Gitiles
Code Review Sign In
192.168.1.100 / T103 / 1f884588077ad3476b9c91cbb0ee9ee0332bbb68 / . / src / kernel / linux / v4.14 / net / wireless / nl80211.c
blob: f3d2353affad36dd56c9b2a3e4fc4f1da9a0fa97 [file] [log] [blame]
rjw1f884582022-01-06 17:20:42 +0800[diff] [blame^]1/*
2 * This is the new netlink-based wireless configuration interface.
3 *
4 * Copyright 2006-2010 Johannes Berg <johannes@sipsolutions.net>
5 * Copyright 2013-2014 Intel Mobile Communications GmbH
6 * Copyright 2015-2017 Intel Deutschland GmbH
7 */
8
9#include <linux/if.h>
10#include <linux/module.h>
11#include <linux/err.h>
12#include <linux/slab.h>
13#include <linux/list.h>
14#include <linux/if_ether.h>
15#include <linux/ieee80211.h>
16#include <linux/nl80211.h>
17#include <linux/rtnetlink.h>
18#include <linux/netlink.h>
19#include <linux/nospec.h>
20#include <linux/etherdevice.h>
21#include <net/net_namespace.h>
22#include <net/genetlink.h>
23#include <net/cfg80211.h>
24#include <net/sock.h>
25#include <net/inet_connection_sock.h>
26#include "core.h"
27#include "nl80211.h"
28#include "reg.h"
29#include "rdev-ops.h"
30
31static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
32 struct genl_info *info,
33 struct cfg80211_crypto_settings *settings,
34 int cipher_limit);
35
36/* the netlink family */
37static struct genl_family nl80211_fam;
38
39/* multicast groups */
40enum nl80211_multicast_groups {
41 NL80211_MCGRP_CONFIG,
42 NL80211_MCGRP_SCAN,
43 NL80211_MCGRP_REGULATORY,
44 NL80211_MCGRP_MLME,
45 NL80211_MCGRP_VENDOR,
46 NL80211_MCGRP_NAN,
47 NL80211_MCGRP_TESTMODE /* keep last - ifdef! */
48};
49
50static const struct genl_multicast_group nl80211_mcgrps[] = {
51 [NL80211_MCGRP_CONFIG] = { .name = NL80211_MULTICAST_GROUP_CONFIG },
52 [NL80211_MCGRP_SCAN] = { .name = NL80211_MULTICAST_GROUP_SCAN },
53 [NL80211_MCGRP_REGULATORY] = { .name = NL80211_MULTICAST_GROUP_REG },
54 [NL80211_MCGRP_MLME] = { .name = NL80211_MULTICAST_GROUP_MLME },
55 [NL80211_MCGRP_VENDOR] = { .name = NL80211_MULTICAST_GROUP_VENDOR },
56 [NL80211_MCGRP_NAN] = { .name = NL80211_MULTICAST_GROUP_NAN },
57#ifdef CONFIG_NL80211_TESTMODE
58 [NL80211_MCGRP_TESTMODE] = { .name = NL80211_MULTICAST_GROUP_TESTMODE }
59#endif
60};
61
62/* returns ERR_PTR values */
63static struct wireless_dev *
64__cfg80211_wdev_from_attrs(struct net *netns, struct nlattr **attrs)
65{
66 struct cfg80211_registered_device *rdev;
67 struct wireless_dev *result = NULL;
68 bool have_ifidx = attrs[NL80211_ATTR_IFINDEX];
69 bool have_wdev_id = attrs[NL80211_ATTR_WDEV];
70 u64 wdev_id;
71 int wiphy_idx = -1;
72 int ifidx = -1;
73
74 ASSERT_RTNL();
75
76 if (!have_ifidx && !have_wdev_id)
77 return ERR_PTR(-EINVAL);
78
79 if (have_ifidx)
80 ifidx = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
81 if (have_wdev_id) {
82 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
83 wiphy_idx = wdev_id >> 32;
84 }
85
86 list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
87 struct wireless_dev *wdev;
88
89 if (wiphy_net(&rdev->wiphy) != netns)
90 continue;
91
92 if (have_wdev_id && rdev->wiphy_idx != wiphy_idx)
93 continue;
94
95 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
96 if (have_ifidx && wdev->netdev &&
97 wdev->netdev->ifindex == ifidx) {
98 result = wdev;
99 break;
100 }
101 if (have_wdev_id && wdev->identifier == (u32)wdev_id) {
102 result = wdev;
103 break;
104 }
105 }
106
107 if (result)
108 break;
109 }
110
111 if (result)
112 return result;
113 return ERR_PTR(-ENODEV);
114}
115
116static struct cfg80211_registered_device *
117__cfg80211_rdev_from_attrs(struct net *netns, struct nlattr **attrs)
118{
119 struct cfg80211_registered_device *rdev = NULL, *tmp;
120 struct net_device *netdev;
121
122 ASSERT_RTNL();
123
124 if (!attrs[NL80211_ATTR_WIPHY] &&
125 !attrs[NL80211_ATTR_IFINDEX] &&
126 !attrs[NL80211_ATTR_WDEV])
127 return ERR_PTR(-EINVAL);
128
129 if (attrs[NL80211_ATTR_WIPHY])
130 rdev = cfg80211_rdev_by_wiphy_idx(
131 nla_get_u32(attrs[NL80211_ATTR_WIPHY]));
132
133 if (attrs[NL80211_ATTR_WDEV]) {
134 u64 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
135 struct wireless_dev *wdev;
136 bool found = false;
137
138 tmp = cfg80211_rdev_by_wiphy_idx(wdev_id >> 32);
139 if (tmp) {
140 /* make sure wdev exists */
141 list_for_each_entry(wdev, &tmp->wiphy.wdev_list, list) {
142 if (wdev->identifier != (u32)wdev_id)
143 continue;
144 found = true;
145 break;
146 }
147
148 if (!found)
149 tmp = NULL;
150
151 if (rdev && tmp != rdev)
152 return ERR_PTR(-EINVAL);
153 rdev = tmp;
154 }
155 }
156
157 if (attrs[NL80211_ATTR_IFINDEX]) {
158 int ifindex = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
159
160 netdev = __dev_get_by_index(netns, ifindex);
161 if (netdev) {
162 if (netdev->ieee80211_ptr)
163 tmp = wiphy_to_rdev(
164 netdev->ieee80211_ptr->wiphy);
165 else
166 tmp = NULL;
167
168 /* not wireless device -- return error */
169 if (!tmp)
170 return ERR_PTR(-EINVAL);
171
172 /* mismatch -- return error */
173 if (rdev && tmp != rdev)
174 return ERR_PTR(-EINVAL);
175
176 rdev = tmp;
177 }
178 }
179
180 if (!rdev)
181 return ERR_PTR(-ENODEV);
182
183 if (netns != wiphy_net(&rdev->wiphy))
184 return ERR_PTR(-ENODEV);
185
186 return rdev;
187}
188
189/*
190 * This function returns a pointer to the driver
191 * that the genl_info item that is passed refers to.
192 *
193 * The result of this can be a PTR_ERR and hence must
194 * be checked with IS_ERR() for errors.
195 */
196static struct cfg80211_registered_device *
197cfg80211_get_dev_from_info(struct net *netns, struct genl_info *info)
198{
199 return __cfg80211_rdev_from_attrs(netns, info->attrs);
200}
201
202static int validate_beacon_head(const struct nlattr *attr,
203 struct netlink_ext_ack *extack)
204{
205 const u8 *data = nla_data(attr);
206 unsigned int len = nla_len(attr);
207 const struct element *elem;
208 const struct ieee80211_mgmt *mgmt = (void *)data;
209 unsigned int fixedlen = offsetof(struct ieee80211_mgmt,
210 u.beacon.variable);
211
212 if (len < fixedlen)
213 goto err;
214
215 if (ieee80211_hdrlen(mgmt->frame_control) !=
216 offsetof(struct ieee80211_mgmt, u.beacon))
217 goto err;
218
219 data += fixedlen;
220 len -= fixedlen;
221
222 for_each_element(elem, data, len) {
223 /* nothing */
224 }
225
226 if (for_each_element_completed(elem, data, len))
227 return 0;
228
229err:
230 NL_SET_ERR_MSG_ATTR(extack, attr, "malformed beacon head");
231 return -EINVAL;
232}
233
234/* policy for the attributes */
235static const struct nla_policy nl80211_policy[NUM_NL80211_ATTR] = {
236 [NL80211_ATTR_WIPHY] = { .type = NLA_U32 },
237 [NL80211_ATTR_WIPHY_NAME] = { .type = NLA_NUL_STRING,
238 .len = 20-1 },
239 [NL80211_ATTR_WIPHY_TXQ_PARAMS] = { .type = NLA_NESTED },
240
241 [NL80211_ATTR_WIPHY_FREQ] = { .type = NLA_U32 },
242 [NL80211_ATTR_WIPHY_CHANNEL_TYPE] = { .type = NLA_U32 },
243 [NL80211_ATTR_CHANNEL_WIDTH] = { .type = NLA_U32 },
244 [NL80211_ATTR_CENTER_FREQ1] = { .type = NLA_U32 },
245 [NL80211_ATTR_CENTER_FREQ2] = { .type = NLA_U32 },
246
247 [NL80211_ATTR_WIPHY_RETRY_SHORT] = { .type = NLA_U8 },
248 [NL80211_ATTR_WIPHY_RETRY_LONG] = { .type = NLA_U8 },
249 [NL80211_ATTR_WIPHY_FRAG_THRESHOLD] = { .type = NLA_U32 },
250 [NL80211_ATTR_WIPHY_RTS_THRESHOLD] = { .type = NLA_U32 },
251 [NL80211_ATTR_WIPHY_COVERAGE_CLASS] = { .type = NLA_U8 },
252 [NL80211_ATTR_WIPHY_DYN_ACK] = { .type = NLA_FLAG },
253
254 [NL80211_ATTR_IFTYPE] = { .type = NLA_U32 },
255 [NL80211_ATTR_IFINDEX] = { .type = NLA_U32 },
256 [NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 },
257
258 [NL80211_ATTR_MAC] = { .len = ETH_ALEN },
259 [NL80211_ATTR_PREV_BSSID] = { .len = ETH_ALEN },
260
261 [NL80211_ATTR_KEY] = { .type = NLA_NESTED, },
262 [NL80211_ATTR_KEY_DATA] = { .type = NLA_BINARY,
263 .len = WLAN_MAX_KEY_LEN },
264 [NL80211_ATTR_KEY_IDX] = { .type = NLA_U8 },
265 [NL80211_ATTR_KEY_CIPHER] = { .type = NLA_U32 },
266 [NL80211_ATTR_KEY_DEFAULT] = { .type = NLA_FLAG },
267 [NL80211_ATTR_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
268 [NL80211_ATTR_KEY_TYPE] = { .type = NLA_U32 },
269
270 [NL80211_ATTR_BEACON_INTERVAL] = { .type = NLA_U32 },
271 [NL80211_ATTR_DTIM_PERIOD] = { .type = NLA_U32 },
272 [NL80211_ATTR_BEACON_HEAD] = { .type = NLA_BINARY,
273 .len = IEEE80211_MAX_DATA_LEN },
274 [NL80211_ATTR_BEACON_TAIL] = { .type = NLA_BINARY,
275 .len = IEEE80211_MAX_DATA_LEN },
276 [NL80211_ATTR_STA_AID] = { .type = NLA_U16 },
277 [NL80211_ATTR_STA_FLAGS] = { .type = NLA_NESTED },
278 [NL80211_ATTR_STA_LISTEN_INTERVAL] = { .type = NLA_U16 },
279 [NL80211_ATTR_STA_SUPPORTED_RATES] = { .type = NLA_BINARY,
280 .len = NL80211_MAX_SUPP_RATES },
281 [NL80211_ATTR_STA_PLINK_ACTION] = { .type = NLA_U8 },
282 [NL80211_ATTR_STA_VLAN] = { .type = NLA_U32 },
283 [NL80211_ATTR_MNTR_FLAGS] = { /* NLA_NESTED can't be empty */ },
284 [NL80211_ATTR_MESH_ID] = { .type = NLA_BINARY,
285 .len = IEEE80211_MAX_MESH_ID_LEN },
286 [NL80211_ATTR_MPATH_NEXT_HOP] = { .type = NLA_BINARY,
287 .len = ETH_ALEN },
288
289 [NL80211_ATTR_REG_ALPHA2] = { .type = NLA_STRING, .len = 2 },
290 [NL80211_ATTR_REG_RULES] = { .type = NLA_NESTED },
291
292 [NL80211_ATTR_BSS_CTS_PROT] = { .type = NLA_U8 },
293 [NL80211_ATTR_BSS_SHORT_PREAMBLE] = { .type = NLA_U8 },
294 [NL80211_ATTR_BSS_SHORT_SLOT_TIME] = { .type = NLA_U8 },
295 [NL80211_ATTR_BSS_BASIC_RATES] = { .type = NLA_BINARY,
296 .len = NL80211_MAX_SUPP_RATES },
297 [NL80211_ATTR_BSS_HT_OPMODE] = { .type = NLA_U16 },
298
299 [NL80211_ATTR_MESH_CONFIG] = { .type = NLA_NESTED },
300 [NL80211_ATTR_SUPPORT_MESH_AUTH] = { .type = NLA_FLAG },
301
302 [NL80211_ATTR_HT_CAPABILITY] = { .len = NL80211_HT_CAPABILITY_LEN },
303
304 [NL80211_ATTR_MGMT_SUBTYPE] = { .type = NLA_U8 },
305 [NL80211_ATTR_IE] = { .type = NLA_BINARY,
306 .len = IEEE80211_MAX_DATA_LEN },
307 [NL80211_ATTR_SCAN_FREQUENCIES] = { .type = NLA_NESTED },
308 [NL80211_ATTR_SCAN_SSIDS] = { .type = NLA_NESTED },
309
310 [NL80211_ATTR_SSID] = { .type = NLA_BINARY,
311 .len = IEEE80211_MAX_SSID_LEN },
312 [NL80211_ATTR_AUTH_TYPE] = { .type = NLA_U32 },
313 [NL80211_ATTR_REASON_CODE] = { .type = NLA_U16 },
314 [NL80211_ATTR_FREQ_FIXED] = { .type = NLA_FLAG },
315 [NL80211_ATTR_TIMED_OUT] = { .type = NLA_FLAG },
316 [NL80211_ATTR_USE_MFP] = { .type = NLA_U32 },
317 [NL80211_ATTR_STA_FLAGS2] = {
318 .len = sizeof(struct nl80211_sta_flag_update),
319 },
320 [NL80211_ATTR_CONTROL_PORT] = { .type = NLA_FLAG },
321 [NL80211_ATTR_CONTROL_PORT_ETHERTYPE] = { .type = NLA_U16 },
322 [NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT] = { .type = NLA_FLAG },
323 [NL80211_ATTR_PRIVACY] = { .type = NLA_FLAG },
324 [NL80211_ATTR_STATUS_CODE] = { .type = NLA_U16 },
325 [NL80211_ATTR_CIPHER_SUITE_GROUP] = { .type = NLA_U32 },
326 [NL80211_ATTR_WPA_VERSIONS] = { .type = NLA_U32 },
327 [NL80211_ATTR_PID] = { .type = NLA_U32 },
328 [NL80211_ATTR_4ADDR] = { .type = NLA_U8 },
329 [NL80211_ATTR_PMKID] = { .len = WLAN_PMKID_LEN },
330 [NL80211_ATTR_DURATION] = { .type = NLA_U32 },
331 [NL80211_ATTR_COOKIE] = { .type = NLA_U64 },
332 [NL80211_ATTR_TX_RATES] = { .type = NLA_NESTED },
333 [NL80211_ATTR_FRAME] = { .type = NLA_BINARY,
334 .len = IEEE80211_MAX_DATA_LEN },
335 [NL80211_ATTR_FRAME_MATCH] = { .type = NLA_BINARY, },
336 [NL80211_ATTR_PS_STATE] = { .type = NLA_U32 },
337 [NL80211_ATTR_CQM] = { .type = NLA_NESTED, },
338 [NL80211_ATTR_LOCAL_STATE_CHANGE] = { .type = NLA_FLAG },
339 [NL80211_ATTR_AP_ISOLATE] = { .type = NLA_U8 },
340 [NL80211_ATTR_WIPHY_TX_POWER_SETTING] = { .type = NLA_U32 },
341 [NL80211_ATTR_WIPHY_TX_POWER_LEVEL] = { .type = NLA_U32 },
342 [NL80211_ATTR_FRAME_TYPE] = { .type = NLA_U16 },
343 [NL80211_ATTR_WIPHY_ANTENNA_TX] = { .type = NLA_U32 },
344 [NL80211_ATTR_WIPHY_ANTENNA_RX] = { .type = NLA_U32 },
345 [NL80211_ATTR_MCAST_RATE] = { .type = NLA_U32 },
346 [NL80211_ATTR_OFFCHANNEL_TX_OK] = { .type = NLA_FLAG },
347 [NL80211_ATTR_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
348 [NL80211_ATTR_WOWLAN_TRIGGERS] = { .type = NLA_NESTED },
349 [NL80211_ATTR_STA_PLINK_STATE] = { .type = NLA_U8 },
350 [NL80211_ATTR_MEASUREMENT_DURATION] = { .type = NLA_U16 },
351 [NL80211_ATTR_MEASUREMENT_DURATION_MANDATORY] = { .type = NLA_FLAG },
352 [NL80211_ATTR_SCHED_SCAN_INTERVAL] = { .type = NLA_U32 },
353 [NL80211_ATTR_REKEY_DATA] = { .type = NLA_NESTED },
354 [NL80211_ATTR_SCAN_SUPP_RATES] = { .type = NLA_NESTED },
355 [NL80211_ATTR_HIDDEN_SSID] = { .type = NLA_U32 },
356 [NL80211_ATTR_IE_PROBE_RESP] = { .type = NLA_BINARY,
357 .len = IEEE80211_MAX_DATA_LEN },
358 [NL80211_ATTR_IE_ASSOC_RESP] = { .type = NLA_BINARY,
359 .len = IEEE80211_MAX_DATA_LEN },
360 [NL80211_ATTR_ROAM_SUPPORT] = { .type = NLA_FLAG },
361 [NL80211_ATTR_SCHED_SCAN_MATCH] = { .type = NLA_NESTED },
362 [NL80211_ATTR_TX_NO_CCK_RATE] = { .type = NLA_FLAG },
363 [NL80211_ATTR_TDLS_ACTION] = { .type = NLA_U8 },
364 [NL80211_ATTR_TDLS_DIALOG_TOKEN] = { .type = NLA_U8 },
365 [NL80211_ATTR_TDLS_OPERATION] = { .type = NLA_U8 },
366 [NL80211_ATTR_TDLS_SUPPORT] = { .type = NLA_FLAG },
367 [NL80211_ATTR_TDLS_EXTERNAL_SETUP] = { .type = NLA_FLAG },
368 [NL80211_ATTR_TDLS_INITIATOR] = { .type = NLA_FLAG },
369 [NL80211_ATTR_DONT_WAIT_FOR_ACK] = { .type = NLA_FLAG },
370 [NL80211_ATTR_PROBE_RESP] = { .type = NLA_BINARY,
371 .len = IEEE80211_MAX_DATA_LEN },
372 [NL80211_ATTR_DFS_REGION] = { .type = NLA_U8 },
373 [NL80211_ATTR_DISABLE_HT] = { .type = NLA_FLAG },
374 [NL80211_ATTR_HT_CAPABILITY_MASK] = {
375 .len = NL80211_HT_CAPABILITY_LEN
376 },
377 [NL80211_ATTR_NOACK_MAP] = { .type = NLA_U16 },
378 [NL80211_ATTR_INACTIVITY_TIMEOUT] = { .type = NLA_U16 },
379 [NL80211_ATTR_BG_SCAN_PERIOD] = { .type = NLA_U16 },
380 [NL80211_ATTR_WDEV] = { .type = NLA_U64 },
381 [NL80211_ATTR_USER_REG_HINT_TYPE] = { .type = NLA_U32 },
382 [NL80211_ATTR_AUTH_DATA] = { .type = NLA_BINARY, },
383 [NL80211_ATTR_VHT_CAPABILITY] = { .len = NL80211_VHT_CAPABILITY_LEN },
384 [NL80211_ATTR_SCAN_FLAGS] = { .type = NLA_U32 },
385 [NL80211_ATTR_P2P_CTWINDOW] = { .type = NLA_U8 },
386 [NL80211_ATTR_P2P_OPPPS] = { .type = NLA_U8 },
387 [NL80211_ATTR_LOCAL_MESH_POWER_MODE] = {. type = NLA_U32 },
388 [NL80211_ATTR_ACL_POLICY] = {. type = NLA_U32 },
389 [NL80211_ATTR_MAC_ADDRS] = { .type = NLA_NESTED },
390 [NL80211_ATTR_STA_CAPABILITY] = { .type = NLA_U16 },
391 [NL80211_ATTR_STA_EXT_CAPABILITY] = { .type = NLA_BINARY, },
392 [NL80211_ATTR_SPLIT_WIPHY_DUMP] = { .type = NLA_FLAG, },
393 [NL80211_ATTR_DISABLE_VHT] = { .type = NLA_FLAG },
394 [NL80211_ATTR_VHT_CAPABILITY_MASK] = {
395 .len = NL80211_VHT_CAPABILITY_LEN,
396 },
397 [NL80211_ATTR_MDID] = { .type = NLA_U16 },
398 [NL80211_ATTR_IE_RIC] = { .type = NLA_BINARY,
399 .len = IEEE80211_MAX_DATA_LEN },
400 [NL80211_ATTR_CRIT_PROT_ID] = { .type = NLA_U16 },
401 [NL80211_ATTR_MAX_CRIT_PROT_DURATION] = { .type = NLA_U16 },
402 [NL80211_ATTR_PEER_AID] = { .type = NLA_U16 },
403 [NL80211_ATTR_CH_SWITCH_COUNT] = { .type = NLA_U32 },
404 [NL80211_ATTR_CH_SWITCH_BLOCK_TX] = { .type = NLA_FLAG },
405 [NL80211_ATTR_CSA_IES] = { .type = NLA_NESTED },
406 [NL80211_ATTR_CSA_C_OFF_BEACON] = { .type = NLA_BINARY },
407 [NL80211_ATTR_CSA_C_OFF_PRESP] = { .type = NLA_BINARY },
408 [NL80211_ATTR_STA_SUPPORTED_CHANNELS] = { .type = NLA_BINARY },
409 [NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES] = { .type = NLA_BINARY },
410 [NL80211_ATTR_HANDLE_DFS] = { .type = NLA_FLAG },
411 [NL80211_ATTR_OPMODE_NOTIF] = { .type = NLA_U8 },
412 [NL80211_ATTR_VENDOR_ID] = { .type = NLA_U32 },
413 [NL80211_ATTR_VENDOR_SUBCMD] = { .type = NLA_U32 },
414 [NL80211_ATTR_VENDOR_DATA] = { .type = NLA_BINARY },
415 [NL80211_ATTR_QOS_MAP] = { .type = NLA_BINARY,
416 .len = IEEE80211_QOS_MAP_LEN_MAX },
417 [NL80211_ATTR_MAC_HINT] = { .len = ETH_ALEN },
418 [NL80211_ATTR_WIPHY_FREQ_HINT] = { .type = NLA_U32 },
419 [NL80211_ATTR_TDLS_PEER_CAPABILITY] = { .type = NLA_U32 },
420 [NL80211_ATTR_SOCKET_OWNER] = { .type = NLA_FLAG },
421 [NL80211_ATTR_CSA_C_OFFSETS_TX] = { .type = NLA_BINARY },
422 [NL80211_ATTR_USE_RRM] = { .type = NLA_FLAG },
423 [NL80211_ATTR_TSID] = { .type = NLA_U8 },
424 [NL80211_ATTR_USER_PRIO] = { .type = NLA_U8 },
425 [NL80211_ATTR_ADMITTED_TIME] = { .type = NLA_U16 },
426 [NL80211_ATTR_SMPS_MODE] = { .type = NLA_U8 },
427 [NL80211_ATTR_OPER_CLASS] = { .type = NLA_U8 },
428 [NL80211_ATTR_MAC_MASK] = { .len = ETH_ALEN },
429 [NL80211_ATTR_WIPHY_SELF_MANAGED_REG] = { .type = NLA_FLAG },
430 [NL80211_ATTR_NETNS_FD] = { .type = NLA_U32 },
431 [NL80211_ATTR_SCHED_SCAN_DELAY] = { .type = NLA_U32 },
432 [NL80211_ATTR_REG_INDOOR] = { .type = NLA_FLAG },
433 [NL80211_ATTR_PBSS] = { .type = NLA_FLAG },
434 [NL80211_ATTR_BSS_SELECT] = { .type = NLA_NESTED },
435 [NL80211_ATTR_STA_SUPPORT_P2P_PS] = { .type = NLA_U8 },
436 [NL80211_ATTR_MU_MIMO_GROUP_DATA] = {
437 .len = VHT_MUMIMO_GROUPS_DATA_LEN
438 },
439 [NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR] = { .len = ETH_ALEN },
440 [NL80211_ATTR_NAN_MASTER_PREF] = { .type = NLA_U8 },
441 [NL80211_ATTR_BANDS] = { .type = NLA_U32 },
442 [NL80211_ATTR_NAN_FUNC] = { .type = NLA_NESTED },
443 [NL80211_ATTR_FILS_KEK] = { .type = NLA_BINARY,
444 .len = FILS_MAX_KEK_LEN },
445 [NL80211_ATTR_FILS_NONCES] = { .len = 2 * FILS_NONCE_LEN },
446 [NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED] = { .type = NLA_FLAG, },
447 [NL80211_ATTR_BSSID] = { .len = ETH_ALEN },
448 [NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI] = { .type = NLA_S8 },
449 [NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST] = {
450 .len = sizeof(struct nl80211_bss_select_rssi_adjust)
451 },
452 [NL80211_ATTR_TIMEOUT_REASON] = { .type = NLA_U32 },
453 [NL80211_ATTR_FILS_ERP_USERNAME] = { .type = NLA_BINARY,
454 .len = FILS_ERP_MAX_USERNAME_LEN },
455 [NL80211_ATTR_FILS_ERP_REALM] = { .type = NLA_BINARY,
456 .len = FILS_ERP_MAX_REALM_LEN },
457 [NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] = { .type = NLA_U16 },
458 [NL80211_ATTR_FILS_ERP_RRK] = { .type = NLA_BINARY,
459 .len = FILS_ERP_MAX_RRK_LEN },
460 [NL80211_ATTR_FILS_CACHE_ID] = { .len = 2 },
461 [NL80211_ATTR_PMK] = { .type = NLA_BINARY, .len = PMK_MAX_LEN },
462 [NL80211_ATTR_SCHED_SCAN_MULTI] = { .type = NLA_FLAG },
463 [NL80211_ATTR_EXTERNAL_AUTH_SUPPORT] = { .type = NLA_FLAG },
464};
465
466/* policy for the key attributes */
467static const struct nla_policy nl80211_key_policy[NL80211_KEY_MAX + 1] = {
468 [NL80211_KEY_DATA] = { .type = NLA_BINARY, .len = WLAN_MAX_KEY_LEN },
469 [NL80211_KEY_IDX] = { .type = NLA_U8 },
470 [NL80211_KEY_CIPHER] = { .type = NLA_U32 },
471 [NL80211_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
472 [NL80211_KEY_DEFAULT] = { .type = NLA_FLAG },
473 [NL80211_KEY_DEFAULT_MGMT] = { .type = NLA_FLAG },
474 [NL80211_KEY_TYPE] = { .type = NLA_U32 },
475 [NL80211_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
476};
477
478/* policy for the key default flags */
479static const struct nla_policy
480nl80211_key_default_policy[NUM_NL80211_KEY_DEFAULT_TYPES] = {
481 [NL80211_KEY_DEFAULT_TYPE_UNICAST] = { .type = NLA_FLAG },
482 [NL80211_KEY_DEFAULT_TYPE_MULTICAST] = { .type = NLA_FLAG },
483};
484
485#ifdef CONFIG_PM
486/* policy for WoWLAN attributes */
487static const struct nla_policy
488nl80211_wowlan_policy[NUM_NL80211_WOWLAN_TRIG] = {
489 [NL80211_WOWLAN_TRIG_ANY] = { .type = NLA_FLAG },
490 [NL80211_WOWLAN_TRIG_DISCONNECT] = { .type = NLA_FLAG },
491 [NL80211_WOWLAN_TRIG_MAGIC_PKT] = { .type = NLA_FLAG },
492 [NL80211_WOWLAN_TRIG_PKT_PATTERN] = { .type = NLA_NESTED },
493 [NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE] = { .type = NLA_FLAG },
494 [NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST] = { .type = NLA_FLAG },
495 [NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE] = { .type = NLA_FLAG },
496 [NL80211_WOWLAN_TRIG_RFKILL_RELEASE] = { .type = NLA_FLAG },
497 [NL80211_WOWLAN_TRIG_TCP_CONNECTION] = { .type = NLA_NESTED },
498 [NL80211_WOWLAN_TRIG_NET_DETECT] = { .type = NLA_NESTED },
499};
500
501static const struct nla_policy
502nl80211_wowlan_tcp_policy[NUM_NL80211_WOWLAN_TCP] = {
503 [NL80211_WOWLAN_TCP_SRC_IPV4] = { .type = NLA_U32 },
504 [NL80211_WOWLAN_TCP_DST_IPV4] = { .type = NLA_U32 },
505 [NL80211_WOWLAN_TCP_DST_MAC] = { .len = ETH_ALEN },
506 [NL80211_WOWLAN_TCP_SRC_PORT] = { .type = NLA_U16 },
507 [NL80211_WOWLAN_TCP_DST_PORT] = { .type = NLA_U16 },
508 [NL80211_WOWLAN_TCP_DATA_PAYLOAD] = { .len = 1 },
509 [NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ] = {
510 .len = sizeof(struct nl80211_wowlan_tcp_data_seq)
511 },
512 [NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN] = {
513 .len = sizeof(struct nl80211_wowlan_tcp_data_token)
514 },
515 [NL80211_WOWLAN_TCP_DATA_INTERVAL] = { .type = NLA_U32 },
516 [NL80211_WOWLAN_TCP_WAKE_PAYLOAD] = { .len = 1 },
517 [NL80211_WOWLAN_TCP_WAKE_MASK] = { .len = 1 },
518};
519#endif /* CONFIG_PM */
520
521/* policy for coalesce rule attributes */
522static const struct nla_policy
523nl80211_coalesce_policy[NUM_NL80211_ATTR_COALESCE_RULE] = {
524 [NL80211_ATTR_COALESCE_RULE_DELAY] = { .type = NLA_U32 },
525 [NL80211_ATTR_COALESCE_RULE_CONDITION] = { .type = NLA_U32 },
526 [NL80211_ATTR_COALESCE_RULE_PKT_PATTERN] = { .type = NLA_NESTED },
527};
528
529/* policy for GTK rekey offload attributes */
530static const struct nla_policy
531nl80211_rekey_policy[NUM_NL80211_REKEY_DATA] = {
532 [NL80211_REKEY_DATA_KEK] = { .len = NL80211_KEK_LEN },
533 [NL80211_REKEY_DATA_KCK] = { .len = NL80211_KCK_LEN },
534 [NL80211_REKEY_DATA_REPLAY_CTR] = { .len = NL80211_REPLAY_CTR_LEN },
535};
536
537static const struct nla_policy
538nl80211_match_policy[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1] = {
539 [NL80211_SCHED_SCAN_MATCH_ATTR_SSID] = { .type = NLA_BINARY,
540 .len = IEEE80211_MAX_SSID_LEN },
541 [NL80211_SCHED_SCAN_MATCH_ATTR_BSSID] = { .len = ETH_ALEN },
542 [NL80211_SCHED_SCAN_MATCH_ATTR_RSSI] = { .type = NLA_U32 },
543};
544
545static const struct nla_policy
546nl80211_plan_policy[NL80211_SCHED_SCAN_PLAN_MAX + 1] = {
547 [NL80211_SCHED_SCAN_PLAN_INTERVAL] = { .type = NLA_U32 },
548 [NL80211_SCHED_SCAN_PLAN_ITERATIONS] = { .type = NLA_U32 },
549};
550
551static const struct nla_policy
552nl80211_bss_select_policy[NL80211_BSS_SELECT_ATTR_MAX + 1] = {
553 [NL80211_BSS_SELECT_ATTR_RSSI] = { .type = NLA_FLAG },
554 [NL80211_BSS_SELECT_ATTR_BAND_PREF] = { .type = NLA_U32 },
555 [NL80211_BSS_SELECT_ATTR_RSSI_ADJUST] = {
556 .len = sizeof(struct nl80211_bss_select_rssi_adjust)
557 },
558};
559
560/* policy for NAN function attributes */
561static const struct nla_policy
562nl80211_nan_func_policy[NL80211_NAN_FUNC_ATTR_MAX + 1] = {
563 [NL80211_NAN_FUNC_TYPE] = { .type = NLA_U8 },
564 [NL80211_NAN_FUNC_SERVICE_ID] = {
565 .len = NL80211_NAN_FUNC_SERVICE_ID_LEN },
566 [NL80211_NAN_FUNC_PUBLISH_TYPE] = { .type = NLA_U8 },
567 [NL80211_NAN_FUNC_PUBLISH_BCAST] = { .type = NLA_FLAG },
568 [NL80211_NAN_FUNC_SUBSCRIBE_ACTIVE] = { .type = NLA_FLAG },
569 [NL80211_NAN_FUNC_FOLLOW_UP_ID] = { .type = NLA_U8 },
570 [NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID] = { .type = NLA_U8 },
571 [NL80211_NAN_FUNC_FOLLOW_UP_DEST] = { .len = ETH_ALEN },
572 [NL80211_NAN_FUNC_CLOSE_RANGE] = { .type = NLA_FLAG },
573 [NL80211_NAN_FUNC_TTL] = { .type = NLA_U32 },
574 [NL80211_NAN_FUNC_SERVICE_INFO] = { .type = NLA_BINARY,
575 .len = NL80211_NAN_FUNC_SERVICE_SPEC_INFO_MAX_LEN },
576 [NL80211_NAN_FUNC_SRF] = { .type = NLA_NESTED },
577 [NL80211_NAN_FUNC_RX_MATCH_FILTER] = { .type = NLA_NESTED },
578 [NL80211_NAN_FUNC_TX_MATCH_FILTER] = { .type = NLA_NESTED },
579 [NL80211_NAN_FUNC_INSTANCE_ID] = { .type = NLA_U8 },
580 [NL80211_NAN_FUNC_TERM_REASON] = { .type = NLA_U8 },
581};
582
583/* policy for Service Response Filter attributes */
584static const struct nla_policy
585nl80211_nan_srf_policy[NL80211_NAN_SRF_ATTR_MAX + 1] = {
586 [NL80211_NAN_SRF_INCLUDE] = { .type = NLA_FLAG },
587 [NL80211_NAN_SRF_BF] = { .type = NLA_BINARY,
588 .len = NL80211_NAN_FUNC_SRF_MAX_LEN },
589 [NL80211_NAN_SRF_BF_IDX] = { .type = NLA_U8 },
590 [NL80211_NAN_SRF_MAC_ADDRS] = { .type = NLA_NESTED },
591};
592
593/* policy for packet pattern attributes */
594static const struct nla_policy
595nl80211_packet_pattern_policy[MAX_NL80211_PKTPAT + 1] = {
596 [NL80211_PKTPAT_MASK] = { .type = NLA_BINARY, },
597 [NL80211_PKTPAT_PATTERN] = { .type = NLA_BINARY, },
598 [NL80211_PKTPAT_OFFSET] = { .type = NLA_U32 },
599};
600
601static int nl80211_prepare_wdev_dump(struct sk_buff *skb,
602 struct netlink_callback *cb,
603 struct cfg80211_registered_device **rdev,
604 struct wireless_dev **wdev)
605{
606 int err;
607
608 if (!cb->args[0]) {
609 err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
610 genl_family_attrbuf(&nl80211_fam),
611 nl80211_fam.maxattr, nl80211_policy, NULL);
612 if (err)
613 return err;
614
615 *wdev = __cfg80211_wdev_from_attrs(
616 sock_net(skb->sk),
617 genl_family_attrbuf(&nl80211_fam));
618 if (IS_ERR(*wdev))
619 return PTR_ERR(*wdev);
620 *rdev = wiphy_to_rdev((*wdev)->wiphy);
621 /* 0 is the first index - add 1 to parse only once */
622 cb->args[0] = (*rdev)->wiphy_idx + 1;
623 cb->args[1] = (*wdev)->identifier;
624 } else {
625 /* subtract the 1 again here */
626 struct wiphy *wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1);
627 struct wireless_dev *tmp;
628
629 if (!wiphy)
630 return -ENODEV;
631 *rdev = wiphy_to_rdev(wiphy);
632 *wdev = NULL;
633
634 list_for_each_entry(tmp, &(*rdev)->wiphy.wdev_list, list) {
635 if (tmp->identifier == cb->args[1]) {
636 *wdev = tmp;
637 break;
638 }
639 }
640
641 if (!*wdev)
642 return -ENODEV;
643 }
644
645 return 0;
646}
647
648/* IE validation */
649static bool is_valid_ie_attr(const struct nlattr *attr)
650{
651 const u8 *pos;
652 int len;
653
654 if (!attr)
655 return true;
656
657 pos = nla_data(attr);
658 len = nla_len(attr);
659
660 while (len) {
661 u8 elemlen;
662
663 if (len < 2)
664 return false;
665 len -= 2;
666
667 elemlen = pos[1];
668 if (elemlen > len)
669 return false;
670
671 len -= elemlen;
672 pos += 2 + elemlen;
673 }
674
675 return true;
676}
677
678/* message building helper */
679static inline void *nl80211hdr_put(struct sk_buff *skb, u32 portid, u32 seq,
680 int flags, u8 cmd)
681{
682 /* since there is no private header just add the generic one */
683 return genlmsg_put(skb, portid, seq, &nl80211_fam, flags, cmd);
684}
685
686static int nl80211_msg_put_channel(struct sk_buff *msg,
687 struct ieee80211_channel *chan,
688 bool large)
689{
690 /* Some channels must be completely excluded from the
691 * list to protect old user-space tools from breaking
692 */
693 if (!large && chan->flags &
694 (IEEE80211_CHAN_NO_10MHZ | IEEE80211_CHAN_NO_20MHZ))
695 return 0;
696
697 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_FREQ,
698 chan->center_freq))
699 goto nla_put_failure;
700
701 if ((chan->flags & IEEE80211_CHAN_DISABLED) &&
702 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_DISABLED))
703 goto nla_put_failure;
704 if (chan->flags & IEEE80211_CHAN_NO_IR) {
705 if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_IR))
706 goto nla_put_failure;
707 if (nla_put_flag(msg, __NL80211_FREQUENCY_ATTR_NO_IBSS))
708 goto nla_put_failure;
709 }
710 if (chan->flags & IEEE80211_CHAN_RADAR) {
711 if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_RADAR))
712 goto nla_put_failure;
713 if (large) {
714 u32 time;
715
716 time = elapsed_jiffies_msecs(chan->dfs_state_entered);
717
718 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_STATE,
719 chan->dfs_state))
720 goto nla_put_failure;
721 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_TIME,
722 time))
723 goto nla_put_failure;
724 if (nla_put_u32(msg,
725 NL80211_FREQUENCY_ATTR_DFS_CAC_TIME,
726 chan->dfs_cac_ms))
727 goto nla_put_failure;
728 }
729 }
730
731 if (large) {
732 if ((chan->flags & IEEE80211_CHAN_NO_HT40MINUS) &&
733 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_MINUS))
734 goto nla_put_failure;
735 if ((chan->flags & IEEE80211_CHAN_NO_HT40PLUS) &&
736 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_PLUS))
737 goto nla_put_failure;
738 if ((chan->flags & IEEE80211_CHAN_NO_80MHZ) &&
739 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_80MHZ))
740 goto nla_put_failure;
741 if ((chan->flags & IEEE80211_CHAN_NO_160MHZ) &&
742 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_160MHZ))
743 goto nla_put_failure;
744 if ((chan->flags & IEEE80211_CHAN_INDOOR_ONLY) &&
745 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_INDOOR_ONLY))
746 goto nla_put_failure;
747 if ((chan->flags & IEEE80211_CHAN_IR_CONCURRENT) &&
748 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_IR_CONCURRENT))
749 goto nla_put_failure;
750 if ((chan->flags & IEEE80211_CHAN_NO_20MHZ) &&
751 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_20MHZ))
752 goto nla_put_failure;
753 if ((chan->flags & IEEE80211_CHAN_NO_10MHZ) &&
754 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_10MHZ))
755 goto nla_put_failure;
756 }
757
758 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_MAX_TX_POWER,
759 DBM_TO_MBM(chan->max_power)))
760 goto nla_put_failure;
761
762 return 0;
763
764 nla_put_failure:
765 return -ENOBUFS;
766}
767
768/* netlink command implementations */
769
770struct key_parse {
771 struct key_params p;
772 int idx;
773 int type;
774 bool def, defmgmt;
775 bool def_uni, def_multi;
776};
777
778static int nl80211_parse_key_new(struct nlattr *key, struct key_parse *k)
779{
780 struct nlattr *tb[NL80211_KEY_MAX + 1];
781 int err = nla_parse_nested(tb, NL80211_KEY_MAX, key,
782 nl80211_key_policy, NULL);
783 if (err)
784 return err;
785
786 k->def = !!tb[NL80211_KEY_DEFAULT];
787 k->defmgmt = !!tb[NL80211_KEY_DEFAULT_MGMT];
788
789 if (k->def) {
790 k->def_uni = true;
791 k->def_multi = true;
792 }
793 if (k->defmgmt)
794 k->def_multi = true;
795
796 if (tb[NL80211_KEY_IDX])
797 k->idx = nla_get_u8(tb[NL80211_KEY_IDX]);
798
799 if (tb[NL80211_KEY_DATA]) {
800 k->p.key = nla_data(tb[NL80211_KEY_DATA]);
801 k->p.key_len = nla_len(tb[NL80211_KEY_DATA]);
802 }
803
804 if (tb[NL80211_KEY_SEQ]) {
805 k->p.seq = nla_data(tb[NL80211_KEY_SEQ]);
806 k->p.seq_len = nla_len(tb[NL80211_KEY_SEQ]);
807 }
808
809 if (tb[NL80211_KEY_CIPHER])
810 k->p.cipher = nla_get_u32(tb[NL80211_KEY_CIPHER]);
811
812 if (tb[NL80211_KEY_TYPE]) {
813 k->type = nla_get_u32(tb[NL80211_KEY_TYPE]);
814 if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES)
815 return -EINVAL;
816 }
817
818 if (tb[NL80211_KEY_DEFAULT_TYPES]) {
819 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
820
821 err = nla_parse_nested(kdt, NUM_NL80211_KEY_DEFAULT_TYPES - 1,
822 tb[NL80211_KEY_DEFAULT_TYPES],
823 nl80211_key_default_policy, NULL);
824 if (err)
825 return err;
826
827 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
828 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
829 }
830
831 return 0;
832}
833
834static int nl80211_parse_key_old(struct genl_info *info, struct key_parse *k)
835{
836 if (info->attrs[NL80211_ATTR_KEY_DATA]) {
837 k->p.key = nla_data(info->attrs[NL80211_ATTR_KEY_DATA]);
838 k->p.key_len = nla_len(info->attrs[NL80211_ATTR_KEY_DATA]);
839 }
840
841 if (info->attrs[NL80211_ATTR_KEY_SEQ]) {
842 k->p.seq = nla_data(info->attrs[NL80211_ATTR_KEY_SEQ]);
843 k->p.seq_len = nla_len(info->attrs[NL80211_ATTR_KEY_SEQ]);
844 }
845
846 if (info->attrs[NL80211_ATTR_KEY_IDX])
847 k->idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
848
849 if (info->attrs[NL80211_ATTR_KEY_CIPHER])
850 k->p.cipher = nla_get_u32(info->attrs[NL80211_ATTR_KEY_CIPHER]);
851
852 k->def = !!info->attrs[NL80211_ATTR_KEY_DEFAULT];
853 k->defmgmt = !!info->attrs[NL80211_ATTR_KEY_DEFAULT_MGMT];
854
855 if (k->def) {
856 k->def_uni = true;
857 k->def_multi = true;
858 }
859 if (k->defmgmt)
860 k->def_multi = true;
861
862 if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
863 k->type = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
864 if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES)
865 return -EINVAL;
866 }
867
868 if (info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES]) {
869 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
870 int err = nla_parse_nested(kdt,
871 NUM_NL80211_KEY_DEFAULT_TYPES - 1,
872 info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES],
873 nl80211_key_default_policy,
874 info->extack);
875 if (err)
876 return err;
877
878 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
879 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
880 }
881
882 return 0;
883}
884
885static int nl80211_parse_key(struct genl_info *info, struct key_parse *k)
886{
887 int err;
888
889 memset(k, 0, sizeof(*k));
890 k->idx = -1;
891 k->type = -1;
892
893 if (info->attrs[NL80211_ATTR_KEY])
894 err = nl80211_parse_key_new(info->attrs[NL80211_ATTR_KEY], k);
895 else
896 err = nl80211_parse_key_old(info, k);
897
898 if (err)
899 return err;
900
901 if (k->def && k->defmgmt)
902 return -EINVAL;
903
904 if (k->defmgmt) {
905 if (k->def_uni || !k->def_multi)
906 return -EINVAL;
907 }
908
909 if (k->idx != -1) {
910 if (k->defmgmt) {
911 if (k->idx < 4 || k->idx > 5)
912 return -EINVAL;
913 } else if (k->def) {
914 if (k->idx < 0 || k->idx > 3)
915 return -EINVAL;
916 } else {
917 if (k->idx < 0 || k->idx > 5)
918 return -EINVAL;
919 }
920 }
921
922 return 0;
923}
924
925static struct cfg80211_cached_keys *
926nl80211_parse_connkeys(struct cfg80211_registered_device *rdev,
927 struct nlattr *keys, bool *no_ht)
928{
929 struct key_parse parse;
930 struct nlattr *key;
931 struct cfg80211_cached_keys *result;
932 int rem, err, def = 0;
933 bool have_key = false;
934
935 nla_for_each_nested(key, keys, rem) {
936 have_key = true;
937 break;
938 }
939
940 if (!have_key)
941 return NULL;
942
943 result = kzalloc(sizeof(*result), GFP_KERNEL);
944 if (!result)
945 return ERR_PTR(-ENOMEM);
946
947 result->def = -1;
948
949 nla_for_each_nested(key, keys, rem) {
950 memset(&parse, 0, sizeof(parse));
951 parse.idx = -1;
952
953 err = nl80211_parse_key_new(key, &parse);
954 if (err)
955 goto error;
956 err = -EINVAL;
957 if (!parse.p.key)
958 goto error;
959 if (parse.idx < 0 || parse.idx > 3)
960 goto error;
961 if (parse.def) {
962 if (def)
963 goto error;
964 def = 1;
965 result->def = parse.idx;
966 if (!parse.def_uni || !parse.def_multi)
967 goto error;
968 } else if (parse.defmgmt)
969 goto error;
970 err = cfg80211_validate_key_settings(rdev, &parse.p,
971 parse.idx, false, NULL);
972 if (err)
973 goto error;
974 if (parse.p.cipher != WLAN_CIPHER_SUITE_WEP40 &&
975 parse.p.cipher != WLAN_CIPHER_SUITE_WEP104) {
976 err = -EINVAL;
977 goto error;
978 }
979 result->params[parse.idx].cipher = parse.p.cipher;
980 result->params[parse.idx].key_len = parse.p.key_len;
981 result->params[parse.idx].key = result->data[parse.idx];
982 memcpy(result->data[parse.idx], parse.p.key, parse.p.key_len);
983
984 /* must be WEP key if we got here */
985 if (no_ht)
986 *no_ht = true;
987 }
988
989 if (result->def < 0) {
990 err = -EINVAL;
991 goto error;
992 }
993
994 return result;
995 error:
996 kfree(result);
997 return ERR_PTR(err);
998}
999
1000static int nl80211_key_allowed(struct wireless_dev *wdev)
1001{
1002 ASSERT_WDEV_LOCK(wdev);
1003
1004 switch (wdev->iftype) {
1005 case NL80211_IFTYPE_AP:
1006 case NL80211_IFTYPE_AP_VLAN:
1007 case NL80211_IFTYPE_P2P_GO:
1008 case NL80211_IFTYPE_MESH_POINT:
1009 break;
1010 case NL80211_IFTYPE_ADHOC:
1011 case NL80211_IFTYPE_STATION:
1012 case NL80211_IFTYPE_P2P_CLIENT:
1013 if (!wdev->current_bss)
1014 return -ENOLINK;
1015 break;
1016 case NL80211_IFTYPE_UNSPECIFIED:
1017 case NL80211_IFTYPE_OCB:
1018 case NL80211_IFTYPE_MONITOR:
1019 case NL80211_IFTYPE_NAN:
1020 case NL80211_IFTYPE_P2P_DEVICE:
1021 case NL80211_IFTYPE_WDS:
1022 case NUM_NL80211_IFTYPES:
1023 return -EINVAL;
1024 }
1025
1026 return 0;
1027}
1028
1029static struct ieee80211_channel *nl80211_get_valid_chan(struct wiphy *wiphy,
1030 struct nlattr *tb)
1031{
1032 struct ieee80211_channel *chan;
1033
1034 if (tb == NULL)
1035 return NULL;
1036 chan = ieee80211_get_channel(wiphy, nla_get_u32(tb));
1037 if (!chan || chan->flags & IEEE80211_CHAN_DISABLED)
1038 return NULL;
1039 return chan;
1040}
1041
1042static int nl80211_put_iftypes(struct sk_buff *msg, u32 attr, u16 ifmodes)
1043{
1044 struct nlattr *nl_modes = nla_nest_start(msg, attr);
1045 int i;
1046
1047 if (!nl_modes)
1048 goto nla_put_failure;
1049
1050 i = 0;
1051 while (ifmodes) {
1052 if ((ifmodes & 1) && nla_put_flag(msg, i))
1053 goto nla_put_failure;
1054 ifmodes >>= 1;
1055 i++;
1056 }
1057
1058 nla_nest_end(msg, nl_modes);
1059 return 0;
1060
1061nla_put_failure:
1062 return -ENOBUFS;
1063}
1064
1065static int nl80211_put_iface_combinations(struct wiphy *wiphy,
1066 struct sk_buff *msg,
1067 bool large)
1068{
1069 struct nlattr *nl_combis;
1070 int i, j;
1071
1072 nl_combis = nla_nest_start(msg,
1073 NL80211_ATTR_INTERFACE_COMBINATIONS);
1074 if (!nl_combis)
1075 goto nla_put_failure;
1076
1077 for (i = 0; i < wiphy->n_iface_combinations; i++) {
1078 const struct ieee80211_iface_combination *c;
1079 struct nlattr *nl_combi, *nl_limits;
1080
1081 c = &wiphy->iface_combinations[i];
1082
1083 nl_combi = nla_nest_start(msg, i + 1);
1084 if (!nl_combi)
1085 goto nla_put_failure;
1086
1087 nl_limits = nla_nest_start(msg, NL80211_IFACE_COMB_LIMITS);
1088 if (!nl_limits)
1089 goto nla_put_failure;
1090
1091 for (j = 0; j < c->n_limits; j++) {
1092 struct nlattr *nl_limit;
1093
1094 nl_limit = nla_nest_start(msg, j + 1);
1095 if (!nl_limit)
1096 goto nla_put_failure;
1097 if (nla_put_u32(msg, NL80211_IFACE_LIMIT_MAX,
1098 c->limits[j].max))
1099 goto nla_put_failure;
1100 if (nl80211_put_iftypes(msg, NL80211_IFACE_LIMIT_TYPES,
1101 c->limits[j].types))
1102 goto nla_put_failure;
1103 nla_nest_end(msg, nl_limit);
1104 }
1105
1106 nla_nest_end(msg, nl_limits);
1107
1108 if (c->beacon_int_infra_match &&
1109 nla_put_flag(msg, NL80211_IFACE_COMB_STA_AP_BI_MATCH))
1110 goto nla_put_failure;
1111 if (nla_put_u32(msg, NL80211_IFACE_COMB_NUM_CHANNELS,
1112 c->num_different_channels) ||
1113 nla_put_u32(msg, NL80211_IFACE_COMB_MAXNUM,
1114 c->max_interfaces))
1115 goto nla_put_failure;
1116 if (large &&
1117 (nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_WIDTHS,
1118 c->radar_detect_widths) ||
1119 nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_REGIONS,
1120 c->radar_detect_regions)))
1121 goto nla_put_failure;
1122 if (c->beacon_int_min_gcd &&
1123 nla_put_u32(msg, NL80211_IFACE_COMB_BI_MIN_GCD,
1124 c->beacon_int_min_gcd))
1125 goto nla_put_failure;
1126
1127 nla_nest_end(msg, nl_combi);
1128 }
1129
1130 nla_nest_end(msg, nl_combis);
1131
1132 return 0;
1133nla_put_failure:
1134 return -ENOBUFS;
1135}
1136
1137#ifdef CONFIG_PM
1138static int nl80211_send_wowlan_tcp_caps(struct cfg80211_registered_device *rdev,
1139 struct sk_buff *msg)
1140{
1141 const struct wiphy_wowlan_tcp_support *tcp = rdev->wiphy.wowlan->tcp;
1142 struct nlattr *nl_tcp;
1143
1144 if (!tcp)
1145 return 0;
1146
1147 nl_tcp = nla_nest_start(msg, NL80211_WOWLAN_TRIG_TCP_CONNECTION);
1148 if (!nl_tcp)
1149 return -ENOBUFS;
1150
1151 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
1152 tcp->data_payload_max))
1153 return -ENOBUFS;
1154
1155 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
1156 tcp->data_payload_max))
1157 return -ENOBUFS;
1158
1159 if (tcp->seq && nla_put_flag(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ))
1160 return -ENOBUFS;
1161
1162 if (tcp->tok && nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
1163 sizeof(*tcp->tok), tcp->tok))
1164 return -ENOBUFS;
1165
1166 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
1167 tcp->data_interval_max))
1168 return -ENOBUFS;
1169
1170 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
1171 tcp->wake_payload_max))
1172 return -ENOBUFS;
1173
1174 nla_nest_end(msg, nl_tcp);
1175 return 0;
1176}
1177
1178static int nl80211_send_wowlan(struct sk_buff *msg,
1179 struct cfg80211_registered_device *rdev,
1180 bool large)
1181{
1182 struct nlattr *nl_wowlan;
1183
1184 if (!rdev->wiphy.wowlan)
1185 return 0;
1186
1187 nl_wowlan = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS_SUPPORTED);
1188 if (!nl_wowlan)
1189 return -ENOBUFS;
1190
1191 if (((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_ANY) &&
1192 nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
1193 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_DISCONNECT) &&
1194 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
1195 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT) &&
1196 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
1197 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_SUPPORTS_GTK_REKEY) &&
1198 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED)) ||
1199 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE) &&
1200 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
1201 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ) &&
1202 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
1203 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE) &&
1204 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
1205 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE) &&
1206 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
1207 return -ENOBUFS;
1208
1209 if (rdev->wiphy.wowlan->n_patterns) {
1210 struct nl80211_pattern_support pat = {
1211 .max_patterns = rdev->wiphy.wowlan->n_patterns,
1212 .min_pattern_len = rdev->wiphy.wowlan->pattern_min_len,
1213 .max_pattern_len = rdev->wiphy.wowlan->pattern_max_len,
1214 .max_pkt_offset = rdev->wiphy.wowlan->max_pkt_offset,
1215 };
1216
1217 if (nla_put(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
1218 sizeof(pat), &pat))
1219 return -ENOBUFS;
1220 }
1221
1222 if ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_NET_DETECT) &&
1223 nla_put_u32(msg, NL80211_WOWLAN_TRIG_NET_DETECT,
1224 rdev->wiphy.wowlan->max_nd_match_sets))
1225 return -ENOBUFS;
1226
1227 if (large && nl80211_send_wowlan_tcp_caps(rdev, msg))
1228 return -ENOBUFS;
1229
1230 nla_nest_end(msg, nl_wowlan);
1231
1232 return 0;
1233}
1234#endif
1235
1236static int nl80211_send_coalesce(struct sk_buff *msg,
1237 struct cfg80211_registered_device *rdev)
1238{
1239 struct nl80211_coalesce_rule_support rule;
1240
1241 if (!rdev->wiphy.coalesce)
1242 return 0;
1243
1244 rule.max_rules = rdev->wiphy.coalesce->n_rules;
1245 rule.max_delay = rdev->wiphy.coalesce->max_delay;
1246 rule.pat.max_patterns = rdev->wiphy.coalesce->n_patterns;
1247 rule.pat.min_pattern_len = rdev->wiphy.coalesce->pattern_min_len;
1248 rule.pat.max_pattern_len = rdev->wiphy.coalesce->pattern_max_len;
1249 rule.pat.max_pkt_offset = rdev->wiphy.coalesce->max_pkt_offset;
1250
1251 if (nla_put(msg, NL80211_ATTR_COALESCE_RULE, sizeof(rule), &rule))
1252 return -ENOBUFS;
1253
1254 return 0;
1255}
1256
1257static int nl80211_send_band_rateinfo(struct sk_buff *msg,
1258 struct ieee80211_supported_band *sband)
1259{
1260 struct nlattr *nl_rates, *nl_rate;
1261 struct ieee80211_rate *rate;
1262 int i;
1263
1264 /* add HT info */
1265 if (sband->ht_cap.ht_supported &&
1266 (nla_put(msg, NL80211_BAND_ATTR_HT_MCS_SET,
1267 sizeof(sband->ht_cap.mcs),
1268 &sband->ht_cap.mcs) ||
1269 nla_put_u16(msg, NL80211_BAND_ATTR_HT_CAPA,
1270 sband->ht_cap.cap) ||
1271 nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_FACTOR,
1272 sband->ht_cap.ampdu_factor) ||
1273 nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_DENSITY,
1274 sband->ht_cap.ampdu_density)))
1275 return -ENOBUFS;
1276
1277 /* add VHT info */
1278 if (sband->vht_cap.vht_supported &&
1279 (nla_put(msg, NL80211_BAND_ATTR_VHT_MCS_SET,
1280 sizeof(sband->vht_cap.vht_mcs),
1281 &sband->vht_cap.vht_mcs) ||
1282 nla_put_u32(msg, NL80211_BAND_ATTR_VHT_CAPA,
1283 sband->vht_cap.cap)))
1284 return -ENOBUFS;
1285
1286 /* add bitrates */
1287 nl_rates = nla_nest_start(msg, NL80211_BAND_ATTR_RATES);
1288 if (!nl_rates)
1289 return -ENOBUFS;
1290
1291 for (i = 0; i < sband->n_bitrates; i++) {
1292 nl_rate = nla_nest_start(msg, i);
1293 if (!nl_rate)
1294 return -ENOBUFS;
1295
1296 rate = &sband->bitrates[i];
1297 if (nla_put_u32(msg, NL80211_BITRATE_ATTR_RATE,
1298 rate->bitrate))
1299 return -ENOBUFS;
1300 if ((rate->flags & IEEE80211_RATE_SHORT_PREAMBLE) &&
1301 nla_put_flag(msg,
1302 NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE))
1303 return -ENOBUFS;
1304
1305 nla_nest_end(msg, nl_rate);
1306 }
1307
1308 nla_nest_end(msg, nl_rates);
1309
1310 return 0;
1311}
1312
1313static int
1314nl80211_send_mgmt_stypes(struct sk_buff *msg,
1315 const struct ieee80211_txrx_stypes *mgmt_stypes)
1316{
1317 u16 stypes;
1318 struct nlattr *nl_ftypes, *nl_ifs;
1319 enum nl80211_iftype ift;
1320 int i;
1321
1322 if (!mgmt_stypes)
1323 return 0;
1324
1325 nl_ifs = nla_nest_start(msg, NL80211_ATTR_TX_FRAME_TYPES);
1326 if (!nl_ifs)
1327 return -ENOBUFS;
1328
1329 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
1330 nl_ftypes = nla_nest_start(msg, ift);
1331 if (!nl_ftypes)
1332 return -ENOBUFS;
1333 i = 0;
1334 stypes = mgmt_stypes[ift].tx;
1335 while (stypes) {
1336 if ((stypes & 1) &&
1337 nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
1338 (i << 4) | IEEE80211_FTYPE_MGMT))
1339 return -ENOBUFS;
1340 stypes >>= 1;
1341 i++;
1342 }
1343 nla_nest_end(msg, nl_ftypes);
1344 }
1345
1346 nla_nest_end(msg, nl_ifs);
1347
1348 nl_ifs = nla_nest_start(msg, NL80211_ATTR_RX_FRAME_TYPES);
1349 if (!nl_ifs)
1350 return -ENOBUFS;
1351
1352 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
1353 nl_ftypes = nla_nest_start(msg, ift);
1354 if (!nl_ftypes)
1355 return -ENOBUFS;
1356 i = 0;
1357 stypes = mgmt_stypes[ift].rx;
1358 while (stypes) {
1359 if ((stypes & 1) &&
1360 nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
1361 (i << 4) | IEEE80211_FTYPE_MGMT))
1362 return -ENOBUFS;
1363 stypes >>= 1;
1364 i++;
1365 }
1366 nla_nest_end(msg, nl_ftypes);
1367 }
1368 nla_nest_end(msg, nl_ifs);
1369
1370 return 0;
1371}
1372
1373#define CMD(op, n) \
1374 do { \
1375 if (rdev->ops->op) { \
1376 i++; \
1377 if (nla_put_u32(msg, i, NL80211_CMD_ ## n)) \
1378 goto nla_put_failure; \
1379 } \
1380 } while (0)
1381
1382static int nl80211_add_commands_unsplit(struct cfg80211_registered_device *rdev,
1383 struct sk_buff *msg)
1384{
1385 int i = 0;
1386
1387 /*
1388 * do *NOT* add anything into this function, new things need to be
1389 * advertised only to new versions of userspace that can deal with
1390 * the split (and they can't possibly care about new features...
1391 */
1392 CMD(add_virtual_intf, NEW_INTERFACE);
1393 CMD(change_virtual_intf, SET_INTERFACE);
1394 CMD(add_key, NEW_KEY);
1395 CMD(start_ap, START_AP);
1396 CMD(add_station, NEW_STATION);
1397 CMD(add_mpath, NEW_MPATH);
1398 CMD(update_mesh_config, SET_MESH_CONFIG);
1399 CMD(change_bss, SET_BSS);
1400 CMD(auth, AUTHENTICATE);
1401 CMD(assoc, ASSOCIATE);
1402 CMD(deauth, DEAUTHENTICATE);
1403 CMD(disassoc, DISASSOCIATE);
1404 CMD(join_ibss, JOIN_IBSS);
1405 CMD(join_mesh, JOIN_MESH);
1406 CMD(set_pmksa, SET_PMKSA);
1407 CMD(del_pmksa, DEL_PMKSA);
1408 CMD(flush_pmksa, FLUSH_PMKSA);
1409 if (rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL)
1410 CMD(remain_on_channel, REMAIN_ON_CHANNEL);
1411 CMD(set_bitrate_mask, SET_TX_BITRATE_MASK);
1412 CMD(mgmt_tx, FRAME);
1413 CMD(mgmt_tx_cancel_wait, FRAME_WAIT_CANCEL);
1414 if (rdev->wiphy.flags & WIPHY_FLAG_NETNS_OK) {
1415 i++;
1416 if (nla_put_u32(msg, i, NL80211_CMD_SET_WIPHY_NETNS))
1417 goto nla_put_failure;
1418 }
1419 if (rdev->ops->set_monitor_channel || rdev->ops->start_ap ||
1420 rdev->ops->join_mesh) {
1421 i++;
1422 if (nla_put_u32(msg, i, NL80211_CMD_SET_CHANNEL))
1423 goto nla_put_failure;
1424 }
1425 CMD(set_wds_peer, SET_WDS_PEER);
1426 if (rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) {
1427 CMD(tdls_mgmt, TDLS_MGMT);
1428 CMD(tdls_oper, TDLS_OPER);
1429 }
1430 if (rdev->wiphy.max_sched_scan_reqs)
1431 CMD(sched_scan_start, START_SCHED_SCAN);
1432 CMD(probe_client, PROBE_CLIENT);
1433 CMD(set_noack_map, SET_NOACK_MAP);
1434 if (rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS) {
1435 i++;
1436 if (nla_put_u32(msg, i, NL80211_CMD_REGISTER_BEACONS))
1437 goto nla_put_failure;
1438 }
1439 CMD(start_p2p_device, START_P2P_DEVICE);
1440 CMD(set_mcast_rate, SET_MCAST_RATE);
1441#ifdef CONFIG_NL80211_TESTMODE
1442 CMD(testmode_cmd, TESTMODE);
1443#endif
1444
1445 if (rdev->ops->connect || rdev->ops->auth) {
1446 i++;
1447 if (nla_put_u32(msg, i, NL80211_CMD_CONNECT))
1448 goto nla_put_failure;
1449 }
1450
1451 if (rdev->ops->disconnect || rdev->ops->deauth) {
1452 i++;
1453 if (nla_put_u32(msg, i, NL80211_CMD_DISCONNECT))
1454 goto nla_put_failure;
1455 }
1456
1457 return i;
1458 nla_put_failure:
1459 return -ENOBUFS;
1460}
1461
1462struct nl80211_dump_wiphy_state {
1463 s64 filter_wiphy;
1464 long start;
1465 long split_start, band_start, chan_start, capa_start;
1466 bool split;
1467};
1468
1469static int nl80211_send_wiphy(struct cfg80211_registered_device *rdev,
1470 enum nl80211_commands cmd,
1471 struct sk_buff *msg, u32 portid, u32 seq,
1472 int flags, struct nl80211_dump_wiphy_state *state)
1473{
1474 void *hdr;
1475 struct nlattr *nl_bands, *nl_band;
1476 struct nlattr *nl_freqs, *nl_freq;
1477 struct nlattr *nl_cmds;
1478 enum nl80211_band band;
1479 struct ieee80211_channel *chan;
1480 int i;
1481 const struct ieee80211_txrx_stypes *mgmt_stypes =
1482 rdev->wiphy.mgmt_stypes;
1483 u32 features;
1484
1485 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
1486 if (!hdr)
1487 return -ENOBUFS;
1488
1489 if (WARN_ON(!state))
1490 return -EINVAL;
1491
1492 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
1493 nla_put_string(msg, NL80211_ATTR_WIPHY_NAME,
1494 wiphy_name(&rdev->wiphy)) ||
1495 nla_put_u32(msg, NL80211_ATTR_GENERATION,
1496 cfg80211_rdev_list_generation))
1497 goto nla_put_failure;
1498
1499 if (cmd != NL80211_CMD_NEW_WIPHY)
1500 goto finish;
1501
1502 switch (state->split_start) {
1503 case 0:
1504 if (nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_SHORT,
1505 rdev->wiphy.retry_short) ||
1506 nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_LONG,
1507 rdev->wiphy.retry_long) ||
1508 nla_put_u32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD,
1509 rdev->wiphy.frag_threshold) ||
1510 nla_put_u32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD,
1511 rdev->wiphy.rts_threshold) ||
1512 nla_put_u8(msg, NL80211_ATTR_WIPHY_COVERAGE_CLASS,
1513 rdev->wiphy.coverage_class) ||
1514 nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCAN_SSIDS,
1515 rdev->wiphy.max_scan_ssids) ||
1516 nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS,
1517 rdev->wiphy.max_sched_scan_ssids) ||
1518 nla_put_u16(msg, NL80211_ATTR_MAX_SCAN_IE_LEN,
1519 rdev->wiphy.max_scan_ie_len) ||
1520 nla_put_u16(msg, NL80211_ATTR_MAX_SCHED_SCAN_IE_LEN,
1521 rdev->wiphy.max_sched_scan_ie_len) ||
1522 nla_put_u8(msg, NL80211_ATTR_MAX_MATCH_SETS,
1523 rdev->wiphy.max_match_sets) ||
1524 nla_put_u32(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_PLANS,
1525 rdev->wiphy.max_sched_scan_plans) ||
1526 nla_put_u32(msg, NL80211_ATTR_MAX_SCAN_PLAN_INTERVAL,
1527 rdev->wiphy.max_sched_scan_plan_interval) ||
1528 nla_put_u32(msg, NL80211_ATTR_MAX_SCAN_PLAN_ITERATIONS,
1529 rdev->wiphy.max_sched_scan_plan_iterations))
1530 goto nla_put_failure;
1531
1532 if ((rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN) &&
1533 nla_put_flag(msg, NL80211_ATTR_SUPPORT_IBSS_RSN))
1534 goto nla_put_failure;
1535 if ((rdev->wiphy.flags & WIPHY_FLAG_MESH_AUTH) &&
1536 nla_put_flag(msg, NL80211_ATTR_SUPPORT_MESH_AUTH))
1537 goto nla_put_failure;
1538 if ((rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) &&
1539 nla_put_flag(msg, NL80211_ATTR_SUPPORT_AP_UAPSD))
1540 goto nla_put_failure;
1541 if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_FW_ROAM) &&
1542 nla_put_flag(msg, NL80211_ATTR_ROAM_SUPPORT))
1543 goto nla_put_failure;
1544 if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) &&
1545 nla_put_flag(msg, NL80211_ATTR_TDLS_SUPPORT))
1546 goto nla_put_failure;
1547 if ((rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP) &&
1548 nla_put_flag(msg, NL80211_ATTR_TDLS_EXTERNAL_SETUP))
1549 goto nla_put_failure;
1550 state->split_start++;
1551 if (state->split)
1552 break;
1553 case 1:
1554 if (nla_put(msg, NL80211_ATTR_CIPHER_SUITES,
1555 sizeof(u32) * rdev->wiphy.n_cipher_suites,
1556 rdev->wiphy.cipher_suites))
1557 goto nla_put_failure;
1558
1559 if (nla_put_u8(msg, NL80211_ATTR_MAX_NUM_PMKIDS,
1560 rdev->wiphy.max_num_pmkids))
1561 goto nla_put_failure;
1562
1563 if ((rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
1564 nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE))
1565 goto nla_put_failure;
1566
1567 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_TX,
1568 rdev->wiphy.available_antennas_tx) ||
1569 nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_RX,
1570 rdev->wiphy.available_antennas_rx))
1571 goto nla_put_failure;
1572
1573 if ((rdev->wiphy.flags & WIPHY_FLAG_AP_PROBE_RESP_OFFLOAD) &&
1574 nla_put_u32(msg, NL80211_ATTR_PROBE_RESP_OFFLOAD,
1575 rdev->wiphy.probe_resp_offload))
1576 goto nla_put_failure;
1577
1578 if ((rdev->wiphy.available_antennas_tx ||
1579 rdev->wiphy.available_antennas_rx) &&
1580 rdev->ops->get_antenna) {
1581 u32 tx_ant = 0, rx_ant = 0;
1582 int res;
1583
1584 res = rdev_get_antenna(rdev, &tx_ant, &rx_ant);
1585 if (!res) {
1586 if (nla_put_u32(msg,
1587 NL80211_ATTR_WIPHY_ANTENNA_TX,
1588 tx_ant) ||
1589 nla_put_u32(msg,
1590 NL80211_ATTR_WIPHY_ANTENNA_RX,
1591 rx_ant))
1592 goto nla_put_failure;
1593 }
1594 }
1595
1596 state->split_start++;
1597 if (state->split)
1598 break;
1599 case 2:
1600 if (nl80211_put_iftypes(msg, NL80211_ATTR_SUPPORTED_IFTYPES,
1601 rdev->wiphy.interface_modes))
1602 goto nla_put_failure;
1603 state->split_start++;
1604 if (state->split)
1605 break;
1606 case 3:
1607 nl_bands = nla_nest_start(msg, NL80211_ATTR_WIPHY_BANDS);
1608 if (!nl_bands)
1609 goto nla_put_failure;
1610
1611 for (band = state->band_start;
1612 band < NUM_NL80211_BANDS; band++) {
1613 struct ieee80211_supported_band *sband;
1614
1615 sband = rdev->wiphy.bands[band];
1616
1617 if (!sband)
1618 continue;
1619
1620 nl_band = nla_nest_start(msg, band);
1621 if (!nl_band)
1622 goto nla_put_failure;
1623
1624 switch (state->chan_start) {
1625 case 0:
1626 if (nl80211_send_band_rateinfo(msg, sband))
1627 goto nla_put_failure;
1628 state->chan_start++;
1629 if (state->split)
1630 break;
1631 default:
1632 /* add frequencies */
1633 nl_freqs = nla_nest_start(
1634 msg, NL80211_BAND_ATTR_FREQS);
1635 if (!nl_freqs)
1636 goto nla_put_failure;
1637
1638 for (i = state->chan_start - 1;
1639 i < sband->n_channels;
1640 i++) {
1641 nl_freq = nla_nest_start(msg, i);
1642 if (!nl_freq)
1643 goto nla_put_failure;
1644
1645 chan = &sband->channels[i];
1646
1647 if (nl80211_msg_put_channel(
1648 msg, chan,
1649 state->split))
1650 goto nla_put_failure;
1651
1652 nla_nest_end(msg, nl_freq);
1653 if (state->split)
1654 break;
1655 }
1656 if (i < sband->n_channels)
1657 state->chan_start = i + 2;
1658 else
1659 state->chan_start = 0;
1660 nla_nest_end(msg, nl_freqs);
1661 }
1662
1663 nla_nest_end(msg, nl_band);
1664
1665 if (state->split) {
1666 /* start again here */
1667 if (state->chan_start)
1668 band--;
1669 break;
1670 }
1671 }
1672 nla_nest_end(msg, nl_bands);
1673
1674 if (band < NUM_NL80211_BANDS)
1675 state->band_start = band + 1;
1676 else
1677 state->band_start = 0;
1678
1679 /* if bands & channels are done, continue outside */
1680 if (state->band_start == 0 && state->chan_start == 0)
1681 state->split_start++;
1682 if (state->split)
1683 break;
1684 case 4:
1685 nl_cmds = nla_nest_start(msg, NL80211_ATTR_SUPPORTED_COMMANDS);
1686 if (!nl_cmds)
1687 goto nla_put_failure;
1688
1689 i = nl80211_add_commands_unsplit(rdev, msg);
1690 if (i < 0)
1691 goto nla_put_failure;
1692 if (state->split) {
1693 CMD(crit_proto_start, CRIT_PROTOCOL_START);
1694 CMD(crit_proto_stop, CRIT_PROTOCOL_STOP);
1695 if (rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH)
1696 CMD(channel_switch, CHANNEL_SWITCH);
1697 CMD(set_qos_map, SET_QOS_MAP);
1698 if (rdev->wiphy.features &
1699 NL80211_FEATURE_SUPPORTS_WMM_ADMISSION)
1700 CMD(add_tx_ts, ADD_TX_TS);
1701 CMD(set_multicast_to_unicast, SET_MULTICAST_TO_UNICAST);
1702 CMD(update_connect_params, UPDATE_CONNECT_PARAMS);
1703 }
1704#undef CMD
1705
1706 nla_nest_end(msg, nl_cmds);
1707 state->split_start++;
1708 if (state->split)
1709 break;
1710 case 5:
1711 if (rdev->ops->remain_on_channel &&
1712 (rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL) &&
1713 nla_put_u32(msg,
1714 NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION,
1715 rdev->wiphy.max_remain_on_channel_duration))
1716 goto nla_put_failure;
1717
1718 if ((rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX) &&
1719 nla_put_flag(msg, NL80211_ATTR_OFFCHANNEL_TX_OK))
1720 goto nla_put_failure;
1721
1722 if (nl80211_send_mgmt_stypes(msg, mgmt_stypes))
1723 goto nla_put_failure;
1724 state->split_start++;
1725 if (state->split)
1726 break;
1727 case 6:
1728#ifdef CONFIG_PM
1729 if (nl80211_send_wowlan(msg, rdev, state->split))
1730 goto nla_put_failure;
1731 state->split_start++;
1732 if (state->split)
1733 break;
1734#else
1735 state->split_start++;
1736#endif
1737 case 7:
1738 if (nl80211_put_iftypes(msg, NL80211_ATTR_SOFTWARE_IFTYPES,
1739 rdev->wiphy.software_iftypes))
1740 goto nla_put_failure;
1741
1742 if (nl80211_put_iface_combinations(&rdev->wiphy, msg,
1743 state->split))
1744 goto nla_put_failure;
1745
1746 state->split_start++;
1747 if (state->split)
1748 break;
1749 case 8:
1750 if ((rdev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME) &&
1751 nla_put_u32(msg, NL80211_ATTR_DEVICE_AP_SME,
1752 rdev->wiphy.ap_sme_capa))
1753 goto nla_put_failure;
1754
1755 features = rdev->wiphy.features;
1756 /*
1757 * We can only add the per-channel limit information if the
1758 * dump is split, otherwise it makes it too big. Therefore
1759 * only advertise it in that case.
