search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
[linux/fpc-iii.git] / net / wireless / nl80211.c
blob2c9e9a2d1688731fa322191ab35a0a17b17f0471
1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * This is the new netlink-based wireless configuration interface.
4 *
5 * Copyright 2006-2010 Johannes Berg <johannes@sipsolutions.net>
6 * Copyright 2013-2014 Intel Mobile Communications GmbH
7 * Copyright 2015-2017 Intel Deutschland GmbH
8 * Copyright (C) 2018-2020 Intel Corporation
9 */
10
11 #include <linux/if.h>
12 #include <linux/module.h>
13 #include <linux/err.h>
14 #include <linux/slab.h>
15 #include <linux/list.h>
16 #include <linux/if_ether.h>
17 #include <linux/ieee80211.h>
18 #include <linux/nl80211.h>
19 #include <linux/rtnetlink.h>
20 #include <linux/netlink.h>
21 #include <linux/nospec.h>
22 #include <linux/etherdevice.h>
23 #include <linux/if_vlan.h>
24 #include <net/net_namespace.h>
25 #include <net/genetlink.h>
26 #include <net/cfg80211.h>
27 #include <net/sock.h>
28 #include <net/inet_connection_sock.h>
29 #include "core.h"
30 #include "nl80211.h"
31 #include "reg.h"
32 #include "rdev-ops.h"
33
34 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
35 struct genl_info *info,
36 struct cfg80211_crypto_settings *settings,
37 int cipher_limit);
38
39 /* the netlink family */
40 static struct genl_family nl80211_fam;
41
42 /* multicast groups */
43 enum nl80211_multicast_groups {
44 NL80211_MCGRP_CONFIG,
45 NL80211_MCGRP_SCAN,
46 NL80211_MCGRP_REGULATORY,
47 NL80211_MCGRP_MLME,
48 NL80211_MCGRP_VENDOR,
49 NL80211_MCGRP_NAN,
50 NL80211_MCGRP_TESTMODE /* keep last - ifdef! */
51 };
52
53 static const struct genl_multicast_group nl80211_mcgrps[] = {
54 [NL80211_MCGRP_CONFIG] = { .name = NL80211_MULTICAST_GROUP_CONFIG },
55 [NL80211_MCGRP_SCAN] = { .name = NL80211_MULTICAST_GROUP_SCAN },
56 [NL80211_MCGRP_REGULATORY] = { .name = NL80211_MULTICAST_GROUP_REG },
57 [NL80211_MCGRP_MLME] = { .name = NL80211_MULTICAST_GROUP_MLME },
58 [NL80211_MCGRP_VENDOR] = { .name = NL80211_MULTICAST_GROUP_VENDOR },
59 [NL80211_MCGRP_NAN] = { .name = NL80211_MULTICAST_GROUP_NAN },
60 #ifdef CONFIG_NL80211_TESTMODE
61 [NL80211_MCGRP_TESTMODE] = { .name = NL80211_MULTICAST_GROUP_TESTMODE }
62 #endif
63 };
64
65 /* returns ERR_PTR values */
66 static struct wireless_dev *
67 __cfg80211_wdev_from_attrs(struct net *netns, struct nlattr **attrs)
68 {
69 struct cfg80211_registered_device *rdev;
70 struct wireless_dev *result = NULL;
71 bool have_ifidx = attrs[NL80211_ATTR_IFINDEX];
72 bool have_wdev_id = attrs[NL80211_ATTR_WDEV];
73 u64 wdev_id;
74 int wiphy_idx = -1;
75 int ifidx = -1;
76
77 ASSERT_RTNL();
78
79 if (!have_ifidx && !have_wdev_id)
80 return ERR_PTR(-EINVAL);
81
82 if (have_ifidx)
83 ifidx = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
84 if (have_wdev_id) {
85 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
86 wiphy_idx = wdev_id >> 32;
87 }
88
89 list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
90 struct wireless_dev *wdev;
91
92 if (wiphy_net(&rdev->wiphy) != netns)
93 continue;
94
95 if (have_wdev_id && rdev->wiphy_idx != wiphy_idx)
96 continue;
97
98 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
99 if (have_ifidx && wdev->netdev &&
100 wdev->netdev->ifindex == ifidx) {
101 result = wdev;
102 break;
103 }
104 if (have_wdev_id && wdev->identifier == (u32)wdev_id) {
105 result = wdev;
106 break;
107 }
108 }
109
110 if (result)
111 break;
112 }
113
114 if (result)
115 return result;
116 return ERR_PTR(-ENODEV);
117 }
118
119 static struct cfg80211_registered_device *
120 __cfg80211_rdev_from_attrs(struct net *netns, struct nlattr **attrs)
121 {
122 struct cfg80211_registered_device *rdev = NULL, *tmp;
123 struct net_device *netdev;
124
125 ASSERT_RTNL();
126
127 if (!attrs[NL80211_ATTR_WIPHY] &&
128 !attrs[NL80211_ATTR_IFINDEX] &&
129 !attrs[NL80211_ATTR_WDEV])
130 return ERR_PTR(-EINVAL);
131
132 if (attrs[NL80211_ATTR_WIPHY])
133 rdev = cfg80211_rdev_by_wiphy_idx(
134 nla_get_u32(attrs[NL80211_ATTR_WIPHY]));
135
136 if (attrs[NL80211_ATTR_WDEV]) {
137 u64 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
138 struct wireless_dev *wdev;
139 bool found = false;
140
141 tmp = cfg80211_rdev_by_wiphy_idx(wdev_id >> 32);
142 if (tmp) {
143 /* make sure wdev exists */
144 list_for_each_entry(wdev, &tmp->wiphy.wdev_list, list) {
145 if (wdev->identifier != (u32)wdev_id)
146 continue;
147 found = true;
148 break;
149 }
150
151 if (!found)
152 tmp = NULL;
153
154 if (rdev && tmp != rdev)
155 return ERR_PTR(-EINVAL);
156 rdev = tmp;
157 }
158 }
159
160 if (attrs[NL80211_ATTR_IFINDEX]) {
161 int ifindex = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
162
163 netdev = __dev_get_by_index(netns, ifindex);
164 if (netdev) {
165 if (netdev->ieee80211_ptr)
166 tmp = wiphy_to_rdev(
167 netdev->ieee80211_ptr->wiphy);
168 else
169 tmp = NULL;
170
171 /* not wireless device -- return error */
172 if (!tmp)
173 return ERR_PTR(-EINVAL);
174
175 /* mismatch -- return error */
176 if (rdev && tmp != rdev)
177 return ERR_PTR(-EINVAL);
178
179 rdev = tmp;
180 }
181 }
182
183 if (!rdev)
184 return ERR_PTR(-ENODEV);
185
186 if (netns != wiphy_net(&rdev->wiphy))
187 return ERR_PTR(-ENODEV);
188
189 return rdev;
190 }
191
192 /*
193 * This function returns a pointer to the driver
194 * that the genl_info item that is passed refers to.
195 *
196 * The result of this can be a PTR_ERR and hence must
197 * be checked with IS_ERR() for errors.
198 */
199 static struct cfg80211_registered_device *
200 cfg80211_get_dev_from_info(struct net *netns, struct genl_info *info)
201 {
202 return __cfg80211_rdev_from_attrs(netns, info->attrs);
203 }
204
205 static int validate_beacon_head(const struct nlattr *attr,
206 struct netlink_ext_ack *extack)
207 {
208 const u8 *data = nla_data(attr);
209 unsigned int len = nla_len(attr);
210 const struct element *elem;
211 const struct ieee80211_mgmt *mgmt = (void *)data;
212 unsigned int fixedlen = offsetof(struct ieee80211_mgmt,
213 u.beacon.variable);
214
215 if (len < fixedlen)
216 goto err;
217
218 if (ieee80211_hdrlen(mgmt->frame_control) !=
219 offsetof(struct ieee80211_mgmt, u.beacon))
220 goto err;
221
222 data += fixedlen;
223 len -= fixedlen;
224
225 for_each_element(elem, data, len) {
226 /* nothing */
227 }
228
229 if (for_each_element_completed(elem, data, len))
230 return 0;
231
232 err:
233 NL_SET_ERR_MSG_ATTR(extack, attr, "malformed beacon head");
234 return -EINVAL;
235 }
236
237 static int validate_ie_attr(const struct nlattr *attr,
238 struct netlink_ext_ack *extack)
239 {
240 const u8 *data = nla_data(attr);
241 unsigned int len = nla_len(attr);
242 const struct element *elem;
243
244 for_each_element(elem, data, len) {
245 /* nothing */
246 }
247
248 if (for_each_element_completed(elem, data, len))
249 return 0;
250
251 NL_SET_ERR_MSG_ATTR(extack, attr, "malformed information elements");
252 return -EINVAL;
253 }
254
255 /* policy for the attributes */
256 static const struct nla_policy nl80211_policy[NUM_NL80211_ATTR];
257
258 static const struct nla_policy
259 nl80211_ftm_responder_policy[NL80211_FTM_RESP_ATTR_MAX + 1] = {
260 [NL80211_FTM_RESP_ATTR_ENABLED] = { .type = NLA_FLAG, },
261 [NL80211_FTM_RESP_ATTR_LCI] = { .type = NLA_BINARY,
262 .len = U8_MAX },
263 [NL80211_FTM_RESP_ATTR_CIVICLOC] = { .type = NLA_BINARY,
264 .len = U8_MAX },
265 };
266
267 static const struct nla_policy
268 nl80211_pmsr_ftm_req_attr_policy[NL80211_PMSR_FTM_REQ_ATTR_MAX + 1] = {
269 [NL80211_PMSR_FTM_REQ_ATTR_ASAP] = { .type = NLA_FLAG },
270 [NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE] = { .type = NLA_U32 },
271 [NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP] =
272 NLA_POLICY_MAX(NLA_U8, 15),
273 [NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD] = { .type = NLA_U16 },
274 [NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION] =
275 NLA_POLICY_MAX(NLA_U8, 15),
276 [NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST] =
277 NLA_POLICY_MAX(NLA_U8, 31),
278 [NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES] = { .type = NLA_U8 },
279 [NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI] = { .type = NLA_FLAG },
280 [NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC] = { .type = NLA_FLAG },
281 [NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED] = { .type = NLA_FLAG },
282 [NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED] = { .type = NLA_FLAG },
283 };
284
285 static const struct nla_policy
286 nl80211_pmsr_req_data_policy[NL80211_PMSR_TYPE_MAX + 1] = {
287 [NL80211_PMSR_TYPE_FTM] =
288 NLA_POLICY_NESTED(nl80211_pmsr_ftm_req_attr_policy),
289 };
290
291 static const struct nla_policy
292 nl80211_pmsr_req_attr_policy[NL80211_PMSR_REQ_ATTR_MAX + 1] = {
293 [NL80211_PMSR_REQ_ATTR_DATA] =
294 NLA_POLICY_NESTED(nl80211_pmsr_req_data_policy),
295 [NL80211_PMSR_REQ_ATTR_GET_AP_TSF] = { .type = NLA_FLAG },
296 };
297
298 static const struct nla_policy
299 nl80211_psmr_peer_attr_policy[NL80211_PMSR_PEER_ATTR_MAX + 1] = {
300 [NL80211_PMSR_PEER_ATTR_ADDR] = NLA_POLICY_ETH_ADDR,
301 [NL80211_PMSR_PEER_ATTR_CHAN] = NLA_POLICY_NESTED(nl80211_policy),
302 [NL80211_PMSR_PEER_ATTR_REQ] =
303 NLA_POLICY_NESTED(nl80211_pmsr_req_attr_policy),
304 [NL80211_PMSR_PEER_ATTR_RESP] = { .type = NLA_REJECT },
305 };
306
307 static const struct nla_policy
308 nl80211_pmsr_attr_policy[NL80211_PMSR_ATTR_MAX + 1] = {
309 [NL80211_PMSR_ATTR_MAX_PEERS] = { .type = NLA_REJECT },
310 [NL80211_PMSR_ATTR_REPORT_AP_TSF] = { .type = NLA_REJECT },
311 [NL80211_PMSR_ATTR_RANDOMIZE_MAC_ADDR] = { .type = NLA_REJECT },
312 [NL80211_PMSR_ATTR_TYPE_CAPA] = { .type = NLA_REJECT },
313 [NL80211_PMSR_ATTR_PEERS] =
314 NLA_POLICY_NESTED_ARRAY(nl80211_psmr_peer_attr_policy),
315 };
316
317 static const struct nla_policy
318 he_obss_pd_policy[NL80211_HE_OBSS_PD_ATTR_MAX + 1] = {
319 [NL80211_HE_OBSS_PD_ATTR_MIN_OFFSET] =
320 NLA_POLICY_RANGE(NLA_U8, 1, 20),
321 [NL80211_HE_OBSS_PD_ATTR_MAX_OFFSET] =
322 NLA_POLICY_RANGE(NLA_U8, 1, 20),
323 };
324
325 static const struct nla_policy
326 he_bss_color_policy[NL80211_HE_BSS_COLOR_ATTR_MAX + 1] = {
327 [NL80211_HE_BSS_COLOR_ATTR_COLOR] = NLA_POLICY_RANGE(NLA_U8, 1, 63),
328 [NL80211_HE_BSS_COLOR_ATTR_DISABLED] = { .type = NLA_FLAG },
329 [NL80211_HE_BSS_COLOR_ATTR_PARTIAL] = { .type = NLA_FLAG },
330 };
331
332 static const struct nla_policy nl80211_txattr_policy[NL80211_TXRATE_MAX + 1] = {
333 [NL80211_TXRATE_LEGACY] = { .type = NLA_BINARY,
334 .len = NL80211_MAX_SUPP_RATES },
335 [NL80211_TXRATE_HT] = { .type = NLA_BINARY,
336 .len = NL80211_MAX_SUPP_HT_RATES },
337 [NL80211_TXRATE_VHT] = NLA_POLICY_EXACT_LEN_WARN(sizeof(struct nl80211_txrate_vht)),
338 [NL80211_TXRATE_GI] = { .type = NLA_U8 },
339 };
340
341 static const struct nla_policy
342 nl80211_tid_config_attr_policy[NL80211_TID_CONFIG_ATTR_MAX + 1] = {
343 [NL80211_TID_CONFIG_ATTR_VIF_SUPP] = { .type = NLA_U64 },
344 [NL80211_TID_CONFIG_ATTR_PEER_SUPP] = { .type = NLA_U64 },
345 [NL80211_TID_CONFIG_ATTR_OVERRIDE] = { .type = NLA_FLAG },
346 [NL80211_TID_CONFIG_ATTR_TIDS] = NLA_POLICY_RANGE(NLA_U16, 1, 0xff),
347 [NL80211_TID_CONFIG_ATTR_NOACK] =
348 NLA_POLICY_MAX(NLA_U8, NL80211_TID_CONFIG_DISABLE),
349 [NL80211_TID_CONFIG_ATTR_RETRY_SHORT] = NLA_POLICY_MIN(NLA_U8, 1),
350 [NL80211_TID_CONFIG_ATTR_RETRY_LONG] = NLA_POLICY_MIN(NLA_U8, 1),
351 [NL80211_TID_CONFIG_ATTR_AMPDU_CTRL] =
352 NLA_POLICY_MAX(NLA_U8, NL80211_TID_CONFIG_DISABLE),
353 [NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL] =
354 NLA_POLICY_MAX(NLA_U8, NL80211_TID_CONFIG_DISABLE),
355 [NL80211_TID_CONFIG_ATTR_AMSDU_CTRL] =
356 NLA_POLICY_MAX(NLA_U8, NL80211_TID_CONFIG_DISABLE),
357 [NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE] =
358 NLA_POLICY_MAX(NLA_U8, NL80211_TX_RATE_FIXED),
359 [NL80211_TID_CONFIG_ATTR_TX_RATE] =
360 NLA_POLICY_NESTED(nl80211_txattr_policy),
361 };
362
363 static const struct nla_policy nl80211_policy[NUM_NL80211_ATTR] = {
364 [0] = { .strict_start_type = NL80211_ATTR_HE_OBSS_PD },
365 [NL80211_ATTR_WIPHY] = { .type = NLA_U32 },
366 [NL80211_ATTR_WIPHY_NAME] = { .type = NLA_NUL_STRING,
367 .len = 20-1 },
368 [NL80211_ATTR_WIPHY_TXQ_PARAMS] = { .type = NLA_NESTED },
369
370 [NL80211_ATTR_WIPHY_FREQ] = { .type = NLA_U32 },
371 [NL80211_ATTR_WIPHY_CHANNEL_TYPE] = { .type = NLA_U32 },
