = nl80211_associate,
9594 .policy = nl80211_policy,
9595 .flags = GENL_ADMIN_PERM,
9596 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9597 NL80211_FLAG_NEED_RTNL,
9598 },
9599 {
9600 .cmd = NL80211_CMD_DEAUTHENTICATE,
9601 .doit = nl80211_deauthenticate,
9602 .policy = nl80211_policy,
9603 .flags = GENL_ADMIN_PERM,
9604 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9605 NL80211_FLAG_NEED_RTNL,
9606 },
9607 {
9608 .cmd = NL80211_CMD_DISASSOCIATE,
9609 .doit = nl80211_disassociate,
9610 .policy = nl80211_policy,
9611 .flags = GENL_ADMIN_PERM,
9612 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9613 NL80211_FLAG_NEED_RTNL,
9614 },
9615 {
9616 .cmd = NL80211_CMD_JOIN_IBSS,
9617 .doit = nl80211_join_ibss,
9618 .policy = nl80211_policy,
9619 .flags = GENL_ADMIN_PERM,
9620 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9621 NL80211_FLAG_NEED_RTNL,
9622 },
9623 {
9624 .cmd = NL80211_CMD_LEAVE_IBSS,
9625 .doit = nl80211_leave_ibss,
9626 .policy = nl80211_policy,
9627 .flags = GENL_ADMIN_PERM,
9628 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9629 NL80211_FLAG_NEED_RTNL,
9630 },
9631 #ifdef CONFIG_NL80211_TESTMODE
9632 {
9633 .cmd = NL80211_CMD_TESTMODE,
9634 .doit = nl80211_testmode_do,
9635 .dumpit = nl80211_testmode_dump,
9636 .policy = nl80211_policy,
9637 .flags = GENL_ADMIN_PERM,
9638 .internal_flags = NL80211_FLAG_NEED_WIPHY |
9639 NL80211_FLAG_NEED_RTNL,
9640 },
9641 #endif
9642 {
9643 .cmd = NL80211_CMD_CONNECT,
9644 .doit = nl80211_connect,
9645 .policy = nl80211_policy,
9646 .flags = GENL_ADMIN_PERM,
9647 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9648 NL80211_FLAG_NEED_RTNL,
9649 },
9650 {
9651 .cmd = NL80211_CMD_DISCONNECT,
9652 .doit = nl80211_disconnect,
9653 .policy = nl80211_policy,
9654 .flags = GENL_ADMIN_PERM,
9655 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9656 NL80211_FLAG_NEED_RTNL,
9657 },
9658 {
9659 .cmd = NL80211_CMD_SET_WIPHY_NETNS,
9660 .doit = nl80211_wiphy_netns,
9661 .policy = nl80211_policy,
9662 .flags = GENL_ADMIN_PERM,
9663 .internal_flags = NL80211_FLAG_NEED_WIPHY |
9664 NL80211_FLAG_NEED_RTNL,
9665 },
9666 {
9667 .cmd = NL80211_CMD_GET_SURVEY,
9668 .policy = nl80211_policy,
9669 .dumpit = nl80211_dump_survey,
9670 },
9671 {
9672 .cmd = NL80211_CMD_SET_PMKSA,
9673 .doit = nl80211_setdel_pmksa,
9674 .policy = nl80211_policy,
9675 .flags = GENL_ADMIN_PERM,
9676 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9677 NL80211_FLAG_NEED_RTNL,
9678 },
9679 {
9680 .cmd = NL80211_CMD_DEL_PMKSA,
9681 .doit = nl80211_setdel_pmksa,
9682 .policy = nl80211_policy,
9683 .flags = GENL_ADMIN_PERM,
9684 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9685 NL80211_FLAG_NEED_RTNL,
9686 },
9687 {
9688 .cmd = NL80211_CMD_FLUSH_PMKSA,
9689 .doit = nl80211_flush_pmksa,
9690 .policy = nl80211_policy,
9691 .flags = GENL_ADMIN_PERM,
9692 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9693 NL80211_FLAG_NEED_RTNL,
9694 },
9695 {
9696 .cmd = NL80211_CMD_REMAIN_ON_CHANNEL,
9697 .doit = nl80211_remain_on_channel,
9698 .policy = nl80211_policy,
9699 .flags = GENL_ADMIN_PERM,
9700 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
9701 NL80211_FLAG_NEED_RTNL,
9702 },
9703 {
9704 .cmd = NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
9705 .doit = nl80211_cancel_remain_on_channel,
9706 .policy = nl80211_policy,
9707 .flags = GENL_ADMIN_PERM,
9708 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
9709 NL80211_FLAG_NEED_RTNL,
9710 },
9711 {
9712 .cmd = NL80211_CMD_SET_TX_BITRATE_MASK,
9713 .doit = nl80211_set_tx_bitrate_mask,
9714 .policy = nl80211_policy,
9715 .flags = GENL_ADMIN_PERM,
9716 .internal_flags = NL80211_FLAG_NEED_NETDEV |
9717 NL80211_FLAG_NEED_RTNL,
9718 },
9719 {
9720 .cmd = NL80211_CMD_REGISTER_FRAME,
9721 .doit = nl80211_register_mgmt,
9722 .policy = nl80211_policy,
9723 .flags = GENL_ADMIN_PERM,
9724 .internal_flags = NL80211_FLAG_NEED_WDEV |
9725 NL80211_FLAG_NEED_RTNL,
9726 },
9727 {
9728 .cmd = NL80211_CMD_FRAME,
9729 .doit = nl80211_tx_mgmt,
9730 .policy = nl80211_policy,
9731 .flags = GENL_ADMIN_PERM,
9732 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
9733 NL80211_FLAG_NEED_RTNL,
9734 },
9735 {
9736 .cmd = NL80211_CMD_FRAME_WAIT_CANCEL,
9737 .doit = nl80211_tx_mgmt_cancel_wait,
9738 .policy = nl80211_policy,
9739 .flags = GENL_ADMIN_PERM,
9740 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
9741 NL80211_FLAG_NEED_RTNL,
9742 },
9743 {
9744 .cmd = NL80211_CMD_SET_POWER_SAVE,
9745 .doit = nl80211_set_power_save,
9746 .policy = nl80211_policy,
9747 .flags = GENL_ADMIN_PERM,
9748 .internal_flags = NL80211_FLAG_NEED_NETDEV |
9749 NL80211_FLAG_NEED_RTNL,
9750 },
9751 {
9752 .cmd = NL80211_CMD_GET_POWER_SAVE,
9753 .doit = nl80211_get_power_save,
9754 .policy = nl80211_policy,
9755 /* can be retrieved by unprivileged users */
9756 .internal_flags = NL80211_FLAG_NEED_NETDEV |
9757 NL80211_FLAG_NEED_RTNL,
9758 },
9759 {
9760 .cmd = NL80211_CMD_SET_CQM,
9761 .doit = nl80211_set_cqm,
9762 .policy = nl80211_policy,
9763 .flags = GENL_ADMIN_PERM,
9764 .internal_flags = NL80211_FLAG_NEED_NETDEV |
9765 NL80211_FLAG_NEED_RTNL,
9766 },
9767 {
9768 .cmd = NL80211_CMD_SET_CHANNEL,
9769 .doit = nl80211_set_channel,
9770 .policy = nl80211_policy,
9771 .flags = GENL_ADMIN_PERM,
9772 .internal_flags = NL80211_FLAG_NEED_NETDEV |
9773 NL80211_FLAG_NEED_RTNL,
9774 },
9775 {
9776 .cmd = NL80211_CMD_SET_WDS_PEER,
9777 .doit = nl80211_set_wds_peer,
9778 .policy = nl80211_policy,
9779 .flags = GENL_ADMIN_PERM,
9780 .internal_flags = NL80211_FLAG_NEED_NETDEV |
9781 NL80211_FLAG_NEED_RTNL,
9782 },
9783 {
9784 .cmd = NL80211_CMD_JOIN_MESH,
9785 .doit = nl80211_join_mesh,
9786 .policy = nl80211_policy,
9787 .flags = GENL_ADMIN_PERM,
9788 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9789 NL80211_FLAG_NEED_RTNL,
9790 },
9791 {
9792 .cmd = NL80211_CMD_LEAVE_MESH,
9793 .doit = nl80211_leave_mesh,
9794 .policy = nl80211_policy,
9795 .flags = GENL_ADMIN_PERM,
9796 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9797 NL80211_FLAG_NEED_RTNL,
9798 },
9799 #ifdef CONFIG_PM
9800 {
9801 .cmd = NL80211_CMD_GET_WOWLAN,
9802 .doit = nl80211_get_wowlan,
9803 .policy = nl80211_policy,
9804 /* can be retrieved by unprivileged users */
9805 .internal_flags = NL80211_FLAG_NEED_WIPHY |
9806 NL80211_FLAG_NEED_RTNL,
9807 },
9808 {
9809 .cmd = NL80211_CMD_SET_WOWLAN,
9810 .doit = nl80211_set_wowlan,
9811 .policy = nl80211_policy,
9812 .flags = GENL_ADMIN_PERM,
9813 .internal_flags = NL80211_FLAG_NEED_WIPHY |
9814 NL80211_FLAG_NEED_RTNL,
9815 },
9816 #endif
9817 {
9818 .cmd = NL80211_CMD_SET_REKEY_OFFLOAD,
9819 .doit = nl80211_set_rekey_data,
9820 .policy = nl80211_policy,
9821 .flags = GENL_ADMIN_PERM,
9822 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9823 NL80211_FLAG_NEED_RTNL,
9824 },
9825 {
9826 .cmd = NL80211_CMD_TDLS_MGMT,
9827 .doit = nl80211_tdls_mgmt,
9828 .policy = nl80211_policy,
9829 .flags = GENL_ADMIN_PERM,
9830 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9831 NL80211_FLAG_NEED_RTNL,
9832 },
9833 {
9834 .cmd = NL80211_CMD_TDLS_OPER,
9835 .doit = nl80211_tdls_oper,
9836 .policy = nl80211_policy,
9837 .flags = GENL_ADMIN_PERM,
9838 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9839 NL80211_FLAG_NEED_RTNL,
9840 },
9841 {
9842 .cmd = NL80211_CMD_UNEXPECTED_FRAME,
9843 .doit = nl80211_register_unexpected_frame,
9844 .policy = nl80211_policy,
9845 .flags = GENL_ADMIN_PERM,
9846 .internal_flags = NL80211_FLAG_NEED_NETDEV |
9847 NL80211_FLAG_NEED_RTNL,
9848 },
9849 {
9850 .cmd = NL80211_CMD_PROBE_CLIENT,
9851 .doit = nl80211_probe_client,
9852 .policy = nl80211_policy,
9853 .flags = GENL_ADMIN_PERM,
9854 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9855 NL80211_FLAG_NEED_RTNL,
9856 },
9857 {
9858 .cmd = NL80211_CMD_REGISTER_BEACONS,
9859 .doit = nl80211_register_beacons,
9860 .policy = nl80211_policy,
9861 .flags = GENL_ADMIN_PERM,
9862 .internal_flags = NL80211_FLAG_NEED_WIPHY |
9863 NL80211_FLAG_NEED_RTNL,
9864 },
9865 {
9866 .cmd = NL80211_CMD_SET_NOACK_MAP,
9867 .doit = nl80211_set_noack_map,
9868 .policy = nl80211_policy,
9869 .flags = GENL_ADMIN_PERM,