1760 */
1761 if (state->split)
1762 features |= NL80211_FEATURE_ADVERTISE_CHAN_LIMITS;
1763 if (nla_put_u32(msg, NL80211_ATTR_FEATURE_FLAGS, features))
1764 goto nla_put_failure;
1765
1766 if (rdev->wiphy.ht_capa_mod_mask &&
1767 nla_put(msg, NL80211_ATTR_HT_CAPABILITY_MASK,
1768 sizeof(*rdev->wiphy.ht_capa_mod_mask),
1769 rdev->wiphy.ht_capa_mod_mask))
1770 goto nla_put_failure;
1771
1772 if (rdev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME &&
1773 rdev->wiphy.max_acl_mac_addrs &&
1774 nla_put_u32(msg, NL80211_ATTR_MAC_ACL_MAX,
1775 rdev->wiphy.max_acl_mac_addrs))
1776 goto nla_put_failure;
1777
1778 /*
1779 * Any information below this point is only available to
1780 * applications that can deal with it being split. This
1781 * helps ensure that newly added capabilities don't break
1782 * older tools by overrunning their buffers.
1783 *
1784 * We still increment split_start so that in the split
1785 * case we'll continue with more data in the next round,
1786 * but break unconditionally so unsplit data stops here.
1787 */
1788 state->split_start++;
1789 break;
1790 case 9:
1791 if (rdev->wiphy.extended_capabilities &&
1792 (nla_put(msg, NL80211_ATTR_EXT_CAPA,
1793 rdev->wiphy.extended_capabilities_len,
1794 rdev->wiphy.extended_capabilities) ||
1795 nla_put(msg, NL80211_ATTR_EXT_CAPA_MASK,
1796 rdev->wiphy.extended_capabilities_len,
1797 rdev->wiphy.extended_capabilities_mask)))
1798 goto nla_put_failure;
1799
1800 if (rdev->wiphy.vht_capa_mod_mask &&
1801 nla_put(msg, NL80211_ATTR_VHT_CAPABILITY_MASK,
1802 sizeof(*rdev->wiphy.vht_capa_mod_mask),
1803 rdev->wiphy.vht_capa_mod_mask))
1804 goto nla_put_failure;
1805
1806 state->split_start++;
1807 break;
1808 case 10:
1809 if (nl80211_send_coalesce(msg, rdev))
1810 goto nla_put_failure;
1811
1812 if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ) &&
1813 (nla_put_flag(msg, NL80211_ATTR_SUPPORT_5_MHZ) ||
1814 nla_put_flag(msg, NL80211_ATTR_SUPPORT_10_MHZ)))
1815 goto nla_put_failure;
1816
1817 if (rdev->wiphy.max_ap_assoc_sta &&
1818 nla_put_u32(msg, NL80211_ATTR_MAX_AP_ASSOC_STA,
1819 rdev->wiphy.max_ap_assoc_sta))
1820 goto nla_put_failure;
1821
1822 state->split_start++;
1823 break;
1824 case 11:
1825 if (rdev->wiphy.n_vendor_commands) {
1826 const struct nl80211_vendor_cmd_info *info;
1827 struct nlattr *nested;
1828
1829 nested = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA);
1830 if (!nested)
1831 goto nla_put_failure;
1832
1833 for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) {
1834 info = &rdev->wiphy.vendor_commands[i].info;
1835 if (nla_put(msg, i + 1, sizeof(*info), info))
1836 goto nla_put_failure;
1837 }
1838 nla_nest_end(msg, nested);
1839 }
1840
1841 if (rdev->wiphy.n_vendor_events) {
1842 const struct nl80211_vendor_cmd_info *info;
1843 struct nlattr *nested;
1844
1845 nested = nla_nest_start(msg,
1846 NL80211_ATTR_VENDOR_EVENTS);
1847 if (!nested)
1848 goto nla_put_failure;
1849
1850 for (i = 0; i < rdev->wiphy.n_vendor_events; i++) {
1851 info = &rdev->wiphy.vendor_events[i];
1852 if (nla_put(msg, i + 1, sizeof(*info), info))
1853 goto nla_put_failure;
1854 }
1855 nla_nest_end(msg, nested);
1856 }
1857 state->split_start++;
1858 break;
1859 case 12:
1860 if (rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH &&
1861 nla_put_u8(msg, NL80211_ATTR_MAX_CSA_COUNTERS,
1862 rdev->wiphy.max_num_csa_counters))
1863 goto nla_put_failure;
1864
1865 if (rdev->wiphy.regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
1866 nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
1867 goto nla_put_failure;
1868
1869 if (rdev->wiphy.max_sched_scan_reqs &&
1870 nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_MAX_REQS,
1871 rdev->wiphy.max_sched_scan_reqs))
1872 goto nla_put_failure;
1873
1874 if (nla_put(msg, NL80211_ATTR_EXT_FEATURES,
1875 sizeof(rdev->wiphy.ext_features),
1876 rdev->wiphy.ext_features))
1877 goto nla_put_failure;
1878
1879 if (rdev->wiphy.bss_select_support) {
1880 struct nlattr *nested;
1881 u32 bss_select_support = rdev->wiphy.bss_select_support;
1882
1883 nested = nla_nest_start(msg, NL80211_ATTR_BSS_SELECT);
1884 if (!nested)
1885 goto nla_put_failure;
1886
1887 i = 0;
1888 while (bss_select_support) {
1889 if ((bss_select_support & 1) &&
1890 nla_put_flag(msg, i))
1891 goto nla_put_failure;
1892 i++;
1893 bss_select_support >>= 1;
1894 }
1895 nla_nest_end(msg, nested);
1896 }
1897
1898 state->split_start++;
1899 break;
1900 case 13:
1901 if (rdev->wiphy.num_iftype_ext_capab &&
1902 rdev->wiphy.iftype_ext_capab) {
1903 struct nlattr *nested_ext_capab, *nested;
1904
1905 nested = nla_nest_start(msg,
1906 NL80211_ATTR_IFTYPE_EXT_CAPA);
1907 if (!nested)
1908 goto nla_put_failure;
1909
1910 for (i = state->capa_start;
1911 i < rdev->wiphy.num_iftype_ext_capab; i++) {
1912 const struct wiphy_iftype_ext_capab *capab;
1913
1914 capab = &rdev->wiphy.iftype_ext_capab[i];
1915
1916 nested_ext_capab = nla_nest_start(msg, i);
1917 if (!nested_ext_capab ||
1918 nla_put_u32(msg, NL80211_ATTR_IFTYPE,
1919 capab->iftype) ||
1920 nla_put(msg, NL80211_ATTR_EXT_CAPA,
1921 capab->extended_capabilities_len,
1922 capab->extended_capabilities) ||
1923 nla_put(msg, NL80211_ATTR_EXT_CAPA_MASK,
1924 capab->extended_capabilities_len,
1925 capab->extended_capabilities_mask))
1926 goto nla_put_failure;
1927
1928 nla_nest_end(msg, nested_ext_capab);
1929 if (state->split)
1930 break;
1931 }
1932 nla_nest_end(msg, nested);
1933 if (i < rdev->wiphy.num_iftype_ext_capab) {
1934 state->capa_start = i + 1;
1935 break;
1936 }
1937 }
1938
1939 if (nla_put_u32(msg, NL80211_ATTR_BANDS,
1940 rdev->wiphy.nan_supported_bands))
1941 goto nla_put_failure;
1942
1943 /* done */
1944 state->split_start = 0;
1945 break;
1946 }
1947 finish:
1948 genlmsg_end(msg, hdr);
1949 return 0;
1950
1951 nla_put_failure:
1952 genlmsg_cancel(msg, hdr);
1953 return -EMSGSIZE;
1954}
1955
1956static int nl80211_dump_wiphy_parse(struct sk_buff *skb,
1957 struct netlink_callback *cb,
1958 struct nl80211_dump_wiphy_state *state)
1959{
1960 struct nlattr **tb = genl_family_attrbuf(&nl80211_fam);
1961 int ret = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize, tb,
1962 nl80211_fam.maxattr, nl80211_policy, NULL);
1963 /* ignore parse errors for backward compatibility */
1964 if (ret)
1965 return 0;
1966
1967 state->split = tb[NL80211_ATTR_SPLIT_WIPHY_DUMP];
1968 if (tb[NL80211_ATTR_WIPHY])
1969 state->filter_wiphy = nla_get_u32(tb[NL80211_ATTR_WIPHY]);
1970 if (tb[NL80211_ATTR_WDEV])
1971 state->filter_wiphy = nla_get_u64(tb[NL80211_ATTR_WDEV]) >> 32;
1972 if (tb[NL80211_ATTR_IFINDEX]) {
1973 struct net_device *netdev;
1974 struct cfg80211_registered_device *rdev;
1975 int ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]);
1976
1977 netdev = __dev_get_by_index(sock_net(skb->sk), ifidx);
1978 if (!netdev)
1979 return -ENODEV;
1980 if (netdev->ieee80211_ptr) {
1981 rdev = wiphy_to_rdev(
1982 netdev->ieee80211_ptr->wiphy);
1983 state->filter_wiphy = rdev->wiphy_idx;
1984 }
1985 }
1986
1987 return 0;
1988}
1989
1990static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb)
1991{
1992 int idx = 0, ret;
1993 struct nl80211_dump_wiphy_state *state = (void *)cb->args[0];
1994 struct cfg80211_registered_device *rdev;
1995
1996 rtnl_lock();
1997 if (!state) {
1998 state = kzalloc(sizeof(*state), GFP_KERNEL);
1999 if (!state) {
2000 rtnl_unlock();
2001 return -ENOMEM;
2002 }
2003 state->filter_wiphy = -1;
2004 ret = nl80211_dump_wiphy_parse(skb, cb, state);
2005 if (ret) {
2006 kfree(state);
2007 rtnl_unlock();
2008 return ret;
2009 }
2010 cb->args[0] = (long)state;
2011 }
2012
2013 list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
2014 if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
2015 continue;
2016 if (++idx <= state->start)
2017 continue;
2018 if (state->filter_wiphy != -1 &&
2019 state->filter_wiphy != rdev->wiphy_idx)
2020 continue;
2021 /* attempt to fit multiple wiphy data chunks into the skb */
2022 do {
2023 ret = nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY,
2024 skb,
2025 NETLINK_CB(cb->skb).portid,
2026 cb->nlh->nlmsg_seq,
2027 NLM_F_MULTI, state);
2028 if (ret < 0) {
2029 /*
2030 * If sending the wiphy data didn't fit (ENOBUFS
2031 * or EMSGSIZE returned), this SKB is still
2032 * empty (so it's not too big because another
2033 * wiphy dataset is already in the skb) and
2034 * we've not tried to adjust the dump allocation
2035 * yet ... then adjust the alloc size to be
2036 * bigger, and return 1 but with the empty skb.
2037 * This results in an empty message being RX'ed
2038 * in userspace, but that is ignored.
2039 *
2040 * We can then retry with the larger buffer.
2041 */
2042 if ((ret == -ENOBUFS || ret == -EMSGSIZE) &&
2043 !skb->len && !state->split &&
2044 cb->min_dump_alloc < 4096) {
2045 cb->min_dump_alloc = 4096;
2046 state->split_start = 0;
2047 rtnl_unlock();
2048 return 1;
2049 }
2050 idx--;
2051 break;
2052 }
2053 } while (state->split_start > 0);
2054 break;
2055 }
2056 rtnl_unlock();
2057
2058 state->start = idx;
2059
2060 return skb->len;
2061}
2062
2063static int nl80211_dump_wiphy_done(struct netlink_callback *cb)
2064{
2065 kfree((void *)cb->args[0]);
2066 return 0;
2067}
2068
2069static int nl80211_get_wiphy(struct sk_buff *skb, struct genl_info *info)
2070{
2071 struct sk_buff *msg;
2072 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2073 struct nl80211_dump_wiphy_state state = {};
2074
2075 msg = nlmsg_new(4096, GFP_KERNEL);
2076 if (!msg)
2077 return -ENOMEM;
2078
2079 if (nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY, msg,
2080 info->snd_portid, info->snd_seq, 0,
2081 &state) < 0) {
2082 nlmsg_free(msg);
2083 return -ENOBUFS;
2084 }
2085
2086 return genlmsg_reply(msg, info);
2087}
2088
2089static const struct nla_policy txq_params_policy[NL80211_TXQ_ATTR_MAX + 1] = {
2090 [NL80211_TXQ_ATTR_QUEUE] = { .type = NLA_U8 },
2091 [NL80211_TXQ_ATTR_TXOP] = { .type = NLA_U16 },
2092 [NL80211_TXQ_ATTR_CWMIN] = { .type = NLA_U16 },
2093 [NL80211_TXQ_ATTR_CWMAX] = { .type = NLA_U16 },
2094 [NL80211_TXQ_ATTR_AIFS] = { .type = NLA_U8 },
2095};
2096
2097static int parse_txq_params(struct nlattr *tb[],
2098 struct ieee80211_txq_params *txq_params)
2099{
2100 u8 ac;
2101
2102 if (!tb[NL80211_TXQ_ATTR_AC] || !tb[NL80211_TXQ_ATTR_TXOP] ||
2103 !tb[NL80211_TXQ_ATTR_CWMIN] || !tb[NL80211_TXQ_ATTR_CWMAX] ||
2104 !tb[NL80211_TXQ_ATTR_AIFS])
2105 return -EINVAL;
2106
2107 ac = nla_get_u8(tb[NL80211_TXQ_ATTR_AC]);
2108 txq_params->txop = nla_get_u16(tb[NL80211_TXQ_ATTR_TXOP]);
2109 txq_params->cwmin = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMIN]);
2110 txq_params->cwmax = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMAX]);
2111 txq_params->aifs = nla_get_u8(tb[NL80211_TXQ_ATTR_AIFS]);
2112
2113 if (ac >= NL80211_NUM_ACS)
2114 return -EINVAL;
2115 txq_params->ac = array_index_nospec(ac, NL80211_NUM_ACS);
2116 return 0;
2117}
2118
2119static bool nl80211_can_set_dev_channel(struct wireless_dev *wdev)
2120{
2121 /*
2122 * You can only set the channel explicitly for WDS interfaces,
2123 * all others have their channel managed via their respective
2124 * "establish a connection" command (connect, join, ...)
2125 *
2126 * For AP/GO and mesh mode, the channel can be set with the
2127 * channel userspace API, but is only stored and passed to the
2128 * low-level driver when the AP starts or the mesh is joined.
2129 * This is for backward compatibility, userspace can also give
2130 * the channel in the start-ap or join-mesh commands instead.
2131 *
2132 * Monitors are special as they are normally slaved to
2133 * whatever else is going on, so they have their own special
2134 * operation to set the monitor channel if possible.
2135 */
2136 return !wdev ||
2137 wdev->iftype == NL80211_IFTYPE_AP ||
2138 wdev->iftype == NL80211_IFTYPE_MESH_POINT ||
2139 wdev->iftype == NL80211_IFTYPE_MONITOR ||
2140 wdev->iftype == NL80211_IFTYPE_P2P_GO;
2141}
2142
2143static int nl80211_parse_chandef(struct cfg80211_registered_device *rdev,
2144 struct genl_info *info,
2145 struct cfg80211_chan_def *chandef)
2146{
2147 u32 control_freq;
2148
2149 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
2150 return -EINVAL;
2151
2152 control_freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]);
2153
2154 memset(chandef, 0, sizeof(*chandef));
2155
2156 chandef->chan = ieee80211_get_channel(&rdev->wiphy, control_freq);
2157 chandef->width = NL80211_CHAN_WIDTH_20_NOHT;
2158 chandef->center_freq1 = control_freq;
2159 chandef->center_freq2 = 0;
2160
2161 /* Primary channel not allowed */
2162 if (!chandef->chan || chandef->chan->flags & IEEE80211_CHAN_DISABLED)
2163 return -EINVAL;
2164
2165 if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
2166 enum nl80211_channel_type chantype;
2167
2168 chantype = nla_get_u32(
2169 info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
2170
2171 switch (chantype) {
2172 case NL80211_CHAN_NO_HT:
2173 case NL80211_CHAN_HT20:
2174 case NL80211_CHAN_HT40PLUS:
2175 case NL80211_CHAN_HT40MINUS:
2176 cfg80211_chandef_create(chandef, chandef->chan,
2177 chantype);
2178 break;
2179 default:
2180 return -EINVAL;
2181 }
2182 } else if (info->attrs[NL80211_ATTR_CHANNEL_WIDTH]) {
2183 chandef->width =
2184 nla_get_u32(info->attrs[NL80211_ATTR_CHANNEL_WIDTH]);
2185 if (info->attrs[NL80211_ATTR_CENTER_FREQ1])
2186 chandef->center_freq1 =
2187 nla_get_u32(
2188 info->attrs[NL80211_ATTR_CENTER_FREQ1]);
2189 if (info->attrs[NL80211_ATTR_CENTER_FREQ2])
2190 chandef->center_freq2 =
2191 nla_get_u32(
2192 info->attrs[NL80211_ATTR_CENTER_FREQ2]);
2193 }
2194
2195 if (!cfg80211_chandef_valid(chandef))
2196 return -EINVAL;
2197
2198 if (!cfg80211_chandef_usable(&rdev->wiphy, chandef,
2199 IEEE80211_CHAN_DISABLED))
2200 return -EINVAL;
2201
2202 if ((chandef->width == NL80211_CHAN_WIDTH_5 ||
2203 chandef->width == NL80211_CHAN_WIDTH_10) &&
2204 !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ))
2205 return -EINVAL;
2206
2207 return 0;
2208}
2209
2210static int __nl80211_set_channel(struct cfg80211_registered_device *rdev,
2211 struct net_device *dev,
2212 struct genl_info *info)
2213{
2214 struct cfg80211_chan_def chandef;
2215 int result;
2216 enum nl80211_iftype iftype = NL80211_IFTYPE_MONITOR;
2217 struct wireless_dev *wdev = NULL;
2218
2219 if (dev)
2220 wdev = dev->ieee80211_ptr;
2221 if (!nl80211_can_set_dev_channel(wdev))
2222 return -EOPNOTSUPP;
2223 if (wdev)
2224 iftype = wdev->iftype;
2225
2226 result = nl80211_parse_chandef(rdev, info, &chandef);
2227 if (result)
2228 return result;
2229
2230 switch (iftype) {
2231 case NL80211_IFTYPE_AP:
2232 case NL80211_IFTYPE_P2P_GO:
2233 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &chandef,
2234 iftype)) {
2235 result = -EINVAL;
2236 break;
2237 }
2238 if (wdev->beacon_interval) {
2239 if (!dev || !rdev->ops->set_ap_chanwidth ||
2240 !(rdev->wiphy.features &
2241 NL80211_FEATURE_AP_MODE_CHAN_WIDTH_CHANGE)) {
2242 result = -EBUSY;
2243 break;
2244 }
2245
2246 /* Only allow dynamic channel width changes */
2247 if (chandef.chan != wdev->preset_chandef.chan) {
2248 result = -EBUSY;
2249 break;
2250 }
2251 result = rdev_set_ap_chanwidth(rdev, dev, &chandef);
2252 if (result)
2253 break;
2254 }
2255 wdev->preset_chandef = chandef;
2256 result = 0;
2257 break;
2258 case NL80211_IFTYPE_MESH_POINT:
2259 result = cfg80211_set_mesh_channel(rdev, wdev, &chandef);
2260 break;
2261 case NL80211_IFTYPE_MONITOR:
2262 result = cfg80211_set_monitor_channel(rdev, &chandef);
2263 break;
2264 default:
2265 result = -EINVAL;
2266 }
2267
2268 return result;
2269}
2270
2271static int nl80211_set_channel(struct sk_buff *skb, struct genl_info *info)
2272{
2273 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2274 struct net_device *netdev = info->user_ptr[1];
2275
2276 return __nl80211_set_channel(rdev, netdev, info);
2277}
2278
2279static int nl80211_set_wds_peer(struct sk_buff *skb, struct genl_info *info)
2280{
2281 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2282 struct net_device *dev = info->user_ptr[1];
2283 struct wireless_dev *wdev = dev->ieee80211_ptr;
2284 const u8 *bssid;
2285
2286 if (!info->attrs[NL80211_ATTR_MAC])
2287 return -EINVAL;
2288
2289 if (netif_running(dev))
2290 return -EBUSY;
2291
2292 if (!rdev->ops->set_wds_peer)
2293 return -EOPNOTSUPP;
2294
2295 if (wdev->iftype != NL80211_IFTYPE_WDS)
2296 return -EOPNOTSUPP;
2297
2298 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
2299 return rdev_set_wds_peer(rdev, dev, bssid);
2300}
2301
2302static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info)
2303{
2304 struct cfg80211_registered_device *rdev;
2305 struct net_device *netdev = NULL;
2306 struct wireless_dev *wdev;
2307 int result = 0, rem_txq_params = 0;
2308 struct nlattr *nl_txq_params;
2309 u32 changed;
2310 u8 retry_short = 0, retry_long = 0;
2311 u32 frag_threshold = 0, rts_threshold = 0;
2312 u8 coverage_class = 0;
2313
2314 ASSERT_RTNL();
2315
2316 /*
2317 * Try to find the wiphy and netdev. Normally this
2318 * function shouldn't need the netdev, but this is
2319 * done for backward compatibility -- previously
2320 * setting the channel was done per wiphy, but now
2321 * it is per netdev. Previous userland like hostapd
2322 * also passed a netdev to set_wiphy, so that it is
2323 * possible to let that go to the right netdev!
2324 */
2325
2326 if (info->attrs[NL80211_ATTR_IFINDEX]) {
2327 int ifindex = nla_get_u32(info->attrs[NL80211_ATTR_IFINDEX]);
2328
2329 netdev = __dev_get_by_index(genl_info_net(info), ifindex);
2330 if (netdev && netdev->ieee80211_ptr)
2331 rdev = wiphy_to_rdev(netdev->ieee80211_ptr->wiphy);
2332 else
2333 netdev = NULL;
2334 }
2335
2336 if (!netdev) {
2337 rdev = __cfg80211_rdev_from_attrs(genl_info_net(info),
2338 info->attrs);
2339 if (IS_ERR(rdev))
2340 return PTR_ERR(rdev);
2341 wdev = NULL;
2342 netdev = NULL;
2343 result = 0;
2344 } else
2345 wdev = netdev->ieee80211_ptr;
2346
2347 /*
2348 * end workaround code, by now the rdev is available
2349 * and locked, and wdev may or may not be NULL.
2350 */
2351
2352 if (info->attrs[NL80211_ATTR_WIPHY_NAME])
2353 result = cfg80211_dev_rename(
2354 rdev, nla_data(info->attrs[NL80211_ATTR_WIPHY_NAME]));
2355
2356 if (result)
2357 return result;
2358
2359 if (info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS]) {
2360 struct ieee80211_txq_params txq_params;
2361 struct nlattr *tb[NL80211_TXQ_ATTR_MAX + 1];
2362
2363 if (!rdev->ops->set_txq_params)
2364 return -EOPNOTSUPP;
2365
2366 if (!netdev)
2367 return -EINVAL;
2368
2369 if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
2370 netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
2371 return -EINVAL;
2372
2373 if (!netif_running(netdev))
2374 return -ENETDOWN;
2375
2376 nla_for_each_nested(nl_txq_params,
2377 info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS],
2378 rem_txq_params) {
2379 result = nla_parse_nested(tb, NL80211_TXQ_ATTR_MAX,
2380 nl_txq_params,
2381 txq_params_policy,
2382 info->extack);
2383 if (result)
2384 return result;
2385 result = parse_txq_params(tb, &txq_params);
2386 if (result)
2387 return result;
2388
2389 result = rdev_set_txq_params(rdev, netdev,
2390 &txq_params);
2391 if (result)
2392 return result;
2393 }
2394 }
2395
2396 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
2397 result = __nl80211_set_channel(
2398 rdev,
2399 nl80211_can_set_dev_channel(wdev) ? netdev : NULL,
2400 info);
2401 if (result)
2402 return result;
2403 }
2404
2405 if (info->attrs[NL80211_ATTR_WIPHY_TX_POWER_SETTING]) {
2406 struct wireless_dev *txp_wdev = wdev;
2407 enum nl80211_tx_power_setting type;
2408 int idx, mbm = 0;
2409
2410 if (!(rdev->wiphy.features & NL80211_FEATURE_VIF_TXPOWER))
2411 txp_wdev = NULL;
2412
2413 if (!rdev->ops->set_tx_power)
2414 return -EOPNOTSUPP;
2415
2416 idx = NL80211_ATTR_WIPHY_TX_POWER_SETTING;
2417 type = nla_get_u32(info->attrs[idx]);
2418
2419 if (!info->attrs[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] &&
2420 (type != NL80211_TX_POWER_AUTOMATIC))
2421 return -EINVAL;
2422
2423 if (type != NL80211_TX_POWER_AUTOMATIC) {
2424 idx = NL80211_ATTR_WIPHY_TX_POWER_LEVEL;
2425 mbm = nla_get_u32(info->attrs[idx]);
2426 }
2427
2428 result = rdev_set_tx_power(rdev, txp_wdev, type, mbm);
2429 if (result)
2430 return result;
2431 }
2432
2433 if (info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX] &&
2434 info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]) {
2435 u32 tx_ant, rx_ant;
2436
2437 if ((!rdev->wiphy.available_antennas_tx &&
2438 !rdev->wiphy.available_antennas_rx) ||
2439 !rdev->ops->set_antenna)
2440 return -EOPNOTSUPP;
2441
2442 tx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX]);
2443 rx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]);
2444
2445 /* reject antenna configurations which don't match the
2446 * available antenna masks, except for the "all" mask */
2447 if ((~tx_ant && (tx_ant & ~rdev->wiphy.available_antennas_tx)) ||
2448 (~rx_ant && (rx_ant & ~rdev->wiphy.available_antennas_rx)))
2449 return -EINVAL;
2450
2451 tx_ant = tx_ant & rdev->wiphy.available_antennas_tx;
2452 rx_ant = rx_ant & rdev->wiphy.available_antennas_rx;
2453
2454 result = rdev_set_antenna(rdev, tx_ant, rx_ant);
2455 if (result)
2456 return result;
2457 }
2458
2459 changed = 0;
2460
2461 if (info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]) {
2462 retry_short = nla_get_u8(
2463 info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]);
2464 if (retry_short == 0)
2465 return -EINVAL;
2466
2467 changed |= WIPHY_PARAM_RETRY_SHORT;
2468 }
2469
2470 if (info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]) {
2471 retry_long = nla_get_u8(
2472 info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]);
2473 if (retry_long == 0)
2474 return -EINVAL;
2475
2476 changed |= WIPHY_PARAM_RETRY_LONG;
2477 }
2478
2479 if (info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]) {
2480 frag_threshold = nla_get_u32(
2481 info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]);
2482 if (frag_threshold < 256)
2483 return -EINVAL;
2484
2485 if (frag_threshold != (u32) -1) {
2486 /*
2487 * Fragments (apart from the last one) are required to
2488 * have even length. Make the fragmentation code
2489 * simpler by stripping LSB should someone try to use
2490 * odd threshold value.
2491 */
2492 frag_threshold &= ~0x1;
2493 }
2494 changed |= WIPHY_PARAM_FRAG_THRESHOLD;
2495 }
2496
2497 if (info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]) {
2498 rts_threshold = nla_get_u32(
2499 info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]);
2500 changed |= WIPHY_PARAM_RTS_THRESHOLD;
2501 }
2502
2503 if (info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]) {
2504 if (info->attrs[NL80211_ATTR_WIPHY_DYN_ACK])
2505 return -EINVAL;
2506
2507 coverage_class = nla_get_u8(
2508 info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]);
2509 changed |= WIPHY_PARAM_COVERAGE_CLASS;
2510 }
2511
2512 if (info->attrs[NL80211_ATTR_WIPHY_DYN_ACK]) {
2513 if (!(rdev->wiphy.features & NL80211_FEATURE_ACKTO_ESTIMATION))
2514 return -EOPNOTSUPP;
2515
2516 changed |= WIPHY_PARAM_DYN_ACK;
2517 }
2518
2519 if (changed) {
2520 u8 old_retry_short, old_retry_long;
2521 u32 old_frag_threshold, old_rts_threshold;
2522 u8 old_coverage_class;
2523
2524 if (!rdev->ops->set_wiphy_params)
2525 return -EOPNOTSUPP;
2526
2527 old_retry_short = rdev->wiphy.retry_short;
2528 old_retry_long = rdev->wiphy.retry_long;
2529 old_frag_threshold = rdev->wiphy.frag_threshold;
2530 old_rts_threshold = rdev->wiphy.rts_threshold;
2531 old_coverage_class = rdev->wiphy.coverage_class;
2532
2533 if (changed & WIPHY_PARAM_RETRY_SHORT)
2534 rdev->wiphy.retry_short = retry_short;
2535 if (changed & WIPHY_PARAM_RETRY_LONG)
2536 rdev->wiphy.retry_long = retry_long;
2537 if (changed & WIPHY_PARAM_FRAG_THRESHOLD)
2538 rdev->wiphy.frag_threshold = frag_threshold;
2539 if (changed & WIPHY_PARAM_RTS_THRESHOLD)
2540 rdev->wiphy.rts_threshold = rts_threshold;
2541 if (changed & WIPHY_PARAM_COVERAGE_CLASS)
2542 rdev->wiphy.coverage_class = coverage_class;
2543
2544 result = rdev_set_wiphy_params(rdev, changed);
2545 if (result) {
2546 rdev->wiphy.retry_short = old_retry_short;
2547 rdev->wiphy.retry_long = old_retry_long;
2548 rdev->wiphy.frag_threshold = old_frag_threshold;
2549 rdev->wiphy.rts_threshold = old_rts_threshold;
2550 rdev->wiphy.coverage_class = old_coverage_class;
2551 return result;
2552 }
2553 }
2554 return 0;
2555}
2556
2557static inline u64 wdev_id(struct wireless_dev *wdev)
2558{
2559 return (u64)wdev->identifier |
2560 ((u64)wiphy_to_rdev(wdev->wiphy)->wiphy_idx << 32);
2561}
2562
2563static int nl80211_send_chandef(struct sk_buff *msg,
2564 const struct cfg80211_chan_def *chandef)
2565{
2566 if (WARN_ON(!cfg80211_chandef_valid(chandef)))
2567 return -EINVAL;
2568
2569 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ,
2570 chandef->chan->center_freq))
2571 return -ENOBUFS;
2572 switch (chandef->width) {
2573 case NL80211_CHAN_WIDTH_20_NOHT:
2574 case NL80211_CHAN_WIDTH_20:
2575 case NL80211_CHAN_WIDTH_40:
2576 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
2577 cfg80211_get_chandef_type(chandef)))
2578 return -ENOBUFS;
2579 break;
2580 default:
2581 break;
2582 }
2583 if (nla_put_u32(msg, NL80211_ATTR_CHANNEL_WIDTH, chandef->width))
2584 return -ENOBUFS;
2585 if (nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ1, chandef->center_freq1))
2586 return -ENOBUFS;
2587 if (chandef->center_freq2 &&
2588 nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ2, chandef->center_freq2))
2589 return -ENOBUFS;
2590 return 0;
2591}
2592
2593static int nl80211_send_iface(struct sk_buff *msg, u32 portid, u32 seq, int flags,
2594 struct cfg80211_registered_device *rdev,
2595 struct wireless_dev *wdev, bool removal)
2596{
2597 struct net_device *dev = wdev->netdev;
2598 u8 cmd = NL80211_CMD_NEW_INTERFACE;
2599 void *hdr;
2600
2601 if (removal)
2602 cmd = NL80211_CMD_DEL_INTERFACE;
2603
2604 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
2605 if (!hdr)
2606 return -1;
2607
2608 if (dev &&
2609 (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
2610 nla_put_string(msg, NL80211_ATTR_IFNAME, dev->name)))
2611 goto nla_put_failure;
2612
2613 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
2614 nla_put_u32(msg, NL80211_ATTR_IFTYPE, wdev->iftype) ||
2615 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
2616 NL80211_ATTR_PAD) ||
2617 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, wdev_address(wdev)) ||
2618 nla_put_u32(msg, NL80211_ATTR_GENERATION,
2619 rdev->devlist_generation ^
2620 (cfg80211_rdev_list_generation << 2)))
2621 goto nla_put_failure;
2622
2623 if (rdev->ops->get_channel) {
2624 int ret;
2625 struct cfg80211_chan_def chandef = {};
2626
2627 ret = rdev_get_channel(rdev, wdev, &chandef);
2628 if (ret == 0) {
2629 if (nl80211_send_chandef(msg, &chandef))
2630 goto nla_put_failure;
2631 }
2632 }
2633
2634 if (rdev->ops->get_tx_power) {
2635 int dbm, ret;
2636
2637 ret = rdev_get_tx_power(rdev, wdev, &dbm);
2638 if (ret == 0 &&
2639 nla_put_u32(msg, NL80211_ATTR_WIPHY_TX_POWER_LEVEL,
2640 DBM_TO_MBM(dbm)))
2641 goto nla_put_failure;
2642 }
2643
2644 if (wdev->ssid_len) {
2645 if (nla_put(msg, NL80211_ATTR_SSID, wdev->ssid_len, wdev->ssid))
2646 goto nla_put_failure;
2647 }
2648
2649 genlmsg_end(msg, hdr);
2650 return 0;
2651
2652 nla_put_failure:
2653 genlmsg_cancel(msg, hdr);
2654 return -EMSGSIZE;
2655}
2656
2657static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *cb)
2658{
2659 int wp_idx = 0;
2660 int if_idx = 0;
2661 int wp_start = cb->args[0];
2662 int if_start = cb->args[1];
2663 int filter_wiphy = -1;
2664 struct cfg80211_registered_device *rdev;
2665 struct wireless_dev *wdev;
2666 int ret;
2667
2668 rtnl_lock();
2669 if (!cb->args[2]) {
2670 struct nl80211_dump_wiphy_state state = {
2671 .filter_wiphy = -1,
2672 };
2673
2674 ret = nl80211_dump_wiphy_parse(skb, cb, &state);
2675 if (ret)
2676 goto out_unlock;
2677
2678 filter_wiphy = state.filter_wiphy;
2679
2680 /*
2681 * if filtering, set cb->args[2] to +1 since 0 is the default
2682 * value needed to determine that parsing is necessary.
2683 */
2684 if (filter_wiphy >= 0)
2685 cb->args[2] = filter_wiphy + 1;
2686 else
2687 cb->args[2] = -1;
2688 } else if (cb->args[2] > 0) {
2689 filter_wiphy = cb->args[2] - 1;
2690 }
2691
2692 list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
2693 if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
2694 continue;
2695 if (wp_idx < wp_start) {
2696 wp_idx++;
2697 continue;
2698 }
2699
2700 if (filter_wiphy >= 0 && filter_wiphy != rdev->wiphy_idx)
2701 continue;
2702
2703 if_idx = 0;
2704
2705 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
2706 if (if_idx < if_start) {
2707 if_idx++;
2708 continue;
2709 }
2710 if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).portid,
2711 cb->nlh->nlmsg_seq, NLM_F_MULTI,
2712 rdev, wdev, false) < 0) {
2713 goto out;
2714 }
2715 if_idx++;
2716 }
2717
2718 wp_idx++;
2719 }
2720 out:
2721 cb->args[0] = wp_idx;
2722 cb->args[1] = if_idx;
2723
2724 ret = skb->len;
2725 out_unlock:
2726 rtnl_unlock();
2727
2728 return ret;
2729}
2730
2731static int nl80211_get_interface(struct sk_buff *skb, struct genl_info *info)
2732{
2733 struct sk_buff *msg;
2734 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2735 struct wireless_dev *wdev = info->user_ptr[1];
2736
2737 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2738 if (!msg)
2739 return -ENOMEM;
2740
2741 if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
2742 rdev, wdev, false) < 0) {
2743 nlmsg_free(msg);
2744 return -ENOBUFS;
2745 }
2746
2747 return genlmsg_reply(msg, info);
2748}
2749
2750static const struct nla_policy mntr_flags_policy[NL80211_MNTR_FLAG_MAX + 1] = {
2751 [NL80211_MNTR_FLAG_FCSFAIL] = { .type = NLA_FLAG },
2752 [NL80211_MNTR_FLAG_PLCPFAIL] = { .type = NLA_FLAG },
2753 [NL80211_MNTR_FLAG_CONTROL] = { .type = NLA_FLAG },
2754 [NL80211_MNTR_FLAG_OTHER_BSS] = { .type = NLA_FLAG },
2755 [NL80211_MNTR_FLAG_COOK_FRAMES] = { .type = NLA_FLAG },
2756 [NL80211_MNTR_FLAG_ACTIVE] = { .type = NLA_FLAG },
2757};
2758
2759static int parse_monitor_flags(struct nlattr *nla, u32 *mntrflags)
2760{
2761 struct nlattr *flags[NL80211_MNTR_FLAG_MAX + 1];
2762 int flag;
2763
2764 *mntrflags = 0;
2765
2766 if (!nla)
2767 return -EINVAL;
2768
2769 if (nla_parse_nested(flags, NL80211_MNTR_FLAG_MAX, nla,
2770 mntr_flags_policy, NULL))
2771 return -EINVAL;
2772
2773 for (flag = 1; flag <= NL80211_MNTR_FLAG_MAX; flag++)
2774 if (flags[flag])
2775 *mntrflags |= (1<<flag);
2776
2777 *mntrflags |= MONITOR_FLAG_CHANGED;
2778
2779 return 0;
2780}
2781
2782static int nl80211_parse_mon_options(struct cfg80211_registered_device *rdev,
2783 enum nl80211_iftype type,
2784 struct genl_info *info,
2785 struct vif_params *params)
2786{
2787 bool change = false;
2788 int err;
2789
2790 if (info->attrs[NL80211_ATTR_MNTR_FLAGS]) {
2791 if (type != NL80211_IFTYPE_MONITOR)
2792 return -EINVAL;
2793
2794 err = parse_monitor_flags(info->attrs[NL80211_ATTR_MNTR_FLAGS],
2795 &params->flags);
2796 if (err)
2797 return err;
2798
2799 change = true;
2800 }
2801
2802 if (params->flags & MONITOR_FLAG_ACTIVE &&
2803 !(rdev->wiphy.features & NL80211_FEATURE_ACTIVE_MONITOR))
2804 return -EOPNOTSUPP;
2805
2806 if (info->attrs[NL80211_ATTR_MU_MIMO_GROUP_DATA]) {
2807 const u8 *mumimo_groups;
2808 u32 cap_flag = NL80211_EXT_FEATURE_MU_MIMO_AIR_SNIFFER;
2809
2810 if (type != NL80211_IFTYPE_MONITOR)
2811 return -EINVAL;
2812
2813 if (!wiphy_ext_feature_isset(&rdev->wiphy, cap_flag))
2814 return -EOPNOTSUPP;
2815
2816 mumimo_groups =
2817 nla_data(info->attrs[NL80211_ATTR_MU_MIMO_GROUP_DATA]);
2818
2819 /* bits 0 and 63 are reserved and must be zero */
2820 if ((mumimo_groups[0] & BIT(0)) ||
2821 (mumimo_groups[VHT_MUMIMO_GROUPS_DATA_LEN - 1] & BIT(7)))
2822 return -EINVAL;
2823
2824 params->vht_mumimo_groups = mumimo_groups;
2825 change = true;
2826 }
2827
2828 if (info->attrs[NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR]) {
2829 u32 cap_flag = NL80211_EXT_FEATURE_MU_MIMO_AIR_SNIFFER;
2830
2831 if (type != NL80211_IFTYPE_MONITOR)
2832 return -EINVAL;
2833
2834 if (!wiphy_ext_feature_isset(&rdev->wiphy, cap_flag))
2835 return -EOPNOTSUPP;
2836
2837 params->vht_mumimo_follow_addr =
2838 nla_data(info->attrs[NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR]);
2839 change = true;
2840 }
2841
2842 return change ? 1 : 0;
2843}
2844
2845static int nl80211_valid_4addr(struct cfg80211_registered_device *rdev,
2846 struct net_device *netdev, u8 use_4addr,
2847 enum nl80211_iftype iftype)
2848{
2849 if (!use_4addr) {
2850 if (netdev && (netdev->priv_flags & IFF_BRIDGE_PORT))
2851 return -EBUSY;
2852 return 0;
2853 }
2854
2855 switch (iftype) {
2856 case NL80211_IFTYPE_AP_VLAN:
2857 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_AP)
2858 return 0;
2859 break;
2860 case NL80211_IFTYPE_STATION:
2861 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_STATION)
2862 return 0;
2863 break;
2864 default:
2865 break;
2866 }
2867
2868 return -EOPNOTSUPP;
2869}
2870
2871static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info)
2872{
2873 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2874 struct vif_params params;
2875 int err;
2876 enum nl80211_iftype otype, ntype;
2877 struct net_device *dev = info->user_ptr[1];
2878 bool change = false;
2879
2880 memset(&params, 0, sizeof(params));
2881
2882 otype = ntype = dev->ieee80211_ptr->iftype;
2883
2884 if (info->attrs[NL80211_ATTR_IFTYPE]) {
2885 ntype = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
2886 if (otype != ntype)
2887 change = true;
2888 if (ntype > NL80211_IFTYPE_MAX)
2889 return -EINVAL;
2890 }
2891
2892 if (info->attrs[NL80211_ATTR_MESH_ID]) {
2893 struct wireless_dev *wdev = dev->ieee80211_ptr;
2894
2895 if (ntype != NL80211_IFTYPE_MESH_POINT)
2896 return -EINVAL;
2897 if (netif_running(dev))
2898 return -EBUSY;
2899
2900 wdev_lock(wdev);
2901 BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
2902 IEEE80211_MAX_MESH_ID_LEN);
2903 wdev->mesh_id_up_len =
2904 nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
2905 memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
2906 wdev->mesh_id_up_len);
2907 wdev_unlock(wdev);
2908 }
2909
2910 if (info->attrs[NL80211_ATTR_4ADDR]) {
2911 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
2912 change = true;
2913 err = nl80211_valid_4addr(rdev, dev, params.use_4addr, ntype);
2914 if (err)
2915 return err;
2916 } else {
2917 params.use_4addr = -1;
2918 }
2919
2920 err = nl80211_parse_mon_options(rdev, ntype, info, &params);
2921 if (err < 0)
2922 return err;
2923 if (err > 0)
2924 change = true;
2925
2926 if (change)
2927 err = cfg80211_change_iface(rdev, dev, ntype, &params);
2928 else
2929 err = 0;
2930
2931 if (!err && params.use_4addr != -1)
2932 dev->ieee80211_ptr->use_4addr = params.use_4addr;
2933
2934 return err;
2935}
2936
2937static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info)
2938{
2939 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2940 struct vif_params params;
2941 struct wireless_dev *wdev;
2942 struct sk_buff *msg;
2943 int err;
2944 enum nl80211_iftype type = NL80211_IFTYPE_UNSPECIFIED;
2945
2946 /* to avoid failing a new interface creation due to pending removal */
2947 cfg80211_destroy_ifaces(rdev);
2948
2949 memset(&params, 0, sizeof(params));
2950
2951 if (!info->attrs[NL80211_ATTR_IFNAME])
2952 return -EINVAL;
2953
2954 if (info->attrs[NL80211_ATTR_IFTYPE]) {
2955 type = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
2956 if (type > NL80211_IFTYPE_MAX)
2957 return -EINVAL;
2958 }
2959
2960 if (!rdev->ops->add_virtual_intf ||
2961 !(rdev->wiphy.interface_modes & (1 << type)))
2962 return -EOPNOTSUPP;
2963
2964 if ((type == NL80211_IFTYPE_P2P_DEVICE || type == NL80211_IFTYPE_NAN ||
2965 rdev->wiphy.features & NL80211_FEATURE_MAC_ON_CREATE) &&
2966 info->attrs[NL80211_ATTR_MAC]) {
2967 nla_memcpy(params.macaddr, info->attrs[NL80211_ATTR_MAC],
2968 ETH_ALEN);
2969 if (!is_valid_ether_addr(params.macaddr))
2970 return -EADDRNOTAVAIL;
2971 }
2972
2973 if (info->attrs[NL80211_ATTR_4ADDR]) {
2974 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
2975 err = nl80211_valid_4addr(rdev, NULL, params.use_4addr, type);
2976 if (err)
2977 return err;
2978 }
2979
2980 err = nl80211_parse_mon_options(rdev, type, info, &params);
2981 if (err < 0)
2982 return err;
2983
2984 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2985 if (!msg)
2986 return -ENOMEM;
2987
2988 wdev = rdev_add_virtual_intf(rdev,
2989 nla_data(info->attrs[NL80211_ATTR_IFNAME]),
2990 NET_NAME_USER, type, &params);
2991 if (WARN_ON(!wdev)) {
2992 nlmsg_free(msg);
2993 return -EPROTO;
2994 } else if (IS_ERR(wdev)) {
2995 nlmsg_free(msg);
2996 return PTR_ERR(wdev);
2997 }
2998
2999 if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
3000 wdev->owner_nlportid = info->snd_portid;
3001
3002 switch (type) {
3003 case NL80211_IFTYPE_MESH_POINT:
3004 if (!info->attrs[NL80211_ATTR_MESH_ID])
3005 break;
3006 wdev_lock(wdev);
3007 BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
3008 IEEE80211_MAX_MESH_ID_LEN);
3009 wdev->mesh_id_up_len =
3010 nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
3011 memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
3012 wdev->mesh_id_up_len);
3013 wdev_unlock(wdev);
3014 break;
3015 case NL80211_IFTYPE_NAN:
3016 case NL80211_IFTYPE_P2P_DEVICE:
3017 /*
3018 * P2P Device and NAN do not have a netdev, so don't go
3019 * through the netdev notifier and must be added here
3020 */
3021 mutex_init(&wdev->mtx);
3022 INIT_LIST_HEAD(&wdev->event_list);
3023 spin_lock_init(&wdev->event_lock);
3024 INIT_LIST_HEAD(&wdev->mgmt_registrations);
3025 spin_lock_init(&wdev->mgmt_registrations_lock);
3026
3027 wdev->identifier = ++rdev->wdev_id;
3028 list_add_rcu(&wdev->list, &rdev->wiphy.wdev_list);
3029 rdev->devlist_generation++;
3030 break;
3031 default:
3032 break;
3033 }
3034
3035 if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
3036 rdev, wdev, false) < 0) {
3037 nlmsg_free(msg);
3038 return -ENOBUFS;
3039 }
3040
3041 /*
3042 * For wdevs which have no associated netdev object (e.g. of type
3043 * NL80211_IFTYPE_P2P_DEVICE), emit the NEW_INTERFACE event here.
3044 * For all other types, the event will be generated from the
3045 * netdev notifier
3046 */
3047 if (!wdev->netdev)
3048 nl80211_notify_iface(rdev, wdev, NL80211_CMD_NEW_INTERFACE);
3049
3050 return genlmsg_reply(msg, info);
3051}
3052
3053static int nl80211_del_interface(struct sk_buff *skb, struct genl_info *info)
3054{
3055 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3056 struct wireless_dev *wdev = info->user_ptr[1];
3057
3058 if (!rdev->ops->del_virtual_intf)
3059 return -EOPNOTSUPP;
3060
3061 /*
3062 * If we remove a wireless device without a netdev then clear
3063 * user_ptr[1] so that nl80211_post_doit won't dereference it
3064 * to check if it needs to do dev_put(). Otherwise it crashes
3065 * since the wdev has been freed, unlike with a netdev where
3066 * we need the dev_put() for the netdev to really be freed.
3067 */
3068 if (!wdev->netdev)
3069 info->user_ptr[1] = NULL;
3070
3071 return rdev_del_virtual_intf(rdev, wdev);
3072}
3073
3074static int nl80211_set_noack_map(struct sk_buff *skb, struct genl_info *info)
3075{
3076 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3077 struct net_device *dev = info->user_ptr[1];
3078 u16 noack_map;
3079
3080 if (!info->attrs[NL80211_ATTR_NOACK_MAP])
3081 return -EINVAL;
3082
3083 if (!rdev->ops->set_noack_map)
3084 return -EOPNOTSUPP;
3085
3086 noack_map = nla_get_u16(info->attrs[NL80211_ATTR_NOACK_MAP]);
3087
3088 return rdev_set_noack_map(rdev, dev, noack_map);
3089}
3090
3091struct get_key_cookie {
3092 struct sk_buff *msg;
3093 int error;
3094 int idx;
3095};
3096
3097static void get_key_callback(void *c, struct key_params *params)
3098{
3099 struct nlattr *key;
3100 struct get_key_cookie *cookie = c;
3101
3102 if ((params->key &&
3103 nla_put(cookie->msg, NL80211_ATTR_KEY_DATA,
3104 params->key_len, params->key)) ||
3105 (params->seq &&
3106 nla_put(cookie->msg, NL80211_ATTR_KEY_SEQ,
3107 params->seq_len, params->seq)) ||
3108 (params->cipher &&
3109 nla_put_u32(cookie->msg, NL80211_ATTR_KEY_CIPHER,
3110 params->cipher)))
3111 goto nla_put_failure;
3112
3113 key = nla_nest_start(cookie->msg, NL80211_ATTR_KEY);
3114 if (!key)
3115 goto nla_put_failure;
3116
3117 if ((params->key &&
3118 nla_put(cookie->msg, NL80211_KEY_DATA,
3119 params->key_len, params->key)) ||
3120 (params->seq &&
3121 nla_put(cookie->msg, NL80211_KEY_SEQ,
3122 params->seq_len, params->seq)) ||
3123 (params->cipher &&
3124 nla_put_u32(cookie->msg, NL80211_KEY_CIPHER,
3125 params->cipher)))
3126 goto nla_put_failure;
3127
3128 if (nla_put_u8(cookie->msg, NL80211_KEY_IDX, cookie->idx))
3129 goto nla_put_failure;
3130
3131 nla_nest_end(cookie->msg, key);
3132
3133 return;
3134 nla_put_failure:
3135 cookie->error = 1;
3136}
3137
3138static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info)
3139{
3140 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3141 int err;
3142 struct net_device *dev = info->user_ptr[1];
3143 u8 key_idx = 0;
3144 const u8 *mac_addr = NULL;
3145 bool pairwise;
3146 struct get_key_cookie cookie = {
3147 .error = 0,
3148 };
3149 void *hdr;
3150 struct sk_buff *msg;
3151
3152 if (info->attrs[NL80211_ATTR_KEY_IDX])
3153 key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
3154
3155 if (key_idx > 5)
3156 return -EINVAL;
3157
3158 if (info->attrs[NL80211_ATTR_MAC])
3159 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3160
3161 pairwise = !!mac_addr;
3162 if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
3163 u32 kt = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
3164
3165 if (kt >= NUM_NL80211_KEYTYPES)
3166 return -EINVAL;
3167 if (kt != NL80211_KEYTYPE_GROUP &&
3168 kt != NL80211_KEYTYPE_PAIRWISE)
3169 return -EINVAL;
3170 pairwise = kt == NL80211_KEYTYPE_PAIRWISE;
3171 }
3172
3173 if (!rdev->ops->get_key)
3174 return -EOPNOTSUPP;
3175
3176 if (!pairwise && mac_addr && !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
3177 return -ENOENT;
3178
3179 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3180 if (!msg)
3181 return -ENOMEM;
3182
3183 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
3184 NL80211_CMD_NEW_KEY);
3185 if (!hdr)
3186 goto nla_put_failure;
3187
3188 cookie.msg = msg;
3189 cookie.idx = key_idx;
3190
3191 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
3192 nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_idx))
3193 goto nla_put_failure;
3194 if (mac_addr &&
3195 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr))
3196 goto nla_put_failure;
3197
3198 err = rdev_get_key(rdev, dev, key_idx, pairwise, mac_addr, &cookie,
3199 get_key_callback);
3200
3201 if (err)
3202 goto free_msg;
3203
3204 if (cookie.error)
3205 goto nla_put_failure;
3206
3207 genlmsg_end(msg, hdr);
3208 return genlmsg_reply(msg, info);
3209
3210 nla_put_failure:
3211 err = -ENOBUFS;
3212 free_msg:
3213 nlmsg_free(msg);
3214 return err;
3215}
3216
3217static int nl80211_set_key(struct sk_buff *skb, struct genl_info *info)
3218{
3219 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3220 struct key_parse key;
3221 int err;
3222 struct net_device *dev = info->user_ptr[1];
3223
3224 err = nl80211_parse_key(info, &key);
3225 if (err)
3226 return err;
3227
3228 if (key.idx < 0)
3229 return -EINVAL;
3230
3231 /* only support setting default key */
3232 if (!key.def && !key.defmgmt)
3233 return -EINVAL;
3234
3235 wdev_lock(dev->ieee80211_ptr);
3236
3237 if (key.def) {
3238 if (!rdev->ops->set_default_key) {
3239 err = -EOPNOTSUPP;
3240 goto out;
3241 }
3242
3243 err = nl80211_key_allowed(dev->ieee80211_ptr);
3244 if (err)
3245 goto out;
3246
3247 err = rdev_set_default_key(rdev, dev, key.idx,
3248 key.def_uni, key.def_multi);
3249
3250 if (err)
3251 goto out;
3252
3253#ifdef CONFIG_CFG80211_WEXT
3254 dev->ieee80211_ptr->wext.default_key = key.idx;
3255#endif
3256 } else {
3257 if (key.def_uni || !key.def_multi) {
3258 err = -EINVAL;
3259 goto out;
3260 }
3261
3262 if (!rdev->ops->set_default_mgmt_key) {
3263 err = -EOPNOTSUPP;
3264 goto out;
3265 }
3266
3267 err = nl80211_key_allowed(dev->ieee80211_ptr);
3268 if (err)
3269 goto out;
3270
3271 err = rdev_set_default_mgmt_key(rdev, dev, key.idx);
3272 if (err)
3273 goto out;
3274
3275#ifdef CONFIG_CFG80211_WEXT
3276 dev->ieee80211_ptr->wext.default_mgmt_key = key.idx;
3277#endif
3278 }
3279
3280 out:
3281 wdev_unlock(dev->ieee80211_ptr);
3282
3283 return err;
3284}
3285
3286static int nl80211_new_key(struct sk_buff *skb, struct genl_info *info)
3287{
3288 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3289 int err;
3290 struct net_device *dev = info->user_ptr[1];
3291 struct key_parse key;
3292 const u8 *mac_addr = NULL;
3293
3294 err = nl80211_parse_key(info, &key);
3295 if (err)
3296 return err;
3297
3298 if (!key.p.key)
3299 return -EINVAL;
3300
3301 if (info->attrs[NL80211_ATTR_MAC])
3302 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3303
3304 if (key.type == -1) {
3305 if (mac_addr)
3306 key.type = NL80211_KEYTYPE_PAIRWISE;
3307 else
3308 key.type = NL80211_KEYTYPE_GROUP;
3309 }
3310
3311 /* for now */
3312 if (key.type != NL80211_KEYTYPE_PAIRWISE &&
3313 key.type != NL80211_KEYTYPE_GROUP)
3314 return -EINVAL;
3315
3316 if (!rdev->ops->add_key)
3317 return -EOPNOTSUPP;
3318
3319 if (cfg80211_validate_key_settings(rdev, &key.p, key.idx,
3320 key.type == NL80211_KEYTYPE_PAIRWISE,
3321 mac_addr))
3322 return -EINVAL;
3323
3324 wdev_lock(dev->ieee80211_ptr);
3325 err = nl80211_key_allowed(dev->ieee80211_ptr);
3326 if (!err)
3327 err = rdev_add_key(rdev, dev, key.idx,
3328 key.type == NL80211_KEYTYPE_PAIRWISE,
3329 mac_addr, &key.p);
3330 wdev_unlock(dev->ieee80211_ptr);
3331
3332 return err;
3333}
3334
3335static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info)
3336{
3337 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3338 int err;
3339 struct net_device *dev = info->user_ptr[1];
3340 u8 *mac_addr = NULL;
3341 struct key_parse key;
3342
3343 err = nl80211_parse_key(info, &key);
3344 if (err)
3345 return err;
3346
3347 if (info->attrs[NL80211_ATTR_MAC])
3348 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3349
3350 if (key.type == -1) {
3351 if (mac_addr)
3352 key.type = NL80211_KEYTYPE_PAIRWISE;
3353 else
3354 key.type = NL80211_KEYTYPE_GROUP;
3355 }
3356
3357 /* for now */
3358 if (key.type != NL80211_KEYTYPE_PAIRWISE &&
3359 key.type != NL80211_KEYTYPE_GROUP)
3360 return -EINVAL;
3361
3362 if (!rdev->ops->del_key)
3363 return -EOPNOTSUPP;
3364
3365 wdev_lock(dev->ieee80211_ptr);
3366 err = nl80211_key_allowed(dev->ieee80211_ptr);
3367
3368 if (key.type == NL80211_KEYTYPE_GROUP && mac_addr &&
3369 !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
3370 err = -ENOENT;
3371
3372 if (!err)
3373 err = rdev_del_key(rdev, dev, key.idx,
3374 key.type == NL80211_KEYTYPE_PAIRWISE,
3375 mac_addr);
3376
3377#ifdef CONFIG_CFG80211_WEXT
3378 if (!err) {
3379 if (key.idx == dev->ieee80211_ptr->wext.default_key)
3380 dev->ieee80211_ptr->wext.default_key = -1;
3381 else if (key.idx == dev->ieee80211_ptr->wext.default_mgmt_key)
3382 dev->ieee80211_ptr->wext.default_mgmt_key = -1;
3383 }
3384#endif
3385 wdev_unlock(dev->ieee80211_ptr);
3386
3387 return err;
3388}
3389
3390/* This function returns an error or the number of nested attributes */
3391static int validate_acl_mac_addrs(struct nlattr *nl_attr)
3392{
3393 struct nlattr *attr;
3394 int n_entries = 0, tmp;
3395
3396 nla_for_each_nested(attr, nl_attr, tmp) {
3397 if (nla_len(attr) != ETH_ALEN)
3398 return -EINVAL;
3399
3400 n_entries++;
3401 }
3402
3403 return n_entries;
3404}
3405
3406/*
3407 * This function parses ACL information and allocates memory for ACL data.
3408 * On successful return, the calling function is responsible to free the
3409 * ACL buffer returned by this function.
3410 */
3411static struct cfg80211_acl_data *parse_acl_data(struct wiphy *wiphy,
3412 struct genl_info *info)
3413{
3414 enum nl80211_acl_policy acl_policy;
3415 struct nlattr *attr;
3416 struct cfg80211_acl_data *acl;
3417 int i = 0, n_entries, tmp;
3418
3419 if (!wiphy->max_acl_mac_addrs)
3420 return ERR_PTR(-EOPNOTSUPP);
3421
3422 if (!info->attrs[NL80211_ATTR_ACL_POLICY])
3423 return ERR_PTR(-EINVAL);
3424
3425 acl_policy = nla_get_u32(info->attrs[NL80211_ATTR_ACL_POLICY]);
3426 if (acl_policy != NL80211_ACL_POLICY_ACCEPT_UNLESS_LISTED &&
3427 acl_policy != NL80211_ACL_POLICY_DENY_UNLESS_LISTED)
3428 return ERR_PTR(-EINVAL);
3429
3430 if (!info->attrs[NL80211_ATTR_MAC_ADDRS])
3431 return ERR_PTR(-EINVAL);
3432
3433 n_entries = validate_acl_mac_addrs(info->attrs[NL80211_ATTR_MAC_ADDRS]);
3434 if (n_entries < 0)
3435 return ERR_PTR(n_entries);
3436
3437 if (n_entries > wiphy->max_acl_mac_addrs)
3438 return ERR_PTR(-ENOTSUPP);
3439
3440 acl = kzalloc(sizeof(*acl) + (sizeof(struct mac_address) * n_entries),
3441 GFP_KERNEL);
3442 if (!acl)
3443 return ERR_PTR(-ENOMEM);
3444
3445 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_MAC_ADDRS], tmp) {
3446 memcpy(acl->mac_addrs[i].addr, nla_data(attr), ETH_ALEN);
3447 i++;
3448 }
3449
3450 acl->n_acl_entries = n_entries;
3451 acl->acl_policy = acl_policy;
3452
3453 return acl;
3454}
3455
3456static int nl80211_set_mac_acl(struct sk_buff *skb, struct genl_info *info)
3457{
3458 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3459 struct net_device *dev = info->user_ptr[1];
3460 struct cfg80211_acl_data *acl;
3461 int err;
3462
3463 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
3464 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3465 return -EOPNOTSUPP;
3466
3467 if (!dev->ieee80211_ptr->beacon_interval)
3468 return -EINVAL;
3469
3470 acl = parse_acl_data(&rdev->wiphy, info);
3471 if (IS_ERR(acl))
3472 return PTR_ERR(acl);
3473
3474 err = rdev_set_mac_acl(rdev, dev, acl);
3475
3476 kfree(acl);
3477
3478 return err;
3479}
3480
3481static u32 rateset_to_mask(struct ieee80211_supported_band *sband,
3482 u8 *rates, u8 rates_len)
3483{
3484 u8 i;
3485 u32 mask = 0;
3486
3487 for (i = 0; i < rates_len; i++) {
3488 int rate = (rates[i] & 0x7f) * 5;
3489 int ridx;
3490
3491 for (ridx = 0; ridx < sband->n_bitrates; ridx++) {
3492 struct ieee80211_rate *srate =
3493 &sband->bitrates[ridx];
3494 if (rate == srate->bitrate) {
3495 mask |= 1 << ridx;
3496 break;
3497 }
3498 }
3499 if (ridx == sband->n_bitrates)
3500 return 0; /* rate not found */
3501 }
3502
3503 return mask;
3504}
3505
3506static bool ht_rateset_to_mask(struct ieee80211_supported_band *sband,
3507 u8 *rates, u8 rates_len,
3508 u8 mcs[IEEE80211_HT_MCS_MASK_LEN])
3509{
3510 u8 i;
3511
3512 memset(mcs, 0, IEEE80211_HT_MCS_MASK_LEN);
3513
3514 for (i = 0; i < rates_len; i++) {
3515 int ridx, rbit;
3516
3517 ridx = rates[i] / 8;
3518 rbit = BIT(rates[i] % 8);
3519
3520 /* check validity */
3521 if ((ridx < 0) || (ridx >= IEEE80211_HT_MCS_MASK_LEN))
3522 return false;
3523
3524 /* check availability */
3525 ridx = array_index_nospec(ridx, IEEE80211_HT_MCS_MASK_LEN);
3526 if (sband->ht_cap.mcs.rx_mask[ridx] & rbit)
3527 mcs[ridx] |= rbit;
3528 else
3529 return false;
3530 }
3531
3532 return true;
3533}
3534
3535static u16 vht_mcs_map_to_mcs_mask(u8 vht_mcs_map)
3536{
3537 u16 mcs_mask = 0;
3538
3539 switch (vht_mcs_map) {
3540 case IEEE80211_VHT_MCS_NOT_SUPPORTED:
3541 break;
3542 case IEEE80211_VHT_MCS_SUPPORT_0_7:
3543 mcs_mask = 0x00FF;
3544 break;
3545 case IEEE80211_VHT_MCS_SUPPORT_0_8:
3546 mcs_mask = 0x01FF;
3547 break;
3548 case IEEE80211_VHT_MCS_SUPPORT_0_9:
3549 mcs_mask = 0x03FF;
3550 break;
3551 default:
3552 break;
3553 }
3554
3555 return mcs_mask;
3556}
3557
3558static void vht_build_mcs_mask(u16 vht_mcs_map,
3559 u16 vht_mcs_mask[NL80211_VHT_NSS_MAX])
3560{
3561 u8 nss;
3562
3563 for (nss = 0; nss < NL80211_VHT_NSS_MAX; nss++) {
3564 vht_mcs_mask[nss] = vht_mcs_map_to_mcs_mask(vht_mcs_map & 0x03);
3565 vht_mcs_map >>= 2;
3566 }
3567}
3568
3569static bool vht_set_mcs_mask(struct ieee80211_supported_band *sband,
3570 struct nl80211_txrate_vht *txrate,
3571 u16 mcs[NL80211_VHT_NSS_MAX])
3572{
3573 u16 tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
3574 u16 tx_mcs_mask[NL80211_VHT_NSS_MAX] = {};
3575 u8 i;
3576
3577 if (!sband->vht_cap.vht_supported)
3578 return false;
3579
3580 memset(mcs, 0, sizeof(u16) * NL80211_VHT_NSS_MAX);
3581
3582 /* Build vht_mcs_mask from VHT capabilities */
3583 vht_build_mcs_mask(tx_mcs_map, tx_mcs_mask);
3584
3585 for (i = 0; i < NL80211_VHT_NSS_MAX; i++) {
3586 if ((tx_mcs_mask[i] & txrate->mcs[i]) == txrate->mcs[i])
3587 mcs[i] = txrate->mcs[i];
3588 else
3589 return false;
3590 }
3591
3592 return true;
3593}
3594
3595static const struct nla_policy nl80211_txattr_policy[NL80211_TXRATE_MAX + 1] = {
3596 [NL80211_TXRATE_LEGACY] = { .type = NLA_BINARY,
3597 .len = NL80211_MAX_SUPP_RATES },
3598 [NL80211_TXRATE_HT] = { .type = NLA_BINARY,
3599 .len = NL80211_MAX_SUPP_HT_RATES },
3600 [NL80211_TXRATE_VHT] = { .len = sizeof(struct nl80211_txrate_vht)},
3601 [NL80211_TXRATE_GI] = { .type = NLA_U8 },
3602};
3603
3604static int nl80211_parse_tx_bitrate_mask(struct genl_info *info,
3605 struct cfg80211_bitrate_mask *mask)
3606{
3607 struct nlattr *tb[NL80211_TXRATE_MAX + 1];
3608 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3609 int rem, i;
3610 struct nlattr *tx_rates;
3611 struct ieee80211_supported_band *sband;
3612 u16 vht_tx_mcs_map;
3613
3614 memset(mask, 0, sizeof(*mask));
3615 /* Default to all rates enabled */
3616 for (i = 0; i < NUM_NL80211_BANDS; i++) {
3617 sband = rdev->wiphy.bands[i];
3618
3619 if (!sband)
3620 continue;
3621
3622 mask->control[i].legacy = (1 << sband->n_bitrates) - 1;
3623 memcpy(mask->control[i].ht_mcs,
3624 sband->ht_cap.mcs.rx_mask,
3625 sizeof(mask->control[i].ht_mcs));
3626
3627 if (!sband->vht_cap.vht_supported)
3628 continue;
3629
3630 vht_tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
3631 vht_build_mcs_mask(vht_tx_mcs_map, mask->control[i].vht_mcs);
3632 }
3633
3634 /* if no rates are given set it back to the defaults */
3635 if (!info->attrs[NL80211_ATTR_TX_RATES])
3636 goto out;
3637
3638 /* The nested attribute uses enum nl80211_band as the index. This maps
3639 * directly to the enum nl80211_band values used in cfg80211.