372 [NL80211_ATTR_WIPHY_EDMG_CHANNELS] = NLA_POLICY_RANGE(NLA_U8,
373 NL80211_EDMG_CHANNELS_MIN,
374 NL80211_EDMG_CHANNELS_MAX),
375 [NL80211_ATTR_WIPHY_EDMG_BW_CONFIG] = NLA_POLICY_RANGE(NLA_U8,
376 NL80211_EDMG_BW_CONFIG_MIN,
377 NL80211_EDMG_BW_CONFIG_MAX),
378
379 [NL80211_ATTR_CHANNEL_WIDTH] = { .type = NLA_U32 },
380 [NL80211_ATTR_CENTER_FREQ1] = { .type = NLA_U32 },
381 [NL80211_ATTR_CENTER_FREQ1_OFFSET] = NLA_POLICY_RANGE(NLA_U32, 0, 999),
382 [NL80211_ATTR_CENTER_FREQ2] = { .type = NLA_U32 },
383
384 [NL80211_ATTR_WIPHY_RETRY_SHORT] = NLA_POLICY_MIN(NLA_U8, 1),
385 [NL80211_ATTR_WIPHY_RETRY_LONG] = NLA_POLICY_MIN(NLA_U8, 1),
386 [NL80211_ATTR_WIPHY_FRAG_THRESHOLD] = { .type = NLA_U32 },
387 [NL80211_ATTR_WIPHY_RTS_THRESHOLD] = { .type = NLA_U32 },
388 [NL80211_ATTR_WIPHY_COVERAGE_CLASS] = { .type = NLA_U8 },
389 [NL80211_ATTR_WIPHY_DYN_ACK] = { .type = NLA_FLAG },
390
391 [NL80211_ATTR_IFTYPE] = NLA_POLICY_MAX(NLA_U32, NL80211_IFTYPE_MAX),
392 [NL80211_ATTR_IFINDEX] = { .type = NLA_U32 },
393 [NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 },
394
395 [NL80211_ATTR_MAC] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
396 [NL80211_ATTR_PREV_BSSID] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
397
398 [NL80211_ATTR_KEY] = { .type = NLA_NESTED, },
399 [NL80211_ATTR_KEY_DATA] = { .type = NLA_BINARY,
400 .len = WLAN_MAX_KEY_LEN },
401 [NL80211_ATTR_KEY_IDX] = NLA_POLICY_MAX(NLA_U8, 7),
402 [NL80211_ATTR_KEY_CIPHER] = { .type = NLA_U32 },
403 [NL80211_ATTR_KEY_DEFAULT] = { .type = NLA_FLAG },
404 [NL80211_ATTR_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
405 [NL80211_ATTR_KEY_TYPE] =
406 NLA_POLICY_MAX(NLA_U32, NUM_NL80211_KEYTYPES),
407
408 [NL80211_ATTR_BEACON_INTERVAL] = { .type = NLA_U32 },
409 [NL80211_ATTR_DTIM_PERIOD] = { .type = NLA_U32 },
410 [NL80211_ATTR_BEACON_HEAD] =
411 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_beacon_head,
412 IEEE80211_MAX_DATA_LEN),
413 [NL80211_ATTR_BEACON_TAIL] =
414 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
415 IEEE80211_MAX_DATA_LEN),
416 [NL80211_ATTR_STA_AID] =
417 NLA_POLICY_RANGE(NLA_U16, 1, IEEE80211_MAX_AID),
418 [NL80211_ATTR_STA_FLAGS] = { .type = NLA_NESTED },
419 [NL80211_ATTR_STA_LISTEN_INTERVAL] = { .type = NLA_U16 },
420 [NL80211_ATTR_STA_SUPPORTED_RATES] = { .type = NLA_BINARY,
421 .len = NL80211_MAX_SUPP_RATES },
422 [NL80211_ATTR_STA_PLINK_ACTION] =
423 NLA_POLICY_MAX(NLA_U8, NUM_NL80211_PLINK_ACTIONS - 1),
424 [NL80211_ATTR_STA_TX_POWER_SETTING] =
425 NLA_POLICY_RANGE(NLA_U8,
426 NL80211_TX_POWER_AUTOMATIC,
427 NL80211_TX_POWER_FIXED),
428 [NL80211_ATTR_STA_TX_POWER] = { .type = NLA_S16 },
429 [NL80211_ATTR_STA_VLAN] = { .type = NLA_U32 },
430 [NL80211_ATTR_MNTR_FLAGS] = { /* NLA_NESTED can't be empty */ },
431 [NL80211_ATTR_MESH_ID] = { .type = NLA_BINARY,
432 .len = IEEE80211_MAX_MESH_ID_LEN },
433 [NL80211_ATTR_MPATH_NEXT_HOP] = NLA_POLICY_ETH_ADDR_COMPAT,
434
435 [NL80211_ATTR_REG_ALPHA2] = { .type = NLA_STRING, .len = 2 },
436 [NL80211_ATTR_REG_RULES] = { .type = NLA_NESTED },
437
438 [NL80211_ATTR_BSS_CTS_PROT] = { .type = NLA_U8 },
439 [NL80211_ATTR_BSS_SHORT_PREAMBLE] = { .type = NLA_U8 },
440 [NL80211_ATTR_BSS_SHORT_SLOT_TIME] = { .type = NLA_U8 },
441 [NL80211_ATTR_BSS_BASIC_RATES] = { .type = NLA_BINARY,
442 .len = NL80211_MAX_SUPP_RATES },
443 [NL80211_ATTR_BSS_HT_OPMODE] = { .type = NLA_U16 },
444
445 [NL80211_ATTR_MESH_CONFIG] = { .type = NLA_NESTED },
446 [NL80211_ATTR_SUPPORT_MESH_AUTH] = { .type = NLA_FLAG },
447
448 [NL80211_ATTR_HT_CAPABILITY] = NLA_POLICY_EXACT_LEN_WARN(NL80211_HT_CAPABILITY_LEN),
449
450 [NL80211_ATTR_MGMT_SUBTYPE] = { .type = NLA_U8 },
451 [NL80211_ATTR_IE] = NLA_POLICY_VALIDATE_FN(NLA_BINARY,
452 validate_ie_attr,
453 IEEE80211_MAX_DATA_LEN),
454 [NL80211_ATTR_SCAN_FREQUENCIES] = { .type = NLA_NESTED },
455 [NL80211_ATTR_SCAN_SSIDS] = { .type = NLA_NESTED },
456
457 [NL80211_ATTR_SSID] = { .type = NLA_BINARY,
458 .len = IEEE80211_MAX_SSID_LEN },
459 [NL80211_ATTR_AUTH_TYPE] = { .type = NLA_U32 },
460 [NL80211_ATTR_REASON_CODE] = { .type = NLA_U16 },
461 [NL80211_ATTR_FREQ_FIXED] = { .type = NLA_FLAG },
462 [NL80211_ATTR_TIMED_OUT] = { .type = NLA_FLAG },
463 [NL80211_ATTR_USE_MFP] = NLA_POLICY_RANGE(NLA_U32,
464 NL80211_MFP_NO,
465 NL80211_MFP_OPTIONAL),
466 [NL80211_ATTR_STA_FLAGS2] = {
467 .len = sizeof(struct nl80211_sta_flag_update),
468 },
469 [NL80211_ATTR_CONTROL_PORT] = { .type = NLA_FLAG },
470 [NL80211_ATTR_CONTROL_PORT_ETHERTYPE] = { .type = NLA_U16 },
471 [NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT] = { .type = NLA_FLAG },
472 [NL80211_ATTR_CONTROL_PORT_OVER_NL80211] = { .type = NLA_FLAG },
473 [NL80211_ATTR_PRIVACY] = { .type = NLA_FLAG },
474 [NL80211_ATTR_STATUS_CODE] = { .type = NLA_U16 },
475 [NL80211_ATTR_CIPHER_SUITE_GROUP] = { .type = NLA_U32 },
476 [NL80211_ATTR_WPA_VERSIONS] = { .type = NLA_U32 },
477 [NL80211_ATTR_PID] = { .type = NLA_U32 },
478 [NL80211_ATTR_4ADDR] = { .type = NLA_U8 },
479 [NL80211_ATTR_PMKID] = NLA_POLICY_EXACT_LEN_WARN(WLAN_PMKID_LEN),
480 [NL80211_ATTR_DURATION] = { .type = NLA_U32 },
481 [NL80211_ATTR_COOKIE] = { .type = NLA_U64 },
482 [NL80211_ATTR_TX_RATES] = { .type = NLA_NESTED },
483 [NL80211_ATTR_FRAME] = { .type = NLA_BINARY,
484 .len = IEEE80211_MAX_DATA_LEN },
485 [NL80211_ATTR_FRAME_MATCH] = { .type = NLA_BINARY, },
486 [NL80211_ATTR_PS_STATE] = NLA_POLICY_RANGE(NLA_U32,
487 NL80211_PS_DISABLED,
488 NL80211_PS_ENABLED),
489 [NL80211_ATTR_CQM] = { .type = NLA_NESTED, },
490 [NL80211_ATTR_LOCAL_STATE_CHANGE] = { .type = NLA_FLAG },
491 [NL80211_ATTR_AP_ISOLATE] = { .type = NLA_U8 },
492 [NL80211_ATTR_WIPHY_TX_POWER_SETTING] = { .type = NLA_U32 },
493 [NL80211_ATTR_WIPHY_TX_POWER_LEVEL] = { .type = NLA_U32 },
494 [NL80211_ATTR_FRAME_TYPE] = { .type = NLA_U16 },
495 [NL80211_ATTR_WIPHY_ANTENNA_TX] = { .type = NLA_U32 },
496 [NL80211_ATTR_WIPHY_ANTENNA_RX] = { .type = NLA_U32 },
497 [NL80211_ATTR_MCAST_RATE] = { .type = NLA_U32 },
498 [NL80211_ATTR_OFFCHANNEL_TX_OK] = { .type = NLA_FLAG },
499 [NL80211_ATTR_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
500 [NL80211_ATTR_WOWLAN_TRIGGERS] = { .type = NLA_NESTED },
501 [NL80211_ATTR_STA_PLINK_STATE] =
502 NLA_POLICY_MAX(NLA_U8, NUM_NL80211_PLINK_STATES - 1),
503 [NL80211_ATTR_MEASUREMENT_DURATION] = { .type = NLA_U16 },
504 [NL80211_ATTR_MEASUREMENT_DURATION_MANDATORY] = { .type = NLA_FLAG },
505 [NL80211_ATTR_MESH_PEER_AID] =
506 NLA_POLICY_RANGE(NLA_U16, 1, IEEE80211_MAX_AID),
507 [NL80211_ATTR_SCHED_SCAN_INTERVAL] = { .type = NLA_U32 },
508 [NL80211_ATTR_REKEY_DATA] = { .type = NLA_NESTED },
509 [NL80211_ATTR_SCAN_SUPP_RATES] = { .type = NLA_NESTED },
510 [NL80211_ATTR_HIDDEN_SSID] =
511 NLA_POLICY_RANGE(NLA_U32,
512 NL80211_HIDDEN_SSID_NOT_IN_USE,
513 NL80211_HIDDEN_SSID_ZERO_CONTENTS),
514 [NL80211_ATTR_IE_PROBE_RESP] =
515 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
516 IEEE80211_MAX_DATA_LEN),
517 [NL80211_ATTR_IE_ASSOC_RESP] =
518 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
519 IEEE80211_MAX_DATA_LEN),
520 [NL80211_ATTR_ROAM_SUPPORT] = { .type = NLA_FLAG },
521 [NL80211_ATTR_SCHED_SCAN_MATCH] = { .type = NLA_NESTED },
522 [NL80211_ATTR_TX_NO_CCK_RATE] = { .type = NLA_FLAG },
523 [NL80211_ATTR_TDLS_ACTION] = { .type = NLA_U8 },
524 [NL80211_ATTR_TDLS_DIALOG_TOKEN] = { .type = NLA_U8 },
525 [NL80211_ATTR_TDLS_OPERATION] = { .type = NLA_U8 },
526 [NL80211_ATTR_TDLS_SUPPORT] = { .type = NLA_FLAG },
527 [NL80211_ATTR_TDLS_EXTERNAL_SETUP] = { .type = NLA_FLAG },
528 [NL80211_ATTR_TDLS_INITIATOR] = { .type = NLA_FLAG },
529 [NL80211_ATTR_DONT_WAIT_FOR_ACK] = { .type = NLA_FLAG },
530 [NL80211_ATTR_PROBE_RESP] = { .type = NLA_BINARY,
531 .len = IEEE80211_MAX_DATA_LEN },
532 [NL80211_ATTR_DFS_REGION] = { .type = NLA_U8 },
533 [NL80211_ATTR_DISABLE_HT] = { .type = NLA_FLAG },
534 [NL80211_ATTR_HT_CAPABILITY_MASK] = {
535 .len = NL80211_HT_CAPABILITY_LEN
536 },
537 [NL80211_ATTR_NOACK_MAP] = { .type = NLA_U16 },
538 [NL80211_ATTR_INACTIVITY_TIMEOUT] = { .type = NLA_U16 },
539 [NL80211_ATTR_BG_SCAN_PERIOD] = { .type = NLA_U16 },
540 [NL80211_ATTR_WDEV] = { .type = NLA_U64 },
541 [NL80211_ATTR_USER_REG_HINT_TYPE] = { .type = NLA_U32 },
542 [NL80211_ATTR_AUTH_DATA] = { .type = NLA_BINARY, },
543 [NL80211_ATTR_VHT_CAPABILITY] = NLA_POLICY_EXACT_LEN_WARN(NL80211_VHT_CAPABILITY_LEN),
544 [NL80211_ATTR_SCAN_FLAGS] = { .type = NLA_U32 },
545 [NL80211_ATTR_P2P_CTWINDOW] = NLA_POLICY_MAX(NLA_U8, 127),
546 [NL80211_ATTR_P2P_OPPPS] = NLA_POLICY_MAX(NLA_U8, 1),
547 [NL80211_ATTR_LOCAL_MESH_POWER_MODE] =
548 NLA_POLICY_RANGE(NLA_U32,
549 NL80211_MESH_POWER_UNKNOWN + 1,
550 NL80211_MESH_POWER_MAX),
551 [NL80211_ATTR_ACL_POLICY] = {. type = NLA_U32 },
552 [NL80211_ATTR_MAC_ADDRS] = { .type = NLA_NESTED },
553 [NL80211_ATTR_STA_CAPABILITY] = { .type = NLA_U16 },
554 [NL80211_ATTR_STA_EXT_CAPABILITY] = { .type = NLA_BINARY, },
555 [NL80211_ATTR_SPLIT_WIPHY_DUMP] = { .type = NLA_FLAG, },
556 [NL80211_ATTR_DISABLE_VHT] = { .type = NLA_FLAG },
557 [NL80211_ATTR_VHT_CAPABILITY_MASK] = {
558 .len = NL80211_VHT_CAPABILITY_LEN,
559 },
560 [NL80211_ATTR_MDID] = { .type = NLA_U16 },
561 [NL80211_ATTR_IE_RIC] = { .type = NLA_BINARY,
562 .len = IEEE80211_MAX_DATA_LEN },
563 [NL80211_ATTR_CRIT_PROT_ID] = { .type = NLA_U16 },
564 [NL80211_ATTR_MAX_CRIT_PROT_DURATION] = { .type = NLA_U16 },
565 [NL80211_ATTR_PEER_AID] =
566 NLA_POLICY_RANGE(NLA_U16, 1, IEEE80211_MAX_AID),
567 [NL80211_ATTR_CH_SWITCH_COUNT] = { .type = NLA_U32 },
568 [NL80211_ATTR_CH_SWITCH_BLOCK_TX] = { .type = NLA_FLAG },
569 [NL80211_ATTR_CSA_IES] = { .type = NLA_NESTED },
570 [NL80211_ATTR_CSA_C_OFF_BEACON] = { .type = NLA_BINARY },
571 [NL80211_ATTR_CSA_C_OFF_PRESP] = { .type = NLA_BINARY },
572 [NL80211_ATTR_STA_SUPPORTED_CHANNELS] = { .type = NLA_BINARY },
573 [NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES] = { .type = NLA_BINARY },
574 [NL80211_ATTR_HANDLE_DFS] = { .type = NLA_FLAG },
575 [NL80211_ATTR_OPMODE_NOTIF] = { .type = NLA_U8 },
576 [NL80211_ATTR_VENDOR_ID] = { .type = NLA_U32 },
577 [NL80211_ATTR_VENDOR_SUBCMD] = { .type = NLA_U32 },
578 [NL80211_ATTR_VENDOR_DATA] = { .type = NLA_BINARY },
579 [NL80211_ATTR_QOS_MAP] = { .type = NLA_BINARY,
580 .len = IEEE80211_QOS_MAP_LEN_MAX },
581 [NL80211_ATTR_MAC_HINT] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
582 [NL80211_ATTR_WIPHY_FREQ_HINT] = { .type = NLA_U32 },
583 [NL80211_ATTR_TDLS_PEER_CAPABILITY] = { .type = NLA_U32 },
584 [NL80211_ATTR_SOCKET_OWNER] = { .type = NLA_FLAG },
585 [NL80211_ATTR_CSA_C_OFFSETS_TX] = { .type = NLA_BINARY },
586 [NL80211_ATTR_USE_RRM] = { .type = NLA_FLAG },
587 [NL80211_ATTR_TSID] = NLA_POLICY_MAX(NLA_U8, IEEE80211_NUM_TIDS - 1),
588 [NL80211_ATTR_USER_PRIO] =
589 NLA_POLICY_MAX(NLA_U8, IEEE80211_NUM_UPS - 1),
590 [NL80211_ATTR_ADMITTED_TIME] = { .type = NLA_U16 },
591 [NL80211_ATTR_SMPS_MODE] = { .type = NLA_U8 },
592 [NL80211_ATTR_OPER_CLASS] = { .type = NLA_U8 },
593 [NL80211_ATTR_MAC_MASK] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
594 [NL80211_ATTR_WIPHY_SELF_MANAGED_REG] = { .type = NLA_FLAG },
595 [NL80211_ATTR_NETNS_FD] = { .type = NLA_U32 },
596 [NL80211_ATTR_SCHED_SCAN_DELAY] = { .type = NLA_U32 },
597 [NL80211_ATTR_REG_INDOOR] = { .type = NLA_FLAG },
598 [NL80211_ATTR_PBSS] = { .type = NLA_FLAG },
599 [NL80211_ATTR_BSS_SELECT] = { .type = NLA_NESTED },
600 [NL80211_ATTR_STA_SUPPORT_P2P_PS] =
601 NLA_POLICY_MAX(NLA_U8, NUM_NL80211_P2P_PS_STATUS - 1),
602 [NL80211_ATTR_MU_MIMO_GROUP_DATA] = {
603 .len = VHT_MUMIMO_GROUPS_DATA_LEN
604 },
605 [NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
606 [NL80211_ATTR_NAN_MASTER_PREF] = NLA_POLICY_MIN(NLA_U8, 1),
607 [NL80211_ATTR_BANDS] = { .type = NLA_U32 },
608 [NL80211_ATTR_NAN_FUNC] = { .type = NLA_NESTED },
609 [NL80211_ATTR_FILS_KEK] = { .type = NLA_BINARY,
610 .len = FILS_MAX_KEK_LEN },
611 [NL80211_ATTR_FILS_NONCES] = NLA_POLICY_EXACT_LEN_WARN(2 * FILS_NONCE_LEN),
612 [NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED] = { .type = NLA_FLAG, },
613 [NL80211_ATTR_BSSID] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
614 [NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI] = { .type = NLA_S8 },
615 [NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST] = {
616 .len = sizeof(struct nl80211_bss_select_rssi_adjust)
617 },
618 [NL80211_ATTR_TIMEOUT_REASON] = { .type = NLA_U32 },