9870 .internal_flags = NL80211_FLAG_NEED_NETDEV |
9871 NL80211_FLAG_NEED_RTNL,
9872 },
9873 {
9874 .cmd = NL80211_CMD_START_P2P_DEVICE,
9875 .doit = nl80211_start_p2p_device,
9876 .policy = nl80211_policy,
9877 .flags = GENL_ADMIN_PERM,
9878 .internal_flags = NL80211_FLAG_NEED_WDEV |
9879 NL80211_FLAG_NEED_RTNL,
9880 },
9881 {
9882 .cmd = NL80211_CMD_STOP_P2P_DEVICE,
9883 .doit = nl80211_stop_p2p_device,
9884 .policy = nl80211_policy,
9885 .flags = GENL_ADMIN_PERM,
9886 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
9887 NL80211_FLAG_NEED_RTNL,
9888 },
9889 {
9890 .cmd = NL80211_CMD_SET_MCAST_RATE,
9891 .doit = nl80211_set_mcast_rate,
9892 .policy = nl80211_policy,
9893 .flags = GENL_ADMIN_PERM,
9894 .internal_flags = NL80211_FLAG_NEED_NETDEV |
9895 NL80211_FLAG_NEED_RTNL,
9896 },
9897 {
9898 .cmd = NL80211_CMD_SET_MAC_ACL,
9899 .doit = nl80211_set_mac_acl,
9900 .policy = nl80211_policy,
9901 .flags = GENL_ADMIN_PERM,
9902 .internal_flags = NL80211_FLAG_NEED_NETDEV |
9903 NL80211_FLAG_NEED_RTNL,
9904 },
9905 {
9906 .cmd = NL80211_CMD_RADAR_DETECT,
9907 .doit = nl80211_start_radar_detection,
9908 .policy = nl80211_policy,
9909 .flags = GENL_ADMIN_PERM,
9910 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9911 NL80211_FLAG_NEED_RTNL,
9912 },
9913 {
9914 .cmd = NL80211_CMD_GET_PROTOCOL_FEATURES,
9915 .doit = nl80211_get_protocol_features,
9916 .policy = nl80211_policy,
9917 },
9918 {
9919 .cmd = NL80211_CMD_UPDATE_FT_IES,
9920 .doit = nl80211_update_ft_ies,
9921 .policy = nl80211_policy,
9922 .flags = GENL_ADMIN_PERM,
9923 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9924 NL80211_FLAG_NEED_RTNL,
9925 },
9926 {
9927 .cmd = NL80211_CMD_CRIT_PROTOCOL_START,
9928 .doit = nl80211_crit_protocol_start,
9929 .policy = nl80211_policy,
9930 .flags = GENL_ADMIN_PERM,
9931 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
9932 NL80211_FLAG_NEED_RTNL,
9933 },
9934 {
9935 .cmd = NL80211_CMD_CRIT_PROTOCOL_STOP,
9936 .doit = nl80211_crit_protocol_stop,
9937 .policy = nl80211_policy,
9938 .flags = GENL_ADMIN_PERM,
9939 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
9940 NL80211_FLAG_NEED_RTNL,
9941 },
9942 {
9943 .cmd = NL80211_CMD_GET_COALESCE,
9944 .doit = nl80211_get_coalesce,
9945 .policy = nl80211_policy,
9946 .internal_flags = NL80211_FLAG_NEED_WIPHY |
9947 NL80211_FLAG_NEED_RTNL,
9948 },
9949 {
9950 .cmd = NL80211_CMD_SET_COALESCE,
9951 .doit = nl80211_set_coalesce,
9952 .policy = nl80211_policy,
9953 .flags = GENL_ADMIN_PERM,
9954 .internal_flags = NL80211_FLAG_NEED_WIPHY |
9955 NL80211_FLAG_NEED_RTNL,
9956 },
9957 {
9958 .cmd = NL80211_CMD_CHANNEL_SWITCH,
9959 .doit = nl80211_channel_switch,
9960 .policy = nl80211_policy,
9961 .flags = GENL_ADMIN_PERM,
9962 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9963 NL80211_FLAG_NEED_RTNL,
9964 },
9965 {
9966 .cmd = NL80211_CMD_VENDOR,
9967 .doit = nl80211_vendor_cmd,
9968 .policy = nl80211_policy,
9969 .flags = GENL_ADMIN_PERM,
9970 .internal_flags = NL80211_FLAG_NEED_WIPHY |
9971 NL80211_FLAG_NEED_RTNL,
9972 },
9973 {
9974 .cmd = NL80211_CMD_SET_QOS_MAP,
9975 .doit = nl80211_set_qos_map,
9976 .policy = nl80211_policy,
9977 .flags = GENL_ADMIN_PERM,
9978 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9979 NL80211_FLAG_NEED_RTNL,
9980 },
9981 };
9982
9983 /* notification functions */
9984
9985 void nl80211_notify_dev_rename(struct cfg80211_registered_device *rdev)
9986 {
9987 struct sk_buff *msg;
9988 struct nl80211_dump_wiphy_state state = {};
9989
9990 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
9991 if (!msg)
9992 return;
9993
9994 if (nl80211_send_wiphy(rdev, msg, 0, 0, 0, &state) < 0) {
9995 nlmsg_free(msg);
9996 return;
9997 }
9998
9999 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10000 NL80211_MCGRP_CONFIG, GFP_KERNEL);
10001 }
10002
10003 static int nl80211_add_scan_req(struct sk_buff *msg,
10004 struct cfg80211_registered_device *rdev)
10005 {
10006 struct cfg80211_scan_request *req = rdev->scan_req;
10007 struct nlattr *nest;
10008 int i;
10009
10010 if (WARN_ON(!req))
10011 return 0;
10012
10013 nest = nla_nest_start(msg, NL80211_ATTR_SCAN_SSIDS);
10014 if (!nest)
10015 goto nla_put_failure;
10016 for (i = 0; i < req->n_ssids; i++) {
10017 if (nla_put(msg, i, req->ssids[i].ssid_len, req->ssids[i].ssid))
10018 goto nla_put_failure;
10019 }
10020 nla_nest_end(msg, nest);
10021
10022 nest = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQUENCIES);
10023 if (!nest)
10024 goto nla_put_failure;
10025 for (i = 0; i < req->n_channels; i++) {
10026 if (nla_put_u32(msg, i, req->channels[i]->center_freq))
10027 goto nla_put_failure;
10028 }
10029 nla_nest_end(msg, nest);
10030
10031 if (req->ie &&
10032 nla_put(msg, NL80211_ATTR_IE, req->ie_len, req->ie))
10033 goto nla_put_failure;
10034
10035 if (req->flags &&
10036 nla_put_u32(msg, NL80211_ATTR_SCAN_FLAGS, req->flags))
10037 goto nla_put_failure;
10038
10039 return 0;
10040 nla_put_failure:
10041 return -ENOBUFS;
10042 }
10043
10044 static int nl80211_send_scan_msg(struct sk_buff *msg,
10045 struct cfg80211_registered_device *rdev,
10046 struct wireless_dev *wdev,
10047 u32 portid, u32 seq, int flags,
10048 u32 cmd)
10049 {
10050 void *hdr;
10051
10052 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
10053 if (!hdr)
10054 return -1;
10055
10056 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10057 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
10058 wdev->netdev->ifindex)) ||
10059 nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
10060 goto nla_put_failure;
10061
10062 /* ignore errors and send incomplete event anyway */
10063 nl80211_add_scan_req(msg, rdev);
10064
10065 return genlmsg_end(msg, hdr);
10066
10067 nla_put_failure:
10068 genlmsg_cancel(msg, hdr);
10069 return -EMSGSIZE;
10070 }
10071
10072 static int
10073 nl80211_send_sched_scan_msg(struct sk_buff *msg,
10074 struct cfg80211_registered_device *rdev,
10075 struct net_device *netdev,
10076 u32 portid, u32 seq, int flags, u32 cmd)
10077 {
10078 void *hdr;
10079
10080 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
10081 if (!hdr)
10082 return -1;
10083
10084 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10085 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
10086 goto nla_put_failure;
10087
10088 return genlmsg_end(msg, hdr);
10089
10090 nla_put_failure:
10091 genlmsg_cancel(msg, hdr);
10092 return -EMSGSIZE;
10093 }
10094
10095 void nl80211_send_scan_start(struct cfg80211_registered_device *rdev,
10096 struct wireless_dev *wdev)
10097 {
10098 struct sk_buff *msg;
10099
10100 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
10101 if (!msg)
10102 return;
10103
10104 if (nl80211_send_scan_msg(msg, rdev, wdev, 0, 0, 0,
10105 NL80211_CMD_TRIGGER_SCAN) < 0) {
10106 nlmsg_free(msg);
10107 return;
10108 }
10109
10110 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10111 NL80211_MCGRP_SCAN, GFP_KERNEL);
10112 }
10113
10114 void nl80211_send_scan_done(struct cfg80211_registered_device *rdev,
10115 struct wireless_dev *wdev)
10116 {
10117 struct sk_buff *msg;
10118
10119 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
10120 if (!msg)
10121 return;
10122
10123 if (nl80211_send_scan_msg(msg, rdev, wdev, 0, 0, 0,
10124 NL80211_CMD_NEW_SCAN_RESULTS) < 0) {
10125 nlmsg_free(msg);
10126 return;
10127 }
10128
10129 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10130 NL80211_MCGRP_SCAN, GFP_KERNEL);
10131 }
10132
10133 void nl80211_send_scan_aborted(struct cfg80211_registered_device *rdev,
10134 struct wireless_dev *wdev)
10135 {
10136 struct sk_buff *msg;
10137
10138 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
10139 if (!msg)
10140 return;
10141
10142 if (nl80211_send_scan_msg(msg, rdev, wdev, 0, 0, 0,
10143 NL80211_CMD_SCAN_ABORTED) < 0) {
10144 nlmsg_free(msg);
10145 return;
10146 }
10147
10148 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10149 NL80211_MCGRP_SCAN, GFP_KERNEL);
10150 }
10151
10152 void nl80211_send_sched_scan_results(struct cfg80211_registered_device *rdev,
10153 struct net_device *netdev)
10154 {
10155 struct sk_buff *msg;
10156
10157 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
10158 if (!msg)