3640 */
3641 BUILD_BUG_ON(NL80211_MAX_SUPP_HT_RATES > IEEE80211_HT_MCS_MASK_LEN * 8);
3642 nla_for_each_nested(tx_rates, info->attrs[NL80211_ATTR_TX_RATES], rem) {
3643 enum nl80211_band band = nla_type(tx_rates);
3644 int err;
3645
3646 if (band < 0 || band >= NUM_NL80211_BANDS)
3647 return -EINVAL;
3648 sband = rdev->wiphy.bands[band];
3649 if (sband == NULL)
3650 return -EINVAL;
3651 err = nla_parse_nested(tb, NL80211_TXRATE_MAX, tx_rates,
3652 nl80211_txattr_policy, info->extack);
3653 if (err)
3654 return err;
3655 if (tb[NL80211_TXRATE_LEGACY]) {
3656 mask->control[band].legacy = rateset_to_mask(
3657 sband,
3658 nla_data(tb[NL80211_TXRATE_LEGACY]),
3659 nla_len(tb[NL80211_TXRATE_LEGACY]));
3660 if ((mask->control[band].legacy == 0) &&
3661 nla_len(tb[NL80211_TXRATE_LEGACY]))
3662 return -EINVAL;
3663 }
3664 if (tb[NL80211_TXRATE_HT]) {
3665 if (!ht_rateset_to_mask(
3666 sband,
3667 nla_data(tb[NL80211_TXRATE_HT]),
3668 nla_len(tb[NL80211_TXRATE_HT]),
3669 mask->control[band].ht_mcs))
3670 return -EINVAL;
3671 }
3672 if (tb[NL80211_TXRATE_VHT]) {
3673 if (!vht_set_mcs_mask(
3674 sband,
3675 nla_data(tb[NL80211_TXRATE_VHT]),
3676 mask->control[band].vht_mcs))
3677 return -EINVAL;
3678 }
3679 if (tb[NL80211_TXRATE_GI]) {
3680 mask->control[band].gi =
3681 nla_get_u8(tb[NL80211_TXRATE_GI]);
3682 if (mask->control[band].gi > NL80211_TXRATE_FORCE_LGI)
3683 return -EINVAL;
3684 }
3685
3686 if (mask->control[band].legacy == 0) {
3687 /* don't allow empty legacy rates if HT or VHT
3688 * are not even supported.
3689 */
3690 if (!(rdev->wiphy.bands[band]->ht_cap.ht_supported ||
3691 rdev->wiphy.bands[band]->vht_cap.vht_supported))
3692 return -EINVAL;
3693
3694 for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++)
3695 if (mask->control[band].ht_mcs[i])
3696 goto out;
3697
3698 for (i = 0; i < NL80211_VHT_NSS_MAX; i++)
3699 if (mask->control[band].vht_mcs[i])
3700 goto out;
3701
3702 /* legacy and mcs rates may not be both empty */
3703 return -EINVAL;
3704 }
3705 }
3706
3707out:
3708 return 0;
3709}
3710
3711static int validate_beacon_tx_rate(struct cfg80211_registered_device *rdev,
3712 enum nl80211_band band,
3713 struct cfg80211_bitrate_mask *beacon_rate)
3714{
3715 u32 count_ht, count_vht, i;
3716 u32 rate = beacon_rate->control[band].legacy;
3717
3718 /* Allow only one rate */
3719 if (hweight32(rate) > 1)
3720 return -EINVAL;
3721
3722 count_ht = 0;
3723 for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++) {
3724 if (hweight8(beacon_rate->control[band].ht_mcs[i]) > 1) {
3725 return -EINVAL;
3726 } else if (beacon_rate->control[band].ht_mcs[i]) {
3727 count_ht++;
3728 if (count_ht > 1)
3729 return -EINVAL;
3730 }
3731 if (count_ht && rate)
3732 return -EINVAL;
3733 }
3734
3735 count_vht = 0;
3736 for (i = 0; i < NL80211_VHT_NSS_MAX; i++) {
3737 if (hweight16(beacon_rate->control[band].vht_mcs[i]) > 1) {
3738 return -EINVAL;
3739 } else if (beacon_rate->control[band].vht_mcs[i]) {
3740 count_vht++;
3741 if (count_vht > 1)
3742 return -EINVAL;
3743 }
3744 if (count_vht && rate)
3745 return -EINVAL;
3746 }
3747
3748 if ((count_ht && count_vht) || (!rate && !count_ht && !count_vht))
3749 return -EINVAL;
3750
3751 if (rate &&
3752 !wiphy_ext_feature_isset(&rdev->wiphy,
3753 NL80211_EXT_FEATURE_BEACON_RATE_LEGACY))
3754 return -EINVAL;
3755 if (count_ht &&
3756 !wiphy_ext_feature_isset(&rdev->wiphy,
3757 NL80211_EXT_FEATURE_BEACON_RATE_HT))
3758 return -EINVAL;
3759 if (count_vht &&
3760 !wiphy_ext_feature_isset(&rdev->wiphy,
3761 NL80211_EXT_FEATURE_BEACON_RATE_VHT))
3762 return -EINVAL;
3763
3764 return 0;
3765}
3766
3767static int nl80211_parse_beacon(struct nlattr *attrs[],
3768 struct cfg80211_beacon_data *bcn)
3769{
3770 bool haveinfo = false;
3771
3772 if (!is_valid_ie_attr(attrs[NL80211_ATTR_BEACON_TAIL]) ||
3773 !is_valid_ie_attr(attrs[NL80211_ATTR_IE]) ||
3774 !is_valid_ie_attr(attrs[NL80211_ATTR_IE_PROBE_RESP]) ||
3775 !is_valid_ie_attr(attrs[NL80211_ATTR_IE_ASSOC_RESP]))
3776 return -EINVAL;
3777
3778 memset(bcn, 0, sizeof(*bcn));
3779
3780 if (attrs[NL80211_ATTR_BEACON_HEAD]) {
3781 int ret = validate_beacon_head(attrs[NL80211_ATTR_BEACON_HEAD],
3782 NULL);
3783
3784 if (ret)
3785 return ret;
3786
3787 bcn->head = nla_data(attrs[NL80211_ATTR_BEACON_HEAD]);
3788 bcn->head_len = nla_len(attrs[NL80211_ATTR_BEACON_HEAD]);
3789 if (!bcn->head_len)
3790 return -EINVAL;
3791 haveinfo = true;
3792 }
3793
3794 if (attrs[NL80211_ATTR_BEACON_TAIL]) {
3795 bcn->tail = nla_data(attrs[NL80211_ATTR_BEACON_TAIL]);
3796 bcn->tail_len = nla_len(attrs[NL80211_ATTR_BEACON_TAIL]);
3797 haveinfo = true;
3798 }
3799
3800 if (!haveinfo)
3801 return -EINVAL;
3802
3803 if (attrs[NL80211_ATTR_IE]) {
3804 bcn->beacon_ies = nla_data(attrs[NL80211_ATTR_IE]);
3805 bcn->beacon_ies_len = nla_len(attrs[NL80211_ATTR_IE]);
3806 }
3807
3808 if (attrs[NL80211_ATTR_IE_PROBE_RESP]) {
3809 bcn->proberesp_ies =
3810 nla_data(attrs[NL80211_ATTR_IE_PROBE_RESP]);
3811 bcn->proberesp_ies_len =
3812 nla_len(attrs[NL80211_ATTR_IE_PROBE_RESP]);
3813 }
3814
3815 if (attrs[NL80211_ATTR_IE_ASSOC_RESP]) {
3816 bcn->assocresp_ies =
3817 nla_data(attrs[NL80211_ATTR_IE_ASSOC_RESP]);
3818 bcn->assocresp_ies_len =
3819 nla_len(attrs[NL80211_ATTR_IE_ASSOC_RESP]);
3820 }
3821
3822 if (attrs[NL80211_ATTR_PROBE_RESP]) {
3823 bcn->probe_resp = nla_data(attrs[NL80211_ATTR_PROBE_RESP]);
3824 bcn->probe_resp_len = nla_len(attrs[NL80211_ATTR_PROBE_RESP]);
3825 }
3826
3827 return 0;
3828}
3829
3830static void nl80211_check_ap_rate_selectors(struct cfg80211_ap_settings *params,
3831 const u8 *rates)
3832{
3833 int i;
3834
3835 if (!rates)
3836 return;
3837
3838 for (i = 0; i < rates[1]; i++) {
3839 if (rates[2 + i] == BSS_MEMBERSHIP_SELECTOR_HT_PHY)
3840 params->ht_required = true;
3841 if (rates[2 + i] == BSS_MEMBERSHIP_SELECTOR_VHT_PHY)
3842 params->vht_required = true;
3843 }
3844}
3845
3846/*
3847 * Since the nl80211 API didn't include, from the beginning, attributes about
3848 * HT/VHT requirements/capabilities, we parse them out of the IEs for the
3849 * benefit of drivers that rebuild IEs in the firmware.
3850 */
3851static void nl80211_calculate_ap_params(struct cfg80211_ap_settings *params)
3852{
3853 const struct cfg80211_beacon_data *bcn = &params->beacon;
3854 size_t ies_len = bcn->tail_len;
3855 const u8 *ies = bcn->tail;
3856 const u8 *rates;
3857 const u8 *cap;
3858
3859 rates = cfg80211_find_ie(WLAN_EID_SUPP_RATES, ies, ies_len);
3860 nl80211_check_ap_rate_selectors(params, rates);
3861
3862 rates = cfg80211_find_ie(WLAN_EID_EXT_SUPP_RATES, ies, ies_len);
3863 nl80211_check_ap_rate_selectors(params, rates);
3864
3865 cap = cfg80211_find_ie(WLAN_EID_HT_CAPABILITY, ies, ies_len);
3866 if (cap && cap[1] >= sizeof(*params->ht_cap))
3867 params->ht_cap = (void *)(cap + 2);
3868 cap = cfg80211_find_ie(WLAN_EID_VHT_CAPABILITY, ies, ies_len);
3869 if (cap && cap[1] >= sizeof(*params->vht_cap))
3870 params->vht_cap = (void *)(cap + 2);
3871}
3872
3873static bool nl80211_get_ap_channel(struct cfg80211_registered_device *rdev,
3874 struct cfg80211_ap_settings *params)
3875{
3876 struct wireless_dev *wdev;
3877 bool ret = false;
3878
3879 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
3880 if (wdev->iftype != NL80211_IFTYPE_AP &&
3881 wdev->iftype != NL80211_IFTYPE_P2P_GO)
3882 continue;
3883
3884 if (!wdev->preset_chandef.chan)
3885 continue;
3886
3887 params->chandef = wdev->preset_chandef;
3888 ret = true;
3889 break;
3890 }
3891
3892 return ret;
3893}
3894
3895static bool nl80211_valid_auth_type(struct cfg80211_registered_device *rdev,
3896 enum nl80211_auth_type auth_type,
3897 enum nl80211_commands cmd)
3898{
3899 if (auth_type > NL80211_AUTHTYPE_MAX)
3900 return false;
3901
3902 switch (cmd) {
3903 case NL80211_CMD_AUTHENTICATE:
3904 if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) &&
3905 auth_type == NL80211_AUTHTYPE_SAE)
3906 return false;
3907 if (!wiphy_ext_feature_isset(&rdev->wiphy,
3908 NL80211_EXT_FEATURE_FILS_STA) &&
3909 (auth_type == NL80211_AUTHTYPE_FILS_SK ||
3910 auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
3911 auth_type == NL80211_AUTHTYPE_FILS_PK))
3912 return false;
3913 return true;
3914 case NL80211_CMD_CONNECT:
3915 if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) &&
3916 auth_type == NL80211_AUTHTYPE_SAE)
3917 return false;
3918
3919 /* FILS with SK PFS or PK not supported yet */
3920 if (auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
3921 auth_type == NL80211_AUTHTYPE_FILS_PK)
3922 return false;
3923 if (!wiphy_ext_feature_isset(
3924 &rdev->wiphy,
3925 NL80211_EXT_FEATURE_FILS_SK_OFFLOAD) &&
3926 auth_type == NL80211_AUTHTYPE_FILS_SK)
3927 return false;
3928 return true;
3929 case NL80211_CMD_START_AP:
3930 /* SAE not supported yet */
3931 if (auth_type == NL80211_AUTHTYPE_SAE)
3932 return false;
3933 /* FILS not supported yet */
3934 if (auth_type == NL80211_AUTHTYPE_FILS_SK ||
3935 auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
3936 auth_type == NL80211_AUTHTYPE_FILS_PK)
3937 return false;
3938 return true;
3939 default:
3940 return false;
3941 }
3942}
3943
3944static int nl80211_start_ap(struct sk_buff *skb, struct genl_info *info)
3945{
3946 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3947 struct net_device *dev = info->user_ptr[1];
3948 struct wireless_dev *wdev = dev->ieee80211_ptr;
3949 struct cfg80211_ap_settings params;
3950 int err;
3951
3952 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
3953 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3954 return -EOPNOTSUPP;
3955
3956 if (!rdev->ops->start_ap)
3957 return -EOPNOTSUPP;
3958
3959 if (wdev->beacon_interval)
3960 return -EALREADY;
3961
3962 memset(&params, 0, sizeof(params));
3963
3964 /* these are required for START_AP */
3965 if (!info->attrs[NL80211_ATTR_BEACON_INTERVAL] ||
3966 !info->attrs[NL80211_ATTR_DTIM_PERIOD] ||
3967 !info->attrs[NL80211_ATTR_BEACON_HEAD])
3968 return -EINVAL;
3969
3970 err = nl80211_parse_beacon(info->attrs, &params.beacon);
3971 if (err)
3972 return err;
3973
3974 params.beacon_interval =
3975 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
3976 params.dtim_period =
3977 nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
3978
3979 err = cfg80211_validate_beacon_int(rdev, dev->ieee80211_ptr->iftype,
3980 params.beacon_interval);
3981 if (err)
3982 return err;
3983
3984 /*
3985 * In theory, some of these attributes should be required here
3986 * but since they were not used when the command was originally
3987 * added, keep them optional for old user space programs to let
3988 * them continue to work with drivers that do not need the
3989 * additional information -- drivers must check!
3990 */
3991 if (info->attrs[NL80211_ATTR_SSID]) {
3992 params.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
3993 params.ssid_len =
3994 nla_len(info->attrs[NL80211_ATTR_SSID]);
3995 if (params.ssid_len == 0 ||
3996 params.ssid_len > IEEE80211_MAX_SSID_LEN)
3997 return -EINVAL;
3998 }
3999
4000 if (info->attrs[NL80211_ATTR_HIDDEN_SSID]) {
4001 params.hidden_ssid = nla_get_u32(
4002 info->attrs[NL80211_ATTR_HIDDEN_SSID]);
4003 if (params.hidden_ssid != NL80211_HIDDEN_SSID_NOT_IN_USE &&
4004 params.hidden_ssid != NL80211_HIDDEN_SSID_ZERO_LEN &&
4005 params.hidden_ssid != NL80211_HIDDEN_SSID_ZERO_CONTENTS)
4006 return -EINVAL;
4007 }
4008
4009 params.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
4010
4011 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
4012 params.auth_type = nla_get_u32(
4013 info->attrs[NL80211_ATTR_AUTH_TYPE]);
4014 if (!nl80211_valid_auth_type(rdev, params.auth_type,
4015 NL80211_CMD_START_AP))
4016 return -EINVAL;
4017 } else
4018 params.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
4019
4020 err = nl80211_crypto_settings(rdev, info, &params.crypto,
4021 NL80211_MAX_NR_CIPHER_SUITES);
4022 if (err)
4023 return err;
4024
4025 if (info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]) {
4026 if (!(rdev->wiphy.features & NL80211_FEATURE_INACTIVITY_TIMER))
4027 return -EOPNOTSUPP;
4028 params.inactivity_timeout = nla_get_u16(
4029 info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]);
4030 }
4031
4032 if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
4033 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4034 return -EINVAL;
4035 params.p2p_ctwindow =
4036 nla_get_u8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
4037 if (params.p2p_ctwindow > 127)
4038 return -EINVAL;
4039 if (params.p2p_ctwindow != 0 &&
4040 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN))
4041 return -EINVAL;
4042 }
4043
4044 if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
4045 u8 tmp;
4046
4047 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4048 return -EINVAL;
4049 tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
4050 if (tmp > 1)
4051 return -EINVAL;
4052 params.p2p_opp_ps = tmp;
4053 if (params.p2p_opp_ps != 0 &&
4054 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS))
4055 return -EINVAL;
4056 }
4057
4058 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
4059 err = nl80211_parse_chandef(rdev, info, &params.chandef);
4060 if (err)
4061 return err;
4062 } else if (wdev->preset_chandef.chan) {
4063 params.chandef = wdev->preset_chandef;
4064 } else if (!nl80211_get_ap_channel(rdev, &params))
4065 return -EINVAL;
4066
4067 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &params.chandef,
4068 wdev->iftype))
4069 return -EINVAL;
4070
4071 if (info->attrs[NL80211_ATTR_TX_RATES]) {
4072 err = nl80211_parse_tx_bitrate_mask(info, &params.beacon_rate);
4073 if (err)
4074 return err;
4075
4076 err = validate_beacon_tx_rate(rdev, params.chandef.chan->band,
4077 &params.beacon_rate);
4078 if (err)
4079 return err;
4080 }
4081
4082 if (info->attrs[NL80211_ATTR_SMPS_MODE]) {
4083 params.smps_mode =
4084 nla_get_u8(info->attrs[NL80211_ATTR_SMPS_MODE]);
4085 switch (params.smps_mode) {
4086 case NL80211_SMPS_OFF:
4087 break;
4088 case NL80211_SMPS_STATIC:
4089 if (!(rdev->wiphy.features &
4090 NL80211_FEATURE_STATIC_SMPS))
4091 return -EINVAL;
4092 break;
4093 case NL80211_SMPS_DYNAMIC:
4094 if (!(rdev->wiphy.features &
4095 NL80211_FEATURE_DYNAMIC_SMPS))
4096 return -EINVAL;
4097 break;
4098 default:
4099 return -EINVAL;
4100 }
4101 } else {
4102 params.smps_mode = NL80211_SMPS_OFF;
4103 }
4104
4105 params.pbss = nla_get_flag(info->attrs[NL80211_ATTR_PBSS]);
4106 if (params.pbss && !rdev->wiphy.bands[NL80211_BAND_60GHZ])
4107 return -EOPNOTSUPP;
4108
4109 if (info->attrs[NL80211_ATTR_ACL_POLICY]) {
4110 params.acl = parse_acl_data(&rdev->wiphy, info);
4111 if (IS_ERR(params.acl))
4112 return PTR_ERR(params.acl);
4113 }
4114
4115 nl80211_calculate_ap_params(&params);
4116
4117 wdev_lock(wdev);
4118 err = rdev_start_ap(rdev, dev, &params);
4119 if (!err) {
4120 wdev->preset_chandef = params.chandef;
4121 wdev->beacon_interval = params.beacon_interval;
4122 wdev->chandef = params.chandef;
4123 wdev->ssid_len = params.ssid_len;
4124 memcpy(wdev->ssid, params.ssid, wdev->ssid_len);
4125 }
4126 wdev_unlock(wdev);
4127
4128 kfree(params.acl);
4129
4130 return err;
4131}
4132
4133static int nl80211_set_beacon(struct sk_buff *skb, struct genl_info *info)
4134{
4135 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4136 struct net_device *dev = info->user_ptr[1];
4137 struct wireless_dev *wdev = dev->ieee80211_ptr;
4138 struct cfg80211_beacon_data params;
4139 int err;
4140
4141 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
4142 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4143 return -EOPNOTSUPP;
4144
4145 if (!rdev->ops->change_beacon)
4146 return -EOPNOTSUPP;
4147
4148 if (!wdev->beacon_interval)
4149 return -EINVAL;
4150
4151 err = nl80211_parse_beacon(info->attrs, &params);
4152 if (err)
4153 return err;
4154
4155 wdev_lock(wdev);
4156 err = rdev_change_beacon(rdev, dev, &params);
4157 wdev_unlock(wdev);
4158
4159 return err;
4160}
4161
4162static int nl80211_stop_ap(struct sk_buff *skb, struct genl_info *info)
4163{
4164 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4165 struct net_device *dev = info->user_ptr[1];
4166
4167 return cfg80211_stop_ap(rdev, dev, false);
4168}
4169
4170static const struct nla_policy sta_flags_policy[NL80211_STA_FLAG_MAX + 1] = {
4171 [NL80211_STA_FLAG_AUTHORIZED] = { .type = NLA_FLAG },
4172 [NL80211_STA_FLAG_SHORT_PREAMBLE] = { .type = NLA_FLAG },
4173 [NL80211_STA_FLAG_WME] = { .type = NLA_FLAG },
4174 [NL80211_STA_FLAG_MFP] = { .type = NLA_FLAG },
4175 [NL80211_STA_FLAG_AUTHENTICATED] = { .type = NLA_FLAG },
4176 [NL80211_STA_FLAG_TDLS_PEER] = { .type = NLA_FLAG },
4177};
4178
4179static int parse_station_flags(struct genl_info *info,
4180 enum nl80211_iftype iftype,
4181 struct station_parameters *params)
4182{
4183 struct nlattr *flags[NL80211_STA_FLAG_MAX + 1];
4184 struct nlattr *nla;
4185 int flag;
4186
4187 /*
4188 * Try parsing the new attribute first so userspace
4189 * can specify both for older kernels.
4190 */
4191 nla = info->attrs[NL80211_ATTR_STA_FLAGS2];
4192 if (nla) {
4193 struct nl80211_sta_flag_update *sta_flags;
4194
4195 sta_flags = nla_data(nla);
4196 params->sta_flags_mask = sta_flags->mask;
4197 params->sta_flags_set = sta_flags->set;
4198 params->sta_flags_set &= params->sta_flags_mask;
4199 if ((params->sta_flags_mask |
4200 params->sta_flags_set) & BIT(__NL80211_STA_FLAG_INVALID))
4201 return -EINVAL;
4202 return 0;
4203 }
4204
4205 /* if present, parse the old attribute */
4206
4207 nla = info->attrs[NL80211_ATTR_STA_FLAGS];
4208 if (!nla)
4209 return 0;
4210
4211 if (nla_parse_nested(flags, NL80211_STA_FLAG_MAX, nla,
4212 sta_flags_policy, info->extack))
4213 return -EINVAL;
4214
4215 /*
4216 * Only allow certain flags for interface types so that
4217 * other attributes are silently ignored. Remember that
4218 * this is backward compatibility code with old userspace
4219 * and shouldn't be hit in other cases anyway.
4220 */
4221 switch (iftype) {
4222 case NL80211_IFTYPE_AP:
4223 case NL80211_IFTYPE_AP_VLAN:
4224 case NL80211_IFTYPE_P2P_GO:
4225 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
4226 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
4227 BIT(NL80211_STA_FLAG_WME) |
4228 BIT(NL80211_STA_FLAG_MFP);
4229 break;
4230 case NL80211_IFTYPE_P2P_CLIENT:
4231 case NL80211_IFTYPE_STATION:
4232 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
4233 BIT(NL80211_STA_FLAG_TDLS_PEER);
4234 break;
4235 case NL80211_IFTYPE_MESH_POINT:
4236 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHENTICATED) |
4237 BIT(NL80211_STA_FLAG_MFP) |
4238 BIT(NL80211_STA_FLAG_AUTHORIZED);
4239 break;
4240 default:
4241 return -EINVAL;
4242 }
4243
4244 for (flag = 1; flag <= NL80211_STA_FLAG_MAX; flag++) {
4245 if (flags[flag]) {
4246 params->sta_flags_set |= (1<<flag);
4247
4248 /* no longer support new API additions in old API */
4249 if (flag > NL80211_STA_FLAG_MAX_OLD_API)
4250 return -EINVAL;
4251 }
4252 }
4253
4254 return 0;
4255}
4256
4257static bool nl80211_put_sta_rate(struct sk_buff *msg, struct rate_info *info,
4258 int attr)
4259{
4260 struct nlattr *rate;
4261 u32 bitrate;
4262 u16 bitrate_compat;
4263 enum nl80211_rate_info rate_flg;
4264
4265 rate = nla_nest_start(msg, attr);
4266 if (!rate)
4267 return false;
4268
4269 /* cfg80211_calculate_bitrate will return 0 for mcs >= 32 */
4270 bitrate = cfg80211_calculate_bitrate(info);
4271 /* report 16-bit bitrate only if we can */
4272 bitrate_compat = bitrate < (1UL << 16) ? bitrate : 0;
4273 if (bitrate > 0 &&
4274 nla_put_u32(msg, NL80211_RATE_INFO_BITRATE32, bitrate))
4275 return false;
4276 if (bitrate_compat > 0 &&
4277 nla_put_u16(msg, NL80211_RATE_INFO_BITRATE, bitrate_compat))
4278 return false;
4279
4280 switch (info->bw) {
4281 case RATE_INFO_BW_5:
4282 rate_flg = NL80211_RATE_INFO_5_MHZ_WIDTH;
4283 break;
4284 case RATE_INFO_BW_10:
4285 rate_flg = NL80211_RATE_INFO_10_MHZ_WIDTH;
4286 break;
4287 default:
4288 WARN_ON(1);
4289 /* fall through */
4290 case RATE_INFO_BW_20:
4291 rate_flg = 0;
4292 break;
4293 case RATE_INFO_BW_40:
4294 rate_flg = NL80211_RATE_INFO_40_MHZ_WIDTH;
4295 break;
4296 case RATE_INFO_BW_80:
4297 rate_flg = NL80211_RATE_INFO_80_MHZ_WIDTH;
4298 break;
4299 case RATE_INFO_BW_160:
4300 rate_flg = NL80211_RATE_INFO_160_MHZ_WIDTH;
4301 break;
4302 }
4303
4304 if (rate_flg && nla_put_flag(msg, rate_flg))
4305 return false;
4306
4307 if (info->flags & RATE_INFO_FLAGS_MCS) {
4308 if (nla_put_u8(msg, NL80211_RATE_INFO_MCS, info->mcs))
4309 return false;
4310 if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
4311 nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
4312 return false;
4313 } else if (info->flags & RATE_INFO_FLAGS_VHT_MCS) {
4314 if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_MCS, info->mcs))
4315 return false;
4316 if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_NSS, info->nss))
4317 return false;
4318 if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
4319 nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
4320 return false;
4321 }
4322
4323 nla_nest_end(msg, rate);
4324 return true;
4325}
4326
4327static bool nl80211_put_signal(struct sk_buff *msg, u8 mask, s8 *signal,
4328 int id)
4329{
4330 void *attr;
4331 int i = 0;
4332
4333 if (!mask)
4334 return true;
4335
4336 attr = nla_nest_start(msg, id);
4337 if (!attr)
4338 return false;
4339
4340 for (i = 0; i < IEEE80211_MAX_CHAINS; i++) {
4341 if (!(mask & BIT(i)))
4342 continue;
4343
4344 if (nla_put_u8(msg, i, signal[i]))
4345 return false;
4346 }
4347
4348 nla_nest_end(msg, attr);
4349
4350 return true;
4351}
4352
4353static int nl80211_send_station(struct sk_buff *msg, u32 cmd, u32 portid,
4354 u32 seq, int flags,
4355 struct cfg80211_registered_device *rdev,
4356 struct net_device *dev,
4357 const u8 *mac_addr, struct station_info *sinfo)
4358{
4359 void *hdr;
4360 struct nlattr *sinfoattr, *bss_param;
4361
4362 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
4363 if (!hdr)
4364 return -1;
4365
4366 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
4367 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
4368 nla_put_u32(msg, NL80211_ATTR_GENERATION, sinfo->generation))
4369 goto nla_put_failure;
4370
4371 sinfoattr = nla_nest_start(msg, NL80211_ATTR_STA_INFO);
4372 if (!sinfoattr)
4373 goto nla_put_failure;
4374
4375#define PUT_SINFO(attr, memb, type) do { \
4376 BUILD_BUG_ON(sizeof(type) == sizeof(u64)); \
4377 if (sinfo->filled & (1ULL << NL80211_STA_INFO_ ## attr) && \
4378 nla_put_ ## type(msg, NL80211_STA_INFO_ ## attr, \
4379 sinfo->memb)) \
4380 goto nla_put_failure; \
4381 } while (0)
4382#define PUT_SINFO_U64(attr, memb) do { \
4383 if (sinfo->filled & (1ULL << NL80211_STA_INFO_ ## attr) && \
4384 nla_put_u64_64bit(msg, NL80211_STA_INFO_ ## attr, \
4385 sinfo->memb, NL80211_STA_INFO_PAD)) \
4386 goto nla_put_failure; \
4387 } while (0)
4388
4389 PUT_SINFO(CONNECTED_TIME, connected_time, u32);
4390 PUT_SINFO(INACTIVE_TIME, inactive_time, u32);
4391
4392 if (sinfo->filled & (BIT(NL80211_STA_INFO_RX_BYTES) |
4393 BIT(NL80211_STA_INFO_RX_BYTES64)) &&
4394 nla_put_u32(msg, NL80211_STA_INFO_RX_BYTES,
4395 (u32)sinfo->rx_bytes))
4396 goto nla_put_failure;
4397
4398 if (sinfo->filled & (BIT(NL80211_STA_INFO_TX_BYTES) |
4399 BIT(NL80211_STA_INFO_TX_BYTES64)) &&
4400 nla_put_u32(msg, NL80211_STA_INFO_TX_BYTES,
4401 (u32)sinfo->tx_bytes))
4402 goto nla_put_failure;
4403
4404 PUT_SINFO_U64(RX_BYTES64, rx_bytes);
4405 PUT_SINFO_U64(TX_BYTES64, tx_bytes);
4406 PUT_SINFO(LLID, llid, u16);
4407 PUT_SINFO(PLID, plid, u16);
4408 PUT_SINFO(PLINK_STATE, plink_state, u8);
4409 PUT_SINFO_U64(RX_DURATION, rx_duration);
4410
4411 switch (rdev->wiphy.signal_type) {
4412 case CFG80211_SIGNAL_TYPE_MBM:
4413 PUT_SINFO(SIGNAL, signal, u8);
4414 PUT_SINFO(SIGNAL_AVG, signal_avg, u8);
4415 break;
4416 default:
4417 break;
4418 }
4419 if (sinfo->filled & BIT(NL80211_STA_INFO_CHAIN_SIGNAL)) {
4420 if (!nl80211_put_signal(msg, sinfo->chains,
4421 sinfo->chain_signal,
4422 NL80211_STA_INFO_CHAIN_SIGNAL))
4423 goto nla_put_failure;
4424 }
4425 if (sinfo->filled & BIT(NL80211_STA_INFO_CHAIN_SIGNAL_AVG)) {
4426 if (!nl80211_put_signal(msg, sinfo->chains,
4427 sinfo->chain_signal_avg,
4428 NL80211_STA_INFO_CHAIN_SIGNAL_AVG))
4429 goto nla_put_failure;
4430 }
4431 if (sinfo->filled & BIT(NL80211_STA_INFO_TX_BITRATE)) {
4432 if (!nl80211_put_sta_rate(msg, &sinfo->txrate,
4433 NL80211_STA_INFO_TX_BITRATE))
4434 goto nla_put_failure;
4435 }
4436 if (sinfo->filled & BIT(NL80211_STA_INFO_RX_BITRATE)) {
4437 if (!nl80211_put_sta_rate(msg, &sinfo->rxrate,
4438 NL80211_STA_INFO_RX_BITRATE))
4439 goto nla_put_failure;
4440 }
4441
4442 PUT_SINFO(RX_PACKETS, rx_packets, u32);
4443 PUT_SINFO(TX_PACKETS, tx_packets, u32);
4444 PUT_SINFO(TX_RETRIES, tx_retries, u32);
4445 PUT_SINFO(TX_FAILED, tx_failed, u32);
4446 PUT_SINFO(EXPECTED_THROUGHPUT, expected_throughput, u32);
4447 PUT_SINFO(BEACON_LOSS, beacon_loss_count, u32);
4448 PUT_SINFO(LOCAL_PM, local_pm, u32);
4449 PUT_SINFO(PEER_PM, peer_pm, u32);
4450 PUT_SINFO(NONPEER_PM, nonpeer_pm, u32);
4451
4452 if (sinfo->filled & BIT(NL80211_STA_INFO_BSS_PARAM)) {
4453 bss_param = nla_nest_start(msg, NL80211_STA_INFO_BSS_PARAM);
4454 if (!bss_param)
4455 goto nla_put_failure;
4456
4457 if (((sinfo->bss_param.flags & BSS_PARAM_FLAGS_CTS_PROT) &&
4458 nla_put_flag(msg, NL80211_STA_BSS_PARAM_CTS_PROT)) ||
4459 ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_PREAMBLE) &&
4460 nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_PREAMBLE)) ||
4461 ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_SLOT_TIME) &&
4462 nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_SLOT_TIME)) ||
4463 nla_put_u8(msg, NL80211_STA_BSS_PARAM_DTIM_PERIOD,
4464 sinfo->bss_param.dtim_period) ||
4465 nla_put_u16(msg, NL80211_STA_BSS_PARAM_BEACON_INTERVAL,
4466 sinfo->bss_param.beacon_interval))
4467 goto nla_put_failure;
4468
4469 nla_nest_end(msg, bss_param);
4470 }
4471 if ((sinfo->filled & BIT(NL80211_STA_INFO_STA_FLAGS)) &&
4472 nla_put(msg, NL80211_STA_INFO_STA_FLAGS,
4473 sizeof(struct nl80211_sta_flag_update),
4474 &sinfo->sta_flags))
4475 goto nla_put_failure;
4476
4477 PUT_SINFO_U64(T_OFFSET, t_offset);
4478 PUT_SINFO_U64(RX_DROP_MISC, rx_dropped_misc);
4479 PUT_SINFO_U64(BEACON_RX, rx_beacon);
4480 PUT_SINFO(BEACON_SIGNAL_AVG, rx_beacon_signal_avg, u8);
4481
4482#undef PUT_SINFO
4483#undef PUT_SINFO_U64
4484
4485 if (sinfo->filled & BIT(NL80211_STA_INFO_TID_STATS)) {
4486 struct nlattr *tidsattr;
4487 int tid;
4488
4489 tidsattr = nla_nest_start(msg, NL80211_STA_INFO_TID_STATS);
4490 if (!tidsattr)
4491 goto nla_put_failure;
4492
4493 for (tid = 0; tid < IEEE80211_NUM_TIDS + 1; tid++) {
4494 struct cfg80211_tid_stats *tidstats;
4495 struct nlattr *tidattr;
4496
4497 tidstats = &sinfo->pertid[tid];
4498
4499 if (!tidstats->filled)
4500 continue;
4501
4502 tidattr = nla_nest_start(msg, tid + 1);
4503 if (!tidattr)
4504 goto nla_put_failure;
4505
4506#define PUT_TIDVAL_U64(attr, memb) do { \
4507 if (tidstats->filled & BIT(NL80211_TID_STATS_ ## attr) && \
4508 nla_put_u64_64bit(msg, NL80211_TID_STATS_ ## attr, \
4509 tidstats->memb, NL80211_TID_STATS_PAD)) \
4510 goto nla_put_failure; \
4511 } while (0)
4512
4513 PUT_TIDVAL_U64(RX_MSDU, rx_msdu);
4514 PUT_TIDVAL_U64(TX_MSDU, tx_msdu);
4515 PUT_TIDVAL_U64(TX_MSDU_RETRIES, tx_msdu_retries);
4516 PUT_TIDVAL_U64(TX_MSDU_FAILED, tx_msdu_failed);
4517
4518#undef PUT_TIDVAL_U64
4519 nla_nest_end(msg, tidattr);
4520 }
4521
4522 nla_nest_end(msg, tidsattr);
4523 }
4524
4525 nla_nest_end(msg, sinfoattr);
4526
4527 if (sinfo->assoc_req_ies_len &&
4528 nla_put(msg, NL80211_ATTR_IE, sinfo->assoc_req_ies_len,
4529 sinfo->assoc_req_ies))
4530 goto nla_put_failure;
4531
4532 genlmsg_end(msg, hdr);
4533 return 0;
4534
4535 nla_put_failure:
4536 genlmsg_cancel(msg, hdr);
4537 return -EMSGSIZE;
4538}
4539
4540static int nl80211_dump_station(struct sk_buff *skb,
4541 struct netlink_callback *cb)
4542{
4543 struct station_info sinfo;
4544 struct cfg80211_registered_device *rdev;
4545 struct wireless_dev *wdev;
4546 u8 mac_addr[ETH_ALEN];
4547 int sta_idx = cb->args[2];
4548 int err;
4549
4550 rtnl_lock();
4551 err = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev);
4552 if (err)
4553 goto out_err;
4554
4555 if (!wdev->netdev) {
4556 err = -EINVAL;
4557 goto out_err;
4558 }
4559
4560 if (!rdev->ops->dump_station) {
4561 err = -EOPNOTSUPP;
4562 goto out_err;
4563 }
4564
4565 while (1) {
4566 memset(&sinfo, 0, sizeof(sinfo));
4567 err = rdev_dump_station(rdev, wdev->netdev, sta_idx,
4568 mac_addr, &sinfo);
4569 if (err == -ENOENT)
4570 break;
4571 if (err)
4572 goto out_err;
4573
4574 if (nl80211_send_station(skb, NL80211_CMD_NEW_STATION,
4575 NETLINK_CB(cb->skb).portid,
4576 cb->nlh->nlmsg_seq, NLM_F_MULTI,
4577 rdev, wdev->netdev, mac_addr,
4578 &sinfo) < 0)
4579 goto out;
4580
4581 sta_idx++;
4582 }
4583
4584 out:
4585 cb->args[2] = sta_idx;
4586 err = skb->len;
4587 out_err:
4588 rtnl_unlock();
4589
4590 return err;
4591}
4592
4593static int nl80211_get_station(struct sk_buff *skb, struct genl_info *info)
4594{
4595 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4596 struct net_device *dev = info->user_ptr[1];
4597 struct station_info sinfo;
4598 struct sk_buff *msg;
4599 u8 *mac_addr = NULL;
4600 int err;
4601
4602 memset(&sinfo, 0, sizeof(sinfo));
4603
4604 if (!info->attrs[NL80211_ATTR_MAC])
4605 return -EINVAL;
4606
4607 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4608
4609 if (!rdev->ops->get_station)
4610 return -EOPNOTSUPP;
4611
4612 err = rdev_get_station(rdev, dev, mac_addr, &sinfo);
4613 if (err)
4614 return err;
4615
4616 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4617 if (!msg)
4618 return -ENOMEM;
4619
4620 if (nl80211_send_station(msg, NL80211_CMD_NEW_STATION,
4621 info->snd_portid, info->snd_seq, 0,
4622 rdev, dev, mac_addr, &sinfo) < 0) {
4623 nlmsg_free(msg);
4624 return -ENOBUFS;
4625 }
4626
4627 return genlmsg_reply(msg, info);
4628}
4629
4630int cfg80211_check_station_change(struct wiphy *wiphy,
4631 struct station_parameters *params,
4632 enum cfg80211_station_type statype)
4633{
4634 if (params->listen_interval != -1 &&
4635 statype != CFG80211_STA_AP_CLIENT_UNASSOC)
4636 return -EINVAL;
4637
4638 if (params->support_p2p_ps != -1 &&
4639 statype != CFG80211_STA_AP_CLIENT_UNASSOC)
4640 return -EINVAL;
4641
4642 if (params->aid &&
4643 !(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) &&
4644 statype != CFG80211_STA_AP_CLIENT_UNASSOC)
4645 return -EINVAL;
4646
4647 /* When you run into this, adjust the code below for the new flag */
4648 BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 7);
4649
4650 switch (statype) {
4651 case CFG80211_STA_MESH_PEER_KERNEL:
4652 case CFG80211_STA_MESH_PEER_USER:
4653 /*
4654 * No ignoring the TDLS flag here -- the userspace mesh
4655 * code doesn't have the bug of including TDLS in the
4656 * mask everywhere.
4657 */
4658 if (params->sta_flags_mask &
4659 ~(BIT(NL80211_STA_FLAG_AUTHENTICATED) |
4660 BIT(NL80211_STA_FLAG_MFP) |
4661 BIT(NL80211_STA_FLAG_AUTHORIZED)))
4662 return -EINVAL;
4663 break;
4664 case CFG80211_STA_TDLS_PEER_SETUP:
4665 case CFG80211_STA_TDLS_PEER_ACTIVE:
4666 if (!(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
4667 return -EINVAL;
4668 /* ignore since it can't change */
4669 params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
4670 break;
4671 default:
4672 /* disallow mesh-specific things */
4673 if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION)
4674 return -EINVAL;
4675 if (params->local_pm)
4676 return -EINVAL;
4677 if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE)
4678 return -EINVAL;
4679 }
4680
4681 if (statype != CFG80211_STA_TDLS_PEER_SETUP &&
4682 statype != CFG80211_STA_TDLS_PEER_ACTIVE) {
4683 /* TDLS can't be set, ... */
4684 if (params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))
4685 return -EINVAL;
4686 /*
4687 * ... but don't bother the driver with it. This works around
4688 * a hostapd/wpa_supplicant issue -- it always includes the
4689 * TLDS_PEER flag in the mask even for AP mode.
4690 */
4691 params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
4692 }
4693
4694 if (statype != CFG80211_STA_TDLS_PEER_SETUP &&
4695 statype != CFG80211_STA_AP_CLIENT_UNASSOC) {
4696 /* reject other things that can't change */
4697 if (params->sta_modify_mask & STATION_PARAM_APPLY_UAPSD)
4698 return -EINVAL;
4699 if (params->sta_modify_mask & STATION_PARAM_APPLY_CAPABILITY)
4700 return -EINVAL;
4701 if (params->supported_rates)
4702 return -EINVAL;
4703 if (params->ext_capab || params->ht_capa || params->vht_capa)
4704 return -EINVAL;
4705 }
4706
4707 if (statype != CFG80211_STA_AP_CLIENT &&
4708 statype != CFG80211_STA_AP_CLIENT_UNASSOC) {
4709 if (params->vlan)
4710 return -EINVAL;
4711 }
4712
4713 switch (statype) {
4714 case CFG80211_STA_AP_MLME_CLIENT:
4715 /* Use this only for authorizing/unauthorizing a station */
4716 if (!(params->sta_flags_mask & BIT(NL80211_STA_FLAG_AUTHORIZED)))
4717 return -EOPNOTSUPP;
4718 break;
4719 case CFG80211_STA_AP_CLIENT:
4720 case CFG80211_STA_AP_CLIENT_UNASSOC:
4721 /* accept only the listed bits */
4722 if (params->sta_flags_mask &
4723 ~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
4724 BIT(NL80211_STA_FLAG_AUTHENTICATED) |
4725 BIT(NL80211_STA_FLAG_ASSOCIATED) |
4726 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
4727 BIT(NL80211_STA_FLAG_WME) |
4728 BIT(NL80211_STA_FLAG_MFP)))
4729 return -EINVAL;
4730
4731 /* but authenticated/associated only if driver handles it */
4732 if (!(wiphy->features & NL80211_FEATURE_FULL_AP_CLIENT_STATE) &&
4733 params->sta_flags_mask &
4734 (BIT(NL80211_STA_FLAG_AUTHENTICATED) |
4735 BIT(NL80211_STA_FLAG_ASSOCIATED)))
4736 return -EINVAL;
4737 break;
4738 case CFG80211_STA_IBSS:
4739 case CFG80211_STA_AP_STA:
4740 /* reject any changes other than AUTHORIZED */
4741 if (params->sta_flags_mask & ~BIT(NL80211_STA_FLAG_AUTHORIZED))
4742 return -EINVAL;
4743 break;
4744 case CFG80211_STA_TDLS_PEER_SETUP:
4745 /* reject any changes other than AUTHORIZED or WME */
4746 if (params->sta_flags_mask & ~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
4747 BIT(NL80211_STA_FLAG_WME)))
4748 return -EINVAL;
4749 /* force (at least) rates when authorizing */
4750 if (params->sta_flags_set & BIT(NL80211_STA_FLAG_AUTHORIZED) &&
4751 !params->supported_rates)
4752 return -EINVAL;
4753 break;
4754 case CFG80211_STA_TDLS_PEER_ACTIVE:
4755 /* reject any changes */
4756 return -EINVAL;
4757 case CFG80211_STA_MESH_PEER_KERNEL:
4758 if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE)
4759 return -EINVAL;
4760 break;
4761 case CFG80211_STA_MESH_PEER_USER:
4762 if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION &&
4763 params->plink_action != NL80211_PLINK_ACTION_BLOCK)
4764 return -EINVAL;
4765 break;
4766 }
4767
4768 /*
4769 * Older kernel versions ignored this attribute entirely, so don't
4770 * reject attempts to update it but mark it as unused instead so the
4771 * driver won't look at the data.
4772 */
4773 if (statype != CFG80211_STA_AP_CLIENT_UNASSOC &&
4774 statype != CFG80211_STA_TDLS_PEER_SETUP)
4775 params->opmode_notif_used = false;
4776
4777 return 0;
4778}
4779EXPORT_SYMBOL(cfg80211_check_station_change);
4780
4781/*
4782 * Get vlan interface making sure it is running and on the right wiphy.
4783 */
4784static struct net_device *get_vlan(struct genl_info *info,
4785 struct cfg80211_registered_device *rdev)
4786{
4787 struct nlattr *vlanattr = info->attrs[NL80211_ATTR_STA_VLAN];
4788 struct net_device *v;
4789 int ret;
4790
4791 if (!vlanattr)
4792 return NULL;
4793
4794 v = dev_get_by_index(genl_info_net(info), nla_get_u32(vlanattr));
4795 if (!v)
4796 return ERR_PTR(-ENODEV);
4797
4798 if (!v->ieee80211_ptr || v->ieee80211_ptr->wiphy != &rdev->wiphy) {
4799 ret = -EINVAL;
4800 goto error;
4801 }
4802
4803 if (v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
4804 v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
4805 v->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) {
4806 ret = -EINVAL;
4807 goto error;
4808 }
4809
4810 if (!netif_running(v)) {
4811 ret = -ENETDOWN;
4812 goto error;
4813 }
4814
4815 return v;
4816 error:
4817 dev_put(v);
4818 return ERR_PTR(ret);
4819}
4820
4821static const struct nla_policy
4822nl80211_sta_wme_policy[NL80211_STA_WME_MAX + 1] = {
4823 [NL80211_STA_WME_UAPSD_QUEUES] = { .type = NLA_U8 },
4824 [NL80211_STA_WME_MAX_SP] = { .type = NLA_U8 },
4825};
4826
4827static int nl80211_parse_sta_wme(struct genl_info *info,
4828 struct station_parameters *params)
4829{
4830 struct nlattr *tb[NL80211_STA_WME_MAX + 1];
4831 struct nlattr *nla;
4832 int err;
4833
4834 /* parse WME attributes if present */
4835 if (!info->attrs[NL80211_ATTR_STA_WME])
4836 return 0;
4837
4838 nla = info->attrs[NL80211_ATTR_STA_WME];
4839 err = nla_parse_nested(tb, NL80211_STA_WME_MAX, nla,
4840 nl80211_sta_wme_policy, info->extack);
4841 if (err)
4842 return err;
4843
4844 if (tb[NL80211_STA_WME_UAPSD_QUEUES])
4845 params->uapsd_queues = nla_get_u8(
4846 tb[NL80211_STA_WME_UAPSD_QUEUES]);
4847 if (params->uapsd_queues & ~IEEE80211_WMM_IE_STA_QOSINFO_AC_MASK)
4848 return -EINVAL;
4849
4850 if (tb[NL80211_STA_WME_MAX_SP])
4851 params->max_sp = nla_get_u8(tb[NL80211_STA_WME_MAX_SP]);
4852
4853 if (params->max_sp & ~IEEE80211_WMM_IE_STA_QOSINFO_SP_MASK)
4854 return -EINVAL;
4855
4856 params->sta_modify_mask |= STATION_PARAM_APPLY_UAPSD;
4857
4858 return 0;
4859}
4860
4861static int nl80211_parse_sta_channel_info(struct genl_info *info,
4862 struct station_parameters *params)
4863{
4864 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]) {
4865 params->supported_channels =
4866 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]);
4867 params->supported_channels_len =
4868 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]);
4869 /*
4870 * Need to include at least one (first channel, number of
4871 * channels) tuple for each subband, and must have proper
4872 * tuples for the rest of the data as well.
4873 */
4874 if (params->supported_channels_len < 2)
4875 return -EINVAL;
4876 if (params->supported_channels_len % 2)
4877 return -EINVAL;
4878 }
4879
4880 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]) {
4881 params->supported_oper_classes =
4882 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]);
4883 params->supported_oper_classes_len =
4884 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]);
4885 /*
4886 * The value of the Length field of the Supported Operating
4887 * Classes element is between 2 and 253.
4888 */
4889 if (params->supported_oper_classes_len < 2 ||
4890 params->supported_oper_classes_len > 253)
4891 return -EINVAL;
4892 }
4893 return 0;
4894}
4895
4896static int nl80211_set_station_tdls(struct genl_info *info,
4897 struct station_parameters *params)
4898{
4899 int err;
4900 /* Dummy STA entry gets updated once the peer capabilities are known */
4901 if (info->attrs[NL80211_ATTR_PEER_AID])
4902 params->aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
4903 if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
4904 params->ht_capa =
4905 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
4906 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
4907 params->vht_capa =
4908 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
4909
4910 err = nl80211_parse_sta_channel_info(info, params);
4911 if (err)
4912 return err;
4913
4914 return nl80211_parse_sta_wme(info, params);
4915}
4916
4917static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info)
4918{
4919 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4920 struct net_device *dev = info->user_ptr[1];
4921 struct station_parameters params;
4922 u8 *mac_addr;
4923 int err;
4924
4925 memset(&params, 0, sizeof(params));
4926
4927 if (!rdev->ops->change_station)
4928 return -EOPNOTSUPP;
4929
4930 /*
4931 * AID and listen_interval properties can be set only for unassociated
4932 * station. Include these parameters here and will check them in
4933 * cfg80211_check_station_change().
4934 */
4935 if (info->attrs[NL80211_ATTR_STA_AID])
4936 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
4937
4938 if (info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
4939 params.listen_interval =
4940 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
4941 else
4942 params.listen_interval = -1;
4943
4944 if (info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]) {
4945 u8 tmp;
4946
4947 tmp = nla_get_u8(info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]);
4948 if (tmp >= NUM_NL80211_P2P_PS_STATUS)
4949 return -EINVAL;
4950
4951 params.support_p2p_ps = tmp;
4952 } else {
4953 params.support_p2p_ps = -1;
4954 }
4955
4956 if (!info->attrs[NL80211_ATTR_MAC])
4957 return -EINVAL;
4958
4959 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4960
4961 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) {
4962 params.supported_rates =
4963 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
4964 params.supported_rates_len =
4965 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
4966 }
4967
4968 if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
4969 params.capability =
4970 nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]);
4971 params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY;
4972 }
4973
4974 if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) {
4975 params.ext_capab =
4976 nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
4977 params.ext_capab_len =
4978 nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
4979 }
4980
4981 if (parse_station_flags(info, dev->ieee80211_ptr->iftype, &params))
4982 return -EINVAL;
4983
4984 if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION]) {
4985 params.plink_action =
4986 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
4987 if (params.plink_action >= NUM_NL80211_PLINK_ACTIONS)
4988 return -EINVAL;
4989 }
4990
4991 if (info->attrs[NL80211_ATTR_STA_PLINK_STATE]) {
4992 params.plink_state =
4993 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_STATE]);
4994 if (params.plink_state >= NUM_NL80211_PLINK_STATES)
4995 return -EINVAL;
4996 if (info->attrs[NL80211_ATTR_MESH_PEER_AID]) {
4997 params.peer_aid = nla_get_u16(
4998 info->attrs[NL80211_ATTR_MESH_PEER_AID]);
4999 if (params.peer_aid > IEEE80211_MAX_AID)
5000 return -EINVAL;
5001 }
5002 params.sta_modify_mask |= STATION_PARAM_APPLY_PLINK_STATE;
5003 }
5004
5005 if (info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE]) {
5006 enum nl80211_mesh_power_mode pm = nla_get_u32(
5007 info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE]);
5008
5009 if (pm <= NL80211_MESH_POWER_UNKNOWN ||
5010 pm > NL80211_MESH_POWER_MAX)
5011 return -EINVAL;
5012
5013 params.local_pm = pm;
5014 }
5015
5016 if (info->attrs[NL80211_ATTR_OPMODE_NOTIF]) {
5017 params.opmode_notif_used = true;
5018 params.opmode_notif =
5019 nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]);
5020 }
5021
5022 /* Include parameters for TDLS peer (will check later) */
5023 err = nl80211_set_station_tdls(info, &params);
5024 if (err)
5025 return err;
5026
5027 params.vlan = get_vlan(info, rdev);
5028 if (IS_ERR(params.vlan))
5029 return PTR_ERR(params.vlan);
5030
5031 switch (dev->ieee80211_ptr->iftype) {
5032 case NL80211_IFTYPE_AP:
5033 case NL80211_IFTYPE_AP_VLAN:
5034 case NL80211_IFTYPE_P2P_GO:
5035 case NL80211_IFTYPE_P2P_CLIENT:
5036 case NL80211_IFTYPE_STATION:
5037 case NL80211_IFTYPE_ADHOC:
5038 case NL80211_IFTYPE_MESH_POINT:
5039 break;
5040 default:
5041 err = -EOPNOTSUPP;
5042 goto out_put_vlan;
5043 }
5044
5045 /* driver will call cfg80211_check_station_change() */
5046 err = rdev_change_station(rdev, dev, mac_addr, &params);
5047
5048 out_put_vlan:
5049 if (params.vlan)
5050 dev_put(params.vlan);
5051
5052 return err;
5053}
5054
5055static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info)
5056{
5057 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5058 int err;
5059 struct net_device *dev = info->user_ptr[1];
5060 struct station_parameters params;
5061 u8 *mac_addr = NULL;
5062 u32 auth_assoc = BIT(NL80211_STA_FLAG_AUTHENTICATED) |
5063 BIT(NL80211_STA_FLAG_ASSOCIATED);
5064
5065 memset(&params, 0, sizeof(params));
5066
5067 if (!rdev->ops->add_station)
5068 return -EOPNOTSUPP;
5069
5070 if (!info->attrs[NL80211_ATTR_MAC])
5071 return -EINVAL;
5072
5073 if (!info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
5074 return -EINVAL;
5075
5076 if (!info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES])
5077 return -EINVAL;
5078
5079 if (!info->attrs[NL80211_ATTR_STA_AID] &&
5080 !info->attrs[NL80211_ATTR_PEER_AID])
5081 return -EINVAL;
5082
5083 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
5084 params.supported_rates =
5085 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
5086 params.supported_rates_len =
5087 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
5088 params.listen_interval =
5089 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
5090
5091 if (info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]) {
5092 u8 tmp;
5093
5094 tmp = nla_get_u8(info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]);
5095 if (tmp >= NUM_NL80211_P2P_PS_STATUS)
5096 return -EINVAL;
5097
5098 params.support_p2p_ps = tmp;
5099 } else {
5100 /*
5101 * if not specified, assume it's supported for P2P GO interface,
5102 * and is NOT supported for AP interface
5103 */
5104 params.support_p2p_ps =
5105 dev->ieee80211_ptr->iftype == NL80211_IFTYPE_P2P_GO;
5106 }
5107
5108 if (info->attrs[NL80211_ATTR_PEER_AID])
5109 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
5110 else
5111 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
5112 if (!params.aid || params.aid > IEEE80211_MAX_AID)
5113 return -EINVAL;
5114
5115 if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
5116 params.capability =
5117 nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]);
5118 params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY;
5119 }
5120
5121 if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) {
5122 params.ext_capab =
5123 nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
5124 params.ext_capab_len =
5125 nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
5126 }
5127
5128 if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
5129 params.ht_capa =
5130 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
5131
5132 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
5133 params.vht_capa =
5134 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
5135
5136 if (info->attrs[NL80211_ATTR_OPMODE_NOTIF]) {
5137 params.opmode_notif_used = true;
5138 params.opmode_notif =
5139 nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]);
5140 }
5141
5142 if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION]) {
5143 params.plink_action =
5144 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
5145 if (params.plink_action >= NUM_NL80211_PLINK_ACTIONS)
5146 return -EINVAL;
5147 }
5148
5149 err = nl80211_parse_sta_channel_info(info, &params);
5150 if (err)
5151 return err;
5152
5153 err = nl80211_parse_sta_wme(info, &params);
5154 if (err)
5155 return err;
5156
5157 if (parse_station_flags(info, dev->ieee80211_ptr->iftype, &params))
5158 return -EINVAL;
5159
5160 /* HT/VHT requires QoS, but if we don't have that just ignore HT/VHT
5161 * as userspace might just pass through the capabilities from the IEs
5162 * directly, rather than enforcing this restriction and returning an
5163 * error in this case.
5164 */
5165 if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_WME))) {
5166 params.ht_capa = NULL;
5167 params.vht_capa = NULL;
5168 }
5169
5170 /* When you run into this, adjust the code below for the new flag */
5171 BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 7);
5172
5173 switch (dev->ieee80211_ptr->iftype) {
5174 case NL80211_IFTYPE_AP:
5175 case NL80211_IFTYPE_AP_VLAN:
5176 case NL80211_IFTYPE_P2P_GO:
5177 /* ignore WME attributes if iface/sta is not capable */
5178 if (!(rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) ||
5179 !(params.sta_flags_set & BIT(NL80211_STA_FLAG_WME)))
5180 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
5181
5182 /* TDLS peers cannot be added */
5183 if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) ||
5184 info->attrs[NL80211_ATTR_PEER_AID])
5185 return -EINVAL;
5186 /* but don't bother the driver with it */
5187 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
5188
5189 /* allow authenticated/associated only if driver handles it */
5190 if (!(rdev->wiphy.features &
5191 NL80211_FEATURE_FULL_AP_CLIENT_STATE) &&
5192 params.sta_flags_mask & auth_assoc)
5193 return -EINVAL;
5194
5195 /* Older userspace, or userspace wanting to be compatible with
5196 * !NL80211_FEATURE_FULL_AP_CLIENT_STATE, will not set the auth
5197 * and assoc flags in the mask, but assumes the station will be
5198 * added as associated anyway since this was the required driver
5199 * behaviour before NL80211_FEATURE_FULL_AP_CLIENT_STATE was
5200 * introduced.
5201 * In order to not bother drivers with this quirk in the API
5202 * set the flags in both the mask and set for new stations in
5203 * this case.
5204 */
5205 if (!(params.sta_flags_mask & auth_assoc)) {
5206 params.sta_flags_mask |= auth_assoc;
5207 params.sta_flags_set |= auth_assoc;
5208 }
5209
5210 /* must be last in here for error handling */
5211 params.vlan = get_vlan(info, rdev);
5212 if (IS_ERR(params.vlan))
5213 return PTR_ERR(params.vlan);
5214 break;
5215 case NL80211_IFTYPE_MESH_POINT:
5216 /* ignore uAPSD data */
5217 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
5218
5219 /* associated is disallowed */
5220 if (params.sta_flags_mask & BIT(NL80211_STA_FLAG_ASSOCIATED))
5221 return -EINVAL;
5222 /* TDLS peers cannot be added */
5223 if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) ||
5224 info->attrs[NL80211_ATTR_PEER_AID])
5225 return -EINVAL;
5226 break;
5227 case NL80211_IFTYPE_STATION:
5228 case NL80211_IFTYPE_P2P_CLIENT:
5229 /* ignore uAPSD data */
5230 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
5231
5232 /* these are disallowed */
5233 if (params.sta_flags_mask &
5234 (BIT(NL80211_STA_FLAG_ASSOCIATED) |
5235 BIT(NL80211_STA_FLAG_AUTHENTICATED)))
5236 return -EINVAL;
5237 /* Only TDLS peers can be added */
5238 if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
5239 return -EINVAL;
5240 /* Can only add if TDLS ... */
5241 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS))
5242 return -EOPNOTSUPP;
5243 /* ... with external setup is supported */
5244 if (!(rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP))
5245 return -EOPNOTSUPP;
5246 /*
5247 * Older wpa_supplicant versions always mark the TDLS peer
5248 * as authorized, but it shouldn't yet be.
5249 */
5250 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_AUTHORIZED);
5251 break;
5252 default:
5253 return -EOPNOTSUPP;
5254 }
5255
5256 /* be aware of params.vlan when changing code here */
5257
5258 err = rdev_add_station(rdev, dev, mac_addr, &params);
5259
5260 if (params.vlan)
5261 dev_put(params.vlan);
5262 return err;
5263}
5264
5265static int nl80211_del_station(struct sk_buff *skb, struct genl_info *info)
5266{
5267 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5268 struct net_device *dev = info->user_ptr[1];
5269 struct station_del_parameters params;
5270
5271 memset(&params, 0, sizeof(params));
5272
5273 if (info->attrs[NL80211_ATTR_MAC])
5274 params.mac = nla_data(info->attrs[NL80211_ATTR_MAC]);
5275
5276 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
5277 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
5278 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
5279 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
5280 return -EINVAL;
5281
5282 if (!rdev->ops->del_station)
5283 return -EOPNOTSUPP;
5284
5285 if (info->attrs[NL80211_ATTR_MGMT_SUBTYPE]) {
5286 params.subtype =
5287 nla_get_u8(info->attrs[NL80211_ATTR_MGMT_SUBTYPE]);
5288 if (params.subtype != IEEE80211_STYPE_DISASSOC >> 4 &&
5289 params.subtype != IEEE80211_STYPE_DEAUTH >> 4)
5290 return -EINVAL;
5291 } else {
5292 /* Default to Deauthentication frame */
5293 params.subtype = IEEE80211_STYPE_DEAUTH >> 4;
5294 }
5295
5296 if (info->attrs[NL80211_ATTR_REASON_CODE]) {
5297 params.reason_code =
5298 nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
5299 if (params.reason_code == 0)
5300 return -EINVAL; /* 0 is reserved */
5301 } else {
5302 /* Default to reason code 2 */
5303 params.reason_code = WLAN_REASON_PREV_AUTH_NOT_VALID;
5304 }
5305
5306 return rdev_del_station(rdev, dev, &params);
5307}
5308
5309static int nl80211_send_mpath(struct sk_buff *msg, u32 portid, u32 seq,
5310 int flags, struct net_device *dev,
5311 u8 *dst, u8 *next_hop,
5312 struct mpath_info *pinfo)
5313{
5314 void *hdr;
5315 struct nlattr *pinfoattr;
5316
5317 hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_MPATH);
5318 if (!hdr)
5319 return -1;
5320
5321 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
5322 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, dst) ||
5323 nla_put(msg, NL80211_ATTR_MPATH_NEXT_HOP, ETH_ALEN, next_hop) ||
5324 nla_put_u32(msg, NL80211_ATTR_GENERATION, pinfo->generation))
5325 goto nla_put_failure;
5326
5327 pinfoattr = nla_nest_start(msg, NL80211_ATTR_MPATH_INFO);
5328 if (!pinfoattr)
5329 goto nla_put_failure;
5330 if ((pinfo->filled & MPATH_INFO_FRAME_QLEN) &&
5331 nla_put_u32(msg, NL80211_MPATH_INFO_FRAME_QLEN,
5332 pinfo->frame_qlen))
5333 goto nla_put_failure;
5334 if (((pinfo->filled & MPATH_INFO_SN) &&
5335 nla_put_u32(msg, NL80211_MPATH_INFO_SN, pinfo->sn)) ||
5336 ((pinfo->filled & MPATH_INFO_METRIC) &&
5337 nla_put_u32(msg, NL80211_MPATH_INFO_METRIC,
5338 pinfo->metric)) ||
5339 ((pinfo->filled & MPATH_INFO_EXPTIME) &&
5340 nla_put_u32(msg, NL80211_MPATH_INFO_EXPTIME,
5341 pinfo->exptime)) ||
5342 ((pinfo->filled & MPATH_INFO_FLAGS) &&
5343 nla_put_u8(msg, NL80211_MPATH_INFO_FLAGS,
5344 pinfo->flags)) ||
5345 ((pinfo->filled & MPATH_INFO_DISCOVERY_TIMEOUT) &&
5346 nla_put_u32(msg, NL80211_MPATH_INFO_DISCOVERY_TIMEOUT,
5347 pinfo->discovery_timeout)) ||
5348 ((pinfo->filled & MPATH_INFO_DISCOVERY_RETRIES) &&
5349 nla_put_u8(msg, NL80211_MPATH_INFO_DISCOVERY_RETRIES,
5350 pinfo->discovery_retries)))
5351 goto nla_put_failure;
5352
5353 nla_nest_end(msg, pinfoattr);
5354
5355 genlmsg_end(msg, hdr);
5356 return 0;
5357
5358 nla_put_failure:
5359 genlmsg_cancel(msg, hdr);
5360 return -EMSGSIZE;
5361}
5362
5363static int nl80211_dump_mpath(struct sk_buff *skb,
5364 struct netlink_callback *cb)
5365{
5366 struct mpath_info pinfo;
5367 struct cfg80211_registered_device *rdev;
5368 struct wireless_dev *wdev;
5369 u8 dst[ETH_ALEN];
5370 u8 next_hop[ETH_ALEN];
5371 int path_idx = cb->args[2];
5372 int err;
5373
5374 rtnl_lock();
5375 err = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev);
5376 if (err)
5377 goto out_err;
5378
5379 if (!rdev->ops->dump_mpath) {
5380 err = -EOPNOTSUPP;
5381 goto out_err;
5382 }
5383
5384 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) {
5385 err = -EOPNOTSUPP;
5386 goto out_err;
5387 }
5388
5389 while (1) {
5390 err = rdev_dump_mpath(rdev, wdev->netdev, path_idx, dst,
5391 next_hop, &pinfo);
5392 if (err == -ENOENT)
5393 break;
5394 if (err)
5395 goto out_err;
5396
5397 if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid,
5398 cb->nlh->nlmsg_seq, NLM_F_MULTI,
5399 wdev->netdev, dst, next_hop,
5400 &pinfo) < 0)
5401 goto out;
5402
5403 path_idx++;
5404 }
5405
5406 out:
5407 cb->args[2] = path_idx;
5408 err = skb->len;
5409 out_err:
5410 rtnl_unlock();
5411 return err;
5412}
5413
5414static int nl80211_get_mpath(struct sk_buff *skb, struct genl_info *info)
5415{
5416 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5417 int err;
5418 struct net_device *dev = info->user_ptr[1];
5419 struct mpath_info pinfo;
5420 struct sk_buff *msg;
5421 u8 *dst = NULL;
5422 u8 next_hop[ETH_ALEN];
5423
5424 memset(&pinfo, 0, sizeof(pinfo));
5425
5426 if (!info->attrs[NL80211_ATTR_MAC])
5427 return -EINVAL;
5428
5429 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
5430
5431 if (!rdev->ops->get_mpath)
5432 return -EOPNOTSUPP;
5433
5434 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
5435 return -EOPNOTSUPP;
5436
5437 err = rdev_get_mpath(rdev, dev, dst, next_hop, &pinfo);
5438 if (err)
5439 return err;
5440
5441 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5442 if (!msg)
5443 return -ENOMEM;
5444
5445 if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0,
5446 dev, dst, next_hop, &pinfo) < 0) {
5447 nlmsg_free(msg);
5448 return -ENOBUFS;
5449 }
5450
5451 return genlmsg_reply(msg, info);
5452}
5453
5454static int nl80211_set_mpath(struct sk_buff *skb, struct genl_info *info)
5455{
5456 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5457 struct net_device *dev = info->user_ptr[1];
5458 u8 *dst = NULL;
5459 u8 *next_hop = NULL;
5460
5461 if (!info->attrs[NL80211_ATTR_MAC])
5462 return -EINVAL;
5463
5464 if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
5465 return -EINVAL;
5466
5467 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
5468 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
5469
5470 if (!rdev->ops->change_mpath)
5471 return -EOPNOTSUPP;
5472
5473 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
5474 return -EOPNOTSUPP;
5475
5476 return rdev_change_mpath(rdev, dev, dst, next_hop);
5477}
5478
5479static int nl80211_new_mpath(struct sk_buff *skb, struct genl_info *info)
5480{
5481 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5482 struct net_device *dev = info->user_ptr[1];
5483 u8 *dst = NULL;
5484 u8 *next_hop = NULL;
5485
5486 if (!info->attrs[NL80211_ATTR_MAC])
5487 return -EINVAL;
5488
5489 if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
5490 return -EINVAL;
5491
5492 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
5493 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
5494
5495 if (!rdev->ops->add_mpath)
5496 return -EOPNOTSUPP;
5497
5498 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
5499 return -EOPNOTSUPP;
5500
5501 return rdev_add_mpath(rdev, dev, dst, next_hop);
5502}
5503
5504static int nl80211_del_mpath(struct sk_buff *skb, struct genl_info *info)
5505{
5506 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5507 struct net_device *dev = info->user_ptr[1];
5508 u8 *dst = NULL;
5509
5510 if (info->attrs[NL80211_ATTR_MAC])
5511 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
5512
5513 if (!rdev->ops->del_mpath)
5514 return -EOPNOTSUPP;
5515
5516 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
5517 return -EOPNOTSUPP;
5518
5519 return rdev_del_mpath(rdev, dev, dst);
5520}
5521
5522static int nl80211_get_mpp(struct sk_buff *skb, struct genl_info *info)
5523{
5524 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5525 int err;
5526 struct net_device *dev = info->user_ptr[1];
5527 struct mpath_info pinfo;
5528 struct sk_buff *msg;
5529 u8 *dst = NULL;
5530 u8 mpp[ETH_ALEN];
5531
5532 memset(&pinfo, 0, sizeof(pinfo));
5533
5534 if (!info->attrs[NL80211_ATTR_MAC])
5535 return -EINVAL;
5536
5537 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
5538
5539 if (!rdev->ops->get_mpp)
5540 return -EOPNOTSUPP;
5541
5542 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
5543 return -EOPNOTSUPP;
5544
5545 err = rdev_get_mpp(rdev, dev, dst, mpp, &pinfo);
5546 if (err)
5547 return err;
5548
5549 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5550 if (!msg)
5551 return -ENOMEM;
5552
5553 if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0,
5554 dev, dst, mpp, &pinfo) < 0) {
5555 nlmsg_free(msg);
5556 return -ENOBUFS;
5557 }
5558
5559 return genlmsg_reply(msg, info);
5560}
5561
5562static int nl80211_dump_mpp(struct sk_buff *skb,
5563 struct netlink_callback *cb)
5564{
5565 struct mpath_info pinfo;
5566 struct cfg80211_registered_device *rdev;
5567 struct wireless_dev *wdev;
5568 u8 dst[ETH_ALEN];
5569 u8 mpp[ETH_ALEN];
5570 int path_idx = cb->args[2];
5571 int err;
5572
5573 rtnl_lock();
5574 err = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev);
5575 if (err)
5576 goto out_err;
5577
5578 if (!rdev->ops->dump_mpp) {
5579 err = -EOPNOTSUPP;
5580 goto out_err;
5581 }
5582
5583 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) {
5584 err = -EOPNOTSUPP;
5585 goto out_err;
5586 }
5587
5588 while (1) {
5589 err = rdev_dump_mpp(rdev, wdev->netdev, path_idx, dst,
5590 mpp, &pinfo);
5591 if (err == -ENOENT)
5592 break;
5593 if (err)
5594 goto out_err;
5595
5596 if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid,
5597 cb->nlh->nlmsg_seq, NLM_F_MULTI,
5598 wdev->netdev, dst, mpp,
5599 &pinfo) < 0)
5600 goto out;
5601
5602 path_idx++;
5603 }
5604
5605 out:
5606 cb->args[2] = path_idx;
5607 err = skb->len;
5608 out_err:
5609 rtnl_unlock();
5610 return err;
5611}
5612
5613static int nl80211_set_bss(struct sk_buff *skb, struct genl_info *info)
5614{
5615 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5616 struct net_device *dev = info->user_ptr[1];
5617 struct wireless_dev *wdev = dev->ieee80211_ptr;
5618 struct bss_parameters params;
5619 int err;
5620
5621 memset(&params, 0, sizeof(params));
5622 /* default to not changing parameters */
5623 params.use_cts_prot = -1;
5624 params.use_short_preamble = -1;
5625 params.use_short_slot_time = -1;
5626 params.ap_isolate = -1;
5627 params.ht_opmode = -1;
5628 params.p2p_ctwindow = -1;
5629 params.p2p_opp_ps = -1;
5630
5631 if (info->attrs[NL80211_ATTR_BSS_CTS_PROT])
5632 params.use_cts_prot =
5633 nla_get_u8(info->attrs[NL80211_ATTR_BSS_CTS_PROT]);
5634 if (info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE])
5635 params.use_short_preamble =
5636 nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]);
5637 if (info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME])
5638 params.use_short_slot_time =
5639 nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]);
5640 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
5641 params.basic_rates =
5642 nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
5643 params.basic_rates_len =
5644 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
5645 }
5646 if (info->attrs[NL80211_ATTR_AP_ISOLATE])
5647 params.ap_isolate = !!nla_get_u8(info->attrs[NL80211_ATTR_AP_ISOLATE]);
5648 if (info->attrs[NL80211_ATTR_BSS_HT_OPMODE])
5649 params.ht_opmode =
5650 nla_get_u16(info->attrs[NL80211_ATTR_BSS_HT_OPMODE]);
5651
5652 if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
5653 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
5654 return -EINVAL;
5655 params.p2p_ctwindow =
5656 nla_get_s8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
5657 if (params.p2p_ctwindow < 0)
5658 return -EINVAL;
5659 if (params.p2p_ctwindow != 0 &&
5660 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN))
5661 return -EINVAL;
5662 }
5663
5664 if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
5665 u8 tmp;
5666
5667 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
5668 return -EINVAL;
5669 tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
5670 if (tmp > 1)
5671 return -EINVAL;
5672 params.p2p_opp_ps = tmp;
5673 if (params.p2p_opp_ps &&
5674 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS))
5675 return -EINVAL;
5676 }
5677
5678 if (!rdev->ops->change_bss)
5679 return -EOPNOTSUPP;
5680
5681 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
5682 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
5683 return -EOPNOTSUPP;
5684
5685 wdev_lock(wdev);
5686 err = rdev_change_bss(rdev, dev, &params);
5687 wdev_unlock(wdev);
5688
5689 return err;
5690}
5691
5692static int nl80211_req_set_reg(struct sk_buff *skb, struct genl_info *info)
5693{
5694 char *data = NULL;
5695 bool is_indoor;
5696 enum nl80211_user_reg_hint_type user_reg_hint_type;
5697 u32 owner_nlportid;
5698
5699 /*
5700 * You should only get this when cfg80211 hasn't yet initialized
5701 * completely when built-in to the kernel right between the time
5702 * window between nl80211_init() and regulatory_init(), if that is
5703 * even possible.