619 [NL80211_ATTR_FILS_ERP_USERNAME] = { .type = NLA_BINARY,
620 .len = FILS_ERP_MAX_USERNAME_LEN },
621 [NL80211_ATTR_FILS_ERP_REALM] = { .type = NLA_BINARY,
622 .len = FILS_ERP_MAX_REALM_LEN },
623 [NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] = { .type = NLA_U16 },
624 [NL80211_ATTR_FILS_ERP_RRK] = { .type = NLA_BINARY,
625 .len = FILS_ERP_MAX_RRK_LEN },
626 [NL80211_ATTR_FILS_CACHE_ID] = NLA_POLICY_EXACT_LEN_WARN(2),
627 [NL80211_ATTR_PMK] = { .type = NLA_BINARY, .len = PMK_MAX_LEN },
628 [NL80211_ATTR_SCHED_SCAN_MULTI] = { .type = NLA_FLAG },
629 [NL80211_ATTR_EXTERNAL_AUTH_SUPPORT] = { .type = NLA_FLAG },
630
631 [NL80211_ATTR_TXQ_LIMIT] = { .type = NLA_U32 },
632 [NL80211_ATTR_TXQ_MEMORY_LIMIT] = { .type = NLA_U32 },
633 [NL80211_ATTR_TXQ_QUANTUM] = { .type = NLA_U32 },
634 [NL80211_ATTR_HE_CAPABILITY] = { .type = NLA_BINARY,
635 .len = NL80211_HE_MAX_CAPABILITY_LEN },
636
637 [NL80211_ATTR_FTM_RESPONDER] =
638 NLA_POLICY_NESTED(nl80211_ftm_responder_policy),
639 [NL80211_ATTR_TIMEOUT] = NLA_POLICY_MIN(NLA_U32, 1),
640 [NL80211_ATTR_PEER_MEASUREMENTS] =
641 NLA_POLICY_NESTED(nl80211_pmsr_attr_policy),
642 [NL80211_ATTR_AIRTIME_WEIGHT] = NLA_POLICY_MIN(NLA_U16, 1),
643 [NL80211_ATTR_SAE_PASSWORD] = { .type = NLA_BINARY,
644 .len = SAE_PASSWORD_MAX_LEN },
645 [NL80211_ATTR_TWT_RESPONDER] = { .type = NLA_FLAG },
646 [NL80211_ATTR_HE_OBSS_PD] = NLA_POLICY_NESTED(he_obss_pd_policy),
647 [NL80211_ATTR_VLAN_ID] = NLA_POLICY_RANGE(NLA_U16, 1, VLAN_N_VID - 2),
648 [NL80211_ATTR_HE_BSS_COLOR] = NLA_POLICY_NESTED(he_bss_color_policy),
649 [NL80211_ATTR_TID_CONFIG] =
650 NLA_POLICY_NESTED_ARRAY(nl80211_tid_config_attr_policy),
651 [NL80211_ATTR_CONTROL_PORT_NO_PREAUTH] = { .type = NLA_FLAG },
652 [NL80211_ATTR_PMK_LIFETIME] = NLA_POLICY_MIN(NLA_U32, 1),
653 [NL80211_ATTR_PMK_REAUTH_THRESHOLD] = NLA_POLICY_RANGE(NLA_U8, 1, 100),
654 [NL80211_ATTR_RECEIVE_MULTICAST] = { .type = NLA_FLAG },
655 [NL80211_ATTR_WIPHY_FREQ_OFFSET] = NLA_POLICY_RANGE(NLA_U32, 0, 999),
656 [NL80211_ATTR_SCAN_FREQ_KHZ] = { .type = NLA_NESTED },
657 [NL80211_ATTR_HE_6GHZ_CAPABILITY] = {
658 .type = NLA_EXACT_LEN,
659 .len = sizeof(struct ieee80211_he_6ghz_capa),
660 },
661 };
662
663 /* policy for the key attributes */
664 static const struct nla_policy nl80211_key_policy[NL80211_KEY_MAX + 1] = {
665 [NL80211_KEY_DATA] = { .type = NLA_BINARY, .len = WLAN_MAX_KEY_LEN },
666 [NL80211_KEY_IDX] = { .type = NLA_U8 },
667 [NL80211_KEY_CIPHER] = { .type = NLA_U32 },
668 [NL80211_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
669 [NL80211_KEY_DEFAULT] = { .type = NLA_FLAG },
670 [NL80211_KEY_DEFAULT_MGMT] = { .type = NLA_FLAG },
671 [NL80211_KEY_TYPE] = NLA_POLICY_MAX(NLA_U32, NUM_NL80211_KEYTYPES - 1),
672 [NL80211_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
673 [NL80211_KEY_MODE] = NLA_POLICY_RANGE(NLA_U8, 0, NL80211_KEY_SET_TX),
674 };
675
676 /* policy for the key default flags */
677 static const struct nla_policy
678 nl80211_key_default_policy[NUM_NL80211_KEY_DEFAULT_TYPES] = {
679 [NL80211_KEY_DEFAULT_TYPE_UNICAST] = { .type = NLA_FLAG },
680 [NL80211_KEY_DEFAULT_TYPE_MULTICAST] = { .type = NLA_FLAG },
681 };
682
683 #ifdef CONFIG_PM
684 /* policy for WoWLAN attributes */
685 static const struct nla_policy
686 nl80211_wowlan_policy[NUM_NL80211_WOWLAN_TRIG] = {
687 [NL80211_WOWLAN_TRIG_ANY] = { .type = NLA_FLAG },
688 [NL80211_WOWLAN_TRIG_DISCONNECT] = { .type = NLA_FLAG },
689 [NL80211_WOWLAN_TRIG_MAGIC_PKT] = { .type = NLA_FLAG },
690 [NL80211_WOWLAN_TRIG_PKT_PATTERN] = { .type = NLA_NESTED },
691 [NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE] = { .type = NLA_FLAG },
692 [NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST] = { .type = NLA_FLAG },
693 [NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE] = { .type = NLA_FLAG },
694 [NL80211_WOWLAN_TRIG_RFKILL_RELEASE] = { .type = NLA_FLAG },
695 [NL80211_WOWLAN_TRIG_TCP_CONNECTION] = { .type = NLA_NESTED },
696 [NL80211_WOWLAN_TRIG_NET_DETECT] = { .type = NLA_NESTED },
697 };
698
699 static const struct nla_policy
700 nl80211_wowlan_tcp_policy[NUM_NL80211_WOWLAN_TCP] = {
701 [NL80211_WOWLAN_TCP_SRC_IPV4] = { .type = NLA_U32 },
702 [NL80211_WOWLAN_TCP_DST_IPV4] = { .type = NLA_U32 },
703 [NL80211_WOWLAN_TCP_DST_MAC] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
704 [NL80211_WOWLAN_TCP_SRC_PORT] = { .type = NLA_U16 },
705 [NL80211_WOWLAN_TCP_DST_PORT] = { .type = NLA_U16 },
706 [NL80211_WOWLAN_TCP_DATA_PAYLOAD] = { .type = NLA_MIN_LEN, .len = 1 },
707 [NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ] = {
708 .len = sizeof(struct nl80211_wowlan_tcp_data_seq)
709 },
710 [NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN] = {
711 .len = sizeof(struct nl80211_wowlan_tcp_data_token)
712 },
713 [NL80211_WOWLAN_TCP_DATA_INTERVAL] = { .type = NLA_U32 },
714 [NL80211_WOWLAN_TCP_WAKE_PAYLOAD] = { .type = NLA_MIN_LEN, .len = 1 },
715 [NL80211_WOWLAN_TCP_WAKE_MASK] = { .type = NLA_MIN_LEN, .len = 1 },
716 };
717 #endif /* CONFIG_PM */
718
719 /* policy for coalesce rule attributes */
720 static const struct nla_policy
721 nl80211_coalesce_policy[NUM_NL80211_ATTR_COALESCE_RULE] = {
722 [NL80211_ATTR_COALESCE_RULE_DELAY] = { .type = NLA_U32 },
723 [NL80211_ATTR_COALESCE_RULE_CONDITION] =
724 NLA_POLICY_RANGE(NLA_U32,
725 NL80211_COALESCE_CONDITION_MATCH,
726 NL80211_COALESCE_CONDITION_NO_MATCH),
727 [NL80211_ATTR_COALESCE_RULE_PKT_PATTERN] = { .type = NLA_NESTED },
728 };
729
730 /* policy for GTK rekey offload attributes */
731 static const struct nla_policy
732 nl80211_rekey_policy[NUM_NL80211_REKEY_DATA] = {
733 [NL80211_REKEY_DATA_KEK] = {
734 .type = NLA_BINARY,
735 .len = NL80211_KEK_EXT_LEN
736 },
737 [NL80211_REKEY_DATA_KCK] = {
738 .type = NLA_BINARY,
739 .len = NL80211_KCK_EXT_LEN
740 },
741 [NL80211_REKEY_DATA_REPLAY_CTR] = NLA_POLICY_EXACT_LEN_WARN(NL80211_REPLAY_CTR_LEN),
742 [NL80211_REKEY_DATA_AKM] = { .type = NLA_U32 },
743 };
744
745 static const struct nla_policy
746 nl80211_match_band_rssi_policy[NUM_NL80211_BANDS] = {
747 [NL80211_BAND_2GHZ] = { .type = NLA_S32 },
748 [NL80211_BAND_5GHZ] = { .type = NLA_S32 },
749 [NL80211_BAND_6GHZ] = { .type = NLA_S32 },
750 [NL80211_BAND_60GHZ] = { .type = NLA_S32 },
751 };
752
753 static const struct nla_policy
754 nl80211_match_policy[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1] = {
755 [NL80211_SCHED_SCAN_MATCH_ATTR_SSID] = { .type = NLA_BINARY,
756 .len = IEEE80211_MAX_SSID_LEN },
757 [NL80211_SCHED_SCAN_MATCH_ATTR_BSSID] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
758 [NL80211_SCHED_SCAN_MATCH_ATTR_RSSI] = { .type = NLA_U32 },
759 [NL80211_SCHED_SCAN_MATCH_PER_BAND_RSSI] =
760 NLA_POLICY_NESTED(nl80211_match_band_rssi_policy),
761 };
762
763 static const struct nla_policy
764 nl80211_plan_policy[NL80211_SCHED_SCAN_PLAN_MAX + 1] = {
765 [NL80211_SCHED_SCAN_PLAN_INTERVAL] = { .type = NLA_U32 },
766 [NL80211_SCHED_SCAN_PLAN_ITERATIONS] = { .type = NLA_U32 },
767 };
768
769 static const struct nla_policy
770 nl80211_bss_select_policy[NL80211_BSS_SELECT_ATTR_MAX + 1] = {
771 [NL80211_BSS_SELECT_ATTR_RSSI] = { .type = NLA_FLAG },
772 [NL80211_BSS_SELECT_ATTR_BAND_PREF] = { .type = NLA_U32 },
773 [NL80211_BSS_SELECT_ATTR_RSSI_ADJUST] = {
774 .len = sizeof(struct nl80211_bss_select_rssi_adjust)
775 },
776 };
777
778 /* policy for NAN function attributes */
779 static const struct nla_policy
780 nl80211_nan_func_policy[NL80211_NAN_FUNC_ATTR_MAX + 1] = {
781 [NL80211_NAN_FUNC_TYPE] = { .type = NLA_U8 },
782 [NL80211_NAN_FUNC_SERVICE_ID] = {
783 .len = NL80211_NAN_FUNC_SERVICE_ID_LEN },
784 [NL80211_NAN_FUNC_PUBLISH_TYPE] = { .type = NLA_U8 },
785 [NL80211_NAN_FUNC_PUBLISH_BCAST] = { .type = NLA_FLAG },
786 [NL80211_NAN_FUNC_SUBSCRIBE_ACTIVE] = { .type = NLA_FLAG },
787 [NL80211_NAN_FUNC_FOLLOW_UP_ID] = { .type = NLA_U8 },
788 [NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID] = { .type = NLA_U8 },
789 [NL80211_NAN_FUNC_FOLLOW_UP_DEST] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
790 [NL80211_NAN_FUNC_CLOSE_RANGE] = { .type = NLA_FLAG },
791 [NL80211_NAN_FUNC_TTL] = { .type = NLA_U32 },
792 [NL80211_NAN_FUNC_SERVICE_INFO] = { .type = NLA_BINARY,
793 .len = NL80211_NAN_FUNC_SERVICE_SPEC_INFO_MAX_LEN },
794 [NL80211_NAN_FUNC_SRF] = { .type = NLA_NESTED },
795 [NL80211_NAN_FUNC_RX_MATCH_FILTER] = { .type = NLA_NESTED },
796 [NL80211_NAN_FUNC_TX_MATCH_FILTER] = { .type = NLA_NESTED },
797 [NL80211_NAN_FUNC_INSTANCE_ID] = { .type = NLA_U8 },
798 [NL80211_NAN_FUNC_TERM_REASON] = { .type = NLA_U8 },
799 };
800
801 /* policy for Service Response Filter attributes */
802 static const struct nla_policy
803 nl80211_nan_srf_policy[NL80211_NAN_SRF_ATTR_MAX + 1] = {
804 [NL80211_NAN_SRF_INCLUDE] = { .type = NLA_FLAG },
805 [NL80211_NAN_SRF_BF] = { .type = NLA_BINARY,
806 .len = NL80211_NAN_FUNC_SRF_MAX_LEN },
807 [NL80211_NAN_SRF_BF_IDX] = { .type = NLA_U8 },
808 [NL80211_NAN_SRF_MAC_ADDRS] = { .type = NLA_NESTED },
809 };
810
811 /* policy for packet pattern attributes */
812 static const struct nla_policy
813 nl80211_packet_pattern_policy[MAX_NL80211_PKTPAT + 1] = {
814 [NL80211_PKTPAT_MASK] = { .type = NLA_BINARY, },
815 [NL80211_PKTPAT_PATTERN] = { .type = NLA_BINARY, },
816 [NL80211_PKTPAT_OFFSET] = { .type = NLA_U32 },
817 };
818
819 int nl80211_prepare_wdev_dump(struct netlink_callback *cb,
820 struct cfg80211_registered_device **rdev,
821 struct wireless_dev **wdev)
822 {
823 int err;
824
825 if (!cb->args[0]) {
826 struct nlattr **attrbuf;
827
828 attrbuf = kcalloc(NUM_NL80211_ATTR, sizeof(*attrbuf),
829 GFP_KERNEL);
830 if (!attrbuf)
831 return -ENOMEM;
832
833 err = nlmsg_parse_deprecated(cb->nlh,
834 GENL_HDRLEN + nl80211_fam.hdrsize,
835 attrbuf, nl80211_fam.maxattr,
836 nl80211_policy, NULL);
837 if (err) {
838 kfree(attrbuf);
839 return err;
840 }
841
842 *wdev = __cfg80211_wdev_from_attrs(sock_net(cb->skb->sk),
843 attrbuf);
844 kfree(attrbuf);
845 if (IS_ERR(*wdev))
846 return PTR_ERR(*wdev);
847 *rdev = wiphy_to_rdev((*wdev)->wiphy);
848 /* 0 is the first index - add 1 to parse only once */
849 cb->args[0] = (*rdev)->wiphy_idx + 1;
850 cb->args[1] = (*wdev)->identifier;
851 } else {
852 /* subtract the 1 again here */
853 struct wiphy *wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1);
854 struct wireless_dev *tmp;
855
856 if (!wiphy)
857 return -ENODEV;
858 *rdev = wiphy_to_rdev(wiphy);
859 *wdev = NULL;
860
861 list_for_each_entry(tmp, &(*rdev)->wiphy.wdev_list, list) {
862 if (tmp->identifier == cb->args[1]) {
863 *wdev = tmp;
864 break;
865 }
866 }
867
868 if (!*wdev)
869 return -ENODEV;
870 }
871
872 return 0;
873 }
874
875 /* message building helper */
876 void *nl80211hdr_put(struct sk_buff *skb, u32 portid, u32 seq,
877 int flags, u8 cmd)
878 {
879 /* since there is no private header just add the generic one */
880 return genlmsg_put(skb, portid, seq, &nl80211_fam, flags, cmd);
881 }
882
883 static int nl80211_msg_put_wmm_rules(struct sk_buff *msg,
884 const struct ieee80211_reg_rule *rule)
885 {
886 int j;
887 struct nlattr *nl_wmm_rules =
888 nla_nest_start_noflag(msg, NL80211_FREQUENCY_ATTR_WMM);
889
890 if (!nl_wmm_rules)
891 goto nla_put_failure;
892
893 for (j = 0; j < IEEE80211_NUM_ACS; j++) {
894 struct nlattr *nl_wmm_rule = nla_nest_start_noflag(msg, j);
895
896 if (!nl_wmm_rule)
897 goto nla_put_failure;
898
899 if (nla_put_u16(msg, NL80211_WMMR_CW_MIN,
900 rule->wmm_rule.client[j].cw_min) ||
901 nla_put_u16(msg, NL80211_WMMR_CW_MAX,
902 rule->wmm_rule.client[j].cw_max) ||
903 nla_put_u8(msg, NL80211_WMMR_AIFSN,
904 rule->wmm_rule.client[j].aifsn) ||
905 nla_put_u16(msg, NL80211_WMMR_TXOP,
906 rule->wmm_rule.client[j].cot))
907 goto nla_put_failure;
908
909 nla_nest_end(msg, nl_wmm_rule);
910 }
911 nla_nest_end(msg, nl_wmm_rules);
912
913 return 0;
914
915 nla_put_failure:
916 return -ENOBUFS;
917 }
918
919 static int nl80211_msg_put_channel(struct sk_buff *msg, struct wiphy *wiphy,
920 struct ieee80211_channel *chan,
921 bool large)
922 {
923 /* Some channels must be completely excluded from the
924 * list to protect old user-space tools from breaking
925 */
926 if (!large && chan->flags &
927 (IEEE80211_CHAN_NO_10MHZ | IEEE80211_CHAN_NO_20MHZ))
928 return 0;
929
930 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_FREQ,
931 chan->center_freq))
932 goto nla_put_failure;
933