10159 return;
10160
10161 if (nl80211_send_sched_scan_msg(msg, rdev, netdev, 0, 0, 0,
10162 NL80211_CMD_SCHED_SCAN_RESULTS) < 0) {
10163 nlmsg_free(msg);
10164 return;
10165 }
10166
10167 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10168 NL80211_MCGRP_SCAN, GFP_KERNEL);
10169 }
10170
10171 void nl80211_send_sched_scan(struct cfg80211_registered_device *rdev,
10172 struct net_device *netdev, u32 cmd)
10173 {
10174 struct sk_buff *msg;
10175
10176 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
10177 if (!msg)
10178 return;
10179
10180 if (nl80211_send_sched_scan_msg(msg, rdev, netdev, 0, 0, 0, cmd) < 0) {
10181 nlmsg_free(msg);
10182 return;
10183 }
10184
10185 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10186 NL80211_MCGRP_SCAN, GFP_KERNEL);
10187 }
10188
10189 /*
10190 * This can happen on global regulatory changes or device specific settings
10191 * based on custom world regulatory domains.
10192 */
10193 void nl80211_send_reg_change_event(struct regulatory_request *request)
10194 {
10195 struct sk_buff *msg;
10196 void *hdr;
10197
10198 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
10199 if (!msg)
10200 return;
10201
10202 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_CHANGE);
10203 if (!hdr) {
10204 nlmsg_free(msg);
10205 return;
10206 }
10207
10208 /* Userspace can always count this one always being set */
10209 if (nla_put_u8(msg, NL80211_ATTR_REG_INITIATOR, request->initiator))
10210 goto nla_put_failure;
10211
10212 if (request->alpha2[0] == '0' && request->alpha2[1] == '0') {
10213 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
10214 NL80211_REGDOM_TYPE_WORLD))
10215 goto nla_put_failure;
10216 } else if (request->alpha2[0] == '9' && request->alpha2[1] == '9') {
10217 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
10218 NL80211_REGDOM_TYPE_CUSTOM_WORLD))
10219 goto nla_put_failure;
10220 } else if ((request->alpha2[0] == '9' && request->alpha2[1] == '8') ||
10221 request->intersect) {
10222 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
10223 NL80211_REGDOM_TYPE_INTERSECTION))
10224 goto nla_put_failure;
10225 } else {
10226 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
10227 NL80211_REGDOM_TYPE_COUNTRY) ||
10228 nla_put_string(msg, NL80211_ATTR_REG_ALPHA2,
10229 request->alpha2))
10230 goto nla_put_failure;
10231 }
10232
10233 if (request->wiphy_idx != WIPHY_IDX_INVALID &&
10234 nla_put_u32(msg, NL80211_ATTR_WIPHY, request->wiphy_idx))
10235 goto nla_put_failure;
10236
10237 genlmsg_end(msg, hdr);
10238
10239 rcu_read_lock();
10240 genlmsg_multicast_allns(&nl80211_fam, msg, 0,
10241 NL80211_MCGRP_REGULATORY, GFP_ATOMIC);
10242 rcu_read_unlock();
10243
10244 return;
10245
10246 nla_put_failure:
10247 genlmsg_cancel(msg, hdr);
10248 nlmsg_free(msg);
10249 }
10250
10251 static void nl80211_send_mlme_event(struct cfg80211_registered_device *rdev,
10252 struct net_device *netdev,
10253 const u8 *buf, size_t len,
10254 enum nl80211_commands cmd, gfp_t gfp)
10255 {
10256 struct sk_buff *msg;
10257 void *hdr;
10258
10259 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10260 if (!msg)
10261 return;
10262
10263 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
10264 if (!hdr) {
10265 nlmsg_free(msg);
10266 return;
10267 }
10268
10269 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10270 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
10271 nla_put(msg, NL80211_ATTR_FRAME, len, buf))
10272 goto nla_put_failure;
10273
10274 genlmsg_end(msg, hdr);
10275
10276 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10277 NL80211_MCGRP_MLME, gfp);
10278 return;
10279
10280 nla_put_failure:
10281 genlmsg_cancel(msg, hdr);
10282 nlmsg_free(msg);
10283 }
10284
10285 void nl80211_send_rx_auth(struct cfg80211_registered_device *rdev,
10286 struct net_device *netdev, const u8 *buf,
10287 size_t len, gfp_t gfp)
10288 {
10289 nl80211_send_mlme_event(rdev, netdev, buf, len,
10290 NL80211_CMD_AUTHENTICATE, gfp);
10291 }
10292
10293 void nl80211_send_rx_assoc(struct cfg80211_registered_device *rdev,
10294 struct net_device *netdev, const u8 *buf,
10295 size_t len, gfp_t gfp)
10296 {
10297 nl80211_send_mlme_event(rdev, netdev, buf, len,
10298 NL80211_CMD_ASSOCIATE, gfp);
10299 }
10300
10301 void nl80211_send_deauth(struct cfg80211_registered_device *rdev,
10302 struct net_device *netdev, const u8 *buf,
10303 size_t len, gfp_t gfp)
10304 {
10305 nl80211_send_mlme_event(rdev, netdev, buf, len,
10306 NL80211_CMD_DEAUTHENTICATE, gfp);
10307 }
10308
10309 void nl80211_send_disassoc(struct cfg80211_registered_device *rdev,
10310 struct net_device *netdev, const u8 *buf,
10311 size_t len, gfp_t gfp)
10312 {
10313 nl80211_send_mlme_event(rdev, netdev, buf, len,
10314 NL80211_CMD_DISASSOCIATE, gfp);
10315 }
10316
10317 void cfg80211_rx_unprot_mlme_mgmt(struct net_device *dev, const u8 *buf,
10318 size_t len)
10319 {
10320 struct wireless_dev *wdev = dev->ieee80211_ptr;
10321 struct wiphy *wiphy = wdev->wiphy;
10322 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
10323 const struct ieee80211_mgmt *mgmt = (void *)buf;
10324 u32 cmd;
10325
10326 if (WARN_ON(len < 2))
10327 return;
10328
10329 if (ieee80211_is_deauth(mgmt->frame_control))
10330 cmd = NL80211_CMD_UNPROT_DEAUTHENTICATE;
10331 else
10332 cmd = NL80211_CMD_UNPROT_DISASSOCIATE;
10333
10334 trace_cfg80211_rx_unprot_mlme_mgmt(dev, buf, len);
10335 nl80211_send_mlme_event(rdev, dev, buf, len, cmd, GFP_ATOMIC);
10336 }
10337 EXPORT_SYMBOL(cfg80211_rx_unprot_mlme_mgmt);
10338
10339 static void nl80211_send_mlme_timeout(struct cfg80211_registered_device *rdev,
10340 struct net_device *netdev, int cmd,
10341 const u8 *addr, gfp_t gfp)
10342 {
10343 struct sk_buff *msg;
10344 void *hdr;
10345
10346 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10347 if (!msg)
10348 return;
10349
10350 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
10351 if (!hdr) {
10352 nlmsg_free(msg);
10353 return;
10354 }
10355
10356 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10357 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
10358 nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) ||
10359 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
10360 goto nla_put_failure;
10361
10362 genlmsg_end(msg, hdr);
10363
10364 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10365 NL80211_MCGRP_MLME, gfp);
10366 return;
10367
10368 nla_put_failure:
10369 genlmsg_cancel(msg, hdr);
10370 nlmsg_free(msg);
10371 }
10372
10373 void nl80211_send_auth_timeout(struct cfg80211_registered_device *rdev,
10374 struct net_device *netdev, const u8 *addr,
10375 gfp_t gfp)
10376 {
10377 nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_AUTHENTICATE,
10378 addr, gfp);
10379 }
10380
10381 void nl80211_send_assoc_timeout(struct cfg80211_registered_device *rdev,
10382 struct net_device *netdev, const u8 *addr,
10383 gfp_t gfp)
10384 {
10385 nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_ASSOCIATE,
10386 addr, gfp);
10387 }
10388
10389 void nl80211_send_connect_result(struct cfg80211_registered_device *rdev,
10390 struct net_device *netdev, const u8 *bssid,
10391 const u8 *req_ie, size_t req_ie_len,
10392 const u8 *resp_ie, size_t resp_ie_len,
10393 u16 status, gfp_t gfp)
10394 {
10395 struct sk_buff *msg;
10396 void *hdr;
10397
10398 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10399 if (!msg)
10400 return;
10401
10402 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONNECT);
10403 if (!hdr) {
10404 nlmsg_free(msg);
10405 return;
10406 }
10407
10408 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10409 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
10410 (bssid && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid)) ||
10411 nla_put_u16(msg, NL80211_ATTR_STATUS_CODE, status) ||
10412 (req_ie &&
10413 nla_put(msg, NL80211_ATTR_REQ_IE, req_ie_len, req_ie)) ||
10414 (resp_ie &&
10415 nla_put(msg, NL80211_ATTR_RESP_IE, resp_ie_len, resp_ie)))
10416 goto nla_put_failure;
10417
10418 genlmsg_end(msg, hdr);
10419
10420 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10421 NL80211_MCGRP_MLME, gfp);
10422 return;
10423
10424 nla_put_failure:
10425 genlmsg_cancel(msg, hdr);
10426 nlmsg_free(msg);
10427
10428 }
10429
10430 void nl80211_send_roamed(struct cfg80211_registered_device *rdev,
10431 struct net_device *netdev, const u8 *bssid,
10432 const u8 *req_ie, size_t req_ie_len,
10433 const u8 *resp_ie, size_t resp_ie_len, gfp_t gfp)
10434 {
10435 struct sk_buff *msg;
10436 void *hdr;
10437
10438 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10439 if (!msg)
10440 return;
10441
10442 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ROAM);
10443 if (!hdr) {
10444 nlmsg_free(msg);
10445 return;
10446 }
10447
10448 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10449 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
10450 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid) ||
10451 (req_ie &&
10452 nla_put(msg, NL80211_ATTR_REQ_IE, req_ie_len, req_ie)) ||
10453 (resp_ie &&
10454 nla_put(msg, NL80211_ATTR_RESP_IE, resp_ie_len, resp_ie)))
10455 goto nla_put_failure;
10456
10457 genlmsg_end(msg, hdr);
10458
10459 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10460 NL80211_MCGRP_MLME, gfp);
10461 return;
10462
10463 nla_put_failure:
10464 genlmsg_cancel(msg, hdr);
10465 nlmsg_free(msg);
10466
10467 }
10468
10469 void nl80211_send_disconnected(struct cfg80211_registered_device *rdev,
10470 struct net_device *netdev, u16 reason,
10471 const u8 *ie, size_t ie_len, bool from_ap)
10472 {
10473 struct sk_buff *msg;
10474 void *hdr;
10475
10476 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
10477 if (!msg)
10478 return;
10479
10480 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DISCONNECT);
10481 if (!hdr) {
10482 nlmsg_free(msg);
10483 return;
10484 }
10485
10486 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10487 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
10488 (from_ap && reason &&
10489 nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason)) ||
10490 (from_ap &&
10491 nla_put_flag(msg, NL80211_ATTR_DISCONNECTED_BY_AP)) ||
10492 (ie && nla_put(msg, NL80211_ATTR_IE, ie_len, ie)))
10493 goto nla_put_failure;
10494
10495 genlmsg_end(msg, hdr);
10496
10497 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10498 NL80211_MCGRP_MLME, GFP_KERNEL);
10499 return;
10500
10501 nla_put_failure:
10502 genlmsg_cancel(msg, hdr);
10503 nlmsg_free(msg);
10504
10505 }
10506
10507 void nl80211_send_ibss_bssid(struct cfg80211_registered_device *rdev,
10508 struct net_device *netdev, const u8 *bssid,
10509 gfp_t gfp)
10510 {
10511 struct sk_buff *msg;
10512 void *hdr;
10513
10514 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10515 if (!msg)
10516 return;
10517
10518 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_JOIN_IBSS);
10519 if (!hdr) {
10520 nlmsg_free(msg);
10521 return;
10522 }
10523
10524 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10525 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
10526 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
10527 goto nla_put_failure;
10528
10529 genlmsg_end(msg, hdr);
10530
10531 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10532 NL80211_MCGRP_MLME, gfp);
10533 return;
10534
10535 nla_put_failure:
10536 genlmsg_cancel(msg, hdr);
10537 nlmsg_free(msg);
10538 }
10539
10540 void cfg80211_notify_new_peer_candidate(struct net_device *dev, const u8 *addr,
10541 const u8* ie, u8 ie_len, gfp_t gfp)
10542 {
10543 struct wireless_dev *wdev = dev->ieee80211_ptr;
10544 struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy);
10545 struct sk_buff *msg;
10546 void *hdr;
10547
10548 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_MESH_POINT))
10549 return;
10550
10551 trace_cfg80211_notify_new_peer_candidate(dev, addr);
10552
10553 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10554 if (!msg)
10555 return;
10556
10557 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NEW_PEER_CANDIDATE);
10558 if (!hdr) {
10559 nlmsg_free(msg);
10560 return;
10561 }
10562
10563 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10564 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
10565 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
10566 (ie_len && ie &&
10567 nla_put(msg, NL80211_ATTR_IE, ie_len , ie)))
10568 goto nla_put_failure;
10569
10570 genlmsg_end(msg, hdr);
10571
10572 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10573 NL80211_MCGRP_MLME, gfp);
10574 return;
10575
10576 nla_put_failure:
10577 genlmsg_cancel(msg, hdr);
10578 nlmsg_free(msg);
10579 }
10580 EXPORT_SYMBOL(cfg80211_notify_new_peer_candidate);
10581
10582 void nl80211_michael_mic_failure(struct cfg80211_registered_device *rdev,
10583 struct net_device *netdev, const u8 *addr,
10584 enum nl80211_key_type key_type, int key_id,
10585 const u8 *tsc, gfp_t gfp)
10586 {
10587 struct sk_buff *msg;
10588 void *hdr;
10589
10590 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10591 if (!msg)
10592 return;
10593
10594 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_MICHAEL_MIC_FAILURE);
10595 if (!hdr) {
10596 nlmsg_free(msg);
10597 return;
10598 }
10599
10600 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10601 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
10602 (addr && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) ||
10603 nla_put_u32(msg, NL80211_ATTR_KEY_TYPE, key_type) ||
10604 (key_id != -1 &&
10605 nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_id)) ||
10606 (tsc && nla_put(msg, NL80211_ATTR_KEY_SEQ, 6, tsc)))
10607 goto nla_put_failure;
10608
10609 genlmsg_end(msg, hdr);
10610
10611 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10612 NL80211_MCGRP_MLME, gfp);
10613 return;
10614
10615 nla_put_failure:
10616 genlmsg_cancel(msg, hdr);
10617 nlmsg_free(msg);
10618 }
10619
10620 void nl80211_send_beacon_hint_event(struct wiphy *wiphy,
10621 struct ieee80211_channel *channel_before,
10622 struct ieee80211_channel *channel_after)
10623 {
10624 struct sk_buff *msg;
10625 void *hdr;
10626 struct nlattr *nl_freq;
10627
10628 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC);
10629 if (!msg)
10630 return;
10631
10632 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_BEACON_HINT);
10633 if (!hdr) {
10634 nlmsg_free(msg);
10635 return;
10636 }
10637
10638 /*
10639 * Since we are applying the beacon hint to a wiphy we know its
10640 * wiphy_idx is valid
10641 */
10642 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
10643 goto nla_put_failure;
10644
10645 /* Before */
10646 nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_BEFORE);
10647 if (!nl_freq)
10648 goto nla_put_failure;
10649 if (nl80211_msg_put_channel(msg, channel_before, false))
10650 goto nla_put_failure;
10651 nla_nest_end(msg, nl_freq);
10652
10653 /* After */
10654 nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_AFTER);
10655 if (!nl_freq)
10656 goto nla_put_failure;
10657 if (nl80211_msg_put_channel(msg, channel_after, false))
10658 goto nla_put_failure;
10659 nla_nest_end(msg, nl_freq);
10660
10661 genlmsg_end(msg, hdr);
10662
10663 rcu_read_lock();
10664 genlmsg_multicast_allns(&nl80211_fam, msg, 0,
10665 NL80211_MCGRP_REGULATORY, GFP_ATOMIC);
10666 rcu_read_unlock();
10667
10668 return;
10669
10670 nla_put_failure:
10671 genlmsg_cancel(msg, hdr);
10672 nlmsg_free(msg);
10673 }
10674
10675 static void nl80211_send_remain_on_chan_event(
10676 int cmd, struct cfg80211_registered_device *rdev,
10677 struct wireless_dev *wdev, u64 cookie,
10678 struct ieee80211_channel *chan,
10679 unsigned int duration, gfp_t gfp)
10680 {
10681 struct sk_buff *msg;
10682 void *hdr;
10683
10684 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10685 if (!msg)
10686 return;
10687
10688 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
10689 if (!hdr) {
10690 nlmsg_free(msg);
10691 return;
10692 }
10693
10694 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10695 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
10696 wdev->netdev->ifindex)) ||
10697 nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)) ||
10698 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, chan->center_freq) ||
10699 nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
10700 NL80211_CHAN_NO_HT) ||
