search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
printf: Remove unused 'bprintf'
[drm/drm-misc.git] / net / wireless / nl80211.c
blob9d2edb71f981dc968ad02670164348c3564729cd
1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * This is the new netlink-based wireless configuration interface.
4 *
5 * Copyright 2006-2010 Johannes Berg <johannes@sipsolutions.net>
6 * Copyright 2013-2014 Intel Mobile Communications GmbH
7 * Copyright 2015-2017 Intel Deutschland GmbH
8 * Copyright (C) 2018-2024 Intel Corporation
9 */
10
11 #include <linux/if.h>
12 #include <linux/module.h>
13 #include <linux/err.h>
14 #include <linux/slab.h>
15 #include <linux/list.h>
16 #include <linux/if_ether.h>
17 #include <linux/ieee80211.h>
18 #include <linux/nl80211.h>
19 #include <linux/rtnetlink.h>
20 #include <linux/netlink.h>
21 #include <linux/nospec.h>
22 #include <linux/etherdevice.h>
23 #include <linux/if_vlan.h>
24 #include <net/net_namespace.h>
25 #include <net/genetlink.h>
26 #include <net/cfg80211.h>
27 #include <net/sock.h>
28 #include <net/inet_connection_sock.h>
29 #include "core.h"
30 #include "nl80211.h"
31 #include "reg.h"
32 #include "rdev-ops.h"
33
34 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
35 struct genl_info *info,
36 struct cfg80211_crypto_settings *settings,
37 int cipher_limit);
38
39 /* the netlink family */
40 static struct genl_family nl80211_fam;
41
42 /* multicast groups */
43 enum nl80211_multicast_groups {
44 NL80211_MCGRP_CONFIG,
45 NL80211_MCGRP_SCAN,
46 NL80211_MCGRP_REGULATORY,
47 NL80211_MCGRP_MLME,
48 NL80211_MCGRP_VENDOR,
49 NL80211_MCGRP_NAN,
50 NL80211_MCGRP_TESTMODE /* keep last - ifdef! */
51 };
52
53 static const struct genl_multicast_group nl80211_mcgrps[] = {
54 [NL80211_MCGRP_CONFIG] = { .name = NL80211_MULTICAST_GROUP_CONFIG },
55 [NL80211_MCGRP_SCAN] = { .name = NL80211_MULTICAST_GROUP_SCAN },
56 [NL80211_MCGRP_REGULATORY] = { .name = NL80211_MULTICAST_GROUP_REG },
57 [NL80211_MCGRP_MLME] = { .name = NL80211_MULTICAST_GROUP_MLME },
58 [NL80211_MCGRP_VENDOR] = { .name = NL80211_MULTICAST_GROUP_VENDOR },
59 [NL80211_MCGRP_NAN] = { .name = NL80211_MULTICAST_GROUP_NAN },
60 #ifdef CONFIG_NL80211_TESTMODE
61 [NL80211_MCGRP_TESTMODE] = { .name = NL80211_MULTICAST_GROUP_TESTMODE }
62 #endif
63 };
64
65 /* returns ERR_PTR values */
66 static struct wireless_dev *
67 __cfg80211_wdev_from_attrs(struct cfg80211_registered_device *rdev,
68 struct net *netns, struct nlattr **attrs)
69 {
70 struct wireless_dev *result = NULL;
71 bool have_ifidx = attrs[NL80211_ATTR_IFINDEX];
72 bool have_wdev_id = attrs[NL80211_ATTR_WDEV];
73 u64 wdev_id = 0;
74 int wiphy_idx = -1;
75 int ifidx = -1;
76
77 if (!have_ifidx && !have_wdev_id)
78 return ERR_PTR(-EINVAL);
79
80 if (have_ifidx)
81 ifidx = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
82 if (have_wdev_id) {
83 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
84 wiphy_idx = wdev_id >> 32;
85 }
86
87 if (rdev) {
88 struct wireless_dev *wdev;
89
90 lockdep_assert_held(&rdev->wiphy.mtx);
91
92 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
93 if (have_ifidx && wdev->netdev &&
94 wdev->netdev->ifindex == ifidx) {
95 result = wdev;
96 break;
97 }
98 if (have_wdev_id && wdev->identifier == (u32)wdev_id) {
99 result = wdev;
100 break;
101 }
102 }
103
104 return result ?: ERR_PTR(-ENODEV);
105 }
106
107 ASSERT_RTNL();
108
109 for_each_rdev(rdev) {
110 struct wireless_dev *wdev;
111
112 if (wiphy_net(&rdev->wiphy) != netns)
113 continue;
114
115 if (have_wdev_id && rdev->wiphy_idx != wiphy_idx)
116 continue;
117
118 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
119 if (have_ifidx && wdev->netdev &&
120 wdev->netdev->ifindex == ifidx) {
121 result = wdev;
122 break;
123 }
124 if (have_wdev_id && wdev->identifier == (u32)wdev_id) {
125 result = wdev;
126 break;
127 }
128 }
129
130 if (result)
131 break;
132 }
133
134 if (result)
135 return result;
136 return ERR_PTR(-ENODEV);
137 }
138
139 static struct cfg80211_registered_device *
140 __cfg80211_rdev_from_attrs(struct net *netns, struct nlattr **attrs)
141 {
142 struct cfg80211_registered_device *rdev = NULL, *tmp;
143 struct net_device *netdev;
144
145 ASSERT_RTNL();
146
147 if (!attrs[NL80211_ATTR_WIPHY] &&
148 !attrs[NL80211_ATTR_IFINDEX] &&
149 !attrs[NL80211_ATTR_WDEV])
150 return ERR_PTR(-EINVAL);
151
152 if (attrs[NL80211_ATTR_WIPHY])
153 rdev = cfg80211_rdev_by_wiphy_idx(
154 nla_get_u32(attrs[NL80211_ATTR_WIPHY]));
155
156 if (attrs[NL80211_ATTR_WDEV]) {
157 u64 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
158 struct wireless_dev *wdev;
159 bool found = false;
160
161 tmp = cfg80211_rdev_by_wiphy_idx(wdev_id >> 32);
162 if (tmp) {
163 /* make sure wdev exists */
164 list_for_each_entry(wdev, &tmp->wiphy.wdev_list, list) {
165 if (wdev->identifier != (u32)wdev_id)
166 continue;
167 found = true;
168 break;
169 }
170
171 if (!found)
172 tmp = NULL;
173
174 if (rdev && tmp != rdev)
175 return ERR_PTR(-EINVAL);
176 rdev = tmp;
177 }
178 }
179
180 if (attrs[NL80211_ATTR_IFINDEX]) {
181 int ifindex = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
182
183 netdev = __dev_get_by_index(netns, ifindex);
184 if (netdev) {
185 if (netdev->ieee80211_ptr)
186 tmp = wiphy_to_rdev(
187 netdev->ieee80211_ptr->wiphy);
188 else
189 tmp = NULL;
190
191 /* not wireless device -- return error */
192 if (!tmp)
193 return ERR_PTR(-EINVAL);
194
195 /* mismatch -- return error */
196 if (rdev && tmp != rdev)
197 return ERR_PTR(-EINVAL);
198
199 rdev = tmp;
200 }
201 }
202
203 if (!rdev)
204 return ERR_PTR(-ENODEV);
205
206 if (netns != wiphy_net(&rdev->wiphy))
207 return ERR_PTR(-ENODEV);
208
209 return rdev;
210 }
211
212 /*
213 * This function returns a pointer to the driver
214 * that the genl_info item that is passed refers to.
215 *
216 * The result of this can be a PTR_ERR and hence must
217 * be checked with IS_ERR() for errors.
218 */
219 static struct cfg80211_registered_device *
220 cfg80211_get_dev_from_info(struct net *netns, struct genl_info *info)
221 {
222 return __cfg80211_rdev_from_attrs(netns, info->attrs);
223 }
224
225 static int validate_beacon_head(const struct nlattr *attr,
226 struct netlink_ext_ack *extack)
227 {
228 const u8 *data = nla_data(attr);
229 unsigned int len = nla_len(attr);
230 const struct element *elem;
231 const struct ieee80211_mgmt *mgmt = (void *)data;
232 unsigned int fixedlen, hdrlen;
233 bool s1g_bcn;
234
235 if (len < offsetofend(typeof(*mgmt), frame_control))
236 goto err;
237
238 s1g_bcn = ieee80211_is_s1g_beacon(mgmt->frame_control);
239 if (s1g_bcn) {
240 fixedlen = offsetof(struct ieee80211_ext,
241 u.s1g_beacon.variable);
242 hdrlen = offsetof(struct ieee80211_ext, u.s1g_beacon);
243 } else {
244 fixedlen = offsetof(struct ieee80211_mgmt,
245 u.beacon.variable);
246 hdrlen = offsetof(struct ieee80211_mgmt, u.beacon);
247 }
248
249 if (len < fixedlen)
250 goto err;
251
252 if (ieee80211_hdrlen(mgmt->frame_control) != hdrlen)
253 goto err;
254
255 data += fixedlen;
256 len -= fixedlen;
257
258 for_each_element(elem, data, len) {
259 /* nothing */
260 }
261
262 if (for_each_element_completed(elem, data, len))
263 return 0;
264
265 err:
266 NL_SET_ERR_MSG_ATTR(extack, attr, "malformed beacon head");
267 return -EINVAL;
268 }
269
270 static int validate_ie_attr(const struct nlattr *attr,
271 struct netlink_ext_ack *extack)
272 {
273 const u8 *data = nla_data(attr);
274 unsigned int len = nla_len(attr);
275 const struct element *elem;
276
277 for_each_element(elem, data, len) {
278 /* nothing */
279 }
280
281 if (for_each_element_completed(elem, data, len))
282 return 0;
283
284 NL_SET_ERR_MSG_ATTR(extack, attr, "malformed information elements");
285 return -EINVAL;
286 }
287
288 static int validate_he_capa(const struct nlattr *attr,
289 struct netlink_ext_ack *extack)
290 {
291 if (!ieee80211_he_capa_size_ok(nla_data(attr), nla_len(attr)))
292 return -EINVAL;
293
294 return 0;
295 }
296
297 /* policy for the attributes */
298 static const struct nla_policy nl80211_policy[NUM_NL80211_ATTR];
299
300 static const struct nla_policy
301 nl80211_ftm_responder_policy[NL80211_FTM_RESP_ATTR_MAX + 1] = {
302 [NL80211_FTM_RESP_ATTR_ENABLED] = { .type = NLA_FLAG, },
303 [NL80211_FTM_RESP_ATTR_LCI] = { .type = NLA_BINARY,
304 .len = U8_MAX },
305 [NL80211_FTM_RESP_ATTR_CIVICLOC] = { .type = NLA_BINARY,
306 .len = U8_MAX },
307 };
308
309 static const struct nla_policy
310 nl80211_pmsr_ftm_req_attr_policy[NL80211_PMSR_FTM_REQ_ATTR_MAX + 1] = {
311 [NL80211_PMSR_FTM_REQ_ATTR_ASAP] = { .type = NLA_FLAG },
312 [NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE] = { .type = NLA_U32 },
313 [NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP] =
314 NLA_POLICY_MAX(NLA_U8, 15),
315 [NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD] = { .type = NLA_U16 },
316 [NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION] =
317 NLA_POLICY_MAX(NLA_U8, 15),
318 [NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST] = { .type = NLA_U8 },
319 [NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES] = { .type = NLA_U8 },
320 [NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI] = { .type = NLA_FLAG },
321 [NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC] = { .type = NLA_FLAG },
322 [NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED] = { .type = NLA_FLAG },
323 [NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED] = { .type = NLA_FLAG },
324 [NL80211_PMSR_FTM_REQ_ATTR_LMR_FEEDBACK] = { .type = NLA_FLAG },
325 [NL80211_PMSR_FTM_REQ_ATTR_BSS_COLOR] = { .type = NLA_U8 },
326 };
327
328 static const struct nla_policy
329 nl80211_pmsr_req_data_policy[NL80211_PMSR_TYPE_MAX + 1] = {
330 [NL80211_PMSR_TYPE_FTM] =
331 NLA_POLICY_NESTED(nl80211_pmsr_ftm_req_attr_policy),
332 };
333
334 static const struct nla_policy
335 nl80211_pmsr_req_attr_policy[NL80211_PMSR_REQ_ATTR_MAX + 1] = {
336 [NL80211_PMSR_REQ_ATTR_DATA] =
337 NLA_POLICY_NESTED(nl80211_pmsr_req_data_policy),
338 [NL80211_PMSR_REQ_ATTR_GET_AP_TSF] = { .type = NLA_FLAG },
339 };
340
341 static const struct nla_policy
342 nl80211_pmsr_peer_attr_policy[NL80211_PMSR_PEER_ATTR_MAX + 1] = {
343 [NL80211_PMSR_PEER_ATTR_ADDR] = NLA_POLICY_ETH_ADDR,
344 [NL80211_PMSR_PEER_ATTR_CHAN] = NLA_POLICY_NESTED(nl80211_policy),
345 [NL80211_PMSR_PEER_ATTR_REQ] =
346 NLA_POLICY_NESTED(nl80211_pmsr_req_attr_policy),
347 [NL80211_PMSR_PEER_ATTR_RESP] = { .type = NLA_REJECT },
348 };
349
350 static const struct nla_policy
351 nl80211_pmsr_attr_policy[NL80211_PMSR_ATTR_MAX + 1] = {
352 [NL80211_PMSR_ATTR_MAX_PEERS] = { .type = NLA_REJECT },
353 [NL80211_PMSR_ATTR_REPORT_AP_TSF] = { .type = NLA_REJECT },
354 [NL80211_PMSR_ATTR_RANDOMIZE_MAC_ADDR] = { .type = NLA_REJECT },
355 [NL80211_PMSR_ATTR_TYPE_CAPA] = { .type = NLA_REJECT },
356 [NL80211_PMSR_ATTR_PEERS] =
357 NLA_POLICY_NESTED_ARRAY(nl80211_pmsr_peer_attr_policy),
358 };
359
360 static const struct nla_policy
361 he_obss_pd_policy[NL80211_HE_OBSS_PD_ATTR_MAX + 1] = {
362 [NL80211_HE_OBSS_PD_ATTR_MIN_OFFSET] =
363 NLA_POLICY_RANGE(NLA_U8, 1, 20),
364 [NL80211_HE_OBSS_PD_ATTR_MAX_OFFSET] =
365 NLA_POLICY_RANGE(NLA_U8, 1, 20),
366 [NL80211_HE_OBSS_PD_ATTR_NON_SRG_MAX_OFFSET] =
367 NLA_POLICY_RANGE(NLA_U8, 1, 20),
368 [NL80211_HE_OBSS_PD_ATTR_BSS_COLOR_BITMAP] =
369 NLA_POLICY_EXACT_LEN(8),
370 [NL80211_HE_OBSS_PD_ATTR_PARTIAL_BSSID_BITMAP] =
371 NLA_POLICY_EXACT_LEN(8),
372 [NL80211_HE_OBSS_PD_ATTR_SR_CTRL] = { .type = NLA_U8 },
373 };
374
375 static const struct nla_policy
376 he_bss_color_policy[NL80211_HE_BSS_COLOR_ATTR_MAX + 1] = {
377 [NL80211_HE_BSS_COLOR_ATTR_COLOR] = NLA_POLICY_RANGE(NLA_U8, 1, 63),
378 [NL80211_HE_BSS_COLOR_ATTR_DISABLED] = { .type = NLA_FLAG },
379 [NL80211_HE_BSS_COLOR_ATTR_PARTIAL] = { .type = NLA_FLAG },
380 };
381
382 static const struct nla_policy nl80211_txattr_policy[NL80211_TXRATE_MAX + 1] = {
383 [NL80211_TXRATE_LEGACY] = { .type = NLA_BINARY,
384 .len = NL80211_MAX_SUPP_RATES },
385 [NL80211_TXRATE_HT] = { .type = NLA_BINARY,
386 .len = NL80211_MAX_SUPP_HT_RATES },
387 [NL80211_TXRATE_VHT] = NLA_POLICY_EXACT_LEN_WARN(sizeof(struct nl80211_txrate_vht)),
388 [NL80211_TXRATE_GI] = { .type = NLA_U8 },
389 [NL80211_TXRATE_HE] = NLA_POLICY_EXACT_LEN(sizeof(struct nl80211_txrate_he)),
390 [NL80211_TXRATE_HE_GI] = NLA_POLICY_RANGE(NLA_U8,
391 NL80211_RATE_INFO_HE_GI_0_8,
392 NL80211_RATE_INFO_HE_GI_3_2),
393 [NL80211_TXRATE_HE_LTF] = NLA_POLICY_RANGE(NLA_U8,
394 NL80211_RATE_INFO_HE_1XLTF,
395 NL80211_RATE_INFO_HE_4XLTF),
396 };
397
398 static const struct nla_policy
399 nl80211_tid_config_attr_policy[NL80211_TID_CONFIG_ATTR_MAX + 1] = {
400 [NL80211_TID_CONFIG_ATTR_VIF_SUPP] = { .type = NLA_U64 },
401 [NL80211_TID_CONFIG_ATTR_PEER_SUPP] = { .type = NLA_U64 },
402 [NL80211_TID_CONFIG_ATTR_OVERRIDE] = { .type = NLA_FLAG },
403 [NL80211_TID_CONFIG_ATTR_TIDS] = NLA_POLICY_RANGE(NLA_U16, 1, 0xff),
404 [NL80211_TID_CONFIG_ATTR_NOACK] =
405 NLA_POLICY_MAX(NLA_U8, NL80211_TID_CONFIG_DISABLE),
406 [NL80211_TID_CONFIG_ATTR_RETRY_SHORT] = NLA_POLICY_MIN(NLA_U8, 1),
407 [NL80211_TID_CONFIG_ATTR_RETRY_LONG] = NLA_POLICY_MIN(NLA_U8, 1),
408 [NL80211_TID_CONFIG_ATTR_AMPDU_CTRL] =
409 NLA_POLICY_MAX(NLA_U8, NL80211_TID_CONFIG_DISABLE),
410 [NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL] =
411 NLA_POLICY_MAX(NLA_U8, NL80211_TID_CONFIG_DISABLE),
412 [NL80211_TID_CONFIG_ATTR_AMSDU_CTRL] =
413 NLA_POLICY_MAX(NLA_U8, NL80211_TID_CONFIG_DISABLE),
414 [NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE] =
415 NLA_POLICY_MAX(NLA_U8, NL80211_TX_RATE_FIXED),
416 [NL80211_TID_CONFIG_ATTR_TX_RATE] =
417 NLA_POLICY_NESTED(nl80211_txattr_policy),
418 };
419
420 static const struct nla_policy
421 nl80211_fils_discovery_policy[NL80211_FILS_DISCOVERY_ATTR_MAX + 1] = {
422 [NL80211_FILS_DISCOVERY_ATTR_INT_MIN] = NLA_POLICY_MAX(NLA_U32, 10000),
423 [NL80211_FILS_DISCOVERY_ATTR_INT_MAX] = NLA_POLICY_MAX(NLA_U32, 10000),
424 [NL80211_FILS_DISCOVERY_ATTR_TMPL] =
425 NLA_POLICY_RANGE(NLA_BINARY,
426 NL80211_FILS_DISCOVERY_TMPL_MIN_LEN,
427 IEEE80211_MAX_DATA_LEN),
428 };
429
430 static const struct nla_policy
431 nl80211_unsol_bcast_probe_resp_policy[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_MAX + 1] = {
432 [NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_INT] = NLA_POLICY_MAX(NLA_U32, 20),
433 [NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_TMPL] = { .type = NLA_BINARY,
434 .len = IEEE80211_MAX_DATA_LEN }
435 };
436
437 static const struct nla_policy
438 sar_specs_policy[NL80211_SAR_ATTR_SPECS_MAX + 1] = {
439 [NL80211_SAR_ATTR_SPECS_POWER] = { .type = NLA_S32 },
440 [NL80211_SAR_ATTR_SPECS_RANGE_INDEX] = {.type = NLA_U32 },
441 };
442
443 static const struct nla_policy
444 sar_policy[NL80211_SAR_ATTR_MAX + 1] = {
445 [NL80211_SAR_ATTR_TYPE] = NLA_POLICY_MAX(NLA_U32, NUM_NL80211_SAR_TYPE),
446 [NL80211_SAR_ATTR_SPECS] = NLA_POLICY_NESTED_ARRAY(sar_specs_policy),
447 };
448
449 static const struct nla_policy
450 nl80211_mbssid_config_policy[NL80211_MBSSID_CONFIG_ATTR_MAX + 1] = {
451 [NL80211_MBSSID_CONFIG_ATTR_MAX_INTERFACES] = NLA_POLICY_MIN(NLA_U8, 2),
452 [NL80211_MBSSID_CONFIG_ATTR_MAX_EMA_PROFILE_PERIODICITY] =
453 NLA_POLICY_MIN(NLA_U8, 1),
454 [NL80211_MBSSID_CONFIG_ATTR_INDEX] = { .type = NLA_U8 },
455 [NL80211_MBSSID_CONFIG_ATTR_TX_IFINDEX] = { .type = NLA_U32 },
456 [NL80211_MBSSID_CONFIG_ATTR_EMA] = { .type = NLA_FLAG },
457 };
458
459 static const struct nla_policy
460 nl80211_sta_wme_policy[NL80211_STA_WME_MAX + 1] = {
461 [NL80211_STA_WME_UAPSD_QUEUES] = { .type = NLA_U8 },
462 [NL80211_STA_WME_MAX_SP] = { .type = NLA_U8 },
463 };
464
465 static const struct netlink_range_validation nl80211_punct_bitmap_range = {
466 .min = 0,
467 .max = 0xffff,
468 };
469
470 static const struct netlink_range_validation q_range = {
471 .max = INT_MAX,
472 };
473
474 static const struct nla_policy nl80211_policy[NUM_NL80211_ATTR] = {
475 [0] = { .strict_start_type = NL80211_ATTR_HE_OBSS_PD },
476 [NL80211_ATTR_WIPHY] = { .type = NLA_U32 },
477 [NL80211_ATTR_WIPHY_NAME] = { .type = NLA_NUL_STRING,
478 .len = 20-1 },
479 [NL80211_ATTR_WIPHY_TXQ_PARAMS] = { .type = NLA_NESTED },
480
481 [NL80211_ATTR_WIPHY_FREQ] = { .type = NLA_U32 },
482 [NL80211_ATTR_WIPHY_CHANNEL_TYPE] = { .type = NLA_U32 },
483 [NL80211_ATTR_WIPHY_EDMG_CHANNELS] = NLA_POLICY_RANGE(NLA_U8,
484 NL80211_EDMG_CHANNELS_MIN,
485 NL80211_EDMG_CHANNELS_MAX),
486 [NL80211_ATTR_WIPHY_EDMG_BW_CONFIG] = NLA_POLICY_RANGE(NLA_U8,
487 NL80211_EDMG_BW_CONFIG_MIN,
488 NL80211_EDMG_BW_CONFIG_MAX),
489
490 [NL80211_ATTR_CHANNEL_WIDTH] = { .type = NLA_U32 },
491 [NL80211_ATTR_CENTER_FREQ1] = { .type = NLA_U32 },
492 [NL80211_ATTR_CENTER_FREQ1_OFFSET] = NLA_POLICY_RANGE(NLA_U32, 0, 999),
493 [NL80211_ATTR_CENTER_FREQ2] = { .type = NLA_U32 },
494
495 [NL80211_ATTR_WIPHY_RETRY_SHORT] = NLA_POLICY_MIN(NLA_U8, 1),
496 [NL80211_ATTR_WIPHY_RETRY_LONG] = NLA_POLICY_MIN(NLA_U8, 1),
497 [NL80211_ATTR_WIPHY_FRAG_THRESHOLD] = { .type = NLA_U32 },
498 [NL80211_ATTR_WIPHY_RTS_THRESHOLD] = { .type = NLA_U32 },
499 [NL80211_ATTR_WIPHY_COVERAGE_CLASS] = { .type = NLA_U8 },
500 [NL80211_ATTR_WIPHY_DYN_ACK] = { .type = NLA_FLAG },
501
502 [NL80211_ATTR_IFTYPE] = NLA_POLICY_MAX(NLA_U32, NL80211_IFTYPE_MAX),
503 [NL80211_ATTR_IFINDEX] = { .type = NLA_U32 },
504 [NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 },
505
506 [NL80211_ATTR_MAC] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
507 [NL80211_ATTR_PREV_BSSID] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
508
509 [NL80211_ATTR_KEY] = { .type = NLA_NESTED, },
510 [NL80211_ATTR_KEY_DATA] = { .type = NLA_BINARY,
511 .len = WLAN_MAX_KEY_LEN },
512 [NL80211_ATTR_KEY_IDX] = NLA_POLICY_MAX(NLA_U8, 7),
513 [NL80211_ATTR_KEY_CIPHER] = { .type = NLA_U32 },
514 [NL80211_ATTR_KEY_DEFAULT] = { .type = NLA_FLAG },
515 [NL80211_ATTR_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
516 [NL80211_ATTR_KEY_TYPE] =
517 NLA_POLICY_MAX(NLA_U32, NUM_NL80211_KEYTYPES),
518
519 [NL80211_ATTR_BEACON_INTERVAL] = { .type = NLA_U32 },
520 [NL80211_ATTR_DTIM_PERIOD] = { .type = NLA_U32 },
521 [NL80211_ATTR_BEACON_HEAD] =
522 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_beacon_head,
523 IEEE80211_MAX_DATA_LEN),
524 [NL80211_ATTR_BEACON_TAIL] =
525 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
526 IEEE80211_MAX_DATA_LEN),
527 [NL80211_ATTR_STA_AID] =
528 NLA_POLICY_RANGE(NLA_U16, 1, IEEE80211_MAX_AID),
529 [NL80211_ATTR_STA_FLAGS] = { .type = NLA_NESTED },
530 [NL80211_ATTR_STA_LISTEN_INTERVAL] = { .type = NLA_U16 },
531 [NL80211_ATTR_STA_SUPPORTED_RATES] = { .type = NLA_BINARY,
532 .len = NL80211_MAX_SUPP_RATES },
533 [NL80211_ATTR_STA_PLINK_ACTION] =
534 NLA_POLICY_MAX(NLA_U8, NUM_NL80211_PLINK_ACTIONS - 1),
535 [NL80211_ATTR_STA_TX_POWER_SETTING] =
536 NLA_POLICY_RANGE(NLA_U8,
537 NL80211_TX_POWER_AUTOMATIC,
538 NL80211_TX_POWER_FIXED),
539 [NL80211_ATTR_STA_TX_POWER] = { .type = NLA_S16 },
540 [NL80211_ATTR_STA_VLAN] = { .type = NLA_U32 },
541 [NL80211_ATTR_MNTR_FLAGS] = { /* NLA_NESTED can't be empty */ },
542 [NL80211_ATTR_MESH_ID] = { .type = NLA_BINARY,
543 .len = IEEE80211_MAX_MESH_ID_LEN },
544 [NL80211_ATTR_MPATH_NEXT_HOP] = NLA_POLICY_ETH_ADDR_COMPAT,
545
546 /* allow 3 for NUL-termination, we used to declare this NLA_STRING */
547 [NL80211_ATTR_REG_ALPHA2] = NLA_POLICY_RANGE(NLA_BINARY, 2, 3),
548 [NL80211_ATTR_REG_RULES] = { .type = NLA_NESTED },
549
550 [NL80211_ATTR_BSS_CTS_PROT] = { .type = NLA_U8 },
551 [NL80211_ATTR_BSS_SHORT_PREAMBLE] = { .type = NLA_U8 },
552 [NL80211_ATTR_BSS_SHORT_SLOT_TIME] = { .type = NLA_U8 },
553 [NL80211_ATTR_BSS_BASIC_RATES] = { .type = NLA_BINARY,
554 .len = NL80211_MAX_SUPP_RATES },
555 [NL80211_ATTR_BSS_HT_OPMODE] = { .type = NLA_U16 },
556
557 [NL80211_ATTR_MESH_CONFIG] = { .type = NLA_NESTED },
558 [NL80211_ATTR_SUPPORT_MESH_AUTH] = { .type = NLA_FLAG },
559
560 [NL80211_ATTR_HT_CAPABILITY] = NLA_POLICY_EXACT_LEN_WARN(NL80211_HT_CAPABILITY_LEN),
561
562 [NL80211_ATTR_MGMT_SUBTYPE] = { .type = NLA_U8 },
563 [NL80211_ATTR_IE] = NLA_POLICY_VALIDATE_FN(NLA_BINARY,
564 validate_ie_attr,
565 IEEE80211_MAX_DATA_LEN),
566 [NL80211_ATTR_SCAN_FREQUENCIES] = { .type = NLA_NESTED },
567 [NL80211_ATTR_SCAN_SSIDS] = { .type = NLA_NESTED },
568
569 [NL80211_ATTR_SSID] = { .type = NLA_BINARY,
570 .len = IEEE80211_MAX_SSID_LEN },
571 [NL80211_ATTR_AUTH_TYPE] = { .type = NLA_U32 },
572 [NL80211_ATTR_REASON_CODE] = { .type = NLA_U16 },
573 [NL80211_ATTR_FREQ_FIXED] = { .type = NLA_FLAG },
574 [NL80211_ATTR_TIMED_OUT] = { .type = NLA_FLAG },
575 [NL80211_ATTR_USE_MFP] = NLA_POLICY_RANGE(NLA_U32,
576 NL80211_MFP_NO,
577 NL80211_MFP_OPTIONAL),
578 [NL80211_ATTR_STA_FLAGS2] =
579 NLA_POLICY_EXACT_LEN_WARN(sizeof(struct nl80211_sta_flag_update)),
580 [NL80211_ATTR_CONTROL_PORT] = { .type = NLA_FLAG },
581 [NL80211_ATTR_CONTROL_PORT_ETHERTYPE] = { .type = NLA_U16 },
582 [NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT] = { .type = NLA_FLAG },
583 [NL80211_ATTR_CONTROL_PORT_OVER_NL80211] = { .type = NLA_FLAG },
584 [NL80211_ATTR_PRIVACY] = { .type = NLA_FLAG },
585 [NL80211_ATTR_STATUS_CODE] = { .type = NLA_U16 },
586 [NL80211_ATTR_CIPHER_SUITE_GROUP] = { .type = NLA_U32 },
587 [NL80211_ATTR_WPA_VERSIONS] =
588 NLA_POLICY_RANGE(NLA_U32, 0,
589 NL80211_WPA_VERSION_1 |
590 NL80211_WPA_VERSION_2 |
591 NL80211_WPA_VERSION_3),
592 [NL80211_ATTR_PID] = { .type = NLA_U32 },
593 [NL80211_ATTR_4ADDR] = { .type = NLA_U8 },
594 [NL80211_ATTR_PMKID] = NLA_POLICY_EXACT_LEN_WARN(WLAN_PMKID_LEN),
595 [NL80211_ATTR_DURATION] = { .type = NLA_U32 },
596 [NL80211_ATTR_COOKIE] = { .type = NLA_U64 },
597 [NL80211_ATTR_TX_RATES] = { .type = NLA_NESTED },
598 [NL80211_ATTR_FRAME] = { .type = NLA_BINARY,
599 .len = IEEE80211_MAX_DATA_LEN },
600 [NL80211_ATTR_FRAME_MATCH] = { .type = NLA_BINARY, },
601 [NL80211_ATTR_PS_STATE] = NLA_POLICY_RANGE(NLA_U32,
602 NL80211_PS_DISABLED,
603 NL80211_PS_ENABLED),
604 [NL80211_ATTR_CQM] = { .type = NLA_NESTED, },
605 [NL80211_ATTR_LOCAL_STATE_CHANGE] = { .type = NLA_FLAG },
606 [NL80211_ATTR_AP_ISOLATE] = { .type = NLA_U8 },
607 [NL80211_ATTR_WIPHY_TX_POWER_SETTING] = { .type = NLA_U32 },
608 [NL80211_ATTR_WIPHY_TX_POWER_LEVEL] = { .type = NLA_U32 },
609 [NL80211_ATTR_FRAME_TYPE] = { .type = NLA_U16 },
610 [NL80211_ATTR_WIPHY_ANTENNA_TX] = { .type = NLA_U32 },
611 [NL80211_ATTR_WIPHY_ANTENNA_RX] = { .type = NLA_U32 },
612 [NL80211_ATTR_MCAST_RATE] = { .type = NLA_U32 },
613 [NL80211_ATTR_OFFCHANNEL_TX_OK] = { .type = NLA_FLAG },
614 [NL80211_ATTR_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
615 [NL80211_ATTR_WOWLAN_TRIGGERS] = { .type = NLA_NESTED },
616 [NL80211_ATTR_STA_PLINK_STATE] =
617 NLA_POLICY_MAX(NLA_U8, NUM_NL80211_PLINK_STATES - 1),
618 [NL80211_ATTR_MEASUREMENT_DURATION] = { .type = NLA_U16 },
619 [NL80211_ATTR_MEASUREMENT_DURATION_MANDATORY] = { .type = NLA_FLAG },
620 [NL80211_ATTR_MESH_PEER_AID] =
621 NLA_POLICY_RANGE(NLA_U16, 1, IEEE80211_MAX_AID),
622 [NL80211_ATTR_SCHED_SCAN_INTERVAL] = { .type = NLA_U32 },
623 [NL80211_ATTR_REKEY_DATA] = { .type = NLA_NESTED },
624 [NL80211_ATTR_SCAN_SUPP_RATES] = { .type = NLA_NESTED },
625 [NL80211_ATTR_HIDDEN_SSID] =
626 NLA_POLICY_RANGE(NLA_U32,
627 NL80211_HIDDEN_SSID_NOT_IN_USE,
628 NL80211_HIDDEN_SSID_ZERO_CONTENTS),
629 [NL80211_ATTR_IE_PROBE_RESP] =
630 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
631 IEEE80211_MAX_DATA_LEN),
632 [NL80211_ATTR_IE_ASSOC_RESP] =
633 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
634 IEEE80211_MAX_DATA_LEN),
635 [NL80211_ATTR_ROAM_SUPPORT] = { .type = NLA_FLAG },
636 [NL80211_ATTR_STA_WME] = NLA_POLICY_NESTED(nl80211_sta_wme_policy),
637 [NL80211_ATTR_SCHED_SCAN_MATCH] = { .type = NLA_NESTED },
638 [NL80211_ATTR_TX_NO_CCK_RATE] = { .type = NLA_FLAG },
639 [NL80211_ATTR_TDLS_ACTION] = { .type = NLA_U8 },
640 [NL80211_ATTR_TDLS_DIALOG_TOKEN] = { .type = NLA_U8 },
641 [NL80211_ATTR_TDLS_OPERATION] = { .type = NLA_U8 },
642 [NL80211_ATTR_TDLS_SUPPORT] = { .type = NLA_FLAG },
643 [NL80211_ATTR_TDLS_EXTERNAL_SETUP] = { .type = NLA_FLAG },
644 [NL80211_ATTR_TDLS_INITIATOR] = { .type = NLA_FLAG },
645 [NL80211_ATTR_DONT_WAIT_FOR_ACK] = { .type = NLA_FLAG },
646 [NL80211_ATTR_PROBE_RESP] = { .type = NLA_BINARY,
647 .len = IEEE80211_MAX_DATA_LEN },
648 [NL80211_ATTR_DFS_REGION] = { .type = NLA_U8 },
649 [NL80211_ATTR_DISABLE_HT] = { .type = NLA_FLAG },
650 [NL80211_ATTR_HT_CAPABILITY_MASK] = {
651 .len = NL80211_HT_CAPABILITY_LEN
652 },
653 [NL80211_ATTR_NOACK_MAP] = { .type = NLA_U16 },
654 [NL80211_ATTR_INACTIVITY_TIMEOUT] = { .type = NLA_U16 },
655 [NL80211_ATTR_BG_SCAN_PERIOD] = { .type = NLA_U16 },
656 [NL80211_ATTR_WDEV] = { .type = NLA_U64 },
657 [NL80211_ATTR_USER_REG_HINT_TYPE] = { .type = NLA_U32 },
658
659 /* need to include at least Auth Transaction and Status Code */
660 [NL80211_ATTR_AUTH_DATA] = NLA_POLICY_MIN_LEN(4),
661
662 [NL80211_ATTR_VHT_CAPABILITY] = NLA_POLICY_EXACT_LEN_WARN(NL80211_VHT_CAPABILITY_LEN),
663 [NL80211_ATTR_SCAN_FLAGS] = { .type = NLA_U32 },
664 [NL80211_ATTR_P2P_CTWINDOW] = NLA_POLICY_MAX(NLA_U8, 127),
665 [NL80211_ATTR_P2P_OPPPS] = NLA_POLICY_MAX(NLA_U8, 1),
666 [NL80211_ATTR_LOCAL_MESH_POWER_MODE] =
667 NLA_POLICY_RANGE(NLA_U32,
668 NL80211_MESH_POWER_UNKNOWN + 1,
669 NL80211_MESH_POWER_MAX),
670 [NL80211_ATTR_ACL_POLICY] = {. type = NLA_U32 },
671 [NL80211_ATTR_MAC_ADDRS] = { .type = NLA_NESTED },
672 [NL80211_ATTR_STA_CAPABILITY] = { .type = NLA_U16 },
673 [NL80211_ATTR_STA_EXT_CAPABILITY] = { .type = NLA_BINARY, },
674 [NL80211_ATTR_SPLIT_WIPHY_DUMP] = { .type = NLA_FLAG, },
675 [NL80211_ATTR_DISABLE_VHT] = { .type = NLA_FLAG },
676 [NL80211_ATTR_VHT_CAPABILITY_MASK] = {
677 .len = NL80211_VHT_CAPABILITY_LEN,
678 },
679 [NL80211_ATTR_MDID] = { .type = NLA_U16 },
680 [NL80211_ATTR_IE_RIC] = { .type = NLA_BINARY,
681 .len = IEEE80211_MAX_DATA_LEN },
682 [NL80211_ATTR_CRIT_PROT_ID] = { .type = NLA_U16 },
683 [NL80211_ATTR_MAX_CRIT_PROT_DURATION] =
684 NLA_POLICY_MAX(NLA_U16, NL80211_CRIT_PROTO_MAX_DURATION),
685 [NL80211_ATTR_PEER_AID] =
686 NLA_POLICY_RANGE(NLA_U16, 1, IEEE80211_MAX_AID),
687 [NL80211_ATTR_CH_SWITCH_COUNT] = { .type = NLA_U32 },
688 [NL80211_ATTR_CH_SWITCH_BLOCK_TX] = { .type = NLA_FLAG },
689 [NL80211_ATTR_CSA_IES] = { .type = NLA_NESTED },
690 [NL80211_ATTR_CNTDWN_OFFS_BEACON] = { .type = NLA_BINARY },
691 [NL80211_ATTR_CNTDWN_OFFS_PRESP] = { .type = NLA_BINARY },
692 [NL80211_ATTR_STA_SUPPORTED_CHANNELS] = NLA_POLICY_MIN_LEN(2),
693 /*
694 * The value of the Length field of the Supported Operating
695 * Classes element is between 2 and 253.
696 */
697 [NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES] =
698 NLA_POLICY_RANGE(NLA_BINARY, 2, 253),
699 [NL80211_ATTR_HANDLE_DFS] = { .type = NLA_FLAG },
700 [NL80211_ATTR_OPMODE_NOTIF] = { .type = NLA_U8 },
701 [NL80211_ATTR_VENDOR_ID] = { .type = NLA_U32 },
702 [NL80211_ATTR_VENDOR_SUBCMD] = { .type = NLA_U32 },
703 [NL80211_ATTR_VENDOR_DATA] = { .type = NLA_BINARY },
704 [NL80211_ATTR_QOS_MAP] = NLA_POLICY_RANGE(NLA_BINARY,
705 IEEE80211_QOS_MAP_LEN_MIN,
706 IEEE80211_QOS_MAP_LEN_MAX),
707 [NL80211_ATTR_MAC_HINT] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
708 [NL80211_ATTR_WIPHY_FREQ_HINT] = { .type = NLA_U32 },
709 [NL80211_ATTR_TDLS_PEER_CAPABILITY] = { .type = NLA_U32 },
710 [NL80211_ATTR_SOCKET_OWNER] = { .type = NLA_FLAG },
711 [NL80211_ATTR_CSA_C_OFFSETS_TX] = { .type = NLA_BINARY },
712 [NL80211_ATTR_USE_RRM] = { .type = NLA_FLAG },
713 [NL80211_ATTR_TSID] = NLA_POLICY_MAX(NLA_U8, IEEE80211_NUM_TIDS - 1),
714 [NL80211_ATTR_USER_PRIO] =
715 NLA_POLICY_MAX(NLA_U8, IEEE80211_NUM_UPS - 1),
716 [NL80211_ATTR_ADMITTED_TIME] = { .type = NLA_U16 },
717 [NL80211_ATTR_SMPS_MODE] = { .type = NLA_U8 },
718 [NL80211_ATTR_OPER_CLASS] = { .type = NLA_U8 },
719 [NL80211_ATTR_MAC_MASK] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
720 [NL80211_ATTR_WIPHY_SELF_MANAGED_REG] = { .type = NLA_FLAG },
721 [NL80211_ATTR_NETNS_FD] = { .type = NLA_U32 },
722 [NL80211_ATTR_SCHED_SCAN_DELAY] = { .type = NLA_U32 },
723 [NL80211_ATTR_REG_INDOOR] = { .type = NLA_FLAG },
724 [NL80211_ATTR_PBSS] = { .type = NLA_FLAG },
725 [NL80211_ATTR_BSS_SELECT] = { .type = NLA_NESTED },
726 [NL80211_ATTR_STA_SUPPORT_P2P_PS] =
727 NLA_POLICY_MAX(NLA_U8, NUM_NL80211_P2P_PS_STATUS - 1),
728 [NL80211_ATTR_MU_MIMO_GROUP_DATA] = {
729 .len = VHT_MUMIMO_GROUPS_DATA_LEN
730 },
731 [NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
732 [NL80211_ATTR_NAN_MASTER_PREF] = NLA_POLICY_MIN(NLA_U8, 1),
733 [NL80211_ATTR_BANDS] = { .type = NLA_U32 },
734 [NL80211_ATTR_NAN_FUNC] = { .type = NLA_NESTED },
735 [NL80211_ATTR_FILS_KEK] = { .type = NLA_BINARY,
736 .len = FILS_MAX_KEK_LEN },
737 [NL80211_ATTR_FILS_NONCES] = NLA_POLICY_EXACT_LEN_WARN(2 * FILS_NONCE_LEN),
738 [NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED] = { .type = NLA_FLAG, },
739 [NL80211_ATTR_BSSID] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
740 [NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI] = { .type = NLA_S8 },
741 [NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST] = {
742 .len = sizeof(struct nl80211_bss_select_rssi_adjust)
743 },
744 [NL80211_ATTR_TIMEOUT_REASON] = { .type = NLA_U32 },
745 [NL80211_ATTR_FILS_ERP_USERNAME] = { .type = NLA_BINARY,
746 .len = FILS_ERP_MAX_USERNAME_LEN },
747 [NL80211_ATTR_FILS_ERP_REALM] = { .type = NLA_BINARY,
748 .len = FILS_ERP_MAX_REALM_LEN },
749 [NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] = { .type = NLA_U16 },
750 [NL80211_ATTR_FILS_ERP_RRK] = { .type = NLA_BINARY,
751 .len = FILS_ERP_MAX_RRK_LEN },
752 [NL80211_ATTR_FILS_CACHE_ID] = NLA_POLICY_EXACT_LEN_WARN(2),
753 [NL80211_ATTR_PMK] = { .type = NLA_BINARY, .len = PMK_MAX_LEN },
754 [NL80211_ATTR_PMKR0_NAME] = NLA_POLICY_EXACT_LEN(WLAN_PMK_NAME_LEN),
755 [NL80211_ATTR_SCHED_SCAN_MULTI] = { .type = NLA_FLAG },
756 [NL80211_ATTR_EXTERNAL_AUTH_SUPPORT] = { .type = NLA_FLAG },
757
758 [NL80211_ATTR_TXQ_LIMIT] = { .type = NLA_U32 },
759 [NL80211_ATTR_TXQ_MEMORY_LIMIT] = { .type = NLA_U32 },
760 [NL80211_ATTR_TXQ_QUANTUM] = NLA_POLICY_FULL_RANGE(NLA_U32, &q_range),
761 [NL80211_ATTR_HE_CAPABILITY] =
762 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_he_capa,
763 NL80211_HE_MAX_CAPABILITY_LEN),
764 [NL80211_ATTR_FTM_RESPONDER] =
765 NLA_POLICY_NESTED(nl80211_ftm_responder_policy),
766 [NL80211_ATTR_TIMEOUT] = NLA_POLICY_MIN(NLA_U32, 1),
767 [NL80211_ATTR_PEER_MEASUREMENTS] =
768 NLA_POLICY_NESTED(nl80211_pmsr_attr_policy),
769 [NL80211_ATTR_AIRTIME_WEIGHT] = NLA_POLICY_MIN(NLA_U16, 1),
770 [NL80211_ATTR_SAE_PASSWORD] = { .type = NLA_BINARY,
771 .len = SAE_PASSWORD_MAX_LEN },
772 [NL80211_ATTR_TWT_RESPONDER] = { .type = NLA_FLAG },
773 [NL80211_ATTR_HE_OBSS_PD] = NLA_POLICY_NESTED(he_obss_pd_policy),
774 [NL80211_ATTR_VLAN_ID] = NLA_POLICY_RANGE(NLA_U16, 1, VLAN_N_VID - 2),
775 [NL80211_ATTR_HE_BSS_COLOR] = NLA_POLICY_NESTED(he_bss_color_policy),
776 [NL80211_ATTR_TID_CONFIG] =
777 NLA_POLICY_NESTED_ARRAY(nl80211_tid_config_attr_policy),
778 [NL80211_ATTR_CONTROL_PORT_NO_PREAUTH] = { .type = NLA_FLAG },
779 [NL80211_ATTR_PMK_LIFETIME] = NLA_POLICY_MIN(NLA_U32, 1),
780 [NL80211_ATTR_PMK_REAUTH_THRESHOLD] = NLA_POLICY_RANGE(NLA_U8, 1, 100),
781 [NL80211_ATTR_RECEIVE_MULTICAST] = { .type = NLA_FLAG },
782 [NL80211_ATTR_WIPHY_FREQ_OFFSET] = NLA_POLICY_RANGE(NLA_U32, 0, 999),
783 [NL80211_ATTR_SCAN_FREQ_KHZ] = { .type = NLA_NESTED },
784 [NL80211_ATTR_HE_6GHZ_CAPABILITY] =
785 NLA_POLICY_EXACT_LEN(sizeof(struct ieee80211_he_6ghz_capa)),
786 [NL80211_ATTR_FILS_DISCOVERY] =
787 NLA_POLICY_NESTED(nl80211_fils_discovery_policy),
788 [NL80211_ATTR_UNSOL_BCAST_PROBE_RESP] =
789 NLA_POLICY_NESTED(nl80211_unsol_bcast_probe_resp_policy),
790 [NL80211_ATTR_S1G_CAPABILITY] =
791 NLA_POLICY_EXACT_LEN(IEEE80211_S1G_CAPABILITY_LEN),
792 [NL80211_ATTR_S1G_CAPABILITY_MASK] =
793 NLA_POLICY_EXACT_LEN(IEEE80211_S1G_CAPABILITY_LEN),
794 [NL80211_ATTR_SAE_PWE] =
795 NLA_POLICY_RANGE(NLA_U8, NL80211_SAE_PWE_HUNT_AND_PECK,
796 NL80211_SAE_PWE_BOTH),
797 [NL80211_ATTR_RECONNECT_REQUESTED] = { .type = NLA_REJECT },
798 [NL80211_ATTR_SAR_SPEC] = NLA_POLICY_NESTED(sar_policy),
799 [NL80211_ATTR_DISABLE_HE] = { .type = NLA_FLAG },
800 [NL80211_ATTR_OBSS_COLOR_BITMAP] = { .type = NLA_U64 },
801 [NL80211_ATTR_COLOR_CHANGE_COUNT] = { .type = NLA_U8 },
802 [NL80211_ATTR_COLOR_CHANGE_COLOR] = { .type = NLA_U8 },
803 [NL80211_ATTR_COLOR_CHANGE_ELEMS] = NLA_POLICY_NESTED(nl80211_policy),
804 [NL80211_ATTR_MBSSID_CONFIG] =
805 NLA_POLICY_NESTED(nl80211_mbssid_config_policy),
806 [NL80211_ATTR_MBSSID_ELEMS] = { .type = NLA_NESTED },
807 [NL80211_ATTR_RADAR_BACKGROUND] = { .type = NLA_FLAG },
808 [NL80211_ATTR_AP_SETTINGS_FLAGS] = { .type = NLA_U32 },
809 [NL80211_ATTR_EHT_CAPABILITY] =
810 NLA_POLICY_RANGE(NLA_BINARY,
811 NL80211_EHT_MIN_CAPABILITY_LEN,
812 NL80211_EHT_MAX_CAPABILITY_LEN),
813 [NL80211_ATTR_DISABLE_EHT] = { .type = NLA_FLAG },
814 [NL80211_ATTR_MLO_LINKS] =
815 NLA_POLICY_NESTED_ARRAY(nl80211_policy),
816 [NL80211_ATTR_MLO_LINK_ID] =
817 NLA_POLICY_RANGE(NLA_U8, 0, IEEE80211_MLD_MAX_NUM_LINKS),
818 [NL80211_ATTR_MLD_ADDR] = NLA_POLICY_EXACT_LEN(ETH_ALEN),
819 [NL80211_ATTR_MLO_SUPPORT] = { .type = NLA_FLAG },
820 [NL80211_ATTR_MAX_NUM_AKM_SUITES] = { .type = NLA_REJECT },
821 [NL80211_ATTR_PUNCT_BITMAP] =
822 NLA_POLICY_FULL_RANGE(NLA_U32, &nl80211_punct_bitmap_range),
823
824 [NL80211_ATTR_MAX_HW_TIMESTAMP_PEERS] = { .type = NLA_U16 },
825 [NL80211_ATTR_HW_TIMESTAMP_ENABLED] = { .type = NLA_FLAG },
826 [NL80211_ATTR_EMA_RNR_ELEMS] = { .type = NLA_NESTED },
827 [NL80211_ATTR_MLO_LINK_DISABLED] = { .type = NLA_FLAG },
828 [NL80211_ATTR_BSS_DUMP_INCLUDE_USE_DATA] = { .type = NLA_FLAG },
829 [NL80211_ATTR_MLO_TTLM_DLINK] = NLA_POLICY_EXACT_LEN(sizeof(u16) * 8),
830 [NL80211_ATTR_MLO_TTLM_ULINK] = NLA_POLICY_EXACT_LEN(sizeof(u16) * 8),
831 [NL80211_ATTR_ASSOC_SPP_AMSDU] = { .type = NLA_FLAG },
832 [NL80211_ATTR_VIF_RADIO_MASK] = { .type = NLA_U32 },
833 };
834
835 /* policy for the key attributes */
836 static const struct nla_policy nl80211_key_policy[NL80211_KEY_MAX + 1] = {
837 [NL80211_KEY_DATA] = { .type = NLA_BINARY, .len = WLAN_MAX_KEY_LEN },
838 [NL80211_KEY_IDX] = { .type = NLA_U8 },
839 [NL80211_KEY_CIPHER] = { .type = NLA_U32 },
840 [NL80211_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
841 [NL80211_KEY_DEFAULT] = { .type = NLA_FLAG },
842 [NL80211_KEY_DEFAULT_MGMT] = { .type = NLA_FLAG },
843 [NL80211_KEY_TYPE] = NLA_POLICY_MAX(NLA_U32, NUM_NL80211_KEYTYPES - 1),
844 [NL80211_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
845 [NL80211_KEY_MODE] = NLA_POLICY_RANGE(NLA_U8, 0, NL80211_KEY_SET_TX),
846 };
847
848 /* policy for the key default flags */
849 static const struct nla_policy
850 nl80211_key_default_policy[NUM_NL80211_KEY_DEFAULT_TYPES] = {
851 [NL80211_KEY_DEFAULT_TYPE_UNICAST] = { .type = NLA_FLAG },
852 [NL80211_KEY_DEFAULT_TYPE_MULTICAST] = { .type = NLA_FLAG },
853 };
854
855 #ifdef CONFIG_PM
856 /* policy for WoWLAN attributes */
857 static const struct nla_policy
858 nl80211_wowlan_policy[NUM_NL80211_WOWLAN_TRIG] = {
859 [NL80211_WOWLAN_TRIG_ANY] = { .type = NLA_FLAG },
860 [NL80211_WOWLAN_TRIG_DISCONNECT] = { .type = NLA_FLAG },
861 [NL80211_WOWLAN_TRIG_MAGIC_PKT] = { .type = NLA_FLAG },
862 [NL80211_WOWLAN_TRIG_PKT_PATTERN] = { .type = NLA_NESTED },
863 [NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE] = { .type = NLA_FLAG },
864 [NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST] = { .type = NLA_FLAG },
865 [NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE] = { .type = NLA_FLAG },
866 [NL80211_WOWLAN_TRIG_RFKILL_RELEASE] = { .type = NLA_FLAG },
867 [NL80211_WOWLAN_TRIG_TCP_CONNECTION] = { .type = NLA_NESTED },
868 [NL80211_WOWLAN_TRIG_NET_DETECT] = { .type = NLA_NESTED },
869 };
870
871 static const struct nla_policy
872 nl80211_wowlan_tcp_policy[NUM_NL80211_WOWLAN_TCP] = {
873 [NL80211_WOWLAN_TCP_SRC_IPV4] = { .type = NLA_U32 },
874 [NL80211_WOWLAN_TCP_DST_IPV4] = { .type = NLA_U32 },
875 [NL80211_WOWLAN_TCP_DST_MAC] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
876 [NL80211_WOWLAN_TCP_SRC_PORT] = { .type = NLA_U16 },
877 [NL80211_WOWLAN_TCP_DST_PORT] = { .type = NLA_U16 },
878 [NL80211_WOWLAN_TCP_DATA_PAYLOAD] = NLA_POLICY_MIN_LEN(1),
879 [NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ] = {
880 .len = sizeof(struct nl80211_wowlan_tcp_data_seq)
881 },
882 [NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN] = {
883 .len = sizeof(struct nl80211_wowlan_tcp_data_token)
884 },
885 [NL80211_WOWLAN_TCP_DATA_INTERVAL] = { .type = NLA_U32 },
886 [NL80211_WOWLAN_TCP_WAKE_PAYLOAD] = NLA_POLICY_MIN_LEN(1),
887 [NL80211_WOWLAN_TCP_WAKE_MASK] = NLA_POLICY_MIN_LEN(1),
888 };
889 #endif /* CONFIG_PM */
890
891 /* policy for coalesce rule attributes */
892 static const struct nla_policy
893 nl80211_coalesce_policy[NUM_NL80211_ATTR_COALESCE_RULE] = {
894 [NL80211_ATTR_COALESCE_RULE_DELAY] = { .type = NLA_U32 },
895 [NL80211_ATTR_COALESCE_RULE_CONDITION] =
896 NLA_POLICY_RANGE(NLA_U32,
897 NL80211_COALESCE_CONDITION_MATCH,
898 NL80211_COALESCE_CONDITION_NO_MATCH),
899 [NL80211_ATTR_COALESCE_RULE_PKT_PATTERN] = { .type = NLA_NESTED },
900 };
901
902 /* policy for GTK rekey offload attributes */
903 static const struct nla_policy
904 nl80211_rekey_policy[NUM_NL80211_REKEY_DATA] = {
905 [NL80211_REKEY_DATA_KEK] = {
906 .type = NLA_BINARY,
907 .len = NL80211_KEK_EXT_LEN
908 },
909 [NL80211_REKEY_DATA_KCK] = {
910 .type = NLA_BINARY,
911 .len = NL80211_KCK_EXT_LEN_32
912 },
913 [NL80211_REKEY_DATA_REPLAY_CTR] = NLA_POLICY_EXACT_LEN(NL80211_REPLAY_CTR_LEN),
914 [NL80211_REKEY_DATA_AKM] = { .type = NLA_U32 },
915 };
916
917 static const struct nla_policy
918 nl80211_match_policy[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1] = {
919 [NL80211_SCHED_SCAN_MATCH_ATTR_SSID] = { .type = NLA_BINARY,
920 .len = IEEE80211_MAX_SSID_LEN },
921 [NL80211_SCHED_SCAN_MATCH_ATTR_BSSID] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
922 [NL80211_SCHED_SCAN_MATCH_ATTR_RSSI] = { .type = NLA_U32 },
923 };
924
925 static const struct nla_policy
926 nl80211_plan_policy[NL80211_SCHED_SCAN_PLAN_MAX + 1] = {
927 [NL80211_SCHED_SCAN_PLAN_INTERVAL] = { .type = NLA_U32 },
928 [NL80211_SCHED_SCAN_PLAN_ITERATIONS] = { .type = NLA_U32 },
929 };
930
931 static const struct nla_policy
932 nl80211_bss_select_policy[NL80211_BSS_SELECT_ATTR_MAX + 1] = {
933 [NL80211_BSS_SELECT_ATTR_RSSI] = { .type = NLA_FLAG },
934 [NL80211_BSS_SELECT_ATTR_BAND_PREF] = { .type = NLA_U32 },
935 [NL80211_BSS_SELECT_ATTR_RSSI_ADJUST] = {
936 .len = sizeof(struct nl80211_bss_select_rssi_adjust)
937 },
938 };
939
940 /* policy for NAN function attributes */
941 static const struct nla_policy
942 nl80211_nan_func_policy[NL80211_NAN_FUNC_ATTR_MAX + 1] = {
943 [NL80211_NAN_FUNC_TYPE] =
944 NLA_POLICY_MAX(NLA_U8, NL80211_NAN_FUNC_MAX_TYPE),
945 [NL80211_NAN_FUNC_SERVICE_ID] = {
946 .len = NL80211_NAN_FUNC_SERVICE_ID_LEN },
947 [NL80211_NAN_FUNC_PUBLISH_TYPE] = { .type = NLA_U8 },
948 [NL80211_NAN_FUNC_PUBLISH_BCAST] = { .type = NLA_FLAG },
949 [NL80211_NAN_FUNC_SUBSCRIBE_ACTIVE] = { .type = NLA_FLAG },
950 [NL80211_NAN_FUNC_FOLLOW_UP_ID] = { .type = NLA_U8 },
951 [NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID] = { .type = NLA_U8 },
952 [NL80211_NAN_FUNC_FOLLOW_UP_DEST] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
953 [NL80211_NAN_FUNC_CLOSE_RANGE] = { .type = NLA_FLAG },
954 [NL80211_NAN_FUNC_TTL] = { .type = NLA_U32 },
955 [NL80211_NAN_FUNC_SERVICE_INFO] = { .type = NLA_BINARY,
956 .len = NL80211_NAN_FUNC_SERVICE_SPEC_INFO_MAX_LEN },
957 [NL80211_NAN_FUNC_SRF] = { .type = NLA_NESTED },
958 [NL80211_NAN_FUNC_RX_MATCH_FILTER] = { .type = NLA_NESTED },
959 [NL80211_NAN_FUNC_TX_MATCH_FILTER] = { .type = NLA_NESTED },
960 [NL80211_NAN_FUNC_INSTANCE_ID] = { .type = NLA_U8 },
961 [NL80211_NAN_FUNC_TERM_REASON] = { .type = NLA_U8 },
962 };
963
964 /* policy for Service Response Filter attributes */
965 static const struct nla_policy
966 nl80211_nan_srf_policy[NL80211_NAN_SRF_ATTR_MAX + 1] = {
967 [NL80211_NAN_SRF_INCLUDE] = { .type = NLA_FLAG },
968 [NL80211_NAN_SRF_BF] = { .type = NLA_BINARY,
969 .len = NL80211_NAN_FUNC_SRF_MAX_LEN },
970 [NL80211_NAN_SRF_BF_IDX] = { .type = NLA_U8 },
971 [NL80211_NAN_SRF_MAC_ADDRS] = { .type = NLA_NESTED },
972 };
973
974 /* policy for packet pattern attributes */
975 static const struct nla_policy
976 nl80211_packet_pattern_policy[MAX_NL80211_PKTPAT + 1] = {
977 [NL80211_PKTPAT_MASK] = { .type = NLA_BINARY, },
978 [NL80211_PKTPAT_PATTERN] = { .type = NLA_BINARY, },
979 [NL80211_PKTPAT_OFFSET] = { .type = NLA_U32 },
980 };
981
982 static int nl80211_prepare_wdev_dump(struct netlink_callback *cb,
983 struct cfg80211_registered_device **rdev,
984 struct wireless_dev **wdev,
985 struct nlattr **attrbuf)
986 {
987 int err;
988
989 if (!cb->args[0]) {
990 struct nlattr **attrbuf_free = NULL;
991
992 if (!attrbuf) {
993 attrbuf = kcalloc(NUM_NL80211_ATTR, sizeof(*attrbuf),
994 GFP_KERNEL);
995 if (!attrbuf)
996 return -ENOMEM;
997 attrbuf_free = attrbuf;
998 }
999
1000 err = nlmsg_parse_deprecated(cb->nlh,
1001 GENL_HDRLEN + nl80211_fam.hdrsize,
1002 attrbuf, nl80211_fam.maxattr,
1003 nl80211_policy, NULL);
1004 if (err) {
1005 kfree(attrbuf_free);
1006 return err;
1007 }
1008
1009 rtnl_lock();
1010 *wdev = __cfg80211_wdev_from_attrs(NULL, sock_net(cb->skb->sk),
1011 attrbuf);
1012 kfree(attrbuf_free);
1013 if (IS_ERR(*wdev)) {
1014 rtnl_unlock();
1015 return PTR_ERR(*wdev);
1016 }
1017 *rdev = wiphy_to_rdev((*wdev)->wiphy);
1018 mutex_lock(&(*rdev)->wiphy.mtx);
1019 rtnl_unlock();
1020 /* 0 is the first index - add 1 to parse only once */
1021 cb->args[0] = (*rdev)->wiphy_idx + 1;
1022 cb->args[1] = (*wdev)->identifier;
1023 } else {
1024 /* subtract the 1 again here */
1025 struct wiphy *wiphy;
1026 struct wireless_dev *tmp;
1027
1028 rtnl_lock();
1029 wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1);
1030 if (!wiphy) {
1031 rtnl_unlock();
1032 return -ENODEV;
1033 }
1034 *rdev = wiphy_to_rdev(wiphy);
1035 *wdev = NULL;
1036
1037 list_for_each_entry(tmp, &(*rdev)->wiphy.wdev_list, list) {
1038 if (tmp->identifier == cb->args[1]) {
1039 *wdev = tmp;
1040 break;
1041 }
1042 }
1043
1044 if (!*wdev) {
1045 rtnl_unlock();
1046 return -ENODEV;
1047 }
1048 mutex_lock(&(*rdev)->wiphy.mtx);
1049 rtnl_unlock();
1050 }
1051
1052 return 0;
1053 }
1054
1055 /* message building helper */
1056 void *nl80211hdr_put(struct sk_buff *skb, u32 portid, u32 seq,
1057 int flags, u8 cmd)
1058 {
1059 /* since there is no private header just add the generic one */
1060 return genlmsg_put(skb, portid, seq, &nl80211_fam, flags, cmd);
1061 }
1062
1063 static int nl80211_msg_put_wmm_rules(struct sk_buff *msg,
1064 const struct ieee80211_reg_rule *rule)
1065 {
1066 int j;
1067 struct nlattr *nl_wmm_rules =
1068 nla_nest_start_noflag(msg, NL80211_FREQUENCY_ATTR_WMM);
1069
1070 if (!nl_wmm_rules)
1071 goto nla_put_failure;
1072
1073 for (j = 0; j < IEEE80211_NUM_ACS; j++) {
1074 struct nlattr *nl_wmm_rule = nla_nest_start_noflag(msg, j);
1075
1076 if (!nl_wmm_rule)
1077 goto nla_put_failure;
1078
1079 if (nla_put_u16(msg, NL80211_WMMR_CW_MIN,
1080 rule->wmm_rule.client[j].cw_min) ||
1081 nla_put_u16(msg, NL80211_WMMR_CW_MAX,
1082 rule->wmm_rule.client[j].cw_max) ||
1083 nla_put_u8(msg, NL80211_WMMR_AIFSN,
1084 rule->wmm_rule.client[j].aifsn) ||
1085 nla_put_u16(msg, NL80211_WMMR_TXOP,
1086 rule->wmm_rule.client[j].cot))
1087 goto nla_put_failure;
1088
1089 nla_nest_end(msg, nl_wmm_rule);
1090 }
1091 nla_nest_end(msg, nl_wmm_rules);
1092
1093 return 0;
1094
1095 nla_put_failure:
1096 return -ENOBUFS;
1097 }
1098
1099 static int nl80211_msg_put_channel(struct sk_buff *msg, struct wiphy *wiphy,
1100 struct ieee80211_channel *chan,
1101 bool large)
1102 {
1103 /* Some channels must be completely excluded from the
1104 * list to protect old user-space tools from breaking
1105 */
1106 if (!large && chan->flags &
1107 (IEEE80211_CHAN_NO_10MHZ | IEEE80211_CHAN_NO_20MHZ))
1108 return 0;
1109 if (!large && chan->freq_offset)
1110 return 0;
1111
1112 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_FREQ,
1113 chan->center_freq))
1114 goto nla_put_failure;
1115
1116 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_OFFSET, chan->freq_offset))
1117 goto nla_put_failure;
1118
1119 if ((chan->flags & IEEE80211_CHAN_PSD) &&
1120 nla_put_s8(msg, NL80211_FREQUENCY_ATTR_PSD, chan->psd))
1121 goto nla_put_failure;
1122
1123 if ((chan->flags & IEEE80211_CHAN_DISABLED) &&
1124 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_DISABLED))
1125 goto nla_put_failure;
1126 if (chan->flags & IEEE80211_CHAN_NO_IR) {
1127 if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_IR))
1128 goto nla_put_failure;
1129 if (nla_put_flag(msg, __NL80211_FREQUENCY_ATTR_NO_IBSS))
1130 goto nla_put_failure;
1131 }
1132 if (chan->flags & IEEE80211_CHAN_RADAR) {
1133 if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_RADAR))
1134 goto nla_put_failure;
1135 if (large) {
1136 u32 time;
1137
1138 time = elapsed_jiffies_msecs(chan->dfs_state_entered);
1139
1140 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_STATE,
1141 chan->dfs_state))
1142 goto nla_put_failure;
1143 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_TIME,
1144 time))
1145 goto nla_put_failure;
1146 if (nla_put_u32(msg,
1147 NL80211_FREQUENCY_ATTR_DFS_CAC_TIME,
1148 chan->dfs_cac_ms))
1149 goto nla_put_failure;
1150 }
1151 }
1152
1153 if (large) {
1154 if ((chan->flags & IEEE80211_CHAN_NO_HT40MINUS) &&
1155 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_MINUS))
1156 goto nla_put_failure;
1157 if ((chan->flags & IEEE80211_CHAN_NO_HT40PLUS) &&
1158 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_PLUS))
1159 goto nla_put_failure;
1160 if ((chan->flags & IEEE80211_CHAN_NO_80MHZ) &&
1161 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_80MHZ))
1162 goto nla_put_failure;
1163 if ((chan->flags & IEEE80211_CHAN_NO_160MHZ) &&
1164 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_160MHZ))
1165 goto nla_put_failure;
1166 if ((chan->flags & IEEE80211_CHAN_INDOOR_ONLY) &&
1167 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_INDOOR_ONLY))
1168 goto nla_put_failure;
1169 if ((chan->flags & IEEE80211_CHAN_IR_CONCURRENT) &&
1170 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_IR_CONCURRENT))
1171 goto nla_put_failure;
1172 if ((chan->flags & IEEE80211_CHAN_NO_20MHZ) &&
1173 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_20MHZ))
1174 goto nla_put_failure;
1175 if ((chan->flags & IEEE80211_CHAN_NO_10MHZ) &&
1176 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_10MHZ))
1177 goto nla_put_failure;
1178 if ((chan->flags & IEEE80211_CHAN_NO_HE) &&
1179 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HE))
1180 goto nla_put_failure;
1181 if ((chan->flags & IEEE80211_CHAN_1MHZ) &&
1182 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_1MHZ))
1183 goto nla_put_failure;
1184 if ((chan->flags & IEEE80211_CHAN_2MHZ) &&
1185 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_2MHZ))
1186 goto nla_put_failure;
1187 if ((chan->flags & IEEE80211_CHAN_4MHZ) &&
1188 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_4MHZ))
1189 goto nla_put_failure;
1190 if ((chan->flags & IEEE80211_CHAN_8MHZ) &&
1191 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_8MHZ))
1192 goto nla_put_failure;
1193 if ((chan->flags & IEEE80211_CHAN_16MHZ) &&
1194 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_16MHZ))
1195 goto nla_put_failure;
1196 if ((chan->flags & IEEE80211_CHAN_NO_320MHZ) &&
1197 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_320MHZ))
1198 goto nla_put_failure;
1199 if ((chan->flags & IEEE80211_CHAN_NO_EHT) &&
1200 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_EHT))
1201 goto nla_put_failure;
1202 if ((chan->flags & IEEE80211_CHAN_DFS_CONCURRENT) &&
1203 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_DFS_CONCURRENT))
1204 goto nla_put_failure;
1205 if ((chan->flags & IEEE80211_CHAN_NO_6GHZ_VLP_CLIENT) &&
1206 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_6GHZ_VLP_CLIENT))
1207 goto nla_put_failure;
1208 if ((chan->flags & IEEE80211_CHAN_NO_6GHZ_AFC_CLIENT) &&
1209 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_6GHZ_AFC_CLIENT))
1210 goto nla_put_failure;
1211 if ((chan->flags & IEEE80211_CHAN_CAN_MONITOR) &&
1212 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_CAN_MONITOR))
1213 goto nla_put_failure;
1214 if ((chan->flags & IEEE80211_CHAN_ALLOW_6GHZ_VLP_AP) &&
1215 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_ALLOW_6GHZ_VLP_AP))
1216 goto nla_put_failure;
1217 }
1218
1219 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_MAX_TX_POWER,
1220 DBM_TO_MBM(chan->max_power)))
1221 goto nla_put_failure;
1222
1223 if (large) {
1224 const struct ieee80211_reg_rule *rule =
1225 freq_reg_info(wiphy, MHZ_TO_KHZ(chan->center_freq));
1226
1227 if (!IS_ERR_OR_NULL(rule) && rule->has_wmm) {
1228 if (nl80211_msg_put_wmm_rules(msg, rule))
1229 goto nla_put_failure;
1230 }
1231 }
1232
1233 return 0;
1234
1235 nla_put_failure:
1236 return -ENOBUFS;
1237 }
1238
1239 static bool nl80211_put_txq_stats(struct sk_buff *msg,
1240 struct cfg80211_txq_stats *txqstats,
1241 int attrtype)
1242 {
1243 struct nlattr *txqattr;
1244
1245 #define PUT_TXQVAL_U32(attr, memb) do { \
1246 if (txqstats->filled & BIT(NL80211_TXQ_STATS_ ## attr) && \
1247 nla_put_u32(msg, NL80211_TXQ_STATS_ ## attr, txqstats->memb)) \
1248 return false; \
1249 } while (0)
1250
1251 txqattr = nla_nest_start_noflag(msg, attrtype);
1252 if (!txqattr)
1253 return false;
1254
1255 PUT_TXQVAL_U32(BACKLOG_BYTES, backlog_bytes);
1256 PUT_TXQVAL_U32(BACKLOG_PACKETS, backlog_packets);
1257 PUT_TXQVAL_U32(FLOWS, flows);
1258 PUT_TXQVAL_U32(DROPS, drops);
1259 PUT_TXQVAL_U32(ECN_MARKS, ecn_marks);
1260 PUT_TXQVAL_U32(OVERLIMIT, overlimit);
1261 PUT_TXQVAL_U32(OVERMEMORY, overmemory);
1262 PUT_TXQVAL_U32(COLLISIONS, collisions);
1263 PUT_TXQVAL_U32(TX_BYTES, tx_bytes);
1264 PUT_TXQVAL_U32(TX_PACKETS, tx_packets);
1265 PUT_TXQVAL_U32(MAX_FLOWS, max_flows);
1266 nla_nest_end(msg, txqattr);
1267
1268 #undef PUT_TXQVAL_U32
1269 return true;
1270 }
1271
1272 /* netlink command implementations */
1273
1274 /**
1275 * nl80211_link_id - return link ID
1276 * @attrs: attributes to look at
1277 *
1278 * Returns: the link ID or 0 if not given
1279 *
1280 * Note this function doesn't do any validation of the link
1281 * ID validity wrt. links that were actually added, so it must
1282 * be called only from ops with %NL80211_FLAG_MLO_VALID_LINK_ID
1283 * or if additional validation is done.
1284 */
1285 static unsigned int nl80211_link_id(struct nlattr **attrs)
1286 {
1287 struct nlattr *linkid = attrs[NL80211_ATTR_MLO_LINK_ID];
1288
1289 return nla_get_u8_default(linkid, 0);
1290 }
1291
1292 static int nl80211_link_id_or_invalid(struct nlattr **attrs)
1293 {
1294 struct nlattr *linkid = attrs[NL80211_ATTR_MLO_LINK_ID];
1295
1296 if (!linkid)
1297 return -1;
1298
1299 return nla_get_u8(linkid);
1300 }
1301
1302 struct key_parse {
1303 struct key_params p;
1304 int idx;
1305 int type;
1306 bool def, defmgmt, defbeacon;
1307 bool def_uni, def_multi;
1308 };
1309
1310 static int nl80211_parse_key_new(struct genl_info *info, struct nlattr *key,
1311 struct key_parse *k)
1312 {
1313 struct nlattr *tb[NL80211_KEY_MAX + 1];
1314 int err = nla_parse_nested_deprecated(tb, NL80211_KEY_MAX, key,
1315 nl80211_key_policy,
1316 info->extack);
1317 if (err)
1318 return err;
1319
1320 k->def = !!tb[NL80211_KEY_DEFAULT];
1321 k->defmgmt = !!tb[NL80211_KEY_DEFAULT_MGMT];
1322 k->defbeacon = !!tb[NL80211_KEY_DEFAULT_BEACON];
1323
1324 if (k->def) {
1325 k->def_uni = true;
1326 k->def_multi = true;
1327 }
1328 if (k->defmgmt || k->defbeacon)
1329 k->def_multi = true;
1330
1331 if (tb[NL80211_KEY_IDX])
1332 k->idx = nla_get_u8(tb[NL80211_KEY_IDX]);
1333
1334 if (tb[NL80211_KEY_DATA]) {
1335 k->p.key = nla_data(tb[NL80211_KEY_DATA]);
1336 k->p.key_len = nla_len(tb[NL80211_KEY_DATA]);
1337 }
1338
1339 if (tb[NL80211_KEY_SEQ]) {
1340 k->p.seq = nla_data(tb[NL80211_KEY_SEQ]);
1341 k->p.seq_len = nla_len(tb[NL80211_KEY_SEQ]);
1342 }
1343
1344 if (tb[NL80211_KEY_CIPHER])
1345 k->p.cipher = nla_get_u32(tb[NL80211_KEY_CIPHER]);
1346
1347 if (tb[NL80211_KEY_TYPE])
1348 k->type = nla_get_u32(tb[NL80211_KEY_TYPE]);
1349
1350 if (tb[NL80211_KEY_DEFAULT_TYPES]) {
1351 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
1352
1353 err = nla_parse_nested_deprecated(kdt,
1354 NUM_NL80211_KEY_DEFAULT_TYPES - 1,
1355 tb[NL80211_KEY_DEFAULT_TYPES],
1356 nl80211_key_default_policy,
1357 info->extack);
1358 if (err)
1359 return err;
1360
1361 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
1362 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
1363 }
1364
1365 if (tb[NL80211_KEY_MODE])
1366 k->p.mode = nla_get_u8(tb[NL80211_KEY_MODE]);
1367
1368 return 0;
1369 }
1370
1371 static int nl80211_parse_key_old(struct genl_info *info, struct key_parse *k)
1372 {
1373 if (info->attrs[NL80211_ATTR_KEY_DATA]) {
1374 k->p.key = nla_data(info->attrs[NL80211_ATTR_KEY_DATA]);
1375 k->p.key_len = nla_len(info->attrs[NL80211_ATTR_KEY_DATA]);
1376 }
1377
1378 if (info->attrs[NL80211_ATTR_KEY_SEQ]) {
1379 k->p.seq = nla_data(info->attrs[NL80211_ATTR_KEY_SEQ]);
1380 k->p.seq_len = nla_len(info->attrs[NL80211_ATTR_KEY_SEQ]);
1381 }
1382
1383 if (info->attrs[NL80211_ATTR_KEY_IDX])
1384 k->idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
1385
1386 if (info->attrs[NL80211_ATTR_KEY_CIPHER])
1387 k->p.cipher = nla_get_u32(info->attrs[NL80211_ATTR_KEY_CIPHER]);
1388
1389 k->def = !!info->attrs[NL80211_ATTR_KEY_DEFAULT];
1390 k->defmgmt = !!info->attrs[NL80211_ATTR_KEY_DEFAULT_MGMT];
1391
1392 if (k->def) {
1393 k->def_uni = true;
1394 k->def_multi = true;
1395 }
1396 if (k->defmgmt)
1397 k->def_multi = true;
1398
1399 if (info->attrs[NL80211_ATTR_KEY_TYPE])
1400 k->type = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
1401
1402 if (info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES]) {
1403 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
1404 int err = nla_parse_nested_deprecated(kdt,
1405 NUM_NL80211_KEY_DEFAULT_TYPES - 1,
1406 info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES],
1407 nl80211_key_default_policy,
1408 info->extack);
1409 if (err)
1410 return err;
1411
1412 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
1413 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
1414 }
1415
1416 return 0;
1417 }
1418
1419 static int nl80211_parse_key(struct genl_info *info, struct key_parse *k)
1420 {
1421 int err;
1422
1423 memset(k, 0, sizeof(*k));
1424 k->idx = -1;
1425 k->type = -1;
1426
1427 if (info->attrs[NL80211_ATTR_KEY])
1428 err = nl80211_parse_key_new(info, info->attrs[NL80211_ATTR_KEY], k);
1429 else
1430 err = nl80211_parse_key_old(info, k);
1431
1432 if (err)
1433 return err;
1434
1435 if ((k->def ? 1 : 0) + (k->defmgmt ? 1 : 0) +
1436 (k->defbeacon ? 1 : 0) > 1) {
1437 GENL_SET_ERR_MSG(info,
1438 "key with multiple default flags is invalid");
1439 return -EINVAL;
1440 }
1441
1442 if (k->defmgmt || k->defbeacon) {
1443 if (k->def_uni || !k->def_multi) {
1444 GENL_SET_ERR_MSG(info,
1445 "defmgmt/defbeacon key must be mcast");
1446 return -EINVAL;
1447 }
1448 }
1449
1450 if (k->idx != -1) {
1451 if (k->defmgmt) {
1452 if (k->idx < 4 || k->idx > 5) {
1453 GENL_SET_ERR_MSG(info,
1454 "defmgmt key idx not 4 or 5");
1455 return -EINVAL;
1456 }
1457 } else if (k->defbeacon) {
1458 if (k->idx < 6 || k->idx > 7) {
1459 GENL_SET_ERR_MSG(info,
1460 "defbeacon key idx not 6 or 7");
1461 return -EINVAL;
1462 }
1463 } else if (k->def) {
1464 if (k->idx < 0 || k->idx > 3) {
1465 GENL_SET_ERR_MSG(info, "def key idx not 0-3");
1466 return -EINVAL;
1467 }
1468 } else {
1469 if (k->idx < 0 || k->idx > 7) {
1470 GENL_SET_ERR_MSG(info, "key idx not 0-7");
1471 return -EINVAL;
1472 }
1473 }
1474 }
1475
1476 return 0;
1477 }
1478
1479 static struct cfg80211_cached_keys *
1480 nl80211_parse_connkeys(struct cfg80211_registered_device *rdev,
1481 struct genl_info *info, bool *no_ht)
1482 {
1483 struct nlattr *keys = info->attrs[NL80211_ATTR_KEYS];
1484 struct key_parse parse;
1485 struct nlattr *key;
1486 struct cfg80211_cached_keys *result;
1487 int rem, err, def = 0;
1488 bool have_key = false;
1489
1490 nla_for_each_nested(key, keys, rem) {
1491 have_key = true;
1492 break;
1493 }
1494
1495 if (!have_key)
1496 return NULL;
1497
1498 result = kzalloc(sizeof(*result), GFP_KERNEL);
1499 if (!result)
1500 return ERR_PTR(-ENOMEM);
1501
1502 result->def = -1;
1503
1504 nla_for_each_nested(key, keys, rem) {
1505 memset(&parse, 0, sizeof(parse));
1506 parse.idx = -1;
1507
1508 err = nl80211_parse_key_new(info, key, &parse);
1509 if (err)
1510 goto error;
1511 err = -EINVAL;
1512 if (!parse.p.key)
1513 goto error;
1514 if (parse.idx < 0 || parse.idx > 3) {
1515 GENL_SET_ERR_MSG(info, "key index out of range [0-3]");
1516 goto error;
1517 }
1518 if (parse.def) {
1519 if (def) {
1520 GENL_SET_ERR_MSG(info,
1521 "only one key can be default");
1522 goto error;
1523 }
1524 def = 1;
1525 result->def = parse.idx;
1526 if (!parse.def_uni || !parse.def_multi)
1527 goto error;
1528 } else if (parse.defmgmt)
1529 goto error;
1530 err = cfg80211_validate_key_settings(rdev, &parse.p,
1531 parse.idx, false, NULL);
1532 if (err)
1533 goto error;
1534 if (parse.p.cipher != WLAN_CIPHER_SUITE_WEP40 &&
1535 parse.p.cipher != WLAN_CIPHER_SUITE_WEP104) {
1536 GENL_SET_ERR_MSG(info, "connect key must be WEP");
1537 err = -EINVAL;
1538 goto error;
1539 }
1540 result->params[parse.idx].cipher = parse.p.cipher;
1541 result->params[parse.idx].key_len = parse.p.key_len;
1542 result->params[parse.idx].key = result->data[parse.idx];
1543 memcpy(result->data[parse.idx], parse.p.key, parse.p.key_len);
1544
1545 /* must be WEP key if we got here */
1546 if (no_ht)
1547 *no_ht = true;
1548 }
1549
1550 if (result->def < 0) {
1551 err = -EINVAL;
1552 GENL_SET_ERR_MSG(info, "need a default/TX key");
1553 goto error;
1554 }
1555
1556 return result;
1557 error:
1558 kfree(result);
1559 return ERR_PTR(err);
1560 }
1561
1562 static int nl80211_key_allowed(struct wireless_dev *wdev)
1563 {
1564 lockdep_assert_wiphy(wdev->wiphy);
1565
1566 switch (wdev->iftype) {
1567 case NL80211_IFTYPE_AP:
1568 case NL80211_IFTYPE_AP_VLAN:
1569 case NL80211_IFTYPE_P2P_GO:
1570 case NL80211_IFTYPE_MESH_POINT:
1571 break;
1572 case NL80211_IFTYPE_ADHOC:
1573 if (wdev->u.ibss.current_bss)
1574 return 0;
1575 return -ENOLINK;
1576 case NL80211_IFTYPE_STATION:
1577 case NL80211_IFTYPE_P2P_CLIENT:
1578 if (wdev->connected)
1579 return 0;
1580 return -ENOLINK;
1581 case NL80211_IFTYPE_NAN:
1582 if (wiphy_ext_feature_isset(wdev->wiphy,
1583 NL80211_EXT_FEATURE_SECURE_NAN))
1584 return 0;
1585 return -EINVAL;
1586 case NL80211_IFTYPE_UNSPECIFIED:
1587 case NL80211_IFTYPE_OCB:
1588 case NL80211_IFTYPE_MONITOR:
1589 case NL80211_IFTYPE_P2P_DEVICE:
1590 case NL80211_IFTYPE_WDS:
1591 case NUM_NL80211_IFTYPES:
1592 return -EINVAL;
1593 }
1594
1595 return 0;
1596 }
1597
1598 static struct ieee80211_channel *nl80211_get_valid_chan(struct wiphy *wiphy,
1599 u32 freq)
1600 {
1601 struct ieee80211_channel *chan;
1602
1603 chan = ieee80211_get_channel_khz(wiphy, freq);
1604 if (!chan || chan->flags & IEEE80211_CHAN_DISABLED)
1605 return NULL;
1606 return chan;
1607 }
1608
1609 static int nl80211_put_iftypes(struct sk_buff *msg, u32 attr, u16 ifmodes)
1610 {
1611 struct nlattr *nl_modes = nla_nest_start_noflag(msg, attr);
1612 int i;
1613
1614 if (!nl_modes)
1615 goto nla_put_failure;
1616
1617 i = 0;
1618 while (ifmodes) {
1619 if ((ifmodes & 1) && nla_put_flag(msg, i))
1620 goto nla_put_failure;
1621 ifmodes >>= 1;
1622 i++;
1623 }
1624
1625 nla_nest_end(msg, nl_modes);
1626 return 0;
1627
1628 nla_put_failure:
1629 return -ENOBUFS;
1630 }
1631
1632 static int nl80211_put_ifcomb_data(struct sk_buff *msg, bool large, int idx,
1633 const struct ieee80211_iface_combination *c,
1634 u16 nested)
1635 {
1636 struct nlattr *nl_combi, *nl_limits;
1637 int i;
1638
1639 nl_combi = nla_nest_start_noflag(msg, idx | nested);
1640 if (!nl_combi)
1641 goto nla_put_failure;
1642
1643 nl_limits = nla_nest_start_noflag(msg, NL80211_IFACE_COMB_LIMITS |
1644 nested);
1645 if (!nl_limits)
1646 goto nla_put_failure;
1647
1648 for (i = 0; i < c->n_limits; i++) {
1649 struct nlattr *nl_limit;
1650
1651 nl_limit = nla_nest_start_noflag(msg, i + 1);
1652 if (!nl_limit)
1653 goto nla_put_failure;
1654 if (nla_put_u32(msg, NL80211_IFACE_LIMIT_MAX, c->limits[i].max))
1655 goto nla_put_failure;
1656 if (nl80211_put_iftypes(msg, NL80211_IFACE_LIMIT_TYPES,
1657 c->limits[i].types))
1658 goto nla_put_failure;
1659 nla_nest_end(msg, nl_limit);
1660 }
1661
1662 nla_nest_end(msg, nl_limits);
1663
1664 if (c->beacon_int_infra_match &&
1665 nla_put_flag(msg, NL80211_IFACE_COMB_STA_AP_BI_MATCH))
1666 goto nla_put_failure;
1667 if (nla_put_u32(msg, NL80211_IFACE_COMB_NUM_CHANNELS,
1668 c->num_different_channels) ||
1669 nla_put_u32(msg, NL80211_IFACE_COMB_MAXNUM,
1670 c->max_interfaces))
1671 goto nla_put_failure;
1672 if (large &&
1673 (nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_WIDTHS,
1674 c->radar_detect_widths) ||
1675 nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_REGIONS,
1676 c->radar_detect_regions)))
1677 goto nla_put_failure;
1678 if (c->beacon_int_min_gcd &&
1679 nla_put_u32(msg, NL80211_IFACE_COMB_BI_MIN_GCD,
1680 c->beacon_int_min_gcd))
1681 goto nla_put_failure;
1682
1683 nla_nest_end(msg, nl_combi);
1684
1685 return 0;
1686 nla_put_failure:
1687 return -ENOBUFS;
1688 }
1689
1690 static int nl80211_put_iface_combinations(struct wiphy *wiphy,
1691 struct sk_buff *msg,
1692 int attr, int radio,
1693 bool large, u16 nested)
1694 {
1695 const struct ieee80211_iface_combination *c;
1696 struct nlattr *nl_combis;
1697 int i, n;
1698
1699 nl_combis = nla_nest_start_noflag(msg, attr | nested);
1700 if (!nl_combis)
1701 goto nla_put_failure;
1702
1703 if (radio >= 0) {
1704 c = wiphy->radio[0].iface_combinations;
1705 n = wiphy->radio[0].n_iface_combinations;
1706 } else {
1707 c = wiphy->iface_combinations;
1708 n = wiphy->n_iface_combinations;
1709 }
1710 for (i = 0; i < n; i++)
1711 if (nl80211_put_ifcomb_data(msg, large, i + 1, &c[i], nested))
1712 goto nla_put_failure;
1713
1714 nla_nest_end(msg, nl_combis);
1715
1716 return 0;
1717 nla_put_failure:
1718 return -ENOBUFS;
1719 }
1720
1721 #ifdef CONFIG_PM
1722 static int nl80211_send_wowlan_tcp_caps(struct cfg80211_registered_device *rdev,
1723 struct sk_buff *msg)
1724 {
1725 const struct wiphy_wowlan_tcp_support *tcp = rdev->wiphy.wowlan->tcp;
1726 struct nlattr *nl_tcp;
1727
1728 if (!tcp)
1729 return 0;
1730
1731 nl_tcp = nla_nest_start_noflag(msg,
1732 NL80211_WOWLAN_TRIG_TCP_CONNECTION);
1733 if (!nl_tcp)
1734 return -ENOBUFS;
1735
1736 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
1737 tcp->data_payload_max))
1738 return -ENOBUFS;
1739
1740 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
1741 tcp->data_payload_max))
1742 return -ENOBUFS;
1743
1744 if (tcp->seq && nla_put_flag(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ))
1745 return -ENOBUFS;
1746
1747 if (tcp->tok && nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
1748 sizeof(*tcp->tok), tcp->tok))
1749 return -ENOBUFS;
1750
1751 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
1752 tcp->data_interval_max))
1753 return -ENOBUFS;
1754
1755 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
1756 tcp->wake_payload_max))
1757 return -ENOBUFS;
1758
1759 nla_nest_end(msg, nl_tcp);
1760 return 0;
1761 }
1762
1763 static int nl80211_send_wowlan(struct sk_buff *msg,
1764 struct cfg80211_registered_device *rdev,
1765 bool large)
1766 {
1767 struct nlattr *nl_wowlan;
1768
1769 if (!rdev->wiphy.wowlan)
1770 return 0;
1771
1772 nl_wowlan = nla_nest_start_noflag(msg,
1773 NL80211_ATTR_WOWLAN_TRIGGERS_SUPPORTED);
1774 if (!nl_wowlan)
1775 return -ENOBUFS;
1776
1777 if (((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_ANY) &&
1778 nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
1779 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_DISCONNECT) &&
1780 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
1781 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT) &&
1782 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
1783 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_SUPPORTS_GTK_REKEY) &&
1784 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED)) ||
1785 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE) &&
1786 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
1787 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ) &&
1788 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
1789 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE) &&
1790 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
1791 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE) &&
1792 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
1793 return -ENOBUFS;
1794
1795 if (rdev->wiphy.wowlan->n_patterns) {
1796 struct nl80211_pattern_support pat = {
1797 .max_patterns = rdev->wiphy.wowlan->n_patterns,
1798 .min_pattern_len = rdev->wiphy.wowlan->pattern_min_len,
1799 .max_pattern_len = rdev->wiphy.wowlan->pattern_max_len,
1800 .max_pkt_offset = rdev->wiphy.wowlan->max_pkt_offset,
1801 };
1802
1803 if (nla_put(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
1804 sizeof(pat), &pat))
1805 return -ENOBUFS;
1806 }
1807
1808 if ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_NET_DETECT) &&
1809 nla_put_u32(msg, NL80211_WOWLAN_TRIG_NET_DETECT,
1810 rdev->wiphy.wowlan->max_nd_match_sets))
1811 return -ENOBUFS;
1812
1813 if (large && nl80211_send_wowlan_tcp_caps(rdev, msg))
1814 return -ENOBUFS;
1815
1816 nla_nest_end(msg, nl_wowlan);
1817
1818 return 0;
1819 }
1820 #endif
1821
1822 static int nl80211_send_coalesce(struct sk_buff *msg,
1823 struct cfg80211_registered_device *rdev)
1824 {
1825 struct nl80211_coalesce_rule_support rule;
1826
1827 if (!rdev->wiphy.coalesce)
1828 return 0;
1829
1830 rule.max_rules = rdev->wiphy.coalesce->n_rules;
1831 rule.max_delay = rdev->wiphy.coalesce->max_delay;
1832 rule.pat.max_patterns = rdev->wiphy.coalesce->n_patterns;
1833 rule.pat.min_pattern_len = rdev->wiphy.coalesce->pattern_min_len;
1834 rule.pat.max_pattern_len = rdev->wiphy.coalesce->pattern_max_len;
1835 rule.pat.max_pkt_offset = rdev->wiphy.coalesce->max_pkt_offset;
1836
1837 if (nla_put(msg, NL80211_ATTR_COALESCE_RULE, sizeof(rule), &rule))
1838 return -ENOBUFS;
1839
1840 return 0;
1841 }
1842
1843 static int
1844 nl80211_send_iftype_data(struct sk_buff *msg,
1845 const struct ieee80211_supported_band *sband,
1846 const struct ieee80211_sband_iftype_data *iftdata)
1847 {
1848 const struct ieee80211_sta_he_cap *he_cap = &iftdata->he_cap;
1849 const struct ieee80211_sta_eht_cap *eht_cap = &iftdata->eht_cap;
1850
1851 if (nl80211_put_iftypes(msg, NL80211_BAND_IFTYPE_ATTR_IFTYPES,
1852 iftdata->types_mask))
1853 return -ENOBUFS;
1854
1855 if (he_cap->has_he) {
1856 if (nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_MAC,
1857 sizeof(he_cap->he_cap_elem.mac_cap_info),
1858 he_cap->he_cap_elem.mac_cap_info) ||
1859 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_PHY,
1860 sizeof(he_cap->he_cap_elem.phy_cap_info),
1861 he_cap->he_cap_elem.phy_cap_info) ||
1862 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_MCS_SET,
1863 sizeof(he_cap->he_mcs_nss_supp),
1864 &he_cap->he_mcs_nss_supp) ||
1865 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_PPE,
1866 sizeof(he_cap->ppe_thres), he_cap->ppe_thres))
1867 return -ENOBUFS;
1868 }
1869
1870 if (eht_cap->has_eht && he_cap->has_he) {
1871 u8 mcs_nss_size, ppe_thresh_size;
1872 u16 ppe_thres_hdr;
1873 bool is_ap;
1874
1875 is_ap = iftdata->types_mask & BIT(NL80211_IFTYPE_AP) ||
1876 iftdata->types_mask & BIT(NL80211_IFTYPE_P2P_GO);
1877
1878 mcs_nss_size =
1879 ieee80211_eht_mcs_nss_size(&he_cap->he_cap_elem,
1880 &eht_cap->eht_cap_elem,
1881 is_ap);
1882
1883 ppe_thres_hdr = get_unaligned_le16(&eht_cap->eht_ppe_thres[0]);
1884 ppe_thresh_size =
1885 ieee80211_eht_ppe_size(ppe_thres_hdr,
1886 eht_cap->eht_cap_elem.phy_cap_info);
1887
1888 if (nla_put(msg, NL80211_BAND_IFTYPE_ATTR_EHT_CAP_MAC,
1889 sizeof(eht_cap->eht_cap_elem.mac_cap_info),
1890 eht_cap->eht_cap_elem.mac_cap_info) ||
1891 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_EHT_CAP_PHY,
1892 sizeof(eht_cap->eht_cap_elem.phy_cap_info),
1893 eht_cap->eht_cap_elem.phy_cap_info) ||
1894 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_EHT_CAP_MCS_SET,
1895 mcs_nss_size, &eht_cap->eht_mcs_nss_supp) ||
1896 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_EHT_CAP_PPE,
1897 ppe_thresh_size, eht_cap->eht_ppe_thres))
1898 return -ENOBUFS;
1899 }
1900
1901 if (sband->band == NL80211_BAND_6GHZ &&
1902 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_6GHZ_CAPA,
1903 sizeof(iftdata->he_6ghz_capa),
1904 &iftdata->he_6ghz_capa))
1905 return -ENOBUFS;
1906
1907 if (iftdata->vendor_elems.data && iftdata->vendor_elems.len &&
1908 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_VENDOR_ELEMS,
1909 iftdata->vendor_elems.len, iftdata->vendor_elems.data))
1910 return -ENOBUFS;
1911
1912 return 0;
1913 }
1914
1915 static int nl80211_send_band_rateinfo(struct sk_buff *msg,
1916 struct ieee80211_supported_band *sband,
1917 bool large)
1918 {
1919 struct nlattr *nl_rates, *nl_rate;
1920 struct ieee80211_rate *rate;
1921 int i;
1922
1923 /* add HT info */
1924 if (sband->ht_cap.ht_supported &&
1925 (nla_put(msg, NL80211_BAND_ATTR_HT_MCS_SET,
1926 sizeof(sband->ht_cap.mcs),
1927 &sband->ht_cap.mcs) ||
1928 nla_put_u16(msg, NL80211_BAND_ATTR_HT_CAPA,
1929 sband->ht_cap.cap) ||
1930 nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_FACTOR,
1931 sband->ht_cap.ampdu_factor) ||
1932 nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_DENSITY,
1933 sband->ht_cap.ampdu_density)))
1934 return -ENOBUFS;
1935
1936 /* add VHT info */
1937 if (sband->vht_cap.vht_supported &&
1938 (nla_put(msg, NL80211_BAND_ATTR_VHT_MCS_SET,
1939 sizeof(sband->vht_cap.vht_mcs),
1940 &sband->vht_cap.vht_mcs) ||
1941 nla_put_u32(msg, NL80211_BAND_ATTR_VHT_CAPA,
1942 sband->vht_cap.cap)))
1943 return -ENOBUFS;
1944
1945 if (large && sband->n_iftype_data) {
1946 struct nlattr *nl_iftype_data =
1947 nla_nest_start_noflag(msg,
1948 NL80211_BAND_ATTR_IFTYPE_DATA);
1949 const struct ieee80211_sband_iftype_data *iftd;
1950 int err;
1951
1952 if (!nl_iftype_data)
1953 return -ENOBUFS;
1954
1955 for_each_sband_iftype_data(sband, i, iftd) {
1956 struct nlattr *iftdata;
1957
1958 iftdata = nla_nest_start_noflag(msg, i + 1);
1959 if (!iftdata)
1960 return -ENOBUFS;
1961
1962 err = nl80211_send_iftype_data(msg, sband, iftd);
1963 if (err)
1964 return err;
1965
1966 nla_nest_end(msg, iftdata);
1967 }
1968
1969 nla_nest_end(msg, nl_iftype_data);
1970 }
1971
1972 /* add EDMG info */
1973 if (large && sband->edmg_cap.channels &&
1974 (nla_put_u8(msg, NL80211_BAND_ATTR_EDMG_CHANNELS,
1975 sband->edmg_cap.channels) ||
1976 nla_put_u8(msg, NL80211_BAND_ATTR_EDMG_BW_CONFIG,
1977 sband->edmg_cap.bw_config)))
1978
1979 return -ENOBUFS;
1980
1981 /* add bitrates */
1982 nl_rates = nla_nest_start_noflag(msg, NL80211_BAND_ATTR_RATES);
1983 if (!nl_rates)
1984 return -ENOBUFS;
1985
1986 for (i = 0; i < sband->n_bitrates; i++) {
1987 nl_rate = nla_nest_start_noflag(msg, i);
1988 if (!nl_rate)
1989 return -ENOBUFS;
1990
1991 rate = &sband->bitrates[i];
1992 if (nla_put_u32(msg, NL80211_BITRATE_ATTR_RATE,
1993 rate->bitrate))
1994 return -ENOBUFS;
1995 if ((rate->flags & IEEE80211_RATE_SHORT_PREAMBLE) &&
1996 nla_put_flag(msg,
1997 NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE))
1998 return -ENOBUFS;
1999
2000 nla_nest_end(msg, nl_rate);
2001 }
2002
2003 nla_nest_end(msg, nl_rates);
2004
2005 /* S1G capabilities */
2006 if (sband->band == NL80211_BAND_S1GHZ && sband->s1g_cap.s1g &&
2007 (nla_put(msg, NL80211_BAND_ATTR_S1G_CAPA,
2008 sizeof(sband->s1g_cap.cap),
2009 sband->s1g_cap.cap) ||
2010 nla_put(msg, NL80211_BAND_ATTR_S1G_MCS_NSS_SET,
2011 sizeof(sband->s1g_cap.nss_mcs),
2012 sband->s1g_cap.nss_mcs)))
2013 return -ENOBUFS;
2014
2015 return 0;
2016 }
2017
2018 static int
2019 nl80211_send_mgmt_stypes(struct sk_buff *msg,
2020 const struct ieee80211_txrx_stypes *mgmt_stypes)
2021 {
2022 u16 stypes;
2023 struct nlattr *nl_ftypes, *nl_ifs;
2024 enum nl80211_iftype ift;
2025 int i;
2026
2027 if (!mgmt_stypes)
2028 return 0;
2029
2030 nl_ifs = nla_nest_start_noflag(msg, NL80211_ATTR_TX_FRAME_TYPES);
2031 if (!nl_ifs)
2032 return -ENOBUFS;
2033
2034 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
2035 nl_ftypes = nla_nest_start_noflag(msg, ift);
2036 if (!nl_ftypes)
2037 return -ENOBUFS;
2038 i = 0;
2039 stypes = mgmt_stypes[ift].tx;
2040 while (stypes) {
2041 if ((stypes & 1) &&
2042 nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
2043 (i << 4) | IEEE80211_FTYPE_MGMT))
2044 return -ENOBUFS;
2045 stypes >>= 1;
2046 i++;
2047 }
2048 nla_nest_end(msg, nl_ftypes);
2049 }
2050
2051 nla_nest_end(msg, nl_ifs);
2052
2053 nl_ifs = nla_nest_start_noflag(msg, NL80211_ATTR_RX_FRAME_TYPES);
2054 if (!nl_ifs)
2055 return -ENOBUFS;
2056
2057 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
2058 nl_ftypes = nla_nest_start_noflag(msg, ift);
2059 if (!nl_ftypes)
2060 return -ENOBUFS;
2061 i = 0;
2062 stypes = mgmt_stypes[ift].rx;
2063 while (stypes) {
2064 if ((stypes & 1) &&
2065 nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
2066 (i << 4) | IEEE80211_FTYPE_MGMT))
2067 return -ENOBUFS;
2068 stypes >>= 1;
2069 i++;
2070 }
2071 nla_nest_end(msg, nl_ftypes);
2072 }
2073 nla_nest_end(msg, nl_ifs);
2074
2075 return 0;
2076 }
2077
2078 #define CMD(op, n) \
2079 do { \
2080 if (rdev->ops->op) { \
2081 i++; \
2082 if (nla_put_u32(msg, i, NL80211_CMD_ ## n)) \
2083 goto nla_put_failure; \
2084 } \
2085 } while (0)
2086
2087 static int nl80211_add_commands_unsplit(struct cfg80211_registered_device *rdev,
2088 struct sk_buff *msg)
2089 {
2090 int i = 0;
2091
2092 /*
2093 * do *NOT* add anything into this function, new things need to be
2094 * advertised only to new versions of userspace that can deal with
2095 * the split (and they can't possibly care about new features...