934 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_OFFSET, chan->freq_offset))
935 goto nla_put_failure;
936
937 if ((chan->flags & IEEE80211_CHAN_DISABLED) &&
938 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_DISABLED))
939 goto nla_put_failure;
940 if (chan->flags & IEEE80211_CHAN_NO_IR) {
941 if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_IR))
942 goto nla_put_failure;
943 if (nla_put_flag(msg, __NL80211_FREQUENCY_ATTR_NO_IBSS))
944 goto nla_put_failure;
945 }
946 if (chan->flags & IEEE80211_CHAN_RADAR) {
947 if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_RADAR))
948 goto nla_put_failure;
949 if (large) {
950 u32 time;
951
952 time = elapsed_jiffies_msecs(chan->dfs_state_entered);
953
954 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_STATE,
955 chan->dfs_state))
956 goto nla_put_failure;
957 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_TIME,
958 time))
959 goto nla_put_failure;
960 if (nla_put_u32(msg,
961 NL80211_FREQUENCY_ATTR_DFS_CAC_TIME,
962 chan->dfs_cac_ms))
963 goto nla_put_failure;
964 }
965 }
966
967 if (large) {
968 if ((chan->flags & IEEE80211_CHAN_NO_HT40MINUS) &&
969 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_MINUS))
970 goto nla_put_failure;
971 if ((chan->flags & IEEE80211_CHAN_NO_HT40PLUS) &&
972 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_PLUS))
973 goto nla_put_failure;
974 if ((chan->flags & IEEE80211_CHAN_NO_80MHZ) &&
975 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_80MHZ))
976 goto nla_put_failure;
977 if ((chan->flags & IEEE80211_CHAN_NO_160MHZ) &&
978 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_160MHZ))
979 goto nla_put_failure;
980 if ((chan->flags & IEEE80211_CHAN_INDOOR_ONLY) &&
981 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_INDOOR_ONLY))
982 goto nla_put_failure;
983 if ((chan->flags & IEEE80211_CHAN_IR_CONCURRENT) &&
984 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_IR_CONCURRENT))
985 goto nla_put_failure;
986 if ((chan->flags & IEEE80211_CHAN_NO_20MHZ) &&
987 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_20MHZ))
988 goto nla_put_failure;
989 if ((chan->flags & IEEE80211_CHAN_NO_10MHZ) &&
990 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_10MHZ))
991 goto nla_put_failure;
992 if ((chan->flags & IEEE80211_CHAN_NO_HE) &&
993 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HE))
994 goto nla_put_failure;
995 }
996
997 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_MAX_TX_POWER,
998 DBM_TO_MBM(chan->max_power)))
999 goto nla_put_failure;
1000
1001 if (large) {
1002 const struct ieee80211_reg_rule *rule =
1003 freq_reg_info(wiphy, MHZ_TO_KHZ(chan->center_freq));
1004
1005 if (!IS_ERR_OR_NULL(rule) && rule->has_wmm) {
1006 if (nl80211_msg_put_wmm_rules(msg, rule))
1007 goto nla_put_failure;
1008 }
1009 }
1010
1011 return 0;
1012
1013 nla_put_failure:
1014 return -ENOBUFS;
1015 }
1016
1017 static bool nl80211_put_txq_stats(struct sk_buff *msg,
1018 struct cfg80211_txq_stats *txqstats,
1019 int attrtype)
1020 {
1021 struct nlattr *txqattr;
1022
1023 #define PUT_TXQVAL_U32(attr, memb) do { \
1024 if (txqstats->filled & BIT(NL80211_TXQ_STATS_ ## attr) && \
1025 nla_put_u32(msg, NL80211_TXQ_STATS_ ## attr, txqstats->memb)) \
1026 return false; \
1027 } while (0)
1028
1029 txqattr = nla_nest_start_noflag(msg, attrtype);
1030 if (!txqattr)
1031 return false;
1032
1033 PUT_TXQVAL_U32(BACKLOG_BYTES, backlog_bytes);
1034 PUT_TXQVAL_U32(BACKLOG_PACKETS, backlog_packets);
1035 PUT_TXQVAL_U32(FLOWS, flows);
1036 PUT_TXQVAL_U32(DROPS, drops);
1037 PUT_TXQVAL_U32(ECN_MARKS, ecn_marks);
1038 PUT_TXQVAL_U32(OVERLIMIT, overlimit);
1039 PUT_TXQVAL_U32(OVERMEMORY, overmemory);
1040 PUT_TXQVAL_U32(COLLISIONS, collisions);
1041 PUT_TXQVAL_U32(TX_BYTES, tx_bytes);
1042 PUT_TXQVAL_U32(TX_PACKETS, tx_packets);
1043 PUT_TXQVAL_U32(MAX_FLOWS, max_flows);
1044 nla_nest_end(msg, txqattr);
1045
1046 #undef PUT_TXQVAL_U32
1047 return true;
1048 }
1049
1050 /* netlink command implementations */
1051
1052 struct key_parse {
1053 struct key_params p;
1054 int idx;
1055 int type;
1056 bool def, defmgmt, defbeacon;
1057 bool def_uni, def_multi;
1058 };
1059
1060 static int nl80211_parse_key_new(struct genl_info *info, struct nlattr *key,
1061 struct key_parse *k)
1062 {
1063 struct nlattr *tb[NL80211_KEY_MAX + 1];
1064 int err = nla_parse_nested_deprecated(tb, NL80211_KEY_MAX, key,
1065 nl80211_key_policy,
1066 info->extack);
1067 if (err)
1068 return err;
1069
1070 k->def = !!tb[NL80211_KEY_DEFAULT];
1071 k->defmgmt = !!tb[NL80211_KEY_DEFAULT_MGMT];
1072 k->defbeacon = !!tb[NL80211_KEY_DEFAULT_BEACON];
1073
1074 if (k->def) {
1075 k->def_uni = true;
1076 k->def_multi = true;
1077 }
1078 if (k->defmgmt || k->defbeacon)
1079 k->def_multi = true;
1080
1081 if (tb[NL80211_KEY_IDX])
1082 k->idx = nla_get_u8(tb[NL80211_KEY_IDX]);
1083
1084 if (tb[NL80211_KEY_DATA]) {
1085 k->p.key = nla_data(tb[NL80211_KEY_DATA]);
1086 k->p.key_len = nla_len(tb[NL80211_KEY_DATA]);
1087 }
1088
1089 if (tb[NL80211_KEY_SEQ]) {
1090 k->p.seq = nla_data(tb[NL80211_KEY_SEQ]);
1091 k->p.seq_len = nla_len(tb[NL80211_KEY_SEQ]);
1092 }
1093
1094 if (tb[NL80211_KEY_CIPHER])
1095 k->p.cipher = nla_get_u32(tb[NL80211_KEY_CIPHER]);
1096
1097 if (tb[NL80211_KEY_TYPE])
1098 k->type = nla_get_u32(tb[NL80211_KEY_TYPE]);
1099
1100 if (tb[NL80211_KEY_DEFAULT_TYPES]) {
1101 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
1102
1103 err = nla_parse_nested_deprecated(kdt,
1104 NUM_NL80211_KEY_DEFAULT_TYPES - 1,
1105 tb[NL80211_KEY_DEFAULT_TYPES],
1106 nl80211_key_default_policy,
1107 info->extack);
1108 if (err)
1109 return err;
1110
1111 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
1112 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
1113 }
1114
1115 if (tb[NL80211_KEY_MODE])
1116 k->p.mode = nla_get_u8(tb[NL80211_KEY_MODE]);
1117
1118 return 0;
1119 }
1120
1121 static int nl80211_parse_key_old(struct genl_info *info, struct key_parse *k)
1122 {
1123 if (info->attrs[NL80211_ATTR_KEY_DATA]) {
1124 k->p.key = nla_data(info->attrs[NL80211_ATTR_KEY_DATA]);
1125 k->p.key_len = nla_len(info->attrs[NL80211_ATTR_KEY_DATA]);
1126 }
1127
1128 if (info->attrs[NL80211_ATTR_KEY_SEQ]) {
1129 k->p.seq = nla_data(info->attrs[NL80211_ATTR_KEY_SEQ]);
1130 k->p.seq_len = nla_len(info->attrs[NL80211_ATTR_KEY_SEQ]);
1131 }
1132
1133 if (info->attrs[NL80211_ATTR_KEY_IDX])
1134 k->idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
1135
1136 if (info->attrs[NL80211_ATTR_KEY_CIPHER])
1137 k->p.cipher = nla_get_u32(info->attrs[NL80211_ATTR_KEY_CIPHER]);
1138
1139 k->def = !!info->attrs[NL80211_ATTR_KEY_DEFAULT];
1140 k->defmgmt = !!info->attrs[NL80211_ATTR_KEY_DEFAULT_MGMT];
1141
1142 if (k->def) {
1143 k->def_uni = true;
1144 k->def_multi = true;
1145 }
1146 if (k->defmgmt)
1147 k->def_multi = true;
1148
1149 if (info->attrs[NL80211_ATTR_KEY_TYPE])
1150 k->type = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
1151
1152 if (info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES]) {
1153 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
1154 int err = nla_parse_nested_deprecated(kdt,
1155 NUM_NL80211_KEY_DEFAULT_TYPES - 1,
1156 info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES],
1157 nl80211_key_default_policy,
1158 info->extack);
1159 if (err)
1160 return err;
1161
1162 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
1163 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
1164 }
1165
1166 return 0;
1167 }
1168
1169 static int nl80211_parse_key(struct genl_info *info, struct key_parse *k)
1170 {
1171 int err;
1172
1173 memset(k, 0, sizeof(*k));
1174 k->idx = -1;
1175 k->type = -1;
1176
1177 if (info->attrs[NL80211_ATTR_KEY])
1178 err = nl80211_parse_key_new(info, info->attrs[NL80211_ATTR_KEY], k);
1179 else
1180 err = nl80211_parse_key_old(info, k);
1181
1182 if (err)
1183 return err;
1184
1185 if ((k->def ? 1 : 0) + (k->defmgmt ? 1 : 0) +
1186 (k->defbeacon ? 1 : 0) > 1) {
1187 GENL_SET_ERR_MSG(info,
1188 "key with multiple default flags is invalid");
1189 return -EINVAL;
1190 }
1191
1192 if (k->defmgmt || k->defbeacon) {
1193 if (k->def_uni || !k->def_multi) {
1194 GENL_SET_ERR_MSG(info,
1195 "defmgmt/defbeacon key must be mcast");
1196 return -EINVAL;
1197 }
1198 }
1199
1200 if (k->idx != -1) {
1201 if (k->defmgmt) {
1202 if (k->idx < 4 || k->idx > 5) {
1203 GENL_SET_ERR_MSG(info,
1204 "defmgmt key idx not 4 or 5");
1205 return -EINVAL;
1206 }
1207 } else if (k->defbeacon) {
1208 if (k->idx < 6 || k->idx > 7) {
1209 GENL_SET_ERR_MSG(info,
1210 "defbeacon key idx not 6 or 7");
1211 return -EINVAL;
1212 }
1213 } else if (k->def) {
1214 if (k->idx < 0 || k->idx > 3) {
1215 GENL_SET_ERR_MSG(info, "def key idx not 0-3");
1216 return -EINVAL;
1217 }
1218 } else {
1219 if (k->idx < 0 || k->idx > 7) {
1220 GENL_SET_ERR_MSG(info, "key idx not 0-7");
1221 return -EINVAL;
1222 }
1223 }
1224 }
1225
1226 return 0;
1227 }
1228
1229 static struct cfg80211_cached_keys *
1230 nl80211_parse_connkeys(struct cfg80211_registered_device *rdev,
1231 struct genl_info *info, bool *no_ht)
1232 {
1233 struct nlattr *keys = info->attrs[NL80211_ATTR_KEYS];
1234 struct key_parse parse;
1235 struct nlattr *key;
1236 struct cfg80211_cached_keys *result;
1237 int rem, err, def = 0;
1238 bool have_key = false;
1239
1240 nla_for_each_nested(key, keys, rem) {
1241 have_key = true;
1242 break;
1243 }
1244
1245 if (!have_key)
1246 return NULL;
1247
1248 result = kzalloc(sizeof(*result), GFP_KERNEL);
1249 if (!result)
1250 return ERR_PTR(-ENOMEM);
1251
1252 result->def = -1;
1253
1254 nla_for_each_nested(key, keys, rem) {
1255 memset(&parse, 0, sizeof(parse));
1256 parse.idx = -1;
1257
1258 err = nl80211_parse_key_new(info, key, &parse);
1259 if (err)
1260 goto error;
1261 err = -EINVAL;
1262 if (!parse.p.key)
1263 goto error;
1264 if (parse.idx < 0 || parse.idx > 3) {
1265 GENL_SET_ERR_MSG(info, "key index out of range [0-3]");
1266 goto error;
1267 }
1268 if (parse.def) {
1269 if (def) {
1270 GENL_SET_ERR_MSG(info,
1271 "only one key can be default");
1272 goto error;
1273 }
1274 def = 1;
1275 result->def = parse.idx;
1276 if (!parse.def_uni || !parse.def_multi)
1277 goto error;
1278 } else if (parse.defmgmt)
1279 goto error;
1280 err = cfg80211_validate_key_settings(rdev, &parse.p,
1281 parse.idx, false, NULL);
1282 if (err)
1283 goto error;
1284 if (parse.p.cipher != WLAN_CIPHER_SUITE_WEP40 &&
1285 parse.p.cipher != WLAN_CIPHER_SUITE_WEP104) {
1286 GENL_SET_ERR_MSG(info, "connect key must be WEP");
1287 err = -EINVAL;
1288 goto error;
1289 }
1290 result->params[parse.idx].cipher = parse.p.cipher;
1291 result->params[parse.idx].key_len = parse.p.key_len;
1292 result->params[parse.idx].key = result->data[parse.idx];
1293 memcpy(result->data[parse.idx], parse.p.key, parse.p.key_len);
1294
1295 /* must be WEP key if we got here */
1296 if (no_ht)
1297 *no_ht = true;
1298 }
1299
1300 if (result->def < 0) {
1301 err = -EINVAL;
1302 GENL_SET_ERR_MSG(info, "need a default/TX key");
1303 goto error;
1304 }
1305
1306 return result;
1307 error:
1308 kfree(result);
1309 return ERR_PTR(err);
1310 }
1311
1312 static int nl80211_key_allowed(struct wireless_dev *wdev)
1313 {
1314 ASSERT_WDEV_LOCK(wdev);
1315
1316 switch (wdev->iftype) {
1317 case NL80211_IFTYPE_AP:
1318 case NL80211_IFTYPE_AP_VLAN:
1319 case NL80211_IFTYPE_P2P_GO:
1320 case NL80211_IFTYPE_MESH_POINT:
1321 break;
1322 case NL80211_IFTYPE_ADHOC:
1323 case NL80211_IFTYPE_STATION:
1324 case NL80211_IFTYPE_P2P_CLIENT:
1325 if (!wdev->current_bss)
1326 return -ENOLINK;
1327 break;
1328 case NL80211_IFTYPE_UNSPECIFIED:
1329 case NL80211_IFTYPE_OCB:
1330 case NL80211_IFTYPE_MONITOR:
1331 case NL80211_IFTYPE_NAN:
1332 case NL80211_IFTYPE_P2P_DEVICE:
1333 case NL80211_IFTYPE_WDS:
1334 case NUM_NL80211_IFTYPES:
1335 return -EINVAL;
1336 }
1337
1338 return 0;
1339 }
1340
1341 static struct ieee80211_channel *nl80211_get_valid_chan(struct wiphy *wiphy,
1342 u32 freq)
1343 {
1344 struct ieee80211_channel *chan;
1345
1346 chan = ieee80211_get_channel_khz(wiphy, freq);
1347 if (!chan || chan->flags & IEEE80211_CHAN_DISABLED)
1348 return NULL;
1349 return chan;
1350 }
1351
1352 static int nl80211_put_iftypes(struct sk_buff *msg, u32 attr, u16 ifmodes)
1353 {
1354 struct nlattr *nl_modes = nla_nest_start_noflag(msg, attr);
1355 int i;
1356
1357 if (!nl_modes)
1358 goto nla_put_failure;
1359
1360 i = 0;