10701 nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie))
10702 goto nla_put_failure;
10703
10704 if (cmd == NL80211_CMD_REMAIN_ON_CHANNEL &&
10705 nla_put_u32(msg, NL80211_ATTR_DURATION, duration))
10706 goto nla_put_failure;
10707
10708 genlmsg_end(msg, hdr);
10709
10710 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10711 NL80211_MCGRP_MLME, gfp);
10712 return;
10713
10714 nla_put_failure:
10715 genlmsg_cancel(msg, hdr);
10716 nlmsg_free(msg);
10717 }
10718
10719 void cfg80211_ready_on_channel(struct wireless_dev *wdev, u64 cookie,
10720 struct ieee80211_channel *chan,
10721 unsigned int duration, gfp_t gfp)
10722 {
10723 struct wiphy *wiphy = wdev->wiphy;
10724 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
10725
10726 trace_cfg80211_ready_on_channel(wdev, cookie, chan, duration);
10727 nl80211_send_remain_on_chan_event(NL80211_CMD_REMAIN_ON_CHANNEL,
10728 rdev, wdev, cookie, chan,
10729 duration, gfp);
10730 }
10731 EXPORT_SYMBOL(cfg80211_ready_on_channel);
10732
10733 void cfg80211_remain_on_channel_expired(struct wireless_dev *wdev, u64 cookie,
10734 struct ieee80211_channel *chan,
10735 gfp_t gfp)
10736 {
10737 struct wiphy *wiphy = wdev->wiphy;
10738 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
10739
10740 trace_cfg80211_ready_on_channel_expired(wdev, cookie, chan);
10741 nl80211_send_remain_on_chan_event(NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
10742 rdev, wdev, cookie, chan, 0, gfp);
10743 }
10744 EXPORT_SYMBOL(cfg80211_remain_on_channel_expired);
10745
10746 void cfg80211_new_sta(struct net_device *dev, const u8 *mac_addr,
10747 struct station_info *sinfo, gfp_t gfp)
10748 {
10749 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
10750 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
10751 struct sk_buff *msg;
10752
10753 trace_cfg80211_new_sta(dev, mac_addr, sinfo);
10754
10755 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10756 if (!msg)
10757 return;
10758
10759 if (nl80211_send_station(msg, 0, 0, 0,
10760 rdev, dev, mac_addr, sinfo) < 0) {
10761 nlmsg_free(msg);
10762 return;
10763 }
10764
10765 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10766 NL80211_MCGRP_MLME, gfp);
10767 }
10768 EXPORT_SYMBOL(cfg80211_new_sta);
10769
10770 void cfg80211_del_sta(struct net_device *dev, const u8 *mac_addr, gfp_t gfp)
10771 {
10772 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
10773 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
10774 struct sk_buff *msg;
10775 void *hdr;
10776
10777 trace_cfg80211_del_sta(dev, mac_addr);
10778
10779 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10780 if (!msg)
10781 return;
10782
10783 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DEL_STATION);
10784 if (!hdr) {
10785 nlmsg_free(msg);
10786 return;
10787 }
10788
10789 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
10790 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr))
10791 goto nla_put_failure;
10792
10793 genlmsg_end(msg, hdr);
10794
10795 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10796 NL80211_MCGRP_MLME, gfp);
10797 return;
10798
10799 nla_put_failure:
10800 genlmsg_cancel(msg, hdr);
10801 nlmsg_free(msg);
10802 }
10803 EXPORT_SYMBOL(cfg80211_del_sta);
10804
10805 void cfg80211_conn_failed(struct net_device *dev, const u8 *mac_addr,
10806 enum nl80211_connect_failed_reason reason,
10807 gfp_t gfp)
10808 {
10809 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
10810 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
10811 struct sk_buff *msg;
10812 void *hdr;
10813
10814 msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
10815 if (!msg)
10816 return;
10817
10818 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONN_FAILED);
10819 if (!hdr) {
10820 nlmsg_free(msg);
10821 return;
10822 }
10823
10824 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
10825 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
10826 nla_put_u32(msg, NL80211_ATTR_CONN_FAILED_REASON, reason))
10827 goto nla_put_failure;
10828
10829 genlmsg_end(msg, hdr);
10830
10831 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10832 NL80211_MCGRP_MLME, gfp);
10833 return;
10834
10835 nla_put_failure:
10836 genlmsg_cancel(msg, hdr);
10837 nlmsg_free(msg);
10838 }
10839 EXPORT_SYMBOL(cfg80211_conn_failed);
10840
10841 static bool __nl80211_unexpected_frame(struct net_device *dev, u8 cmd,
10842 const u8 *addr, gfp_t gfp)
10843 {
10844 struct wireless_dev *wdev = dev->ieee80211_ptr;
10845 struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy);
10846 struct sk_buff *msg;
10847 void *hdr;
10848 u32 nlportid = ACCESS_ONCE(wdev->ap_unexpected_nlportid);
10849
10850 if (!nlportid)
10851 return false;
10852
10853 msg = nlmsg_new(100, gfp);
10854 if (!msg)
10855 return true;
10856
10857 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
10858 if (!hdr) {
10859 nlmsg_free(msg);
10860 return true;
10861 }
10862
10863 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10864 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
10865 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
10866 goto nla_put_failure;
10867
10868 genlmsg_end(msg, hdr);
10869 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
10870 return true;
10871
10872 nla_put_failure:
10873 genlmsg_cancel(msg, hdr);
10874 nlmsg_free(msg);
10875 return true;
10876 }
10877
10878 bool cfg80211_rx_spurious_frame(struct net_device *dev,
10879 const u8 *addr, gfp_t gfp)
10880 {
10881 struct wireless_dev *wdev = dev->ieee80211_ptr;
10882 bool ret;
10883
10884 trace_cfg80211_rx_spurious_frame(dev, addr);
10885
10886 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
10887 wdev->iftype != NL80211_IFTYPE_P2P_GO)) {
10888 trace_cfg80211_return_bool(false);
10889 return false;
10890 }
10891 ret = __nl80211_unexpected_frame(dev, NL80211_CMD_UNEXPECTED_FRAME,
10892 addr, gfp);
10893 trace_cfg80211_return_bool(ret);
10894 return ret;
10895 }
10896 EXPORT_SYMBOL(cfg80211_rx_spurious_frame);
10897
10898 bool cfg80211_rx_unexpected_4addr_frame(struct net_device *dev,
10899 const u8 *addr, gfp_t gfp)
10900 {
10901 struct wireless_dev *wdev = dev->ieee80211_ptr;
10902 bool ret;
10903
10904 trace_cfg80211_rx_unexpected_4addr_frame(dev, addr);
10905
10906 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
10907 wdev->iftype != NL80211_IFTYPE_P2P_GO &&
10908 wdev->iftype != NL80211_IFTYPE_AP_VLAN)) {
10909 trace_cfg80211_return_bool(false);
10910 return false;
10911 }
10912 ret = __nl80211_unexpected_frame(dev,
10913 NL80211_CMD_UNEXPECTED_4ADDR_FRAME,
10914 addr, gfp);
10915 trace_cfg80211_return_bool(ret);
10916 return ret;
10917 }
10918 EXPORT_SYMBOL(cfg80211_rx_unexpected_4addr_frame);
10919
10920 int nl80211_send_mgmt(struct cfg80211_registered_device *rdev,
10921 struct wireless_dev *wdev, u32 nlportid,
10922 int freq, int sig_dbm,
10923 const u8 *buf, size_t len, u32 flags, gfp_t gfp)
10924 {
10925 struct net_device *netdev = wdev->netdev;
10926 struct sk_buff *msg;
10927 void *hdr;
10928
10929 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10930 if (!msg)
10931 return -ENOMEM;
10932
10933 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
10934 if (!hdr) {
10935 nlmsg_free(msg);
10936 return -ENOMEM;
10937 }
10938
10939 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10940 (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
10941 netdev->ifindex)) ||
10942 nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)) ||
10943 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq) ||
10944 (sig_dbm &&
10945 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) ||
10946 nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
10947 (flags &&
10948 nla_put_u32(msg, NL80211_ATTR_RXMGMT_FLAGS, flags)))
10949 goto nla_put_failure;
10950
10951 genlmsg_end(msg, hdr);
10952
10953 return genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
10954
10955 nla_put_failure:
10956 genlmsg_cancel(msg, hdr);
10957 nlmsg_free(msg);
10958 return -ENOBUFS;
10959 }
10960
10961 void cfg80211_mgmt_tx_status(struct wireless_dev *wdev, u64 cookie,
10962 const u8 *buf, size_t len, bool ack, gfp_t gfp)
10963 {
10964 struct wiphy *wiphy = wdev->wiphy;