2096 */
2097 CMD(add_virtual_intf, NEW_INTERFACE);
2098 CMD(change_virtual_intf, SET_INTERFACE);
2099 CMD(add_key, NEW_KEY);
2100 CMD(start_ap, START_AP);
2101 CMD(add_station, NEW_STATION);
2102 CMD(add_mpath, NEW_MPATH);
2103 CMD(update_mesh_config, SET_MESH_CONFIG);
2104 CMD(change_bss, SET_BSS);
2105 CMD(auth, AUTHENTICATE);
2106 CMD(assoc, ASSOCIATE);
2107 CMD(deauth, DEAUTHENTICATE);
2108 CMD(disassoc, DISASSOCIATE);
2109 CMD(join_ibss, JOIN_IBSS);
2110 CMD(join_mesh, JOIN_MESH);
2111 CMD(set_pmksa, SET_PMKSA);
2112 CMD(del_pmksa, DEL_PMKSA);
2113 CMD(flush_pmksa, FLUSH_PMKSA);
2114 if (rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL)
2115 CMD(remain_on_channel, REMAIN_ON_CHANNEL);
2116 CMD(set_bitrate_mask, SET_TX_BITRATE_MASK);
2117 CMD(mgmt_tx, FRAME);
2118 CMD(mgmt_tx_cancel_wait, FRAME_WAIT_CANCEL);
2119 if (rdev->wiphy.flags & WIPHY_FLAG_NETNS_OK) {
2120 i++;
2121 if (nla_put_u32(msg, i, NL80211_CMD_SET_WIPHY_NETNS))
2122 goto nla_put_failure;
2123 }
2124 if (rdev->ops->set_monitor_channel || rdev->ops->start_ap ||
2125 rdev->ops->join_mesh) {
2126 i++;
2127 if (nla_put_u32(msg, i, NL80211_CMD_SET_CHANNEL))
2128 goto nla_put_failure;
2129 }
2130 if (rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) {
2131 CMD(tdls_mgmt, TDLS_MGMT);
2132 CMD(tdls_oper, TDLS_OPER);
2133 }
2134 if (rdev->wiphy.max_sched_scan_reqs)
2135 CMD(sched_scan_start, START_SCHED_SCAN);
2136 CMD(probe_client, PROBE_CLIENT);
2137 CMD(set_noack_map, SET_NOACK_MAP);
2138 if (rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS) {
2139 i++;
2140 if (nla_put_u32(msg, i, NL80211_CMD_REGISTER_BEACONS))
2141 goto nla_put_failure;
2142 }
2143 CMD(start_p2p_device, START_P2P_DEVICE);
2144 CMD(set_mcast_rate, SET_MCAST_RATE);
2145 #ifdef CONFIG_NL80211_TESTMODE
2146 CMD(testmode_cmd, TESTMODE);
2147 #endif
2148
2149 if (rdev->ops->connect || rdev->ops->auth) {
2150 i++;
2151 if (nla_put_u32(msg, i, NL80211_CMD_CONNECT))
2152 goto nla_put_failure;
2153 }
2154
2155 if (rdev->ops->disconnect || rdev->ops->deauth) {
2156 i++;
2157 if (nla_put_u32(msg, i, NL80211_CMD_DISCONNECT))
2158 goto nla_put_failure;
2159 }
2160
2161 return i;
2162 nla_put_failure:
2163 return -ENOBUFS;
2164 }
2165
2166 static int
2167 nl80211_send_pmsr_ftm_capa(const struct cfg80211_pmsr_capabilities *cap,
2168 struct sk_buff *msg)
2169 {
2170 struct nlattr *ftm;
2171
2172 if (!cap->ftm.supported)
2173 return 0;
2174
2175 ftm = nla_nest_start_noflag(msg, NL80211_PMSR_TYPE_FTM);
2176 if (!ftm)
2177 return -ENOBUFS;
2178
2179 if (cap->ftm.asap && nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_ASAP))
2180 return -ENOBUFS;
2181 if (cap->ftm.non_asap &&
2182 nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_NON_ASAP))
2183 return -ENOBUFS;
2184 if (cap->ftm.request_lci &&
2185 nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_REQ_LCI))
2186 return -ENOBUFS;
2187 if (cap->ftm.request_civicloc &&
2188 nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_REQ_CIVICLOC))
2189 return -ENOBUFS;
2190 if (nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_PREAMBLES,
2191 cap->ftm.preambles))
2192 return -ENOBUFS;
2193 if (nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_BANDWIDTHS,
2194 cap->ftm.bandwidths))
2195 return -ENOBUFS;
2196 if (cap->ftm.max_bursts_exponent >= 0 &&
2197 nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_MAX_BURSTS_EXPONENT,
2198 cap->ftm.max_bursts_exponent))
2199 return -ENOBUFS;
2200 if (cap->ftm.max_ftms_per_burst &&
2201 nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_MAX_FTMS_PER_BURST,
2202 cap->ftm.max_ftms_per_burst))
2203 return -ENOBUFS;
2204 if (cap->ftm.trigger_based &&
2205 nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_TRIGGER_BASED))
2206 return -ENOBUFS;
2207 if (cap->ftm.non_trigger_based &&
2208 nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_NON_TRIGGER_BASED))
2209 return -ENOBUFS;
2210
2211 nla_nest_end(msg, ftm);
2212 return 0;
2213 }
2214
2215 static int nl80211_send_pmsr_capa(struct cfg80211_registered_device *rdev,
2216 struct sk_buff *msg)
2217 {
2218 const struct cfg80211_pmsr_capabilities *cap = rdev->wiphy.pmsr_capa;
2219 struct nlattr *pmsr, *caps;
2220
2221 if (!cap)
2222 return 0;
2223
2224 /*
2225 * we don't need to clean up anything here since the caller
2226 * will genlmsg_cancel() if we fail
2227 */
2228
2229 pmsr = nla_nest_start_noflag(msg, NL80211_ATTR_PEER_MEASUREMENTS);
2230 if (!pmsr)
2231 return -ENOBUFS;
2232
2233 if (nla_put_u32(msg, NL80211_PMSR_ATTR_MAX_PEERS, cap->max_peers))
2234 return -ENOBUFS;
2235
2236 if (cap->report_ap_tsf &&
2237 nla_put_flag(msg, NL80211_PMSR_ATTR_REPORT_AP_TSF))
2238 return -ENOBUFS;
2239
2240 if (cap->randomize_mac_addr &&
2241 nla_put_flag(msg, NL80211_PMSR_ATTR_RANDOMIZE_MAC_ADDR))
2242 return -ENOBUFS;
2243
2244 caps = nla_nest_start_noflag(msg, NL80211_PMSR_ATTR_TYPE_CAPA);
2245 if (!caps)
2246 return -ENOBUFS;
2247
2248 if (nl80211_send_pmsr_ftm_capa(cap, msg))
2249 return -ENOBUFS;
2250
2251 nla_nest_end(msg, caps);
2252 nla_nest_end(msg, pmsr);
2253
2254 return 0;
2255 }
2256
2257 static int
2258 nl80211_put_iftype_akm_suites(struct cfg80211_registered_device *rdev,
2259 struct sk_buff *msg)
2260 {
2261 int i;
2262 struct nlattr *nested, *nested_akms;
2263 const struct wiphy_iftype_akm_suites *iftype_akms;
2264
2265 if (!rdev->wiphy.num_iftype_akm_suites ||
2266 !rdev->wiphy.iftype_akm_suites)
2267 return 0;
2268
2269 nested = nla_nest_start(msg, NL80211_ATTR_IFTYPE_AKM_SUITES);
2270 if (!nested)
2271 return -ENOBUFS;
2272
2273 for (i = 0; i < rdev->wiphy.num_iftype_akm_suites; i++) {
2274 nested_akms = nla_nest_start(msg, i + 1);
2275 if (!nested_akms)
2276 return -ENOBUFS;
2277
2278 iftype_akms = &rdev->wiphy.iftype_akm_suites[i];
2279
2280 if (nl80211_put_iftypes(msg, NL80211_IFTYPE_AKM_ATTR_IFTYPES,
2281 iftype_akms->iftypes_mask))
2282 return -ENOBUFS;
2283
2284 if (nla_put(msg, NL80211_IFTYPE_AKM_ATTR_SUITES,
2285 sizeof(u32) * iftype_akms->n_akm_suites,
2286 iftype_akms->akm_suites)) {
2287 return -ENOBUFS;
2288 }
2289 nla_nest_end(msg, nested_akms);
2290 }
2291
2292 nla_nest_end(msg, nested);
2293
2294 return 0;
2295 }
2296
2297 static int
2298 nl80211_put_tid_config_support(struct cfg80211_registered_device *rdev,
2299 struct sk_buff *msg)
2300 {
2301 struct nlattr *supp;
2302
2303 if (!rdev->wiphy.tid_config_support.vif &&
2304 !rdev->wiphy.tid_config_support.peer)
2305 return 0;
2306
2307 supp = nla_nest_start(msg, NL80211_ATTR_TID_CONFIG);
2308 if (!supp)
2309 return -ENOSPC;
2310
2311 if (rdev->wiphy.tid_config_support.vif &&
2312 nla_put_u64_64bit(msg, NL80211_TID_CONFIG_ATTR_VIF_SUPP,
2313 rdev->wiphy.tid_config_support.vif,
2314 NL80211_TID_CONFIG_ATTR_PAD))
2315 goto fail;
2316
2317 if (rdev->wiphy.tid_config_support.peer &&
2318 nla_put_u64_64bit(msg, NL80211_TID_CONFIG_ATTR_PEER_SUPP,
2319 rdev->wiphy.tid_config_support.peer,
2320 NL80211_TID_CONFIG_ATTR_PAD))
2321 goto fail;
2322
2323 /* for now we just use the same value ... makes more sense */
2324 if (nla_put_u8(msg, NL80211_TID_CONFIG_ATTR_RETRY_SHORT,
2325 rdev->wiphy.tid_config_support.max_retry))
2326 goto fail;
2327 if (nla_put_u8(msg, NL80211_TID_CONFIG_ATTR_RETRY_LONG,
2328 rdev->wiphy.tid_config_support.max_retry))
2329 goto fail;
2330
2331 nla_nest_end(msg, supp);
2332
2333 return 0;
2334 fail:
2335 nla_nest_cancel(msg, supp);
2336 return -ENOBUFS;
2337 }
2338
2339 static int
2340 nl80211_put_sar_specs(struct cfg80211_registered_device *rdev,
2341 struct sk_buff *msg)
2342 {
2343 struct nlattr *sar_capa, *specs, *sub_freq_range;
2344 u8 num_freq_ranges;
2345 int i;
2346
2347 if (!rdev->wiphy.sar_capa)
2348 return 0;
2349
2350 num_freq_ranges = rdev->wiphy.sar_capa->num_freq_ranges;
2351
2352 sar_capa = nla_nest_start(msg, NL80211_ATTR_SAR_SPEC);
2353 if (!sar_capa)
2354 return -ENOSPC;
2355
2356 if (nla_put_u32(msg, NL80211_SAR_ATTR_TYPE, rdev->wiphy.sar_capa->type))
2357 goto fail;
2358
2359 specs = nla_nest_start(msg, NL80211_SAR_ATTR_SPECS);
2360 if (!specs)
2361 goto fail;
2362
2363 /* report supported freq_ranges */
2364 for (i = 0; i < num_freq_ranges; i++) {
2365 sub_freq_range = nla_nest_start(msg, i + 1);
2366 if (!sub_freq_range)
2367 goto fail;
2368
2369 if (nla_put_u32(msg, NL80211_SAR_ATTR_SPECS_START_FREQ,
2370 rdev->wiphy.sar_capa->freq_ranges[i].start_freq))
2371 goto fail;
2372
2373 if (nla_put_u32(msg, NL80211_SAR_ATTR_SPECS_END_FREQ,
2374 rdev->wiphy.sar_capa->freq_ranges[i].end_freq))
2375 goto fail;
2376
2377 nla_nest_end(msg, sub_freq_range);
2378 }
2379
2380 nla_nest_end(msg, specs);
2381 nla_nest_end(msg, sar_capa);
2382
2383 return 0;
2384 fail:
2385 nla_nest_cancel(msg, sar_capa);
2386 return -ENOBUFS;
2387 }
2388
2389 static int nl80211_put_mbssid_support(struct wiphy *wiphy, struct sk_buff *msg)
2390 {
2391 struct nlattr *config;
2392
2393 if (!wiphy->mbssid_max_interfaces)
2394 return 0;
2395
2396 config = nla_nest_start(msg, NL80211_ATTR_MBSSID_CONFIG);
2397 if (!config)
2398 return -ENOBUFS;
2399
2400 if (nla_put_u8(msg, NL80211_MBSSID_CONFIG_ATTR_MAX_INTERFACES,
2401 wiphy->mbssid_max_interfaces))
2402 goto fail;
2403
2404 if (wiphy->ema_max_profile_periodicity &&
2405 nla_put_u8(msg,
2406 NL80211_MBSSID_CONFIG_ATTR_MAX_EMA_PROFILE_PERIODICITY,
2407 wiphy->ema_max_profile_periodicity))
2408 goto fail;
2409
2410 nla_nest_end(msg, config);
2411 return 0;
2412
2413 fail:
2414 nla_nest_cancel(msg, config);
2415 return -ENOBUFS;
2416 }
2417
2418 static int nl80211_put_radio(struct wiphy *wiphy, struct sk_buff *msg, int idx)
2419 {
2420 const struct wiphy_radio *r = &wiphy->radio[idx];
2421 struct nlattr *radio, *freq;
2422 int i;
2423
2424 radio = nla_nest_start(msg, idx);
2425 if (!radio)
2426 return -ENOBUFS;
2427
2428 if (nla_put_u32(msg, NL80211_WIPHY_RADIO_ATTR_INDEX, idx))
2429 goto nla_put_failure;
2430
2431 if (r->antenna_mask &&
2432 nla_put_u32(msg, NL80211_WIPHY_RADIO_ATTR_ANTENNA_MASK,
2433 r->antenna_mask))
2434 goto nla_put_failure;
2435
2436 for (i = 0; i < r->n_freq_range; i++) {
2437 const struct wiphy_radio_freq_range *range = &r->freq_range[i];
2438
2439 freq = nla_nest_start(msg, NL80211_WIPHY_RADIO_ATTR_FREQ_RANGE);
2440 if (!freq)
2441 goto nla_put_failure;
2442
2443 if (nla_put_u32(msg, NL80211_WIPHY_RADIO_FREQ_ATTR_START,
2444 range->start_freq) ||
2445 nla_put_u32(msg, NL80211_WIPHY_RADIO_FREQ_ATTR_END,
2446 range->end_freq))
2447 goto nla_put_failure;
2448
2449 nla_nest_end(msg, freq);
2450 }
2451
2452 for (i = 0; i < r->n_iface_combinations; i++)
2453 if (nl80211_put_ifcomb_data(msg, true,
2454 NL80211_WIPHY_RADIO_ATTR_INTERFACE_COMBINATION,
2455 &r->iface_combinations[i],
2456 NLA_F_NESTED))
2457 goto nla_put_failure;
2458
2459 nla_nest_end(msg, radio);
2460
2461 return 0;
2462
2463 nla_put_failure:
2464 return -ENOBUFS;
2465 }
2466
2467 static int nl80211_put_radios(struct wiphy *wiphy, struct sk_buff *msg)
2468 {
2469 struct nlattr *radios;
2470 int i;
2471
2472 if (!wiphy->n_radio)
2473 return 0;
2474
2475 radios = nla_nest_start(msg, NL80211_ATTR_WIPHY_RADIOS);
2476 if (!radios)
2477 return -ENOBUFS;
2478
2479 for (i = 0; i < wiphy->n_radio; i++)
2480 if (nl80211_put_radio(wiphy, msg, i))
2481 goto fail;
2482
2483 nla_nest_end(msg, radios);
2484
2485 if (nl80211_put_iface_combinations(wiphy, msg,
2486 NL80211_ATTR_WIPHY_INTERFACE_COMBINATIONS,
2487 -1, true, NLA_F_NESTED))
2488 return -ENOBUFS;
2489
2490 return 0;
2491
2492 fail:
2493 nla_nest_cancel(msg, radios);
2494 return -ENOBUFS;
2495 }
2496
2497 struct nl80211_dump_wiphy_state {
2498 s64 filter_wiphy;
2499 long start;
2500 long split_start, band_start, chan_start, capa_start;
2501 bool split;
2502 };
2503
2504 static int nl80211_send_wiphy(struct cfg80211_registered_device *rdev,
2505 enum nl80211_commands cmd,
2506 struct sk_buff *msg, u32 portid, u32 seq,
2507 int flags, struct nl80211_dump_wiphy_state *state)
2508 {
2509 void *hdr;
2510 struct nlattr *nl_bands, *nl_band;
2511 struct nlattr *nl_freqs, *nl_freq;
2512 struct nlattr *nl_cmds;
2513 enum nl80211_band band;
2514 struct ieee80211_channel *chan;
2515 int i;
2516 const struct ieee80211_txrx_stypes *mgmt_stypes =
2517 rdev->wiphy.mgmt_stypes;
2518 u32 features;
2519
2520 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
2521 if (!hdr)
2522 return -ENOBUFS;
2523
2524 if (WARN_ON(!state))
2525 return -EINVAL;
2526
2527 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
2528 nla_put_string(msg, NL80211_ATTR_WIPHY_NAME,
2529 wiphy_name(&rdev->wiphy)) ||
2530 nla_put_u32(msg, NL80211_ATTR_GENERATION,
2531 cfg80211_rdev_list_generation))
2532 goto nla_put_failure;
2533
2534 if (cmd != NL80211_CMD_NEW_WIPHY)
2535 goto finish;
2536
2537 switch (state->split_start) {
2538 case 0:
2539 if (nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_SHORT,
2540 rdev->wiphy.retry_short) ||
2541 nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_LONG,
2542 rdev->wiphy.retry_long) ||
2543 nla_put_u32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD,
2544 rdev->wiphy.frag_threshold) ||
2545 nla_put_u32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD,
2546 rdev->wiphy.rts_threshold) ||
2547 nla_put_u8(msg, NL80211_ATTR_WIPHY_COVERAGE_CLASS,
2548 rdev->wiphy.coverage_class) ||
2549 nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCAN_SSIDS,
2550 rdev->wiphy.max_scan_ssids) ||
2551 nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS,
2552 rdev->wiphy.max_sched_scan_ssids) ||
2553 nla_put_u16(msg, NL80211_ATTR_MAX_SCAN_IE_LEN,
2554 rdev->wiphy.max_scan_ie_len) ||
2555 nla_put_u16(msg, NL80211_ATTR_MAX_SCHED_SCAN_IE_LEN,
2556 rdev->wiphy.max_sched_scan_ie_len) ||
2557 nla_put_u8(msg, NL80211_ATTR_MAX_MATCH_SETS,
2558 rdev->wiphy.max_match_sets))
2559 goto nla_put_failure;
2560
2561 if ((rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN) &&
2562 nla_put_flag(msg, NL80211_ATTR_SUPPORT_IBSS_RSN))
2563 goto nla_put_failure;
2564 if ((rdev->wiphy.flags & WIPHY_FLAG_MESH_AUTH) &&
2565 nla_put_flag(msg, NL80211_ATTR_SUPPORT_MESH_AUTH))
2566 goto nla_put_failure;
2567 if ((rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) &&
2568 nla_put_flag(msg, NL80211_ATTR_SUPPORT_AP_UAPSD))
2569 goto nla_put_failure;
2570 if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_FW_ROAM) &&
2571 nla_put_flag(msg, NL80211_ATTR_ROAM_SUPPORT))
2572 goto nla_put_failure;
2573 if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) &&
2574 nla_put_flag(msg, NL80211_ATTR_TDLS_SUPPORT))
2575 goto nla_put_failure;
2576 if ((rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP) &&
2577 nla_put_flag(msg, NL80211_ATTR_TDLS_EXTERNAL_SETUP))
2578 goto nla_put_failure;
2579 state->split_start++;
2580 if (state->split)
2581 break;
2582 fallthrough;
2583 case 1:
2584 if (nla_put(msg, NL80211_ATTR_CIPHER_SUITES,
2585 sizeof(u32) * rdev->wiphy.n_cipher_suites,
2586 rdev->wiphy.cipher_suites))
2587 goto nla_put_failure;
2588
2589 if (nla_put_u8(msg, NL80211_ATTR_MAX_NUM_PMKIDS,
2590 rdev->wiphy.max_num_pmkids))
2591 goto nla_put_failure;
2592
2593 if ((rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
2594 nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE))
2595 goto nla_put_failure;
2596
2597 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_TX,
2598 rdev->wiphy.available_antennas_tx) ||
2599 nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_RX,
2600 rdev->wiphy.available_antennas_rx))
2601 goto nla_put_failure;
2602
2603 if ((rdev->wiphy.flags & WIPHY_FLAG_AP_PROBE_RESP_OFFLOAD) &&
2604 nla_put_u32(msg, NL80211_ATTR_PROBE_RESP_OFFLOAD,
2605 rdev->wiphy.probe_resp_offload))
2606 goto nla_put_failure;
2607
2608 if ((rdev->wiphy.available_antennas_tx ||
2609 rdev->wiphy.available_antennas_rx) &&
2610 rdev->ops->get_antenna) {
2611 u32 tx_ant = 0, rx_ant = 0;
2612 int res;
2613
2614 res = rdev_get_antenna(rdev, &tx_ant, &rx_ant);
2615 if (!res) {
2616 if (nla_put_u32(msg,
2617 NL80211_ATTR_WIPHY_ANTENNA_TX,
2618 tx_ant) ||
2619 nla_put_u32(msg,
2620 NL80211_ATTR_WIPHY_ANTENNA_RX,
2621 rx_ant))
2622 goto nla_put_failure;
2623 }
2624 }
2625
2626 state->split_start++;
2627 if (state->split)
2628 break;
2629 fallthrough;
2630 case 2:
2631 if (nl80211_put_iftypes(msg, NL80211_ATTR_SUPPORTED_IFTYPES,
2632 rdev->wiphy.interface_modes))
2633 goto nla_put_failure;
2634 state->split_start++;
2635 if (state->split)
2636 break;
2637 fallthrough;
2638 case 3:
2639 nl_bands = nla_nest_start_noflag(msg,
2640 NL80211_ATTR_WIPHY_BANDS);
2641 if (!nl_bands)
2642 goto nla_put_failure;
2643
2644 for (band = state->band_start;
2645 band < (state->split ?
2646 NUM_NL80211_BANDS :
2647 NL80211_BAND_60GHZ + 1);
2648 band++) {
2649 struct ieee80211_supported_band *sband;
2650
2651 /* omit higher bands for ancient software */
2652 if (band > NL80211_BAND_5GHZ && !state->split)
2653 break;
2654
2655 sband = rdev->wiphy.bands[band];
2656
2657 if (!sband)
2658 continue;
2659
2660 nl_band = nla_nest_start_noflag(msg, band);
2661 if (!nl_band)
2662 goto nla_put_failure;
2663
2664 switch (state->chan_start) {
2665 case 0:
2666 if (nl80211_send_band_rateinfo(msg, sband,
2667 state->split))
2668 goto nla_put_failure;
2669 state->chan_start++;
2670 if (state->split)
2671 break;
2672 fallthrough;
2673 default:
2674 /* add frequencies */
2675 nl_freqs = nla_nest_start_noflag(msg,
2676 NL80211_BAND_ATTR_FREQS);
2677 if (!nl_freqs)
2678 goto nla_put_failure;
2679
2680 for (i = state->chan_start - 1;
2681 i < sband->n_channels;
2682 i++) {
2683 nl_freq = nla_nest_start_noflag(msg,
2684 i);
2685 if (!nl_freq)
2686 goto nla_put_failure;
2687
2688 chan = &sband->channels[i];
2689
2690 if (nl80211_msg_put_channel(
2691 msg, &rdev->wiphy, chan,
2692 state->split))
2693 goto nla_put_failure;
2694
2695 nla_nest_end(msg, nl_freq);
2696 if (state->split)
2697 break;
2698 }
2699 if (i < sband->n_channels)
2700 state->chan_start = i + 2;
2701 else
2702 state->chan_start = 0;
2703 nla_nest_end(msg, nl_freqs);
2704 }
2705
2706 nla_nest_end(msg, nl_band);
2707
2708 if (state->split) {
2709 /* start again here */
2710 if (state->chan_start)
2711 band--;
2712 break;
2713 }
2714 }
2715 nla_nest_end(msg, nl_bands);
2716
2717 if (band < NUM_NL80211_BANDS)
2718 state->band_start = band + 1;
2719 else
2720 state->band_start = 0;
2721
2722 /* if bands & channels are done, continue outside */
2723 if (state->band_start == 0 && state->chan_start == 0)
2724 state->split_start++;
2725 if (state->split)
2726 break;
2727 fallthrough;
2728 case 4:
2729 nl_cmds = nla_nest_start_noflag(msg,
2730 NL80211_ATTR_SUPPORTED_COMMANDS);
2731 if (!nl_cmds)
2732 goto nla_put_failure;
2733
2734 i = nl80211_add_commands_unsplit(rdev, msg);
2735 if (i < 0)
2736 goto nla_put_failure;
2737 if (state->split) {
2738 CMD(crit_proto_start, CRIT_PROTOCOL_START);
2739 CMD(crit_proto_stop, CRIT_PROTOCOL_STOP);
2740 if (rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH)
2741 CMD(channel_switch, CHANNEL_SWITCH);
2742 CMD(set_qos_map, SET_QOS_MAP);
2743 if (rdev->wiphy.features &
2744 NL80211_FEATURE_SUPPORTS_WMM_ADMISSION)
2745 CMD(add_tx_ts, ADD_TX_TS);
2746 CMD(set_multicast_to_unicast, SET_MULTICAST_TO_UNICAST);
2747 CMD(update_connect_params, UPDATE_CONNECT_PARAMS);
2748 CMD(update_ft_ies, UPDATE_FT_IES);
2749 if (rdev->wiphy.sar_capa)
2750 CMD(set_sar_specs, SET_SAR_SPECS);
2751 }
2752 #undef CMD
2753
2754 nla_nest_end(msg, nl_cmds);
2755 state->split_start++;
2756 if (state->split)
2757 break;
2758 fallthrough;
2759 case 5:
2760 if (rdev->ops->remain_on_channel &&
2761 (rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL) &&
2762 nla_put_u32(msg,
2763 NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION,
2764 rdev->wiphy.max_remain_on_channel_duration))
2765 goto nla_put_failure;
2766
2767 if ((rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX) &&
2768 nla_put_flag(msg, NL80211_ATTR_OFFCHANNEL_TX_OK))
2769 goto nla_put_failure;
2770
2771 state->split_start++;
2772 if (state->split)
2773 break;
2774 fallthrough;
2775 case 6:
2776 #ifdef CONFIG_PM
2777 if (nl80211_send_wowlan(msg, rdev, state->split))
2778 goto nla_put_failure;
2779 state->split_start++;
2780 if (state->split)
2781 break;
2782 #else
2783 state->split_start++;
2784 #endif
2785 fallthrough;
2786 case 7:
2787 if (nl80211_put_iftypes(msg, NL80211_ATTR_SOFTWARE_IFTYPES,
2788 rdev->wiphy.software_iftypes))
2789 goto nla_put_failure;
2790
2791 if (nl80211_put_iface_combinations(&rdev->wiphy, msg,
2792 NL80211_ATTR_INTERFACE_COMBINATIONS,
2793 rdev->wiphy.n_radio ? 0 : -1,
2794 state->split, 0))
2795 goto nla_put_failure;
2796
2797 state->split_start++;
2798 if (state->split)
2799 break;
2800 fallthrough;
2801 case 8:
2802 if ((rdev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME) &&
2803 nla_put_u32(msg, NL80211_ATTR_DEVICE_AP_SME,
2804 rdev->wiphy.ap_sme_capa))
2805 goto nla_put_failure;
2806
2807 features = rdev->wiphy.features;
2808 /*
2809 * We can only add the per-channel limit information if the
2810 * dump is split, otherwise it makes it too big. Therefore
2811 * only advertise it in that case.
2812 */
2813 if (state->split)
2814 features |= NL80211_FEATURE_ADVERTISE_CHAN_LIMITS;
2815 if (nla_put_u32(msg, NL80211_ATTR_FEATURE_FLAGS, features))
2816 goto nla_put_failure;
2817
2818 if (rdev->wiphy.ht_capa_mod_mask &&
2819 nla_put(msg, NL80211_ATTR_HT_CAPABILITY_MASK,
2820 sizeof(*rdev->wiphy.ht_capa_mod_mask),
2821 rdev->wiphy.ht_capa_mod_mask))
2822 goto nla_put_failure;
2823
2824 if (rdev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME &&
2825 rdev->wiphy.max_acl_mac_addrs &&
2826 nla_put_u32(msg, NL80211_ATTR_MAC_ACL_MAX,
2827 rdev->wiphy.max_acl_mac_addrs))
2828 goto nla_put_failure;
2829
2830 /*
2831 * Any information below this point is only available to
2832 * applications that can deal with it being split. This
2833 * helps ensure that newly added capabilities don't break
2834 * older tools by overrunning their buffers.
2835 *
2836 * We still increment split_start so that in the split
2837 * case we'll continue with more data in the next round,
2838 * but break unconditionally so unsplit data stops here.
2839 */
2840 if (state->split)
2841 state->split_start++;
2842 else
2843 state->split_start = 0;
2844 break;
2845 case 9:
2846 if (nl80211_send_mgmt_stypes(msg, mgmt_stypes))
2847 goto nla_put_failure;
2848
2849 if (nla_put_u32(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_PLANS,
2850 rdev->wiphy.max_sched_scan_plans) ||
2851 nla_put_u32(msg, NL80211_ATTR_MAX_SCAN_PLAN_INTERVAL,
2852 rdev->wiphy.max_sched_scan_plan_interval) ||
2853 nla_put_u32(msg, NL80211_ATTR_MAX_SCAN_PLAN_ITERATIONS,
2854 rdev->wiphy.max_sched_scan_plan_iterations))
2855 goto nla_put_failure;
2856
2857 if (rdev->wiphy.extended_capabilities &&
2858 (nla_put(msg, NL80211_ATTR_EXT_CAPA,
2859 rdev->wiphy.extended_capabilities_len,
2860 rdev->wiphy.extended_capabilities) ||
2861 nla_put(msg, NL80211_ATTR_EXT_CAPA_MASK,
2862 rdev->wiphy.extended_capabilities_len,
2863 rdev->wiphy.extended_capabilities_mask)))
2864 goto nla_put_failure;
2865
2866 if (rdev->wiphy.vht_capa_mod_mask &&
2867 nla_put(msg, NL80211_ATTR_VHT_CAPABILITY_MASK,
2868 sizeof(*rdev->wiphy.vht_capa_mod_mask),
2869 rdev->wiphy.vht_capa_mod_mask))
2870 goto nla_put_failure;
2871
2872 if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN,
2873 rdev->wiphy.perm_addr))
2874 goto nla_put_failure;
2875
2876 if (!is_zero_ether_addr(rdev->wiphy.addr_mask) &&
2877 nla_put(msg, NL80211_ATTR_MAC_MASK, ETH_ALEN,
2878 rdev->wiphy.addr_mask))
2879 goto nla_put_failure;
2880
2881 if (rdev->wiphy.n_addresses > 1) {
2882 void *attr;
2883
2884 attr = nla_nest_start(msg, NL80211_ATTR_MAC_ADDRS);
2885 if (!attr)
2886 goto nla_put_failure;
2887
2888 for (i = 0; i < rdev->wiphy.n_addresses; i++)
2889 if (nla_put(msg, i + 1, ETH_ALEN,
2890 rdev->wiphy.addresses[i].addr))
2891 goto nla_put_failure;
2892
2893 nla_nest_end(msg, attr);
2894 }
2895
2896 state->split_start++;
2897 break;
2898 case 10:
2899 if (nl80211_send_coalesce(msg, rdev))
2900 goto nla_put_failure;
2901
2902 if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ) &&
2903 (nla_put_flag(msg, NL80211_ATTR_SUPPORT_5_MHZ) ||
2904 nla_put_flag(msg, NL80211_ATTR_SUPPORT_10_MHZ)))
2905 goto nla_put_failure;
2906
2907 if (rdev->wiphy.max_ap_assoc_sta &&
2908 nla_put_u32(msg, NL80211_ATTR_MAX_AP_ASSOC_STA,
2909 rdev->wiphy.max_ap_assoc_sta))
2910 goto nla_put_failure;
2911
2912 state->split_start++;
2913 break;
2914 case 11:
2915 if (rdev->wiphy.n_vendor_commands) {
2916 const struct nl80211_vendor_cmd_info *info;
2917 struct nlattr *nested;
2918
2919 nested = nla_nest_start_noflag(msg,
2920 NL80211_ATTR_VENDOR_DATA);
2921 if (!nested)
2922 goto nla_put_failure;
2923
2924 for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) {
2925 info = &rdev->wiphy.vendor_commands[i].info;
2926 if (nla_put(msg, i + 1, sizeof(*info), info))
2927 goto nla_put_failure;
2928 }
2929 nla_nest_end(msg, nested);
2930 }
2931
2932 if (rdev->wiphy.n_vendor_events) {
2933 const struct nl80211_vendor_cmd_info *info;
2934 struct nlattr *nested;
2935
2936 nested = nla_nest_start_noflag(msg,
2937 NL80211_ATTR_VENDOR_EVENTS);
2938 if (!nested)
2939 goto nla_put_failure;
2940
2941 for (i = 0; i < rdev->wiphy.n_vendor_events; i++) {
2942 info = &rdev->wiphy.vendor_events[i];
2943 if (nla_put(msg, i + 1, sizeof(*info), info))
2944 goto nla_put_failure;
2945 }
2946 nla_nest_end(msg, nested);
2947 }
2948 state->split_start++;
2949 break;
2950 case 12:
2951 if (rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH &&
2952 nla_put_u8(msg, NL80211_ATTR_MAX_CSA_COUNTERS,
2953 rdev->wiphy.max_num_csa_counters))
2954 goto nla_put_failure;
2955
2956 if (rdev->wiphy.regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
2957 nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
2958 goto nla_put_failure;
2959
2960 if (rdev->wiphy.max_sched_scan_reqs &&
2961 nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_MAX_REQS,
2962 rdev->wiphy.max_sched_scan_reqs))
2963 goto nla_put_failure;
2964
2965 if (nla_put(msg, NL80211_ATTR_EXT_FEATURES,
2966 sizeof(rdev->wiphy.ext_features),
2967 rdev->wiphy.ext_features))
2968 goto nla_put_failure;
2969
2970 if (rdev->wiphy.bss_select_support) {
2971 struct nlattr *nested;
2972 u32 bss_select_support = rdev->wiphy.bss_select_support;
2973
2974 nested = nla_nest_start_noflag(msg,
2975 NL80211_ATTR_BSS_SELECT);
2976 if (!nested)
2977 goto nla_put_failure;
2978
2979 i = 0;
2980 while (bss_select_support) {
2981 if ((bss_select_support & 1) &&
2982 nla_put_flag(msg, i))
2983 goto nla_put_failure;
2984 i++;
2985 bss_select_support >>= 1;
2986 }
2987 nla_nest_end(msg, nested);
2988 }
2989
2990 state->split_start++;
2991 break;
2992 case 13:
2993 if (rdev->wiphy.num_iftype_ext_capab &&
2994 rdev->wiphy.iftype_ext_capab) {
2995 struct nlattr *nested_ext_capab, *nested;
2996
2997 nested = nla_nest_start_noflag(msg,
2998 NL80211_ATTR_IFTYPE_EXT_CAPA);
2999 if (!nested)
3000 goto nla_put_failure;
3001
3002 for (i = state->capa_start;
3003 i < rdev->wiphy.num_iftype_ext_capab; i++) {
3004 const struct wiphy_iftype_ext_capab *capab;
3005
3006 capab = &rdev->wiphy.iftype_ext_capab[i];
3007
3008 nested_ext_capab = nla_nest_start_noflag(msg,
3009 i);
3010 if (!nested_ext_capab ||
3011 nla_put_u32(msg, NL80211_ATTR_IFTYPE,
3012 capab->iftype) ||
3013 nla_put(msg, NL80211_ATTR_EXT_CAPA,
3014 capab->extended_capabilities_len,
3015 capab->extended_capabilities) ||
3016 nla_put(msg, NL80211_ATTR_EXT_CAPA_MASK,
3017 capab->extended_capabilities_len,
3018 capab->extended_capabilities_mask))
3019 goto nla_put_failure;
3020
3021 if (rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_MLO &&
3022 (nla_put_u16(msg,
3023 NL80211_ATTR_EML_CAPABILITY,
3024 capab->eml_capabilities) ||
3025 nla_put_u16(msg,
3026 NL80211_ATTR_MLD_CAPA_AND_OPS,
3027 capab->mld_capa_and_ops)))
3028 goto nla_put_failure;
3029
3030 nla_nest_end(msg, nested_ext_capab);
3031 if (state->split)
3032 break;
3033 }
3034 nla_nest_end(msg, nested);
3035 if (i < rdev->wiphy.num_iftype_ext_capab) {
3036 state->capa_start = i + 1;
3037 break;
3038 }
3039 }
3040
3041 if (nla_put_u32(msg, NL80211_ATTR_BANDS,
3042 rdev->wiphy.nan_supported_bands))
3043 goto nla_put_failure;
3044
3045 if (wiphy_ext_feature_isset(&rdev->wiphy,
3046 NL80211_EXT_FEATURE_TXQS)) {
3047 struct cfg80211_txq_stats txqstats = {};
3048 int res;
3049
3050 res = rdev_get_txq_stats(rdev, NULL, &txqstats);
3051 if (!res &&
3052 !nl80211_put_txq_stats(msg, &txqstats,
3053 NL80211_ATTR_TXQ_STATS))
3054 goto nla_put_failure;
3055
3056 if (nla_put_u32(msg, NL80211_ATTR_TXQ_LIMIT,
3057 rdev->wiphy.txq_limit))
3058 goto nla_put_failure;
3059 if (nla_put_u32(msg, NL80211_ATTR_TXQ_MEMORY_LIMIT,
3060 rdev->wiphy.txq_memory_limit))
3061 goto nla_put_failure;
3062 if (nla_put_u32(msg, NL80211_ATTR_TXQ_QUANTUM,
3063 rdev->wiphy.txq_quantum))
3064 goto nla_put_failure;
3065 }
3066
3067 state->split_start++;
3068 break;
3069 case 14:
3070 if (nl80211_send_pmsr_capa(rdev, msg))
3071 goto nla_put_failure;
3072
3073 state->split_start++;
3074 break;
3075 case 15:
3076 if (rdev->wiphy.akm_suites &&
3077 nla_put(msg, NL80211_ATTR_AKM_SUITES,
3078 sizeof(u32) * rdev->wiphy.n_akm_suites,
3079 rdev->wiphy.akm_suites))
3080 goto nla_put_failure;
3081
3082 if (nl80211_put_iftype_akm_suites(rdev, msg))
3083 goto nla_put_failure;
3084
3085 if (nl80211_put_tid_config_support(rdev, msg))
3086 goto nla_put_failure;
3087 state->split_start++;
3088 break;
3089 case 16:
3090 if (nl80211_put_sar_specs(rdev, msg))
3091 goto nla_put_failure;
3092
3093 if (nl80211_put_mbssid_support(&rdev->wiphy, msg))
3094 goto nla_put_failure;
3095
3096 if (nla_put_u16(msg, NL80211_ATTR_MAX_NUM_AKM_SUITES,
3097 rdev->wiphy.max_num_akm_suites))
3098 goto nla_put_failure;
3099
3100 if (rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_MLO)
3101 nla_put_flag(msg, NL80211_ATTR_MLO_SUPPORT);
3102
3103 if (rdev->wiphy.hw_timestamp_max_peers &&
3104 nla_put_u16(msg, NL80211_ATTR_MAX_HW_TIMESTAMP_PEERS,
3105 rdev->wiphy.hw_timestamp_max_peers))
3106 goto nla_put_failure;
3107
3108 state->split_start++;
3109 break;
3110 case 17:
3111 if (nl80211_put_radios(&rdev->wiphy, msg))
3112 goto nla_put_failure;
3113
3114 /* done */
3115 state->split_start = 0;
3116 break;
3117 }
3118 finish:
3119 genlmsg_end(msg, hdr);
3120 return 0;
3121
3122 nla_put_failure:
3123 genlmsg_cancel(msg, hdr);
3124 return -EMSGSIZE;
3125 }
3126
3127 static int nl80211_dump_wiphy_parse(struct sk_buff *skb,
3128 struct netlink_callback *cb,
3129 struct nl80211_dump_wiphy_state *state)
3130 {
3131 struct nlattr **tb = kcalloc(NUM_NL80211_ATTR, sizeof(*tb), GFP_KERNEL);
3132 int ret;
3133
3134 if (!tb)
3135 return -ENOMEM;
3136
3137 ret = nlmsg_parse_deprecated(cb->nlh,
3138 GENL_HDRLEN + nl80211_fam.hdrsize,
3139 tb, nl80211_fam.maxattr,
3140 nl80211_policy, NULL);
3141 /* ignore parse errors for backward compatibility */
3142 if (ret) {
3143 ret = 0;
3144 goto out;
3145 }
3146
3147 state->split = tb[NL80211_ATTR_SPLIT_WIPHY_DUMP];
3148 if (tb[NL80211_ATTR_WIPHY])
3149 state->filter_wiphy = nla_get_u32(tb[NL80211_ATTR_WIPHY]);
3150 if (tb[NL80211_ATTR_WDEV])
3151 state->filter_wiphy = nla_get_u64(tb[NL80211_ATTR_WDEV]) >> 32;
3152 if (tb[NL80211_ATTR_IFINDEX]) {
3153 struct net_device *netdev;
3154 struct cfg80211_registered_device *rdev;
3155 int ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]);
3156
3157 netdev = __dev_get_by_index(sock_net(skb->sk), ifidx);
3158 if (!netdev) {
3159 ret = -ENODEV;
3160 goto out;
3161 }
3162 if (netdev->ieee80211_ptr) {
3163 rdev = wiphy_to_rdev(
3164 netdev->ieee80211_ptr->wiphy);
3165 state->filter_wiphy = rdev->wiphy_idx;
3166 }
3167 }
3168
3169 ret = 0;
3170 out:
3171 kfree(tb);
3172 return ret;
3173 }
3174
3175 static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb)
3176 {
3177 int idx = 0, ret;
3178 struct nl80211_dump_wiphy_state *state = (void *)cb->args[0];
3179 struct cfg80211_registered_device *rdev;
3180
3181 rtnl_lock();
3182 if (!state) {
3183 state = kzalloc(sizeof(*state), GFP_KERNEL);
3184 if (!state) {
3185 rtnl_unlock();
3186 return -ENOMEM;
3187 }
3188 state->filter_wiphy = -1;
3189 ret = nl80211_dump_wiphy_parse(skb, cb, state);
3190 if (ret) {
3191 kfree(state);
3192 rtnl_unlock();
3193 return ret;
3194 }
3195 cb->args[0] = (long)state;
3196 }
3197
3198 for_each_rdev(rdev) {
3199 if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
3200 continue;
3201 if (++idx <= state->start)
3202 continue;
3203 if (state->filter_wiphy != -1 &&
3204 state->filter_wiphy != rdev->wiphy_idx)
3205 continue;
3206 wiphy_lock(&rdev->wiphy);
3207 /* attempt to fit multiple wiphy data chunks into the skb */
3208 do {
3209 ret = nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY,
3210 skb,
3211 NETLINK_CB(cb->skb).portid,
3212 cb->nlh->nlmsg_seq,
3213 NLM_F_MULTI, state);
3214 if (ret < 0) {
3215 /*
3216 * If sending the wiphy data didn't fit (ENOBUFS
3217 * or EMSGSIZE returned), this SKB is still
3218 * empty (so it's not too big because another
3219 * wiphy dataset is already in the skb) and
3220 * we've not tried to adjust the dump allocation
3221 * yet ... then adjust the alloc size to be
3222 * bigger, and return 1 but with the empty skb.
3223 * This results in an empty message being RX'ed
3224 * in userspace, but that is ignored.
3225 *
3226 * We can then retry with the larger buffer.
3227 */
3228 if ((ret == -ENOBUFS || ret == -EMSGSIZE) &&
3229 !skb->len && !state->split &&
3230 cb->min_dump_alloc < 4096) {
3231 cb->min_dump_alloc = 4096;
3232 state->split_start = 0;
3233 wiphy_unlock(&rdev->wiphy);
3234 rtnl_unlock();
3235 return 1;
3236 }
3237 idx--;
3238 break;
3239 }
3240 } while (state->split_start > 0);
3241 wiphy_unlock(&rdev->wiphy);
3242 break;
3243 }
3244 rtnl_unlock();
3245
3246 state->start = idx;
3247
3248 return skb->len;
3249 }
3250
3251 static int nl80211_dump_wiphy_done(struct netlink_callback *cb)
3252 {
3253 kfree((void *)cb->args[0]);
3254 return 0;
3255 }
3256
3257 static int nl80211_get_wiphy(struct sk_buff *skb, struct genl_info *info)
3258 {
3259 struct sk_buff *msg;
3260 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3261 struct nl80211_dump_wiphy_state state = {};
3262
3263 msg = nlmsg_new(4096, GFP_KERNEL);
3264 if (!msg)
3265 return -ENOMEM;
3266
3267 if (nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY, msg,
3268 info->snd_portid, info->snd_seq, 0,
3269 &state) < 0) {
3270 nlmsg_free(msg);
3271 return -ENOBUFS;
3272 }
3273
3274 return genlmsg_reply(msg, info);
3275 }
3276
3277 static const struct nla_policy txq_params_policy[NL80211_TXQ_ATTR_MAX + 1] = {
3278 [NL80211_TXQ_ATTR_QUEUE] = { .type = NLA_U8 },
3279 [NL80211_TXQ_ATTR_TXOP] = { .type = NLA_U16 },
3280 [NL80211_TXQ_ATTR_CWMIN] = { .type = NLA_U16 },
3281 [NL80211_TXQ_ATTR_CWMAX] = { .type = NLA_U16 },
3282 [NL80211_TXQ_ATTR_AIFS] = { .type = NLA_U8 },
3283 };
3284
3285 static int parse_txq_params(struct nlattr *tb[],
3286 struct ieee80211_txq_params *txq_params)
3287 {
3288 u8 ac;
3289
3290 if (!tb[NL80211_TXQ_ATTR_AC] || !tb[NL80211_TXQ_ATTR_TXOP] ||
3291 !tb[NL80211_TXQ_ATTR_CWMIN] || !tb[NL80211_TXQ_ATTR_CWMAX] ||
3292 !tb[NL80211_TXQ_ATTR_AIFS])
3293 return -EINVAL;
3294
3295 ac = nla_get_u8(tb[NL80211_TXQ_ATTR_AC]);
3296 txq_params->txop = nla_get_u16(tb[NL80211_TXQ_ATTR_TXOP]);
3297 txq_params->cwmin = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMIN]);
3298 txq_params->cwmax = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMAX]);
3299 txq_params->aifs = nla_get_u8(tb[NL80211_TXQ_ATTR_AIFS]);
3300
3301 if (ac >= NL80211_NUM_ACS)
3302 return -EINVAL;
3303 txq_params->ac = array_index_nospec(ac, NL80211_NUM_ACS);
3304 return 0;
3305 }
3306
3307 static bool nl80211_can_set_dev_channel(struct wireless_dev *wdev)
3308 {
3309 /*
3310 * You can only set the channel explicitly for some interfaces,
3311 * most have their channel managed via their respective
3312 * "establish a connection" command (connect, join, ...)
3313 *
3314 * For AP/GO and mesh mode, the channel can be set with the
3315 * channel userspace API, but is only stored and passed to the
3316 * low-level driver when the AP starts or the mesh is joined.
3317 * This is for backward compatibility, userspace can also give
3318 * the channel in the start-ap or join-mesh commands instead.
3319 *
3320 * Monitors are special as they are normally slaved to
3321 * whatever else is going on, so they have their own special
3322 * operation to set the monitor channel if possible.
3323 */
3324 return !wdev ||
3325 wdev->iftype == NL80211_IFTYPE_AP ||
3326 wdev->iftype == NL80211_IFTYPE_MESH_POINT ||
3327 wdev->iftype == NL80211_IFTYPE_MONITOR ||
3328 wdev->iftype == NL80211_IFTYPE_P2P_GO;
3329 }
3330
3331 static int _nl80211_parse_chandef(struct cfg80211_registered_device *rdev,
3332 struct genl_info *info, bool monitor,
3333 struct cfg80211_chan_def *chandef)
3334 {
3335 struct netlink_ext_ack *extack = info->extack;
3336 struct nlattr **attrs = info->attrs;
3337 u32 control_freq;
3338
3339 if (!attrs[NL80211_ATTR_WIPHY_FREQ]) {
3340 NL_SET_ERR_MSG_ATTR(extack, attrs[NL80211_ATTR_WIPHY_FREQ],
3341 "Frequency is missing");
3342 return -EINVAL;
3343 }
3344
3345 control_freq = MHZ_TO_KHZ(
3346 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
3347 if (info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET])
3348 control_freq +=
3349 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET]);
3350
3351 memset(chandef, 0, sizeof(*chandef));
3352 chandef->chan = ieee80211_get_channel_khz(&rdev->wiphy, control_freq);
3353 chandef->width = NL80211_CHAN_WIDTH_20_NOHT;
3354 chandef->center_freq1 = KHZ_TO_MHZ(control_freq);
3355 chandef->freq1_offset = control_freq % 1000;
3356 chandef->center_freq2 = 0;
3357
3358 if (!chandef->chan) {
3359 NL_SET_ERR_MSG_ATTR(extack, attrs[NL80211_ATTR_WIPHY_FREQ],
3360 "Unknown channel");
3361 return -EINVAL;
3362 }
3363
3364 if (attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
3365 enum nl80211_channel_type chantype;
3366
3367 chantype = nla_get_u32(attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
3368
3369 switch (chantype) {
3370 case NL80211_CHAN_NO_HT:
3371 case NL80211_CHAN_HT20:
3372 case NL80211_CHAN_HT40PLUS:
3373 case NL80211_CHAN_HT40MINUS:
3374 cfg80211_chandef_create(chandef, chandef->chan,
3375 chantype);
3376 /* user input for center_freq is incorrect */
3377 if (attrs[NL80211_ATTR_CENTER_FREQ1] &&
3378 chandef->center_freq1 != nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ1])) {
3379 NL_SET_ERR_MSG_ATTR(extack,
3380 attrs[NL80211_ATTR_CENTER_FREQ1],
3381 "bad center frequency 1");
3382 return -EINVAL;
3383 }
3384 /* center_freq2 must be zero */
3385 if (attrs[NL80211_ATTR_CENTER_FREQ2] &&
3386 nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ2])) {
3387 NL_SET_ERR_MSG_ATTR(extack,
3388 attrs[NL80211_ATTR_CENTER_FREQ2],
3389 "center frequency 2 can't be used");
3390 return -EINVAL;
3391 }
3392 break;
3393 default:
3394 NL_SET_ERR_MSG_ATTR(extack,
3395 attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE],
3396 "invalid channel type");
3397 return -EINVAL;
3398 }
3399 } else if (attrs[NL80211_ATTR_CHANNEL_WIDTH]) {
3400 chandef->width =
3401 nla_get_u32(attrs[NL80211_ATTR_CHANNEL_WIDTH]);
3402 if (chandef->chan->band == NL80211_BAND_S1GHZ) {
3403 /* User input error for channel width doesn't match channel */
3404 if (chandef->width != ieee80211_s1g_channel_width(chandef->chan)) {
3405 NL_SET_ERR_MSG_ATTR(extack,
3406 attrs[NL80211_ATTR_CHANNEL_WIDTH],
3407 "bad channel width");
3408 return -EINVAL;
3409 }
3410 }
3411 if (attrs[NL80211_ATTR_CENTER_FREQ1]) {
3412 chandef->center_freq1 =
3413 nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ1]);
3414 chandef->freq1_offset =
3415 nla_get_u32_default(attrs[NL80211_ATTR_CENTER_FREQ1_OFFSET],
3416 0);
3417 }
3418 if (attrs[NL80211_ATTR_CENTER_FREQ2])
3419 chandef->center_freq2 =
3420 nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ2]);
3421 }
3422
3423 if (info->attrs[NL80211_ATTR_WIPHY_EDMG_CHANNELS]) {
3424 chandef->edmg.channels =
3425 nla_get_u8(info->attrs[NL80211_ATTR_WIPHY_EDMG_CHANNELS]);
3426
3427 if (info->attrs[NL80211_ATTR_WIPHY_EDMG_BW_CONFIG])
3428 chandef->edmg.bw_config =
3429 nla_get_u8(info->attrs[NL80211_ATTR_WIPHY_EDMG_BW_CONFIG]);
3430 } else {
3431 chandef->edmg.bw_config = 0;
3432 chandef->edmg.channels = 0;
3433 }
3434
3435 if (info->attrs[NL80211_ATTR_PUNCT_BITMAP]) {
3436 chandef->punctured =
3437 nla_get_u32(info->attrs[NL80211_ATTR_PUNCT_BITMAP]);
3438
3439 if (chandef->punctured &&
3440 !wiphy_ext_feature_isset(&rdev->wiphy,
3441 NL80211_EXT_FEATURE_PUNCT)) {
3442 NL_SET_ERR_MSG(extack,
3443 "driver doesn't support puncturing");
3444 return -EINVAL;
3445 }
3446 }
3447
3448 if (!cfg80211_chandef_valid(chandef)) {
3449 NL_SET_ERR_MSG(extack, "invalid channel definition");
3450 return -EINVAL;
3451 }
3452
3453 if (!_cfg80211_chandef_usable(&rdev->wiphy, chandef,
3454 IEEE80211_CHAN_DISABLED,
3455 monitor ? IEEE80211_CHAN_CAN_MONITOR : 0)) {
3456 NL_SET_ERR_MSG(extack, "(extension) channel is disabled");
3457 return -EINVAL;
3458 }
3459
3460 if ((chandef->width == NL80211_CHAN_WIDTH_5 ||
3461 chandef->width == NL80211_CHAN_WIDTH_10) &&
3462 !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ)) {
3463 NL_SET_ERR_MSG(extack, "5/10 MHz not supported");
3464 return -EINVAL;
3465 }
3466
3467 return 0;
3468 }
3469
3470 int nl80211_parse_chandef(struct cfg80211_registered_device *rdev,
3471 struct genl_info *info,
3472 struct cfg80211_chan_def *chandef)
3473 {
3474 return _nl80211_parse_chandef(rdev, info, false, chandef);
3475 }
3476
3477 static int __nl80211_set_channel(struct cfg80211_registered_device *rdev,
3478 struct net_device *dev,
3479 struct genl_info *info,
3480 int _link_id)
3481 {
3482 struct cfg80211_chan_def chandef;
3483 int result;
3484 enum nl80211_iftype iftype = NL80211_IFTYPE_MONITOR;
3485 struct wireless_dev *wdev = NULL;
3486 int link_id = _link_id;
3487
3488 if (dev)
3489 wdev = dev->ieee80211_ptr;
3490 if (!nl80211_can_set_dev_channel(wdev))
3491 return -EOPNOTSUPP;
3492 if (wdev)
3493 iftype = wdev->iftype;
3494
3495 if (link_id < 0) {
3496 if (wdev && wdev->valid_links)
3497 return -EINVAL;
3498 link_id = 0;
3499 }
3500
3501 result = _nl80211_parse_chandef(rdev, info,
3502 iftype == NL80211_IFTYPE_MONITOR,
3503 &chandef);
3504 if (result)
3505 return result;
3506
3507 switch (iftype) {
3508 case NL80211_IFTYPE_AP:
3509 case NL80211_IFTYPE_P2P_GO:
3510 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &chandef,
3511 iftype))
3512 return -EINVAL;
3513 if (wdev->links[link_id].ap.beacon_interval) {
3514 struct ieee80211_channel *cur_chan;
3515
3516 if (!dev || !rdev->ops->set_ap_chanwidth ||
3517 !(rdev->wiphy.features &
3518 NL80211_FEATURE_AP_MODE_CHAN_WIDTH_CHANGE))
3519 return -EBUSY;
3520
3521 /* Only allow dynamic channel width changes */
3522 cur_chan = wdev->links[link_id].ap.chandef.chan;
3523 if (chandef.chan != cur_chan)
3524 return -EBUSY;
3525
3526 /* only allow this for regular channel widths */
3527 switch (wdev->links[link_id].ap.chandef.width) {
3528 case NL80211_CHAN_WIDTH_20_NOHT:
3529 case NL80211_CHAN_WIDTH_20:
3530 case NL80211_CHAN_WIDTH_40:
3531 case NL80211_CHAN_WIDTH_80:
3532 case NL80211_CHAN_WIDTH_80P80:
3533 case NL80211_CHAN_WIDTH_160:
3534 case NL80211_CHAN_WIDTH_320:
3535 break;
3536 default:
3537 return -EINVAL;
3538 }
3539
3540 switch (chandef.width) {
3541 case NL80211_CHAN_WIDTH_20_NOHT:
3542 case NL80211_CHAN_WIDTH_20:
3543 case NL80211_CHAN_WIDTH_40:
3544 case NL80211_CHAN_WIDTH_80:
3545 case NL80211_CHAN_WIDTH_80P80:
3546 case NL80211_CHAN_WIDTH_160:
3547 case NL80211_CHAN_WIDTH_320:
3548 break;
3549 default:
3550 return -EINVAL;
3551 }
3552
3553 result = rdev_set_ap_chanwidth(rdev, dev, link_id,
3554 &chandef);
3555 if (result)
3556 return result;
3557 wdev->links[link_id].ap.chandef = chandef;
3558 } else {
3559 wdev->u.ap.preset_chandef = chandef;
3560 }
3561 return 0;
3562 case NL80211_IFTYPE_MESH_POINT:
3563 return cfg80211_set_mesh_channel(rdev, wdev, &chandef);
3564 case NL80211_IFTYPE_MONITOR:
3565 return cfg80211_set_monitor_channel(rdev, dev, &chandef);
3566 default:
3567 break;
3568 }
3569
3570 return -EINVAL;
3571 }
3572
3573 static int nl80211_set_channel(struct sk_buff *skb, struct genl_info *info)
3574 {
3575 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3576 int link_id = nl80211_link_id_or_invalid(info->attrs);
3577 struct net_device *netdev = info->user_ptr[1];
3578
3579 return __nl80211_set_channel(rdev, netdev, info, link_id);
3580 }
3581
3582 static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info)
3583 {
3584 struct cfg80211_registered_device *rdev = NULL;
3585 struct net_device *netdev = NULL;
3586 struct wireless_dev *wdev;
3587 int result = 0, rem_txq_params = 0;
3588 struct nlattr *nl_txq_params;
3589 u32 changed;
3590 u8 retry_short = 0, retry_long = 0;
3591 u32 frag_threshold = 0, rts_threshold = 0;
3592 u8 coverage_class = 0;
3593 u32 txq_limit = 0, txq_memory_limit = 0, txq_quantum = 0;
3594
3595 rtnl_lock();
3596 /*
3597 * Try to find the wiphy and netdev. Normally this
3598 * function shouldn't need the netdev, but this is
3599 * done for backward compatibility -- previously
3600 * setting the channel was done per wiphy, but now
3601 * it is per netdev. Previous userland like hostapd
3602 * also passed a netdev to set_wiphy, so that it is
3603 * possible to let that go to the right netdev!
3604 */
3605
3606 if (info->attrs[NL80211_ATTR_IFINDEX]) {
3607 int ifindex = nla_get_u32(info->attrs[NL80211_ATTR_IFINDEX]);
3608
3609 netdev = __dev_get_by_index(genl_info_net(info), ifindex);
3610 if (netdev && netdev->ieee80211_ptr)
3611 rdev = wiphy_to_rdev(netdev->ieee80211_ptr->wiphy);
3612 else
3613 netdev = NULL;
3614 }
3615
3616 if (!netdev) {
3617 rdev = __cfg80211_rdev_from_attrs(genl_info_net(info),
3618 info->attrs);
3619 if (IS_ERR(rdev)) {
3620 rtnl_unlock();
3621 return PTR_ERR(rdev);
3622 }
3623 wdev = NULL;
3624 netdev = NULL;
3625 result = 0;
3626 } else
3627 wdev = netdev->ieee80211_ptr;
3628
3629 wiphy_lock(&rdev->wiphy);
3630
3631 /*
3632 * end workaround code, by now the rdev is available
3633 * and locked, and wdev may or may not be NULL.
3634 */
3635
3636 if (info->attrs[NL80211_ATTR_WIPHY_NAME])
3637 result = cfg80211_dev_rename(
3638 rdev, nla_data(info->attrs[NL80211_ATTR_WIPHY_NAME]));
3639 rtnl_unlock();
3640
3641 if (result)
3642 goto out;
3643
3644 if (info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS]) {
3645 struct ieee80211_txq_params txq_params;
3646 struct nlattr *tb[NL80211_TXQ_ATTR_MAX + 1];
3647
3648 if (!rdev->ops->set_txq_params) {
3649 result = -EOPNOTSUPP;
3650 goto out;
3651 }
3652
3653 if (!netdev) {
3654 result = -EINVAL;
3655 goto out;
3656 }
3657
3658 if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
3659 netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) {
3660 result = -EINVAL;
3661 goto out;
3662 }
3663
3664 if (!netif_running(netdev)) {
3665 result = -ENETDOWN;
3666 goto out;
3667 }
3668
3669 nla_for_each_nested(nl_txq_params,
3670 info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS],
3671 rem_txq_params) {
3672 result = nla_parse_nested_deprecated(tb,
3673 NL80211_TXQ_ATTR_MAX,
3674 nl_txq_params,
3675 txq_params_policy,
3676 info->extack);
3677 if (result)
3678 goto out;
3679 result = parse_txq_params(tb, &txq_params);
3680 if (result)
3681 goto out;
3682
3683 txq_params.link_id =
3684 nl80211_link_id_or_invalid(info->attrs);
3685
3686 if (txq_params.link_id >= 0 &&
3687 !(netdev->ieee80211_ptr->valid_links &
3688 BIT(txq_params.link_id)))
3689 result = -ENOLINK;
3690 else if (txq_params.link_id >= 0 &&
3691 !netdev->ieee80211_ptr->valid_links)
3692 result = -EINVAL;
3693 else
3694 result = rdev_set_txq_params(rdev, netdev,
3695 &txq_params);
3696 if (result)
3697 goto out;
3698 }
3699 }
3700
3701 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
3702 int link_id = nl80211_link_id_or_invalid(info->attrs);
3703
3704 if (wdev) {
3705 result = __nl80211_set_channel(
3706 rdev,
3707 nl80211_can_set_dev_channel(wdev) ? netdev : NULL,
3708 info, link_id);
3709 } else {
3710 result = __nl80211_set_channel(rdev, netdev, info, link_id);
3711 }
3712
3713 if (result)
3714 goto out;
3715 }
3716
3717 if (info->attrs[NL80211_ATTR_WIPHY_TX_POWER_SETTING]) {
3718 struct wireless_dev *txp_wdev = wdev;
3719 enum nl80211_tx_power_setting type;
3720 int idx, mbm = 0;
3721
3722 if (!(rdev->wiphy.features & NL80211_FEATURE_VIF_TXPOWER))
3723 txp_wdev = NULL;
3724
3725 if (!rdev->ops->set_tx_power) {
3726 result = -EOPNOTSUPP;
3727 goto out;
3728 }
3729
3730 idx = NL80211_ATTR_WIPHY_TX_POWER_SETTING;
3731 type = nla_get_u32(info->attrs[idx]);
3732
3733 if (!info->attrs[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] &&
3734 (type != NL80211_TX_POWER_AUTOMATIC)) {
3735 result = -EINVAL;
3736 goto out;
3737 }
3738
3739 if (type != NL80211_TX_POWER_AUTOMATIC) {
3740 idx = NL80211_ATTR_WIPHY_TX_POWER_LEVEL;
3741 mbm = nla_get_u32(info->attrs[idx]);
3742 }
3743
3744 result = rdev_set_tx_power(rdev, txp_wdev, type, mbm);
3745 if (result)
3746 goto out;
3747 }
3748
3749 if (info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX] &&
3750 info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]) {
3751 u32 tx_ant, rx_ant;
3752
3753 if ((!rdev->wiphy.available_antennas_tx &&
3754 !rdev->wiphy.available_antennas_rx) ||
3755 !rdev->ops->set_antenna) {
3756 result = -EOPNOTSUPP;
3757 goto out;
3758 }
3759
3760 tx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX]);
3761 rx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]);
3762
3763 /* reject antenna configurations which don't match the
3764 * available antenna masks, except for the "all" mask */
3765 if ((~tx_ant && (tx_ant & ~rdev->wiphy.available_antennas_tx)) ||
3766 (~rx_ant && (rx_ant & ~rdev->wiphy.available_antennas_rx))) {
3767 result = -EINVAL;
3768 goto out;
3769 }
3770
3771 tx_ant = tx_ant & rdev->wiphy.available_antennas_tx;
3772 rx_ant = rx_ant & rdev->wiphy.available_antennas_rx;
3773
3774 result = rdev_set_antenna(rdev, tx_ant, rx_ant);
3775 if (result)
3776 goto out;
3777 }
3778
3779 changed = 0;
3780
3781 if (info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]) {
3782 retry_short = nla_get_u8(
3783 info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]);
3784
3785 changed |= WIPHY_PARAM_RETRY_SHORT;
3786 }
3787
3788 if (info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]) {
3789 retry_long = nla_get_u8(
3790 info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]);
3791
3792 changed |= WIPHY_PARAM_RETRY_LONG;
3793 }
3794
3795 if (info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]) {
3796 frag_threshold = nla_get_u32(
3797 info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]);
3798 if (frag_threshold < 256) {
3799 result = -EINVAL;
3800 goto out;
3801 }
3802
3803 if (frag_threshold != (u32) -1) {
3804 /*
3805 * Fragments (apart from the last one) are required to
3806 * have even length. Make the fragmentation code
3807 * simpler by stripping LSB should someone try to use
3808 * odd threshold value.
3809 */
3810 frag_threshold &= ~0x1;
3811 }
3812 changed |= WIPHY_PARAM_FRAG_THRESHOLD;
3813 }
3814
3815 if (info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]) {
3816 rts_threshold = nla_get_u32(
3817 info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]);
3818 changed |= WIPHY_PARAM_RTS_THRESHOLD;
3819 }
3820
3821 if (info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]) {
3822 if (info->attrs[NL80211_ATTR_WIPHY_DYN_ACK]) {
3823 result = -EINVAL;
3824 goto out;
3825 }
3826
3827 coverage_class = nla_get_u8(
3828 info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]);
3829 changed |= WIPHY_PARAM_COVERAGE_CLASS;
3830 }
3831
3832 if (info->attrs[NL80211_ATTR_WIPHY_DYN_ACK]) {
3833 if (!(rdev->wiphy.features & NL80211_FEATURE_ACKTO_ESTIMATION)) {
3834 result = -EOPNOTSUPP;
3835 goto out;
3836 }
3837
3838 changed |= WIPHY_PARAM_DYN_ACK;
3839 }
3840
3841 if (info->attrs[NL80211_ATTR_TXQ_LIMIT]) {
3842 if (!wiphy_ext_feature_isset(&rdev->wiphy,
3843 NL80211_EXT_FEATURE_TXQS)) {
3844 result = -EOPNOTSUPP;
3845 goto out;
3846 }
3847 txq_limit = nla_get_u32(
3848 info->attrs[NL80211_ATTR_TXQ_LIMIT]);
3849 changed |= WIPHY_PARAM_TXQ_LIMIT;
3850 }
3851
3852 if (info->attrs[NL80211_ATTR_TXQ_MEMORY_LIMIT]) {
3853 if (!wiphy_ext_feature_isset(&rdev->wiphy,
3854 NL80211_EXT_FEATURE_TXQS)) {
3855 result = -EOPNOTSUPP;
3856 goto out;
3857 }
3858 txq_memory_limit = nla_get_u32(
3859 info->attrs[NL80211_ATTR_TXQ_MEMORY_LIMIT]);
3860 changed |= WIPHY_PARAM_TXQ_MEMORY_LIMIT;
3861 }
3862
3863 if (info->attrs[NL80211_ATTR_TXQ_QUANTUM]) {
3864 if (!wiphy_ext_feature_isset(&rdev->wiphy,
3865 NL80211_EXT_FEATURE_TXQS)) {
3866 result = -EOPNOTSUPP;
3867 goto out;
3868 }
3869 txq_quantum = nla_get_u32(
3870 info->attrs[NL80211_ATTR_TXQ_QUANTUM]);
3871 changed |= WIPHY_PARAM_TXQ_QUANTUM;
3872 }
3873
3874 if (changed) {
3875 u8 old_retry_short, old_retry_long;
3876 u32 old_frag_threshold, old_rts_threshold;
3877 u8 old_coverage_class;
3878 u32 old_txq_limit, old_txq_memory_limit, old_txq_quantum;
3879
3880 if (!rdev->ops->set_wiphy_params) {
3881 result = -EOPNOTSUPP;
3882 goto out;
3883 }
3884
3885 old_retry_short = rdev->wiphy.retry_short;
3886 old_retry_long = rdev->wiphy.retry_long;
3887 old_frag_threshold = rdev->wiphy.frag_threshold;
3888 old_rts_threshold = rdev->wiphy.rts_threshold;
3889 old_coverage_class = rdev->wiphy.coverage_class;
3890 old_txq_limit = rdev->wiphy.txq_limit;
3891 old_txq_memory_limit = rdev->wiphy.txq_memory_limit;
3892 old_txq_quantum = rdev->wiphy.txq_quantum;
3893
3894 if (changed & WIPHY_PARAM_RETRY_SHORT)
3895 rdev->wiphy.retry_short = retry_short;
3896 if (changed & WIPHY_PARAM_RETRY_LONG)
3897 rdev->wiphy.retry_long = retry_long;
3898 if (changed & WIPHY_PARAM_FRAG_THRESHOLD)
3899 rdev->wiphy.frag_threshold = frag_threshold;
3900 if (changed & WIPHY_PARAM_RTS_THRESHOLD)
3901 rdev->wiphy.rts_threshold = rts_threshold;
3902 if (changed & WIPHY_PARAM_COVERAGE_CLASS)
3903 rdev->wiphy.coverage_class = coverage_class;
3904 if (changed & WIPHY_PARAM_TXQ_LIMIT)
3905 rdev->wiphy.txq_limit = txq_limit;
3906 if (changed & WIPHY_PARAM_TXQ_MEMORY_LIMIT)
3907 rdev->wiphy.txq_memory_limit = txq_memory_limit;
3908 if (changed & WIPHY_PARAM_TXQ_QUANTUM)
3909 rdev->wiphy.txq_quantum = txq_quantum;
3910
3911 result = rdev_set_wiphy_params(rdev, changed);
3912 if (result) {
3913 rdev->wiphy.retry_short = old_retry_short;
3914 rdev->wiphy.retry_long = old_retry_long;
3915 rdev->wiphy.frag_threshold = old_frag_threshold;
3916 rdev->wiphy.rts_threshold = old_rts_threshold;
3917 rdev->wiphy.coverage_class = old_coverage_class;
3918 rdev->wiphy.txq_limit = old_txq_limit;
3919 rdev->wiphy.txq_memory_limit = old_txq_memory_limit;
3920 rdev->wiphy.txq_quantum = old_txq_quantum;
3921 goto out;
3922 }
3923 }
3924
3925 result = 0;
3926
3927 out:
3928 wiphy_unlock(&rdev->wiphy);
3929 return result;
3930 }
3931
3932 int nl80211_send_chandef(struct sk_buff *msg, const struct cfg80211_chan_def *chandef)
3933 {
3934 if (WARN_ON(!cfg80211_chandef_valid(chandef)))
3935 return -EINVAL;
3936
3937 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ,
3938 chandef->chan->center_freq))
3939 return -ENOBUFS;
3940 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ_OFFSET,
3941 chandef->chan->freq_offset))
3942 return -ENOBUFS;
3943 switch (chandef->width) {
3944 case NL80211_CHAN_WIDTH_20_NOHT:
3945 case NL80211_CHAN_WIDTH_20:
3946 case NL80211_CHAN_WIDTH_40:
3947 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
3948 cfg80211_get_chandef_type(chandef)))
3949 return -ENOBUFS;
3950 break;
3951 default:
3952 break;
3953 }
3954 if (nla_put_u32(msg, NL80211_ATTR_CHANNEL_WIDTH, chandef->width))
3955 return -ENOBUFS;
3956 if (nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ1, chandef->center_freq1))
3957 return -ENOBUFS;
3958 if (chandef->center_freq2 &&
3959 nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ2, chandef->center_freq2))
3960 return -ENOBUFS;
3961 if (chandef->punctured &&
3962 nla_put_u32(msg, NL80211_ATTR_PUNCT_BITMAP, chandef->punctured))
3963 return -ENOBUFS;
3964
3965 return 0;
3966 }
3967 EXPORT_SYMBOL(nl80211_send_chandef);
3968
3969 static int nl80211_send_iface(struct sk_buff *msg, u32 portid, u32 seq, int flags,
3970 struct cfg80211_registered_device *rdev,
3971 struct wireless_dev *wdev,
3972 enum nl80211_commands cmd)
3973 {
3974 struct net_device *dev = wdev->netdev;
3975 void *hdr;
3976
3977 lockdep_assert_wiphy(&rdev->wiphy);
3978
3979 WARN_ON(cmd != NL80211_CMD_NEW_INTERFACE &&
3980 cmd != NL80211_CMD_DEL_INTERFACE &&
3981 cmd != NL80211_CMD_SET_INTERFACE);
3982
3983 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
3984 if (!hdr)
3985 return -1;
3986
3987 if (dev &&
3988 (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
3989 nla_put_string(msg, NL80211_ATTR_IFNAME, dev->name)))
3990 goto nla_put_failure;
3991
3992 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
3993 nla_put_u32(msg, NL80211_ATTR_IFTYPE, wdev->iftype) ||
3994 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
3995 NL80211_ATTR_PAD) ||
3996 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, wdev_address(wdev)) ||
3997 nla_put_u32(msg, NL80211_ATTR_GENERATION,
3998 rdev->devlist_generation ^
3999 (cfg80211_rdev_list_generation << 2)) ||
4000 nla_put_u8(msg, NL80211_ATTR_4ADDR, wdev->use_4addr) ||
4001 nla_put_u32(msg, NL80211_ATTR_VIF_RADIO_MASK, wdev->radio_mask))
4002 goto nla_put_failure;
4003
4004 if (rdev->ops->get_channel && !wdev->valid_links) {
4005 struct cfg80211_chan_def chandef = {};
4006 int ret;
4007
4008 ret = rdev_get_channel(rdev, wdev, 0, &chandef);
4009 if (ret == 0 && nl80211_send_chandef(msg, &chandef))
4010 goto nla_put_failure;
4011 }
4012
4013 if (rdev->ops->get_tx_power) {
4014 int dbm, ret;
4015
4016 ret = rdev_get_tx_power(rdev, wdev, &dbm);
4017 if (ret == 0 &&
4018 nla_put_u32(msg, NL80211_ATTR_WIPHY_TX_POWER_LEVEL,
4019 DBM_TO_MBM(dbm)))
4020 goto nla_put_failure;
4021 }
4022
4023 switch (wdev->iftype) {
4024 case NL80211_IFTYPE_AP:
4025 case NL80211_IFTYPE_P2P_GO:
4026 if (wdev->u.ap.ssid_len &&
4027 nla_put(msg, NL80211_ATTR_SSID, wdev->u.ap.ssid_len,
4028 wdev->u.ap.ssid))
4029 goto nla_put_failure;
4030 break;
4031 case NL80211_IFTYPE_STATION:
4032 case NL80211_IFTYPE_P2P_CLIENT:
4033 if (wdev->u.client.ssid_len &&
4034 nla_put(msg, NL80211_ATTR_SSID, wdev->u.client.ssid_len,
4035 wdev->u.client.ssid))
4036 goto nla_put_failure;
4037 break;
4038 case NL80211_IFTYPE_ADHOC:
4039 if (wdev->u.ibss.ssid_len &&
4040 nla_put(msg, NL80211_ATTR_SSID, wdev->u.ibss.ssid_len,
4041 wdev->u.ibss.ssid))
4042 goto nla_put_failure;
4043 break;
4044 default:
4045 /* nothing */
4046 break;
4047 }
4048
4049 if (rdev->ops->get_txq_stats) {
4050 struct cfg80211_txq_stats txqstats = {};
4051 int ret = rdev_get_txq_stats(rdev, wdev, &txqstats);
4052
4053 if (ret == 0 &&
4054 !nl80211_put_txq_stats(msg, &txqstats,
4055 NL80211_ATTR_TXQ_STATS))
4056 goto nla_put_failure;
4057 }
4058
4059 if (wdev->valid_links) {
4060 unsigned int link_id;
4061 struct nlattr *links = nla_nest_start(msg,
4062 NL80211_ATTR_MLO_LINKS);
4063
4064 if (!links)
4065 goto nla_put_failure;
4066
4067 for_each_valid_link(wdev, link_id) {
4068 struct nlattr *link = nla_nest_start(msg, link_id + 1);
4069 struct cfg80211_chan_def chandef = {};
4070 int ret;
4071
4072 if (!link)
4073 goto nla_put_failure;
4074
4075 if (nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link_id))
4076 goto nla_put_failure;
4077 if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN,
4078 wdev->links[link_id].addr))
4079 goto nla_put_failure;
4080
4081 ret = rdev_get_channel(rdev, wdev, link_id, &chandef);
4082 if (ret == 0 && nl80211_send_chandef(msg, &chandef))
4083 goto nla_put_failure;
4084
4085 nla_nest_end(msg, link);
4086 }
4087
4088 nla_nest_end(msg, links);
4089 }
4090
4091 genlmsg_end(msg, hdr);
4092 return 0;
4093
4094 nla_put_failure:
4095 genlmsg_cancel(msg, hdr);
4096 return -EMSGSIZE;
4097 }
4098
4099 static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *cb)
4100 {
4101 int wp_idx = 0;
4102 int if_idx = 0;
4103 int wp_start = cb->args[0];
4104 int if_start = cb->args[1];
4105 int filter_wiphy = -1;
4106 struct cfg80211_registered_device *rdev;
4107 struct wireless_dev *wdev;
4108 int ret;
4109
4110 rtnl_lock();
4111 if (!cb->args[2]) {
4112 struct nl80211_dump_wiphy_state state = {
4113 .filter_wiphy = -1,
4114 };
4115
4116 ret = nl80211_dump_wiphy_parse(skb, cb, &state);
4117 if (ret)
4118 goto out_unlock;
4119
4120 filter_wiphy = state.filter_wiphy;
4121
4122 /*
4123 * if filtering, set cb->args[2] to +1 since 0 is the default
4124 * value needed to determine that parsing is necessary.
4125 */
4126 if (filter_wiphy >= 0)
4127 cb->args[2] = filter_wiphy + 1;
4128 else
4129 cb->args[2] = -1;
4130 } else if (cb->args[2] > 0) {
4131 filter_wiphy = cb->args[2] - 1;
4132 }
4133
4134 for_each_rdev(rdev) {
4135 if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
4136 continue;
4137 if (wp_idx < wp_start) {
4138 wp_idx++;
4139 continue;
4140 }
4141
4142 if (filter_wiphy >= 0 && filter_wiphy != rdev->wiphy_idx)
4143 continue;
4144
4145 if_idx = 0;
4146
4147 wiphy_lock(&rdev->wiphy);
4148 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
4149 if (if_idx < if_start) {
4150 if_idx++;
4151 continue;
4152 }
4153 if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).portid,
4154 cb->nlh->nlmsg_seq, NLM_F_MULTI,
4155 rdev, wdev,
4156 NL80211_CMD_NEW_INTERFACE) < 0) {
4157 wiphy_unlock(&rdev->wiphy);
4158 goto out;
4159 }
4160 if_idx++;
4161 }
4162 wiphy_unlock(&rdev->wiphy);
4163
4164 if_start = 0;
4165 wp_idx++;
4166 }
4167 out:
4168 cb->args[0] = wp_idx;
4169 cb->args[1] = if_idx;
4170
4171 ret = skb->len;
4172 out_unlock:
4173 rtnl_unlock();
4174
4175 return ret;
4176 }
4177
4178 static int nl80211_get_interface(struct sk_buff *skb, struct genl_info *info)
4179 {
4180 struct sk_buff *msg;
4181 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4182 struct wireless_dev *wdev = info->user_ptr[1];
4183
4184 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4185 if (!msg)
4186 return -ENOMEM;
4187
4188 if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
4189 rdev, wdev, NL80211_CMD_NEW_INTERFACE) < 0) {
4190 nlmsg_free(msg);
4191 return -ENOBUFS;
4192 }
4193
4194 return genlmsg_reply(msg, info);
4195 }
4196
4197 static const struct nla_policy mntr_flags_policy[NL80211_MNTR_FLAG_MAX + 1] = {
4198 [NL80211_MNTR_FLAG_FCSFAIL] = { .type = NLA_FLAG },
4199 [NL80211_MNTR_FLAG_PLCPFAIL] = { .type = NLA_FLAG },
4200 [NL80211_MNTR_FLAG_CONTROL] = { .type = NLA_FLAG },
4201 [NL80211_MNTR_FLAG_OTHER_BSS] = { .type = NLA_FLAG },
4202 [NL80211_MNTR_FLAG_COOK_FRAMES] = { .type = NLA_FLAG },
4203 [NL80211_MNTR_FLAG_ACTIVE] = { .type = NLA_FLAG },
4204 [NL80211_MNTR_FLAG_SKIP_TX] = { .type = NLA_FLAG },
4205 };
4206
4207 static int parse_monitor_flags(struct nlattr *nla, u32 *mntrflags)
4208 {
4209 struct nlattr *flags[NL80211_MNTR_FLAG_MAX + 1];
4210 int flag;
4211
4212 *mntrflags = 0;
4213
4214 if (!nla)
4215 return -EINVAL;
4216
4217 if (nla_parse_nested_deprecated(flags, NL80211_MNTR_FLAG_MAX, nla, mntr_flags_policy, NULL))
4218 return -EINVAL;
4219
4220 for (flag = 1; flag <= NL80211_MNTR_FLAG_MAX; flag++)
4221 if (flags[flag])
4222 *mntrflags |= (1<<flag);
4223
4224 *mntrflags |= MONITOR_FLAG_CHANGED;
4225
4226 return 0;
4227 }
4228
4229 static int nl80211_parse_mon_options(struct cfg80211_registered_device *rdev,
4230 enum nl80211_iftype type,
4231 struct genl_info *info,
4232 struct vif_params *params)
4233 {
4234 bool change = false;
4235 int err;
4236
4237 if (info->attrs[NL80211_ATTR_MNTR_FLAGS]) {
4238 if (type != NL80211_IFTYPE_MONITOR)
4239 return -EINVAL;
4240
4241 err = parse_monitor_flags(info->attrs[NL80211_ATTR_MNTR_FLAGS],
4242 &params->flags);
4243 if (err)
4244 return err;
4245
4246 change = true;
4247 }
4248
4249 if (params->flags & MONITOR_FLAG_ACTIVE &&
4250 !(rdev->wiphy.features & NL80211_FEATURE_ACTIVE_MONITOR))
4251 return -EOPNOTSUPP;
4252
4253 if (info->attrs[NL80211_ATTR_MU_MIMO_GROUP_DATA]) {
4254 const u8 *mumimo_groups;
4255 u32 cap_flag = NL80211_EXT_FEATURE_MU_MIMO_AIR_SNIFFER;
4256
4257 if (type != NL80211_IFTYPE_MONITOR)
4258 return -EINVAL;
4259
4260 if (!wiphy_ext_feature_isset(&rdev->wiphy, cap_flag))
4261 return -EOPNOTSUPP;
4262
4263 mumimo_groups =
4264 nla_data(info->attrs[NL80211_ATTR_MU_MIMO_GROUP_DATA]);
4265
4266 /* bits 0 and 63 are reserved and must be zero */
4267 if ((mumimo_groups[0] & BIT(0)) ||
4268 (mumimo_groups[VHT_MUMIMO_GROUPS_DATA_LEN - 1] & BIT(7)))
4269 return -EINVAL;
4270
4271 params->vht_mumimo_groups = mumimo_groups;
4272 change = true;
4273 }
4274
4275 if (info->attrs[NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR]) {
4276 u32 cap_flag = NL80211_EXT_FEATURE_MU_MIMO_AIR_SNIFFER;
4277
4278 if (type != NL80211_IFTYPE_MONITOR)
4279 return -EINVAL;
4280
4281 if (!wiphy_ext_feature_isset(&rdev->wiphy, cap_flag))
4282 return -EOPNOTSUPP;
4283
4284 params->vht_mumimo_follow_addr =
4285 nla_data(info->attrs[NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR]);
4286 change = true;
4287 }
4288
4289 return change ? 1 : 0;
4290 }
4291
4292 static int nl80211_valid_4addr(struct cfg80211_registered_device *rdev,
4293 struct net_device *netdev, u8 use_4addr,
4294 enum nl80211_iftype iftype)
4295 {
4296 if (!use_4addr) {
4297 if (netdev && netif_is_bridge_port(netdev))
4298 return -EBUSY;
4299 return 0;
4300 }
4301
4302 switch (iftype) {
4303 case NL80211_IFTYPE_AP_VLAN:
4304 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_AP)
4305 return 0;
4306 break;
4307 case NL80211_IFTYPE_STATION:
4308 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_STATION)
4309 return 0;
4310 break;
4311 default:
4312 break;
4313 }
4314
4315 return -EOPNOTSUPP;
4316 }
4317
4318 static int nl80211_parse_vif_radio_mask(struct genl_info *info,
4319 u32 *radio_mask)
4320 {
4321 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4322 struct nlattr *attr = info->attrs[NL80211_ATTR_VIF_RADIO_MASK];
4323 u32 mask, allowed;
4324
4325 if (!attr) {
4326 *radio_mask = 0;
4327 return 0;
4328 }
4329
4330 allowed = BIT(rdev->wiphy.n_radio) - 1;
4331 mask = nla_get_u32(attr);
4332 if (mask & ~allowed)
4333 return -EINVAL;
4334 if (!mask)
4335 mask = allowed;
4336 *radio_mask = mask;
4337
4338 return 1;
4339 }
4340
4341 static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info)
4342 {
4343 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4344 struct vif_params params;
4345 int err;
4346 enum nl80211_iftype otype, ntype;
4347 struct net_device *dev = info->user_ptr[1];
4348 struct wireless_dev *wdev = dev->ieee80211_ptr;
4349 u32 radio_mask = 0;
4350 bool change = false;
4351
4352 memset(&params, 0, sizeof(params));
4353
4354 otype = ntype = dev->ieee80211_ptr->iftype;
4355
4356 if (info->attrs[NL80211_ATTR_IFTYPE]) {
4357 ntype = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
4358 if (otype != ntype)
4359 change = true;
4360 }
4361
4362 if (info->attrs[NL80211_ATTR_MESH_ID]) {
4363 if (ntype != NL80211_IFTYPE_MESH_POINT)
4364 return -EINVAL;
4365 if (otype != NL80211_IFTYPE_MESH_POINT)
4366 return -EINVAL;
4367 if (netif_running(dev))
4368 return -EBUSY;
4369
4370 wdev->u.mesh.id_up_len =
4371 nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
4372 memcpy(wdev->u.mesh.id,
4373 nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
4374 wdev->u.mesh.id_up_len);
4375 }
4376
4377 if (info->attrs[NL80211_ATTR_4ADDR]) {
4378 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
4379 change = true;
4380 err = nl80211_valid_4addr(rdev, dev, params.use_4addr, ntype);
4381 if (err)
4382 return err;
4383 } else {
4384 params.use_4addr = -1;
4385 }
4386
4387 err = nl80211_parse_mon_options(rdev, ntype, info, &params);
4388 if (err < 0)
4389 return err;
4390 if (err > 0)
4391 change = true;
4392
4393 err = nl80211_parse_vif_radio_mask(info, &radio_mask);
4394 if (err < 0)
4395 return err;
4396 if (err && netif_running(dev))
4397 return -EBUSY;
4398
4399 if (change)
4400 err = cfg80211_change_iface(rdev, dev, ntype, &params);
4401 else
4402 err = 0;
4403
4404 if (!err && params.use_4addr != -1)
4405 dev->ieee80211_ptr->use_4addr = params.use_4addr;
4406
4407 if (radio_mask)
4408 wdev->radio_mask = radio_mask;
4409
4410 if (change && !err)
4411 nl80211_notify_iface(rdev, wdev, NL80211_CMD_SET_INTERFACE);
4412
4413 return err;
4414 }
4415
4416 static int _nl80211_new_interface(struct sk_buff *skb, struct genl_info *info)
4417 {
4418 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4419 struct vif_params params;
4420 struct wireless_dev *wdev;
4421 struct sk_buff *msg;
4422 u32 radio_mask;
4423 int err;
4424 enum nl80211_iftype type = NL80211_IFTYPE_UNSPECIFIED;
4425
4426 memset(&params, 0, sizeof(params));
4427
4428 if (!info->attrs[NL80211_ATTR_IFNAME])
4429 return -EINVAL;
4430
4431 if (info->attrs[NL80211_ATTR_IFTYPE])
4432 type = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
4433
4434 if (!rdev->ops->add_virtual_intf)
4435 return -EOPNOTSUPP;
4436
4437 if ((type == NL80211_IFTYPE_P2P_DEVICE || type == NL80211_IFTYPE_NAN ||
4438 rdev->wiphy.features & NL80211_FEATURE_MAC_ON_CREATE) &&
4439 info->attrs[NL80211_ATTR_MAC]) {
4440 nla_memcpy(params.macaddr, info->attrs[NL80211_ATTR_MAC],
4441 ETH_ALEN);
4442 if (!is_valid_ether_addr(params.macaddr))
4443 return -EADDRNOTAVAIL;
4444 }
4445
4446 if (info->attrs[NL80211_ATTR_4ADDR]) {
4447 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
4448 err = nl80211_valid_4addr(rdev, NULL, params.use_4addr, type);
4449 if (err)
4450 return err;
4451 }
4452
4453 if (!cfg80211_iftype_allowed(&rdev->wiphy, type, params.use_4addr, 0))
4454 return -EOPNOTSUPP;
4455
4456 err = nl80211_parse_mon_options(rdev, type, info, &params);
4457 if (err < 0)
4458 return err;
4459
4460 err = nl80211_parse_vif_radio_mask(info, &radio_mask);
4461 if (err < 0)
4462 return err;
4463
4464 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4465 if (!msg)
4466 return -ENOMEM;
4467
4468 wdev = rdev_add_virtual_intf(rdev,
4469 nla_data(info->attrs[NL80211_ATTR_IFNAME]),
4470 NET_NAME_USER, type, &params);
4471 if (WARN_ON(!wdev)) {
4472 nlmsg_free(msg);
4473 return -EPROTO;
4474 } else if (IS_ERR(wdev)) {
4475 nlmsg_free(msg);
4476 return PTR_ERR(wdev);
4477 }
4478
4479 if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
4480 wdev->owner_nlportid = info->snd_portid;
4481
4482 switch (type) {
4483 case NL80211_IFTYPE_MESH_POINT:
4484 if (!info->attrs[NL80211_ATTR_MESH_ID])
4485 break;
4486 wdev->u.mesh.id_up_len =
4487 nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
4488 memcpy(wdev->u.mesh.id,
4489 nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
4490 wdev->u.mesh.id_up_len);
4491 break;
4492 case NL80211_IFTYPE_NAN:
4493 case NL80211_IFTYPE_P2P_DEVICE:
4494 /*
4495 * P2P Device and NAN do not have a netdev, so don't go
4496 * through the netdev notifier and must be added here
4497 */
4498 cfg80211_init_wdev(wdev);
4499 cfg80211_register_wdev(rdev, wdev);
4500 break;
4501 default:
4502 break;
4503 }
4504
4505 if (radio_mask)
4506 wdev->radio_mask = radio_mask;
4507
4508 if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
4509 rdev, wdev, NL80211_CMD_NEW_INTERFACE) < 0) {
4510 nlmsg_free(msg);
4511 return -ENOBUFS;
4512 }
4513
4514 return genlmsg_reply(msg, info);
4515 }
4516
4517 static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info)
4518 {
4519 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4520 int ret;
4521
4522 /* to avoid failing a new interface creation due to pending removal */
4523 cfg80211_destroy_ifaces(rdev);
4524
4525 wiphy_lock(&rdev->wiphy);
4526 ret = _nl80211_new_interface(skb, info);
4527 wiphy_unlock(&rdev->wiphy);
4528
4529 return ret;
4530 }
4531
4532 static int nl80211_del_interface(struct sk_buff *skb, struct genl_info *info)
4533 {
4534 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4535 struct wireless_dev *wdev = info->user_ptr[1];
4536
4537 if (!rdev->ops->del_virtual_intf)
4538 return -EOPNOTSUPP;
4539
4540 /*
4541 * We hold RTNL, so this is safe, without RTNL opencount cannot
4542 * reach 0, and thus the rdev cannot be deleted.