1361 while (ifmodes) {
1362 if ((ifmodes & 1) && nla_put_flag(msg, i))
1363 goto nla_put_failure;
1364 ifmodes >>= 1;
1365 i++;
1366 }
1367
1368 nla_nest_end(msg, nl_modes);
1369 return 0;
1370
1371 nla_put_failure:
1372 return -ENOBUFS;
1373 }
1374
1375 static int nl80211_put_iface_combinations(struct wiphy *wiphy,
1376 struct sk_buff *msg,
1377 bool large)
1378 {
1379 struct nlattr *nl_combis;
1380 int i, j;
1381
1382 nl_combis = nla_nest_start_noflag(msg,
1383 NL80211_ATTR_INTERFACE_COMBINATIONS);
1384 if (!nl_combis)
1385 goto nla_put_failure;
1386
1387 for (i = 0; i < wiphy->n_iface_combinations; i++) {
1388 const struct ieee80211_iface_combination *c;
1389 struct nlattr *nl_combi, *nl_limits;
1390
1391 c = &wiphy->iface_combinations[i];
1392
1393 nl_combi = nla_nest_start_noflag(msg, i + 1);
1394 if (!nl_combi)
1395 goto nla_put_failure;
1396
1397 nl_limits = nla_nest_start_noflag(msg,
1398 NL80211_IFACE_COMB_LIMITS);
1399 if (!nl_limits)
1400 goto nla_put_failure;
1401
1402 for (j = 0; j < c->n_limits; j++) {
1403 struct nlattr *nl_limit;
1404
1405 nl_limit = nla_nest_start_noflag(msg, j + 1);
1406 if (!nl_limit)
1407 goto nla_put_failure;
1408 if (nla_put_u32(msg, NL80211_IFACE_LIMIT_MAX,
1409 c->limits[j].max))
1410 goto nla_put_failure;
1411 if (nl80211_put_iftypes(msg, NL80211_IFACE_LIMIT_TYPES,
1412 c->limits[j].types))
1413 goto nla_put_failure;
1414 nla_nest_end(msg, nl_limit);
1415 }
1416
1417 nla_nest_end(msg, nl_limits);
1418
1419 if (c->beacon_int_infra_match &&
1420 nla_put_flag(msg, NL80211_IFACE_COMB_STA_AP_BI_MATCH))
1421 goto nla_put_failure;
1422 if (nla_put_u32(msg, NL80211_IFACE_COMB_NUM_CHANNELS,
1423 c->num_different_channels) ||
1424 nla_put_u32(msg, NL80211_IFACE_COMB_MAXNUM,
1425 c->max_interfaces))
1426 goto nla_put_failure;
1427 if (large &&
1428 (nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_WIDTHS,
1429 c->radar_detect_widths) ||
1430 nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_REGIONS,
1431 c->radar_detect_regions)))
1432 goto nla_put_failure;
1433 if (c->beacon_int_min_gcd &&
1434 nla_put_u32(msg, NL80211_IFACE_COMB_BI_MIN_GCD,
1435 c->beacon_int_min_gcd))
1436 goto nla_put_failure;
1437
1438 nla_nest_end(msg, nl_combi);
1439 }
1440
1441 nla_nest_end(msg, nl_combis);
1442
1443 return 0;
1444 nla_put_failure:
1445 return -ENOBUFS;
1446 }
1447
1448 #ifdef CONFIG_PM
1449 static int nl80211_send_wowlan_tcp_caps(struct cfg80211_registered_device *rdev,
1450 struct sk_buff *msg)
1451 {
1452 const struct wiphy_wowlan_tcp_support *tcp = rdev->wiphy.wowlan->tcp;
1453 struct nlattr *nl_tcp;
1454
1455 if (!tcp)
1456 return 0;
1457
1458 nl_tcp = nla_nest_start_noflag(msg,
1459 NL80211_WOWLAN_TRIG_TCP_CONNECTION);
1460 if (!nl_tcp)
1461 return -ENOBUFS;
1462
1463 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
1464 tcp->data_payload_max))
1465 return -ENOBUFS;
1466
1467 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
1468 tcp->data_payload_max))
1469 return -ENOBUFS;
1470
1471 if (tcp->seq && nla_put_flag(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ))
1472 return -ENOBUFS;
1473
1474 if (tcp->tok && nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
1475 sizeof(*tcp->tok), tcp->tok))
1476 return -ENOBUFS;
1477
1478 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
1479 tcp->data_interval_max))
1480 return -ENOBUFS;
1481
1482 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
1483 tcp->wake_payload_max))
1484 return -ENOBUFS;
1485
1486 nla_nest_end(msg, nl_tcp);
1487 return 0;
1488 }
1489
1490 static int nl80211_send_wowlan(struct sk_buff *msg,
1491 struct cfg80211_registered_device *rdev,
1492 bool large)
1493 {
1494 struct nlattr *nl_wowlan;
1495
1496 if (!rdev->wiphy.wowlan)
1497 return 0;
1498
1499 nl_wowlan = nla_nest_start_noflag(msg,
1500 NL80211_ATTR_WOWLAN_TRIGGERS_SUPPORTED);
1501 if (!nl_wowlan)
1502 return -ENOBUFS;
1503
1504 if (((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_ANY) &&
1505 nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
1506 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_DISCONNECT) &&
1507 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
1508 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT) &&
1509 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
1510 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_SUPPORTS_GTK_REKEY) &&
1511 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED)) ||
1512 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE) &&
1513 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
1514 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ) &&
1515 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
1516 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE) &&
1517 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
1518 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE) &&
1519 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
1520 return -ENOBUFS;
1521
1522 if (rdev->wiphy.wowlan->n_patterns) {
1523 struct nl80211_pattern_support pat = {
1524 .max_patterns = rdev->wiphy.wowlan->n_patterns,
1525 .min_pattern_len = rdev->wiphy.wowlan->pattern_min_len,
1526 .max_pattern_len = rdev->wiphy.wowlan->pattern_max_len,
1527 .max_pkt_offset = rdev->wiphy.wowlan->max_pkt_offset,
1528 };
1529
1530 if (nla_put(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
1531 sizeof(pat), &pat))
1532 return -ENOBUFS;
1533 }
1534
1535 if ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_NET_DETECT) &&
1536 nla_put_u32(msg, NL80211_WOWLAN_TRIG_NET_DETECT,
1537 rdev->wiphy.wowlan->max_nd_match_sets))
1538 return -ENOBUFS;
1539
1540 if (large && nl80211_send_wowlan_tcp_caps(rdev, msg))
1541 return -ENOBUFS;
1542
1543 nla_nest_end(msg, nl_wowlan);
1544
1545 return 0;
1546 }
1547 #endif
1548
1549 static int nl80211_send_coalesce(struct sk_buff *msg,
1550 struct cfg80211_registered_device *rdev)
1551 {
1552 struct nl80211_coalesce_rule_support rule;
1553
1554 if (!rdev->wiphy.coalesce)
1555 return 0;
1556
1557 rule.max_rules = rdev->wiphy.coalesce->n_rules;
1558 rule.max_delay = rdev->wiphy.coalesce->max_delay;
1559 rule.pat.max_patterns = rdev->wiphy.coalesce->n_patterns;
1560 rule.pat.min_pattern_len = rdev->wiphy.coalesce->pattern_min_len;
1561 rule.pat.max_pattern_len = rdev->wiphy.coalesce->pattern_max_len;
1562 rule.pat.max_pkt_offset = rdev->wiphy.coalesce->max_pkt_offset;
1563
1564 if (nla_put(msg, NL80211_ATTR_COALESCE_RULE, sizeof(rule), &rule))
1565 return -ENOBUFS;
1566
1567 return 0;
1568 }
1569
1570 static int
1571 nl80211_send_iftype_data(struct sk_buff *msg,
1572 const struct ieee80211_supported_band *sband,
1573 const struct ieee80211_sband_iftype_data *iftdata)
1574 {
1575 const struct ieee80211_sta_he_cap *he_cap = &iftdata->he_cap;
1576
1577 if (nl80211_put_iftypes(msg, NL80211_BAND_IFTYPE_ATTR_IFTYPES,
1578 iftdata->types_mask))
1579 return -ENOBUFS;
1580
1581 if (he_cap->has_he) {
1582 if (nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_MAC,
1583 sizeof(he_cap->he_cap_elem.mac_cap_info),
1584 he_cap->he_cap_elem.mac_cap_info) ||
1585 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_PHY,
1586 sizeof(he_cap->he_cap_elem.phy_cap_info),
1587 he_cap->he_cap_elem.phy_cap_info) ||
1588 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_MCS_SET,
1589 sizeof(he_cap->he_mcs_nss_supp),
1590 &he_cap->he_mcs_nss_supp) ||
1591 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_PPE,
1592 sizeof(he_cap->ppe_thres), he_cap->ppe_thres))
1593 return -ENOBUFS;
1594 }
1595
1596 if (sband->band == NL80211_BAND_6GHZ &&
1597 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_6GHZ_CAPA,
1598 sizeof(iftdata->he_6ghz_capa),
1599 &iftdata->he_6ghz_capa))
1600 return -ENOBUFS;
1601
1602 return 0;
1603 }
1604
1605 static int nl80211_send_band_rateinfo(struct sk_buff *msg,
1606 struct ieee80211_supported_band *sband)
1607 {
1608 struct nlattr *nl_rates, *nl_rate;
1609 struct ieee80211_rate *rate;
1610 int i;
1611
1612 /* add HT info */
1613 if (sband->ht_cap.ht_supported &&
1614 (nla_put(msg, NL80211_BAND_ATTR_HT_MCS_SET,
1615 sizeof(sband->ht_cap.mcs),
1616 &sband->ht_cap.mcs) ||
1617 nla_put_u16(msg, NL80211_BAND_ATTR_HT_CAPA,
1618 sband->ht_cap.cap) ||
1619 nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_FACTOR,
1620 sband->ht_cap.ampdu_factor) ||
1621 nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_DENSITY,
1622 sband->ht_cap.ampdu_density)))
1623 return -ENOBUFS;
1624
1625 /* add VHT info */
1626 if (sband->vht_cap.vht_supported &&
1627 (nla_put(msg, NL80211_BAND_ATTR_VHT_MCS_SET,
1628 sizeof(sband->vht_cap.vht_mcs),
1629 &sband->vht_cap.vht_mcs) ||
1630 nla_put_u32(msg, NL80211_BAND_ATTR_VHT_CAPA,
1631 sband->vht_cap.cap)))
1632 return -ENOBUFS;
1633
1634 if (sband->n_iftype_data) {
1635 struct nlattr *nl_iftype_data =
1636 nla_nest_start_noflag(msg,
1637 NL80211_BAND_ATTR_IFTYPE_DATA);
1638 int err;
1639
1640 if (!nl_iftype_data)
1641 return -ENOBUFS;
1642
1643 for (i = 0; i < sband->n_iftype_data; i++) {
1644 struct nlattr *iftdata;
1645
1646 iftdata = nla_nest_start_noflag(msg, i + 1);
1647 if (!iftdata)
1648 return -ENOBUFS;
1649
1650 err = nl80211_send_iftype_data(msg, sband,
1651 &sband->iftype_data[i]);
1652 if (err)
1653 return err;
1654
1655 nla_nest_end(msg, iftdata);
1656 }
1657
1658 nla_nest_end(msg, nl_iftype_data);
1659 }
1660
1661 /* add EDMG info */
1662 if (sband->edmg_cap.channels &&
1663 (nla_put_u8(msg, NL80211_BAND_ATTR_EDMG_CHANNELS,
1664 sband->edmg_cap.channels) ||
1665 nla_put_u8(msg, NL80211_BAND_ATTR_EDMG_BW_CONFIG,
1666 sband->edmg_cap.bw_config)))
1667
1668 return -ENOBUFS;
1669
1670 /* add bitrates */
1671 nl_rates = nla_nest_start_noflag(msg, NL80211_BAND_ATTR_RATES);
1672 if (!nl_rates)
1673 return -ENOBUFS;
1674
1675 for (i = 0; i < sband->n_bitrates; i++) {
1676 nl_rate = nla_nest_start_noflag(msg, i);
1677 if (!nl_rate)
1678 return -ENOBUFS;
1679
1680 rate = &sband->bitrates[i];
1681 if (nla_put_u32(msg, NL80211_BITRATE_ATTR_RATE,
1682 rate->bitrate))
1683 return -ENOBUFS;
1684 if ((rate->flags & IEEE80211_RATE_SHORT_PREAMBLE) &&
1685 nla_put_flag(msg,
1686 NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE))
1687 return -ENOBUFS;
1688
1689 nla_nest_end(msg, nl_rate);
1690 }
1691
1692 nla_nest_end(msg, nl_rates);
1693
1694 return 0;
1695 }
1696
1697 static int
1698 nl80211_send_mgmt_stypes(struct sk_buff *msg,
1699 const struct ieee80211_txrx_stypes *mgmt_stypes)
1700 {
1701 u16 stypes;
1702 struct nlattr *nl_ftypes, *nl_ifs;
1703 enum nl80211_iftype ift;
1704 int i;
1705
1706 if (!mgmt_stypes)
1707 return 0;
1708
1709 nl_ifs = nla_nest_start_noflag(msg, NL80211_ATTR_TX_FRAME_TYPES);
1710 if (!nl_ifs)
1711 return -ENOBUFS;
1712
1713 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
1714 nl_ftypes = nla_nest_start_noflag(msg, ift);
1715 if (!nl_ftypes)
1716 return -ENOBUFS;
1717 i = 0;
1718 stypes = mgmt_stypes[ift].tx;
1719 while (stypes) {
1720 if ((stypes & 1) &&
1721 nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
1722 (i << 4) | IEEE80211_FTYPE_MGMT))
1723 return -ENOBUFS;
1724 stypes >>= 1;
1725 i++;
1726 }
1727 nla_nest_end(msg, nl_ftypes);
1728 }
1729
1730 nla_nest_end(msg, nl_ifs);
1731
1732 nl_ifs = nla_nest_start_noflag(msg, NL80211_ATTR_RX_FRAME_TYPES);
1733 if (!nl_ifs)
1734 return -ENOBUFS;
1735
1736 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
1737 nl_ftypes = nla_nest_start_noflag(msg, ift);
1738 if (!nl_ftypes)
1739 return -ENOBUFS;
1740 i = 0;
1741 stypes = mgmt_stypes[ift].rx;
1742 while (stypes) {
1743 if ((stypes & 1) &&
1744 nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
1745 (i << 4) | IEEE80211_FTYPE_MGMT))
1746 return -ENOBUFS;
1747 stypes >>= 1;
1748 i++;
1749 }
1750 nla_nest_end(msg, nl_ftypes);
1751 }
1752 nla_nest_end(msg, nl_ifs);
1753
1754 return 0;
1755 }
1756
1757 #define CMD(op, n) \
1758 do { \
1759 if (rdev->ops->op) { \
1760 i++; \
1761 if (nla_put_u32(msg, i, NL80211_CMD_ ## n)) \
1762 goto nla_put_failure; \
1763 } \
1764 } while (0)
1765
1766 static int nl80211_add_commands_unsplit(struct cfg80211_registered_device *rdev,
1767 struct sk_buff *msg)
1768 {
1769 int i = 0;
1770
1771 /*
1772 * do *NOT* add anything into this function, new things need to be
1773 * advertised only to new versions of userspace that can deal with
1774 * the split (and they can't possibly care about new features...