5704 */
5705 if (unlikely(!rcu_access_pointer(cfg80211_regdomain)))
5706 return -EINPROGRESS;
5707
5708 if (info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE])
5709 user_reg_hint_type =
5710 nla_get_u32(info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE]);
5711 else
5712 user_reg_hint_type = NL80211_USER_REG_HINT_USER;
5713
5714 switch (user_reg_hint_type) {
5715 case NL80211_USER_REG_HINT_USER:
5716 case NL80211_USER_REG_HINT_CELL_BASE:
5717 if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
5718 return -EINVAL;
5719
5720 data = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
5721 return regulatory_hint_user(data, user_reg_hint_type);
5722 case NL80211_USER_REG_HINT_INDOOR:
5723 if (info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
5724 owner_nlportid = info->snd_portid;
5725 is_indoor = !!info->attrs[NL80211_ATTR_REG_INDOOR];
5726 } else {
5727 owner_nlportid = 0;
5728 is_indoor = true;
5729 }
5730
5731 return regulatory_hint_indoor(is_indoor, owner_nlportid);
5732 default:
5733 return -EINVAL;
5734 }
5735}
5736
5737static int nl80211_get_mesh_config(struct sk_buff *skb,
5738 struct genl_info *info)
5739{
5740 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5741 struct net_device *dev = info->user_ptr[1];
5742 struct wireless_dev *wdev = dev->ieee80211_ptr;
5743 struct mesh_config cur_params;
5744 int err = 0;
5745 void *hdr;
5746 struct nlattr *pinfoattr;
5747 struct sk_buff *msg;
5748
5749 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
5750 return -EOPNOTSUPP;
5751
5752 if (!rdev->ops->get_mesh_config)
5753 return -EOPNOTSUPP;
5754
5755 wdev_lock(wdev);
5756 /* If not connected, get default parameters */
5757 if (!wdev->mesh_id_len)
5758 memcpy(&cur_params, &default_mesh_config, sizeof(cur_params));
5759 else
5760 err = rdev_get_mesh_config(rdev, dev, &cur_params);
5761 wdev_unlock(wdev);
5762
5763 if (err)
5764 return err;
5765
5766 /* Draw up a netlink message to send back */
5767 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5768 if (!msg)
5769 return -ENOMEM;
5770 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
5771 NL80211_CMD_GET_MESH_CONFIG);
5772 if (!hdr)
5773 goto out;
5774 pinfoattr = nla_nest_start(msg, NL80211_ATTR_MESH_CONFIG);
5775 if (!pinfoattr)
5776 goto nla_put_failure;
5777 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
5778 nla_put_u16(msg, NL80211_MESHCONF_RETRY_TIMEOUT,
5779 cur_params.dot11MeshRetryTimeout) ||
5780 nla_put_u16(msg, NL80211_MESHCONF_CONFIRM_TIMEOUT,
5781 cur_params.dot11MeshConfirmTimeout) ||
5782 nla_put_u16(msg, NL80211_MESHCONF_HOLDING_TIMEOUT,
5783 cur_params.dot11MeshHoldingTimeout) ||
5784 nla_put_u16(msg, NL80211_MESHCONF_MAX_PEER_LINKS,
5785 cur_params.dot11MeshMaxPeerLinks) ||
5786 nla_put_u8(msg, NL80211_MESHCONF_MAX_RETRIES,
5787 cur_params.dot11MeshMaxRetries) ||
5788 nla_put_u8(msg, NL80211_MESHCONF_TTL,
5789 cur_params.dot11MeshTTL) ||
5790 nla_put_u8(msg, NL80211_MESHCONF_ELEMENT_TTL,
5791 cur_params.element_ttl) ||
5792 nla_put_u8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
5793 cur_params.auto_open_plinks) ||
5794 nla_put_u32(msg, NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
5795 cur_params.dot11MeshNbrOffsetMaxNeighbor) ||
5796 nla_put_u8(msg, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
5797 cur_params.dot11MeshHWMPmaxPREQretries) ||
5798 nla_put_u32(msg, NL80211_MESHCONF_PATH_REFRESH_TIME,
5799 cur_params.path_refresh_time) ||
5800 nla_put_u16(msg, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
5801 cur_params.min_discovery_timeout) ||
5802 nla_put_u32(msg, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
5803 cur_params.dot11MeshHWMPactivePathTimeout) ||
5804 nla_put_u16(msg, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
5805 cur_params.dot11MeshHWMPpreqMinInterval) ||
5806 nla_put_u16(msg, NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
5807 cur_params.dot11MeshHWMPperrMinInterval) ||
5808 nla_put_u16(msg, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
5809 cur_params.dot11MeshHWMPnetDiameterTraversalTime) ||
5810 nla_put_u8(msg, NL80211_MESHCONF_HWMP_ROOTMODE,
5811 cur_params.dot11MeshHWMPRootMode) ||
5812 nla_put_u16(msg, NL80211_MESHCONF_HWMP_RANN_INTERVAL,
5813 cur_params.dot11MeshHWMPRannInterval) ||
5814 nla_put_u8(msg, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
5815 cur_params.dot11MeshGateAnnouncementProtocol) ||
5816 nla_put_u8(msg, NL80211_MESHCONF_FORWARDING,
5817 cur_params.dot11MeshForwarding) ||
5818 nla_put_s32(msg, NL80211_MESHCONF_RSSI_THRESHOLD,
5819 cur_params.rssi_threshold) ||
5820 nla_put_u32(msg, NL80211_MESHCONF_HT_OPMODE,
5821 cur_params.ht_opmode) ||
5822 nla_put_u32(msg, NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
5823 cur_params.dot11MeshHWMPactivePathToRootTimeout) ||
5824 nla_put_u16(msg, NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
5825 cur_params.dot11MeshHWMProotInterval) ||
5826 nla_put_u16(msg, NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
5827 cur_params.dot11MeshHWMPconfirmationInterval) ||
5828 nla_put_u32(msg, NL80211_MESHCONF_POWER_MODE,
5829 cur_params.power_mode) ||
5830 nla_put_u16(msg, NL80211_MESHCONF_AWAKE_WINDOW,
5831 cur_params.dot11MeshAwakeWindowDuration) ||
5832 nla_put_u32(msg, NL80211_MESHCONF_PLINK_TIMEOUT,
5833 cur_params.plink_timeout))
5834 goto nla_put_failure;
5835 nla_nest_end(msg, pinfoattr);
5836 genlmsg_end(msg, hdr);
5837 return genlmsg_reply(msg, info);
5838
5839 nla_put_failure:
5840 genlmsg_cancel(msg, hdr);
5841 out:
5842 nlmsg_free(msg);
5843 return -ENOBUFS;
5844}
5845
5846static const struct nla_policy nl80211_meshconf_params_policy[NL80211_MESHCONF_ATTR_MAX+1] = {
5847 [NL80211_MESHCONF_RETRY_TIMEOUT] = { .type = NLA_U16 },
5848 [NL80211_MESHCONF_CONFIRM_TIMEOUT] = { .type = NLA_U16 },
5849 [NL80211_MESHCONF_HOLDING_TIMEOUT] = { .type = NLA_U16 },
5850 [NL80211_MESHCONF_MAX_PEER_LINKS] = { .type = NLA_U16 },
5851 [NL80211_MESHCONF_MAX_RETRIES] = { .type = NLA_U8 },
5852 [NL80211_MESHCONF_TTL] = { .type = NLA_U8 },
5853 [NL80211_MESHCONF_ELEMENT_TTL] = { .type = NLA_U8 },
5854 [NL80211_MESHCONF_AUTO_OPEN_PLINKS] = { .type = NLA_U8 },
5855 [NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR] = { .type = NLA_U32 },
5856 [NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES] = { .type = NLA_U8 },
5857 [NL80211_MESHCONF_PATH_REFRESH_TIME] = { .type = NLA_U32 },
5858 [NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT] = { .type = NLA_U16 },
5859 [NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT] = { .type = NLA_U32 },
5860 [NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL] = { .type = NLA_U16 },
5861 [NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL] = { .type = NLA_U16 },
5862 [NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME] = { .type = NLA_U16 },
5863 [NL80211_MESHCONF_HWMP_ROOTMODE] = { .type = NLA_U8 },
5864 [NL80211_MESHCONF_HWMP_RANN_INTERVAL] = { .type = NLA_U16 },
5865 [NL80211_MESHCONF_GATE_ANNOUNCEMENTS] = { .type = NLA_U8 },
5866 [NL80211_MESHCONF_FORWARDING] = { .type = NLA_U8 },
5867 [NL80211_MESHCONF_RSSI_THRESHOLD] = { .type = NLA_U32 },
5868 [NL80211_MESHCONF_HT_OPMODE] = { .type = NLA_U16 },
5869 [NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT] = { .type = NLA_U32 },
5870 [NL80211_MESHCONF_HWMP_ROOT_INTERVAL] = { .type = NLA_U16 },
5871 [NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL] = { .type = NLA_U16 },
5872 [NL80211_MESHCONF_POWER_MODE] = { .type = NLA_U32 },
5873 [NL80211_MESHCONF_AWAKE_WINDOW] = { .type = NLA_U16 },
5874 [NL80211_MESHCONF_PLINK_TIMEOUT] = { .type = NLA_U32 },
5875};
5876
5877static const struct nla_policy
5878 nl80211_mesh_setup_params_policy[NL80211_MESH_SETUP_ATTR_MAX+1] = {
5879 [NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC] = { .type = NLA_U8 },
5880 [NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL] = { .type = NLA_U8 },
5881 [NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC] = { .type = NLA_U8 },
5882 [NL80211_MESH_SETUP_USERSPACE_AUTH] = { .type = NLA_FLAG },
5883 [NL80211_MESH_SETUP_AUTH_PROTOCOL] = { .type = NLA_U8 },
5884 [NL80211_MESH_SETUP_USERSPACE_MPM] = { .type = NLA_FLAG },
5885 [NL80211_MESH_SETUP_IE] = { .type = NLA_BINARY,
5886 .len = IEEE80211_MAX_DATA_LEN },
5887 [NL80211_MESH_SETUP_USERSPACE_AMPE] = { .type = NLA_FLAG },
5888};
5889
5890static int nl80211_check_bool(const struct nlattr *nla, u8 min, u8 max, bool *out)
5891{
5892 u8 val = nla_get_u8(nla);
5893 if (val < min || val > max)
5894 return -EINVAL;
5895 *out = val;
5896 return 0;
5897}
5898
5899static int nl80211_check_u8(const struct nlattr *nla, u8 min, u8 max, u8 *out)
5900{
5901 u8 val = nla_get_u8(nla);
5902 if (val < min || val > max)
5903 return -EINVAL;
5904 *out = val;
5905 return 0;
5906}
5907
5908static int nl80211_check_u16(const struct nlattr *nla, u16 min, u16 max, u16 *out)
5909{
5910 u16 val = nla_get_u16(nla);
5911 if (val < min || val > max)
5912 return -EINVAL;
5913 *out = val;
5914 return 0;
5915}
5916
5917static int nl80211_check_u32(const struct nlattr *nla, u32 min, u32 max, u32 *out)
5918{
5919 u32 val = nla_get_u32(nla);
5920 if (val < min || val > max)
5921 return -EINVAL;
5922 *out = val;
5923 return 0;
5924}
5925
5926static int nl80211_check_s32(const struct nlattr *nla, s32 min, s32 max, s32 *out)
5927{
5928 s32 val = nla_get_s32(nla);
5929 if (val < min || val > max)
5930 return -EINVAL;
5931 *out = val;
5932 return 0;
5933}
5934
5935static int nl80211_check_power_mode(const struct nlattr *nla,
5936 enum nl80211_mesh_power_mode min,
5937 enum nl80211_mesh_power_mode max,
5938 enum nl80211_mesh_power_mode *out)
5939{
5940 u32 val = nla_get_u32(nla);
5941 if (val < min || val > max)
5942 return -EINVAL;
5943 *out = val;
5944 return 0;
5945}
5946
5947static int nl80211_parse_mesh_config(struct genl_info *info,
5948 struct mesh_config *cfg,
5949 u32 *mask_out)
5950{
5951 struct nlattr *tb[NL80211_MESHCONF_ATTR_MAX + 1];
5952 u32 mask = 0;
5953 u16 ht_opmode;
5954
5955#define FILL_IN_MESH_PARAM_IF_SET(tb, cfg, param, min, max, mask, attr, fn) \
5956do { \
5957 if (tb[attr]) { \
5958 if (fn(tb[attr], min, max, &cfg->param)) \
5959 return -EINVAL; \
5960 mask |= (1 << (attr - 1)); \
5961 } \
5962} while (0)
5963
5964 if (!info->attrs[NL80211_ATTR_MESH_CONFIG])
5965 return -EINVAL;
5966 if (nla_parse_nested(tb, NL80211_MESHCONF_ATTR_MAX,
5967 info->attrs[NL80211_ATTR_MESH_CONFIG],
5968 nl80211_meshconf_params_policy, info->extack))
5969 return -EINVAL;
5970
5971 /* This makes sure that there aren't more than 32 mesh config
5972 * parameters (otherwise our bitfield scheme would not work.) */
5973 BUILD_BUG_ON(NL80211_MESHCONF_ATTR_MAX > 32);
5974
5975 /* Fill in the params struct */
5976 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshRetryTimeout, 1, 255,
5977 mask, NL80211_MESHCONF_RETRY_TIMEOUT,
5978 nl80211_check_u16);
5979 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConfirmTimeout, 1, 255,
5980 mask, NL80211_MESHCONF_CONFIRM_TIMEOUT,
5981 nl80211_check_u16);
5982 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHoldingTimeout, 1, 255,
5983 mask, NL80211_MESHCONF_HOLDING_TIMEOUT,
5984 nl80211_check_u16);
5985 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxPeerLinks, 0, 255,
5986 mask, NL80211_MESHCONF_MAX_PEER_LINKS,
5987 nl80211_check_u16);
5988 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxRetries, 0, 16,
5989 mask, NL80211_MESHCONF_MAX_RETRIES,
5990 nl80211_check_u8);
5991 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshTTL, 1, 255,
5992 mask, NL80211_MESHCONF_TTL, nl80211_check_u8);
5993 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, element_ttl, 1, 255,
5994 mask, NL80211_MESHCONF_ELEMENT_TTL,
5995 nl80211_check_u8);
5996 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, auto_open_plinks, 0, 1,
5997 mask, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
5998 nl80211_check_bool);
5999 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshNbrOffsetMaxNeighbor,
6000 1, 255, mask,
6001 NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
6002 nl80211_check_u32);
6003 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPmaxPREQretries, 0, 255,
6004 mask, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
6005 nl80211_check_u8);
6006 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, path_refresh_time, 1, 65535,
6007 mask, NL80211_MESHCONF_PATH_REFRESH_TIME,
6008 nl80211_check_u32);
6009 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, min_discovery_timeout, 1, 65535,
6010 mask, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
6011 nl80211_check_u16);
6012 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathTimeout,
6013 1, 65535, mask,
6014 NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
6015 nl80211_check_u32);
6016 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPpreqMinInterval,
6017 1, 65535, mask,
6018 NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
6019 nl80211_check_u16);
6020 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPperrMinInterval,
6021 1, 65535, mask,
6022 NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
6023 nl80211_check_u16);
6024 FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
6025 dot11MeshHWMPnetDiameterTraversalTime,
6026 1, 65535, mask,
6027 NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
6028 nl80211_check_u16);
6029 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRootMode, 0, 4,
6030 mask, NL80211_MESHCONF_HWMP_ROOTMODE,
6031 nl80211_check_u8);
6032 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRannInterval, 1, 65535,
6033 mask, NL80211_MESHCONF_HWMP_RANN_INTERVAL,
6034 nl80211_check_u16);
6035 FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
6036 dot11MeshGateAnnouncementProtocol, 0, 1,
6037 mask, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
6038 nl80211_check_bool);
6039 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshForwarding, 0, 1,
6040 mask, NL80211_MESHCONF_FORWARDING,
6041 nl80211_check_bool);
6042 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, rssi_threshold, -255, 0,
6043 mask, NL80211_MESHCONF_RSSI_THRESHOLD,
6044 nl80211_check_s32);
6045 /*
6046 * Check HT operation mode based on
6047 * IEEE 802.11-2016 9.4.2.57 HT Operation element.
6048 */
6049 if (tb[NL80211_MESHCONF_HT_OPMODE]) {
6050 ht_opmode = nla_get_u16(tb[NL80211_MESHCONF_HT_OPMODE]);
6051
6052 if (ht_opmode & ~(IEEE80211_HT_OP_MODE_PROTECTION |
6053 IEEE80211_HT_OP_MODE_NON_GF_STA_PRSNT |
6054 IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT))
6055 return -EINVAL;
6056
6057 /* NON_HT_STA bit is reserved, but some programs set it */
6058 ht_opmode &= ~IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT;
6059
6060 cfg->ht_opmode = ht_opmode;
6061 mask |= (1 << (NL80211_MESHCONF_HT_OPMODE - 1));
6062 }
6063 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathToRootTimeout,
6064 1, 65535, mask,
6065 NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
6066 nl80211_check_u32);
6067 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMProotInterval, 1, 65535,
6068 mask, NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
6069 nl80211_check_u16);
6070 FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
6071 dot11MeshHWMPconfirmationInterval,
6072 1, 65535, mask,
6073 NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
6074 nl80211_check_u16);
6075 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, power_mode,
6076 NL80211_MESH_POWER_ACTIVE,
6077 NL80211_MESH_POWER_MAX,
6078 mask, NL80211_MESHCONF_POWER_MODE,
6079 nl80211_check_power_mode);
6080 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshAwakeWindowDuration,
6081 0, 65535, mask,
6082 NL80211_MESHCONF_AWAKE_WINDOW, nl80211_check_u16);
6083 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, plink_timeout, 0, 0xffffffff,
6084 mask, NL80211_MESHCONF_PLINK_TIMEOUT,
6085 nl80211_check_u32);
6086 if (mask_out)
6087 *mask_out = mask;
6088
6089 return 0;
6090
6091#undef FILL_IN_MESH_PARAM_IF_SET
6092}
6093
6094static int nl80211_parse_mesh_setup(struct genl_info *info,
6095 struct mesh_setup *setup)
6096{
6097 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6098 struct nlattr *tb[NL80211_MESH_SETUP_ATTR_MAX + 1];
6099
6100 if (!info->attrs[NL80211_ATTR_MESH_SETUP])
6101 return -EINVAL;
6102 if (nla_parse_nested(tb, NL80211_MESH_SETUP_ATTR_MAX,
6103 info->attrs[NL80211_ATTR_MESH_SETUP],
6104 nl80211_mesh_setup_params_policy, info->extack))
6105 return -EINVAL;
6106
6107 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])
6108 setup->sync_method =
6109 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])) ?
6110 IEEE80211_SYNC_METHOD_VENDOR :
6111 IEEE80211_SYNC_METHOD_NEIGHBOR_OFFSET;
6112
6113 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])
6114 setup->path_sel_proto =
6115 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])) ?
6116 IEEE80211_PATH_PROTOCOL_VENDOR :
6117 IEEE80211_PATH_PROTOCOL_HWMP;
6118
6119 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])
6120 setup->path_metric =
6121 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])) ?
6122 IEEE80211_PATH_METRIC_VENDOR :
6123 IEEE80211_PATH_METRIC_AIRTIME;
6124
6125 if (tb[NL80211_MESH_SETUP_IE]) {
6126 struct nlattr *ieattr =
6127 tb[NL80211_MESH_SETUP_IE];
6128 if (!is_valid_ie_attr(ieattr))
6129 return -EINVAL;
6130 setup->ie = nla_data(ieattr);
6131 setup->ie_len = nla_len(ieattr);
6132 }
6133 if (tb[NL80211_MESH_SETUP_USERSPACE_MPM] &&
6134 !(rdev->wiphy.features & NL80211_FEATURE_USERSPACE_MPM))
6135 return -EINVAL;
6136 setup->user_mpm = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_MPM]);
6137 setup->is_authenticated = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AUTH]);
6138 setup->is_secure = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AMPE]);
6139 if (setup->is_secure)
6140 setup->user_mpm = true;
6141
6142 if (tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]) {
6143 if (!setup->user_mpm)
6144 return -EINVAL;
6145 setup->auth_id =
6146 nla_get_u8(tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]);
6147 }
6148
6149 return 0;
6150}
6151
6152static int nl80211_update_mesh_config(struct sk_buff *skb,
6153 struct genl_info *info)
6154{
6155 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6156 struct net_device *dev = info->user_ptr[1];
6157 struct wireless_dev *wdev = dev->ieee80211_ptr;
6158 struct mesh_config cfg;
6159 u32 mask;
6160 int err;
6161
6162 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
6163 return -EOPNOTSUPP;
6164
6165 if (!rdev->ops->update_mesh_config)
6166 return -EOPNOTSUPP;
6167
6168 err = nl80211_parse_mesh_config(info, &cfg, &mask);
6169 if (err)
6170 return err;
6171
6172 wdev_lock(wdev);
6173 if (!wdev->mesh_id_len)
6174 err = -ENOLINK;
6175
6176 if (!err)
6177 err = rdev_update_mesh_config(rdev, dev, mask, &cfg);
6178
6179 wdev_unlock(wdev);
6180
6181 return err;
6182}
6183
6184static int nl80211_put_regdom(const struct ieee80211_regdomain *regdom,
6185 struct sk_buff *msg)
6186{
6187 struct nlattr *nl_reg_rules;
6188 unsigned int i;
6189
6190 if (nla_put_string(msg, NL80211_ATTR_REG_ALPHA2, regdom->alpha2) ||
6191 (regdom->dfs_region &&
6192 nla_put_u8(msg, NL80211_ATTR_DFS_REGION, regdom->dfs_region)))
6193 goto nla_put_failure;
6194
6195 nl_reg_rules = nla_nest_start(msg, NL80211_ATTR_REG_RULES);
6196 if (!nl_reg_rules)
6197 goto nla_put_failure;
6198
6199 for (i = 0; i < regdom->n_reg_rules; i++) {
6200 struct nlattr *nl_reg_rule;
6201 const struct ieee80211_reg_rule *reg_rule;
6202 const struct ieee80211_freq_range *freq_range;
6203 const struct ieee80211_power_rule *power_rule;
6204 unsigned int max_bandwidth_khz;
6205
6206 reg_rule = &regdom->reg_rules[i];
6207 freq_range = &reg_rule->freq_range;
6208 power_rule = &reg_rule->power_rule;
6209
6210 nl_reg_rule = nla_nest_start(msg, i);
6211 if (!nl_reg_rule)
6212 goto nla_put_failure;
6213
6214 max_bandwidth_khz = freq_range->max_bandwidth_khz;
6215 if (!max_bandwidth_khz)
6216 max_bandwidth_khz = reg_get_max_bandwidth(regdom,
6217 reg_rule);
6218
6219 if (nla_put_u32(msg, NL80211_ATTR_REG_RULE_FLAGS,
6220 reg_rule->flags) ||
6221 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_START,
6222 freq_range->start_freq_khz) ||
6223 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_END,
6224 freq_range->end_freq_khz) ||
6225 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_MAX_BW,
6226 max_bandwidth_khz) ||
6227 nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN,
6228 power_rule->max_antenna_gain) ||
6229 nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_EIRP,
6230 power_rule->max_eirp) ||
6231 nla_put_u32(msg, NL80211_ATTR_DFS_CAC_TIME,
6232 reg_rule->dfs_cac_ms))
6233 goto nla_put_failure;
6234
6235 nla_nest_end(msg, nl_reg_rule);
6236 }
6237
6238 nla_nest_end(msg, nl_reg_rules);
6239 return 0;
6240
6241nla_put_failure:
6242 return -EMSGSIZE;
6243}
6244
6245static int nl80211_get_reg_do(struct sk_buff *skb, struct genl_info *info)
6246{
6247 const struct ieee80211_regdomain *regdom = NULL;
6248 struct cfg80211_registered_device *rdev;
6249 struct wiphy *wiphy = NULL;
6250 struct sk_buff *msg;
6251 void *hdr;
6252
6253 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
6254 if (!msg)
6255 return -ENOBUFS;
6256
6257 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
6258 NL80211_CMD_GET_REG);
6259 if (!hdr)
6260 goto put_failure;
6261
6262 if (info->attrs[NL80211_ATTR_WIPHY]) {
6263 bool self_managed;
6264
6265 rdev = cfg80211_get_dev_from_info(genl_info_net(info), info);
6266 if (IS_ERR(rdev)) {
6267 nlmsg_free(msg);
6268 return PTR_ERR(rdev);
6269 }
6270
6271 wiphy = &rdev->wiphy;
6272 self_managed = wiphy->regulatory_flags &
6273 REGULATORY_WIPHY_SELF_MANAGED;
6274 regdom = get_wiphy_regdom(wiphy);
6275
6276 /* a self-managed-reg device must have a private regdom */
6277 if (WARN_ON(!regdom && self_managed)) {
6278 nlmsg_free(msg);
6279 return -EINVAL;
6280 }
6281
6282 if (regdom &&
6283 nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
6284 goto nla_put_failure;
6285 }
6286
6287 if (!wiphy && reg_last_request_cell_base() &&
6288 nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE,
6289 NL80211_USER_REG_HINT_CELL_BASE))
6290 goto nla_put_failure;
6291
6292 rcu_read_lock();
6293
6294 if (!regdom)
6295 regdom = rcu_dereference(cfg80211_regdomain);
6296
6297 if (nl80211_put_regdom(regdom, msg))
6298 goto nla_put_failure_rcu;
6299
6300 rcu_read_unlock();
6301
6302 genlmsg_end(msg, hdr);
6303 return genlmsg_reply(msg, info);
6304
6305nla_put_failure_rcu:
6306 rcu_read_unlock();
6307nla_put_failure:
6308 genlmsg_cancel(msg, hdr);
6309put_failure:
6310 nlmsg_free(msg);
6311 return -EMSGSIZE;
6312}
6313
6314static int nl80211_send_regdom(struct sk_buff *msg, struct netlink_callback *cb,
6315 u32 seq, int flags, struct wiphy *wiphy,
6316 const struct ieee80211_regdomain *regdom)
6317{
6318 void *hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags,
6319 NL80211_CMD_GET_REG);
6320
6321 if (!hdr)
6322 return -1;
6323
6324 genl_dump_check_consistent(cb, hdr, &nl80211_fam);
6325
6326 if (nl80211_put_regdom(regdom, msg))
6327 goto nla_put_failure;
6328
6329 if (!wiphy && reg_last_request_cell_base() &&
6330 nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE,
6331 NL80211_USER_REG_HINT_CELL_BASE))
6332 goto nla_put_failure;
6333
6334 if (wiphy &&
6335 nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
6336 goto nla_put_failure;
6337
6338 if (wiphy && wiphy->regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
6339 nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
6340 goto nla_put_failure;
6341
6342 genlmsg_end(msg, hdr);
6343 return 0;
6344
6345nla_put_failure:
6346 genlmsg_cancel(msg, hdr);
6347 return -EMSGSIZE;
6348}
6349
6350static int nl80211_get_reg_dump(struct sk_buff *skb,
6351 struct netlink_callback *cb)
6352{
6353 const struct ieee80211_regdomain *regdom = NULL;
6354 struct cfg80211_registered_device *rdev;
6355 int err, reg_idx, start = cb->args[2];
6356
6357 rtnl_lock();
6358
6359 if (cfg80211_regdomain && start == 0) {
6360 err = nl80211_send_regdom(skb, cb, cb->nlh->nlmsg_seq,
6361 NLM_F_MULTI, NULL,
6362 rtnl_dereference(cfg80211_regdomain));
6363 if (err < 0)
6364 goto out_err;
6365 }
6366
6367 /* the global regdom is idx 0 */
6368 reg_idx = 1;
6369 list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
6370 regdom = get_wiphy_regdom(&rdev->wiphy);
6371 if (!regdom)
6372 continue;
6373
6374 if (++reg_idx <= start)
6375 continue;
6376
6377 err = nl80211_send_regdom(skb, cb, cb->nlh->nlmsg_seq,
6378 NLM_F_MULTI, &rdev->wiphy, regdom);
6379 if (err < 0) {
6380 reg_idx--;
6381 break;
6382 }
6383 }
6384
6385 cb->args[2] = reg_idx;
6386 err = skb->len;
6387out_err:
6388 rtnl_unlock();
6389 return err;
6390}
6391
6392#ifdef CONFIG_CFG80211_CRDA_SUPPORT
6393static const struct nla_policy reg_rule_policy[NL80211_REG_RULE_ATTR_MAX + 1] = {
6394 [NL80211_ATTR_REG_RULE_FLAGS] = { .type = NLA_U32 },
6395 [NL80211_ATTR_FREQ_RANGE_START] = { .type = NLA_U32 },
6396 [NL80211_ATTR_FREQ_RANGE_END] = { .type = NLA_U32 },
6397 [NL80211_ATTR_FREQ_RANGE_MAX_BW] = { .type = NLA_U32 },
6398 [NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN] = { .type = NLA_U32 },
6399 [NL80211_ATTR_POWER_RULE_MAX_EIRP] = { .type = NLA_U32 },
6400 [NL80211_ATTR_DFS_CAC_TIME] = { .type = NLA_U32 },
6401};
6402
6403static int parse_reg_rule(struct nlattr *tb[],
6404 struct ieee80211_reg_rule *reg_rule)
6405{
6406 struct ieee80211_freq_range *freq_range = &reg_rule->freq_range;
6407 struct ieee80211_power_rule *power_rule = &reg_rule->power_rule;
6408
6409 if (!tb[NL80211_ATTR_REG_RULE_FLAGS])
6410 return -EINVAL;
6411 if (!tb[NL80211_ATTR_FREQ_RANGE_START])
6412 return -EINVAL;
6413 if (!tb[NL80211_ATTR_FREQ_RANGE_END])
6414 return -EINVAL;
6415 if (!tb[NL80211_ATTR_FREQ_RANGE_MAX_BW])
6416 return -EINVAL;
6417 if (!tb[NL80211_ATTR_POWER_RULE_MAX_EIRP])
6418 return -EINVAL;
6419
6420 reg_rule->flags = nla_get_u32(tb[NL80211_ATTR_REG_RULE_FLAGS]);
6421
6422 freq_range->start_freq_khz =
6423 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]);
6424 freq_range->end_freq_khz =
6425 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]);
6426 freq_range->max_bandwidth_khz =
6427 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]);
6428
6429 power_rule->max_eirp =
6430 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]);
6431
6432 if (tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN])
6433 power_rule->max_antenna_gain =
6434 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]);
6435
6436 if (tb[NL80211_ATTR_DFS_CAC_TIME])
6437 reg_rule->dfs_cac_ms =
6438 nla_get_u32(tb[NL80211_ATTR_DFS_CAC_TIME]);
6439
6440 return 0;
6441}
6442
6443static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info)
6444{
6445 struct nlattr *tb[NL80211_REG_RULE_ATTR_MAX + 1];
6446 struct nlattr *nl_reg_rule;
6447 char *alpha2;
6448 int rem_reg_rules, r;
6449 u32 num_rules = 0, rule_idx = 0, size_of_regd;
6450 enum nl80211_dfs_regions dfs_region = NL80211_DFS_UNSET;
6451 struct ieee80211_regdomain *rd;
6452
6453 if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
6454 return -EINVAL;
6455
6456 if (!info->attrs[NL80211_ATTR_REG_RULES])
6457 return -EINVAL;
6458
6459 alpha2 = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
6460
6461 if (info->attrs[NL80211_ATTR_DFS_REGION])
6462 dfs_region = nla_get_u8(info->attrs[NL80211_ATTR_DFS_REGION]);
6463
6464 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
6465 rem_reg_rules) {
6466 num_rules++;
6467 if (num_rules > NL80211_MAX_SUPP_REG_RULES)
6468 return -EINVAL;
6469 }
6470
6471 if (!reg_is_valid_request(alpha2))
6472 return -EINVAL;
6473
6474 size_of_regd = sizeof(struct ieee80211_regdomain) +
6475 num_rules * sizeof(struct ieee80211_reg_rule);
6476
6477 rd = kzalloc(size_of_regd, GFP_KERNEL);
6478 if (!rd)
6479 return -ENOMEM;
6480
6481 rd->n_reg_rules = num_rules;
6482 rd->alpha2[0] = alpha2[0];
6483 rd->alpha2[1] = alpha2[1];
6484
6485 /*
6486 * Disable DFS master mode if the DFS region was
6487 * not supported or known on this kernel.
6488 */
6489 if (reg_supported_dfs_region(dfs_region))
6490 rd->dfs_region = dfs_region;
6491
6492 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
6493 rem_reg_rules) {
6494 r = nla_parse_nested(tb, NL80211_REG_RULE_ATTR_MAX,
6495 nl_reg_rule, reg_rule_policy,
6496 info->extack);
6497 if (r)
6498 goto bad_reg;
6499 r = parse_reg_rule(tb, &rd->reg_rules[rule_idx]);
6500 if (r)
6501 goto bad_reg;
6502
6503 rule_idx++;
6504
6505 if (rule_idx > NL80211_MAX_SUPP_REG_RULES) {
6506 r = -EINVAL;
6507 goto bad_reg;
6508 }
6509 }
6510
6511 /* set_regdom takes ownership of rd */
6512 return set_regdom(rd, REGD_SOURCE_CRDA);
6513 bad_reg:
6514 kfree(rd);
6515 return r;
6516}
6517#endif /* CONFIG_CFG80211_CRDA_SUPPORT */
6518
6519static int validate_scan_freqs(struct nlattr *freqs)
6520{
6521 struct nlattr *attr1, *attr2;
6522 int n_channels = 0, tmp1, tmp2;
6523
6524 nla_for_each_nested(attr1, freqs, tmp1)
6525 if (nla_len(attr1) != sizeof(u32))
6526 return 0;
6527
6528 nla_for_each_nested(attr1, freqs, tmp1) {
6529 n_channels++;
6530 /*
6531 * Some hardware has a limited channel list for
6532 * scanning, and it is pretty much nonsensical
6533 * to scan for a channel twice, so disallow that
6534 * and don't require drivers to check that the
6535 * channel list they get isn't longer than what
6536 * they can scan, as long as they can scan all
6537 * the channels they registered at once.
6538 */
6539 nla_for_each_nested(attr2, freqs, tmp2)
6540 if (attr1 != attr2 &&
6541 nla_get_u32(attr1) == nla_get_u32(attr2))
6542 return 0;
6543 }
6544
6545 return n_channels;
6546}
6547
6548static bool is_band_valid(struct wiphy *wiphy, enum nl80211_band b)
6549{
6550 return b < NUM_NL80211_BANDS && wiphy->bands[b];
6551}
6552
6553static int parse_bss_select(struct nlattr *nla, struct wiphy *wiphy,
6554 struct cfg80211_bss_selection *bss_select)
6555{
6556 struct nlattr *attr[NL80211_BSS_SELECT_ATTR_MAX + 1];
6557 struct nlattr *nest;
6558 int err;
6559 bool found = false;
6560 int i;
6561
6562 /* only process one nested attribute */
6563 nest = nla_data(nla);
6564 if (!nla_ok(nest, nla_len(nest)))
6565 return -EINVAL;
6566
6567 err = nla_parse_nested(attr, NL80211_BSS_SELECT_ATTR_MAX, nest,
6568 nl80211_bss_select_policy, NULL);
6569 if (err)
6570 return err;
6571
6572 /* only one attribute may be given */
6573 for (i = 0; i <= NL80211_BSS_SELECT_ATTR_MAX; i++) {
6574 if (attr[i]) {
6575 if (found)
6576 return -EINVAL;
6577 found = true;
6578 }
6579 }
6580
6581 bss_select->behaviour = __NL80211_BSS_SELECT_ATTR_INVALID;
6582
6583 if (attr[NL80211_BSS_SELECT_ATTR_RSSI])
6584 bss_select->behaviour = NL80211_BSS_SELECT_ATTR_RSSI;
6585
6586 if (attr[NL80211_BSS_SELECT_ATTR_BAND_PREF]) {
6587 bss_select->behaviour = NL80211_BSS_SELECT_ATTR_BAND_PREF;
6588 bss_select->param.band_pref =
6589 nla_get_u32(attr[NL80211_BSS_SELECT_ATTR_BAND_PREF]);
6590 if (!is_band_valid(wiphy, bss_select->param.band_pref))
6591 return -EINVAL;
6592 }
6593
6594 if (attr[NL80211_BSS_SELECT_ATTR_RSSI_ADJUST]) {
6595 struct nl80211_bss_select_rssi_adjust *adj_param;
6596
6597 adj_param = nla_data(attr[NL80211_BSS_SELECT_ATTR_RSSI_ADJUST]);
6598 bss_select->behaviour = NL80211_BSS_SELECT_ATTR_RSSI_ADJUST;
6599 bss_select->param.adjust.band = adj_param->band;
6600 bss_select->param.adjust.delta = adj_param->delta;
6601 if (!is_band_valid(wiphy, bss_select->param.adjust.band))
6602 return -EINVAL;
6603 }
6604
6605 /* user-space did not provide behaviour attribute */
6606 if (bss_select->behaviour == __NL80211_BSS_SELECT_ATTR_INVALID)
6607 return -EINVAL;
6608
6609 if (!(wiphy->bss_select_support & BIT(bss_select->behaviour)))
6610 return -EINVAL;
6611
6612 return 0;
6613}
6614
6615static int nl80211_parse_random_mac(struct nlattr **attrs,
6616 u8 *mac_addr, u8 *mac_addr_mask)
6617{
6618 int i;
6619
6620 if (!attrs[NL80211_ATTR_MAC] && !attrs[NL80211_ATTR_MAC_MASK]) {
6621 eth_zero_addr(mac_addr);
6622 eth_zero_addr(mac_addr_mask);
6623 mac_addr[0] = 0x2;
6624 mac_addr_mask[0] = 0x3;
6625
6626 return 0;
6627 }
6628
6629 /* need both or none */
6630 if (!attrs[NL80211_ATTR_MAC] || !attrs[NL80211_ATTR_MAC_MASK])
6631 return -EINVAL;
6632
6633 memcpy(mac_addr, nla_data(attrs[NL80211_ATTR_MAC]), ETH_ALEN);
6634 memcpy(mac_addr_mask, nla_data(attrs[NL80211_ATTR_MAC_MASK]), ETH_ALEN);
6635
6636 /* don't allow or configure an mcast address */
6637 if (!is_multicast_ether_addr(mac_addr_mask) ||
6638 is_multicast_ether_addr(mac_addr))
6639 return -EINVAL;
6640
6641 /*
6642 * allow users to pass a MAC address that has bits set outside
6643 * of the mask, but don't bother drivers with having to deal
6644 * with such bits
6645 */
6646 for (i = 0; i < ETH_ALEN; i++)
6647 mac_addr[i] &= mac_addr_mask[i];
6648
6649 return 0;
6650}
6651
6652static bool cfg80211_off_channel_oper_allowed(struct wireless_dev *wdev)
6653{
6654 ASSERT_WDEV_LOCK(wdev);
6655
6656 if (!cfg80211_beaconing_iface_active(wdev))
6657 return true;
6658
6659 if (!(wdev->chandef.chan->flags & IEEE80211_CHAN_RADAR))
6660 return true;
6661
6662 return regulatory_pre_cac_allowed(wdev->wiphy);
6663}
6664
6665static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info)
6666{
6667 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6668 struct wireless_dev *wdev = info->user_ptr[1];
6669 struct cfg80211_scan_request *request;
6670 struct nlattr *attr;
6671 struct wiphy *wiphy;
6672 int err, tmp, n_ssids = 0, n_channels, i;
6673 size_t ie_len;
6674
6675 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
6676 return -EINVAL;
6677
6678 wiphy = &rdev->wiphy;
6679
6680 if (wdev->iftype == NL80211_IFTYPE_NAN)
6681 return -EOPNOTSUPP;
6682
6683 if (!rdev->ops->scan)
6684 return -EOPNOTSUPP;
6685
6686 if (rdev->scan_req || rdev->scan_msg) {
6687 err = -EBUSY;
6688 goto unlock;
6689 }
6690
6691 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
6692 n_channels = validate_scan_freqs(
6693 info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
6694 if (!n_channels) {
6695 err = -EINVAL;
6696 goto unlock;
6697 }
6698 } else {
6699 n_channels = ieee80211_get_num_supported_channels(wiphy);
6700 }
6701
6702 if (info->attrs[NL80211_ATTR_SCAN_SSIDS])
6703 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp)
6704 n_ssids++;
6705
6706 if (n_ssids > wiphy->max_scan_ssids) {
6707 err = -EINVAL;
6708 goto unlock;
6709 }
6710
6711 if (info->attrs[NL80211_ATTR_IE])
6712 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
6713 else
6714 ie_len = 0;
6715
6716 if (ie_len > wiphy->max_scan_ie_len) {
6717 err = -EINVAL;
6718 goto unlock;
6719 }
6720
6721 request = kzalloc(sizeof(*request)
6722 + sizeof(*request->ssids) * n_ssids
6723 + sizeof(*request->channels) * n_channels
6724 + ie_len, GFP_KERNEL);
6725 if (!request) {
6726 err = -ENOMEM;
6727 goto unlock;
6728 }
6729
6730 if (n_ssids)
6731 request->ssids = (void *)&request->channels[n_channels];
6732 request->n_ssids = n_ssids;
6733 if (ie_len) {
6734 if (n_ssids)
6735 request->ie = (void *)(request->ssids + n_ssids);
6736 else
6737 request->ie = (void *)(request->channels + n_channels);
6738 }
6739
6740 i = 0;
6741 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
6742 /* user specified, bail out if channel not found */
6743 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_FREQUENCIES], tmp) {
6744 struct ieee80211_channel *chan;
6745
6746 chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
6747
6748 if (!chan) {
6749 err = -EINVAL;
6750 goto out_free;
6751 }
6752
6753 /* ignore disabled channels */
6754 if (chan->flags & IEEE80211_CHAN_DISABLED)
6755 continue;
6756
6757 request->channels[i] = chan;
6758 i++;
6759 }
6760 } else {
6761 enum nl80211_band band;
6762
6763 /* all channels */
6764 for (band = 0; band < NUM_NL80211_BANDS; band++) {
6765 int j;
6766
6767 if (!wiphy->bands[band])
6768 continue;
6769 for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
6770 struct ieee80211_channel *chan;
6771
6772 chan = &wiphy->bands[band]->channels[j];
6773
6774 if (chan->flags & IEEE80211_CHAN_DISABLED)
6775 continue;
6776
6777 request->channels[i] = chan;
6778 i++;
6779 }
6780 }
6781 }
6782
6783 if (!i) {
6784 err = -EINVAL;
6785 goto out_free;
6786 }
6787
6788 request->n_channels = i;
6789
6790 wdev_lock(wdev);
6791 if (!cfg80211_off_channel_oper_allowed(wdev)) {
6792 struct ieee80211_channel *chan;
6793
6794 if (request->n_channels != 1) {
6795 wdev_unlock(wdev);
6796 err = -EBUSY;
6797 goto out_free;
6798 }
6799
6800 chan = request->channels[0];
6801 if (chan->center_freq != wdev->chandef.chan->center_freq) {
6802 wdev_unlock(wdev);
6803 err = -EBUSY;
6804 goto out_free;
6805 }
6806 }
6807 wdev_unlock(wdev);
6808
6809 i = 0;
6810 if (n_ssids) {
6811 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) {
6812 if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
6813 err = -EINVAL;
6814 goto out_free;
6815 }
6816 request->ssids[i].ssid_len = nla_len(attr);
6817 memcpy(request->ssids[i].ssid, nla_data(attr), nla_len(attr));
6818 i++;
6819 }
6820 }
6821
6822 if (info->attrs[NL80211_ATTR_IE]) {
6823 request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
6824 memcpy((void *)request->ie,
6825 nla_data(info->attrs[NL80211_ATTR_IE]),
6826 request->ie_len);
6827 }
6828
6829 for (i = 0; i < NUM_NL80211_BANDS; i++)
6830 if (wiphy->bands[i])
6831 request->rates[i] =
6832 (1 << wiphy->bands[i]->n_bitrates) - 1;
6833
6834 if (info->attrs[NL80211_ATTR_SCAN_SUPP_RATES]) {
6835 nla_for_each_nested(attr,
6836 info->attrs[NL80211_ATTR_SCAN_SUPP_RATES],
6837 tmp) {
6838 enum nl80211_band band = nla_type(attr);
6839
6840 if (band < 0 || band >= NUM_NL80211_BANDS) {
6841 err = -EINVAL;
6842 goto out_free;
6843 }
6844
6845 if (!wiphy->bands[band])
6846 continue;
6847
6848 err = ieee80211_get_ratemask(wiphy->bands[band],
6849 nla_data(attr),
6850 nla_len(attr),
6851 &request->rates[band]);
6852 if (err)
6853 goto out_free;
6854 }
6855 }
6856
6857 if (info->attrs[NL80211_ATTR_MEASUREMENT_DURATION]) {
6858 if (!wiphy_ext_feature_isset(wiphy,
6859 NL80211_EXT_FEATURE_SET_SCAN_DWELL)) {
6860 err = -EOPNOTSUPP;
6861 goto out_free;
6862 }
6863
6864 request->duration =
6865 nla_get_u16(info->attrs[NL80211_ATTR_MEASUREMENT_DURATION]);
6866 request->duration_mandatory =
6867 nla_get_flag(info->attrs[NL80211_ATTR_MEASUREMENT_DURATION_MANDATORY]);
6868 }
6869
6870 if (info->attrs[NL80211_ATTR_SCAN_FLAGS]) {
6871 request->flags = nla_get_u32(
6872 info->attrs[NL80211_ATTR_SCAN_FLAGS]);
6873 if ((request->flags & NL80211_SCAN_FLAG_LOW_PRIORITY) &&
6874 !(wiphy->features & NL80211_FEATURE_LOW_PRIORITY_SCAN)) {
6875 err = -EOPNOTSUPP;
6876 goto out_free;
6877 }
6878
6879 if (request->flags & NL80211_SCAN_FLAG_RANDOM_ADDR) {
6880 if (!(wiphy->features &
6881 NL80211_FEATURE_SCAN_RANDOM_MAC_ADDR)) {
6882 err = -EOPNOTSUPP;
6883 goto out_free;
6884 }
6885
6886 if (wdev->current_bss) {
6887 err = -EOPNOTSUPP;
6888 goto out_free;
6889 }
6890
6891 err = nl80211_parse_random_mac(info->attrs,
6892 request->mac_addr,
6893 request->mac_addr_mask);
6894 if (err)
6895 goto out_free;
6896 }
6897 }
6898
6899 request->no_cck =
6900 nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
6901
6902 /* Initial implementation used NL80211_ATTR_MAC to set the specific
6903 * BSSID to scan for. This was problematic because that same attribute
6904 * was already used for another purpose (local random MAC address). The
6905 * NL80211_ATTR_BSSID attribute was added to fix this. For backwards
6906 * compatibility with older userspace components, also use the
6907 * NL80211_ATTR_MAC value here if it can be determined to be used for
6908 * the specific BSSID use case instead of the random MAC address
6909 * (NL80211_ATTR_SCAN_FLAGS is used to enable random MAC address use).
6910 */
6911 if (info->attrs[NL80211_ATTR_BSSID])
6912 memcpy(request->bssid,
6913 nla_data(info->attrs[NL80211_ATTR_BSSID]), ETH_ALEN);
6914 else if (!(request->flags & NL80211_SCAN_FLAG_RANDOM_ADDR) &&
6915 info->attrs[NL80211_ATTR_MAC])
6916 memcpy(request->bssid, nla_data(info->attrs[NL80211_ATTR_MAC]),
6917 ETH_ALEN);
6918 else
6919 eth_broadcast_addr(request->bssid);
6920
6921 request->wdev = wdev;
6922 request->wiphy = &rdev->wiphy;
6923 request->scan_start = jiffies;
6924
6925 rdev->scan_req = request;
6926 err = rdev_scan(rdev, request);
6927
6928 if (!err) {
6929 nl80211_send_scan_start(rdev, wdev);
6930 if (wdev->netdev)
6931 dev_hold(wdev->netdev);
6932 } else {
6933 out_free:
6934 rdev->scan_req = NULL;
6935 kfree(request);
6936 }
6937
6938 unlock:
6939 return err;
6940}
6941
6942static int nl80211_abort_scan(struct sk_buff *skb, struct genl_info *info)
6943{
6944 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6945 struct wireless_dev *wdev = info->user_ptr[1];
6946
6947 if (!rdev->ops->abort_scan)
6948 return -EOPNOTSUPP;
6949
6950 if (rdev->scan_msg)
6951 return 0;
6952
6953 if (!rdev->scan_req)
6954 return -ENOENT;
6955
6956 rdev_abort_scan(rdev, wdev);
6957 return 0;
6958}
6959
6960static int
6961nl80211_parse_sched_scan_plans(struct wiphy *wiphy, int n_plans,
6962 struct cfg80211_sched_scan_request *request,
6963 struct nlattr **attrs)
6964{
6965 int tmp, err, i = 0;
6966 struct nlattr *attr;
6967
6968 if (!attrs[NL80211_ATTR_SCHED_SCAN_PLANS]) {
6969 u32 interval;
6970
6971 /*
6972 * If scan plans are not specified,
6973 * %NL80211_ATTR_SCHED_SCAN_INTERVAL will be specified. In this
6974 * case one scan plan will be set with the specified scan
6975 * interval and infinite number of iterations.
6976 */
6977 interval = nla_get_u32(attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]);
6978 if (!interval)
6979 return -EINVAL;
6980
6981 request->scan_plans[0].interval =
6982 DIV_ROUND_UP(interval, MSEC_PER_SEC);
6983 if (!request->scan_plans[0].interval)
6984 return -EINVAL;
6985
6986 if (request->scan_plans[0].interval >
6987 wiphy->max_sched_scan_plan_interval)
6988 request->scan_plans[0].interval =
6989 wiphy->max_sched_scan_plan_interval;
6990
6991 return 0;
6992 }
6993
6994 nla_for_each_nested(attr, attrs[NL80211_ATTR_SCHED_SCAN_PLANS], tmp) {
6995 struct nlattr *plan[NL80211_SCHED_SCAN_PLAN_MAX + 1];
6996
6997 if (WARN_ON(i >= n_plans))
6998 return -EINVAL;
6999
7000 err = nla_parse_nested(plan, NL80211_SCHED_SCAN_PLAN_MAX,
7001 attr, nl80211_plan_policy, NULL);
7002 if (err)
7003 return err;
7004
7005 if (!plan[NL80211_SCHED_SCAN_PLAN_INTERVAL])
7006 return -EINVAL;
7007
7008 request->scan_plans[i].interval =
7009 nla_get_u32(plan[NL80211_SCHED_SCAN_PLAN_INTERVAL]);
7010 if (!request->scan_plans[i].interval ||
7011 request->scan_plans[i].interval >
7012 wiphy->max_sched_scan_plan_interval)
7013 return -EINVAL;
7014
7015 if (plan[NL80211_SCHED_SCAN_PLAN_ITERATIONS]) {
7016 request->scan_plans[i].iterations =
7017 nla_get_u32(plan[NL80211_SCHED_SCAN_PLAN_ITERATIONS]);
7018 if (!request->scan_plans[i].iterations ||
7019 (request->scan_plans[i].iterations >
7020 wiphy->max_sched_scan_plan_iterations))
7021 return -EINVAL;
7022 } else if (i < n_plans - 1) {
7023 /*
7024 * All scan plans but the last one must specify
7025 * a finite number of iterations
7026 */
7027 return -EINVAL;
7028 }
7029
7030 i++;
7031 }
7032
7033 /*
7034 * The last scan plan must not specify the number of
7035 * iterations, it is supposed to run infinitely
7036 */
7037 if (request->scan_plans[n_plans - 1].iterations)
7038 return -EINVAL;
7039
7040 return 0;
7041}
7042
7043static struct cfg80211_sched_scan_request *
7044nl80211_parse_sched_scan(struct wiphy *wiphy, struct wireless_dev *wdev,
7045 struct nlattr **attrs, int max_match_sets)
7046{
7047 struct cfg80211_sched_scan_request *request;
7048 struct nlattr *attr;
7049 int err, tmp, n_ssids = 0, n_match_sets = 0, n_channels, i, n_plans = 0;
7050 enum nl80211_band band;
7051 size_t ie_len;
7052 struct nlattr *tb[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1];
7053 s32 default_match_rssi = NL80211_SCAN_RSSI_THOLD_OFF;
7054
7055 if (!is_valid_ie_attr(attrs[NL80211_ATTR_IE]))
7056 return ERR_PTR(-EINVAL);
7057
7058 if (attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
7059 n_channels = validate_scan_freqs(
7060 attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
7061 if (!n_channels)
7062 return ERR_PTR(-EINVAL);
7063 } else {
7064 n_channels = ieee80211_get_num_supported_channels(wiphy);
7065 }
7066
7067 if (attrs[NL80211_ATTR_SCAN_SSIDS])
7068 nla_for_each_nested(attr, attrs[NL80211_ATTR_SCAN_SSIDS],
7069 tmp)
7070 n_ssids++;
7071
7072 if (n_ssids > wiphy->max_sched_scan_ssids)
7073 return ERR_PTR(-EINVAL);
7074
7075 /*
7076 * First, count the number of 'real' matchsets. Due to an issue with
7077 * the old implementation, matchsets containing only the RSSI attribute
7078 * (NL80211_SCHED_SCAN_MATCH_ATTR_RSSI) are considered as the 'default'
7079 * RSSI for all matchsets, rather than their own matchset for reporting
7080 * all APs with a strong RSSI. This is needed to be compatible with
7081 * older userspace that treated a matchset with only the RSSI as the
7082 * global RSSI for all other matchsets - if there are other matchsets.
7083 */
7084 if (attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
7085 nla_for_each_nested(attr,
7086 attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
7087 tmp) {
7088 struct nlattr *rssi;
7089
7090 err = nla_parse_nested(tb,
7091 NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
7092 attr, nl80211_match_policy,
7093 NULL);
7094 if (err)
7095 return ERR_PTR(err);
7096
7097 /* SSID and BSSID are mutually exclusive */
7098 if (tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID] &&
7099 tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID])
7100 return ERR_PTR(-EINVAL);
7101
7102 /* add other standalone attributes here */
7103 if (tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID] ||
7104 tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID]) {
7105 n_match_sets++;
7106 continue;
7107 }
7108 rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
7109 if (rssi)
7110 default_match_rssi = nla_get_s32(rssi);
7111 }
7112 }
7113
7114 /* However, if there's no other matchset, add the RSSI one */
7115 if (!n_match_sets && default_match_rssi != NL80211_SCAN_RSSI_THOLD_OFF)
7116 n_match_sets = 1;
7117
7118 if (n_match_sets > max_match_sets)
7119 return ERR_PTR(-EINVAL);
7120
7121 if (attrs[NL80211_ATTR_IE])
7122 ie_len = nla_len(attrs[NL80211_ATTR_IE]);
7123 else
7124 ie_len = 0;
7125
7126 if (ie_len > wiphy->max_sched_scan_ie_len)
7127 return ERR_PTR(-EINVAL);
7128
7129 if (attrs[NL80211_ATTR_SCHED_SCAN_PLANS]) {
7130 /*
7131 * NL80211_ATTR_SCHED_SCAN_INTERVAL must not be specified since
7132 * each scan plan already specifies its own interval
7133 */
7134 if (attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
7135 return ERR_PTR(-EINVAL);
7136
7137 nla_for_each_nested(attr,
7138 attrs[NL80211_ATTR_SCHED_SCAN_PLANS], tmp)
7139 n_plans++;
7140 } else {
7141 /*
7142 * The scan interval attribute is kept for backward
7143 * compatibility. If no scan plans are specified and sched scan
7144 * interval is specified, one scan plan will be set with this
7145 * scan interval and infinite number of iterations.
7146 */
7147 if (!attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
7148 return ERR_PTR(-EINVAL);
7149
7150 n_plans = 1;
7151 }
7152
7153 if (!n_plans || n_plans > wiphy->max_sched_scan_plans)
7154 return ERR_PTR(-EINVAL);
7155
7156 if (!wiphy_ext_feature_isset(
7157 wiphy, NL80211_EXT_FEATURE_SCHED_SCAN_RELATIVE_RSSI) &&
7158 (attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI] ||
7159 attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]))
7160 return ERR_PTR(-EINVAL);
7161
7162 request = kzalloc(sizeof(*request)
7163 + sizeof(*request->ssids) * n_ssids
7164 + sizeof(*request->match_sets) * n_match_sets
7165 + sizeof(*request->scan_plans) * n_plans
7166 + sizeof(*request->channels) * n_channels
7167 + ie_len, GFP_KERNEL);
7168 if (!request)
7169 return ERR_PTR(-ENOMEM);
7170
7171 if (n_ssids)
7172 request->ssids = (void *)&request->channels[n_channels];
7173 request->n_ssids = n_ssids;
7174 if (ie_len) {
7175 if (n_ssids)
7176 request->ie = (void *)(request->ssids + n_ssids);
7177 else
7178 request->ie = (void *)(request->channels + n_channels);
7179 }
7180
7181 if (n_match_sets) {
7182 if (request->ie)
7183 request->match_sets = (void *)(request->ie + ie_len);
7184 else if (n_ssids)
7185 request->match_sets =
7186 (void *)(request->ssids + n_ssids);
7187 else
7188 request->match_sets =
7189 (void *)(request->channels + n_channels);
7190 }
7191 request->n_match_sets = n_match_sets;
7192
7193 if (n_match_sets)
7194 request->scan_plans = (void *)(request->match_sets +
7195 n_match_sets);
7196 else if (request->ie)
7197 request->scan_plans = (void *)(request->ie + ie_len);
7198 else if (n_ssids)
7199 request->scan_plans = (void *)(request->ssids + n_ssids);
7200 else
7201 request->scan_plans = (void *)(request->channels + n_channels);
7202
7203 request->n_scan_plans = n_plans;
7204
7205 i = 0;
7206 if (attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
7207 /* user specified, bail out if channel not found */
7208 nla_for_each_nested(attr,
7209 attrs[NL80211_ATTR_SCAN_FREQUENCIES],
7210 tmp) {
7211 struct ieee80211_channel *chan;
7212
7213 chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
7214
7215 if (!chan) {
7216 err = -EINVAL;
7217 goto out_free;
7218 }
7219
7220 /* ignore disabled channels */
7221 if (chan->flags & IEEE80211_CHAN_DISABLED)
7222 continue;
7223
7224 request->channels[i] = chan;
7225 i++;
7226 }
7227 } else {
7228 /* all channels */
7229 for (band = 0; band < NUM_NL80211_BANDS; band++) {
7230 int j;
7231
7232 if (!wiphy->bands[band])
7233 continue;
7234 for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
7235 struct ieee80211_channel *chan;
7236
7237 chan = &wiphy->bands[band]->channels[j];
7238
7239 if (chan->flags & IEEE80211_CHAN_DISABLED)
7240 continue;
7241
7242 request->channels[i] = chan;
7243 i++;
7244 }
7245 }
7246 }
7247
7248 if (!i) {
7249 err = -EINVAL;
7250 goto out_free;
7251 }
7252
7253 request->n_channels = i;
7254
7255 i = 0;
7256 if (n_ssids) {
7257 nla_for_each_nested(attr, attrs[NL80211_ATTR_SCAN_SSIDS],
7258 tmp) {
7259 if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
7260 err = -EINVAL;
7261 goto out_free;
7262 }
7263 request->ssids[i].ssid_len = nla_len(attr);
7264 memcpy(request->ssids[i].ssid, nla_data(attr),
7265 nla_len(attr));
7266 i++;
7267 }
7268 }
7269
7270 i = 0;
7271 if (attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
7272 nla_for_each_nested(attr,
7273 attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
7274 tmp) {
7275 struct nlattr *ssid, *bssid, *rssi;
7276
7277 err = nla_parse_nested(tb,
7278 NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
7279 attr, nl80211_match_policy,
7280 NULL);
7281 if (err)
7282 goto out_free;
7283 ssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID];
7284 bssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID];
7285 if (ssid || bssid) {
7286 if (WARN_ON(i >= n_match_sets)) {
7287 /* this indicates a programming error,
7288 * the loop above should have verified
7289 * things properly
7290 */
7291 err = -EINVAL;
7292 goto out_free;
7293 }
7294
7295 if (ssid) {
7296 if (nla_len(ssid) > IEEE80211_MAX_SSID_LEN) {
7297 err = -EINVAL;
7298 goto out_free;
7299 }
7300 memcpy(request->match_sets[i].ssid.ssid,
7301 nla_data(ssid), nla_len(ssid));
7302 request->match_sets[i].ssid.ssid_len =
7303 nla_len(ssid);
7304 }
7305 if (bssid) {
7306 if (nla_len(bssid) != ETH_ALEN) {
7307 err = -EINVAL;
7308 goto out_free;
7309 }
7310 memcpy(request->match_sets[i].bssid,
7311 nla_data(bssid), ETH_ALEN);
7312 }
7313
7314 /* special attribute - old implementation w/a */
7315 request->match_sets[i].rssi_thold =
7316 default_match_rssi;
7317 rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
7318 if (rssi)
7319 request->match_sets[i].rssi_thold =
7320 nla_get_s32(rssi);
7321 }
7322 i++;
7323 }
7324
7325 /* there was no other matchset, so the RSSI one is alone */
7326 if (i == 0 && n_match_sets)
7327 request->match_sets[0].rssi_thold = default_match_rssi;
7328
7329 request->min_rssi_thold = INT_MAX;
7330 for (i = 0; i < n_match_sets; i++)
7331 request->min_rssi_thold =
7332 min(request->match_sets[i].rssi_thold,
7333 request->min_rssi_thold);
7334 } else {
7335 request->min_rssi_thold = NL80211_SCAN_RSSI_THOLD_OFF;
7336 }
7337
7338 if (ie_len) {
7339 request->ie_len = ie_len;
7340 memcpy((void *)request->ie,
7341 nla_data(attrs[NL80211_ATTR_IE]),
7342 request->ie_len);
7343 }
7344
7345 if (attrs[NL80211_ATTR_SCAN_FLAGS]) {
7346 request->flags = nla_get_u32(
7347 attrs[NL80211_ATTR_SCAN_FLAGS]);
7348 if ((request->flags & NL80211_SCAN_FLAG_LOW_PRIORITY) &&
7349 !(wiphy->features & NL80211_FEATURE_LOW_PRIORITY_SCAN)) {
7350 err = -EOPNOTSUPP;
7351 goto out_free;
7352 }
7353
7354 if (request->flags & NL80211_SCAN_FLAG_RANDOM_ADDR) {
7355 u32 flg = NL80211_FEATURE_SCHED_SCAN_RANDOM_MAC_ADDR;
7356
7357 if (!wdev) /* must be net-detect */
7358 flg = NL80211_FEATURE_ND_RANDOM_MAC_ADDR;
7359
7360 if (!(wiphy->features & flg)) {
7361 err = -EOPNOTSUPP;
7362 goto out_free;
7363 }
7364
7365 if (wdev && wdev->current_bss) {
7366 err = -EOPNOTSUPP;
7367 goto out_free;
7368 }
7369
7370 err = nl80211_parse_random_mac(attrs, request->mac_addr,
7371 request->mac_addr_mask);
7372 if (err)
7373 goto out_free;
7374 }
7375 }
7376
7377 if (attrs[NL80211_ATTR_SCHED_SCAN_DELAY])
7378 request->delay =
7379 nla_get_u32(attrs[NL80211_ATTR_SCHED_SCAN_DELAY]);
7380
7381 if (attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI]) {
7382 request->relative_rssi = nla_get_s8(
7383 attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI]);
7384 request->relative_rssi_set = true;
7385 }
7386
7387 if (request->relative_rssi_set &&
7388 attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]) {
7389 struct nl80211_bss_select_rssi_adjust *rssi_adjust;
7390
7391 rssi_adjust = nla_data(
7392 attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]);
7393 request->rssi_adjust.band = rssi_adjust->band;
7394 request->rssi_adjust.delta = rssi_adjust->delta;
7395 if (!is_band_valid(wiphy, request->rssi_adjust.band)) {
7396 err = -EINVAL;
7397 goto out_free;
7398 }
7399 }
7400
7401 err = nl80211_parse_sched_scan_plans(wiphy, n_plans, request, attrs);
7402 if (err)
7403 goto out_free;
7404
7405 request->scan_start = jiffies;
7406
7407 return request;
7408
7409out_free:
7410 kfree(request);
7411 return ERR_PTR(err);
7412}
7413
7414static int nl80211_start_sched_scan(struct sk_buff *skb,
7415 struct genl_info *info)
7416{
7417 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7418 struct net_device *dev = info->user_ptr[1];
7419 struct wireless_dev *wdev = dev->ieee80211_ptr;
7420 struct cfg80211_sched_scan_request *sched_scan_req;
7421 bool want_multi;
7422 int err;
7423
7424 if (!rdev->wiphy.max_sched_scan_reqs || !rdev->ops->sched_scan_start)
7425 return -EOPNOTSUPP;
7426
7427 want_multi = info->attrs[NL80211_ATTR_SCHED_SCAN_MULTI];
7428 err = cfg80211_sched_scan_req_possible(rdev, want_multi);
7429 if (err)
7430 return err;
7431
7432 sched_scan_req = nl80211_parse_sched_scan(&rdev->wiphy, wdev,
7433 info->attrs,
7434 rdev->wiphy.max_match_sets);
7435
7436 err = PTR_ERR_OR_ZERO(sched_scan_req);
7437 if (err)
7438 goto out_err;
7439
7440 /* leave request id zero for legacy request
7441 * or if driver does not support multi-scheduled scan
7442 */
7443 if (want_multi && rdev->wiphy.max_sched_scan_reqs > 1) {
7444 while (!sched_scan_req->reqid)
7445 sched_scan_req->reqid = rdev->wiphy.cookie_counter++;
7446 }
7447
7448 err = rdev_sched_scan_start(rdev, dev, sched_scan_req);
7449 if (err)
7450 goto out_free;
7451
7452 sched_scan_req->dev = dev;
7453 sched_scan_req->wiphy = &rdev->wiphy;
7454
7455 if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
7456 sched_scan_req->owner_nlportid = info->snd_portid;
7457
7458 cfg80211_add_sched_scan_req(rdev, sched_scan_req);
7459
7460 nl80211_send_sched_scan(sched_scan_req, NL80211_CMD_START_SCHED_SCAN);
7461 return 0;
7462
7463out_free:
7464 kfree(sched_scan_req);
7465out_err:
7466 return err;
7467}
7468
7469static int nl80211_stop_sched_scan(struct sk_buff *skb,
7470 struct genl_info *info)
7471{
7472 struct cfg80211_sched_scan_request *req;
7473 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7474 u64 cookie;
7475
7476 if (!rdev->wiphy.max_sched_scan_reqs || !rdev->ops->sched_scan_stop)
7477 return -EOPNOTSUPP;
7478
7479 if (info->attrs[NL80211_ATTR_COOKIE]) {
7480 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
7481 return __cfg80211_stop_sched_scan(rdev, cookie, false);
7482 }
7483
7484 req = list_first_or_null_rcu(&rdev->sched_scan_req_list,
7485 struct cfg80211_sched_scan_request,
7486 list);
7487 if (!req || req->reqid ||
7488 (req->owner_nlportid &&
7489 req->owner_nlportid != info->snd_portid))
7490 return -ENOENT;
7491
7492 return cfg80211_stop_sched_scan_req(rdev, req, false);
7493}
7494
7495static int nl80211_start_radar_detection(struct sk_buff *skb,
7496 struct genl_info *info)
7497{
7498 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7499 struct net_device *dev = info->user_ptr[1];
7500 struct wireless_dev *wdev = dev->ieee80211_ptr;
7501 struct cfg80211_chan_def chandef;
7502 enum nl80211_dfs_regions dfs_region;
7503 unsigned int cac_time_ms;
7504 int err;
7505
7506 dfs_region = reg_get_dfs_region(wdev->wiphy);
7507 if (dfs_region == NL80211_DFS_UNSET)
7508 return -EINVAL;
7509
7510 err = nl80211_parse_chandef(rdev, info, &chandef);
7511 if (err)
7512 return err;
7513
7514 if (netif_carrier_ok(dev))
7515 return -EBUSY;
7516
7517 if (wdev->cac_started)
7518 return -EBUSY;
7519
7520 err = cfg80211_chandef_dfs_required(wdev->wiphy, &chandef,
7521 wdev->iftype);
7522 if (err < 0)
7523 return err;
7524
7525 if (err == 0)
7526 return -EINVAL;
7527
7528 if (!cfg80211_chandef_dfs_usable(wdev->wiphy, &chandef))
7529 return -EINVAL;
7530
7531 if (!rdev->ops->start_radar_detection)
7532 return -EOPNOTSUPP;
7533
7534 cac_time_ms = cfg80211_chandef_dfs_cac_time(&rdev->wiphy, &chandef);
7535 if (WARN_ON(!cac_time_ms))
7536 cac_time_ms = IEEE80211_DFS_MIN_CAC_TIME_MS;
7537
7538 err = rdev_start_radar_detection(rdev, dev, &chandef, cac_time_ms);
7539 if (!err) {
7540 wdev->chandef = chandef;
7541 wdev->cac_started = true;
7542 wdev->cac_start_time = jiffies;
7543 wdev->cac_time_ms = cac_time_ms;
7544 }
7545 return err;
7546}
7547
7548static int nl80211_channel_switch(struct sk_buff *skb, struct genl_info *info)
7549{
7550 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7551 struct net_device *dev = info->user_ptr[1];
7552 struct wireless_dev *wdev = dev->ieee80211_ptr;
7553 struct cfg80211_csa_settings params;
7554 /* csa_attrs is defined static to avoid waste of stack size - this
7555 * function is called under RTNL lock, so this should not be a problem.