4543 *
4544 * We need to do it for the dev_close(), since that will call
4545 * the netdev notifiers, and we need to acquire the mutex there
4546 * but don't know if we get there from here or from some other
4547 * place (e.g. "ip link set ... down").
4548 */
4549 mutex_unlock(&rdev->wiphy.mtx);
4550
4551 /*
4552 * If we remove a wireless device without a netdev then clear
4553 * user_ptr[1] so that nl80211_post_doit won't dereference it
4554 * to check if it needs to do dev_put(). Otherwise it crashes
4555 * since the wdev has been freed, unlike with a netdev where
4556 * we need the dev_put() for the netdev to really be freed.
4557 */
4558 if (!wdev->netdev)
4559 info->user_ptr[1] = NULL;
4560 else
4561 dev_close(wdev->netdev);
4562
4563 mutex_lock(&rdev->wiphy.mtx);
4564
4565 return cfg80211_remove_virtual_intf(rdev, wdev);
4566 }
4567
4568 static int nl80211_set_noack_map(struct sk_buff *skb, struct genl_info *info)
4569 {
4570 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4571 struct net_device *dev = info->user_ptr[1];
4572 u16 noack_map;
4573
4574 if (!info->attrs[NL80211_ATTR_NOACK_MAP])
4575 return -EINVAL;
4576
4577 if (!rdev->ops->set_noack_map)
4578 return -EOPNOTSUPP;
4579
4580 noack_map = nla_get_u16(info->attrs[NL80211_ATTR_NOACK_MAP]);
4581
4582 return rdev_set_noack_map(rdev, dev, noack_map);
4583 }
4584
4585 static int nl80211_validate_key_link_id(struct genl_info *info,
4586 struct wireless_dev *wdev,
4587 int link_id, bool pairwise)
4588 {
4589 if (pairwise) {
4590 if (link_id != -1) {
4591 GENL_SET_ERR_MSG(info,
4592 "link ID not allowed for pairwise key");
4593 return -EINVAL;
4594 }
4595
4596 return 0;
4597 }
4598
4599 if (wdev->valid_links) {
4600 if (link_id == -1) {
4601 GENL_SET_ERR_MSG(info,
4602 "link ID must for MLO group key");
4603 return -EINVAL;
4604 }
4605 if (!(wdev->valid_links & BIT(link_id))) {
4606 GENL_SET_ERR_MSG(info, "invalid link ID for MLO group key");
4607 return -EINVAL;
4608 }
4609 } else if (link_id != -1) {
4610 GENL_SET_ERR_MSG(info, "link ID not allowed for non-MLO group key");
4611 return -EINVAL;
4612 }
4613
4614 return 0;
4615 }
4616
4617 struct get_key_cookie {
4618 struct sk_buff *msg;
4619 int error;
4620 int idx;
4621 };
4622
4623 static void get_key_callback(void *c, struct key_params *params)
4624 {
4625 struct nlattr *key;
4626 struct get_key_cookie *cookie = c;
4627
4628 if ((params->seq &&
4629 nla_put(cookie->msg, NL80211_ATTR_KEY_SEQ,
4630 params->seq_len, params->seq)) ||
4631 (params->cipher &&
4632 nla_put_u32(cookie->msg, NL80211_ATTR_KEY_CIPHER,
4633 params->cipher)))
4634 goto nla_put_failure;
4635
4636 key = nla_nest_start_noflag(cookie->msg, NL80211_ATTR_KEY);
4637 if (!key)
4638 goto nla_put_failure;
4639
4640 if ((params->seq &&
4641 nla_put(cookie->msg, NL80211_KEY_SEQ,
4642 params->seq_len, params->seq)) ||
4643 (params->cipher &&
4644 nla_put_u32(cookie->msg, NL80211_KEY_CIPHER,
4645 params->cipher)))
4646 goto nla_put_failure;
4647
4648 if (nla_put_u8(cookie->msg, NL80211_KEY_IDX, cookie->idx))
4649 goto nla_put_failure;
4650
4651 nla_nest_end(cookie->msg, key);
4652
4653 return;
4654 nla_put_failure:
4655 cookie->error = 1;
4656 }
4657
4658 static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info)
4659 {
4660 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4661 int err;
4662 struct net_device *dev = info->user_ptr[1];
4663 u8 key_idx = 0;
4664 const u8 *mac_addr = NULL;
4665 bool pairwise;
4666 struct get_key_cookie cookie = {
4667 .error = 0,
4668 };
4669 void *hdr;
4670 struct sk_buff *msg;
4671 bool bigtk_support = false;
4672 int link_id = nl80211_link_id_or_invalid(info->attrs);
4673 struct wireless_dev *wdev = dev->ieee80211_ptr;
4674
4675 if (wiphy_ext_feature_isset(&rdev->wiphy,
4676 NL80211_EXT_FEATURE_BEACON_PROTECTION))
4677 bigtk_support = true;
4678
4679 if ((wdev->iftype == NL80211_IFTYPE_STATION ||
4680 wdev->iftype == NL80211_IFTYPE_P2P_CLIENT) &&
4681 wiphy_ext_feature_isset(&rdev->wiphy,
4682 NL80211_EXT_FEATURE_BEACON_PROTECTION_CLIENT))
4683 bigtk_support = true;
4684
4685 if (info->attrs[NL80211_ATTR_KEY_IDX]) {
4686 key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
4687
4688 if (key_idx >= 6 && key_idx <= 7 && !bigtk_support) {
4689 GENL_SET_ERR_MSG(info, "BIGTK not supported");
4690 return -EINVAL;
4691 }
4692 }
4693
4694 if (info->attrs[NL80211_ATTR_MAC])
4695 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4696
4697 pairwise = !!mac_addr;
4698 if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
4699 u32 kt = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
4700
4701 if (kt != NL80211_KEYTYPE_GROUP &&
4702 kt != NL80211_KEYTYPE_PAIRWISE)
4703 return -EINVAL;
4704 pairwise = kt == NL80211_KEYTYPE_PAIRWISE;
4705 }
4706
4707 if (!rdev->ops->get_key)
4708 return -EOPNOTSUPP;
4709
4710 if (!pairwise && mac_addr && !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
4711 return -ENOENT;
4712
4713 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4714 if (!msg)
4715 return -ENOMEM;
4716
4717 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
4718 NL80211_CMD_NEW_KEY);
4719 if (!hdr)
4720 goto nla_put_failure;
4721
4722 cookie.msg = msg;
4723 cookie.idx = key_idx;
4724
4725 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
4726 nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_idx))
4727 goto nla_put_failure;
4728 if (mac_addr &&
4729 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr))
4730 goto nla_put_failure;
4731
4732 err = nl80211_validate_key_link_id(info, wdev, link_id, pairwise);
4733 if (err)
4734 goto free_msg;
4735
4736 err = rdev_get_key(rdev, dev, link_id, key_idx, pairwise, mac_addr,
4737 &cookie, get_key_callback);
4738
4739 if (err)
4740 goto free_msg;
4741
4742 if (cookie.error)
4743 goto nla_put_failure;
4744
4745 genlmsg_end(msg, hdr);
4746 return genlmsg_reply(msg, info);
4747
4748 nla_put_failure:
4749 err = -ENOBUFS;
4750 free_msg:
4751 nlmsg_free(msg);
4752 return err;
4753 }
4754
4755 static int nl80211_set_key(struct sk_buff *skb, struct genl_info *info)
4756 {
4757 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4758 struct key_parse key;
4759 int err;
4760 struct net_device *dev = info->user_ptr[1];
4761 int link_id = nl80211_link_id_or_invalid(info->attrs);
4762 struct wireless_dev *wdev = dev->ieee80211_ptr;
4763
4764 err = nl80211_parse_key(info, &key);
4765 if (err)
4766 return err;
4767
4768 if (key.idx < 0)
4769 return -EINVAL;
4770
4771 /* Only support setting default key and
4772 * Extended Key ID action NL80211_KEY_SET_TX.
4773 */
4774 if (!key.def && !key.defmgmt && !key.defbeacon &&
4775 !(key.p.mode == NL80211_KEY_SET_TX))
4776 return -EINVAL;
4777
4778 if (key.def) {
4779 if (!rdev->ops->set_default_key)
4780 return -EOPNOTSUPP;
4781
4782 err = nl80211_key_allowed(wdev);
4783 if (err)
4784 return err;
4785
4786 err = nl80211_validate_key_link_id(info, wdev, link_id, false);
4787 if (err)
4788 return err;
4789
4790 err = rdev_set_default_key(rdev, dev, link_id, key.idx,
4791 key.def_uni, key.def_multi);
4792
4793 if (err)
4794 return err;
4795
4796 #ifdef CONFIG_CFG80211_WEXT
4797 wdev->wext.default_key = key.idx;
4798 #endif
4799 return 0;
4800 } else if (key.defmgmt) {
4801 if (key.def_uni || !key.def_multi)
4802 return -EINVAL;
4803
4804 if (!rdev->ops->set_default_mgmt_key)
4805 return -EOPNOTSUPP;
4806
4807 err = nl80211_key_allowed(wdev);
4808 if (err)
4809 return err;
4810
4811 err = nl80211_validate_key_link_id(info, wdev, link_id, false);
4812 if (err)
4813 return err;
4814
4815 err = rdev_set_default_mgmt_key(rdev, dev, link_id, key.idx);
4816 if (err)
4817 return err;
4818
4819 #ifdef CONFIG_CFG80211_WEXT
4820 wdev->wext.default_mgmt_key = key.idx;
4821 #endif
4822 return 0;
4823 } else if (key.defbeacon) {
4824 if (key.def_uni || !key.def_multi)
4825 return -EINVAL;
4826
4827 if (!rdev->ops->set_default_beacon_key)
4828 return -EOPNOTSUPP;
4829
4830 err = nl80211_key_allowed(wdev);
4831 if (err)
4832 return err;
4833
4834 err = nl80211_validate_key_link_id(info, wdev, link_id, false);
4835 if (err)
4836 return err;
4837
4838 return rdev_set_default_beacon_key(rdev, dev, link_id, key.idx);
4839 } else if (key.p.mode == NL80211_KEY_SET_TX &&
4840 wiphy_ext_feature_isset(&rdev->wiphy,
4841 NL80211_EXT_FEATURE_EXT_KEY_ID)) {
4842 u8 *mac_addr = NULL;
4843
4844 if (info->attrs[NL80211_ATTR_MAC])
4845 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4846
4847 if (!mac_addr || key.idx < 0 || key.idx > 1)
4848 return -EINVAL;
4849
4850 err = nl80211_validate_key_link_id(info, wdev, link_id, true);
4851 if (err)
4852 return err;
4853
4854 return rdev_add_key(rdev, dev, link_id, key.idx,
4855 NL80211_KEYTYPE_PAIRWISE,
4856 mac_addr, &key.p);
4857 }
4858
4859 return -EINVAL;
4860 }
4861
4862 static int nl80211_new_key(struct sk_buff *skb, struct genl_info *info)
4863 {
4864 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4865 int err;
4866 struct net_device *dev = info->user_ptr[1];
4867 struct key_parse key;
4868 const u8 *mac_addr = NULL;
4869 int link_id = nl80211_link_id_or_invalid(info->attrs);
4870 struct wireless_dev *wdev = dev->ieee80211_ptr;
4871
4872 err = nl80211_parse_key(info, &key);
4873 if (err)
4874 return err;
4875
4876 if (!key.p.key) {
4877 GENL_SET_ERR_MSG(info, "no key");
4878 return -EINVAL;
4879 }
4880
4881 if (info->attrs[NL80211_ATTR_MAC])
4882 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4883
4884 if (key.type == -1) {
4885 if (mac_addr)
4886 key.type = NL80211_KEYTYPE_PAIRWISE;
4887 else
4888 key.type = NL80211_KEYTYPE_GROUP;
4889 }
4890
4891 /* for now */
4892 if (key.type != NL80211_KEYTYPE_PAIRWISE &&
4893 key.type != NL80211_KEYTYPE_GROUP) {
4894 GENL_SET_ERR_MSG(info, "key type not pairwise or group");
4895 return -EINVAL;
4896 }
4897
4898 if (key.type == NL80211_KEYTYPE_GROUP &&
4899 info->attrs[NL80211_ATTR_VLAN_ID])
4900 key.p.vlan_id = nla_get_u16(info->attrs[NL80211_ATTR_VLAN_ID]);
4901
4902 if (!rdev->ops->add_key)
4903 return -EOPNOTSUPP;
4904
4905 if (cfg80211_validate_key_settings(rdev, &key.p, key.idx,
4906 key.type == NL80211_KEYTYPE_PAIRWISE,
4907 mac_addr)) {
4908 GENL_SET_ERR_MSG(info, "key setting validation failed");
4909 return -EINVAL;
4910 }
4911
4912 err = nl80211_key_allowed(wdev);
4913 if (err)
4914 GENL_SET_ERR_MSG(info, "key not allowed");
4915
4916 if (!err)
4917 err = nl80211_validate_key_link_id(info, wdev, link_id,
4918 key.type == NL80211_KEYTYPE_PAIRWISE);
4919
4920 if (!err) {
4921 err = rdev_add_key(rdev, dev, link_id, key.idx,
4922 key.type == NL80211_KEYTYPE_PAIRWISE,
4923 mac_addr, &key.p);
4924 if (err)
4925 GENL_SET_ERR_MSG(info, "key addition failed");
4926 }
4927
4928 return err;
4929 }
4930
4931 static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info)
4932 {
4933 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4934 int err;
4935 struct net_device *dev = info->user_ptr[1];
4936 u8 *mac_addr = NULL;
4937 struct key_parse key;
4938 int link_id = nl80211_link_id_or_invalid(info->attrs);
4939 struct wireless_dev *wdev = dev->ieee80211_ptr;
4940
4941 err = nl80211_parse_key(info, &key);
4942 if (err)
4943 return err;
4944
4945 if (info->attrs[NL80211_ATTR_MAC])
4946 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4947
4948 if (key.type == -1) {
4949 if (mac_addr)
4950 key.type = NL80211_KEYTYPE_PAIRWISE;
4951 else
4952 key.type = NL80211_KEYTYPE_GROUP;
4953 }
4954
4955 /* for now */
4956 if (key.type != NL80211_KEYTYPE_PAIRWISE &&
4957 key.type != NL80211_KEYTYPE_GROUP)
4958 return -EINVAL;
4959
4960 if (!cfg80211_valid_key_idx(rdev, key.idx,
4961 key.type == NL80211_KEYTYPE_PAIRWISE))
4962 return -EINVAL;
4963
4964 if (!rdev->ops->del_key)
4965 return -EOPNOTSUPP;
4966
4967 err = nl80211_key_allowed(wdev);
4968
4969 if (key.type == NL80211_KEYTYPE_GROUP && mac_addr &&
4970 !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
4971 err = -ENOENT;
4972
4973 if (!err)
4974 err = nl80211_validate_key_link_id(info, wdev, link_id,
4975 key.type == NL80211_KEYTYPE_PAIRWISE);
4976
4977 if (!err)
4978 err = rdev_del_key(rdev, dev, link_id, key.idx,
4979 key.type == NL80211_KEYTYPE_PAIRWISE,
4980 mac_addr);
4981
4982 #ifdef CONFIG_CFG80211_WEXT
4983 if (!err) {
4984 if (key.idx == wdev->wext.default_key)
4985 wdev->wext.default_key = -1;
4986 else if (key.idx == wdev->wext.default_mgmt_key)
4987 wdev->wext.default_mgmt_key = -1;
4988 }
4989 #endif
4990
4991 return err;
4992 }
4993
4994 /* This function returns an error or the number of nested attributes */
4995 static int validate_acl_mac_addrs(struct nlattr *nl_attr)
4996 {
4997 struct nlattr *attr;
4998 int n_entries = 0, tmp;
4999
5000 nla_for_each_nested(attr, nl_attr, tmp) {
5001 if (nla_len(attr) != ETH_ALEN)
5002 return -EINVAL;
5003
5004 n_entries++;
5005 }
5006
5007 return n_entries;
5008 }
5009
5010 /*
5011 * This function parses ACL information and allocates memory for ACL data.
5012 * On successful return, the calling function is responsible to free the
5013 * ACL buffer returned by this function.
5014 */
5015 static struct cfg80211_acl_data *parse_acl_data(struct wiphy *wiphy,
5016 struct genl_info *info)
5017 {
5018 enum nl80211_acl_policy acl_policy;
5019 struct nlattr *attr;
5020 struct cfg80211_acl_data *acl;
5021 int i = 0, n_entries, tmp;
5022
5023 if (!wiphy->max_acl_mac_addrs)
5024 return ERR_PTR(-EOPNOTSUPP);
5025
5026 if (!info->attrs[NL80211_ATTR_ACL_POLICY])
5027 return ERR_PTR(-EINVAL);
5028
5029 acl_policy = nla_get_u32(info->attrs[NL80211_ATTR_ACL_POLICY]);
5030 if (acl_policy != NL80211_ACL_POLICY_ACCEPT_UNLESS_LISTED &&
5031 acl_policy != NL80211_ACL_POLICY_DENY_UNLESS_LISTED)
5032 return ERR_PTR(-EINVAL);
5033
5034 if (!info->attrs[NL80211_ATTR_MAC_ADDRS])
5035 return ERR_PTR(-EINVAL);
5036
5037 n_entries = validate_acl_mac_addrs(info->attrs[NL80211_ATTR_MAC_ADDRS]);
5038 if (n_entries < 0)
5039 return ERR_PTR(n_entries);
5040
5041 if (n_entries > wiphy->max_acl_mac_addrs)
5042 return ERR_PTR(-EOPNOTSUPP);
5043
5044 acl = kzalloc(struct_size(acl, mac_addrs, n_entries), GFP_KERNEL);
5045 if (!acl)
5046 return ERR_PTR(-ENOMEM);
5047 acl->n_acl_entries = n_entries;
5048
5049 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_MAC_ADDRS], tmp) {
5050 memcpy(acl->mac_addrs[i].addr, nla_data(attr), ETH_ALEN);
5051 i++;
5052 }
5053 acl->acl_policy = acl_policy;
5054
5055 return acl;
5056 }
5057
5058 static int nl80211_set_mac_acl(struct sk_buff *skb, struct genl_info *info)
5059 {
5060 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5061 struct net_device *dev = info->user_ptr[1];
5062 struct cfg80211_acl_data *acl;
5063 int err;
5064
5065 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
5066 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
5067 return -EOPNOTSUPP;
5068
5069 if (!dev->ieee80211_ptr->links[0].ap.beacon_interval)
5070 return -EINVAL;
5071
5072 acl = parse_acl_data(&rdev->wiphy, info);
5073 if (IS_ERR(acl))
5074 return PTR_ERR(acl);
5075
5076 err = rdev_set_mac_acl(rdev, dev, acl);
5077
5078 kfree(acl);
5079
5080 return err;
5081 }
5082
5083 static u32 rateset_to_mask(struct ieee80211_supported_band *sband,
5084 u8 *rates, u8 rates_len)
5085 {
5086 u8 i;
5087 u32 mask = 0;
5088
5089 for (i = 0; i < rates_len; i++) {
5090 int rate = (rates[i] & 0x7f) * 5;
5091 int ridx;
5092
5093 for (ridx = 0; ridx < sband->n_bitrates; ridx++) {
5094 struct ieee80211_rate *srate =
5095 &sband->bitrates[ridx];
5096 if (rate == srate->bitrate) {
5097 mask |= 1 << ridx;
5098 break;
5099 }
5100 }
5101 if (ridx == sband->n_bitrates)
5102 return 0; /* rate not found */
5103 }
5104
5105 return mask;
5106 }
5107
5108 static bool ht_rateset_to_mask(struct ieee80211_supported_band *sband,
5109 u8 *rates, u8 rates_len,
5110 u8 mcs[IEEE80211_HT_MCS_MASK_LEN])
5111 {
5112 u8 i;
5113
5114 memset(mcs, 0, IEEE80211_HT_MCS_MASK_LEN);
5115
5116 for (i = 0; i < rates_len; i++) {
5117 int ridx, rbit;
5118
5119 ridx = rates[i] / 8;
5120 rbit = BIT(rates[i] % 8);
5121
5122 /* check validity */
5123 if ((ridx < 0) || (ridx >= IEEE80211_HT_MCS_MASK_LEN))
5124 return false;
5125
5126 /* check availability */
5127 ridx = array_index_nospec(ridx, IEEE80211_HT_MCS_MASK_LEN);
5128 if (sband->ht_cap.mcs.rx_mask[ridx] & rbit)
5129 mcs[ridx] |= rbit;
5130 else
5131 return false;
5132 }
5133
5134 return true;
5135 }
5136
5137 static u16 vht_mcs_map_to_mcs_mask(u8 vht_mcs_map)
5138 {
5139 u16 mcs_mask = 0;
5140
5141 switch (vht_mcs_map) {
5142 case IEEE80211_VHT_MCS_NOT_SUPPORTED:
5143 break;
5144 case IEEE80211_VHT_MCS_SUPPORT_0_7:
5145 mcs_mask = 0x00FF;
5146 break;
5147 case IEEE80211_VHT_MCS_SUPPORT_0_8:
5148 mcs_mask = 0x01FF;
5149 break;
5150 case IEEE80211_VHT_MCS_SUPPORT_0_9:
5151 mcs_mask = 0x03FF;
5152 break;
5153 default:
5154 break;
5155 }
5156
5157 return mcs_mask;
5158 }
5159
5160 static void vht_build_mcs_mask(u16 vht_mcs_map,
5161 u16 vht_mcs_mask[NL80211_VHT_NSS_MAX])
5162 {
5163 u8 nss;
5164
5165 for (nss = 0; nss < NL80211_VHT_NSS_MAX; nss++) {
5166 vht_mcs_mask[nss] = vht_mcs_map_to_mcs_mask(vht_mcs_map & 0x03);
5167 vht_mcs_map >>= 2;
5168 }
5169 }
5170
5171 static bool vht_set_mcs_mask(struct ieee80211_supported_band *sband,
5172 struct nl80211_txrate_vht *txrate,
5173 u16 mcs[NL80211_VHT_NSS_MAX])
5174 {
5175 u16 tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
5176 u16 tx_mcs_mask[NL80211_VHT_NSS_MAX] = {};
5177 u8 i;
5178
5179 if (!sband->vht_cap.vht_supported)
5180 return false;
5181
5182 memset(mcs, 0, sizeof(u16) * NL80211_VHT_NSS_MAX);
5183
5184 /* Build vht_mcs_mask from VHT capabilities */
5185 vht_build_mcs_mask(tx_mcs_map, tx_mcs_mask);
5186
5187 for (i = 0; i < NL80211_VHT_NSS_MAX; i++) {
5188 if ((tx_mcs_mask[i] & txrate->mcs[i]) == txrate->mcs[i])
5189 mcs[i] = txrate->mcs[i];
5190 else
5191 return false;
5192 }
5193
5194 return true;
5195 }
5196
5197 static u16 he_mcs_map_to_mcs_mask(u8 he_mcs_map)
5198 {
5199 switch (he_mcs_map) {
5200 case IEEE80211_HE_MCS_NOT_SUPPORTED:
5201 return 0;
5202 case IEEE80211_HE_MCS_SUPPORT_0_7:
5203 return 0x00FF;
5204 case IEEE80211_HE_MCS_SUPPORT_0_9:
5205 return 0x03FF;
5206 case IEEE80211_HE_MCS_SUPPORT_0_11:
5207 return 0xFFF;
5208 default:
5209 break;
5210 }
5211 return 0;
5212 }
5213
5214 static void he_build_mcs_mask(u16 he_mcs_map,
5215 u16 he_mcs_mask[NL80211_HE_NSS_MAX])
5216 {
5217 u8 nss;
5218
5219 for (nss = 0; nss < NL80211_HE_NSS_MAX; nss++) {
5220 he_mcs_mask[nss] = he_mcs_map_to_mcs_mask(he_mcs_map & 0x03);
5221 he_mcs_map >>= 2;
5222 }
5223 }
5224
5225 static u16 he_get_txmcsmap(struct genl_info *info, unsigned int link_id,
5226 const struct ieee80211_sta_he_cap *he_cap)
5227 {
5228 struct net_device *dev = info->user_ptr[1];
5229 struct wireless_dev *wdev = dev->ieee80211_ptr;
5230 struct cfg80211_chan_def *chandef;
5231 __le16 tx_mcs;
5232
5233 chandef = wdev_chandef(wdev, link_id);
5234 if (!chandef) {
5235 /*
5236 * This is probably broken, but we never maintained
5237 * a chandef in these cases, so it always was.
5238 */
5239 return le16_to_cpu(he_cap->he_mcs_nss_supp.tx_mcs_80);
5240 }
5241
5242 switch (chandef->width) {
5243 case NL80211_CHAN_WIDTH_80P80:
5244 tx_mcs = he_cap->he_mcs_nss_supp.tx_mcs_80p80;
5245 break;
5246 case NL80211_CHAN_WIDTH_160:
5247 tx_mcs = he_cap->he_mcs_nss_supp.tx_mcs_160;
5248 break;
5249 default:
5250 tx_mcs = he_cap->he_mcs_nss_supp.tx_mcs_80;
5251 break;
5252 }
5253
5254 return le16_to_cpu(tx_mcs);
5255 }
5256
5257 static bool he_set_mcs_mask(struct genl_info *info,
5258 struct wireless_dev *wdev,
5259 struct ieee80211_supported_band *sband,
5260 struct nl80211_txrate_he *txrate,
5261 u16 mcs[NL80211_HE_NSS_MAX],
5262 unsigned int link_id)
5263 {
5264 const struct ieee80211_sta_he_cap *he_cap;
5265 u16 tx_mcs_mask[NL80211_HE_NSS_MAX] = {};
5266 u16 tx_mcs_map = 0;
5267 u8 i;
5268
5269 he_cap = ieee80211_get_he_iftype_cap(sband, wdev->iftype);
5270 if (!he_cap)
5271 return false;
5272
5273 memset(mcs, 0, sizeof(u16) * NL80211_HE_NSS_MAX);
5274
5275 tx_mcs_map = he_get_txmcsmap(info, link_id, he_cap);
5276
5277 /* Build he_mcs_mask from HE capabilities */
5278 he_build_mcs_mask(tx_mcs_map, tx_mcs_mask);
5279
5280 for (i = 0; i < NL80211_HE_NSS_MAX; i++) {
5281 if ((tx_mcs_mask[i] & txrate->mcs[i]) == txrate->mcs[i])
5282 mcs[i] = txrate->mcs[i];
5283 else
5284 return false;
5285 }
5286
5287 return true;
5288 }
5289
5290 static int nl80211_parse_tx_bitrate_mask(struct genl_info *info,
5291 struct nlattr *attrs[],
5292 enum nl80211_attrs attr,
5293 struct cfg80211_bitrate_mask *mask,
5294 struct net_device *dev,
5295 bool default_all_enabled,
5296 unsigned int link_id)
5297 {
5298 struct nlattr *tb[NL80211_TXRATE_MAX + 1];
5299 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5300 struct wireless_dev *wdev = dev->ieee80211_ptr;
5301 int rem, i;
5302 struct nlattr *tx_rates;
5303 struct ieee80211_supported_band *sband;
5304 u16 vht_tx_mcs_map, he_tx_mcs_map;
5305
5306 memset(mask, 0, sizeof(*mask));
5307 /* Default to all rates enabled */
5308 for (i = 0; i < NUM_NL80211_BANDS; i++) {
5309 const struct ieee80211_sta_he_cap *he_cap;
5310
5311 if (!default_all_enabled)
5312 break;
5313
5314 sband = rdev->wiphy.bands[i];
5315
5316 if (!sband)
5317 continue;
5318
5319 mask->control[i].legacy = (1 << sband->n_bitrates) - 1;
5320 memcpy(mask->control[i].ht_mcs,
5321 sband->ht_cap.mcs.rx_mask,
5322 sizeof(mask->control[i].ht_mcs));
5323
5324 if (sband->vht_cap.vht_supported) {
5325 vht_tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
5326 vht_build_mcs_mask(vht_tx_mcs_map, mask->control[i].vht_mcs);
5327 }
5328
5329 he_cap = ieee80211_get_he_iftype_cap(sband, wdev->iftype);
5330 if (!he_cap)
5331 continue;
5332
5333 he_tx_mcs_map = he_get_txmcsmap(info, link_id, he_cap);
5334 he_build_mcs_mask(he_tx_mcs_map, mask->control[i].he_mcs);
5335
5336 mask->control[i].he_gi = 0xFF;
5337 mask->control[i].he_ltf = 0xFF;
5338 }
5339
5340 /* if no rates are given set it back to the defaults */
5341 if (!attrs[attr])
5342 goto out;
5343
5344 /* The nested attribute uses enum nl80211_band as the index. This maps
5345 * directly to the enum nl80211_band values used in cfg80211.
5346 */
5347 BUILD_BUG_ON(NL80211_MAX_SUPP_HT_RATES > IEEE80211_HT_MCS_MASK_LEN * 8);
5348 nla_for_each_nested(tx_rates, attrs[attr], rem) {
5349 enum nl80211_band band = nla_type(tx_rates);
5350 int err;
5351
5352 if (band < 0 || band >= NUM_NL80211_BANDS)
5353 return -EINVAL;
5354 sband = rdev->wiphy.bands[band];
5355 if (sband == NULL)
5356 return -EINVAL;
5357 err = nla_parse_nested_deprecated(tb, NL80211_TXRATE_MAX,
5358 tx_rates,
5359 nl80211_txattr_policy,
5360 info->extack);
5361 if (err)
5362 return err;
5363 if (tb[NL80211_TXRATE_LEGACY]) {
5364 mask->control[band].legacy = rateset_to_mask(
5365 sband,
5366 nla_data(tb[NL80211_TXRATE_LEGACY]),
5367 nla_len(tb[NL80211_TXRATE_LEGACY]));
5368 if ((mask->control[band].legacy == 0) &&
5369 nla_len(tb[NL80211_TXRATE_LEGACY]))
5370 return -EINVAL;
5371 }
5372 if (tb[NL80211_TXRATE_HT]) {
5373 if (!ht_rateset_to_mask(
5374 sband,
5375 nla_data(tb[NL80211_TXRATE_HT]),
5376 nla_len(tb[NL80211_TXRATE_HT]),
5377 mask->control[band].ht_mcs))
5378 return -EINVAL;
5379 }
5380
5381 if (tb[NL80211_TXRATE_VHT]) {
5382 if (!vht_set_mcs_mask(
5383 sband,
5384 nla_data(tb[NL80211_TXRATE_VHT]),
5385 mask->control[band].vht_mcs))
5386 return -EINVAL;
5387 }
5388
5389 if (tb[NL80211_TXRATE_GI]) {
5390 mask->control[band].gi =
5391 nla_get_u8(tb[NL80211_TXRATE_GI]);
5392 if (mask->control[band].gi > NL80211_TXRATE_FORCE_LGI)
5393 return -EINVAL;
5394 }
5395 if (tb[NL80211_TXRATE_HE] &&
5396 !he_set_mcs_mask(info, wdev, sband,
5397 nla_data(tb[NL80211_TXRATE_HE]),
5398 mask->control[band].he_mcs,
5399 link_id))
5400 return -EINVAL;
5401
5402 if (tb[NL80211_TXRATE_HE_GI])
5403 mask->control[band].he_gi =
5404 nla_get_u8(tb[NL80211_TXRATE_HE_GI]);
5405 if (tb[NL80211_TXRATE_HE_LTF])
5406 mask->control[band].he_ltf =
5407 nla_get_u8(tb[NL80211_TXRATE_HE_LTF]);
5408
5409 if (mask->control[band].legacy == 0) {
5410 /* don't allow empty legacy rates if HT, VHT or HE
5411 * are not even supported.
5412 */
5413 if (!(rdev->wiphy.bands[band]->ht_cap.ht_supported ||
5414 rdev->wiphy.bands[band]->vht_cap.vht_supported ||
5415 ieee80211_get_he_iftype_cap(sband, wdev->iftype)))
5416 return -EINVAL;
5417
5418 for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++)
5419 if (mask->control[band].ht_mcs[i])
5420 goto out;
5421
5422 for (i = 0; i < NL80211_VHT_NSS_MAX; i++)
5423 if (mask->control[band].vht_mcs[i])
5424 goto out;
5425
5426 for (i = 0; i < NL80211_HE_NSS_MAX; i++)
5427 if (mask->control[band].he_mcs[i])
5428 goto out;
5429
5430 /* legacy and mcs rates may not be both empty */
5431 return -EINVAL;
5432 }
5433 }
5434
5435 out:
5436 return 0;
5437 }
5438
5439 static int validate_beacon_tx_rate(struct cfg80211_registered_device *rdev,
5440 enum nl80211_band band,
5441 struct cfg80211_bitrate_mask *beacon_rate)
5442 {
5443 u32 count_ht, count_vht, count_he, i;
5444 u32 rate = beacon_rate->control[band].legacy;
5445
5446 /* Allow only one rate */
5447 if (hweight32(rate) > 1)
5448 return -EINVAL;
5449
5450 count_ht = 0;
5451 for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++) {
5452 if (hweight8(beacon_rate->control[band].ht_mcs[i]) > 1) {
5453 return -EINVAL;
5454 } else if (beacon_rate->control[band].ht_mcs[i]) {
5455 count_ht++;
5456 if (count_ht > 1)
5457 return -EINVAL;
5458 }
5459 if (count_ht && rate)
5460 return -EINVAL;
5461 }
5462
5463 count_vht = 0;
5464 for (i = 0; i < NL80211_VHT_NSS_MAX; i++) {
5465 if (hweight16(beacon_rate->control[band].vht_mcs[i]) > 1) {
5466 return -EINVAL;
5467 } else if (beacon_rate->control[band].vht_mcs[i]) {
5468 count_vht++;
5469 if (count_vht > 1)
5470 return -EINVAL;
5471 }
5472 if (count_vht && rate)
5473 return -EINVAL;
5474 }
5475
5476 count_he = 0;
5477 for (i = 0; i < NL80211_HE_NSS_MAX; i++) {
5478 if (hweight16(beacon_rate->control[band].he_mcs[i]) > 1) {
5479 return -EINVAL;
5480 } else if (beacon_rate->control[band].he_mcs[i]) {
5481 count_he++;
5482 if (count_he > 1)
5483 return -EINVAL;
5484 }
5485 if (count_he && rate)
5486 return -EINVAL;
5487 }
5488
5489 if ((count_ht && count_vht && count_he) ||
5490 (!rate && !count_ht && !count_vht && !count_he))
5491 return -EINVAL;
5492
5493 if (rate &&
5494 !wiphy_ext_feature_isset(&rdev->wiphy,
5495 NL80211_EXT_FEATURE_BEACON_RATE_LEGACY))
5496 return -EINVAL;
5497 if (count_ht &&
5498 !wiphy_ext_feature_isset(&rdev->wiphy,
5499 NL80211_EXT_FEATURE_BEACON_RATE_HT))
5500 return -EINVAL;
5501 if (count_vht &&
5502 !wiphy_ext_feature_isset(&rdev->wiphy,
5503 NL80211_EXT_FEATURE_BEACON_RATE_VHT))
5504 return -EINVAL;
5505 if (count_he &&
5506 !wiphy_ext_feature_isset(&rdev->wiphy,
5507 NL80211_EXT_FEATURE_BEACON_RATE_HE))
5508 return -EINVAL;
5509
5510 return 0;
5511 }
5512
5513 static int nl80211_parse_mbssid_config(struct wiphy *wiphy,
5514 struct net_device *dev,
5515 struct nlattr *attrs,
5516 struct cfg80211_mbssid_config *config,
5517 u8 num_elems)
5518 {
5519 struct nlattr *tb[NL80211_MBSSID_CONFIG_ATTR_MAX + 1];
5520
5521 if (!wiphy->mbssid_max_interfaces)
5522 return -EOPNOTSUPP;
5523
5524 if (nla_parse_nested(tb, NL80211_MBSSID_CONFIG_ATTR_MAX, attrs, NULL,
5525 NULL) ||
5526 !tb[NL80211_MBSSID_CONFIG_ATTR_INDEX])
5527 return -EINVAL;
5528
5529 config->ema = nla_get_flag(tb[NL80211_MBSSID_CONFIG_ATTR_EMA]);
5530 if (config->ema) {
5531 if (!wiphy->ema_max_profile_periodicity)
5532 return -EOPNOTSUPP;
5533
5534 if (num_elems > wiphy->ema_max_profile_periodicity)
5535 return -EINVAL;
5536 }
5537
5538 config->index = nla_get_u8(tb[NL80211_MBSSID_CONFIG_ATTR_INDEX]);
5539 if (config->index >= wiphy->mbssid_max_interfaces ||
5540 (!config->index && !num_elems))
5541 return -EINVAL;
5542
5543 if (tb[NL80211_MBSSID_CONFIG_ATTR_TX_IFINDEX]) {
5544 u32 tx_ifindex =
5545 nla_get_u32(tb[NL80211_MBSSID_CONFIG_ATTR_TX_IFINDEX]);
5546
5547 if ((!config->index && tx_ifindex != dev->ifindex) ||
5548 (config->index && tx_ifindex == dev->ifindex))
5549 return -EINVAL;
5550
5551 if (tx_ifindex != dev->ifindex) {
5552 struct net_device *tx_netdev =
5553 dev_get_by_index(wiphy_net(wiphy), tx_ifindex);
5554
5555 if (!tx_netdev || !tx_netdev->ieee80211_ptr ||
5556 tx_netdev->ieee80211_ptr->wiphy != wiphy ||
5557 tx_netdev->ieee80211_ptr->iftype !=
5558 NL80211_IFTYPE_AP) {
5559 dev_put(tx_netdev);
5560 return -EINVAL;
5561 }
5562
5563 config->tx_wdev = tx_netdev->ieee80211_ptr;
5564 } else {
5565 config->tx_wdev = dev->ieee80211_ptr;
5566 }
5567 } else if (!config->index) {
5568 config->tx_wdev = dev->ieee80211_ptr;
5569 } else {
5570 return -EINVAL;
5571 }
5572
5573 return 0;
5574 }
5575
5576 static struct cfg80211_mbssid_elems *
5577 nl80211_parse_mbssid_elems(struct wiphy *wiphy, struct nlattr *attrs)
5578 {
5579 struct nlattr *nl_elems;
5580 struct cfg80211_mbssid_elems *elems;
5581 int rem_elems;
5582 u8 i = 0, num_elems = 0;
5583
5584 if (!wiphy->mbssid_max_interfaces)
5585 return ERR_PTR(-EINVAL);
5586
5587 nla_for_each_nested(nl_elems, attrs, rem_elems) {
5588 if (num_elems >= 255)
5589 return ERR_PTR(-EINVAL);
5590 num_elems++;
5591 }
5592
5593 elems = kzalloc(struct_size(elems, elem, num_elems), GFP_KERNEL);
5594 if (!elems)
5595 return ERR_PTR(-ENOMEM);
5596 elems->cnt = num_elems;
5597
5598 nla_for_each_nested(nl_elems, attrs, rem_elems) {
5599 elems->elem[i].data = nla_data(nl_elems);
5600 elems->elem[i].len = nla_len(nl_elems);
5601 i++;
5602 }
5603 return elems;
5604 }
5605
5606 static struct cfg80211_rnr_elems *
5607 nl80211_parse_rnr_elems(struct wiphy *wiphy, struct nlattr *attrs,
5608 struct netlink_ext_ack *extack)
5609 {
5610 struct nlattr *nl_elems;
5611 struct cfg80211_rnr_elems *elems;
5612 int rem_elems;
5613 u8 i = 0, num_elems = 0;
5614
5615 nla_for_each_nested(nl_elems, attrs, rem_elems) {
5616 int ret;
5617
5618 ret = validate_ie_attr(nl_elems, extack);
5619 if (ret)
5620 return ERR_PTR(ret);
5621
5622 num_elems++;
5623 }
5624
5625 elems = kzalloc(struct_size(elems, elem, num_elems), GFP_KERNEL);
5626 if (!elems)
5627 return ERR_PTR(-ENOMEM);
5628 elems->cnt = num_elems;
5629
5630 nla_for_each_nested(nl_elems, attrs, rem_elems) {
5631 elems->elem[i].data = nla_data(nl_elems);
5632 elems->elem[i].len = nla_len(nl_elems);
5633 i++;
5634 }
5635 return elems;
5636 }
5637
5638 static int nl80211_parse_he_bss_color(struct nlattr *attrs,
5639 struct cfg80211_he_bss_color *he_bss_color)
5640 {
5641 struct nlattr *tb[NL80211_HE_BSS_COLOR_ATTR_MAX + 1];
5642 int err;
5643
5644 err = nla_parse_nested(tb, NL80211_HE_BSS_COLOR_ATTR_MAX, attrs,
5645 he_bss_color_policy, NULL);
5646 if (err)
5647 return err;
5648
5649 if (!tb[NL80211_HE_BSS_COLOR_ATTR_COLOR])
5650 return -EINVAL;
5651
5652 he_bss_color->color =
5653 nla_get_u8(tb[NL80211_HE_BSS_COLOR_ATTR_COLOR]);
5654 he_bss_color->enabled =
5655 !nla_get_flag(tb[NL80211_HE_BSS_COLOR_ATTR_DISABLED]);
5656 he_bss_color->partial =
5657 nla_get_flag(tb[NL80211_HE_BSS_COLOR_ATTR_PARTIAL]);
5658
5659 return 0;
5660 }
5661
5662 static int nl80211_parse_beacon(struct cfg80211_registered_device *rdev,
5663 struct nlattr *attrs[],
5664 struct cfg80211_beacon_data *bcn,
5665 struct netlink_ext_ack *extack)
5666 {
5667 bool haveinfo = false;
5668 int err;
5669
5670 memset(bcn, 0, sizeof(*bcn));
5671
5672 bcn->link_id = nl80211_link_id(attrs);
5673
5674 if (attrs[NL80211_ATTR_BEACON_HEAD]) {
5675 bcn->head = nla_data(attrs[NL80211_ATTR_BEACON_HEAD]);
5676 bcn->head_len = nla_len(attrs[NL80211_ATTR_BEACON_HEAD]);
5677 if (!bcn->head_len)
5678 return -EINVAL;
5679 haveinfo = true;
5680 }
5681
5682 if (attrs[NL80211_ATTR_BEACON_TAIL]) {
5683 bcn->tail = nla_data(attrs[NL80211_ATTR_BEACON_TAIL]);
5684 bcn->tail_len = nla_len(attrs[NL80211_ATTR_BEACON_TAIL]);
5685 haveinfo = true;
5686 }
5687
5688 if (!haveinfo)
5689 return -EINVAL;
5690
5691 if (attrs[NL80211_ATTR_IE]) {
5692 bcn->beacon_ies = nla_data(attrs[NL80211_ATTR_IE]);
5693 bcn->beacon_ies_len = nla_len(attrs[NL80211_ATTR_IE]);
5694 }
5695
5696 if (attrs[NL80211_ATTR_IE_PROBE_RESP]) {
5697 bcn->proberesp_ies =
5698 nla_data(attrs[NL80211_ATTR_IE_PROBE_RESP]);
5699 bcn->proberesp_ies_len =
5700 nla_len(attrs[NL80211_ATTR_IE_PROBE_RESP]);
5701 }
5702
5703 if (attrs[NL80211_ATTR_IE_ASSOC_RESP]) {
5704 bcn->assocresp_ies =
5705 nla_data(attrs[NL80211_ATTR_IE_ASSOC_RESP]);
5706 bcn->assocresp_ies_len =
5707 nla_len(attrs[NL80211_ATTR_IE_ASSOC_RESP]);
5708 }
5709
5710 if (attrs[NL80211_ATTR_PROBE_RESP]) {
5711 bcn->probe_resp = nla_data(attrs[NL80211_ATTR_PROBE_RESP]);
5712 bcn->probe_resp_len = nla_len(attrs[NL80211_ATTR_PROBE_RESP]);
5713 }
5714
5715 if (attrs[NL80211_ATTR_FTM_RESPONDER]) {
5716 struct nlattr *tb[NL80211_FTM_RESP_ATTR_MAX + 1];
5717
5718 err = nla_parse_nested_deprecated(tb,
5719 NL80211_FTM_RESP_ATTR_MAX,
5720 attrs[NL80211_ATTR_FTM_RESPONDER],
5721 NULL, NULL);
5722 if (err)
5723 return err;
5724
5725 if (tb[NL80211_FTM_RESP_ATTR_ENABLED] &&
5726 wiphy_ext_feature_isset(&rdev->wiphy,
5727 NL80211_EXT_FEATURE_ENABLE_FTM_RESPONDER))
5728 bcn->ftm_responder = 1;
5729 else
5730 return -EOPNOTSUPP;
5731
5732 if (tb[NL80211_FTM_RESP_ATTR_LCI]) {
5733 bcn->lci = nla_data(tb[NL80211_FTM_RESP_ATTR_LCI]);
5734 bcn->lci_len = nla_len(tb[NL80211_FTM_RESP_ATTR_LCI]);
5735 }
5736
5737 if (tb[NL80211_FTM_RESP_ATTR_CIVICLOC]) {
5738 bcn->civicloc = nla_data(tb[NL80211_FTM_RESP_ATTR_CIVICLOC]);
5739 bcn->civicloc_len = nla_len(tb[NL80211_FTM_RESP_ATTR_CIVICLOC]);
5740 }
5741 } else {
5742 bcn->ftm_responder = -1;
5743 }
5744
5745 if (attrs[NL80211_ATTR_HE_BSS_COLOR]) {
5746 err = nl80211_parse_he_bss_color(attrs[NL80211_ATTR_HE_BSS_COLOR],
5747 &bcn->he_bss_color);
5748 if (err)
5749 return err;
5750 bcn->he_bss_color_valid = true;
5751 }
5752
5753 if (attrs[NL80211_ATTR_MBSSID_ELEMS]) {
5754 struct cfg80211_mbssid_elems *mbssid =
5755 nl80211_parse_mbssid_elems(&rdev->wiphy,
5756 attrs[NL80211_ATTR_MBSSID_ELEMS]);
5757
5758 if (IS_ERR(mbssid))
5759 return PTR_ERR(mbssid);
5760
5761 bcn->mbssid_ies = mbssid;
5762
5763 if (bcn->mbssid_ies && attrs[NL80211_ATTR_EMA_RNR_ELEMS]) {
5764 struct cfg80211_rnr_elems *rnr =
5765 nl80211_parse_rnr_elems(&rdev->wiphy,
5766 attrs[NL80211_ATTR_EMA_RNR_ELEMS],
5767 extack);
5768
5769 if (IS_ERR(rnr))
5770 return PTR_ERR(rnr);
5771
5772 if (rnr && rnr->cnt < bcn->mbssid_ies->cnt)
5773 return -EINVAL;
5774
5775 bcn->rnr_ies = rnr;
5776 }
5777 }
5778
5779 return 0;
5780 }
5781
5782 static int nl80211_parse_he_obss_pd(struct nlattr *attrs,
5783 struct ieee80211_he_obss_pd *he_obss_pd)
5784 {
5785 struct nlattr *tb[NL80211_HE_OBSS_PD_ATTR_MAX + 1];
5786 int err;
5787
5788 err = nla_parse_nested(tb, NL80211_HE_OBSS_PD_ATTR_MAX, attrs,
5789 he_obss_pd_policy, NULL);
5790 if (err)
5791 return err;
5792
5793 if (!tb[NL80211_HE_OBSS_PD_ATTR_SR_CTRL])
5794 return -EINVAL;
5795
5796 he_obss_pd->sr_ctrl = nla_get_u8(tb[NL80211_HE_OBSS_PD_ATTR_SR_CTRL]);
5797
5798 if (tb[NL80211_HE_OBSS_PD_ATTR_MIN_OFFSET])
5799 he_obss_pd->min_offset =
5800 nla_get_u8(tb[NL80211_HE_OBSS_PD_ATTR_MIN_OFFSET]);
5801 if (tb[NL80211_HE_OBSS_PD_ATTR_MAX_OFFSET])
5802 he_obss_pd->max_offset =
5803 nla_get_u8(tb[NL80211_HE_OBSS_PD_ATTR_MAX_OFFSET]);
5804 if (tb[NL80211_HE_OBSS_PD_ATTR_NON_SRG_MAX_OFFSET])
5805 he_obss_pd->non_srg_max_offset =
5806 nla_get_u8(tb[NL80211_HE_OBSS_PD_ATTR_NON_SRG_MAX_OFFSET]);
5807
5808 if (he_obss_pd->min_offset > he_obss_pd->max_offset)
5809 return -EINVAL;
5810
5811 if (tb[NL80211_HE_OBSS_PD_ATTR_BSS_COLOR_BITMAP])
5812 memcpy(he_obss_pd->bss_color_bitmap,
5813 nla_data(tb[NL80211_HE_OBSS_PD_ATTR_BSS_COLOR_BITMAP]),
5814 sizeof(he_obss_pd->bss_color_bitmap));
5815
5816 if (tb[NL80211_HE_OBSS_PD_ATTR_PARTIAL_BSSID_BITMAP])
5817 memcpy(he_obss_pd->partial_bssid_bitmap,
5818 nla_data(tb[NL80211_HE_OBSS_PD_ATTR_PARTIAL_BSSID_BITMAP]),
5819 sizeof(he_obss_pd->partial_bssid_bitmap));
5820
5821 he_obss_pd->enable = true;
5822
5823 return 0;
5824 }
5825
5826 static int nl80211_parse_fils_discovery(struct cfg80211_registered_device *rdev,
5827 struct nlattr *attrs,
5828 struct cfg80211_fils_discovery *fd)
5829 {
5830 struct nlattr *tb[NL80211_FILS_DISCOVERY_ATTR_MAX + 1];
5831 int ret;
5832
5833 if (!wiphy_ext_feature_isset(&rdev->wiphy,
5834 NL80211_EXT_FEATURE_FILS_DISCOVERY))
5835 return -EINVAL;
5836
5837 ret = nla_parse_nested(tb, NL80211_FILS_DISCOVERY_ATTR_MAX, attrs,
5838 NULL, NULL);
5839 if (ret)
5840 return ret;
5841
5842 if (!tb[NL80211_FILS_DISCOVERY_ATTR_INT_MIN] &&
5843 !tb[NL80211_FILS_DISCOVERY_ATTR_INT_MAX] &&
5844 !tb[NL80211_FILS_DISCOVERY_ATTR_TMPL]) {
5845 fd->update = true;
5846 return 0;
5847 }
5848
5849 if (!tb[NL80211_FILS_DISCOVERY_ATTR_INT_MIN] ||
5850 !tb[NL80211_FILS_DISCOVERY_ATTR_INT_MAX] ||
5851 !tb[NL80211_FILS_DISCOVERY_ATTR_TMPL])
5852 return -EINVAL;
5853
5854 fd->tmpl_len = nla_len(tb[NL80211_FILS_DISCOVERY_ATTR_TMPL]);
5855 fd->tmpl = nla_data(tb[NL80211_FILS_DISCOVERY_ATTR_TMPL]);
5856 fd->min_interval = nla_get_u32(tb[NL80211_FILS_DISCOVERY_ATTR_INT_MIN]);
5857 fd->max_interval = nla_get_u32(tb[NL80211_FILS_DISCOVERY_ATTR_INT_MAX]);
5858 fd->update = true;
5859 return 0;
5860 }
5861
5862 static int
5863 nl80211_parse_unsol_bcast_probe_resp(struct cfg80211_registered_device *rdev,
5864 struct nlattr *attrs,
5865 struct cfg80211_unsol_bcast_probe_resp *presp)
5866 {
5867 struct nlattr *tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_MAX + 1];
5868 int ret;
5869
5870 if (!wiphy_ext_feature_isset(&rdev->wiphy,
5871 NL80211_EXT_FEATURE_UNSOL_BCAST_PROBE_RESP))
5872 return -EINVAL;
5873
5874 ret = nla_parse_nested(tb, NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_MAX,
5875 attrs, NULL, NULL);
5876 if (ret)
5877 return ret;
5878
5879 if (!tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_INT] &&
5880 !tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_TMPL]) {
5881 presp->update = true;
5882 return 0;
5883 }
5884
5885 if (!tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_INT] ||
5886 !tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_TMPL])
5887 return -EINVAL;
5888
5889 presp->tmpl = nla_data(tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_TMPL]);
5890 presp->tmpl_len = nla_len(tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_TMPL]);
5891 presp->interval = nla_get_u32(tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_INT]);
5892 presp->update = true;
5893 return 0;
5894 }
5895
5896 static void nl80211_check_ap_rate_selectors(struct cfg80211_ap_settings *params,
5897 const struct element *rates)
5898 {
5899 int i;
5900
5901 if (!rates)
5902 return;
5903
5904 for (i = 0; i < rates->datalen; i++) {
5905 if (rates->data[i] == BSS_MEMBERSHIP_SELECTOR_HT_PHY)
5906 params->ht_required = true;
5907 if (rates->data[i] == BSS_MEMBERSHIP_SELECTOR_VHT_PHY)
5908 params->vht_required = true;
5909 if (rates->data[i] == BSS_MEMBERSHIP_SELECTOR_HE_PHY)
5910 params->he_required = true;
5911 if (rates->data[i] == BSS_MEMBERSHIP_SELECTOR_SAE_H2E)
5912 params->sae_h2e_required = true;
5913 }
5914 }
5915
5916 /*
5917 * Since the nl80211 API didn't include, from the beginning, attributes about
5918 * HT/VHT requirements/capabilities, we parse them out of the IEs for the
5919 * benefit of drivers that rebuild IEs in the firmware.
5920 */
5921 static int nl80211_calculate_ap_params(struct cfg80211_ap_settings *params)
5922 {
5923 const struct cfg80211_beacon_data *bcn = &params->beacon;
5924 size_t ies_len = bcn->tail_len;
5925 const u8 *ies = bcn->tail;
5926 const struct element *rates;
5927 const struct element *cap;
5928
5929 rates = cfg80211_find_elem(WLAN_EID_SUPP_RATES, ies, ies_len);
5930 nl80211_check_ap_rate_selectors(params, rates);
5931
5932 rates = cfg80211_find_elem(WLAN_EID_EXT_SUPP_RATES, ies, ies_len);
5933 nl80211_check_ap_rate_selectors(params, rates);
5934
5935 cap = cfg80211_find_elem(WLAN_EID_HT_CAPABILITY, ies, ies_len);
5936 if (cap && cap->datalen >= sizeof(*params->ht_cap))
5937 params->ht_cap = (void *)cap->data;
5938 cap = cfg80211_find_elem(WLAN_EID_VHT_CAPABILITY, ies, ies_len);
5939 if (cap && cap->datalen >= sizeof(*params->vht_cap))
5940 params->vht_cap = (void *)cap->data;
5941 cap = cfg80211_find_ext_elem(WLAN_EID_EXT_HE_CAPABILITY, ies, ies_len);
5942 if (cap && cap->datalen >= sizeof(*params->he_cap) + 1)
5943 params->he_cap = (void *)(cap->data + 1);
5944 cap = cfg80211_find_ext_elem(WLAN_EID_EXT_HE_OPERATION, ies, ies_len);
5945 if (cap && cap->datalen >= sizeof(*params->he_oper) + 1)
5946 params->he_oper = (void *)(cap->data + 1);
5947 cap = cfg80211_find_ext_elem(WLAN_EID_EXT_EHT_CAPABILITY, ies, ies_len);
5948 if (cap) {
5949 if (!cap->datalen)
5950 return -EINVAL;
5951 params->eht_cap = (void *)(cap->data + 1);
5952 if (!ieee80211_eht_capa_size_ok((const u8 *)params->he_cap,
5953 (const u8 *)params->eht_cap,
5954 cap->datalen - 1, true))
5955 return -EINVAL;
5956 }
5957 cap = cfg80211_find_ext_elem(WLAN_EID_EXT_EHT_OPERATION, ies, ies_len);
5958 if (cap) {
5959 if (!cap->datalen)
5960 return -EINVAL;
5961 params->eht_oper = (void *)(cap->data + 1);
5962 if (!ieee80211_eht_oper_size_ok((const u8 *)params->eht_oper,
5963 cap->datalen - 1))
5964 return -EINVAL;
5965 }
5966 return 0;
5967 }
5968
5969 static bool nl80211_get_ap_channel(struct cfg80211_registered_device *rdev,
5970 struct cfg80211_ap_settings *params)
5971 {
5972 struct wireless_dev *wdev;
5973
5974 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
5975 if (wdev->iftype != NL80211_IFTYPE_AP &&
5976 wdev->iftype != NL80211_IFTYPE_P2P_GO)
5977 continue;
5978
5979 if (!wdev->u.ap.preset_chandef.chan)
5980 continue;
5981
5982 params->chandef = wdev->u.ap.preset_chandef;
5983 return true;
5984 }
5985
5986 return false;
5987 }
5988
5989 static bool nl80211_valid_auth_type(struct cfg80211_registered_device *rdev,
5990 enum nl80211_auth_type auth_type,
5991 enum nl80211_commands cmd)
5992 {
5993 if (auth_type > NL80211_AUTHTYPE_MAX)
5994 return false;
5995
5996 switch (cmd) {
5997 case NL80211_CMD_AUTHENTICATE:
5998 if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) &&
5999 auth_type == NL80211_AUTHTYPE_SAE)
6000 return false;
6001 if (!wiphy_ext_feature_isset(&rdev->wiphy,
6002 NL80211_EXT_FEATURE_FILS_STA) &&
6003 (auth_type == NL80211_AUTHTYPE_FILS_SK ||
6004 auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
6005 auth_type == NL80211_AUTHTYPE_FILS_PK))
6006 return false;
6007 return true;
6008 case NL80211_CMD_CONNECT:
6009 if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) &&
6010 !wiphy_ext_feature_isset(&rdev->wiphy,
6011 NL80211_EXT_FEATURE_SAE_OFFLOAD) &&
6012 auth_type == NL80211_AUTHTYPE_SAE)
6013 return false;
6014
6015 /* FILS with SK PFS or PK not supported yet */
6016 if (auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
6017 auth_type == NL80211_AUTHTYPE_FILS_PK)
6018 return false;
6019 if (!wiphy_ext_feature_isset(
6020 &rdev->wiphy,
6021 NL80211_EXT_FEATURE_FILS_SK_OFFLOAD) &&
6022 auth_type == NL80211_AUTHTYPE_FILS_SK)
6023 return false;
6024 return true;
6025 case NL80211_CMD_START_AP:
6026 if (!wiphy_ext_feature_isset(&rdev->wiphy,
6027 NL80211_EXT_FEATURE_SAE_OFFLOAD_AP) &&
6028 auth_type == NL80211_AUTHTYPE_SAE)
6029 return false;
6030 /* FILS not supported yet */
6031 if (auth_type == NL80211_AUTHTYPE_FILS_SK ||
6032 auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
6033 auth_type == NL80211_AUTHTYPE_FILS_PK)
6034 return false;
6035 return true;
6036 default:
6037 return false;
6038 }
6039 }
6040
6041 static void nl80211_send_ap_started(struct wireless_dev *wdev,
6042 unsigned int link_id)
6043 {
6044 struct wiphy *wiphy = wdev->wiphy;
6045 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
6046 struct sk_buff *msg;
6047 void *hdr;
6048
6049 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
6050 if (!msg)
6051 return;
6052
6053 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_START_AP);
6054 if (!hdr)
6055 goto out;
6056
6057 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
6058 nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex) ||
6059 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
6060 NL80211_ATTR_PAD) ||
6061 (wdev->u.ap.ssid_len &&
6062 nla_put(msg, NL80211_ATTR_SSID, wdev->u.ap.ssid_len,
6063 wdev->u.ap.ssid)) ||
6064 (wdev->valid_links &&
6065 nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link_id)))
6066 goto out;
6067
6068 genlmsg_end(msg, hdr);
6069
6070 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(wiphy), msg, 0,
6071 NL80211_MCGRP_MLME, GFP_KERNEL);
6072 return;
6073 out:
6074 nlmsg_free(msg);
6075 }
6076
6077 static int nl80211_validate_ap_phy_operation(struct cfg80211_ap_settings *params)
6078 {
6079 struct ieee80211_channel *channel = params->chandef.chan;
6080
6081 if ((params->he_cap || params->he_oper) &&
6082 (channel->flags & IEEE80211_CHAN_NO_HE))
6083 return -EOPNOTSUPP;
6084
6085 if ((params->eht_cap || params->eht_oper) &&
6086 (channel->flags & IEEE80211_CHAN_NO_EHT))
6087 return -EOPNOTSUPP;
6088
6089 return 0;
6090 }
6091
6092 static int nl80211_start_ap(struct sk_buff *skb, struct genl_info *info)
6093 {
6094 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6095 struct cfg80211_beaconing_check_config beacon_check = {};
6096 unsigned int link_id = nl80211_link_id(info->attrs);
6097 struct net_device *dev = info->user_ptr[1];
6098 struct wireless_dev *wdev = dev->ieee80211_ptr;
6099 struct cfg80211_ap_settings *params;
6100 int err;
6101
6102 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
6103 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
6104 return -EOPNOTSUPP;
6105
6106 if (!rdev->ops->start_ap)
6107 return -EOPNOTSUPP;
6108
6109 if (wdev->links[link_id].cac_started)
6110 return -EBUSY;
6111
6112 if (wdev->links[link_id].ap.beacon_interval)
6113 return -EALREADY;
6114
6115 /* these are required for START_AP */
6116 if (!info->attrs[NL80211_ATTR_BEACON_INTERVAL] ||
6117 !info->attrs[NL80211_ATTR_DTIM_PERIOD] ||
6118 !info->attrs[NL80211_ATTR_BEACON_HEAD])
6119 return -EINVAL;
6120
6121 if (info->attrs[NL80211_ATTR_SMPS_MODE] &&
6122 nla_get_u8(info->attrs[NL80211_ATTR_SMPS_MODE]) != NL80211_SMPS_OFF)
6123 return -EOPNOTSUPP;
6124
6125 params = kzalloc(sizeof(*params), GFP_KERNEL);
6126 if (!params)
6127 return -ENOMEM;
6128
6129 err = nl80211_parse_beacon(rdev, info->attrs, &params->beacon,
6130 info->extack);
6131 if (err)
6132 goto out;
6133
6134 params->beacon_interval =
6135 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
6136 params->dtim_period =
6137 nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
6138
6139 err = cfg80211_validate_beacon_int(rdev, dev->ieee80211_ptr->iftype,
6140 params->beacon_interval);
6141 if (err)
6142 goto out;
6143
6144 /*
6145 * In theory, some of these attributes should be required here
6146 * but since they were not used when the command was originally
6147 * added, keep them optional for old user space programs to let
6148 * them continue to work with drivers that do not need the
6149 * additional information -- drivers must check!
6150 */
6151 if (info->attrs[NL80211_ATTR_SSID]) {
6152 params->ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
6153 params->ssid_len =
6154 nla_len(info->attrs[NL80211_ATTR_SSID]);
6155 if (params->ssid_len == 0) {
6156 err = -EINVAL;
6157 goto out;
6158 }
6159
6160 if (wdev->u.ap.ssid_len &&
6161 (wdev->u.ap.ssid_len != params->ssid_len ||
6162 memcmp(wdev->u.ap.ssid, params->ssid, params->ssid_len))) {
6163 /* require identical SSID for MLO */
6164 err = -EINVAL;
6165 goto out;
6166 }
6167 } else if (wdev->valid_links) {
6168 /* require SSID for MLO */
6169 err = -EINVAL;
6170 goto out;
6171 }
6172
6173 if (info->attrs[NL80211_ATTR_HIDDEN_SSID])
6174 params->hidden_ssid = nla_get_u32(
6175 info->attrs[NL80211_ATTR_HIDDEN_SSID]);
6176
6177 params->privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
6178
6179 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
6180 params->auth_type = nla_get_u32(
6181 info->attrs[NL80211_ATTR_AUTH_TYPE]);
6182 if (!nl80211_valid_auth_type(rdev, params->auth_type,
6183 NL80211_CMD_START_AP)) {
6184 err = -EINVAL;
6185 goto out;
6186 }
6187 } else
6188 params->auth_type = NL80211_AUTHTYPE_AUTOMATIC;
6189
6190 err = nl80211_crypto_settings(rdev, info, &params->crypto,
6191 NL80211_MAX_NR_CIPHER_SUITES);
6192 if (err)
6193 goto out;
6194
6195 if (info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]) {
6196 if (!(rdev->wiphy.features & NL80211_FEATURE_INACTIVITY_TIMER)) {
6197 err = -EOPNOTSUPP;
6198 goto out;
6199 }
6200 params->inactivity_timeout = nla_get_u16(
6201 info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]);
6202 }
6203
6204 if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
6205 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) {
6206 err = -EINVAL;
6207 goto out;
6208 }
6209 params->p2p_ctwindow =
6210 nla_get_u8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
6211 if (params->p2p_ctwindow != 0 &&
6212 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN)) {
6213 err = -EINVAL;
6214 goto out;
6215 }
6216 }
6217
6218 if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
6219 u8 tmp;
6220
6221 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) {
6222 err = -EINVAL;
6223 goto out;
6224 }
6225 tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
6226 params->p2p_opp_ps = tmp;
6227 if (params->p2p_opp_ps != 0 &&
6228 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS)) {
6229 err = -EINVAL;
6230 goto out;
6231 }
6232 }
6233
6234 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
6235 err = nl80211_parse_chandef(rdev, info, &params->chandef);
6236 if (err)
6237 goto out;
6238 } else if (wdev->valid_links) {
6239 /* with MLD need to specify the channel configuration */
6240 err = -EINVAL;
6241 goto out;
6242 } else if (wdev->u.ap.preset_chandef.chan) {
6243 params->chandef = wdev->u.ap.preset_chandef;
6244 } else if (!nl80211_get_ap_channel(rdev, params)) {
6245 err = -EINVAL;
6246 goto out;
6247 }
6248
6249 beacon_check.iftype = wdev->iftype;
6250 beacon_check.relax = true;
6251 beacon_check.reg_power =
6252 cfg80211_get_6ghz_power_type(params->beacon.tail,
6253 params->beacon.tail_len);
6254 if (!cfg80211_reg_check_beaconing(&rdev->wiphy, &params->chandef,
6255 &beacon_check)) {
6256 err = -EINVAL;
6257 goto out;
6258 }
6259
6260 if (info->attrs[NL80211_ATTR_TX_RATES]) {
6261 err = nl80211_parse_tx_bitrate_mask(info, info->attrs,
6262 NL80211_ATTR_TX_RATES,
6263 &params->beacon_rate,
6264 dev, false, link_id);
6265 if (err)
6266 goto out;
6267
6268 err = validate_beacon_tx_rate(rdev, params->chandef.chan->band,
6269 &params->beacon_rate);
6270 if (err)
6271 goto out;
6272 }
6273
6274 params->pbss = nla_get_flag(info->attrs[NL80211_ATTR_PBSS]);
6275 if (params->pbss && !rdev->wiphy.bands[NL80211_BAND_60GHZ]) {
6276 err = -EOPNOTSUPP;
6277 goto out;
6278 }
6279
6280 if (info->attrs[NL80211_ATTR_ACL_POLICY]) {
6281 params->acl = parse_acl_data(&rdev->wiphy, info);
6282 if (IS_ERR(params->acl)) {
6283 err = PTR_ERR(params->acl);
6284 params->acl = NULL;
6285 goto out;
6286 }
6287 }
6288
6289 params->twt_responder =
6290 nla_get_flag(info->attrs[NL80211_ATTR_TWT_RESPONDER]);
6291
6292 if (info->attrs[NL80211_ATTR_HE_OBSS_PD]) {
6293 err = nl80211_parse_he_obss_pd(
6294 info->attrs[NL80211_ATTR_HE_OBSS_PD],
6295 &params->he_obss_pd);
6296 if (err)
6297 goto out;
6298 }
6299
6300 if (info->attrs[NL80211_ATTR_FILS_DISCOVERY]) {
6301 err = nl80211_parse_fils_discovery(rdev,
6302 info->attrs[NL80211_ATTR_FILS_DISCOVERY],
6303 &params->fils_discovery);
6304 if (err)
6305 goto out;
6306 }
6307
6308 if (info->attrs[NL80211_ATTR_UNSOL_BCAST_PROBE_RESP]) {
6309 err = nl80211_parse_unsol_bcast_probe_resp(
6310 rdev, info->attrs[NL80211_ATTR_UNSOL_BCAST_PROBE_RESP],
6311 &params->unsol_bcast_probe_resp);
6312 if (err)
6313 goto out;
6314 }
6315
6316 if (info->attrs[NL80211_ATTR_MBSSID_CONFIG]) {
6317 err = nl80211_parse_mbssid_config(&rdev->wiphy, dev,
6318 info->attrs[NL80211_ATTR_MBSSID_CONFIG],
6319 &params->mbssid_config,
6320 params->beacon.mbssid_ies ?
6321 params->beacon.mbssid_ies->cnt :
6322 0);
6323 if (err)
6324 goto out;
6325 }
6326
6327 if (!params->mbssid_config.ema && params->beacon.rnr_ies) {
6328 err = -EINVAL;
6329 goto out;
6330 }
6331
6332 err = nl80211_calculate_ap_params(params);
6333 if (err)
6334 goto out;
6335
6336 err = nl80211_validate_ap_phy_operation(params);
6337 if (err)
6338 goto out;
6339
6340 if (info->attrs[NL80211_ATTR_AP_SETTINGS_FLAGS])
6341 params->flags = nla_get_u32(
6342 info->attrs[NL80211_ATTR_AP_SETTINGS_FLAGS]);
6343 else if (info->attrs[NL80211_ATTR_EXTERNAL_AUTH_SUPPORT])
6344 params->flags |= NL80211_AP_SETTINGS_EXTERNAL_AUTH_SUPPORT;
6345
6346 if (wdev->conn_owner_nlportid &&
6347 info->attrs[NL80211_ATTR_SOCKET_OWNER] &&
6348 wdev->conn_owner_nlportid != info->snd_portid) {
6349 err = -EINVAL;
6350 goto out;
6351 }
6352
6353 /* FIXME: validate MLO/link-id against driver capabilities */
6354
6355 err = rdev_start_ap(rdev, dev, params);
6356 if (!err) {
6357 wdev->links[link_id].ap.beacon_interval = params->beacon_interval;
6358 wdev->links[link_id].ap.chandef = params->chandef;
6359 wdev->u.ap.ssid_len = params->ssid_len;
6360 memcpy(wdev->u.ap.ssid, params->ssid,
6361 params->ssid_len);
6362
6363 if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
6364 wdev->conn_owner_nlportid = info->snd_portid;
6365
6366 nl80211_send_ap_started(wdev, link_id);
6367 }
6368 out:
6369 kfree(params->acl);
6370 kfree(params->beacon.mbssid_ies);
6371 if (params->mbssid_config.tx_wdev &&
6372 params->mbssid_config.tx_wdev->netdev &&
6373 params->mbssid_config.tx_wdev->netdev != dev)
6374 dev_put(params->mbssid_config.tx_wdev->netdev);
6375 kfree(params->beacon.rnr_ies);
6376 kfree(params);
6377
6378 return err;
6379 }
6380
6381 static int nl80211_set_beacon(struct sk_buff *skb, struct genl_info *info)
6382 {
6383 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6384 struct cfg80211_beaconing_check_config beacon_check = {};
6385 unsigned int link_id = nl80211_link_id(info->attrs);
6386 struct net_device *dev = info->user_ptr[1];
6387 struct wireless_dev *wdev = dev->ieee80211_ptr;
6388 struct cfg80211_ap_update *params;
6389 struct nlattr *attr;
6390 int err;
6391
6392 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
6393 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
6394 return -EOPNOTSUPP;
6395
6396 if (!rdev->ops->change_beacon)
6397 return -EOPNOTSUPP;
6398
6399 if (!wdev->links[link_id].ap.beacon_interval)
6400 return -EINVAL;
6401
6402 params = kzalloc(sizeof(*params), GFP_KERNEL);
6403 if (!params)
6404 return -ENOMEM;
6405
6406 err = nl80211_parse_beacon(rdev, info->attrs, &params->beacon,
6407 info->extack);
6408 if (err)
6409 goto out;
6410
6411 /* recheck beaconing is permitted with possibly changed power type */
6412 beacon_check.iftype = wdev->iftype;
6413 beacon_check.relax = true;
6414 beacon_check.reg_power =
6415 cfg80211_get_6ghz_power_type(params->beacon.tail,
6416 params->beacon.tail_len);
6417 if (!cfg80211_reg_check_beaconing(&rdev->wiphy,
6418 &wdev->links[link_id].ap.chandef,
6419 &beacon_check)) {
6420 err = -EINVAL;
6421 goto out;
6422 }
6423
6424 attr = info->attrs[NL80211_ATTR_FILS_DISCOVERY];
6425 if (attr) {
6426 err = nl80211_parse_fils_discovery(rdev, attr,
6427 &params->fils_discovery);
6428 if (err)
6429 goto out;
6430 }
6431
6432 attr = info->attrs[NL80211_ATTR_UNSOL_BCAST_PROBE_RESP];
6433 if (attr) {
6434 err = nl80211_parse_unsol_bcast_probe_resp(rdev, attr,
6435 &params->unsol_bcast_probe_resp);
6436 if (err)
6437 goto out;
6438 }
6439
6440 err = rdev_change_beacon(rdev, dev, params);
6441
6442 out:
6443 kfree(params->beacon.mbssid_ies);
6444 kfree(params->beacon.rnr_ies);
6445 kfree(params);
6446 return err;
6447 }
6448
6449 static int nl80211_stop_ap(struct sk_buff *skb, struct genl_info *info)
6450 {
6451 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6452 unsigned int link_id = nl80211_link_id(info->attrs);
6453 struct net_device *dev = info->user_ptr[1];
6454
6455 return cfg80211_stop_ap(rdev, dev, link_id, false);
6456 }
6457
6458 static const struct nla_policy sta_flags_policy[NL80211_STA_FLAG_MAX + 1] = {
6459 [NL80211_STA_FLAG_AUTHORIZED] = { .type = NLA_FLAG },
6460 [NL80211_STA_FLAG_SHORT_PREAMBLE] = { .type = NLA_FLAG },
6461 [NL80211_STA_FLAG_WME] = { .type = NLA_FLAG },
6462 [NL80211_STA_FLAG_MFP] = { .type = NLA_FLAG },
6463 [NL80211_STA_FLAG_AUTHENTICATED] = { .type = NLA_FLAG },
6464 [NL80211_STA_FLAG_TDLS_PEER] = { .type = NLA_FLAG },
6465 };
6466
6467 static int parse_station_flags(struct genl_info *info,
6468 enum nl80211_iftype iftype,
6469 struct station_parameters *params)
6470 {
6471 struct nlattr *flags[NL80211_STA_FLAG_MAX + 1];
6472 struct nlattr *nla;
6473 int flag;
6474
6475 /*
6476 * Try parsing the new attribute first so userspace
6477 * can specify both for older kernels.
6478 */
6479 nla = info->attrs[NL80211_ATTR_STA_FLAGS2];
6480 if (nla) {
6481 struct nl80211_sta_flag_update *sta_flags;
6482
6483 sta_flags = nla_data(nla);
6484 params->sta_flags_mask = sta_flags->mask;
6485 params->sta_flags_set = sta_flags->set;
6486 params->sta_flags_set &= params->sta_flags_mask;
6487 if ((params->sta_flags_mask |
6488 params->sta_flags_set) & BIT(__NL80211_STA_FLAG_INVALID))
6489 return -EINVAL;
6490 return 0;
6491 }
6492
6493 /* if present, parse the old attribute */
6494
6495 nla = info->attrs[NL80211_ATTR_STA_FLAGS];
6496 if (!nla)
6497 return 0;
6498
6499 if (nla_parse_nested_deprecated(flags, NL80211_STA_FLAG_MAX, nla, sta_flags_policy, info->extack))
6500 return -EINVAL;
6501
6502 /*
6503 * Only allow certain flags for interface types so that
6504 * other attributes are silently ignored. Remember that
6505 * this is backward compatibility code with old userspace
6506 * and shouldn't be hit in other cases anyway.
6507 */
6508 switch (iftype) {
6509 case NL80211_IFTYPE_AP:
6510 case NL80211_IFTYPE_AP_VLAN:
6511 case NL80211_IFTYPE_P2P_GO:
6512 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
6513 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
6514 BIT(NL80211_STA_FLAG_WME) |
6515 BIT(NL80211_STA_FLAG_MFP);
6516 break;
6517 case NL80211_IFTYPE_P2P_CLIENT:
6518 case NL80211_IFTYPE_STATION:
6519 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
6520 BIT(NL80211_STA_FLAG_TDLS_PEER);
6521 break;
6522 case NL80211_IFTYPE_MESH_POINT:
6523 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHENTICATED) |
6524 BIT(NL80211_STA_FLAG_MFP) |
6525 BIT(NL80211_STA_FLAG_AUTHORIZED);
6526 break;
6527 default:
6528 return -EINVAL;
6529 }
6530
6531 for (flag = 1; flag <= NL80211_STA_FLAG_MAX; flag++) {
6532 if (flags[flag]) {
6533 params->sta_flags_set |= (1<<flag);
6534
6535 /* no longer support new API additions in old API */
6536 if (flag > NL80211_STA_FLAG_MAX_OLD_API)
6537 return -EINVAL;
6538 }
6539 }
6540
6541 return 0;
6542 }
6543
6544 bool nl80211_put_sta_rate(struct sk_buff *msg, struct rate_info *info, int attr)
6545 {
6546 struct nlattr *rate;
6547 u32 bitrate;
6548 u16 bitrate_compat;
6549 enum nl80211_rate_info rate_flg;
6550
6551 rate = nla_nest_start_noflag(msg, attr);
6552 if (!rate)
6553 return false;
6554
6555 /* cfg80211_calculate_bitrate will return 0 for mcs >= 32 */
6556 bitrate = cfg80211_calculate_bitrate(info);
6557 /* report 16-bit bitrate only if we can */
6558 bitrate_compat = bitrate < (1UL << 16) ? bitrate : 0;
6559 if (bitrate > 0 &&
6560 nla_put_u32(msg, NL80211_RATE_INFO_BITRATE32, bitrate))
6561 return false;
6562 if (bitrate_compat > 0 &&
6563 nla_put_u16(msg, NL80211_RATE_INFO_BITRATE, bitrate_compat))
6564 return false;
6565
6566 switch (info->bw) {
6567 case RATE_INFO_BW_1:
6568 rate_flg = NL80211_RATE_INFO_1_MHZ_WIDTH;
6569 break;
6570 case RATE_INFO_BW_2:
6571 rate_flg = NL80211_RATE_INFO_2_MHZ_WIDTH;
6572 break;
6573 case RATE_INFO_BW_4:
6574 rate_flg = NL80211_RATE_INFO_4_MHZ_WIDTH;
6575 break;
6576 case RATE_INFO_BW_5:
6577 rate_flg = NL80211_RATE_INFO_5_MHZ_WIDTH;
6578 break;
6579 case RATE_INFO_BW_8:
6580 rate_flg = NL80211_RATE_INFO_8_MHZ_WIDTH;
6581 break;
6582 case RATE_INFO_BW_10:
6583 rate_flg = NL80211_RATE_INFO_10_MHZ_WIDTH;
6584 break;
6585 case RATE_INFO_BW_16:
6586 rate_flg = NL80211_RATE_INFO_16_MHZ_WIDTH;
6587 break;
6588 default:
6589 WARN_ON(1);
6590 fallthrough;
6591 case RATE_INFO_BW_20:
6592 rate_flg = 0;
6593 break;
6594 case RATE_INFO_BW_40:
6595 rate_flg = NL80211_RATE_INFO_40_MHZ_WIDTH;
6596 break;
6597 case RATE_INFO_BW_80:
6598 rate_flg = NL80211_RATE_INFO_80_MHZ_WIDTH;
6599 break;
6600 case RATE_INFO_BW_160:
6601 rate_flg = NL80211_RATE_INFO_160_MHZ_WIDTH;
6602 break;
6603 case RATE_INFO_BW_HE_RU:
6604 rate_flg = 0;
6605 WARN_ON(!(info->flags & RATE_INFO_FLAGS_HE_MCS));
6606 break;
6607 case RATE_INFO_BW_320:
6608 rate_flg = NL80211_RATE_INFO_320_MHZ_WIDTH;
6609 break;
6610 case RATE_INFO_BW_EHT_RU:
6611 rate_flg = 0;
6612 WARN_ON(!(info->flags & RATE_INFO_FLAGS_EHT_MCS));
6613 break;
6614 }
6615
6616 if (rate_flg && nla_put_flag(msg, rate_flg))
6617 return false;
6618
6619 if (info->flags & RATE_INFO_FLAGS_MCS) {
6620 if (nla_put_u8(msg, NL80211_RATE_INFO_MCS, info->mcs))
6621 return false;
6622 if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
6623 nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
6624 return false;
6625 } else if (info->flags & RATE_INFO_FLAGS_VHT_MCS) {
6626 if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_MCS, info->mcs))
6627 return false;
6628 if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_NSS, info->nss))
6629 return false;
6630 if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
6631 nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
6632 return false;
6633 } else if (info->flags & RATE_INFO_FLAGS_HE_MCS) {
6634 if (nla_put_u8(msg, NL80211_RATE_INFO_HE_MCS, info->mcs))
6635 return false;
6636 if (nla_put_u8(msg, NL80211_RATE_INFO_HE_NSS, info->nss))
6637 return false;
6638 if (nla_put_u8(msg, NL80211_RATE_INFO_HE_GI, info->he_gi))
6639 return false;
6640 if (nla_put_u8(msg, NL80211_RATE_INFO_HE_DCM, info->he_dcm))
6641 return false;
6642 if (info->bw == RATE_INFO_BW_HE_RU &&
6643 nla_put_u8(msg, NL80211_RATE_INFO_HE_RU_ALLOC,
6644 info->he_ru_alloc))
6645 return false;
6646 } else if (info->flags & RATE_INFO_FLAGS_S1G_MCS) {
6647 if (nla_put_u8(msg, NL80211_RATE_INFO_S1G_MCS, info->mcs))
6648 return false;
6649 if (nla_put_u8(msg, NL80211_RATE_INFO_S1G_NSS, info->nss))
6650 return false;
6651 if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
6652 nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
6653 return false;
6654 } else if (info->flags & RATE_INFO_FLAGS_EHT_MCS) {
6655 if (nla_put_u8(msg, NL80211_RATE_INFO_EHT_MCS, info->mcs))
6656 return false;
6657 if (nla_put_u8(msg, NL80211_RATE_INFO_EHT_NSS, info->nss))
6658 return false;
6659 if (nla_put_u8(msg, NL80211_RATE_INFO_EHT_GI, info->eht_gi))
6660 return false;
6661 if (info->bw == RATE_INFO_BW_EHT_RU &&
6662 nla_put_u8(msg, NL80211_RATE_INFO_EHT_RU_ALLOC,
6663 info->eht_ru_alloc))
6664 return false;
6665 }
6666
6667 nla_nest_end(msg, rate);
6668 return true;
6669 }
6670
6671 static bool nl80211_put_signal(struct sk_buff *msg, u8 mask, s8 *signal,
6672 int id)
6673 {
6674 void *attr;
6675 int i = 0;
6676
6677 if (!mask)
6678 return true;
6679
6680 attr = nla_nest_start_noflag(msg, id);
6681 if (!attr)
6682 return false;
6683
6684 for (i = 0; i < IEEE80211_MAX_CHAINS; i++) {
6685 if (!(mask & BIT(i)))
6686 continue;
6687
6688 if (nla_put_u8(msg, i, signal[i]))
6689 return false;
6690 }
6691
6692 nla_nest_end(msg, attr);
6693
6694 return true;
6695 }
6696
6697 static int nl80211_send_station(struct sk_buff *msg, u32 cmd, u32 portid,
6698 u32 seq, int flags,
6699 struct cfg80211_registered_device *rdev,
6700 struct net_device *dev,
6701 const u8 *mac_addr, struct station_info *sinfo)
6702 {
6703 void *hdr;
6704 struct nlattr *sinfoattr, *bss_param;
6705
6706 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
6707 if (!hdr) {
6708 cfg80211_sinfo_release_content(sinfo);
6709 return -1;
6710 }
6711
6712 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
6713 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
6714 nla_put_u32(msg, NL80211_ATTR_GENERATION, sinfo->generation))
6715 goto nla_put_failure;
6716
6717 sinfoattr = nla_nest_start_noflag(msg, NL80211_ATTR_STA_INFO);
6718 if (!sinfoattr)
6719 goto nla_put_failure;
6720
6721 #define PUT_SINFO(attr, memb, type) do { \
6722 BUILD_BUG_ON(sizeof(type) == sizeof(u64)); \
6723 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_ ## attr) && \
6724 nla_put_ ## type(msg, NL80211_STA_INFO_ ## attr, \
6725 sinfo->memb)) \
6726 goto nla_put_failure; \
6727 } while (0)
6728 #define PUT_SINFO_U64(attr, memb) do { \
6729 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_ ## attr) && \
6730 nla_put_u64_64bit(msg, NL80211_STA_INFO_ ## attr, \
6731 sinfo->memb, NL80211_STA_INFO_PAD)) \
6732 goto nla_put_failure; \
6733 } while (0)
6734
6735 PUT_SINFO(CONNECTED_TIME, connected_time, u32);
6736 PUT_SINFO(INACTIVE_TIME, inactive_time, u32);
6737 PUT_SINFO_U64(ASSOC_AT_BOOTTIME, assoc_at);
6738
6739 if (sinfo->filled & (BIT_ULL(NL80211_STA_INFO_RX_BYTES) |
6740 BIT_ULL(NL80211_STA_INFO_RX_BYTES64)) &&
6741 nla_put_u32(msg, NL80211_STA_INFO_RX_BYTES,
6742 (u32)sinfo->rx_bytes))
6743 goto nla_put_failure;
6744
6745 if (sinfo->filled & (BIT_ULL(NL80211_STA_INFO_TX_BYTES) |
6746 BIT_ULL(NL80211_STA_INFO_TX_BYTES64)) &&
6747 nla_put_u32(msg, NL80211_STA_INFO_TX_BYTES,
6748 (u32)sinfo->tx_bytes))
6749 goto nla_put_failure;
6750
6751 PUT_SINFO_U64(RX_BYTES64, rx_bytes);
6752 PUT_SINFO_U64(TX_BYTES64, tx_bytes);
6753 PUT_SINFO(LLID, llid, u16);
6754 PUT_SINFO(PLID, plid, u16);
6755 PUT_SINFO(PLINK_STATE, plink_state, u8);
6756 PUT_SINFO_U64(RX_DURATION, rx_duration);
6757 PUT_SINFO_U64(TX_DURATION, tx_duration);
6758
6759 if (wiphy_ext_feature_isset(&rdev->wiphy,
6760 NL80211_EXT_FEATURE_AIRTIME_FAIRNESS))
6761 PUT_SINFO(AIRTIME_WEIGHT, airtime_weight, u16);
6762
6763 switch (rdev->wiphy.signal_type) {
6764 case CFG80211_SIGNAL_TYPE_MBM:
6765 PUT_SINFO(SIGNAL, signal, u8);
6766 PUT_SINFO(SIGNAL_AVG, signal_avg, u8);
6767 break;
6768 default:
6769 break;
6770 }
6771 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_CHAIN_SIGNAL)) {
6772 if (!nl80211_put_signal(msg, sinfo->chains,
6773 sinfo->chain_signal,
6774 NL80211_STA_INFO_CHAIN_SIGNAL))
6775 goto nla_put_failure;
6776 }
6777 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_CHAIN_SIGNAL_AVG)) {
6778 if (!nl80211_put_signal(msg, sinfo->chains,
6779 sinfo->chain_signal_avg,
6780 NL80211_STA_INFO_CHAIN_SIGNAL_AVG))
6781 goto nla_put_failure;
6782 }
6783 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_TX_BITRATE)) {
6784 if (!nl80211_put_sta_rate(msg, &sinfo->txrate,
6785 NL80211_STA_INFO_TX_BITRATE))
6786 goto nla_put_failure;
6787 }
6788 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_RX_BITRATE)) {
6789 if (!nl80211_put_sta_rate(msg, &sinfo->rxrate,
6790 NL80211_STA_INFO_RX_BITRATE))
6791 goto nla_put_failure;
6792 }
6793
6794 PUT_SINFO(RX_PACKETS, rx_packets, u32);
6795 PUT_SINFO(TX_PACKETS, tx_packets, u32);
6796 PUT_SINFO(TX_RETRIES, tx_retries, u32);
6797 PUT_SINFO(TX_FAILED, tx_failed, u32);
6798 PUT_SINFO(EXPECTED_THROUGHPUT, expected_throughput, u32);
6799 PUT_SINFO(AIRTIME_LINK_METRIC, airtime_link_metric, u32);
6800 PUT_SINFO(BEACON_LOSS, beacon_loss_count, u32);
6801 PUT_SINFO(LOCAL_PM, local_pm, u32);
6802 PUT_SINFO(PEER_PM, peer_pm, u32);
6803 PUT_SINFO(NONPEER_PM, nonpeer_pm, u32);
6804 PUT_SINFO(CONNECTED_TO_GATE, connected_to_gate, u8);
6805 PUT_SINFO(CONNECTED_TO_AS, connected_to_as, u8);
6806
6807 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_BSS_PARAM)) {
6808 bss_param = nla_nest_start_noflag(msg,
6809 NL80211_STA_INFO_BSS_PARAM);
6810 if (!bss_param)
6811 goto nla_put_failure;
6812
6813 if (((sinfo->bss_param.flags & BSS_PARAM_FLAGS_CTS_PROT) &&
6814 nla_put_flag(msg, NL80211_STA_BSS_PARAM_CTS_PROT)) ||
6815 ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_PREAMBLE) &&
6816 nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_PREAMBLE)) ||
6817 ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_SLOT_TIME) &&
6818 nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_SLOT_TIME)) ||
6819 nla_put_u8(msg, NL80211_STA_BSS_PARAM_DTIM_PERIOD,
6820 sinfo->bss_param.dtim_period) ||
6821 nla_put_u16(msg, NL80211_STA_BSS_PARAM_BEACON_INTERVAL,
6822 sinfo->bss_param.beacon_interval))
6823 goto nla_put_failure;
6824
6825 nla_nest_end(msg, bss_param);
6826 }
6827 if ((sinfo->filled & BIT_ULL(NL80211_STA_INFO_STA_FLAGS)) &&
6828 nla_put(msg, NL80211_STA_INFO_STA_FLAGS,
6829 sizeof(struct nl80211_sta_flag_update),
6830 &sinfo->sta_flags))
6831 goto nla_put_failure;
6832
6833 PUT_SINFO_U64(T_OFFSET, t_offset);
6834 PUT_SINFO_U64(RX_DROP_MISC, rx_dropped_misc);
6835 PUT_SINFO_U64(BEACON_RX, rx_beacon);
6836 PUT_SINFO(BEACON_SIGNAL_AVG, rx_beacon_signal_avg, u8);
6837 PUT_SINFO(RX_MPDUS, rx_mpdu_count, u32);
6838 PUT_SINFO(FCS_ERROR_COUNT, fcs_err_count, u32);
6839 if (wiphy_ext_feature_isset(&rdev->wiphy,
6840 NL80211_EXT_FEATURE_ACK_SIGNAL_SUPPORT)) {
6841 PUT_SINFO(ACK_SIGNAL, ack_signal, u8);
6842 PUT_SINFO(ACK_SIGNAL_AVG, avg_ack_signal, s8);
6843 }
6844
6845 #undef PUT_SINFO
6846 #undef PUT_SINFO_U64
6847
6848 if (sinfo->pertid) {
6849 struct nlattr *tidsattr;
6850 int tid;
6851
6852 tidsattr = nla_nest_start_noflag(msg,
6853 NL80211_STA_INFO_TID_STATS);
6854 if (!tidsattr)
6855 goto nla_put_failure;
6856
6857 for (tid = 0; tid < IEEE80211_NUM_TIDS + 1; tid++) {
6858 struct cfg80211_tid_stats *tidstats;
6859 struct nlattr *tidattr;
6860
6861 tidstats = &sinfo->pertid[tid];
6862
6863 if (!tidstats->filled)
6864 continue;
6865
6866 tidattr = nla_nest_start_noflag(msg, tid + 1);
6867 if (!tidattr)
6868 goto nla_put_failure;
6869
6870 #define PUT_TIDVAL_U64(attr, memb) do { \
6871 if (tidstats->filled & BIT(NL80211_TID_STATS_ ## attr) && \
6872 nla_put_u64_64bit(msg, NL80211_TID_STATS_ ## attr, \
6873 tidstats->memb, NL80211_TID_STATS_PAD)) \
6874 goto nla_put_failure; \
6875 } while (0)
6876
6877 PUT_TIDVAL_U64(RX_MSDU, rx_msdu);
6878 PUT_TIDVAL_U64(TX_MSDU, tx_msdu);
6879 PUT_TIDVAL_U64(TX_MSDU_RETRIES, tx_msdu_retries);
6880 PUT_TIDVAL_U64(TX_MSDU_FAILED, tx_msdu_failed);
6881
6882 #undef PUT_TIDVAL_U64
6883 if ((tidstats->filled &
6884 BIT(NL80211_TID_STATS_TXQ_STATS)) &&
6885 !nl80211_put_txq_stats(msg, &tidstats->txq_stats,
6886 NL80211_TID_STATS_TXQ_STATS))
6887 goto nla_put_failure;
6888
6889 nla_nest_end(msg, tidattr);
6890 }
6891
6892 nla_nest_end(msg, tidsattr);
6893 }
6894
6895 nla_nest_end(msg, sinfoattr);
6896
6897 if (sinfo->assoc_req_ies_len &&
6898 nla_put(msg, NL80211_ATTR_IE, sinfo->assoc_req_ies_len,
6899 sinfo->assoc_req_ies))
6900 goto nla_put_failure;
6901
6902 if (sinfo->assoc_resp_ies_len &&
6903 nla_put(msg, NL80211_ATTR_RESP_IE, sinfo->assoc_resp_ies_len,
6904 sinfo->assoc_resp_ies))
6905 goto nla_put_failure;
6906
6907 if (sinfo->mlo_params_valid) {
6908 if (nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID,
6909 sinfo->assoc_link_id))
6910 goto nla_put_failure;
6911
6912 if (!is_zero_ether_addr(sinfo->mld_addr) &&
6913 nla_put(msg, NL80211_ATTR_MLD_ADDR, ETH_ALEN,
6914 sinfo->mld_addr))
6915 goto nla_put_failure;
6916 }
6917
6918 cfg80211_sinfo_release_content(sinfo);
6919 genlmsg_end(msg, hdr);
6920 return 0;
6921
6922 nla_put_failure:
6923 cfg80211_sinfo_release_content(sinfo);
6924 genlmsg_cancel(msg, hdr);
6925 return -EMSGSIZE;
6926 }
6927
6928 static int nl80211_dump_station(struct sk_buff *skb,
6929 struct netlink_callback *cb)
6930 {
6931 struct station_info sinfo;
6932 struct cfg80211_registered_device *rdev;
6933 struct wireless_dev *wdev;
6934 u8 mac_addr[ETH_ALEN];
6935 int sta_idx = cb->args[2];
6936 int err;
6937
6938 err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev, NULL);
6939 if (err)
6940 return err;
6941 /* nl80211_prepare_wdev_dump acquired it in the successful case */
6942 __acquire(&rdev->wiphy.mtx);
6943
6944 if (!wdev->netdev) {
6945 err = -EINVAL;
6946 goto out_err;
6947 }
6948
6949 if (!rdev->ops->dump_station) {
6950 err = -EOPNOTSUPP;
6951 goto out_err;
6952 }
6953
6954 while (1) {
6955 memset(&sinfo, 0, sizeof(sinfo));
6956 err = rdev_dump_station(rdev, wdev->netdev, sta_idx,
6957 mac_addr, &sinfo);
6958 if (err == -ENOENT)
6959 break;
6960 if (err)
6961 goto out_err;
6962
6963 if (nl80211_send_station(skb, NL80211_CMD_NEW_STATION,
6964 NETLINK_CB(cb->skb).portid,
6965 cb->nlh->nlmsg_seq, NLM_F_MULTI,
6966 rdev, wdev->netdev, mac_addr,
6967 &sinfo) < 0)
6968 goto out;
6969
6970 sta_idx++;
6971 }
6972
6973 out:
6974 cb->args[2] = sta_idx;
6975 err = skb->len;
6976 out_err:
6977 wiphy_unlock(&rdev->wiphy);
6978
6979 return err;
6980 }
6981
6982 static int nl80211_get_station(struct sk_buff *skb, struct genl_info *info)
6983 {
6984 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6985 struct net_device *dev = info->user_ptr[1];
6986 struct station_info sinfo;
6987 struct sk_buff *msg;
6988 u8 *mac_addr = NULL;
6989 int err;
6990
6991 memset(&sinfo, 0, sizeof(sinfo));
6992
6993 if (!info->attrs[NL80211_ATTR_MAC])
6994 return -EINVAL;
6995
6996 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
6997
6998 if (!rdev->ops->get_station)
6999 return -EOPNOTSUPP;
7000
7001 err = rdev_get_station(rdev, dev, mac_addr, &sinfo);
7002 if (err)
7003 return err;
7004
7005 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
7006 if (!msg) {
7007 cfg80211_sinfo_release_content(&sinfo);
7008 return -ENOMEM;
7009 }
7010
7011 if (nl80211_send_station(msg, NL80211_CMD_NEW_STATION,
7012 info->snd_portid, info->snd_seq, 0,
7013 rdev, dev, mac_addr, &sinfo) < 0) {
7014 nlmsg_free(msg);
7015 return -ENOBUFS;
7016 }
7017
7018 return genlmsg_reply(msg, info);
7019 }
7020
7021 int cfg80211_check_station_change(struct wiphy *wiphy,
7022 struct station_parameters *params,
7023 enum cfg80211_station_type statype)
7024 {
7025 if (params->listen_interval != -1 &&
7026 statype != CFG80211_STA_AP_CLIENT_UNASSOC)
7027 return -EINVAL;
7028
7029 if (params->support_p2p_ps != -1 &&
7030 statype != CFG80211_STA_AP_CLIENT_UNASSOC)
7031 return -EINVAL;
7032
7033 if (params->aid &&
7034 !(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) &&
7035 statype != CFG80211_STA_AP_CLIENT_UNASSOC)
7036 return -EINVAL;
7037
7038 /* When you run into this, adjust the code below for the new flag */
7039 BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 8);
7040
7041 switch (statype) {
7042 case CFG80211_STA_MESH_PEER_KERNEL:
7043 case CFG80211_STA_MESH_PEER_USER:
7044 /*
7045 * No ignoring the TDLS flag here -- the userspace mesh
7046 * code doesn't have the bug of including TDLS in the
7047 * mask everywhere.