1775 */
1776 CMD(add_virtual_intf, NEW_INTERFACE);
1777 CMD(change_virtual_intf, SET_INTERFACE);
1778 CMD(add_key, NEW_KEY);
1779 CMD(start_ap, START_AP);
1780 CMD(add_station, NEW_STATION);
1781 CMD(add_mpath, NEW_MPATH);
1782 CMD(update_mesh_config, SET_MESH_CONFIG);
1783 CMD(change_bss, SET_BSS);
1784 CMD(auth, AUTHENTICATE);
1785 CMD(assoc, ASSOCIATE);
1786 CMD(deauth, DEAUTHENTICATE);
1787 CMD(disassoc, DISASSOCIATE);
1788 CMD(join_ibss, JOIN_IBSS);
1789 CMD(join_mesh, JOIN_MESH);
1790 CMD(set_pmksa, SET_PMKSA);
1791 CMD(del_pmksa, DEL_PMKSA);
1792 CMD(flush_pmksa, FLUSH_PMKSA);
1793 if (rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL)
1794 CMD(remain_on_channel, REMAIN_ON_CHANNEL);
1795 CMD(set_bitrate_mask, SET_TX_BITRATE_MASK);
1796 CMD(mgmt_tx, FRAME);
1797 CMD(mgmt_tx_cancel_wait, FRAME_WAIT_CANCEL);
1798 if (rdev->wiphy.flags & WIPHY_FLAG_NETNS_OK) {
1799 i++;
1800 if (nla_put_u32(msg, i, NL80211_CMD_SET_WIPHY_NETNS))
1801 goto nla_put_failure;
1802 }
1803 if (rdev->ops->set_monitor_channel || rdev->ops->start_ap ||
1804 rdev->ops->join_mesh) {
1805 i++;
1806 if (nla_put_u32(msg, i, NL80211_CMD_SET_CHANNEL))
1807 goto nla_put_failure;
1808 }
1809 CMD(set_wds_peer, SET_WDS_PEER);
1810 if (rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) {
1811 CMD(tdls_mgmt, TDLS_MGMT);
1812 CMD(tdls_oper, TDLS_OPER);
1813 }
1814 if (rdev->wiphy.max_sched_scan_reqs)
1815 CMD(sched_scan_start, START_SCHED_SCAN);
1816 CMD(probe_client, PROBE_CLIENT);
1817 CMD(set_noack_map, SET_NOACK_MAP);
1818 if (rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS) {
1819 i++;
1820 if (nla_put_u32(msg, i, NL80211_CMD_REGISTER_BEACONS))
1821 goto nla_put_failure;
1822 }
1823 CMD(start_p2p_device, START_P2P_DEVICE);
1824 CMD(set_mcast_rate, SET_MCAST_RATE);
1825 #ifdef CONFIG_NL80211_TESTMODE
1826 CMD(testmode_cmd, TESTMODE);
1827 #endif
1828
1829 if (rdev->ops->connect || rdev->ops->auth) {
1830 i++;
1831 if (nla_put_u32(msg, i, NL80211_CMD_CONNECT))
1832 goto nla_put_failure;
1833 }
1834
1835 if (rdev->ops->disconnect || rdev->ops->deauth) {
1836 i++;
1837 if (nla_put_u32(msg, i, NL80211_CMD_DISCONNECT))
1838 goto nla_put_failure;
1839 }
1840
1841 return i;
1842 nla_put_failure:
1843 return -ENOBUFS;
1844 }
1845
1846 static int
1847 nl80211_send_pmsr_ftm_capa(const struct cfg80211_pmsr_capabilities *cap,
1848 struct sk_buff *msg)
1849 {
1850 struct nlattr *ftm;
1851
1852 if (!cap->ftm.supported)
1853 return 0;
1854
1855 ftm = nla_nest_start_noflag(msg, NL80211_PMSR_TYPE_FTM);
1856 if (!ftm)
1857 return -ENOBUFS;
1858
1859 if (cap->ftm.asap && nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_ASAP))
1860 return -ENOBUFS;
1861 if (cap->ftm.non_asap &&
1862 nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_NON_ASAP))
1863 return -ENOBUFS;
1864 if (cap->ftm.request_lci &&
1865 nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_REQ_LCI))
1866 return -ENOBUFS;
1867 if (cap->ftm.request_civicloc &&
1868 nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_REQ_CIVICLOC))
1869 return -ENOBUFS;
1870 if (nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_PREAMBLES,
1871 cap->ftm.preambles))
1872 return -ENOBUFS;
1873 if (nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_BANDWIDTHS,
1874 cap->ftm.bandwidths))
1875 return -ENOBUFS;
1876 if (cap->ftm.max_bursts_exponent >= 0 &&
1877 nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_MAX_BURSTS_EXPONENT,
1878 cap->ftm.max_bursts_exponent))
1879 return -ENOBUFS;
1880 if (cap->ftm.max_ftms_per_burst &&
1881 nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_MAX_FTMS_PER_BURST,
1882 cap->ftm.max_ftms_per_burst))
1883 return -ENOBUFS;
1884 if (cap->ftm.trigger_based &&
1885 nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_TRIGGER_BASED))
1886 return -ENOBUFS;
1887 if (cap->ftm.non_trigger_based &&
1888 nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_NON_TRIGGER_BASED))
1889 return -ENOBUFS;
1890
1891 nla_nest_end(msg, ftm);
1892 return 0;
1893 }
1894
1895 static int nl80211_send_pmsr_capa(struct cfg80211_registered_device *rdev,
1896 struct sk_buff *msg)
1897 {
1898 const struct cfg80211_pmsr_capabilities *cap = rdev->wiphy.pmsr_capa;
1899 struct nlattr *pmsr, *caps;
1900
1901 if (!cap)
1902 return 0;
1903
1904 /*
1905 * we don't need to clean up anything here since the caller
1906 * will genlmsg_cancel() if we fail
1907 */
1908
1909 pmsr = nla_nest_start_noflag(msg, NL80211_ATTR_PEER_MEASUREMENTS);
1910 if (!pmsr)
1911 return -ENOBUFS;
1912
1913 if (nla_put_u32(msg, NL80211_PMSR_ATTR_MAX_PEERS, cap->max_peers))
1914 return -ENOBUFS;
1915
1916 if (cap->report_ap_tsf &&
1917 nla_put_flag(msg, NL80211_PMSR_ATTR_REPORT_AP_TSF))
1918 return -ENOBUFS;
1919
1920 if (cap->randomize_mac_addr &&
1921 nla_put_flag(msg, NL80211_PMSR_ATTR_RANDOMIZE_MAC_ADDR))
1922 return -ENOBUFS;
1923
1924 caps = nla_nest_start_noflag(msg, NL80211_PMSR_ATTR_TYPE_CAPA);
1925 if (!caps)
1926 return -ENOBUFS;
1927
1928 if (nl80211_send_pmsr_ftm_capa(cap, msg))
1929 return -ENOBUFS;
1930
1931 nla_nest_end(msg, caps);
1932 nla_nest_end(msg, pmsr);
1933
1934 return 0;
1935 }
1936
1937 static int
1938 nl80211_put_iftype_akm_suites(struct cfg80211_registered_device *rdev,
1939 struct sk_buff *msg)
1940 {
1941 int i;
1942 struct nlattr *nested, *nested_akms;
1943 const struct wiphy_iftype_akm_suites *iftype_akms;
1944
1945 if (!rdev->wiphy.num_iftype_akm_suites ||
1946 !rdev->wiphy.iftype_akm_suites)
1947 return 0;
1948
1949 nested = nla_nest_start(msg, NL80211_ATTR_IFTYPE_AKM_SUITES);
1950 if (!nested)
1951 return -ENOBUFS;
1952
1953 for (i = 0; i < rdev->wiphy.num_iftype_akm_suites; i++) {
1954 nested_akms = nla_nest_start(msg, i + 1);
1955 if (!nested_akms)
1956 return -ENOBUFS;
1957
1958 iftype_akms = &rdev->wiphy.iftype_akm_suites[i];
1959
1960 if (nl80211_put_iftypes(msg, NL80211_IFTYPE_AKM_ATTR_IFTYPES,
1961 iftype_akms->iftypes_mask))
1962 return -ENOBUFS;
1963
1964 if (nla_put(msg, NL80211_IFTYPE_AKM_ATTR_SUITES,
1965 sizeof(u32) * iftype_akms->n_akm_suites,
1966 iftype_akms->akm_suites)) {
1967 return -ENOBUFS;
1968 }
1969 nla_nest_end(msg, nested_akms);
1970 }
1971
1972 nla_nest_end(msg, nested);
1973
1974 return 0;
1975 }
1976
1977 static int
1978 nl80211_put_tid_config_support(struct cfg80211_registered_device *rdev,
1979 struct sk_buff *msg)
1980 {
1981 struct nlattr *supp;
1982
1983 if (!rdev->wiphy.tid_config_support.vif &&
1984 !rdev->wiphy.tid_config_support.peer)
1985 return 0;
1986
1987 supp = nla_nest_start(msg, NL80211_ATTR_TID_CONFIG);
1988 if (!supp)
1989 return -ENOSPC;
1990
1991 if (rdev->wiphy.tid_config_support.vif &&
1992 nla_put_u64_64bit(msg, NL80211_TID_CONFIG_ATTR_VIF_SUPP,
1993 rdev->wiphy.tid_config_support.vif,
1994 NL80211_TID_CONFIG_ATTR_PAD))
1995 goto fail;
1996
1997 if (rdev->wiphy.tid_config_support.peer &&
1998 nla_put_u64_64bit(msg, NL80211_TID_CONFIG_ATTR_PEER_SUPP,
1999 rdev->wiphy.tid_config_support.peer,
2000 NL80211_TID_CONFIG_ATTR_PAD))
2001 goto fail;
2002
2003 /* for now we just use the same value ... makes more sense */
2004 if (nla_put_u8(msg, NL80211_TID_CONFIG_ATTR_RETRY_SHORT,
2005 rdev->wiphy.tid_config_support.max_retry))
2006 goto fail;
2007 if (nla_put_u8(msg, NL80211_TID_CONFIG_ATTR_RETRY_LONG,
2008 rdev->wiphy.tid_config_support.max_retry))
2009 goto fail;
2010
2011 nla_nest_end(msg, supp);
2012
2013 return 0;
2014 fail:
2015 nla_nest_cancel(msg, supp);
2016 return -ENOBUFS;
2017 }
2018
2019 struct nl80211_dump_wiphy_state {
2020 s64 filter_wiphy;
2021 long start;
2022 long split_start, band_start, chan_start, capa_start;
2023 bool split;
2024 };
2025
2026 static int nl80211_send_wiphy(struct cfg80211_registered_device *rdev,
2027 enum nl80211_commands cmd,
2028 struct sk_buff *msg, u32 portid, u32 seq,
2029 int flags, struct nl80211_dump_wiphy_state *state)
2030 {
2031 void *hdr;
2032 struct nlattr *nl_bands, *nl_band;
2033 struct nlattr *nl_freqs, *nl_freq;
2034 struct nlattr *nl_cmds;
2035 enum nl80211_band band;
2036 struct ieee80211_channel *chan;
2037 int i;
2038 const struct ieee80211_txrx_stypes *mgmt_stypes =
2039 rdev->wiphy.mgmt_stypes;
2040 u32 features;
2041
2042 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
2043 if (!hdr)
2044 return -ENOBUFS;
2045
2046 if (WARN_ON(!state))
2047 return -EINVAL;
2048
2049 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
2050 nla_put_string(msg, NL80211_ATTR_WIPHY_NAME,
2051 wiphy_name(&rdev->wiphy)) ||
2052 nla_put_u32(msg, NL80211_ATTR_GENERATION,
2053 cfg80211_rdev_list_generation))
2054 goto nla_put_failure;
2055
2056 if (cmd != NL80211_CMD_NEW_WIPHY)
2057 goto finish;
2058
2059 switch (state->split_start) {
2060 case 0:
2061 if (nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_SHORT,
2062 rdev->wiphy.retry_short) ||
2063 nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_LONG,
2064 rdev->wiphy.retry_long) ||
2065 nla_put_u32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD,
2066 rdev->wiphy.frag_threshold) ||
2067 nla_put_u32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD,