10965 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
10966 struct net_device *netdev = wdev->netdev;
10967 struct sk_buff *msg;
10968 void *hdr;
10969
10970 trace_cfg80211_mgmt_tx_status(wdev, cookie, ack);
10971
10972 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10973 if (!msg)
10974 return;
10975
10976 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME_TX_STATUS);
10977 if (!hdr) {
10978 nlmsg_free(msg);
10979 return;
10980 }
10981
10982 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10983 (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
10984 netdev->ifindex)) ||
10985 nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)) ||
10986 nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
10987 nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie) ||
10988 (ack && nla_put_flag(msg, NL80211_ATTR_ACK)))
10989 goto nla_put_failure;
10990
10991 genlmsg_end(msg, hdr);
10992
10993 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10994 NL80211_MCGRP_MLME, gfp);
10995 return;
10996
10997 nla_put_failure:
10998 genlmsg_cancel(msg, hdr);
10999 nlmsg_free(msg);
11000 }
11001 EXPORT_SYMBOL(cfg80211_mgmt_tx_status);
11002
11003 void cfg80211_cqm_rssi_notify(struct net_device *dev,
11004 enum nl80211_cqm_rssi_threshold_event rssi_event,
11005 gfp_t gfp)
11006 {
11007 struct wireless_dev *wdev = dev->ieee80211_ptr;
11008 struct wiphy *wiphy = wdev->wiphy;
11009 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
11010 struct sk_buff *msg;
11011 struct nlattr *pinfoattr;
11012 void *hdr;
11013
11014 trace_cfg80211_cqm_rssi_notify(dev, rssi_event);
11015
11016 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11017 if (!msg)
11018 return;
11019
11020 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM);
11021 if (!hdr) {
11022 nlmsg_free(msg);
11023 return;
11024 }
11025
11026 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11027 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
11028 goto nla_put_failure;
11029
11030 pinfoattr = nla_nest_start(msg, NL80211_ATTR_CQM);
11031 if (!pinfoattr)
11032 goto nla_put_failure;
11033
11034 if (nla_put_u32(msg, NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT,
11035 rssi_event))
11036 goto nla_put_failure;
11037
11038 nla_nest_end(msg, pinfoattr);
11039
11040 genlmsg_end(msg, hdr);
11041
11042 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11043 NL80211_MCGRP_MLME, gfp);
11044 return;
11045
11046 nla_put_failure:
11047 genlmsg_cancel(msg, hdr);
11048 nlmsg_free(msg);
11049 }
11050 EXPORT_SYMBOL(cfg80211_cqm_rssi_notify);
11051
11052 static void nl80211_gtk_rekey_notify(struct cfg80211_registered_device *rdev,
11053 struct net_device *netdev, const u8 *bssid,
11054 const u8 *replay_ctr, gfp_t gfp)
11055 {
11056 struct sk_buff *msg;
11057 struct nlattr *rekey_attr;
11058 void *hdr;
11059
11060 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11061 if (!msg)
11062 return;
11063
11064 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_REKEY_OFFLOAD);
11065 if (!hdr) {
11066 nlmsg_free(msg);
11067 return;
11068 }
11069
11070 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11071 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
11072 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
11073 goto nla_put_failure;
11074
11075 rekey_attr = nla_nest_start(msg, NL80211_ATTR_REKEY_DATA);
11076 if (!rekey_attr)
11077 goto nla_put_failure;
11078
11079 if (nla_put(msg, NL80211_REKEY_DATA_REPLAY_CTR,
11080 NL80211_REPLAY_CTR_LEN, replay_ctr))
11081 goto nla_put_failure;
11082
11083 nla_nest_end(msg, rekey_attr);
11084
11085 genlmsg_end(msg, hdr);
11086
11087 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11088 NL80211_MCGRP_MLME, gfp);
11089 return;
11090
11091 nla_put_failure:
11092 genlmsg_cancel(msg, hdr);
11093 nlmsg_free(msg);
11094 }
11095
11096 void cfg80211_gtk_rekey_notify(struct net_device *dev, const u8 *bssid,
11097 const u8 *replay_ctr, gfp_t gfp)
11098 {
11099 struct wireless_dev *wdev = dev->ieee80211_ptr;
11100 struct wiphy *wiphy = wdev->wiphy;
11101 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
11102
11103 trace_cfg80211_gtk_rekey_notify(dev, bssid);
11104 nl80211_gtk_rekey_notify(rdev, dev, bssid, replay_ctr, gfp);
11105 }
11106 EXPORT_SYMBOL(cfg80211_gtk_rekey_notify);
11107
11108 static void
11109 nl80211_pmksa_candidate_notify(struct cfg80211_registered_device *rdev,
11110 struct net_device *netdev, int index,
11111 const u8 *bssid, bool preauth, gfp_t gfp)
11112 {
11113 struct sk_buff *msg;
11114 struct nlattr *attr;
11115 void *hdr;
11116
11117 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11118 if (!msg)
11119 return;
11120
11121 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PMKSA_CANDIDATE);
11122 if (!hdr) {
11123 nlmsg_free(msg);
11124 return;
11125 }
11126
11127 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11128 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
11129 goto nla_put_failure;
11130
11131 attr = nla_nest_start(msg, NL80211_ATTR_PMKSA_CANDIDATE);
11132 if (!attr)
11133 goto nla_put_failure;
11134
11135 if (nla_put_u32(msg, NL80211_PMKSA_CANDIDATE_INDEX, index) ||
11136 nla_put(msg, NL80211_PMKSA_CANDIDATE_BSSID, ETH_ALEN, bssid) ||
11137 (preauth &&
11138 nla_put_flag(msg, NL80211_PMKSA_CANDIDATE_PREAUTH)))
11139 goto nla_put_failure;
11140
11141 nla_nest_end(msg, attr);
11142
11143 genlmsg_end(msg, hdr);
11144
11145 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11146 NL80211_MCGRP_MLME, gfp);
11147 return;
11148
11149 nla_put_failure:
11150 genlmsg_cancel(msg, hdr);
11151 nlmsg_free(msg);
11152 }
11153
11154 void cfg80211_pmksa_candidate_notify(struct net_device *dev, int index,
11155 const u8 *bssid, bool preauth, gfp_t gfp)
11156 {
11157 struct wireless_dev *wdev = dev->ieee80211_ptr;
11158 struct wiphy *wiphy = wdev->wiphy;
11159 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
11160
11161 trace_cfg80211_pmksa_candidate_notify(dev, index, bssid, preauth);
11162 nl80211_pmksa_candidate_notify(rdev, dev, index, bssid, preauth, gfp);
11163 }
11164 EXPORT_SYMBOL(cfg80211_pmksa_candidate_notify);
11165
11166 static void nl80211_ch_switch_notify(struct cfg80211_registered_device *rdev,
11167 struct net_device *netdev,
11168 struct cfg80211_chan_def *chandef,
11169 gfp_t gfp)
11170 {
11171 struct sk_buff *msg;
11172 void *hdr;
11173
11174 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11175 if (!msg)
11176 return;
11177
11178 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CH_SWITCH_NOTIFY);
11179 if (!hdr) {
11180 nlmsg_free(msg);
11181 return;
11182 }
11183
11184 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
11185 goto nla_put_failure;
11186
11187 if (nl80211_send_chandef(msg, chandef))
11188 goto nla_put_failure;
11189
11190 genlmsg_end(msg, hdr);
11191
11192 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11193 NL80211_MCGRP_MLME, gfp);
11194 return;
11195
11196 nla_put_failure:
11197 genlmsg_cancel(msg, hdr);
11198 nlmsg_free(msg);
11199 }
11200
11201 void cfg80211_ch_switch_notify(struct net_device *dev,
11202 struct cfg80211_chan_def *chandef)
11203 {
11204 struct wireless_dev *wdev = dev->ieee80211_ptr;
11205 struct wiphy *wiphy = wdev->wiphy;
11206 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
11207
11208 ASSERT_WDEV_LOCK(wdev);
11209
11210 trace_cfg80211_ch_switch_notify(dev, chandef);
11211
11212 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
11213 wdev->iftype != NL80211_IFTYPE_P2P_GO &&
11214 wdev->iftype != NL80211_IFTYPE_ADHOC &&
11215 wdev->iftype != NL80211_IFTYPE_MESH_POINT))
11216 return;
11217
11218 wdev->channel = chandef->chan;
11219 wdev->preset_chandef = *chandef;
11220 nl80211_ch_switch_notify(rdev, dev, chandef, GFP_KERNEL);
11221 }
11222 EXPORT_SYMBOL(cfg80211_ch_switch_notify);
11223
11224 void cfg80211_cqm_txe_notify(struct net_device *dev,
11225 const u8 *peer, u32 num_packets,
11226 u32 rate, u32 intvl, gfp_t gfp)
11227 {
11228 struct wireless_dev *wdev = dev->ieee80211_ptr;
11229 struct wiphy *wiphy = wdev->wiphy;
11230 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
11231 struct sk_buff *msg;
11232 struct nlattr *pinfoattr;