7048 */
7049 if (params->sta_flags_mask &
7050 ~(BIT(NL80211_STA_FLAG_AUTHENTICATED) |
7051 BIT(NL80211_STA_FLAG_MFP) |
7052 BIT(NL80211_STA_FLAG_AUTHORIZED)))
7053 return -EINVAL;
7054 break;
7055 case CFG80211_STA_TDLS_PEER_SETUP:
7056 case CFG80211_STA_TDLS_PEER_ACTIVE:
7057 if (!(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
7058 return -EINVAL;
7059 /* ignore since it can't change */
7060 params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
7061 break;
7062 default:
7063 /* disallow mesh-specific things */
7064 if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION)
7065 return -EINVAL;
7066 if (params->local_pm)
7067 return -EINVAL;
7068 if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE)
7069 return -EINVAL;
7070 }
7071
7072 if (statype != CFG80211_STA_TDLS_PEER_SETUP &&
7073 statype != CFG80211_STA_TDLS_PEER_ACTIVE) {
7074 /* TDLS can't be set, ... */
7075 if (params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))
7076 return -EINVAL;
7077 /*
7078 * ... but don't bother the driver with it. This works around
7079 * a hostapd/wpa_supplicant issue -- it always includes the
7080 * TLDS_PEER flag in the mask even for AP mode.
7081 */
7082 params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
7083 }
7084
7085 if (statype != CFG80211_STA_TDLS_PEER_SETUP &&
7086 statype != CFG80211_STA_AP_CLIENT_UNASSOC) {
7087 /* reject other things that can't change */
7088 if (params->sta_modify_mask & STATION_PARAM_APPLY_UAPSD)
7089 return -EINVAL;
7090 if (params->sta_modify_mask & STATION_PARAM_APPLY_CAPABILITY)
7091 return -EINVAL;
7092 if (params->link_sta_params.supported_rates)
7093 return -EINVAL;
7094 if (params->ext_capab || params->link_sta_params.ht_capa ||
7095 params->link_sta_params.vht_capa ||
7096 params->link_sta_params.he_capa ||
7097 params->link_sta_params.eht_capa)
7098 return -EINVAL;
7099 if (params->sta_flags_mask & BIT(NL80211_STA_FLAG_SPP_AMSDU))
7100 return -EINVAL;
7101 }
7102
7103 if (statype != CFG80211_STA_AP_CLIENT &&
7104 statype != CFG80211_STA_AP_CLIENT_UNASSOC) {
7105 if (params->vlan)
7106 return -EINVAL;
7107 }
7108
7109 switch (statype) {
7110 case CFG80211_STA_AP_MLME_CLIENT:
7111 /* Use this only for authorizing/unauthorizing a station */
7112 if (!(params->sta_flags_mask & BIT(NL80211_STA_FLAG_AUTHORIZED)))
7113 return -EOPNOTSUPP;
7114 break;
7115 case CFG80211_STA_AP_CLIENT:
7116 case CFG80211_STA_AP_CLIENT_UNASSOC:
7117 /* accept only the listed bits */
7118 if (params->sta_flags_mask &
7119 ~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
7120 BIT(NL80211_STA_FLAG_AUTHENTICATED) |
7121 BIT(NL80211_STA_FLAG_ASSOCIATED) |
7122 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
7123 BIT(NL80211_STA_FLAG_WME) |
7124 BIT(NL80211_STA_FLAG_MFP) |
7125 BIT(NL80211_STA_FLAG_SPP_AMSDU)))
7126 return -EINVAL;
7127
7128 /* but authenticated/associated only if driver handles it */
7129 if (!(wiphy->features & NL80211_FEATURE_FULL_AP_CLIENT_STATE) &&
7130 params->sta_flags_mask &
7131 (BIT(NL80211_STA_FLAG_AUTHENTICATED) |
7132 BIT(NL80211_STA_FLAG_ASSOCIATED)))
7133 return -EINVAL;
7134 break;
7135 case CFG80211_STA_IBSS:
7136 case CFG80211_STA_AP_STA:
7137 /* reject any changes other than AUTHORIZED */
7138 if (params->sta_flags_mask & ~BIT(NL80211_STA_FLAG_AUTHORIZED))
7139 return -EINVAL;
7140 break;
7141 case CFG80211_STA_TDLS_PEER_SETUP:
7142 /* reject any changes other than AUTHORIZED or WME */
7143 if (params->sta_flags_mask & ~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
7144 BIT(NL80211_STA_FLAG_WME)))
7145 return -EINVAL;
7146 /* force (at least) rates when authorizing */
7147 if (params->sta_flags_set & BIT(NL80211_STA_FLAG_AUTHORIZED) &&
7148 !params->link_sta_params.supported_rates)
7149 return -EINVAL;
7150 break;
7151 case CFG80211_STA_TDLS_PEER_ACTIVE:
7152 /* reject any changes */
7153 return -EINVAL;
7154 case CFG80211_STA_MESH_PEER_KERNEL:
7155 if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE)
7156 return -EINVAL;
7157 break;
7158 case CFG80211_STA_MESH_PEER_USER:
7159 if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION &&
7160 params->plink_action != NL80211_PLINK_ACTION_BLOCK)
7161 return -EINVAL;
7162 break;
7163 }
7164
7165 /*
7166 * Older kernel versions ignored this attribute entirely, so don't
7167 * reject attempts to update it but mark it as unused instead so the
7168 * driver won't look at the data.
7169 */
7170 if (statype != CFG80211_STA_AP_CLIENT_UNASSOC &&
7171 statype != CFG80211_STA_TDLS_PEER_SETUP)
7172 params->link_sta_params.opmode_notif_used = false;
7173
7174 return 0;
7175 }
7176 EXPORT_SYMBOL(cfg80211_check_station_change);
7177
7178 /*
7179 * Get vlan interface making sure it is running and on the right wiphy.
7180 */
7181 static struct net_device *get_vlan(struct genl_info *info,
7182 struct cfg80211_registered_device *rdev)
7183 {
7184 struct nlattr *vlanattr = info->attrs[NL80211_ATTR_STA_VLAN];
7185 struct net_device *v;
7186 int ret;
7187
7188 if (!vlanattr)
7189 return NULL;
7190
7191 v = dev_get_by_index(genl_info_net(info), nla_get_u32(vlanattr));
7192 if (!v)
7193 return ERR_PTR(-ENODEV);
7194
7195 if (!v->ieee80211_ptr || v->ieee80211_ptr->wiphy != &rdev->wiphy) {
7196 ret = -EINVAL;
7197 goto error;
7198 }
7199
7200 if (v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
7201 v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
7202 v->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) {
7203 ret = -EINVAL;
7204 goto error;
7205 }
7206
7207 if (!netif_running(v)) {
7208 ret = -ENETDOWN;
7209 goto error;
7210 }
7211
7212 return v;
7213 error:
7214 dev_put(v);
7215 return ERR_PTR(ret);
7216 }
7217
7218 static int nl80211_parse_sta_wme(struct genl_info *info,
7219 struct station_parameters *params)
7220 {
7221 struct nlattr *tb[NL80211_STA_WME_MAX + 1];
7222 struct nlattr *nla;
7223 int err;
7224
7225 /* parse WME attributes if present */
7226 if (!info->attrs[NL80211_ATTR_STA_WME])
7227 return 0;
7228
7229 nla = info->attrs[NL80211_ATTR_STA_WME];
7230 err = nla_parse_nested_deprecated(tb, NL80211_STA_WME_MAX, nla,
7231 nl80211_sta_wme_policy,
7232 info->extack);
7233 if (err)
7234 return err;
7235
7236 if (tb[NL80211_STA_WME_UAPSD_QUEUES])
7237 params->uapsd_queues = nla_get_u8(
7238 tb[NL80211_STA_WME_UAPSD_QUEUES]);
7239 if (params->uapsd_queues & ~IEEE80211_WMM_IE_STA_QOSINFO_AC_MASK)
7240 return -EINVAL;
7241
7242 if (tb[NL80211_STA_WME_MAX_SP])
7243 params->max_sp = nla_get_u8(tb[NL80211_STA_WME_MAX_SP]);
7244
7245 if (params->max_sp & ~IEEE80211_WMM_IE_STA_QOSINFO_SP_MASK)
7246 return -EINVAL;
7247
7248 params->sta_modify_mask |= STATION_PARAM_APPLY_UAPSD;
7249
7250 return 0;
7251 }
7252
7253 static int nl80211_parse_sta_channel_info(struct genl_info *info,
7254 struct station_parameters *params)
7255 {
7256 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]) {
7257 params->supported_channels =
7258 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]);
7259 params->supported_channels_len =
7260 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]);
7261 /*
7262 * Need to include at least one (first channel, number of
7263 * channels) tuple for each subband (checked in policy),
7264 * and must have proper tuples for the rest of the data as well.
7265 */
7266 if (params->supported_channels_len % 2)
7267 return -EINVAL;
7268 }
7269
7270 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]) {
7271 params->supported_oper_classes =
7272 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]);
7273 params->supported_oper_classes_len =
7274 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]);
7275 }
7276 return 0;
7277 }
7278
7279 static int nl80211_set_station_tdls(struct genl_info *info,
7280 struct station_parameters *params)
7281 {
7282 int err;
7283 /* Dummy STA entry gets updated once the peer capabilities are known */
7284 if (info->attrs[NL80211_ATTR_PEER_AID])
7285 params->aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
7286 if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
7287 params->link_sta_params.ht_capa =
7288 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
7289 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
7290 params->link_sta_params.vht_capa =
7291 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
7292 if (info->attrs[NL80211_ATTR_HE_CAPABILITY]) {
7293 params->link_sta_params.he_capa =
7294 nla_data(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
7295 params->link_sta_params.he_capa_len =
7296 nla_len(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
7297
7298 if (info->attrs[NL80211_ATTR_EHT_CAPABILITY]) {
7299 params->link_sta_params.eht_capa =
7300 nla_data(info->attrs[NL80211_ATTR_EHT_CAPABILITY]);
7301 params->link_sta_params.eht_capa_len =
7302 nla_len(info->attrs[NL80211_ATTR_EHT_CAPABILITY]);
7303
7304 if (!ieee80211_eht_capa_size_ok((const u8 *)params->link_sta_params.he_capa,
7305 (const u8 *)params->link_sta_params.eht_capa,
7306 params->link_sta_params.eht_capa_len,
7307 false))
7308 return -EINVAL;
7309 }
7310 }
7311
7312 err = nl80211_parse_sta_channel_info(info, params);
7313 if (err)
7314 return err;
7315
7316 return nl80211_parse_sta_wme(info, params);
7317 }
7318
7319 static int nl80211_parse_sta_txpower_setting(struct genl_info *info,
7320 struct sta_txpwr *txpwr,
7321 bool *txpwr_set)
7322 {
7323 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7324 int idx;
7325
7326 if (info->attrs[NL80211_ATTR_STA_TX_POWER_SETTING]) {
7327 if (!rdev->ops->set_tx_power ||
7328 !wiphy_ext_feature_isset(&rdev->wiphy,
7329 NL80211_EXT_FEATURE_STA_TX_PWR))
7330 return -EOPNOTSUPP;
7331
7332 idx = NL80211_ATTR_STA_TX_POWER_SETTING;
7333 txpwr->type = nla_get_u8(info->attrs[idx]);
7334
7335 if (txpwr->type == NL80211_TX_POWER_LIMITED) {
7336 idx = NL80211_ATTR_STA_TX_POWER;
7337
7338 if (info->attrs[idx])
7339 txpwr->power = nla_get_s16(info->attrs[idx]);
7340 else
7341 return -EINVAL;
7342 }
7343
7344 *txpwr_set = true;
7345 } else {
7346 *txpwr_set = false;
7347 }
7348
7349 return 0;
7350 }
7351
7352 static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info)
7353 {
7354 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7355 struct net_device *dev = info->user_ptr[1];
7356 struct station_parameters params;
7357 u8 *mac_addr;
7358 int err;
7359
7360 memset(&params, 0, sizeof(params));
7361
7362 if (!rdev->ops->change_station)
7363 return -EOPNOTSUPP;
7364
7365 /*
7366 * AID and listen_interval properties can be set only for unassociated
7367 * station. Include these parameters here and will check them in
7368 * cfg80211_check_station_change().
7369 */
7370 if (info->attrs[NL80211_ATTR_STA_AID])
7371 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
7372
7373 if (info->attrs[NL80211_ATTR_VLAN_ID])
7374 params.vlan_id = nla_get_u16(info->attrs[NL80211_ATTR_VLAN_ID]);
7375
7376 if (info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
7377 params.listen_interval =
7378 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
7379 else
7380 params.listen_interval = -1;
7381
7382 if (info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS])
7383 params.support_p2p_ps =
7384 nla_get_u8(info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]);
7385 else
7386 params.support_p2p_ps = -1;
7387
7388 if (!info->attrs[NL80211_ATTR_MAC])
7389 return -EINVAL;
7390
7391 params.link_sta_params.link_id =
7392 nl80211_link_id_or_invalid(info->attrs);
7393
7394 if (info->attrs[NL80211_ATTR_MLD_ADDR]) {
7395 /* If MLD_ADDR attribute is set then this is an MLD station
7396 * and the MLD_ADDR attribute holds the MLD address and the
7397 * MAC attribute holds for the LINK address.
7398 * In that case, the link_id is also expected to be valid.
7399 */
7400 if (params.link_sta_params.link_id < 0)
7401 return -EINVAL;
7402
7403 mac_addr = nla_data(info->attrs[NL80211_ATTR_MLD_ADDR]);
7404 params.link_sta_params.mld_mac = mac_addr;
7405 params.link_sta_params.link_mac =
7406 nla_data(info->attrs[NL80211_ATTR_MAC]);
7407 if (!is_valid_ether_addr(params.link_sta_params.link_mac))
7408 return -EINVAL;
7409 } else {
7410 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
7411 }
7412
7413
7414 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) {
7415 params.link_sta_params.supported_rates =
7416 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
7417 params.link_sta_params.supported_rates_len =
7418 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
7419 }
7420
7421 if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
7422 params.capability =
7423 nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]);
7424 params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY;
7425 }
7426
7427 if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) {
7428 params.ext_capab =
7429 nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
7430 params.ext_capab_len =
7431 nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
7432 }
7433
7434 if (parse_station_flags(info, dev->ieee80211_ptr->iftype, &params))
7435 return -EINVAL;
7436
7437 if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION])
7438 params.plink_action =
7439 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
7440
7441 if (info->attrs[NL80211_ATTR_STA_PLINK_STATE]) {
7442 params.plink_state =
7443 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_STATE]);
7444 if (info->attrs[NL80211_ATTR_MESH_PEER_AID])
7445 params.peer_aid = nla_get_u16(
7446 info->attrs[NL80211_ATTR_MESH_PEER_AID]);
7447 params.sta_modify_mask |= STATION_PARAM_APPLY_PLINK_STATE;
7448 }
7449
7450 if (info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE])
7451 params.local_pm = nla_get_u32(
7452 info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE]);
7453
7454 if (info->attrs[NL80211_ATTR_OPMODE_NOTIF]) {
7455 params.link_sta_params.opmode_notif_used = true;
7456 params.link_sta_params.opmode_notif =
7457 nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]);
7458 }
7459
7460 if (info->attrs[NL80211_ATTR_HE_6GHZ_CAPABILITY])
7461 params.link_sta_params.he_6ghz_capa =
7462 nla_data(info->attrs[NL80211_ATTR_HE_6GHZ_CAPABILITY]);
7463
7464 if (info->attrs[NL80211_ATTR_AIRTIME_WEIGHT])
7465 params.airtime_weight =
7466 nla_get_u16(info->attrs[NL80211_ATTR_AIRTIME_WEIGHT]);
7467
7468 if (params.airtime_weight &&
7469 !wiphy_ext_feature_isset(&rdev->wiphy,
7470 NL80211_EXT_FEATURE_AIRTIME_FAIRNESS))
7471 return -EOPNOTSUPP;
7472
7473 err = nl80211_parse_sta_txpower_setting(info,
7474 &params.link_sta_params.txpwr,
7475 &params.link_sta_params.txpwr_set);
7476 if (err)
7477 return err;
7478
7479 /* Include parameters for TDLS peer (will check later) */
7480 err = nl80211_set_station_tdls(info, &params);
7481 if (err)
7482 return err;
7483
7484 params.vlan = get_vlan(info, rdev);
7485 if (IS_ERR(params.vlan))
7486 return PTR_ERR(params.vlan);
7487
7488 switch (dev->ieee80211_ptr->iftype) {
7489 case NL80211_IFTYPE_AP:
7490 case NL80211_IFTYPE_AP_VLAN:
7491 case NL80211_IFTYPE_P2P_GO:
7492 case NL80211_IFTYPE_P2P_CLIENT:
7493 case NL80211_IFTYPE_STATION:
7494 case NL80211_IFTYPE_ADHOC:
7495 case NL80211_IFTYPE_MESH_POINT:
7496 break;
7497 default:
7498 err = -EOPNOTSUPP;
7499 goto out_put_vlan;
7500 }
7501
7502 /* driver will call cfg80211_check_station_change() */
7503 err = rdev_change_station(rdev, dev, mac_addr, &params);
7504
7505 out_put_vlan:
7506 dev_put(params.vlan);
7507
7508 return err;
7509 }
7510
7511 static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info)
7512 {
7513 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7514 int err;
7515 struct net_device *dev = info->user_ptr[1];
7516 struct wireless_dev *wdev = dev->ieee80211_ptr;
7517 struct station_parameters params;
7518 u8 *mac_addr = NULL;
7519 u32 auth_assoc = BIT(NL80211_STA_FLAG_AUTHENTICATED) |
7520 BIT(NL80211_STA_FLAG_ASSOCIATED);
7521
7522 memset(&params, 0, sizeof(params));
7523
7524 if (!rdev->ops->add_station)
7525 return -EOPNOTSUPP;
7526
7527 if (!info->attrs[NL80211_ATTR_MAC])
7528 return -EINVAL;
7529
7530 if (!info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
7531 return -EINVAL;
7532
7533 if (!info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES])
7534 return -EINVAL;
7535
7536 if (!info->attrs[NL80211_ATTR_STA_AID] &&
7537 !info->attrs[NL80211_ATTR_PEER_AID])
7538 return -EINVAL;
7539
7540 params.link_sta_params.link_id =
7541 nl80211_link_id_or_invalid(info->attrs);
7542
7543 if (info->attrs[NL80211_ATTR_MLD_ADDR]) {
7544 mac_addr = nla_data(info->attrs[NL80211_ATTR_MLD_ADDR]);
7545 params.link_sta_params.mld_mac = mac_addr;
7546 params.link_sta_params.link_mac =
7547 nla_data(info->attrs[NL80211_ATTR_MAC]);
7548 if (!is_valid_ether_addr(params.link_sta_params.link_mac))
7549 return -EINVAL;
7550 } else {
7551 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
7552 }
7553
7554 params.link_sta_params.supported_rates =
7555 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
7556 params.link_sta_params.supported_rates_len =
7557 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
7558 params.listen_interval =
7559 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
7560
7561 if (info->attrs[NL80211_ATTR_VLAN_ID])
7562 params.vlan_id = nla_get_u16(info->attrs[NL80211_ATTR_VLAN_ID]);
7563
7564 if (info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]) {
7565 params.support_p2p_ps =
7566 nla_get_u8(info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]);
7567 } else {
7568 /*
7569 * if not specified, assume it's supported for P2P GO interface,
7570 * and is NOT supported for AP interface
7571 */
7572 params.support_p2p_ps =
7573 dev->ieee80211_ptr->iftype == NL80211_IFTYPE_P2P_GO;
7574 }
7575
7576 if (info->attrs[NL80211_ATTR_PEER_AID])
7577 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
7578 else
7579 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
7580
7581 if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
7582 params.capability =
7583 nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]);
7584 params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY;
7585 }
7586
7587 if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) {
7588 params.ext_capab =
7589 nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
7590 params.ext_capab_len =
7591 nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
7592 }
7593
7594 if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
7595 params.link_sta_params.ht_capa =
7596 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
7597
7598 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
7599 params.link_sta_params.vht_capa =
7600 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
7601
7602 if (info->attrs[NL80211_ATTR_HE_CAPABILITY]) {
7603 params.link_sta_params.he_capa =
7604 nla_data(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
7605 params.link_sta_params.he_capa_len =
7606 nla_len(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
7607
7608 if (info->attrs[NL80211_ATTR_EHT_CAPABILITY]) {
7609 params.link_sta_params.eht_capa =
7610 nla_data(info->attrs[NL80211_ATTR_EHT_CAPABILITY]);
7611 params.link_sta_params.eht_capa_len =
7612 nla_len(info->attrs[NL80211_ATTR_EHT_CAPABILITY]);
7613
7614 if (!ieee80211_eht_capa_size_ok((const u8 *)params.link_sta_params.he_capa,
7615 (const u8 *)params.link_sta_params.eht_capa,
7616 params.link_sta_params.eht_capa_len,
7617 false))
7618 return -EINVAL;
7619 }
7620 }
7621
7622 if (info->attrs[NL80211_ATTR_HE_6GHZ_CAPABILITY])
7623 params.link_sta_params.he_6ghz_capa =
7624 nla_data(info->attrs[NL80211_ATTR_HE_6GHZ_CAPABILITY]);
7625
7626 if (info->attrs[NL80211_ATTR_OPMODE_NOTIF]) {
7627 params.link_sta_params.opmode_notif_used = true;
7628 params.link_sta_params.opmode_notif =
7629 nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]);
7630 }
7631
7632 if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION])
7633 params.plink_action =
7634 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
7635
7636 if (info->attrs[NL80211_ATTR_AIRTIME_WEIGHT])
7637 params.airtime_weight =
7638 nla_get_u16(info->attrs[NL80211_ATTR_AIRTIME_WEIGHT]);
7639
7640 if (params.airtime_weight &&
7641 !wiphy_ext_feature_isset(&rdev->wiphy,
7642 NL80211_EXT_FEATURE_AIRTIME_FAIRNESS))
7643 return -EOPNOTSUPP;
7644
7645 err = nl80211_parse_sta_txpower_setting(info,
7646 &params.link_sta_params.txpwr,
7647 &params.link_sta_params.txpwr_set);
7648 if (err)
7649 return err;
7650
7651 err = nl80211_parse_sta_channel_info(info, &params);
7652 if (err)
7653 return err;
7654
7655 err = nl80211_parse_sta_wme(info, &params);
7656 if (err)
7657 return err;
7658
7659 if (parse_station_flags(info, dev->ieee80211_ptr->iftype, &params))
7660 return -EINVAL;
7661
7662 /* HT/VHT requires QoS, but if we don't have that just ignore HT/VHT
7663 * as userspace might just pass through the capabilities from the IEs
7664 * directly, rather than enforcing this restriction and returning an
7665 * error in this case.
7666 */
7667 if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_WME))) {
7668 params.link_sta_params.ht_capa = NULL;
7669 params.link_sta_params.vht_capa = NULL;
7670
7671 /* HE and EHT require WME */
7672 if (params.link_sta_params.he_capa_len ||
7673 params.link_sta_params.he_6ghz_capa ||
7674 params.link_sta_params.eht_capa_len)
7675 return -EINVAL;
7676 }
7677
7678 /* Ensure that HT/VHT capabilities are not set for 6 GHz HE STA */
7679 if (params.link_sta_params.he_6ghz_capa &&
7680 (params.link_sta_params.ht_capa || params.link_sta_params.vht_capa))
7681 return -EINVAL;
7682
7683 /* When you run into this, adjust the code below for the new flag */
7684 BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 8);
7685
7686 switch (dev->ieee80211_ptr->iftype) {
7687 case NL80211_IFTYPE_AP:
7688 case NL80211_IFTYPE_AP_VLAN:
7689 case NL80211_IFTYPE_P2P_GO:
7690 /* ignore WME attributes if iface/sta is not capable */
7691 if (!(rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) ||
7692 !(params.sta_flags_set & BIT(NL80211_STA_FLAG_WME)))
7693 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
7694
7695 /* TDLS peers cannot be added */
7696 if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) ||
7697 info->attrs[NL80211_ATTR_PEER_AID])
7698 return -EINVAL;
7699 /* but don't bother the driver with it */
7700 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
7701
7702 /* allow authenticated/associated only if driver handles it */
7703 if (!(rdev->wiphy.features &
7704 NL80211_FEATURE_FULL_AP_CLIENT_STATE) &&
7705 params.sta_flags_mask & auth_assoc)
7706 return -EINVAL;
7707
7708 if (!wiphy_ext_feature_isset(&rdev->wiphy,
7709 NL80211_EXT_FEATURE_SPP_AMSDU_SUPPORT) &&
7710 params.sta_flags_mask & BIT(NL80211_STA_FLAG_SPP_AMSDU))
7711 return -EINVAL;
7712
7713 /* Older userspace, or userspace wanting to be compatible with
7714 * !NL80211_FEATURE_FULL_AP_CLIENT_STATE, will not set the auth
7715 * and assoc flags in the mask, but assumes the station will be
7716 * added as associated anyway since this was the required driver
7717 * behaviour before NL80211_FEATURE_FULL_AP_CLIENT_STATE was
7718 * introduced.
7719 * In order to not bother drivers with this quirk in the API
7720 * set the flags in both the mask and set for new stations in
7721 * this case.
7722 */
7723 if (!(params.sta_flags_mask & auth_assoc)) {
7724 params.sta_flags_mask |= auth_assoc;
7725 params.sta_flags_set |= auth_assoc;
7726 }
7727
7728 /* must be last in here for error handling */
7729 params.vlan = get_vlan(info, rdev);
7730 if (IS_ERR(params.vlan))
7731 return PTR_ERR(params.vlan);
7732 break;
7733 case NL80211_IFTYPE_MESH_POINT:
7734 /* ignore uAPSD data */
7735 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
7736
7737 /* associated is disallowed */
7738 if (params.sta_flags_mask & BIT(NL80211_STA_FLAG_ASSOCIATED))
7739 return -EINVAL;
7740 /* TDLS peers cannot be added */
7741 if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) ||
7742 info->attrs[NL80211_ATTR_PEER_AID])
7743 return -EINVAL;
7744 break;
7745 case NL80211_IFTYPE_STATION:
7746 case NL80211_IFTYPE_P2P_CLIENT:
7747 /* ignore uAPSD data */
7748 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
7749
7750 /* these are disallowed */
7751 if (params.sta_flags_mask &
7752 (BIT(NL80211_STA_FLAG_ASSOCIATED) |
7753 BIT(NL80211_STA_FLAG_AUTHENTICATED)))
7754 return -EINVAL;
7755 /* Only TDLS peers can be added */
7756 if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
7757 return -EINVAL;
7758 /* Can only add if TDLS ... */
7759 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS))
7760 return -EOPNOTSUPP;
7761 /* ... with external setup is supported */
7762 if (!(rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP))
7763 return -EOPNOTSUPP;
7764 /*
7765 * Older wpa_supplicant versions always mark the TDLS peer
7766 * as authorized, but it shouldn't yet be.
7767 */
7768 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_AUTHORIZED);
7769 break;
7770 default:
7771 return -EOPNOTSUPP;
7772 }
7773
7774 /* be aware of params.vlan when changing code here */
7775
7776 if (wdev->valid_links) {
7777 if (params.link_sta_params.link_id < 0) {
7778 err = -EINVAL;
7779 goto out;
7780 }
7781 if (!(wdev->valid_links & BIT(params.link_sta_params.link_id))) {
7782 err = -ENOLINK;
7783 goto out;
7784 }
7785 } else {
7786 if (params.link_sta_params.link_id >= 0) {
7787 err = -EINVAL;
7788 goto out;
7789 }
7790 }
7791 err = rdev_add_station(rdev, dev, mac_addr, &params);
7792 out:
7793 dev_put(params.vlan);
7794 return err;
7795 }
7796
7797 static int nl80211_del_station(struct sk_buff *skb, struct genl_info *info)
7798 {
7799 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7800 struct net_device *dev = info->user_ptr[1];
7801 struct wireless_dev *wdev = dev->ieee80211_ptr;
7802 struct station_del_parameters params;
7803 int link_id = nl80211_link_id_or_invalid(info->attrs);
7804
7805 memset(&params, 0, sizeof(params));
7806
7807 if (info->attrs[NL80211_ATTR_MAC])
7808 params.mac = nla_data(info->attrs[NL80211_ATTR_MAC]);
7809
7810 switch (wdev->iftype) {
7811 case NL80211_IFTYPE_AP:
7812 case NL80211_IFTYPE_AP_VLAN:
7813 case NL80211_IFTYPE_MESH_POINT:
7814 case NL80211_IFTYPE_P2P_GO:
7815 /* always accept these */
7816 break;
7817 case NL80211_IFTYPE_ADHOC:
7818 /* conditionally accept */
7819 if (wiphy_ext_feature_isset(&rdev->wiphy,
7820 NL80211_EXT_FEATURE_DEL_IBSS_STA))
7821 break;
7822 return -EINVAL;
7823 default:
7824 return -EINVAL;
7825 }
7826
7827 if (!rdev->ops->del_station)
7828 return -EOPNOTSUPP;
7829
7830 if (info->attrs[NL80211_ATTR_MGMT_SUBTYPE]) {
7831 params.subtype =
7832 nla_get_u8(info->attrs[NL80211_ATTR_MGMT_SUBTYPE]);
7833 if (params.subtype != IEEE80211_STYPE_DISASSOC >> 4 &&
7834 params.subtype != IEEE80211_STYPE_DEAUTH >> 4)
7835 return -EINVAL;
7836 } else {
7837 /* Default to Deauthentication frame */
7838 params.subtype = IEEE80211_STYPE_DEAUTH >> 4;
7839 }
7840
7841 if (info->attrs[NL80211_ATTR_REASON_CODE]) {
7842 params.reason_code =
7843 nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
7844 if (params.reason_code == 0)
7845 return -EINVAL; /* 0 is reserved */
7846 } else {
7847 /* Default to reason code 2 */
7848 params.reason_code = WLAN_REASON_PREV_AUTH_NOT_VALID;
7849 }
7850
7851 /* Link ID not expected in case of non-ML operation */
7852 if (!wdev->valid_links && link_id != -1)
7853 return -EINVAL;
7854
7855 /* If given, a valid link ID should be passed during MLO */
7856 if (wdev->valid_links && link_id >= 0 &&
7857 !(wdev->valid_links & BIT(link_id)))
7858 return -EINVAL;
7859
7860 params.link_id = link_id;
7861
7862 return rdev_del_station(rdev, dev, &params);
7863 }
7864
7865 static int nl80211_send_mpath(struct sk_buff *msg, u32 portid, u32 seq,
7866 int flags, struct net_device *dev,
7867 u8 *dst, u8 *next_hop,
7868 struct mpath_info *pinfo)
7869 {
7870 void *hdr;
7871 struct nlattr *pinfoattr;
7872
7873 hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_MPATH);
7874 if (!hdr)
7875 return -1;
7876
7877 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
7878 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, dst) ||
7879 nla_put(msg, NL80211_ATTR_MPATH_NEXT_HOP, ETH_ALEN, next_hop) ||
7880 nla_put_u32(msg, NL80211_ATTR_GENERATION, pinfo->generation))
7881 goto nla_put_failure;
7882
7883 pinfoattr = nla_nest_start_noflag(msg, NL80211_ATTR_MPATH_INFO);
7884 if (!pinfoattr)
7885 goto nla_put_failure;
7886 if ((pinfo->filled & MPATH_INFO_FRAME_QLEN) &&
7887 nla_put_u32(msg, NL80211_MPATH_INFO_FRAME_QLEN,
7888 pinfo->frame_qlen))
7889 goto nla_put_failure;
7890 if (((pinfo->filled & MPATH_INFO_SN) &&
7891 nla_put_u32(msg, NL80211_MPATH_INFO_SN, pinfo->sn)) ||
7892 ((pinfo->filled & MPATH_INFO_METRIC) &&
7893 nla_put_u32(msg, NL80211_MPATH_INFO_METRIC,
7894 pinfo->metric)) ||
7895 ((pinfo->filled & MPATH_INFO_EXPTIME) &&
7896 nla_put_u32(msg, NL80211_MPATH_INFO_EXPTIME,
7897 pinfo->exptime)) ||
7898 ((pinfo->filled & MPATH_INFO_FLAGS) &&
7899 nla_put_u8(msg, NL80211_MPATH_INFO_FLAGS,
7900 pinfo->flags)) ||
7901 ((pinfo->filled & MPATH_INFO_DISCOVERY_TIMEOUT) &&
7902 nla_put_u32(msg, NL80211_MPATH_INFO_DISCOVERY_TIMEOUT,
7903 pinfo->discovery_timeout)) ||
7904 ((pinfo->filled & MPATH_INFO_DISCOVERY_RETRIES) &&
7905 nla_put_u8(msg, NL80211_MPATH_INFO_DISCOVERY_RETRIES,
7906 pinfo->discovery_retries)) ||
7907 ((pinfo->filled & MPATH_INFO_HOP_COUNT) &&
7908 nla_put_u8(msg, NL80211_MPATH_INFO_HOP_COUNT,
7909 pinfo->hop_count)) ||
7910 ((pinfo->filled & MPATH_INFO_PATH_CHANGE) &&
7911 nla_put_u32(msg, NL80211_MPATH_INFO_PATH_CHANGE,
7912 pinfo->path_change_count)))
7913 goto nla_put_failure;
7914
7915 nla_nest_end(msg, pinfoattr);
7916
7917 genlmsg_end(msg, hdr);
7918 return 0;
7919
7920 nla_put_failure:
7921 genlmsg_cancel(msg, hdr);
7922 return -EMSGSIZE;
7923 }
7924
7925 static int nl80211_dump_mpath(struct sk_buff *skb,
7926 struct netlink_callback *cb)
7927 {
7928 struct mpath_info pinfo;
7929 struct cfg80211_registered_device *rdev;
7930 struct wireless_dev *wdev;
7931 u8 dst[ETH_ALEN];
7932 u8 next_hop[ETH_ALEN];
7933 int path_idx = cb->args[2];
7934 int err;
7935
7936 err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev, NULL);
7937 if (err)
7938 return err;
7939 /* nl80211_prepare_wdev_dump acquired it in the successful case */
7940 __acquire(&rdev->wiphy.mtx);
7941
7942 if (!rdev->ops->dump_mpath) {
7943 err = -EOPNOTSUPP;
7944 goto out_err;
7945 }
7946
7947 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) {
7948 err = -EOPNOTSUPP;
7949 goto out_err;
7950 }
7951
7952 while (1) {
7953 err = rdev_dump_mpath(rdev, wdev->netdev, path_idx, dst,
7954 next_hop, &pinfo);
7955 if (err == -ENOENT)
7956 break;
7957 if (err)
7958 goto out_err;
7959
7960 if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid,
7961 cb->nlh->nlmsg_seq, NLM_F_MULTI,
7962 wdev->netdev, dst, next_hop,
7963 &pinfo) < 0)
7964 goto out;
7965
7966 path_idx++;
7967 }
7968
7969 out:
7970 cb->args[2] = path_idx;
7971 err = skb->len;
7972 out_err:
7973 wiphy_unlock(&rdev->wiphy);
7974 return err;
7975 }
7976
7977 static int nl80211_get_mpath(struct sk_buff *skb, struct genl_info *info)
7978 {
7979 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7980 int err;
7981 struct net_device *dev = info->user_ptr[1];
7982 struct mpath_info pinfo;
7983 struct sk_buff *msg;
7984 u8 *dst = NULL;
7985 u8 next_hop[ETH_ALEN];
7986
7987 memset(&pinfo, 0, sizeof(pinfo));
7988
7989 if (!info->attrs[NL80211_ATTR_MAC])
7990 return -EINVAL;
7991
7992 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
7993
7994 if (!rdev->ops->get_mpath)
7995 return -EOPNOTSUPP;
7996
7997 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
7998 return -EOPNOTSUPP;
7999
8000 err = rdev_get_mpath(rdev, dev, dst, next_hop, &pinfo);
8001 if (err)
8002 return err;
8003
8004 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
8005 if (!msg)
8006 return -ENOMEM;
8007
8008 if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0,
8009 dev, dst, next_hop, &pinfo) < 0) {
8010 nlmsg_free(msg);
8011 return -ENOBUFS;
8012 }
8013
8014 return genlmsg_reply(msg, info);
8015 }
8016
8017 static int nl80211_set_mpath(struct sk_buff *skb, struct genl_info *info)
8018 {
8019 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8020 struct net_device *dev = info->user_ptr[1];
8021 u8 *dst = NULL;
8022 u8 *next_hop = NULL;
8023
8024 if (!info->attrs[NL80211_ATTR_MAC])
8025 return -EINVAL;
8026
8027 if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
8028 return -EINVAL;
8029
8030 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
8031 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
8032
8033 if (!rdev->ops->change_mpath)
8034 return -EOPNOTSUPP;
8035
8036 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
8037 return -EOPNOTSUPP;
8038
8039 return rdev_change_mpath(rdev, dev, dst, next_hop);
8040 }
8041
8042 static int nl80211_new_mpath(struct sk_buff *skb, struct genl_info *info)
8043 {
8044 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8045 struct net_device *dev = info->user_ptr[1];
8046 u8 *dst = NULL;
8047 u8 *next_hop = NULL;
8048
8049 if (!info->attrs[NL80211_ATTR_MAC])
8050 return -EINVAL;
8051
8052 if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
8053 return -EINVAL;
8054
8055 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
8056 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
8057
8058 if (!rdev->ops->add_mpath)
8059 return -EOPNOTSUPP;
8060
8061 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
8062 return -EOPNOTSUPP;
8063
8064 return rdev_add_mpath(rdev, dev, dst, next_hop);
8065 }
8066
8067 static int nl80211_del_mpath(struct sk_buff *skb, struct genl_info *info)
8068 {
8069 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8070 struct net_device *dev = info->user_ptr[1];
8071 u8 *dst = NULL;
8072
8073 if (info->attrs[NL80211_ATTR_MAC])
8074 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
8075
8076 if (!rdev->ops->del_mpath)
8077 return -EOPNOTSUPP;
8078
8079 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
8080 return -EOPNOTSUPP;
8081
8082 return rdev_del_mpath(rdev, dev, dst);
8083 }
8084
8085 static int nl80211_get_mpp(struct sk_buff *skb, struct genl_info *info)
8086 {
8087 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8088 int err;
8089 struct net_device *dev = info->user_ptr[1];
8090 struct mpath_info pinfo;
8091 struct sk_buff *msg;
8092 u8 *dst = NULL;
8093 u8 mpp[ETH_ALEN];
8094
8095 memset(&pinfo, 0, sizeof(pinfo));
8096
8097 if (!info->attrs[NL80211_ATTR_MAC])
8098 return -EINVAL;
8099
8100 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
8101
8102 if (!rdev->ops->get_mpp)
8103 return -EOPNOTSUPP;
8104
8105 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
8106 return -EOPNOTSUPP;
8107
8108 err = rdev_get_mpp(rdev, dev, dst, mpp, &pinfo);
8109 if (err)
8110 return err;
8111
8112 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
8113 if (!msg)
8114 return -ENOMEM;
8115
8116 if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0,
8117 dev, dst, mpp, &pinfo) < 0) {
8118 nlmsg_free(msg);
8119 return -ENOBUFS;
8120 }
8121
8122 return genlmsg_reply(msg, info);
8123 }
8124
8125 static int nl80211_dump_mpp(struct sk_buff *skb,
8126 struct netlink_callback *cb)
8127 {
8128 struct mpath_info pinfo;
8129 struct cfg80211_registered_device *rdev;
8130 struct wireless_dev *wdev;
8131 u8 dst[ETH_ALEN];
8132 u8 mpp[ETH_ALEN];
8133 int path_idx = cb->args[2];
8134 int err;
8135
8136 err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev, NULL);
8137 if (err)
8138 return err;
8139 /* nl80211_prepare_wdev_dump acquired it in the successful case */
8140 __acquire(&rdev->wiphy.mtx);
8141
8142 if (!rdev->ops->dump_mpp) {
8143 err = -EOPNOTSUPP;
8144 goto out_err;
8145 }
8146
8147 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) {
8148 err = -EOPNOTSUPP;
8149 goto out_err;
8150 }
8151
8152 while (1) {
8153 err = rdev_dump_mpp(rdev, wdev->netdev, path_idx, dst,
8154 mpp, &pinfo);
8155 if (err == -ENOENT)
8156 break;
8157 if (err)
8158 goto out_err;
8159
8160 if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid,
8161 cb->nlh->nlmsg_seq, NLM_F_MULTI,
8162 wdev->netdev, dst, mpp,
8163 &pinfo) < 0)
8164 goto out;
8165
8166 path_idx++;
8167 }
8168
8169 out:
8170 cb->args[2] = path_idx;
8171 err = skb->len;
8172 out_err:
8173 wiphy_unlock(&rdev->wiphy);
8174 return err;
8175 }
8176
8177 static int nl80211_set_bss(struct sk_buff *skb, struct genl_info *info)
8178 {
8179 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8180 struct net_device *dev = info->user_ptr[1];
8181 struct bss_parameters params;
8182
8183 memset(&params, 0, sizeof(params));
8184 params.link_id = nl80211_link_id_or_invalid(info->attrs);
8185 /* default to not changing parameters */
8186 params.use_cts_prot = -1;
8187 params.use_short_preamble = -1;
8188 params.use_short_slot_time = -1;
8189 params.ap_isolate = -1;
8190 params.ht_opmode = -1;
8191 params.p2p_ctwindow = -1;
8192 params.p2p_opp_ps = -1;
8193
8194 if (info->attrs[NL80211_ATTR_BSS_CTS_PROT])
8195 params.use_cts_prot =
8196 nla_get_u8(info->attrs[NL80211_ATTR_BSS_CTS_PROT]);
8197 if (info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE])
8198 params.use_short_preamble =
8199 nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]);
8200 if (info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME])
8201 params.use_short_slot_time =
8202 nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]);
8203 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
8204 params.basic_rates =
8205 nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
8206 params.basic_rates_len =
8207 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
8208 }
8209 if (info->attrs[NL80211_ATTR_AP_ISOLATE])
8210 params.ap_isolate = !!nla_get_u8(info->attrs[NL80211_ATTR_AP_ISOLATE]);
8211 if (info->attrs[NL80211_ATTR_BSS_HT_OPMODE])
8212 params.ht_opmode =
8213 nla_get_u16(info->attrs[NL80211_ATTR_BSS_HT_OPMODE]);
8214
8215 if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
8216 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
8217 return -EINVAL;
8218 params.p2p_ctwindow =
8219 nla_get_u8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
8220 if (params.p2p_ctwindow != 0 &&
8221 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN))
8222 return -EINVAL;
8223 }
8224
8225 if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
8226 u8 tmp;
8227
8228 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
8229 return -EINVAL;
8230 tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
8231 params.p2p_opp_ps = tmp;
8232 if (params.p2p_opp_ps &&
8233 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS))
8234 return -EINVAL;
8235 }
8236
8237 if (!rdev->ops->change_bss)
8238 return -EOPNOTSUPP;
8239
8240 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
8241 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
8242 return -EOPNOTSUPP;
8243
8244 return rdev_change_bss(rdev, dev, &params);
8245 }
8246
8247 static int nl80211_req_set_reg(struct sk_buff *skb, struct genl_info *info)
8248 {
8249 char *data = NULL;
8250 bool is_indoor;
8251 enum nl80211_user_reg_hint_type user_reg_hint_type;
8252 u32 owner_nlportid;
8253
8254 /*
8255 * You should only get this when cfg80211 hasn't yet initialized
8256 * completely when built-in to the kernel right between the time
8257 * window between nl80211_init() and regulatory_init(), if that is
8258 * even possible.
8259 */
8260 if (unlikely(!rcu_access_pointer(cfg80211_regdomain)))
8261 return -EINPROGRESS;
8262
8263 user_reg_hint_type =
8264 nla_get_u32_default(info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE],
8265 NL80211_USER_REG_HINT_USER);
8266
8267 switch (user_reg_hint_type) {
8268 case NL80211_USER_REG_HINT_USER:
8269 case NL80211_USER_REG_HINT_CELL_BASE:
8270 if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
8271 return -EINVAL;
8272
8273 data = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
8274 return regulatory_hint_user(data, user_reg_hint_type);
8275 case NL80211_USER_REG_HINT_INDOOR:
8276 if (info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
8277 owner_nlportid = info->snd_portid;
8278 is_indoor = !!info->attrs[NL80211_ATTR_REG_INDOOR];
8279 } else {
8280 owner_nlportid = 0;
8281 is_indoor = true;
8282 }
8283
8284 regulatory_hint_indoor(is_indoor, owner_nlportid);
8285 return 0;
8286 default:
8287 return -EINVAL;
8288 }
8289 }
8290
8291 static int nl80211_reload_regdb(struct sk_buff *skb, struct genl_info *info)
8292 {
8293 return reg_reload_regdb();
8294 }
8295
8296 static int nl80211_get_mesh_config(struct sk_buff *skb,
8297 struct genl_info *info)
8298 {
8299 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8300 struct net_device *dev = info->user_ptr[1];
8301 struct wireless_dev *wdev = dev->ieee80211_ptr;
8302 struct mesh_config cur_params;
8303 int err = 0;
8304 void *hdr;
8305 struct nlattr *pinfoattr;
8306 struct sk_buff *msg;
8307
8308 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
8309 return -EOPNOTSUPP;
8310
8311 if (!rdev->ops->get_mesh_config)
8312 return -EOPNOTSUPP;
8313
8314 /* If not connected, get default parameters */
8315 if (!wdev->u.mesh.id_len)
8316 memcpy(&cur_params, &default_mesh_config, sizeof(cur_params));
8317 else
8318 err = rdev_get_mesh_config(rdev, dev, &cur_params);
8319
8320 if (err)
8321 return err;
8322
8323 /* Draw up a netlink message to send back */
8324 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
8325 if (!msg)
8326 return -ENOMEM;
8327 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
8328 NL80211_CMD_GET_MESH_CONFIG);
8329 if (!hdr)
8330 goto out;
8331 pinfoattr = nla_nest_start_noflag(msg, NL80211_ATTR_MESH_CONFIG);
8332 if (!pinfoattr)
8333 goto nla_put_failure;
8334 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
8335 nla_put_u16(msg, NL80211_MESHCONF_RETRY_TIMEOUT,
8336 cur_params.dot11MeshRetryTimeout) ||
8337 nla_put_u16(msg, NL80211_MESHCONF_CONFIRM_TIMEOUT,
8338 cur_params.dot11MeshConfirmTimeout) ||
8339 nla_put_u16(msg, NL80211_MESHCONF_HOLDING_TIMEOUT,
8340 cur_params.dot11MeshHoldingTimeout) ||
8341 nla_put_u16(msg, NL80211_MESHCONF_MAX_PEER_LINKS,
8342 cur_params.dot11MeshMaxPeerLinks) ||
8343 nla_put_u8(msg, NL80211_MESHCONF_MAX_RETRIES,
8344 cur_params.dot11MeshMaxRetries) ||
8345 nla_put_u8(msg, NL80211_MESHCONF_TTL,
8346 cur_params.dot11MeshTTL) ||
8347 nla_put_u8(msg, NL80211_MESHCONF_ELEMENT_TTL,
8348 cur_params.element_ttl) ||
8349 nla_put_u8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
8350 cur_params.auto_open_plinks) ||
8351 nla_put_u32(msg, NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
8352 cur_params.dot11MeshNbrOffsetMaxNeighbor) ||
8353 nla_put_u8(msg, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
8354 cur_params.dot11MeshHWMPmaxPREQretries) ||
8355 nla_put_u32(msg, NL80211_MESHCONF_PATH_REFRESH_TIME,
8356 cur_params.path_refresh_time) ||
8357 nla_put_u16(msg, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
8358 cur_params.min_discovery_timeout) ||
8359 nla_put_u32(msg, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
8360 cur_params.dot11MeshHWMPactivePathTimeout) ||
8361 nla_put_u16(msg, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
8362 cur_params.dot11MeshHWMPpreqMinInterval) ||
8363 nla_put_u16(msg, NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
8364 cur_params.dot11MeshHWMPperrMinInterval) ||
8365 nla_put_u16(msg, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
8366 cur_params.dot11MeshHWMPnetDiameterTraversalTime) ||
8367 nla_put_u8(msg, NL80211_MESHCONF_HWMP_ROOTMODE,
8368 cur_params.dot11MeshHWMPRootMode) ||
8369 nla_put_u16(msg, NL80211_MESHCONF_HWMP_RANN_INTERVAL,
8370 cur_params.dot11MeshHWMPRannInterval) ||
8371 nla_put_u8(msg, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
8372 cur_params.dot11MeshGateAnnouncementProtocol) ||
8373 nla_put_u8(msg, NL80211_MESHCONF_FORWARDING,
8374 cur_params.dot11MeshForwarding) ||
8375 nla_put_s32(msg, NL80211_MESHCONF_RSSI_THRESHOLD,
8376 cur_params.rssi_threshold) ||
8377 nla_put_u32(msg, NL80211_MESHCONF_HT_OPMODE,
8378 cur_params.ht_opmode) ||
8379 nla_put_u32(msg, NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
8380 cur_params.dot11MeshHWMPactivePathToRootTimeout) ||
8381 nla_put_u16(msg, NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
8382 cur_params.dot11MeshHWMProotInterval) ||
8383 nla_put_u16(msg, NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
8384 cur_params.dot11MeshHWMPconfirmationInterval) ||
8385 nla_put_u32(msg, NL80211_MESHCONF_POWER_MODE,
8386 cur_params.power_mode) ||
8387 nla_put_u16(msg, NL80211_MESHCONF_AWAKE_WINDOW,
8388 cur_params.dot11MeshAwakeWindowDuration) ||
8389 nla_put_u32(msg, NL80211_MESHCONF_PLINK_TIMEOUT,
8390 cur_params.plink_timeout) ||
8391 nla_put_u8(msg, NL80211_MESHCONF_CONNECTED_TO_GATE,
8392 cur_params.dot11MeshConnectedToMeshGate) ||
8393 nla_put_u8(msg, NL80211_MESHCONF_NOLEARN,
8394 cur_params.dot11MeshNolearn) ||
8395 nla_put_u8(msg, NL80211_MESHCONF_CONNECTED_TO_AS,
8396 cur_params.dot11MeshConnectedToAuthServer))
8397 goto nla_put_failure;
8398 nla_nest_end(msg, pinfoattr);
8399 genlmsg_end(msg, hdr);
8400 return genlmsg_reply(msg, info);
8401
8402 nla_put_failure:
8403 out:
8404 nlmsg_free(msg);
8405 return -ENOBUFS;
8406 }
8407
8408 static const struct nla_policy
8409 nl80211_meshconf_params_policy[NL80211_MESHCONF_ATTR_MAX+1] = {
8410 [NL80211_MESHCONF_RETRY_TIMEOUT] =
8411 NLA_POLICY_RANGE(NLA_U16, 1, 255),
8412 [NL80211_MESHCONF_CONFIRM_TIMEOUT] =
8413 NLA_POLICY_RANGE(NLA_U16, 1, 255),
8414 [NL80211_MESHCONF_HOLDING_TIMEOUT] =
8415 NLA_POLICY_RANGE(NLA_U16, 1, 255),
8416 [NL80211_MESHCONF_MAX_PEER_LINKS] =
8417 NLA_POLICY_RANGE(NLA_U16, 0, 255),
8418 [NL80211_MESHCONF_MAX_RETRIES] = NLA_POLICY_MAX(NLA_U8, 16),
8419 [NL80211_MESHCONF_TTL] = NLA_POLICY_MIN(NLA_U8, 1),
8420 [NL80211_MESHCONF_ELEMENT_TTL] = NLA_POLICY_MIN(NLA_U8, 1),
8421 [NL80211_MESHCONF_AUTO_OPEN_PLINKS] = NLA_POLICY_MAX(NLA_U8, 1),
8422 [NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR] =
8423 NLA_POLICY_RANGE(NLA_U32, 1, 255),
8424 [NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES] = { .type = NLA_U8 },
8425 [NL80211_MESHCONF_PATH_REFRESH_TIME] = { .type = NLA_U32 },
8426 [NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT] = NLA_POLICY_MIN(NLA_U16, 1),
8427 [NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT] = { .type = NLA_U32 },
8428 [NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL] =
8429 NLA_POLICY_MIN(NLA_U16, 1),
8430 [NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL] =
8431 NLA_POLICY_MIN(NLA_U16, 1),
8432 [NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME] =
8433 NLA_POLICY_MIN(NLA_U16, 1),
8434 [NL80211_MESHCONF_HWMP_ROOTMODE] = NLA_POLICY_MAX(NLA_U8, 4),
8435 [NL80211_MESHCONF_HWMP_RANN_INTERVAL] =
8436 NLA_POLICY_MIN(NLA_U16, 1),
8437 [NL80211_MESHCONF_GATE_ANNOUNCEMENTS] = NLA_POLICY_MAX(NLA_U8, 1),
8438 [NL80211_MESHCONF_FORWARDING] = NLA_POLICY_MAX(NLA_U8, 1),
8439 [NL80211_MESHCONF_RSSI_THRESHOLD] =
8440 NLA_POLICY_RANGE(NLA_S32, -255, 0),
8441 [NL80211_MESHCONF_HT_OPMODE] = { .type = NLA_U16 },
8442 [NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT] = { .type = NLA_U32 },
8443 [NL80211_MESHCONF_HWMP_ROOT_INTERVAL] =
8444 NLA_POLICY_MIN(NLA_U16, 1),
8445 [NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL] =
8446 NLA_POLICY_MIN(NLA_U16, 1),
8447 [NL80211_MESHCONF_POWER_MODE] =
8448 NLA_POLICY_RANGE(NLA_U32,
8449 NL80211_MESH_POWER_ACTIVE,
8450 NL80211_MESH_POWER_MAX),
8451 [NL80211_MESHCONF_AWAKE_WINDOW] = { .type = NLA_U16 },
8452 [NL80211_MESHCONF_PLINK_TIMEOUT] = { .type = NLA_U32 },
8453 [NL80211_MESHCONF_CONNECTED_TO_GATE] = NLA_POLICY_RANGE(NLA_U8, 0, 1),
8454 [NL80211_MESHCONF_NOLEARN] = NLA_POLICY_RANGE(NLA_U8, 0, 1),
8455 [NL80211_MESHCONF_CONNECTED_TO_AS] = NLA_POLICY_RANGE(NLA_U8, 0, 1),
8456 };
8457
8458 static const struct nla_policy
8459 nl80211_mesh_setup_params_policy[NL80211_MESH_SETUP_ATTR_MAX+1] = {
8460 [NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC] = { .type = NLA_U8 },
8461 [NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL] = { .type = NLA_U8 },
8462 [NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC] = { .type = NLA_U8 },
8463 [NL80211_MESH_SETUP_USERSPACE_AUTH] = { .type = NLA_FLAG },
8464 [NL80211_MESH_SETUP_AUTH_PROTOCOL] = { .type = NLA_U8 },
8465 [NL80211_MESH_SETUP_USERSPACE_MPM] = { .type = NLA_FLAG },
8466 [NL80211_MESH_SETUP_IE] =
8467 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
8468 IEEE80211_MAX_DATA_LEN),
8469 [NL80211_MESH_SETUP_USERSPACE_AMPE] = { .type = NLA_FLAG },
8470 };
8471
8472 static int nl80211_parse_mesh_config(struct genl_info *info,
8473 struct mesh_config *cfg,
8474 u32 *mask_out)
8475 {
8476 struct nlattr *tb[NL80211_MESHCONF_ATTR_MAX + 1];
8477 u32 mask = 0;
8478 u16 ht_opmode;
8479
8480 #define FILL_IN_MESH_PARAM_IF_SET(tb, cfg, param, mask, attr, fn) \
8481 do { \
8482 if (tb[attr]) { \
8483 cfg->param = fn(tb[attr]); \
8484 mask |= BIT((attr) - 1); \
8485 } \
8486 } while (0)
8487
8488 if (!info->attrs[NL80211_ATTR_MESH_CONFIG])
8489 return -EINVAL;
8490 if (nla_parse_nested_deprecated(tb, NL80211_MESHCONF_ATTR_MAX, info->attrs[NL80211_ATTR_MESH_CONFIG], nl80211_meshconf_params_policy, info->extack))
8491 return -EINVAL;
8492
8493 /* This makes sure that there aren't more than 32 mesh config
8494 * parameters (otherwise our bitfield scheme would not work.) */
8495 BUILD_BUG_ON(NL80211_MESHCONF_ATTR_MAX > 32);
8496
8497 /* Fill in the params struct */
8498 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshRetryTimeout, mask,
8499 NL80211_MESHCONF_RETRY_TIMEOUT, nla_get_u16);
8500 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConfirmTimeout, mask,
8501 NL80211_MESHCONF_CONFIRM_TIMEOUT,
8502 nla_get_u16);
8503 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHoldingTimeout, mask,
8504 NL80211_MESHCONF_HOLDING_TIMEOUT,
8505 nla_get_u16);
8506 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxPeerLinks, mask,
8507 NL80211_MESHCONF_MAX_PEER_LINKS,
8508 nla_get_u16);
8509 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxRetries, mask,
8510 NL80211_MESHCONF_MAX_RETRIES, nla_get_u8);
8511 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshTTL, mask,
8512 NL80211_MESHCONF_TTL, nla_get_u8);
8513 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, element_ttl, mask,
8514 NL80211_MESHCONF_ELEMENT_TTL, nla_get_u8);
8515 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, auto_open_plinks, mask,
8516 NL80211_MESHCONF_AUTO_OPEN_PLINKS,
8517 nla_get_u8);
8518 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshNbrOffsetMaxNeighbor,
8519 mask,
8520 NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
8521 nla_get_u32);
8522 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPmaxPREQretries, mask,
8523 NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
8524 nla_get_u8);
8525 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, path_refresh_time, mask,
8526 NL80211_MESHCONF_PATH_REFRESH_TIME,
8527 nla_get_u32);
8528 if (mask & BIT(NL80211_MESHCONF_PATH_REFRESH_TIME) &&
8529 (cfg->path_refresh_time < 1 || cfg->path_refresh_time > 65535))
8530 return -EINVAL;
8531 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, min_discovery_timeout, mask,
8532 NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
8533 nla_get_u16);
8534 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathTimeout,
8535 mask,
8536 NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
8537 nla_get_u32);
8538 if (mask & BIT(NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT) &&
8539 (cfg->dot11MeshHWMPactivePathTimeout < 1 ||
8540 cfg->dot11MeshHWMPactivePathTimeout > 65535))
8541 return -EINVAL;
8542 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPpreqMinInterval, mask,
8543 NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
8544 nla_get_u16);
8545 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPperrMinInterval, mask,
8546 NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
8547 nla_get_u16);
8548 FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
8549 dot11MeshHWMPnetDiameterTraversalTime, mask,
8550 NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
8551 nla_get_u16);
8552 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRootMode, mask,
8553 NL80211_MESHCONF_HWMP_ROOTMODE, nla_get_u8);
8554 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRannInterval, mask,
8555 NL80211_MESHCONF_HWMP_RANN_INTERVAL,
8556 nla_get_u16);
8557 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshGateAnnouncementProtocol,
8558 mask, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
8559 nla_get_u8);
8560 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshForwarding, mask,
8561 NL80211_MESHCONF_FORWARDING, nla_get_u8);
8562 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, rssi_threshold, mask,
8563 NL80211_MESHCONF_RSSI_THRESHOLD,
8564 nla_get_s32);
8565 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConnectedToMeshGate, mask,
8566 NL80211_MESHCONF_CONNECTED_TO_GATE,
8567 nla_get_u8);
8568 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConnectedToAuthServer, mask,
8569 NL80211_MESHCONF_CONNECTED_TO_AS,
8570 nla_get_u8);
8571 /*
8572 * Check HT operation mode based on
8573 * IEEE 802.11-2016 9.4.2.57 HT Operation element.
8574 */
8575 if (tb[NL80211_MESHCONF_HT_OPMODE]) {
8576 ht_opmode = nla_get_u16(tb[NL80211_MESHCONF_HT_OPMODE]);
8577
8578 if (ht_opmode & ~(IEEE80211_HT_OP_MODE_PROTECTION |
8579 IEEE80211_HT_OP_MODE_NON_GF_STA_PRSNT |
8580 IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT))
8581 return -EINVAL;
8582
8583 /* NON_HT_STA bit is reserved, but some programs set it */
8584 ht_opmode &= ~IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT;
8585
8586 cfg->ht_opmode = ht_opmode;
8587 mask |= (1 << (NL80211_MESHCONF_HT_OPMODE - 1));
8588 }
8589 FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
8590 dot11MeshHWMPactivePathToRootTimeout, mask,
8591 NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
8592 nla_get_u32);
8593 if (mask & BIT(NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT) &&
8594 (cfg->dot11MeshHWMPactivePathToRootTimeout < 1 ||
8595 cfg->dot11MeshHWMPactivePathToRootTimeout > 65535))
8596 return -EINVAL;
8597 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMProotInterval, mask,
8598 NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
8599 nla_get_u16);
8600 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPconfirmationInterval,
8601 mask,
8602 NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
8603 nla_get_u16);
8604 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, power_mode, mask,
8605 NL80211_MESHCONF_POWER_MODE, nla_get_u32);
8606 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshAwakeWindowDuration, mask,
8607 NL80211_MESHCONF_AWAKE_WINDOW, nla_get_u16);
8608 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, plink_timeout, mask,
8609 NL80211_MESHCONF_PLINK_TIMEOUT, nla_get_u32);
8610 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshNolearn, mask,
8611 NL80211_MESHCONF_NOLEARN, nla_get_u8);
8612 if (mask_out)
8613 *mask_out = mask;
8614
8615 return 0;
8616
8617 #undef FILL_IN_MESH_PARAM_IF_SET
8618 }
8619
8620 static int nl80211_parse_mesh_setup(struct genl_info *info,
8621 struct mesh_setup *setup)
8622 {
8623 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8624 struct nlattr *tb[NL80211_MESH_SETUP_ATTR_MAX + 1];
8625
8626 if (!info->attrs[NL80211_ATTR_MESH_SETUP])
8627 return -EINVAL;
8628 if (nla_parse_nested_deprecated(tb, NL80211_MESH_SETUP_ATTR_MAX, info->attrs[NL80211_ATTR_MESH_SETUP], nl80211_mesh_setup_params_policy, info->extack))
8629 return -EINVAL;
8630
8631 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])
8632 setup->sync_method =
8633 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])) ?
8634 IEEE80211_SYNC_METHOD_VENDOR :
8635 IEEE80211_SYNC_METHOD_NEIGHBOR_OFFSET;
8636
8637 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])
8638 setup->path_sel_proto =
8639 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])) ?
8640 IEEE80211_PATH_PROTOCOL_VENDOR :
8641 IEEE80211_PATH_PROTOCOL_HWMP;
8642
8643 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])
8644 setup->path_metric =
8645 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])) ?
8646 IEEE80211_PATH_METRIC_VENDOR :
8647 IEEE80211_PATH_METRIC_AIRTIME;
8648
8649 if (tb[NL80211_MESH_SETUP_IE]) {
8650 struct nlattr *ieattr =
8651 tb[NL80211_MESH_SETUP_IE];
8652 setup->ie = nla_data(ieattr);
8653 setup->ie_len = nla_len(ieattr);
8654 }
8655 if (tb[NL80211_MESH_SETUP_USERSPACE_MPM] &&
8656 !(rdev->wiphy.features & NL80211_FEATURE_USERSPACE_MPM))
8657 return -EINVAL;
8658 setup->user_mpm = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_MPM]);
8659 setup->is_authenticated = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AUTH]);
8660 setup->is_secure = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AMPE]);
8661 if (setup->is_secure)
8662 setup->user_mpm = true;
8663
8664 if (tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]) {
8665 if (!setup->user_mpm)
8666 return -EINVAL;
8667 setup->auth_id =
8668 nla_get_u8(tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]);
8669 }
8670
8671 return 0;
8672 }
8673
8674 static int nl80211_update_mesh_config(struct sk_buff *skb,
8675 struct genl_info *info)
8676 {
8677 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8678 struct net_device *dev = info->user_ptr[1];
8679 struct wireless_dev *wdev = dev->ieee80211_ptr;
8680 struct mesh_config cfg = {};
8681 u32 mask;
8682 int err;
8683
8684 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
8685 return -EOPNOTSUPP;
8686
8687 if (!rdev->ops->update_mesh_config)
8688 return -EOPNOTSUPP;
8689
8690 err = nl80211_parse_mesh_config(info, &cfg, &mask);
8691 if (err)
8692 return err;
8693
8694 if (!wdev->u.mesh.id_len)
8695 err = -ENOLINK;
8696
8697 if (!err)
8698 err = rdev_update_mesh_config(rdev, dev, mask, &cfg);
8699
8700 return err;
8701 }
8702
8703 static int nl80211_put_regdom(const struct ieee80211_regdomain *regdom,
8704 struct sk_buff *msg)
8705 {
8706 struct nlattr *nl_reg_rules;
8707 unsigned int i;
8708
8709 if (nla_put_string(msg, NL80211_ATTR_REG_ALPHA2, regdom->alpha2) ||
8710 (regdom->dfs_region &&
8711 nla_put_u8(msg, NL80211_ATTR_DFS_REGION, regdom->dfs_region)))
8712 goto nla_put_failure;
8713
8714 nl_reg_rules = nla_nest_start_noflag(msg, NL80211_ATTR_REG_RULES);
8715 if (!nl_reg_rules)
8716 goto nla_put_failure;
8717
8718 for (i = 0; i < regdom->n_reg_rules; i++) {
8719 struct nlattr *nl_reg_rule;
8720 const struct ieee80211_reg_rule *reg_rule;
8721 const struct ieee80211_freq_range *freq_range;
8722 const struct ieee80211_power_rule *power_rule;
8723 unsigned int max_bandwidth_khz;
8724
8725 reg_rule = &regdom->reg_rules[i];
8726 freq_range = &reg_rule->freq_range;
8727 power_rule = &reg_rule->power_rule;
8728
8729 nl_reg_rule = nla_nest_start_noflag(msg, i);
8730 if (!nl_reg_rule)
8731 goto nla_put_failure;
8732
8733 max_bandwidth_khz = freq_range->max_bandwidth_khz;
8734 if (!max_bandwidth_khz)
8735 max_bandwidth_khz = reg_get_max_bandwidth(regdom,
8736 reg_rule);
8737
8738 if (nla_put_u32(msg, NL80211_ATTR_REG_RULE_FLAGS,
8739 reg_rule->flags) ||
8740 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_START,
8741 freq_range->start_freq_khz) ||
8742 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_END,
8743 freq_range->end_freq_khz) ||
8744 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_MAX_BW,
8745 max_bandwidth_khz) ||
8746 nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN,
8747 power_rule->max_antenna_gain) ||
8748 nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_EIRP,
8749 power_rule->max_eirp) ||
8750 nla_put_u32(msg, NL80211_ATTR_DFS_CAC_TIME,
8751 reg_rule->dfs_cac_ms))
8752 goto nla_put_failure;
8753
8754 if ((reg_rule->flags & NL80211_RRF_PSD) &&
8755 nla_put_s8(msg, NL80211_ATTR_POWER_RULE_PSD,
8756 reg_rule->psd))
8757 goto nla_put_failure;
8758
8759 nla_nest_end(msg, nl_reg_rule);
8760 }
8761
8762 nla_nest_end(msg, nl_reg_rules);
8763 return 0;
8764
8765 nla_put_failure:
8766 return -EMSGSIZE;
8767 }
8768
8769 static int nl80211_get_reg_do(struct sk_buff *skb, struct genl_info *info)
8770 {
8771 const struct ieee80211_regdomain *regdom = NULL;
8772 struct cfg80211_registered_device *rdev;
8773 struct wiphy *wiphy = NULL;
8774 struct sk_buff *msg;
8775 int err = -EMSGSIZE;
8776 void *hdr;
8777
8778 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
8779 if (!msg)
8780 return -ENOBUFS;
8781
8782 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
8783 NL80211_CMD_GET_REG);
8784 if (!hdr)
8785 goto put_failure;
8786
8787 rtnl_lock();
8788
8789 if (info->attrs[NL80211_ATTR_WIPHY]) {
8790 bool self_managed;
8791
8792 rdev = cfg80211_get_dev_from_info(genl_info_net(info), info);
8793 if (IS_ERR(rdev)) {
8794 err = PTR_ERR(rdev);
8795 goto nla_put_failure;
8796 }
8797
8798 wiphy = &rdev->wiphy;
8799 self_managed = wiphy->regulatory_flags &
8800 REGULATORY_WIPHY_SELF_MANAGED;
8801
8802 rcu_read_lock();
8803
8804 regdom = get_wiphy_regdom(wiphy);
8805
8806 /* a self-managed-reg device must have a private regdom */
8807 if (WARN_ON(!regdom && self_managed)) {
8808 err = -EINVAL;
8809 goto nla_put_failure_rcu;
8810 }
8811
8812 if (regdom &&
8813 nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
8814 goto nla_put_failure_rcu;
8815 } else {
8816 rcu_read_lock();
8817 }
8818
8819 if (!wiphy && reg_last_request_cell_base() &&
8820 nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE,
8821 NL80211_USER_REG_HINT_CELL_BASE))
8822 goto nla_put_failure_rcu;
8823
8824 if (!regdom)
8825 regdom = rcu_dereference(cfg80211_regdomain);
8826
8827 if (nl80211_put_regdom(regdom, msg))
8828 goto nla_put_failure_rcu;
8829
8830 rcu_read_unlock();
8831
8832 genlmsg_end(msg, hdr);
8833 rtnl_unlock();
8834 return genlmsg_reply(msg, info);
8835
8836 nla_put_failure_rcu:
8837 rcu_read_unlock();
8838 nla_put_failure:
8839 rtnl_unlock();
8840 put_failure:
8841 nlmsg_free(msg);
8842 return err;
8843 }
8844
8845 static int nl80211_send_regdom(struct sk_buff *msg, struct netlink_callback *cb,
8846 u32 seq, int flags, struct wiphy *wiphy,
8847 const struct ieee80211_regdomain *regdom)
8848 {
8849 void *hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags,
8850 NL80211_CMD_GET_REG);
8851
8852 if (!hdr)
8853 return -1;
8854
8855 genl_dump_check_consistent(cb, hdr);
8856
8857 if (nl80211_put_regdom(regdom, msg))
8858 goto nla_put_failure;
8859
8860 if (!wiphy && reg_last_request_cell_base() &&
8861 nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE,
8862 NL80211_USER_REG_HINT_CELL_BASE))
8863 goto nla_put_failure;
8864
8865 if (wiphy &&
8866 nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
8867 goto nla_put_failure;
8868
8869 if (wiphy && wiphy->regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
8870 nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
8871 goto nla_put_failure;
8872
8873 genlmsg_end(msg, hdr);
8874 return 0;
8875
8876 nla_put_failure:
8877 genlmsg_cancel(msg, hdr);
8878 return -EMSGSIZE;
8879 }
8880
8881 static int nl80211_get_reg_dump(struct sk_buff *skb,
8882 struct netlink_callback *cb)
8883 {
8884 const struct ieee80211_regdomain *regdom = NULL;
8885 struct cfg80211_registered_device *rdev;
8886 int err, reg_idx, start = cb->args[2];
8887
8888 rcu_read_lock();
8889
8890 if (cfg80211_regdomain && start == 0) {
8891 err = nl80211_send_regdom(skb, cb, cb->nlh->nlmsg_seq,
8892 NLM_F_MULTI, NULL,
8893 rcu_dereference(cfg80211_regdomain));
8894 if (err < 0)
8895 goto out_err;
8896 }
8897
8898 /* the global regdom is idx 0 */
8899 reg_idx = 1;
8900 list_for_each_entry_rcu(rdev, &cfg80211_rdev_list, list) {
8901 regdom = get_wiphy_regdom(&rdev->wiphy);
8902 if (!regdom)
8903 continue;
8904
8905 if (++reg_idx <= start)
8906 continue;
8907
8908 err = nl80211_send_regdom(skb, cb, cb->nlh->nlmsg_seq,
8909 NLM_F_MULTI, &rdev->wiphy, regdom);
8910 if (err < 0) {
8911 reg_idx--;
8912 break;
8913 }
8914 }
8915
8916 cb->args[2] = reg_idx;
8917 err = skb->len;
8918 out_err:
8919 rcu_read_unlock();
8920 return err;
8921 }
8922
8923 #ifdef CONFIG_CFG80211_CRDA_SUPPORT
8924 static const struct nla_policy reg_rule_policy[NL80211_REG_RULE_ATTR_MAX + 1] = {
8925 [NL80211_ATTR_REG_RULE_FLAGS] = { .type = NLA_U32 },
8926 [NL80211_ATTR_FREQ_RANGE_START] = { .type = NLA_U32 },
8927 [NL80211_ATTR_FREQ_RANGE_END] = { .type = NLA_U32 },
8928 [NL80211_ATTR_FREQ_RANGE_MAX_BW] = { .type = NLA_U32 },
8929 [NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN] = { .type = NLA_U32 },
8930 [NL80211_ATTR_POWER_RULE_MAX_EIRP] = { .type = NLA_U32 },
8931 [NL80211_ATTR_DFS_CAC_TIME] = { .type = NLA_U32 },
8932 };
8933
8934 static int parse_reg_rule(struct nlattr *tb[],
8935 struct ieee80211_reg_rule *reg_rule)
8936 {
8937 struct ieee80211_freq_range *freq_range = &reg_rule->freq_range;
8938 struct ieee80211_power_rule *power_rule = &reg_rule->power_rule;
8939
8940 if (!tb[NL80211_ATTR_REG_RULE_FLAGS])
8941 return -EINVAL;
8942 if (!tb[NL80211_ATTR_FREQ_RANGE_START])
8943 return -EINVAL;
8944 if (!tb[NL80211_ATTR_FREQ_RANGE_END])
8945 return -EINVAL;
8946 if (!tb[NL80211_ATTR_FREQ_RANGE_MAX_BW])
8947 return -EINVAL;
8948 if (!tb[NL80211_ATTR_POWER_RULE_MAX_EIRP])
8949 return -EINVAL;
8950
8951 reg_rule->flags = nla_get_u32(tb[NL80211_ATTR_REG_RULE_FLAGS]);
8952
8953 freq_range->start_freq_khz =
8954 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]);
8955 freq_range->end_freq_khz =
8956 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]);
8957 freq_range->max_bandwidth_khz =
8958 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]);
8959
8960 power_rule->max_eirp =
8961 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]);
8962
8963 if (tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN])
8964 power_rule->max_antenna_gain =
8965 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]);
8966
8967 if (tb[NL80211_ATTR_DFS_CAC_TIME])
8968 reg_rule->dfs_cac_ms =
8969 nla_get_u32(tb[NL80211_ATTR_DFS_CAC_TIME]);
8970
8971 return 0;
8972 }
8973
8974 static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info)
8975 {
8976 struct nlattr *tb[NL80211_REG_RULE_ATTR_MAX + 1];
8977 struct nlattr *nl_reg_rule;
8978 char *alpha2;
8979 int rem_reg_rules, r;
8980 u32 num_rules = 0, rule_idx = 0;
8981 enum nl80211_dfs_regions dfs_region = NL80211_DFS_UNSET;
8982 struct ieee80211_regdomain *rd;
8983
8984 if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
8985 return -EINVAL;
8986
8987 if (!info->attrs[NL80211_ATTR_REG_RULES])
8988 return -EINVAL;
8989
8990 alpha2 = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
8991
8992 if (info->attrs[NL80211_ATTR_DFS_REGION])
8993 dfs_region = nla_get_u8(info->attrs[NL80211_ATTR_DFS_REGION]);
8994
8995 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
8996 rem_reg_rules) {
8997 num_rules++;
8998 if (num_rules > NL80211_MAX_SUPP_REG_RULES)
8999 return -EINVAL;
9000 }
9001
9002 rtnl_lock();
9003 if (!reg_is_valid_request(alpha2)) {
9004 r = -EINVAL;
9005 goto out;
9006 }
9007
9008 rd = kzalloc(struct_size(rd, reg_rules, num_rules), GFP_KERNEL);
9009 if (!rd) {
9010 r = -ENOMEM;
9011 goto out;
9012 }
9013
9014 rd->n_reg_rules = num_rules;
9015 rd->alpha2[0] = alpha2[0];
9016 rd->alpha2[1] = alpha2[1];
9017
9018 /*
9019 * Disable DFS master mode if the DFS region was
9020 * not supported or known on this kernel.
9021 */
9022 if (reg_supported_dfs_region(dfs_region))
9023 rd->dfs_region = dfs_region;
9024
9025 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
9026 rem_reg_rules) {
9027 r = nla_parse_nested_deprecated(tb, NL80211_REG_RULE_ATTR_MAX,
9028 nl_reg_rule, reg_rule_policy,
9029 info->extack);
9030 if (r)
9031 goto bad_reg;
9032 r = parse_reg_rule(tb, &rd->reg_rules[rule_idx]);
9033 if (r)
9034 goto bad_reg;
9035
9036 rule_idx++;
9037
9038 if (rule_idx > NL80211_MAX_SUPP_REG_RULES) {
9039 r = -EINVAL;
9040 goto bad_reg;
9041 }
9042 }
9043
9044 r = set_regdom(rd, REGD_SOURCE_CRDA);
9045 /* set_regdom takes ownership of rd */
9046 rd = NULL;
9047 bad_reg:
9048 kfree(rd);
9049 out:
9050 rtnl_unlock();
9051 return r;
9052 }
9053 #endif /* CONFIG_CFG80211_CRDA_SUPPORT */
9054
9055 static int validate_scan_freqs(struct nlattr *freqs)
9056 {
9057 struct nlattr *attr1, *attr2;
9058 int n_channels = 0, tmp1, tmp2;
9059
9060 nla_for_each_nested(attr1, freqs, tmp1)
9061 if (nla_len(attr1) != sizeof(u32))
9062 return 0;
9063
9064 nla_for_each_nested(attr1, freqs, tmp1) {
9065 n_channels++;
9066 /*
9067 * Some hardware has a limited channel list for
9068 * scanning, and it is pretty much nonsensical
9069 * to scan for a channel twice, so disallow that
9070 * and don't require drivers to check that the
9071 * channel list they get isn't longer than what
9072 * they can scan, as long as they can scan all
9073 * the channels they registered at once.
9074 */
9075 nla_for_each_nested(attr2, freqs, tmp2)
9076 if (attr1 != attr2 &&
9077 nla_get_u32(attr1) == nla_get_u32(attr2))
9078 return 0;
9079 }
9080
9081 return n_channels;
9082 }
9083
9084 static bool is_band_valid(struct wiphy *wiphy, enum nl80211_band b)
9085 {
9086 return b < NUM_NL80211_BANDS && wiphy->bands[b];
9087 }
9088
9089 static int parse_bss_select(struct nlattr *nla, struct wiphy *wiphy,
9090 struct cfg80211_bss_selection *bss_select)
9091 {
9092 struct nlattr *attr[NL80211_BSS_SELECT_ATTR_MAX + 1];
9093 struct nlattr *nest;
9094 int err;
9095 bool found = false;
9096 int i;
9097
9098 /* only process one nested attribute */
9099 nest = nla_data(nla);
9100 if (!nla_ok(nest, nla_len(nest)))
9101 return -EINVAL;
9102
9103 err = nla_parse_nested_deprecated(attr, NL80211_BSS_SELECT_ATTR_MAX,
9104 nest, nl80211_bss_select_policy,
9105 NULL);
9106 if (err)
9107 return err;
9108
9109 /* only one attribute may be given */
9110 for (i = 0; i <= NL80211_BSS_SELECT_ATTR_MAX; i++) {
9111 if (attr[i]) {
9112 if (found)
9113 return -EINVAL;
9114 found = true;
9115 }
9116 }
9117
9118 bss_select->behaviour = __NL80211_BSS_SELECT_ATTR_INVALID;
9119
9120 if (attr[NL80211_BSS_SELECT_ATTR_RSSI])
9121 bss_select->behaviour = NL80211_BSS_SELECT_ATTR_RSSI;
9122
9123 if (attr[NL80211_BSS_SELECT_ATTR_BAND_PREF]) {
9124 bss_select->behaviour = NL80211_BSS_SELECT_ATTR_BAND_PREF;
9125 bss_select->param.band_pref =
9126 nla_get_u32(attr[NL80211_BSS_SELECT_ATTR_BAND_PREF]);
9127 if (!is_band_valid(wiphy, bss_select->param.band_pref))
9128 return -EINVAL;
9129 }
9130
9131 if (attr[NL80211_BSS_SELECT_ATTR_RSSI_ADJUST]) {
9132 struct nl80211_bss_select_rssi_adjust *adj_param;
9133
9134 adj_param = nla_data(attr[NL80211_BSS_SELECT_ATTR_RSSI_ADJUST]);
9135 bss_select->behaviour = NL80211_BSS_SELECT_ATTR_RSSI_ADJUST;
9136 bss_select->param.adjust.band = adj_param->band;
9137 bss_select->param.adjust.delta = adj_param->delta;
9138 if (!is_band_valid(wiphy, bss_select->param.adjust.band))
9139 return -EINVAL;
9140 }
9141
9142 /* user-space did not provide behaviour attribute */
9143 if (bss_select->behaviour == __NL80211_BSS_SELECT_ATTR_INVALID)
9144 return -EINVAL;
9145
9146 if (!(wiphy->bss_select_support & BIT(bss_select->behaviour)))
9147 return -EINVAL;
9148
9149 return 0;
9150 }
9151
9152 int nl80211_parse_random_mac(struct nlattr **attrs,
9153 u8 *mac_addr, u8 *mac_addr_mask)
9154 {
9155 int i;
9156
9157 if (!attrs[NL80211_ATTR_MAC] && !attrs[NL80211_ATTR_MAC_MASK]) {
9158 eth_zero_addr(mac_addr);
9159 eth_zero_addr(mac_addr_mask);
9160 mac_addr[0] = 0x2;
9161 mac_addr_mask[0] = 0x3;
9162
9163 return 0;
9164 }
9165
9166 /* need both or none */
9167 if (!attrs[NL80211_ATTR_MAC] || !attrs[NL80211_ATTR_MAC_MASK])
9168 return -EINVAL;
9169
9170 memcpy(mac_addr, nla_data(attrs[NL80211_ATTR_MAC]), ETH_ALEN);
9171 memcpy(mac_addr_mask, nla_data(attrs[NL80211_ATTR_MAC_MASK]), ETH_ALEN);
9172
9173 /* don't allow or configure an mcast address */
9174 if (!is_multicast_ether_addr(mac_addr_mask) ||
9175 is_multicast_ether_addr(mac_addr))
9176 return -EINVAL;
9177
9178 /*
9179 * allow users to pass a MAC address that has bits set outside
9180 * of the mask, but don't bother drivers with having to deal
9181 * with such bits
9182 */
9183 for (i = 0; i < ETH_ALEN; i++)
9184 mac_addr[i] &= mac_addr_mask[i];
9185
9186 return 0;
9187 }
9188
9189 static bool cfg80211_off_channel_oper_allowed(struct wireless_dev *wdev,
9190 struct ieee80211_channel *chan)
9191 {
9192 unsigned int link_id;
9193 bool all_ok = true;
9194
9195 lockdep_assert_wiphy(wdev->wiphy);
9196
9197 if (!cfg80211_wdev_channel_allowed(wdev, chan))
9198 return false;
9199
9200 if (!cfg80211_beaconing_iface_active(wdev))
9201 return true;
9202
9203 /*
9204 * FIXME: check if we have a free HW resource/link for chan
9205 *
9206 * This, as well as the FIXME below, requires knowing the link
9207 * capabilities of the hardware.
9208 */
9209
9210 /* we cannot leave radar channels */
9211 for_each_valid_link(wdev, link_id) {
9212 struct cfg80211_chan_def *chandef;
9213
9214 chandef = wdev_chandef(wdev, link_id);
9215 if (!chandef || !chandef->chan)
9216 continue;
9217
9218 /*
9219 * FIXME: don't require all_ok, but rather check only the
9220 * correct HW resource/link onto which 'chan' falls,
9221 * as only that link leaves the channel for doing
9222 * the off-channel operation.
9223 */
9224
9225 if (chandef->chan->flags & IEEE80211_CHAN_RADAR)
9226 all_ok = false;
9227 }
9228
9229 if (all_ok)
9230 return true;
9231
9232 return regulatory_pre_cac_allowed(wdev->wiphy);
9233 }
9234
9235 static bool nl80211_check_scan_feat(struct wiphy *wiphy, u32 flags, u32 flag,
9236 enum nl80211_ext_feature_index feat)
9237 {
9238 if (!(flags & flag))
9239 return true;
9240 if (wiphy_ext_feature_isset(wiphy, feat))
9241 return true;
9242 return false;
9243 }
9244
9245 static int
9246 nl80211_check_scan_flags(struct wiphy *wiphy, struct wireless_dev *wdev,
9247 void *request, struct nlattr **attrs,
9248 bool is_sched_scan)
9249 {
9250 u8 *mac_addr, *mac_addr_mask;
9251 u32 *flags;
9252 enum nl80211_feature_flags randomness_flag;
9253
9254 if (!attrs[NL80211_ATTR_SCAN_FLAGS])
9255 return 0;
9256
9257 if (is_sched_scan) {
9258 struct cfg80211_sched_scan_request *req = request;
9259
9260 randomness_flag = wdev ?
9261 NL80211_FEATURE_SCHED_SCAN_RANDOM_MAC_ADDR :
9262 NL80211_FEATURE_ND_RANDOM_MAC_ADDR;
9263 flags = &req->flags;
9264 mac_addr = req->mac_addr;
9265 mac_addr_mask = req->mac_addr_mask;
9266 } else {
9267 struct cfg80211_scan_request *req = request;
9268
9269 randomness_flag = NL80211_FEATURE_SCAN_RANDOM_MAC_ADDR;
9270 flags = &req->flags;
9271 mac_addr = req->mac_addr;
9272 mac_addr_mask = req->mac_addr_mask;
9273 }
9274
9275 *flags = nla_get_u32(attrs[NL80211_ATTR_SCAN_FLAGS]);
9276
9277 if (((*flags & NL80211_SCAN_FLAG_LOW_PRIORITY) &&
9278 !(wiphy->features & NL80211_FEATURE_LOW_PRIORITY_SCAN)) ||
9279 !nl80211_check_scan_feat(wiphy, *flags,
9280 NL80211_SCAN_FLAG_LOW_SPAN,
9281 NL80211_EXT_FEATURE_LOW_SPAN_SCAN) ||
9282 !nl80211_check_scan_feat(wiphy, *flags,
9283 NL80211_SCAN_FLAG_LOW_POWER,
9284 NL80211_EXT_FEATURE_LOW_POWER_SCAN) ||
9285 !nl80211_check_scan_feat(wiphy, *flags,
9286 NL80211_SCAN_FLAG_HIGH_ACCURACY,
9287 NL80211_EXT_FEATURE_HIGH_ACCURACY_SCAN) ||
9288 !nl80211_check_scan_feat(wiphy, *flags,
9289 NL80211_SCAN_FLAG_FILS_MAX_CHANNEL_TIME,
9290 NL80211_EXT_FEATURE_FILS_MAX_CHANNEL_TIME) ||
9291 !nl80211_check_scan_feat(wiphy, *flags,
9292 NL80211_SCAN_FLAG_ACCEPT_BCAST_PROBE_RESP,
9293 NL80211_EXT_FEATURE_ACCEPT_BCAST_PROBE_RESP) ||
9294 !nl80211_check_scan_feat(wiphy, *flags,
9295 NL80211_SCAN_FLAG_OCE_PROBE_REQ_DEFERRAL_SUPPRESSION,
9296 NL80211_EXT_FEATURE_OCE_PROBE_REQ_DEFERRAL_SUPPRESSION) ||
9297 !nl80211_check_scan_feat(wiphy, *flags,
9298 NL80211_SCAN_FLAG_OCE_PROBE_REQ_HIGH_TX_RATE,
9299 NL80211_EXT_FEATURE_OCE_PROBE_REQ_HIGH_TX_RATE) ||
9300 !nl80211_check_scan_feat(wiphy, *flags,
9301 NL80211_SCAN_FLAG_RANDOM_SN,
9302 NL80211_EXT_FEATURE_SCAN_RANDOM_SN) ||
9303 !nl80211_check_scan_feat(wiphy, *flags,
9304 NL80211_SCAN_FLAG_MIN_PREQ_CONTENT,
9305 NL80211_EXT_FEATURE_SCAN_MIN_PREQ_CONTENT))
9306 return -EOPNOTSUPP;
9307
9308 if (*flags & NL80211_SCAN_FLAG_RANDOM_ADDR) {
9309 int err;
9310
9311 if (!(wiphy->features & randomness_flag) ||
9312 (wdev && wdev->connected))
9313 return -EOPNOTSUPP;
9314
9315 err = nl80211_parse_random_mac(attrs, mac_addr, mac_addr_mask);
9316 if (err)
9317 return err;
9318 }
9319
9320 return 0;
9321 }
9322
9323 static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info)
9324 {
9325 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9326 struct wireless_dev *wdev = info->user_ptr[1];
9327 struct cfg80211_scan_request *request;
9328 struct nlattr *scan_freqs = NULL;
9329 bool scan_freqs_khz = false;
9330 struct nlattr *attr;
9331 struct wiphy *wiphy;
9332 int err, tmp, n_ssids = 0, n_channels, i;
9333 size_t ie_len, size;
9334 size_t ssids_offset, ie_offset;
9335
9336 wiphy = &rdev->wiphy;
9337
9338 if (wdev->iftype == NL80211_IFTYPE_NAN)
9339 return -EOPNOTSUPP;
9340
9341 if (!rdev->ops->scan)
9342 return -EOPNOTSUPP;
9343
9344 if (rdev->scan_req || rdev->scan_msg)
9345 return -EBUSY;
9346
9347 if (info->attrs[NL80211_ATTR_SCAN_FREQ_KHZ]) {
9348 if (!wiphy_ext_feature_isset(wiphy,
9349 NL80211_EXT_FEATURE_SCAN_FREQ_KHZ))
9350 return -EOPNOTSUPP;
9351 scan_freqs = info->attrs[NL80211_ATTR_SCAN_FREQ_KHZ];
9352 scan_freqs_khz = true;
9353 } else if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES])
9354 scan_freqs = info->attrs[NL80211_ATTR_SCAN_FREQUENCIES];
9355
9356 if (scan_freqs) {
9357 n_channels = validate_scan_freqs(scan_freqs);
9358 if (!n_channels)
9359 return -EINVAL;
9360 } else {
9361 n_channels = ieee80211_get_num_supported_channels(wiphy);
9362 }
9363
9364 if (info->attrs[NL80211_ATTR_SCAN_SSIDS])
9365 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp)
9366 n_ssids++;
9367
9368 if (n_ssids > wiphy->max_scan_ssids)
9369 return -EINVAL;
9370
9371 if (info->attrs[NL80211_ATTR_IE])
9372 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
9373 else
9374 ie_len = 0;
9375
9376 if (ie_len > wiphy->max_scan_ie_len)
9377 return -EINVAL;
9378
9379 size = struct_size(request, channels, n_channels);
9380 ssids_offset = size;
9381 size = size_add(size, array_size(sizeof(*request->ssids), n_ssids));
9382 ie_offset = size;
9383 size = size_add(size, ie_len);
9384 request = kzalloc(size, GFP_KERNEL);
9385 if (!request)
9386 return -ENOMEM;
9387 request->n_channels = n_channels;
9388
9389 if (n_ssids)
9390 request->ssids = (void *)request + ssids_offset;
9391 request->n_ssids = n_ssids;
9392 if (ie_len)
9393 request->ie = (void *)request + ie_offset;
9394
9395 i = 0;
9396 if (scan_freqs) {
9397 /* user specified, bail out if channel not found */
9398 nla_for_each_nested(attr, scan_freqs, tmp) {
9399 struct ieee80211_channel *chan;
9400 int freq = nla_get_u32(attr);
9401
9402 if (!scan_freqs_khz)
9403 freq = MHZ_TO_KHZ(freq);
9404
9405 chan = ieee80211_get_channel_khz(wiphy, freq);
9406 if (!chan) {
9407 err = -EINVAL;
9408 goto out_free;
9409 }
9410
9411 /* ignore disabled channels */
9412 if (chan->flags & IEEE80211_CHAN_DISABLED ||
9413 !cfg80211_wdev_channel_allowed(wdev, chan))
9414 continue;
9415
9416 request->channels[i] = chan;
9417 i++;
9418 }
9419 } else {
9420 enum nl80211_band band;
9421
9422 /* all channels */
9423 for (band = 0; band < NUM_NL80211_BANDS; band++) {
9424 int j;
9425
9426 if (!wiphy->bands[band])
9427 continue;
9428 for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
9429 struct ieee80211_channel *chan;
9430
9431 chan = &wiphy->bands[band]->channels[j];
9432
9433 if (chan->flags & IEEE80211_CHAN_DISABLED ||
9434 !cfg80211_wdev_channel_allowed(wdev, chan))
9435 continue;
9436
9437 request->channels[i] = chan;
9438 i++;
9439 }
9440 }
9441 }
9442
9443 if (!i) {
9444 err = -EINVAL;
9445 goto out_free;
9446 }
9447
9448 request->n_channels = i;
9449
9450 for (i = 0; i < request->n_channels; i++) {
9451 struct ieee80211_channel *chan = request->channels[i];
9452
9453 /* if we can go off-channel to the target channel we're good */
9454 if (cfg80211_off_channel_oper_allowed(wdev, chan))
9455 continue;
9456
9457 if (!cfg80211_wdev_on_sub_chan(wdev, chan, true)) {
9458 err = -EBUSY;
9459 goto out_free;
9460 }
9461 }
9462
9463 i = 0;
9464 if (n_ssids) {
9465 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) {
9466 if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
9467 err = -EINVAL;
9468 goto out_free;
9469 }
9470 request->ssids[i].ssid_len = nla_len(attr);
9471 memcpy(request->ssids[i].ssid, nla_data(attr), nla_len(attr));
9472 i++;
9473 }
9474 }
9475
9476 if (info->attrs[NL80211_ATTR_IE]) {
9477 request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
9478 memcpy((void *)request->ie,
9479 nla_data(info->attrs[NL80211_ATTR_IE]),
9480 request->ie_len);
9481 }
9482
9483 for (i = 0; i < NUM_NL80211_BANDS; i++)
9484 if (wiphy->bands[i])
9485 request->rates[i] =
9486 (1 << wiphy->bands[i]->n_bitrates) - 1;
9487
9488 if (info->attrs[NL80211_ATTR_SCAN_SUPP_RATES]) {
9489 nla_for_each_nested(attr,
9490 info->attrs[NL80211_ATTR_SCAN_SUPP_RATES],
9491 tmp) {
9492 enum nl80211_band band = nla_type(attr);
9493
9494 if (band < 0 || band >= NUM_NL80211_BANDS) {
9495 err = -EINVAL;
9496 goto out_free;
9497 }
9498
9499 if (!wiphy->bands[band])
9500 continue;
9501
9502 err = ieee80211_get_ratemask(wiphy->bands[band],
9503 nla_data(attr),
9504 nla_len(attr),
9505 &request->rates[band]);
9506 if (err)
9507 goto out_free;
9508 }
9509 }
9510
9511 if (info->attrs[NL80211_ATTR_MEASUREMENT_DURATION]) {
9512 request->duration =
9513 nla_get_u16(info->attrs[NL80211_ATTR_MEASUREMENT_DURATION]);
9514 request->duration_mandatory =
9515 nla_get_flag(info->attrs[NL80211_ATTR_MEASUREMENT_DURATION_MANDATORY]);
9516 }
9517
9518 err = nl80211_check_scan_flags(wiphy, wdev, request, info->attrs,
9519 false);
9520 if (err)
9521 goto out_free;
9522
9523 request->no_cck =
9524 nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
9525
9526 /* Initial implementation used NL80211_ATTR_MAC to set the specific
9527 * BSSID to scan for. This was problematic because that same attribute
9528 * was already used for another purpose (local random MAC address). The
9529 * NL80211_ATTR_BSSID attribute was added to fix this. For backwards
9530 * compatibility with older userspace components, also use the
9531 * NL80211_ATTR_MAC value here if it can be determined to be used for
9532 * the specific BSSID use case instead of the random MAC address
9533 * (NL80211_ATTR_SCAN_FLAGS is used to enable random MAC address use).