2068 rdev->wiphy.rts_threshold) ||
2069 nla_put_u8(msg, NL80211_ATTR_WIPHY_COVERAGE_CLASS,
2070 rdev->wiphy.coverage_class) ||
2071 nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCAN_SSIDS,
2072 rdev->wiphy.max_scan_ssids) ||
2073 nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS,
2074 rdev->wiphy.max_sched_scan_ssids) ||
2075 nla_put_u16(msg, NL80211_ATTR_MAX_SCAN_IE_LEN,
2076 rdev->wiphy.max_scan_ie_len) ||
2077 nla_put_u16(msg, NL80211_ATTR_MAX_SCHED_SCAN_IE_LEN,
2078 rdev->wiphy.max_sched_scan_ie_len) ||
2079 nla_put_u8(msg, NL80211_ATTR_MAX_MATCH_SETS,
2080 rdev->wiphy.max_match_sets) ||
2081 nla_put_u32(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_PLANS,
2082 rdev->wiphy.max_sched_scan_plans) ||
2083 nla_put_u32(msg, NL80211_ATTR_MAX_SCAN_PLAN_INTERVAL,
2084 rdev->wiphy.max_sched_scan_plan_interval) ||
2085 nla_put_u32(msg, NL80211_ATTR_MAX_SCAN_PLAN_ITERATIONS,
2086 rdev->wiphy.max_sched_scan_plan_iterations))
2087 goto nla_put_failure;
2088
2089 if ((rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN) &&
2090 nla_put_flag(msg, NL80211_ATTR_SUPPORT_IBSS_RSN))
2091 goto nla_put_failure;
2092 if ((rdev->wiphy.flags & WIPHY_FLAG_MESH_AUTH) &&
2093 nla_put_flag(msg, NL80211_ATTR_SUPPORT_MESH_AUTH))
2094 goto nla_put_failure;
2095 if ((rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) &&
2096 nla_put_flag(msg, NL80211_ATTR_SUPPORT_AP_UAPSD))
2097 goto nla_put_failure;
2098 if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_FW_ROAM) &&
2099 nla_put_flag(msg, NL80211_ATTR_ROAM_SUPPORT))
2100 goto nla_put_failure;
2101 if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) &&
2102 nla_put_flag(msg, NL80211_ATTR_TDLS_SUPPORT))
2103 goto nla_put_failure;
2104 if ((rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP) &&
2105 nla_put_flag(msg, NL80211_ATTR_TDLS_EXTERNAL_SETUP))
2106 goto nla_put_failure;
2107 state->split_start++;
2108 if (state->split)
2109 break;
2110 fallthrough;
2111 case 1:
2112 if (nla_put(msg, NL80211_ATTR_CIPHER_SUITES,
2113 sizeof(u32) * rdev->wiphy.n_cipher_suites,
2114 rdev->wiphy.cipher_suites))
2115 goto nla_put_failure;
2116
2117 if (nla_put_u8(msg, NL80211_ATTR_MAX_NUM_PMKIDS,
2118 rdev->wiphy.max_num_pmkids))
2119 goto nla_put_failure;
2120
2121 if ((rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
2122 nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE))
2123 goto nla_put_failure;
2124
2125 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_TX,
2126 rdev->wiphy.available_antennas_tx) ||
2127 nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_RX,
2128 rdev->wiphy.available_antennas_rx))
2129 goto nla_put_failure;
2130
2131 if ((rdev->wiphy.flags & WIPHY_FLAG_AP_PROBE_RESP_OFFLOAD) &&
2132 nla_put_u32(msg, NL80211_ATTR_PROBE_RESP_OFFLOAD,
2133 rdev->wiphy.probe_resp_offload))
2134 goto nla_put_failure;
2135
2136 if ((rdev->wiphy.available_antennas_tx ||
2137 rdev->wiphy.available_antennas_rx) &&
2138 rdev->ops->get_antenna) {
2139 u32 tx_ant = 0, rx_ant = 0;
2140 int res;
2141
2142 res = rdev_get_antenna(rdev, &tx_ant, &rx_ant);
2143 if (!res) {
2144 if (nla_put_u32(msg,
2145 NL80211_ATTR_WIPHY_ANTENNA_TX,
2146 tx_ant) ||
2147 nla_put_u32(msg,
2148 NL80211_ATTR_WIPHY_ANTENNA_RX,
2149 rx_ant))
2150 goto nla_put_failure;
2151 }
2152 }
2153
2154 state->split_start++;
2155 if (state->split)
2156 break;
2157 fallthrough;
2158 case 2:
2159 if (nl80211_put_iftypes(msg, NL80211_ATTR_SUPPORTED_IFTYPES,
2160 rdev->wiphy.interface_modes))
2161 goto nla_put_failure;
2162 state->split_start++;
2163 if (state->split)
2164 break;
2165 fallthrough;
2166 case 3:
2167 nl_bands = nla_nest_start_noflag(msg,
2168 NL80211_ATTR_WIPHY_BANDS);
2169 if (!nl_bands)
2170 goto nla_put_failure;
2171
2172 for (band = state->band_start;
2173 band < NUM_NL80211_BANDS; band++) {
2174 struct ieee80211_supported_band *sband;
2175
2176 sband = rdev->wiphy.bands[band];
2177
2178 if (!sband)
2179 continue;
2180
2181 nl_band = nla_nest_start_noflag(msg, band);
2182 if (!nl_band)
2183 goto nla_put_failure;
2184
2185 switch (state->chan_start) {
2186 case 0:
2187 if (nl80211_send_band_rateinfo(msg, sband))
2188 goto nla_put_failure;
2189 state->chan_start++;
2190 if (state->split)
2191 break;
2192 fallthrough;
2193 default:
2194 /* add frequencies */
2195 nl_freqs = nla_nest_start_noflag(msg,
2196 NL80211_BAND_ATTR_FREQS);
2197 if (!nl_freqs)
2198 goto nla_put_failure;
2199
2200 for (i = state->chan_start - 1;
2201 i < sband->n_channels;
2202 i++) {
2203 nl_freq = nla_nest_start_noflag(msg,
2204 i);
2205 if (!nl_freq)
2206 goto nla_put_failure;
2207
2208 chan = &sband->channels[i];
2209
2210 if (nl80211_msg_put_channel(
2211 msg, &rdev->wiphy, chan,
2212 state->split))
2213 goto nla_put_failure;
2214
2215 nla_nest_end(msg, nl_freq);
2216 if (state->split)
2217 break;
2218 }
2219 if (i < sband->n_channels)
2220 state->chan_start = i + 2;
2221 else
2222 state->chan_start = 0;
2223 nla_nest_end(msg, nl_freqs);
2224 }
2225
2226 nla_nest_end(msg, nl_band);
2227
2228 if (state->split) {
2229 /* start again here */
2230 if (state->chan_start)
2231 band--;
2232 break;
2233 }
2234 }
2235 nla_nest_end(msg, nl_bands);
2236
2237 if (band < NUM_NL80211_BANDS)
2238 state->band_start = band + 1;
2239 else
2240 state->band_start = 0;
2241
2242 /* if bands & channels are done, continue outside */
2243 if (state->band_start == 0 && state->chan_start == 0)
2244 state->split_start++;
2245 if (state->split)
2246 break;
2247 fallthrough;
2248 case 4:
2249 nl_cmds = nla_nest_start_noflag(msg,
2250 NL80211_ATTR_SUPPORTED_COMMANDS);
2251 if (!nl_cmds)
2252 goto nla_put_failure;
2253
2254 i = nl80211_add_commands_unsplit(rdev, msg);
2255 if (i < 0)
2256 goto nla_put_failure;
2257 if (state->split) {
2258 CMD(crit_proto_start, CRIT_PROTOCOL_START);
2259 CMD(crit_proto_stop, CRIT_PROTOCOL_STOP);
2260 if (rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH)
2261 CMD(channel_switch, CHANNEL_SWITCH);
2262 CMD(set_qos_map, SET_QOS_MAP);
2263 if (rdev->wiphy.features &
2264 NL80211_FEATURE_SUPPORTS_WMM_ADMISSION)
2265 CMD(add_tx_ts, ADD_TX_TS);
2266 CMD(set_multicast_to_unicast, SET_MULTICAST_TO_UNICAST);
2267 CMD(update_connect_params, UPDATE_CONNECT_PARAMS);
2268 CMD(update_ft_ies, UPDATE_FT_IES);
2269 }
2270 #undef CMD
2271
2272 nla_nest_end(msg, nl_cmds);
2273 state->split_start++;
2274 if (state->split)
2275 break;
2276 fallthrough;
2277 case 5:
2278 if (rdev->ops->remain_on_channel &&
2279 (rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL) &&
2280 nla_put_u32(msg,
2281 NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION,
2282 rdev->wiphy.max_remain_on_channel_duration))
2283 goto nla_put_failure;
2284
2285 if ((rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX) &&
2286 nla_put_flag(msg, NL80211_ATTR_OFFCHANNEL_TX_OK))
2287 goto nla_put_failure;
2288
2289 if (nl80211_send_mgmt_stypes(msg, mgmt_stypes))
2290 goto nla_put_failure;
2291 state->split_start++;
2292 if (state->split)
2293 break;
2294 fallthrough;
2295 case 6:
2296 #ifdef CONFIG_PM
2297 if (nl80211_send_wowlan(msg, rdev, state->split))
2298 goto nla_put_failure;
2299 state->split_start++;
2300 if (state->split)
2301 break;
2302 #else
2303 state->split_start++;
2304 #endif
2305 fallthrough;
2306 case 7:
2307 if (nl80211_put_iftypes(msg, NL80211_ATTR_SOFTWARE_IFTYPES,
2308 rdev->wiphy.software_iftypes))
2309 goto nla_put_failure;
2310
2311 if (nl80211_put_iface_combinations(&rdev->wiphy, msg,
2312 state->split))
2313 goto nla_put_failure;
2314
2315 state->split_start++;
2316 if (state->split)
2317 break;
2318 fallthrough;
2319 case 8:
2320 if ((rdev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME) &&
2321 nla_put_u32(msg, NL80211_ATTR_DEVICE_AP_SME,
2322 rdev->wiphy.ap_sme_capa))
2323 goto nla_put_failure;
2324
2325 features = rdev->wiphy.features;
2326 /*
2327 * We can only add the per-channel limit information if the
2328 * dump is split, otherwise it makes it too big. Therefore
2329 * only advertise it in that case.
2330 */
2331 if (state->split)
2332 features |= NL80211_FEATURE_ADVERTISE_CHAN_LIMITS;
2333 if (nla_put_u32(msg, NL80211_ATTR_FEATURE_FLAGS, features))
2334 goto nla_put_failure;
2335
2336 if (rdev->wiphy.ht_capa_mod_mask &&
2337 nla_put(msg, NL80211_ATTR_HT_CAPABILITY_MASK,
2338 sizeof(*rdev->wiphy.ht_capa_mod_mask),
2339 rdev->wiphy.ht_capa_mod_mask))
2340 goto nla_put_failure;
2341
2342 if (rdev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME &&
2343 rdev->wiphy.max_acl_mac_addrs &&
2344 nla_put_u32(msg, NL80211_ATTR_MAC_ACL_MAX,
2345 rdev->wiphy.max_acl_mac_addrs))
2346 goto nla_put_failure;
2347
2348 /*
2349 * Any information below this point is only available to
2350 * applications that can deal with it being split. This
2351 * helps ensure that newly added capabilities don't break
2352 * older tools by overrunning their buffers.
2353 *
2354 * We still increment split_start so that in the split
2355 * case we'll continue with more data in the next round,
2356 * but break unconditionally so unsplit data stops here.