7556 */
7557 static struct nlattr *csa_attrs[NL80211_ATTR_MAX+1];
7558 int err;
7559 bool need_new_beacon = false;
7560 bool need_handle_dfs_flag = true;
7561 int len, i;
7562 u32 cs_count;
7563
7564 if (!rdev->ops->channel_switch ||
7565 !(rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH))
7566 return -EOPNOTSUPP;
7567
7568 switch (dev->ieee80211_ptr->iftype) {
7569 case NL80211_IFTYPE_AP:
7570 case NL80211_IFTYPE_P2P_GO:
7571 need_new_beacon = true;
7572 /* For all modes except AP the handle_dfs flag needs to be
7573 * supplied to tell the kernel that userspace will handle radar
7574 * events when they happen. Otherwise a switch to a channel
7575 * requiring DFS will be rejected.
7576 */
7577 need_handle_dfs_flag = false;
7578
7579 /* useless if AP is not running */
7580 if (!wdev->beacon_interval)
7581 return -ENOTCONN;
7582 break;
7583 case NL80211_IFTYPE_ADHOC:
7584 if (!wdev->ssid_len)
7585 return -ENOTCONN;
7586 break;
7587 case NL80211_IFTYPE_MESH_POINT:
7588 if (!wdev->mesh_id_len)
7589 return -ENOTCONN;
7590 break;
7591 default:
7592 return -EOPNOTSUPP;
7593 }
7594
7595 memset(&params, 0, sizeof(params));
7596
7597 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
7598 !info->attrs[NL80211_ATTR_CH_SWITCH_COUNT])
7599 return -EINVAL;
7600
7601 /* only important for AP, IBSS and mesh create IEs internally */
7602 if (need_new_beacon && !info->attrs[NL80211_ATTR_CSA_IES])
7603 return -EINVAL;
7604
7605 /* Even though the attribute is u32, the specification says
7606 * u8, so let's make sure we don't overflow.
7607 */
7608 cs_count = nla_get_u32(info->attrs[NL80211_ATTR_CH_SWITCH_COUNT]);
7609 if (cs_count > 255)
7610 return -EINVAL;
7611
7612 params.count = cs_count;
7613
7614 if (!need_new_beacon)
7615 goto skip_beacons;
7616
7617 err = nl80211_parse_beacon(info->attrs, &params.beacon_after);
7618 if (err)
7619 return err;
7620
7621 err = nla_parse_nested(csa_attrs, NL80211_ATTR_MAX,
7622 info->attrs[NL80211_ATTR_CSA_IES],
7623 nl80211_policy, info->extack);
7624 if (err)
7625 return err;
7626
7627 err = nl80211_parse_beacon(csa_attrs, &params.beacon_csa);
7628 if (err)
7629 return err;
7630
7631 if (!csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON])
7632 return -EINVAL;
7633
7634 len = nla_len(csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON]);
7635 if (!len || (len % sizeof(u16)))
7636 return -EINVAL;
7637
7638 params.n_counter_offsets_beacon = len / sizeof(u16);
7639 if (rdev->wiphy.max_num_csa_counters &&
7640 (params.n_counter_offsets_beacon >
7641 rdev->wiphy.max_num_csa_counters))
7642 return -EINVAL;
7643
7644 params.counter_offsets_beacon =
7645 nla_data(csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON]);
7646
7647 /* sanity checks - counters should fit and be the same */
7648 for (i = 0; i < params.n_counter_offsets_beacon; i++) {
7649 u16 offset = params.counter_offsets_beacon[i];
7650
7651 if (offset >= params.beacon_csa.tail_len)
7652 return -EINVAL;
7653
7654 if (params.beacon_csa.tail[offset] != params.count)
7655 return -EINVAL;
7656 }
7657
7658 if (csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]) {
7659 len = nla_len(csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]);
7660 if (!len || (len % sizeof(u16)))
7661 return -EINVAL;
7662
7663 params.n_counter_offsets_presp = len / sizeof(u16);
7664 if (rdev->wiphy.max_num_csa_counters &&
7665 (params.n_counter_offsets_presp >
7666 rdev->wiphy.max_num_csa_counters))
7667 return -EINVAL;
7668
7669 params.counter_offsets_presp =
7670 nla_data(csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]);
7671
7672 /* sanity checks - counters should fit and be the same */
7673 for (i = 0; i < params.n_counter_offsets_presp; i++) {
7674 u16 offset = params.counter_offsets_presp[i];
7675
7676 if (offset >= params.beacon_csa.probe_resp_len)
7677 return -EINVAL;
7678
7679 if (params.beacon_csa.probe_resp[offset] !=
7680 params.count)
7681 return -EINVAL;
7682 }
7683 }
7684
7685skip_beacons:
7686 err = nl80211_parse_chandef(rdev, info, &params.chandef);
7687 if (err)
7688 return err;
7689
7690 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &params.chandef,
7691 wdev->iftype))
7692 return -EINVAL;
7693
7694 err = cfg80211_chandef_dfs_required(wdev->wiphy,
7695 &params.chandef,
7696 wdev->iftype);
7697 if (err < 0)
7698 return err;
7699
7700 if (err > 0) {
7701 params.radar_required = true;
7702 if (need_handle_dfs_flag &&
7703 !nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS])) {
7704 return -EINVAL;
7705 }
7706 }
7707
7708 if (info->attrs[NL80211_ATTR_CH_SWITCH_BLOCK_TX])
7709 params.block_tx = true;
7710
7711 wdev_lock(wdev);
7712 err = rdev_channel_switch(rdev, dev, &params);
7713 wdev_unlock(wdev);
7714
7715 return err;
7716}
7717
7718static int nl80211_send_bss(struct sk_buff *msg, struct netlink_callback *cb,
7719 u32 seq, int flags,
7720 struct cfg80211_registered_device *rdev,
7721 struct wireless_dev *wdev,
7722 struct cfg80211_internal_bss *intbss)
7723{
7724 struct cfg80211_bss *res = &intbss->pub;
7725 const struct cfg80211_bss_ies *ies;
7726 void *hdr;
7727 struct nlattr *bss;
7728
7729 ASSERT_WDEV_LOCK(wdev);
7730
7731 hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags,
7732 NL80211_CMD_NEW_SCAN_RESULTS);
7733 if (!hdr)
7734 return -1;
7735
7736 genl_dump_check_consistent(cb, hdr, &nl80211_fam);
7737
7738 if (nla_put_u32(msg, NL80211_ATTR_GENERATION, rdev->bss_generation))
7739 goto nla_put_failure;
7740 if (wdev->netdev &&
7741 nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex))
7742 goto nla_put_failure;
7743 if (nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
7744 NL80211_ATTR_PAD))
7745 goto nla_put_failure;
7746
7747 bss = nla_nest_start(msg, NL80211_ATTR_BSS);
7748 if (!bss)
7749 goto nla_put_failure;
7750 if ((!is_zero_ether_addr(res->bssid) &&
7751 nla_put(msg, NL80211_BSS_BSSID, ETH_ALEN, res->bssid)))
7752 goto nla_put_failure;
7753
7754 rcu_read_lock();
7755 /* indicate whether we have probe response data or not */
7756 if (rcu_access_pointer(res->proberesp_ies) &&
7757 nla_put_flag(msg, NL80211_BSS_PRESP_DATA))
7758 goto fail_unlock_rcu;
7759
7760 /* this pointer prefers to be pointed to probe response data
7761 * but is always valid
7762 */
7763 ies = rcu_dereference(res->ies);
7764 if (ies) {
7765 if (nla_put_u64_64bit(msg, NL80211_BSS_TSF, ies->tsf,
7766 NL80211_BSS_PAD))
7767 goto fail_unlock_rcu;
7768 if (ies->len && nla_put(msg, NL80211_BSS_INFORMATION_ELEMENTS,
7769 ies->len, ies->data))
7770 goto fail_unlock_rcu;
7771 }
7772
7773 /* and this pointer is always (unless driver didn't know) beacon data */
7774 ies = rcu_dereference(res->beacon_ies);
7775 if (ies && ies->from_beacon) {
7776 if (nla_put_u64_64bit(msg, NL80211_BSS_BEACON_TSF, ies->tsf,
7777 NL80211_BSS_PAD))
7778 goto fail_unlock_rcu;
7779 if (ies->len && nla_put(msg, NL80211_BSS_BEACON_IES,
7780 ies->len, ies->data))
7781 goto fail_unlock_rcu;
7782 }
7783 rcu_read_unlock();
7784
7785 if (res->beacon_interval &&
7786 nla_put_u16(msg, NL80211_BSS_BEACON_INTERVAL, res->beacon_interval))
7787 goto nla_put_failure;
7788 if (nla_put_u16(msg, NL80211_BSS_CAPABILITY, res->capability) ||
7789 nla_put_u32(msg, NL80211_BSS_FREQUENCY, res->channel->center_freq) ||
7790 nla_put_u32(msg, NL80211_BSS_CHAN_WIDTH, res->scan_width) ||
7791 nla_put_u32(msg, NL80211_BSS_SEEN_MS_AGO,
7792 jiffies_to_msecs(jiffies - intbss->ts)))
7793 goto nla_put_failure;
7794
7795 if (intbss->parent_tsf &&
7796 (nla_put_u64_64bit(msg, NL80211_BSS_PARENT_TSF,
7797 intbss->parent_tsf, NL80211_BSS_PAD) ||
7798 nla_put(msg, NL80211_BSS_PARENT_BSSID, ETH_ALEN,
7799 intbss->parent_bssid)))
7800 goto nla_put_failure;
7801
7802 if (intbss->ts_boottime &&
7803 nla_put_u64_64bit(msg, NL80211_BSS_LAST_SEEN_BOOTTIME,
7804 intbss->ts_boottime, NL80211_BSS_PAD))
7805 goto nla_put_failure;
7806
7807 switch (rdev->wiphy.signal_type) {
7808 case CFG80211_SIGNAL_TYPE_MBM:
7809 if (nla_put_u32(msg, NL80211_BSS_SIGNAL_MBM, res->signal))
7810 goto nla_put_failure;
7811 break;
7812 case CFG80211_SIGNAL_TYPE_UNSPEC:
7813 if (nla_put_u8(msg, NL80211_BSS_SIGNAL_UNSPEC, res->signal))
7814 goto nla_put_failure;
7815 break;
7816 default:
7817 break;
7818 }
7819
7820 switch (wdev->iftype) {
7821 case NL80211_IFTYPE_P2P_CLIENT:
7822 case NL80211_IFTYPE_STATION:
7823 if (intbss == wdev->current_bss &&
7824 nla_put_u32(msg, NL80211_BSS_STATUS,
7825 NL80211_BSS_STATUS_ASSOCIATED))
7826 goto nla_put_failure;
7827 break;
7828 case NL80211_IFTYPE_ADHOC:
7829 if (intbss == wdev->current_bss &&
7830 nla_put_u32(msg, NL80211_BSS_STATUS,
7831 NL80211_BSS_STATUS_IBSS_JOINED))
7832 goto nla_put_failure;
7833 break;
7834 default:
7835 break;
7836 }
7837
7838 nla_nest_end(msg, bss);
7839
7840 genlmsg_end(msg, hdr);
7841 return 0;
7842
7843 fail_unlock_rcu:
7844 rcu_read_unlock();
7845 nla_put_failure:
7846 genlmsg_cancel(msg, hdr);
7847 return -EMSGSIZE;
7848}
7849
7850static int nl80211_dump_scan(struct sk_buff *skb, struct netlink_callback *cb)
7851{
7852 struct cfg80211_registered_device *rdev;
7853 struct cfg80211_internal_bss *scan;
7854 struct wireless_dev *wdev;
7855 int start = cb->args[2], idx = 0;
7856 int err;
7857
7858 rtnl_lock();
7859 err = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev);
7860 if (err) {
7861 rtnl_unlock();
7862 return err;
7863 }
7864
7865 wdev_lock(wdev);
7866 spin_lock_bh(&rdev->bss_lock);
7867 cfg80211_bss_expire(rdev);
7868
7869 cb->seq = rdev->bss_generation;
7870
7871 list_for_each_entry(scan, &rdev->bss_list, list) {
7872 if (++idx <= start)
7873 continue;
7874 if (nl80211_send_bss(skb, cb,
7875 cb->nlh->nlmsg_seq, NLM_F_MULTI,
7876 rdev, wdev, scan) < 0) {
7877 idx--;
7878 break;
7879 }
7880 }
7881
7882 spin_unlock_bh(&rdev->bss_lock);
7883 wdev_unlock(wdev);
7884
7885 cb->args[2] = idx;
7886 rtnl_unlock();
7887
7888 return skb->len;
7889}
7890
7891static int nl80211_send_survey(struct sk_buff *msg, u32 portid, u32 seq,
7892 int flags, struct net_device *dev,
7893 bool allow_radio_stats,
7894 struct survey_info *survey)
7895{
7896 void *hdr;
7897 struct nlattr *infoattr;
7898
7899 /* skip radio stats if userspace didn't request them */
7900 if (!survey->channel && !allow_radio_stats)
7901 return 0;
7902
7903 hdr = nl80211hdr_put(msg, portid, seq, flags,
7904 NL80211_CMD_NEW_SURVEY_RESULTS);
7905 if (!hdr)
7906 return -ENOMEM;
7907
7908 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
7909 goto nla_put_failure;
7910
7911 infoattr = nla_nest_start(msg, NL80211_ATTR_SURVEY_INFO);
7912 if (!infoattr)
7913 goto nla_put_failure;
7914
7915 if (survey->channel &&
7916 nla_put_u32(msg, NL80211_SURVEY_INFO_FREQUENCY,
7917 survey->channel->center_freq))
7918 goto nla_put_failure;
7919
7920 if ((survey->filled & SURVEY_INFO_NOISE_DBM) &&
7921 nla_put_u8(msg, NL80211_SURVEY_INFO_NOISE, survey->noise))
7922 goto nla_put_failure;
7923 if ((survey->filled & SURVEY_INFO_IN_USE) &&
7924 nla_put_flag(msg, NL80211_SURVEY_INFO_IN_USE))
7925 goto nla_put_failure;
7926 if ((survey->filled & SURVEY_INFO_TIME) &&
7927 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME,
7928 survey->time, NL80211_SURVEY_INFO_PAD))
7929 goto nla_put_failure;
7930 if ((survey->filled & SURVEY_INFO_TIME_BUSY) &&
7931 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_BUSY,
7932 survey->time_busy, NL80211_SURVEY_INFO_PAD))
7933 goto nla_put_failure;
7934 if ((survey->filled & SURVEY_INFO_TIME_EXT_BUSY) &&
7935 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_EXT_BUSY,
7936 survey->time_ext_busy, NL80211_SURVEY_INFO_PAD))
7937 goto nla_put_failure;
7938 if ((survey->filled & SURVEY_INFO_TIME_RX) &&
7939 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_RX,
7940 survey->time_rx, NL80211_SURVEY_INFO_PAD))
7941 goto nla_put_failure;
7942 if ((survey->filled & SURVEY_INFO_TIME_TX) &&
7943 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_TX,
7944 survey->time_tx, NL80211_SURVEY_INFO_PAD))
7945 goto nla_put_failure;
7946 if ((survey->filled & SURVEY_INFO_TIME_SCAN) &&
7947 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_SCAN,
7948 survey->time_scan, NL80211_SURVEY_INFO_PAD))
7949 goto nla_put_failure;
7950
7951 nla_nest_end(msg, infoattr);
7952
7953 genlmsg_end(msg, hdr);
7954 return 0;
7955
7956 nla_put_failure:
7957 genlmsg_cancel(msg, hdr);
7958 return -EMSGSIZE;
7959}
7960
7961static int nl80211_dump_survey(struct sk_buff *skb, struct netlink_callback *cb)
7962{
7963 struct nlattr **attrbuf = genl_family_attrbuf(&nl80211_fam);
7964 struct survey_info survey;
7965 struct cfg80211_registered_device *rdev;
7966 struct wireless_dev *wdev;
7967 int survey_idx = cb->args[2];
7968 int res;
7969 bool radio_stats;
7970
7971 rtnl_lock();
7972 res = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev);
7973 if (res)
7974 goto out_err;
7975
7976 /* prepare_wdev_dump parsed the attributes */
7977 radio_stats = attrbuf[NL80211_ATTR_SURVEY_RADIO_STATS];
7978
7979 if (!wdev->netdev) {
7980 res = -EINVAL;
7981 goto out_err;
7982 }
7983
7984 if (!rdev->ops->dump_survey) {
7985 res = -EOPNOTSUPP;
7986 goto out_err;
7987 }
7988
7989 while (1) {
7990 res = rdev_dump_survey(rdev, wdev->netdev, survey_idx, &survey);
7991 if (res == -ENOENT)
7992 break;
7993 if (res)
7994 goto out_err;
7995
7996 /* don't send disabled channels, but do send non-channel data */
7997 if (survey.channel &&
7998 survey.channel->flags & IEEE80211_CHAN_DISABLED) {
7999 survey_idx++;
8000 continue;
8001 }
8002
8003 if (nl80211_send_survey(skb,
8004 NETLINK_CB(cb->skb).portid,
8005 cb->nlh->nlmsg_seq, NLM_F_MULTI,
8006 wdev->netdev, radio_stats, &survey) < 0)
8007 goto out;
8008 survey_idx++;
8009 }
8010
8011 out:
8012 cb->args[2] = survey_idx;
8013 res = skb->len;
8014 out_err:
8015 rtnl_unlock();
8016 return res;
8017}
8018
8019static bool nl80211_valid_wpa_versions(u32 wpa_versions)
8020{
8021 return !(wpa_versions & ~(NL80211_WPA_VERSION_1 |
8022 NL80211_WPA_VERSION_2));
8023}
8024
8025static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info)
8026{
8027 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8028 struct net_device *dev = info->user_ptr[1];
8029 struct ieee80211_channel *chan;
8030 const u8 *bssid, *ssid, *ie = NULL, *auth_data = NULL;
8031 int err, ssid_len, ie_len = 0, auth_data_len = 0;
8032 enum nl80211_auth_type auth_type;
8033 struct key_parse key;
8034 bool local_state_change;
8035
8036 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
8037 return -EINVAL;
8038
8039 if (!info->attrs[NL80211_ATTR_MAC])
8040 return -EINVAL;
8041
8042 if (!info->attrs[NL80211_ATTR_AUTH_TYPE])
8043 return -EINVAL;
8044
8045 if (!info->attrs[NL80211_ATTR_SSID])
8046 return -EINVAL;
8047
8048 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
8049 return -EINVAL;
8050
8051 err = nl80211_parse_key(info, &key);
8052 if (err)
8053 return err;
8054
8055 if (key.idx >= 0) {
8056 if (key.type != -1 && key.type != NL80211_KEYTYPE_GROUP)
8057 return -EINVAL;
8058 if (!key.p.key || !key.p.key_len)
8059 return -EINVAL;
8060 if ((key.p.cipher != WLAN_CIPHER_SUITE_WEP40 ||
8061 key.p.key_len != WLAN_KEY_LEN_WEP40) &&
8062 (key.p.cipher != WLAN_CIPHER_SUITE_WEP104 ||
8063 key.p.key_len != WLAN_KEY_LEN_WEP104))
8064 return -EINVAL;
8065 if (key.idx > 3)
8066 return -EINVAL;
8067 } else {
8068 key.p.key_len = 0;
8069 key.p.key = NULL;
8070 }
8071
8072 if (key.idx >= 0) {
8073 int i;
8074 bool ok = false;
8075
8076 for (i = 0; i < rdev->wiphy.n_cipher_suites; i++) {
8077 if (key.p.cipher == rdev->wiphy.cipher_suites[i]) {
8078 ok = true;
8079 break;
8080 }
8081 }
8082 if (!ok)
8083 return -EINVAL;
8084 }
8085
8086 if (!rdev->ops->auth)
8087 return -EOPNOTSUPP;
8088
8089 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
8090 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
8091 return -EOPNOTSUPP;
8092
8093 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
8094 chan = nl80211_get_valid_chan(&rdev->wiphy,
8095 info->attrs[NL80211_ATTR_WIPHY_FREQ]);
8096 if (!chan)
8097 return -EINVAL;
8098
8099 ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
8100 ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
8101
8102 if (info->attrs[NL80211_ATTR_IE]) {
8103 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
8104 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
8105 }
8106
8107 auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
8108 if (!nl80211_valid_auth_type(rdev, auth_type, NL80211_CMD_AUTHENTICATE))
8109 return -EINVAL;
8110
8111 if ((auth_type == NL80211_AUTHTYPE_SAE ||
8112 auth_type == NL80211_AUTHTYPE_FILS_SK ||
8113 auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
8114 auth_type == NL80211_AUTHTYPE_FILS_PK) &&
8115 !info->attrs[NL80211_ATTR_AUTH_DATA])
8116 return -EINVAL;
8117
8118 if (info->attrs[NL80211_ATTR_AUTH_DATA]) {
8119 if (auth_type != NL80211_AUTHTYPE_SAE &&
8120 auth_type != NL80211_AUTHTYPE_FILS_SK &&
8121 auth_type != NL80211_AUTHTYPE_FILS_SK_PFS &&
8122 auth_type != NL80211_AUTHTYPE_FILS_PK)
8123 return -EINVAL;
8124 auth_data = nla_data(info->attrs[NL80211_ATTR_AUTH_DATA]);
8125 auth_data_len = nla_len(info->attrs[NL80211_ATTR_AUTH_DATA]);
8126 /* need to include at least Auth Transaction and Status Code */
8127 if (auth_data_len < 4)
8128 return -EINVAL;
8129 }
8130
8131 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
8132
8133 /*
8134 * Since we no longer track auth state, ignore
8135 * requests to only change local state.
8136 */
8137 if (local_state_change)
8138 return 0;
8139
8140 wdev_lock(dev->ieee80211_ptr);
8141 err = cfg80211_mlme_auth(rdev, dev, chan, auth_type, bssid,
8142 ssid, ssid_len, ie, ie_len,
8143 key.p.key, key.p.key_len, key.idx,
8144 auth_data, auth_data_len);
8145 wdev_unlock(dev->ieee80211_ptr);
8146 return err;
8147}
8148
8149static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
8150 struct genl_info *info,
8151 struct cfg80211_crypto_settings *settings,
8152 int cipher_limit)
8153{
8154 memset(settings, 0, sizeof(*settings));
8155
8156 settings->control_port = info->attrs[NL80211_ATTR_CONTROL_PORT];
8157
8158 if (info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) {
8159 u16 proto;
8160
8161 proto = nla_get_u16(
8162 info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]);
8163 settings->control_port_ethertype = cpu_to_be16(proto);
8164 if (!(rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
8165 proto != ETH_P_PAE)
8166 return -EINVAL;
8167 if (info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT])
8168 settings->control_port_no_encrypt = true;
8169 } else
8170 settings->control_port_ethertype = cpu_to_be16(ETH_P_PAE);
8171
8172 if (info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]) {
8173 void *data;
8174 int len, i;
8175
8176 data = nla_data(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
8177 len = nla_len(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
8178 settings->n_ciphers_pairwise = len / sizeof(u32);
8179
8180 if (len % sizeof(u32))
8181 return -EINVAL;
8182
8183 if (settings->n_ciphers_pairwise > cipher_limit)
8184 return -EINVAL;
8185
8186 memcpy(settings->ciphers_pairwise, data, len);
8187
8188 for (i = 0; i < settings->n_ciphers_pairwise; i++)
8189 if (!cfg80211_supported_cipher_suite(
8190 &rdev->wiphy,
8191 settings->ciphers_pairwise[i]))
8192 return -EINVAL;
8193 }
8194
8195 if (info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]) {
8196 settings->cipher_group =
8197 nla_get_u32(info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]);
8198 if (!cfg80211_supported_cipher_suite(&rdev->wiphy,
8199 settings->cipher_group))
8200 return -EINVAL;
8201 }
8202
8203 if (info->attrs[NL80211_ATTR_WPA_VERSIONS]) {
8204 settings->wpa_versions =
8205 nla_get_u32(info->attrs[NL80211_ATTR_WPA_VERSIONS]);
8206 if (!nl80211_valid_wpa_versions(settings->wpa_versions))
8207 return -EINVAL;
8208 }
8209
8210 if (info->attrs[NL80211_ATTR_AKM_SUITES]) {
8211 void *data;
8212 int len;
8213
8214 data = nla_data(info->attrs[NL80211_ATTR_AKM_SUITES]);
8215 len = nla_len(info->attrs[NL80211_ATTR_AKM_SUITES]);
8216 settings->n_akm_suites = len / sizeof(u32);
8217
8218 if (len % sizeof(u32))
8219 return -EINVAL;
8220
8221 if (settings->n_akm_suites > NL80211_MAX_NR_AKM_SUITES)
8222 return -EINVAL;
8223
8224 memcpy(settings->akm_suites, data, len);
8225 }
8226
8227 if (info->attrs[NL80211_ATTR_PMK]) {
8228 if (nla_len(info->attrs[NL80211_ATTR_PMK]) != WLAN_PMK_LEN)
8229 return -EINVAL;
8230 if (!wiphy_ext_feature_isset(&rdev->wiphy,
8231 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_PSK))
8232 return -EINVAL;
8233 settings->psk = nla_data(info->attrs[NL80211_ATTR_PMK]);
8234 }
8235
8236 return 0;
8237}
8238
8239static int nl80211_associate(struct sk_buff *skb, struct genl_info *info)
8240{
8241 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8242 struct net_device *dev = info->user_ptr[1];
8243 struct ieee80211_channel *chan;
8244 struct cfg80211_assoc_request req = {};
8245 const u8 *bssid, *ssid;
8246 int err, ssid_len = 0;
8247
8248 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
8249 return -EINVAL;
8250
8251 if (!info->attrs[NL80211_ATTR_MAC] ||
8252 !info->attrs[NL80211_ATTR_SSID] ||
8253 !info->attrs[NL80211_ATTR_WIPHY_FREQ])
8254 return -EINVAL;
8255
8256 if (!rdev->ops->assoc)
8257 return -EOPNOTSUPP;
8258
8259 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
8260 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
8261 return -EOPNOTSUPP;
8262
8263 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
8264
8265 chan = nl80211_get_valid_chan(&rdev->wiphy,
8266 info->attrs[NL80211_ATTR_WIPHY_FREQ]);
8267 if (!chan)
8268 return -EINVAL;
8269
8270 ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
8271 ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
8272
8273 if (info->attrs[NL80211_ATTR_IE]) {
8274 req.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
8275 req.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
8276 }
8277
8278 if (info->attrs[NL80211_ATTR_USE_MFP]) {
8279 enum nl80211_mfp mfp =
8280 nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
8281 if (mfp == NL80211_MFP_REQUIRED)
8282 req.use_mfp = true;
8283 else if (mfp != NL80211_MFP_NO)
8284 return -EINVAL;
8285 }
8286
8287 if (info->attrs[NL80211_ATTR_PREV_BSSID])
8288 req.prev_bssid = nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]);
8289
8290 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
8291 req.flags |= ASSOC_REQ_DISABLE_HT;
8292
8293 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
8294 memcpy(&req.ht_capa_mask,
8295 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
8296 sizeof(req.ht_capa_mask));
8297
8298 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
8299 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
8300 return -EINVAL;
8301 memcpy(&req.ht_capa,
8302 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
8303 sizeof(req.ht_capa));
8304 }
8305
8306 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT]))
8307 req.flags |= ASSOC_REQ_DISABLE_VHT;
8308
8309 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
8310 memcpy(&req.vht_capa_mask,
8311 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]),
8312 sizeof(req.vht_capa_mask));
8313
8314 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {
8315 if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
8316 return -EINVAL;
8317 memcpy(&req.vht_capa,
8318 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]),
8319 sizeof(req.vht_capa));
8320 }
8321
8322 if (nla_get_flag(info->attrs[NL80211_ATTR_USE_RRM])) {
8323 if (!((rdev->wiphy.features &
8324 NL80211_FEATURE_DS_PARAM_SET_IE_IN_PROBES) &&
8325 (rdev->wiphy.features & NL80211_FEATURE_QUIET)) &&
8326 !wiphy_ext_feature_isset(&rdev->wiphy,
8327 NL80211_EXT_FEATURE_RRM))
8328 return -EINVAL;
8329 req.flags |= ASSOC_REQ_USE_RRM;
8330 }
8331
8332 if (info->attrs[NL80211_ATTR_FILS_KEK]) {
8333 req.fils_kek = nla_data(info->attrs[NL80211_ATTR_FILS_KEK]);
8334 req.fils_kek_len = nla_len(info->attrs[NL80211_ATTR_FILS_KEK]);
8335 if (!info->attrs[NL80211_ATTR_FILS_NONCES])
8336 return -EINVAL;
8337 req.fils_nonces =
8338 nla_data(info->attrs[NL80211_ATTR_FILS_NONCES]);
8339 }
8340
8341 err = nl80211_crypto_settings(rdev, info, &req.crypto, 1);
8342 if (!err) {
8343 wdev_lock(dev->ieee80211_ptr);
8344
8345 err = cfg80211_mlme_assoc(rdev, dev, chan, bssid,
8346 ssid, ssid_len, &req);
8347
8348 if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
8349 dev->ieee80211_ptr->conn_owner_nlportid =
8350 info->snd_portid;
8351 memcpy(dev->ieee80211_ptr->disconnect_bssid,
8352 bssid, ETH_ALEN);
8353 }
8354
8355 wdev_unlock(dev->ieee80211_ptr);
8356 }
8357
8358 return err;
8359}
8360
8361static int nl80211_deauthenticate(struct sk_buff *skb, struct genl_info *info)
8362{
8363 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8364 struct net_device *dev = info->user_ptr[1];
8365 const u8 *ie = NULL, *bssid;
8366 int ie_len = 0, err;
8367 u16 reason_code;
8368 bool local_state_change;
8369
8370 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
8371 return -EINVAL;
8372
8373 if (!info->attrs[NL80211_ATTR_MAC])
8374 return -EINVAL;
8375
8376 if (!info->attrs[NL80211_ATTR_REASON_CODE])
8377 return -EINVAL;
8378
8379 if (!rdev->ops->deauth)
8380 return -EOPNOTSUPP;
8381
8382 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
8383 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
8384 return -EOPNOTSUPP;
8385
8386 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
8387
8388 reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
8389 if (reason_code == 0) {
8390 /* Reason Code 0 is reserved */
8391 return -EINVAL;
8392 }
8393
8394 if (info->attrs[NL80211_ATTR_IE]) {
8395 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
8396 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
8397 }
8398
8399 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
8400
8401 wdev_lock(dev->ieee80211_ptr);
8402 err = cfg80211_mlme_deauth(rdev, dev, bssid, ie, ie_len, reason_code,
8403 local_state_change);
8404 wdev_unlock(dev->ieee80211_ptr);
8405 return err;
8406}
8407
8408static int nl80211_disassociate(struct sk_buff *skb, struct genl_info *info)
8409{
8410 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8411 struct net_device *dev = info->user_ptr[1];
8412 const u8 *ie = NULL, *bssid;
8413 int ie_len = 0, err;
8414 u16 reason_code;
8415 bool local_state_change;
8416
8417 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
8418 return -EINVAL;
8419
8420 if (!info->attrs[NL80211_ATTR_MAC])
8421 return -EINVAL;
8422
8423 if (!info->attrs[NL80211_ATTR_REASON_CODE])
8424 return -EINVAL;
8425
8426 if (!rdev->ops->disassoc)
8427 return -EOPNOTSUPP;
8428
8429 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
8430 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
8431 return -EOPNOTSUPP;
8432
8433 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
8434
8435 reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
8436 if (reason_code == 0) {
8437 /* Reason Code 0 is reserved */
8438 return -EINVAL;
8439 }
8440
8441 if (info->attrs[NL80211_ATTR_IE]) {
8442 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
8443 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
8444 }
8445
8446 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
8447
8448 wdev_lock(dev->ieee80211_ptr);
8449 err = cfg80211_mlme_disassoc(rdev, dev, bssid, ie, ie_len, reason_code,
8450 local_state_change);
8451 wdev_unlock(dev->ieee80211_ptr);
8452 return err;
8453}
8454
8455static bool
8456nl80211_parse_mcast_rate(struct cfg80211_registered_device *rdev,
8457 int mcast_rate[NUM_NL80211_BANDS],
8458 int rateval)
8459{
8460 struct wiphy *wiphy = &rdev->wiphy;
8461 bool found = false;
8462 int band, i;
8463
8464 for (band = 0; band < NUM_NL80211_BANDS; band++) {
8465 struct ieee80211_supported_band *sband;
8466
8467 sband = wiphy->bands[band];
8468 if (!sband)
8469 continue;
8470
8471 for (i = 0; i < sband->n_bitrates; i++) {
8472 if (sband->bitrates[i].bitrate == rateval) {
8473 mcast_rate[band] = i + 1;
8474 found = true;
8475 break;
8476 }
8477 }
8478 }
8479
8480 return found;
8481}
8482
8483static int nl80211_join_ibss(struct sk_buff *skb, struct genl_info *info)
8484{
8485 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8486 struct net_device *dev = info->user_ptr[1];
8487 struct cfg80211_ibss_params ibss;
8488 struct wiphy *wiphy;
8489 struct cfg80211_cached_keys *connkeys = NULL;
8490 int err;
8491
8492 memset(&ibss, 0, sizeof(ibss));
8493
8494 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
8495 return -EINVAL;
8496
8497 if (!info->attrs[NL80211_ATTR_SSID] ||
8498 !nla_len(info->attrs[NL80211_ATTR_SSID]))
8499 return -EINVAL;
8500
8501 ibss.beacon_interval = 100;
8502
8503 if (info->attrs[NL80211_ATTR_BEACON_INTERVAL])
8504 ibss.beacon_interval =
8505 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
8506
8507 err = cfg80211_validate_beacon_int(rdev, NL80211_IFTYPE_ADHOC,
8508 ibss.beacon_interval);
8509 if (err)
8510 return err;
8511
8512 if (!rdev->ops->join_ibss)
8513 return -EOPNOTSUPP;
8514
8515 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
8516 return -EOPNOTSUPP;
8517
8518 wiphy = &rdev->wiphy;
8519
8520 if (info->attrs[NL80211_ATTR_MAC]) {
8521 ibss.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
8522
8523 if (!is_valid_ether_addr(ibss.bssid))
8524 return -EINVAL;
8525 }
8526 ibss.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
8527 ibss.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
8528
8529 if (info->attrs[NL80211_ATTR_IE]) {
8530 ibss.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
8531 ibss.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
8532 }
8533
8534 err = nl80211_parse_chandef(rdev, info, &ibss.chandef);
8535 if (err)
8536 return err;
8537
8538 if (!cfg80211_reg_can_beacon(&rdev->wiphy, &ibss.chandef,
8539 NL80211_IFTYPE_ADHOC))
8540 return -EINVAL;
8541
8542 switch (ibss.chandef.width) {
8543 case NL80211_CHAN_WIDTH_5:
8544 case NL80211_CHAN_WIDTH_10:
8545 case NL80211_CHAN_WIDTH_20_NOHT:
8546 break;
8547 case NL80211_CHAN_WIDTH_20:
8548 case NL80211_CHAN_WIDTH_40:
8549 if (!(rdev->wiphy.features & NL80211_FEATURE_HT_IBSS))
8550 return -EINVAL;
8551 break;
8552 case NL80211_CHAN_WIDTH_80:
8553 case NL80211_CHAN_WIDTH_80P80:
8554 case NL80211_CHAN_WIDTH_160:
8555 if (!(rdev->wiphy.features & NL80211_FEATURE_HT_IBSS))
8556 return -EINVAL;
8557 if (!wiphy_ext_feature_isset(&rdev->wiphy,
8558 NL80211_EXT_FEATURE_VHT_IBSS))
8559 return -EINVAL;
8560 break;
8561 default:
8562 return -EINVAL;
8563 }
8564
8565 ibss.channel_fixed = !!info->attrs[NL80211_ATTR_FREQ_FIXED];
8566 ibss.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
8567
8568 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
8569 u8 *rates =
8570 nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
8571 int n_rates =
8572 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
8573 struct ieee80211_supported_band *sband =
8574 wiphy->bands[ibss.chandef.chan->band];
8575
8576 err = ieee80211_get_ratemask(sband, rates, n_rates,
8577 &ibss.basic_rates);
8578 if (err)
8579 return err;
8580 }
8581
8582 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
8583 memcpy(&ibss.ht_capa_mask,
8584 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
8585 sizeof(ibss.ht_capa_mask));
8586
8587 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
8588 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
8589 return -EINVAL;
8590 memcpy(&ibss.ht_capa,
8591 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
8592 sizeof(ibss.ht_capa));
8593 }
8594
8595 if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
8596 !nl80211_parse_mcast_rate(rdev, ibss.mcast_rate,
8597 nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
8598 return -EINVAL;
8599
8600 if (ibss.privacy && info->attrs[NL80211_ATTR_KEYS]) {
8601 bool no_ht = false;
8602
8603 connkeys = nl80211_parse_connkeys(rdev,
8604 info->attrs[NL80211_ATTR_KEYS],
8605 &no_ht);
8606 if (IS_ERR(connkeys))
8607 return PTR_ERR(connkeys);
8608
8609 if ((ibss.chandef.width != NL80211_CHAN_WIDTH_20_NOHT) &&
8610 no_ht) {
8611 kzfree(connkeys);
8612 return -EINVAL;
8613 }
8614 }
8615
8616 ibss.control_port =
8617 nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT]);
8618
8619 ibss.userspace_handles_dfs =
8620 nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS]);
8621
8622 err = cfg80211_join_ibss(rdev, dev, &ibss, connkeys);
8623 if (err)
8624 kzfree(connkeys);
8625 return err;
8626}
8627
8628static int nl80211_leave_ibss(struct sk_buff *skb, struct genl_info *info)
8629{
8630 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8631 struct net_device *dev = info->user_ptr[1];
8632
8633 if (!rdev->ops->leave_ibss)
8634 return -EOPNOTSUPP;
8635
8636 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
8637 return -EOPNOTSUPP;
8638
8639 return cfg80211_leave_ibss(rdev, dev, false);
8640}
8641
8642static int nl80211_set_mcast_rate(struct sk_buff *skb, struct genl_info *info)
8643{
8644 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8645 struct net_device *dev = info->user_ptr[1];
8646 int mcast_rate[NUM_NL80211_BANDS];
8647 u32 nla_rate;
8648 int err;
8649
8650 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC &&
8651 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
8652 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_OCB)
8653 return -EOPNOTSUPP;
8654
8655 if (!rdev->ops->set_mcast_rate)
8656 return -EOPNOTSUPP;
8657
8658 memset(mcast_rate, 0, sizeof(mcast_rate));
8659
8660 if (!info->attrs[NL80211_ATTR_MCAST_RATE])
8661 return -EINVAL;
8662
8663 nla_rate = nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE]);
8664 if (!nl80211_parse_mcast_rate(rdev, mcast_rate, nla_rate))
8665 return -EINVAL;
8666
8667 err = rdev_set_mcast_rate(rdev, dev, mcast_rate);
8668
8669 return err;
8670}
8671
8672static struct sk_buff *
8673__cfg80211_alloc_vendor_skb(struct cfg80211_registered_device *rdev,
8674 struct wireless_dev *wdev, int approxlen,
8675 u32 portid, u32 seq, enum nl80211_commands cmd,
8676 enum nl80211_attrs attr,
8677 const struct nl80211_vendor_cmd_info *info,
8678 gfp_t gfp)
8679{
8680 struct sk_buff *skb;
8681 void *hdr;
8682 struct nlattr *data;
8683
8684 skb = nlmsg_new(approxlen + 100, gfp);
8685 if (!skb)
8686 return NULL;
8687
8688 hdr = nl80211hdr_put(skb, portid, seq, 0, cmd);
8689 if (!hdr) {
8690 kfree_skb(skb);
8691 return NULL;
8692 }
8693
8694 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
8695 goto nla_put_failure;
8696
8697 if (info) {
8698 if (nla_put_u32(skb, NL80211_ATTR_VENDOR_ID,
8699 info->vendor_id))
8700 goto nla_put_failure;
8701 if (nla_put_u32(skb, NL80211_ATTR_VENDOR_SUBCMD,
8702 info->subcmd))
8703 goto nla_put_failure;
8704 }
8705
8706 if (wdev) {
8707 if (nla_put_u64_64bit(skb, NL80211_ATTR_WDEV,
8708 wdev_id(wdev), NL80211_ATTR_PAD))
8709 goto nla_put_failure;
8710 if (wdev->netdev &&
8711 nla_put_u32(skb, NL80211_ATTR_IFINDEX,
8712 wdev->netdev->ifindex))
8713 goto nla_put_failure;
8714 }
8715
8716 data = nla_nest_start(skb, attr);
8717 if (!data)
8718 goto nla_put_failure;
8719
8720 ((void **)skb->cb)[0] = rdev;
8721 ((void **)skb->cb)[1] = hdr;
8722 ((void **)skb->cb)[2] = data;
8723
8724 return skb;
8725
8726 nla_put_failure:
8727 kfree_skb(skb);
8728 return NULL;
8729}
8730
8731struct sk_buff *__cfg80211_alloc_event_skb(struct wiphy *wiphy,
8732 struct wireless_dev *wdev,
8733 enum nl80211_commands cmd,
8734 enum nl80211_attrs attr,
8735 int vendor_event_idx,
8736 int approxlen, gfp_t gfp)
8737{
8738 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
8739 const struct nl80211_vendor_cmd_info *info;
8740
8741 switch (cmd) {
8742 case NL80211_CMD_TESTMODE:
8743 if (WARN_ON(vendor_event_idx != -1))
8744 return NULL;
8745 info = NULL;
8746 break;
8747 case NL80211_CMD_VENDOR:
8748 if (WARN_ON(vendor_event_idx < 0 ||
8749 vendor_event_idx >= wiphy->n_vendor_events))
8750 return NULL;
8751 info = &wiphy->vendor_events[vendor_event_idx];
8752 break;
8753 default:
8754 WARN_ON(1);
8755 return NULL;
8756 }
8757
8758 return __cfg80211_alloc_vendor_skb(rdev, wdev, approxlen, 0, 0,
8759 cmd, attr, info, gfp);
8760}
8761EXPORT_SYMBOL(__cfg80211_alloc_event_skb);
8762
8763void __cfg80211_send_event_skb(struct sk_buff *skb, gfp_t gfp)
8764{
8765 struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
8766 void *hdr = ((void **)skb->cb)[1];
8767 struct nlattr *data = ((void **)skb->cb)[2];
8768 enum nl80211_multicast_groups mcgrp = NL80211_MCGRP_TESTMODE;
8769
8770 /* clear CB data for netlink core to own from now on */
8771 memset(skb->cb, 0, sizeof(skb->cb));
8772
8773 nla_nest_end(skb, data);
8774 genlmsg_end(skb, hdr);
8775
8776 if (data->nla_type == NL80211_ATTR_VENDOR_DATA)
8777 mcgrp = NL80211_MCGRP_VENDOR;
8778
8779 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), skb, 0,
8780 mcgrp, gfp);
8781}
8782EXPORT_SYMBOL(__cfg80211_send_event_skb);
8783
8784#ifdef CONFIG_NL80211_TESTMODE
8785static int nl80211_testmode_do(struct sk_buff *skb, struct genl_info *info)
8786{
8787 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8788 struct wireless_dev *wdev =
8789 __cfg80211_wdev_from_attrs(genl_info_net(info), info->attrs);
8790 int err;
8791
8792 if (!rdev->ops->testmode_cmd)
8793 return -EOPNOTSUPP;
8794
8795 if (IS_ERR(wdev)) {
8796 err = PTR_ERR(wdev);
8797 if (err != -EINVAL)
8798 return err;
8799 wdev = NULL;
8800 } else if (wdev->wiphy != &rdev->wiphy) {
8801 return -EINVAL;
8802 }
8803
8804 if (!info->attrs[NL80211_ATTR_TESTDATA])
8805 return -EINVAL;
8806
8807 rdev->cur_cmd_info = info;
8808 err = rdev_testmode_cmd(rdev, wdev,
8809 nla_data(info->attrs[NL80211_ATTR_TESTDATA]),
8810 nla_len(info->attrs[NL80211_ATTR_TESTDATA]));
8811 rdev->cur_cmd_info = NULL;
8812
8813 return err;
8814}
8815
8816static int nl80211_testmode_dump(struct sk_buff *skb,
8817 struct netlink_callback *cb)
8818{
8819 struct cfg80211_registered_device *rdev;
8820 int err;
8821 long phy_idx;
8822 void *data = NULL;
8823 int data_len = 0;
8824
8825 rtnl_lock();
8826
8827 if (cb->args[0]) {
8828 /*
8829 * 0 is a valid index, but not valid for args[0],
8830 * so we need to offset by 1.
8831 */
8832 phy_idx = cb->args[0] - 1;
8833
8834 rdev = cfg80211_rdev_by_wiphy_idx(phy_idx);
8835 if (!rdev) {
8836 err = -ENOENT;
8837 goto out_err;
8838 }
8839 } else {
8840 struct nlattr **attrbuf = genl_family_attrbuf(&nl80211_fam);
8841
8842 err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
8843 attrbuf, nl80211_fam.maxattr,
8844 nl80211_policy, NULL);
8845 if (err)
8846 goto out_err;
8847
8848 rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk), attrbuf);
8849 if (IS_ERR(rdev)) {
8850 err = PTR_ERR(rdev);
8851 goto out_err;
8852 }
8853 phy_idx = rdev->wiphy_idx;
8854
8855 if (attrbuf[NL80211_ATTR_TESTDATA])
8856 cb->args[1] = (long)attrbuf[NL80211_ATTR_TESTDATA];
8857 }
8858
8859 if (cb->args[1]) {
8860 data = nla_data((void *)cb->args[1]);
8861 data_len = nla_len((void *)cb->args[1]);
8862 }
8863
8864 if (!rdev->ops->testmode_dump) {
8865 err = -EOPNOTSUPP;
8866 goto out_err;
8867 }
8868
8869 while (1) {
8870 void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid,
8871 cb->nlh->nlmsg_seq, NLM_F_MULTI,
8872 NL80211_CMD_TESTMODE);
8873 struct nlattr *tmdata;
8874
8875 if (!hdr)
8876 break;
8877
8878 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, phy_idx)) {
8879 genlmsg_cancel(skb, hdr);
8880 break;
8881 }
8882
8883 tmdata = nla_nest_start(skb, NL80211_ATTR_TESTDATA);
8884 if (!tmdata) {
8885 genlmsg_cancel(skb, hdr);
8886 break;
8887 }
8888 err = rdev_testmode_dump(rdev, skb, cb, data, data_len);
8889 nla_nest_end(skb, tmdata);
8890
8891 if (err == -ENOBUFS || err == -ENOENT) {
8892 genlmsg_cancel(skb, hdr);
8893 break;
8894 } else if (err) {
8895 genlmsg_cancel(skb, hdr);
8896 goto out_err;
8897 }
8898
8899 genlmsg_end(skb, hdr);
8900 }
8901
8902 err = skb->len;
8903 /* see above */
8904 cb->args[0] = phy_idx + 1;
8905 out_err:
8906 rtnl_unlock();
8907 return err;
8908}
8909#endif
8910
8911static int nl80211_connect(struct sk_buff *skb, struct genl_info *info)
8912{
8913 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8914 struct net_device *dev = info->user_ptr[1];
8915 struct cfg80211_connect_params connect;
8916 struct wiphy *wiphy;
8917 struct cfg80211_cached_keys *connkeys = NULL;
8918 int err;
8919
8920 memset(&connect, 0, sizeof(connect));
8921
8922 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
8923 return -EINVAL;
8924
8925 if (!info->attrs[NL80211_ATTR_SSID] ||
8926 !nla_len(info->attrs[NL80211_ATTR_SSID]))
8927 return -EINVAL;
8928
8929 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
8930 connect.auth_type =
8931 nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
8932 if (!nl80211_valid_auth_type(rdev, connect.auth_type,
8933 NL80211_CMD_CONNECT))
8934 return -EINVAL;
8935 } else
8936 connect.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
8937
8938 connect.privacy = info->attrs[NL80211_ATTR_PRIVACY];
8939
8940 if (info->attrs[NL80211_ATTR_WANT_1X_4WAY_HS] &&
8941 !wiphy_ext_feature_isset(&rdev->wiphy,
8942 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
8943 return -EINVAL;
8944 connect.want_1x = info->attrs[NL80211_ATTR_WANT_1X_4WAY_HS];
8945
8946 err = nl80211_crypto_settings(rdev, info, &connect.crypto,
8947 NL80211_MAX_NR_CIPHER_SUITES);
8948 if (err)
8949 return err;
8950
8951 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
8952 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
8953 return -EOPNOTSUPP;
8954
8955 wiphy = &rdev->wiphy;
8956
8957 connect.bg_scan_period = -1;
8958 if (info->attrs[NL80211_ATTR_BG_SCAN_PERIOD] &&
8959 (wiphy->flags & WIPHY_FLAG_SUPPORTS_FW_ROAM)) {
8960 connect.bg_scan_period =
8961 nla_get_u16(info->attrs[NL80211_ATTR_BG_SCAN_PERIOD]);
8962 }
8963
8964 if (info->attrs[NL80211_ATTR_MAC])
8965 connect.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
8966 else if (info->attrs[NL80211_ATTR_MAC_HINT])
8967 connect.bssid_hint =
8968 nla_data(info->attrs[NL80211_ATTR_MAC_HINT]);
8969 connect.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
8970 connect.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
8971
8972 if (info->attrs[NL80211_ATTR_IE]) {
8973 connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
8974 connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
8975 }
8976
8977 if (info->attrs[NL80211_ATTR_USE_MFP]) {
8978 connect.mfp = nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
8979 if (connect.mfp != NL80211_MFP_REQUIRED &&
8980 connect.mfp != NL80211_MFP_NO)
8981 return -EINVAL;
8982 } else {
8983 connect.mfp = NL80211_MFP_NO;
8984 }
8985
8986 if (info->attrs[NL80211_ATTR_PREV_BSSID])
8987 connect.prev_bssid =
8988 nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]);
8989
8990 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
8991 connect.channel = nl80211_get_valid_chan(
8992 wiphy, info->attrs[NL80211_ATTR_WIPHY_FREQ]);
8993 if (!connect.channel)
8994 return -EINVAL;
8995 } else if (info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]) {
8996 connect.channel_hint = nl80211_get_valid_chan(
8997 wiphy, info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]);
8998 if (!connect.channel_hint)
8999 return -EINVAL;
9000 }
9001
9002 if (connect.privacy && info->attrs[NL80211_ATTR_KEYS]) {
9003 connkeys = nl80211_parse_connkeys(rdev,
9004 info->attrs[NL80211_ATTR_KEYS], NULL);
9005 if (IS_ERR(connkeys))
9006 return PTR_ERR(connkeys);
9007 }
9008
9009 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
9010 connect.flags |= ASSOC_REQ_DISABLE_HT;
9011
9012 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
9013 memcpy(&connect.ht_capa_mask,
9014 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
9015 sizeof(connect.ht_capa_mask));
9016
9017 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
9018 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) {
9019 kzfree(connkeys);
9020 return -EINVAL;
9021 }
9022 memcpy(&connect.ht_capa,
9023 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
9024 sizeof(connect.ht_capa));
9025 }
9026
9027 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT]))
9028 connect.flags |= ASSOC_REQ_DISABLE_VHT;
9029
9030 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
9031 memcpy(&connect.vht_capa_mask,
9032 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]),
9033 sizeof(connect.vht_capa_mask));
9034
9035 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {
9036 if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]) {
9037 kzfree(connkeys);
9038 return -EINVAL;
9039 }
9040 memcpy(&connect.vht_capa,
9041 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]),
9042 sizeof(connect.vht_capa));
9043 }
9044
9045 if (nla_get_flag(info->attrs[NL80211_ATTR_USE_RRM])) {
9046 if (!((rdev->wiphy.features &
9047 NL80211_FEATURE_DS_PARAM_SET_IE_IN_PROBES) &&
9048 (rdev->wiphy.features & NL80211_FEATURE_QUIET)) &&
9049 !wiphy_ext_feature_isset(&rdev->wiphy,
9050 NL80211_EXT_FEATURE_RRM)) {
9051 kzfree(connkeys);
9052 return -EINVAL;
9053 }
9054 connect.flags |= ASSOC_REQ_USE_RRM;
9055 }
9056
9057 connect.pbss = nla_get_flag(info->attrs[NL80211_ATTR_PBSS]);
9058 if (connect.pbss && !rdev->wiphy.bands[NL80211_BAND_60GHZ]) {
9059 kzfree(connkeys);
9060 return -EOPNOTSUPP;
9061 }
9062
9063 if (info->attrs[NL80211_ATTR_BSS_SELECT]) {
9064 /* bss selection makes no sense if bssid is set */
9065 if (connect.bssid) {
9066 kzfree(connkeys);
9067 return -EINVAL;
9068 }
9069
9070 err = parse_bss_select(info->attrs[NL80211_ATTR_BSS_SELECT],
9071 wiphy, &connect.bss_select);
9072 if (err) {
9073 kzfree(connkeys);
9074 return err;
9075 }
9076 }
9077
9078 if (wiphy_ext_feature_isset(&rdev->wiphy,
9079 NL80211_EXT_FEATURE_FILS_SK_OFFLOAD) &&
9080 info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] &&
9081 info->attrs[NL80211_ATTR_FILS_ERP_REALM] &&
9082 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] &&
9083 info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
9084 connect.fils_erp_username =
9085 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
9086 connect.fils_erp_username_len =
9087 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
9088 connect.fils_erp_realm =
9089 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
9090 connect.fils_erp_realm_len =
9091 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
9092 connect.fils_erp_next_seq_num =
9093 nla_get_u16(
9094 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM]);
9095 connect.fils_erp_rrk =
9096 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
9097 connect.fils_erp_rrk_len =
9098 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
9099 } else if (info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] ||
9100 info->attrs[NL80211_ATTR_FILS_ERP_REALM] ||
9101 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] ||
9102 info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
9103 kzfree(connkeys);
9104 return -EINVAL;
9105 }
9106
9107 if (nla_get_flag(info->attrs[NL80211_ATTR_EXTERNAL_AUTH_SUPPORT])) {
9108 if (!info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
9109 kzfree(connkeys);
9110 GENL_SET_ERR_MSG(info,
9111 "external auth requires connection ownership");
9112 return -EINVAL;
9113 }
9114 connect.flags |= CONNECT_REQ_EXTERNAL_AUTH_SUPPORT;
9115 }
9116
9117 wdev_lock(dev->ieee80211_ptr);
9118
9119 err = cfg80211_connect(rdev, dev, &connect, connkeys,
9120 connect.prev_bssid);
9121 if (err)
9122 kzfree(connkeys);
9123
9124 if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
9125 dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid;
9126 if (connect.bssid)
9127 memcpy(dev->ieee80211_ptr->disconnect_bssid,
9128 connect.bssid, ETH_ALEN);
9129 else
9130 memset(dev->ieee80211_ptr->disconnect_bssid,
9131 0, ETH_ALEN);
9132 }
9133
9134 wdev_unlock(dev->ieee80211_ptr);
9135
9136 return err;
9137}
9138
9139static int nl80211_update_connect_params(struct sk_buff *skb,
9140 struct genl_info *info)
9141{
9142 struct cfg80211_connect_params connect = {};
9143 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9144 struct net_device *dev = info->user_ptr[1];
9145 struct wireless_dev *wdev = dev->ieee80211_ptr;
9146 u32 changed = 0;
9147 int ret;
9148
9149 if (!rdev->ops->update_connect_params)
9150 return -EOPNOTSUPP;
9151
9152 if (info->attrs[NL80211_ATTR_IE]) {
9153 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
9154 return -EINVAL;
9155 connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
9156 connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
9157 changed |= UPDATE_ASSOC_IES;
9158 }
9159
9160 wdev_lock(dev->ieee80211_ptr);
9161 if (!wdev->current_bss)
9162 ret = -ENOLINK;
9163 else
9164 ret = rdev_update_connect_params(rdev, dev, &connect, changed);
9165 wdev_unlock(dev->ieee80211_ptr);
9166
9167 return ret;
9168}
9169
9170static int nl80211_disconnect(struct sk_buff *skb, struct genl_info *info)
9171{
9172 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9173 struct net_device *dev = info->user_ptr[1];
9174 u16 reason;
9175 int ret;
9176
9177 if (!info->attrs[NL80211_ATTR_REASON_CODE])
9178 reason = WLAN_REASON_DEAUTH_LEAVING;
9179 else
9180 reason = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
9181
9182 if (reason == 0)
9183 return -EINVAL;
9184
9185 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
9186 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
9187 return -EOPNOTSUPP;
9188
9189 wdev_lock(dev->ieee80211_ptr);
9190 ret = cfg80211_disconnect(rdev, dev, reason, true);
9191 wdev_unlock(dev->ieee80211_ptr);
9192 return ret;
9193}
9194
9195static int nl80211_wiphy_netns(struct sk_buff *skb, struct genl_info *info)
9196{
9197 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9198 struct net *net;
9199 int err;
9200
9201 if (info->attrs[NL80211_ATTR_PID]) {
9202 u32 pid = nla_get_u32(info->attrs[NL80211_ATTR_PID]);
9203
9204 net = get_net_ns_by_pid(pid);
9205 } else if (info->attrs[NL80211_ATTR_NETNS_FD]) {
9206 u32 fd = nla_get_u32(info->attrs[NL80211_ATTR_NETNS_FD]);
9207
9208 net = get_net_ns_by_fd(fd);
9209 } else {
9210 return -EINVAL;
9211 }
9212
9213 if (IS_ERR(net))
9214 return PTR_ERR(net);
9215
9216 err = 0;
9217
9218 /* check if anything to do */
9219 if (!net_eq(wiphy_net(&rdev->wiphy), net))
9220 err = cfg80211_switch_netns(rdev, net);
9221
9222 put_net(net);
9223 return err;
9224}
9225
9226static int nl80211_setdel_pmksa(struct sk_buff *skb, struct genl_info *info)
9227{
9228 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9229 int (*rdev_ops)(struct wiphy *wiphy, struct net_device *dev,
9230 struct cfg80211_pmksa *pmksa) = NULL;
9231 struct net_device *dev = info->user_ptr[1];
9232 struct cfg80211_pmksa pmksa;
9233
9234 memset(&pmksa, 0, sizeof(struct cfg80211_pmksa));
9235
9236 if (!info->attrs[NL80211_ATTR_PMKID])
9237 return -EINVAL;
9238
9239 pmksa.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]);
9240
9241 if (info->attrs[NL80211_ATTR_MAC]) {
9242 pmksa.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
9243 } else if (info->attrs[NL80211_ATTR_SSID] &&
9244 info->attrs[NL80211_ATTR_FILS_CACHE_ID] &&
9245 (info->genlhdr->cmd == NL80211_CMD_DEL_PMKSA ||
9246 info->attrs[NL80211_ATTR_PMK])) {
9247 pmksa.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
9248 pmksa.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
9249 pmksa.cache_id =
9250 nla_data(info->attrs[NL80211_ATTR_FILS_CACHE_ID]);
9251 } else {
9252 return -EINVAL;
9253 }
9254 if (info->attrs[NL80211_ATTR_PMK]) {
9255 pmksa.pmk = nla_data(info->attrs[NL80211_ATTR_PMK]);
9256 pmksa.pmk_len = nla_len(info->attrs[NL80211_ATTR_PMK]);
9257 }
9258
9259 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
9260 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
9261 return -EOPNOTSUPP;
9262
9263 switch (info->genlhdr->cmd) {
9264 case NL80211_CMD_SET_PMKSA:
9265 rdev_ops = rdev->ops->set_pmksa;
9266 break;
9267 case NL80211_CMD_DEL_PMKSA:
9268 rdev_ops = rdev->ops->del_pmksa;
9269 break;
9270 default:
9271 WARN_ON(1);
9272 break;
9273 }
9274
9275 if (!rdev_ops)
9276 return -EOPNOTSUPP;
9277
9278 return rdev_ops(&rdev->wiphy, dev, &pmksa);
9279}
9280
9281static int nl80211_flush_pmksa(struct sk_buff *skb, struct genl_info *info)
9282{
9283 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9284 struct net_device *dev = info->user_ptr[1];
9285
9286 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
9287 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
9288 return -EOPNOTSUPP;
9289
9290 if (!rdev->ops->flush_pmksa)
9291 return -EOPNOTSUPP;
9292
9293 return rdev_flush_pmksa(rdev, dev);
9294}
9295
9296static int nl80211_tdls_mgmt(struct sk_buff *skb, struct genl_info *info)
9297{
9298 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9299 struct net_device *dev = info->user_ptr[1];
9300 u8 action_code, dialog_token;
9301 u32 peer_capability = 0;
9302 u16 status_code;
9303 u8 *peer;
9304 bool initiator;
9305
9306 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
9307 !rdev->ops->tdls_mgmt)
9308 return -EOPNOTSUPP;
9309
9310 if (!info->attrs[NL80211_ATTR_TDLS_ACTION] ||
9311 !info->attrs[NL80211_ATTR_STATUS_CODE] ||
9312 !info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN] ||
9313 !info->attrs[NL80211_ATTR_IE] ||
9314 !info->attrs[NL80211_ATTR_MAC])
9315 return -EINVAL;
9316
9317 peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
9318 action_code = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_ACTION]);
9319 status_code = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
9320 dialog_token = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN]);
9321 initiator = nla_get_flag(info->attrs[NL80211_ATTR_TDLS_INITIATOR]);
9322 if (info->attrs[NL80211_ATTR_TDLS_PEER_CAPABILITY])
9323 peer_capability =
9324 nla_get_u32(info->attrs[NL80211_ATTR_TDLS_PEER_CAPABILITY]);
9325
9326 return rdev_tdls_mgmt(rdev, dev, peer, action_code,
9327 dialog_token, status_code, peer_capability,
9328 initiator,
9329 nla_data(info->attrs[NL80211_ATTR_IE]),
9330 nla_len(info->attrs[NL80211_ATTR_IE]));
9331}
9332
9333static int nl80211_tdls_oper(struct sk_buff *skb, struct genl_info *info)
9334{
9335 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9336 struct net_device *dev = info->user_ptr[1];
9337 enum nl80211_tdls_operation operation;
9338 u8 *peer;
9339
9340 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
9341 !rdev->ops->tdls_oper)
9342 return -EOPNOTSUPP;
9343
9344 if (!info->attrs[NL80211_ATTR_TDLS_OPERATION] ||
9345 !info->attrs[NL80211_ATTR_MAC])
9346 return -EINVAL;
9347
9348 operation = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_OPERATION]);
9349 peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
9350
9351 return rdev_tdls_oper(rdev, dev, peer, operation);
9352}
9353
9354static int nl80211_remain_on_channel(struct sk_buff *skb,
9355 struct genl_info *info)
9356{
9357 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9358 struct wireless_dev *wdev = info->user_ptr[1];
9359 struct cfg80211_chan_def chandef;
9360 const struct cfg80211_chan_def *compat_chandef;
9361 struct sk_buff *msg;
9362 void *hdr;
9363 u64 cookie;
9364 u32 duration;
9365 int err;
9366
9367 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
9368 !info->attrs[NL80211_ATTR_DURATION])
9369 return -EINVAL;
9370
9371 duration = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
9372
9373 if (!rdev->ops->remain_on_channel ||
9374 !(rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL))
9375 return -EOPNOTSUPP;
9376
9377 /*
9378 * We should be on that channel for at least a minimum amount of
9379 * time (10ms) but no longer than the driver supports.