9534 */
9535 if (info->attrs[NL80211_ATTR_BSSID])
9536 memcpy(request->bssid,
9537 nla_data(info->attrs[NL80211_ATTR_BSSID]), ETH_ALEN);
9538 else if (!(request->flags & NL80211_SCAN_FLAG_RANDOM_ADDR) &&
9539 info->attrs[NL80211_ATTR_MAC])
9540 memcpy(request->bssid, nla_data(info->attrs[NL80211_ATTR_MAC]),
9541 ETH_ALEN);
9542 else
9543 eth_broadcast_addr(request->bssid);
9544
9545 request->tsf_report_link_id = nl80211_link_id_or_invalid(info->attrs);
9546 request->wdev = wdev;
9547 request->wiphy = &rdev->wiphy;
9548 request->scan_start = jiffies;
9549
9550 rdev->scan_req = request;
9551 err = cfg80211_scan(rdev);
9552
9553 if (err)
9554 goto out_free;
9555
9556 nl80211_send_scan_start(rdev, wdev);
9557 dev_hold(wdev->netdev);
9558
9559 return 0;
9560
9561 out_free:
9562 rdev->scan_req = NULL;
9563 kfree(request);
9564
9565 return err;
9566 }
9567
9568 static int nl80211_abort_scan(struct sk_buff *skb, struct genl_info *info)
9569 {
9570 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9571 struct wireless_dev *wdev = info->user_ptr[1];
9572
9573 if (!rdev->ops->abort_scan)
9574 return -EOPNOTSUPP;
9575
9576 if (rdev->scan_msg)
9577 return 0;
9578
9579 if (!rdev->scan_req)
9580 return -ENOENT;
9581
9582 rdev_abort_scan(rdev, wdev);
9583 return 0;
9584 }
9585
9586 static int
9587 nl80211_parse_sched_scan_plans(struct wiphy *wiphy, int n_plans,
9588 struct cfg80211_sched_scan_request *request,
9589 struct nlattr **attrs)
9590 {
9591 int tmp, err, i = 0;
9592 struct nlattr *attr;
9593
9594 if (!attrs[NL80211_ATTR_SCHED_SCAN_PLANS]) {
9595 u32 interval;
9596
9597 /*
9598 * If scan plans are not specified,
9599 * %NL80211_ATTR_SCHED_SCAN_INTERVAL will be specified. In this
9600 * case one scan plan will be set with the specified scan
9601 * interval and infinite number of iterations.
9602 */
9603 interval = nla_get_u32(attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]);
9604 if (!interval)
9605 return -EINVAL;
9606
9607 request->scan_plans[0].interval =
9608 DIV_ROUND_UP(interval, MSEC_PER_SEC);
9609 if (!request->scan_plans[0].interval)
9610 return -EINVAL;
9611
9612 if (request->scan_plans[0].interval >
9613 wiphy->max_sched_scan_plan_interval)
9614 request->scan_plans[0].interval =
9615 wiphy->max_sched_scan_plan_interval;
9616
9617 return 0;
9618 }
9619
9620 nla_for_each_nested(attr, attrs[NL80211_ATTR_SCHED_SCAN_PLANS], tmp) {
9621 struct nlattr *plan[NL80211_SCHED_SCAN_PLAN_MAX + 1];
9622
9623 if (WARN_ON(i >= n_plans))
9624 return -EINVAL;
9625
9626 err = nla_parse_nested_deprecated(plan,
9627 NL80211_SCHED_SCAN_PLAN_MAX,
9628 attr, nl80211_plan_policy,
9629 NULL);
9630 if (err)
9631 return err;
9632
9633 if (!plan[NL80211_SCHED_SCAN_PLAN_INTERVAL])
9634 return -EINVAL;
9635
9636 request->scan_plans[i].interval =
9637 nla_get_u32(plan[NL80211_SCHED_SCAN_PLAN_INTERVAL]);
9638 if (!request->scan_plans[i].interval ||
9639 request->scan_plans[i].interval >
9640 wiphy->max_sched_scan_plan_interval)
9641 return -EINVAL;
9642
9643 if (plan[NL80211_SCHED_SCAN_PLAN_ITERATIONS]) {
9644 request->scan_plans[i].iterations =
9645 nla_get_u32(plan[NL80211_SCHED_SCAN_PLAN_ITERATIONS]);
9646 if (!request->scan_plans[i].iterations ||
9647 (request->scan_plans[i].iterations >
9648 wiphy->max_sched_scan_plan_iterations))
9649 return -EINVAL;
9650 } else if (i < n_plans - 1) {
9651 /*
9652 * All scan plans but the last one must specify
9653 * a finite number of iterations
9654 */
9655 return -EINVAL;
9656 }
9657
9658 i++;
9659 }
9660
9661 /*
9662 * The last scan plan must not specify the number of
9663 * iterations, it is supposed to run infinitely
9664 */
9665 if (request->scan_plans[n_plans - 1].iterations)
9666 return -EINVAL;
9667
9668 return 0;
9669 }
9670
9671 static struct cfg80211_sched_scan_request *
9672 nl80211_parse_sched_scan(struct wiphy *wiphy, struct wireless_dev *wdev,
9673 struct nlattr **attrs, int max_match_sets)
9674 {
9675 struct cfg80211_sched_scan_request *request;
9676 struct nlattr *attr;
9677 int err, tmp, n_ssids = 0, n_match_sets = 0, n_channels, i, n_plans = 0;
9678 enum nl80211_band band;
9679 size_t ie_len, size;
9680 struct nlattr *tb[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1];
9681 s32 default_match_rssi = NL80211_SCAN_RSSI_THOLD_OFF;
9682
9683 if (attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
9684 n_channels = validate_scan_freqs(
9685 attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
9686 if (!n_channels)
9687 return ERR_PTR(-EINVAL);
9688 } else {
9689 n_channels = ieee80211_get_num_supported_channels(wiphy);
9690 }
9691
9692 if (attrs[NL80211_ATTR_SCAN_SSIDS])
9693 nla_for_each_nested(attr, attrs[NL80211_ATTR_SCAN_SSIDS],
9694 tmp)
9695 n_ssids++;
9696
9697 if (n_ssids > wiphy->max_sched_scan_ssids)
9698 return ERR_PTR(-EINVAL);
9699
9700 /*
9701 * First, count the number of 'real' matchsets. Due to an issue with
9702 * the old implementation, matchsets containing only the RSSI attribute
9703 * (NL80211_SCHED_SCAN_MATCH_ATTR_RSSI) are considered as the 'default'
9704 * RSSI for all matchsets, rather than their own matchset for reporting
9705 * all APs with a strong RSSI. This is needed to be compatible with
9706 * older userspace that treated a matchset with only the RSSI as the
9707 * global RSSI for all other matchsets - if there are other matchsets.
9708 */
9709 if (attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
9710 nla_for_each_nested(attr,
9711 attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
9712 tmp) {
9713 struct nlattr *rssi;
9714
9715 err = nla_parse_nested_deprecated(tb,
9716 NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
9717 attr,
9718 nl80211_match_policy,
9719 NULL);
9720 if (err)
9721 return ERR_PTR(err);
9722
9723 /* SSID and BSSID are mutually exclusive */
9724 if (tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID] &&
9725 tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID])
9726 return ERR_PTR(-EINVAL);
9727
9728 /* add other standalone attributes here */
9729 if (tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID] ||
9730 tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID]) {
9731 n_match_sets++;
9732 continue;
9733 }
9734 rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
9735 if (rssi)
9736 default_match_rssi = nla_get_s32(rssi);
9737 }
9738 }
9739
9740 /* However, if there's no other matchset, add the RSSI one */
9741 if (!n_match_sets && default_match_rssi != NL80211_SCAN_RSSI_THOLD_OFF)
9742 n_match_sets = 1;
9743
9744 if (n_match_sets > max_match_sets)
9745 return ERR_PTR(-EINVAL);
9746
9747 if (attrs[NL80211_ATTR_IE])
9748 ie_len = nla_len(attrs[NL80211_ATTR_IE]);
9749 else
9750 ie_len = 0;
9751
9752 if (ie_len > wiphy->max_sched_scan_ie_len)
9753 return ERR_PTR(-EINVAL);
9754
9755 if (attrs[NL80211_ATTR_SCHED_SCAN_PLANS]) {
9756 /*
9757 * NL80211_ATTR_SCHED_SCAN_INTERVAL must not be specified since
9758 * each scan plan already specifies its own interval
9759 */
9760 if (attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
9761 return ERR_PTR(-EINVAL);
9762
9763 nla_for_each_nested(attr,
9764 attrs[NL80211_ATTR_SCHED_SCAN_PLANS], tmp)
9765 n_plans++;
9766 } else {
9767 /*
9768 * The scan interval attribute is kept for backward
9769 * compatibility. If no scan plans are specified and sched scan
9770 * interval is specified, one scan plan will be set with this
9771 * scan interval and infinite number of iterations.
9772 */
9773 if (!attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
9774 return ERR_PTR(-EINVAL);
9775
9776 n_plans = 1;
9777 }
9778
9779 if (!n_plans || n_plans > wiphy->max_sched_scan_plans)
9780 return ERR_PTR(-EINVAL);
9781
9782 if (!wiphy_ext_feature_isset(
9783 wiphy, NL80211_EXT_FEATURE_SCHED_SCAN_RELATIVE_RSSI) &&
9784 (attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI] ||
9785 attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]))
9786 return ERR_PTR(-EINVAL);
9787
9788 size = struct_size(request, channels, n_channels);
9789 size = size_add(size, array_size(sizeof(*request->ssids), n_ssids));
9790 size = size_add(size, array_size(sizeof(*request->match_sets),
9791 n_match_sets));
9792 size = size_add(size, array_size(sizeof(*request->scan_plans),
9793 n_plans));
9794 size = size_add(size, ie_len);
9795 request = kzalloc(size, GFP_KERNEL);
9796 if (!request)
9797 return ERR_PTR(-ENOMEM);
9798 request->n_channels = n_channels;
9799
9800 if (n_ssids)
9801 request->ssids = (void *)request +
9802 struct_size(request, channels, n_channels);
9803 request->n_ssids = n_ssids;
9804 if (ie_len) {
9805 if (n_ssids)
9806 request->ie = (void *)(request->ssids + n_ssids);
9807 else
9808 request->ie = (void *)(request->channels + n_channels);
9809 }
9810
9811 if (n_match_sets) {
9812 if (request->ie)
9813 request->match_sets = (void *)(request->ie + ie_len);
9814 else if (n_ssids)
9815 request->match_sets =
9816 (void *)(request->ssids + n_ssids);
9817 else
9818 request->match_sets =
9819 (void *)(request->channels + n_channels);
9820 }
9821 request->n_match_sets = n_match_sets;
9822
9823 if (n_match_sets)
9824 request->scan_plans = (void *)(request->match_sets +
9825 n_match_sets);
9826 else if (request->ie)
9827 request->scan_plans = (void *)(request->ie + ie_len);
9828 else if (n_ssids)
9829 request->scan_plans = (void *)(request->ssids + n_ssids);
9830 else
9831 request->scan_plans = (void *)(request->channels + n_channels);
9832
9833 request->n_scan_plans = n_plans;
9834
9835 i = 0;
9836 if (attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
9837 /* user specified, bail out if channel not found */
9838 nla_for_each_nested(attr,
9839 attrs[NL80211_ATTR_SCAN_FREQUENCIES],
9840 tmp) {
9841 struct ieee80211_channel *chan;
9842
9843 chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
9844
9845 if (!chan) {
9846 err = -EINVAL;
9847 goto out_free;
9848 }
9849
9850 /* ignore disabled channels */
9851 if (chan->flags & IEEE80211_CHAN_DISABLED)
9852 continue;
9853
9854 request->channels[i] = chan;
9855 i++;
9856 }
9857 } else {
9858 /* all channels */
9859 for (band = 0; band < NUM_NL80211_BANDS; band++) {
9860 int j;
9861
9862 if (!wiphy->bands[band])
9863 continue;
9864 for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
9865 struct ieee80211_channel *chan;
9866
9867 chan = &wiphy->bands[band]->channels[j];
9868
9869 if (chan->flags & IEEE80211_CHAN_DISABLED)
9870 continue;
9871
9872 request->channels[i] = chan;
9873 i++;
9874 }
9875 }
9876 }
9877
9878 if (!i) {
9879 err = -EINVAL;
9880 goto out_free;
9881 }
9882
9883 request->n_channels = i;
9884
9885 i = 0;
9886 if (n_ssids) {
9887 nla_for_each_nested(attr, attrs[NL80211_ATTR_SCAN_SSIDS],
9888 tmp) {
9889 if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
9890 err = -EINVAL;
9891 goto out_free;
9892 }
9893 request->ssids[i].ssid_len = nla_len(attr);
9894 memcpy(request->ssids[i].ssid, nla_data(attr),
9895 nla_len(attr));
9896 i++;
9897 }
9898 }
9899
9900 i = 0;
9901 if (attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
9902 nla_for_each_nested(attr,
9903 attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
9904 tmp) {
9905 struct nlattr *ssid, *bssid, *rssi;
9906
9907 err = nla_parse_nested_deprecated(tb,
9908 NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
9909 attr,
9910 nl80211_match_policy,
9911 NULL);
9912 if (err)
9913 goto out_free;
9914 ssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID];
9915 bssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID];
9916
9917 if (!ssid && !bssid) {
9918 i++;
9919 continue;
9920 }
9921
9922 if (WARN_ON(i >= n_match_sets)) {
9923 /* this indicates a programming error,
9924 * the loop above should have verified
9925 * things properly
9926 */
9927 err = -EINVAL;
9928 goto out_free;
9929 }
9930
9931 if (ssid) {
9932 memcpy(request->match_sets[i].ssid.ssid,
9933 nla_data(ssid), nla_len(ssid));
9934 request->match_sets[i].ssid.ssid_len =
9935 nla_len(ssid);
9936 }
9937 if (bssid)
9938 memcpy(request->match_sets[i].bssid,
9939 nla_data(bssid), ETH_ALEN);
9940
9941 /* special attribute - old implementation w/a */
9942 request->match_sets[i].rssi_thold = default_match_rssi;
9943 rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
9944 if (rssi)
9945 request->match_sets[i].rssi_thold =
9946 nla_get_s32(rssi);
9947 i++;
9948 }
9949
9950 /* there was no other matchset, so the RSSI one is alone */
9951 if (i == 0 && n_match_sets)
9952 request->match_sets[0].rssi_thold = default_match_rssi;
9953
9954 request->min_rssi_thold = INT_MAX;
9955 for (i = 0; i < n_match_sets; i++)
9956 request->min_rssi_thold =
9957 min(request->match_sets[i].rssi_thold,
9958 request->min_rssi_thold);
9959 } else {
9960 request->min_rssi_thold = NL80211_SCAN_RSSI_THOLD_OFF;
9961 }
9962
9963 if (ie_len) {
9964 request->ie_len = ie_len;
9965 memcpy((void *)request->ie,
9966 nla_data(attrs[NL80211_ATTR_IE]),
9967 request->ie_len);
9968 }
9969
9970 err = nl80211_check_scan_flags(wiphy, wdev, request, attrs, true);
9971 if (err)
9972 goto out_free;
9973
9974 if (attrs[NL80211_ATTR_SCHED_SCAN_DELAY])
9975 request->delay =
9976 nla_get_u32(attrs[NL80211_ATTR_SCHED_SCAN_DELAY]);
9977
9978 if (attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI]) {
9979 request->relative_rssi = nla_get_s8(
9980 attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI]);
9981 request->relative_rssi_set = true;
9982 }
9983
9984 if (request->relative_rssi_set &&
9985 attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]) {
9986 struct nl80211_bss_select_rssi_adjust *rssi_adjust;
9987
9988 rssi_adjust = nla_data(
9989 attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]);
9990 request->rssi_adjust.band = rssi_adjust->band;
9991 request->rssi_adjust.delta = rssi_adjust->delta;
9992 if (!is_band_valid(wiphy, request->rssi_adjust.band)) {
9993 err = -EINVAL;
9994 goto out_free;
9995 }
9996 }
9997
9998 err = nl80211_parse_sched_scan_plans(wiphy, n_plans, request, attrs);
9999 if (err)
10000 goto out_free;
10001
10002 request->scan_start = jiffies;
10003
10004 return request;
10005
10006 out_free:
10007 kfree(request);
10008 return ERR_PTR(err);
10009 }
10010
10011 static int nl80211_start_sched_scan(struct sk_buff *skb,
10012 struct genl_info *info)
10013 {
10014 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10015 struct net_device *dev = info->user_ptr[1];
10016 struct wireless_dev *wdev = dev->ieee80211_ptr;
10017 struct cfg80211_sched_scan_request *sched_scan_req;
10018 bool want_multi;
10019 int err;
10020
10021 if (!rdev->wiphy.max_sched_scan_reqs || !rdev->ops->sched_scan_start)
10022 return -EOPNOTSUPP;
10023
10024 want_multi = info->attrs[NL80211_ATTR_SCHED_SCAN_MULTI];
10025 err = cfg80211_sched_scan_req_possible(rdev, want_multi);
10026 if (err)
10027 return err;
10028
10029 sched_scan_req = nl80211_parse_sched_scan(&rdev->wiphy, wdev,
10030 info->attrs,
10031 rdev->wiphy.max_match_sets);
10032
10033 err = PTR_ERR_OR_ZERO(sched_scan_req);
10034 if (err)
10035 goto out_err;
10036
10037 /* leave request id zero for legacy request
10038 * or if driver does not support multi-scheduled scan
10039 */
10040 if (want_multi && rdev->wiphy.max_sched_scan_reqs > 1)
10041 sched_scan_req->reqid = cfg80211_assign_cookie(rdev);
10042
10043 err = rdev_sched_scan_start(rdev, dev, sched_scan_req);
10044 if (err)
10045 goto out_free;
10046
10047 sched_scan_req->dev = dev;
10048 sched_scan_req->wiphy = &rdev->wiphy;
10049
10050 if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
10051 sched_scan_req->owner_nlportid = info->snd_portid;
10052
10053 cfg80211_add_sched_scan_req(rdev, sched_scan_req);
10054
10055 nl80211_send_sched_scan(sched_scan_req, NL80211_CMD_START_SCHED_SCAN);
10056 return 0;
10057
10058 out_free:
10059 kfree(sched_scan_req);
10060 out_err:
10061 return err;
10062 }
10063
10064 static int nl80211_stop_sched_scan(struct sk_buff *skb,
10065 struct genl_info *info)
10066 {
10067 struct cfg80211_sched_scan_request *req;
10068 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10069 u64 cookie;
10070
10071 if (!rdev->wiphy.max_sched_scan_reqs || !rdev->ops->sched_scan_stop)
10072 return -EOPNOTSUPP;
10073
10074 if (info->attrs[NL80211_ATTR_COOKIE]) {
10075 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
10076 return __cfg80211_stop_sched_scan(rdev, cookie, false);
10077 }
10078
10079 req = list_first_or_null_rcu(&rdev->sched_scan_req_list,
10080 struct cfg80211_sched_scan_request,
10081 list);
10082 if (!req || req->reqid ||
10083 (req->owner_nlportid &&
10084 req->owner_nlportid != info->snd_portid))
10085 return -ENOENT;
10086
10087 return cfg80211_stop_sched_scan_req(rdev, req, false);
10088 }
10089
10090 static int nl80211_start_radar_detection(struct sk_buff *skb,
10091 struct genl_info *info)
10092 {
10093 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10094 struct net_device *dev = info->user_ptr[1];
10095 struct wireless_dev *wdev = dev->ieee80211_ptr;
10096 int link_id = nl80211_link_id(info->attrs);
10097 struct wiphy *wiphy = wdev->wiphy;
10098 struct cfg80211_chan_def chandef;
10099 enum nl80211_dfs_regions dfs_region;
10100 unsigned int cac_time_ms;
10101 int err = -EINVAL;
10102
10103 flush_delayed_work(&rdev->dfs_update_channels_wk);
10104
10105 switch (wdev->iftype) {
10106 case NL80211_IFTYPE_AP:
10107 case NL80211_IFTYPE_P2P_GO:
10108 case NL80211_IFTYPE_MESH_POINT:
10109 case NL80211_IFTYPE_ADHOC:
10110 break;
10111 default:
10112 /* caution - see cfg80211_beaconing_iface_active() below */
10113 return -EINVAL;
10114 }
10115
10116 wiphy_lock(wiphy);
10117
10118 dfs_region = reg_get_dfs_region(wiphy);
10119 if (dfs_region == NL80211_DFS_UNSET)
10120 goto unlock;
10121
10122 err = nl80211_parse_chandef(rdev, info, &chandef);
10123 if (err)
10124 goto unlock;
10125
10126 err = cfg80211_chandef_dfs_required(wiphy, &chandef, wdev->iftype);
10127 if (err < 0)
10128 goto unlock;
10129
10130 if (err == 0) {
10131 err = -EINVAL;
10132 goto unlock;
10133 }
10134
10135 if (!cfg80211_chandef_dfs_usable(wiphy, &chandef)) {
10136 err = -EINVAL;
10137 goto unlock;
10138 }
10139
10140 if (nla_get_flag(info->attrs[NL80211_ATTR_RADAR_BACKGROUND])) {
10141 err = cfg80211_start_background_radar_detection(rdev, wdev,
10142 &chandef);
10143 goto unlock;
10144 }
10145
10146 if (cfg80211_beaconing_iface_active(wdev)) {
10147 /* During MLO other link(s) can beacon, only the current link
10148 * can not already beacon
10149 */
10150 if (wdev->valid_links &&
10151 !wdev->links[link_id].ap.beacon_interval) {
10152 /* nothing */
10153 } else {
10154 err = -EBUSY;
10155 goto unlock;
10156 }
10157 }
10158
10159 if (wdev->links[link_id].cac_started) {
10160 err = -EBUSY;
10161 goto unlock;
10162 }
10163
10164 /* CAC start is offloaded to HW and can't be started manually */
10165 if (wiphy_ext_feature_isset(wiphy, NL80211_EXT_FEATURE_DFS_OFFLOAD)) {
10166 err = -EOPNOTSUPP;
10167 goto unlock;
10168 }
10169
10170 if (!rdev->ops->start_radar_detection) {
10171 err = -EOPNOTSUPP;
10172 goto unlock;
10173 }
10174
10175 cac_time_ms = cfg80211_chandef_dfs_cac_time(&rdev->wiphy, &chandef);
10176 if (WARN_ON(!cac_time_ms))
10177 cac_time_ms = IEEE80211_DFS_MIN_CAC_TIME_MS;
10178
10179 err = rdev_start_radar_detection(rdev, dev, &chandef, cac_time_ms,
10180 link_id);
10181 if (!err) {
10182 switch (wdev->iftype) {
10183 case NL80211_IFTYPE_AP:
10184 case NL80211_IFTYPE_P2P_GO:
10185 wdev->links[0].ap.chandef = chandef;
10186 break;
10187 case NL80211_IFTYPE_ADHOC:
10188 wdev->u.ibss.chandef = chandef;
10189 break;
10190 case NL80211_IFTYPE_MESH_POINT:
10191 wdev->u.mesh.chandef = chandef;
10192 break;
10193 default:
10194 break;
10195 }
10196 wdev->links[link_id].cac_started = true;
10197 wdev->links[link_id].cac_start_time = jiffies;
10198 wdev->links[link_id].cac_time_ms = cac_time_ms;
10199 }
10200 unlock:
10201 wiphy_unlock(wiphy);
10202
10203 return err;
10204 }
10205
10206 static int nl80211_notify_radar_detection(struct sk_buff *skb,
10207 struct genl_info *info)
10208 {
10209 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10210 struct net_device *dev = info->user_ptr[1];
10211 struct wireless_dev *wdev = dev->ieee80211_ptr;
10212 struct wiphy *wiphy = wdev->wiphy;
10213 struct cfg80211_chan_def chandef;
10214 enum nl80211_dfs_regions dfs_region;
10215 int err;
10216
10217 dfs_region = reg_get_dfs_region(wiphy);
10218 if (dfs_region == NL80211_DFS_UNSET) {
10219 GENL_SET_ERR_MSG(info,
10220 "DFS Region is not set. Unexpected Radar indication");
10221 return -EINVAL;
10222 }
10223
10224 err = nl80211_parse_chandef(rdev, info, &chandef);
10225 if (err) {
10226 GENL_SET_ERR_MSG(info, "Unable to extract chandef info");
10227 return err;
10228 }
10229
10230 err = cfg80211_chandef_dfs_required(wiphy, &chandef, wdev->iftype);
10231 if (err < 0) {
10232 GENL_SET_ERR_MSG(info, "chandef is invalid");
10233 return err;
10234 }
10235
10236 if (err == 0) {
10237 GENL_SET_ERR_MSG(info,
10238 "Unexpected Radar indication for chandef/iftype");
10239 return -EINVAL;
10240 }
10241
10242 /* Do not process this notification if radar is already detected
10243 * by kernel on this channel, and return success.
10244 */
10245 if (chandef.chan->dfs_state == NL80211_DFS_UNAVAILABLE)
10246 return 0;
10247
10248 cfg80211_set_dfs_state(wiphy, &chandef, NL80211_DFS_UNAVAILABLE);
10249
10250 cfg80211_sched_dfs_chan_update(rdev);
10251
10252 rdev->radar_chandef = chandef;
10253
10254 /* Propagate this notification to other radios as well */
10255 queue_work(cfg80211_wq, &rdev->propagate_radar_detect_wk);
10256
10257 return 0;
10258 }
10259
10260 static int nl80211_parse_counter_offsets(struct cfg80211_registered_device *rdev,
10261 const u8 *data, size_t datalen,
10262 int first_count, struct nlattr *attr,
10263 const u16 **offsets, unsigned int *n_offsets)
10264 {
10265 int i;
10266
10267 *n_offsets = 0;
10268
10269 if (!attr)
10270 return 0;
10271
10272 if (!nla_len(attr) || (nla_len(attr) % sizeof(u16)))
10273 return -EINVAL;
10274
10275 *n_offsets = nla_len(attr) / sizeof(u16);
10276 if (rdev->wiphy.max_num_csa_counters &&
10277 (*n_offsets > rdev->wiphy.max_num_csa_counters))
10278 return -EINVAL;
10279
10280 *offsets = nla_data(attr);
10281
10282 /* sanity checks - counters should fit and be the same */
10283 for (i = 0; i < *n_offsets; i++) {
10284 u16 offset = (*offsets)[i];
10285
10286 if (offset >= datalen)
10287 return -EINVAL;
10288
10289 if (first_count != -1 && data[offset] != first_count)
10290 return -EINVAL;
10291 }
10292
10293 return 0;
10294 }
10295
10296 static int nl80211_channel_switch(struct sk_buff *skb, struct genl_info *info)
10297 {
10298 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10299 unsigned int link_id = nl80211_link_id(info->attrs);
10300 struct net_device *dev = info->user_ptr[1];
10301 struct wireless_dev *wdev = dev->ieee80211_ptr;
10302 struct cfg80211_csa_settings params;
10303 struct nlattr **csa_attrs = NULL;
10304 int err;
10305 bool need_new_beacon = false;
10306 bool need_handle_dfs_flag = true;
10307 u32 cs_count;
10308
10309 if (!rdev->ops->channel_switch ||
10310 !(rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH))
10311 return -EOPNOTSUPP;
10312
10313 switch (dev->ieee80211_ptr->iftype) {
10314 case NL80211_IFTYPE_AP:
10315 case NL80211_IFTYPE_P2P_GO:
10316 need_new_beacon = true;
10317 /* For all modes except AP the handle_dfs flag needs to be
10318 * supplied to tell the kernel that userspace will handle radar
10319 * events when they happen. Otherwise a switch to a channel
10320 * requiring DFS will be rejected.
10321 */
10322 need_handle_dfs_flag = false;
10323
10324 /* useless if AP is not running */
10325 if (!wdev->links[link_id].ap.beacon_interval)
10326 return -ENOTCONN;
10327 break;
10328 case NL80211_IFTYPE_ADHOC:
10329 if (!wdev->u.ibss.ssid_len)
10330 return -ENOTCONN;
10331 break;
10332 case NL80211_IFTYPE_MESH_POINT:
10333 if (!wdev->u.mesh.id_len)
10334 return -ENOTCONN;
10335 break;
10336 default:
10337 return -EOPNOTSUPP;
10338 }
10339
10340 memset(&params, 0, sizeof(params));
10341 params.beacon_csa.ftm_responder = -1;
10342
10343 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
10344 !info->attrs[NL80211_ATTR_CH_SWITCH_COUNT])
10345 return -EINVAL;
10346
10347 /* only important for AP, IBSS and mesh create IEs internally */
10348 if (need_new_beacon && !info->attrs[NL80211_ATTR_CSA_IES])
10349 return -EINVAL;
10350
10351 /* Even though the attribute is u32, the specification says
10352 * u8, so let's make sure we don't overflow.
10353 */
10354 cs_count = nla_get_u32(info->attrs[NL80211_ATTR_CH_SWITCH_COUNT]);
10355 if (cs_count > 255)
10356 return -EINVAL;
10357
10358 params.count = cs_count;
10359
10360 if (!need_new_beacon)
10361 goto skip_beacons;
10362
10363 err = nl80211_parse_beacon(rdev, info->attrs, &params.beacon_after,
10364 info->extack);
10365 if (err)
10366 goto free;
10367
10368 csa_attrs = kcalloc(NL80211_ATTR_MAX + 1, sizeof(*csa_attrs),
10369 GFP_KERNEL);
10370 if (!csa_attrs) {
10371 err = -ENOMEM;
10372 goto free;
10373 }
10374
10375 err = nla_parse_nested_deprecated(csa_attrs, NL80211_ATTR_MAX,
10376 info->attrs[NL80211_ATTR_CSA_IES],
10377 nl80211_policy, info->extack);
10378 if (err)
10379 goto free;
10380
10381 err = nl80211_parse_beacon(rdev, csa_attrs, &params.beacon_csa,
10382 info->extack);
10383 if (err)
10384 goto free;
10385
10386 if (!csa_attrs[NL80211_ATTR_CNTDWN_OFFS_BEACON]) {
10387 err = -EINVAL;
10388 goto free;
10389 }
10390
10391 err = nl80211_parse_counter_offsets(rdev, params.beacon_csa.tail,
10392 params.beacon_csa.tail_len,
10393 params.count,
10394 csa_attrs[NL80211_ATTR_CNTDWN_OFFS_BEACON],
10395 &params.counter_offsets_beacon,
10396 &params.n_counter_offsets_beacon);
10397 if (err)
10398 goto free;
10399
10400 err = nl80211_parse_counter_offsets(rdev, params.beacon_csa.probe_resp,
10401 params.beacon_csa.probe_resp_len,
10402 params.count,
10403 csa_attrs[NL80211_ATTR_CNTDWN_OFFS_PRESP],
10404 &params.counter_offsets_presp,
10405 &params.n_counter_offsets_presp);
10406 if (err)
10407 goto free;
10408
10409 skip_beacons:
10410 err = nl80211_parse_chandef(rdev, info, &params.chandef);
10411 if (err)
10412 goto free;
10413
10414 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &params.chandef,
10415 wdev->iftype)) {
10416 err = -EINVAL;
10417 goto free;
10418 }
10419
10420 err = cfg80211_chandef_dfs_required(wdev->wiphy,
10421 &params.chandef,
10422 wdev->iftype);
10423 if (err < 0)
10424 goto free;
10425
10426 if (err > 0) {
10427 params.radar_required = true;
10428 if (need_handle_dfs_flag &&
10429 !nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS])) {
10430 err = -EINVAL;
10431 goto free;
10432 }
10433 }
10434
10435 if (info->attrs[NL80211_ATTR_CH_SWITCH_BLOCK_TX])
10436 params.block_tx = true;
10437
10438 params.link_id = link_id;
10439 err = rdev_channel_switch(rdev, dev, &params);
10440
10441 free:
10442 kfree(params.beacon_after.mbssid_ies);
10443 kfree(params.beacon_csa.mbssid_ies);
10444 kfree(params.beacon_after.rnr_ies);
10445 kfree(params.beacon_csa.rnr_ies);
10446 kfree(csa_attrs);
10447 return err;
10448 }
10449
10450 static int nl80211_send_bss(struct sk_buff *msg, struct netlink_callback *cb,
10451 u32 seq, int flags,
10452 struct cfg80211_registered_device *rdev,
10453 struct wireless_dev *wdev,
10454 struct cfg80211_internal_bss *intbss)
10455 {
10456 struct cfg80211_bss *res = &intbss->pub;
10457 const struct cfg80211_bss_ies *ies;
10458 unsigned int link_id;
10459 void *hdr;
10460 struct nlattr *bss;
10461
10462 lockdep_assert_wiphy(wdev->wiphy);
10463
10464 hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags,
10465 NL80211_CMD_NEW_SCAN_RESULTS);
10466 if (!hdr)
10467 return -1;
10468
10469 genl_dump_check_consistent(cb, hdr);
10470
10471 if (nla_put_u32(msg, NL80211_ATTR_GENERATION, rdev->bss_generation))
10472 goto nla_put_failure;
10473 if (wdev->netdev &&
10474 nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex))
10475 goto nla_put_failure;
10476 if (nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
10477 NL80211_ATTR_PAD))
10478 goto nla_put_failure;
10479
10480 bss = nla_nest_start_noflag(msg, NL80211_ATTR_BSS);
10481 if (!bss)
10482 goto nla_put_failure;
10483 if ((!is_zero_ether_addr(res->bssid) &&
10484 nla_put(msg, NL80211_BSS_BSSID, ETH_ALEN, res->bssid)))
10485 goto nla_put_failure;
10486
10487 rcu_read_lock();
10488 /* indicate whether we have probe response data or not */
10489 if (rcu_access_pointer(res->proberesp_ies) &&
10490 nla_put_flag(msg, NL80211_BSS_PRESP_DATA))
10491 goto fail_unlock_rcu;
10492
10493 /* this pointer prefers to be pointed to probe response data
10494 * but is always valid
10495 */
10496 ies = rcu_dereference(res->ies);
10497 if (ies) {
10498 if (nla_put_u64_64bit(msg, NL80211_BSS_TSF, ies->tsf,
10499 NL80211_BSS_PAD))
10500 goto fail_unlock_rcu;
10501 if (ies->len && nla_put(msg, NL80211_BSS_INFORMATION_ELEMENTS,
10502 ies->len, ies->data))
10503 goto fail_unlock_rcu;
10504 }
10505
10506 /* and this pointer is always (unless driver didn't know) beacon data */
10507 ies = rcu_dereference(res->beacon_ies);
10508 if (ies && ies->from_beacon) {
10509 if (nla_put_u64_64bit(msg, NL80211_BSS_BEACON_TSF, ies->tsf,
10510 NL80211_BSS_PAD))
10511 goto fail_unlock_rcu;
10512 if (ies->len && nla_put(msg, NL80211_BSS_BEACON_IES,
10513 ies->len, ies->data))
10514 goto fail_unlock_rcu;
10515 }
10516 rcu_read_unlock();
10517
10518 if (res->beacon_interval &&
10519 nla_put_u16(msg, NL80211_BSS_BEACON_INTERVAL, res->beacon_interval))
10520 goto nla_put_failure;
10521 if (nla_put_u16(msg, NL80211_BSS_CAPABILITY, res->capability) ||
10522 nla_put_u32(msg, NL80211_BSS_FREQUENCY, res->channel->center_freq) ||
10523 nla_put_u32(msg, NL80211_BSS_FREQUENCY_OFFSET,
10524 res->channel->freq_offset) ||
10525 nla_put_u32(msg, NL80211_BSS_SEEN_MS_AGO,
10526 jiffies_to_msecs(jiffies - intbss->ts)))
10527 goto nla_put_failure;
10528
10529 if (intbss->parent_tsf &&
10530 (nla_put_u64_64bit(msg, NL80211_BSS_PARENT_TSF,
10531 intbss->parent_tsf, NL80211_BSS_PAD) ||
10532 nla_put(msg, NL80211_BSS_PARENT_BSSID, ETH_ALEN,
10533 intbss->parent_bssid)))
10534 goto nla_put_failure;
10535
10536 if (intbss->ts_boottime &&
10537 nla_put_u64_64bit(msg, NL80211_BSS_LAST_SEEN_BOOTTIME,
10538 intbss->ts_boottime, NL80211_BSS_PAD))
10539 goto nla_put_failure;
10540
10541 if (!nl80211_put_signal(msg, intbss->pub.chains,
10542 intbss->pub.chain_signal,
10543 NL80211_BSS_CHAIN_SIGNAL))
10544 goto nla_put_failure;
10545
10546 if (intbss->bss_source != BSS_SOURCE_STA_PROFILE) {
10547 switch (rdev->wiphy.signal_type) {
10548 case CFG80211_SIGNAL_TYPE_MBM:
10549 if (nla_put_u32(msg, NL80211_BSS_SIGNAL_MBM,
10550 res->signal))
10551 goto nla_put_failure;
10552 break;
10553 case CFG80211_SIGNAL_TYPE_UNSPEC:
10554 if (nla_put_u8(msg, NL80211_BSS_SIGNAL_UNSPEC,
10555 res->signal))
10556 goto nla_put_failure;
10557 break;
10558 default:
10559 break;
10560 }
10561 }
10562
10563 switch (wdev->iftype) {
10564 case NL80211_IFTYPE_P2P_CLIENT:
10565 case NL80211_IFTYPE_STATION:
10566 for_each_valid_link(wdev, link_id) {
10567 if (intbss == wdev->links[link_id].client.current_bss &&
10568 (nla_put_u32(msg, NL80211_BSS_STATUS,
10569 NL80211_BSS_STATUS_ASSOCIATED) ||
10570 (wdev->valid_links &&
10571 (nla_put_u8(msg, NL80211_BSS_MLO_LINK_ID,
10572 link_id) ||
10573 nla_put(msg, NL80211_BSS_MLD_ADDR, ETH_ALEN,
10574 wdev->u.client.connected_addr)))))
10575 goto nla_put_failure;
10576 }
10577 break;
10578 case NL80211_IFTYPE_ADHOC:
10579 if (intbss == wdev->u.ibss.current_bss &&
10580 nla_put_u32(msg, NL80211_BSS_STATUS,
10581 NL80211_BSS_STATUS_IBSS_JOINED))
10582 goto nla_put_failure;
10583 break;
10584 default:
10585 break;
10586 }
10587
10588 if (nla_put_u32(msg, NL80211_BSS_USE_FOR, res->use_for))
10589 goto nla_put_failure;
10590
10591 if (res->cannot_use_reasons &&
10592 nla_put_u64_64bit(msg, NL80211_BSS_CANNOT_USE_REASONS,
10593 res->cannot_use_reasons,
10594 NL80211_BSS_PAD))
10595 goto nla_put_failure;
10596
10597 nla_nest_end(msg, bss);
10598
10599 genlmsg_end(msg, hdr);
10600 return 0;
10601
10602 fail_unlock_rcu:
10603 rcu_read_unlock();
10604 nla_put_failure:
10605 genlmsg_cancel(msg, hdr);
10606 return -EMSGSIZE;
10607 }
10608
10609 static int nl80211_dump_scan(struct sk_buff *skb, struct netlink_callback *cb)
10610 {
10611 struct cfg80211_registered_device *rdev;
10612 struct cfg80211_internal_bss *scan;
10613 struct wireless_dev *wdev;
10614 struct nlattr **attrbuf;
10615 int start = cb->args[2], idx = 0;
10616 bool dump_include_use_data;
10617 int err;
10618
10619 attrbuf = kcalloc(NUM_NL80211_ATTR, sizeof(*attrbuf), GFP_KERNEL);
10620 if (!attrbuf)
10621 return -ENOMEM;
10622
10623 err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev, attrbuf);
10624 if (err) {
10625 kfree(attrbuf);
10626 return err;
10627 }
10628 /* nl80211_prepare_wdev_dump acquired it in the successful case */
10629 __acquire(&rdev->wiphy.mtx);
10630
10631 dump_include_use_data =
10632 attrbuf[NL80211_ATTR_BSS_DUMP_INCLUDE_USE_DATA];
10633 kfree(attrbuf);
10634
10635 spin_lock_bh(&rdev->bss_lock);
10636
10637 /*
10638 * dump_scan will be called multiple times to break up the scan results
10639 * into multiple messages. It is unlikely that any more bss-es will be
10640 * expired after the first call, so only call only call this on the
10641 * first dump_scan invocation.
10642 */
10643 if (start == 0)
10644 cfg80211_bss_expire(rdev);
10645
10646 cb->seq = rdev->bss_generation;
10647
10648 list_for_each_entry(scan, &rdev->bss_list, list) {
10649 if (++idx <= start)
10650 continue;
10651 if (!dump_include_use_data &&
10652 !(scan->pub.use_for & NL80211_BSS_USE_FOR_NORMAL))
10653 continue;
10654 if (nl80211_send_bss(skb, cb,
10655 cb->nlh->nlmsg_seq, NLM_F_MULTI,
10656 rdev, wdev, scan) < 0) {
10657 idx--;
10658 break;
10659 }
10660 }
10661
10662 spin_unlock_bh(&rdev->bss_lock);
10663
10664 cb->args[2] = idx;
10665 wiphy_unlock(&rdev->wiphy);
10666
10667 return skb->len;
10668 }
10669
10670 static int nl80211_send_survey(struct sk_buff *msg, u32 portid, u32 seq,
10671 int flags, struct net_device *dev,
10672 bool allow_radio_stats,
10673 struct survey_info *survey)
10674 {
10675 void *hdr;
10676 struct nlattr *infoattr;
10677
10678 /* skip radio stats if userspace didn't request them */
10679 if (!survey->channel && !allow_radio_stats)
10680 return 0;
10681
10682 hdr = nl80211hdr_put(msg, portid, seq, flags,
10683 NL80211_CMD_NEW_SURVEY_RESULTS);
10684 if (!hdr)
10685 return -ENOMEM;
10686
10687 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
10688 goto nla_put_failure;
10689
10690 infoattr = nla_nest_start_noflag(msg, NL80211_ATTR_SURVEY_INFO);
10691 if (!infoattr)
10692 goto nla_put_failure;
10693
10694 if (survey->channel &&
10695 nla_put_u32(msg, NL80211_SURVEY_INFO_FREQUENCY,
10696 survey->channel->center_freq))
10697 goto nla_put_failure;
10698
10699 if (survey->channel && survey->channel->freq_offset &&
10700 nla_put_u32(msg, NL80211_SURVEY_INFO_FREQUENCY_OFFSET,
10701 survey->channel->freq_offset))
10702 goto nla_put_failure;
10703
10704 if ((survey->filled & SURVEY_INFO_NOISE_DBM) &&
10705 nla_put_u8(msg, NL80211_SURVEY_INFO_NOISE, survey->noise))
10706 goto nla_put_failure;
10707 if ((survey->filled & SURVEY_INFO_IN_USE) &&
10708 nla_put_flag(msg, NL80211_SURVEY_INFO_IN_USE))
10709 goto nla_put_failure;
10710 if ((survey->filled & SURVEY_INFO_TIME) &&
10711 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME,
10712 survey->time, NL80211_SURVEY_INFO_PAD))
10713 goto nla_put_failure;
10714 if ((survey->filled & SURVEY_INFO_TIME_BUSY) &&
10715 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_BUSY,
10716 survey->time_busy, NL80211_SURVEY_INFO_PAD))
10717 goto nla_put_failure;
10718 if ((survey->filled & SURVEY_INFO_TIME_EXT_BUSY) &&
10719 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_EXT_BUSY,
10720 survey->time_ext_busy, NL80211_SURVEY_INFO_PAD))
10721 goto nla_put_failure;
10722 if ((survey->filled & SURVEY_INFO_TIME_RX) &&
10723 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_RX,
10724 survey->time_rx, NL80211_SURVEY_INFO_PAD))
10725 goto nla_put_failure;
10726 if ((survey->filled & SURVEY_INFO_TIME_TX) &&
10727 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_TX,
10728 survey->time_tx, NL80211_SURVEY_INFO_PAD))
10729 goto nla_put_failure;
10730 if ((survey->filled & SURVEY_INFO_TIME_SCAN) &&
10731 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_SCAN,
10732 survey->time_scan, NL80211_SURVEY_INFO_PAD))
10733 goto nla_put_failure;
10734 if ((survey->filled & SURVEY_INFO_TIME_BSS_RX) &&
10735 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_BSS_RX,
10736 survey->time_bss_rx, NL80211_SURVEY_INFO_PAD))
10737 goto nla_put_failure;
10738
10739 nla_nest_end(msg, infoattr);
10740
10741 genlmsg_end(msg, hdr);
10742 return 0;
10743
10744 nla_put_failure:
10745 genlmsg_cancel(msg, hdr);
10746 return -EMSGSIZE;
10747 }
10748
10749 static int nl80211_dump_survey(struct sk_buff *skb, struct netlink_callback *cb)
10750 {
10751 struct nlattr **attrbuf;
10752 struct survey_info survey;
10753 struct cfg80211_registered_device *rdev;
10754 struct wireless_dev *wdev;
10755 int survey_idx = cb->args[2];
10756 int res;
10757 bool radio_stats;
10758
10759 attrbuf = kcalloc(NUM_NL80211_ATTR, sizeof(*attrbuf), GFP_KERNEL);
10760 if (!attrbuf)
10761 return -ENOMEM;
10762
10763 res = nl80211_prepare_wdev_dump(cb, &rdev, &wdev, attrbuf);
10764 if (res) {
10765 kfree(attrbuf);
10766 return res;
10767 }
10768 /* nl80211_prepare_wdev_dump acquired it in the successful case */
10769 __acquire(&rdev->wiphy.mtx);
10770
10771 /* prepare_wdev_dump parsed the attributes */
10772 radio_stats = attrbuf[NL80211_ATTR_SURVEY_RADIO_STATS];
10773
10774 if (!wdev->netdev) {
10775 res = -EINVAL;
10776 goto out_err;
10777 }
10778
10779 if (!rdev->ops->dump_survey) {
10780 res = -EOPNOTSUPP;
10781 goto out_err;
10782 }
10783
10784 while (1) {
10785 res = rdev_dump_survey(rdev, wdev->netdev, survey_idx, &survey);
10786 if (res == -ENOENT)
10787 break;
10788 if (res)
10789 goto out_err;
10790
10791 /* don't send disabled channels, but do send non-channel data */
10792 if (survey.channel &&
10793 survey.channel->flags & IEEE80211_CHAN_DISABLED) {
10794 survey_idx++;
10795 continue;
10796 }
10797
10798 if (nl80211_send_survey(skb,
10799 NETLINK_CB(cb->skb).portid,
10800 cb->nlh->nlmsg_seq, NLM_F_MULTI,
10801 wdev->netdev, radio_stats, &survey) < 0)
10802 goto out;
10803 survey_idx++;
10804 }
10805
10806 out:
10807 cb->args[2] = survey_idx;
10808 res = skb->len;
10809 out_err:
10810 kfree(attrbuf);
10811 wiphy_unlock(&rdev->wiphy);
10812 return res;
10813 }
10814
10815 static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info)
10816 {
10817 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10818 struct net_device *dev = info->user_ptr[1];
10819 struct ieee80211_channel *chan;
10820 const u8 *bssid, *ssid;
10821 int err, ssid_len;
10822 enum nl80211_auth_type auth_type;
10823 struct key_parse key;
10824 bool local_state_change;
10825 struct cfg80211_auth_request req = {};
10826 u32 freq;
10827
10828 if (!info->attrs[NL80211_ATTR_MAC])
10829 return -EINVAL;
10830
10831 if (!info->attrs[NL80211_ATTR_AUTH_TYPE])
10832 return -EINVAL;
10833
10834 if (!info->attrs[NL80211_ATTR_SSID])
10835 return -EINVAL;
10836
10837 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
10838 return -EINVAL;
10839
10840 err = nl80211_parse_key(info, &key);
10841 if (err)
10842 return err;
10843
10844 if (key.idx >= 0) {
10845 if (key.type != -1 && key.type != NL80211_KEYTYPE_GROUP)
10846 return -EINVAL;
10847 if (!key.p.key || !key.p.key_len)
10848 return -EINVAL;
10849 if ((key.p.cipher != WLAN_CIPHER_SUITE_WEP40 ||
10850 key.p.key_len != WLAN_KEY_LEN_WEP40) &&
10851 (key.p.cipher != WLAN_CIPHER_SUITE_WEP104 ||
10852 key.p.key_len != WLAN_KEY_LEN_WEP104))
10853 return -EINVAL;
10854 if (key.idx > 3)
10855 return -EINVAL;
10856 } else {
10857 key.p.key_len = 0;
10858 key.p.key = NULL;
10859 }
10860
10861 if (key.idx >= 0) {
10862 int i;
10863 bool ok = false;
10864
10865 for (i = 0; i < rdev->wiphy.n_cipher_suites; i++) {
10866 if (key.p.cipher == rdev->wiphy.cipher_suites[i]) {
10867 ok = true;
10868 break;
10869 }
10870 }
10871 if (!ok)
10872 return -EINVAL;
10873 }
10874
10875 if (!rdev->ops->auth)
10876 return -EOPNOTSUPP;
10877
10878 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
10879 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
10880 return -EOPNOTSUPP;
10881
10882 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
10883 freq = MHZ_TO_KHZ(nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
10884 if (info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET])
10885 freq +=
10886 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET]);
10887
10888 chan = nl80211_get_valid_chan(&rdev->wiphy, freq);
10889 if (!chan)
10890 return -EINVAL;
10891
10892 ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
10893 ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
10894
10895 if (info->attrs[NL80211_ATTR_IE]) {
10896 req.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
10897 req.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
10898 }
10899
10900 auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
10901 if (!nl80211_valid_auth_type(rdev, auth_type, NL80211_CMD_AUTHENTICATE))
10902 return -EINVAL;
10903
10904 if ((auth_type == NL80211_AUTHTYPE_SAE ||
10905 auth_type == NL80211_AUTHTYPE_FILS_SK ||
10906 auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
10907 auth_type == NL80211_AUTHTYPE_FILS_PK) &&
10908 !info->attrs[NL80211_ATTR_AUTH_DATA])
10909 return -EINVAL;
10910
10911 if (info->attrs[NL80211_ATTR_AUTH_DATA]) {
10912 if (auth_type != NL80211_AUTHTYPE_SAE &&
10913 auth_type != NL80211_AUTHTYPE_FILS_SK &&
10914 auth_type != NL80211_AUTHTYPE_FILS_SK_PFS &&
10915 auth_type != NL80211_AUTHTYPE_FILS_PK)
10916 return -EINVAL;
10917 req.auth_data = nla_data(info->attrs[NL80211_ATTR_AUTH_DATA]);
10918 req.auth_data_len = nla_len(info->attrs[NL80211_ATTR_AUTH_DATA]);
10919 }
10920
10921 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
10922
10923 /*
10924 * Since we no longer track auth state, ignore
10925 * requests to only change local state.
10926 */
10927 if (local_state_change)
10928 return 0;
10929
10930 req.auth_type = auth_type;
10931 req.key = key.p.key;
10932 req.key_len = key.p.key_len;
10933 req.key_idx = key.idx;
10934 req.link_id = nl80211_link_id_or_invalid(info->attrs);
10935 if (req.link_id >= 0) {
10936 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_MLO))
10937 return -EINVAL;
10938 if (!info->attrs[NL80211_ATTR_MLD_ADDR])
10939 return -EINVAL;
10940 req.ap_mld_addr = nla_data(info->attrs[NL80211_ATTR_MLD_ADDR]);
10941 if (!is_valid_ether_addr(req.ap_mld_addr))
10942 return -EINVAL;
10943 }
10944
10945 req.bss = cfg80211_get_bss(&rdev->wiphy, chan, bssid, ssid, ssid_len,
10946 IEEE80211_BSS_TYPE_ESS,
10947 IEEE80211_PRIVACY_ANY);
10948 if (!req.bss)
10949 return -ENOENT;
10950
10951 err = cfg80211_mlme_auth(rdev, dev, &req);
10952
10953 cfg80211_put_bss(&rdev->wiphy, req.bss);
10954
10955 return err;
10956 }
10957
10958 static int validate_pae_over_nl80211(struct cfg80211_registered_device *rdev,
10959 struct genl_info *info)
10960 {
10961 if (!info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
10962 GENL_SET_ERR_MSG(info, "SOCKET_OWNER not set");
10963 return -EINVAL;
10964 }
10965
10966 if (!rdev->ops->tx_control_port ||
10967 !wiphy_ext_feature_isset(&rdev->wiphy,
10968 NL80211_EXT_FEATURE_CONTROL_PORT_OVER_NL80211))
10969 return -EOPNOTSUPP;
10970
10971 return 0;
10972 }
10973
10974 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
10975 struct genl_info *info,
10976 struct cfg80211_crypto_settings *settings,
10977 int cipher_limit)
10978 {
10979 memset(settings, 0, sizeof(*settings));
10980
10981 settings->control_port = info->attrs[NL80211_ATTR_CONTROL_PORT];
10982
10983 if (info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) {
10984 u16 proto;
10985
10986 proto = nla_get_u16(
10987 info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]);
10988 settings->control_port_ethertype = cpu_to_be16(proto);
10989 if (!(rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
10990 proto != ETH_P_PAE)
10991 return -EINVAL;
10992 if (info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT])
10993 settings->control_port_no_encrypt = true;
10994 } else
10995 settings->control_port_ethertype = cpu_to_be16(ETH_P_PAE);
10996
10997 if (info->attrs[NL80211_ATTR_CONTROL_PORT_OVER_NL80211]) {
10998 int r = validate_pae_over_nl80211(rdev, info);
10999
11000 if (r < 0)
11001 return r;
11002
11003 settings->control_port_over_nl80211 = true;
11004
11005 if (info->attrs[NL80211_ATTR_CONTROL_PORT_NO_PREAUTH])
11006 settings->control_port_no_preauth = true;
11007 }
11008
11009 if (info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]) {
11010 void *data;
11011 int len, i;
11012
11013 data = nla_data(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
11014 len = nla_len(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
11015 settings->n_ciphers_pairwise = len / sizeof(u32);
11016
11017 if (len % sizeof(u32))
11018 return -EINVAL;
11019
11020 if (settings->n_ciphers_pairwise > cipher_limit)
11021 return -EINVAL;
11022
11023 memcpy(settings->ciphers_pairwise, data, len);
11024
11025 for (i = 0; i < settings->n_ciphers_pairwise; i++)
11026 if (!cfg80211_supported_cipher_suite(
11027 &rdev->wiphy,
11028 settings->ciphers_pairwise[i]))
11029 return -EINVAL;
11030 }
11031
11032 if (info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]) {
11033 settings->cipher_group =
11034 nla_get_u32(info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]);
11035 if (!cfg80211_supported_cipher_suite(&rdev->wiphy,
11036 settings->cipher_group))
11037 return -EINVAL;
11038 }
11039
11040 if (info->attrs[NL80211_ATTR_WPA_VERSIONS])
11041 settings->wpa_versions =
11042 nla_get_u32(info->attrs[NL80211_ATTR_WPA_VERSIONS]);
11043
11044 if (info->attrs[NL80211_ATTR_AKM_SUITES]) {
11045 void *data;
11046 int len;
11047
11048 data = nla_data(info->attrs[NL80211_ATTR_AKM_SUITES]);
11049 len = nla_len(info->attrs[NL80211_ATTR_AKM_SUITES]);
11050 settings->n_akm_suites = len / sizeof(u32);
11051
11052 if (len % sizeof(u32))
11053 return -EINVAL;
11054
11055 if (settings->n_akm_suites > rdev->wiphy.max_num_akm_suites)
11056 return -EINVAL;
11057
11058 memcpy(settings->akm_suites, data, len);
11059 }
11060
11061 if (info->attrs[NL80211_ATTR_PMK]) {
11062 if (nla_len(info->attrs[NL80211_ATTR_PMK]) != WLAN_PMK_LEN)
11063 return -EINVAL;
11064 if (!wiphy_ext_feature_isset(&rdev->wiphy,
11065 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_PSK) &&
11066 !wiphy_ext_feature_isset(&rdev->wiphy,
11067 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_AP_PSK))
11068 return -EINVAL;
11069 settings->psk = nla_data(info->attrs[NL80211_ATTR_PMK]);
11070 }
11071
11072 if (info->attrs[NL80211_ATTR_SAE_PASSWORD]) {
11073 if (!wiphy_ext_feature_isset(&rdev->wiphy,
11074 NL80211_EXT_FEATURE_SAE_OFFLOAD) &&
11075 !wiphy_ext_feature_isset(&rdev->wiphy,
11076 NL80211_EXT_FEATURE_SAE_OFFLOAD_AP))
11077 return -EINVAL;
11078 settings->sae_pwd =
11079 nla_data(info->attrs[NL80211_ATTR_SAE_PASSWORD]);
11080 settings->sae_pwd_len =
11081 nla_len(info->attrs[NL80211_ATTR_SAE_PASSWORD]);
11082 }
11083
11084 settings->sae_pwe =
11085 nla_get_u8_default(info->attrs[NL80211_ATTR_SAE_PWE],
11086 NL80211_SAE_PWE_UNSPECIFIED);
11087
11088 return 0;
11089 }
11090
11091 static struct cfg80211_bss *nl80211_assoc_bss(struct cfg80211_registered_device *rdev,
11092 const u8 *ssid, int ssid_len,
11093 struct nlattr **attrs,
11094 int assoc_link_id, int link_id)
11095 {
11096 struct ieee80211_channel *chan;
11097 struct cfg80211_bss *bss;
11098 const u8 *bssid;
11099 u32 freq, use_for = 0;
11100
11101 if (!attrs[NL80211_ATTR_MAC] || !attrs[NL80211_ATTR_WIPHY_FREQ])
11102 return ERR_PTR(-EINVAL);
11103
11104 bssid = nla_data(attrs[NL80211_ATTR_MAC]);
11105
11106 freq = MHZ_TO_KHZ(nla_get_u32(attrs[NL80211_ATTR_WIPHY_FREQ]));
11107 if (attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET])
11108 freq += nla_get_u32(attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET]);
11109
11110 chan = nl80211_get_valid_chan(&rdev->wiphy, freq);
11111 if (!chan)
11112 return ERR_PTR(-EINVAL);
11113
11114 if (assoc_link_id >= 0)
11115 use_for = NL80211_BSS_USE_FOR_MLD_LINK;
11116 if (assoc_link_id == link_id)
11117 use_for |= NL80211_BSS_USE_FOR_NORMAL;
11118
11119 bss = __cfg80211_get_bss(&rdev->wiphy, chan, bssid,
11120 ssid, ssid_len,
11121 IEEE80211_BSS_TYPE_ESS,
11122 IEEE80211_PRIVACY_ANY,
11123 use_for);
11124 if (!bss)
11125 return ERR_PTR(-ENOENT);
11126
11127 return bss;
11128 }
11129
11130 static int nl80211_associate(struct sk_buff *skb, struct genl_info *info)
11131 {
11132 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11133 struct net_device *dev = info->user_ptr[1];
11134 struct cfg80211_assoc_request req = {};
11135 struct nlattr **attrs = NULL;
11136 const u8 *ap_addr, *ssid;
11137 unsigned int link_id;
11138 int err, ssid_len;
11139
11140 if (dev->ieee80211_ptr->conn_owner_nlportid &&
11141 dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
11142 return -EPERM;
11143
11144 if (!info->attrs[NL80211_ATTR_SSID])
11145 return -EINVAL;
11146
11147 if (!rdev->ops->assoc)
11148 return -EOPNOTSUPP;
11149
11150 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
11151 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
11152 return -EOPNOTSUPP;
11153
11154 ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
11155 ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
11156
11157 if (info->attrs[NL80211_ATTR_IE]) {
11158 req.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
11159 req.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
11160
11161 if (cfg80211_find_ext_elem(WLAN_EID_EXT_NON_INHERITANCE,
11162 req.ie, req.ie_len)) {
11163 NL_SET_ERR_MSG_ATTR(info->extack,
11164 info->attrs[NL80211_ATTR_IE],
11165 "non-inheritance makes no sense");
11166 return -EINVAL;
11167 }
11168 }
11169
11170 if (info->attrs[NL80211_ATTR_USE_MFP]) {
11171 enum nl80211_mfp mfp =
11172 nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
11173 if (mfp == NL80211_MFP_REQUIRED)
11174 req.use_mfp = true;
11175 else if (mfp != NL80211_MFP_NO)
11176 return -EINVAL;
11177 }
11178
11179 if (info->attrs[NL80211_ATTR_PREV_BSSID])
11180 req.prev_bssid = nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]);
11181
11182 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
11183 req.flags |= ASSOC_REQ_DISABLE_HT;
11184
11185 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
11186 memcpy(&req.ht_capa_mask,
11187 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
11188 sizeof(req.ht_capa_mask));
11189
11190 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
11191 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
11192 return -EINVAL;
11193 memcpy(&req.ht_capa,
11194 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
11195 sizeof(req.ht_capa));
11196 }
11197
11198 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT]))
11199 req.flags |= ASSOC_REQ_DISABLE_VHT;
11200
11201 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HE]))
11202 req.flags |= ASSOC_REQ_DISABLE_HE;
11203
11204 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_EHT]))
11205 req.flags |= ASSOC_REQ_DISABLE_EHT;
11206
11207 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
11208 memcpy(&req.vht_capa_mask,
11209 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]),
11210 sizeof(req.vht_capa_mask));
11211
11212 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {
11213 if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
11214 return -EINVAL;
11215 memcpy(&req.vht_capa,
11216 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]),
11217 sizeof(req.vht_capa));
11218 }
11219
11220 if (nla_get_flag(info->attrs[NL80211_ATTR_USE_RRM])) {
11221 if (!((rdev->wiphy.features &
11222 NL80211_FEATURE_DS_PARAM_SET_IE_IN_PROBES) &&
11223 (rdev->wiphy.features & NL80211_FEATURE_QUIET)) &&
11224 !wiphy_ext_feature_isset(&rdev->wiphy,
11225 NL80211_EXT_FEATURE_RRM))
11226 return -EINVAL;
11227 req.flags |= ASSOC_REQ_USE_RRM;
11228 }
11229
11230 if (info->attrs[NL80211_ATTR_FILS_KEK]) {
11231 req.fils_kek = nla_data(info->attrs[NL80211_ATTR_FILS_KEK]);
11232 req.fils_kek_len = nla_len(info->attrs[NL80211_ATTR_FILS_KEK]);
11233 if (!info->attrs[NL80211_ATTR_FILS_NONCES])
11234 return -EINVAL;
11235 req.fils_nonces =
11236 nla_data(info->attrs[NL80211_ATTR_FILS_NONCES]);
11237 }
11238
11239 if (info->attrs[NL80211_ATTR_S1G_CAPABILITY_MASK]) {
11240 if (!info->attrs[NL80211_ATTR_S1G_CAPABILITY])
11241 return -EINVAL;
11242 memcpy(&req.s1g_capa_mask,
11243 nla_data(info->attrs[NL80211_ATTR_S1G_CAPABILITY_MASK]),
11244 sizeof(req.s1g_capa_mask));
11245 }
11246
11247 if (info->attrs[NL80211_ATTR_S1G_CAPABILITY]) {
11248 if (!info->attrs[NL80211_ATTR_S1G_CAPABILITY_MASK])
11249 return -EINVAL;
11250 memcpy(&req.s1g_capa,
11251 nla_data(info->attrs[NL80211_ATTR_S1G_CAPABILITY]),
11252 sizeof(req.s1g_capa));
11253 }
11254
11255 if (nla_get_flag(info->attrs[NL80211_ATTR_ASSOC_SPP_AMSDU])) {
11256 if (!wiphy_ext_feature_isset(&rdev->wiphy,
11257 NL80211_EXT_FEATURE_SPP_AMSDU_SUPPORT)) {
11258 GENL_SET_ERR_MSG(info, "SPP A-MSDUs not supported");
11259 return -EINVAL;
11260 }
11261 req.flags |= ASSOC_REQ_SPP_AMSDU;
11262 }
11263
11264 req.link_id = nl80211_link_id_or_invalid(info->attrs);
11265
11266 if (info->attrs[NL80211_ATTR_MLO_LINKS]) {
11267 unsigned int attrsize = NUM_NL80211_ATTR * sizeof(*attrs);
11268 struct nlattr *link;
11269 int rem = 0;
11270
11271 if (req.link_id < 0)
11272 return -EINVAL;
11273
11274 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_MLO))
11275 return -EINVAL;
11276
11277 if (info->attrs[NL80211_ATTR_MAC] ||
11278 info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
11279 !info->attrs[NL80211_ATTR_MLD_ADDR])
11280 return -EINVAL;
11281
11282 req.ap_mld_addr = nla_data(info->attrs[NL80211_ATTR_MLD_ADDR]);
11283 ap_addr = req.ap_mld_addr;
11284
11285 attrs = kzalloc(attrsize, GFP_KERNEL);
11286 if (!attrs)
11287 return -ENOMEM;
11288
11289 nla_for_each_nested(link,
11290 info->attrs[NL80211_ATTR_MLO_LINKS],
11291 rem) {
11292 memset(attrs, 0, attrsize);
11293
11294 nla_parse_nested(attrs, NL80211_ATTR_MAX,
11295 link, NULL, NULL);
11296
11297 if (!attrs[NL80211_ATTR_MLO_LINK_ID]) {
11298 err = -EINVAL;
11299 NL_SET_BAD_ATTR(info->extack, link);
11300 goto free;
11301 }
11302
11303 link_id = nla_get_u8(attrs[NL80211_ATTR_MLO_LINK_ID]);
11304 /* cannot use the same link ID again */
11305 if (req.links[link_id].bss) {
11306 err = -EINVAL;
11307 NL_SET_BAD_ATTR(info->extack, link);
11308 goto free;
11309 }
11310 req.links[link_id].bss =
11311 nl80211_assoc_bss(rdev, ssid, ssid_len, attrs,
11312 req.link_id, link_id);
11313 if (IS_ERR(req.links[link_id].bss)) {
11314 err = PTR_ERR(req.links[link_id].bss);
11315 req.links[link_id].bss = NULL;
11316 NL_SET_ERR_MSG_ATTR(info->extack,
11317 link, "Error fetching BSS for link");
11318 goto free;
11319 }
11320
11321 if (attrs[NL80211_ATTR_IE]) {
11322 req.links[link_id].elems =
11323 nla_data(attrs[NL80211_ATTR_IE]);
11324 req.links[link_id].elems_len =
11325 nla_len(attrs[NL80211_ATTR_IE]);
11326
11327 if (cfg80211_find_elem(WLAN_EID_FRAGMENT,
11328 req.links[link_id].elems,
11329 req.links[link_id].elems_len)) {
11330 NL_SET_ERR_MSG_ATTR(info->extack,
11331 attrs[NL80211_ATTR_IE],
11332 "cannot deal with fragmentation");
11333 err = -EINVAL;
11334 goto free;
11335 }
11336
11337 if (cfg80211_find_ext_elem(WLAN_EID_EXT_NON_INHERITANCE,
11338 req.links[link_id].elems,
11339 req.links[link_id].elems_len)) {
11340 NL_SET_ERR_MSG_ATTR(info->extack,
11341 attrs[NL80211_ATTR_IE],
11342 "cannot deal with non-inheritance");
11343 err = -EINVAL;
11344 goto free;
11345 }
11346 }
11347
11348 req.links[link_id].disabled =
11349 nla_get_flag(attrs[NL80211_ATTR_MLO_LINK_DISABLED]);
11350 }
11351
11352 if (!req.links[req.link_id].bss) {
11353 err = -EINVAL;
11354 goto free;
11355 }
11356
11357 if (req.links[req.link_id].elems_len) {
11358 GENL_SET_ERR_MSG(info,
11359 "cannot have per-link elems on assoc link");
11360 err = -EINVAL;
11361 goto free;
11362 }
11363
11364 if (req.links[req.link_id].disabled) {
11365 GENL_SET_ERR_MSG(info,
11366 "cannot have assoc link disabled");
11367 err = -EINVAL;
11368 goto free;
11369 }
11370
11371 kfree(attrs);
11372 attrs = NULL;
11373 } else {
11374 if (req.link_id >= 0)
11375 return -EINVAL;
11376
11377 req.bss = nl80211_assoc_bss(rdev, ssid, ssid_len, info->attrs,
11378 -1, -1);
11379 if (IS_ERR(req.bss))
11380 return PTR_ERR(req.bss);
11381 ap_addr = req.bss->bssid;
11382 }
11383
11384 err = nl80211_crypto_settings(rdev, info, &req.crypto, 1);
11385 if (!err) {
11386 struct nlattr *link;
11387 int rem = 0;
11388
11389 err = cfg80211_mlme_assoc(rdev, dev, &req,
11390 info->extack);
11391
11392 if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
11393 dev->ieee80211_ptr->conn_owner_nlportid =
11394 info->snd_portid;
11395 memcpy(dev->ieee80211_ptr->disconnect_bssid,
11396 ap_addr, ETH_ALEN);
11397 }
11398
11399 /* Report error from first problematic link */
11400 if (info->attrs[NL80211_ATTR_MLO_LINKS]) {
11401 nla_for_each_nested(link,
11402 info->attrs[NL80211_ATTR_MLO_LINKS],
11403 rem) {
11404 struct nlattr *link_id_attr =
11405 nla_find_nested(link, NL80211_ATTR_MLO_LINK_ID);
11406
11407 if (!link_id_attr)
11408 continue;
11409
11410 link_id = nla_get_u8(link_id_attr);
11411
11412 if (link_id == req.link_id)
11413 continue;
11414
11415 if (!req.links[link_id].error ||
11416 WARN_ON(req.links[link_id].error > 0))
11417 continue;
11418
11419 WARN_ON(err >= 0);
11420
11421 NL_SET_BAD_ATTR(info->extack, link);
11422 err = req.links[link_id].error;
11423 break;
11424 }
11425 }
11426 }
11427
11428 free:
11429 for (link_id = 0; link_id < ARRAY_SIZE(req.links); link_id++)
11430 cfg80211_put_bss(&rdev->wiphy, req.links[link_id].bss);
11431 cfg80211_put_bss(&rdev->wiphy, req.bss);
11432 kfree(attrs);
11433
11434 return err;
11435 }
11436
11437 static int nl80211_deauthenticate(struct sk_buff *skb, struct genl_info *info)
11438 {
11439 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11440 struct net_device *dev = info->user_ptr[1];
11441 const u8 *ie = NULL, *bssid;
11442 int ie_len = 0;
11443 u16 reason_code;
11444 bool local_state_change;
11445
11446 if (dev->ieee80211_ptr->conn_owner_nlportid &&
11447 dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
11448 return -EPERM;
11449
11450 if (!info->attrs[NL80211_ATTR_MAC])
11451 return -EINVAL;
11452
11453 if (!info->attrs[NL80211_ATTR_REASON_CODE])
11454 return -EINVAL;
11455
11456 if (!rdev->ops->deauth)
11457 return -EOPNOTSUPP;
11458
11459 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
11460 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
11461 return -EOPNOTSUPP;
11462
11463 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
11464
11465 reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
11466 if (reason_code == 0) {
11467 /* Reason Code 0 is reserved */
11468 return -EINVAL;
11469 }
11470
11471 if (info->attrs[NL80211_ATTR_IE]) {
11472 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
11473 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
11474 }
11475
11476 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
11477
11478 return cfg80211_mlme_deauth(rdev, dev, bssid, ie, ie_len, reason_code,
11479 local_state_change);
11480 }
11481
11482 static int nl80211_disassociate(struct sk_buff *skb, struct genl_info *info)
11483 {
11484 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11485 struct net_device *dev = info->user_ptr[1];
11486 const u8 *ie = NULL, *bssid;
11487 int ie_len = 0;
11488 u16 reason_code;
11489 bool local_state_change;
11490
11491 if (dev->ieee80211_ptr->conn_owner_nlportid &&
11492 dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
11493 return -EPERM;
11494
11495 if (!info->attrs[NL80211_ATTR_MAC])
11496 return -EINVAL;
11497
11498 if (!info->attrs[NL80211_ATTR_REASON_CODE])
11499 return -EINVAL;
11500
11501 if (!rdev->ops->disassoc)
11502 return -EOPNOTSUPP;
11503
11504 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
11505 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
11506 return -EOPNOTSUPP;
11507
11508 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
11509
11510 reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
11511 if (reason_code == 0) {
11512 /* Reason Code 0 is reserved */
11513 return -EINVAL;
11514 }
11515
11516 if (info->attrs[NL80211_ATTR_IE]) {
11517 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
11518 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
11519 }
11520
11521 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
11522
11523 return cfg80211_mlme_disassoc(rdev, dev, bssid, ie, ie_len, reason_code,
11524 local_state_change);
11525 }
11526
11527 static bool
11528 nl80211_parse_mcast_rate(struct cfg80211_registered_device *rdev,
11529 int mcast_rate[NUM_NL80211_BANDS],
11530 int rateval)
11531 {
11532 struct wiphy *wiphy = &rdev->wiphy;
11533 bool found = false;
11534 int band, i;
11535
11536 for (band = 0; band < NUM_NL80211_BANDS; band++) {
11537 struct ieee80211_supported_band *sband;
11538
11539 sband = wiphy->bands[band];
11540 if (!sband)
11541 continue;
11542
11543 for (i = 0; i < sband->n_bitrates; i++) {
11544 if (sband->bitrates[i].bitrate == rateval) {
11545 mcast_rate[band] = i + 1;
11546 found = true;
11547 break;
11548 }
11549 }
11550 }
11551
11552 return found;
11553 }
11554
11555 static int nl80211_join_ibss(struct sk_buff *skb, struct genl_info *info)
11556 {
11557 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11558 struct net_device *dev = info->user_ptr[1];
11559 struct cfg80211_ibss_params ibss;
11560 struct wiphy *wiphy;
11561 struct cfg80211_cached_keys *connkeys = NULL;
11562 int err;
11563
11564 memset(&ibss, 0, sizeof(ibss));
11565
11566 if (!info->attrs[NL80211_ATTR_SSID] ||
11567 !nla_len(info->attrs[NL80211_ATTR_SSID]))
11568 return -EINVAL;
11569
11570 ibss.beacon_interval = 100;
11571
11572 if (info->attrs[NL80211_ATTR_BEACON_INTERVAL])
11573 ibss.beacon_interval =
11574 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
11575
11576 err = cfg80211_validate_beacon_int(rdev, NL80211_IFTYPE_ADHOC,
11577 ibss.beacon_interval);
11578 if (err)
11579 return err;
11580
11581 if (!rdev->ops->join_ibss)
11582 return -EOPNOTSUPP;
11583
11584 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
11585 return -EOPNOTSUPP;
11586
11587 wiphy = &rdev->wiphy;
11588
11589 if (info->attrs[NL80211_ATTR_MAC]) {
11590 ibss.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
11591
11592 if (!is_valid_ether_addr(ibss.bssid))
11593 return -EINVAL;
11594 }
11595 ibss.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
11596 ibss.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
11597
11598 if (info->attrs[NL80211_ATTR_IE]) {
11599 ibss.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
11600 ibss.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
11601 }
11602
11603 err = nl80211_parse_chandef(rdev, info, &ibss.chandef);
11604 if (err)
11605 return err;
11606
11607 if (!cfg80211_reg_can_beacon(&rdev->wiphy, &ibss.chandef,
11608 NL80211_IFTYPE_ADHOC))
11609 return -EINVAL;
11610
11611 switch (ibss.chandef.width) {
11612 case NL80211_CHAN_WIDTH_5:
11613 case NL80211_CHAN_WIDTH_10:
11614 case NL80211_CHAN_WIDTH_20_NOHT:
11615 break;
11616 case NL80211_CHAN_WIDTH_20:
11617 case NL80211_CHAN_WIDTH_40:
11618 if (!(rdev->wiphy.features & NL80211_FEATURE_HT_IBSS))
11619 return -EINVAL;
11620 break;
11621 case NL80211_CHAN_WIDTH_80:
11622 case NL80211_CHAN_WIDTH_80P80:
11623 case NL80211_CHAN_WIDTH_160:
11624 if (!(rdev->wiphy.features & NL80211_FEATURE_HT_IBSS))
11625 return -EINVAL;
11626 if (!wiphy_ext_feature_isset(&rdev->wiphy,
11627 NL80211_EXT_FEATURE_VHT_IBSS))
11628 return -EINVAL;
11629 break;
11630 case NL80211_CHAN_WIDTH_320:
11631 return -EINVAL;
11632 default:
11633 return -EINVAL;
11634 }
11635
11636 ibss.channel_fixed = !!info->attrs[NL80211_ATTR_FREQ_FIXED];
11637 ibss.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
11638
11639 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
11640 u8 *rates =
11641 nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
11642 int n_rates =
11643 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
11644 struct ieee80211_supported_band *sband =
11645 wiphy->bands[ibss.chandef.chan->band];
11646
11647 err = ieee80211_get_ratemask(sband, rates, n_rates,
11648 &ibss.basic_rates);
11649 if (err)
11650 return err;
11651 }
11652
11653 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
11654 memcpy(&ibss.ht_capa_mask,
11655 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
11656 sizeof(ibss.ht_capa_mask));
11657
11658 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
11659 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
11660 return -EINVAL;
11661 memcpy(&ibss.ht_capa,
11662 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
11663 sizeof(ibss.ht_capa));
11664 }
11665
11666 if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
11667 !nl80211_parse_mcast_rate(rdev, ibss.mcast_rate,
11668 nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
11669 return -EINVAL;
11670
11671 if (ibss.privacy && info->attrs[NL80211_ATTR_KEYS]) {
11672 bool no_ht = false;
11673
11674 connkeys = nl80211_parse_connkeys(rdev, info, &no_ht);
11675 if (IS_ERR(connkeys))
11676 return PTR_ERR(connkeys);
11677
11678 if ((ibss.chandef.width != NL80211_CHAN_WIDTH_20_NOHT) &&
11679 no_ht) {
11680 kfree_sensitive(connkeys);
11681 return -EINVAL;
11682 }
11683 }
11684
11685 ibss.control_port =
11686 nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT]);
11687
11688 if (info->attrs[NL80211_ATTR_CONTROL_PORT_OVER_NL80211]) {
11689 int r = validate_pae_over_nl80211(rdev, info);
11690
11691 if (r < 0) {
11692 kfree_sensitive(connkeys);
11693 return r;
11694 }
11695
11696 ibss.control_port_over_nl80211 = true;
11697 }
11698
11699 ibss.userspace_handles_dfs =
11700 nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS]);
11701
11702 err = __cfg80211_join_ibss(rdev, dev, &ibss, connkeys);
11703 if (err)
11704 kfree_sensitive(connkeys);
11705 else if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
11706 dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid;
11707
11708 return err;
11709 }
11710
11711 static int nl80211_leave_ibss(struct sk_buff *skb, struct genl_info *info)
11712 {
11713 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11714 struct net_device *dev = info->user_ptr[1];
11715
11716 if (!rdev->ops->leave_ibss)
11717 return -EOPNOTSUPP;
11718
11719 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
11720 return -EOPNOTSUPP;
11721
11722 return cfg80211_leave_ibss(rdev, dev, false);
11723 }
11724
11725 static int nl80211_set_mcast_rate(struct sk_buff *skb, struct genl_info *info)
11726 {
11727 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11728 struct net_device *dev = info->user_ptr[1];
11729 int mcast_rate[NUM_NL80211_BANDS];
11730 u32 nla_rate;
11731
11732 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC &&
11733 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
11734 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_OCB)
11735 return -EOPNOTSUPP;
11736
11737 if (!rdev->ops->set_mcast_rate)
11738 return -EOPNOTSUPP;
11739
11740 memset(mcast_rate, 0, sizeof(mcast_rate));
11741
11742 if (!info->attrs[NL80211_ATTR_MCAST_RATE])
11743 return -EINVAL;
11744
11745 nla_rate = nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE]);
11746 if (!nl80211_parse_mcast_rate(rdev, mcast_rate, nla_rate))
11747 return -EINVAL;
11748
11749 return rdev_set_mcast_rate(rdev, dev, mcast_rate);
11750 }
11751
11752 static struct sk_buff *
11753 __cfg80211_alloc_vendor_skb(struct cfg80211_registered_device *rdev,
11754 struct wireless_dev *wdev, int approxlen,
11755 u32 portid, u32 seq, enum nl80211_commands cmd,
11756 enum nl80211_attrs attr,
11757 const struct nl80211_vendor_cmd_info *info,
11758 gfp_t gfp)
11759 {
11760 struct sk_buff *skb;
11761 void *hdr;
11762 struct nlattr *data;
11763
11764 skb = nlmsg_new(approxlen + 100, gfp);
11765 if (!skb)
11766 return NULL;
11767
11768 hdr = nl80211hdr_put(skb, portid, seq, 0, cmd);
11769 if (!hdr) {
11770 kfree_skb(skb);
11771 return NULL;
11772 }
11773
11774 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
11775 goto nla_put_failure;
11776
11777 if (info) {
11778 if (nla_put_u32(skb, NL80211_ATTR_VENDOR_ID,
11779 info->vendor_id))
11780 goto nla_put_failure;
11781 if (nla_put_u32(skb, NL80211_ATTR_VENDOR_SUBCMD,
11782 info->subcmd))
11783 goto nla_put_failure;
11784 }
11785
11786 if (wdev) {
11787 if (nla_put_u64_64bit(skb, NL80211_ATTR_WDEV,
11788 wdev_id(wdev), NL80211_ATTR_PAD))
11789 goto nla_put_failure;
11790 if (wdev->netdev &&
11791 nla_put_u32(skb, NL80211_ATTR_IFINDEX,
11792 wdev->netdev->ifindex))
11793 goto nla_put_failure;
11794 }
11795
11796 data = nla_nest_start_noflag(skb, attr);
11797 if (!data)
11798 goto nla_put_failure;
11799
11800 ((void **)skb->cb)[0] = rdev;
11801 ((void **)skb->cb)[1] = hdr;
11802 ((void **)skb->cb)[2] = data;
11803
11804 return skb;
11805
11806 nla_put_failure:
11807 kfree_skb(skb);
11808 return NULL;
11809 }
11810
11811 struct sk_buff *__cfg80211_alloc_event_skb(struct wiphy *wiphy,
11812 struct wireless_dev *wdev,
11813 enum nl80211_commands cmd,
11814 enum nl80211_attrs attr,
11815 unsigned int portid,
11816 int vendor_event_idx,
11817 int approxlen, gfp_t gfp)
11818 {
11819 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
11820 const struct nl80211_vendor_cmd_info *info;
11821
11822 switch (cmd) {
11823 case NL80211_CMD_TESTMODE:
11824 if (WARN_ON(vendor_event_idx != -1))
11825 return NULL;
11826 info = NULL;
11827 break;
11828 case NL80211_CMD_VENDOR:
11829 if (WARN_ON(vendor_event_idx < 0 ||
11830 vendor_event_idx >= wiphy->n_vendor_events))
11831 return NULL;
11832 info = &wiphy->vendor_events[vendor_event_idx];
11833 break;
11834 default:
11835 WARN_ON(1);
11836 return NULL;
11837 }
11838
11839 return __cfg80211_alloc_vendor_skb(rdev, wdev, approxlen, portid, 0,
11840 cmd, attr, info, gfp);
11841 }
11842 EXPORT_SYMBOL(__cfg80211_alloc_event_skb);
11843
11844 void __cfg80211_send_event_skb(struct sk_buff *skb, gfp_t gfp)
11845 {
11846 struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
11847 void *hdr = ((void **)skb->cb)[1];
11848 struct nlmsghdr *nlhdr = nlmsg_hdr(skb);
11849 struct nlattr *data = ((void **)skb->cb)[2];
11850 enum nl80211_multicast_groups mcgrp = NL80211_MCGRP_TESTMODE;
11851
11852 /* clear CB data for netlink core to own from now on */
11853 memset(skb->cb, 0, sizeof(skb->cb));
11854
11855 nla_nest_end(skb, data);
11856 genlmsg_end(skb, hdr);
11857
11858 if (nlhdr->nlmsg_pid) {
11859 genlmsg_unicast(wiphy_net(&rdev->wiphy), skb,
11860 nlhdr->nlmsg_pid);
11861 } else {
11862 if (data->nla_type == NL80211_ATTR_VENDOR_DATA)
11863 mcgrp = NL80211_MCGRP_VENDOR;
11864
11865 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
11866 skb, 0, mcgrp, gfp);
11867 }
11868 }
11869 EXPORT_SYMBOL(__cfg80211_send_event_skb);
11870
11871 #ifdef CONFIG_NL80211_TESTMODE
11872 static int nl80211_testmode_do(struct sk_buff *skb, struct genl_info *info)
11873 {
11874 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11875 struct wireless_dev *wdev;
11876 int err;
11877
11878 lockdep_assert_held(&rdev->wiphy.mtx);
11879
11880 wdev = __cfg80211_wdev_from_attrs(rdev, genl_info_net(info),
11881 info->attrs);
11882
11883 if (!rdev->ops->testmode_cmd)
11884 return -EOPNOTSUPP;
11885
11886 if (IS_ERR(wdev)) {
11887 err = PTR_ERR(wdev);
11888 if (err != -EINVAL)
11889 return err;
11890 wdev = NULL;
11891 } else if (wdev->wiphy != &rdev->wiphy) {
11892 return -EINVAL;
11893 }
11894
11895 if (!info->attrs[NL80211_ATTR_TESTDATA])
11896 return -EINVAL;
11897
11898 rdev->cur_cmd_info = info;
11899 err = rdev_testmode_cmd(rdev, wdev,
11900 nla_data(info->attrs[NL80211_ATTR_TESTDATA]),
11901 nla_len(info->attrs[NL80211_ATTR_TESTDATA]));
11902 rdev->cur_cmd_info = NULL;
11903
11904 return err;
11905 }
11906
11907 static int nl80211_testmode_dump(struct sk_buff *skb,
11908 struct netlink_callback *cb)
11909 {
11910 struct cfg80211_registered_device *rdev;
11911 struct nlattr **attrbuf = NULL;
11912 int err;
11913 long phy_idx;
11914 void *data = NULL;
11915 int data_len = 0;
11916
11917 rtnl_lock();
11918
11919 if (cb->args[0]) {
11920 /*
11921 * 0 is a valid index, but not valid for args[0],
11922 * so we need to offset by 1.
11923 */
11924 phy_idx = cb->args[0] - 1;
11925
11926 rdev = cfg80211_rdev_by_wiphy_idx(phy_idx);
11927 if (!rdev) {
11928 err = -ENOENT;
11929 goto out_err;
11930 }
11931 } else {
11932 attrbuf = kcalloc(NUM_NL80211_ATTR, sizeof(*attrbuf),
11933 GFP_KERNEL);
11934 if (!attrbuf) {
11935 err = -ENOMEM;
11936 goto out_err;
11937 }
11938
11939 err = nlmsg_parse_deprecated(cb->nlh,
11940 GENL_HDRLEN + nl80211_fam.hdrsize,
11941 attrbuf, nl80211_fam.maxattr,
11942 nl80211_policy, NULL);
11943 if (err)
11944 goto out_err;
11945
11946 rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk), attrbuf);
11947 if (IS_ERR(rdev)) {
11948 err = PTR_ERR(rdev);
11949 goto out_err;
11950 }
11951 phy_idx = rdev->wiphy_idx;
11952
11953 if (attrbuf[NL80211_ATTR_TESTDATA])
11954 cb->args[1] = (long)attrbuf[NL80211_ATTR_TESTDATA];
11955 }
11956
11957 if (cb->args[1]) {
11958 data = nla_data((void *)cb->args[1]);
11959 data_len = nla_len((void *)cb->args[1]);
11960 }
11961
11962 if (!rdev->ops->testmode_dump) {
11963 err = -EOPNOTSUPP;
11964 goto out_err;
11965 }
11966
11967 while (1) {
11968 void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid,
11969 cb->nlh->nlmsg_seq, NLM_F_MULTI,
11970 NL80211_CMD_TESTMODE);
11971 struct nlattr *tmdata;
11972
11973 if (!hdr)
11974 break;
11975
11976 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, phy_idx)) {
11977 genlmsg_cancel(skb, hdr);
11978 break;
11979 }
11980
11981 tmdata = nla_nest_start_noflag(skb, NL80211_ATTR_TESTDATA);
11982 if (!tmdata) {
11983 genlmsg_cancel(skb, hdr);
11984 break;
11985 }
11986 err = rdev_testmode_dump(rdev, skb, cb, data, data_len);
11987 nla_nest_end(skb, tmdata);
11988
11989 if (err == -ENOBUFS || err == -ENOENT) {
11990 genlmsg_cancel(skb, hdr);
11991 break;
11992 } else if (err) {
11993 genlmsg_cancel(skb, hdr);
11994 goto out_err;
11995 }
11996
11997 genlmsg_end(skb, hdr);
11998 }
11999
12000 err = skb->len;
12001 /* see above */
12002 cb->args[0] = phy_idx + 1;
12003 out_err:
12004 kfree(attrbuf);
12005 rtnl_unlock();
12006 return err;
12007 }
12008 #endif
12009
12010 static int nl80211_connect(struct sk_buff *skb, struct genl_info *info)
12011 {
12012 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12013 struct net_device *dev = info->user_ptr[1];
12014 struct cfg80211_connect_params connect;
12015 struct wiphy *wiphy;
12016 struct cfg80211_cached_keys *connkeys = NULL;
12017 u32 freq = 0;
12018 int err;
12019
12020 memset(&connect, 0, sizeof(connect));
12021
12022 if (!info->attrs[NL80211_ATTR_SSID] ||
12023 !nla_len(info->attrs[NL80211_ATTR_SSID]))
12024 return -EINVAL;
12025
12026 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
12027 connect.auth_type =
12028 nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
12029 if (!nl80211_valid_auth_type(rdev, connect.auth_type,
12030 NL80211_CMD_CONNECT))
12031 return -EINVAL;
12032 } else
12033 connect.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
12034
12035 connect.privacy = info->attrs[NL80211_ATTR_PRIVACY];
12036
12037 if (info->attrs[NL80211_ATTR_WANT_1X_4WAY_HS] &&
12038 !wiphy_ext_feature_isset(&rdev->wiphy,
12039 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
12040 return -EINVAL;
12041 connect.want_1x = info->attrs[NL80211_ATTR_WANT_1X_4WAY_HS];
12042
12043 err = nl80211_crypto_settings(rdev, info, &connect.crypto,
12044 NL80211_MAX_NR_CIPHER_SUITES);
12045 if (err)
12046 return err;
12047
12048 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
12049 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
12050 return -EOPNOTSUPP;
12051
12052 wiphy = &rdev->wiphy;
12053
12054 connect.bg_scan_period = -1;
12055 if (info->attrs[NL80211_ATTR_BG_SCAN_PERIOD] &&
12056 (wiphy->flags & WIPHY_FLAG_SUPPORTS_FW_ROAM)) {
12057 connect.bg_scan_period =
12058 nla_get_u16(info->attrs[NL80211_ATTR_BG_SCAN_PERIOD]);
12059 }
12060
12061 if (info->attrs[NL80211_ATTR_MAC])
12062 connect.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
12063 else if (info->attrs[NL80211_ATTR_MAC_HINT])
12064 connect.bssid_hint =
12065 nla_data(info->attrs[NL80211_ATTR_MAC_HINT]);
12066 connect.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
12067 connect.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
12068
12069 if (info->attrs[NL80211_ATTR_IE]) {
12070 connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
12071 connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
12072 }
12073
12074 if (info->attrs[NL80211_ATTR_USE_MFP]) {
12075 connect.mfp = nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
12076 if (connect.mfp == NL80211_MFP_OPTIONAL &&
12077 !wiphy_ext_feature_isset(&rdev->wiphy,
12078 NL80211_EXT_FEATURE_MFP_OPTIONAL))
12079 return -EOPNOTSUPP;
12080 } else {
12081 connect.mfp = NL80211_MFP_NO;
12082 }
12083
12084 if (info->attrs[NL80211_ATTR_PREV_BSSID])
12085 connect.prev_bssid =
12086 nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]);
12087
12088 if (info->attrs[NL80211_ATTR_WIPHY_FREQ])
12089 freq = MHZ_TO_KHZ(nla_get_u32(
12090 info->attrs[NL80211_ATTR_WIPHY_FREQ]));
12091 if (info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET])
12092 freq +=
12093 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET]);
12094
12095 if (freq) {
12096 connect.channel = nl80211_get_valid_chan(wiphy, freq);
12097 if (!connect.channel)
12098 return -EINVAL;
12099 } else if (info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]) {
12100 freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]);
12101 freq = MHZ_TO_KHZ(freq);
12102 connect.channel_hint = nl80211_get_valid_chan(wiphy, freq);
12103 if (!connect.channel_hint)
12104 return -EINVAL;
12105 }
12106
12107 if (info->attrs[NL80211_ATTR_WIPHY_EDMG_CHANNELS]) {
12108 connect.edmg.channels =
12109 nla_get_u8(info->attrs[NL80211_ATTR_WIPHY_EDMG_CHANNELS]);
12110
12111 if (info->attrs[NL80211_ATTR_WIPHY_EDMG_BW_CONFIG])
12112 connect.edmg.bw_config =
12113 nla_get_u8(info->attrs[NL80211_ATTR_WIPHY_EDMG_BW_CONFIG]);
12114 }
12115
12116 if (connect.privacy && info->attrs[NL80211_ATTR_KEYS]) {
12117 connkeys = nl80211_parse_connkeys(rdev, info, NULL);
12118 if (IS_ERR(connkeys))
12119 return PTR_ERR(connkeys);
12120 }
12121
12122 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
12123 connect.flags |= ASSOC_REQ_DISABLE_HT;
12124
12125 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
12126 memcpy(&connect.ht_capa_mask,
12127 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
12128 sizeof(connect.ht_capa_mask));
12129
12130 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
12131 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) {
12132 kfree_sensitive(connkeys);
12133 return -EINVAL;
12134 }
12135 memcpy(&connect.ht_capa,
12136 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
12137 sizeof(connect.ht_capa));
12138 }
12139
12140 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT]))
12141 connect.flags |= ASSOC_REQ_DISABLE_VHT;
12142
12143 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HE]))
12144 connect.flags |= ASSOC_REQ_DISABLE_HE;
12145
12146 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_EHT]))
12147 connect.flags |= ASSOC_REQ_DISABLE_EHT;
12148
12149 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
12150 memcpy(&connect.vht_capa_mask,
12151 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]),
12152 sizeof(connect.vht_capa_mask));
12153
12154 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {
12155 if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]) {
12156 kfree_sensitive(connkeys);
12157 return -EINVAL;
12158 }
12159 memcpy(&connect.vht_capa,
12160 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]),
12161 sizeof(connect.vht_capa));
12162 }
12163
12164 if (nla_get_flag(info->attrs[NL80211_ATTR_USE_RRM])) {
12165 if (!((rdev->wiphy.features &
12166 NL80211_FEATURE_DS_PARAM_SET_IE_IN_PROBES) &&
12167 (rdev->wiphy.features & NL80211_FEATURE_QUIET)) &&
12168 !wiphy_ext_feature_isset(&rdev->wiphy,
12169 NL80211_EXT_FEATURE_RRM)) {
12170 kfree_sensitive(connkeys);
12171 return -EINVAL;
12172 }
12173 connect.flags |= ASSOC_REQ_USE_RRM;
12174 }
12175
12176 connect.pbss = nla_get_flag(info->attrs[NL80211_ATTR_PBSS]);
12177 if (connect.pbss && !rdev->wiphy.bands[NL80211_BAND_60GHZ]) {
12178 kfree_sensitive(connkeys);
12179 return -EOPNOTSUPP;
12180 }
12181
12182 if (info->attrs[NL80211_ATTR_BSS_SELECT]) {
12183 /* bss selection makes no sense if bssid is set */
12184 if (connect.bssid) {
12185 kfree_sensitive(connkeys);
12186 return -EINVAL;
12187 }
12188
12189 err = parse_bss_select(info->attrs[NL80211_ATTR_BSS_SELECT],
12190 wiphy, &connect.bss_select);
12191 if (err) {
12192 kfree_sensitive(connkeys);
12193 return err;
12194 }
12195 }
12196
12197 if (wiphy_ext_feature_isset(&rdev->wiphy,
12198 NL80211_EXT_FEATURE_FILS_SK_OFFLOAD) &&
12199 info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] &&
12200 info->attrs[NL80211_ATTR_FILS_ERP_REALM] &&
12201 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] &&
12202 info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
12203 connect.fils_erp_username =
12204 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
12205 connect.fils_erp_username_len =
12206 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
12207 connect.fils_erp_realm =
12208 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
12209 connect.fils_erp_realm_len =
12210 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
12211 connect.fils_erp_next_seq_num =
12212 nla_get_u16(
12213 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM]);
12214 connect.fils_erp_rrk =
12215 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
12216 connect.fils_erp_rrk_len =
12217 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
12218 } else if (info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] ||
12219 info->attrs[NL80211_ATTR_FILS_ERP_REALM] ||
12220 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] ||
12221 info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
12222 kfree_sensitive(connkeys);
12223 return -EINVAL;
12224 }
12225
12226 if (nla_get_flag(info->attrs[NL80211_ATTR_EXTERNAL_AUTH_SUPPORT])) {
12227 if (!info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
12228 kfree_sensitive(connkeys);
12229 GENL_SET_ERR_MSG(info,
12230 "external auth requires connection ownership");
12231 return -EINVAL;
12232 }
12233 connect.flags |= CONNECT_REQ_EXTERNAL_AUTH_SUPPORT;
12234 }
12235
12236 if (nla_get_flag(info->attrs[NL80211_ATTR_MLO_SUPPORT]))
12237 connect.flags |= CONNECT_REQ_MLO_SUPPORT;
12238
12239 err = cfg80211_connect(rdev, dev, &connect, connkeys,
12240 connect.prev_bssid);
12241 if (err)
12242 kfree_sensitive(connkeys);
12243
12244 if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
12245 dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid;
12246 if (connect.bssid)
12247 memcpy(dev->ieee80211_ptr->disconnect_bssid,
12248 connect.bssid, ETH_ALEN);
12249 else
12250 eth_zero_addr(dev->ieee80211_ptr->disconnect_bssid);
12251 }
12252
12253 return err;
12254 }
12255
12256 static int nl80211_update_connect_params(struct sk_buff *skb,
12257 struct genl_info *info)
12258 {
12259 struct cfg80211_connect_params connect = {};
12260 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12261 struct net_device *dev = info->user_ptr[1];
12262 struct wireless_dev *wdev = dev->ieee80211_ptr;
12263 bool fils_sk_offload;
12264 u32 auth_type;
12265 u32 changed = 0;
12266
12267 if (!rdev->ops->update_connect_params)
12268 return -EOPNOTSUPP;
12269
12270 if (info->attrs[NL80211_ATTR_IE]) {
12271 connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
12272 connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
12273 changed |= UPDATE_ASSOC_IES;
12274 }
12275
12276 fils_sk_offload = wiphy_ext_feature_isset(&rdev->wiphy,
12277 NL80211_EXT_FEATURE_FILS_SK_OFFLOAD);
12278
12279 /*
12280 * when driver supports fils-sk offload all attributes must be
12281 * provided. So the else covers "fils-sk-not-all" and
12282 * "no-fils-sk-any".