11233 void *hdr;
11234
11235 msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
11236 if (!msg)
11237 return;
11238
11239 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM);
11240 if (!hdr) {
11241 nlmsg_free(msg);
11242 return;
11243 }
11244
11245 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11246 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
11247 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer))
11248 goto nla_put_failure;
11249
11250 pinfoattr = nla_nest_start(msg, NL80211_ATTR_CQM);
11251 if (!pinfoattr)
11252 goto nla_put_failure;
11253
11254 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_PKTS, num_packets))
11255 goto nla_put_failure;
11256
11257 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_RATE, rate))
11258 goto nla_put_failure;
11259
11260 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_INTVL, intvl))
11261 goto nla_put_failure;
11262
11263 nla_nest_end(msg, pinfoattr);
11264
11265 genlmsg_end(msg, hdr);
11266
11267 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11268 NL80211_MCGRP_MLME, gfp);
11269 return;
11270
11271 nla_put_failure:
11272 genlmsg_cancel(msg, hdr);
11273 nlmsg_free(msg);
11274 }
11275 EXPORT_SYMBOL(cfg80211_cqm_txe_notify);
11276
11277 void
11278 nl80211_radar_notify(struct cfg80211_registered_device *rdev,
11279 const struct cfg80211_chan_def *chandef,
11280 enum nl80211_radar_event event,
11281 struct net_device *netdev, gfp_t gfp)
11282 {
11283 struct sk_buff *msg;
11284 void *hdr;
11285
11286 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11287 if (!msg)
11288 return;
11289
11290 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_RADAR_DETECT);
11291 if (!hdr) {
11292 nlmsg_free(msg);
11293 return;
11294 }
11295
11296 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
11297 goto nla_put_failure;
11298
11299 /* NOP and radar events don't need a netdev parameter */
11300 if (netdev) {
11301 struct wireless_dev *wdev = netdev->ieee80211_ptr;
11302
11303 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
11304 nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
11305 goto nla_put_failure;
11306 }
11307
11308 if (nla_put_u32(msg, NL80211_ATTR_RADAR_EVENT, event))
11309 goto nla_put_failure;
11310
11311 if (nl80211_send_chandef(msg, chandef))
11312 goto nla_put_failure;
11313
11314 genlmsg_end(msg, hdr);
11315
11316 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11317 NL80211_MCGRP_MLME, gfp);
11318 return;
11319
11320 nla_put_failure:
11321 genlmsg_cancel(msg, hdr);
11322 nlmsg_free(msg);
11323 }
11324
11325 void cfg80211_cqm_pktloss_notify(struct net_device *dev,
11326 const u8 *peer, u32 num_packets, gfp_t gfp)
11327 {
11328 struct wireless_dev *wdev = dev->ieee80211_ptr;
11329 struct wiphy *wiphy = wdev->wiphy;
11330 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
11331 struct sk_buff *msg;
11332 struct nlattr *pinfoattr;
11333 void *hdr;
11334
11335 trace_cfg80211_cqm_pktloss_notify(dev, peer, num_packets);
11336
11337 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11338 if (!msg)
11339 return;
11340
11341 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM);
11342 if (!hdr) {
11343 nlmsg_free(msg);
11344 return;
11345 }
11346
11347 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11348 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
11349 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer))
11350 goto nla_put_failure;
11351
11352 pinfoattr = nla_nest_start(msg, NL80211_ATTR_CQM);
11353 if (!pinfoattr)
11354 goto nla_put_failure;
11355
11356 if (nla_put_u32(msg, NL80211_ATTR_CQM_PKT_LOSS_EVENT, num_packets))
11357 goto nla_put_failure;
11358
11359 nla_nest_end(msg, pinfoattr);
11360
11361 genlmsg_end(msg, hdr);
11362
11363 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11364 NL80211_MCGRP_MLME, gfp);
11365 return;
11366
11367 nla_put_failure:
11368 genlmsg_cancel(msg, hdr);
11369 nlmsg_free(msg);
11370 }
11371 EXPORT_SYMBOL(cfg80211_cqm_pktloss_notify);
11372
11373 void cfg80211_probe_status(struct net_device *dev, const u8 *addr,
11374 u64 cookie, bool acked, gfp_t gfp)
11375 {
11376 struct wireless_dev *wdev = dev->ieee80211_ptr;
11377 struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy);
11378 struct sk_buff *msg;
11379 void *hdr;
11380
11381 trace_cfg80211_probe_status(dev, addr, cookie, acked);
11382
11383 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11384
11385 if (!msg)
11386 return;
11387
11388 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PROBE_CLIENT);
11389 if (!hdr) {
11390 nlmsg_free(msg);
11391 return;
11392 }
11393
11394 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11395 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
11396 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
11397 nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie) ||
11398 (acked && nla_put_flag(msg, NL80211_ATTR_ACK)))
11399 goto nla_put_failure;
11400
11401 genlmsg_end(msg, hdr);
11402
11403 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11404 NL80211_MCGRP_MLME, gfp);
11405 return;
11406
11407 nla_put_failure:
11408 genlmsg_cancel(msg, hdr);
11409 nlmsg_free(msg);
11410 }
11411 EXPORT_SYMBOL(cfg80211_probe_status);
11412
11413 void cfg80211_report_obss_beacon(struct wiphy *wiphy,
11414 const u8 *frame, size_t len,
11415 int freq, int sig_dbm)
11416 {
11417 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
11418 struct sk_buff *msg;
11419 void *hdr;
11420 struct cfg80211_beacon_registration *reg;
11421
11422 trace_cfg80211_report_obss_beacon(wiphy, frame, len, freq, sig_dbm);
11423
11424 spin_lock_bh(&rdev->beacon_registrations_lock);
11425 list_for_each_entry(reg, &rdev->beacon_registrations, list) {
11426 msg = nlmsg_new(len + 100, GFP_ATOMIC);
11427 if (!msg) {
11428 spin_unlock_bh(&rdev->beacon_registrations_lock);
11429 return;
11430 }
11431
11432 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
11433 if (!hdr)
11434 goto nla_put_failure;
11435
11436 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11437 (freq &&
11438 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq)) ||
11439 (sig_dbm &&
11440 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) ||
11441 nla_put(msg, NL80211_ATTR_FRAME, len, frame))
11442 goto nla_put_failure;
11443
11444 genlmsg_end(msg, hdr);
11445
11446 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, reg->nlportid);
11447 }
11448 spin_unlock_bh(&rdev->beacon_registrations_lock);
11449 return;
11450
11451 nla_put_failure:
11452 spin_unlock_bh(&rdev->beacon_registrations_lock);
11453 if (hdr)
11454 genlmsg_cancel(msg, hdr);
11455 nlmsg_free(msg);
11456 }
11457 EXPORT_SYMBOL(cfg80211_report_obss_beacon);
11458
11459 #ifdef CONFIG_PM
11460 void cfg80211_report_wowlan_wakeup(struct wireless_dev *wdev,
11461 struct cfg80211_wowlan_wakeup *wakeup,
11462 gfp_t gfp)
11463 {
11464 struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy);
11465 struct sk_buff *msg;
11466 void *hdr;
11467 int size = 200;
11468
11469 trace_cfg80211_report_wowlan_wakeup(wdev->wiphy, wdev, wakeup);
11470
11471 if (wakeup)
11472 size += wakeup->packet_present_len;
11473
11474 msg = nlmsg_new(size, gfp);
11475 if (!msg)
11476 return;
11477
11478 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_WOWLAN);
11479 if (!hdr)
11480 goto free_msg;
11481
11482 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11483 nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
11484 goto free_msg;
11485
11486 if (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
11487 wdev->netdev->ifindex))
11488 goto free_msg;
11489
11490 if (wakeup) {
11491 struct nlattr *reasons;
11492
11493 reasons = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS);
11494 if (!reasons)
11495 goto free_msg;
11496
11497 if (wakeup->disconnect &&
11498 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT))
11499 goto free_msg;
11500 if (wakeup->magic_pkt &&
11501 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT))
11502 goto free_msg;
11503 if (wakeup->gtk_rekey_failure &&
11504 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE))
11505 goto free_msg;
11506 if (wakeup->eap_identity_req &&