9380 */
9381 if (duration < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
9382 duration > rdev->wiphy.max_remain_on_channel_duration)
9383 return -EINVAL;
9384
9385 err = nl80211_parse_chandef(rdev, info, &chandef);
9386 if (err)
9387 return err;
9388
9389 wdev_lock(wdev);
9390 if (!cfg80211_off_channel_oper_allowed(wdev) &&
9391 !cfg80211_chandef_identical(&wdev->chandef, &chandef)) {
9392 compat_chandef = cfg80211_chandef_compatible(&wdev->chandef,
9393 &chandef);
9394 if (compat_chandef != &chandef) {
9395 wdev_unlock(wdev);
9396 return -EBUSY;
9397 }
9398 }
9399 wdev_unlock(wdev);
9400
9401 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
9402 if (!msg)
9403 return -ENOMEM;
9404
9405 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
9406 NL80211_CMD_REMAIN_ON_CHANNEL);
9407 if (!hdr) {
9408 err = -ENOBUFS;
9409 goto free_msg;
9410 }
9411
9412 err = rdev_remain_on_channel(rdev, wdev, chandef.chan,
9413 duration, &cookie);
9414
9415 if (err)
9416 goto free_msg;
9417
9418 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
9419 NL80211_ATTR_PAD))
9420 goto nla_put_failure;
9421
9422 genlmsg_end(msg, hdr);
9423
9424 return genlmsg_reply(msg, info);
9425
9426 nla_put_failure:
9427 err = -ENOBUFS;
9428 free_msg:
9429 nlmsg_free(msg);
9430 return err;
9431}
9432
9433static int nl80211_cancel_remain_on_channel(struct sk_buff *skb,
9434 struct genl_info *info)
9435{
9436 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9437 struct wireless_dev *wdev = info->user_ptr[1];
9438 u64 cookie;
9439
9440 if (!info->attrs[NL80211_ATTR_COOKIE])
9441 return -EINVAL;
9442
9443 if (!rdev->ops->cancel_remain_on_channel)
9444 return -EOPNOTSUPP;
9445
9446 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
9447
9448 return rdev_cancel_remain_on_channel(rdev, wdev, cookie);
9449}
9450
9451static int nl80211_set_tx_bitrate_mask(struct sk_buff *skb,
9452 struct genl_info *info)
9453{
9454 struct cfg80211_bitrate_mask mask;
9455 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9456 struct net_device *dev = info->user_ptr[1];
9457 int err;
9458
9459 if (!rdev->ops->set_bitrate_mask)
9460 return -EOPNOTSUPP;
9461
9462 err = nl80211_parse_tx_bitrate_mask(info, &mask);
9463 if (err)
9464 return err;
9465
9466 return rdev_set_bitrate_mask(rdev, dev, NULL, &mask);
9467}
9468
9469static int nl80211_register_mgmt(struct sk_buff *skb, struct genl_info *info)
9470{
9471 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9472 struct wireless_dev *wdev = info->user_ptr[1];
9473 u16 frame_type = IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_ACTION;
9474
9475 if (!info->attrs[NL80211_ATTR_FRAME_MATCH])
9476 return -EINVAL;
9477
9478 if (info->attrs[NL80211_ATTR_FRAME_TYPE])
9479 frame_type = nla_get_u16(info->attrs[NL80211_ATTR_FRAME_TYPE]);
9480
9481 switch (wdev->iftype) {
9482 case NL80211_IFTYPE_STATION:
9483 case NL80211_IFTYPE_ADHOC:
9484 case NL80211_IFTYPE_P2P_CLIENT:
9485 case NL80211_IFTYPE_AP:
9486 case NL80211_IFTYPE_AP_VLAN:
9487 case NL80211_IFTYPE_MESH_POINT:
9488 case NL80211_IFTYPE_P2P_GO:
9489 case NL80211_IFTYPE_P2P_DEVICE:
9490 break;
9491 case NL80211_IFTYPE_NAN:
9492 default:
9493 return -EOPNOTSUPP;
9494 }
9495
9496 /* not much point in registering if we can't reply */
9497 if (!rdev->ops->mgmt_tx)
9498 return -EOPNOTSUPP;
9499
9500 return cfg80211_mlme_register_mgmt(wdev, info->snd_portid, frame_type,
9501 nla_data(info->attrs[NL80211_ATTR_FRAME_MATCH]),
9502 nla_len(info->attrs[NL80211_ATTR_FRAME_MATCH]));
9503}
9504
9505static int nl80211_tx_mgmt(struct sk_buff *skb, struct genl_info *info)
9506{
9507 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9508 struct wireless_dev *wdev = info->user_ptr[1];
9509 struct cfg80211_chan_def chandef;
9510 int err;
9511 void *hdr = NULL;
9512 u64 cookie;
9513 struct sk_buff *msg = NULL;
9514 struct cfg80211_mgmt_tx_params params = {
9515 .dont_wait_for_ack =
9516 info->attrs[NL80211_ATTR_DONT_WAIT_FOR_ACK],
9517 };
9518
9519 if (!info->attrs[NL80211_ATTR_FRAME])
9520 return -EINVAL;
9521
9522 if (!rdev->ops->mgmt_tx)
9523 return -EOPNOTSUPP;
9524
9525 switch (wdev->iftype) {
9526 case NL80211_IFTYPE_P2P_DEVICE:
9527 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
9528 return -EINVAL;
9529 case NL80211_IFTYPE_STATION:
9530 case NL80211_IFTYPE_ADHOC:
9531 case NL80211_IFTYPE_P2P_CLIENT:
9532 case NL80211_IFTYPE_AP:
9533 case NL80211_IFTYPE_AP_VLAN:
9534 case NL80211_IFTYPE_MESH_POINT:
9535 case NL80211_IFTYPE_P2P_GO:
9536 break;
9537 case NL80211_IFTYPE_NAN:
9538 default:
9539 return -EOPNOTSUPP;
9540 }
9541
9542 if (info->attrs[NL80211_ATTR_DURATION]) {
9543 if (!(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
9544 return -EINVAL;
9545 params.wait = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
9546
9547 /*
9548 * We should wait on the channel for at least a minimum amount
9549 * of time (10ms) but no longer than the driver supports.
9550 */
9551 if (params.wait < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
9552 params.wait > rdev->wiphy.max_remain_on_channel_duration)
9553 return -EINVAL;
9554 }
9555
9556 params.offchan = info->attrs[NL80211_ATTR_OFFCHANNEL_TX_OK];
9557
9558 if (params.offchan && !(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
9559 return -EINVAL;
9560
9561 params.no_cck = nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
9562
9563 /* get the channel if any has been specified, otherwise pass NULL to
9564 * the driver. The latter will use the current one
9565 */
9566 chandef.chan = NULL;
9567 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
9568 err = nl80211_parse_chandef(rdev, info, &chandef);
9569 if (err)
9570 return err;
9571 }
9572
9573 if (!chandef.chan && params.offchan)
9574 return -EINVAL;
9575
9576 wdev_lock(wdev);
9577 if (params.offchan && !cfg80211_off_channel_oper_allowed(wdev)) {
9578 wdev_unlock(wdev);
9579 return -EBUSY;
9580 }
9581 wdev_unlock(wdev);
9582
9583 params.buf = nla_data(info->attrs[NL80211_ATTR_FRAME]);
9584 params.len = nla_len(info->attrs[NL80211_ATTR_FRAME]);
9585
9586 if (info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]) {
9587 int len = nla_len(info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]);
9588 int i;
9589
9590 if (len % sizeof(u16))
9591 return -EINVAL;
9592
9593 params.n_csa_offsets = len / sizeof(u16);
9594 params.csa_offsets =
9595 nla_data(info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]);
9596
9597 /* check that all the offsets fit the frame */
9598 for (i = 0; i < params.n_csa_offsets; i++) {
9599 if (params.csa_offsets[i] >= params.len)
9600 return -EINVAL;
9601 }
9602 }
9603
9604 if (!params.dont_wait_for_ack) {
9605 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
9606 if (!msg)
9607 return -ENOMEM;
9608
9609 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
9610 NL80211_CMD_FRAME);
9611 if (!hdr) {
9612 err = -ENOBUFS;
9613 goto free_msg;
9614 }
9615 }
9616
9617 params.chan = chandef.chan;
9618 err = cfg80211_mlme_mgmt_tx(rdev, wdev, &params, &cookie);
9619 if (err)
9620 goto free_msg;
9621
9622 if (msg) {
9623 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
9624 NL80211_ATTR_PAD))
9625 goto nla_put_failure;
9626
9627 genlmsg_end(msg, hdr);
9628 return genlmsg_reply(msg, info);
9629 }
9630
9631 return 0;
9632
9633 nla_put_failure:
9634 err = -ENOBUFS;
9635 free_msg:
9636 nlmsg_free(msg);
9637 return err;
9638}
9639
9640static int nl80211_tx_mgmt_cancel_wait(struct sk_buff *skb, struct genl_info *info)
9641{
9642 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9643 struct wireless_dev *wdev = info->user_ptr[1];
9644 u64 cookie;
9645
9646 if (!info->attrs[NL80211_ATTR_COOKIE])
9647 return -EINVAL;
9648
9649 if (!rdev->ops->mgmt_tx_cancel_wait)
9650 return -EOPNOTSUPP;
9651
9652 switch (wdev->iftype) {
9653 case NL80211_IFTYPE_STATION:
9654 case NL80211_IFTYPE_ADHOC:
9655 case NL80211_IFTYPE_P2P_CLIENT:
9656 case NL80211_IFTYPE_AP:
9657 case NL80211_IFTYPE_AP_VLAN:
9658 case NL80211_IFTYPE_P2P_GO:
9659 case NL80211_IFTYPE_P2P_DEVICE:
9660 break;
9661 case NL80211_IFTYPE_NAN:
9662 default:
9663 return -EOPNOTSUPP;
9664 }
9665
9666 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
9667
9668 return rdev_mgmt_tx_cancel_wait(rdev, wdev, cookie);
9669}
9670
9671static int nl80211_set_power_save(struct sk_buff *skb, struct genl_info *info)
9672{
9673 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9674 struct wireless_dev *wdev;
9675 struct net_device *dev = info->user_ptr[1];
9676 u8 ps_state;
9677 bool state;
9678 int err;
9679
9680 if (!info->attrs[NL80211_ATTR_PS_STATE])
9681 return -EINVAL;
9682
9683 ps_state = nla_get_u32(info->attrs[NL80211_ATTR_PS_STATE]);
9684
9685 if (ps_state != NL80211_PS_DISABLED && ps_state != NL80211_PS_ENABLED)
9686 return -EINVAL;
9687
9688 wdev = dev->ieee80211_ptr;
9689
9690 if (!rdev->ops->set_power_mgmt)
9691 return -EOPNOTSUPP;
9692
9693 state = (ps_state == NL80211_PS_ENABLED) ? true : false;
9694
9695 if (state == wdev->ps)
9696 return 0;
9697
9698 err = rdev_set_power_mgmt(rdev, dev, state, wdev->ps_timeout);
9699 if (!err)
9700 wdev->ps = state;
9701 return err;
9702}
9703
9704static int nl80211_get_power_save(struct sk_buff *skb, struct genl_info *info)
9705{
9706 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9707 enum nl80211_ps_state ps_state;
9708 struct wireless_dev *wdev;
9709 struct net_device *dev = info->user_ptr[1];
9710 struct sk_buff *msg;
9711 void *hdr;
9712 int err;
9713
9714 wdev = dev->ieee80211_ptr;
9715
9716 if (!rdev->ops->set_power_mgmt)
9717 return -EOPNOTSUPP;
9718
9719 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
9720 if (!msg)
9721 return -ENOMEM;
9722
9723 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
9724 NL80211_CMD_GET_POWER_SAVE);
9725 if (!hdr) {
9726 err = -ENOBUFS;
9727 goto free_msg;
9728 }
9729
9730 if (wdev->ps)
9731 ps_state = NL80211_PS_ENABLED;
9732 else
9733 ps_state = NL80211_PS_DISABLED;
9734
9735 if (nla_put_u32(msg, NL80211_ATTR_PS_STATE, ps_state))
9736 goto nla_put_failure;
9737
9738 genlmsg_end(msg, hdr);
9739 return genlmsg_reply(msg, info);
9740
9741 nla_put_failure:
9742 err = -ENOBUFS;
9743 free_msg:
9744 nlmsg_free(msg);
9745 return err;
9746}
9747
9748static const struct nla_policy
9749nl80211_attr_cqm_policy[NL80211_ATTR_CQM_MAX + 1] = {
9750 [NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_BINARY },
9751 [NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U32 },
9752 [NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 },
9753 [NL80211_ATTR_CQM_TXE_RATE] = { .type = NLA_U32 },
9754 [NL80211_ATTR_CQM_TXE_PKTS] = { .type = NLA_U32 },
9755 [NL80211_ATTR_CQM_TXE_INTVL] = { .type = NLA_U32 },
9756 [NL80211_ATTR_CQM_RSSI_LEVEL] = { .type = NLA_S32 },
9757};
9758
9759static int nl80211_set_cqm_txe(struct genl_info *info,
9760 u32 rate, u32 pkts, u32 intvl)
9761{
9762 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9763 struct net_device *dev = info->user_ptr[1];
9764 struct wireless_dev *wdev = dev->ieee80211_ptr;
9765
9766 if (rate > 100 || intvl > NL80211_CQM_TXE_MAX_INTVL)
9767 return -EINVAL;
9768
9769 if (!rdev->ops->set_cqm_txe_config)
9770 return -EOPNOTSUPP;
9771
9772 if (wdev->iftype != NL80211_IFTYPE_STATION &&
9773 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
9774 return -EOPNOTSUPP;
9775
9776 return rdev_set_cqm_txe_config(rdev, dev, rate, pkts, intvl);
9777}
9778
9779static int cfg80211_cqm_rssi_update(struct cfg80211_registered_device *rdev,
9780 struct net_device *dev)
9781{
9782 struct wireless_dev *wdev = dev->ieee80211_ptr;
9783 s32 last, low, high;
9784 u32 hyst;
9785 int i, n, low_index;
9786 int err;
9787
9788 /* RSSI reporting disabled? */
9789 if (!wdev->cqm_config)
9790 return rdev_set_cqm_rssi_range_config(rdev, dev, 0, 0);
9791
9792 /*
9793 * Obtain current RSSI value if possible, if not and no RSSI threshold
9794 * event has been received yet, we should receive an event after a
9795 * connection is established and enough beacons received to calculate
9796 * the average.
9797 */
9798 if (!wdev->cqm_config->last_rssi_event_value && wdev->current_bss &&
9799 rdev->ops->get_station) {
9800 struct station_info sinfo;
9801 u8 *mac_addr;
9802
9803 mac_addr = wdev->current_bss->pub.bssid;
9804
9805 err = rdev_get_station(rdev, dev, mac_addr, &sinfo);
9806 if (err)
9807 return err;
9808
9809 if (sinfo.filled & BIT(NL80211_STA_INFO_BEACON_SIGNAL_AVG))
9810 wdev->cqm_config->last_rssi_event_value =
9811 (s8) sinfo.rx_beacon_signal_avg;
9812 }
9813
9814 last = wdev->cqm_config->last_rssi_event_value;
9815 hyst = wdev->cqm_config->rssi_hyst;
9816 n = wdev->cqm_config->n_rssi_thresholds;
9817
9818 for (i = 0; i < n; i++) {
9819 i = array_index_nospec(i, n);
9820 if (last < wdev->cqm_config->rssi_thresholds[i])
9821 break;
9822 }
9823
9824 low_index = i - 1;
9825 if (low_index >= 0) {
9826 low_index = array_index_nospec(low_index, n);
9827 low = wdev->cqm_config->rssi_thresholds[low_index] - hyst;
9828 } else {
9829 low = S32_MIN;
9830 }
9831 if (i < n) {
9832 i = array_index_nospec(i, n);
9833 high = wdev->cqm_config->rssi_thresholds[i] + hyst - 1;
9834 } else {
9835 high = S32_MAX;
9836 }
9837
9838 return rdev_set_cqm_rssi_range_config(rdev, dev, low, high);
9839}
9840
9841static int nl80211_set_cqm_rssi(struct genl_info *info,
9842 const s32 *thresholds, int n_thresholds,
9843 u32 hysteresis)
9844{
9845 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9846 struct net_device *dev = info->user_ptr[1];
9847 struct wireless_dev *wdev = dev->ieee80211_ptr;
9848 int i, err;
9849 s32 prev = S32_MIN;
9850
9851 /* Check all values negative and sorted */
9852 for (i = 0; i < n_thresholds; i++) {
9853 if (thresholds[i] > 0 || thresholds[i] <= prev)
9854 return -EINVAL;
9855
9856 prev = thresholds[i];
9857 }
9858
9859 if (wdev->iftype != NL80211_IFTYPE_STATION &&
9860 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
9861 return -EOPNOTSUPP;
9862
9863 wdev_lock(wdev);
9864 cfg80211_cqm_config_free(wdev);
9865 wdev_unlock(wdev);
9866
9867 if (n_thresholds <= 1 && rdev->ops->set_cqm_rssi_config) {
9868 if (n_thresholds == 0 || thresholds[0] == 0) /* Disabling */
9869 return rdev_set_cqm_rssi_config(rdev, dev, 0, 0);
9870
9871 return rdev_set_cqm_rssi_config(rdev, dev,
9872 thresholds[0], hysteresis);
9873 }
9874
9875 if (!wiphy_ext_feature_isset(&rdev->wiphy,
9876 NL80211_EXT_FEATURE_CQM_RSSI_LIST))
9877 return -EOPNOTSUPP;
9878
9879 if (n_thresholds == 1 && thresholds[0] == 0) /* Disabling */
9880 n_thresholds = 0;
9881
9882 wdev_lock(wdev);
9883 if (n_thresholds) {
9884 struct cfg80211_cqm_config *cqm_config;
9885
9886 cqm_config = kzalloc(sizeof(struct cfg80211_cqm_config) +
9887 n_thresholds * sizeof(s32), GFP_KERNEL);
9888 if (!cqm_config) {
9889 err = -ENOMEM;
9890 goto unlock;
9891 }
9892
9893 cqm_config->rssi_hyst = hysteresis;
9894 cqm_config->n_rssi_thresholds = n_thresholds;
9895 memcpy(cqm_config->rssi_thresholds, thresholds,
9896 n_thresholds * sizeof(s32));
9897
9898 wdev->cqm_config = cqm_config;
9899 }
9900
9901 err = cfg80211_cqm_rssi_update(rdev, dev);
9902
9903unlock:
9904 wdev_unlock(wdev);
9905
9906 return err;
9907}
9908
9909static int nl80211_set_cqm(struct sk_buff *skb, struct genl_info *info)
9910{
9911 struct nlattr *attrs[NL80211_ATTR_CQM_MAX + 1];
9912 struct nlattr *cqm;
9913 int err;
9914
9915 cqm = info->attrs[NL80211_ATTR_CQM];
9916 if (!cqm)
9917 return -EINVAL;
9918
9919 err = nla_parse_nested(attrs, NL80211_ATTR_CQM_MAX, cqm,
9920 nl80211_attr_cqm_policy, info->extack);
9921 if (err)
9922 return err;
9923
9924 if (attrs[NL80211_ATTR_CQM_RSSI_THOLD] &&
9925 attrs[NL80211_ATTR_CQM_RSSI_HYST]) {
9926 const s32 *thresholds =
9927 nla_data(attrs[NL80211_ATTR_CQM_RSSI_THOLD]);
9928 int len = nla_len(attrs[NL80211_ATTR_CQM_RSSI_THOLD]);
9929 u32 hysteresis = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_HYST]);
9930
9931 if (len % 4)
9932 return -EINVAL;
9933
9934 return nl80211_set_cqm_rssi(info, thresholds, len / 4,
9935 hysteresis);
9936 }
9937
9938 if (attrs[NL80211_ATTR_CQM_TXE_RATE] &&
9939 attrs[NL80211_ATTR_CQM_TXE_PKTS] &&
9940 attrs[NL80211_ATTR_CQM_TXE_INTVL]) {
9941 u32 rate = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_RATE]);
9942 u32 pkts = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_PKTS]);
9943 u32 intvl = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_INTVL]);
9944
9945 return nl80211_set_cqm_txe(info, rate, pkts, intvl);
9946 }
9947
9948 return -EINVAL;
9949}
9950
9951static int nl80211_join_ocb(struct sk_buff *skb, struct genl_info *info)
9952{
9953 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9954 struct net_device *dev = info->user_ptr[1];
9955 struct ocb_setup setup = {};
9956 int err;
9957
9958 err = nl80211_parse_chandef(rdev, info, &setup.chandef);
9959 if (err)
9960 return err;
9961
9962 return cfg80211_join_ocb(rdev, dev, &setup);
9963}
9964
9965static int nl80211_leave_ocb(struct sk_buff *skb, struct genl_info *info)
9966{
9967 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9968 struct net_device *dev = info->user_ptr[1];
9969
9970 return cfg80211_leave_ocb(rdev, dev);
9971}
9972
9973static int nl80211_join_mesh(struct sk_buff *skb, struct genl_info *info)
9974{
9975 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9976 struct net_device *dev = info->user_ptr[1];
9977 struct mesh_config cfg;
9978 struct mesh_setup setup;
9979 int err;
9980
9981 /* start with default */
9982 memcpy(&cfg, &default_mesh_config, sizeof(cfg));
9983 memcpy(&setup, &default_mesh_setup, sizeof(setup));
9984
9985 if (info->attrs[NL80211_ATTR_MESH_CONFIG]) {
9986 /* and parse parameters if given */
9987 err = nl80211_parse_mesh_config(info, &cfg, NULL);
9988 if (err)
9989 return err;
9990 }
9991
9992 if (!info->attrs[NL80211_ATTR_MESH_ID] ||
9993 !nla_len(info->attrs[NL80211_ATTR_MESH_ID]))
9994 return -EINVAL;
9995
9996 setup.mesh_id = nla_data(info->attrs[NL80211_ATTR_MESH_ID]);
9997 setup.mesh_id_len = nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
9998
9999 if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
10000 !nl80211_parse_mcast_rate(rdev, setup.mcast_rate,
10001 nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
10002 return -EINVAL;
10003
10004 if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) {
10005 setup.beacon_interval =
10006 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
10007
10008 err = cfg80211_validate_beacon_int(rdev,
10009 NL80211_IFTYPE_MESH_POINT,
10010 setup.beacon_interval);
10011 if (err)
10012 return err;
10013 }
10014
10015 if (info->attrs[NL80211_ATTR_DTIM_PERIOD]) {
10016 setup.dtim_period =
10017 nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
10018 if (setup.dtim_period < 1 || setup.dtim_period > 100)
10019 return -EINVAL;
10020 }
10021
10022 if (info->attrs[NL80211_ATTR_MESH_SETUP]) {
10023 /* parse additional setup parameters if given */
10024 err = nl80211_parse_mesh_setup(info, &setup);
10025 if (err)
10026 return err;
10027 }
10028
10029 if (setup.user_mpm)
10030 cfg.auto_open_plinks = false;
10031
10032 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
10033 err = nl80211_parse_chandef(rdev, info, &setup.chandef);
10034 if (err)
10035 return err;
10036 } else {
10037 /* cfg80211_join_mesh() will sort it out */
10038 setup.chandef.chan = NULL;
10039 }
10040
10041 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
10042 u8 *rates = nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
10043 int n_rates =
10044 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
10045 struct ieee80211_supported_band *sband;
10046
10047 if (!setup.chandef.chan)
10048 return -EINVAL;
10049
10050 sband = rdev->wiphy.bands[setup.chandef.chan->band];
10051
10052 err = ieee80211_get_ratemask(sband, rates, n_rates,
10053 &setup.basic_rates);
10054 if (err)
10055 return err;
10056 }
10057
10058 if (info->attrs[NL80211_ATTR_TX_RATES]) {
10059 err = nl80211_parse_tx_bitrate_mask(info, &setup.beacon_rate);
10060 if (err)
10061 return err;
10062
10063 if (!setup.chandef.chan)
10064 return -EINVAL;
10065
10066 err = validate_beacon_tx_rate(rdev, setup.chandef.chan->band,
10067 &setup.beacon_rate);
10068 if (err)
10069 return err;
10070 }
10071
10072 setup.userspace_handles_dfs =
10073 nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS]);
10074
10075 return cfg80211_join_mesh(rdev, dev, &setup, &cfg);
10076}
10077
10078static int nl80211_leave_mesh(struct sk_buff *skb, struct genl_info *info)
10079{
10080 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10081 struct net_device *dev = info->user_ptr[1];
10082
10083 return cfg80211_leave_mesh(rdev, dev);
10084}
10085
10086#ifdef CONFIG_PM
10087static int nl80211_send_wowlan_patterns(struct sk_buff *msg,
10088 struct cfg80211_registered_device *rdev)
10089{
10090 struct cfg80211_wowlan *wowlan = rdev->wiphy.wowlan_config;
10091 struct nlattr *nl_pats, *nl_pat;
10092 int i, pat_len;
10093
10094 if (!wowlan->n_patterns)
10095 return 0;
10096
10097 nl_pats = nla_nest_start(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN);
10098 if (!nl_pats)
10099 return -ENOBUFS;
10100
10101 for (i = 0; i < wowlan->n_patterns; i++) {
10102 nl_pat = nla_nest_start(msg, i + 1);
10103 if (!nl_pat)
10104 return -ENOBUFS;
10105 pat_len = wowlan->patterns[i].pattern_len;
10106 if (nla_put(msg, NL80211_PKTPAT_MASK, DIV_ROUND_UP(pat_len, 8),
10107 wowlan->patterns[i].mask) ||
10108 nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len,
10109 wowlan->patterns[i].pattern) ||
10110 nla_put_u32(msg, NL80211_PKTPAT_OFFSET,
10111 wowlan->patterns[i].pkt_offset))
10112 return -ENOBUFS;
10113 nla_nest_end(msg, nl_pat);
10114 }
10115 nla_nest_end(msg, nl_pats);
10116
10117 return 0;
10118}
10119
10120static int nl80211_send_wowlan_tcp(struct sk_buff *msg,
10121 struct cfg80211_wowlan_tcp *tcp)
10122{
10123 struct nlattr *nl_tcp;
10124
10125 if (!tcp)
10126 return 0;
10127
10128 nl_tcp = nla_nest_start(msg, NL80211_WOWLAN_TRIG_TCP_CONNECTION);
10129 if (!nl_tcp)
10130 return -ENOBUFS;
10131
10132 if (nla_put_in_addr(msg, NL80211_WOWLAN_TCP_SRC_IPV4, tcp->src) ||
10133 nla_put_in_addr(msg, NL80211_WOWLAN_TCP_DST_IPV4, tcp->dst) ||
10134 nla_put(msg, NL80211_WOWLAN_TCP_DST_MAC, ETH_ALEN, tcp->dst_mac) ||
10135 nla_put_u16(msg, NL80211_WOWLAN_TCP_SRC_PORT, tcp->src_port) ||
10136 nla_put_u16(msg, NL80211_WOWLAN_TCP_DST_PORT, tcp->dst_port) ||
10137 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
10138 tcp->payload_len, tcp->payload) ||
10139 nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
10140 tcp->data_interval) ||
10141 nla_put(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
10142 tcp->wake_len, tcp->wake_data) ||
10143 nla_put(msg, NL80211_WOWLAN_TCP_WAKE_MASK,
10144 DIV_ROUND_UP(tcp->wake_len, 8), tcp->wake_mask))
10145 return -ENOBUFS;
10146
10147 if (tcp->payload_seq.len &&
10148 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ,
10149 sizeof(tcp->payload_seq), &tcp->payload_seq))
10150 return -ENOBUFS;
10151
10152 if (tcp->payload_tok.len &&
10153 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
10154 sizeof(tcp->payload_tok) + tcp->tokens_size,
10155 &tcp->payload_tok))
10156 return -ENOBUFS;
10157
10158 nla_nest_end(msg, nl_tcp);
10159
10160 return 0;
10161}
10162
10163static int nl80211_send_wowlan_nd(struct sk_buff *msg,
10164 struct cfg80211_sched_scan_request *req)
10165{
10166 struct nlattr *nd, *freqs, *matches, *match, *scan_plans, *scan_plan;
10167 int i;
10168
10169 if (!req)
10170 return 0;
10171
10172 nd = nla_nest_start(msg, NL80211_WOWLAN_TRIG_NET_DETECT);
10173 if (!nd)
10174 return -ENOBUFS;
10175
10176 if (req->n_scan_plans == 1 &&
10177 nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_INTERVAL,
10178 req->scan_plans[0].interval * 1000))
10179 return -ENOBUFS;
10180
10181 if (nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_DELAY, req->delay))
10182 return -ENOBUFS;
10183
10184 if (req->relative_rssi_set) {
10185 struct nl80211_bss_select_rssi_adjust rssi_adjust;
10186
10187 if (nla_put_s8(msg, NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI,
10188 req->relative_rssi))
10189 return -ENOBUFS;
10190
10191 rssi_adjust.band = req->rssi_adjust.band;
10192 rssi_adjust.delta = req->rssi_adjust.delta;
10193 if (nla_put(msg, NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST,
10194 sizeof(rssi_adjust), &rssi_adjust))
10195 return -ENOBUFS;
10196 }
10197
10198 freqs = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQUENCIES);
10199 if (!freqs)
10200 return -ENOBUFS;
10201
10202 for (i = 0; i < req->n_channels; i++) {
10203 if (nla_put_u32(msg, i, req->channels[i]->center_freq))
10204 return -ENOBUFS;
10205 }
10206
10207 nla_nest_end(msg, freqs);
10208
10209 if (req->n_match_sets) {
10210 matches = nla_nest_start(msg, NL80211_ATTR_SCHED_SCAN_MATCH);
10211 if (!matches)
10212 return -ENOBUFS;
10213
10214 for (i = 0; i < req->n_match_sets; i++) {
10215 match = nla_nest_start(msg, i);
10216 if (!match)
10217 return -ENOBUFS;
10218
10219 if (nla_put(msg, NL80211_SCHED_SCAN_MATCH_ATTR_SSID,
10220 req->match_sets[i].ssid.ssid_len,
10221 req->match_sets[i].ssid.ssid))
10222 return -ENOBUFS;
10223 nla_nest_end(msg, match);
10224 }
10225 nla_nest_end(msg, matches);
10226 }
10227
10228 scan_plans = nla_nest_start(msg, NL80211_ATTR_SCHED_SCAN_PLANS);
10229 if (!scan_plans)
10230 return -ENOBUFS;
10231
10232 for (i = 0; i < req->n_scan_plans; i++) {
10233 scan_plan = nla_nest_start(msg, i + 1);
10234 if (!scan_plan)
10235 return -ENOBUFS;
10236
10237 if (!scan_plan ||
10238 nla_put_u32(msg, NL80211_SCHED_SCAN_PLAN_INTERVAL,
10239 req->scan_plans[i].interval) ||
10240 (req->scan_plans[i].iterations &&
10241 nla_put_u32(msg, NL80211_SCHED_SCAN_PLAN_ITERATIONS,
10242 req->scan_plans[i].iterations)))
10243 return -ENOBUFS;
10244 nla_nest_end(msg, scan_plan);
10245 }
10246 nla_nest_end(msg, scan_plans);
10247
10248 nla_nest_end(msg, nd);
10249
10250 return 0;
10251}
10252
10253static int nl80211_get_wowlan(struct sk_buff *skb, struct genl_info *info)
10254{
10255 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10256 struct sk_buff *msg;
10257 void *hdr;
10258 u32 size = NLMSG_DEFAULT_SIZE;
10259
10260 if (!rdev->wiphy.wowlan)
10261 return -EOPNOTSUPP;
10262
10263 if (rdev->wiphy.wowlan_config && rdev->wiphy.wowlan_config->tcp) {
10264 /* adjust size to have room for all the data */
10265 size += rdev->wiphy.wowlan_config->tcp->tokens_size +
10266 rdev->wiphy.wowlan_config->tcp->payload_len +
10267 rdev->wiphy.wowlan_config->tcp->wake_len +
10268 rdev->wiphy.wowlan_config->tcp->wake_len / 8;
10269 }
10270
10271 msg = nlmsg_new(size, GFP_KERNEL);
10272 if (!msg)
10273 return -ENOMEM;
10274
10275 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
10276 NL80211_CMD_GET_WOWLAN);
10277 if (!hdr)
10278 goto nla_put_failure;
10279
10280 if (rdev->wiphy.wowlan_config) {
10281 struct nlattr *nl_wowlan;
10282
10283 nl_wowlan = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS);
10284 if (!nl_wowlan)
10285 goto nla_put_failure;
10286
10287 if ((rdev->wiphy.wowlan_config->any &&
10288 nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
10289 (rdev->wiphy.wowlan_config->disconnect &&
10290 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
10291 (rdev->wiphy.wowlan_config->magic_pkt &&
10292 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
10293 (rdev->wiphy.wowlan_config->gtk_rekey_failure &&
10294 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
10295 (rdev->wiphy.wowlan_config->eap_identity_req &&
10296 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
10297 (rdev->wiphy.wowlan_config->four_way_handshake &&
10298 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
10299 (rdev->wiphy.wowlan_config->rfkill_release &&
10300 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
10301 goto nla_put_failure;
10302
10303 if (nl80211_send_wowlan_patterns(msg, rdev))
10304 goto nla_put_failure;
10305
10306 if (nl80211_send_wowlan_tcp(msg,
10307 rdev->wiphy.wowlan_config->tcp))
10308 goto nla_put_failure;
10309
10310 if (nl80211_send_wowlan_nd(
10311 msg,
10312 rdev->wiphy.wowlan_config->nd_config))
10313 goto nla_put_failure;
10314
10315 nla_nest_end(msg, nl_wowlan);
10316 }
10317
10318 genlmsg_end(msg, hdr);
10319 return genlmsg_reply(msg, info);
10320
10321nla_put_failure:
10322 nlmsg_free(msg);
10323 return -ENOBUFS;
10324}
10325
10326static int nl80211_parse_wowlan_tcp(struct cfg80211_registered_device *rdev,
10327 struct nlattr *attr,
10328 struct cfg80211_wowlan *trig)
10329{
10330 struct nlattr *tb[NUM_NL80211_WOWLAN_TCP];
10331 struct cfg80211_wowlan_tcp *cfg;
10332 struct nl80211_wowlan_tcp_data_token *tok = NULL;
10333 struct nl80211_wowlan_tcp_data_seq *seq = NULL;
10334 u32 size;
10335 u32 data_size, wake_size, tokens_size = 0, wake_mask_size;
10336 int err, port;
10337
10338 if (!rdev->wiphy.wowlan->tcp)
10339 return -EINVAL;
10340
10341 err = nla_parse_nested(tb, MAX_NL80211_WOWLAN_TCP, attr,
10342 nl80211_wowlan_tcp_policy, NULL);
10343 if (err)
10344 return err;
10345
10346 if (!tb[NL80211_WOWLAN_TCP_SRC_IPV4] ||
10347 !tb[NL80211_WOWLAN_TCP_DST_IPV4] ||
10348 !tb[NL80211_WOWLAN_TCP_DST_MAC] ||
10349 !tb[NL80211_WOWLAN_TCP_DST_PORT] ||
10350 !tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD] ||
10351 !tb[NL80211_WOWLAN_TCP_DATA_INTERVAL] ||
10352 !tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD] ||
10353 !tb[NL80211_WOWLAN_TCP_WAKE_MASK])
10354 return -EINVAL;
10355
10356 data_size = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]);
10357 if (data_size > rdev->wiphy.wowlan->tcp->data_payload_max)
10358 return -EINVAL;
10359
10360 if (nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) >
10361 rdev->wiphy.wowlan->tcp->data_interval_max ||
10362 nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) == 0)
10363 return -EINVAL;
10364
10365 wake_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]);
10366 if (wake_size > rdev->wiphy.wowlan->tcp->wake_payload_max)
10367 return -EINVAL;
10368
10369 wake_mask_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_MASK]);
10370 if (wake_mask_size != DIV_ROUND_UP(wake_size, 8))
10371 return -EINVAL;
10372
10373 if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]) {
10374 u32 tokln = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]);
10375
10376 tok = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]);
10377 tokens_size = tokln - sizeof(*tok);
10378
10379 if (!tok->len || tokens_size % tok->len)
10380 return -EINVAL;
10381 if (!rdev->wiphy.wowlan->tcp->tok)
10382 return -EINVAL;
10383 if (tok->len > rdev->wiphy.wowlan->tcp->tok->max_len)
10384 return -EINVAL;
10385 if (tok->len < rdev->wiphy.wowlan->tcp->tok->min_len)
10386 return -EINVAL;
10387 if (tokens_size > rdev->wiphy.wowlan->tcp->tok->bufsize)
10388 return -EINVAL;
10389 if (tok->offset + tok->len > data_size)
10390 return -EINVAL;
10391 }
10392
10393 if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]) {
10394 seq = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]);
10395 if (!rdev->wiphy.wowlan->tcp->seq)
10396 return -EINVAL;
10397 if (seq->len == 0 || seq->len > 4)
10398 return -EINVAL;
10399 if (seq->len + seq->offset > data_size)
10400 return -EINVAL;
10401 }
10402
10403 size = sizeof(*cfg);
10404 size += data_size;
10405 size += wake_size + wake_mask_size;
10406 size += tokens_size;
10407
10408 cfg = kzalloc(size, GFP_KERNEL);
10409 if (!cfg)
10410 return -ENOMEM;
10411 cfg->src = nla_get_in_addr(tb[NL80211_WOWLAN_TCP_SRC_IPV4]);
10412 cfg->dst = nla_get_in_addr(tb[NL80211_WOWLAN_TCP_DST_IPV4]);
10413 memcpy(cfg->dst_mac, nla_data(tb[NL80211_WOWLAN_TCP_DST_MAC]),
10414 ETH_ALEN);
10415 if (tb[NL80211_WOWLAN_TCP_SRC_PORT])
10416 port = nla_get_u16(tb[NL80211_WOWLAN_TCP_SRC_PORT]);
10417 else
10418 port = 0;
10419#ifdef CONFIG_INET
10420 /* allocate a socket and port for it and use it */
10421 err = __sock_create(wiphy_net(&rdev->wiphy), PF_INET, SOCK_STREAM,
10422 IPPROTO_TCP, &cfg->sock, 1);
10423 if (err) {
10424 kfree(cfg);
10425 return err;
10426 }
10427 if (inet_csk_get_port(cfg->sock->sk, port)) {
10428 sock_release(cfg->sock);
10429 kfree(cfg);
10430 return -EADDRINUSE;
10431 }
10432 cfg->src_port = inet_sk(cfg->sock->sk)->inet_num;
10433#else
10434 if (!port) {
10435 kfree(cfg);
10436 return -EINVAL;
10437 }
10438 cfg->src_port = port;
10439#endif
10440
10441 cfg->dst_port = nla_get_u16(tb[NL80211_WOWLAN_TCP_DST_PORT]);
10442 cfg->payload_len = data_size;
10443 cfg->payload = (u8 *)cfg + sizeof(*cfg) + tokens_size;
10444 memcpy((void *)cfg->payload,
10445 nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]),
10446 data_size);
10447 if (seq)
10448 cfg->payload_seq = *seq;
10449 cfg->data_interval = nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]);
10450 cfg->wake_len = wake_size;
10451 cfg->wake_data = (u8 *)cfg + sizeof(*cfg) + tokens_size + data_size;
10452 memcpy((void *)cfg->wake_data,
10453 nla_data(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]),
10454 wake_size);
10455 cfg->wake_mask = (u8 *)cfg + sizeof(*cfg) + tokens_size +
10456 data_size + wake_size;
10457 memcpy((void *)cfg->wake_mask,
10458 nla_data(tb[NL80211_WOWLAN_TCP_WAKE_MASK]),
10459 wake_mask_size);
10460 if (tok) {
10461 cfg->tokens_size = tokens_size;
10462 memcpy(&cfg->payload_tok, tok, sizeof(*tok) + tokens_size);
10463 }
10464
10465 trig->tcp = cfg;
10466
10467 return 0;
10468}
10469
10470static int nl80211_parse_wowlan_nd(struct cfg80211_registered_device *rdev,
10471 const struct wiphy_wowlan_support *wowlan,
10472 struct nlattr *attr,
10473 struct cfg80211_wowlan *trig)
10474{
10475 struct nlattr **tb;
10476 int err;
10477
10478 tb = kzalloc(NUM_NL80211_ATTR * sizeof(*tb), GFP_KERNEL);
10479 if (!tb)
10480 return -ENOMEM;
10481
10482 if (!(wowlan->flags & WIPHY_WOWLAN_NET_DETECT)) {
10483 err = -EOPNOTSUPP;
10484 goto out;
10485 }
10486
10487 err = nla_parse_nested(tb, NL80211_ATTR_MAX, attr, nl80211_policy,
10488 NULL);
10489 if (err)
10490 goto out;
10491
10492 trig->nd_config = nl80211_parse_sched_scan(&rdev->wiphy, NULL, tb,
10493 wowlan->max_nd_match_sets);
10494 err = PTR_ERR_OR_ZERO(trig->nd_config);
10495 if (err)
10496 trig->nd_config = NULL;
10497
10498out:
10499 kfree(tb);
10500 return err;
10501}
10502
10503static int nl80211_set_wowlan(struct sk_buff *skb, struct genl_info *info)
10504{
10505 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10506 struct nlattr *tb[NUM_NL80211_WOWLAN_TRIG];
10507 struct cfg80211_wowlan new_triggers = {};
10508 struct cfg80211_wowlan *ntrig;
10509 const struct wiphy_wowlan_support *wowlan = rdev->wiphy.wowlan;
10510 int err, i;
10511 bool prev_enabled = rdev->wiphy.wowlan_config;
10512 bool regular = false;
10513
10514 if (!wowlan)
10515 return -EOPNOTSUPP;
10516
10517 if (!info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]) {
10518 cfg80211_rdev_free_wowlan(rdev);
10519 rdev->wiphy.wowlan_config = NULL;
10520 goto set_wakeup;
10521 }
10522
10523 err = nla_parse_nested(tb, MAX_NL80211_WOWLAN_TRIG,
10524 info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS],
10525 nl80211_wowlan_policy, info->extack);
10526 if (err)
10527 return err;
10528
10529 if (tb[NL80211_WOWLAN_TRIG_ANY]) {
10530 if (!(wowlan->flags & WIPHY_WOWLAN_ANY))
10531 return -EINVAL;
10532 new_triggers.any = true;
10533 }
10534
10535 if (tb[NL80211_WOWLAN_TRIG_DISCONNECT]) {
10536 if (!(wowlan->flags & WIPHY_WOWLAN_DISCONNECT))
10537 return -EINVAL;
10538 new_triggers.disconnect = true;
10539 regular = true;
10540 }
10541
10542 if (tb[NL80211_WOWLAN_TRIG_MAGIC_PKT]) {
10543 if (!(wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT))
10544 return -EINVAL;
10545 new_triggers.magic_pkt = true;
10546 regular = true;
10547 }
10548
10549 if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED])
10550 return -EINVAL;
10551
10552 if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE]) {
10553 if (!(wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE))
10554 return -EINVAL;
10555 new_triggers.gtk_rekey_failure = true;
10556 regular = true;
10557 }
10558
10559 if (tb[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST]) {
10560 if (!(wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ))
10561 return -EINVAL;
10562 new_triggers.eap_identity_req = true;
10563 regular = true;
10564 }
10565
10566 if (tb[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE]) {
10567 if (!(wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE))
10568 return -EINVAL;
10569 new_triggers.four_way_handshake = true;
10570 regular = true;
10571 }
10572
10573 if (tb[NL80211_WOWLAN_TRIG_RFKILL_RELEASE]) {
10574 if (!(wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE))
10575 return -EINVAL;
10576 new_triggers.rfkill_release = true;
10577 regular = true;
10578 }
10579
10580 if (tb[NL80211_WOWLAN_TRIG_PKT_PATTERN]) {
10581 struct nlattr *pat;
10582 int n_patterns = 0;
10583 int rem, pat_len, mask_len, pkt_offset;
10584 struct nlattr *pat_tb[NUM_NL80211_PKTPAT];
10585
10586 regular = true;
10587
10588 nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
10589 rem)
10590 n_patterns++;
10591 if (n_patterns > wowlan->n_patterns)
10592 return -EINVAL;
10593
10594 new_triggers.patterns = kcalloc(n_patterns,
10595 sizeof(new_triggers.patterns[0]),
10596 GFP_KERNEL);
10597 if (!new_triggers.patterns)
10598 return -ENOMEM;
10599
10600 new_triggers.n_patterns = n_patterns;
10601 i = 0;
10602
10603 nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
10604 rem) {
10605 u8 *mask_pat;
10606
10607 err = nla_parse_nested(pat_tb, MAX_NL80211_PKTPAT, pat,
10608 nl80211_packet_pattern_policy,
10609 info->extack);
10610 if (err)
10611 goto error;
10612
10613 err = -EINVAL;
10614 if (!pat_tb[NL80211_PKTPAT_MASK] ||
10615 !pat_tb[NL80211_PKTPAT_PATTERN])
10616 goto error;
10617 pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]);
10618 mask_len = DIV_ROUND_UP(pat_len, 8);
10619 if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len)
10620 goto error;
10621 if (pat_len > wowlan->pattern_max_len ||
10622 pat_len < wowlan->pattern_min_len)
10623 goto error;
10624
10625 if (!pat_tb[NL80211_PKTPAT_OFFSET])
10626 pkt_offset = 0;
10627 else
10628 pkt_offset = nla_get_u32(
10629 pat_tb[NL80211_PKTPAT_OFFSET]);
10630 if (pkt_offset > wowlan->max_pkt_offset)
10631 goto error;
10632 new_triggers.patterns[i].pkt_offset = pkt_offset;
10633
10634 mask_pat = kmalloc(mask_len + pat_len, GFP_KERNEL);
10635 if (!mask_pat) {
10636 err = -ENOMEM;
10637 goto error;
10638 }
10639 new_triggers.patterns[i].mask = mask_pat;
10640 memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_MASK]),
10641 mask_len);
10642 mask_pat += mask_len;
10643 new_triggers.patterns[i].pattern = mask_pat;
10644 new_triggers.patterns[i].pattern_len = pat_len;
10645 memcpy(mask_pat,
10646 nla_data(pat_tb[NL80211_PKTPAT_PATTERN]),
10647 pat_len);
10648 i++;
10649 }
10650 }
10651
10652 if (tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION]) {
10653 regular = true;
10654 err = nl80211_parse_wowlan_tcp(
10655 rdev, tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION],
10656 &new_triggers);
10657 if (err)
10658 goto error;
10659 }
10660
10661 if (tb[NL80211_WOWLAN_TRIG_NET_DETECT]) {
10662 regular = true;
10663 err = nl80211_parse_wowlan_nd(
10664 rdev, wowlan, tb[NL80211_WOWLAN_TRIG_NET_DETECT],
10665 &new_triggers);
10666 if (err)
10667 goto error;
10668 }
10669
10670 /* The 'any' trigger means the device continues operating more or less
10671 * as in its normal operation mode and wakes up the host on most of the
10672 * normal interrupts (like packet RX, ...)
10673 * It therefore makes little sense to combine with the more constrained
10674 * wakeup trigger modes.
10675 */
10676 if (new_triggers.any && regular) {
10677 err = -EINVAL;
10678 goto error;
10679 }
10680
10681 ntrig = kmemdup(&new_triggers, sizeof(new_triggers), GFP_KERNEL);
10682 if (!ntrig) {
10683 err = -ENOMEM;
10684 goto error;
10685 }
10686 cfg80211_rdev_free_wowlan(rdev);
10687 rdev->wiphy.wowlan_config = ntrig;
10688
10689 set_wakeup:
10690 if (rdev->ops->set_wakeup &&
10691 prev_enabled != !!rdev->wiphy.wowlan_config)
10692 rdev_set_wakeup(rdev, rdev->wiphy.wowlan_config);
10693
10694 return 0;
10695 error:
10696 for (i = 0; i < new_triggers.n_patterns; i++)
10697 kfree(new_triggers.patterns[i].mask);
10698 kfree(new_triggers.patterns);
10699 if (new_triggers.tcp && new_triggers.tcp->sock)
10700 sock_release(new_triggers.tcp->sock);
10701 kfree(new_triggers.tcp);
10702 kfree(new_triggers.nd_config);
10703 return err;
10704}
10705#endif
10706
10707static int nl80211_send_coalesce_rules(struct sk_buff *msg,
10708 struct cfg80211_registered_device *rdev)
10709{
10710 struct nlattr *nl_pats, *nl_pat, *nl_rule, *nl_rules;
10711 int i, j, pat_len;
10712 struct cfg80211_coalesce_rules *rule;
10713
10714 if (!rdev->coalesce->n_rules)
10715 return 0;
10716
10717 nl_rules = nla_nest_start(msg, NL80211_ATTR_COALESCE_RULE);
10718 if (!nl_rules)
10719 return -ENOBUFS;
10720
10721 for (i = 0; i < rdev->coalesce->n_rules; i++) {
10722 nl_rule = nla_nest_start(msg, i + 1);
10723 if (!nl_rule)
10724 return -ENOBUFS;
10725
10726 rule = &rdev->coalesce->rules[i];
10727 if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_DELAY,
10728 rule->delay))
10729 return -ENOBUFS;
10730
10731 if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_CONDITION,
10732 rule->condition))
10733 return -ENOBUFS;
10734
10735 nl_pats = nla_nest_start(msg,
10736 NL80211_ATTR_COALESCE_RULE_PKT_PATTERN);
10737 if (!nl_pats)
10738 return -ENOBUFS;
10739
10740 for (j = 0; j < rule->n_patterns; j++) {
10741 nl_pat = nla_nest_start(msg, j + 1);
10742 if (!nl_pat)
10743 return -ENOBUFS;
10744 pat_len = rule->patterns[j].pattern_len;
10745 if (nla_put(msg, NL80211_PKTPAT_MASK,
10746 DIV_ROUND_UP(pat_len, 8),
10747 rule->patterns[j].mask) ||
10748 nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len,
10749 rule->patterns[j].pattern) ||
10750 nla_put_u32(msg, NL80211_PKTPAT_OFFSET,
10751 rule->patterns[j].pkt_offset))
10752 return -ENOBUFS;
10753 nla_nest_end(msg, nl_pat);
10754 }
10755 nla_nest_end(msg, nl_pats);
10756 nla_nest_end(msg, nl_rule);
10757 }
10758 nla_nest_end(msg, nl_rules);
10759
10760 return 0;
10761}
10762
10763static int nl80211_get_coalesce(struct sk_buff *skb, struct genl_info *info)
10764{
10765 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10766 struct sk_buff *msg;
10767 void *hdr;
10768
10769 if (!rdev->wiphy.coalesce)
10770 return -EOPNOTSUPP;
10771
10772 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
10773 if (!msg)
10774 return -ENOMEM;
10775
10776 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
10777 NL80211_CMD_GET_COALESCE);
10778 if (!hdr)
10779 goto nla_put_failure;
10780
10781 if (rdev->coalesce && nl80211_send_coalesce_rules(msg, rdev))
10782 goto nla_put_failure;
10783
10784 genlmsg_end(msg, hdr);
10785 return genlmsg_reply(msg, info);
10786
10787nla_put_failure:
10788 nlmsg_free(msg);
10789 return -ENOBUFS;
10790}
10791
10792void cfg80211_rdev_free_coalesce(struct cfg80211_registered_device *rdev)
10793{
10794 struct cfg80211_coalesce *coalesce = rdev->coalesce;
10795 int i, j;
10796 struct cfg80211_coalesce_rules *rule;
10797
10798 if (!coalesce)
10799 return;
10800
10801 for (i = 0; i < coalesce->n_rules; i++) {
10802 rule = &coalesce->rules[i];
10803 for (j = 0; j < rule->n_patterns; j++)
10804 kfree(rule->patterns[j].mask);
10805 kfree(rule->patterns);
10806 }
10807 kfree(coalesce->rules);
10808 kfree(coalesce);
10809 rdev->coalesce = NULL;
10810}
10811
10812static int nl80211_parse_coalesce_rule(struct cfg80211_registered_device *rdev,
10813 struct nlattr *rule,
10814 struct cfg80211_coalesce_rules *new_rule)
10815{
10816 int err, i;
10817 const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce;
10818 struct nlattr *tb[NUM_NL80211_ATTR_COALESCE_RULE], *pat;
10819 int rem, pat_len, mask_len, pkt_offset, n_patterns = 0;
10820 struct nlattr *pat_tb[NUM_NL80211_PKTPAT];
10821
10822 err = nla_parse_nested(tb, NL80211_ATTR_COALESCE_RULE_MAX, rule,
10823 nl80211_coalesce_policy, NULL);
10824 if (err)
10825 return err;
10826
10827 if (tb[NL80211_ATTR_COALESCE_RULE_DELAY])
10828 new_rule->delay =
10829 nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_DELAY]);
10830 if (new_rule->delay > coalesce->max_delay)
10831 return -EINVAL;
10832
10833 if (tb[NL80211_ATTR_COALESCE_RULE_CONDITION])
10834 new_rule->condition =
10835 nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_CONDITION]);
10836 if (new_rule->condition != NL80211_COALESCE_CONDITION_MATCH &&
10837 new_rule->condition != NL80211_COALESCE_CONDITION_NO_MATCH)
10838 return -EINVAL;
10839
10840 if (!tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN])
10841 return -EINVAL;
10842
10843 nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN],
10844 rem)
10845 n_patterns++;
10846 if (n_patterns > coalesce->n_patterns)
10847 return -EINVAL;
10848
10849 new_rule->patterns = kcalloc(n_patterns, sizeof(new_rule->patterns[0]),
10850 GFP_KERNEL);
10851 if (!new_rule->patterns)
10852 return -ENOMEM;
10853
10854 new_rule->n_patterns = n_patterns;
10855 i = 0;
10856
10857 nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN],
10858 rem) {
10859 u8 *mask_pat;
10860
10861 err = nla_parse_nested(pat_tb, MAX_NL80211_PKTPAT, pat,
10862 nl80211_packet_pattern_policy, NULL);
10863 if (err)
10864 return err;
10865
10866 if (!pat_tb[NL80211_PKTPAT_MASK] ||
10867 !pat_tb[NL80211_PKTPAT_PATTERN])
10868 return -EINVAL;
10869 pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]);
10870 mask_len = DIV_ROUND_UP(pat_len, 8);
10871 if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len)
10872 return -EINVAL;
10873 if (pat_len > coalesce->pattern_max_len ||
10874 pat_len < coalesce->pattern_min_len)
10875 return -EINVAL;
10876
10877 if (!pat_tb[NL80211_PKTPAT_OFFSET])
10878 pkt_offset = 0;
10879 else
10880 pkt_offset = nla_get_u32(pat_tb[NL80211_PKTPAT_OFFSET]);
10881 if (pkt_offset > coalesce->max_pkt_offset)
10882 return -EINVAL;
10883 new_rule->patterns[i].pkt_offset = pkt_offset;
10884
10885 mask_pat = kmalloc(mask_len + pat_len, GFP_KERNEL);
10886 if (!mask_pat)
10887 return -ENOMEM;
10888
10889 new_rule->patterns[i].mask = mask_pat;
10890 memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_MASK]),
10891 mask_len);
10892
10893 mask_pat += mask_len;
10894 new_rule->patterns[i].pattern = mask_pat;
10895 new_rule->patterns[i].pattern_len = pat_len;
10896 memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_PATTERN]),
10897 pat_len);
10898 i++;
10899 }
10900
10901 return 0;
10902}
10903
10904static int nl80211_set_coalesce(struct sk_buff *skb, struct genl_info *info)
10905{
10906 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10907 const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce;
10908 struct cfg80211_coalesce new_coalesce = {};
10909 struct cfg80211_coalesce *n_coalesce;
10910 int err, rem_rule, n_rules = 0, i, j;
10911 struct nlattr *rule;
10912 struct cfg80211_coalesce_rules *tmp_rule;
10913
10914 if (!rdev->wiphy.coalesce || !rdev->ops->set_coalesce)
10915 return -EOPNOTSUPP;
10916
10917 if (!info->attrs[NL80211_ATTR_COALESCE_RULE]) {
10918 cfg80211_rdev_free_coalesce(rdev);
10919 rdev_set_coalesce(rdev, NULL);
10920 return 0;
10921 }
10922
10923 nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE],
10924 rem_rule)
10925 n_rules++;
10926 if (n_rules > coalesce->n_rules)
10927 return -EINVAL;
10928
10929 new_coalesce.rules = kcalloc(n_rules, sizeof(new_coalesce.rules[0]),
10930 GFP_KERNEL);
10931 if (!new_coalesce.rules)
10932 return -ENOMEM;
10933
10934 new_coalesce.n_rules = n_rules;
10935 i = 0;
10936
10937 nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE],
10938 rem_rule) {
10939 err = nl80211_parse_coalesce_rule(rdev, rule,
10940 &new_coalesce.rules[i]);
10941 if (err)
10942 goto error;
10943
10944 i++;
10945 }
10946
10947 err = rdev_set_coalesce(rdev, &new_coalesce);
10948 if (err)
10949 goto error;
10950
10951 n_coalesce = kmemdup(&new_coalesce, sizeof(new_coalesce), GFP_KERNEL);
10952 if (!n_coalesce) {
10953 err = -ENOMEM;
10954 goto error;
10955 }
10956 cfg80211_rdev_free_coalesce(rdev);
10957 rdev->coalesce = n_coalesce;
10958
10959 return 0;
10960error:
10961 for (i = 0; i < new_coalesce.n_rules; i++) {
10962 tmp_rule = &new_coalesce.rules[i];
10963 for (j = 0; j < tmp_rule->n_patterns; j++)
10964 kfree(tmp_rule->patterns[j].mask);
10965 kfree(tmp_rule->patterns);
10966 }
10967 kfree(new_coalesce.rules);
10968
10969 return err;
10970}
10971
10972static int nl80211_set_rekey_data(struct sk_buff *skb, struct genl_info *info)
10973{
10974 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10975 struct net_device *dev = info->user_ptr[1];
10976 struct wireless_dev *wdev = dev->ieee80211_ptr;
10977 struct nlattr *tb[NUM_NL80211_REKEY_DATA];
10978 struct cfg80211_gtk_rekey_data rekey_data;
10979 int err;
10980
10981 if (!info->attrs[NL80211_ATTR_REKEY_DATA])
10982 return -EINVAL;
10983
10984 err = nla_parse_nested(tb, MAX_NL80211_REKEY_DATA,
10985 info->attrs[NL80211_ATTR_REKEY_DATA],
10986 nl80211_rekey_policy, info->extack);
10987 if (err)
10988 return err;
10989
10990 if (!tb[NL80211_REKEY_DATA_REPLAY_CTR] || !tb[NL80211_REKEY_DATA_KEK] ||
10991 !tb[NL80211_REKEY_DATA_KCK])
10992 return -EINVAL;
10993 if (nla_len(tb[NL80211_REKEY_DATA_REPLAY_CTR]) != NL80211_REPLAY_CTR_LEN)
10994 return -ERANGE;
10995 if (nla_len(tb[NL80211_REKEY_DATA_KEK]) != NL80211_KEK_LEN)
10996 return -ERANGE;
10997 if (nla_len(tb[NL80211_REKEY_DATA_KCK]) != NL80211_KCK_LEN)
10998 return -ERANGE;
10999
11000 rekey_data.kek = nla_data(tb[NL80211_REKEY_DATA_KEK]);
11001 rekey_data.kck = nla_data(tb[NL80211_REKEY_DATA_KCK]);
11002 rekey_data.replay_ctr = nla_data(tb[NL80211_REKEY_DATA_REPLAY_CTR]);
11003
11004 wdev_lock(wdev);
11005 if (!wdev->current_bss) {
11006 err = -ENOTCONN;
11007 goto out;
11008 }
11009
11010 if (!rdev->ops->set_rekey_data) {
11011 err = -EOPNOTSUPP;
11012 goto out;
11013 }
11014
11015 err = rdev_set_rekey_data(rdev, dev, &rekey_data);
11016 out:
11017 wdev_unlock(wdev);
11018 return err;
11019}
11020
11021static int nl80211_register_unexpected_frame(struct sk_buff *skb,
11022 struct genl_info *info)
11023{
11024 struct net_device *dev = info->user_ptr[1];
11025 struct wireless_dev *wdev = dev->ieee80211_ptr;
11026
11027 if (wdev->iftype != NL80211_IFTYPE_AP &&
11028 wdev->iftype != NL80211_IFTYPE_P2P_GO)
11029 return -EINVAL;
11030
11031 if (wdev->ap_unexpected_nlportid)
11032 return -EBUSY;
11033
11034 wdev->ap_unexpected_nlportid = info->snd_portid;
11035 return 0;
11036}
11037
11038static int nl80211_probe_client(struct sk_buff *skb,
11039 struct genl_info *info)
11040{
11041 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11042 struct net_device *dev = info->user_ptr[1];
11043 struct wireless_dev *wdev = dev->ieee80211_ptr;
11044 struct sk_buff *msg;
11045 void *hdr;
11046 const u8 *addr;
11047 u64 cookie;
11048 int err;
11049
11050 if (wdev->iftype != NL80211_IFTYPE_AP &&
11051 wdev->iftype != NL80211_IFTYPE_P2P_GO)
11052 return -EOPNOTSUPP;
11053
11054 if (!info->attrs[NL80211_ATTR_MAC])
11055 return -EINVAL;
11056
11057 if (!rdev->ops->probe_client)
11058 return -EOPNOTSUPP;
11059
11060 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
11061 if (!msg)
11062 return -ENOMEM;
11063
11064 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
11065 NL80211_CMD_PROBE_CLIENT);
11066 if (!hdr) {
11067 err = -ENOBUFS;
11068 goto free_msg;
11069 }
11070
11071 addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
11072
11073 err = rdev_probe_client(rdev, dev, addr, &cookie);
11074 if (err)
11075 goto free_msg;
11076
11077 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
11078 NL80211_ATTR_PAD))
11079 goto nla_put_failure;
11080
11081 genlmsg_end(msg, hdr);
11082
11083 return genlmsg_reply(msg, info);
11084
11085 nla_put_failure:
11086 err = -ENOBUFS;
11087 free_msg:
11088 nlmsg_free(msg);
11089 return err;
11090}
11091
11092static int nl80211_register_beacons(struct sk_buff *skb, struct genl_info *info)
11093{
11094 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11095 struct cfg80211_beacon_registration *reg, *nreg;
11096 int rv;
11097
11098 if (!(rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS))
11099 return -EOPNOTSUPP;
11100
11101 nreg = kzalloc(sizeof(*nreg), GFP_KERNEL);
11102 if (!nreg)
11103 return -ENOMEM;
11104
11105 /* First, check if already registered. */
11106 spin_lock_bh(&rdev->beacon_registrations_lock);
11107 list_for_each_entry(reg, &rdev->beacon_registrations, list) {
11108 if (reg->nlportid == info->snd_portid) {
11109 rv = -EALREADY;
11110 goto out_err;
11111 }
11112 }
11113 /* Add it to the list */
11114 nreg->nlportid = info->snd_portid;
11115 list_add(&nreg->list, &rdev->beacon_registrations);
11116
11117 spin_unlock_bh(&rdev->beacon_registrations_lock);
11118
11119 return 0;
11120out_err:
11121 spin_unlock_bh(&rdev->beacon_registrations_lock);
11122 kfree(nreg);
11123 return rv;
11124}
11125
11126static int nl80211_start_p2p_device(struct sk_buff *skb, struct genl_info *info)
11127{
11128 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11129 struct wireless_dev *wdev = info->user_ptr[1];
11130 int err;
11131
11132 if (!rdev->ops->start_p2p_device)
11133 return -EOPNOTSUPP;
11134
11135 if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
11136 return -EOPNOTSUPP;
11137
11138 if (wdev_running(wdev))
11139 return 0;
11140
11141 if (rfkill_blocked(rdev->rfkill))
11142 return -ERFKILL;
11143
11144 err = rdev_start_p2p_device(rdev, wdev);
11145 if (err)
11146 return err;
11147
11148 wdev->is_running = true;
11149 rdev->opencount++;
11150
11151 return 0;
11152}
11153
11154static int nl80211_stop_p2p_device(struct sk_buff *skb, struct genl_info *info)
11155{
11156 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11157 struct wireless_dev *wdev = info->user_ptr[1];
11158
11159 if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
11160 return -EOPNOTSUPP;
11161
11162 if (!rdev->ops->stop_p2p_device)
11163 return -EOPNOTSUPP;
11164
11165 cfg80211_stop_p2p_device(rdev, wdev);
11166
11167 return 0;
11168}
11169
11170static int nl80211_start_nan(struct sk_buff *skb, struct genl_info *info)
11171{
11172 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11173 struct wireless_dev *wdev = info->user_ptr[1];
11174 struct cfg80211_nan_conf conf = {};
11175 int err;
11176
11177 if (wdev->iftype != NL80211_IFTYPE_NAN)
11178 return -EOPNOTSUPP;
11179
11180 if (wdev_running(wdev))
11181 return -EEXIST;
11182
11183 if (rfkill_blocked(rdev->rfkill))
11184 return -ERFKILL;
11185
11186 if (!info->attrs[NL80211_ATTR_NAN_MASTER_PREF])
11187 return -EINVAL;
11188
11189 conf.master_pref =
11190 nla_get_u8(info->attrs[NL80211_ATTR_NAN_MASTER_PREF]);
11191 if (!conf.master_pref)
11192 return -EINVAL;
11193
11194 if (info->attrs[NL80211_ATTR_BANDS]) {
11195 u32 bands = nla_get_u32(info->attrs[NL80211_ATTR_BANDS]);
11196
11197 if (bands & ~(u32)wdev->wiphy->nan_supported_bands)
11198 return -EOPNOTSUPP;
11199
11200 if (bands && !(bands & BIT(NL80211_BAND_2GHZ)))
11201 return -EINVAL;
11202
11203 conf.bands = bands;
11204 }
11205
11206 err = rdev_start_nan(rdev, wdev, &conf);
11207 if (err)
11208 return err;
11209
11210 wdev->is_running = true;
11211 rdev->opencount++;
11212
11213 return 0;
11214}
11215
11216static int nl80211_stop_nan(struct sk_buff *skb, struct genl_info *info)
11217{
11218 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11219 struct wireless_dev *wdev = info->user_ptr[1];
11220
11221 if (wdev->iftype != NL80211_IFTYPE_NAN)
11222 return -EOPNOTSUPP;
11223
11224 cfg80211_stop_nan(rdev, wdev);
11225
11226 return 0;
11227}
11228
11229static int validate_nan_filter(struct nlattr *filter_attr)
11230{
11231 struct nlattr *attr;
11232 int len = 0, n_entries = 0, rem;
11233
11234 nla_for_each_nested(attr, filter_attr, rem) {
11235 len += nla_len(attr);
11236 n_entries++;
11237 }
11238
11239 if (len >= U8_MAX)
11240 return -EINVAL;
11241
11242 return n_entries;
11243}
11244
11245static int handle_nan_filter(struct nlattr *attr_filter,
11246 struct cfg80211_nan_func *func,
11247 bool tx)
11248{
11249 struct nlattr *attr;
11250 int n_entries, rem, i;
11251 struct cfg80211_nan_func_filter *filter;
11252
11253 n_entries = validate_nan_filter(attr_filter);
11254 if (n_entries < 0)
11255 return n_entries;
11256
11257 BUILD_BUG_ON(sizeof(*func->rx_filters) != sizeof(*func->tx_filters));
11258
11259 filter = kcalloc(n_entries, sizeof(*func->rx_filters), GFP_KERNEL);
11260 if (!filter)
11261 return -ENOMEM;
11262
11263 i = 0;
11264 nla_for_each_nested(attr, attr_filter, rem) {
11265 filter[i].filter = nla_memdup(attr, GFP_KERNEL);
11266 filter[i].len = nla_len(attr);
11267 i++;
11268 }
11269 if (tx) {
11270 func->num_tx_filters = n_entries;
11271 func->tx_filters = filter;
11272 } else {
11273 func->num_rx_filters = n_entries;
11274 func->rx_filters = filter;
11275 }
11276
11277 return 0;
11278}
11279
11280static int nl80211_nan_add_func(struct sk_buff *skb,
11281 struct genl_info *info)
11282{
11283 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11284 struct wireless_dev *wdev = info->user_ptr[1];
11285 struct nlattr *tb[NUM_NL80211_NAN_FUNC_ATTR], *func_attr;
11286 struct cfg80211_nan_func *func;
11287 struct sk_buff *msg = NULL;
11288 void *hdr = NULL;
11289 int err = 0;
11290
11291 if (wdev->iftype != NL80211_IFTYPE_NAN)
11292 return -EOPNOTSUPP;
11293
11294 if (!wdev_running(wdev))
11295 return -ENOTCONN;
11296
11297 if (!info->attrs[NL80211_ATTR_NAN_FUNC])
11298 return -EINVAL;
11299
11300 err = nla_parse_nested(tb, NL80211_NAN_FUNC_ATTR_MAX,
11301 info->attrs[NL80211_ATTR_NAN_FUNC],
11302 nl80211_nan_func_policy, info->extack);
11303 if (err)
11304 return err;
11305
11306 func = kzalloc(sizeof(*func), GFP_KERNEL);
11307 if (!func)
11308 return -ENOMEM;
11309
11310 func->cookie = wdev->wiphy->cookie_counter++;
11311
11312 if (!tb[NL80211_NAN_FUNC_TYPE] ||
11313 nla_get_u8(tb[NL80211_NAN_FUNC_TYPE]) > NL80211_NAN_FUNC_MAX_TYPE) {
11314 err = -EINVAL;
11315 goto out;
11316 }
11317
11318
11319 func->type = nla_get_u8(tb[NL80211_NAN_FUNC_TYPE]);
11320
11321 if (!tb[NL80211_NAN_FUNC_SERVICE_ID]) {
11322 err = -EINVAL;
11323 goto out;
11324 }
11325
11326 memcpy(func->service_id, nla_data(tb[NL80211_NAN_FUNC_SERVICE_ID]),
11327 sizeof(func->service_id));
11328
11329 func->close_range =
11330 nla_get_flag(tb[NL80211_NAN_FUNC_CLOSE_RANGE]);
11331
11332 if (tb[NL80211_NAN_FUNC_SERVICE_INFO]) {
11333 func->serv_spec_info_len =
11334 nla_len(tb[NL80211_NAN_FUNC_SERVICE_INFO]);
11335 func->serv_spec_info =
11336 kmemdup(nla_data(tb[NL80211_NAN_FUNC_SERVICE_INFO]),
11337 func->serv_spec_info_len,
11338 GFP_KERNEL);
11339 if (!func->serv_spec_info) {
11340 err = -ENOMEM;
11341 goto out;
11342 }
11343 }
11344
11345 if (tb[NL80211_NAN_FUNC_TTL])
11346 func->ttl = nla_get_u32(tb[NL80211_NAN_FUNC_TTL]);
11347
11348 switch (func->type) {
11349 case NL80211_NAN_FUNC_PUBLISH:
11350 if (!tb[NL80211_NAN_FUNC_PUBLISH_TYPE]) {
11351 err = -EINVAL;
11352 goto out;
11353 }
11354
11355 func->publish_type =
11356 nla_get_u8(tb[NL80211_NAN_FUNC_PUBLISH_TYPE]);
11357 func->publish_bcast =
11358 nla_get_flag(tb[NL80211_NAN_FUNC_PUBLISH_BCAST]);
11359
11360 if ((!(func->publish_type & NL80211_NAN_SOLICITED_PUBLISH)) &&
11361 func->publish_bcast) {
11362 err = -EINVAL;
11363 goto out;
11364 }
11365 break;
11366 case NL80211_NAN_FUNC_SUBSCRIBE:
11367 func->subscribe_active =
11368 nla_get_flag(tb[NL80211_NAN_FUNC_SUBSCRIBE_ACTIVE]);
11369 break;
11370 case NL80211_NAN_FUNC_FOLLOW_UP:
11371 if (!tb[NL80211_NAN_FUNC_FOLLOW_UP_ID] ||
11372 !tb[NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID] ||
11373 !tb[NL80211_NAN_FUNC_FOLLOW_UP_DEST]) {
11374 err = -EINVAL;
11375 goto out;
11376 }
11377
11378 func->followup_id =
11379 nla_get_u8(tb[NL80211_NAN_FUNC_FOLLOW_UP_ID]);
11380 func->followup_reqid =
11381 nla_get_u8(tb[NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID]);
11382 memcpy(func->followup_dest.addr,
11383 nla_data(tb[NL80211_NAN_FUNC_FOLLOW_UP_DEST]),
11384 sizeof(func->followup_dest.addr));
11385 if (func->ttl) {
11386 err = -EINVAL;
11387 goto out;
11388 }
11389 break;
11390 default:
11391 err = -EINVAL;
11392 goto out;
11393 }
11394
11395 if (tb[NL80211_NAN_FUNC_SRF]) {
11396 struct nlattr *srf_tb[NUM_NL80211_NAN_SRF_ATTR];
11397
11398 err = nla_parse_nested(srf_tb, NL80211_NAN_SRF_ATTR_MAX,
11399 tb[NL80211_NAN_FUNC_SRF],
11400 nl80211_nan_srf_policy, info->extack);
11401 if (err)
11402 goto out;
11403
11404 func->srf_include =
11405 nla_get_flag(srf_tb[NL80211_NAN_SRF_INCLUDE]);
11406
11407 if (srf_tb[NL80211_NAN_SRF_BF]) {
11408 if (srf_tb[NL80211_NAN_SRF_MAC_ADDRS] ||
11409 !srf_tb[NL80211_NAN_SRF_BF_IDX]) {
11410 err = -EINVAL;
11411 goto out;
11412 }
11413
11414 func->srf_bf_len =
11415 nla_len(srf_tb[NL80211_NAN_SRF_BF]);
11416 func->srf_bf =
11417 kmemdup(nla_data(srf_tb[NL80211_NAN_SRF_BF]),
11418 func->srf_bf_len, GFP_KERNEL);
11419 if (!func->srf_bf) {
11420 err = -ENOMEM;
11421 goto out;
11422 }
11423
11424 func->srf_bf_idx =
11425 nla_get_u8(srf_tb[NL80211_NAN_SRF_BF_IDX]);
11426 } else {
11427 struct nlattr *attr, *mac_attr =
11428 srf_tb[NL80211_NAN_SRF_MAC_ADDRS];
11429 int n_entries, rem, i = 0;
11430
11431 if (!mac_attr) {
11432 err = -EINVAL;
11433 goto out;
11434 }
11435
11436 n_entries = validate_acl_mac_addrs(mac_attr);
11437 if (n_entries <= 0) {
11438 err = -EINVAL;
11439 goto out;
11440 }
11441
11442 func->srf_num_macs = n_entries;
11443 func->srf_macs =
11444 kzalloc(sizeof(*func->srf_macs) * n_entries,
11445 GFP_KERNEL);
11446 if (!func->srf_macs) {
11447 err = -ENOMEM;
11448 goto out;
11449 }
11450
11451 nla_for_each_nested(attr, mac_attr, rem)
11452 memcpy(func->srf_macs[i++].addr, nla_data(attr),
11453 sizeof(*func->srf_macs));
11454 }
11455 }
11456
11457 if (tb[NL80211_NAN_FUNC_TX_MATCH_FILTER]) {
11458 err = handle_nan_filter(tb[NL80211_NAN_FUNC_TX_MATCH_FILTER],
11459 func, true);
11460 if (err)
11461 goto out;
11462 }
11463
11464 if (tb[NL80211_NAN_FUNC_RX_MATCH_FILTER]) {
11465 err = handle_nan_filter(tb[NL80211_NAN_FUNC_RX_MATCH_FILTER],
11466 func, false);
11467 if (err)
11468 goto out;
11469 }
11470
11471 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
11472 if (!msg) {
11473 err = -ENOMEM;
11474 goto out;
11475 }
11476
11477 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
11478 NL80211_CMD_ADD_NAN_FUNCTION);
11479 /* This can't really happen - we just allocated 4KB */
11480 if (WARN_ON(!hdr)) {
11481 err = -ENOMEM;
11482 goto out;
11483 }
11484
11485 err = rdev_add_nan_func(rdev, wdev, func);
11486out:
11487 if (err < 0) {
11488 cfg80211_free_nan_func(func);
11489 nlmsg_free(msg);
11490 return err;
11491 }
11492
11493 /* propagate the instance id and cookie to userspace */
11494 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, func->cookie,
11495 NL80211_ATTR_PAD))
11496 goto nla_put_failure;
11497
11498 func_attr = nla_nest_start(msg, NL80211_ATTR_NAN_FUNC);
11499 if (!func_attr)
11500 goto nla_put_failure;
11501
11502 if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID,
11503 func->instance_id))
11504 goto nla_put_failure;
11505
11506 nla_nest_end(msg, func_attr);
11507
11508 genlmsg_end(msg, hdr);
11509 return genlmsg_reply(msg, info);
11510
11511nla_put_failure:
11512 nlmsg_free(msg);
11513 return -ENOBUFS;
11514}
11515
11516static int nl80211_nan_del_func(struct sk_buff *skb,
11517 struct genl_info *info)
11518{
11519 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11520 struct wireless_dev *wdev = info->user_ptr[1];
11521 u64 cookie;
11522
11523 if (wdev->iftype != NL80211_IFTYPE_NAN)
11524 return -EOPNOTSUPP;
11525
11526 if (!wdev_running(wdev))
11527 return -ENOTCONN;
11528
11529 if (!info->attrs[NL80211_ATTR_COOKIE])
11530 return -EINVAL;
11531
11532 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
11533
11534 rdev_del_nan_func(rdev, wdev, cookie);
11535
11536 return 0;
11537}
11538
11539static int nl80211_nan_change_config(struct sk_buff *skb,
11540 struct genl_info *info)
11541{