12283 */
12284 if (fils_sk_offload &&
12285 info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] &&
12286 info->attrs[NL80211_ATTR_FILS_ERP_REALM] &&
12287 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] &&
12288 info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
12289 connect.fils_erp_username =
12290 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
12291 connect.fils_erp_username_len =
12292 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
12293 connect.fils_erp_realm =
12294 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
12295 connect.fils_erp_realm_len =
12296 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
12297 connect.fils_erp_next_seq_num =
12298 nla_get_u16(
12299 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM]);
12300 connect.fils_erp_rrk =
12301 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
12302 connect.fils_erp_rrk_len =
12303 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
12304 changed |= UPDATE_FILS_ERP_INFO;
12305 } else if (info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] ||
12306 info->attrs[NL80211_ATTR_FILS_ERP_REALM] ||
12307 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] ||
12308 info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
12309 return -EINVAL;
12310 }
12311
12312 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
12313 auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
12314 if (!nl80211_valid_auth_type(rdev, auth_type,
12315 NL80211_CMD_CONNECT))
12316 return -EINVAL;
12317
12318 if (auth_type == NL80211_AUTHTYPE_FILS_SK &&
12319 fils_sk_offload && !(changed & UPDATE_FILS_ERP_INFO))
12320 return -EINVAL;
12321
12322 connect.auth_type = auth_type;
12323 changed |= UPDATE_AUTH_TYPE;
12324 }
12325
12326 if (!wdev->connected)
12327 return -ENOLINK;
12328
12329 return rdev_update_connect_params(rdev, dev, &connect, changed);
12330 }
12331
12332 static int nl80211_disconnect(struct sk_buff *skb, struct genl_info *info)
12333 {
12334 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12335 struct net_device *dev = info->user_ptr[1];
12336 u16 reason;
12337
12338 if (dev->ieee80211_ptr->conn_owner_nlportid &&
12339 dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
12340 return -EPERM;
12341
12342 reason = nla_get_u16_default(info->attrs[NL80211_ATTR_REASON_CODE],
12343 WLAN_REASON_DEAUTH_LEAVING);
12344
12345 if (reason == 0)
12346 return -EINVAL;
12347
12348 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
12349 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
12350 return -EOPNOTSUPP;
12351
12352 return cfg80211_disconnect(rdev, dev, reason, true);
12353 }
12354
12355 static int nl80211_wiphy_netns(struct sk_buff *skb, struct genl_info *info)
12356 {
12357 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12358 struct net *net;
12359 int err;
12360
12361 if (info->attrs[NL80211_ATTR_PID]) {
12362 u32 pid = nla_get_u32(info->attrs[NL80211_ATTR_PID]);
12363
12364 net = get_net_ns_by_pid(pid);
12365 } else if (info->attrs[NL80211_ATTR_NETNS_FD]) {
12366 u32 fd = nla_get_u32(info->attrs[NL80211_ATTR_NETNS_FD]);
12367
12368 net = get_net_ns_by_fd(fd);
12369 } else {
12370 return -EINVAL;
12371 }
12372
12373 if (IS_ERR(net))
12374 return PTR_ERR(net);
12375
12376 err = 0;
12377
12378 /* check if anything to do */
12379 if (!net_eq(wiphy_net(&rdev->wiphy), net))
12380 err = cfg80211_switch_netns(rdev, net);
12381
12382 put_net(net);
12383 return err;
12384 }
12385
12386 static int nl80211_set_pmksa(struct sk_buff *skb, struct genl_info *info)
12387 {
12388 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12389 struct net_device *dev = info->user_ptr[1];
12390 struct cfg80211_pmksa pmksa;
12391 bool ap_pmksa_caching_support = false;
12392
12393 memset(&pmksa, 0, sizeof(struct cfg80211_pmksa));
12394
12395 ap_pmksa_caching_support = wiphy_ext_feature_isset(&rdev->wiphy,
12396 NL80211_EXT_FEATURE_AP_PMKSA_CACHING);
12397
12398 if (!info->attrs[NL80211_ATTR_PMKID])
12399 return -EINVAL;
12400
12401 pmksa.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]);
12402
12403 if (info->attrs[NL80211_ATTR_MAC]) {
12404 pmksa.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
12405 } else if (info->attrs[NL80211_ATTR_SSID] &&
12406 info->attrs[NL80211_ATTR_FILS_CACHE_ID] &&
12407 info->attrs[NL80211_ATTR_PMK]) {
12408 pmksa.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
12409 pmksa.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
12410 pmksa.cache_id = nla_data(info->attrs[NL80211_ATTR_FILS_CACHE_ID]);
12411 } else {
12412 return -EINVAL;
12413 }
12414
12415 if (info->attrs[NL80211_ATTR_PMK]) {
12416 pmksa.pmk = nla_data(info->attrs[NL80211_ATTR_PMK]);
12417 pmksa.pmk_len = nla_len(info->attrs[NL80211_ATTR_PMK]);
12418 }
12419
12420 if (info->attrs[NL80211_ATTR_PMK_LIFETIME])
12421 pmksa.pmk_lifetime =
12422 nla_get_u32(info->attrs[NL80211_ATTR_PMK_LIFETIME]);
12423
12424 if (info->attrs[NL80211_ATTR_PMK_REAUTH_THRESHOLD])
12425 pmksa.pmk_reauth_threshold =
12426 nla_get_u8(info->attrs[NL80211_ATTR_PMK_REAUTH_THRESHOLD]);
12427
12428 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
12429 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT &&
12430 !((dev->ieee80211_ptr->iftype == NL80211_IFTYPE_AP ||
12431 dev->ieee80211_ptr->iftype == NL80211_IFTYPE_P2P_GO) &&
12432 ap_pmksa_caching_support))
12433 return -EOPNOTSUPP;
12434
12435 if (!rdev->ops->set_pmksa)
12436 return -EOPNOTSUPP;
12437
12438 return rdev_set_pmksa(rdev, dev, &pmksa);
12439 }
12440
12441 static int nl80211_del_pmksa(struct sk_buff *skb, struct genl_info *info)
12442 {
12443 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12444 struct net_device *dev = info->user_ptr[1];
12445 struct cfg80211_pmksa pmksa;
12446 bool sae_offload_support = false;
12447 bool owe_offload_support = false;
12448 bool ap_pmksa_caching_support = false;
12449
12450 memset(&pmksa, 0, sizeof(struct cfg80211_pmksa));
12451
12452 sae_offload_support = wiphy_ext_feature_isset(&rdev->wiphy,
12453 NL80211_EXT_FEATURE_SAE_OFFLOAD);
12454 owe_offload_support = wiphy_ext_feature_isset(&rdev->wiphy,
12455 NL80211_EXT_FEATURE_OWE_OFFLOAD);
12456 ap_pmksa_caching_support = wiphy_ext_feature_isset(&rdev->wiphy,
12457 NL80211_EXT_FEATURE_AP_PMKSA_CACHING);
12458
12459 if (info->attrs[NL80211_ATTR_PMKID])
12460 pmksa.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]);
12461
12462 if (info->attrs[NL80211_ATTR_MAC]) {
12463 pmksa.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
12464 } else if (info->attrs[NL80211_ATTR_SSID]) {
12465 /* SSID based pmksa flush supported only for FILS,
12466 * OWE/SAE OFFLOAD cases
12467 */
12468 if (info->attrs[NL80211_ATTR_FILS_CACHE_ID] &&
12469 info->attrs[NL80211_ATTR_PMK]) {
12470 pmksa.cache_id = nla_data(info->attrs[NL80211_ATTR_FILS_CACHE_ID]);
12471 } else if (!sae_offload_support && !owe_offload_support) {
12472 return -EINVAL;
12473 }
12474 pmksa.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
12475 pmksa.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
12476 } else {
12477 return -EINVAL;
12478 }
12479
12480 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
12481 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT &&
12482 !((dev->ieee80211_ptr->iftype == NL80211_IFTYPE_AP ||
12483 dev->ieee80211_ptr->iftype == NL80211_IFTYPE_P2P_GO) &&
12484 ap_pmksa_caching_support))
12485 return -EOPNOTSUPP;
12486
12487 if (!rdev->ops->del_pmksa)
12488 return -EOPNOTSUPP;
12489
12490 return rdev_del_pmksa(rdev, dev, &pmksa);
12491 }
12492
12493 static int nl80211_flush_pmksa(struct sk_buff *skb, struct genl_info *info)
12494 {
12495 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12496 struct net_device *dev = info->user_ptr[1];
12497
12498 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
12499 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
12500 return -EOPNOTSUPP;
12501
12502 if (!rdev->ops->flush_pmksa)
12503 return -EOPNOTSUPP;
12504
12505 return rdev_flush_pmksa(rdev, dev);
12506 }
12507
12508 static int nl80211_tdls_mgmt(struct sk_buff *skb, struct genl_info *info)
12509 {
12510 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12511 struct net_device *dev = info->user_ptr[1];
12512 u8 action_code, dialog_token;
12513 u32 peer_capability = 0;
12514 u16 status_code;
12515 u8 *peer;
12516 int link_id;
12517 bool initiator;
12518
12519 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
12520 !rdev->ops->tdls_mgmt)
12521 return -EOPNOTSUPP;
12522
12523 if (!info->attrs[NL80211_ATTR_TDLS_ACTION] ||
12524 !info->attrs[NL80211_ATTR_STATUS_CODE] ||
12525 !info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN] ||
12526 !info->attrs[NL80211_ATTR_IE] ||
12527 !info->attrs[NL80211_ATTR_MAC])
12528 return -EINVAL;
12529
12530 peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
12531 action_code = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_ACTION]);
12532 status_code = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
12533 dialog_token = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN]);
12534 initiator = nla_get_flag(info->attrs[NL80211_ATTR_TDLS_INITIATOR]);
12535 if (info->attrs[NL80211_ATTR_TDLS_PEER_CAPABILITY])
12536 peer_capability =
12537 nla_get_u32(info->attrs[NL80211_ATTR_TDLS_PEER_CAPABILITY]);
12538 link_id = nl80211_link_id_or_invalid(info->attrs);
12539
12540 return rdev_tdls_mgmt(rdev, dev, peer, link_id, action_code,
12541 dialog_token, status_code, peer_capability,
12542 initiator,
12543 nla_data(info->attrs[NL80211_ATTR_IE]),
12544 nla_len(info->attrs[NL80211_ATTR_IE]));
12545 }
12546
12547 static int nl80211_tdls_oper(struct sk_buff *skb, struct genl_info *info)
12548 {
12549 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12550 struct net_device *dev = info->user_ptr[1];
12551 enum nl80211_tdls_operation operation;
12552 u8 *peer;
12553
12554 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
12555 !rdev->ops->tdls_oper)
12556 return -EOPNOTSUPP;
12557
12558 if (!info->attrs[NL80211_ATTR_TDLS_OPERATION] ||
12559 !info->attrs[NL80211_ATTR_MAC])
12560 return -EINVAL;
12561
12562 operation = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_OPERATION]);
12563 peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
12564
12565 return rdev_tdls_oper(rdev, dev, peer, operation);
12566 }
12567
12568 static int nl80211_remain_on_channel(struct sk_buff *skb,
12569 struct genl_info *info)
12570 {
12571 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12572 unsigned int link_id = nl80211_link_id(info->attrs);
12573 struct wireless_dev *wdev = info->user_ptr[1];
12574 struct cfg80211_chan_def chandef;
12575 struct sk_buff *msg;
12576 void *hdr;
12577 u64 cookie;
12578 u32 duration;
12579 int err;
12580
12581 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
12582 !info->attrs[NL80211_ATTR_DURATION])
12583 return -EINVAL;
12584
12585 duration = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
12586
12587 if (!rdev->ops->remain_on_channel ||
12588 !(rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL))
12589 return -EOPNOTSUPP;
12590
12591 /*
12592 * We should be on that channel for at least a minimum amount of
12593 * time (10ms) but no longer than the driver supports.
12594 */
12595 if (duration < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
12596 duration > rdev->wiphy.max_remain_on_channel_duration)
12597 return -EINVAL;
12598
12599 err = nl80211_parse_chandef(rdev, info, &chandef);
12600 if (err)
12601 return err;
12602
12603 if (!cfg80211_off_channel_oper_allowed(wdev, chandef.chan)) {
12604 const struct cfg80211_chan_def *oper_chandef, *compat_chandef;
12605
12606 oper_chandef = wdev_chandef(wdev, link_id);
12607
12608 if (WARN_ON(!oper_chandef)) {
12609 /* cannot happen since we must beacon to get here */
12610 WARN_ON(1);
12611 return -EBUSY;
12612 }
12613
12614 /* note: returns first one if identical chandefs */
12615 compat_chandef = cfg80211_chandef_compatible(&chandef,
12616 oper_chandef);
12617
12618 if (compat_chandef != &chandef)
12619 return -EBUSY;
12620 }
12621
12622 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
12623 if (!msg)
12624 return -ENOMEM;
12625
12626 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
12627 NL80211_CMD_REMAIN_ON_CHANNEL);
12628 if (!hdr) {
12629 err = -ENOBUFS;
12630 goto free_msg;
12631 }
12632
12633 err = rdev_remain_on_channel(rdev, wdev, chandef.chan,
12634 duration, &cookie);
12635
12636 if (err)
12637 goto free_msg;
12638
12639 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
12640 NL80211_ATTR_PAD))
12641 goto nla_put_failure;
12642
12643 genlmsg_end(msg, hdr);
12644
12645 return genlmsg_reply(msg, info);
12646
12647 nla_put_failure:
12648 err = -ENOBUFS;
12649 free_msg:
12650 nlmsg_free(msg);
12651 return err;
12652 }
12653
12654 static int nl80211_cancel_remain_on_channel(struct sk_buff *skb,
12655 struct genl_info *info)
12656 {
12657 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12658 struct wireless_dev *wdev = info->user_ptr[1];
12659 u64 cookie;
12660
12661 if (!info->attrs[NL80211_ATTR_COOKIE])
12662 return -EINVAL;
12663
12664 if (!rdev->ops->cancel_remain_on_channel)
12665 return -EOPNOTSUPP;
12666
12667 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
12668
12669 return rdev_cancel_remain_on_channel(rdev, wdev, cookie);
12670 }
12671
12672 static int nl80211_set_tx_bitrate_mask(struct sk_buff *skb,
12673 struct genl_info *info)
12674 {
12675 struct cfg80211_bitrate_mask mask;
12676 unsigned int link_id = nl80211_link_id(info->attrs);
12677 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12678 struct net_device *dev = info->user_ptr[1];
12679 int err;
12680
12681 if (!rdev->ops->set_bitrate_mask)
12682 return -EOPNOTSUPP;
12683
12684 err = nl80211_parse_tx_bitrate_mask(info, info->attrs,
12685 NL80211_ATTR_TX_RATES, &mask,
12686 dev, true, link_id);
12687 if (err)
12688 return err;
12689
12690 return rdev_set_bitrate_mask(rdev, dev, link_id, NULL, &mask);
12691 }
12692
12693 static int nl80211_register_mgmt(struct sk_buff *skb, struct genl_info *info)
12694 {
12695 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12696 struct wireless_dev *wdev = info->user_ptr[1];
12697 u16 frame_type = IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_ACTION;
12698
12699 if (!info->attrs[NL80211_ATTR_FRAME_MATCH])
12700 return -EINVAL;
12701
12702 if (info->attrs[NL80211_ATTR_FRAME_TYPE])
12703 frame_type = nla_get_u16(info->attrs[NL80211_ATTR_FRAME_TYPE]);
12704
12705 switch (wdev->iftype) {
12706 case NL80211_IFTYPE_STATION:
12707 case NL80211_IFTYPE_ADHOC:
12708 case NL80211_IFTYPE_P2P_CLIENT:
12709 case NL80211_IFTYPE_AP:
12710 case NL80211_IFTYPE_AP_VLAN:
12711 case NL80211_IFTYPE_MESH_POINT:
12712 case NL80211_IFTYPE_P2P_GO:
12713 case NL80211_IFTYPE_P2P_DEVICE:
12714 break;
12715 case NL80211_IFTYPE_NAN:
12716 if (!wiphy_ext_feature_isset(wdev->wiphy,
12717 NL80211_EXT_FEATURE_SECURE_NAN))
12718 return -EOPNOTSUPP;
12719 break;
12720 default:
12721 return -EOPNOTSUPP;
12722 }
12723
12724 /* not much point in registering if we can't reply */
12725 if (!rdev->ops->mgmt_tx)
12726 return -EOPNOTSUPP;
12727
12728 if (info->attrs[NL80211_ATTR_RECEIVE_MULTICAST] &&
12729 !wiphy_ext_feature_isset(&rdev->wiphy,
12730 NL80211_EXT_FEATURE_MULTICAST_REGISTRATIONS)) {
12731 GENL_SET_ERR_MSG(info,
12732 "multicast RX registrations are not supported");
12733 return -EOPNOTSUPP;
12734 }
12735
12736 return cfg80211_mlme_register_mgmt(wdev, info->snd_portid, frame_type,
12737 nla_data(info->attrs[NL80211_ATTR_FRAME_MATCH]),
12738 nla_len(info->attrs[NL80211_ATTR_FRAME_MATCH]),
12739 info->attrs[NL80211_ATTR_RECEIVE_MULTICAST],
12740 info->extack);
12741 }
12742
12743 static int nl80211_tx_mgmt(struct sk_buff *skb, struct genl_info *info)
12744 {
12745 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12746 struct wireless_dev *wdev = info->user_ptr[1];
12747 struct cfg80211_chan_def chandef;
12748 int err;
12749 void *hdr = NULL;
12750 u64 cookie;
12751 struct sk_buff *msg = NULL;
12752 struct cfg80211_mgmt_tx_params params = {
12753 .dont_wait_for_ack =
12754 info->attrs[NL80211_ATTR_DONT_WAIT_FOR_ACK],
12755 };
12756
12757 if (!info->attrs[NL80211_ATTR_FRAME])
12758 return -EINVAL;
12759
12760 if (!rdev->ops->mgmt_tx)
12761 return -EOPNOTSUPP;
12762
12763 switch (wdev->iftype) {
12764 case NL80211_IFTYPE_P2P_DEVICE:
12765 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
12766 return -EINVAL;
12767 break;
12768 case NL80211_IFTYPE_STATION:
12769 case NL80211_IFTYPE_ADHOC:
12770 case NL80211_IFTYPE_P2P_CLIENT:
12771 case NL80211_IFTYPE_AP:
12772 case NL80211_IFTYPE_AP_VLAN:
12773 case NL80211_IFTYPE_MESH_POINT:
12774 case NL80211_IFTYPE_P2P_GO:
12775 break;
12776 case NL80211_IFTYPE_NAN:
12777 if (!wiphy_ext_feature_isset(wdev->wiphy,
12778 NL80211_EXT_FEATURE_SECURE_NAN))
12779 return -EOPNOTSUPP;
12780 break;
12781 default:
12782 return -EOPNOTSUPP;
12783 }
12784
12785 if (info->attrs[NL80211_ATTR_DURATION]) {
12786 if (!(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
12787 return -EINVAL;
12788 params.wait = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
12789
12790 /*
12791 * We should wait on the channel for at least a minimum amount
12792 * of time (10ms) but no longer than the driver supports.
12793 */
12794 if (params.wait < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
12795 params.wait > rdev->wiphy.max_remain_on_channel_duration)
12796 return -EINVAL;
12797 }
12798
12799 params.offchan = info->attrs[NL80211_ATTR_OFFCHANNEL_TX_OK];
12800
12801 if (params.offchan && !(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
12802 return -EINVAL;
12803
12804 params.no_cck = nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
12805
12806 /* get the channel if any has been specified, otherwise pass NULL to
12807 * the driver. The latter will use the current one
12808 */
12809 chandef.chan = NULL;
12810 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
12811 err = nl80211_parse_chandef(rdev, info, &chandef);
12812 if (err)
12813 return err;
12814 }
12815
12816 if (!chandef.chan && params.offchan)
12817 return -EINVAL;
12818
12819 if (params.offchan &&
12820 !cfg80211_off_channel_oper_allowed(wdev, chandef.chan))
12821 return -EBUSY;
12822
12823 params.link_id = nl80211_link_id_or_invalid(info->attrs);
12824 /*
12825 * This now races due to the unlock, but we cannot check
12826 * the valid links for the _station_ anyway, so that's up
12827 * to the driver.
12828 */
12829 if (params.link_id >= 0 &&
12830 !(wdev->valid_links & BIT(params.link_id)))
12831 return -EINVAL;
12832
12833 params.buf = nla_data(info->attrs[NL80211_ATTR_FRAME]);
12834 params.len = nla_len(info->attrs[NL80211_ATTR_FRAME]);
12835
12836 err = nl80211_parse_counter_offsets(rdev, NULL, params.len, -1,
12837 info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX],
12838 &params.csa_offsets,
12839 &params.n_csa_offsets);
12840 if (err)
12841 return err;
12842
12843 if (!params.dont_wait_for_ack) {
12844 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
12845 if (!msg)
12846 return -ENOMEM;
12847
12848 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
12849 NL80211_CMD_FRAME);
12850 if (!hdr) {
12851 err = -ENOBUFS;
12852 goto free_msg;
12853 }
12854 }
12855
12856 params.chan = chandef.chan;
12857 err = cfg80211_mlme_mgmt_tx(rdev, wdev, &params, &cookie);
12858 if (err)
12859 goto free_msg;
12860
12861 if (msg) {
12862 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
12863 NL80211_ATTR_PAD))
12864 goto nla_put_failure;
12865
12866 genlmsg_end(msg, hdr);
12867 return genlmsg_reply(msg, info);
12868 }
12869
12870 return 0;
12871
12872 nla_put_failure:
12873 err = -ENOBUFS;
12874 free_msg:
12875 nlmsg_free(msg);
12876 return err;
12877 }
12878
12879 static int nl80211_tx_mgmt_cancel_wait(struct sk_buff *skb, struct genl_info *info)
12880 {
12881 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12882 struct wireless_dev *wdev = info->user_ptr[1];
12883 u64 cookie;
12884
12885 if (!info->attrs[NL80211_ATTR_COOKIE])
12886 return -EINVAL;
12887
12888 if (!rdev->ops->mgmt_tx_cancel_wait)
12889 return -EOPNOTSUPP;
12890
12891 switch (wdev->iftype) {
12892 case NL80211_IFTYPE_STATION:
12893 case NL80211_IFTYPE_ADHOC:
12894 case NL80211_IFTYPE_P2P_CLIENT:
12895 case NL80211_IFTYPE_AP:
12896 case NL80211_IFTYPE_AP_VLAN:
12897 case NL80211_IFTYPE_P2P_GO:
12898 case NL80211_IFTYPE_P2P_DEVICE:
12899 break;
12900 case NL80211_IFTYPE_NAN:
12901 if (!wiphy_ext_feature_isset(wdev->wiphy,
12902 NL80211_EXT_FEATURE_SECURE_NAN))
12903 return -EOPNOTSUPP;
12904 break;
12905 default:
12906 return -EOPNOTSUPP;
12907 }
12908
12909 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
12910
12911 return rdev_mgmt_tx_cancel_wait(rdev, wdev, cookie);
12912 }
12913
12914 static int nl80211_set_power_save(struct sk_buff *skb, struct genl_info *info)
12915 {
12916 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12917 struct wireless_dev *wdev;
12918 struct net_device *dev = info->user_ptr[1];
12919 u8 ps_state;
12920 bool state;
12921 int err;
12922
12923 if (!info->attrs[NL80211_ATTR_PS_STATE])
12924 return -EINVAL;
12925
12926 ps_state = nla_get_u32(info->attrs[NL80211_ATTR_PS_STATE]);
12927
12928 wdev = dev->ieee80211_ptr;
12929
12930 if (!rdev->ops->set_power_mgmt)
12931 return -EOPNOTSUPP;
12932
12933 state = (ps_state == NL80211_PS_ENABLED) ? true : false;
12934
12935 if (state == wdev->ps)
12936 return 0;
12937
12938 err = rdev_set_power_mgmt(rdev, dev, state, wdev->ps_timeout);
12939 if (!err)
12940 wdev->ps = state;
12941 return err;
12942 }
12943
12944 static int nl80211_get_power_save(struct sk_buff *skb, struct genl_info *info)
12945 {
12946 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12947 enum nl80211_ps_state ps_state;
12948 struct wireless_dev *wdev;
12949 struct net_device *dev = info->user_ptr[1];
12950 struct sk_buff *msg;
12951 void *hdr;
12952 int err;
12953
12954 wdev = dev->ieee80211_ptr;
12955
12956 if (!rdev->ops->set_power_mgmt)
12957 return -EOPNOTSUPP;
12958
12959 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
12960 if (!msg)
12961 return -ENOMEM;
12962
12963 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
12964 NL80211_CMD_GET_POWER_SAVE);
12965 if (!hdr) {
12966 err = -ENOBUFS;
12967 goto free_msg;
12968 }
12969
12970 if (wdev->ps)
12971 ps_state = NL80211_PS_ENABLED;
12972 else
12973 ps_state = NL80211_PS_DISABLED;
12974
12975 if (nla_put_u32(msg, NL80211_ATTR_PS_STATE, ps_state))
12976 goto nla_put_failure;
12977
12978 genlmsg_end(msg, hdr);
12979 return genlmsg_reply(msg, info);
12980
12981 nla_put_failure:
12982 err = -ENOBUFS;
12983 free_msg:
12984 nlmsg_free(msg);
12985 return err;
12986 }
12987
12988 static const struct nla_policy
12989 nl80211_attr_cqm_policy[NL80211_ATTR_CQM_MAX + 1] = {
12990 [NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_BINARY },
12991 [NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U32 },
12992 [NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 },
12993 [NL80211_ATTR_CQM_TXE_RATE] = { .type = NLA_U32 },
12994 [NL80211_ATTR_CQM_TXE_PKTS] = { .type = NLA_U32 },
12995 [NL80211_ATTR_CQM_TXE_INTVL] = { .type = NLA_U32 },
12996 [NL80211_ATTR_CQM_RSSI_LEVEL] = { .type = NLA_S32 },
12997 };
12998
12999 static int nl80211_set_cqm_txe(struct genl_info *info,
13000 u32 rate, u32 pkts, u32 intvl)
13001 {
13002 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13003 struct net_device *dev = info->user_ptr[1];
13004 struct wireless_dev *wdev = dev->ieee80211_ptr;
13005
13006 if (rate > 100 || intvl > NL80211_CQM_TXE_MAX_INTVL)
13007 return -EINVAL;
13008
13009 if (!rdev->ops->set_cqm_txe_config)
13010 return -EOPNOTSUPP;
13011
13012 if (wdev->iftype != NL80211_IFTYPE_STATION &&
13013 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
13014 return -EOPNOTSUPP;
13015
13016 return rdev_set_cqm_txe_config(rdev, dev, rate, pkts, intvl);
13017 }
13018
13019 static int cfg80211_cqm_rssi_update(struct cfg80211_registered_device *rdev,
13020 struct net_device *dev,
13021 struct cfg80211_cqm_config *cqm_config)
13022 {
13023 struct wireless_dev *wdev = dev->ieee80211_ptr;
13024 s32 last, low, high;
13025 u32 hyst;
13026 int i, n, low_index;
13027 int err;
13028
13029 /*
13030 * Obtain current RSSI value if possible, if not and no RSSI threshold
13031 * event has been received yet, we should receive an event after a
13032 * connection is established and enough beacons received to calculate
13033 * the average.
13034 */
13035 if (!cqm_config->last_rssi_event_value &&
13036 wdev->links[0].client.current_bss &&
13037 rdev->ops->get_station) {
13038 struct station_info sinfo = {};
13039 u8 *mac_addr;
13040
13041 mac_addr = wdev->links[0].client.current_bss->pub.bssid;
13042
13043 err = rdev_get_station(rdev, dev, mac_addr, &sinfo);
13044 if (err)
13045 return err;
13046
13047 cfg80211_sinfo_release_content(&sinfo);
13048 if (sinfo.filled & BIT_ULL(NL80211_STA_INFO_BEACON_SIGNAL_AVG))
13049 cqm_config->last_rssi_event_value =
13050 (s8) sinfo.rx_beacon_signal_avg;
13051 }
13052
13053 last = cqm_config->last_rssi_event_value;
13054 hyst = cqm_config->rssi_hyst;
13055 n = cqm_config->n_rssi_thresholds;
13056
13057 for (i = 0; i < n; i++) {
13058 i = array_index_nospec(i, n);
13059 if (last < cqm_config->rssi_thresholds[i])
13060 break;
13061 }
13062
13063 low_index = i - 1;
13064 if (low_index >= 0) {
13065 low_index = array_index_nospec(low_index, n);
13066 low = cqm_config->rssi_thresholds[low_index] - hyst;
13067 } else {
13068 low = S32_MIN;
13069 }
13070 if (i < n) {
13071 i = array_index_nospec(i, n);
13072 high = cqm_config->rssi_thresholds[i] + hyst - 1;
13073 } else {
13074 high = S32_MAX;
13075 }
13076
13077 return rdev_set_cqm_rssi_range_config(rdev, dev, low, high);
13078 }
13079
13080 static int nl80211_set_cqm_rssi(struct genl_info *info,
13081 const s32 *thresholds, int n_thresholds,
13082 u32 hysteresis)
13083 {
13084 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13085 struct cfg80211_cqm_config *cqm_config = NULL, *old;
13086 struct net_device *dev = info->user_ptr[1];
13087 struct wireless_dev *wdev = dev->ieee80211_ptr;
13088 s32 prev = S32_MIN;
13089 int i, err;
13090
13091 /* Check all values negative and sorted */
13092 for (i = 0; i < n_thresholds; i++) {
13093 if (thresholds[i] > 0 || thresholds[i] <= prev)
13094 return -EINVAL;
13095
13096 prev = thresholds[i];
13097 }
13098
13099 if (wdev->iftype != NL80211_IFTYPE_STATION &&
13100 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
13101 return -EOPNOTSUPP;
13102
13103 if (n_thresholds == 1 && thresholds[0] == 0) /* Disabling */
13104 n_thresholds = 0;
13105
13106 old = wiphy_dereference(wdev->wiphy, wdev->cqm_config);
13107
13108 /* if already disabled just succeed */
13109 if (!n_thresholds && !old)
13110 return 0;
13111
13112 if (n_thresholds > 1) {
13113 if (!wiphy_ext_feature_isset(&rdev->wiphy,
13114 NL80211_EXT_FEATURE_CQM_RSSI_LIST) ||
13115 !rdev->ops->set_cqm_rssi_range_config)
13116 return -EOPNOTSUPP;
13117 } else {
13118 if (!rdev->ops->set_cqm_rssi_config)
13119 return -EOPNOTSUPP;
13120 }
13121
13122 if (n_thresholds) {
13123 cqm_config = kzalloc(struct_size(cqm_config, rssi_thresholds,
13124 n_thresholds),
13125 GFP_KERNEL);
13126 if (!cqm_config)
13127 return -ENOMEM;
13128
13129 cqm_config->rssi_hyst = hysteresis;
13130 cqm_config->n_rssi_thresholds = n_thresholds;
13131 memcpy(cqm_config->rssi_thresholds, thresholds,
13132 flex_array_size(cqm_config, rssi_thresholds,
13133 n_thresholds));
13134 cqm_config->use_range_api = n_thresholds > 1 ||
13135 !rdev->ops->set_cqm_rssi_config;
13136
13137 rcu_assign_pointer(wdev->cqm_config, cqm_config);
13138
13139 if (cqm_config->use_range_api)
13140 err = cfg80211_cqm_rssi_update(rdev, dev, cqm_config);
13141 else
13142 err = rdev_set_cqm_rssi_config(rdev, dev,
13143 thresholds[0],
13144 hysteresis);
13145 } else {
13146 RCU_INIT_POINTER(wdev->cqm_config, NULL);
13147 /* if enabled as range also disable via range */
13148 if (old->use_range_api)
13149 err = rdev_set_cqm_rssi_range_config(rdev, dev, 0, 0);
13150 else
13151 err = rdev_set_cqm_rssi_config(rdev, dev, 0, 0);
13152 }
13153
13154 if (err) {
13155 rcu_assign_pointer(wdev->cqm_config, old);
13156 kfree_rcu(cqm_config, rcu_head);
13157 } else {
13158 kfree_rcu(old, rcu_head);
13159 }
13160
13161 return err;
13162 }
13163
13164 static int nl80211_set_cqm(struct sk_buff *skb, struct genl_info *info)
13165 {
13166 struct nlattr *attrs[NL80211_ATTR_CQM_MAX + 1];
13167 struct nlattr *cqm;
13168 int err;
13169
13170 cqm = info->attrs[NL80211_ATTR_CQM];
13171 if (!cqm)
13172 return -EINVAL;
13173
13174 err = nla_parse_nested_deprecated(attrs, NL80211_ATTR_CQM_MAX, cqm,
13175 nl80211_attr_cqm_policy,
13176 info->extack);
13177 if (err)
13178 return err;
13179
13180 if (attrs[NL80211_ATTR_CQM_RSSI_THOLD] &&
13181 attrs[NL80211_ATTR_CQM_RSSI_HYST]) {
13182 const s32 *thresholds =
13183 nla_data(attrs[NL80211_ATTR_CQM_RSSI_THOLD]);
13184 int len = nla_len(attrs[NL80211_ATTR_CQM_RSSI_THOLD]);
13185 u32 hysteresis = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_HYST]);
13186
13187 if (len % 4)
13188 return -EINVAL;
13189
13190 return nl80211_set_cqm_rssi(info, thresholds, len / 4,
13191 hysteresis);
13192 }
13193
13194 if (attrs[NL80211_ATTR_CQM_TXE_RATE] &&
13195 attrs[NL80211_ATTR_CQM_TXE_PKTS] &&
13196 attrs[NL80211_ATTR_CQM_TXE_INTVL]) {
13197 u32 rate = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_RATE]);
13198 u32 pkts = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_PKTS]);
13199 u32 intvl = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_INTVL]);
13200
13201 return nl80211_set_cqm_txe(info, rate, pkts, intvl);
13202 }
13203
13204 return -EINVAL;
13205 }
13206
13207 static int nl80211_join_ocb(struct sk_buff *skb, struct genl_info *info)
13208 {
13209 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13210 struct net_device *dev = info->user_ptr[1];
13211 struct ocb_setup setup = {};
13212 int err;
13213
13214 err = nl80211_parse_chandef(rdev, info, &setup.chandef);
13215 if (err)
13216 return err;
13217
13218 return cfg80211_join_ocb(rdev, dev, &setup);
13219 }
13220
13221 static int nl80211_leave_ocb(struct sk_buff *skb, struct genl_info *info)
13222 {
13223 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13224 struct net_device *dev = info->user_ptr[1];
13225
13226 return cfg80211_leave_ocb(rdev, dev);
13227 }
13228
13229 static int nl80211_join_mesh(struct sk_buff *skb, struct genl_info *info)
13230 {
13231 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13232 struct net_device *dev = info->user_ptr[1];
13233 struct mesh_config cfg;
13234 struct mesh_setup setup;
13235 int err;
13236
13237 /* start with default */
13238 memcpy(&cfg, &default_mesh_config, sizeof(cfg));
13239 memcpy(&setup, &default_mesh_setup, sizeof(setup));
13240
13241 if (info->attrs[NL80211_ATTR_MESH_CONFIG]) {
13242 /* and parse parameters if given */
13243 err = nl80211_parse_mesh_config(info, &cfg, NULL);
13244 if (err)
13245 return err;
13246 }
13247
13248 if (!info->attrs[NL80211_ATTR_MESH_ID] ||
13249 !nla_len(info->attrs[NL80211_ATTR_MESH_ID]))
13250 return -EINVAL;
13251
13252 setup.mesh_id = nla_data(info->attrs[NL80211_ATTR_MESH_ID]);
13253 setup.mesh_id_len = nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
13254
13255 if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
13256 !nl80211_parse_mcast_rate(rdev, setup.mcast_rate,
13257 nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
13258 return -EINVAL;
13259
13260 if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) {
13261 setup.beacon_interval =
13262 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
13263
13264 err = cfg80211_validate_beacon_int(rdev,
13265 NL80211_IFTYPE_MESH_POINT,
13266 setup.beacon_interval);
13267 if (err)
13268 return err;
13269 }
13270
13271 if (info->attrs[NL80211_ATTR_DTIM_PERIOD]) {
13272 setup.dtim_period =
13273 nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
13274 if (setup.dtim_period < 1 || setup.dtim_period > 100)
13275 return -EINVAL;
13276 }
13277
13278 if (info->attrs[NL80211_ATTR_MESH_SETUP]) {
13279 /* parse additional setup parameters if given */
13280 err = nl80211_parse_mesh_setup(info, &setup);
13281 if (err)
13282 return err;
13283 }
13284
13285 if (setup.user_mpm)
13286 cfg.auto_open_plinks = false;
13287
13288 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
13289 err = nl80211_parse_chandef(rdev, info, &setup.chandef);
13290 if (err)
13291 return err;
13292 } else {
13293 /* __cfg80211_join_mesh() will sort it out */
13294 setup.chandef.chan = NULL;
13295 }
13296
13297 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
13298 u8 *rates = nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
13299 int n_rates =
13300 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
13301 struct ieee80211_supported_band *sband;
13302
13303 if (!setup.chandef.chan)
13304 return -EINVAL;
13305
13306 sband = rdev->wiphy.bands[setup.chandef.chan->band];
13307
13308 err = ieee80211_get_ratemask(sband, rates, n_rates,
13309 &setup.basic_rates);
13310 if (err)
13311 return err;
13312 }
13313
13314 if (info->attrs[NL80211_ATTR_TX_RATES]) {
13315 err = nl80211_parse_tx_bitrate_mask(info, info->attrs,
13316 NL80211_ATTR_TX_RATES,
13317 &setup.beacon_rate,
13318 dev, false, 0);
13319 if (err)
13320 return err;
13321
13322 if (!setup.chandef.chan)
13323 return -EINVAL;
13324
13325 err = validate_beacon_tx_rate(rdev, setup.chandef.chan->band,
13326 &setup.beacon_rate);
13327 if (err)
13328 return err;
13329 }
13330
13331 setup.userspace_handles_dfs =
13332 nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS]);
13333
13334 if (info->attrs[NL80211_ATTR_CONTROL_PORT_OVER_NL80211]) {
13335 int r = validate_pae_over_nl80211(rdev, info);
13336
13337 if (r < 0)
13338 return r;
13339
13340 setup.control_port_over_nl80211 = true;
13341 }
13342
13343 err = __cfg80211_join_mesh(rdev, dev, &setup, &cfg);
13344 if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER])
13345 dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid;
13346
13347 return err;
13348 }
13349
13350 static int nl80211_leave_mesh(struct sk_buff *skb, struct genl_info *info)
13351 {
13352 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13353 struct net_device *dev = info->user_ptr[1];
13354
13355 return cfg80211_leave_mesh(rdev, dev);
13356 }
13357
13358 #ifdef CONFIG_PM
13359 static int nl80211_send_wowlan_patterns(struct sk_buff *msg,
13360 struct cfg80211_registered_device *rdev)
13361 {
13362 struct cfg80211_wowlan *wowlan = rdev->wiphy.wowlan_config;
13363 struct nlattr *nl_pats, *nl_pat;
13364 int i, pat_len;
13365
13366 if (!wowlan->n_patterns)
13367 return 0;
13368
13369 nl_pats = nla_nest_start_noflag(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN);
13370 if (!nl_pats)
13371 return -ENOBUFS;
13372
13373 for (i = 0; i < wowlan->n_patterns; i++) {
13374 nl_pat = nla_nest_start_noflag(msg, i + 1);
13375 if (!nl_pat)
13376 return -ENOBUFS;
13377 pat_len = wowlan->patterns[i].pattern_len;
13378 if (nla_put(msg, NL80211_PKTPAT_MASK, DIV_ROUND_UP(pat_len, 8),
13379 wowlan->patterns[i].mask) ||
13380 nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len,
13381 wowlan->patterns[i].pattern) ||
13382 nla_put_u32(msg, NL80211_PKTPAT_OFFSET,
13383 wowlan->patterns[i].pkt_offset))
13384 return -ENOBUFS;
13385 nla_nest_end(msg, nl_pat);
13386 }
13387 nla_nest_end(msg, nl_pats);
13388
13389 return 0;
13390 }
13391
13392 static int nl80211_send_wowlan_tcp(struct sk_buff *msg,
13393 struct cfg80211_wowlan_tcp *tcp)
13394 {
13395 struct nlattr *nl_tcp;
13396
13397 if (!tcp)
13398 return 0;
13399
13400 nl_tcp = nla_nest_start_noflag(msg,
13401 NL80211_WOWLAN_TRIG_TCP_CONNECTION);
13402 if (!nl_tcp)
13403 return -ENOBUFS;
13404
13405 if (nla_put_in_addr(msg, NL80211_WOWLAN_TCP_SRC_IPV4, tcp->src) ||
13406 nla_put_in_addr(msg, NL80211_WOWLAN_TCP_DST_IPV4, tcp->dst) ||
13407 nla_put(msg, NL80211_WOWLAN_TCP_DST_MAC, ETH_ALEN, tcp->dst_mac) ||
13408 nla_put_u16(msg, NL80211_WOWLAN_TCP_SRC_PORT, tcp->src_port) ||
13409 nla_put_u16(msg, NL80211_WOWLAN_TCP_DST_PORT, tcp->dst_port) ||
13410 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
13411 tcp->payload_len, tcp->payload) ||
13412 nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
13413 tcp->data_interval) ||
13414 nla_put(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
13415 tcp->wake_len, tcp->wake_data) ||
13416 nla_put(msg, NL80211_WOWLAN_TCP_WAKE_MASK,
13417 DIV_ROUND_UP(tcp->wake_len, 8), tcp->wake_mask))
13418 return -ENOBUFS;
13419
13420 if (tcp->payload_seq.len &&
13421 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ,
13422 sizeof(tcp->payload_seq), &tcp->payload_seq))
13423 return -ENOBUFS;
13424
13425 if (tcp->payload_tok.len &&
13426 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
13427 sizeof(tcp->payload_tok) + tcp->tokens_size,
13428 &tcp->payload_tok))
13429 return -ENOBUFS;
13430
13431 nla_nest_end(msg, nl_tcp);
13432
13433 return 0;
13434 }
13435
13436 static int nl80211_send_wowlan_nd(struct sk_buff *msg,
13437 struct cfg80211_sched_scan_request *req)
13438 {
13439 struct nlattr *nd, *freqs, *matches, *match, *scan_plans, *scan_plan;
13440 int i;
13441
13442 if (!req)
13443 return 0;
13444
13445 nd = nla_nest_start_noflag(msg, NL80211_WOWLAN_TRIG_NET_DETECT);
13446 if (!nd)
13447 return -ENOBUFS;
13448
13449 if (req->n_scan_plans == 1 &&
13450 nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_INTERVAL,
13451 req->scan_plans[0].interval * 1000))
13452 return -ENOBUFS;
13453
13454 if (nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_DELAY, req->delay))
13455 return -ENOBUFS;
13456
13457 if (req->relative_rssi_set) {
13458 struct nl80211_bss_select_rssi_adjust rssi_adjust;
13459
13460 if (nla_put_s8(msg, NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI,
13461 req->relative_rssi))
13462 return -ENOBUFS;
13463
13464 rssi_adjust.band = req->rssi_adjust.band;
13465 rssi_adjust.delta = req->rssi_adjust.delta;
13466 if (nla_put(msg, NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST,
13467 sizeof(rssi_adjust), &rssi_adjust))
13468 return -ENOBUFS;
13469 }
13470
13471 freqs = nla_nest_start_noflag(msg, NL80211_ATTR_SCAN_FREQUENCIES);
13472 if (!freqs)
13473 return -ENOBUFS;
13474
13475 for (i = 0; i < req->n_channels; i++) {
13476 if (nla_put_u32(msg, i, req->channels[i]->center_freq))
13477 return -ENOBUFS;
13478 }
13479
13480 nla_nest_end(msg, freqs);
13481
13482 if (req->n_match_sets) {
13483 matches = nla_nest_start_noflag(msg,
13484 NL80211_ATTR_SCHED_SCAN_MATCH);
13485 if (!matches)
13486 return -ENOBUFS;
13487
13488 for (i = 0; i < req->n_match_sets; i++) {
13489 match = nla_nest_start_noflag(msg, i);
13490 if (!match)
13491 return -ENOBUFS;
13492
13493 if (nla_put(msg, NL80211_SCHED_SCAN_MATCH_ATTR_SSID,
13494 req->match_sets[i].ssid.ssid_len,
13495 req->match_sets[i].ssid.ssid))
13496 return -ENOBUFS;
13497 nla_nest_end(msg, match);
13498 }
13499 nla_nest_end(msg, matches);
13500 }
13501
13502 scan_plans = nla_nest_start_noflag(msg, NL80211_ATTR_SCHED_SCAN_PLANS);
13503 if (!scan_plans)
13504 return -ENOBUFS;
13505
13506 for (i = 0; i < req->n_scan_plans; i++) {
13507 scan_plan = nla_nest_start_noflag(msg, i + 1);
13508 if (!scan_plan)
13509 return -ENOBUFS;
13510
13511 if (nla_put_u32(msg, NL80211_SCHED_SCAN_PLAN_INTERVAL,
13512 req->scan_plans[i].interval) ||
13513 (req->scan_plans[i].iterations &&
13514 nla_put_u32(msg, NL80211_SCHED_SCAN_PLAN_ITERATIONS,
13515 req->scan_plans[i].iterations)))
13516 return -ENOBUFS;
13517 nla_nest_end(msg, scan_plan);
13518 }
13519 nla_nest_end(msg, scan_plans);
13520
13521 nla_nest_end(msg, nd);
13522
13523 return 0;
13524 }
13525
13526 static int nl80211_get_wowlan(struct sk_buff *skb, struct genl_info *info)
13527 {
13528 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13529 struct sk_buff *msg;
13530 void *hdr;
13531 u32 size = NLMSG_DEFAULT_SIZE;
13532
13533 if (!rdev->wiphy.wowlan)
13534 return -EOPNOTSUPP;
13535
13536 if (rdev->wiphy.wowlan_config && rdev->wiphy.wowlan_config->tcp) {
13537 /* adjust size to have room for all the data */
13538 size += rdev->wiphy.wowlan_config->tcp->tokens_size +
13539 rdev->wiphy.wowlan_config->tcp->payload_len +
13540 rdev->wiphy.wowlan_config->tcp->wake_len +
13541 rdev->wiphy.wowlan_config->tcp->wake_len / 8;
13542 }
13543
13544 msg = nlmsg_new(size, GFP_KERNEL);
13545 if (!msg)
13546 return -ENOMEM;
13547
13548 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
13549 NL80211_CMD_GET_WOWLAN);
13550 if (!hdr)
13551 goto nla_put_failure;
13552
13553 if (rdev->wiphy.wowlan_config) {
13554 struct nlattr *nl_wowlan;
13555
13556 nl_wowlan = nla_nest_start_noflag(msg,
13557 NL80211_ATTR_WOWLAN_TRIGGERS);
13558 if (!nl_wowlan)
13559 goto nla_put_failure;
13560
13561 if ((rdev->wiphy.wowlan_config->any &&
13562 nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
13563 (rdev->wiphy.wowlan_config->disconnect &&
13564 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
13565 (rdev->wiphy.wowlan_config->magic_pkt &&
13566 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
13567 (rdev->wiphy.wowlan_config->gtk_rekey_failure &&
13568 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
13569 (rdev->wiphy.wowlan_config->eap_identity_req &&
13570 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
13571 (rdev->wiphy.wowlan_config->four_way_handshake &&
13572 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
13573 (rdev->wiphy.wowlan_config->rfkill_release &&
13574 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
13575 goto nla_put_failure;
13576
13577 if (nl80211_send_wowlan_patterns(msg, rdev))
13578 goto nla_put_failure;
13579
13580 if (nl80211_send_wowlan_tcp(msg,
13581 rdev->wiphy.wowlan_config->tcp))
13582 goto nla_put_failure;
13583
13584 if (nl80211_send_wowlan_nd(
13585 msg,
13586 rdev->wiphy.wowlan_config->nd_config))
13587 goto nla_put_failure;
13588
13589 nla_nest_end(msg, nl_wowlan);
13590 }
13591
13592 genlmsg_end(msg, hdr);
13593 return genlmsg_reply(msg, info);
13594
13595 nla_put_failure:
13596 nlmsg_free(msg);
13597 return -ENOBUFS;
13598 }
13599
13600 static int nl80211_parse_wowlan_tcp(struct cfg80211_registered_device *rdev,
13601 struct nlattr *attr,
13602 struct cfg80211_wowlan *trig)
13603 {
13604 struct nlattr *tb[NUM_NL80211_WOWLAN_TCP];
13605 struct cfg80211_wowlan_tcp *cfg;
13606 struct nl80211_wowlan_tcp_data_token *tok = NULL;
13607 struct nl80211_wowlan_tcp_data_seq *seq = NULL;
13608 u32 size;
13609 u32 data_size, wake_size, tokens_size = 0, wake_mask_size;
13610 int err, port;
13611
13612 if (!rdev->wiphy.wowlan->tcp)
13613 return -EINVAL;
13614
13615 err = nla_parse_nested_deprecated(tb, MAX_NL80211_WOWLAN_TCP, attr,
13616 nl80211_wowlan_tcp_policy, NULL);
13617 if (err)
13618 return err;
13619
13620 if (!tb[NL80211_WOWLAN_TCP_SRC_IPV4] ||
13621 !tb[NL80211_WOWLAN_TCP_DST_IPV4] ||
13622 !tb[NL80211_WOWLAN_TCP_DST_MAC] ||
13623 !tb[NL80211_WOWLAN_TCP_DST_PORT] ||
13624 !tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD] ||
13625 !tb[NL80211_WOWLAN_TCP_DATA_INTERVAL] ||
13626 !tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD] ||
13627 !tb[NL80211_WOWLAN_TCP_WAKE_MASK])
13628 return -EINVAL;
13629
13630 data_size = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]);
13631 if (data_size > rdev->wiphy.wowlan->tcp->data_payload_max)
13632 return -EINVAL;
13633
13634 if (nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) >
13635 rdev->wiphy.wowlan->tcp->data_interval_max ||
13636 nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) == 0)
13637 return -EINVAL;
13638
13639 wake_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]);
13640 if (wake_size > rdev->wiphy.wowlan->tcp->wake_payload_max)
13641 return -EINVAL;
13642
13643 wake_mask_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_MASK]);
13644 if (wake_mask_size != DIV_ROUND_UP(wake_size, 8))
13645 return -EINVAL;
13646
13647 if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]) {
13648 u32 tokln = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]);
13649
13650 tok = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]);
13651 tokens_size = tokln - sizeof(*tok);
13652
13653 if (!tok->len || tokens_size % tok->len)
13654 return -EINVAL;
13655 if (!rdev->wiphy.wowlan->tcp->tok)
13656 return -EINVAL;
13657 if (tok->len > rdev->wiphy.wowlan->tcp->tok->max_len)
13658 return -EINVAL;
13659 if (tok->len < rdev->wiphy.wowlan->tcp->tok->min_len)
13660 return -EINVAL;
13661 if (tokens_size > rdev->wiphy.wowlan->tcp->tok->bufsize)
13662 return -EINVAL;
13663 if (tok->offset + tok->len > data_size)
13664 return -EINVAL;
13665 }
13666
13667 if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]) {
13668 seq = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]);
13669 if (!rdev->wiphy.wowlan->tcp->seq)
13670 return -EINVAL;
13671 if (seq->len == 0 || seq->len > 4)
13672 return -EINVAL;
13673 if (seq->len + seq->offset > data_size)
13674 return -EINVAL;
13675 }
13676
13677 size = sizeof(*cfg);
13678 size += data_size;
13679 size += wake_size + wake_mask_size;
13680 size += tokens_size;
13681
13682 cfg = kzalloc(size, GFP_KERNEL);
13683 if (!cfg)
13684 return -ENOMEM;
13685 cfg->src = nla_get_in_addr(tb[NL80211_WOWLAN_TCP_SRC_IPV4]);
13686 cfg->dst = nla_get_in_addr(tb[NL80211_WOWLAN_TCP_DST_IPV4]);
13687 memcpy(cfg->dst_mac, nla_data(tb[NL80211_WOWLAN_TCP_DST_MAC]),
13688 ETH_ALEN);
13689 port = nla_get_u16_default(tb[NL80211_WOWLAN_TCP_SRC_PORT], 0);
13690 #ifdef CONFIG_INET
13691 /* allocate a socket and port for it and use it */
13692 err = __sock_create(wiphy_net(&rdev->wiphy), PF_INET, SOCK_STREAM,
13693 IPPROTO_TCP, &cfg->sock, 1);
13694 if (err) {
13695 kfree(cfg);
13696 return err;
13697 }
13698 if (inet_csk_get_port(cfg->sock->sk, port)) {
13699 sock_release(cfg->sock);
13700 kfree(cfg);
13701 return -EADDRINUSE;
13702 }
13703 cfg->src_port = inet_sk(cfg->sock->sk)->inet_num;
13704 #else
13705 if (!port) {
13706 kfree(cfg);
13707 return -EINVAL;
13708 }
13709 cfg->src_port = port;
13710 #endif
13711
13712 cfg->dst_port = nla_get_u16(tb[NL80211_WOWLAN_TCP_DST_PORT]);
13713 cfg->payload_len = data_size;
13714 cfg->payload = (u8 *)cfg + sizeof(*cfg) + tokens_size;
13715 memcpy((void *)cfg->payload,
13716 nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]),
13717 data_size);
13718 if (seq)
13719 cfg->payload_seq = *seq;
13720 cfg->data_interval = nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]);
13721 cfg->wake_len = wake_size;
13722 cfg->wake_data = (u8 *)cfg + sizeof(*cfg) + tokens_size + data_size;
13723 memcpy((void *)cfg->wake_data,
13724 nla_data(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]),
13725 wake_size);
13726 cfg->wake_mask = (u8 *)cfg + sizeof(*cfg) + tokens_size +
13727 data_size + wake_size;
13728 memcpy((void *)cfg->wake_mask,
13729 nla_data(tb[NL80211_WOWLAN_TCP_WAKE_MASK]),
13730 wake_mask_size);
13731 if (tok) {
13732 cfg->tokens_size = tokens_size;
13733 cfg->payload_tok = *tok;
13734 memcpy(cfg->payload_tok.token_stream, tok->token_stream,
13735 tokens_size);
13736 }
13737
13738 trig->tcp = cfg;
13739
13740 return 0;
13741 }
13742
13743 static int nl80211_parse_wowlan_nd(struct cfg80211_registered_device *rdev,
13744 const struct wiphy_wowlan_support *wowlan,
13745 struct nlattr *attr,
13746 struct cfg80211_wowlan *trig)
13747 {
13748 struct nlattr **tb;
13749 int err;
13750
13751 tb = kcalloc(NUM_NL80211_ATTR, sizeof(*tb), GFP_KERNEL);
13752 if (!tb)
13753 return -ENOMEM;
13754
13755 if (!(wowlan->flags & WIPHY_WOWLAN_NET_DETECT)) {
13756 err = -EOPNOTSUPP;
13757 goto out;
13758 }
13759
13760 err = nla_parse_nested_deprecated(tb, NL80211_ATTR_MAX, attr,
13761 nl80211_policy, NULL);
13762 if (err)
13763 goto out;
13764
13765 trig->nd_config = nl80211_parse_sched_scan(&rdev->wiphy, NULL, tb,
13766 wowlan->max_nd_match_sets);
13767 err = PTR_ERR_OR_ZERO(trig->nd_config);
13768 if (err)
13769 trig->nd_config = NULL;
13770
13771 out:
13772 kfree(tb);
13773 return err;
13774 }
13775
13776 static int nl80211_set_wowlan(struct sk_buff *skb, struct genl_info *info)
13777 {
13778 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13779 struct nlattr *tb[NUM_NL80211_WOWLAN_TRIG];
13780 struct cfg80211_wowlan new_triggers = {};
13781 struct cfg80211_wowlan *ntrig;
13782 const struct wiphy_wowlan_support *wowlan = rdev->wiphy.wowlan;
13783 int err, i;
13784 bool prev_enabled = rdev->wiphy.wowlan_config;
13785 bool regular = false;
13786
13787 if (!wowlan)
13788 return -EOPNOTSUPP;
13789
13790 if (!info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]) {
13791 cfg80211_rdev_free_wowlan(rdev);
13792 rdev->wiphy.wowlan_config = NULL;
13793 goto set_wakeup;
13794 }
13795
13796 err = nla_parse_nested_deprecated(tb, MAX_NL80211_WOWLAN_TRIG,
13797 info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS],
13798 nl80211_wowlan_policy, info->extack);
13799 if (err)
13800 return err;
13801
13802 if (tb[NL80211_WOWLAN_TRIG_ANY]) {
13803 if (!(wowlan->flags & WIPHY_WOWLAN_ANY))
13804 return -EINVAL;
13805 new_triggers.any = true;
13806 }
13807
13808 if (tb[NL80211_WOWLAN_TRIG_DISCONNECT]) {
13809 if (!(wowlan->flags & WIPHY_WOWLAN_DISCONNECT))
13810 return -EINVAL;
13811 new_triggers.disconnect = true;
13812 regular = true;
13813 }
13814
13815 if (tb[NL80211_WOWLAN_TRIG_MAGIC_PKT]) {
13816 if (!(wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT))
13817 return -EINVAL;
13818 new_triggers.magic_pkt = true;
13819 regular = true;
13820 }
13821
13822 if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED])
13823 return -EINVAL;
13824
13825 if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE]) {
13826 if (!(wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE))
13827 return -EINVAL;
13828 new_triggers.gtk_rekey_failure = true;
13829 regular = true;
13830 }
13831
13832 if (tb[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST]) {
13833 if (!(wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ))
13834 return -EINVAL;
13835 new_triggers.eap_identity_req = true;
13836 regular = true;
13837 }
13838
13839 if (tb[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE]) {
13840 if (!(wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE))
13841 return -EINVAL;
13842 new_triggers.four_way_handshake = true;
13843 regular = true;
13844 }
13845
13846 if (tb[NL80211_WOWLAN_TRIG_RFKILL_RELEASE]) {
13847 if (!(wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE))
13848 return -EINVAL;
13849 new_triggers.rfkill_release = true;
13850 regular = true;
13851 }
13852
13853 if (tb[NL80211_WOWLAN_TRIG_PKT_PATTERN]) {
13854 struct nlattr *pat;
13855 int n_patterns = 0;
13856 int rem, pat_len, mask_len, pkt_offset;
13857 struct nlattr *pat_tb[NUM_NL80211_PKTPAT];
13858
13859 regular = true;
13860
13861 nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
13862 rem)
13863 n_patterns++;
13864 if (n_patterns > wowlan->n_patterns)
13865 return -EINVAL;
13866
13867 new_triggers.patterns = kcalloc(n_patterns,
13868 sizeof(new_triggers.patterns[0]),
13869 GFP_KERNEL);
13870 if (!new_triggers.patterns)
13871 return -ENOMEM;
13872
13873 new_triggers.n_patterns = n_patterns;
13874 i = 0;
13875
13876 nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
13877 rem) {
13878 u8 *mask_pat;
13879
13880 err = nla_parse_nested_deprecated(pat_tb,
13881 MAX_NL80211_PKTPAT,
13882 pat,
13883 nl80211_packet_pattern_policy,
13884 info->extack);
13885 if (err)
13886 goto error;
13887
13888 err = -EINVAL;
13889 if (!pat_tb[NL80211_PKTPAT_MASK] ||
13890 !pat_tb[NL80211_PKTPAT_PATTERN])
13891 goto error;
13892 pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]);
13893 mask_len = DIV_ROUND_UP(pat_len, 8);
13894 if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len)
13895 goto error;
13896 if (pat_len > wowlan->pattern_max_len ||
13897 pat_len < wowlan->pattern_min_len)
13898 goto error;
13899
13900 pkt_offset =
13901 nla_get_u32_default(pat_tb[NL80211_PKTPAT_OFFSET],
13902 0);
13903 if (pkt_offset > wowlan->max_pkt_offset)
13904 goto error;
13905 new_triggers.patterns[i].pkt_offset = pkt_offset;
13906
13907 mask_pat = kmalloc(mask_len + pat_len, GFP_KERNEL);
13908 if (!mask_pat) {
13909 err = -ENOMEM;
13910 goto error;
13911 }
13912 new_triggers.patterns[i].mask = mask_pat;
13913 memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_MASK]),
13914 mask_len);
13915 mask_pat += mask_len;
13916 new_triggers.patterns[i].pattern = mask_pat;
13917 new_triggers.patterns[i].pattern_len = pat_len;
13918 memcpy(mask_pat,
13919 nla_data(pat_tb[NL80211_PKTPAT_PATTERN]),
13920 pat_len);
13921 i++;
13922 }
13923 }
13924
13925 if (tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION]) {
13926 regular = true;
13927 err = nl80211_parse_wowlan_tcp(
13928 rdev, tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION],
13929 &new_triggers);
13930 if (err)
13931 goto error;
13932 }
13933
13934 if (tb[NL80211_WOWLAN_TRIG_NET_DETECT]) {
13935 regular = true;
13936 err = nl80211_parse_wowlan_nd(
13937 rdev, wowlan, tb[NL80211_WOWLAN_TRIG_NET_DETECT],
13938 &new_triggers);
13939 if (err)
13940 goto error;
13941 }
13942
13943 /* The 'any' trigger means the device continues operating more or less
13944 * as in its normal operation mode and wakes up the host on most of the
13945 * normal interrupts (like packet RX, ...)
13946 * It therefore makes little sense to combine with the more constrained
13947 * wakeup trigger modes.
13948 */
13949 if (new_triggers.any && regular) {
13950 err = -EINVAL;
13951 goto error;
13952 }
13953
13954 ntrig = kmemdup(&new_triggers, sizeof(new_triggers), GFP_KERNEL);
13955 if (!ntrig) {
13956 err = -ENOMEM;
13957 goto error;
13958 }
13959 cfg80211_rdev_free_wowlan(rdev);
13960 rdev->wiphy.wowlan_config = ntrig;
13961
13962 set_wakeup:
13963 if (rdev->ops->set_wakeup &&
13964 prev_enabled != !!rdev->wiphy.wowlan_config)
13965 rdev_set_wakeup(rdev, rdev->wiphy.wowlan_config);
13966
13967 return 0;
13968 error:
13969 for (i = 0; i < new_triggers.n_patterns; i++)
13970 kfree(new_triggers.patterns[i].mask);
13971 kfree(new_triggers.patterns);
13972 if (new_triggers.tcp && new_triggers.tcp->sock)
13973 sock_release(new_triggers.tcp->sock);
13974 kfree(new_triggers.tcp);
13975 kfree(new_triggers.nd_config);
13976 return err;
13977 }
13978 #endif
13979
13980 static int nl80211_send_coalesce_rules(struct sk_buff *msg,
13981 struct cfg80211_registered_device *rdev)
13982 {
13983 struct nlattr *nl_pats, *nl_pat, *nl_rule, *nl_rules;
13984 int i, j, pat_len;
13985 struct cfg80211_coalesce_rules *rule;
13986
13987 if (!rdev->coalesce->n_rules)
13988 return 0;
13989
13990 nl_rules = nla_nest_start_noflag(msg, NL80211_ATTR_COALESCE_RULE);
13991 if (!nl_rules)
13992 return -ENOBUFS;
13993
13994 for (i = 0; i < rdev->coalesce->n_rules; i++) {
13995 nl_rule = nla_nest_start_noflag(msg, i + 1);
13996 if (!nl_rule)
13997 return -ENOBUFS;
13998
13999 rule = &rdev->coalesce->rules[i];
14000 if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_DELAY,
14001 rule->delay))
14002 return -ENOBUFS;
14003
14004 if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_CONDITION,
14005 rule->condition))
14006 return -ENOBUFS;
14007
14008 nl_pats = nla_nest_start_noflag(msg,
14009 NL80211_ATTR_COALESCE_RULE_PKT_PATTERN);
14010 if (!nl_pats)
14011 return -ENOBUFS;
14012
14013 for (j = 0; j < rule->n_patterns; j++) {
14014 nl_pat = nla_nest_start_noflag(msg, j + 1);
14015 if (!nl_pat)
14016 return -ENOBUFS;
14017 pat_len = rule->patterns[j].pattern_len;
14018 if (nla_put(msg, NL80211_PKTPAT_MASK,
14019 DIV_ROUND_UP(pat_len, 8),
14020 rule->patterns[j].mask) ||
14021 nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len,
14022 rule->patterns[j].pattern) ||
14023 nla_put_u32(msg, NL80211_PKTPAT_OFFSET,
14024 rule->patterns[j].pkt_offset))
14025 return -ENOBUFS;
14026 nla_nest_end(msg, nl_pat);
14027 }
14028 nla_nest_end(msg, nl_pats);
14029 nla_nest_end(msg, nl_rule);
14030 }
14031 nla_nest_end(msg, nl_rules);
14032
14033 return 0;
14034 }
14035
14036 static int nl80211_get_coalesce(struct sk_buff *skb, struct genl_info *info)
14037 {
14038 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14039 struct sk_buff *msg;
14040 void *hdr;
14041
14042 if (!rdev->wiphy.coalesce)
14043 return -EOPNOTSUPP;
14044
14045 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
14046 if (!msg)
14047 return -ENOMEM;
14048
14049 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
14050 NL80211_CMD_GET_COALESCE);
14051 if (!hdr)
14052 goto nla_put_failure;
14053
14054 if (rdev->coalesce && nl80211_send_coalesce_rules(msg, rdev))
14055 goto nla_put_failure;
14056
14057 genlmsg_end(msg, hdr);
14058 return genlmsg_reply(msg, info);
14059
14060 nla_put_failure:
14061 nlmsg_free(msg);
14062 return -ENOBUFS;
14063 }
14064
14065 void cfg80211_free_coalesce(struct cfg80211_coalesce *coalesce)
14066 {
14067 int i, j;
14068 struct cfg80211_coalesce_rules *rule;
14069
14070 if (!coalesce)
14071 return;
14072
14073 for (i = 0; i < coalesce->n_rules; i++) {
14074 rule = &coalesce->rules[i];
14075 for (j = 0; j < rule->n_patterns; j++)
14076 kfree(rule->patterns[j].mask);
14077 kfree(rule->patterns);
14078 }
14079 kfree(coalesce);
14080 }
14081
14082 static int nl80211_parse_coalesce_rule(struct cfg80211_registered_device *rdev,
14083 struct nlattr *rule,
14084 struct cfg80211_coalesce_rules *new_rule)
14085 {
14086 int err, i;
14087 const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce;
14088 struct nlattr *tb[NUM_NL80211_ATTR_COALESCE_RULE], *pat;
14089 int rem, pat_len, mask_len, pkt_offset, n_patterns = 0;
14090 struct nlattr *pat_tb[NUM_NL80211_PKTPAT];
14091
14092 err = nla_parse_nested_deprecated(tb, NL80211_ATTR_COALESCE_RULE_MAX,
14093 rule, nl80211_coalesce_policy, NULL);
14094 if (err)
14095 return err;
14096
14097 if (tb[NL80211_ATTR_COALESCE_RULE_DELAY])
14098 new_rule->delay =
14099 nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_DELAY]);
14100 if (new_rule->delay > coalesce->max_delay)
14101 return -EINVAL;
14102
14103 if (tb[NL80211_ATTR_COALESCE_RULE_CONDITION])
14104 new_rule->condition =
14105 nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_CONDITION]);
14106
14107 if (!tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN])
14108 return -EINVAL;
14109
14110 nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN],
14111 rem)
14112 n_patterns++;
14113 if (n_patterns > coalesce->n_patterns)
14114 return -EINVAL;
14115
14116 new_rule->patterns = kcalloc(n_patterns, sizeof(new_rule->patterns[0]),
14117 GFP_KERNEL);
14118 if (!new_rule->patterns)
14119 return -ENOMEM;
14120
14121 new_rule->n_patterns = n_patterns;
14122 i = 0;
14123
14124 nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN],
14125 rem) {
14126 u8 *mask_pat;
14127
14128 err = nla_parse_nested_deprecated(pat_tb, MAX_NL80211_PKTPAT,
14129 pat,
14130 nl80211_packet_pattern_policy,
14131 NULL);
14132 if (err)
14133 return err;
14134
14135 if (!pat_tb[NL80211_PKTPAT_MASK] ||
14136 !pat_tb[NL80211_PKTPAT_PATTERN])
14137 return -EINVAL;
14138 pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]);
14139 mask_len = DIV_ROUND_UP(pat_len, 8);
14140 if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len)
14141 return -EINVAL;
14142 if (pat_len > coalesce->pattern_max_len ||
14143 pat_len < coalesce->pattern_min_len)
14144 return -EINVAL;
14145
14146 pkt_offset = nla_get_u32_default(pat_tb[NL80211_PKTPAT_OFFSET],
14147 0);
14148 if (pkt_offset > coalesce->max_pkt_offset)
14149 return -EINVAL;
14150 new_rule->patterns[i].pkt_offset = pkt_offset;
14151
14152 mask_pat = kmalloc(mask_len + pat_len, GFP_KERNEL);
14153 if (!mask_pat)
14154 return -ENOMEM;
14155
14156 new_rule->patterns[i].mask = mask_pat;
14157 memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_MASK]),
14158 mask_len);
14159
14160 mask_pat += mask_len;
14161 new_rule->patterns[i].pattern = mask_pat;
14162 new_rule->patterns[i].pattern_len = pat_len;
14163 memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_PATTERN]),
14164 pat_len);
14165 i++;
14166 }
14167
14168 return 0;
14169 }
14170
14171 static int nl80211_set_coalesce(struct sk_buff *skb, struct genl_info *info)
14172 {
14173 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14174 const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce;
14175 struct cfg80211_coalesce *new_coalesce;
14176 int err, rem_rule, n_rules = 0, i;
14177 struct nlattr *rule;
14178
14179 if (!rdev->wiphy.coalesce || !rdev->ops->set_coalesce)
14180 return -EOPNOTSUPP;
14181
14182 if (!info->attrs[NL80211_ATTR_COALESCE_RULE]) {
14183 cfg80211_free_coalesce(rdev->coalesce);
14184 rdev->coalesce = NULL;
14185 rdev_set_coalesce(rdev, NULL);
14186 return 0;
14187 }
14188
14189 nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE],
14190 rem_rule)
14191 n_rules++;
14192 if (n_rules > coalesce->n_rules)
14193 return -EINVAL;
14194
14195 new_coalesce = kzalloc(struct_size(new_coalesce, rules, n_rules),
14196 GFP_KERNEL);
14197 if (!new_coalesce)
14198 return -ENOMEM;
14199
14200 new_coalesce->n_rules = n_rules;
14201 i = 0;
14202
14203 nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE],
14204 rem_rule) {
14205 err = nl80211_parse_coalesce_rule(rdev, rule,
14206 &new_coalesce->rules[i]);
14207 if (err)
14208 goto error;
14209
14210 i++;
14211 }
14212
14213 err = rdev_set_coalesce(rdev, new_coalesce);
14214 if (err)
14215 goto error;
14216
14217 cfg80211_free_coalesce(rdev->coalesce);
14218 rdev->coalesce = new_coalesce;
14219
14220 return 0;
14221 error:
14222 cfg80211_free_coalesce(new_coalesce);
14223
14224 return err;
14225 }
14226
14227 static int nl80211_set_rekey_data(struct sk_buff *skb, struct genl_info *info)
14228 {
14229 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14230 struct net_device *dev = info->user_ptr[1];
14231 struct wireless_dev *wdev = dev->ieee80211_ptr;
14232 struct nlattr *tb[NUM_NL80211_REKEY_DATA];
14233 struct cfg80211_gtk_rekey_data rekey_data = {};
14234 int err;
14235
14236 if (!info->attrs[NL80211_ATTR_REKEY_DATA])
14237 return -EINVAL;
14238
14239 err = nla_parse_nested_deprecated(tb, MAX_NL80211_REKEY_DATA,
14240 info->attrs[NL80211_ATTR_REKEY_DATA],
14241 nl80211_rekey_policy, info->extack);
14242 if (err)
14243 return err;
14244
14245 if (!tb[NL80211_REKEY_DATA_REPLAY_CTR] || !tb[NL80211_REKEY_DATA_KEK] ||
14246 !tb[NL80211_REKEY_DATA_KCK])
14247 return -EINVAL;
14248 if (nla_len(tb[NL80211_REKEY_DATA_KEK]) != NL80211_KEK_LEN &&
14249 !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_EXT_KEK_KCK &&
14250 nla_len(tb[NL80211_REKEY_DATA_KEK]) == NL80211_KEK_EXT_LEN))
14251 return -ERANGE;
14252 if (nla_len(tb[NL80211_REKEY_DATA_KCK]) != NL80211_KCK_LEN &&
14253 !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_EXT_KEK_KCK &&
14254 nla_len(tb[NL80211_REKEY_DATA_KCK]) == NL80211_KCK_EXT_LEN) &&
14255 !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_EXT_KCK_32 &&
14256 nla_len(tb[NL80211_REKEY_DATA_KCK]) == NL80211_KCK_EXT_LEN_32))
14257 return -ERANGE;
14258
14259 rekey_data.kek = nla_data(tb[NL80211_REKEY_DATA_KEK]);
14260 rekey_data.kck = nla_data(tb[NL80211_REKEY_DATA_KCK]);
14261 rekey_data.replay_ctr = nla_data(tb[NL80211_REKEY_DATA_REPLAY_CTR]);
14262 rekey_data.kek_len = nla_len(tb[NL80211_REKEY_DATA_KEK]);
14263 rekey_data.kck_len = nla_len(tb[NL80211_REKEY_DATA_KCK]);
14264 if (tb[NL80211_REKEY_DATA_AKM])
14265 rekey_data.akm = nla_get_u32(tb[NL80211_REKEY_DATA_AKM]);
14266
14267 if (!wdev->connected)
14268 return -ENOTCONN;
14269
14270 if (!rdev->ops->set_rekey_data)
14271 return -EOPNOTSUPP;
14272
14273 return rdev_set_rekey_data(rdev, dev, &rekey_data);
14274 }
14275
14276 static int nl80211_register_unexpected_frame(struct sk_buff *skb,
14277 struct genl_info *info)
14278 {
14279 struct net_device *dev = info->user_ptr[1];
14280 struct wireless_dev *wdev = dev->ieee80211_ptr;
14281
14282 if (wdev->iftype != NL80211_IFTYPE_AP &&
14283 wdev->iftype != NL80211_IFTYPE_P2P_GO)
14284 return -EINVAL;
14285
14286 if (wdev->ap_unexpected_nlportid)
14287 return -EBUSY;
14288
14289 wdev->ap_unexpected_nlportid = info->snd_portid;
14290 return 0;
14291 }
14292
14293 static int nl80211_probe_client(struct sk_buff *skb,
14294 struct genl_info *info)
14295 {
14296 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14297 struct net_device *dev = info->user_ptr[1];
14298 struct wireless_dev *wdev = dev->ieee80211_ptr;
14299 struct sk_buff *msg;
14300 void *hdr;
14301 const u8 *addr;
14302 u64 cookie;
14303 int err;
14304
14305 if (wdev->iftype != NL80211_IFTYPE_AP &&
14306 wdev->iftype != NL80211_IFTYPE_P2P_GO)
14307 return -EOPNOTSUPP;
14308
14309 if (!info->attrs[NL80211_ATTR_MAC])
14310 return -EINVAL;
14311
14312 if (!rdev->ops->probe_client)
14313 return -EOPNOTSUPP;
14314
14315 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
14316 if (!msg)
14317 return -ENOMEM;
14318
14319 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
14320 NL80211_CMD_PROBE_CLIENT);
14321 if (!hdr) {
14322 err = -ENOBUFS;
14323 goto free_msg;
14324 }
14325
14326 addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
14327
14328 err = rdev_probe_client(rdev, dev, addr, &cookie);
14329 if (err)
14330 goto free_msg;
14331
14332 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
14333 NL80211_ATTR_PAD))
14334 goto nla_put_failure;
14335
14336 genlmsg_end(msg, hdr);
14337
14338 return genlmsg_reply(msg, info);
14339
14340 nla_put_failure:
14341 err = -ENOBUFS;
14342 free_msg:
14343 nlmsg_free(msg);
14344 return err;
14345 }
14346
14347 static int nl80211_register_beacons(struct sk_buff *skb, struct genl_info *info)
14348 {
14349 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14350 struct cfg80211_beacon_registration *reg, *nreg;
14351 int rv;
14352
14353 if (!(rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS))
14354 return -EOPNOTSUPP;
14355
14356 nreg = kzalloc(sizeof(*nreg), GFP_KERNEL);
14357 if (!nreg)
14358 return -ENOMEM;
14359
14360 /* First, check if already registered. */
14361 spin_lock_bh(&rdev->beacon_registrations_lock);
14362 list_for_each_entry(reg, &rdev->beacon_registrations, list) {
14363 if (reg->nlportid == info->snd_portid) {
14364 rv = -EALREADY;
14365 goto out_err;
14366 }
14367 }
14368 /* Add it to the list */
14369 nreg->nlportid = info->snd_portid;
14370 list_add(&nreg->list, &rdev->beacon_registrations);
14371
14372 spin_unlock_bh(&rdev->beacon_registrations_lock);
14373
14374 return 0;
14375 out_err:
14376 spin_unlock_bh(&rdev->beacon_registrations_lock);
14377 kfree(nreg);
14378 return rv;
14379 }
14380
14381 static int nl80211_start_p2p_device(struct sk_buff *skb, struct genl_info *info)
14382 {
14383 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14384 struct wireless_dev *wdev = info->user_ptr[1];
14385 int err;
14386
14387 if (!rdev->ops->start_p2p_device)
14388 return -EOPNOTSUPP;
14389
14390 if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
14391 return -EOPNOTSUPP;
14392
14393 if (wdev_running(wdev))
14394 return 0;
14395
14396 if (rfkill_blocked(rdev->wiphy.rfkill))
14397 return -ERFKILL;
14398
14399 err = rdev_start_p2p_device(rdev, wdev);
14400 if (err)
14401 return err;
14402
14403 wdev->is_running = true;
14404 rdev->opencount++;
14405
14406 return 0;
14407 }
14408
14409 static int nl80211_stop_p2p_device(struct sk_buff *skb, struct genl_info *info)
14410 {
14411 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14412 struct wireless_dev *wdev = info->user_ptr[1];
14413
14414 if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
14415 return -EOPNOTSUPP;
14416
14417 if (!rdev->ops->stop_p2p_device)
14418 return -EOPNOTSUPP;
14419
14420 cfg80211_stop_p2p_device(rdev, wdev);
14421
14422 return 0;
14423 }
14424
14425 static int nl80211_start_nan(struct sk_buff *skb, struct genl_info *info)
14426 {
14427 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14428 struct wireless_dev *wdev = info->user_ptr[1];
14429 struct cfg80211_nan_conf conf = {};
14430 int err;
14431
14432 if (wdev->iftype != NL80211_IFTYPE_NAN)
14433 return -EOPNOTSUPP;
14434
14435 if (wdev_running(wdev))
14436 return -EEXIST;
14437
14438 if (rfkill_blocked(rdev->wiphy.rfkill))
14439 return -ERFKILL;
14440
14441 if (!info->attrs[NL80211_ATTR_NAN_MASTER_PREF])
14442 return -EINVAL;
14443
14444 conf.master_pref =
14445 nla_get_u8(info->attrs[NL80211_ATTR_NAN_MASTER_PREF]);
14446
14447 if (info->attrs[NL80211_ATTR_BANDS]) {
14448 u32 bands = nla_get_u32(info->attrs[NL80211_ATTR_BANDS]);
14449
14450 if (bands & ~(u32)wdev->wiphy->nan_supported_bands)
14451 return -EOPNOTSUPP;
14452
14453 if (bands && !(bands & BIT(NL80211_BAND_2GHZ)))
14454 return -EINVAL;
14455
14456 conf.bands = bands;
14457 }
14458
14459 err = rdev_start_nan(rdev, wdev, &conf);
14460 if (err)
14461 return err;
14462
14463 wdev->is_running = true;
14464 rdev->opencount++;
14465
14466 return 0;
14467 }
14468
14469 static int nl80211_stop_nan(struct sk_buff *skb, struct genl_info *info)
14470 {
14471 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14472 struct wireless_dev *wdev = info->user_ptr[1];
14473
14474 if (wdev->iftype != NL80211_IFTYPE_NAN)
14475 return -EOPNOTSUPP;
14476
14477 cfg80211_stop_nan(rdev, wdev);
14478
14479 return 0;
14480 }
14481
14482 static int validate_nan_filter(struct nlattr *filter_attr)
14483 {
14484 struct nlattr *attr;
14485 int len = 0, n_entries = 0, rem;
14486
14487 nla_for_each_nested(attr, filter_attr, rem) {
14488 len += nla_len(attr);
14489 n_entries++;
14490 }
14491
14492 if (len >= U8_MAX)
14493 return -EINVAL;
14494
14495 return n_entries;
14496 }
14497
14498 static int handle_nan_filter(struct nlattr *attr_filter,
14499 struct cfg80211_nan_func *func,
14500 bool tx)
14501 {
14502 struct nlattr *attr;
14503 int n_entries, rem, i;
14504 struct cfg80211_nan_func_filter *filter;
14505
14506 n_entries = validate_nan_filter(attr_filter);
14507 if (n_entries < 0)
14508 return n_entries;
14509
14510 BUILD_BUG_ON(sizeof(*func->rx_filters) != sizeof(*func->tx_filters));
14511
14512 filter = kcalloc(n_entries, sizeof(*func->rx_filters), GFP_KERNEL);
14513 if (!filter)
14514 return -ENOMEM;
14515
14516 i = 0;
14517 nla_for_each_nested(attr, attr_filter, rem) {
14518 filter[i].filter = nla_memdup(attr, GFP_KERNEL);
14519 if (!filter[i].filter)
14520 goto err;
14521
14522 filter[i].len = nla_len(attr);
14523 i++;
14524 }
14525 if (tx) {
14526 func->num_tx_filters = n_entries;
14527 func->tx_filters = filter;
14528 } else {
14529 func->num_rx_filters = n_entries;
14530 func->rx_filters = filter;
14531 }
14532
14533 return 0;
14534
14535 err:
14536 i = 0;
14537 nla_for_each_nested(attr, attr_filter, rem) {
14538 kfree(filter[i].filter);
14539 i++;
14540 }
14541 kfree(filter);
14542 return -ENOMEM;
14543 }
14544
14545 static int nl80211_nan_add_func(struct sk_buff *skb,
14546 struct genl_info *info)
14547 {
14548 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14549 struct wireless_dev *wdev = info->user_ptr[1];
14550 struct nlattr *tb[NUM_NL80211_NAN_FUNC_ATTR], *func_attr;
14551 struct cfg80211_nan_func *func;
14552 struct sk_buff *msg = NULL;
14553 void *hdr = NULL;
14554 int err = 0;
14555
14556 if (wdev->iftype != NL80211_IFTYPE_NAN)
14557 return -EOPNOTSUPP;
14558
14559 if (!wdev_running(wdev))
14560 return -ENOTCONN;
14561
14562 if (!info->attrs[NL80211_ATTR_NAN_FUNC])
14563 return -EINVAL;
14564
14565 err = nla_parse_nested_deprecated(tb, NL80211_NAN_FUNC_ATTR_MAX,
14566 info->attrs[NL80211_ATTR_NAN_FUNC],
14567 nl80211_nan_func_policy,
14568 info->extack);
14569 if (err)
14570 return err;
14571
14572 func = kzalloc(sizeof(*func), GFP_KERNEL);
14573 if (!func)
14574 return -ENOMEM;
14575
14576 func->cookie = cfg80211_assign_cookie(rdev);
14577
14578 if (!tb[NL80211_NAN_FUNC_TYPE]) {
14579 err = -EINVAL;
14580 goto out;
14581 }
14582
14583
14584 func->type = nla_get_u8(tb[NL80211_NAN_FUNC_TYPE]);
14585
14586 if (!tb[NL80211_NAN_FUNC_SERVICE_ID]) {
14587 err = -EINVAL;
14588 goto out;
14589 }
14590
14591 memcpy(func->service_id, nla_data(tb[NL80211_NAN_FUNC_SERVICE_ID]),
14592 sizeof(func->service_id));
14593
14594 func->close_range =
14595 nla_get_flag(tb[NL80211_NAN_FUNC_CLOSE_RANGE]);
14596
14597 if (tb[NL80211_NAN_FUNC_SERVICE_INFO]) {
14598 func->serv_spec_info_len =
14599 nla_len(tb[NL80211_NAN_FUNC_SERVICE_INFO]);
14600 func->serv_spec_info =
14601 kmemdup(nla_data(tb[NL80211_NAN_FUNC_SERVICE_INFO]),
14602 func->serv_spec_info_len,
14603 GFP_KERNEL);
14604 if (!func->serv_spec_info) {
14605 err = -ENOMEM;
14606 goto out;
14607 }
14608 }
14609
14610 if (tb[NL80211_NAN_FUNC_TTL])
14611 func->ttl = nla_get_u32(tb[NL80211_NAN_FUNC_TTL]);
14612
14613 switch (func->type) {
14614 case NL80211_NAN_FUNC_PUBLISH:
14615 if (!tb[NL80211_NAN_FUNC_PUBLISH_TYPE]) {
14616 err = -EINVAL;
14617 goto out;
14618 }
14619
14620 func->publish_type =
14621 nla_get_u8(tb[NL80211_NAN_FUNC_PUBLISH_TYPE]);
14622 func->publish_bcast =
14623 nla_get_flag(tb[NL80211_NAN_FUNC_PUBLISH_BCAST]);
14624
14625 if ((!(func->publish_type & NL80211_NAN_SOLICITED_PUBLISH)) &&
14626 func->publish_bcast) {
14627 err = -EINVAL;
14628 goto out;
14629 }
14630 break;
14631 case NL80211_NAN_FUNC_SUBSCRIBE:
14632 func->subscribe_active =
14633 nla_get_flag(tb[NL80211_NAN_FUNC_SUBSCRIBE_ACTIVE]);
14634 break;
14635 case NL80211_NAN_FUNC_FOLLOW_UP:
14636 if (!tb[NL80211_NAN_FUNC_FOLLOW_UP_ID] ||
14637 !tb[NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID] ||
14638 !tb[NL80211_NAN_FUNC_FOLLOW_UP_DEST]) {
14639 err = -EINVAL;
14640 goto out;
14641 }
14642
14643 func->followup_id =
14644 nla_get_u8(tb[NL80211_NAN_FUNC_FOLLOW_UP_ID]);
14645 func->followup_reqid =
14646 nla_get_u8(tb[NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID]);
14647 memcpy(func->followup_dest.addr,
14648 nla_data(tb[NL80211_NAN_FUNC_FOLLOW_UP_DEST]),
14649 sizeof(func->followup_dest.addr));
14650 if (func->ttl) {
14651 err = -EINVAL;
14652 goto out;
14653 }
14654 break;
14655 default:
14656 err = -EINVAL;
14657 goto out;
14658 }
14659
14660 if (tb[NL80211_NAN_FUNC_SRF]) {
14661 struct nlattr *srf_tb[NUM_NL80211_NAN_SRF_ATTR];
14662
14663 err = nla_parse_nested_deprecated(srf_tb,
14664 NL80211_NAN_SRF_ATTR_MAX,
14665 tb[NL80211_NAN_FUNC_SRF],
14666 nl80211_nan_srf_policy,
14667 info->extack);
14668 if (err)
14669 goto out;
14670
14671 func->srf_include =
14672 nla_get_flag(srf_tb[NL80211_NAN_SRF_INCLUDE]);
14673
14674 if (srf_tb[NL80211_NAN_SRF_BF]) {
14675 if (srf_tb[NL80211_NAN_SRF_MAC_ADDRS] ||
14676 !srf_tb[NL80211_NAN_SRF_BF_IDX]) {
14677 err = -EINVAL;
14678 goto out;
14679 }
14680
14681 func->srf_bf_len =
14682 nla_len(srf_tb[NL80211_NAN_SRF_BF]);
14683 func->srf_bf =
14684 kmemdup(nla_data(srf_tb[NL80211_NAN_SRF_BF]),
14685 func->srf_bf_len, GFP_KERNEL);
14686 if (!func->srf_bf) {
14687 err = -ENOMEM;
14688 goto out;
14689 }
14690
14691 func->srf_bf_idx =
14692 nla_get_u8(srf_tb[NL80211_NAN_SRF_BF_IDX]);
14693 } else {
14694 struct nlattr *attr, *mac_attr =
14695 srf_tb[NL80211_NAN_SRF_MAC_ADDRS];
14696 int n_entries, rem, i = 0;
14697
14698 if (!mac_attr) {
14699 err = -EINVAL;
14700 goto out;
14701 }
14702
14703 n_entries = validate_acl_mac_addrs(mac_attr);
14704 if (n_entries <= 0) {
14705 err = -EINVAL;
14706 goto out;
14707 }
14708
14709 func->srf_num_macs = n_entries;
14710 func->srf_macs =
14711 kcalloc(n_entries, sizeof(*func->srf_macs),
14712 GFP_KERNEL);
14713 if (!func->srf_macs) {
14714 err = -ENOMEM;
14715 goto out;
14716 }
14717
14718 nla_for_each_nested(attr, mac_attr, rem)
14719 memcpy(func->srf_macs[i++].addr, nla_data(attr),
14720 sizeof(*func->srf_macs));
14721 }
14722 }
14723
14724 if (tb[NL80211_NAN_FUNC_TX_MATCH_FILTER]) {
14725 err = handle_nan_filter(tb[NL80211_NAN_FUNC_TX_MATCH_FILTER],
14726 func, true);
14727 if (err)
14728 goto out;
14729 }
14730
14731 if (tb[NL80211_NAN_FUNC_RX_MATCH_FILTER]) {
14732 err = handle_nan_filter(tb[NL80211_NAN_FUNC_RX_MATCH_FILTER],
14733 func, false);
14734 if (err)
14735 goto out;
14736 }
14737
14738 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
14739 if (!msg) {
14740 err = -ENOMEM;
14741 goto out;
14742 }
14743
14744 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
14745 NL80211_CMD_ADD_NAN_FUNCTION);
14746 /* This can't really happen - we just allocated 4KB */
14747 if (WARN_ON(!hdr)) {
14748 err = -ENOMEM;
14749 goto out;
14750 }
14751
14752 err = rdev_add_nan_func(rdev, wdev, func);
14753 out:
14754 if (err < 0) {
14755 cfg80211_free_nan_func(func);
14756 nlmsg_free(msg);
14757 return err;
14758 }
14759
14760 /* propagate the instance id and cookie to userspace */
14761 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, func->cookie,
14762 NL80211_ATTR_PAD))
14763 goto nla_put_failure;
14764
14765 func_attr = nla_nest_start_noflag(msg, NL80211_ATTR_NAN_FUNC);
14766 if (!func_attr)
14767 goto nla_put_failure;
14768
14769 if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID,
14770 func->instance_id))
14771 goto nla_put_failure;
14772
14773 nla_nest_end(msg, func_attr);
14774
14775 genlmsg_end(msg, hdr);
14776 return genlmsg_reply(msg, info);
14777
14778 nla_put_failure:
14779 nlmsg_free(msg);
14780 return -ENOBUFS;
14781 }
14782
14783 static int nl80211_nan_del_func(struct sk_buff *skb,
14784 struct genl_info *info)
14785 {
14786 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14787 struct wireless_dev *wdev = info->user_ptr[1];
14788 u64 cookie;
14789
14790 if (wdev->iftype != NL80211_IFTYPE_NAN)
14791 return -EOPNOTSUPP;
14792
14793 if (!wdev_running(wdev))
14794 return -ENOTCONN;
14795
14796 if (!info->attrs[NL80211_ATTR_COOKIE])
14797 return -EINVAL;
14798
14799 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
14800
14801 rdev_del_nan_func(rdev, wdev, cookie);
14802
14803 return 0;
14804 }
14805
14806 static int nl80211_nan_change_config(struct sk_buff *skb,
14807 struct genl_info *info)
14808 {
14809 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14810 struct wireless_dev *wdev = info->user_ptr[1];
14811 struct cfg80211_nan_conf conf = {};
14812 u32 changed = 0;
14813
14814 if (wdev->iftype != NL80211_IFTYPE_NAN)
14815 return -EOPNOTSUPP;
14816
14817 if (!wdev_running(wdev))
14818 return -ENOTCONN;
14819
14820 if (info->attrs[NL80211_ATTR_NAN_MASTER_PREF]) {
14821 conf.master_pref =
14822 nla_get_u8(info->attrs[NL80211_ATTR_NAN_MASTER_PREF]);
14823 if (conf.master_pref <= 1 || conf.master_pref == 255)
14824 return -EINVAL;
14825
14826 changed |= CFG80211_NAN_CONF_CHANGED_PREF;
14827 }
14828
14829 if (info->attrs[NL80211_ATTR_BANDS]) {
14830 u32 bands = nla_get_u32(info->attrs[NL80211_ATTR_BANDS]);
14831
14832 if (bands & ~(u32)wdev->wiphy->nan_supported_bands)
14833 return -EOPNOTSUPP;
14834
14835 if (bands && !(bands & BIT(NL80211_BAND_2GHZ)))
14836 return -EINVAL;
14837
14838 conf.bands = bands;
14839 changed |= CFG80211_NAN_CONF_CHANGED_BANDS;
14840 }
14841
14842 if (!changed)
14843 return -EINVAL;
14844
14845 return rdev_nan_change_conf(rdev, wdev, &conf, changed);
14846 }
14847
14848 void cfg80211_nan_match(struct wireless_dev *wdev,
14849 struct cfg80211_nan_match_params *match, gfp_t gfp)
14850 {
14851 struct wiphy *wiphy = wdev->wiphy;
14852 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
14853 struct nlattr *match_attr, *local_func_attr, *peer_func_attr;
14854 struct sk_buff *msg;
14855 void *hdr;
14856
14857 if (WARN_ON(!match->inst_id || !match->peer_inst_id || !match->addr))
14858 return;
14859
14860 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
14861 if (!msg)
14862 return;
14863
14864 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NAN_MATCH);
14865 if (!hdr) {
14866 nlmsg_free(msg);
14867 return;
14868 }
14869
14870 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14871 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
14872 wdev->netdev->ifindex)) ||
14873 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
14874 NL80211_ATTR_PAD))
14875 goto nla_put_failure;
14876
14877 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, match->cookie,
14878 NL80211_ATTR_PAD) ||
14879 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, match->addr))
14880 goto nla_put_failure;
14881
14882 match_attr = nla_nest_start_noflag(msg, NL80211_ATTR_NAN_MATCH);
14883 if (!match_attr)
14884 goto nla_put_failure;
14885
14886 local_func_attr = nla_nest_start_noflag(msg,
14887 NL80211_NAN_MATCH_FUNC_LOCAL);
14888 if (!local_func_attr)
14889 goto nla_put_failure;
14890
14891 if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, match->inst_id))
14892 goto nla_put_failure;
14893
14894 nla_nest_end(msg, local_func_attr);
14895
14896 peer_func_attr = nla_nest_start_noflag(msg,
14897 NL80211_NAN_MATCH_FUNC_PEER);
14898 if (!peer_func_attr)
14899 goto nla_put_failure;
14900
14901 if (nla_put_u8(msg, NL80211_NAN_FUNC_TYPE, match->type) ||
14902 nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, match->peer_inst_id))
14903 goto nla_put_failure;
14904
14905 if (match->info && match->info_len &&
14906 nla_put(msg, NL80211_NAN_FUNC_SERVICE_INFO, match->info_len,
14907 match->info))
14908 goto nla_put_failure;
14909
14910 nla_nest_end(msg, peer_func_attr);
14911 nla_nest_end(msg, match_attr);
14912 genlmsg_end(msg, hdr);
14913
14914 if (!wdev->owner_nlportid)
14915 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
14916 msg, 0, NL80211_MCGRP_NAN, gfp);
14917 else
14918 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg,
14919 wdev->owner_nlportid);
14920
14921 return;
14922
14923 nla_put_failure:
14924 nlmsg_free(msg);
14925 }
14926 EXPORT_SYMBOL(cfg80211_nan_match);
14927
14928 void cfg80211_nan_func_terminated(struct wireless_dev *wdev,
14929 u8 inst_id,
14930 enum nl80211_nan_func_term_reason reason,
14931 u64 cookie, gfp_t gfp)
14932 {
14933 struct wiphy *wiphy = wdev->wiphy;
14934 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
14935 struct sk_buff *msg;
14936 struct nlattr *func_attr;
14937 void *hdr;
14938
14939 if (WARN_ON(!inst_id))
14940 return;
14941
14942 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
14943 if (!msg)
14944 return;
14945
14946 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DEL_NAN_FUNCTION);
14947 if (!hdr) {
14948 nlmsg_free(msg);
14949 return;
14950 }
14951
14952 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14953 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
14954 wdev->netdev->ifindex)) ||
14955 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
14956 NL80211_ATTR_PAD))
14957 goto nla_put_failure;
14958
14959 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
14960 NL80211_ATTR_PAD))
14961 goto nla_put_failure;
14962
14963 func_attr = nla_nest_start_noflag(msg, NL80211_ATTR_NAN_FUNC);
14964 if (!func_attr)
14965 goto nla_put_failure;
14966
14967 if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, inst_id) ||
14968 nla_put_u8(msg, NL80211_NAN_FUNC_TERM_REASON, reason))
14969 goto nla_put_failure;
14970
14971 nla_nest_end(msg, func_attr);
14972 genlmsg_end(msg, hdr);
14973
14974 if (!wdev->owner_nlportid)
14975 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
14976 msg, 0, NL80211_MCGRP_NAN, gfp);
14977 else
14978 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg,
14979 wdev->owner_nlportid);
14980
14981 return;
14982
14983 nla_put_failure:
14984 nlmsg_free(msg);
14985 }
14986 EXPORT_SYMBOL(cfg80211_nan_func_terminated);
14987
14988 static int nl80211_get_protocol_features(struct sk_buff *skb,
14989 struct genl_info *info)
14990 {
14991 void *hdr;
14992 struct sk_buff *msg;
14993
14994 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
14995 if (!msg)
14996 return -ENOMEM;
14997
14998 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
14999 NL80211_CMD_GET_PROTOCOL_FEATURES);
15000 if (!hdr)
15001 goto nla_put_failure;
15002
15003 if (nla_put_u32(msg, NL80211_ATTR_PROTOCOL_FEATURES,
15004 NL80211_PROTOCOL_FEATURE_SPLIT_WIPHY_DUMP))
15005 goto nla_put_failure;
15006
15007 genlmsg_end(msg, hdr);
15008 return genlmsg_reply(msg, info);
15009
15010 nla_put_failure:
15011 kfree_skb(msg);
15012 return -ENOBUFS;
15013 }
15014
15015 static int nl80211_update_ft_ies(struct sk_buff *skb, struct genl_info *info)
15016 {
15017 struct cfg80211_registered_device *rdev = info->user_ptr[0];
15018 struct cfg80211_update_ft_ies_params ft_params;
15019 struct net_device *dev = info->user_ptr[1];
15020
15021 if (!rdev->ops->update_ft_ies)
15022 return -EOPNOTSUPP;
15023
15024 if (!info->attrs[NL80211_ATTR_MDID] ||
15025 !info->attrs[NL80211_ATTR_IE])
15026 return -EINVAL;
15027
15028 memset(&ft_params, 0, sizeof(ft_params));
15029 ft_params.md = nla_get_u16(info->attrs[NL80211_ATTR_MDID]);
15030 ft_params.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
15031 ft_params.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
15032
15033 return rdev_update_ft_ies(rdev, dev, &ft_params);
15034 }
15035
15036 static int nl80211_crit_protocol_start(struct sk_buff *skb,
15037 struct genl_info *info)
15038 {
15039 struct cfg80211_registered_device *rdev = info->user_ptr[0];
15040 struct wireless_dev *wdev = info->user_ptr[1];
15041 enum nl80211_crit_proto_id proto = NL80211_CRIT_PROTO_UNSPEC;
15042 u16 duration;
15043 int ret;
15044
15045 if (!rdev->ops->crit_proto_start)
15046 return -EOPNOTSUPP;
15047
15048 if (WARN_ON(!rdev->ops->crit_proto_stop))
15049 return -EINVAL;
15050
15051 if (rdev->crit_proto_nlportid)
15052 return -EBUSY;
15053
15054 /* determine protocol if provided */
15055 if (info->attrs[NL80211_ATTR_CRIT_PROT_ID])
15056 proto = nla_get_u16(info->attrs[NL80211_ATTR_CRIT_PROT_ID]);
15057
15058 if (proto >= NUM_NL80211_CRIT_PROTO)
15059 return -EINVAL;
15060
15061 /* timeout must be provided */
15062 if (!info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION])
15063 return -EINVAL;
15064
15065 duration =
15066 nla_get_u16(info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION]);
15067
15068 ret = rdev_crit_proto_start(rdev, wdev, proto, duration);
15069 if (!ret)
15070 rdev->crit_proto_nlportid = info->snd_portid;
15071
15072 return ret;
15073 }
15074
15075 static int nl80211_crit_protocol_stop(struct sk_buff *skb,
15076 struct genl_info *info)
15077 {
15078 struct cfg80211_registered_device *rdev = info->user_ptr[0];
15079 struct wireless_dev *wdev = info->user_ptr[1];
15080
15081 if (!rdev->ops->crit_proto_stop)
15082 return -EOPNOTSUPP;
15083
15084 if (rdev->crit_proto_nlportid) {
15085 rdev->crit_proto_nlportid = 0;
15086 rdev_crit_proto_stop(rdev, wdev);
15087 }
15088 return 0;
15089 }
15090
15091 static int nl80211_vendor_check_policy(const struct wiphy_vendor_command *vcmd,
15092 struct nlattr *attr,
15093 struct netlink_ext_ack *extack)
15094 {
15095 if (vcmd->policy == VENDOR_CMD_RAW_DATA) {
15096 if (attr->nla_type & NLA_F_NESTED) {
15097 NL_SET_ERR_MSG_ATTR(extack, attr,
15098 "unexpected nested data");
15099 return -EINVAL;
15100 }
15101
15102 return 0;
15103 }
15104
15105 if (!(attr->nla_type & NLA_F_NESTED)) {
15106 NL_SET_ERR_MSG_ATTR(extack, attr, "expected nested data");
15107 return -EINVAL;
15108 }
15109
15110 return nla_validate_nested(attr, vcmd->maxattr, vcmd->policy, extack);
15111 }
15112
15113 static int nl80211_vendor_cmd(struct sk_buff *skb, struct genl_info *info)
15114 {
15115 struct cfg80211_registered_device *rdev = info->user_ptr[0];
15116 struct wireless_dev *wdev =
15117 __cfg80211_wdev_from_attrs(rdev, genl_info_net(info),
15118 info->attrs);
15119 int i, err;
15120 u32 vid, subcmd;
15121
15122 if (!rdev->wiphy.vendor_commands)
15123 return -EOPNOTSUPP;
15124
15125 if (IS_ERR(wdev)) {
15126 err = PTR_ERR(wdev);
15127 if (err != -EINVAL)
15128 return err;
15129 wdev = NULL;
15130 } else if (wdev->wiphy != &rdev->wiphy) {
15131 return -EINVAL;
15132 }
15133
15134 if (!info->attrs[NL80211_ATTR_VENDOR_ID] ||
15135 !info->attrs[NL80211_ATTR_VENDOR_SUBCMD])
15136 return -EINVAL;
15137
15138 vid = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_ID]);
15139 subcmd = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_SUBCMD]);
15140 for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) {
15141 const struct wiphy_vendor_command *vcmd;
15142 void *data = NULL;
15143 int len = 0;
15144
15145 vcmd = &rdev->wiphy.vendor_commands[i];
15146
15147 if (vcmd->info.vendor_id != vid || vcmd->info.subcmd != subcmd)
15148 continue;
15149
15150 if (vcmd->flags & (WIPHY_VENDOR_CMD_NEED_WDEV |
15151 WIPHY_VENDOR_CMD_NEED_NETDEV)) {
15152 if (!wdev)
15153 return -EINVAL;
15154 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_NETDEV &&
15155 !wdev->netdev)
15156 return -EINVAL;
15157
15158 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_RUNNING) {
15159 if (!wdev_running(wdev))
15160 return -ENETDOWN;
15161 }
15162 } else {
15163 wdev = NULL;
15164 }
15165
15166 if (!vcmd->doit)
15167 return -EOPNOTSUPP;
15168
15169 if (info->attrs[NL80211_ATTR_VENDOR_DATA]) {
15170 data = nla_data(info->attrs[NL80211_ATTR_VENDOR_DATA]);
15171 len = nla_len(info->attrs[NL80211_ATTR_VENDOR_DATA]);
15172
15173 err = nl80211_vendor_check_policy(vcmd,
15174 info->attrs[NL80211_ATTR_VENDOR_DATA],
15175 info->extack);
15176 if (err)
15177 return err;
15178 }
15179
15180 rdev->cur_cmd_info = info;
15181 err = vcmd->doit(&rdev->wiphy, wdev, data, len);
15182 rdev->cur_cmd_info = NULL;
15183 return err;
15184 }
15185
15186 return -EOPNOTSUPP;
15187 }
15188
15189 static int nl80211_prepare_vendor_dump(struct sk_buff *skb,
15190 struct netlink_callback *cb,
15191 struct cfg80211_registered_device **rdev,
15192 struct wireless_dev **wdev)
15193 {
15194 struct nlattr **attrbuf;
15195 u32 vid, subcmd;
15196 unsigned int i;
15197 int vcmd_idx = -1;
15198 int err;
15199 void *data = NULL;
15200 unsigned int data_len = 0;
15201
15202 if (cb->args[0]) {
15203 /* subtract the 1 again here */
15204 struct wiphy *wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1);
15205 struct wireless_dev *tmp;
15206
15207 if (!wiphy)
15208 return -ENODEV;
15209 *rdev = wiphy_to_rdev(wiphy);
15210 *wdev = NULL;
15211
15212 if (cb->args[1]) {
15213 list_for_each_entry(tmp, &wiphy->wdev_list, list) {
15214 if (tmp->identifier == cb->args[1] - 1) {
15215 *wdev = tmp;
15216 break;
15217 }
15218 }
15219 }
15220
15221 /* keep rtnl locked in successful case */
15222 return 0;
15223 }
15224
15225 attrbuf = kcalloc(NUM_NL80211_ATTR, sizeof(*attrbuf), GFP_KERNEL);
15226 if (!attrbuf)
15227 return -ENOMEM;
15228
15229 err = nlmsg_parse_deprecated(cb->nlh,
15230 GENL_HDRLEN + nl80211_fam.hdrsize,
15231 attrbuf, nl80211_fam.maxattr,
15232 nl80211_policy, NULL);
15233 if (err)
15234 goto out;
15235
15236 if (!attrbuf[NL80211_ATTR_VENDOR_ID] ||
15237 !attrbuf[NL80211_ATTR_VENDOR_SUBCMD]) {
15238 err = -EINVAL;
15239 goto out;
15240 }
15241
15242 *wdev = __cfg80211_wdev_from_attrs(NULL, sock_net(skb->sk), attrbuf);
15243 if (IS_ERR(*wdev))
15244 *wdev = NULL;
15245
15246 *rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk), attrbuf);
15247 if (IS_ERR(*rdev)) {
15248 err = PTR_ERR(*rdev);
15249 goto out;
15250 }
15251
15252 vid = nla_get_u32(attrbuf[NL80211_ATTR_VENDOR_ID]);
15253 subcmd = nla_get_u32(attrbuf[NL80211_ATTR_VENDOR_SUBCMD]);
15254
15255 for (i = 0; i < (*rdev)->wiphy.n_vendor_commands; i++) {
15256 const struct wiphy_vendor_command *vcmd;
15257
15258 vcmd = &(*rdev)->wiphy.vendor_commands[i];
15259
15260 if (vcmd->info.vendor_id != vid || vcmd->info.subcmd != subcmd)
15261 continue;
15262
15263 if (!vcmd->dumpit) {
15264 err = -EOPNOTSUPP;
15265 goto out;
15266 }
15267
15268 vcmd_idx = i;
15269 break;
15270 }
15271
15272 if (vcmd_idx < 0) {
15273 err = -EOPNOTSUPP;
15274 goto out;
15275 }
15276
15277 if (attrbuf[NL80211_ATTR_VENDOR_DATA]) {
15278 data = nla_data(attrbuf[NL80211_ATTR_VENDOR_DATA]);
15279 data_len = nla_len(attrbuf[NL80211_ATTR_VENDOR_DATA]);
15280
15281 err = nl80211_vendor_check_policy(
15282 &(*rdev)->wiphy.vendor_commands[vcmd_idx],
15283 attrbuf[NL80211_ATTR_VENDOR_DATA],
15284 cb->extack);
15285 if (err)
15286 goto out;
15287 }
15288
15289 /* 0 is the first index - add 1 to parse only once */
15290 cb->args[0] = (*rdev)->wiphy_idx + 1;
15291 /* add 1 to know if it was NULL */
15292 cb->args[1] = *wdev ? (*wdev)->identifier + 1 : 0;
15293 cb->args[2] = vcmd_idx;
15294 cb->args[3] = (unsigned long)data;
15295 cb->args[4] = data_len;
15296
15297 /* keep rtnl locked in successful case */
15298 err = 0;
15299 out:
15300 kfree(attrbuf);
15301 return err;
15302 }
15303
15304 static int nl80211_vendor_cmd_dump(struct sk_buff *skb,
15305 struct netlink_callback *cb)
15306 {
15307 struct cfg80211_registered_device *rdev;
15308 struct wireless_dev *wdev;
15309 unsigned int vcmd_idx;
15310 const struct wiphy_vendor_command *vcmd;
15311 void *data;
15312 int data_len;
15313 int err;
15314 struct nlattr *vendor_data;
15315
15316 rtnl_lock();
15317 err = nl80211_prepare_vendor_dump(skb, cb, &rdev, &wdev);
15318 if (err)
15319 goto out;
15320
15321 vcmd_idx = cb->args[2];
15322 data = (void *)cb->args[3];
15323 data_len = cb->args[4];
15324 vcmd = &rdev->wiphy.vendor_commands[vcmd_idx];
15325
15326 if (vcmd->flags & (WIPHY_VENDOR_CMD_NEED_WDEV |
15327 WIPHY_VENDOR_CMD_NEED_NETDEV)) {
15328 if (!wdev) {
15329 err = -EINVAL;
15330 goto out;
15331 }
15332 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_NETDEV &&
15333 !wdev->netdev) {
15334 err = -EINVAL;
15335 goto out;
15336 }
15337
15338 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_RUNNING) {
15339 if (!wdev_running(wdev)) {
15340 err = -ENETDOWN;
15341 goto out;
15342 }
15343 }
15344 }
15345
15346 while (1) {
15347 void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid,
15348 cb->nlh->nlmsg_seq, NLM_F_MULTI,
15349 NL80211_CMD_VENDOR);
15350 if (!hdr)
15351 break;
15352
15353 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15354 (wdev && nla_put_u64_64bit(skb, NL80211_ATTR_WDEV,
15355 wdev_id(wdev),
15356 NL80211_ATTR_PAD))) {
15357 genlmsg_cancel(skb, hdr);
15358 break;
15359 }
15360
15361 vendor_data = nla_nest_start_noflag(skb,
15362 NL80211_ATTR_VENDOR_DATA);
15363 if (!vendor_data) {
15364 genlmsg_cancel(skb, hdr);
15365 break;
15366 }
15367
15368 err = vcmd->dumpit(&rdev->wiphy, wdev, skb, data, data_len,
15369 (unsigned long *)&cb->args[5]);
15370 nla_nest_end(skb, vendor_data);
15371
15372 if (err == -ENOBUFS || err == -ENOENT) {
15373 genlmsg_cancel(skb, hdr);
15374 break;
15375 } else if (err <= 0) {
15376 genlmsg_cancel(skb, hdr);
15377 goto out;
15378 }
15379
15380 genlmsg_end(skb, hdr);
15381 }
15382
15383 err = skb->len;
15384 out:
15385 rtnl_unlock();
15386 return err;
15387 }
15388
15389 struct sk_buff *__cfg80211_alloc_reply_skb(struct wiphy *wiphy,
15390 enum nl80211_commands cmd,
15391 enum nl80211_attrs attr,
15392 int approxlen)
15393 {
15394 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15395
15396 if (WARN_ON(!rdev->cur_cmd_info))
15397 return NULL;
15398
15399 return __cfg80211_alloc_vendor_skb(rdev, NULL, approxlen,
15400 rdev->cur_cmd_info->snd_portid,
15401 rdev->cur_cmd_info->snd_seq,
15402 cmd, attr, NULL, GFP_KERNEL);
15403 }
15404 EXPORT_SYMBOL(__cfg80211_alloc_reply_skb);
15405
15406 int cfg80211_vendor_cmd_reply(struct sk_buff *skb)
15407 {
15408 struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
15409 void *hdr = ((void **)skb->cb)[1];
15410 struct nlattr *data = ((void **)skb->cb)[2];
15411
15412 /* clear CB data for netlink core to own from now on */
15413 memset(skb->cb, 0, sizeof(skb->cb));
15414
15415 if (WARN_ON(!rdev->cur_cmd_info)) {
15416 kfree_skb(skb);
15417 return -EINVAL;
15418 }
15419
15420 nla_nest_end(skb, data);
15421 genlmsg_end(skb, hdr);
15422 return genlmsg_reply(skb, rdev->cur_cmd_info);
15423 }
15424 EXPORT_SYMBOL_GPL(cfg80211_vendor_cmd_reply);
15425
15426 unsigned int cfg80211_vendor_cmd_get_sender(struct wiphy *wiphy)
15427 {
15428 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15429
15430 if (WARN_ON(!rdev->cur_cmd_info))
15431 return 0;
15432
15433 return rdev->cur_cmd_info->snd_portid;
15434 }
15435 EXPORT_SYMBOL_GPL(cfg80211_vendor_cmd_get_sender);
15436
15437 static int nl80211_set_qos_map(struct sk_buff *skb,
15438 struct genl_info *info)
15439 {
15440 struct cfg80211_registered_device *rdev = info->user_ptr[0];
15441 struct cfg80211_qos_map *qos_map = NULL;
15442 struct net_device *dev = info->user_ptr[1];
15443 u8 *pos, len, num_des, des_len, des;
15444 int ret;
15445
15446 if (!rdev->ops->set_qos_map)
15447 return -EOPNOTSUPP;
15448
15449 if (info->attrs[NL80211_ATTR_QOS_MAP]) {
15450 pos = nla_data(info->attrs[NL80211_ATTR_QOS_MAP]);
15451 len = nla_len(info->attrs[NL80211_ATTR_QOS_MAP]);
15452
15453 if (len % 2)
15454 return -EINVAL;
15455
15456 qos_map = kzalloc(sizeof(struct cfg80211_qos_map), GFP_KERNEL);
15457 if (!qos_map)
15458 return -ENOMEM;
15459
15460 num_des = (len - IEEE80211_QOS_MAP_LEN_MIN) >> 1;
15461 if (num_des) {
15462 des_len = num_des *
15463 sizeof(struct cfg80211_dscp_exception);
15464 memcpy(qos_map->dscp_exception, pos, des_len);
15465 qos_map->num_des = num_des;
15466 for (des = 0; des < num_des; des++) {
15467 if (qos_map->dscp_exception[des].up > 7) {
15468 kfree(qos_map);
15469 return -EINVAL;
15470 }
15471 }
15472 pos += des_len;
15473 }
15474 memcpy(qos_map->up, pos, IEEE80211_QOS_MAP_LEN_MIN);
15475 }
15476
15477 ret = nl80211_key_allowed(dev->ieee80211_ptr);
15478 if (!ret)
15479 ret = rdev_set_qos_map(rdev, dev, qos_map);
15480
15481 kfree(qos_map);
15482 return ret;
15483 }
15484
15485 static int nl80211_add_tx_ts(struct sk_buff *skb, struct genl_info *info)
15486 {
15487 struct cfg80211_registered_device *rdev = info->user_ptr[0];
15488 struct net_device *dev = info->user_ptr[1];
15489 struct wireless_dev *wdev = dev->ieee80211_ptr;
15490 const u8 *peer;
15491 u8 tsid, up;
15492 u16 admitted_time = 0;
15493
15494 if (!(rdev->wiphy.features & NL80211_FEATURE_SUPPORTS_WMM_ADMISSION))
15495 return -EOPNOTSUPP;
15496
15497 if (!info->attrs[NL80211_ATTR_TSID] || !info->attrs[NL80211_ATTR_MAC] ||
15498 !info->attrs[NL80211_ATTR_USER_PRIO])
15499 return -EINVAL;
15500
15501 tsid = nla_get_u8(info->attrs[NL80211_ATTR_TSID]);
15502 up = nla_get_u8(info->attrs[NL80211_ATTR_USER_PRIO]);
15503
15504 /* WMM uses TIDs 0-7 even for TSPEC */
15505 if (tsid >= IEEE80211_FIRST_TSPEC_TSID) {
15506 /* TODO: handle 802.11 TSPEC/admission control
15507 * need more attributes for that (e.g. BA session requirement);
15508 * change the WMM admission test above to allow both then
15509 */
15510 return -EINVAL;
15511 }
15512
15513 peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
15514
15515 if (info->attrs[NL80211_ATTR_ADMITTED_TIME]) {
15516 admitted_time =
15517 nla_get_u16(info->attrs[NL80211_ATTR_ADMITTED_TIME]);
15518 if (!admitted_time)
15519 return -EINVAL;
15520 }
15521
15522 switch (wdev->iftype) {
15523 case NL80211_IFTYPE_STATION:
15524 case NL80211_IFTYPE_P2P_CLIENT:
15525 if (wdev->connected)
15526 break;
15527 return -ENOTCONN;
15528 default:
15529 return -EOPNOTSUPP;
15530 }
15531
15532 return rdev_add_tx_ts(rdev, dev, tsid, peer, up, admitted_time);
15533 }
15534
15535 static int nl80211_del_tx_ts(struct sk_buff *skb, struct genl_info *info)
15536 {
15537 struct cfg80211_registered_device *rdev = info->user_ptr[0];
15538 struct net_device *dev = info->user_ptr[1];
15539 const u8 *peer;
15540 u8 tsid;
15541
15542 if (!info->attrs[NL80211_ATTR_TSID] || !info->attrs[NL80211_ATTR_MAC])
15543 return -EINVAL;
15544
15545 tsid = nla_get_u8(info->attrs[NL80211_ATTR_TSID]);
15546 peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
15547
15548 return rdev_del_tx_ts(rdev, dev, tsid, peer);
15549 }
15550
15551 static int nl80211_tdls_channel_switch(struct sk_buff *skb,
15552 struct genl_info *info)
15553 {
15554 struct cfg80211_registered_device *rdev = info->user_ptr[0];
15555 struct net_device *dev = info->user_ptr[1];
15556 struct wireless_dev *wdev = dev->ieee80211_ptr;
15557 struct cfg80211_chan_def chandef = {};
15558 const u8 *addr;
15559 u8 oper_class;
15560 int err;
15561
15562 if (!rdev->ops->tdls_channel_switch ||
15563 !(rdev->wiphy.features & NL80211_FEATURE_TDLS_CHANNEL_SWITCH))
15564 return -EOPNOTSUPP;
15565
15566 switch (dev->ieee80211_ptr->iftype) {
15567 case NL80211_IFTYPE_STATION:
15568 case NL80211_IFTYPE_P2P_CLIENT:
15569 break;
15570 default:
15571 return -EOPNOTSUPP;
15572 }
15573
15574 if (!info->attrs[NL80211_ATTR_MAC] ||
15575 !info->attrs[NL80211_ATTR_OPER_CLASS])
15576 return -EINVAL;
15577
15578 err = nl80211_parse_chandef(rdev, info, &chandef);
15579 if (err)
15580 return err;
15581
15582 /*
15583 * Don't allow wide channels on the 2.4Ghz band, as per IEEE802.11-2012
15584 * section 10.22.6.2.1. Disallow 5/10Mhz channels as well for now, the
15585 * specification is not defined for them.