11507 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST))
11508 goto free_msg;
11509 if (wakeup->four_way_handshake &&
11510 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE))
11511 goto free_msg;
11512 if (wakeup->rfkill_release &&
11513 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE))
11514 goto free_msg;
11515
11516 if (wakeup->pattern_idx >= 0 &&
11517 nla_put_u32(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
11518 wakeup->pattern_idx))
11519 goto free_msg;
11520
11521 if (wakeup->tcp_match &&
11522 nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_MATCH))
11523 goto free_msg;
11524
11525 if (wakeup->tcp_connlost &&
11526 nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_CONNLOST))
11527 goto free_msg;
11528
11529 if (wakeup->tcp_nomoretokens &&
11530 nla_put_flag(msg,
11531 NL80211_WOWLAN_TRIG_WAKEUP_TCP_NOMORETOKENS))
11532 goto free_msg;
11533
11534 if (wakeup->packet) {
11535 u32 pkt_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211;
11536 u32 len_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211_LEN;
11537
11538 if (!wakeup->packet_80211) {
11539 pkt_attr =
11540 NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023;
11541 len_attr =
11542 NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023_LEN;
11543 }
11544
11545 if (wakeup->packet_len &&
11546 nla_put_u32(msg, len_attr, wakeup->packet_len))
11547 goto free_msg;
11548
11549 if (nla_put(msg, pkt_attr, wakeup->packet_present_len,
11550 wakeup->packet))
11551 goto free_msg;
11552 }
11553
11554 nla_nest_end(msg, reasons);
11555 }
11556
11557 genlmsg_end(msg, hdr);
11558
11559 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11560 NL80211_MCGRP_MLME, gfp);
11561 return;
11562
11563 free_msg:
11564 nlmsg_free(msg);
11565 }
11566 EXPORT_SYMBOL(cfg80211_report_wowlan_wakeup);
11567 #endif
11568
11569 void cfg80211_tdls_oper_request(struct net_device *dev, const u8 *peer,
11570 enum nl80211_tdls_operation oper,
11571 u16 reason_code, gfp_t gfp)
11572 {
11573 struct wireless_dev *wdev = dev->ieee80211_ptr;
11574 struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy);
11575 struct sk_buff *msg;
11576 void *hdr;
11577
11578 trace_cfg80211_tdls_oper_request(wdev->wiphy, dev, peer, oper,
11579 reason_code);
11580
11581 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11582 if (!msg)
11583 return;
11584
11585 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_TDLS_OPER);
11586 if (!hdr) {
11587 nlmsg_free(msg);
11588 return;
11589 }
11590
11591 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11592 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
11593 nla_put_u8(msg, NL80211_ATTR_TDLS_OPERATION, oper) ||
11594 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer) ||
11595 (reason_code > 0 &&
11596 nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason_code)))
11597 goto nla_put_failure;
11598
11599 genlmsg_end(msg, hdr);
11600
11601 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11602 NL80211_MCGRP_MLME, gfp);
11603 return;
11604
11605 nla_put_failure:
11606 genlmsg_cancel(msg, hdr);
11607 nlmsg_free(msg);
11608 }
11609 EXPORT_SYMBOL(cfg80211_tdls_oper_request);
11610
11611 static int nl80211_netlink_notify(struct notifier_block * nb,
11612 unsigned long state,
11613 void *_notify)
11614 {
11615 struct netlink_notify *notify = _notify;
11616 struct cfg80211_registered_device *rdev;
11617 struct wireless_dev *wdev;
11618 struct cfg80211_beacon_registration *reg, *tmp;
11619
11620 if (state != NETLINK_URELEASE)
11621 return NOTIFY_DONE;
11622
11623 rcu_read_lock();
11624
11625 list_for_each_entry_rcu(rdev, &cfg80211_rdev_list, list) {
11626 list_for_each_entry_rcu(wdev, &rdev->wdev_list, list)
11627 cfg80211_mlme_unregister_socket(wdev, notify->portid);
11628
11629 spin_lock_bh(&rdev->beacon_registrations_lock);
11630 list_for_each_entry_safe(reg, tmp, &rdev->beacon_registrations,
11631 list) {
11632 if (reg->nlportid == notify->portid) {
11633 list_del(&reg->list);
11634 kfree(reg);
11635 break;
11636 }
11637 }
11638 spin_unlock_bh(&rdev->beacon_registrations_lock);
11639 }
11640
11641 rcu_read_unlock();
11642
11643 return NOTIFY_DONE;
11644 }
11645
11646 static struct notifier_block nl80211_netlink_notifier = {
11647 .notifier_call = nl80211_netlink_notify,
11648 };
11649
11650 void cfg80211_ft_event(struct net_device *netdev,
11651 struct cfg80211_ft_event_params *ft_event)
11652 {
11653 struct wiphy *wiphy = netdev->ieee80211_ptr->wiphy;
11654 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
11655 struct sk_buff *msg;
11656 void *hdr;
11657
11658 trace_cfg80211_ft_event(wiphy, netdev, ft_event);
11659
11660 if (!ft_event->target_ap)
11661 return;
11662
11663 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
11664 if (!msg)
11665 return;
11666
11667 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FT_EVENT);
11668 if (!hdr)
11669 goto out;
11670
11671 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11672 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
11673 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, ft_event->target_ap))
11674 goto out;
11675
11676 if (ft_event->ies &&
11677 nla_put(msg, NL80211_ATTR_IE, ft_event->ies_len, ft_event->ies))
11678 goto out;
11679 if (ft_event->ric_ies &&
11680 nla_put(msg, NL80211_ATTR_IE_RIC, ft_event->ric_ies_len,
11681 ft_event->ric_ies))
11682 goto out;
11683
11684 genlmsg_end(msg, hdr);
11685
11686 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11687 NL80211_MCGRP_MLME, GFP_KERNEL);
11688 return;
11689 out:
11690 nlmsg_free(msg);
11691 }
11692 EXPORT_SYMBOL(cfg80211_ft_event);
11693
11694 void cfg80211_crit_proto_stopped(struct wireless_dev *wdev, gfp_t gfp)
11695 {
11696 struct cfg80211_registered_device *rdev;
11697 struct sk_buff *msg;
11698 void *hdr;
11699 u32 nlportid;
11700
11701 rdev = wiphy_to_dev(wdev->wiphy);
11702 if (!rdev->crit_proto_nlportid)
11703 return;
11704
11705 nlportid = rdev->crit_proto_nlportid;
11706 rdev->crit_proto_nlportid = 0;
11707
11708 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11709 if (!msg)
11710 return;
11711
11712 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CRIT_PROTOCOL_STOP);
11713 if (!hdr)
11714 goto nla_put_failure;
11715
11716 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11717 nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
11718 goto nla_put_failure;
11719
11720 genlmsg_end(msg, hdr);
11721
11722 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
11723 return;
11724
11725 nla_put_failure:
11726 if (hdr)
11727 genlmsg_cancel(msg, hdr);
11728 nlmsg_free(msg);
11729
11730 }
11731 EXPORT_SYMBOL(cfg80211_crit_proto_stopped);
11732
11733 void nl80211_send_ap_stopped(struct wireless_dev *wdev)
11734 {
11735 struct wiphy *wiphy = wdev->wiphy;
11736 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
11737 struct sk_buff *msg;
11738 void *hdr;
11739
11740 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
11741 if (!msg)
11742 return;
11743
11744 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_STOP_AP);
11745 if (!hdr)
11746 goto out;
11747
11748 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11749 nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex) ||
11750 nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
11751 goto out;
11752
11753 genlmsg_end(msg, hdr);
11754
11755 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(wiphy), msg, 0,
11756 NL80211_MCGRP_MLME, GFP_KERNEL);
11757 return;
11758 out:
11759 nlmsg_free(msg);
11760 }
11761
11762 /* initialisation/exit functions */
11763
11764 int nl80211_init(void)
11765 {
11766 int err;
11767
11768 err = genl_register_family_with_ops_groups(&nl80211_fam, nl80211_ops,
11769 nl80211_mcgrps);
11770 if (err)
11771 return err;
11772
11773 err = netlink_register_notifier(&nl80211_netlink_notifier);
11774 if (err)
11775 goto err_out;
11776
11777 return 0;
11778 err_out:
11779 genl_unregister_family(&nl80211_fam);
11780 return err;
11781 }
11782
11783 void nl80211_exit(void)
11784 {
11785 netlink_unregister_notifier(&nl80211_netlink_notifier);
11786 genl_unregister_family(&nl80211_fam);
11787 }
ubuntu-bionic-kernel mirror