11542 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11543 struct wireless_dev *wdev = info->user_ptr[1];
11544 struct cfg80211_nan_conf conf = {};
11545 u32 changed = 0;
11546
11547 if (wdev->iftype != NL80211_IFTYPE_NAN)
11548 return -EOPNOTSUPP;
11549
11550 if (!wdev_running(wdev))
11551 return -ENOTCONN;
11552
11553 if (info->attrs[NL80211_ATTR_NAN_MASTER_PREF]) {
11554 conf.master_pref =
11555 nla_get_u8(info->attrs[NL80211_ATTR_NAN_MASTER_PREF]);
11556 if (conf.master_pref <= 1 || conf.master_pref == 255)
11557 return -EINVAL;
11558
11559 changed |= CFG80211_NAN_CONF_CHANGED_PREF;
11560 }
11561
11562 if (info->attrs[NL80211_ATTR_BANDS]) {
11563 u32 bands = nla_get_u32(info->attrs[NL80211_ATTR_BANDS]);
11564
11565 if (bands & ~(u32)wdev->wiphy->nan_supported_bands)
11566 return -EOPNOTSUPP;
11567
11568 if (bands && !(bands & BIT(NL80211_BAND_2GHZ)))
11569 return -EINVAL;
11570
11571 conf.bands = bands;
11572 changed |= CFG80211_NAN_CONF_CHANGED_BANDS;
11573 }
11574
11575 if (!changed)
11576 return -EINVAL;
11577
11578 return rdev_nan_change_conf(rdev, wdev, &conf, changed);
11579}
11580
11581void cfg80211_nan_match(struct wireless_dev *wdev,
11582 struct cfg80211_nan_match_params *match, gfp_t gfp)
11583{
11584 struct wiphy *wiphy = wdev->wiphy;
11585 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
11586 struct nlattr *match_attr, *local_func_attr, *peer_func_attr;
11587 struct sk_buff *msg;
11588 void *hdr;
11589
11590 if (WARN_ON(!match->inst_id || !match->peer_inst_id || !match->addr))
11591 return;
11592
11593 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11594 if (!msg)
11595 return;
11596
11597 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NAN_MATCH);
11598 if (!hdr) {
11599 nlmsg_free(msg);
11600 return;
11601 }
11602
11603 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11604 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
11605 wdev->netdev->ifindex)) ||
11606 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
11607 NL80211_ATTR_PAD))
11608 goto nla_put_failure;
11609
11610 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, match->cookie,
11611 NL80211_ATTR_PAD) ||
11612 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, match->addr))
11613 goto nla_put_failure;
11614
11615 match_attr = nla_nest_start(msg, NL80211_ATTR_NAN_MATCH);
11616 if (!match_attr)
11617 goto nla_put_failure;
11618
11619 local_func_attr = nla_nest_start(msg, NL80211_NAN_MATCH_FUNC_LOCAL);
11620 if (!local_func_attr)
11621 goto nla_put_failure;
11622
11623 if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, match->inst_id))
11624 goto nla_put_failure;
11625
11626 nla_nest_end(msg, local_func_attr);
11627
11628 peer_func_attr = nla_nest_start(msg, NL80211_NAN_MATCH_FUNC_PEER);
11629 if (!peer_func_attr)
11630 goto nla_put_failure;
11631
11632 if (nla_put_u8(msg, NL80211_NAN_FUNC_TYPE, match->type) ||
11633 nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, match->peer_inst_id))
11634 goto nla_put_failure;
11635
11636 if (match->info && match->info_len &&
11637 nla_put(msg, NL80211_NAN_FUNC_SERVICE_INFO, match->info_len,
11638 match->info))
11639 goto nla_put_failure;
11640
11641 nla_nest_end(msg, peer_func_attr);
11642 nla_nest_end(msg, match_attr);
11643 genlmsg_end(msg, hdr);
11644
11645 if (!wdev->owner_nlportid)
11646 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
11647 msg, 0, NL80211_MCGRP_NAN, gfp);
11648 else
11649 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg,
11650 wdev->owner_nlportid);
11651
11652 return;
11653
11654nla_put_failure:
11655 nlmsg_free(msg);
11656}
11657EXPORT_SYMBOL(cfg80211_nan_match);
11658
11659void cfg80211_nan_func_terminated(struct wireless_dev *wdev,
11660 u8 inst_id,
11661 enum nl80211_nan_func_term_reason reason,
11662 u64 cookie, gfp_t gfp)
11663{
11664 struct wiphy *wiphy = wdev->wiphy;
11665 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
11666 struct sk_buff *msg;
11667 struct nlattr *func_attr;
11668 void *hdr;
11669
11670 if (WARN_ON(!inst_id))
11671 return;
11672
11673 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11674 if (!msg)
11675 return;
11676
11677 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DEL_NAN_FUNCTION);
11678 if (!hdr) {
11679 nlmsg_free(msg);
11680 return;
11681 }
11682
11683 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11684 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
11685 wdev->netdev->ifindex)) ||
11686 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
11687 NL80211_ATTR_PAD))
11688 goto nla_put_failure;
11689
11690 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
11691 NL80211_ATTR_PAD))
11692 goto nla_put_failure;
11693
11694 func_attr = nla_nest_start(msg, NL80211_ATTR_NAN_FUNC);
11695 if (!func_attr)
11696 goto nla_put_failure;
11697
11698 if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, inst_id) ||
11699 nla_put_u8(msg, NL80211_NAN_FUNC_TERM_REASON, reason))
11700 goto nla_put_failure;
11701
11702 nla_nest_end(msg, func_attr);
11703 genlmsg_end(msg, hdr);
11704
11705 if (!wdev->owner_nlportid)
11706 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
11707 msg, 0, NL80211_MCGRP_NAN, gfp);
11708 else
11709 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg,
11710 wdev->owner_nlportid);
11711
11712 return;
11713
11714nla_put_failure:
11715 nlmsg_free(msg);
11716}
11717EXPORT_SYMBOL(cfg80211_nan_func_terminated);
11718
11719static int nl80211_get_protocol_features(struct sk_buff *skb,
11720 struct genl_info *info)
11721{
11722 void *hdr;
11723 struct sk_buff *msg;
11724
11725 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
11726 if (!msg)
11727 return -ENOMEM;
11728
11729 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
11730 NL80211_CMD_GET_PROTOCOL_FEATURES);
11731 if (!hdr)
11732 goto nla_put_failure;
11733
11734 if (nla_put_u32(msg, NL80211_ATTR_PROTOCOL_FEATURES,
11735 NL80211_PROTOCOL_FEATURE_SPLIT_WIPHY_DUMP))
11736 goto nla_put_failure;
11737
11738 genlmsg_end(msg, hdr);
11739 return genlmsg_reply(msg, info);
11740
11741 nla_put_failure:
11742 kfree_skb(msg);
11743 return -ENOBUFS;
11744}
11745
11746static int nl80211_update_ft_ies(struct sk_buff *skb, struct genl_info *info)
11747{
11748 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11749 struct cfg80211_update_ft_ies_params ft_params;
11750 struct net_device *dev = info->user_ptr[1];
11751
11752 if (!rdev->ops->update_ft_ies)
11753 return -EOPNOTSUPP;
11754
11755 if (!info->attrs[NL80211_ATTR_MDID] ||
11756 !info->attrs[NL80211_ATTR_IE] ||
11757 !is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
11758 return -EINVAL;
11759
11760 memset(&ft_params, 0, sizeof(ft_params));
11761 ft_params.md = nla_get_u16(info->attrs[NL80211_ATTR_MDID]);
11762 ft_params.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
11763 ft_params.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
11764
11765 return rdev_update_ft_ies(rdev, dev, &ft_params);
11766}
11767
11768static int nl80211_crit_protocol_start(struct sk_buff *skb,
11769 struct genl_info *info)
11770{
11771 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11772 struct wireless_dev *wdev = info->user_ptr[1];
11773 enum nl80211_crit_proto_id proto = NL80211_CRIT_PROTO_UNSPEC;
11774 u16 duration;
11775 int ret;
11776
11777 if (!rdev->ops->crit_proto_start)
11778 return -EOPNOTSUPP;
11779
11780 if (WARN_ON(!rdev->ops->crit_proto_stop))
11781 return -EINVAL;
11782
11783 if (rdev->crit_proto_nlportid)
11784 return -EBUSY;
11785
11786 /* determine protocol if provided */
11787 if (info->attrs[NL80211_ATTR_CRIT_PROT_ID])
11788 proto = nla_get_u16(info->attrs[NL80211_ATTR_CRIT_PROT_ID]);
11789
11790 if (proto >= NUM_NL80211_CRIT_PROTO)
11791 return -EINVAL;
11792
11793 /* timeout must be provided */
11794 if (!info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION])
11795 return -EINVAL;
11796
11797 duration =
11798 nla_get_u16(info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION]);
11799
11800 if (duration > NL80211_CRIT_PROTO_MAX_DURATION)
11801 return -ERANGE;
11802
11803 ret = rdev_crit_proto_start(rdev, wdev, proto, duration);
11804 if (!ret)
11805 rdev->crit_proto_nlportid = info->snd_portid;
11806
11807 return ret;
11808}
11809
11810static int nl80211_crit_protocol_stop(struct sk_buff *skb,
11811 struct genl_info *info)
11812{
11813 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11814 struct wireless_dev *wdev = info->user_ptr[1];
11815
11816 if (!rdev->ops->crit_proto_stop)
11817 return -EOPNOTSUPP;
11818
11819 if (rdev->crit_proto_nlportid) {
11820 rdev->crit_proto_nlportid = 0;
11821 rdev_crit_proto_stop(rdev, wdev);
11822 }
11823 return 0;
11824}
11825
11826static int nl80211_vendor_cmd(struct sk_buff *skb, struct genl_info *info)
11827{
11828 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11829 struct wireless_dev *wdev =
11830 __cfg80211_wdev_from_attrs(genl_info_net(info), info->attrs);
11831 int i, err;
11832 u32 vid, subcmd;
11833
11834 if (!rdev->wiphy.vendor_commands)
11835 return -EOPNOTSUPP;
11836
11837 if (IS_ERR(wdev)) {
11838 err = PTR_ERR(wdev);
11839 if (err != -EINVAL)
11840 return err;
11841 wdev = NULL;
11842 } else if (wdev->wiphy != &rdev->wiphy) {
11843 return -EINVAL;
11844 }
11845
11846 if (!info->attrs[NL80211_ATTR_VENDOR_ID] ||
11847 !info->attrs[NL80211_ATTR_VENDOR_SUBCMD])
11848 return -EINVAL;
11849
11850 vid = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_ID]);
11851 subcmd = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_SUBCMD]);
11852 for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) {
11853 const struct wiphy_vendor_command *vcmd;
11854 void *data = NULL;
11855 int len = 0;
11856
11857 vcmd = &rdev->wiphy.vendor_commands[i];
11858
11859 if (vcmd->info.vendor_id != vid || vcmd->info.subcmd != subcmd)
11860 continue;
11861
11862 if (vcmd->flags & (WIPHY_VENDOR_CMD_NEED_WDEV |
11863 WIPHY_VENDOR_CMD_NEED_NETDEV)) {
11864 if (!wdev)
11865 return -EINVAL;
11866 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_NETDEV &&
11867 !wdev->netdev)
11868 return -EINVAL;
11869
11870 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_RUNNING) {
11871 if (!wdev_running(wdev))
11872 return -ENETDOWN;
11873 }
11874 } else {
11875 wdev = NULL;
11876 }
11877
11878 if (!vcmd->doit)
11879 return -EOPNOTSUPP;
11880
11881 if (info->attrs[NL80211_ATTR_VENDOR_DATA]) {
11882 data = nla_data(info->attrs[NL80211_ATTR_VENDOR_DATA]);
11883 len = nla_len(info->attrs[NL80211_ATTR_VENDOR_DATA]);
11884 }
11885
11886 rdev->cur_cmd_info = info;
11887 err = rdev->wiphy.vendor_commands[i].doit(&rdev->wiphy, wdev,
11888 data, len);
11889 rdev->cur_cmd_info = NULL;
11890 return err;
11891 }
11892
11893 return -EOPNOTSUPP;
11894}
11895
11896static int nl80211_prepare_vendor_dump(struct sk_buff *skb,
11897 struct netlink_callback *cb,
11898 struct cfg80211_registered_device **rdev,
11899 struct wireless_dev **wdev)
11900{
11901 struct nlattr **attrbuf = genl_family_attrbuf(&nl80211_fam);
11902 u32 vid, subcmd;
11903 unsigned int i;
11904 int vcmd_idx = -1;
11905 int err;
11906 void *data = NULL;
11907 unsigned int data_len = 0;
11908
11909 if (cb->args[0]) {
11910 /* subtract the 1 again here */
11911 struct wiphy *wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1);
11912 struct wireless_dev *tmp;
11913
11914 if (!wiphy)
11915 return -ENODEV;
11916 *rdev = wiphy_to_rdev(wiphy);
11917 *wdev = NULL;
11918
11919 if (cb->args[1]) {
11920 list_for_each_entry(tmp, &wiphy->wdev_list, list) {
11921 if (tmp->identifier == cb->args[1] - 1) {
11922 *wdev = tmp;
11923 break;
11924 }
11925 }
11926 }
11927
11928 /* keep rtnl locked in successful case */
11929 return 0;
11930 }
11931
11932 err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize, attrbuf,
11933 nl80211_fam.maxattr, nl80211_policy, NULL);
11934 if (err)
11935 return err;
11936
11937 if (!attrbuf[NL80211_ATTR_VENDOR_ID] ||
11938 !attrbuf[NL80211_ATTR_VENDOR_SUBCMD])
11939 return -EINVAL;
11940
11941 *wdev = __cfg80211_wdev_from_attrs(sock_net(skb->sk), attrbuf);
11942 if (IS_ERR(*wdev))
11943 *wdev = NULL;
11944
11945 *rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk), attrbuf);
11946 if (IS_ERR(*rdev))
11947 return PTR_ERR(*rdev);
11948
11949 vid = nla_get_u32(attrbuf[NL80211_ATTR_VENDOR_ID]);
11950 subcmd = nla_get_u32(attrbuf[NL80211_ATTR_VENDOR_SUBCMD]);
11951
11952 for (i = 0; i < (*rdev)->wiphy.n_vendor_commands; i++) {
11953 const struct wiphy_vendor_command *vcmd;
11954
11955 vcmd = &(*rdev)->wiphy.vendor_commands[i];
11956
11957 if (vcmd->info.vendor_id != vid || vcmd->info.subcmd != subcmd)
11958 continue;
11959
11960 if (!vcmd->dumpit)
11961 return -EOPNOTSUPP;
11962
11963 vcmd_idx = i;
11964 break;
11965 }
11966
11967 if (vcmd_idx < 0)
11968 return -EOPNOTSUPP;
11969
11970 if (attrbuf[NL80211_ATTR_VENDOR_DATA]) {
11971 data = nla_data(attrbuf[NL80211_ATTR_VENDOR_DATA]);
11972 data_len = nla_len(attrbuf[NL80211_ATTR_VENDOR_DATA]);
11973 }
11974
11975 /* 0 is the first index - add 1 to parse only once */
11976 cb->args[0] = (*rdev)->wiphy_idx + 1;
11977 /* add 1 to know if it was NULL */
11978 cb->args[1] = *wdev ? (*wdev)->identifier + 1 : 0;
11979 cb->args[2] = vcmd_idx;
11980 cb->args[3] = (unsigned long)data;
11981 cb->args[4] = data_len;
11982
11983 /* keep rtnl locked in successful case */
11984 return 0;
11985}
11986
11987static int nl80211_vendor_cmd_dump(struct sk_buff *skb,
11988 struct netlink_callback *cb)
11989{
11990 struct cfg80211_registered_device *rdev;
11991 struct wireless_dev *wdev;
11992 unsigned int vcmd_idx;
11993 const struct wiphy_vendor_command *vcmd;
11994 void *data;
11995 int data_len;
11996 int err;
11997 struct nlattr *vendor_data;
11998
11999 rtnl_lock();
12000 err = nl80211_prepare_vendor_dump(skb, cb, &rdev, &wdev);
12001 if (err)
12002 goto out;
12003
12004 vcmd_idx = cb->args[2];
12005 data = (void *)cb->args[3];
12006 data_len = cb->args[4];
12007 vcmd = &rdev->wiphy.vendor_commands[vcmd_idx];
12008
12009 if (vcmd->flags & (WIPHY_VENDOR_CMD_NEED_WDEV |
12010 WIPHY_VENDOR_CMD_NEED_NETDEV)) {
12011 if (!wdev) {
12012 err = -EINVAL;
12013 goto out;
12014 }
12015 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_NETDEV &&
12016 !wdev->netdev) {
12017 err = -EINVAL;
12018 goto out;
12019 }
12020
12021 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_RUNNING) {
12022 if (!wdev_running(wdev)) {
12023 err = -ENETDOWN;
12024 goto out;
12025 }
12026 }
12027 }
12028
12029 while (1) {
12030 void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid,
12031 cb->nlh->nlmsg_seq, NLM_F_MULTI,
12032 NL80211_CMD_VENDOR);
12033 if (!hdr)
12034 break;
12035
12036 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12037 (wdev && nla_put_u64_64bit(skb, NL80211_ATTR_WDEV,
12038 wdev_id(wdev),
12039 NL80211_ATTR_PAD))) {
12040 genlmsg_cancel(skb, hdr);
12041 break;
12042 }
12043
12044 vendor_data = nla_nest_start(skb, NL80211_ATTR_VENDOR_DATA);
12045 if (!vendor_data) {
12046 genlmsg_cancel(skb, hdr);
12047 break;
12048 }
12049
12050 err = vcmd->dumpit(&rdev->wiphy, wdev, skb, data, data_len,
12051 (unsigned long *)&cb->args[5]);
12052 nla_nest_end(skb, vendor_data);
12053
12054 if (err == -ENOBUFS || err == -ENOENT) {
12055 genlmsg_cancel(skb, hdr);
12056 break;
12057 } else if (err) {
12058 genlmsg_cancel(skb, hdr);
12059 goto out;
12060 }
12061
12062 genlmsg_end(skb, hdr);
12063 }
12064
12065 err = skb->len;
12066 out:
12067 rtnl_unlock();
12068 return err;
12069}
12070
12071struct sk_buff *__cfg80211_alloc_reply_skb(struct wiphy *wiphy,
12072 enum nl80211_commands cmd,
12073 enum nl80211_attrs attr,
12074 int approxlen)
12075{
12076 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12077
12078 if (WARN_ON(!rdev->cur_cmd_info))
12079 return NULL;
12080
12081 return __cfg80211_alloc_vendor_skb(rdev, NULL, approxlen,
12082 rdev->cur_cmd_info->snd_portid,
12083 rdev->cur_cmd_info->snd_seq,
12084 cmd, attr, NULL, GFP_KERNEL);
12085}
12086EXPORT_SYMBOL(__cfg80211_alloc_reply_skb);
12087
12088int cfg80211_vendor_cmd_reply(struct sk_buff *skb)
12089{
12090 struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
12091 void *hdr = ((void **)skb->cb)[1];
12092 struct nlattr *data = ((void **)skb->cb)[2];
12093
12094 /* clear CB data for netlink core to own from now on */
12095 memset(skb->cb, 0, sizeof(skb->cb));
12096
12097 if (WARN_ON(!rdev->cur_cmd_info)) {
12098 kfree_skb(skb);
12099 return -EINVAL;
12100 }
12101
12102 nla_nest_end(skb, data);
12103 genlmsg_end(skb, hdr);
12104 return genlmsg_reply(skb, rdev->cur_cmd_info);
12105}
12106EXPORT_SYMBOL_GPL(cfg80211_vendor_cmd_reply);
12107
12108static int nl80211_set_qos_map(struct sk_buff *skb,
12109 struct genl_info *info)
12110{
12111 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12112 struct cfg80211_qos_map *qos_map = NULL;
12113 struct net_device *dev = info->user_ptr[1];
12114 u8 *pos, len, num_des, des_len, des;
12115 int ret;
12116
12117 if (!rdev->ops->set_qos_map)
12118 return -EOPNOTSUPP;
12119
12120 if (info->attrs[NL80211_ATTR_QOS_MAP]) {
12121 pos = nla_data(info->attrs[NL80211_ATTR_QOS_MAP]);
12122 len = nla_len(info->attrs[NL80211_ATTR_QOS_MAP]);
12123
12124 if (len % 2 || len < IEEE80211_QOS_MAP_LEN_MIN ||
12125 len > IEEE80211_QOS_MAP_LEN_MAX)
12126 return -EINVAL;
12127
12128 qos_map = kzalloc(sizeof(struct cfg80211_qos_map), GFP_KERNEL);
12129 if (!qos_map)
12130 return -ENOMEM;
12131
12132 num_des = (len - IEEE80211_QOS_MAP_LEN_MIN) >> 1;
12133 if (num_des) {
12134 des_len = num_des *
12135 sizeof(struct cfg80211_dscp_exception);
12136 memcpy(qos_map->dscp_exception, pos, des_len);
12137 qos_map->num_des = num_des;
12138 for (des = 0; des < num_des; des++) {
12139 if (qos_map->dscp_exception[des].up > 7) {
12140 kfree(qos_map);
12141 return -EINVAL;
12142 }
12143 }
12144 pos += des_len;
12145 }
12146 memcpy(qos_map->up, pos, IEEE80211_QOS_MAP_LEN_MIN);
12147 }
12148
12149 wdev_lock(dev->ieee80211_ptr);
12150 ret = nl80211_key_allowed(dev->ieee80211_ptr);
12151 if (!ret)
12152 ret = rdev_set_qos_map(rdev, dev, qos_map);
12153 wdev_unlock(dev->ieee80211_ptr);
12154
12155 kfree(qos_map);
12156 return ret;
12157}
12158
12159static int nl80211_add_tx_ts(struct sk_buff *skb, struct genl_info *info)
12160{
12161 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12162 struct net_device *dev = info->user_ptr[1];
12163 struct wireless_dev *wdev = dev->ieee80211_ptr;
12164 const u8 *peer;
12165 u8 tsid, up;
12166 u16 admitted_time = 0;
12167 int err;
12168
12169 if (!(rdev->wiphy.features & NL80211_FEATURE_SUPPORTS_WMM_ADMISSION))
12170 return -EOPNOTSUPP;
12171
12172 if (!info->attrs[NL80211_ATTR_TSID] || !info->attrs[NL80211_ATTR_MAC] ||
12173 !info->attrs[NL80211_ATTR_USER_PRIO])
12174 return -EINVAL;
12175
12176 tsid = nla_get_u8(info->attrs[NL80211_ATTR_TSID]);
12177 if (tsid >= IEEE80211_NUM_TIDS)
12178 return -EINVAL;
12179
12180 up = nla_get_u8(info->attrs[NL80211_ATTR_USER_PRIO]);
12181 if (up >= IEEE80211_NUM_UPS)
12182 return -EINVAL;
12183
12184 /* WMM uses TIDs 0-7 even for TSPEC */
12185 if (tsid >= IEEE80211_FIRST_TSPEC_TSID) {
12186 /* TODO: handle 802.11 TSPEC/admission control
12187 * need more attributes for that (e.g. BA session requirement);
12188 * change the WMM adminssion test above to allow both then
12189 */
12190 return -EINVAL;
12191 }
12192
12193 peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
12194
12195 if (info->attrs[NL80211_ATTR_ADMITTED_TIME]) {
12196 admitted_time =
12197 nla_get_u16(info->attrs[NL80211_ATTR_ADMITTED_TIME]);
12198 if (!admitted_time)
12199 return -EINVAL;
12200 }
12201
12202 wdev_lock(wdev);
12203 switch (wdev->iftype) {
12204 case NL80211_IFTYPE_STATION:
12205 case NL80211_IFTYPE_P2P_CLIENT:
12206 if (wdev->current_bss)
12207 break;
12208 err = -ENOTCONN;
12209 goto out;
12210 default:
12211 err = -EOPNOTSUPP;
12212 goto out;
12213 }
12214
12215 err = rdev_add_tx_ts(rdev, dev, tsid, peer, up, admitted_time);
12216
12217 out:
12218 wdev_unlock(wdev);
12219 return err;
12220}
12221
12222static int nl80211_del_tx_ts(struct sk_buff *skb, struct genl_info *info)
12223{
12224 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12225 struct net_device *dev = info->user_ptr[1];
12226 struct wireless_dev *wdev = dev->ieee80211_ptr;
12227 const u8 *peer;
12228 u8 tsid;
12229 int err;
12230
12231 if (!info->attrs[NL80211_ATTR_TSID] || !info->attrs[NL80211_ATTR_MAC])
12232 return -EINVAL;
12233
12234 tsid = nla_get_u8(info->attrs[NL80211_ATTR_TSID]);
12235 peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
12236
12237 wdev_lock(wdev);
12238 err = rdev_del_tx_ts(rdev, dev, tsid, peer);
12239 wdev_unlock(wdev);
12240
12241 return err;
12242}
12243
12244static int nl80211_tdls_channel_switch(struct sk_buff *skb,
12245 struct genl_info *info)
12246{
12247 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12248 struct net_device *dev = info->user_ptr[1];
12249 struct wireless_dev *wdev = dev->ieee80211_ptr;
12250 struct cfg80211_chan_def chandef = {};
12251 const u8 *addr;
12252 u8 oper_class;
12253 int err;
12254
12255 if (!rdev->ops->tdls_channel_switch ||
12256 !(rdev->wiphy.features & NL80211_FEATURE_TDLS_CHANNEL_SWITCH))
12257 return -EOPNOTSUPP;
12258
12259 switch (dev->ieee80211_ptr->iftype) {
12260 case NL80211_IFTYPE_STATION:
12261 case NL80211_IFTYPE_P2P_CLIENT:
12262 break;
12263 default:
12264 return -EOPNOTSUPP;
12265 }
12266
12267 if (!info->attrs[NL80211_ATTR_MAC] ||
12268 !info->attrs[NL80211_ATTR_OPER_CLASS])
12269 return -EINVAL;
12270
12271 err = nl80211_parse_chandef(rdev, info, &chandef);
12272 if (err)
12273 return err;
12274
12275 /*
12276 * Don't allow wide channels on the 2.4Ghz band, as per IEEE802.11-2012
12277 * section 10.22.6.2.1. Disallow 5/10Mhz channels as well for now, the
12278 * specification is not defined for them.
12279 */
12280 if (chandef.chan->band == NL80211_BAND_2GHZ &&
12281 chandef.width != NL80211_CHAN_WIDTH_20_NOHT &&
12282 chandef.width != NL80211_CHAN_WIDTH_20)
12283 return -EINVAL;
12284
12285 /* we will be active on the TDLS link */
12286 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &chandef,
12287 wdev->iftype))
12288 return -EINVAL;
12289
12290 /* don't allow switching to DFS channels */
12291 if (cfg80211_chandef_dfs_required(wdev->wiphy, &chandef, wdev->iftype))
12292 return -EINVAL;
12293
12294 addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
12295 oper_class = nla_get_u8(info->attrs[NL80211_ATTR_OPER_CLASS]);
12296
12297 wdev_lock(wdev);
12298 err = rdev_tdls_channel_switch(rdev, dev, addr, oper_class, &chandef);
12299 wdev_unlock(wdev);
12300
12301 return err;
12302}
12303
12304static int nl80211_tdls_cancel_channel_switch(struct sk_buff *skb,
12305 struct genl_info *info)
12306{
12307 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12308 struct net_device *dev = info->user_ptr[1];
12309 struct wireless_dev *wdev = dev->ieee80211_ptr;
12310 const u8 *addr;
12311
12312 if (!rdev->ops->tdls_channel_switch ||
12313 !rdev->ops->tdls_cancel_channel_switch ||
12314 !(rdev->wiphy.features & NL80211_FEATURE_TDLS_CHANNEL_SWITCH))
12315 return -EOPNOTSUPP;
12316
12317 switch (dev->ieee80211_ptr->iftype) {
12318 case NL80211_IFTYPE_STATION:
12319 case NL80211_IFTYPE_P2P_CLIENT:
12320 break;
12321 default:
12322 return -EOPNOTSUPP;
12323 }
12324
12325 if (!info->attrs[NL80211_ATTR_MAC])
12326 return -EINVAL;
12327
12328 addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
12329
12330 wdev_lock(wdev);
12331 rdev_tdls_cancel_channel_switch(rdev, dev, addr);
12332 wdev_unlock(wdev);
12333
12334 return 0;
12335}
12336
12337static int nl80211_set_multicast_to_unicast(struct sk_buff *skb,
12338 struct genl_info *info)
12339{
12340 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12341 struct net_device *dev = info->user_ptr[1];
12342 struct wireless_dev *wdev = dev->ieee80211_ptr;
12343 const struct nlattr *nla;
12344 bool enabled;
12345
12346 if (!rdev->ops->set_multicast_to_unicast)
12347 return -EOPNOTSUPP;
12348
12349 if (wdev->iftype != NL80211_IFTYPE_AP &&
12350 wdev->iftype != NL80211_IFTYPE_P2P_GO)
12351 return -EOPNOTSUPP;
12352
12353 nla = info->attrs[NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED];
12354 enabled = nla_get_flag(nla);
12355
12356 return rdev_set_multicast_to_unicast(rdev, dev, enabled);
12357}
12358
12359static int nl80211_set_pmk(struct sk_buff *skb, struct genl_info *info)
12360{
12361 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12362 struct net_device *dev = info->user_ptr[1];
12363 struct wireless_dev *wdev = dev->ieee80211_ptr;
12364 struct cfg80211_pmk_conf pmk_conf = {};
12365 int ret;
12366
12367 if (wdev->iftype != NL80211_IFTYPE_STATION &&
12368 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
12369 return -EOPNOTSUPP;
12370
12371 if (!wiphy_ext_feature_isset(&rdev->wiphy,
12372 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
12373 return -EOPNOTSUPP;
12374
12375 if (!info->attrs[NL80211_ATTR_MAC] || !info->attrs[NL80211_ATTR_PMK])
12376 return -EINVAL;
12377
12378 wdev_lock(wdev);
12379 if (!wdev->current_bss) {
12380 ret = -ENOTCONN;
12381 goto out;
12382 }
12383
12384 pmk_conf.aa = nla_data(info->attrs[NL80211_ATTR_MAC]);
12385 if (memcmp(pmk_conf.aa, wdev->current_bss->pub.bssid, ETH_ALEN)) {
12386 ret = -EINVAL;
12387 goto out;
12388 }
12389
12390 pmk_conf.pmk = nla_data(info->attrs[NL80211_ATTR_PMK]);
12391 pmk_conf.pmk_len = nla_len(info->attrs[NL80211_ATTR_PMK]);
12392 if (pmk_conf.pmk_len != WLAN_PMK_LEN &&
12393 pmk_conf.pmk_len != WLAN_PMK_LEN_SUITE_B_192) {
12394 ret = -EINVAL;
12395 goto out;
12396 }
12397
12398 if (info->attrs[NL80211_ATTR_PMKR0_NAME]) {
12399 int r0_name_len = nla_len(info->attrs[NL80211_ATTR_PMKR0_NAME]);
12400
12401 if (r0_name_len != WLAN_PMK_NAME_LEN) {
12402 ret = -EINVAL;
12403 goto out;
12404 }
12405
12406 pmk_conf.pmk_r0_name =
12407 nla_data(info->attrs[NL80211_ATTR_PMKR0_NAME]);
12408 }
12409
12410 ret = rdev_set_pmk(rdev, dev, &pmk_conf);
12411out:
12412 wdev_unlock(wdev);
12413 return ret;
12414}
12415
12416static int nl80211_del_pmk(struct sk_buff *skb, struct genl_info *info)
12417{
12418 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12419 struct net_device *dev = info->user_ptr[1];
12420 struct wireless_dev *wdev = dev->ieee80211_ptr;
12421 const u8 *aa;
12422 int ret;
12423
12424 if (wdev->iftype != NL80211_IFTYPE_STATION &&
12425 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
12426 return -EOPNOTSUPP;
12427
12428 if (!wiphy_ext_feature_isset(&rdev->wiphy,
12429 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
12430 return -EOPNOTSUPP;
12431
12432 if (!info->attrs[NL80211_ATTR_MAC])
12433 return -EINVAL;
12434
12435 wdev_lock(wdev);
12436 aa = nla_data(info->attrs[NL80211_ATTR_MAC]);
12437 ret = rdev_del_pmk(rdev, dev, aa);
12438 wdev_unlock(wdev);
12439
12440 return ret;
12441}
12442
12443static int nl80211_external_auth(struct sk_buff *skb, struct genl_info *info)
12444{
12445 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12446 struct net_device *dev = info->user_ptr[1];
12447 struct cfg80211_external_auth_params params;
12448
12449 if (!rdev->ops->external_auth)
12450 return -EOPNOTSUPP;
12451
12452 if (!info->attrs[NL80211_ATTR_SSID])
12453 return -EINVAL;
12454
12455 if (!info->attrs[NL80211_ATTR_BSSID])
12456 return -EINVAL;
12457
12458 if (!info->attrs[NL80211_ATTR_STATUS_CODE])
12459 return -EINVAL;
12460
12461 memset(&params, 0, sizeof(params));
12462
12463 params.ssid.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
12464 if (params.ssid.ssid_len == 0 ||
12465 params.ssid.ssid_len > IEEE80211_MAX_SSID_LEN)
12466 return -EINVAL;
12467 memcpy(params.ssid.ssid, nla_data(info->attrs[NL80211_ATTR_SSID]),
12468 params.ssid.ssid_len);
12469
12470 memcpy(params.bssid, nla_data(info->attrs[NL80211_ATTR_BSSID]),
12471 ETH_ALEN);
12472
12473 params.status = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
12474
12475 return rdev_external_auth(rdev, dev, &params);
12476}
12477
12478#define NL80211_FLAG_NEED_WIPHY 0x01
12479#define NL80211_FLAG_NEED_NETDEV 0x02
12480#define NL80211_FLAG_NEED_RTNL 0x04
12481#define NL80211_FLAG_CHECK_NETDEV_UP 0x08
12482#define NL80211_FLAG_NEED_NETDEV_UP (NL80211_FLAG_NEED_NETDEV |\
12483 NL80211_FLAG_CHECK_NETDEV_UP)
12484#define NL80211_FLAG_NEED_WDEV 0x10
12485/* If a netdev is associated, it must be UP, P2P must be started */
12486#define NL80211_FLAG_NEED_WDEV_UP (NL80211_FLAG_NEED_WDEV |\
12487 NL80211_FLAG_CHECK_NETDEV_UP)
12488#define NL80211_FLAG_CLEAR_SKB 0x20
12489
12490static int nl80211_pre_doit(const struct genl_ops *ops, struct sk_buff *skb,
12491 struct genl_info *info)
12492{
12493 struct cfg80211_registered_device *rdev;
12494 struct wireless_dev *wdev;
12495 struct net_device *dev;
12496 bool rtnl = ops->internal_flags & NL80211_FLAG_NEED_RTNL;
12497
12498 if (rtnl)
12499 rtnl_lock();
12500
12501 if (ops->internal_flags & NL80211_FLAG_NEED_WIPHY) {
12502 rdev = cfg80211_get_dev_from_info(genl_info_net(info), info);
12503 if (IS_ERR(rdev)) {
12504 if (rtnl)
12505 rtnl_unlock();
12506 return PTR_ERR(rdev);
12507 }
12508 info->user_ptr[0] = rdev;
12509 } else if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV ||
12510 ops->internal_flags & NL80211_FLAG_NEED_WDEV) {
12511 ASSERT_RTNL();
12512
12513 wdev = __cfg80211_wdev_from_attrs(genl_info_net(info),
12514 info->attrs);
12515 if (IS_ERR(wdev)) {
12516 if (rtnl)
12517 rtnl_unlock();
12518 return PTR_ERR(wdev);
12519 }
12520
12521 dev = wdev->netdev;
12522 rdev = wiphy_to_rdev(wdev->wiphy);
12523
12524 if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV) {
12525 if (!dev) {
12526 if (rtnl)
12527 rtnl_unlock();
12528 return -EINVAL;
12529 }
12530
12531 info->user_ptr[1] = dev;
12532 } else {
12533 info->user_ptr[1] = wdev;
12534 }
12535
12536 if (ops->internal_flags & NL80211_FLAG_CHECK_NETDEV_UP &&
12537 !wdev_running(wdev)) {
12538 if (rtnl)
12539 rtnl_unlock();
12540 return -ENETDOWN;
12541 }
12542
12543 if (dev)
12544 dev_hold(dev);
12545
12546 info->user_ptr[0] = rdev;
12547 }
12548
12549 return 0;
12550}
12551
12552static void nl80211_post_doit(const struct genl_ops *ops, struct sk_buff *skb,
12553 struct genl_info *info)
12554{
12555 if (info->user_ptr[1]) {
12556 if (ops->internal_flags & NL80211_FLAG_NEED_WDEV) {
12557 struct wireless_dev *wdev = info->user_ptr[1];
12558
12559 if (wdev->netdev)
12560 dev_put(wdev->netdev);
12561 } else {
12562 dev_put(info->user_ptr[1]);
12563 }
12564 }
12565
12566 if (ops->internal_flags & NL80211_FLAG_NEED_RTNL)
12567 rtnl_unlock();
12568
12569 /* If needed, clear the netlink message payload from the SKB
12570 * as it might contain key data that shouldn't stick around on
12571 * the heap after the SKB is freed. The netlink message header
12572 * is still needed for further processing, so leave it intact.
12573 */
12574 if (ops->internal_flags & NL80211_FLAG_CLEAR_SKB) {
12575 struct nlmsghdr *nlh = nlmsg_hdr(skb);
12576
12577 memset(nlmsg_data(nlh), 0, nlmsg_len(nlh));
12578 }
12579}
12580
12581static const struct genl_ops nl80211_ops[] = {
12582 {
12583 .cmd = NL80211_CMD_GET_WIPHY,
12584 .doit = nl80211_get_wiphy,
12585 .dumpit = nl80211_dump_wiphy,
12586 .done = nl80211_dump_wiphy_done,
12587 .policy = nl80211_policy,
12588 /* can be retrieved by unprivileged users */
12589 .internal_flags = NL80211_FLAG_NEED_WIPHY |
12590 NL80211_FLAG_NEED_RTNL,
12591 },
12592 {
12593 .cmd = NL80211_CMD_SET_WIPHY,
12594 .doit = nl80211_set_wiphy,
12595 .policy = nl80211_policy,
12596 .flags = GENL_UNS_ADMIN_PERM,
12597 .internal_flags = NL80211_FLAG_NEED_RTNL,
12598 },
12599 {
12600 .cmd = NL80211_CMD_GET_INTERFACE,
12601 .doit = nl80211_get_interface,
12602 .dumpit = nl80211_dump_interface,
12603 .policy = nl80211_policy,
12604 /* can be retrieved by unprivileged users */
12605 .internal_flags = NL80211_FLAG_NEED_WDEV |
12606 NL80211_FLAG_NEED_RTNL,
12607 },
12608 {
12609 .cmd = NL80211_CMD_SET_INTERFACE,
12610 .doit = nl80211_set_interface,
12611 .policy = nl80211_policy,
12612 .flags = GENL_UNS_ADMIN_PERM,
12613 .internal_flags = NL80211_FLAG_NEED_NETDEV |
12614 NL80211_FLAG_NEED_RTNL,
12615 },
12616 {
12617 .cmd = NL80211_CMD_NEW_INTERFACE,
12618 .doit = nl80211_new_interface,
12619 .policy = nl80211_policy,
12620 .flags = GENL_UNS_ADMIN_PERM,
12621 .internal_flags = NL80211_FLAG_NEED_WIPHY |
12622 NL80211_FLAG_NEED_RTNL,
12623 },
12624 {
12625 .cmd = NL80211_CMD_DEL_INTERFACE,
12626 .doit = nl80211_del_interface,
12627 .policy = nl80211_policy,
12628 .flags = GENL_UNS_ADMIN_PERM,
12629 .internal_flags = NL80211_FLAG_NEED_WDEV |
12630 NL80211_FLAG_NEED_RTNL,
12631 },
12632 {
12633 .cmd = NL80211_CMD_GET_KEY,
12634 .doit = nl80211_get_key,
12635 .policy = nl80211_policy,
12636 .flags = GENL_UNS_ADMIN_PERM,
12637 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12638 NL80211_FLAG_NEED_RTNL,
12639 },
12640 {
12641 .cmd = NL80211_CMD_SET_KEY,
12642 .doit = nl80211_set_key,
12643 .policy = nl80211_policy,
12644 .flags = GENL_UNS_ADMIN_PERM,
12645 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12646 NL80211_FLAG_NEED_RTNL |
12647 NL80211_FLAG_CLEAR_SKB,
12648 },
12649 {
12650 .cmd = NL80211_CMD_NEW_KEY,
12651 .doit = nl80211_new_key,
12652 .policy = nl80211_policy,
12653 .flags = GENL_UNS_ADMIN_PERM,
12654 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12655 NL80211_FLAG_NEED_RTNL |
12656 NL80211_FLAG_CLEAR_SKB,
12657 },
12658 {
12659 .cmd = NL80211_CMD_DEL_KEY,
12660 .doit = nl80211_del_key,
12661 .policy = nl80211_policy,
12662 .flags = GENL_UNS_ADMIN_PERM,
12663 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12664 NL80211_FLAG_NEED_RTNL,
12665 },
12666 {
12667 .cmd = NL80211_CMD_SET_BEACON,
12668 .policy = nl80211_policy,
12669 .flags = GENL_UNS_ADMIN_PERM,
12670 .doit = nl80211_set_beacon,
12671 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12672 NL80211_FLAG_NEED_RTNL,
12673 },
12674 {
12675 .cmd = NL80211_CMD_START_AP,
12676 .policy = nl80211_policy,
12677 .flags = GENL_UNS_ADMIN_PERM,
12678 .doit = nl80211_start_ap,
12679 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12680 NL80211_FLAG_NEED_RTNL,
12681 },
12682 {
12683 .cmd = NL80211_CMD_STOP_AP,
12684 .policy = nl80211_policy,
12685 .flags = GENL_UNS_ADMIN_PERM,
12686 .doit = nl80211_stop_ap,
12687 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12688 NL80211_FLAG_NEED_RTNL,
12689 },
12690 {
12691 .cmd = NL80211_CMD_GET_STATION,
12692 .doit = nl80211_get_station,
12693 .dumpit = nl80211_dump_station,
12694 .policy = nl80211_policy,
12695 .internal_flags = NL80211_FLAG_NEED_NETDEV |
12696 NL80211_FLAG_NEED_RTNL,
12697 },
12698 {
12699 .cmd = NL80211_CMD_SET_STATION,
12700 .doit = nl80211_set_station,
12701 .policy = nl80211_policy,
12702 .flags = GENL_UNS_ADMIN_PERM,
12703 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12704 NL80211_FLAG_NEED_RTNL,
12705 },
12706 {
12707 .cmd = NL80211_CMD_NEW_STATION,
12708 .doit = nl80211_new_station,
12709 .policy = nl80211_policy,
12710 .flags = GENL_UNS_ADMIN_PERM,
12711 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12712 NL80211_FLAG_NEED_RTNL,
12713 },
12714 {
12715 .cmd = NL80211_CMD_DEL_STATION,
12716 .doit = nl80211_del_station,
12717 .policy = nl80211_policy,
12718 .flags = GENL_UNS_ADMIN_PERM,
12719 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12720 NL80211_FLAG_NEED_RTNL,
12721 },
12722 {
12723 .cmd = NL80211_CMD_GET_MPATH,
12724 .doit = nl80211_get_mpath,
12725 .dumpit = nl80211_dump_mpath,
12726 .policy = nl80211_policy,
12727 .flags = GENL_UNS_ADMIN_PERM,
12728 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12729 NL80211_FLAG_NEED_RTNL,
12730 },
12731 {
12732 .cmd = NL80211_CMD_GET_MPP,
12733 .doit = nl80211_get_mpp,
12734 .dumpit = nl80211_dump_mpp,
12735 .policy = nl80211_policy,
12736 .flags = GENL_UNS_ADMIN_PERM,
12737 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12738 NL80211_FLAG_NEED_RTNL,
12739 },
12740 {
12741 .cmd = NL80211_CMD_SET_MPATH,
12742 .doit = nl80211_set_mpath,
12743 .policy = nl80211_policy,
12744 .flags = GENL_UNS_ADMIN_PERM,
12745 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12746 NL80211_FLAG_NEED_RTNL,
12747 },
12748 {
12749 .cmd = NL80211_CMD_NEW_MPATH,
12750 .doit = nl80211_new_mpath,
12751 .policy = nl80211_policy,
12752 .flags = GENL_UNS_ADMIN_PERM,
12753 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12754 NL80211_FLAG_NEED_RTNL,
12755 },
12756 {
12757 .cmd = NL80211_CMD_DEL_MPATH,
12758 .doit = nl80211_del_mpath,
12759 .policy = nl80211_policy,
12760 .flags = GENL_UNS_ADMIN_PERM,
12761 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12762 NL80211_FLAG_NEED_RTNL,
12763 },
12764 {
12765 .cmd = NL80211_CMD_SET_BSS,
12766 .doit = nl80211_set_bss,
12767 .policy = nl80211_policy,
12768 .flags = GENL_UNS_ADMIN_PERM,
12769 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12770 NL80211_FLAG_NEED_RTNL,
12771 },
12772 {
12773 .cmd = NL80211_CMD_GET_REG,
12774 .doit = nl80211_get_reg_do,
12775 .dumpit = nl80211_get_reg_dump,
12776 .policy = nl80211_policy,
12777 .internal_flags = NL80211_FLAG_NEED_RTNL,
12778 /* can be retrieved by unprivileged users */
12779 },
12780#ifdef CONFIG_CFG80211_CRDA_SUPPORT
12781 {
12782 .cmd = NL80211_CMD_SET_REG,
12783 .doit = nl80211_set_reg,
12784 .policy = nl80211_policy,
12785 .flags = GENL_ADMIN_PERM,
12786 .internal_flags = NL80211_FLAG_NEED_RTNL,
12787 },
12788#endif
12789 {
12790 .cmd = NL80211_CMD_REQ_SET_REG,
12791 .doit = nl80211_req_set_reg,
12792 .policy = nl80211_policy,
12793 .flags = GENL_ADMIN_PERM,
12794 },
12795 {
12796 .cmd = NL80211_CMD_GET_MESH_CONFIG,
12797 .doit = nl80211_get_mesh_config,
12798 .policy = nl80211_policy,
12799 /* can be retrieved by unprivileged users */
12800 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12801 NL80211_FLAG_NEED_RTNL,
12802 },
12803 {
12804 .cmd = NL80211_CMD_SET_MESH_CONFIG,
12805 .doit = nl80211_update_mesh_config,
12806 .policy = nl80211_policy,
12807 .flags = GENL_UNS_ADMIN_PERM,
12808 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12809 NL80211_FLAG_NEED_RTNL,
12810 },
12811 {
12812 .cmd = NL80211_CMD_TRIGGER_SCAN,
12813 .doit = nl80211_trigger_scan,
12814 .policy = nl80211_policy,
12815 .flags = GENL_UNS_ADMIN_PERM,
12816 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
12817 NL80211_FLAG_NEED_RTNL,
12818 },
12819 {
12820 .cmd = NL80211_CMD_ABORT_SCAN,
12821 .doit = nl80211_abort_scan,
12822 .policy = nl80211_policy,
12823 .flags = GENL_UNS_ADMIN_PERM,
12824 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
12825 NL80211_FLAG_NEED_RTNL,
12826 },
12827 {
12828 .cmd = NL80211_CMD_GET_SCAN,
12829 .policy = nl80211_policy,
12830 .dumpit = nl80211_dump_scan,
12831 },
12832 {
12833 .cmd = NL80211_CMD_START_SCHED_SCAN,
12834 .doit = nl80211_start_sched_scan,
12835 .policy = nl80211_policy,
12836 .flags = GENL_UNS_ADMIN_PERM,
12837 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12838 NL80211_FLAG_NEED_RTNL,
12839 },
12840 {
12841 .cmd = NL80211_CMD_STOP_SCHED_SCAN,
12842 .doit = nl80211_stop_sched_scan,
12843 .policy = nl80211_policy,
12844 .flags = GENL_UNS_ADMIN_PERM,
12845 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12846 NL80211_FLAG_NEED_RTNL,
12847 },
12848 {
12849 .cmd = NL80211_CMD_AUTHENTICATE,
12850 .doit = nl80211_authenticate,
12851 .policy = nl80211_policy,
12852 .flags = GENL_UNS_ADMIN_PERM,
12853 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12854 NL80211_FLAG_NEED_RTNL |
12855 NL80211_FLAG_CLEAR_SKB,
12856 },
12857 {
12858 .cmd = NL80211_CMD_ASSOCIATE,
12859 .doit = nl80211_associate,
12860 .policy = nl80211_policy,
12861 .flags = GENL_UNS_ADMIN_PERM,
12862 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12863 NL80211_FLAG_NEED_RTNL |
12864 NL80211_FLAG_CLEAR_SKB,
12865 },
12866 {
12867 .cmd = NL80211_CMD_DEAUTHENTICATE,
12868 .doit = nl80211_deauthenticate,
12869 .policy = nl80211_policy,
12870 .flags = GENL_UNS_ADMIN_PERM,
12871 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12872 NL80211_FLAG_NEED_RTNL,
12873 },
12874 {
12875 .cmd = NL80211_CMD_DISASSOCIATE,
12876 .doit = nl80211_disassociate,
12877 .policy = nl80211_policy,
12878 .flags = GENL_UNS_ADMIN_PERM,
12879 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12880 NL80211_FLAG_NEED_RTNL,
12881 },
12882 {
12883 .cmd = NL80211_CMD_JOIN_IBSS,
12884 .doit = nl80211_join_ibss,
12885 .policy = nl80211_policy,
12886 .flags = GENL_UNS_ADMIN_PERM,
12887 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12888 NL80211_FLAG_NEED_RTNL,
12889 },
12890 {
12891 .cmd = NL80211_CMD_LEAVE_IBSS,
12892 .doit = nl80211_leave_ibss,
12893 .policy = nl80211_policy,
12894 .flags = GENL_UNS_ADMIN_PERM,
12895 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12896 NL80211_FLAG_NEED_RTNL,
12897 },
12898#ifdef CONFIG_NL80211_TESTMODE
12899 {
12900 .cmd = NL80211_CMD_TESTMODE,
12901 .doit = nl80211_testmode_do,
12902 .dumpit = nl80211_testmode_dump,
12903 .policy = nl80211_policy,
12904 .flags = GENL_UNS_ADMIN_PERM,
12905 .internal_flags = NL80211_FLAG_NEED_WIPHY |
12906 NL80211_FLAG_NEED_RTNL,
12907 },
12908#endif
12909 {
12910 .cmd = NL80211_CMD_CONNECT,
12911 .doit = nl80211_connect,
12912 .policy = nl80211_policy,
12913 .flags = GENL_UNS_ADMIN_PERM,
12914 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12915 NL80211_FLAG_NEED_RTNL |
12916 NL80211_FLAG_CLEAR_SKB,
12917 },
12918 {
12919 .cmd = NL80211_CMD_UPDATE_CONNECT_PARAMS,
12920 .doit = nl80211_update_connect_params,
12921 .policy = nl80211_policy,
12922 .flags = GENL_ADMIN_PERM,
12923 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12924 NL80211_FLAG_NEED_RTNL |
12925 NL80211_FLAG_CLEAR_SKB,
12926 },
12927 {
12928 .cmd = NL80211_CMD_DISCONNECT,
12929 .doit = nl80211_disconnect,
12930 .policy = nl80211_policy,
12931 .flags = GENL_UNS_ADMIN_PERM,
12932 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12933 NL80211_FLAG_NEED_RTNL,
12934 },
12935 {
12936 .cmd = NL80211_CMD_SET_WIPHY_NETNS,
12937 .doit = nl80211_wiphy_netns,
12938 .policy = nl80211_policy,
12939 .flags = GENL_UNS_ADMIN_PERM,
12940 .internal_flags = NL80211_FLAG_NEED_WIPHY |
12941 NL80211_FLAG_NEED_RTNL,
12942 },
12943 {
12944 .cmd = NL80211_CMD_GET_SURVEY,
12945 .policy = nl80211_policy,
12946 .dumpit = nl80211_dump_survey,
12947 },
12948 {
12949 .cmd = NL80211_CMD_SET_PMKSA,
12950 .doit = nl80211_setdel_pmksa,
12951 .policy = nl80211_policy,
12952 .flags = GENL_UNS_ADMIN_PERM,
12953 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12954 NL80211_FLAG_NEED_RTNL |
12955 NL80211_FLAG_CLEAR_SKB,
12956 },
12957 {
12958 .cmd = NL80211_CMD_DEL_PMKSA,
12959 .doit = nl80211_setdel_pmksa,
12960 .policy = nl80211_policy,
12961 .flags = GENL_UNS_ADMIN_PERM,
12962 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12963 NL80211_FLAG_NEED_RTNL,
12964 },
12965 {
12966 .cmd = NL80211_CMD_FLUSH_PMKSA,
12967 .doit = nl80211_flush_pmksa,
12968 .policy = nl80211_policy,
12969 .flags = GENL_UNS_ADMIN_PERM,
12970 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12971 NL80211_FLAG_NEED_RTNL,
12972 },
12973 {
12974 .cmd = NL80211_CMD_REMAIN_ON_CHANNEL,
12975 .doit = nl80211_remain_on_channel,
12976 .policy = nl80211_policy,
12977 .flags = GENL_UNS_ADMIN_PERM,
12978 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
12979 NL80211_FLAG_NEED_RTNL,
12980 },
12981 {
12982 .cmd = NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
12983 .doit = nl80211_cancel_remain_on_channel,
12984 .policy = nl80211_policy,
12985 .flags = GENL_UNS_ADMIN_PERM,
12986 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
12987 NL80211_FLAG_NEED_RTNL,
12988 },
12989 {
12990 .cmd = NL80211_CMD_SET_TX_BITRATE_MASK,
12991 .doit = nl80211_set_tx_bitrate_mask,
12992 .policy = nl80211_policy,
12993 .flags = GENL_UNS_ADMIN_PERM,
12994 .internal_flags = NL80211_FLAG_NEED_NETDEV |
12995 NL80211_FLAG_NEED_RTNL,
12996 },
12997 {
12998 .cmd = NL80211_CMD_REGISTER_FRAME,
12999 .doit = nl80211_register_mgmt,
13000 .policy = nl80211_policy,
13001 .flags = GENL_UNS_ADMIN_PERM,
13002 .internal_flags = NL80211_FLAG_NEED_WDEV |
13003 NL80211_FLAG_NEED_RTNL,
13004 },
13005 {
13006 .cmd = NL80211_CMD_FRAME,
13007 .doit = nl80211_tx_mgmt,
13008 .policy = nl80211_policy,
13009 .flags = GENL_UNS_ADMIN_PERM,
13010 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
13011 NL80211_FLAG_NEED_RTNL,
13012 },
13013 {
13014 .cmd = NL80211_CMD_FRAME_WAIT_CANCEL,
13015 .doit = nl80211_tx_mgmt_cancel_wait,
13016 .policy = nl80211_policy,
13017 .flags = GENL_UNS_ADMIN_PERM,
13018 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
13019 NL80211_FLAG_NEED_RTNL,
13020 },
13021 {
13022 .cmd = NL80211_CMD_SET_POWER_SAVE,
13023 .doit = nl80211_set_power_save,
13024 .policy = nl80211_policy,
13025 .flags = GENL_UNS_ADMIN_PERM,
13026 .internal_flags = NL80211_FLAG_NEED_NETDEV |
13027 NL80211_FLAG_NEED_RTNL,
13028 },
13029 {
13030 .cmd = NL80211_CMD_GET_POWER_SAVE,
13031 .doit = nl80211_get_power_save,
13032 .policy = nl80211_policy,
13033 /* can be retrieved by unprivileged users */
13034 .internal_flags = NL80211_FLAG_NEED_NETDEV |
13035 NL80211_FLAG_NEED_RTNL,
13036 },
13037 {
13038 .cmd = NL80211_CMD_SET_CQM,
13039 .doit = nl80211_set_cqm,
13040 .policy = nl80211_policy,
13041 .flags = GENL_UNS_ADMIN_PERM,
13042 .internal_flags = NL80211_FLAG_NEED_NETDEV |
13043 NL80211_FLAG_NEED_RTNL,
13044 },
13045 {
13046 .cmd = NL80211_CMD_SET_CHANNEL,
13047 .doit = nl80211_set_channel,
13048 .policy = nl80211_policy,
13049 .flags = GENL_UNS_ADMIN_PERM,
13050 .internal_flags = NL80211_FLAG_NEED_NETDEV |
13051 NL80211_FLAG_NEED_RTNL,
13052 },
13053 {
13054 .cmd = NL80211_CMD_SET_WDS_PEER,
13055 .doit = nl80211_set_wds_peer,
13056 .policy = nl80211_policy,
13057 .flags = GENL_UNS_ADMIN_PERM,
13058 .internal_flags = NL80211_FLAG_NEED_NETDEV |
13059 NL80211_FLAG_NEED_RTNL,
13060 },
13061 {
13062 .cmd = NL80211_CMD_JOIN_MESH,
13063 .doit = nl80211_join_mesh,
13064 .policy = nl80211_policy,
13065 .flags = GENL_UNS_ADMIN_PERM,
13066 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13067 NL80211_FLAG_NEED_RTNL,
13068 },
13069 {
13070 .cmd = NL80211_CMD_LEAVE_MESH,
13071 .doit = nl80211_leave_mesh,
13072 .policy = nl80211_policy,
13073 .flags = GENL_UNS_ADMIN_PERM,
13074 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13075 NL80211_FLAG_NEED_RTNL,
13076 },
13077 {
13078 .cmd = NL80211_CMD_JOIN_OCB,
13079 .doit = nl80211_join_ocb,
13080 .policy = nl80211_policy,
13081 .flags = GENL_UNS_ADMIN_PERM,
13082 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13083 NL80211_FLAG_NEED_RTNL,
13084 },
13085 {
13086 .cmd = NL80211_CMD_LEAVE_OCB,
13087 .doit = nl80211_leave_ocb,
13088 .policy = nl80211_policy,
13089 .flags = GENL_UNS_ADMIN_PERM,
13090 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13091 NL80211_FLAG_NEED_RTNL,
13092 },
13093#ifdef CONFIG_PM
13094 {
13095 .cmd = NL80211_CMD_GET_WOWLAN,
13096 .doit = nl80211_get_wowlan,
13097 .policy = nl80211_policy,
13098 /* can be retrieved by unprivileged users */
13099 .internal_flags = NL80211_FLAG_NEED_WIPHY |
13100 NL80211_FLAG_NEED_RTNL,
13101 },
13102 {
13103 .cmd = NL80211_CMD_SET_WOWLAN,
13104 .doit = nl80211_set_wowlan,
13105 .policy = nl80211_policy,
13106 .flags = GENL_UNS_ADMIN_PERM,
13107 .internal_flags = NL80211_FLAG_NEED_WIPHY |
13108 NL80211_FLAG_NEED_RTNL,
13109 },
13110#endif
13111 {
13112 .cmd = NL80211_CMD_SET_REKEY_OFFLOAD,
13113 .doit = nl80211_set_rekey_data,
13114 .policy = nl80211_policy,
13115 .flags = GENL_UNS_ADMIN_PERM,
13116 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13117 NL80211_FLAG_NEED_RTNL |
13118 NL80211_FLAG_CLEAR_SKB,
13119 },
13120 {
13121 .cmd = NL80211_CMD_TDLS_MGMT,
13122 .doit = nl80211_tdls_mgmt,
13123 .policy = nl80211_policy,
13124 .flags = GENL_UNS_ADMIN_PERM,
13125 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13126 NL80211_FLAG_NEED_RTNL,
13127 },
13128 {
13129 .cmd = NL80211_CMD_TDLS_OPER,
13130 .doit = nl80211_tdls_oper,
13131 .policy = nl80211_policy,
13132 .flags = GENL_UNS_ADMIN_PERM,
13133 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13134 NL80211_FLAG_NEED_RTNL,
13135 },
13136 {
13137 .cmd = NL80211_CMD_UNEXPECTED_FRAME,
13138 .doit = nl80211_register_unexpected_frame,
13139 .policy = nl80211_policy,
13140 .flags = GENL_UNS_ADMIN_PERM,
13141 .internal_flags = NL80211_FLAG_NEED_NETDEV |
13142 NL80211_FLAG_NEED_RTNL,
13143 },
13144 {
13145 .cmd = NL80211_CMD_PROBE_CLIENT,
13146 .doit = nl80211_probe_client,
13147 .policy = nl80211_policy,
13148 .flags = GENL_UNS_ADMIN_PERM,
13149 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13150 NL80211_FLAG_NEED_RTNL,
13151 },
13152 {
13153 .cmd = NL80211_CMD_REGISTER_BEACONS,
13154 .doit = nl80211_register_beacons,
13155 .policy = nl80211_policy,
13156 .flags = GENL_UNS_ADMIN_PERM,
13157 .internal_flags = NL80211_FLAG_NEED_WIPHY |
13158 NL80211_FLAG_NEED_RTNL,
13159 },
13160 {
13161 .cmd = NL80211_CMD_SET_NOACK_MAP,
13162 .doit = nl80211_set_noack_map,
13163 .policy = nl80211_policy,
13164 .flags = GENL_UNS_ADMIN_PERM,
13165 .internal_flags = NL80211_FLAG_NEED_NETDEV |
13166 NL80211_FLAG_NEED_RTNL,
13167 },
13168 {
13169 .cmd = NL80211_CMD_START_P2P_DEVICE,
13170 .doit = nl80211_start_p2p_device,
13171 .policy = nl80211_policy,
13172 .flags = GENL_UNS_ADMIN_PERM,
13173 .internal_flags = NL80211_FLAG_NEED_WDEV |
13174 NL80211_FLAG_NEED_RTNL,
13175 },
13176 {
13177 .cmd = NL80211_CMD_STOP_P2P_DEVICE,
13178 .doit = nl80211_stop_p2p_device,
13179 .policy = nl80211_policy,
13180 .flags = GENL_UNS_ADMIN_PERM,
13181 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
13182 NL80211_FLAG_NEED_RTNL,
13183 },
13184 {
13185 .cmd = NL80211_CMD_START_NAN,
13186 .doit = nl80211_start_nan,
13187 .policy = nl80211_policy,
13188 .flags = GENL_ADMIN_PERM,
13189 .internal_flags = NL80211_FLAG_NEED_WDEV |
13190 NL80211_FLAG_NEED_RTNL,
13191 },
13192 {
13193 .cmd = NL80211_CMD_STOP_NAN,
13194 .doit = nl80211_stop_nan,
13195 .policy = nl80211_policy,
13196 .flags = GENL_ADMIN_PERM,
13197 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
13198 NL80211_FLAG_NEED_RTNL,
13199 },
13200 {
13201 .cmd = NL80211_CMD_ADD_NAN_FUNCTION,
13202 .doit = nl80211_nan_add_func,
13203 .policy = nl80211_policy,
13204 .flags = GENL_ADMIN_PERM,
13205 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
13206 NL80211_FLAG_NEED_RTNL,
13207 },
13208 {
13209 .cmd = NL80211_CMD_DEL_NAN_FUNCTION,
13210 .doit = nl80211_nan_del_func,
13211 .policy = nl80211_policy,
13212 .flags = GENL_ADMIN_PERM,
13213 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
13214 NL80211_FLAG_NEED_RTNL,
13215 },
13216 {
13217 .cmd = NL80211_CMD_CHANGE_NAN_CONFIG,
13218 .doit = nl80211_nan_change_config,
13219 .policy = nl80211_policy,
13220 .flags = GENL_ADMIN_PERM,
13221 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
13222 NL80211_FLAG_NEED_RTNL,
13223 },
13224 {
13225 .cmd = NL80211_CMD_SET_MCAST_RATE,
13226 .doit = nl80211_set_mcast_rate,
13227 .policy = nl80211_policy,
13228 .flags = GENL_UNS_ADMIN_PERM,
13229 .internal_flags = NL80211_FLAG_NEED_NETDEV |
13230 NL80211_FLAG_NEED_RTNL,
13231 },
13232 {
13233 .cmd = NL80211_CMD_SET_MAC_ACL,
13234 .doit = nl80211_set_mac_acl,
13235 .policy = nl80211_policy,
13236 .flags = GENL_UNS_ADMIN_PERM,
13237 .internal_flags = NL80211_FLAG_NEED_NETDEV |
13238 NL80211_FLAG_NEED_RTNL,
13239 },
13240 {
13241 .cmd = NL80211_CMD_RADAR_DETECT,
13242 .doit = nl80211_start_radar_detection,
13243 .policy = nl80211_policy,
13244 .flags = GENL_UNS_ADMIN_PERM,
13245 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13246 NL80211_FLAG_NEED_RTNL,
13247 },
13248 {
13249 .cmd = NL80211_CMD_GET_PROTOCOL_FEATURES,
13250 .doit = nl80211_get_protocol_features,
13251 .policy = nl80211_policy,
13252 },
13253 {
13254 .cmd = NL80211_CMD_UPDATE_FT_IES,
13255 .doit = nl80211_update_ft_ies,
13256 .policy = nl80211_policy,
13257 .flags = GENL_UNS_ADMIN_PERM,
13258 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13259 NL80211_FLAG_NEED_RTNL,
13260 },
13261 {
13262 .cmd = NL80211_CMD_CRIT_PROTOCOL_START,
13263 .doit = nl80211_crit_protocol_start,
13264 .policy = nl80211_policy,
13265 .flags = GENL_UNS_ADMIN_PERM,
13266 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
13267 NL80211_FLAG_NEED_RTNL,
13268 },
13269 {
13270 .cmd = NL80211_CMD_CRIT_PROTOCOL_STOP,
13271 .doit = nl80211_crit_protocol_stop,
13272 .policy = nl80211_policy,
13273 .flags = GENL_UNS_ADMIN_PERM,
13274 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
13275 NL80211_FLAG_NEED_RTNL,
13276 },
13277 {
13278 .cmd = NL80211_CMD_GET_COALESCE,
13279 .doit = nl80211_get_coalesce,
13280 .policy = nl80211_policy,
13281 .internal_flags = NL80211_FLAG_NEED_WIPHY |
13282 NL80211_FLAG_NEED_RTNL,
13283 },
13284 {
13285 .cmd = NL80211_CMD_SET_COALESCE,
13286 .doit = nl80211_set_coalesce,
13287 .policy = nl80211_policy,
13288 .flags = GENL_UNS_ADMIN_PERM,
13289 .internal_flags = NL80211_FLAG_NEED_WIPHY |
13290 NL80211_FLAG_NEED_RTNL,
13291 },
13292 {
13293 .cmd = NL80211_CMD_CHANNEL_SWITCH,
13294 .doit = nl80211_channel_switch,
13295 .policy = nl80211_policy,
13296 .flags = GENL_UNS_ADMIN_PERM,
13297 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13298 NL80211_FLAG_NEED_RTNL,
13299 },
13300 {
13301 .cmd = NL80211_CMD_VENDOR,
13302 .doit = nl80211_vendor_cmd,
13303 .dumpit = nl80211_vendor_cmd_dump,
13304 .policy = nl80211_policy,
13305 .flags = GENL_UNS_ADMIN_PERM,
13306 .internal_flags = NL80211_FLAG_NEED_WIPHY |
13307 NL80211_FLAG_NEED_RTNL |
13308 NL80211_FLAG_CLEAR_SKB,
13309 },
13310 {
13311 .cmd = NL80211_CMD_SET_QOS_MAP,
13312 .doit = nl80211_set_qos_map,
13313 .policy = nl80211_policy,
13314 .flags = GENL_UNS_ADMIN_PERM,
13315 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13316 NL80211_FLAG_NEED_RTNL,
13317 },
13318 {
13319 .cmd = NL80211_CMD_ADD_TX_TS,
13320 .doit = nl80211_add_tx_ts,
13321 .policy = nl80211_policy,
13322 .flags = GENL_UNS_ADMIN_PERM,
13323 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13324 NL80211_FLAG_NEED_RTNL,
13325 },
13326 {
13327 .cmd = NL80211_CMD_DEL_TX_TS,
13328 .doit = nl80211_del_tx_ts,
13329 .policy = nl80211_policy,
13330 .flags = GENL_UNS_ADMIN_PERM,
13331 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13332 NL80211_FLAG_NEED_RTNL,
13333 },
13334 {
13335 .cmd = NL80211_CMD_TDLS_CHANNEL_SWITCH,
13336 .doit = nl80211_tdls_channel_switch,
13337 .policy = nl80211_policy,
13338 .flags = GENL_UNS_ADMIN_PERM,
13339 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13340 NL80211_FLAG_NEED_RTNL,
13341 },
13342 {
13343 .cmd = NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH,
13344 .doit = nl80211_tdls_cancel_channel_switch,
13345 .policy = nl80211_policy,
13346 .flags = GENL_UNS_ADMIN_PERM,
13347 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13348 NL80211_FLAG_NEED_RTNL,
13349 },
13350 {
13351 .cmd = NL80211_CMD_SET_MULTICAST_TO_UNICAST,
13352 .doit = nl80211_set_multicast_to_unicast,
13353 .policy = nl80211_policy,
13354 .flags = GENL_UNS_ADMIN_PERM,
13355 .internal_flags = NL80211_FLAG_NEED_NETDEV |
13356 NL80211_FLAG_NEED_RTNL,
13357 },
13358 {
13359 .cmd = NL80211_CMD_SET_PMK,
13360 .doit = nl80211_set_pmk,
13361 .policy = nl80211_policy,
13362 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13363 NL80211_FLAG_NEED_RTNL |
13364 NL80211_FLAG_CLEAR_SKB,
13365 },
13366 {
13367 .cmd = NL80211_CMD_DEL_PMK,
13368 .doit = nl80211_del_pmk,
13369 .policy = nl80211_policy,
13370 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13371 NL80211_FLAG_NEED_RTNL,
13372 },
13373 {
13374 .cmd = NL80211_CMD_EXTERNAL_AUTH,
13375 .doit = nl80211_external_auth,
13376 .policy = nl80211_policy,
13377 .flags = GENL_ADMIN_PERM,
13378 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13379 NL80211_FLAG_NEED_RTNL,
13380 },
13381
13382};
13383
13384static struct genl_family nl80211_fam __ro_after_init = {
13385 .name = NL80211_GENL_NAME, /* have users key off the name instead */
13386 .hdrsize = 0, /* no private header */
13387 .version = 1, /* no particular meaning now */
13388 .maxattr = NL80211_ATTR_MAX,
13389 .netnsok = true,
13390 .pre_doit = nl80211_pre_doit,
13391 .post_doit = nl80211_post_doit,
13392 .module = THIS_MODULE,
13393 .ops = nl80211_ops,
13394 .n_ops = ARRAY_SIZE(nl80211_ops),
13395 .mcgrps = nl80211_mcgrps,
13396 .n_mcgrps = ARRAY_SIZE(nl80211_mcgrps),
13397};
13398
13399/* notification functions */
13400
13401void nl80211_notify_wiphy(struct cfg80211_registered_device *rdev,
13402 enum nl80211_commands cmd)
13403{
13404 struct sk_buff *msg;
13405 struct nl80211_dump_wiphy_state state = {};
13406
13407 WARN_ON(cmd != NL80211_CMD_NEW_WIPHY &&
13408 cmd != NL80211_CMD_DEL_WIPHY);
13409
13410 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
13411 if (!msg)
13412 return;
13413
13414 if (nl80211_send_wiphy(rdev, cmd, msg, 0, 0, 0, &state) < 0) {
13415 nlmsg_free(msg);
13416 return;
13417 }
13418
13419 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
13420 NL80211_MCGRP_CONFIG, GFP_KERNEL);
13421}
13422
13423void nl80211_notify_iface(struct cfg80211_registered_device *rdev,
13424 struct wireless_dev *wdev,
13425 enum nl80211_commands cmd)
13426{
13427 struct sk_buff *msg;
13428
13429 WARN_ON(cmd != NL80211_CMD_NEW_INTERFACE &&
13430 cmd != NL80211_CMD_DEL_INTERFACE);
13431
13432 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
13433 if (!msg)
13434 return;
13435
13436 if (nl80211_send_iface(msg, 0, 0, 0, rdev, wdev,
13437 cmd == NL80211_CMD_DEL_INTERFACE) < 0) {
13438 nlmsg_free(msg);
13439 return;
13440 }
13441
13442 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
13443 NL80211_MCGRP_CONFIG, GFP_KERNEL);
13444}
13445
13446static int nl80211_add_scan_req(struct sk_buff *msg,
13447 struct cfg80211_registered_device *rdev)
13448{
13449 struct cfg80211_scan_request *req = rdev->scan_req;
13450 struct nlattr *nest;
13451 int i;
13452
13453 if (WARN_ON(!req))
13454 return 0;
13455
13456 nest = nla_nest_start(msg, NL80211_ATTR_SCAN_SSIDS);
13457 if (!nest)
13458 goto nla_put_failure;
13459 for (i = 0; i < req->n_ssids; i++) {
13460 if (nla_put(msg, i, req->ssids[i].ssid_len, req->ssids[i].ssid))
13461 goto nla_put_failure;
13462 }
13463 nla_nest_end(msg, nest);
13464
13465 nest = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQUENCIES);
13466 if (!nest)
13467 goto nla_put_failure;
13468 for (i = 0; i < req->n_channels; i++) {
13469 if (nla_put_u32(msg, i, req->channels[i]->center_freq))
13470 goto nla_put_failure;
13471 }
13472 nla_nest_end(msg, nest);
13473
13474 if (req->ie &&
13475 nla_put(msg, NL80211_ATTR_IE, req->ie_len, req->ie))
13476 goto nla_put_failure;
13477
13478 if (req->flags &&
13479 nla_put_u32(msg, NL80211_ATTR_SCAN_FLAGS, req->flags))
13480 goto nla_put_failure;
13481
13482 if (req->info.scan_start_tsf &&
13483 (nla_put_u64_64bit(msg, NL80211_ATTR_SCAN_START_TIME_TSF,
13484 req->info.scan_start_tsf, NL80211_BSS_PAD) ||
13485 nla_put(msg, NL80211_ATTR_SCAN_START_TIME_TSF_BSSID, ETH_ALEN,
13486 req->info.tsf_bssid)))
13487 goto nla_put_failure;
13488
13489 return 0;
13490 nla_put_failure:
13491 return -ENOBUFS;
13492}
13493
13494static int nl80211_prep_scan_msg(struct sk_buff *msg,
13495 struct cfg80211_registered_device *rdev,
13496 struct wireless_dev *wdev,
13497 u32 portid, u32 seq, int flags,
13498 u32 cmd)
13499{
13500 void *hdr;
13501
13502 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
13503 if (!hdr)
13504 return -1;
13505
13506 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
13507 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
13508 wdev->netdev->ifindex)) ||
13509 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
13510 NL80211_ATTR_PAD))
13511 goto nla_put_failure;
13512
13513 /* ignore errors and send incomplete event anyway */
13514 nl80211_add_scan_req(msg, rdev);
13515
13516 genlmsg_end(msg, hdr);
13517 return 0;
13518
13519 nla_put_failure:
13520 genlmsg_cancel(msg, hdr);
13521 return -EMSGSIZE;
13522}
13523
13524static int
13525nl80211_prep_sched_scan_msg(struct sk_buff *msg,
13526 struct cfg80211_sched_scan_request *req, u32 cmd)
13527{
13528 void *hdr;
13529
13530 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
13531 if (!hdr)
13532 return -1;
13533
13534 if (nla_put_u32(msg, NL80211_ATTR_WIPHY,
13535 wiphy_to_rdev(req->wiphy)->wiphy_idx) ||
13536 nla_put_u32(msg, NL80211_ATTR_IFINDEX, req->dev->ifindex) ||
13537 nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, req->reqid,
13538 NL80211_ATTR_PAD))
13539 goto nla_put_failure;
13540
13541 genlmsg_end(msg, hdr);
13542 return 0;
13543
13544 nla_put_failure:
13545 genlmsg_cancel(msg, hdr);
13546 return -EMSGSIZE;
13547}
13548
13549void nl80211_send_scan_start(struct cfg80211_registered_device *rdev,
13550 struct wireless_dev *wdev)
13551{
13552 struct sk_buff *msg;
13553
13554 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
13555 if (!msg)
13556 return;
13557
13558 if (nl80211_prep_scan_msg(msg, rdev, wdev, 0, 0, 0,
13559 NL80211_CMD_TRIGGER_SCAN) < 0) {
13560 nlmsg_free(msg);
13561 return;
13562 }
13563
13564 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
13565 NL80211_MCGRP_SCAN, GFP_KERNEL);
13566}
13567
13568struct sk_buff *nl80211_build_scan_msg(struct cfg80211_registered_device *rdev,
13569 struct wireless_dev *wdev, bool aborted)
13570{
13571 struct sk_buff *msg;
13572
13573 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
13574 if (!msg)
13575 return NULL;
13576
13577 if (nl80211_prep_scan_msg(msg, rdev, wdev, 0, 0, 0,
13578 aborted ? NL80211_CMD_SCAN_ABORTED :
13579 NL80211_CMD_NEW_SCAN_RESULTS) < 0) {
13580 nlmsg_free(msg);
13581 return NULL;
13582 }
13583
13584 return msg;
13585}
13586
13587/* send message created by nl80211_build_scan_msg() */
13588void nl80211_send_scan_msg(struct cfg80211_registered_device *rdev,
13589 struct sk_buff *msg)
13590{
13591 if (!msg)
13592 return;
13593
13594 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
13595 NL80211_MCGRP_SCAN, GFP_KERNEL);
13596}
13597
13598void nl80211_send_sched_scan(struct cfg80211_sched_scan_request *req, u32 cmd)
13599{
13600 struct sk_buff *msg;
13601
13602 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
13603 if (!msg)
13604 return;
13605
13606 if (nl80211_prep_sched_scan_msg(msg, req, cmd) < 0) {
13607 nlmsg_free(msg);
13608 return;
13609 }
13610
13611 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(req->wiphy), msg, 0,
13612 NL80211_MCGRP_SCAN, GFP_KERNEL);
13613}
13614
13615static bool nl80211_reg_change_event_fill(struct sk_buff *msg,
13616 struct regulatory_request *request)
13617{
13618 /* Userspace can always count this one always being set */
13619 if (nla_put_u8(msg, NL80211_ATTR_REG_INITIATOR, request->initiator))
13620 goto nla_put_failure;
13621
13622 if (request->alpha2[0] == '0' && request->alpha2[1] == '0') {
13623 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
13624 NL80211_REGDOM_TYPE_WORLD))
13625 goto nla_put_failure;
13626 } else if (request->alpha2[0] == '9' && request->alpha2[1] == '9') {
13627 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
13628 NL80211_REGDOM_TYPE_CUSTOM_WORLD))
13629 goto nla_put_failure;
13630 } else if ((request->alpha2[0] == '9' && request->alpha2[1] == '8') ||
13631 request->intersect) {
13632 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
13633 NL80211_REGDOM_TYPE_INTERSECTION))
13634 goto nla_put_failure;
13635 } else {
13636 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
13637 NL80211_REGDOM_TYPE_COUNTRY) ||
13638 nla_put_string(msg, NL80211_ATTR_REG_ALPHA2,
13639 request->alpha2))
13640 goto nla_put_failure;
13641 }
13642
13643 if (request->wiphy_idx != WIPHY_IDX_INVALID) {
13644 struct wiphy *wiphy = wiphy_idx_to_wiphy(request->wiphy_idx);
13645
13646 if (wiphy &&
13647 nla_put_u32(msg, NL80211_ATTR_WIPHY, request->wiphy_idx))
13648 goto nla_put_failure;
13649
13650 if (wiphy &&
13651 wiphy->regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
13652 nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
13653 goto nla_put_failure;
13654 }
13655
13656 return true;
13657
13658nla_put_failure:
13659 return false;
13660}
13661
13662/*
13663 * This can happen on global regulatory changes or device specific settings
13664 * based on custom regulatory domains.