15586 */
15587 if (chandef.chan->band == NL80211_BAND_2GHZ &&
15588 chandef.width != NL80211_CHAN_WIDTH_20_NOHT &&
15589 chandef.width != NL80211_CHAN_WIDTH_20)
15590 return -EINVAL;
15591
15592 /* we will be active on the TDLS link */
15593 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &chandef,
15594 wdev->iftype))
15595 return -EINVAL;
15596
15597 /* don't allow switching to DFS channels */
15598 if (cfg80211_chandef_dfs_required(wdev->wiphy, &chandef, wdev->iftype))
15599 return -EINVAL;
15600
15601 addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
15602 oper_class = nla_get_u8(info->attrs[NL80211_ATTR_OPER_CLASS]);
15603
15604 return rdev_tdls_channel_switch(rdev, dev, addr, oper_class, &chandef);
15605 }
15606
15607 static int nl80211_tdls_cancel_channel_switch(struct sk_buff *skb,
15608 struct genl_info *info)
15609 {
15610 struct cfg80211_registered_device *rdev = info->user_ptr[0];
15611 struct net_device *dev = info->user_ptr[1];
15612 const u8 *addr;
15613
15614 if (!rdev->ops->tdls_channel_switch ||
15615 !rdev->ops->tdls_cancel_channel_switch ||
15616 !(rdev->wiphy.features & NL80211_FEATURE_TDLS_CHANNEL_SWITCH))
15617 return -EOPNOTSUPP;
15618
15619 switch (dev->ieee80211_ptr->iftype) {
15620 case NL80211_IFTYPE_STATION:
15621 case NL80211_IFTYPE_P2P_CLIENT:
15622 break;
15623 default:
15624 return -EOPNOTSUPP;
15625 }
15626
15627 if (!info->attrs[NL80211_ATTR_MAC])
15628 return -EINVAL;
15629
15630 addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
15631
15632 rdev_tdls_cancel_channel_switch(rdev, dev, addr);
15633
15634 return 0;
15635 }
15636
15637 static int nl80211_set_multicast_to_unicast(struct sk_buff *skb,
15638 struct genl_info *info)
15639 {
15640 struct cfg80211_registered_device *rdev = info->user_ptr[0];
15641 struct net_device *dev = info->user_ptr[1];
15642 struct wireless_dev *wdev = dev->ieee80211_ptr;
15643 const struct nlattr *nla;
15644 bool enabled;
15645
15646 if (!rdev->ops->set_multicast_to_unicast)
15647 return -EOPNOTSUPP;
15648
15649 if (wdev->iftype != NL80211_IFTYPE_AP &&
15650 wdev->iftype != NL80211_IFTYPE_P2P_GO)
15651 return -EOPNOTSUPP;
15652
15653 nla = info->attrs[NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED];
15654 enabled = nla_get_flag(nla);
15655
15656 return rdev_set_multicast_to_unicast(rdev, dev, enabled);
15657 }
15658
15659 static int nl80211_set_pmk(struct sk_buff *skb, struct genl_info *info)
15660 {
15661 struct cfg80211_registered_device *rdev = info->user_ptr[0];
15662 struct net_device *dev = info->user_ptr[1];
15663 struct wireless_dev *wdev = dev->ieee80211_ptr;
15664 struct cfg80211_pmk_conf pmk_conf = {};
15665
15666 if (wdev->iftype != NL80211_IFTYPE_STATION &&
15667 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
15668 return -EOPNOTSUPP;
15669
15670 if (!wiphy_ext_feature_isset(&rdev->wiphy,
15671 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
15672 return -EOPNOTSUPP;
15673
15674 if (!info->attrs[NL80211_ATTR_MAC] || !info->attrs[NL80211_ATTR_PMK])
15675 return -EINVAL;
15676
15677 if (!wdev->connected)
15678 return -ENOTCONN;
15679
15680 pmk_conf.aa = nla_data(info->attrs[NL80211_ATTR_MAC]);
15681 if (memcmp(pmk_conf.aa, wdev->u.client.connected_addr, ETH_ALEN))
15682 return -EINVAL;
15683
15684 pmk_conf.pmk = nla_data(info->attrs[NL80211_ATTR_PMK]);
15685 pmk_conf.pmk_len = nla_len(info->attrs[NL80211_ATTR_PMK]);
15686 if (pmk_conf.pmk_len != WLAN_PMK_LEN &&
15687 pmk_conf.pmk_len != WLAN_PMK_LEN_SUITE_B_192)
15688 return -EINVAL;
15689
15690 if (info->attrs[NL80211_ATTR_PMKR0_NAME])
15691 pmk_conf.pmk_r0_name =
15692 nla_data(info->attrs[NL80211_ATTR_PMKR0_NAME]);
15693
15694 return rdev_set_pmk(rdev, dev, &pmk_conf);
15695 }
15696
15697 static int nl80211_del_pmk(struct sk_buff *skb, struct genl_info *info)
15698 {
15699 struct cfg80211_registered_device *rdev = info->user_ptr[0];
15700 struct net_device *dev = info->user_ptr[1];
15701 struct wireless_dev *wdev = dev->ieee80211_ptr;
15702 const u8 *aa;
15703
15704 if (wdev->iftype != NL80211_IFTYPE_STATION &&
15705 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
15706 return -EOPNOTSUPP;
15707
15708 if (!wiphy_ext_feature_isset(&rdev->wiphy,
15709 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
15710 return -EOPNOTSUPP;
15711
15712 if (!info->attrs[NL80211_ATTR_MAC])
15713 return -EINVAL;
15714
15715 aa = nla_data(info->attrs[NL80211_ATTR_MAC]);
15716 return rdev_del_pmk(rdev, dev, aa);
15717 }
15718
15719 static int nl80211_external_auth(struct sk_buff *skb, struct genl_info *info)
15720 {
15721 struct cfg80211_registered_device *rdev = info->user_ptr[0];
15722 struct net_device *dev = info->user_ptr[1];
15723 struct cfg80211_external_auth_params params;
15724
15725 if (!rdev->ops->external_auth)
15726 return -EOPNOTSUPP;
15727
15728 if (!info->attrs[NL80211_ATTR_SSID] &&
15729 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
15730 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
15731 return -EINVAL;
15732
15733 if (!info->attrs[NL80211_ATTR_BSSID])
15734 return -EINVAL;
15735
15736 if (!info->attrs[NL80211_ATTR_STATUS_CODE])
15737 return -EINVAL;
15738
15739 memset(&params, 0, sizeof(params));
15740
15741 if (info->attrs[NL80211_ATTR_SSID]) {
15742 params.ssid.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
15743 if (params.ssid.ssid_len == 0)
15744 return -EINVAL;
15745 memcpy(params.ssid.ssid,
15746 nla_data(info->attrs[NL80211_ATTR_SSID]),
15747 params.ssid.ssid_len);
15748 }
15749
15750 memcpy(params.bssid, nla_data(info->attrs[NL80211_ATTR_BSSID]),
15751 ETH_ALEN);
15752
15753 params.status = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
15754
15755 if (info->attrs[NL80211_ATTR_PMKID])
15756 params.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]);
15757
15758 return rdev_external_auth(rdev, dev, &params);
15759 }
15760
15761 static int nl80211_tx_control_port(struct sk_buff *skb, struct genl_info *info)
15762 {
15763 bool dont_wait_for_ack = info->attrs[NL80211_ATTR_DONT_WAIT_FOR_ACK];
15764 struct cfg80211_registered_device *rdev = info->user_ptr[0];
15765 struct net_device *dev = info->user_ptr[1];
15766 struct wireless_dev *wdev = dev->ieee80211_ptr;
15767 const u8 *buf;
15768 size_t len;
15769 u8 *dest;
15770 u16 proto;
15771 bool noencrypt;
15772 u64 cookie = 0;
15773 int link_id;
15774 int err;
15775
15776 if (!wiphy_ext_feature_isset(&rdev->wiphy,
15777 NL80211_EXT_FEATURE_CONTROL_PORT_OVER_NL80211))
15778 return -EOPNOTSUPP;
15779
15780 if (!rdev->ops->tx_control_port)
15781 return -EOPNOTSUPP;
15782
15783 if (!info->attrs[NL80211_ATTR_FRAME] ||
15784 !info->attrs[NL80211_ATTR_MAC] ||
15785 !info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) {
15786 GENL_SET_ERR_MSG(info, "Frame, MAC or ethertype missing");
15787 return -EINVAL;
15788 }
15789
15790 switch (wdev->iftype) {
15791 case NL80211_IFTYPE_AP:
15792 case NL80211_IFTYPE_P2P_GO:
15793 case NL80211_IFTYPE_MESH_POINT:
15794 break;
15795 case NL80211_IFTYPE_ADHOC:
15796 if (wdev->u.ibss.current_bss)
15797 break;
15798 return -ENOTCONN;
15799 case NL80211_IFTYPE_STATION:
15800 case NL80211_IFTYPE_P2P_CLIENT:
15801 if (wdev->connected)
15802 break;
15803 return -ENOTCONN;
15804 default:
15805 return -EOPNOTSUPP;
15806 }
15807
15808 buf = nla_data(info->attrs[NL80211_ATTR_FRAME]);
15809 len = nla_len(info->attrs[NL80211_ATTR_FRAME]);
15810 dest = nla_data(info->attrs[NL80211_ATTR_MAC]);
15811 proto = nla_get_u16(info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]);
15812 noencrypt =
15813 nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT]);
15814
15815 link_id = nl80211_link_id_or_invalid(info->attrs);
15816
15817 err = rdev_tx_control_port(rdev, dev, buf, len,
15818 dest, cpu_to_be16(proto), noencrypt, link_id,
15819 dont_wait_for_ack ? NULL : &cookie);
15820 if (!err && !dont_wait_for_ack)
15821 nl_set_extack_cookie_u64(info->extack, cookie);
15822 return err;
15823 }
15824
15825 static int nl80211_get_ftm_responder_stats(struct sk_buff *skb,
15826 struct genl_info *info)
15827 {
15828 struct cfg80211_registered_device *rdev = info->user_ptr[0];
15829 struct net_device *dev = info->user_ptr[1];
15830 struct wireless_dev *wdev = dev->ieee80211_ptr;
15831 struct cfg80211_ftm_responder_stats ftm_stats = {};
15832 unsigned int link_id = nl80211_link_id(info->attrs);
15833 struct sk_buff *msg;
15834 void *hdr;
15835 struct nlattr *ftm_stats_attr;
15836 int err;
15837
15838 if (wdev->iftype != NL80211_IFTYPE_AP ||
15839 !wdev->links[link_id].ap.beacon_interval)
15840 return -EOPNOTSUPP;
15841
15842 err = rdev_get_ftm_responder_stats(rdev, dev, &ftm_stats);
15843 if (err)
15844 return err;
15845
15846 if (!ftm_stats.filled)
15847 return -ENODATA;
15848
15849 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
15850 if (!msg)
15851 return -ENOMEM;
15852
15853 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
15854 NL80211_CMD_GET_FTM_RESPONDER_STATS);
15855 if (!hdr)
15856 goto nla_put_failure;
15857
15858 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
15859 goto nla_put_failure;
15860
15861 ftm_stats_attr = nla_nest_start_noflag(msg,
15862 NL80211_ATTR_FTM_RESPONDER_STATS);
15863 if (!ftm_stats_attr)
15864 goto nla_put_failure;
15865
15866 #define SET_FTM(field, name, type) \
15867 do { if ((ftm_stats.filled & BIT(NL80211_FTM_STATS_ ## name)) && \
15868 nla_put_ ## type(msg, NL80211_FTM_STATS_ ## name, \
15869 ftm_stats.field)) \
15870 goto nla_put_failure; } while (0)
15871 #define SET_FTM_U64(field, name) \
15872 do { if ((ftm_stats.filled & BIT(NL80211_FTM_STATS_ ## name)) && \
15873 nla_put_u64_64bit(msg, NL80211_FTM_STATS_ ## name, \
15874 ftm_stats.field, NL80211_FTM_STATS_PAD)) \
15875 goto nla_put_failure; } while (0)
15876
15877 SET_FTM(success_num, SUCCESS_NUM, u32);
15878 SET_FTM(partial_num, PARTIAL_NUM, u32);
15879 SET_FTM(failed_num, FAILED_NUM, u32);
15880 SET_FTM(asap_num, ASAP_NUM, u32);
15881 SET_FTM(non_asap_num, NON_ASAP_NUM, u32);
15882 SET_FTM_U64(total_duration_ms, TOTAL_DURATION_MSEC);
15883 SET_FTM(unknown_triggers_num, UNKNOWN_TRIGGERS_NUM, u32);
15884 SET_FTM(reschedule_requests_num, RESCHEDULE_REQUESTS_NUM, u32);
15885 SET_FTM(out_of_window_triggers_num, OUT_OF_WINDOW_TRIGGERS_NUM, u32);
15886 #undef SET_FTM
15887
15888 nla_nest_end(msg, ftm_stats_attr);
15889
15890 genlmsg_end(msg, hdr);
15891 return genlmsg_reply(msg, info);
15892
15893 nla_put_failure:
15894 nlmsg_free(msg);
15895 return -ENOBUFS;
15896 }
15897
15898 static int nl80211_update_owe_info(struct sk_buff *skb, struct genl_info *info)
15899 {
15900 struct cfg80211_registered_device *rdev = info->user_ptr[0];
15901 struct cfg80211_update_owe_info owe_info;
15902 struct net_device *dev = info->user_ptr[1];
15903
15904 if (!rdev->ops->update_owe_info)
15905 return -EOPNOTSUPP;
15906
15907 if (!info->attrs[NL80211_ATTR_STATUS_CODE] ||
15908 !info->attrs[NL80211_ATTR_MAC])
15909 return -EINVAL;
15910
15911 memset(&owe_info, 0, sizeof(owe_info));
15912 owe_info.status = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
15913 nla_memcpy(owe_info.peer, info->attrs[NL80211_ATTR_MAC], ETH_ALEN);
15914
15915 if (info->attrs[NL80211_ATTR_IE]) {
15916 owe_info.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
15917 owe_info.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
15918 }
15919
15920 return rdev_update_owe_info(rdev, dev, &owe_info);
15921 }
15922
15923 static int nl80211_probe_mesh_link(struct sk_buff *skb, struct genl_info *info)
15924 {
15925 struct cfg80211_registered_device *rdev = info->user_ptr[0];
15926 struct net_device *dev = info->user_ptr[1];
15927 struct wireless_dev *wdev = dev->ieee80211_ptr;
15928 struct station_info sinfo = {};
15929 const u8 *buf;
15930 size_t len;
15931 u8 *dest;
15932 int err;
15933
15934 if (!rdev->ops->probe_mesh_link || !rdev->ops->get_station)
15935 return -EOPNOTSUPP;
15936
15937 if (!info->attrs[NL80211_ATTR_MAC] ||
15938 !info->attrs[NL80211_ATTR_FRAME]) {
15939 GENL_SET_ERR_MSG(info, "Frame or MAC missing");
15940 return -EINVAL;
15941 }
15942
15943 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
15944 return -EOPNOTSUPP;
15945
15946 dest = nla_data(info->attrs[NL80211_ATTR_MAC]);
15947 buf = nla_data(info->attrs[NL80211_ATTR_FRAME]);
15948 len = nla_len(info->attrs[NL80211_ATTR_FRAME]);
15949
15950 if (len < sizeof(struct ethhdr))
15951 return -EINVAL;
15952
15953 if (!ether_addr_equal(buf, dest) || is_multicast_ether_addr(buf) ||
15954 !ether_addr_equal(buf + ETH_ALEN, dev->dev_addr))
15955 return -EINVAL;
15956
15957 err = rdev_get_station(rdev, dev, dest, &sinfo);
15958 if (err)
15959 return err;
15960
15961 cfg80211_sinfo_release_content(&sinfo);
15962
15963 return rdev_probe_mesh_link(rdev, dev, dest, buf, len);
15964 }
15965
15966 static int parse_tid_conf(struct cfg80211_registered_device *rdev,
15967 struct nlattr *attrs[], struct net_device *dev,
15968 struct cfg80211_tid_cfg *tid_conf,
15969 struct genl_info *info, const u8 *peer,
15970 unsigned int link_id)
15971 {
15972 struct netlink_ext_ack *extack = info->extack;
15973 u64 mask;
15974 int err;
15975
15976 if (!attrs[NL80211_TID_CONFIG_ATTR_TIDS])
15977 return -EINVAL;
15978
15979 tid_conf->config_override =
15980 nla_get_flag(attrs[NL80211_TID_CONFIG_ATTR_OVERRIDE]);
15981 tid_conf->tids = nla_get_u16(attrs[NL80211_TID_CONFIG_ATTR_TIDS]);
15982
15983 if (tid_conf->config_override) {
15984 if (rdev->ops->reset_tid_config) {
15985 err = rdev_reset_tid_config(rdev, dev, peer,
15986 tid_conf->tids);
15987 if (err)
15988 return err;
15989 } else {
15990 return -EINVAL;
15991 }
15992 }
15993
15994 if (attrs[NL80211_TID_CONFIG_ATTR_NOACK]) {
15995 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_NOACK);
15996 tid_conf->noack =
15997 nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_NOACK]);
15998 }
15999
16000 if (attrs[NL80211_TID_CONFIG_ATTR_RETRY_SHORT]) {
16001 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_RETRY_SHORT);
16002 tid_conf->retry_short =
16003 nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_RETRY_SHORT]);
16004
16005 if (tid_conf->retry_short > rdev->wiphy.max_data_retry_count)
16006 return -EINVAL;
16007 }
16008
16009 if (attrs[NL80211_TID_CONFIG_ATTR_RETRY_LONG]) {
16010 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_RETRY_LONG);
16011 tid_conf->retry_long =
16012 nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_RETRY_LONG]);
16013
16014 if (tid_conf->retry_long > rdev->wiphy.max_data_retry_count)
16015 return -EINVAL;
16016 }
16017
16018 if (attrs[NL80211_TID_CONFIG_ATTR_AMPDU_CTRL]) {
16019 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL);
16020 tid_conf->ampdu =
16021 nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_AMPDU_CTRL]);
16022 }
16023
16024 if (attrs[NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL]) {
16025 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL);
16026 tid_conf->rtscts =
16027 nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL]);
16028 }
16029
16030 if (attrs[NL80211_TID_CONFIG_ATTR_AMSDU_CTRL]) {
16031 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_AMSDU_CTRL);
16032 tid_conf->amsdu =
16033 nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_AMSDU_CTRL]);
16034 }
16035
16036 if (attrs[NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE]) {
16037 u32 idx = NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE, attr;
16038
16039 tid_conf->txrate_type = nla_get_u8(attrs[idx]);
16040
16041 if (tid_conf->txrate_type != NL80211_TX_RATE_AUTOMATIC) {
16042 attr = NL80211_TID_CONFIG_ATTR_TX_RATE;
16043 err = nl80211_parse_tx_bitrate_mask(info, attrs, attr,
16044 &tid_conf->txrate_mask, dev,
16045 true, link_id);
16046 if (err)
16047 return err;
16048
16049 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_TX_RATE);
16050 }
16051 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE);
16052 }
16053
16054 if (peer)
16055 mask = rdev->wiphy.tid_config_support.peer;
16056 else
16057 mask = rdev->wiphy.tid_config_support.vif;
16058
16059 if (tid_conf->mask & ~mask) {
16060 NL_SET_ERR_MSG(extack, "unsupported TID configuration");
16061 return -EOPNOTSUPP;
16062 }
16063
16064 return 0;
16065 }
16066
16067 static int nl80211_set_tid_config(struct sk_buff *skb,
16068 struct genl_info *info)
16069 {
16070 struct cfg80211_registered_device *rdev = info->user_ptr[0];
16071 struct nlattr *attrs[NL80211_TID_CONFIG_ATTR_MAX + 1];
16072 unsigned int link_id = nl80211_link_id(info->attrs);
16073 struct net_device *dev = info->user_ptr[1];
16074 struct cfg80211_tid_config *tid_config;
16075 struct nlattr *tid;
16076 int conf_idx = 0, rem_conf;
16077 int ret = -EINVAL;
16078 u32 num_conf = 0;
16079
16080 if (!info->attrs[NL80211_ATTR_TID_CONFIG])
16081 return -EINVAL;
16082
16083 if (!rdev->ops->set_tid_config)
16084 return -EOPNOTSUPP;
16085
16086 nla_for_each_nested(tid, info->attrs[NL80211_ATTR_TID_CONFIG],
16087 rem_conf)
16088 num_conf++;
16089
16090 tid_config = kzalloc(struct_size(tid_config, tid_conf, num_conf),
16091 GFP_KERNEL);
16092 if (!tid_config)
16093 return -ENOMEM;
16094
16095 tid_config->n_tid_conf = num_conf;
16096
16097 if (info->attrs[NL80211_ATTR_MAC])
16098 tid_config->peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
16099
16100 nla_for_each_nested(tid, info->attrs[NL80211_ATTR_TID_CONFIG],
16101 rem_conf) {
16102 ret = nla_parse_nested(attrs, NL80211_TID_CONFIG_ATTR_MAX,
16103 tid, NULL, NULL);
16104
16105 if (ret)
16106 goto bad_tid_conf;
16107
16108 ret = parse_tid_conf(rdev, attrs, dev,
16109 &tid_config->tid_conf[conf_idx],
16110 info, tid_config->peer, link_id);
16111 if (ret)
16112 goto bad_tid_conf;
16113
16114 conf_idx++;
16115 }
16116
16117 ret = rdev_set_tid_config(rdev, dev, tid_config);
16118
16119 bad_tid_conf:
16120 kfree(tid_config);
16121 return ret;
16122 }
16123
16124 static int nl80211_color_change(struct sk_buff *skb, struct genl_info *info)
16125 {
16126 struct cfg80211_registered_device *rdev = info->user_ptr[0];
16127 struct cfg80211_color_change_settings params = {};
16128 struct net_device *dev = info->user_ptr[1];
16129 struct wireless_dev *wdev = dev->ieee80211_ptr;
16130 struct nlattr **tb;
16131 u16 offset;
16132 int err;
16133
16134 if (!rdev->ops->color_change)
16135 return -EOPNOTSUPP;
16136
16137 if (!wiphy_ext_feature_isset(&rdev->wiphy,
16138 NL80211_EXT_FEATURE_BSS_COLOR))
16139 return -EOPNOTSUPP;
16140
16141 if (wdev->iftype != NL80211_IFTYPE_AP)
16142 return -EOPNOTSUPP;
16143
16144 if (!info->attrs[NL80211_ATTR_COLOR_CHANGE_COUNT] ||
16145 !info->attrs[NL80211_ATTR_COLOR_CHANGE_COLOR] ||
16146 !info->attrs[NL80211_ATTR_COLOR_CHANGE_ELEMS])
16147 return -EINVAL;
16148
16149 params.count = nla_get_u8(info->attrs[NL80211_ATTR_COLOR_CHANGE_COUNT]);
16150 params.color = nla_get_u8(info->attrs[NL80211_ATTR_COLOR_CHANGE_COLOR]);
16151
16152 err = nl80211_parse_beacon(rdev, info->attrs, &params.beacon_next,
16153 info->extack);
16154 if (err)
16155 return err;
16156
16157 tb = kcalloc(NL80211_ATTR_MAX + 1, sizeof(*tb), GFP_KERNEL);
16158 if (!tb)
16159 return -ENOMEM;
16160
16161 err = nla_parse_nested(tb, NL80211_ATTR_MAX,
16162 info->attrs[NL80211_ATTR_COLOR_CHANGE_ELEMS],
16163 nl80211_policy, info->extack);
16164 if (err)
16165 goto out;
16166
16167 err = nl80211_parse_beacon(rdev, tb, &params.beacon_color_change,
16168 info->extack);
16169 if (err)
16170 goto out;
16171
16172 if (!tb[NL80211_ATTR_CNTDWN_OFFS_BEACON]) {
16173 err = -EINVAL;
16174 goto out;
16175 }
16176
16177 if (nla_len(tb[NL80211_ATTR_CNTDWN_OFFS_BEACON]) != sizeof(u16)) {
16178 err = -EINVAL;
16179 goto out;
16180 }
16181
16182 offset = nla_get_u16(tb[NL80211_ATTR_CNTDWN_OFFS_BEACON]);
16183 if (offset >= params.beacon_color_change.tail_len) {
16184 err = -EINVAL;
16185 goto out;
16186 }
16187
16188 if (params.beacon_color_change.tail[offset] != params.count) {
16189 err = -EINVAL;
16190 goto out;
16191 }
16192
16193 params.counter_offset_beacon = offset;
16194
16195 if (tb[NL80211_ATTR_CNTDWN_OFFS_PRESP]) {
16196 if (nla_len(tb[NL80211_ATTR_CNTDWN_OFFS_PRESP]) !=
16197 sizeof(u16)) {
16198 err = -EINVAL;
16199 goto out;
16200 }
16201
16202 offset = nla_get_u16(tb[NL80211_ATTR_CNTDWN_OFFS_PRESP]);
16203 if (offset >= params.beacon_color_change.probe_resp_len) {
16204 err = -EINVAL;
16205 goto out;
16206 }
16207
16208 if (params.beacon_color_change.probe_resp[offset] !=
16209 params.count) {
16210 err = -EINVAL;
16211 goto out;
16212 }
16213
16214 params.counter_offset_presp = offset;
16215 }
16216
16217 params.link_id = nl80211_link_id(info->attrs);
16218 err = rdev_color_change(rdev, dev, &params);
16219
16220 out:
16221 kfree(params.beacon_next.mbssid_ies);
16222 kfree(params.beacon_color_change.mbssid_ies);
16223 kfree(params.beacon_next.rnr_ies);
16224 kfree(params.beacon_color_change.rnr_ies);
16225 kfree(tb);
16226 return err;
16227 }
16228
16229 static int nl80211_set_fils_aad(struct sk_buff *skb,
16230 struct genl_info *info)
16231 {
16232 struct cfg80211_registered_device *rdev = info->user_ptr[0];
16233 struct net_device *dev = info->user_ptr[1];
16234 struct cfg80211_fils_aad fils_aad = {};
16235 u8 *nonces;
16236
16237 if (!info->attrs[NL80211_ATTR_MAC] ||
16238 !info->attrs[NL80211_ATTR_FILS_KEK] ||
16239 !info->attrs[NL80211_ATTR_FILS_NONCES])
16240 return -EINVAL;
16241
16242 fils_aad.macaddr = nla_data(info->attrs[NL80211_ATTR_MAC]);
16243 fils_aad.kek_len = nla_len(info->attrs[NL80211_ATTR_FILS_KEK]);
16244 fils_aad.kek = nla_data(info->attrs[NL80211_ATTR_FILS_KEK]);
16245 nonces = nla_data(info->attrs[NL80211_ATTR_FILS_NONCES]);
16246 fils_aad.snonce = nonces;
16247 fils_aad.anonce = nonces + FILS_NONCE_LEN;
16248
16249 return rdev_set_fils_aad(rdev, dev, &fils_aad);
16250 }
16251
16252 static int nl80211_add_link(struct sk_buff *skb, struct genl_info *info)
16253 {
16254 struct cfg80211_registered_device *rdev = info->user_ptr[0];
16255 unsigned int link_id = nl80211_link_id(info->attrs);
16256 struct net_device *dev = info->user_ptr[1];
16257 struct wireless_dev *wdev = dev->ieee80211_ptr;
16258 int ret;
16259
16260 if (!(wdev->wiphy->flags & WIPHY_FLAG_SUPPORTS_MLO))
16261 return -EINVAL;
16262
16263 switch (wdev->iftype) {
16264 case NL80211_IFTYPE_AP:
16265 break;
16266 default:
16267 return -EINVAL;
16268 }
16269
16270 if (!info->attrs[NL80211_ATTR_MAC] ||
16271 !is_valid_ether_addr(nla_data(info->attrs[NL80211_ATTR_MAC])))
16272 return -EINVAL;
16273
16274 wdev->valid_links |= BIT(link_id);
16275 ether_addr_copy(wdev->links[link_id].addr,
16276 nla_data(info->attrs[NL80211_ATTR_MAC]));
16277
16278 ret = rdev_add_intf_link(rdev, wdev, link_id);
16279 if (ret) {
16280 wdev->valid_links &= ~BIT(link_id);
16281 eth_zero_addr(wdev->links[link_id].addr);
16282 }
16283
16284 return ret;
16285 }
16286
16287 static int nl80211_remove_link(struct sk_buff *skb, struct genl_info *info)
16288 {
16289 unsigned int link_id = nl80211_link_id(info->attrs);
16290 struct net_device *dev = info->user_ptr[1];
16291 struct wireless_dev *wdev = dev->ieee80211_ptr;
16292
16293 /* cannot remove if there's no link */
16294 if (!info->attrs[NL80211_ATTR_MLO_LINK_ID])
16295 return -EINVAL;
16296
16297 switch (wdev->iftype) {
16298 case NL80211_IFTYPE_AP:
16299 break;
16300 default:
16301 return -EINVAL;
16302 }
16303
16304 cfg80211_remove_link(wdev, link_id);
16305
16306 return 0;
16307 }
16308
16309 static int
16310 nl80211_add_mod_link_station(struct sk_buff *skb, struct genl_info *info,
16311 bool add)
16312 {
16313 struct link_station_parameters params = {};
16314 struct cfg80211_registered_device *rdev = info->user_ptr[0];
16315 struct net_device *dev = info->user_ptr[1];
16316 int err;
16317
16318 if ((add && !rdev->ops->add_link_station) ||
16319 (!add && !rdev->ops->mod_link_station))
16320 return -EOPNOTSUPP;
16321
16322 if (add && !info->attrs[NL80211_ATTR_MAC])
16323 return -EINVAL;
16324
16325 if (!info->attrs[NL80211_ATTR_MLD_ADDR])
16326 return -EINVAL;
16327
16328 if (add && !info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES])
16329 return -EINVAL;
16330
16331 params.mld_mac = nla_data(info->attrs[NL80211_ATTR_MLD_ADDR]);
16332
16333 if (info->attrs[NL80211_ATTR_MAC]) {
16334 params.link_mac = nla_data(info->attrs[NL80211_ATTR_MAC]);
16335 if (!is_valid_ether_addr(params.link_mac))
16336 return -EINVAL;
16337 }
16338
16339 if (!info->attrs[NL80211_ATTR_MLO_LINK_ID])
16340 return -EINVAL;
16341
16342 params.link_id = nla_get_u8(info->attrs[NL80211_ATTR_MLO_LINK_ID]);
16343
16344 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) {
16345 params.supported_rates =
16346 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
16347 params.supported_rates_len =
16348 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
16349 }
16350
16351 if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
16352 params.ht_capa =
16353 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
16354
16355 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
16356 params.vht_capa =
16357 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
16358
16359 if (info->attrs[NL80211_ATTR_HE_CAPABILITY]) {
16360 params.he_capa =
16361 nla_data(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
16362 params.he_capa_len =
16363 nla_len(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
16364
16365 if (info->attrs[NL80211_ATTR_EHT_CAPABILITY]) {
16366 params.eht_capa =
16367 nla_data(info->attrs[NL80211_ATTR_EHT_CAPABILITY]);
16368 params.eht_capa_len =
16369 nla_len(info->attrs[NL80211_ATTR_EHT_CAPABILITY]);
16370
16371 if (!ieee80211_eht_capa_size_ok((const u8 *)params.he_capa,
16372 (const u8 *)params.eht_capa,
16373 params.eht_capa_len,
16374 false))
16375 return -EINVAL;
16376 }
16377 }
16378
16379 if (info->attrs[NL80211_ATTR_HE_6GHZ_CAPABILITY])
16380 params.he_6ghz_capa =
16381 nla_data(info->attrs[NL80211_ATTR_HE_6GHZ_CAPABILITY]);
16382
16383 if (info->attrs[NL80211_ATTR_OPMODE_NOTIF]) {
16384 params.opmode_notif_used = true;
16385 params.opmode_notif =
16386 nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]);
16387 }
16388
16389 err = nl80211_parse_sta_txpower_setting(info, &params.txpwr,
16390 &params.txpwr_set);
16391 if (err)
16392 return err;
16393
16394 if (add)
16395 return rdev_add_link_station(rdev, dev, &params);
16396
16397 return rdev_mod_link_station(rdev, dev, &params);
16398 }
16399
16400 static int
16401 nl80211_add_link_station(struct sk_buff *skb, struct genl_info *info)
16402 {
16403 return nl80211_add_mod_link_station(skb, info, true);
16404 }
16405
16406 static int
16407 nl80211_modify_link_station(struct sk_buff *skb, struct genl_info *info)
16408 {
16409 return nl80211_add_mod_link_station(skb, info, false);
16410 }
16411
16412 static int
16413 nl80211_remove_link_station(struct sk_buff *skb, struct genl_info *info)
16414 {
16415 struct link_station_del_parameters params = {};
16416 struct cfg80211_registered_device *rdev = info->user_ptr[0];
16417 struct net_device *dev = info->user_ptr[1];
16418
16419 if (!rdev->ops->del_link_station)
16420 return -EOPNOTSUPP;
16421
16422 if (!info->attrs[NL80211_ATTR_MLD_ADDR] ||
16423 !info->attrs[NL80211_ATTR_MLO_LINK_ID])
16424 return -EINVAL;
16425
16426 params.mld_mac = nla_data(info->attrs[NL80211_ATTR_MLD_ADDR]);
16427 params.link_id = nla_get_u8(info->attrs[NL80211_ATTR_MLO_LINK_ID]);
16428
16429 return rdev_del_link_station(rdev, dev, &params);
16430 }
16431
16432 static int nl80211_set_hw_timestamp(struct sk_buff *skb,
16433 struct genl_info *info)
16434 {
16435 struct cfg80211_registered_device *rdev = info->user_ptr[0];
16436 struct net_device *dev = info->user_ptr[1];
16437 struct cfg80211_set_hw_timestamp hwts = {};
16438
16439 if (!rdev->wiphy.hw_timestamp_max_peers)
16440 return -EOPNOTSUPP;
16441
16442 if (!info->attrs[NL80211_ATTR_MAC] &&
16443 rdev->wiphy.hw_timestamp_max_peers != CFG80211_HW_TIMESTAMP_ALL_PEERS)
16444 return -EOPNOTSUPP;
16445
16446 if (info->attrs[NL80211_ATTR_MAC])
16447 hwts.macaddr = nla_data(info->attrs[NL80211_ATTR_MAC]);
16448
16449 hwts.enable =
16450 nla_get_flag(info->attrs[NL80211_ATTR_HW_TIMESTAMP_ENABLED]);
16451
16452 return rdev_set_hw_timestamp(rdev, dev, &hwts);
16453 }
16454
16455 static int
16456 nl80211_set_ttlm(struct sk_buff *skb, struct genl_info *info)
16457 {
16458 struct cfg80211_ttlm_params params = {};
16459 struct cfg80211_registered_device *rdev = info->user_ptr[0];
16460 struct net_device *dev = info->user_ptr[1];
16461 struct wireless_dev *wdev = dev->ieee80211_ptr;
16462
16463 if (wdev->iftype != NL80211_IFTYPE_STATION &&
16464 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
16465 return -EOPNOTSUPP;
16466
16467 if (!wdev->connected)
16468 return -ENOLINK;
16469
16470 if (!info->attrs[NL80211_ATTR_MLO_TTLM_DLINK] ||
16471 !info->attrs[NL80211_ATTR_MLO_TTLM_ULINK])
16472 return -EINVAL;
16473
16474 nla_memcpy(params.dlink,
16475 info->attrs[NL80211_ATTR_MLO_TTLM_DLINK],
16476 sizeof(params.dlink));
16477 nla_memcpy(params.ulink,
16478 info->attrs[NL80211_ATTR_MLO_TTLM_ULINK],
16479 sizeof(params.ulink));
16480
16481 return rdev_set_ttlm(rdev, dev, &params);
16482 }
16483
16484 #define NL80211_FLAG_NEED_WIPHY 0x01
16485 #define NL80211_FLAG_NEED_NETDEV 0x02
16486 #define NL80211_FLAG_NEED_RTNL 0x04
16487 #define NL80211_FLAG_CHECK_NETDEV_UP 0x08
16488 #define NL80211_FLAG_NEED_NETDEV_UP (NL80211_FLAG_NEED_NETDEV |\
16489 NL80211_FLAG_CHECK_NETDEV_UP)
16490 #define NL80211_FLAG_NEED_WDEV 0x10
16491 /* If a netdev is associated, it must be UP, P2P must be started */
16492 #define NL80211_FLAG_NEED_WDEV_UP (NL80211_FLAG_NEED_WDEV |\
16493 NL80211_FLAG_CHECK_NETDEV_UP)
16494 #define NL80211_FLAG_CLEAR_SKB 0x20
16495 #define NL80211_FLAG_NO_WIPHY_MTX 0x40
16496 #define NL80211_FLAG_MLO_VALID_LINK_ID 0x80
16497 #define NL80211_FLAG_MLO_UNSUPPORTED 0x100
16498
16499 #define INTERNAL_FLAG_SELECTORS(__sel) \
16500 SELECTOR(__sel, NONE, 0) /* must be first */ \
16501 SELECTOR(__sel, WIPHY, \
16502 NL80211_FLAG_NEED_WIPHY) \
16503 SELECTOR(__sel, WDEV, \
16504 NL80211_FLAG_NEED_WDEV) \
16505 SELECTOR(__sel, NETDEV, \
16506 NL80211_FLAG_NEED_NETDEV) \
16507 SELECTOR(__sel, NETDEV_LINK, \
16508 NL80211_FLAG_NEED_NETDEV | \
16509 NL80211_FLAG_MLO_VALID_LINK_ID) \
16510 SELECTOR(__sel, NETDEV_NO_MLO, \
16511 NL80211_FLAG_NEED_NETDEV | \
16512 NL80211_FLAG_MLO_UNSUPPORTED) \
16513 SELECTOR(__sel, WIPHY_RTNL, \
16514 NL80211_FLAG_NEED_WIPHY | \
16515 NL80211_FLAG_NEED_RTNL) \
16516 SELECTOR(__sel, WIPHY_RTNL_NOMTX, \
16517 NL80211_FLAG_NEED_WIPHY | \
16518 NL80211_FLAG_NEED_RTNL | \
16519 NL80211_FLAG_NO_WIPHY_MTX) \
16520 SELECTOR(__sel, WDEV_RTNL, \
16521 NL80211_FLAG_NEED_WDEV | \
16522 NL80211_FLAG_NEED_RTNL) \
16523 SELECTOR(__sel, NETDEV_RTNL, \
16524 NL80211_FLAG_NEED_NETDEV | \
16525 NL80211_FLAG_NEED_RTNL) \
16526 SELECTOR(__sel, NETDEV_UP, \
16527 NL80211_FLAG_NEED_NETDEV_UP) \
16528 SELECTOR(__sel, NETDEV_UP_LINK, \
16529 NL80211_FLAG_NEED_NETDEV_UP | \
16530 NL80211_FLAG_MLO_VALID_LINK_ID) \
16531 SELECTOR(__sel, NETDEV_UP_NO_MLO, \
16532 NL80211_FLAG_NEED_NETDEV_UP | \
16533 NL80211_FLAG_MLO_UNSUPPORTED) \
16534 SELECTOR(__sel, NETDEV_UP_NO_MLO_CLEAR, \
16535 NL80211_FLAG_NEED_NETDEV_UP | \
16536 NL80211_FLAG_CLEAR_SKB | \
16537 NL80211_FLAG_MLO_UNSUPPORTED) \
16538 SELECTOR(__sel, NETDEV_UP_NOTMX, \
16539 NL80211_FLAG_NEED_NETDEV_UP | \
16540 NL80211_FLAG_NO_WIPHY_MTX) \
16541 SELECTOR(__sel, NETDEV_UP_NOTMX_MLO, \
16542 NL80211_FLAG_NEED_NETDEV_UP | \
16543 NL80211_FLAG_NO_WIPHY_MTX | \
16544 NL80211_FLAG_MLO_VALID_LINK_ID) \
16545 SELECTOR(__sel, NETDEV_UP_CLEAR, \
16546 NL80211_FLAG_NEED_NETDEV_UP | \
16547 NL80211_FLAG_CLEAR_SKB) \
16548 SELECTOR(__sel, WDEV_UP, \
16549 NL80211_FLAG_NEED_WDEV_UP) \
16550 SELECTOR(__sel, WDEV_UP_LINK, \
16551 NL80211_FLAG_NEED_WDEV_UP | \
16552 NL80211_FLAG_MLO_VALID_LINK_ID) \
16553 SELECTOR(__sel, WDEV_UP_RTNL, \
16554 NL80211_FLAG_NEED_WDEV_UP | \
16555 NL80211_FLAG_NEED_RTNL) \
16556 SELECTOR(__sel, WIPHY_CLEAR, \
16557 NL80211_FLAG_NEED_WIPHY | \
16558 NL80211_FLAG_CLEAR_SKB)
16559
16560 enum nl80211_internal_flags_selector {
16561 #define SELECTOR(_, name, value) NL80211_IFL_SEL_##name,
16562 INTERNAL_FLAG_SELECTORS(_)
16563 #undef SELECTOR
16564 };
16565
16566 static u32 nl80211_internal_flags[] = {
16567 #define SELECTOR(_, name, value) [NL80211_IFL_SEL_##name] = value,
16568 INTERNAL_FLAG_SELECTORS(_)
16569 #undef SELECTOR
16570 };
16571
16572 static int nl80211_pre_doit(const struct genl_split_ops *ops,
16573 struct sk_buff *skb,
16574 struct genl_info *info)
16575 {
16576 struct cfg80211_registered_device *rdev = NULL;
16577 struct wireless_dev *wdev = NULL;
16578 struct net_device *dev = NULL;
16579 u32 internal_flags;
16580 int err;
16581
16582 if (WARN_ON(ops->internal_flags >= ARRAY_SIZE(nl80211_internal_flags)))
16583 return -EINVAL;
16584
16585 internal_flags = nl80211_internal_flags[ops->internal_flags];
16586
16587 rtnl_lock();
16588 if (internal_flags & NL80211_FLAG_NEED_WIPHY) {
16589 rdev = cfg80211_get_dev_from_info(genl_info_net(info), info);
16590 if (IS_ERR(rdev)) {
16591 err = PTR_ERR(rdev);
16592 goto out_unlock;
16593 }
16594 info->user_ptr[0] = rdev;
16595 } else if (internal_flags & NL80211_FLAG_NEED_NETDEV ||
16596 internal_flags & NL80211_FLAG_NEED_WDEV) {
16597 wdev = __cfg80211_wdev_from_attrs(NULL, genl_info_net(info),
16598 info->attrs);
16599 if (IS_ERR(wdev)) {
16600 err = PTR_ERR(wdev);
16601 goto out_unlock;
16602 }
16603
16604 dev = wdev->netdev;
16605 dev_hold(dev);
16606 rdev = wiphy_to_rdev(wdev->wiphy);
16607
16608 if (internal_flags & NL80211_FLAG_NEED_NETDEV) {
16609 if (!dev) {
16610 err = -EINVAL;
16611 goto out_unlock;
16612 }
16613
16614 info->user_ptr[1] = dev;
16615 } else {
16616 info->user_ptr[1] = wdev;
16617 }
16618
16619 if (internal_flags & NL80211_FLAG_CHECK_NETDEV_UP &&
16620 !wdev_running(wdev)) {
16621 err = -ENETDOWN;
16622 goto out_unlock;
16623 }
16624
16625 info->user_ptr[0] = rdev;
16626 }
16627
16628 if (internal_flags & NL80211_FLAG_MLO_VALID_LINK_ID) {
16629 struct nlattr *link_id = info->attrs[NL80211_ATTR_MLO_LINK_ID];
16630
16631 if (!wdev) {
16632 err = -EINVAL;
16633 goto out_unlock;
16634 }
16635
16636 /* MLO -> require valid link ID */
16637 if (wdev->valid_links &&
16638 (!link_id ||
16639 !(wdev->valid_links & BIT(nla_get_u8(link_id))))) {
16640 err = -EINVAL;
16641 goto out_unlock;
16642 }
16643
16644 /* non-MLO -> no link ID attribute accepted */
16645 if (!wdev->valid_links && link_id) {
16646 err = -EINVAL;
16647 goto out_unlock;
16648 }
16649 }
16650
16651 if (internal_flags & NL80211_FLAG_MLO_UNSUPPORTED) {
16652 if (info->attrs[NL80211_ATTR_MLO_LINK_ID] ||
16653 (wdev && wdev->valid_links)) {
16654 err = -EINVAL;
16655 goto out_unlock;
16656 }
16657 }
16658
16659 if (rdev && !(internal_flags & NL80211_FLAG_NO_WIPHY_MTX)) {
16660 wiphy_lock(&rdev->wiphy);
16661 /* we keep the mutex locked until post_doit */
16662 __release(&rdev->wiphy.mtx);
16663 }
16664 if (!(internal_flags & NL80211_FLAG_NEED_RTNL))
16665 rtnl_unlock();
16666
16667 return 0;
16668 out_unlock:
16669 rtnl_unlock();
16670 dev_put(dev);
16671 return err;
16672 }
16673
16674 static void nl80211_post_doit(const struct genl_split_ops *ops,
16675 struct sk_buff *skb,
16676 struct genl_info *info)
16677 {
16678 u32 internal_flags = nl80211_internal_flags[ops->internal_flags];
16679
16680 if (info->user_ptr[1]) {
16681 if (internal_flags & NL80211_FLAG_NEED_WDEV) {
16682 struct wireless_dev *wdev = info->user_ptr[1];
16683
16684 dev_put(wdev->netdev);
16685 } else {
16686 dev_put(info->user_ptr[1]);
16687 }
16688 }
16689
16690 if (info->user_ptr[0] &&
16691 !(internal_flags & NL80211_FLAG_NO_WIPHY_MTX)) {
16692 struct cfg80211_registered_device *rdev = info->user_ptr[0];
16693
16694 /* we kept the mutex locked since pre_doit */
16695 __acquire(&rdev->wiphy.mtx);
16696 wiphy_unlock(&rdev->wiphy);
16697 }
16698
16699 if (internal_flags & NL80211_FLAG_NEED_RTNL)
16700 rtnl_unlock();
16701
16702 /* If needed, clear the netlink message payload from the SKB
16703 * as it might contain key data that shouldn't stick around on
16704 * the heap after the SKB is freed. The netlink message header
16705 * is still needed for further processing, so leave it intact.
16706 */
16707 if (internal_flags & NL80211_FLAG_CLEAR_SKB) {
16708 struct nlmsghdr *nlh = nlmsg_hdr(skb);
16709
16710 memset(nlmsg_data(nlh), 0, nlmsg_len(nlh));
16711 }
16712 }
16713
16714 static int nl80211_set_sar_sub_specs(struct cfg80211_registered_device *rdev,
16715 struct cfg80211_sar_specs *sar_specs,
16716 struct nlattr *spec[], int index)
16717 {
16718 u32 range_index, i;
16719
16720 if (!sar_specs || !spec)
16721 return -EINVAL;
16722
16723 if (!spec[NL80211_SAR_ATTR_SPECS_POWER] ||
16724 !spec[NL80211_SAR_ATTR_SPECS_RANGE_INDEX])
16725 return -EINVAL;
16726
16727 range_index = nla_get_u32(spec[NL80211_SAR_ATTR_SPECS_RANGE_INDEX]);
16728
16729 /* check if range_index exceeds num_freq_ranges */
16730 if (range_index >= rdev->wiphy.sar_capa->num_freq_ranges)
16731 return -EINVAL;
16732
16733 /* check if range_index duplicates */
16734 for (i = 0; i < index; i++) {
16735 if (sar_specs->sub_specs[i].freq_range_index == range_index)
16736 return -EINVAL;
16737 }
16738
16739 sar_specs->sub_specs[index].power =
16740 nla_get_s32(spec[NL80211_SAR_ATTR_SPECS_POWER]);
16741
16742 sar_specs->sub_specs[index].freq_range_index = range_index;
16743
16744 return 0;
16745 }
16746
16747 static int nl80211_set_sar_specs(struct sk_buff *skb, struct genl_info *info)
16748 {
16749 struct cfg80211_registered_device *rdev = info->user_ptr[0];
16750 struct nlattr *spec[NL80211_SAR_ATTR_SPECS_MAX + 1];
16751 struct nlattr *tb[NL80211_SAR_ATTR_MAX + 1];
16752 struct cfg80211_sar_specs *sar_spec;
16753 enum nl80211_sar_type type;
16754 struct nlattr *spec_list;
16755 u32 specs;
16756 int rem, err;
16757
16758 if (!rdev->wiphy.sar_capa || !rdev->ops->set_sar_specs)
16759 return -EOPNOTSUPP;
16760
16761 if (!info->attrs[NL80211_ATTR_SAR_SPEC])
16762 return -EINVAL;
16763
16764 nla_parse_nested(tb, NL80211_SAR_ATTR_MAX,
16765 info->attrs[NL80211_ATTR_SAR_SPEC],
16766 NULL, NULL);
16767
16768 if (!tb[NL80211_SAR_ATTR_TYPE] || !tb[NL80211_SAR_ATTR_SPECS])
16769 return -EINVAL;
16770
16771 type = nla_get_u32(tb[NL80211_SAR_ATTR_TYPE]);
16772 if (type != rdev->wiphy.sar_capa->type)
16773 return -EINVAL;
16774
16775 specs = 0;
16776 nla_for_each_nested(spec_list, tb[NL80211_SAR_ATTR_SPECS], rem)
16777 specs++;
16778
16779 if (specs > rdev->wiphy.sar_capa->num_freq_ranges)
16780 return -EINVAL;
16781
16782 sar_spec = kzalloc(struct_size(sar_spec, sub_specs, specs), GFP_KERNEL);
16783 if (!sar_spec)
16784 return -ENOMEM;
16785
16786 sar_spec->type = type;
16787 specs = 0;
16788 nla_for_each_nested(spec_list, tb[NL80211_SAR_ATTR_SPECS], rem) {
16789 nla_parse_nested(spec, NL80211_SAR_ATTR_SPECS_MAX,
16790 spec_list, NULL, NULL);
16791
16792 switch (type) {
16793 case NL80211_SAR_TYPE_POWER:
16794 if (nl80211_set_sar_sub_specs(rdev, sar_spec,
16795 spec, specs)) {
16796 err = -EINVAL;
16797 goto error;
16798 }
16799 break;
16800 default:
16801 err = -EINVAL;
16802 goto error;
16803 }
16804 specs++;
16805 }
16806
16807 sar_spec->num_sub_specs = specs;
16808
16809 rdev->cur_cmd_info = info;
16810 err = rdev_set_sar_specs(rdev, sar_spec);
16811 rdev->cur_cmd_info = NULL;
16812 error:
16813 kfree(sar_spec);
16814 return err;
16815 }
16816
16817 #define SELECTOR(__sel, name, value) \
16818 ((__sel) == (value)) ? NL80211_IFL_SEL_##name :
16819 int __missing_selector(void);
16820 #define IFLAGS(__val) INTERNAL_FLAG_SELECTORS(__val) __missing_selector()
16821
16822 static const struct genl_ops nl80211_ops[] = {
16823 {
16824 .cmd = NL80211_CMD_GET_WIPHY,
16825 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16826 .doit = nl80211_get_wiphy,
16827 .dumpit = nl80211_dump_wiphy,
16828 .done = nl80211_dump_wiphy_done,
16829 /* can be retrieved by unprivileged users */
16830 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY),
16831 },
16832 };
16833
16834 static const struct genl_small_ops nl80211_small_ops[] = {
16835 {
16836 .cmd = NL80211_CMD_SET_WIPHY,
16837 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16838 .doit = nl80211_set_wiphy,
16839 .flags = GENL_UNS_ADMIN_PERM,
16840 },
16841 {
16842 .cmd = NL80211_CMD_GET_INTERFACE,
16843 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16844 .doit = nl80211_get_interface,
16845 .dumpit = nl80211_dump_interface,
16846 /* can be retrieved by unprivileged users */
16847 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV),
16848 },
16849 {
16850 .cmd = NL80211_CMD_SET_INTERFACE,
16851 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16852 .doit = nl80211_set_interface,
16853 .flags = GENL_UNS_ADMIN_PERM,
16854 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV |
16855 NL80211_FLAG_NEED_RTNL),
16856 },
16857 {
16858 .cmd = NL80211_CMD_NEW_INTERFACE,
16859 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16860 .doit = nl80211_new_interface,
16861 .flags = GENL_UNS_ADMIN_PERM,
16862 .internal_flags =
16863 IFLAGS(NL80211_FLAG_NEED_WIPHY |
16864 NL80211_FLAG_NEED_RTNL |
16865 /* we take the wiphy mutex later ourselves */
16866 NL80211_FLAG_NO_WIPHY_MTX),
16867 },
16868 {
16869 .cmd = NL80211_CMD_DEL_INTERFACE,
16870 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16871 .doit = nl80211_del_interface,
16872 .flags = GENL_UNS_ADMIN_PERM,
16873 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV |
16874 NL80211_FLAG_NEED_RTNL),
16875 },
16876 {
16877 .cmd = NL80211_CMD_GET_KEY,
16878 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16879 .doit = nl80211_get_key,
16880 .flags = GENL_UNS_ADMIN_PERM,
16881 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
16882 },
16883 {
16884 .cmd = NL80211_CMD_SET_KEY,
16885 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16886 .doit = nl80211_set_key,
16887 .flags = GENL_UNS_ADMIN_PERM,
16888 /* cannot use NL80211_FLAG_MLO_VALID_LINK_ID, depends on key */
16889 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
16890 NL80211_FLAG_CLEAR_SKB),
16891 },
16892 {
16893 .cmd = NL80211_CMD_NEW_KEY,
16894 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16895 .doit = nl80211_new_key,
16896 .flags = GENL_UNS_ADMIN_PERM,
16897 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
16898 NL80211_FLAG_CLEAR_SKB),
16899 },
16900 {
16901 .cmd = NL80211_CMD_DEL_KEY,
16902 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16903 .doit = nl80211_del_key,
16904 .flags = GENL_UNS_ADMIN_PERM,
16905 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
16906 },
16907 {
16908 .cmd = NL80211_CMD_SET_BEACON,
16909 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16910 .flags = GENL_UNS_ADMIN_PERM,
16911 .doit = nl80211_set_beacon,
16912 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
16913 NL80211_FLAG_MLO_VALID_LINK_ID),
16914 },
16915 {
16916 .cmd = NL80211_CMD_START_AP,
16917 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16918 .flags = GENL_UNS_ADMIN_PERM,
16919 .doit = nl80211_start_ap,
16920 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
16921 NL80211_FLAG_MLO_VALID_LINK_ID),
16922 },
16923 {
16924 .cmd = NL80211_CMD_STOP_AP,
16925 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16926 .flags = GENL_UNS_ADMIN_PERM,
16927 .doit = nl80211_stop_ap,
16928 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
16929 NL80211_FLAG_MLO_VALID_LINK_ID),
16930 },
16931 {
16932 .cmd = NL80211_CMD_GET_STATION,
16933 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16934 .doit = nl80211_get_station,
16935 .dumpit = nl80211_dump_station,
16936 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV),
16937 },
16938 {
16939 .cmd = NL80211_CMD_SET_STATION,
16940 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16941 .doit = nl80211_set_station,
16942 .flags = GENL_UNS_ADMIN_PERM,
16943 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
16944 },
16945 {
16946 .cmd = NL80211_CMD_NEW_STATION,
16947 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16948 .doit = nl80211_new_station,
16949 .flags = GENL_UNS_ADMIN_PERM,
16950 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
16951 },
16952 {
16953 .cmd = NL80211_CMD_DEL_STATION,
16954 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16955 .doit = nl80211_del_station,
16956 .flags = GENL_UNS_ADMIN_PERM,
16957 /* cannot use NL80211_FLAG_MLO_VALID_LINK_ID, depends on
16958 * whether MAC address is passed or not. If MAC address is
16959 * passed, then even during MLO, link ID is not required.
16960 */
16961 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
16962 },
16963 {
16964 .cmd = NL80211_CMD_GET_MPATH,
16965 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16966 .doit = nl80211_get_mpath,
16967 .dumpit = nl80211_dump_mpath,
16968 .flags = GENL_UNS_ADMIN_PERM,
16969 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
16970 },
16971 {
16972 .cmd = NL80211_CMD_GET_MPP,
16973 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16974 .doit = nl80211_get_mpp,
16975 .dumpit = nl80211_dump_mpp,
16976 .flags = GENL_UNS_ADMIN_PERM,
16977 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
16978 },
16979 {
16980 .cmd = NL80211_CMD_SET_MPATH,
16981 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16982 .doit = nl80211_set_mpath,
16983 .flags = GENL_UNS_ADMIN_PERM,
16984 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
16985 },
16986 {
16987 .cmd = NL80211_CMD_NEW_MPATH,
16988 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16989 .doit = nl80211_new_mpath,
16990 .flags = GENL_UNS_ADMIN_PERM,
16991 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
16992 },
16993 {
16994 .cmd = NL80211_CMD_DEL_MPATH,
16995 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16996 .doit = nl80211_del_mpath,
16997 .flags = GENL_UNS_ADMIN_PERM,
16998 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
16999 },
17000 {
17001 .cmd = NL80211_CMD_SET_BSS,
17002 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17003 .doit = nl80211_set_bss,
17004 .flags = GENL_UNS_ADMIN_PERM,
17005 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
17006 NL80211_FLAG_MLO_VALID_LINK_ID),
17007 },
17008 {
17009 .cmd = NL80211_CMD_GET_REG,
17010 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17011 .doit = nl80211_get_reg_do,
17012 .dumpit = nl80211_get_reg_dump,
17013 /* can be retrieved by unprivileged users */
17014 },
17015 #ifdef CONFIG_CFG80211_CRDA_SUPPORT
17016 {
17017 .cmd = NL80211_CMD_SET_REG,
17018 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17019 .doit = nl80211_set_reg,
17020 .flags = GENL_ADMIN_PERM,
17021 },
17022 #endif
17023 {
17024 .cmd = NL80211_CMD_REQ_SET_REG,
17025 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17026 .doit = nl80211_req_set_reg,
17027 .flags = GENL_ADMIN_PERM,
17028 },
17029 {
17030 .cmd = NL80211_CMD_RELOAD_REGDB,
17031 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17032 .doit = nl80211_reload_regdb,
17033 .flags = GENL_ADMIN_PERM,
17034 },
17035 {
17036 .cmd = NL80211_CMD_GET_MESH_CONFIG,
17037 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17038 .doit = nl80211_get_mesh_config,
17039 /* can be retrieved by unprivileged users */
17040 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17041 },
17042 {
17043 .cmd = NL80211_CMD_SET_MESH_CONFIG,
17044 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17045 .doit = nl80211_update_mesh_config,
17046 .flags = GENL_UNS_ADMIN_PERM,
17047 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17048 },
17049 {
17050 .cmd = NL80211_CMD_TRIGGER_SCAN,
17051 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17052 .doit = nl80211_trigger_scan,
17053 .flags = GENL_UNS_ADMIN_PERM,
17054 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
17055 },
17056 {
17057 .cmd = NL80211_CMD_ABORT_SCAN,
17058 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17059 .doit = nl80211_abort_scan,
17060 .flags = GENL_UNS_ADMIN_PERM,
17061 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
17062 },
17063 {
17064 .cmd = NL80211_CMD_GET_SCAN,
17065 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17066 .dumpit = nl80211_dump_scan,
17067 },
17068 {
17069 .cmd = NL80211_CMD_START_SCHED_SCAN,
17070 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17071 .doit = nl80211_start_sched_scan,
17072 .flags = GENL_UNS_ADMIN_PERM,
17073 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17074 },
17075 {
17076 .cmd = NL80211_CMD_STOP_SCHED_SCAN,
17077 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17078 .doit = nl80211_stop_sched_scan,
17079 .flags = GENL_UNS_ADMIN_PERM,
17080 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17081 },
17082 {
17083 .cmd = NL80211_CMD_AUTHENTICATE,
17084 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17085 .doit = nl80211_authenticate,
17086 .flags = GENL_UNS_ADMIN_PERM,
17087 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
17088 NL80211_FLAG_CLEAR_SKB),
17089 },
17090 {
17091 .cmd = NL80211_CMD_ASSOCIATE,
17092 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17093 .doit = nl80211_associate,
17094 .flags = GENL_UNS_ADMIN_PERM,
17095 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
17096 NL80211_FLAG_CLEAR_SKB),
17097 },
17098 {
17099 .cmd = NL80211_CMD_DEAUTHENTICATE,
17100 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17101 .doit = nl80211_deauthenticate,
17102 .flags = GENL_UNS_ADMIN_PERM,
17103 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17104 },
17105 {
17106 .cmd = NL80211_CMD_DISASSOCIATE,
17107 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17108 .doit = nl80211_disassociate,
17109 .flags = GENL_UNS_ADMIN_PERM,
17110 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17111 },
17112 {
17113 .cmd = NL80211_CMD_JOIN_IBSS,
17114 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17115 .doit = nl80211_join_ibss,
17116 .flags = GENL_UNS_ADMIN_PERM,
17117 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17118 },
17119 {
17120 .cmd = NL80211_CMD_LEAVE_IBSS,
17121 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17122 .doit = nl80211_leave_ibss,
17123 .flags = GENL_UNS_ADMIN_PERM,
17124 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17125 },
17126 #ifdef CONFIG_NL80211_TESTMODE
17127 {
17128 .cmd = NL80211_CMD_TESTMODE,
17129 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17130 .doit = nl80211_testmode_do,
17131 .dumpit = nl80211_testmode_dump,
17132 .flags = GENL_UNS_ADMIN_PERM,
17133 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY),
17134 },
17135 #endif
17136 {
17137 .cmd = NL80211_CMD_CONNECT,
17138 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17139 .doit = nl80211_connect,
17140 .flags = GENL_UNS_ADMIN_PERM,
17141 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
17142 NL80211_FLAG_CLEAR_SKB),
17143 },
17144 {
17145 .cmd = NL80211_CMD_UPDATE_CONNECT_PARAMS,
17146 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17147 .doit = nl80211_update_connect_params,
17148 .flags = GENL_ADMIN_PERM,
17149 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
17150 NL80211_FLAG_CLEAR_SKB),
17151 },
17152 {
17153 .cmd = NL80211_CMD_DISCONNECT,
17154 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17155 .doit = nl80211_disconnect,
17156 .flags = GENL_UNS_ADMIN_PERM,
17157 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17158 },
17159 {
17160 .cmd = NL80211_CMD_SET_WIPHY_NETNS,
17161 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17162 .doit = nl80211_wiphy_netns,
17163 .flags = GENL_UNS_ADMIN_PERM,
17164 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY |
17165 NL80211_FLAG_NEED_RTNL |
17166 NL80211_FLAG_NO_WIPHY_MTX),
17167 },
17168 {
17169 .cmd = NL80211_CMD_GET_SURVEY,
17170 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17171 .dumpit = nl80211_dump_survey,
17172 },
17173 {
17174 .cmd = NL80211_CMD_SET_PMKSA,
17175 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17176 .doit = nl80211_set_pmksa,
17177 .flags = GENL_UNS_ADMIN_PERM,
17178 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
17179 NL80211_FLAG_CLEAR_SKB),
17180 },
17181 {
17182 .cmd = NL80211_CMD_DEL_PMKSA,
17183 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17184 .doit = nl80211_del_pmksa,
17185 .flags = GENL_UNS_ADMIN_PERM,
17186 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17187 },
17188 {
17189 .cmd = NL80211_CMD_FLUSH_PMKSA,
17190 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17191 .doit = nl80211_flush_pmksa,
17192 .flags = GENL_UNS_ADMIN_PERM,
17193 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17194 },
17195 {
17196 .cmd = NL80211_CMD_REMAIN_ON_CHANNEL,
17197 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17198 .doit = nl80211_remain_on_channel,
17199 .flags = GENL_UNS_ADMIN_PERM,
17200 /* FIXME: requiring a link ID here is probably not good */
17201 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP |
17202 NL80211_FLAG_MLO_VALID_LINK_ID),
17203 },
17204 {
17205 .cmd = NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
17206 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17207 .doit = nl80211_cancel_remain_on_channel,
17208 .flags = GENL_UNS_ADMIN_PERM,
17209 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
17210 },
17211 {
17212 .cmd = NL80211_CMD_SET_TX_BITRATE_MASK,
17213 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17214 .doit = nl80211_set_tx_bitrate_mask,
17215 .flags = GENL_UNS_ADMIN_PERM,
17216 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV |
17217 NL80211_FLAG_MLO_VALID_LINK_ID),
17218 },
17219 {
17220 .cmd = NL80211_CMD_REGISTER_FRAME,
17221 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17222 .doit = nl80211_register_mgmt,
17223 .flags = GENL_UNS_ADMIN_PERM,
17224 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV),
17225 },
17226 {
17227 .cmd = NL80211_CMD_FRAME,
17228 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17229 .doit = nl80211_tx_mgmt,
17230 .flags = GENL_UNS_ADMIN_PERM,
17231 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
17232 },
17233 {
17234 .cmd = NL80211_CMD_FRAME_WAIT_CANCEL,
17235 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17236 .doit = nl80211_tx_mgmt_cancel_wait,
17237 .flags = GENL_UNS_ADMIN_PERM,
17238 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
17239 },
17240 {
17241 .cmd = NL80211_CMD_SET_POWER_SAVE,
17242 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17243 .doit = nl80211_set_power_save,
17244 .flags = GENL_UNS_ADMIN_PERM,
17245 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV),
17246 },
17247 {
17248 .cmd = NL80211_CMD_GET_POWER_SAVE,
17249 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17250 .doit = nl80211_get_power_save,
17251 /* can be retrieved by unprivileged users */
17252 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV),
17253 },
17254 {
17255 .cmd = NL80211_CMD_SET_CQM,
17256 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17257 .doit = nl80211_set_cqm,
17258 .flags = GENL_UNS_ADMIN_PERM,
17259 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV),
17260 },
17261 {
17262 .cmd = NL80211_CMD_SET_CHANNEL,
17263 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17264 .doit = nl80211_set_channel,
17265 .flags = GENL_UNS_ADMIN_PERM,
17266 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV |
17267 NL80211_FLAG_MLO_VALID_LINK_ID),
17268 },
17269 {
17270 .cmd = NL80211_CMD_JOIN_MESH,
17271 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17272 .doit = nl80211_join_mesh,
17273 .flags = GENL_UNS_ADMIN_PERM,
17274 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17275 },
17276 {
17277 .cmd = NL80211_CMD_LEAVE_MESH,
17278 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17279 .doit = nl80211_leave_mesh,
17280 .flags = GENL_UNS_ADMIN_PERM,
17281 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17282 },
17283 {
17284 .cmd = NL80211_CMD_JOIN_OCB,
17285 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17286 .doit = nl80211_join_ocb,
17287 .flags = GENL_UNS_ADMIN_PERM,
17288 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17289 },
17290 {
17291 .cmd = NL80211_CMD_LEAVE_OCB,
17292 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17293 .doit = nl80211_leave_ocb,
17294 .flags = GENL_UNS_ADMIN_PERM,
17295 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17296 },
17297 #ifdef CONFIG_PM
17298 {
17299 .cmd = NL80211_CMD_GET_WOWLAN,
17300 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17301 .doit = nl80211_get_wowlan,
17302 /* can be retrieved by unprivileged users */
17303 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY),
17304 },
17305 {
17306 .cmd = NL80211_CMD_SET_WOWLAN,
17307 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17308 .doit = nl80211_set_wowlan,
17309 .flags = GENL_UNS_ADMIN_PERM,
17310 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY),
17311 },
17312 #endif
17313 {
17314 .cmd = NL80211_CMD_SET_REKEY_OFFLOAD,
17315 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17316 .doit = nl80211_set_rekey_data,
17317 .flags = GENL_UNS_ADMIN_PERM,
17318 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
17319 NL80211_FLAG_CLEAR_SKB),
17320 },
17321 {
17322 .cmd = NL80211_CMD_TDLS_MGMT,
17323 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17324 .doit = nl80211_tdls_mgmt,
17325 .flags = GENL_UNS_ADMIN_PERM,
17326 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
17327 NL80211_FLAG_MLO_VALID_LINK_ID),
17328 },
17329 {
17330 .cmd = NL80211_CMD_TDLS_OPER,
17331 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17332 .doit = nl80211_tdls_oper,
17333 .flags = GENL_UNS_ADMIN_PERM,
17334 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17335 },
17336 {
17337 .cmd = NL80211_CMD_UNEXPECTED_FRAME,
17338 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17339 .doit = nl80211_register_unexpected_frame,
17340 .flags = GENL_UNS_ADMIN_PERM,
17341 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV),
17342 },
17343 {
17344 .cmd = NL80211_CMD_PROBE_CLIENT,
17345 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17346 .doit = nl80211_probe_client,
17347 .flags = GENL_UNS_ADMIN_PERM,
17348 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17349 },
17350 {
17351 .cmd = NL80211_CMD_REGISTER_BEACONS,
17352 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17353 .doit = nl80211_register_beacons,
17354 .flags = GENL_UNS_ADMIN_PERM,
17355 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY),
17356 },
17357 {
17358 .cmd = NL80211_CMD_SET_NOACK_MAP,
17359 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17360 .doit = nl80211_set_noack_map,
17361 .flags = GENL_UNS_ADMIN_PERM,
17362 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV),
17363 },
17364 {
17365 .cmd = NL80211_CMD_START_P2P_DEVICE,
17366 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17367 .doit = nl80211_start_p2p_device,
17368 .flags = GENL_UNS_ADMIN_PERM,
17369 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV |
17370 NL80211_FLAG_NEED_RTNL),
17371 },
17372 {
17373 .cmd = NL80211_CMD_STOP_P2P_DEVICE,
17374 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17375 .doit = nl80211_stop_p2p_device,
17376 .flags = GENL_UNS_ADMIN_PERM,
17377 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP |
17378 NL80211_FLAG_NEED_RTNL),
17379 },
17380 {
17381 .cmd = NL80211_CMD_START_NAN,
17382 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17383 .doit = nl80211_start_nan,
17384 .flags = GENL_ADMIN_PERM,
17385 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV |
17386 NL80211_FLAG_NEED_RTNL),
17387 },
17388 {
17389 .cmd = NL80211_CMD_STOP_NAN,
17390 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17391 .doit = nl80211_stop_nan,
17392 .flags = GENL_ADMIN_PERM,
17393 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP |
17394 NL80211_FLAG_NEED_RTNL),
17395 },
17396 {
17397 .cmd = NL80211_CMD_ADD_NAN_FUNCTION,
17398 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17399 .doit = nl80211_nan_add_func,
17400 .flags = GENL_ADMIN_PERM,
17401 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
17402 },
17403 {
17404 .cmd = NL80211_CMD_DEL_NAN_FUNCTION,
17405 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17406 .doit = nl80211_nan_del_func,
17407 .flags = GENL_ADMIN_PERM,
17408 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
17409 },
17410 {
17411 .cmd = NL80211_CMD_CHANGE_NAN_CONFIG,
17412 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17413 .doit = nl80211_nan_change_config,
17414 .flags = GENL_ADMIN_PERM,
17415 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
17416 },
17417 {
17418 .cmd = NL80211_CMD_SET_MCAST_RATE,
17419 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17420 .doit = nl80211_set_mcast_rate,
17421 .flags = GENL_UNS_ADMIN_PERM,
17422 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV),
17423 },
17424 {
17425 .cmd = NL80211_CMD_SET_MAC_ACL,
17426 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17427 .doit = nl80211_set_mac_acl,
17428 .flags = GENL_UNS_ADMIN_PERM,
17429 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV |
17430 NL80211_FLAG_MLO_UNSUPPORTED),
17431 },
17432 {
17433 .cmd = NL80211_CMD_RADAR_DETECT,
17434 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17435 .doit = nl80211_start_radar_detection,
17436 .flags = GENL_UNS_ADMIN_PERM,
17437 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
17438 NL80211_FLAG_NO_WIPHY_MTX |
17439 NL80211_FLAG_MLO_VALID_LINK_ID),
17440 },
17441 {
17442 .cmd = NL80211_CMD_GET_PROTOCOL_FEATURES,
17443 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17444 .doit = nl80211_get_protocol_features,
17445 },
17446 {
17447 .cmd = NL80211_CMD_UPDATE_FT_IES,
17448 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17449 .doit = nl80211_update_ft_ies,
17450 .flags = GENL_UNS_ADMIN_PERM,
17451 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17452 },
17453 {
17454 .cmd = NL80211_CMD_CRIT_PROTOCOL_START,
17455 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17456 .doit = nl80211_crit_protocol_start,
17457 .flags = GENL_UNS_ADMIN_PERM,
17458 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
17459 },
17460 {
17461 .cmd = NL80211_CMD_CRIT_PROTOCOL_STOP,
17462 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17463 .doit = nl80211_crit_protocol_stop,
17464 .flags = GENL_UNS_ADMIN_PERM,
17465 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
17466 },
17467 {
17468 .cmd = NL80211_CMD_GET_COALESCE,
17469 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17470 .doit = nl80211_get_coalesce,
17471 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY),
17472 },
17473 {
17474 .cmd = NL80211_CMD_SET_COALESCE,
17475 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17476 .doit = nl80211_set_coalesce,
17477 .flags = GENL_UNS_ADMIN_PERM,
17478 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY),
17479 },
17480 {
17481 .cmd = NL80211_CMD_CHANNEL_SWITCH,
17482 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17483 .doit = nl80211_channel_switch,
17484 .flags = GENL_UNS_ADMIN_PERM,
17485 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
17486 NL80211_FLAG_MLO_VALID_LINK_ID),
17487 },
17488 {
17489 .cmd = NL80211_CMD_VENDOR,
17490 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17491 .doit = nl80211_vendor_cmd,
17492 .dumpit = nl80211_vendor_cmd_dump,
17493 .flags = GENL_UNS_ADMIN_PERM,
17494 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY |
17495 NL80211_FLAG_CLEAR_SKB),
17496 },
17497 {
17498 .cmd = NL80211_CMD_SET_QOS_MAP,
17499 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17500 .doit = nl80211_set_qos_map,
17501 .flags = GENL_UNS_ADMIN_PERM,
17502 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17503 },
17504 {
17505 .cmd = NL80211_CMD_ADD_TX_TS,
17506 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17507 .doit = nl80211_add_tx_ts,
17508 .flags = GENL_UNS_ADMIN_PERM,
17509 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
17510 NL80211_FLAG_MLO_UNSUPPORTED),
17511 },
17512 {
17513 .cmd = NL80211_CMD_DEL_TX_TS,
17514 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17515 .doit = nl80211_del_tx_ts,
17516 .flags = GENL_UNS_ADMIN_PERM,
17517 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17518 },
17519 {
17520 .cmd = NL80211_CMD_TDLS_CHANNEL_SWITCH,
17521 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17522 .doit = nl80211_tdls_channel_switch,
17523 .flags = GENL_UNS_ADMIN_PERM,
17524 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17525 },
17526 {
17527 .cmd = NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH,
17528 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17529 .doit = nl80211_tdls_cancel_channel_switch,
17530 .flags = GENL_UNS_ADMIN_PERM,
17531 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17532 },
17533 {
17534 .cmd = NL80211_CMD_SET_MULTICAST_TO_UNICAST,
17535 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17536 .doit = nl80211_set_multicast_to_unicast,
17537 .flags = GENL_UNS_ADMIN_PERM,
17538 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV),
17539 },
17540 {
17541 .cmd = NL80211_CMD_SET_PMK,
17542 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17543 .doit = nl80211_set_pmk,
17544 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
17545 NL80211_FLAG_CLEAR_SKB),
17546 },
17547 {
17548 .cmd = NL80211_CMD_DEL_PMK,
17549 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17550 .doit = nl80211_del_pmk,
17551 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17552 },
17553 {
17554 .cmd = NL80211_CMD_EXTERNAL_AUTH,
17555 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17556 .doit = nl80211_external_auth,
17557 .flags = GENL_ADMIN_PERM,
17558 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17559 },
17560 {
17561 .cmd = NL80211_CMD_CONTROL_PORT_FRAME,
17562 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17563 .doit = nl80211_tx_control_port,
17564 .flags = GENL_UNS_ADMIN_PERM,
17565 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17566 },
17567 {
17568 .cmd = NL80211_CMD_GET_FTM_RESPONDER_STATS,
17569 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17570 .doit = nl80211_get_ftm_responder_stats,
17571 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV |
17572 NL80211_FLAG_MLO_VALID_LINK_ID),
17573 },
17574 {
17575 .cmd = NL80211_CMD_PEER_MEASUREMENT_START,
17576 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17577 .doit = nl80211_pmsr_start,
17578 .flags = GENL_UNS_ADMIN_PERM,
17579 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
17580 },
17581 {
17582 .cmd = NL80211_CMD_NOTIFY_RADAR,
17583 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17584 .doit = nl80211_notify_radar_detection,
17585 .flags = GENL_UNS_ADMIN_PERM,
17586 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17587 },
17588 {
17589 .cmd = NL80211_CMD_UPDATE_OWE_INFO,
17590 .doit = nl80211_update_owe_info,
17591 .flags = GENL_ADMIN_PERM,
17592 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17593 },
17594 {
17595 .cmd = NL80211_CMD_PROBE_MESH_LINK,
17596 .doit = nl80211_probe_mesh_link,
17597 .flags = GENL_UNS_ADMIN_PERM,
17598 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17599 },
17600 {
17601 .cmd = NL80211_CMD_SET_TID_CONFIG,
17602 .doit = nl80211_set_tid_config,
17603 .flags = GENL_UNS_ADMIN_PERM,
17604 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV |
17605 NL80211_FLAG_MLO_VALID_LINK_ID),
17606 },
17607 {
17608 .cmd = NL80211_CMD_SET_SAR_SPECS,
17609 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17610 .doit = nl80211_set_sar_specs,
17611 .flags = GENL_UNS_ADMIN_PERM,
17612 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY |
17613 NL80211_FLAG_NEED_RTNL),
17614 },
17615 {
17616 .cmd = NL80211_CMD_COLOR_CHANGE_REQUEST,
17617 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17618 .doit = nl80211_color_change,
17619 .flags = GENL_UNS_ADMIN_PERM,
17620 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
17621 NL80211_FLAG_MLO_VALID_LINK_ID),
17622 },
17623 {
17624 .cmd = NL80211_CMD_SET_FILS_AAD,
17625 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17626 .doit = nl80211_set_fils_aad,
17627 .flags = GENL_UNS_ADMIN_PERM,
17628 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17629 },
17630 {
17631 .cmd = NL80211_CMD_ADD_LINK,
17632 .doit = nl80211_add_link,
17633 .flags = GENL_UNS_ADMIN_PERM,
17634 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17635 },
17636 {
17637 .cmd = NL80211_CMD_REMOVE_LINK,
17638 .doit = nl80211_remove_link,
17639 .flags = GENL_UNS_ADMIN_PERM,
17640 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
17641 NL80211_FLAG_MLO_VALID_LINK_ID),
17642 },
17643 {
17644 .cmd = NL80211_CMD_ADD_LINK_STA,
17645 .doit = nl80211_add_link_station,
17646 .flags = GENL_UNS_ADMIN_PERM,
17647 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
17648 NL80211_FLAG_MLO_VALID_LINK_ID),
17649 },
17650 {
17651 .cmd = NL80211_CMD_MODIFY_LINK_STA,
17652 .doit = nl80211_modify_link_station,
17653 .flags = GENL_UNS_ADMIN_PERM,
17654 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
17655 NL80211_FLAG_MLO_VALID_LINK_ID),
17656 },
17657 {
17658 .cmd = NL80211_CMD_REMOVE_LINK_STA,
17659 .doit = nl80211_remove_link_station,
17660 .flags = GENL_UNS_ADMIN_PERM,
17661 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
17662 NL80211_FLAG_MLO_VALID_LINK_ID),
17663 },
17664 {
17665 .cmd = NL80211_CMD_SET_HW_TIMESTAMP,
17666 .doit = nl80211_set_hw_timestamp,
17667 .flags = GENL_UNS_ADMIN_PERM,
17668 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17669 },
17670 {
17671 .cmd = NL80211_CMD_SET_TID_TO_LINK_MAPPING,
17672 .doit = nl80211_set_ttlm,
17673 .flags = GENL_UNS_ADMIN_PERM,
17674 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17675 },
17676 };
17677
17678 static struct genl_family nl80211_fam __ro_after_init = {
17679 .name = NL80211_GENL_NAME, /* have users key off the name instead */
17680 .hdrsize = 0, /* no private header */
17681 .version = 1, /* no particular meaning now */
17682 .maxattr = NL80211_ATTR_MAX,
17683 .policy = nl80211_policy,
17684 .netnsok = true,
17685 .pre_doit = nl80211_pre_doit,
17686 .post_doit = nl80211_post_doit,
17687 .module = THIS_MODULE,
17688 .ops = nl80211_ops,
17689 .n_ops = ARRAY_SIZE(nl80211_ops),
17690 .small_ops = nl80211_small_ops,
17691 .n_small_ops = ARRAY_SIZE(nl80211_small_ops),
17692 .resv_start_op = NL80211_CMD_REMOVE_LINK_STA + 1,
17693 .mcgrps = nl80211_mcgrps,
17694 .n_mcgrps = ARRAY_SIZE(nl80211_mcgrps),
17695 .parallel_ops = true,
17696 };
17697
17698 /* notification functions */
17699
17700 void nl80211_notify_wiphy(struct cfg80211_registered_device *rdev,
17701 enum nl80211_commands cmd)
17702 {
17703 struct sk_buff *msg;
17704 struct nl80211_dump_wiphy_state state = {};
17705
17706 WARN_ON(cmd != NL80211_CMD_NEW_WIPHY &&
17707 cmd != NL80211_CMD_DEL_WIPHY);
17708
17709 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
17710 if (!msg)
17711 return;
17712
17713 if (nl80211_send_wiphy(rdev, cmd, msg, 0, 0, 0, &state) < 0) {
17714 nlmsg_free(msg);
17715 return;
17716 }
17717
17718 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
17719 NL80211_MCGRP_CONFIG, GFP_KERNEL);
17720 }
17721
17722 void nl80211_notify_iface(struct cfg80211_registered_device *rdev,
17723 struct wireless_dev *wdev,
17724 enum nl80211_commands cmd)
17725 {
17726 struct sk_buff *msg;
17727
17728 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
17729 if (!msg)
17730 return;
17731
17732 if (nl80211_send_iface(msg, 0, 0, 0, rdev, wdev, cmd) < 0) {
17733 nlmsg_free(msg);
17734 return;
17735 }
17736
17737 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
17738 NL80211_MCGRP_CONFIG, GFP_KERNEL);
17739 }
17740
17741 static int nl80211_add_scan_req(struct sk_buff *msg,
17742 struct cfg80211_registered_device *rdev)
17743 {
17744 struct cfg80211_scan_request *req = rdev->scan_req;
17745 struct nlattr *nest;
17746 int i;
17747 struct cfg80211_scan_info *info;
17748
17749 if (WARN_ON(!req))
17750 return 0;
17751
17752 nest = nla_nest_start_noflag(msg, NL80211_ATTR_SCAN_SSIDS);
17753 if (!nest)
17754 goto nla_put_failure;
17755 for (i = 0; i < req->n_ssids; i++) {
17756 if (nla_put(msg, i, req->ssids[i].ssid_len, req->ssids[i].ssid))
17757 goto nla_put_failure;
17758 }
17759 nla_nest_end(msg, nest);
17760
17761 if (req->flags & NL80211_SCAN_FLAG_FREQ_KHZ) {
17762 nest = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQ_KHZ);
17763 if (!nest)
17764 goto nla_put_failure;
17765 for (i = 0; i < req->n_channels; i++) {
17766 if (nla_put_u32(msg, i,
17767 ieee80211_channel_to_khz(req->channels[i])))
17768 goto nla_put_failure;
17769 }
17770 nla_nest_end(msg, nest);
17771 } else {
17772 nest = nla_nest_start_noflag(msg,
17773 NL80211_ATTR_SCAN_FREQUENCIES);
17774 if (!nest)
17775 goto nla_put_failure;
17776 for (i = 0; i < req->n_channels; i++) {
17777 if (nla_put_u32(msg, i, req->channels[i]->center_freq))
17778 goto nla_put_failure;
17779 }
17780 nla_nest_end(msg, nest);
17781 }
17782
17783 if (req->ie &&
17784 nla_put(msg, NL80211_ATTR_IE, req->ie_len, req->ie))
17785 goto nla_put_failure;
17786
17787 if (req->flags &&
17788 nla_put_u32(msg, NL80211_ATTR_SCAN_FLAGS, req->flags))
17789 goto nla_put_failure;
17790
17791 info = rdev->int_scan_req ? &rdev->int_scan_req->info :
17792 &rdev->scan_req->info;
17793 if (info->scan_start_tsf &&
17794 (nla_put_u64_64bit(msg, NL80211_ATTR_SCAN_START_TIME_TSF,
17795 info->scan_start_tsf, NL80211_BSS_PAD) ||
17796 nla_put(msg, NL80211_ATTR_SCAN_START_TIME_TSF_BSSID, ETH_ALEN,
17797 info->tsf_bssid)))
17798 goto nla_put_failure;
17799
17800 return 0;
17801 nla_put_failure:
17802 return -ENOBUFS;
17803 }
17804
17805 static int nl80211_prep_scan_msg(struct sk_buff *msg,
17806 struct cfg80211_registered_device *rdev,
17807 struct wireless_dev *wdev,
17808 u32 portid, u32 seq, int flags,
17809 u32 cmd)
17810 {
17811 void *hdr;
17812
17813 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
17814 if (!hdr)
17815 return -1;
17816
17817 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
17818 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
17819 wdev->netdev->ifindex)) ||
17820 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
17821 NL80211_ATTR_PAD))
17822 goto nla_put_failure;
17823
17824 /* ignore errors and send incomplete event anyway */
17825 nl80211_add_scan_req(msg, rdev);
17826
17827 genlmsg_end(msg, hdr);
17828 return 0;
17829
17830 nla_put_failure:
17831 genlmsg_cancel(msg, hdr);
17832 return -EMSGSIZE;
17833 }
17834
17835 static int
17836 nl80211_prep_sched_scan_msg(struct sk_buff *msg,
17837 struct cfg80211_sched_scan_request *req, u32 cmd)
17838 {
17839 void *hdr;
17840
17841 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
17842 if (!hdr)
17843 return -1;
17844
17845 if (nla_put_u32(msg, NL80211_ATTR_WIPHY,
17846 wiphy_to_rdev(req->wiphy)->wiphy_idx) ||
17847 nla_put_u32(msg, NL80211_ATTR_IFINDEX, req->dev->ifindex) ||
17848 nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, req->reqid,
17849 NL80211_ATTR_PAD))
17850 goto nla_put_failure;
17851
17852 genlmsg_end(msg, hdr);
17853 return 0;
17854
17855 nla_put_failure:
17856 genlmsg_cancel(msg, hdr);
17857 return -EMSGSIZE;
17858 }
17859
17860 void nl80211_send_scan_start(struct cfg80211_registered_device *rdev,
17861 struct wireless_dev *wdev)
17862 {
17863 struct sk_buff *msg;
17864
17865 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
17866 if (!msg)
17867 return;
17868
17869 if (nl80211_prep_scan_msg(msg, rdev, wdev, 0, 0, 0,
17870 NL80211_CMD_TRIGGER_SCAN) < 0) {
17871 nlmsg_free(msg);
17872 return;
17873 }
17874
17875 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
17876 NL80211_MCGRP_SCAN, GFP_KERNEL);
17877 }
17878
17879 struct sk_buff *nl80211_build_scan_msg(struct cfg80211_registered_device *rdev,
17880 struct wireless_dev *wdev, bool aborted)
17881 {
17882 struct sk_buff *msg;
17883
17884 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
17885 if (!msg)
17886 return NULL;
17887
17888 if (nl80211_prep_scan_msg(msg, rdev, wdev, 0, 0, 0,
17889 aborted ? NL80211_CMD_SCAN_ABORTED :
17890 NL80211_CMD_NEW_SCAN_RESULTS) < 0) {
17891 nlmsg_free(msg);
17892 return NULL;
17893 }
17894
17895 return msg;
17896 }
17897
17898 /* send message created by nl80211_build_scan_msg() */
17899 void nl80211_send_scan_msg(struct cfg80211_registered_device *rdev,
17900 struct sk_buff *msg)
17901 {
17902 if (!msg)
17903 return;
17904
17905 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
17906 NL80211_MCGRP_SCAN, GFP_KERNEL);
17907 }
17908
17909 void nl80211_send_sched_scan(struct cfg80211_sched_scan_request *req, u32 cmd)
17910 {
17911 struct sk_buff *msg;
17912
17913 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
17914 if (!msg)
17915 return;
17916
17917 if (nl80211_prep_sched_scan_msg(msg, req, cmd) < 0) {
17918 nlmsg_free(msg);
17919 return;
17920 }
17921
17922 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(req->wiphy), msg, 0,
17923 NL80211_MCGRP_SCAN, GFP_KERNEL);
17924 }
17925
17926 static bool nl80211_reg_change_event_fill(struct sk_buff *msg,
17927 struct regulatory_request *request)
17928 {
17929 /* Userspace can always count this one always being set */
17930 if (nla_put_u8(msg, NL80211_ATTR_REG_INITIATOR, request->initiator))
17931 goto nla_put_failure;
17932
17933 if (request->alpha2[0] == '0' && request->alpha2[1] == '0') {
17934 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
17935 NL80211_REGDOM_TYPE_WORLD))
17936 goto nla_put_failure;
17937 } else if (request->alpha2[0] == '9' && request->alpha2[1] == '9') {
17938 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
17939 NL80211_REGDOM_TYPE_CUSTOM_WORLD))
17940 goto nla_put_failure;
17941 } else if ((request->alpha2[0] == '9' && request->alpha2[1] == '8') ||
17942 request->intersect) {
17943 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
17944 NL80211_REGDOM_TYPE_INTERSECTION))
17945 goto nla_put_failure;
17946 } else {
17947 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
17948 NL80211_REGDOM_TYPE_COUNTRY) ||
17949 nla_put_string(msg, NL80211_ATTR_REG_ALPHA2,
17950 request->alpha2))
17951 goto nla_put_failure;
17952 }
17953
17954 if (request->wiphy_idx != WIPHY_IDX_INVALID) {
17955 struct wiphy *wiphy = wiphy_idx_to_wiphy(request->wiphy_idx);
17956
17957 if (wiphy &&
17958 nla_put_u32(msg, NL80211_ATTR_WIPHY, request->wiphy_idx))
17959 goto nla_put_failure;
17960
17961 if (wiphy &&
17962 wiphy->regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
17963 nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
17964 goto nla_put_failure;
17965 }
17966
17967 return true;
17968
17969 nla_put_failure:
17970 return false;
17971 }
17972
17973 /*
17974 * This can happen on global regulatory changes or device specific settings
17975 * based on custom regulatory domains.
17976 */
17977 void nl80211_common_reg_change_event(enum nl80211_commands cmd_id,
17978 struct regulatory_request *request)
17979 {
17980 struct sk_buff *msg;
17981 void *hdr;
17982
17983 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
17984 if (!msg)
17985 return;
17986
17987 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd_id);
17988 if (!hdr)
17989 goto nla_put_failure;
17990
17991 if (!nl80211_reg_change_event_fill(msg, request))
17992 goto nla_put_failure;
17993
17994 genlmsg_end(msg, hdr);
17995
17996 genlmsg_multicast_allns(&nl80211_fam, msg, 0,
17997 NL80211_MCGRP_REGULATORY);
17998
17999 return;
18000
18001 nla_put_failure:
18002 nlmsg_free(msg);
18003 }
18004
18005 struct nl80211_mlme_event {
18006 enum nl80211_commands cmd;
18007 const u8 *buf;
18008 size_t buf_len;
18009 int uapsd_queues;
18010 const u8 *req_ies;
18011 size_t req_ies_len;
18012 bool reconnect;
18013 };
18014
18015 static void nl80211_send_mlme_event(struct cfg80211_registered_device *rdev,
18016 struct net_device *netdev,
18017 const struct nl80211_mlme_event *event,
18018 gfp_t gfp)
18019 {
18020 struct sk_buff *msg;
18021 void *hdr;
18022
18023 msg = nlmsg_new(100 + event->buf_len + event->req_ies_len, gfp);
18024 if (!msg)
18025 return;
18026
18027 hdr = nl80211hdr_put(msg, 0, 0, 0, event->cmd);
18028 if (!hdr) {
18029 nlmsg_free(msg);
18030 return;
18031 }
18032
18033 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
18034 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
18035 nla_put(msg, NL80211_ATTR_FRAME, event->buf_len, event->buf) ||
18036 (event->req_ies &&
18037 nla_put(msg, NL80211_ATTR_REQ_IE, event->req_ies_len,
18038 event->req_ies)))
18039 goto nla_put_failure;
18040
18041 if (event->reconnect &&
18042 nla_put_flag(msg, NL80211_ATTR_RECONNECT_REQUESTED))
18043 goto nla_put_failure;
18044
18045 if (event->uapsd_queues >= 0) {
18046 struct nlattr *nla_wmm =
18047 nla_nest_start_noflag(msg, NL80211_ATTR_STA_WME);
18048 if (!nla_wmm)
18049 goto nla_put_failure;
18050
18051 if (nla_put_u8(msg, NL80211_STA_WME_UAPSD_QUEUES,
18052 event->uapsd_queues))
18053 goto nla_put_failure;
18054
18055 nla_nest_end(msg, nla_wmm);
18056 }
18057
18058 genlmsg_end(msg, hdr);
18059
18060 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
18061 NL80211_MCGRP_MLME, gfp);
18062 return;
18063
18064 nla_put_failure:
18065 nlmsg_free(msg);
18066 }
18067
18068 void nl80211_send_rx_auth(struct cfg80211_registered_device *rdev,
18069 struct net_device *netdev, const u8 *buf,
18070 size_t len, gfp_t gfp)
18071 {
18072 struct nl80211_mlme_event event = {
18073 .cmd = NL80211_CMD_AUTHENTICATE,
18074 .buf = buf,
18075 .buf_len = len,
18076 .uapsd_queues = -1,
18077 };
18078
18079 nl80211_send_mlme_event(rdev, netdev, &event, gfp);
18080 }
18081
18082 void nl80211_send_rx_assoc(struct cfg80211_registered_device *rdev,
18083 struct net_device *netdev,
18084 const struct cfg80211_rx_assoc_resp_data *data)
18085 {
18086 struct nl80211_mlme_event event = {
18087 .cmd = NL80211_CMD_ASSOCIATE,
18088 .buf = data->buf,
18089 .buf_len = data->len,
18090 .uapsd_queues = data->uapsd_queues,
18091 .req_ies = data->req_ies,
18092 .req_ies_len = data->req_ies_len,
18093 };
18094
18095 nl80211_send_mlme_event(rdev, netdev, &event, GFP_KERNEL);
18096 }
18097
18098 void nl80211_send_deauth(struct cfg80211_registered_device *rdev,
18099 struct net_device *netdev, const u8 *buf,
18100 size_t len, bool reconnect, gfp_t gfp)
18101 {
18102 struct nl80211_mlme_event event = {
18103 .cmd = NL80211_CMD_DEAUTHENTICATE,
18104 .buf = buf,
18105 .buf_len = len,
18106 .reconnect = reconnect,
18107 .uapsd_queues = -1,
18108 };
18109
18110 nl80211_send_mlme_event(rdev, netdev, &event, gfp);
18111 }
18112
18113 void nl80211_send_disassoc(struct cfg80211_registered_device *rdev,
18114 struct net_device *netdev, const u8 *buf,
18115 size_t len, bool reconnect, gfp_t gfp)
18116 {
18117 struct nl80211_mlme_event event = {
18118 .cmd = NL80211_CMD_DISASSOCIATE,
18119 .buf = buf,
18120 .buf_len = len,
18121 .reconnect = reconnect,
18122 .uapsd_queues = -1,
18123 };
18124
18125 nl80211_send_mlme_event(rdev, netdev, &event, gfp);
18126 }
18127
18128 void cfg80211_rx_unprot_mlme_mgmt(struct net_device *dev, const u8 *buf,
18129 size_t len)
18130 {
18131 struct wireless_dev *wdev = dev->ieee80211_ptr;
18132 struct wiphy *wiphy = wdev->wiphy;
18133 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
18134 const struct ieee80211_mgmt *mgmt = (void *)buf;
18135 struct nl80211_mlme_event event = {
18136 .buf = buf,
18137 .buf_len = len,
18138 .uapsd_queues = -1,
18139 };
18140
18141 if (WARN_ON(len < 2))
18142 return;
18143
18144 if (ieee80211_is_deauth(mgmt->frame_control)) {
18145 event.cmd = NL80211_CMD_UNPROT_DEAUTHENTICATE;
18146 } else if (ieee80211_is_disassoc(mgmt->frame_control)) {
18147 event.cmd = NL80211_CMD_UNPROT_DISASSOCIATE;
18148 } else if (ieee80211_is_beacon(mgmt->frame_control)) {
18149 if (wdev->unprot_beacon_reported &&
18150 elapsed_jiffies_msecs(wdev->unprot_beacon_reported) < 10000)
18151 return;
18152 event.cmd = NL80211_CMD_UNPROT_BEACON;
18153 wdev->unprot_beacon_reported = jiffies;
18154 } else {
18155 return;
18156 }
18157
18158 trace_cfg80211_rx_unprot_mlme_mgmt(dev, buf, len);
18159 nl80211_send_mlme_event(rdev, dev, &event, GFP_ATOMIC);
18160 }
18161 EXPORT_SYMBOL(cfg80211_rx_unprot_mlme_mgmt);
18162
18163 static void nl80211_send_mlme_timeout(struct cfg80211_registered_device *rdev,
18164 struct net_device *netdev, int cmd,
18165 const u8 *addr, gfp_t gfp)
18166 {
18167 struct sk_buff *msg;
18168 void *hdr;
18169
18170 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
18171 if (!msg)
18172 return;
18173
18174 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
18175 if (!hdr) {
18176 nlmsg_free(msg);
18177 return;
18178 }
18179
18180 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
18181 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
18182 nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) ||
18183 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
18184 goto nla_put_failure;
18185
18186 genlmsg_end(msg, hdr);
18187
18188 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
18189 NL80211_MCGRP_MLME, gfp);
18190 return;
18191
18192 nla_put_failure:
18193 nlmsg_free(msg);
18194 }
18195
18196 void nl80211_send_auth_timeout(struct cfg80211_registered_device *rdev,
18197 struct net_device *netdev, const u8 *addr,
18198 gfp_t gfp)
18199 {
18200 nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_AUTHENTICATE,
18201 addr, gfp);
18202 }
18203
18204 void nl80211_send_assoc_timeout(struct cfg80211_registered_device *rdev,
18205 struct net_device *netdev, const u8 *addr,
18206 gfp_t gfp)
18207 {
18208 nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_ASSOCIATE,
18209 addr, gfp);
18210 }
18211
18212 void nl80211_send_connect_result(struct cfg80211_registered_device *rdev,
18213 struct net_device *netdev,
18214 struct cfg80211_connect_resp_params *cr,
18215 gfp_t gfp)
18216 {
18217 struct sk_buff *msg;
18218 void *hdr;
18219 unsigned int link;
18220 size_t link_info_size = 0;
18221 const u8 *connected_addr = cr->valid_links ?
18222 cr->ap_mld_addr : cr->links[0].bssid;
18223
18224 if (cr->valid_links) {
18225 for_each_valid_link(cr, link) {
18226 /* Nested attribute header */
18227 link_info_size += NLA_HDRLEN;
18228 /* Link ID */
18229 link_info_size += nla_total_size(sizeof(u8));
18230 link_info_size += cr->links[link].addr ?
18231 nla_total_size(ETH_ALEN) : 0;
18232 link_info_size += (cr->links[link].bssid ||
18233 cr->links[link].bss) ?
18234 nla_total_size(ETH_ALEN) : 0;
18235 link_info_size += nla_total_size(sizeof(u16));
18236 }
18237 }
18238
18239 msg = nlmsg_new(100 + cr->req_ie_len + cr->resp_ie_len +
18240 cr->fils.kek_len + cr->fils.pmk_len +
18241 (cr->fils.pmkid ? WLAN_PMKID_LEN : 0) + link_info_size,
18242 gfp);
18243 if (!msg)
18244 return;
18245
18246 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONNECT);
18247 if (!hdr) {
18248 nlmsg_free(msg);
18249 return;
18250 }
18251
18252 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
18253 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
18254 (connected_addr &&
18255 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, connected_addr)) ||
18256 nla_put_u16(msg, NL80211_ATTR_STATUS_CODE,
18257 cr->status < 0 ? WLAN_STATUS_UNSPECIFIED_FAILURE :
18258 cr->status) ||
18259 (cr->status < 0 &&
18260 (nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) ||
18261 nla_put_u32(msg, NL80211_ATTR_TIMEOUT_REASON,
18262 cr->timeout_reason))) ||
18263 (cr->req_ie &&
18264 nla_put(msg, NL80211_ATTR_REQ_IE, cr->req_ie_len, cr->req_ie)) ||
18265 (cr->resp_ie &&
18266 nla_put(msg, NL80211_ATTR_RESP_IE, cr->resp_ie_len,
18267 cr->resp_ie)) ||
18268 (cr->fils.update_erp_next_seq_num &&
18269 nla_put_u16(msg, NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM,
18270 cr->fils.erp_next_seq_num)) ||
18271 (cr->status == WLAN_STATUS_SUCCESS &&
18272 ((cr->fils.kek &&
18273 nla_put(msg, NL80211_ATTR_FILS_KEK, cr->fils.kek_len,
18274 cr->fils.kek)) ||
18275 (cr->fils.pmk &&
18276 nla_put(msg, NL80211_ATTR_PMK, cr->fils.pmk_len, cr->fils.pmk)) ||
18277 (cr->fils.pmkid &&
18278 nla_put(msg, NL80211_ATTR_PMKID, WLAN_PMKID_LEN, cr->fils.pmkid)))))
18279 goto nla_put_failure;
18280
18281 if (cr->valid_links) {
18282 int i = 1;
18283 struct nlattr *nested;
18284
18285 nested = nla_nest_start(msg, NL80211_ATTR_MLO_LINKS);
18286 if (!nested)
18287 goto nla_put_failure;
18288
18289 for_each_valid_link(cr, link) {
18290 struct nlattr *nested_mlo_links;
18291 const u8 *bssid = cr->links[link].bss ?
18292 cr->links[link].bss->bssid :
18293 cr->links[link].bssid;
18294
18295 nested_mlo_links = nla_nest_start(msg, i);
18296 if (!nested_mlo_links)
18297 goto nla_put_failure;
18298
18299 if (nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link) ||
18300 (bssid &&
18301 nla_put(msg, NL80211_ATTR_BSSID, ETH_ALEN, bssid)) ||
18302 (cr->links[link].addr &&
18303 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN,
18304 cr->links[link].addr)) ||
18305 nla_put_u16(msg, NL80211_ATTR_STATUS_CODE,
18306 cr->links[link].status))
18307 goto nla_put_failure;
18308
18309 nla_nest_end(msg, nested_mlo_links);
18310 i++;
18311 }
18312 nla_nest_end(msg, nested);
18313 }
18314
18315 genlmsg_end(msg, hdr);
18316
18317 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
18318 NL80211_MCGRP_MLME, gfp);
18319 return;
18320
18321 nla_put_failure:
18322 nlmsg_free(msg);
18323 }
18324
18325 void nl80211_send_roamed(struct cfg80211_registered_device *rdev,
18326 struct net_device *netdev,
18327 struct cfg80211_roam_info *info, gfp_t gfp)
18328 {
18329 struct sk_buff *msg;
18330 void *hdr;
18331 size_t link_info_size = 0;
18332 unsigned int link;
18333 const u8 *connected_addr = info->ap_mld_addr ?
18334 info->ap_mld_addr :
18335 (info->links[0].bss ?
18336 info->links[0].bss->bssid :
18337 info->links[0].bssid);
18338
18339 if (info->valid_links) {
18340 for_each_valid_link(info, link) {
18341 /* Nested attribute header */
18342 link_info_size += NLA_HDRLEN;
18343 /* Link ID */
18344 link_info_size += nla_total_size(sizeof(u8));
18345 link_info_size += info->links[link].addr ?
18346 nla_total_size(ETH_ALEN) : 0;
18347 link_info_size += (info->links[link].bssid ||
18348 info->links[link].bss) ?
18349 nla_total_size(ETH_ALEN) : 0;
18350 }
18351 }
18352
18353 msg = nlmsg_new(100 + info->req_ie_len + info->resp_ie_len +
18354 info->fils.kek_len + info->fils.pmk_len +
18355 (info->fils.pmkid ? WLAN_PMKID_LEN : 0) +
18356 link_info_size, gfp);
18357 if (!msg)
18358 return;
18359
18360 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ROAM);
18361 if (!hdr) {
18362 nlmsg_free(msg);
18363 return;
18364 }
18365
18366 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
18367 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
18368 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, connected_addr) ||
18369 (info->req_ie &&
18370 nla_put(msg, NL80211_ATTR_REQ_IE, info->req_ie_len,
18371 info->req_ie)) ||
18372 (info->resp_ie &&
18373 nla_put(msg, NL80211_ATTR_RESP_IE, info->resp_ie_len,
18374 info->resp_ie)) ||
18375 (info->fils.update_erp_next_seq_num &&
18376 nla_put_u16(msg, NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM,
18377 info->fils.erp_next_seq_num)) ||
18378 (info->fils.kek &&
18379 nla_put(msg, NL80211_ATTR_FILS_KEK, info->fils.kek_len,
18380 info->fils.kek)) ||
18381 (info->fils.pmk &&
18382 nla_put(msg, NL80211_ATTR_PMK, info->fils.pmk_len, info->fils.pmk)) ||
18383 (info->fils.pmkid &&
18384 nla_put(msg, NL80211_ATTR_PMKID, WLAN_PMKID_LEN, info->fils.pmkid)))
18385 goto nla_put_failure;
18386
18387 if (info->valid_links) {
18388 int i = 1;
18389 struct nlattr *nested;
18390
18391 nested = nla_nest_start(msg, NL80211_ATTR_MLO_LINKS);
18392 if (!nested)
18393 goto nla_put_failure;
18394
18395 for_each_valid_link(info, link) {
18396 struct nlattr *nested_mlo_links;
18397 const u8 *bssid = info->links[link].bss ?
18398 info->links[link].bss->bssid :
18399 info->links[link].bssid;
18400
18401 nested_mlo_links = nla_nest_start(msg, i);
18402 if (!nested_mlo_links)
18403 goto nla_put_failure;
18404
18405 if (nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link) ||
18406 (bssid &&
18407 nla_put(msg, NL80211_ATTR_BSSID, ETH_ALEN, bssid)) ||
18408 (info->links[link].addr &&
18409 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN,
18410 info->links[link].addr)))
18411 goto nla_put_failure;
18412
18413 nla_nest_end(msg, nested_mlo_links);
18414 i++;
18415 }
18416 nla_nest_end(msg, nested);
18417 }
18418
18419 genlmsg_end(msg, hdr);
18420
18421 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
18422 NL80211_MCGRP_MLME, gfp);
18423 return;
18424
18425 nla_put_failure:
18426 nlmsg_free(msg);
18427 }
18428
18429 void nl80211_send_port_authorized(struct cfg80211_registered_device *rdev,
18430 struct net_device *netdev, const u8 *peer_addr,
18431 const u8 *td_bitmap, u8 td_bitmap_len)
18432 {
18433 struct sk_buff *msg;
18434 void *hdr;
18435
18436 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
18437 if (!msg)
18438 return;
18439
18440 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PORT_AUTHORIZED);
18441 if (!hdr) {
18442 nlmsg_free(msg);
18443 return;
18444 }
18445
18446 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
18447 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
18448 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer_addr))
18449 goto nla_put_failure;
18450
18451 if ((td_bitmap_len > 0) && td_bitmap)
18452 if (nla_put(msg, NL80211_ATTR_TD_BITMAP,
18453 td_bitmap_len, td_bitmap))
18454 goto nla_put_failure;
18455
18456 genlmsg_end(msg, hdr);
18457
18458 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
18459 NL80211_MCGRP_MLME, GFP_KERNEL);
18460 return;
18461
18462 nla_put_failure:
18463 nlmsg_free(msg);
18464 }
18465
18466 void nl80211_send_disconnected(struct cfg80211_registered_device *rdev,
18467 struct net_device *netdev, u16 reason,
18468 const u8 *ie, size_t ie_len, bool from_ap)
18469 {
18470 struct sk_buff *msg;
18471 void *hdr;
18472
18473 msg = nlmsg_new(100 + ie_len, GFP_KERNEL);
18474 if (!msg)
18475 return;
18476
18477 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DISCONNECT);
18478 if (!hdr) {
18479 nlmsg_free(msg);
18480 return;
18481 }
18482
18483 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
18484 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
18485 (reason &&
18486 nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason)) ||
18487 (from_ap &&
18488 nla_put_flag(msg, NL80211_ATTR_DISCONNECTED_BY_AP)) ||
18489 (ie && nla_put(msg, NL80211_ATTR_IE, ie_len, ie)))
18490 goto nla_put_failure;
18491
18492 genlmsg_end(msg, hdr);
18493
18494 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
18495 NL80211_MCGRP_MLME, GFP_KERNEL);
18496 return;
18497
18498 nla_put_failure:
18499 nlmsg_free(msg);
18500 }
18501
18502 void cfg80211_links_removed(struct net_device *dev, u16 link_mask)
18503 {
18504 struct wireless_dev *wdev = dev->ieee80211_ptr;
18505 struct wiphy *wiphy = wdev->wiphy;
18506 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
18507 struct sk_buff *msg;
18508 struct nlattr *links;
18509 void *hdr;
18510
18511 lockdep_assert_wiphy(wdev->wiphy);
18512 trace_cfg80211_links_removed(dev, link_mask);
18513
18514 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_STATION &&
18515 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT))
18516 return;
18517
18518 if (WARN_ON(!wdev->valid_links || !link_mask ||
18519 (wdev->valid_links & link_mask) != link_mask ||
18520 wdev->valid_links == link_mask))
18521 return;
18522
18523 cfg80211_wdev_release_link_bsses(wdev, link_mask);
18524 wdev->valid_links &= ~link_mask;
18525
18526 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
18527 if (!msg)
18528 return;
18529
18530 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_LINKS_REMOVED);
18531 if (!hdr) {
18532 nlmsg_free(msg);
18533 return;
18534 }
18535
18536 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
18537 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
18538 goto nla_put_failure;
18539
18540 links = nla_nest_start(msg, NL80211_ATTR_MLO_LINKS);
18541 if (!links)
18542 goto nla_put_failure;
18543
18544 while (link_mask) {
18545 struct nlattr *link;
18546 int link_id = __ffs(link_mask);
18547
18548 link = nla_nest_start(msg, link_id + 1);
18549 if (!link)
18550 goto nla_put_failure;
18551
18552 if (nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link_id))
18553 goto nla_put_failure;
18554
18555 nla_nest_end(msg, link);
18556 link_mask &= ~(1 << link_id);
18557 }
18558
18559 nla_nest_end(msg, links);
18560
18561 genlmsg_end(msg, hdr);
18562
18563 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
18564 NL80211_MCGRP_MLME, GFP_KERNEL);
18565 return;
18566
18567 nla_put_failure:
18568 nlmsg_free(msg);
18569 }
18570 EXPORT_SYMBOL(cfg80211_links_removed);
18571
18572 void nl80211_send_ibss_bssid(struct cfg80211_registered_device *rdev,
18573 struct net_device *netdev, const u8 *bssid,
18574 gfp_t gfp)
18575 {
18576 struct sk_buff *msg;
18577 void *hdr;
18578
18579 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
18580 if (!msg)
18581 return;
18582
18583 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_JOIN_IBSS);
18584 if (!hdr) {
18585 nlmsg_free(msg);
18586 return;
18587 }
18588
18589 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
18590 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
18591 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
18592 goto nla_put_failure;
18593
18594 genlmsg_end(msg, hdr);
18595
18596 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
18597 NL80211_MCGRP_MLME, gfp);
18598 return;
18599
18600 nla_put_failure:
18601 nlmsg_free(msg);
18602 }
18603
18604 void cfg80211_notify_new_peer_candidate(struct net_device *dev, const u8 *addr,
18605 const u8 *ie, u8 ie_len,
18606 int sig_dbm, gfp_t gfp)
18607 {
18608 struct wireless_dev *wdev = dev->ieee80211_ptr;
18609 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
18610 struct sk_buff *msg;
18611 void *hdr;
18612
18613 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_MESH_POINT))
18614 return;
18615
18616 trace_cfg80211_notify_new_peer_candidate(dev, addr);
18617
18618 msg = nlmsg_new(100 + ie_len, gfp);
18619 if (!msg)
18620 return;
18621
18622 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NEW_PEER_CANDIDATE);
18623 if (!hdr) {
18624 nlmsg_free(msg);
18625 return;
18626 }
18627
18628 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
18629 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
18630 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
18631 (ie_len && ie &&
18632 nla_put(msg, NL80211_ATTR_IE, ie_len, ie)) ||
18633 (sig_dbm &&
18634 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)))
18635 goto nla_put_failure;
18636
18637 genlmsg_end(msg, hdr);
18638
18639 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
18640 NL80211_MCGRP_MLME, gfp);
18641 return;
18642
18643 nla_put_failure:
18644 nlmsg_free(msg);
18645 }
18646 EXPORT_SYMBOL(cfg80211_notify_new_peer_candidate);
18647
18648 void nl80211_michael_mic_failure(struct cfg80211_registered_device *rdev,
18649 struct net_device *netdev, const u8 *addr,
18650 enum nl80211_key_type key_type, int key_id,
18651 const u8 *tsc, gfp_t gfp)
18652 {
18653 struct sk_buff *msg;
18654 void *hdr;
18655
18656 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
18657 if (!msg)
18658 return;
18659
18660 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_MICHAEL_MIC_FAILURE);
18661 if (!hdr) {
18662 nlmsg_free(msg);
18663 return;
18664 }
18665
18666 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
18667 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
18668 (addr && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) ||
18669 nla_put_u32(msg, NL80211_ATTR_KEY_TYPE, key_type) ||
18670 (key_id != -1 &&
18671 nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_id)) ||
18672 (tsc && nla_put(msg, NL80211_ATTR_KEY_SEQ, 6, tsc)))
18673 goto nla_put_failure;
18674
18675 genlmsg_end(msg, hdr);
18676
18677 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
18678 NL80211_MCGRP_MLME, gfp);
18679 return;
18680
18681 nla_put_failure:
18682 nlmsg_free(msg);
18683 }
18684
18685 void nl80211_send_beacon_hint_event(struct wiphy *wiphy,
18686 struct ieee80211_channel *channel_before,
18687 struct ieee80211_channel *channel_after)
18688 {
18689 struct sk_buff *msg;
18690 void *hdr;
18691 struct nlattr *nl_freq;
18692
18693 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC);
18694 if (!msg)
18695 return;
18696
18697 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_BEACON_HINT);
18698 if (!hdr) {
18699 nlmsg_free(msg);
18700 return;
18701 }
18702
18703 /*
18704 * Since we are applying the beacon hint to a wiphy we know its
18705 * wiphy_idx is valid
18706 */
18707 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
18708 goto nla_put_failure;
18709
18710 /* Before */
18711 nl_freq = nla_nest_start_noflag(msg, NL80211_ATTR_FREQ_BEFORE);
18712 if (!nl_freq)
18713 goto nla_put_failure;
18714
18715 if (nl80211_msg_put_channel(msg, wiphy, channel_before, false))
18716 goto nla_put_failure;
18717 nla_nest_end(msg, nl_freq);
18718
18719 /* After */
18720 nl_freq = nla_nest_start_noflag(msg, NL80211_ATTR_FREQ_AFTER);
18721 if (!nl_freq)
18722 goto nla_put_failure;
18723
18724 if (nl80211_msg_put_channel(msg, wiphy, channel_after, false))
18725 goto nla_put_failure;
18726 nla_nest_end(msg, nl_freq);
18727
18728 genlmsg_end(msg, hdr);
18729
18730 genlmsg_multicast_allns(&nl80211_fam, msg, 0,
18731 NL80211_MCGRP_REGULATORY);
18732
18733 return;
18734
18735 nla_put_failure:
18736 nlmsg_free(msg);
18737 }
18738
18739 static void nl80211_send_remain_on_chan_event(
18740 int cmd, struct cfg80211_registered_device *rdev,
18741 struct wireless_dev *wdev, u64 cookie,
18742 struct ieee80211_channel *chan,
18743 unsigned int duration, gfp_t gfp)
18744 {
18745 struct sk_buff *msg;
18746 void *hdr;
18747
18748 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
18749 if (!msg)
18750 return;
18751
18752 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
18753 if (!hdr) {
18754 nlmsg_free(msg);
18755 return;
18756 }
18757
18758 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
18759 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
18760 wdev->netdev->ifindex)) ||
18761 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
18762 NL80211_ATTR_PAD) ||
18763 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, chan->center_freq) ||
18764 nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
18765 NL80211_CHAN_NO_HT) ||
18766 nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
18767 NL80211_ATTR_PAD))
18768 goto nla_put_failure;
18769
18770 if (cmd == NL80211_CMD_REMAIN_ON_CHANNEL &&
18771 nla_put_u32(msg, NL80211_ATTR_DURATION, duration))
18772 goto nla_put_failure;
18773
18774 genlmsg_end(msg, hdr);
18775
18776 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
18777 NL80211_MCGRP_MLME, gfp);
18778 return;
18779
18780 nla_put_failure:
18781 nlmsg_free(msg);
18782 }
18783
18784 void cfg80211_assoc_comeback(struct net_device *netdev,
18785 const u8 *ap_addr, u32 timeout)
18786 {
18787 struct wireless_dev *wdev = netdev->ieee80211_ptr;
18788 struct wiphy *wiphy = wdev->wiphy;
18789 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
18790 struct sk_buff *msg;
18791 void *hdr;
18792
18793 trace_cfg80211_assoc_comeback(wdev, ap_addr, timeout);
18794
18795 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
18796 if (!msg)
18797 return;
18798
18799 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ASSOC_COMEBACK);
18800 if (!hdr) {
18801 nlmsg_free(msg);
18802 return;
18803 }
18804
18805 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
18806 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
18807 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, ap_addr) ||
18808 nla_put_u32(msg, NL80211_ATTR_TIMEOUT, timeout))
18809 goto nla_put_failure;
18810
18811 genlmsg_end(msg, hdr);
18812
18813 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
18814 NL80211_MCGRP_MLME, GFP_KERNEL);
18815 return;
18816
18817 nla_put_failure:
18818 nlmsg_free(msg);
18819 }
18820 EXPORT_SYMBOL(cfg80211_assoc_comeback);
18821
18822 void cfg80211_ready_on_channel(struct wireless_dev *wdev, u64 cookie,
18823 struct ieee80211_channel *chan,
18824 unsigned int duration, gfp_t gfp)
18825 {
18826 struct wiphy *wiphy = wdev->wiphy;
18827 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
18828
18829 trace_cfg80211_ready_on_channel(wdev, cookie, chan, duration);
18830 nl80211_send_remain_on_chan_event(NL80211_CMD_REMAIN_ON_CHANNEL,
18831 rdev, wdev, cookie, chan,
18832 duration, gfp);
18833 }
18834 EXPORT_SYMBOL(cfg80211_ready_on_channel);
18835
18836 void cfg80211_remain_on_channel_expired(struct wireless_dev *wdev, u64 cookie,
18837 struct ieee80211_channel *chan,
18838 gfp_t gfp)
18839 {
18840 struct wiphy *wiphy = wdev->wiphy;
18841 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
18842
18843 trace_cfg80211_ready_on_channel_expired(wdev, cookie, chan);
18844 nl80211_send_remain_on_chan_event(NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
18845 rdev, wdev, cookie, chan, 0, gfp);
18846 }
18847 EXPORT_SYMBOL(cfg80211_remain_on_channel_expired);
18848
18849 void cfg80211_tx_mgmt_expired(struct wireless_dev *wdev, u64 cookie,
18850 struct ieee80211_channel *chan,
18851 gfp_t gfp)
18852 {
18853 struct wiphy *wiphy = wdev->wiphy;
18854 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
18855
18856 trace_cfg80211_tx_mgmt_expired(wdev, cookie, chan);
18857 nl80211_send_remain_on_chan_event(NL80211_CMD_FRAME_WAIT_CANCEL,
18858 rdev, wdev, cookie, chan, 0, gfp);
18859 }
18860 EXPORT_SYMBOL(cfg80211_tx_mgmt_expired);
18861
18862 void cfg80211_new_sta(struct net_device *dev, const u8 *mac_addr,
18863 struct station_info *sinfo, gfp_t gfp)
18864 {
18865 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
18866 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
18867 struct sk_buff *msg;
18868
18869 trace_cfg80211_new_sta(dev, mac_addr, sinfo);
18870
18871 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
18872 if (!msg)
18873 return;
18874
18875 if (nl80211_send_station(msg, NL80211_CMD_NEW_STATION, 0, 0, 0,
18876 rdev, dev, mac_addr, sinfo) < 0) {
18877 nlmsg_free(msg);
18878 return;
18879 }
18880
18881 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
18882 NL80211_MCGRP_MLME, gfp);
18883 }
18884 EXPORT_SYMBOL(cfg80211_new_sta);
18885
18886 void cfg80211_del_sta_sinfo(struct net_device *dev, const u8 *mac_addr,
18887 struct station_info *sinfo, gfp_t gfp)
18888 {
18889 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
18890 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
18891 struct sk_buff *msg;
18892 struct station_info empty_sinfo = {};
18893
18894 if (!sinfo)
18895 sinfo = &empty_sinfo;
18896
18897 trace_cfg80211_del_sta(dev, mac_addr);
18898
18899 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
18900 if (!msg) {
18901 cfg80211_sinfo_release_content(sinfo);
18902 return;
18903 }
18904
18905 if (nl80211_send_station(msg, NL80211_CMD_DEL_STATION, 0, 0, 0,
18906 rdev, dev, mac_addr, sinfo) < 0) {
18907 nlmsg_free(msg);
18908 return;
18909 }
18910
18911 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
18912 NL80211_MCGRP_MLME, gfp);
18913 }
18914 EXPORT_SYMBOL(cfg80211_del_sta_sinfo);
18915
18916 void cfg80211_conn_failed(struct net_device *dev, const u8 *mac_addr,
18917 enum nl80211_connect_failed_reason reason,
18918 gfp_t gfp)
18919 {
18920 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
18921 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
18922 struct sk_buff *msg;
18923 void *hdr;
18924
18925 msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
18926 if (!msg)
18927 return;
18928
18929 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONN_FAILED);
18930 if (!hdr) {
18931 nlmsg_free(msg);
18932 return;
18933 }
18934
18935 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
18936 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
18937 nla_put_u32(msg, NL80211_ATTR_CONN_FAILED_REASON, reason))
18938 goto nla_put_failure;
18939
18940 genlmsg_end(msg, hdr);
18941
18942 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
18943 NL80211_MCGRP_MLME, gfp);
18944 return;
18945
18946 nla_put_failure:
18947 nlmsg_free(msg);
18948 }
18949 EXPORT_SYMBOL(cfg80211_conn_failed);
18950
18951 static bool __nl80211_unexpected_frame(struct net_device *dev, u8 cmd,
18952 const u8 *addr, gfp_t gfp)
18953 {
18954 struct wireless_dev *wdev = dev->ieee80211_ptr;
18955 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
18956 struct sk_buff *msg;
18957 void *hdr;
18958 u32 nlportid = READ_ONCE(wdev->ap_unexpected_nlportid);
18959
18960 if (!nlportid)
18961 return false;
18962
18963 msg = nlmsg_new(100, gfp);
18964 if (!msg)
18965 return true;
18966
18967 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
18968 if (!hdr) {
18969 nlmsg_free(msg);
18970 return true;
18971 }
18972
18973 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
18974 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
18975 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
18976 goto nla_put_failure;
18977
18978 genlmsg_end(msg, hdr);
18979 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
18980 return true;
18981
18982 nla_put_failure:
18983 nlmsg_free(msg);
18984 return true;
18985 }
18986
18987 bool cfg80211_rx_spurious_frame(struct net_device *dev,
18988 const u8 *addr, gfp_t gfp)
18989 {
18990 struct wireless_dev *wdev = dev->ieee80211_ptr;
18991 bool ret;
18992
18993 trace_cfg80211_rx_spurious_frame(dev, addr);
18994
18995 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
18996 wdev->iftype != NL80211_IFTYPE_P2P_GO)) {
18997 trace_cfg80211_return_bool(false);
18998 return false;
18999 }
19000 ret = __nl80211_unexpected_frame(dev, NL80211_CMD_UNEXPECTED_FRAME,
19001 addr, gfp);
19002 trace_cfg80211_return_bool(ret);
19003 return ret;
19004 }
19005 EXPORT_SYMBOL(cfg80211_rx_spurious_frame);
19006
19007 bool cfg80211_rx_unexpected_4addr_frame(struct net_device *dev,
19008 const u8 *addr, gfp_t gfp)
19009 {
19010 struct wireless_dev *wdev = dev->ieee80211_ptr;
19011 bool ret;
19012
19013 trace_cfg80211_rx_unexpected_4addr_frame(dev, addr);
19014
19015 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
19016 wdev->iftype != NL80211_IFTYPE_P2P_GO &&
19017 wdev->iftype != NL80211_IFTYPE_AP_VLAN)) {
19018 trace_cfg80211_return_bool(false);
19019 return false;
19020 }
19021 ret = __nl80211_unexpected_frame(dev,
19022 NL80211_CMD_UNEXPECTED_4ADDR_FRAME,
19023 addr, gfp);
19024 trace_cfg80211_return_bool(ret);
19025 return ret;
19026 }
19027 EXPORT_SYMBOL(cfg80211_rx_unexpected_4addr_frame);
19028
19029 int nl80211_send_mgmt(struct cfg80211_registered_device *rdev,
19030 struct wireless_dev *wdev, u32 nlportid,
19031 struct cfg80211_rx_info *info, gfp_t gfp)
19032 {
19033 struct net_device *netdev = wdev->netdev;
19034 struct sk_buff *msg;
19035 void *hdr;
19036
19037 msg = nlmsg_new(100 + info->len, gfp);
19038 if (!msg)
19039 return -ENOMEM;
19040
19041 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
19042 if (!hdr) {
19043 nlmsg_free(msg);
19044 return -ENOMEM;
19045 }
19046
19047 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
19048 (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
19049 netdev->ifindex)) ||
19050 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
19051 NL80211_ATTR_PAD) ||
19052 (info->have_link_id &&
19053 nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, info->link_id)) ||
19054 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, KHZ_TO_MHZ(info->freq)) ||
19055 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ_OFFSET, info->freq % 1000) ||
19056 (info->sig_dbm &&
19057 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, info->sig_dbm)) ||
19058 nla_put(msg, NL80211_ATTR_FRAME, info->len, info->buf) ||
19059 (info->flags &&
19060 nla_put_u32(msg, NL80211_ATTR_RXMGMT_FLAGS, info->flags)) ||
19061 (info->rx_tstamp && nla_put_u64_64bit(msg,
19062 NL80211_ATTR_RX_HW_TIMESTAMP,
19063 info->rx_tstamp,
19064 NL80211_ATTR_PAD)) ||
19065 (info->ack_tstamp && nla_put_u64_64bit(msg,
19066 NL80211_ATTR_TX_HW_TIMESTAMP,
19067 info->ack_tstamp,
19068 NL80211_ATTR_PAD)))
19069 goto nla_put_failure;
19070
19071 genlmsg_end(msg, hdr);
19072
19073 return genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
19074
19075 nla_put_failure:
19076 nlmsg_free(msg);
19077 return -ENOBUFS;
19078 }
19079
19080 static void nl80211_frame_tx_status(struct wireless_dev *wdev,
19081 struct cfg80211_tx_status *status,
19082 gfp_t gfp, enum nl80211_commands command)
19083 {
19084 struct wiphy *wiphy = wdev->wiphy;
19085 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
19086 struct net_device *netdev = wdev->netdev;
19087 struct sk_buff *msg;
19088 void *hdr;
19089
19090 if (command == NL80211_CMD_FRAME_TX_STATUS)
19091 trace_cfg80211_mgmt_tx_status(wdev, status->cookie,
19092 status->ack);
19093 else
19094 trace_cfg80211_control_port_tx_status(wdev, status->cookie,
19095 status->ack);
19096
19097 msg = nlmsg_new(100 + status->len, gfp);
19098 if (!msg)
19099 return;
19100
19101 hdr = nl80211hdr_put(msg, 0, 0, 0, command);
19102 if (!hdr) {
19103 nlmsg_free(msg);
19104 return;
19105 }
19106
19107 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
19108 (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
19109 netdev->ifindex)) ||
19110 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
19111 NL80211_ATTR_PAD) ||
19112 nla_put(msg, NL80211_ATTR_FRAME, status->len, status->buf) ||
19113 nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, status->cookie,
19114 NL80211_ATTR_PAD) ||
19115 (status->ack && nla_put_flag(msg, NL80211_ATTR_ACK)) ||
19116 (status->tx_tstamp &&
19117 nla_put_u64_64bit(msg, NL80211_ATTR_TX_HW_TIMESTAMP,
19118 status->tx_tstamp, NL80211_ATTR_PAD)) ||
19119 (status->ack_tstamp &&
19120 nla_put_u64_64bit(msg, NL80211_ATTR_RX_HW_TIMESTAMP,
19121 status->ack_tstamp, NL80211_ATTR_PAD)))
19122 goto nla_put_failure;
19123
19124 genlmsg_end(msg, hdr);
19125
19126 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
19127 NL80211_MCGRP_MLME, gfp);
19128 return;
19129
19130 nla_put_failure:
19131 nlmsg_free(msg);
19132 }
19133
19134 void cfg80211_control_port_tx_status(struct wireless_dev *wdev, u64 cookie,
19135 const u8 *buf, size_t len, bool ack,
19136 gfp_t gfp)
19137 {
19138 struct cfg80211_tx_status status = {
19139 .cookie = cookie,
19140 .buf = buf,
19141 .len = len,
19142 .ack = ack
19143 };
19144
19145 nl80211_frame_tx_status(wdev, &status, gfp,
19146 NL80211_CMD_CONTROL_PORT_FRAME_TX_STATUS);
19147 }
19148 EXPORT_SYMBOL(cfg80211_control_port_tx_status);
19149
19150 void cfg80211_mgmt_tx_status_ext(struct wireless_dev *wdev,
19151 struct cfg80211_tx_status *status, gfp_t gfp)
19152 {
19153 nl80211_frame_tx_status(wdev, status, gfp, NL80211_CMD_FRAME_TX_STATUS);
19154 }
19155 EXPORT_SYMBOL(cfg80211_mgmt_tx_status_ext);
19156
19157 static int __nl80211_rx_control_port(struct net_device *dev,
19158 struct sk_buff *skb,
19159 bool unencrypted,
19160 int link_id,
19161 gfp_t gfp)
19162 {
19163 struct wireless_dev *wdev = dev->ieee80211_ptr;
19164 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
19165 struct ethhdr *ehdr = eth_hdr(skb);
19166 const u8 *addr = ehdr->h_source;
19167 u16 proto = be16_to_cpu(skb->protocol);
19168 struct sk_buff *msg;
19169 void *hdr;
19170 struct nlattr *frame;
19171
19172 u32 nlportid = READ_ONCE(wdev->conn_owner_nlportid);
19173
19174 if (!nlportid)
19175 return -ENOENT;
19176
19177 msg = nlmsg_new(100 + skb->len, gfp);
19178 if (!msg)
19179 return -ENOMEM;
19180
19181 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONTROL_PORT_FRAME);
19182 if (!hdr) {
19183 nlmsg_free(msg);
19184 return -ENOBUFS;
19185 }
19186
19187 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
19188 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
19189 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
19190 NL80211_ATTR_PAD) ||
19191 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
19192 nla_put_u16(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE, proto) ||
19193 (link_id >= 0 &&
19194 nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link_id)) ||
19195 (unencrypted && nla_put_flag(msg,
19196 NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT)))
19197 goto nla_put_failure;
19198
19199 frame = nla_reserve(msg, NL80211_ATTR_FRAME, skb->len);
19200 if (!frame)
19201 goto nla_put_failure;
19202
19203 skb_copy_bits(skb, 0, nla_data(frame), skb->len);
19204 genlmsg_end(msg, hdr);
19205
19206 return genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
19207
19208 nla_put_failure:
19209 nlmsg_free(msg);
19210 return -ENOBUFS;
19211 }
19212
19213 bool cfg80211_rx_control_port(struct net_device *dev, struct sk_buff *skb,
19214 bool unencrypted, int link_id)
19215 {
19216 int ret;
19217
19218 trace_cfg80211_rx_control_port(dev, skb, unencrypted, link_id);
19219 ret = __nl80211_rx_control_port(dev, skb, unencrypted, link_id,
19220 GFP_ATOMIC);
19221 trace_cfg80211_return_bool(ret == 0);
19222 return ret == 0;
19223 }
19224 EXPORT_SYMBOL(cfg80211_rx_control_port);
19225
19226 static struct sk_buff *cfg80211_prepare_cqm(struct net_device *dev,
19227 const char *mac, gfp_t gfp)
19228 {
19229 struct wireless_dev *wdev = dev->ieee80211_ptr;
19230 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
19231 struct sk_buff *msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
19232 void **cb;
19233
19234 if (!msg)
19235 return NULL;
19236
19237 cb = (void **)msg->cb;
19238
19239 cb[0] = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM);
19240 if (!cb[0]) {
19241 nlmsg_free(msg);
19242 return NULL;
19243 }
19244
19245 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
19246 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
19247 goto nla_put_failure;
19248
19249 if (mac && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac))
19250 goto nla_put_failure;
19251
19252 cb[1] = nla_nest_start_noflag(msg, NL80211_ATTR_CQM);
19253 if (!cb[1])
19254 goto nla_put_failure;
19255
19256 cb[2] = rdev;
19257
19258 return msg;
19259 nla_put_failure:
19260 nlmsg_free(msg);
19261 return NULL;
19262 }
19263
19264 static void cfg80211_send_cqm(struct sk_buff *msg, gfp_t gfp)
19265 {
19266 void **cb = (void **)msg->cb;
19267 struct cfg80211_registered_device *rdev = cb[2];
19268
19269 nla_nest_end(msg, cb[1]);
19270 genlmsg_end(msg, cb[0]);
19271
19272 memset(msg->cb, 0, sizeof(msg->cb));
19273
19274 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
19275 NL80211_MCGRP_MLME, gfp);
19276 }
19277
19278 void cfg80211_cqm_rssi_notify(struct net_device *dev,
19279 enum nl80211_cqm_rssi_threshold_event rssi_event,
19280 s32 rssi_level, gfp_t gfp)
19281 {
19282 struct wireless_dev *wdev = dev->ieee80211_ptr;
19283 struct cfg80211_cqm_config *cqm_config;
19284
19285 trace_cfg80211_cqm_rssi_notify(dev, rssi_event, rssi_level);
19286
19287 if (WARN_ON(rssi_event != NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW &&
19288 rssi_event != NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH))
19289 return;
19290
19291 rcu_read_lock();
19292 cqm_config = rcu_dereference(wdev->cqm_config);
19293 if (cqm_config) {
19294 cqm_config->last_rssi_event_value = rssi_level;
19295 cqm_config->last_rssi_event_type = rssi_event;
19296 wiphy_work_queue(wdev->wiphy, &wdev->cqm_rssi_work);
19297 }
19298 rcu_read_unlock();
19299 }
19300 EXPORT_SYMBOL(cfg80211_cqm_rssi_notify);
19301
19302 void cfg80211_cqm_rssi_notify_work(struct wiphy *wiphy, struct wiphy_work *work)
19303 {
19304 struct wireless_dev *wdev = container_of(work, struct wireless_dev,
19305 cqm_rssi_work);
19306 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
19307 enum nl80211_cqm_rssi_threshold_event rssi_event;
19308 struct cfg80211_cqm_config *cqm_config;
19309 struct sk_buff *msg;
19310 s32 rssi_level;
19311
19312 cqm_config = wiphy_dereference(wdev->wiphy, wdev->cqm_config);
19313 if (!cqm_config)
19314 return;
19315
19316 if (cqm_config->use_range_api)
19317 cfg80211_cqm_rssi_update(rdev, wdev->netdev, cqm_config);
19318
19319 rssi_level = cqm_config->last_rssi_event_value;
19320 rssi_event = cqm_config->last_rssi_event_type;
19321
19322 msg = cfg80211_prepare_cqm(wdev->netdev, NULL, GFP_KERNEL);
19323 if (!msg)
19324 return;
19325
19326 if (nla_put_u32(msg, NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT,
19327 rssi_event))
19328 goto nla_put_failure;
19329
19330 if (rssi_level && nla_put_s32(msg, NL80211_ATTR_CQM_RSSI_LEVEL,
19331 rssi_level))
19332 goto nla_put_failure;
19333
19334 cfg80211_send_cqm(msg, GFP_KERNEL);
19335
19336 return;
19337
19338 nla_put_failure:
19339 nlmsg_free(msg);
19340 }
19341
19342 void cfg80211_cqm_txe_notify(struct net_device *dev,
19343 const u8 *peer, u32 num_packets,
19344 u32 rate, u32 intvl, gfp_t gfp)
19345 {
19346 struct sk_buff *msg;
19347
19348 msg = cfg80211_prepare_cqm(dev, peer, gfp);
19349 if (!msg)
19350 return;
19351
19352 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_PKTS, num_packets))
19353 goto nla_put_failure;
19354
19355 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_RATE, rate))
19356 goto nla_put_failure;
19357
19358 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_INTVL, intvl))
19359 goto nla_put_failure;
19360
19361 cfg80211_send_cqm(msg, gfp);
19362 return;
19363
19364 nla_put_failure:
19365 nlmsg_free(msg);
19366 }
19367 EXPORT_SYMBOL(cfg80211_cqm_txe_notify);
19368
19369 void cfg80211_cqm_pktloss_notify(struct net_device *dev,
19370 const u8 *peer, u32 num_packets, gfp_t gfp)
19371 {
19372 struct sk_buff *msg;
19373
19374 trace_cfg80211_cqm_pktloss_notify(dev, peer, num_packets);
19375
19376 msg = cfg80211_prepare_cqm(dev, peer, gfp);
19377 if (!msg)
19378 return;
19379
19380 if (nla_put_u32(msg, NL80211_ATTR_CQM_PKT_LOSS_EVENT, num_packets))
19381 goto nla_put_failure;
19382
19383 cfg80211_send_cqm(msg, gfp);
19384 return;
19385
19386 nla_put_failure:
19387 nlmsg_free(msg);
19388 }
19389 EXPORT_SYMBOL(cfg80211_cqm_pktloss_notify);
19390
19391 void cfg80211_cqm_beacon_loss_notify(struct net_device *dev, gfp_t gfp)
19392 {
19393 struct sk_buff *msg;
19394
19395 msg = cfg80211_prepare_cqm(dev, NULL, gfp);
19396 if (!msg)
19397 return;
19398
19399 if (nla_put_flag(msg, NL80211_ATTR_CQM_BEACON_LOSS_EVENT))
19400 goto nla_put_failure;
19401
19402 cfg80211_send_cqm(msg, gfp);
19403 return;
19404
19405 nla_put_failure:
19406 nlmsg_free(msg);
19407 }
19408 EXPORT_SYMBOL(cfg80211_cqm_beacon_loss_notify);
19409
19410 static void nl80211_gtk_rekey_notify(struct cfg80211_registered_device *rdev,
19411 struct net_device *netdev, const u8 *bssid,
19412 const u8 *replay_ctr, gfp_t gfp)
19413 {
19414 struct sk_buff *msg;
19415 struct nlattr *rekey_attr;
19416 void *hdr;
19417
19418 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
19419 if (!msg)
19420 return;
19421
19422 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_REKEY_OFFLOAD);
19423 if (!hdr) {
19424 nlmsg_free(msg);
19425 return;
19426 }
19427
19428 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
19429 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
19430 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
19431 goto nla_put_failure;
19432
19433 rekey_attr = nla_nest_start_noflag(msg, NL80211_ATTR_REKEY_DATA);
19434 if (!rekey_attr)
19435 goto nla_put_failure;
19436
19437 if (nla_put(msg, NL80211_REKEY_DATA_REPLAY_CTR,
19438 NL80211_REPLAY_CTR_LEN, replay_ctr))
19439 goto nla_put_failure;
19440
19441 nla_nest_end(msg, rekey_attr);
19442
19443 genlmsg_end(msg, hdr);
19444
19445 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
19446 NL80211_MCGRP_MLME, gfp);
19447 return;
19448
19449 nla_put_failure:
19450 nlmsg_free(msg);
19451 }
19452
19453 void cfg80211_gtk_rekey_notify(struct net_device *dev, const u8 *bssid,
19454 const u8 *replay_ctr, gfp_t gfp)
19455 {
19456 struct wireless_dev *wdev = dev->ieee80211_ptr;
19457 struct wiphy *wiphy = wdev->wiphy;
19458 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
19459
19460 trace_cfg80211_gtk_rekey_notify(dev, bssid);
19461 nl80211_gtk_rekey_notify(rdev, dev, bssid, replay_ctr, gfp);
19462 }
19463 EXPORT_SYMBOL(cfg80211_gtk_rekey_notify);
19464
19465 static void
19466 nl80211_pmksa_candidate_notify(struct cfg80211_registered_device *rdev,
19467 struct net_device *netdev, int index,
19468 const u8 *bssid, bool preauth, gfp_t gfp)
19469 {
19470 struct sk_buff *msg;
19471 struct nlattr *attr;
19472 void *hdr;
19473
19474 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
19475 if (!msg)
19476 return;
19477
19478 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PMKSA_CANDIDATE);
19479 if (!hdr) {
19480 nlmsg_free(msg);
19481 return;
19482 }
19483
19484 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
19485 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
19486 goto nla_put_failure;
19487
19488 attr = nla_nest_start_noflag(msg, NL80211_ATTR_PMKSA_CANDIDATE);
19489 if (!attr)
19490 goto nla_put_failure;
19491
19492 if (nla_put_u32(msg, NL80211_PMKSA_CANDIDATE_INDEX, index) ||
19493 nla_put(msg, NL80211_PMKSA_CANDIDATE_BSSID, ETH_ALEN, bssid) ||
19494 (preauth &&
19495 nla_put_flag(msg, NL80211_PMKSA_CANDIDATE_PREAUTH)))
19496 goto nla_put_failure;
19497
19498 nla_nest_end(msg, attr);
19499
19500 genlmsg_end(msg, hdr);
19501
19502 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
19503 NL80211_MCGRP_MLME, gfp);
19504 return;
19505
19506 nla_put_failure:
19507 nlmsg_free(msg);
19508 }
19509
19510 void cfg80211_pmksa_candidate_notify(struct net_device *dev, int index,
19511 const u8 *bssid, bool preauth, gfp_t gfp)
19512 {
19513 struct wireless_dev *wdev = dev->ieee80211_ptr;
19514 struct wiphy *wiphy = wdev->wiphy;
19515 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
19516
19517 trace_cfg80211_pmksa_candidate_notify(dev, index, bssid, preauth);
19518 nl80211_pmksa_candidate_notify(rdev, dev, index, bssid, preauth, gfp);
19519 }
19520 EXPORT_SYMBOL(cfg80211_pmksa_candidate_notify);
19521
19522 static void nl80211_ch_switch_notify(struct cfg80211_registered_device *rdev,
19523 struct net_device *netdev,
19524 unsigned int link_id,
19525 struct cfg80211_chan_def *chandef,
19526 gfp_t gfp,
19527 enum nl80211_commands notif,
19528 u8 count, bool quiet)
19529 {
19530 struct wireless_dev *wdev = netdev->ieee80211_ptr;
19531 struct sk_buff *msg;
19532 void *hdr;
19533
19534 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
19535 if (!msg)
19536 return;
19537
19538 hdr = nl80211hdr_put(msg, 0, 0, 0, notif);
19539 if (!hdr) {
19540 nlmsg_free(msg);
19541 return;
19542 }
19543
19544 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
19545 goto nla_put_failure;
19546
19547 if (wdev->valid_links &&
19548 nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link_id))
19549 goto nla_put_failure;
19550
19551 if (nl80211_send_chandef(msg, chandef))
19552 goto nla_put_failure;
19553
19554 if (notif == NL80211_CMD_CH_SWITCH_STARTED_NOTIFY) {
19555 if (nla_put_u32(msg, NL80211_ATTR_CH_SWITCH_COUNT, count))
19556 goto nla_put_failure;
19557 if (quiet &&
19558 nla_put_flag(msg, NL80211_ATTR_CH_SWITCH_BLOCK_TX))
19559 goto nla_put_failure;
19560 }
19561
19562 genlmsg_end(msg, hdr);
19563
19564 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
19565 NL80211_MCGRP_MLME, gfp);
19566 return;
19567
19568 nla_put_failure:
19569 nlmsg_free(msg);
19570 }
19571
19572 void cfg80211_ch_switch_notify(struct net_device *dev,
19573 struct cfg80211_chan_def *chandef,
19574 unsigned int link_id)
19575 {
19576 struct wireless_dev *wdev = dev->ieee80211_ptr;
19577 struct wiphy *wiphy = wdev->wiphy;
19578 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
19579
19580 lockdep_assert_wiphy(wdev->wiphy);
19581 WARN_INVALID_LINK_ID(wdev, link_id);
19582
19583 trace_cfg80211_ch_switch_notify(dev, chandef, link_id);
19584
19585 switch (wdev->iftype) {
19586 case NL80211_IFTYPE_STATION:
19587 case NL80211_IFTYPE_P2P_CLIENT:
19588 if (!WARN_ON(!wdev->links[link_id].client.current_bss))
19589 cfg80211_update_assoc_bss_entry(wdev, link_id,
19590 chandef->chan);
19591 break;
19592 case NL80211_IFTYPE_MESH_POINT:
19593 wdev->u.mesh.chandef = *chandef;
19594 wdev->u.mesh.preset_chandef = *chandef;
19595 break;
19596 case NL80211_IFTYPE_AP:
19597 case NL80211_IFTYPE_P2P_GO:
19598 wdev->links[link_id].ap.chandef = *chandef;
19599 break;
19600 case NL80211_IFTYPE_ADHOC:
19601 wdev->u.ibss.chandef = *chandef;
19602 break;
19603 default:
19604 WARN_ON(1);
19605 break;
19606 }
19607
19608 cfg80211_schedule_channels_check(wdev);
19609 cfg80211_sched_dfs_chan_update(rdev);
19610
19611 nl80211_ch_switch_notify(rdev, dev, link_id, chandef, GFP_KERNEL,
19612 NL80211_CMD_CH_SWITCH_NOTIFY, 0, false);
19613 }
19614 EXPORT_SYMBOL(cfg80211_ch_switch_notify);
19615
19616 void cfg80211_ch_switch_started_notify(struct net_device *dev,
19617 struct cfg80211_chan_def *chandef,
19618 unsigned int link_id, u8 count,
19619 bool quiet)
19620 {
19621 struct wireless_dev *wdev = dev->ieee80211_ptr;
19622 struct wiphy *wiphy = wdev->wiphy;
19623 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
19624
19625 lockdep_assert_wiphy(wdev->wiphy);
19626 WARN_INVALID_LINK_ID(wdev, link_id);
19627
19628 trace_cfg80211_ch_switch_started_notify(dev, chandef, link_id);
19629
19630
19631 nl80211_ch_switch_notify(rdev, dev, link_id, chandef, GFP_KERNEL,
19632 NL80211_CMD_CH_SWITCH_STARTED_NOTIFY,
19633 count, quiet);
19634 }
19635 EXPORT_SYMBOL(cfg80211_ch_switch_started_notify);
19636
19637 int cfg80211_bss_color_notify(struct net_device *dev,
19638 enum nl80211_commands cmd, u8 count,
19639 u64 color_bitmap, u8 link_id)
19640 {
19641 struct wireless_dev *wdev = dev->ieee80211_ptr;
19642 struct wiphy *wiphy = wdev->wiphy;
19643 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
19644 struct sk_buff *msg;
19645 void *hdr;
19646
19647 lockdep_assert_wiphy(wdev->wiphy);
19648
19649 trace_cfg80211_bss_color_notify(dev, cmd, count, color_bitmap);
19650
19651 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
19652 if (!msg)
19653 return -ENOMEM;
19654
19655 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
19656 if (!hdr)
19657 goto nla_put_failure;
19658
19659 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
19660 goto nla_put_failure;
19661
19662 if (wdev->valid_links &&
19663 nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link_id))
19664 goto nla_put_failure;
19665
19666 if (cmd == NL80211_CMD_COLOR_CHANGE_STARTED &&
19667 nla_put_u32(msg, NL80211_ATTR_COLOR_CHANGE_COUNT, count))
19668 goto nla_put_failure;
19669
19670 if (cmd == NL80211_CMD_OBSS_COLOR_COLLISION &&
19671 nla_put_u64_64bit(msg, NL80211_ATTR_OBSS_COLOR_BITMAP,
19672 color_bitmap, NL80211_ATTR_PAD))
19673 goto nla_put_failure;
19674
19675 genlmsg_end(msg, hdr);
19676
19677 return genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
19678 msg, 0, NL80211_MCGRP_MLME, GFP_KERNEL);
19679
19680 nla_put_failure:
19681 nlmsg_free(msg);
19682 return -EINVAL;
19683 }
19684 EXPORT_SYMBOL(cfg80211_bss_color_notify);
19685
19686 void
19687 nl80211_radar_notify(struct cfg80211_registered_device *rdev,
19688 const struct cfg80211_chan_def *chandef,
19689 enum nl80211_radar_event event,
19690 struct net_device *netdev, gfp_t gfp)
19691 {
19692 struct sk_buff *msg;
19693 void *hdr;
19694
19695 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
19696 if (!msg)
19697 return;
19698
19699 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_RADAR_DETECT);
19700 if (!hdr) {
19701 nlmsg_free(msg);
19702 return;
19703 }
19704
19705 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
19706 goto nla_put_failure;
19707
19708 /* NOP and radar events don't need a netdev parameter */
19709 if (netdev) {
19710 struct wireless_dev *wdev = netdev->ieee80211_ptr;
19711
19712 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
19713 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
19714 NL80211_ATTR_PAD))
19715 goto nla_put_failure;
19716 }
19717
19718 if (nla_put_u32(msg, NL80211_ATTR_RADAR_EVENT, event))
19719 goto nla_put_failure;
19720
19721 if (nl80211_send_chandef(msg, chandef))
19722 goto nla_put_failure;
19723
19724 genlmsg_end(msg, hdr);
19725
19726 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
19727 NL80211_MCGRP_MLME, gfp);
19728 return;
19729
19730 nla_put_failure:
19731 nlmsg_free(msg);
19732 }
19733
19734 void cfg80211_sta_opmode_change_notify(struct net_device *dev, const u8 *mac,
19735 struct sta_opmode_info *sta_opmode,
19736 gfp_t gfp)
19737 {
19738 struct sk_buff *msg;
19739 struct wireless_dev *wdev = dev->ieee80211_ptr;
19740 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
19741 void *hdr;
19742
19743 if (WARN_ON(!mac))
19744 return;
19745
19746 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
19747 if (!msg)
19748 return;
19749
19750 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_STA_OPMODE_CHANGED);
19751 if (!hdr) {
19752 nlmsg_free(msg);
19753 return;
19754 }
19755
19756 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
19757 goto nla_put_failure;
19758
19759 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
19760 goto nla_put_failure;
19761
19762 if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac))
19763 goto nla_put_failure;
19764
19765 if ((sta_opmode->changed & STA_OPMODE_SMPS_MODE_CHANGED) &&
19766 nla_put_u8(msg, NL80211_ATTR_SMPS_MODE, sta_opmode->smps_mode))
19767 goto nla_put_failure;
19768
19769 if ((sta_opmode->changed & STA_OPMODE_MAX_BW_CHANGED) &&
19770 nla_put_u32(msg, NL80211_ATTR_CHANNEL_WIDTH, sta_opmode->bw))
19771 goto nla_put_failure;
19772
19773 if ((sta_opmode->changed & STA_OPMODE_N_SS_CHANGED) &&
19774 nla_put_u8(msg, NL80211_ATTR_NSS, sta_opmode->rx_nss))
19775 goto nla_put_failure;
19776
19777 genlmsg_end(msg, hdr);
19778
19779 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
19780 NL80211_MCGRP_MLME, gfp);
19781
19782 return;
19783
19784 nla_put_failure:
19785 nlmsg_free(msg);
19786 }
19787 EXPORT_SYMBOL(cfg80211_sta_opmode_change_notify);
19788
19789 void cfg80211_probe_status(struct net_device *dev, const u8 *addr,
19790 u64 cookie, bool acked, s32 ack_signal,
19791 bool is_valid_ack_signal, gfp_t gfp)
19792 {
19793 struct wireless_dev *wdev = dev->ieee80211_ptr;
19794 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
19795 struct sk_buff *msg;
19796 void *hdr;
19797
19798 trace_cfg80211_probe_status(dev, addr, cookie, acked);
19799
19800 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
19801
19802 if (!msg)
19803 return;
19804
19805 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PROBE_CLIENT);
19806 if (!hdr) {
19807 nlmsg_free(msg);
19808 return;
19809 }
19810
19811 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
19812 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
19813 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
19814 nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
19815 NL80211_ATTR_PAD) ||
19816 (acked && nla_put_flag(msg, NL80211_ATTR_ACK)) ||
19817 (is_valid_ack_signal && nla_put_s32(msg, NL80211_ATTR_ACK_SIGNAL,
19818 ack_signal)))
19819 goto nla_put_failure;
19820
19821 genlmsg_end(msg, hdr);
19822
19823 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
19824 NL80211_MCGRP_MLME, gfp);
19825 return;
19826
19827 nla_put_failure:
19828 nlmsg_free(msg);
19829 }
19830 EXPORT_SYMBOL(cfg80211_probe_status);
19831
19832 void cfg80211_report_obss_beacon_khz(struct wiphy *wiphy, const u8 *frame,
19833 size_t len, int freq, int sig_dbm)
19834 {
19835 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
19836 struct sk_buff *msg;
19837 void *hdr;
19838 struct cfg80211_beacon_registration *reg;
19839
19840 trace_cfg80211_report_obss_beacon(wiphy, frame, len, freq, sig_dbm);
19841
19842 spin_lock_bh(&rdev->beacon_registrations_lock);
19843 list_for_each_entry(reg, &rdev->beacon_registrations, list) {
19844 msg = nlmsg_new(len + 100, GFP_ATOMIC);
19845 if (!msg) {
19846 spin_unlock_bh(&rdev->beacon_registrations_lock);
19847 return;
19848 }
19849
19850 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
19851 if (!hdr)
19852 goto nla_put_failure;
19853
19854 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
19855 (freq &&
19856 (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ,
19857 KHZ_TO_MHZ(freq)) ||
19858 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ_OFFSET,
19859 freq % 1000))) ||
19860 (sig_dbm &&
19861 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) ||
19862 nla_put(msg, NL80211_ATTR_FRAME, len, frame))
19863 goto nla_put_failure;
19864
19865 genlmsg_end(msg, hdr);
19866
19867 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, reg->nlportid);
19868 }
19869 spin_unlock_bh(&rdev->beacon_registrations_lock);
19870 return;
19871
19872 nla_put_failure:
19873 spin_unlock_bh(&rdev->beacon_registrations_lock);
19874 nlmsg_free(msg);
19875 }
19876 EXPORT_SYMBOL(cfg80211_report_obss_beacon_khz);
19877
19878 #ifdef CONFIG_PM
19879 static int cfg80211_net_detect_results(struct sk_buff *msg,
19880 struct cfg80211_wowlan_wakeup *wakeup)
19881 {
19882 struct cfg80211_wowlan_nd_info *nd = wakeup->net_detect;
19883 struct nlattr *nl_results, *nl_match, *nl_freqs;
19884 int i, j;
19885
19886 nl_results = nla_nest_start_noflag(msg,
19887 NL80211_WOWLAN_TRIG_NET_DETECT_RESULTS);
19888 if (!nl_results)
19889 return -EMSGSIZE;
19890
19891 for (i = 0; i < nd->n_matches; i++) {
19892 struct cfg80211_wowlan_nd_match *match = nd->matches[i];
19893
19894 nl_match = nla_nest_start_noflag(msg, i);
19895 if (!nl_match)
19896 break;
19897
19898 /* The SSID attribute is optional in nl80211, but for
19899 * simplicity reasons it's always present in the
19900 * cfg80211 structure. If a driver can't pass the
19901 * SSID, that needs to be changed. A zero length SSID
19902 * is still a valid SSID (wildcard), so it cannot be
19903 * used for this purpose.
19904 */
19905 if (nla_put(msg, NL80211_ATTR_SSID, match->ssid.ssid_len,
19906 match->ssid.ssid)) {
19907 nla_nest_cancel(msg, nl_match);
19908 goto out;
19909 }
19910
19911 if (match->n_channels) {
19912 nl_freqs = nla_nest_start_noflag(msg,
19913 NL80211_ATTR_SCAN_FREQUENCIES);
19914 if (!nl_freqs) {
19915 nla_nest_cancel(msg, nl_match);
19916 goto out;
19917 }
19918
19919 for (j = 0; j < match->n_channels; j++) {
19920 if (nla_put_u32(msg, j, match->channels[j])) {
19921 nla_nest_cancel(msg, nl_freqs);
19922 nla_nest_cancel(msg, nl_match);
19923 goto out;
19924 }
19925 }
19926
19927 nla_nest_end(msg, nl_freqs);
19928 }
19929
19930 nla_nest_end(msg, nl_match);
19931 }
19932
19933 out:
19934 nla_nest_end(msg, nl_results);
19935 return 0;
19936 }
19937
19938 void cfg80211_report_wowlan_wakeup(struct wireless_dev *wdev,
19939 struct cfg80211_wowlan_wakeup *wakeup,
19940 gfp_t gfp)
19941 {
19942 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
19943 struct sk_buff *msg;
19944 void *hdr;
19945 int size = 200;
19946
19947 trace_cfg80211_report_wowlan_wakeup(wdev->wiphy, wdev, wakeup);
19948
19949 if (wakeup)
19950 size += wakeup->packet_present_len;
19951
19952 msg = nlmsg_new(size, gfp);
19953 if (!msg)
19954 return;
19955
19956 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_WOWLAN);
19957 if (!hdr)
19958 goto free_msg;
19959
19960 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
19961 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
19962 NL80211_ATTR_PAD))
19963 goto free_msg;
19964
19965 if (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
19966 wdev->netdev->ifindex))
19967 goto free_msg;
19968
19969 if (wakeup) {
19970 struct nlattr *reasons;
19971
19972 reasons = nla_nest_start_noflag(msg,
19973 NL80211_ATTR_WOWLAN_TRIGGERS);
19974 if (!reasons)
19975 goto free_msg;
19976
19977 if (wakeup->disconnect &&
19978 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT))
19979 goto free_msg;
19980 if (wakeup->magic_pkt &&
19981 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT))
19982 goto free_msg;
19983 if (wakeup->gtk_rekey_failure &&
19984 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE))
19985 goto free_msg;
19986 if (wakeup->eap_identity_req &&
19987 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST))
19988 goto free_msg;
19989 if (wakeup->four_way_handshake &&
19990 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE))
19991 goto free_msg;
19992 if (wakeup->rfkill_release &&
19993 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE))
19994 goto free_msg;
19995
19996 if (wakeup->pattern_idx >= 0 &&
19997 nla_put_u32(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
19998 wakeup->pattern_idx))
19999 goto free_msg;
20000
20001 if (wakeup->tcp_match &&
20002 nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_MATCH))
20003 goto free_msg;
20004
20005 if (wakeup->tcp_connlost &&
20006 nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_CONNLOST))
20007 goto free_msg;
20008
20009 if (wakeup->tcp_nomoretokens &&
20010 nla_put_flag(msg,
20011 NL80211_WOWLAN_TRIG_WAKEUP_TCP_NOMORETOKENS))
20012 goto free_msg;
20013
20014 if (wakeup->unprot_deauth_disassoc &&
20015 nla_put_flag(msg,
20016 NL80211_WOWLAN_TRIG_UNPROTECTED_DEAUTH_DISASSOC))
20017 goto free_msg;
20018
20019 if (wakeup->packet) {
20020 u32 pkt_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211;
20021 u32 len_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211_LEN;
20022
20023 if (!wakeup->packet_80211) {
20024 pkt_attr =
20025 NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023;
20026 len_attr =
20027 NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023_LEN;
20028 }
20029
20030 if (wakeup->packet_len &&
20031 nla_put_u32(msg, len_attr, wakeup->packet_len))
20032 goto free_msg;
20033
20034 if (nla_put(msg, pkt_attr, wakeup->packet_present_len,
20035 wakeup->packet))
20036 goto free_msg;
20037 }
20038
20039 if (wakeup->net_detect &&
20040 cfg80211_net_detect_results(msg, wakeup))
20041 goto free_msg;
20042
20043 nla_nest_end(msg, reasons);
20044 }
20045
20046 genlmsg_end(msg, hdr);
20047
20048 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
20049 NL80211_MCGRP_MLME, gfp);
20050 return;
20051
20052 free_msg:
20053 nlmsg_free(msg);
20054 }
20055 EXPORT_SYMBOL(cfg80211_report_wowlan_wakeup);
20056 #endif
20057
20058 void cfg80211_tdls_oper_request(struct net_device *dev, const u8 *peer,
20059 enum nl80211_tdls_operation oper,
20060 u16 reason_code, gfp_t gfp)
20061 {
20062 struct wireless_dev *wdev = dev->ieee80211_ptr;
20063 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
20064 struct sk_buff *msg;
20065 void *hdr;
20066
20067 trace_cfg80211_tdls_oper_request(wdev->wiphy, dev, peer, oper,
20068 reason_code);
20069
20070 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
20071 if (!msg)
20072 return;
20073
20074 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_TDLS_OPER);
20075 if (!hdr) {
20076 nlmsg_free(msg);
20077 return;
20078 }
20079
20080 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
20081 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
20082 nla_put_u8(msg, NL80211_ATTR_TDLS_OPERATION, oper) ||
20083 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer) ||
20084 (reason_code > 0 &&
20085 nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason_code)))
20086 goto nla_put_failure;
20087
20088 genlmsg_end(msg, hdr);
20089
20090 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
20091 NL80211_MCGRP_MLME, gfp);
20092 return;
20093
20094 nla_put_failure:
20095 nlmsg_free(msg);
20096 }
20097 EXPORT_SYMBOL(cfg80211_tdls_oper_request);
20098
20099 static int nl80211_netlink_notify(struct notifier_block * nb,
20100 unsigned long state,
20101 void *_notify)
20102 {
20103 struct netlink_notify *notify = _notify;
20104 struct cfg80211_registered_device *rdev;
20105 struct wireless_dev *wdev;
20106 struct cfg80211_beacon_registration *reg, *tmp;
20107
20108 if (state != NETLINK_URELEASE || notify->protocol != NETLINK_GENERIC)
20109 return NOTIFY_DONE;
20110
20111 rcu_read_lock();
20112
20113 list_for_each_entry_rcu(rdev, &cfg80211_rdev_list, list) {
20114 struct cfg80211_sched_scan_request *sched_scan_req;
20115
20116 list_for_each_entry_rcu(sched_scan_req,
20117 &rdev->sched_scan_req_list,
20118 list) {
20119 if (sched_scan_req->owner_nlportid == notify->portid) {
20120 sched_scan_req->nl_owner_dead = true;
20121 wiphy_work_queue(&rdev->wiphy,
20122 &rdev->sched_scan_stop_wk);
20123 }
20124 }
20125
20126 list_for_each_entry_rcu(wdev, &rdev->wiphy.wdev_list, list) {
20127 cfg80211_mlme_unregister_socket(wdev, notify->portid);
20128
20129 if (wdev->owner_nlportid == notify->portid) {
20130 wdev->nl_owner_dead = true;
20131 schedule_work(&rdev->destroy_work);
20132 } else if (wdev->conn_owner_nlportid == notify->portid) {
20133 schedule_work(&wdev->disconnect_wk);
20134 }
20135
20136 cfg80211_release_pmsr(wdev, notify->portid);
20137 }
20138
20139 spin_lock_bh(&rdev->beacon_registrations_lock);
20140 list_for_each_entry_safe(reg, tmp, &rdev->beacon_registrations,
20141 list) {
20142 if (reg->nlportid == notify->portid) {
20143 list_del(&reg->list);
20144 kfree(reg);
20145 break;
20146 }
20147 }
20148 spin_unlock_bh(&rdev->beacon_registrations_lock);
20149 }
20150
20151 rcu_read_unlock();
20152
20153 /*
20154 * It is possible that the user space process that is controlling the
20155 * indoor setting disappeared, so notify the regulatory core.
20156 */
20157 regulatory_netlink_notify(notify->portid);
20158 return NOTIFY_OK;
20159 }
20160
20161 static struct notifier_block nl80211_netlink_notifier = {
20162 .notifier_call = nl80211_netlink_notify,
20163 };
20164
20165 void cfg80211_ft_event(struct net_device *netdev,
20166 struct cfg80211_ft_event_params *ft_event)
20167 {
20168 struct wiphy *wiphy = netdev->ieee80211_ptr->wiphy;
20169 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
20170 struct sk_buff *msg;
20171 void *hdr;
20172
20173 trace_cfg80211_ft_event(wiphy, netdev, ft_event);
20174
20175 if (!ft_event->target_ap)
20176 return;
20177
20178 msg = nlmsg_new(100 + ft_event->ies_len + ft_event->ric_ies_len,
20179 GFP_KERNEL);
20180 if (!msg)
20181 return;
20182
20183 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FT_EVENT);
20184 if (!hdr)
20185 goto out;
20186
20187 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
20188 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
20189 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, ft_event->target_ap))
20190 goto out;
20191
20192 if (ft_event->ies &&
20193 nla_put(msg, NL80211_ATTR_IE, ft_event->ies_len, ft_event->ies))
20194 goto out;
20195 if (ft_event->ric_ies &&
20196 nla_put(msg, NL80211_ATTR_IE_RIC, ft_event->ric_ies_len,
20197 ft_event->ric_ies))
20198 goto out;
20199
20200 genlmsg_end(msg, hdr);
20201
20202 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
20203 NL80211_MCGRP_MLME, GFP_KERNEL);
20204 return;
20205 out:
20206 nlmsg_free(msg);
20207 }
20208 EXPORT_SYMBOL(cfg80211_ft_event);
20209
20210 void cfg80211_crit_proto_stopped(struct wireless_dev *wdev, gfp_t gfp)
20211 {
20212 struct cfg80211_registered_device *rdev;
20213 struct sk_buff *msg;
20214 void *hdr;
20215 u32 nlportid;
20216
20217 rdev = wiphy_to_rdev(wdev->wiphy);
20218 if (!rdev->crit_proto_nlportid)
20219 return;
20220
20221 nlportid = rdev->crit_proto_nlportid;
20222 rdev->crit_proto_nlportid = 0;
20223
20224 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
20225 if (!msg)
20226 return;
20227
20228 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CRIT_PROTOCOL_STOP);
20229 if (!hdr)
20230 goto nla_put_failure;
20231
20232 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
20233 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
20234 NL80211_ATTR_PAD))
20235 goto nla_put_failure;
20236
20237 genlmsg_end(msg, hdr);
20238
20239 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
20240 return;
20241
20242 nla_put_failure:
20243 nlmsg_free(msg);
20244 }
20245 EXPORT_SYMBOL(cfg80211_crit_proto_stopped);
20246
20247 void nl80211_send_ap_stopped(struct wireless_dev *wdev, unsigned int link_id)
20248 {
20249 struct wiphy *wiphy = wdev->wiphy;
20250 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
20251 struct sk_buff *msg;
20252 void *hdr;
20253
20254 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
20255 if (!msg)
20256 return;
20257
20258 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_STOP_AP);
20259 if (!hdr)
20260 goto out;
20261
20262 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
20263 nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex) ||
20264 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
20265 NL80211_ATTR_PAD) ||
20266 (wdev->valid_links &&
20267 nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link_id)))
20268 goto out;
20269
20270 genlmsg_end(msg, hdr);
20271
20272 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(wiphy), msg, 0,
20273 NL80211_MCGRP_MLME, GFP_KERNEL);
20274 return;
20275 out:
20276 nlmsg_free(msg);
20277 }
20278
20279 int cfg80211_external_auth_request(struct net_device *dev,
20280 struct cfg80211_external_auth_params *params,
20281 gfp_t gfp)
20282 {
20283 struct wireless_dev *wdev = dev->ieee80211_ptr;
20284 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
20285 struct sk_buff *msg;
20286 void *hdr;
20287
20288 if (!wdev->conn_owner_nlportid)
20289 return -EINVAL;
20290
20291 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
20292 if (!msg)
20293 return -ENOMEM;
20294
20295 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_EXTERNAL_AUTH);
20296 if (!hdr)
20297 goto nla_put_failure;
20298
20299 /* Some historical mistakes in drivers <-> userspace interface (notably
20300 * between drivers and wpa_supplicant) led to a big-endian conversion
20301 * being needed on NL80211_ATTR_AKM_SUITES _only_ when its value is
20302 * WLAN_AKM_SUITE_SAE. This is now fixed on userspace side, but for the
20303 * benefit of older wpa_supplicant versions, send this particular value
20304 * in big-endian. Note that newer wpa_supplicant will also detect this
20305 * particular value in big endian still, so it all continues to work.
20306 */
20307 if (params->key_mgmt_suite == WLAN_AKM_SUITE_SAE) {
20308 if (nla_put_be32(msg, NL80211_ATTR_AKM_SUITES,
20309 cpu_to_be32(WLAN_AKM_SUITE_SAE)))
20310 goto nla_put_failure;
20311 } else {
20312 if (nla_put_u32(msg, NL80211_ATTR_AKM_SUITES,
20313 params->key_mgmt_suite))
20314 goto nla_put_failure;
20315 }
20316
20317 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
20318 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
20319 nla_put_u32(msg, NL80211_ATTR_EXTERNAL_AUTH_ACTION,
20320 params->action) ||
20321 nla_put(msg, NL80211_ATTR_BSSID, ETH_ALEN, params->bssid) ||
20322 nla_put(msg, NL80211_ATTR_SSID, params->ssid.ssid_len,
20323 params->ssid.ssid) ||
20324 (!is_zero_ether_addr(params->mld_addr) &&
20325 nla_put(msg, NL80211_ATTR_MLD_ADDR, ETH_ALEN, params->mld_addr)))
20326 goto nla_put_failure;
20327
20328 genlmsg_end(msg, hdr);
20329 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg,
20330 wdev->conn_owner_nlportid);
20331 return 0;
20332
20333 nla_put_failure:
20334 nlmsg_free(msg);
20335 return -ENOBUFS;
20336 }
20337 EXPORT_SYMBOL(cfg80211_external_auth_request);
20338
20339 void cfg80211_update_owe_info_event(struct net_device *netdev,
20340 struct cfg80211_update_owe_info *owe_info,
20341 gfp_t gfp)
20342 {
20343 struct wiphy *wiphy = netdev->ieee80211_ptr->wiphy;
20344 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
20345 struct sk_buff *msg;
20346 void *hdr;
20347
20348 trace_cfg80211_update_owe_info_event(wiphy, netdev, owe_info);
20349
20350 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
20351 if (!msg)
20352 return;
20353
20354 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_UPDATE_OWE_INFO);
20355 if (!hdr)
20356 goto nla_put_failure;
20357
20358 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
20359 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
20360 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, owe_info->peer))
20361 goto nla_put_failure;
20362
20363 if (!owe_info->ie_len ||
20364 nla_put(msg, NL80211_ATTR_IE, owe_info->ie_len, owe_info->ie))
20365 goto nla_put_failure;
20366
20367 if (owe_info->assoc_link_id != -1) {
20368 if (nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID,
20369 owe_info->assoc_link_id))
20370 goto nla_put_failure;
20371
20372 if (!is_zero_ether_addr(owe_info->peer_mld_addr) &&
20373 nla_put(msg, NL80211_ATTR_MLD_ADDR, ETH_ALEN,
20374 owe_info->peer_mld_addr))
20375 goto nla_put_failure;
20376 }
20377
20378 genlmsg_end(msg, hdr);
20379
20380 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
20381 NL80211_MCGRP_MLME, gfp);
20382 return;
20383
20384 nla_put_failure:
20385 genlmsg_cancel(msg, hdr);
20386 nlmsg_free(msg);
20387 }
20388 EXPORT_SYMBOL(cfg80211_update_owe_info_event);
20389
20390 void cfg80211_schedule_channels_check(struct wireless_dev *wdev)
20391 {
20392 struct wiphy *wiphy = wdev->wiphy;
20393
20394 /* Schedule channels check if NO_IR or DFS relaxations are supported */
20395 if (wdev->iftype == NL80211_IFTYPE_STATION &&
20396 (wiphy_ext_feature_isset(wiphy,
20397 NL80211_EXT_FEATURE_DFS_CONCURRENT) ||
20398 (IS_ENABLED(CONFIG_CFG80211_REG_RELAX_NO_IR) &&
20399 wiphy->regulatory_flags & REGULATORY_ENABLE_RELAX_NO_IR)))
20400 reg_check_channels();
20401 }
20402 EXPORT_SYMBOL(cfg80211_schedule_channels_check);
20403
20404 /* initialisation/exit functions */
20405
20406 int __init nl80211_init(void)
20407 {
20408 int err;
20409
20410 err = genl_register_family(&nl80211_fam);
20411 if (err)
20412 return err;
20413
20414 err = netlink_register_notifier(&nl80211_netlink_notifier);
20415 if (err)
20416 goto err_out;
20417
20418 return 0;
20419 err_out:
20420 genl_unregister_family(&nl80211_fam);
20421 return err;
20422 }
20423
20424 void nl80211_exit(void)
20425 {
20426 netlink_unregister_notifier(&nl80211_netlink_notifier);
20427 genl_unregister_family(&nl80211_fam);
20428 }
Kernel DRM miscellaneous fixes and cross-tree changes