13665 */
13666void nl80211_common_reg_change_event(enum nl80211_commands cmd_id,
13667 struct regulatory_request *request)
13668{
13669 struct sk_buff *msg;
13670 void *hdr;
13671
13672 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
13673 if (!msg)
13674 return;
13675
13676 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd_id);
13677 if (!hdr) {
13678 nlmsg_free(msg);
13679 return;
13680 }
13681
13682 if (nl80211_reg_change_event_fill(msg, request) == false)
13683 goto nla_put_failure;
13684
13685 genlmsg_end(msg, hdr);
13686
13687 rcu_read_lock();
13688 genlmsg_multicast_allns(&nl80211_fam, msg, 0,
13689 NL80211_MCGRP_REGULATORY, GFP_ATOMIC);
13690 rcu_read_unlock();
13691
13692 return;
13693
13694nla_put_failure:
13695 genlmsg_cancel(msg, hdr);
13696 nlmsg_free(msg);
13697}
13698
13699static void nl80211_send_mlme_event(struct cfg80211_registered_device *rdev,
13700 struct net_device *netdev,
13701 const u8 *buf, size_t len,
13702 enum nl80211_commands cmd, gfp_t gfp,
13703 int uapsd_queues)
13704{
13705 struct sk_buff *msg;
13706 void *hdr;
13707
13708 msg = nlmsg_new(100 + len, gfp);
13709 if (!msg)
13710 return;
13711
13712 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
13713 if (!hdr) {
13714 nlmsg_free(msg);
13715 return;
13716 }
13717
13718 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
13719 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
13720 nla_put(msg, NL80211_ATTR_FRAME, len, buf))
13721 goto nla_put_failure;
13722
13723 if (uapsd_queues >= 0) {
13724 struct nlattr *nla_wmm =
13725 nla_nest_start(msg, NL80211_ATTR_STA_WME);
13726 if (!nla_wmm)
13727 goto nla_put_failure;
13728
13729 if (nla_put_u8(msg, NL80211_STA_WME_UAPSD_QUEUES,
13730 uapsd_queues))
13731 goto nla_put_failure;
13732
13733 nla_nest_end(msg, nla_wmm);
13734 }
13735
13736 genlmsg_end(msg, hdr);
13737
13738 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
13739 NL80211_MCGRP_MLME, gfp);
13740 return;
13741
13742 nla_put_failure:
13743 genlmsg_cancel(msg, hdr);
13744 nlmsg_free(msg);
13745}
13746
13747void nl80211_send_rx_auth(struct cfg80211_registered_device *rdev,
13748 struct net_device *netdev, const u8 *buf,
13749 size_t len, gfp_t gfp)
13750{
13751 nl80211_send_mlme_event(rdev, netdev, buf, len,
13752 NL80211_CMD_AUTHENTICATE, gfp, -1);
13753}
13754
13755void nl80211_send_rx_assoc(struct cfg80211_registered_device *rdev,
13756 struct net_device *netdev, const u8 *buf,
13757 size_t len, gfp_t gfp, int uapsd_queues)
13758{
13759 nl80211_send_mlme_event(rdev, netdev, buf, len,
13760 NL80211_CMD_ASSOCIATE, gfp, uapsd_queues);
13761}
13762
13763void nl80211_send_deauth(struct cfg80211_registered_device *rdev,
13764 struct net_device *netdev, const u8 *buf,
13765 size_t len, gfp_t gfp)
13766{
13767 nl80211_send_mlme_event(rdev, netdev, buf, len,
13768 NL80211_CMD_DEAUTHENTICATE, gfp, -1);
13769}
13770
13771void nl80211_send_disassoc(struct cfg80211_registered_device *rdev,
13772 struct net_device *netdev, const u8 *buf,
13773 size_t len, gfp_t gfp)
13774{
13775 nl80211_send_mlme_event(rdev, netdev, buf, len,
13776 NL80211_CMD_DISASSOCIATE, gfp, -1);
13777}
13778
13779void cfg80211_rx_unprot_mlme_mgmt(struct net_device *dev, const u8 *buf,
13780 size_t len)
13781{
13782 struct wireless_dev *wdev = dev->ieee80211_ptr;
13783 struct wiphy *wiphy = wdev->wiphy;
13784 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
13785 const struct ieee80211_mgmt *mgmt = (void *)buf;
13786 u32 cmd;
13787
13788 if (WARN_ON(len < 2))
13789 return;
13790
13791 if (ieee80211_is_deauth(mgmt->frame_control))
13792 cmd = NL80211_CMD_UNPROT_DEAUTHENTICATE;
13793 else
13794 cmd = NL80211_CMD_UNPROT_DISASSOCIATE;
13795
13796 trace_cfg80211_rx_unprot_mlme_mgmt(dev, buf, len);
13797 nl80211_send_mlme_event(rdev, dev, buf, len, cmd, GFP_ATOMIC, -1);
13798}
13799EXPORT_SYMBOL(cfg80211_rx_unprot_mlme_mgmt);
13800
13801static void nl80211_send_mlme_timeout(struct cfg80211_registered_device *rdev,
13802 struct net_device *netdev, int cmd,
13803 const u8 *addr, gfp_t gfp)
13804{
13805 struct sk_buff *msg;
13806 void *hdr;
13807
13808 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
13809 if (!msg)
13810 return;
13811
13812 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
13813 if (!hdr) {
13814 nlmsg_free(msg);
13815 return;
13816 }
13817
13818 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
13819 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
13820 nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) ||
13821 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
13822 goto nla_put_failure;
13823
13824 genlmsg_end(msg, hdr);
13825
13826 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
13827 NL80211_MCGRP_MLME, gfp);
13828 return;
13829
13830 nla_put_failure:
13831 genlmsg_cancel(msg, hdr);
13832 nlmsg_free(msg);
13833}
13834
13835void nl80211_send_auth_timeout(struct cfg80211_registered_device *rdev,
13836 struct net_device *netdev, const u8 *addr,
13837 gfp_t gfp)
13838{
13839 nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_AUTHENTICATE,
13840 addr, gfp);
13841}
13842
13843void nl80211_send_assoc_timeout(struct cfg80211_registered_device *rdev,
13844 struct net_device *netdev, const u8 *addr,
13845 gfp_t gfp)
13846{
13847 nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_ASSOCIATE,
13848 addr, gfp);
13849}
13850
13851void nl80211_send_connect_result(struct cfg80211_registered_device *rdev,
13852 struct net_device *netdev,
13853 struct cfg80211_connect_resp_params *cr,
13854 gfp_t gfp)
13855{
13856 struct sk_buff *msg;
13857 void *hdr;
13858
13859 msg = nlmsg_new(100 + cr->req_ie_len + cr->resp_ie_len +
13860 cr->fils_kek_len + cr->pmk_len +
13861 (cr->pmkid ? WLAN_PMKID_LEN : 0), gfp);
13862 if (!msg)
13863 return;
13864
13865 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONNECT);
13866 if (!hdr) {
13867 nlmsg_free(msg);
13868 return;
13869 }
13870
13871 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
13872 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
13873 (cr->bssid &&
13874 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, cr->bssid)) ||
13875 nla_put_u16(msg, NL80211_ATTR_STATUS_CODE,
13876 cr->status < 0 ? WLAN_STATUS_UNSPECIFIED_FAILURE :
13877 cr->status) ||
13878 (cr->status < 0 &&
13879 (nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) ||
13880 nla_put_u32(msg, NL80211_ATTR_TIMEOUT_REASON,
13881 cr->timeout_reason))) ||
13882 (cr->req_ie &&
13883 nla_put(msg, NL80211_ATTR_REQ_IE, cr->req_ie_len, cr->req_ie)) ||
13884 (cr->resp_ie &&
13885 nla_put(msg, NL80211_ATTR_RESP_IE, cr->resp_ie_len,
13886 cr->resp_ie)) ||
13887 (cr->update_erp_next_seq_num &&
13888 nla_put_u16(msg, NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM,
13889 cr->fils_erp_next_seq_num)) ||
13890 (cr->status == WLAN_STATUS_SUCCESS &&
13891 ((cr->fils_kek &&
13892 nla_put(msg, NL80211_ATTR_FILS_KEK, cr->fils_kek_len,
13893 cr->fils_kek)) ||
13894 (cr->pmk &&
13895 nla_put(msg, NL80211_ATTR_PMK, cr->pmk_len, cr->pmk)) ||
13896 (cr->pmkid &&
13897 nla_put(msg, NL80211_ATTR_PMKID, WLAN_PMKID_LEN, cr->pmkid)))))
13898 goto nla_put_failure;
13899
13900 genlmsg_end(msg, hdr);
13901
13902 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
13903 NL80211_MCGRP_MLME, gfp);
13904 return;
13905
13906 nla_put_failure:
13907 genlmsg_cancel(msg, hdr);
13908 nlmsg_free(msg);
13909}
13910
13911void nl80211_send_roamed(struct cfg80211_registered_device *rdev,
13912 struct net_device *netdev,
13913 struct cfg80211_roam_info *info, gfp_t gfp)
13914{
13915 struct sk_buff *msg;
13916 void *hdr;
13917 const u8 *bssid = info->bss ? info->bss->bssid : info->bssid;
13918
13919 msg = nlmsg_new(100 + info->req_ie_len + info->resp_ie_len, gfp);
13920 if (!msg)
13921 return;
13922
13923 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ROAM);
13924 if (!hdr) {
13925 nlmsg_free(msg);
13926 return;
13927 }
13928
13929 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
13930 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
13931 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid) ||
13932 (info->req_ie &&
13933 nla_put(msg, NL80211_ATTR_REQ_IE, info->req_ie_len,
13934 info->req_ie)) ||
13935 (info->resp_ie &&
13936 nla_put(msg, NL80211_ATTR_RESP_IE, info->resp_ie_len,
13937 info->resp_ie)) ||
13938 (info->authorized &&
13939 nla_put_flag(msg, NL80211_ATTR_PORT_AUTHORIZED)))
13940 goto nla_put_failure;
13941
13942 genlmsg_end(msg, hdr);
13943
13944 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
13945 NL80211_MCGRP_MLME, gfp);
13946 return;
13947
13948 nla_put_failure:
13949 genlmsg_cancel(msg, hdr);
13950 nlmsg_free(msg);
13951}
13952
13953void nl80211_send_disconnected(struct cfg80211_registered_device *rdev,
13954 struct net_device *netdev, u16 reason,
13955 const u8 *ie, size_t ie_len, bool from_ap)
13956{
13957 struct sk_buff *msg;
13958 void *hdr;
13959
13960 msg = nlmsg_new(100 + ie_len, GFP_KERNEL);
13961 if (!msg)
13962 return;
13963
13964 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DISCONNECT);
13965 if (!hdr) {
13966 nlmsg_free(msg);
13967 return;
13968 }
13969
13970 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
13971 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
13972 (from_ap && reason &&
13973 nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason)) ||
13974 (from_ap &&
13975 nla_put_flag(msg, NL80211_ATTR_DISCONNECTED_BY_AP)) ||
13976 (ie && nla_put(msg, NL80211_ATTR_IE, ie_len, ie)))
13977 goto nla_put_failure;
13978
13979 genlmsg_end(msg, hdr);
13980
13981 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
13982 NL80211_MCGRP_MLME, GFP_KERNEL);
13983 return;
13984
13985 nla_put_failure:
13986 genlmsg_cancel(msg, hdr);
13987 nlmsg_free(msg);
13988}
13989
13990void nl80211_send_ibss_bssid(struct cfg80211_registered_device *rdev,
13991 struct net_device *netdev, const u8 *bssid,
13992 gfp_t gfp)
13993{
13994 struct sk_buff *msg;
13995 void *hdr;
13996
13997 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
13998 if (!msg)
13999 return;
14000
14001 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_JOIN_IBSS);
14002 if (!hdr) {
14003 nlmsg_free(msg);
14004 return;
14005 }
14006
14007 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14008 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
14009 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
14010 goto nla_put_failure;
14011
14012 genlmsg_end(msg, hdr);
14013
14014 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14015 NL80211_MCGRP_MLME, gfp);
14016 return;
14017
14018 nla_put_failure:
14019 genlmsg_cancel(msg, hdr);
14020 nlmsg_free(msg);
14021}
14022
14023void cfg80211_notify_new_peer_candidate(struct net_device *dev, const u8 *addr,
14024 const u8* ie, u8 ie_len, gfp_t gfp)
14025{
14026 struct wireless_dev *wdev = dev->ieee80211_ptr;
14027 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
14028 struct sk_buff *msg;
14029 void *hdr;
14030
14031 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_MESH_POINT))
14032 return;
14033
14034 trace_cfg80211_notify_new_peer_candidate(dev, addr);
14035
14036 msg = nlmsg_new(100 + ie_len, gfp);
14037 if (!msg)
14038 return;
14039
14040 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NEW_PEER_CANDIDATE);
14041 if (!hdr) {
14042 nlmsg_free(msg);
14043 return;
14044 }
14045
14046 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14047 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
14048 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
14049 (ie_len && ie &&
14050 nla_put(msg, NL80211_ATTR_IE, ie_len , ie)))
14051 goto nla_put_failure;
14052
14053 genlmsg_end(msg, hdr);
14054
14055 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14056 NL80211_MCGRP_MLME, gfp);
14057 return;
14058
14059 nla_put_failure:
14060 genlmsg_cancel(msg, hdr);
14061 nlmsg_free(msg);
14062}
14063EXPORT_SYMBOL(cfg80211_notify_new_peer_candidate);
14064
14065void nl80211_michael_mic_failure(struct cfg80211_registered_device *rdev,
14066 struct net_device *netdev, const u8 *addr,
14067 enum nl80211_key_type key_type, int key_id,
14068 const u8 *tsc, gfp_t gfp)
14069{
14070 struct sk_buff *msg;
14071 void *hdr;
14072
14073 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
14074 if (!msg)
14075 return;
14076
14077 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_MICHAEL_MIC_FAILURE);
14078 if (!hdr) {
14079 nlmsg_free(msg);
14080 return;
14081 }
14082
14083 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14084 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
14085 (addr && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) ||
14086 nla_put_u32(msg, NL80211_ATTR_KEY_TYPE, key_type) ||
14087 (key_id != -1 &&
14088 nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_id)) ||
14089 (tsc && nla_put(msg, NL80211_ATTR_KEY_SEQ, 6, tsc)))
14090 goto nla_put_failure;
14091
14092 genlmsg_end(msg, hdr);
14093
14094 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14095 NL80211_MCGRP_MLME, gfp);
14096 return;
14097
14098 nla_put_failure:
14099 genlmsg_cancel(msg, hdr);
14100 nlmsg_free(msg);
14101}
14102
14103void nl80211_send_beacon_hint_event(struct wiphy *wiphy,
14104 struct ieee80211_channel *channel_before,
14105 struct ieee80211_channel *channel_after)
14106{
14107 struct sk_buff *msg;
14108 void *hdr;
14109 struct nlattr *nl_freq;
14110
14111 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC);
14112 if (!msg)
14113 return;
14114
14115 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_BEACON_HINT);
14116 if (!hdr) {
14117 nlmsg_free(msg);
14118 return;
14119 }
14120
14121 /*
14122 * Since we are applying the beacon hint to a wiphy we know its
14123 * wiphy_idx is valid
14124 */
14125 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
14126 goto nla_put_failure;
14127
14128 /* Before */
14129 nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_BEFORE);
14130 if (!nl_freq)
14131 goto nla_put_failure;
14132 if (nl80211_msg_put_channel(msg, channel_before, false))
14133 goto nla_put_failure;
14134 nla_nest_end(msg, nl_freq);
14135
14136 /* After */
14137 nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_AFTER);
14138 if (!nl_freq)
14139 goto nla_put_failure;
14140 if (nl80211_msg_put_channel(msg, channel_after, false))
14141 goto nla_put_failure;
14142 nla_nest_end(msg, nl_freq);
14143
14144 genlmsg_end(msg, hdr);
14145
14146 rcu_read_lock();
14147 genlmsg_multicast_allns(&nl80211_fam, msg, 0,
14148 NL80211_MCGRP_REGULATORY, GFP_ATOMIC);
14149 rcu_read_unlock();
14150
14151 return;
14152
14153nla_put_failure:
14154 genlmsg_cancel(msg, hdr);
14155 nlmsg_free(msg);
14156}
14157
14158static void nl80211_send_remain_on_chan_event(
14159 int cmd, struct cfg80211_registered_device *rdev,
14160 struct wireless_dev *wdev, u64 cookie,
14161 struct ieee80211_channel *chan,
14162 unsigned int duration, gfp_t gfp)
14163{
14164 struct sk_buff *msg;
14165 void *hdr;
14166
14167 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
14168 if (!msg)
14169 return;
14170
14171 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
14172 if (!hdr) {
14173 nlmsg_free(msg);
14174 return;
14175 }
14176
14177 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14178 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
14179 wdev->netdev->ifindex)) ||
14180 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
14181 NL80211_ATTR_PAD) ||
14182 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, chan->center_freq) ||
14183 nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
14184 NL80211_CHAN_NO_HT) ||
14185 nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
14186 NL80211_ATTR_PAD))
14187 goto nla_put_failure;
14188
14189 if (cmd == NL80211_CMD_REMAIN_ON_CHANNEL &&
14190 nla_put_u32(msg, NL80211_ATTR_DURATION, duration))
14191 goto nla_put_failure;
14192
14193 genlmsg_end(msg, hdr);
14194
14195 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14196 NL80211_MCGRP_MLME, gfp);
14197 return;
14198
14199 nla_put_failure:
14200 genlmsg_cancel(msg, hdr);
14201 nlmsg_free(msg);
14202}
14203
14204void cfg80211_ready_on_channel(struct wireless_dev *wdev, u64 cookie,
14205 struct ieee80211_channel *chan,
14206 unsigned int duration, gfp_t gfp)
14207{
14208 struct wiphy *wiphy = wdev->wiphy;
14209 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
14210
14211 trace_cfg80211_ready_on_channel(wdev, cookie, chan, duration);
14212 nl80211_send_remain_on_chan_event(NL80211_CMD_REMAIN_ON_CHANNEL,
14213 rdev, wdev, cookie, chan,
14214 duration, gfp);
14215}
14216EXPORT_SYMBOL(cfg80211_ready_on_channel);
14217
14218void cfg80211_remain_on_channel_expired(struct wireless_dev *wdev, u64 cookie,
14219 struct ieee80211_channel *chan,
14220 gfp_t gfp)
14221{
14222 struct wiphy *wiphy = wdev->wiphy;
14223 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
14224
14225 trace_cfg80211_ready_on_channel_expired(wdev, cookie, chan);
14226 nl80211_send_remain_on_chan_event(NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
14227 rdev, wdev, cookie, chan, 0, gfp);
14228}
14229EXPORT_SYMBOL(cfg80211_remain_on_channel_expired);
14230
14231void cfg80211_new_sta(struct net_device *dev, const u8 *mac_addr,
14232 struct station_info *sinfo, gfp_t gfp)
14233{
14234 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
14235 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
14236 struct sk_buff *msg;
14237
14238 trace_cfg80211_new_sta(dev, mac_addr, sinfo);
14239
14240 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
14241 if (!msg)
14242 return;
14243
14244 if (nl80211_send_station(msg, NL80211_CMD_NEW_STATION, 0, 0, 0,
14245 rdev, dev, mac_addr, sinfo) < 0) {
14246 nlmsg_free(msg);
14247 return;
14248 }
14249
14250 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14251 NL80211_MCGRP_MLME, gfp);
14252}
14253EXPORT_SYMBOL(cfg80211_new_sta);
14254
14255void cfg80211_del_sta_sinfo(struct net_device *dev, const u8 *mac_addr,
14256 struct station_info *sinfo, gfp_t gfp)
14257{
14258 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
14259 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
14260 struct sk_buff *msg;
14261 struct station_info empty_sinfo = {};
14262
14263 if (!sinfo)
14264 sinfo = &empty_sinfo;
14265
14266 trace_cfg80211_del_sta(dev, mac_addr);
14267
14268 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
14269 if (!msg)
14270 return;
14271
14272 if (nl80211_send_station(msg, NL80211_CMD_DEL_STATION, 0, 0, 0,
14273 rdev, dev, mac_addr, sinfo) < 0) {
14274 nlmsg_free(msg);
14275 return;
14276 }
14277
14278 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14279 NL80211_MCGRP_MLME, gfp);
14280}
14281EXPORT_SYMBOL(cfg80211_del_sta_sinfo);
14282
14283void cfg80211_conn_failed(struct net_device *dev, const u8 *mac_addr,
14284 enum nl80211_connect_failed_reason reason,
14285 gfp_t gfp)
14286{
14287 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
14288 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
14289 struct sk_buff *msg;
14290 void *hdr;
14291
14292 msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
14293 if (!msg)
14294 return;
14295
14296 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONN_FAILED);
14297 if (!hdr) {
14298 nlmsg_free(msg);
14299 return;
14300 }
14301
14302 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
14303 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
14304 nla_put_u32(msg, NL80211_ATTR_CONN_FAILED_REASON, reason))
14305 goto nla_put_failure;
14306
14307 genlmsg_end(msg, hdr);
14308
14309 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14310 NL80211_MCGRP_MLME, gfp);
14311 return;
14312
14313 nla_put_failure:
14314 genlmsg_cancel(msg, hdr);
14315 nlmsg_free(msg);
14316}
14317EXPORT_SYMBOL(cfg80211_conn_failed);
14318
14319static bool __nl80211_unexpected_frame(struct net_device *dev, u8 cmd,
14320 const u8 *addr, gfp_t gfp)
14321{
14322 struct wireless_dev *wdev = dev->ieee80211_ptr;
14323 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
14324 struct sk_buff *msg;
14325 void *hdr;
14326 u32 nlportid = ACCESS_ONCE(wdev->ap_unexpected_nlportid);
14327
14328 if (!nlportid)
14329 return false;
14330
14331 msg = nlmsg_new(100, gfp);
14332 if (!msg)
14333 return true;
14334
14335 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
14336 if (!hdr) {
14337 nlmsg_free(msg);
14338 return true;
14339 }
14340
14341 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14342 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
14343 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
14344 goto nla_put_failure;
14345
14346 genlmsg_end(msg, hdr);
14347 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
14348 return true;
14349
14350 nla_put_failure:
14351 genlmsg_cancel(msg, hdr);
14352 nlmsg_free(msg);
14353 return true;
14354}
14355
14356bool cfg80211_rx_spurious_frame(struct net_device *dev,
14357 const u8 *addr, gfp_t gfp)
14358{
14359 struct wireless_dev *wdev = dev->ieee80211_ptr;
14360 bool ret;
14361
14362 trace_cfg80211_rx_spurious_frame(dev, addr);
14363
14364 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
14365 wdev->iftype != NL80211_IFTYPE_P2P_GO)) {
14366 trace_cfg80211_return_bool(false);
14367 return false;
14368 }
14369 ret = __nl80211_unexpected_frame(dev, NL80211_CMD_UNEXPECTED_FRAME,
14370 addr, gfp);
14371 trace_cfg80211_return_bool(ret);
14372 return ret;
14373}
14374EXPORT_SYMBOL(cfg80211_rx_spurious_frame);
14375
14376bool cfg80211_rx_unexpected_4addr_frame(struct net_device *dev,
14377 const u8 *addr, gfp_t gfp)
14378{
14379 struct wireless_dev *wdev = dev->ieee80211_ptr;
14380 bool ret;
14381
14382 trace_cfg80211_rx_unexpected_4addr_frame(dev, addr);
14383
14384 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
14385 wdev->iftype != NL80211_IFTYPE_P2P_GO &&
14386 wdev->iftype != NL80211_IFTYPE_AP_VLAN)) {
14387 trace_cfg80211_return_bool(false);
14388 return false;
14389 }
14390 ret = __nl80211_unexpected_frame(dev,
14391 NL80211_CMD_UNEXPECTED_4ADDR_FRAME,
14392 addr, gfp);
14393 trace_cfg80211_return_bool(ret);
14394 return ret;
14395}
14396EXPORT_SYMBOL(cfg80211_rx_unexpected_4addr_frame);
14397
14398int nl80211_send_mgmt(struct cfg80211_registered_device *rdev,
14399 struct wireless_dev *wdev, u32 nlportid,
14400 int freq, int sig_dbm,
14401 const u8 *buf, size_t len, u32 flags, gfp_t gfp)
14402{
14403 struct net_device *netdev = wdev->netdev;
14404 struct sk_buff *msg;
14405 void *hdr;
14406
14407 msg = nlmsg_new(100 + len, gfp);
14408 if (!msg)
14409 return -ENOMEM;
14410
14411 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
14412 if (!hdr) {
14413 nlmsg_free(msg);
14414 return -ENOMEM;
14415 }
14416
14417 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14418 (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
14419 netdev->ifindex)) ||
14420 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
14421 NL80211_ATTR_PAD) ||
14422 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq) ||
14423 (sig_dbm &&
14424 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) ||
14425 nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
14426 (flags &&
14427 nla_put_u32(msg, NL80211_ATTR_RXMGMT_FLAGS, flags)))
14428 goto nla_put_failure;
14429
14430 genlmsg_end(msg, hdr);
14431
14432 return genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
14433
14434 nla_put_failure:
14435 genlmsg_cancel(msg, hdr);
14436 nlmsg_free(msg);
14437 return -ENOBUFS;
14438}
14439
14440void cfg80211_mgmt_tx_status(struct wireless_dev *wdev, u64 cookie,
14441 const u8 *buf, size_t len, bool ack, gfp_t gfp)
14442{
14443 struct wiphy *wiphy = wdev->wiphy;
14444 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
14445 struct net_device *netdev = wdev->netdev;
14446 struct sk_buff *msg;
14447 void *hdr;
14448
14449 trace_cfg80211_mgmt_tx_status(wdev, cookie, ack);
14450
14451 msg = nlmsg_new(100 + len, gfp);
14452 if (!msg)
14453 return;
14454
14455 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME_TX_STATUS);
14456 if (!hdr) {
14457 nlmsg_free(msg);
14458 return;
14459 }
14460
14461 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14462 (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
14463 netdev->ifindex)) ||
14464 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
14465 NL80211_ATTR_PAD) ||
14466 nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
14467 nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
14468 NL80211_ATTR_PAD) ||
14469 (ack && nla_put_flag(msg, NL80211_ATTR_ACK)))
14470 goto nla_put_failure;
14471
14472 genlmsg_end(msg, hdr);
14473
14474 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14475 NL80211_MCGRP_MLME, gfp);
14476 return;
14477
14478 nla_put_failure:
14479 genlmsg_cancel(msg, hdr);
14480 nlmsg_free(msg);
14481}
14482EXPORT_SYMBOL(cfg80211_mgmt_tx_status);
14483
14484static struct sk_buff *cfg80211_prepare_cqm(struct net_device *dev,
14485 const char *mac, gfp_t gfp)
14486{
14487 struct wireless_dev *wdev = dev->ieee80211_ptr;
14488 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
14489 struct sk_buff *msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
14490 void **cb;
14491
14492 if (!msg)
14493 return NULL;
14494
14495 cb = (void **)msg->cb;
14496
14497 cb[0] = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM);
14498 if (!cb[0]) {
14499 nlmsg_free(msg);
14500 return NULL;
14501 }
14502
14503 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14504 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
14505 goto nla_put_failure;
14506
14507 if (mac && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac))
14508 goto nla_put_failure;
14509
14510 cb[1] = nla_nest_start(msg, NL80211_ATTR_CQM);
14511 if (!cb[1])
14512 goto nla_put_failure;
14513
14514 cb[2] = rdev;
14515
14516 return msg;
14517 nla_put_failure:
14518 nlmsg_free(msg);
14519 return NULL;
14520}
14521
14522static void cfg80211_send_cqm(struct sk_buff *msg, gfp_t gfp)
14523{
14524 void **cb = (void **)msg->cb;
14525 struct cfg80211_registered_device *rdev = cb[2];
14526
14527 nla_nest_end(msg, cb[1]);
14528 genlmsg_end(msg, cb[0]);
14529
14530 memset(msg->cb, 0, sizeof(msg->cb));
14531
14532 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14533 NL80211_MCGRP_MLME, gfp);
14534}
14535
14536void cfg80211_cqm_rssi_notify(struct net_device *dev,
14537 enum nl80211_cqm_rssi_threshold_event rssi_event,
14538 s32 rssi_level, gfp_t gfp)
14539{
14540 struct sk_buff *msg;
14541 struct wireless_dev *wdev = dev->ieee80211_ptr;
14542 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
14543
14544 trace_cfg80211_cqm_rssi_notify(dev, rssi_event, rssi_level);
14545
14546 if (WARN_ON(rssi_event != NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW &&
14547 rssi_event != NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH))
14548 return;
14549
14550 if (wdev->cqm_config) {
14551 wdev->cqm_config->last_rssi_event_value = rssi_level;
14552
14553 cfg80211_cqm_rssi_update(rdev, dev);
14554
14555 if (rssi_level == 0)
14556 rssi_level = wdev->cqm_config->last_rssi_event_value;
14557 }
14558
14559 msg = cfg80211_prepare_cqm(dev, NULL, gfp);
14560 if (!msg)
14561 return;
14562
14563 if (nla_put_u32(msg, NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT,
14564 rssi_event))
14565 goto nla_put_failure;
14566
14567 if (rssi_level && nla_put_s32(msg, NL80211_ATTR_CQM_RSSI_LEVEL,
14568 rssi_level))
14569 goto nla_put_failure;
14570
14571 cfg80211_send_cqm(msg, gfp);
14572
14573 return;
14574
14575 nla_put_failure:
14576 nlmsg_free(msg);
14577}
14578EXPORT_SYMBOL(cfg80211_cqm_rssi_notify);
14579
14580void cfg80211_cqm_txe_notify(struct net_device *dev,
14581 const u8 *peer, u32 num_packets,
14582 u32 rate, u32 intvl, gfp_t gfp)
14583{
14584 struct sk_buff *msg;
14585
14586 msg = cfg80211_prepare_cqm(dev, peer, gfp);
14587 if (!msg)
14588 return;
14589
14590 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_PKTS, num_packets))
14591 goto nla_put_failure;
14592
14593 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_RATE, rate))
14594 goto nla_put_failure;
14595
14596 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_INTVL, intvl))
14597 goto nla_put_failure;
14598
14599 cfg80211_send_cqm(msg, gfp);
14600 return;
14601
14602 nla_put_failure:
14603 nlmsg_free(msg);
14604}
14605EXPORT_SYMBOL(cfg80211_cqm_txe_notify);
14606
14607void cfg80211_cqm_pktloss_notify(struct net_device *dev,
14608 const u8 *peer, u32 num_packets, gfp_t gfp)
14609{
14610 struct sk_buff *msg;
14611
14612 trace_cfg80211_cqm_pktloss_notify(dev, peer, num_packets);
14613
14614 msg = cfg80211_prepare_cqm(dev, peer, gfp);
14615 if (!msg)
14616 return;
14617
14618 if (nla_put_u32(msg, NL80211_ATTR_CQM_PKT_LOSS_EVENT, num_packets))
14619 goto nla_put_failure;
14620
14621 cfg80211_send_cqm(msg, gfp);
14622 return;
14623
14624 nla_put_failure:
14625 nlmsg_free(msg);
14626}
14627EXPORT_SYMBOL(cfg80211_cqm_pktloss_notify);
14628
14629void cfg80211_cqm_beacon_loss_notify(struct net_device *dev, gfp_t gfp)
14630{
14631 struct sk_buff *msg;
14632
14633 msg = cfg80211_prepare_cqm(dev, NULL, gfp);
14634 if (!msg)
14635 return;
14636
14637 if (nla_put_flag(msg, NL80211_ATTR_CQM_BEACON_LOSS_EVENT))
14638 goto nla_put_failure;
14639
14640 cfg80211_send_cqm(msg, gfp);
14641 return;
14642
14643 nla_put_failure:
14644 nlmsg_free(msg);
14645}
14646EXPORT_SYMBOL(cfg80211_cqm_beacon_loss_notify);
14647
14648static void nl80211_gtk_rekey_notify(struct cfg80211_registered_device *rdev,
14649 struct net_device *netdev, const u8 *bssid,
14650 const u8 *replay_ctr, gfp_t gfp)
14651{
14652 struct sk_buff *msg;
14653 struct nlattr *rekey_attr;
14654 void *hdr;
14655
14656 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
14657 if (!msg)
14658 return;
14659
14660 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_REKEY_OFFLOAD);
14661 if (!hdr) {
14662 nlmsg_free(msg);
14663 return;
14664 }
14665
14666 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14667 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
14668 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
14669 goto nla_put_failure;
14670
14671 rekey_attr = nla_nest_start(msg, NL80211_ATTR_REKEY_DATA);
14672 if (!rekey_attr)
14673 goto nla_put_failure;
14674
14675 if (nla_put(msg, NL80211_REKEY_DATA_REPLAY_CTR,
14676 NL80211_REPLAY_CTR_LEN, replay_ctr))
14677 goto nla_put_failure;
14678
14679 nla_nest_end(msg, rekey_attr);
14680
14681 genlmsg_end(msg, hdr);
14682
14683 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14684 NL80211_MCGRP_MLME, gfp);
14685 return;
14686
14687 nla_put_failure:
14688 genlmsg_cancel(msg, hdr);
14689 nlmsg_free(msg);
14690}
14691
14692void cfg80211_gtk_rekey_notify(struct net_device *dev, const u8 *bssid,
14693 const u8 *replay_ctr, gfp_t gfp)
14694{
14695 struct wireless_dev *wdev = dev->ieee80211_ptr;
14696 struct wiphy *wiphy = wdev->wiphy;
14697 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
14698
14699 trace_cfg80211_gtk_rekey_notify(dev, bssid);
14700 nl80211_gtk_rekey_notify(rdev, dev, bssid, replay_ctr, gfp);
14701}
14702EXPORT_SYMBOL(cfg80211_gtk_rekey_notify);
14703
14704static void
14705nl80211_pmksa_candidate_notify(struct cfg80211_registered_device *rdev,
14706 struct net_device *netdev, int index,
14707 const u8 *bssid, bool preauth, gfp_t gfp)
14708{
14709 struct sk_buff *msg;
14710 struct nlattr *attr;
14711 void *hdr;
14712
14713 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
14714 if (!msg)
14715 return;
14716
14717 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PMKSA_CANDIDATE);
14718 if (!hdr) {
14719 nlmsg_free(msg);
14720 return;
14721 }
14722
14723 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14724 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
14725 goto nla_put_failure;
14726
14727 attr = nla_nest_start(msg, NL80211_ATTR_PMKSA_CANDIDATE);
14728 if (!attr)
14729 goto nla_put_failure;
14730
14731 if (nla_put_u32(msg, NL80211_PMKSA_CANDIDATE_INDEX, index) ||
14732 nla_put(msg, NL80211_PMKSA_CANDIDATE_BSSID, ETH_ALEN, bssid) ||
14733 (preauth &&
14734 nla_put_flag(msg, NL80211_PMKSA_CANDIDATE_PREAUTH)))
14735 goto nla_put_failure;
14736
14737 nla_nest_end(msg, attr);
14738
14739 genlmsg_end(msg, hdr);
14740
14741 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14742 NL80211_MCGRP_MLME, gfp);
14743 return;
14744
14745 nla_put_failure:
14746 genlmsg_cancel(msg, hdr);
14747 nlmsg_free(msg);
14748}
14749
14750void cfg80211_pmksa_candidate_notify(struct net_device *dev, int index,
14751 const u8 *bssid, bool preauth, gfp_t gfp)
14752{
14753 struct wireless_dev *wdev = dev->ieee80211_ptr;
14754 struct wiphy *wiphy = wdev->wiphy;
14755 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
14756
14757 trace_cfg80211_pmksa_candidate_notify(dev, index, bssid, preauth);
14758 nl80211_pmksa_candidate_notify(rdev, dev, index, bssid, preauth, gfp);
14759}
14760EXPORT_SYMBOL(cfg80211_pmksa_candidate_notify);
14761
14762static void nl80211_ch_switch_notify(struct cfg80211_registered_device *rdev,
14763 struct net_device *netdev,
14764 struct cfg80211_chan_def *chandef,
14765 gfp_t gfp,
14766 enum nl80211_commands notif,
14767 u8 count)
14768{
14769 struct sk_buff *msg;
14770 void *hdr;
14771
14772 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
14773 if (!msg)
14774 return;
14775
14776 hdr = nl80211hdr_put(msg, 0, 0, 0, notif);
14777 if (!hdr) {
14778 nlmsg_free(msg);
14779 return;
14780 }
14781
14782 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
14783 goto nla_put_failure;
14784
14785 if (nl80211_send_chandef(msg, chandef))
14786 goto nla_put_failure;
14787
14788 if ((notif == NL80211_CMD_CH_SWITCH_STARTED_NOTIFY) &&
14789 (nla_put_u32(msg, NL80211_ATTR_CH_SWITCH_COUNT, count)))
14790 goto nla_put_failure;
14791
14792 genlmsg_end(msg, hdr);
14793
14794 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14795 NL80211_MCGRP_MLME, gfp);
14796 return;
14797
14798 nla_put_failure:
14799 genlmsg_cancel(msg, hdr);
14800 nlmsg_free(msg);
14801}
14802
14803void cfg80211_ch_switch_notify(struct net_device *dev,
14804 struct cfg80211_chan_def *chandef)
14805{
14806 struct wireless_dev *wdev = dev->ieee80211_ptr;
14807 struct wiphy *wiphy = wdev->wiphy;
14808 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
14809
14810 ASSERT_WDEV_LOCK(wdev);
14811
14812 trace_cfg80211_ch_switch_notify(dev, chandef);
14813
14814 wdev->chandef = *chandef;
14815 wdev->preset_chandef = *chandef;
14816
14817 if (wdev->iftype == NL80211_IFTYPE_STATION &&
14818 !WARN_ON(!wdev->current_bss))
14819 wdev->current_bss->pub.channel = chandef->chan;
14820
14821 nl80211_ch_switch_notify(rdev, dev, chandef, GFP_KERNEL,
14822 NL80211_CMD_CH_SWITCH_NOTIFY, 0);
14823}
14824EXPORT_SYMBOL(cfg80211_ch_switch_notify);
14825
14826void cfg80211_ch_switch_started_notify(struct net_device *dev,
14827 struct cfg80211_chan_def *chandef,
14828 u8 count)
14829{
14830 struct wireless_dev *wdev = dev->ieee80211_ptr;
14831 struct wiphy *wiphy = wdev->wiphy;
14832 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
14833
14834 trace_cfg80211_ch_switch_started_notify(dev, chandef);
14835
14836 nl80211_ch_switch_notify(rdev, dev, chandef, GFP_KERNEL,
14837 NL80211_CMD_CH_SWITCH_STARTED_NOTIFY, count);
14838}
14839EXPORT_SYMBOL(cfg80211_ch_switch_started_notify);
14840
14841void
14842nl80211_radar_notify(struct cfg80211_registered_device *rdev,
14843 const struct cfg80211_chan_def *chandef,
14844 enum nl80211_radar_event event,
14845 struct net_device *netdev, gfp_t gfp)
14846{
14847 struct sk_buff *msg;
14848 void *hdr;
14849
14850 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
14851 if (!msg)
14852 return;
14853
14854 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_RADAR_DETECT);
14855 if (!hdr) {
14856 nlmsg_free(msg);
14857 return;
14858 }
14859
14860 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
14861 goto nla_put_failure;
14862
14863 /* NOP and radar events don't need a netdev parameter */
14864 if (netdev) {
14865 struct wireless_dev *wdev = netdev->ieee80211_ptr;
14866
14867 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
14868 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
14869 NL80211_ATTR_PAD))
14870 goto nla_put_failure;
14871 }
14872
14873 if (nla_put_u32(msg, NL80211_ATTR_RADAR_EVENT, event))
14874 goto nla_put_failure;
14875
14876 if (nl80211_send_chandef(msg, chandef))
14877 goto nla_put_failure;
14878
14879 genlmsg_end(msg, hdr);
14880
14881 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14882 NL80211_MCGRP_MLME, gfp);
14883 return;
14884
14885 nla_put_failure:
14886 genlmsg_cancel(msg, hdr);
14887 nlmsg_free(msg);
14888}
14889
14890void cfg80211_probe_status(struct net_device *dev, const u8 *addr,
14891 u64 cookie, bool acked, gfp_t gfp)
14892{
14893 struct wireless_dev *wdev = dev->ieee80211_ptr;
14894 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
14895 struct sk_buff *msg;
14896 void *hdr;
14897
14898 trace_cfg80211_probe_status(dev, addr, cookie, acked);
14899
14900 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
14901
14902 if (!msg)
14903 return;
14904
14905 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PROBE_CLIENT);
14906 if (!hdr) {
14907 nlmsg_free(msg);
14908 return;
14909 }
14910
14911 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14912 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
14913 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
14914 nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
14915 NL80211_ATTR_PAD) ||
14916 (acked && nla_put_flag(msg, NL80211_ATTR_ACK)))
14917 goto nla_put_failure;
14918
14919 genlmsg_end(msg, hdr);
14920
14921 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14922 NL80211_MCGRP_MLME, gfp);
14923 return;
14924
14925 nla_put_failure:
14926 genlmsg_cancel(msg, hdr);
14927 nlmsg_free(msg);
14928}
14929EXPORT_SYMBOL(cfg80211_probe_status);
14930
14931void cfg80211_report_obss_beacon(struct wiphy *wiphy,
14932 const u8 *frame, size_t len,
14933 int freq, int sig_dbm)
14934{
14935 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
14936 struct sk_buff *msg;
14937 void *hdr;
14938 struct cfg80211_beacon_registration *reg;
14939
14940 trace_cfg80211_report_obss_beacon(wiphy, frame, len, freq, sig_dbm);
14941
14942 spin_lock_bh(&rdev->beacon_registrations_lock);
14943 list_for_each_entry(reg, &rdev->beacon_registrations, list) {
14944 msg = nlmsg_new(len + 100, GFP_ATOMIC);
14945 if (!msg) {
14946 spin_unlock_bh(&rdev->beacon_registrations_lock);
14947 return;
14948 }
14949
14950 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
14951 if (!hdr)
14952 goto nla_put_failure;
14953
14954 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14955 (freq &&
14956 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq)) ||
14957 (sig_dbm &&
14958 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) ||
14959 nla_put(msg, NL80211_ATTR_FRAME, len, frame))
14960 goto nla_put_failure;
14961
14962 genlmsg_end(msg, hdr);
14963
14964 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, reg->nlportid);
14965 }
14966 spin_unlock_bh(&rdev->beacon_registrations_lock);
14967 return;
14968
14969 nla_put_failure:
14970 spin_unlock_bh(&rdev->beacon_registrations_lock);
14971 if (hdr)
14972 genlmsg_cancel(msg, hdr);
14973 nlmsg_free(msg);
14974}
14975EXPORT_SYMBOL(cfg80211_report_obss_beacon);
14976
14977#ifdef CONFIG_PM
14978static int cfg80211_net_detect_results(struct sk_buff *msg,
14979 struct cfg80211_wowlan_wakeup *wakeup)
14980{
14981 struct cfg80211_wowlan_nd_info *nd = wakeup->net_detect;
14982 struct nlattr *nl_results, *nl_match, *nl_freqs;
14983 int i, j;
14984
14985 nl_results = nla_nest_start(
14986 msg, NL80211_WOWLAN_TRIG_NET_DETECT_RESULTS);
14987 if (!nl_results)
14988 return -EMSGSIZE;
14989
14990 for (i = 0; i < nd->n_matches; i++) {
14991 struct cfg80211_wowlan_nd_match *match = nd->matches[i];
14992
14993 nl_match = nla_nest_start(msg, i);
14994 if (!nl_match)
14995 break;
14996
14997 /* The SSID attribute is optional in nl80211, but for
14998 * simplicity reasons it's always present in the
14999 * cfg80211 structure. If a driver can't pass the
15000 * SSID, that needs to be changed. A zero length SSID
15001 * is still a valid SSID (wildcard), so it cannot be
15002 * used for this purpose.
15003 */
15004 if (nla_put(msg, NL80211_ATTR_SSID, match->ssid.ssid_len,
15005 match->ssid.ssid)) {
15006 nla_nest_cancel(msg, nl_match);
15007 goto out;
15008 }
15009
15010 if (match->n_channels) {
15011 nl_freqs = nla_nest_start(
15012 msg, NL80211_ATTR_SCAN_FREQUENCIES);
15013 if (!nl_freqs) {
15014 nla_nest_cancel(msg, nl_match);
15015 goto out;
15016 }
15017
15018 for (j = 0; j < match->n_channels; j++) {
15019 if (nla_put_u32(msg, j, match->channels[j])) {
15020 nla_nest_cancel(msg, nl_freqs);
15021 nla_nest_cancel(msg, nl_match);
15022 goto out;
15023 }
15024 }
15025
15026 nla_nest_end(msg, nl_freqs);
15027 }
15028
15029 nla_nest_end(msg, nl_match);
15030 }
15031
15032out:
15033 nla_nest_end(msg, nl_results);
15034 return 0;
15035}
15036
15037void cfg80211_report_wowlan_wakeup(struct wireless_dev *wdev,
15038 struct cfg80211_wowlan_wakeup *wakeup,
15039 gfp_t gfp)
15040{
15041 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
15042 struct sk_buff *msg;
15043 void *hdr;
15044 int size = 200;
15045
15046 trace_cfg80211_report_wowlan_wakeup(wdev->wiphy, wdev, wakeup);
15047
15048 if (wakeup)
15049 size += wakeup->packet_present_len;
15050
15051 msg = nlmsg_new(size, gfp);
15052 if (!msg)
15053 return;
15054
15055 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_WOWLAN);
15056 if (!hdr)
15057 goto free_msg;
15058
15059 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15060 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
15061 NL80211_ATTR_PAD))
15062 goto free_msg;
15063
15064 if (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
15065 wdev->netdev->ifindex))
15066 goto free_msg;
15067
15068 if (wakeup) {
15069 struct nlattr *reasons;
15070
15071 reasons = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS);
15072 if (!reasons)
15073 goto free_msg;
15074
15075 if (wakeup->disconnect &&
15076 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT))
15077 goto free_msg;
15078 if (wakeup->magic_pkt &&
15079 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT))
15080 goto free_msg;
15081 if (wakeup->gtk_rekey_failure &&
15082 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE))
15083 goto free_msg;
15084 if (wakeup->eap_identity_req &&
15085 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST))
15086 goto free_msg;
15087 if (wakeup->four_way_handshake &&
15088 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE))
15089 goto free_msg;
15090 if (wakeup->rfkill_release &&
15091 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE))
15092 goto free_msg;
15093
15094 if (wakeup->pattern_idx >= 0 &&
15095 nla_put_u32(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
15096 wakeup->pattern_idx))
15097 goto free_msg;
15098
15099 if (wakeup->tcp_match &&
15100 nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_MATCH))
15101 goto free_msg;
15102
15103 if (wakeup->tcp_connlost &&
15104 nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_CONNLOST))
15105 goto free_msg;
15106
15107 if (wakeup->tcp_nomoretokens &&
15108 nla_put_flag(msg,
15109 NL80211_WOWLAN_TRIG_WAKEUP_TCP_NOMORETOKENS))
15110 goto free_msg;
15111
15112 if (wakeup->packet) {
15113 u32 pkt_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211;
15114 u32 len_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211_LEN;
15115
15116 if (!wakeup->packet_80211) {
15117 pkt_attr =
15118 NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023;
15119 len_attr =
15120 NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023_LEN;
15121 }
15122
15123 if (wakeup->packet_len &&
15124 nla_put_u32(msg, len_attr, wakeup->packet_len))
15125 goto free_msg;
15126
15127 if (nla_put(msg, pkt_attr, wakeup->packet_present_len,
15128 wakeup->packet))
15129 goto free_msg;
15130 }
15131
15132 if (wakeup->net_detect &&
15133 cfg80211_net_detect_results(msg, wakeup))
15134 goto free_msg;
15135
15136 nla_nest_end(msg, reasons);
15137 }
15138
15139 genlmsg_end(msg, hdr);
15140
15141 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15142 NL80211_MCGRP_MLME, gfp);
15143 return;
15144
15145 free_msg:
15146 nlmsg_free(msg);
15147}
15148EXPORT_SYMBOL(cfg80211_report_wowlan_wakeup);
15149#endif
15150
15151void cfg80211_tdls_oper_request(struct net_device *dev, const u8 *peer,
15152 enum nl80211_tdls_operation oper,
15153 u16 reason_code, gfp_t gfp)
15154{
15155 struct wireless_dev *wdev = dev->ieee80211_ptr;
15156 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
15157 struct sk_buff *msg;
15158 void *hdr;
15159
15160 trace_cfg80211_tdls_oper_request(wdev->wiphy, dev, peer, oper,
15161 reason_code);
15162
15163 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
15164 if (!msg)
15165 return;
15166
15167 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_TDLS_OPER);
15168 if (!hdr) {
15169 nlmsg_free(msg);
15170 return;
15171 }
15172
15173 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15174 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
15175 nla_put_u8(msg, NL80211_ATTR_TDLS_OPERATION, oper) ||
15176 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer) ||
15177 (reason_code > 0 &&
15178 nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason_code)))
15179 goto nla_put_failure;
15180
15181 genlmsg_end(msg, hdr);
15182
15183 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15184 NL80211_MCGRP_MLME, gfp);
15185 return;
15186
15187 nla_put_failure:
15188 genlmsg_cancel(msg, hdr);
15189 nlmsg_free(msg);
15190}
15191EXPORT_SYMBOL(cfg80211_tdls_oper_request);
15192
15193static int nl80211_netlink_notify(struct notifier_block * nb,
15194 unsigned long state,
15195 void *_notify)
15196{
15197 struct netlink_notify *notify = _notify;
15198 struct cfg80211_registered_device *rdev;
15199 struct wireless_dev *wdev;
15200 struct cfg80211_beacon_registration *reg, *tmp;
15201
15202 if (state != NETLINK_URELEASE || notify->protocol != NETLINK_GENERIC)
15203 return NOTIFY_DONE;
15204
15205 rcu_read_lock();
15206
15207 list_for_each_entry_rcu(rdev, &cfg80211_rdev_list, list) {
15208 struct cfg80211_sched_scan_request *sched_scan_req;
15209
15210 list_for_each_entry_rcu(sched_scan_req,
15211 &rdev->sched_scan_req_list,
15212 list) {
15213 if (sched_scan_req->owner_nlportid == notify->portid) {
15214 sched_scan_req->nl_owner_dead = true;
15215 schedule_work(&rdev->sched_scan_stop_wk);
15216 }
15217 }
15218
15219 list_for_each_entry_rcu(wdev, &rdev->wiphy.wdev_list, list) {
15220 cfg80211_mlme_unregister_socket(wdev, notify->portid);
15221
15222 if (wdev->owner_nlportid == notify->portid) {
15223 wdev->nl_owner_dead = true;
15224 schedule_work(&rdev->destroy_work);
15225 } else if (wdev->conn_owner_nlportid == notify->portid) {
15226 schedule_work(&wdev->disconnect_wk);
15227 }
15228 }
15229
15230 spin_lock_bh(&rdev->beacon_registrations_lock);
15231 list_for_each_entry_safe(reg, tmp, &rdev->beacon_registrations,
15232 list) {
15233 if (reg->nlportid == notify->portid) {
15234 list_del(&reg->list);
15235 kfree(reg);
15236 break;
15237 }
15238 }
15239 spin_unlock_bh(&rdev->beacon_registrations_lock);
15240 }
15241
15242 rcu_read_unlock();
15243
15244 /*
15245 * It is possible that the user space process that is controlling the
15246 * indoor setting disappeared, so notify the regulatory core.
15247 */
15248 regulatory_netlink_notify(notify->portid);
15249 return NOTIFY_OK;
15250}
15251
15252static struct notifier_block nl80211_netlink_notifier = {
15253 .notifier_call = nl80211_netlink_notify,
15254};
15255
15256void cfg80211_ft_event(struct net_device *netdev,
15257 struct cfg80211_ft_event_params *ft_event)
15258{
15259 struct wiphy *wiphy = netdev->ieee80211_ptr->wiphy;
15260 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15261 struct sk_buff *msg;
15262 void *hdr;
15263
15264 trace_cfg80211_ft_event(wiphy, netdev, ft_event);
15265
15266 if (!ft_event->target_ap)
15267 return;
15268
15269 msg = nlmsg_new(100 + ft_event->ric_ies_len, GFP_KERNEL);
15270 if (!msg)
15271 return;
15272
15273 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FT_EVENT);
15274 if (!hdr)
15275 goto out;
15276
15277 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15278 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
15279 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, ft_event->target_ap))
15280 goto out;
15281
15282 if (ft_event->ies &&
15283 nla_put(msg, NL80211_ATTR_IE, ft_event->ies_len, ft_event->ies))
15284 goto out;
15285 if (ft_event->ric_ies &&
15286 nla_put(msg, NL80211_ATTR_IE_RIC, ft_event->ric_ies_len,
15287 ft_event->ric_ies))
15288 goto out;
15289
15290 genlmsg_end(msg, hdr);
15291
15292 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15293 NL80211_MCGRP_MLME, GFP_KERNEL);
15294 return;
15295 out:
15296 nlmsg_free(msg);
15297}
15298EXPORT_SYMBOL(cfg80211_ft_event);
15299
15300void cfg80211_crit_proto_stopped(struct wireless_dev *wdev, gfp_t gfp)
15301{
15302 struct cfg80211_registered_device *rdev;
15303 struct sk_buff *msg;
15304 void *hdr;
15305 u32 nlportid;
15306
15307 rdev = wiphy_to_rdev(wdev->wiphy);
15308 if (!rdev->crit_proto_nlportid)
15309 return;
15310
15311 nlportid = rdev->crit_proto_nlportid;
15312 rdev->crit_proto_nlportid = 0;
15313
15314 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
15315 if (!msg)
15316 return;
15317
15318 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CRIT_PROTOCOL_STOP);
15319 if (!hdr)
15320 goto nla_put_failure;
15321
15322 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15323 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
15324 NL80211_ATTR_PAD))
15325 goto nla_put_failure;
15326
15327 genlmsg_end(msg, hdr);
15328
15329 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
15330 return;
15331
15332 nla_put_failure:
15333 if (hdr)
15334 genlmsg_cancel(msg, hdr);
15335 nlmsg_free(msg);
15336}
15337EXPORT_SYMBOL(cfg80211_crit_proto_stopped);
15338
15339void nl80211_send_ap_stopped(struct wireless_dev *wdev)
15340{
15341 struct wiphy *wiphy = wdev->wiphy;
15342 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15343 struct sk_buff *msg;
15344 void *hdr;
15345
15346 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
15347 if (!msg)
15348 return;
15349
15350 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_STOP_AP);
15351 if (!hdr)
15352 goto out;
15353
15354 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15355 nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex) ||
15356 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
15357 NL80211_ATTR_PAD))
15358 goto out;
15359
15360 genlmsg_end(msg, hdr);
15361
15362 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(wiphy), msg, 0,
15363 NL80211_MCGRP_MLME, GFP_KERNEL);
15364 return;
15365 out:
15366 nlmsg_free(msg);
15367}
15368
15369int cfg80211_external_auth_request(struct net_device *dev,
15370 struct cfg80211_external_auth_params *params,
15371 gfp_t gfp)
15372{
15373 struct wireless_dev *wdev = dev->ieee80211_ptr;
15374 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
15375 struct sk_buff *msg;
15376 void *hdr;
15377
15378 if (!wdev->conn_owner_nlportid)
15379 return -EINVAL;
15380
15381 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
15382 if (!msg)
15383 return -ENOMEM;
15384
15385 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_EXTERNAL_AUTH);
15386 if (!hdr)
15387 goto nla_put_failure;
15388
15389 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15390 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
15391 nla_put_u32(msg, NL80211_ATTR_AKM_SUITES, params->key_mgmt_suite) ||
15392 nla_put_u32(msg, NL80211_ATTR_EXTERNAL_AUTH_ACTION,
15393 params->action) ||
15394 nla_put(msg, NL80211_ATTR_BSSID, ETH_ALEN, params->bssid) ||
15395 nla_put(msg, NL80211_ATTR_SSID, params->ssid.ssid_len,
15396 params->ssid.ssid))
15397 goto nla_put_failure;
15398
15399 genlmsg_end(msg, hdr);
15400 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg,
15401 wdev->conn_owner_nlportid);
15402 return 0;
15403
15404 nla_put_failure:
15405 nlmsg_free(msg);
15406 return -ENOBUFS;
15407}
15408EXPORT_SYMBOL(cfg80211_external_auth_request);
15409
15410/* initialisation/exit functions */
15411
15412int __init nl80211_init(void)
15413{
15414 int err;
15415
15416 err = genl_register_family(&nl80211_fam);
15417 if (err)
15418 return err;
15419
15420 err = netlink_register_notifier(&nl80211_netlink_notifier);
15421 if (err)
15422 goto err_out;
15423
15424 return 0;
15425 err_out:
15426 genl_unregister_family(&nl80211_fam);
15427 return err;
15428}
15429
15430void nl80211_exit(void)
15431{
15432 netlink_unregister_notifier(&nl80211_netlink_notifier);
15433 genl_unregister_family(&nl80211_fam);
15434}