2357 */
2358 state->split_start++;
2359 break;
2360 case 9:
2361 if (rdev->wiphy.extended_capabilities &&
2362 (nla_put(msg, NL80211_ATTR_EXT_CAPA,
2363 rdev->wiphy.extended_capabilities_len,
2364 rdev->wiphy.extended_capabilities) ||
2365 nla_put(msg, NL80211_ATTR_EXT_CAPA_MASK,
2366 rdev->wiphy.extended_capabilities_len,
2367 rdev->wiphy.extended_capabilities_mask)))
2368 goto nla_put_failure;
2369
2370 if (rdev->wiphy.vht_capa_mod_mask &&
2371 nla_put(msg, NL80211_ATTR_VHT_CAPABILITY_MASK,
2372 sizeof(*rdev->wiphy.vht_capa_mod_mask),
2373 rdev->wiphy.vht_capa_mod_mask))
2374 goto nla_put_failure;
2375
2376 if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN,
2377 rdev->wiphy.perm_addr))
2378 goto nla_put_failure;
2379
2380 if (!is_zero_ether_addr(rdev->wiphy.addr_mask) &&
2381 nla_put(msg, NL80211_ATTR_MAC_MASK, ETH_ALEN,
2382 rdev->wiphy.addr_mask))
2383 goto nla_put_failure;
2384
2385 if (rdev->wiphy.n_addresses > 1) {
2386 void *attr;
2387
2388 attr = nla_nest_start(msg, NL80211_ATTR_MAC_ADDRS);
2389 if (!attr)
2390 goto nla_put_failure;
2391
2392 for (i = 0; i < rdev->wiphy.n_addresses; i++)
2393 if (nla_put(msg, i + 1, ETH_ALEN,
2394 rdev->wiphy.addresses[i].addr))
2395 goto nla_put_failure;
2396
2397 nla_nest_end(msg, attr);
2398 }
2399
2400 state->split_start++;
2401 break;
2402 case 10:
2403 if (nl80211_send_coalesce(msg, rdev))
2404 goto nla_put_failure;
2405
2406 if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ) &&
2407 (nla_put_flag(msg, NL80211_ATTR_SUPPORT_5_MHZ) ||
2408 nla_put_flag(msg, NL80211_ATTR_SUPPORT_10_MHZ)))
2409 goto nla_put_failure;
2410
2411 if (rdev->wiphy.max_ap_assoc_sta &&
2412 nla_put_u32(msg, NL80211_ATTR_MAX_AP_ASSOC_STA,
2413 rdev->wiphy.max_ap_assoc_sta))
2414 goto nla_put_failure;
2415
2416 state->split_start++;
2417 break;
2418 case 11:
2419 if (rdev->wiphy.n_vendor_commands) {
2420 const struct nl80211_vendor_cmd_info *info;
2421 struct nlattr *nested;
2422
2423 nested = nla_nest_start_noflag(msg,
2424 NL80211_ATTR_VENDOR_DATA);
2425 if (!nested)
2426 goto nla_put_failure;
2427
2428 for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) {
2429 info = &rdev->wiphy.vendor_commands[i].info;
2430 if (nla_put(msg, i + 1, sizeof(*info), info))
2431 goto nla_put_failure;
2432 }
2433 nla_nest_end(msg, nested);
2434 }
2435
2436 if (rdev->wiphy.n_vendor_events) {
2437 const struct nl80211_vendor_cmd_info *info;
2438 struct nlattr *nested;
2439
2440 nested = nla_nest_start_noflag(msg,
2441 NL80211_ATTR_VENDOR_EVENTS);
2442 if (!nested)
2443 goto nla_put_failure;
2444
2445 for (i = 0; i < rdev->wiphy.n_vendor_events; i++) {
2446 info = &rdev->wiphy.vendor_events[i];
2447 if (nla_put(msg, i + 1, sizeof(*info), info))
2448 goto nla_put_failure;
2449 }
2450 nla_nest_end(msg, nested);
2451 }
2452 state->split_start++;
2453 break;
2454 case 12:
2455 if (rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH &&
2456 nla_put_u8(msg, NL80211_ATTR_MAX_CSA_COUNTERS,
2457 rdev->wiphy.max_num_csa_counters))
2458 goto nla_put_failure;
2459
2460 if (rdev->wiphy.regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
2461 nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
2462 goto nla_put_failure;
2463
2464 if (rdev->wiphy.max_sched_scan_reqs &&
2465 nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_MAX_REQS,
2466 rdev->wiphy.max_sched_scan_reqs))
2467 goto nla_put_failure;
2468
2469 if (nla_put(msg, NL80211_ATTR_EXT_FEATURES,
2470 sizeof(rdev->wiphy.ext_features),
2471 rdev->wiphy.ext_features))
2472 goto nla_put_failure;
2473
2474 if (rdev->wiphy.bss_select_support) {
2475 struct nlattr *nested;
2476 u32 bss_select_support = rdev->wiphy.bss_select_support;
2477
2478 nested = nla_nest_start_noflag(msg,
2479 NL80211_ATTR_BSS_SELECT);
2480 if (!nested)
2481 goto nla_put_failure;
2482
2483 i = 0;
2484 while (bss_select_support) {
2485 if ((bss_select_support & 1) &&
2486 nla_put_flag(msg, i))
2487 goto nla_put_failure;
2488 i++;
2489 bss_select_support >>= 1;
2490 }
2491 nla_nest_end(msg, nested);
2492 }
2493
2494 state->split_start++;
2495 break;
2496 case 13:
2497 if (rdev->wiphy.num_iftype_ext_capab &&
2498 rdev->wiphy.iftype_ext_capab) {
2499 struct nlattr *nested_ext_capab, *nested;
2500
2501 nested = nla_nest_start_noflag(msg,
2502 NL80211_ATTR_IFTYPE_EXT_CAPA);
2503 if (!nested)
2504 goto nla_put_failure;
2505
2506 for (i = state->capa_start;
2507 i < rdev->wiphy.num_iftype_ext_capab; i++) {
2508 const struct wiphy_iftype_ext_capab *capab;
2509
2510 capab = &rdev->wiphy.iftype_ext_capab[i];
2511
2512 nested_ext_capab = nla_nest_start_noflag(msg,
2513 i);
2514 if (!nested_ext_capab ||
2515 nla_put_u32(msg, NL80211_ATTR_IFTYPE,
2516 capab->iftype) ||
2517 nla_put(msg, NL80211_ATTR_EXT_CAPA,
2518 capab->extended_capabilities_len,
2519 capab->extended_capabilities) ||
2520 nla_put(msg, NL80211_ATTR_EXT_CAPA_MASK,
2521 capab->extended_capabilities_len,
2522 capab->extended_capabilities_mask))
2523 goto nla_put_failure;
2524
2525 nla_nest_end(msg, nested_ext_capab);
2526 if (state->split)
2527 break;
2528 }
2529 nla_nest_end(msg, nested);
2530 if (i < rdev->wiphy.num_iftype_ext_capab) {
2531 state->capa_start = i + 1;
2532 break;
2533 }
2534 }
2535
2536 if (nla_put_u32(msg, NL80211_ATTR_BANDS,
2537 rdev->wiphy.nan_supported_bands))
2538 goto nla_put_failure;
2539
2540 if (wiphy_ext_feature_isset(&rdev->wiphy,
2541 NL80211_EXT_FEATURE_TXQS)) {
2542 struct cfg80211_txq_stats txqstats = {};
2543 int res;
2544
2545 res = rdev_get_txq_stats(rdev, NULL, &txqstats);
2546 if (!res &&
2547 !nl80211_put_txq_stats(msg, &txqstats,
2548 NL80211_ATTR_TXQ_STATS))
2549 goto nla_put_failure;
2550
2551 if (nla_put_u32(msg, NL80211_ATTR_TXQ_LIMIT,
2552 rdev->wiphy.txq_limit))
2553 goto nla_put_failure;
2554 if (nla_put_u32(msg, NL80211_ATTR_TXQ_MEMORY_LIMIT,
2555 rdev->wiphy.txq_memory_limit))
2556 goto nla_put_failure;
2557 if (nla_put_u32(msg, NL80211_ATTR_TXQ_QUANTUM,
2558 rdev->wiphy.txq_quantum))
2559 goto nla_put_failure;
2560 }
2561
2562 state->split_start++;
2563 break;
2564 case 14:
2565 if (nl80211_send_pmsr_capa(rdev, msg))
2566 goto nla_put_failure;
2567
2568 state->split_start++;
2569 break;
2570 case 15:
2571 if (rdev->wiphy.akm_suites &&
2572 nla_put(msg, NL80211_ATTR_AKM_SUITES,
2573 sizeof(u32) * rdev->wiphy.n_akm_suites,
2574 rdev->wiphy.akm_suites))
2575 goto nla_put_failure;
2576
2577 if (nl80211_put_iftype_akm_suites(rdev, msg))
2578 goto nla_put_failure;
2579
2580 if (nl80211_put_tid_config_support(rdev, msg))
2581 goto nla_put_failure;
2582
2583 /* done */
2584 state->split_start = 0;
2585 break;
2586 }
2587 finish:
2588 genlmsg_end(msg, hdr);
2589 return 0;
2590
2591 nla_put_failure:
2592 genlmsg_cancel(msg, hdr);
2593 return -EMSGSIZE;
2594 }
2595
2596 static int nl80211_dump_wiphy_parse(struct sk_buff *skb,
2597 struct netlink_callback *cb,
2598 struct nl80211_dump_wiphy_state *state)
2599 {
2600 struct nlattr **tb = kcalloc(NUM_NL80211_ATTR, sizeof(*tb), GFP_KERNEL);
2601 int ret;
2602
2603 if (!tb)
2604 return -ENOMEM;
2605
2606 ret = nlmsg_parse_deprecated(cb->nlh,
2607 GENL_HDRLEN + nl80211_fam.hdrsize,
2608 tb, nl80211_fam.maxattr,
2609 nl80211_policy, NULL);
2610 /* ignore parse errors for backward compatibility */
2611 if (ret) {
2612 ret = 0;
2613 goto out;
2614 }
2615
2616 state->split = tb[NL80211_ATTR_SPLIT_WIPHY_DUMP];
2617 if (tb[NL80211_ATTR_WIPHY])
2618 state->filter_wiphy = nla_get_u32(tb[NL80211_ATTR_WIPHY]);
2619 if (tb[NL80211_ATTR_WDEV])
2620 state->filter_wiphy = nla_get_u64(tb[NL80211_ATTR_WDEV]) >> 32;
2621 if (tb[NL80211_ATTR_IFINDEX]) {
2622 struct net_device *netdev;
2623 struct cfg80211_registered_device *rdev;
2624 int ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]);
2625
2626 netdev = __dev_get_by_index(sock_net(skb->sk), ifidx);
2627 if (!netdev) {
2628 ret = -ENODEV;
2629 goto out;
2630 }
2631 if (netdev->ieee80211_ptr) {
2632 rdev = wiphy_to_rdev(
2633 netdev->ieee80211_ptr->wiphy);
2634 state->filter_wiphy = rdev->wiphy_idx;
2635 }
2636 }
2637
2638 ret = 0;
2639 out:
2640 kfree(tb);
2641 return ret;
2642 }
2643
2644 static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb)
2645 {
2646 int idx = 0, ret;
2647 struct nl80211_dump_wiphy_state *state = (void *)cb->args[0];
2648 struct cfg80211_registered_device *rdev;
2649
2650 rtnl_lock();
2651 if (!state) {
2652 state = kzalloc(sizeof(*state), GFP_KERNEL);
2653 if (!state) {
2654 rtnl_unlock();
2655 return -ENOMEM;
2656 }
2657 state->filter_wiphy = -1;
2658 ret = nl80211_dump_wiphy_parse(skb, cb, state);
2659 if (ret) {
2660 kfree(state);
2661 rtnl_unlock();
2662 return ret;
2663 }
2664 cb->args[0] = (long)state;
2665 }
2666
2667 list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
2668 if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
2669 continue;
2670 if (++idx <= state->start)
2671 continue;
2672 if (state->filter_wiphy != -1 &&
2673 state->filter_wiphy != rdev->wiphy_idx)
2674 continue;
2675 /* attempt to fit multiple wiphy data chunks into the skb */
2676 do {
2677 ret = nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY,
2678 skb,
2679 NETLINK_CB(cb->skb).portid,
2680 cb->nlh->nlmsg_seq,
2681 NLM_F_MULTI, state);
2682 if (ret < 0) {
2683 /*
2684 * If sending the wiphy data didn't fit (ENOBUFS
2685 * or EMSGSIZE returned), this SKB is still
2686 * empty (so it's not too big because another
2687 * wiphy dataset is already in the skb) and
2688 * we've not tried to adjust the dump allocation
2689 * yet ... then adjust the alloc size to be
2690 * bigger, and return 1 but with the empty skb.
2691 * This results in an empty message being RX'ed
2692 * in userspace, but that is ignored.
2693 *
2694 * We can then retry with the larger buffer.
2695 */
2696 if ((ret == -ENOBUFS || ret == -EMSGSIZE) &&
2697 !skb->len && !state->split &&
2698 cb->min_dump_alloc < 4096) {
2699 cb->min_dump_alloc = 4096;
2700 state->split_start = 0;
2701 rtnl_unlock();
2702 return 1;
2703 }
2704 idx--;
2705 break;
2706 }
2707 } while (state->split_start > 0);
2708 break;
2709 }
2710 rtnl_unlock();
2711
2712 state->start = idx;
2713
2714 return skb->len;
2715 }
2716
2717 static int nl80211_dump_wiphy_done(struct netlink_callback *cb)
2718 {
2719 kfree((void *)cb->args[0]);
2720 return 0;
2721 }
2722
2723 static int nl80211_get_wiphy(struct sk_buff *skb, struct genl_info *info)
2724 {
2725 struct sk_buff *msg;
2726 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2727 struct nl80211_dump_wiphy_state state = {};
2728
2729 msg = nlmsg_new(4096, GFP_KERNEL);
2730 if (!msg)
2731 return -ENOMEM;
2732
2733 if (nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY, msg,
2734 info->snd_portid, info->snd_seq, 0,
2735 &state) < 0) {
2736 nlmsg_free(msg);
2737 return -ENOBUFS;
2738 }
2739
2740 return genlmsg_reply(msg, info);
2741 }
2742
2743 static const struct nla_policy txq_params_policy[NL80211_TXQ_ATTR_MAX + 1] = {
2744 [NL80211_TXQ_ATTR_QUEUE] = { .type = NLA_U8 },
2745 [NL80211_TXQ_ATTR_TXOP] = { .type = NLA_U16 },
2746 [NL80211_TXQ_ATTR_CWMIN] = { .type = NLA_U16 },
2747 [NL80211_TXQ_ATTR_CWMAX] = { .type = NLA_U16 },
2748 [NL80211_TXQ_ATTR_AIFS] = { .type = NLA_U8 },
2749 };
2750
2751 static int parse_txq_params(struct nlattr *tb[],
2752 struct ieee80211_txq_params *txq_params)
2753 {
2754 u8 ac;
2755
2756 if (!tb[NL80211_TXQ_ATTR_AC] || !tb[NL80211_TXQ_ATTR_TXOP] ||
2757 !tb[NL80211_TXQ_ATTR_CWMIN] || !tb[NL80211_TXQ_ATTR_CWMAX] ||
2758 !tb[NL80211_TXQ_ATTR_AIFS])
2759 return -EINVAL;
2760
2761 ac = nla_get_u8(tb[NL80211_TXQ_ATTR_AC]);
2762 txq_params->txop = nla_get_u16(tb[NL80211_TXQ_ATTR_TXOP]);
2763 txq_params->cwmin = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMIN]);
2764 txq_params->cwmax = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMAX]);
2765 txq_params->aifs = nla_get_u8(tb[NL80211_TXQ_ATTR_AIFS]);
2766
2767 if (ac >= NL80211_NUM_ACS)
2768 return -EINVAL;
2769 txq_params->ac = array_index_nospec(ac, NL80211_NUM_ACS);
2770 return 0;
2771 }
2772
2773 static bool nl80211_can_set_dev_channel(struct wireless_dev *wdev)
2774 {
2775 /*
2776 * You can only set the channel explicitly for WDS interfaces,
2777 * all others have their channel managed via their respective
2778 * "establish a connection" command (connect, join, ...)
2779 *
2780 * For AP/GO and mesh mode, the channel can be set with the
2781 * channel userspace API, but is only stored and passed to the
2782 * low-level driver when the AP starts or the mesh is joined.
2783 * This is for backward compatibility, userspace can also give
2784 * the channel in the start-ap or join-mesh commands instead.
2785 *
2786 * Monitors are special as they are normally slaved to
2787 * whatever else is going on, so they have their own special
2788 * operation to set the monitor channel if possible.
2789 */
2790 return !wdev ||
2791 wdev->iftype == NL80211_IFTYPE_AP ||
2792 wdev->iftype == NL80211_IFTYPE_MESH_POINT ||
2793 wdev->iftype == NL80211_IFTYPE_MONITOR ||
2794 wdev->iftype == NL80211_IFTYPE_P2P_GO;
2795 }
2796
2797 int nl80211_parse_chandef(struct cfg80211_registered_device *rdev,
2798 struct genl_info *info,
2799 struct cfg80211_chan_def *chandef)
2800 {
2801 struct netlink_ext_ack *extack = info->extack;
2802 struct nlattr **attrs = info->attrs;
2803 u32 control_freq;
2804
2805 if (!attrs[NL80211_ATTR_WIPHY_FREQ])
2806 return -EINVAL;
2807
2808 control_freq = MHZ_TO_KHZ(
2809 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
2810 if (info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET])
2811 control_freq +=
2812 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET]);
2813
2814 memset(chandef, 0, sizeof(*chandef));
2815 chandef->chan = ieee80211_get_channel_khz(&rdev->wiphy, control_freq);
2816 chandef->width = NL80211_CHAN_WIDTH_20_NOHT;
2817 chandef->center_freq1 = KHZ_TO_MHZ(control_freq);
2818 chandef->freq1_offset = control_freq % 1000;
2819 chandef->center_freq2 = 0;
2820
2821 /* Primary channel not allowed */
2822 if (!chandef->chan || chandef->chan->flags & IEEE80211_CHAN_DISABLED) {
2823 NL_SET_ERR_MSG_ATTR(extack, attrs[NL80211_ATTR_WIPHY_FREQ],
2824 "Channel is disabled");
2825 return -EINVAL;
2826 }
2827
2828 if (attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
2829 enum nl80211_channel_type chantype;
2830
2831 chantype = nla_get_u32(attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
2832
2833 switch (chantype) {
2834 case NL80211_CHAN_NO_HT:
2835 case NL80211_CHAN_HT20:
2836 case NL80211_CHAN_HT40PLUS:
2837 case NL80211_CHAN_HT40MINUS:
2838 cfg80211_chandef_create(chandef, chandef->chan,
2839 chantype);
2840 /* user input for center_freq is incorrect */
2841 if (attrs[NL80211_ATTR_CENTER_FREQ1] &&
2842 chandef->center_freq1 != nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ1])) {
2843 NL_SET_ERR_MSG_ATTR(extack,
2844 attrs[NL80211_ATTR_CENTER_FREQ1],
2845 "bad center frequency 1");
2846 return -EINVAL;
2847 }
2848 /* center_freq2 must be zero */
2849 if (attrs[NL80211_ATTR_CENTER_FREQ2] &&
2850 nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ2])) {
2851 NL_SET_ERR_MSG_ATTR(extack,
2852 attrs[NL80211_ATTR_CENTER_FREQ2],
2853 "center frequency 2 can't be used");
2854 return -EINVAL;
2855 }
2856 break;
2857 default:
2858 NL_SET_ERR_MSG_ATTR(extack,
2859 attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE],
2860 "invalid channel type");
2861 return -EINVAL;
2862 }
2863 } else if (attrs[NL80211_ATTR_CHANNEL_WIDTH]) {
2864 chandef->width =
2865 nla_get_u32(attrs[NL80211_ATTR_CHANNEL_WIDTH]);
2866 if (attrs[NL80211_ATTR_CENTER_FREQ1]) {
2867 chandef->center_freq1 =
2868 nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ1]);
2869 if (attrs[NL80211_ATTR_CENTER_FREQ1_OFFSET])
2870 chandef->freq1_offset = nla_get_u32(
2871 attrs[NL80211_ATTR_CENTER_FREQ1_OFFSET]);
2872 else
2873 chandef->freq1_offset = 0;
2874 }
2875 if (attrs[NL80211_ATTR_CENTER_FREQ2])
2876 chandef->center_freq2 =
2877 nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ2]);
2878 }
2879
2880 if (info->attrs[NL80211_ATTR_WIPHY_EDMG_CHANNELS]) {
2881 chandef->edmg.channels =
2882 nla_get_u8(info->attrs[NL80211_ATTR_WIPHY_EDMG_CHANNELS]);
2883
2884 if (info->attrs[NL80211_ATTR_WIPHY_EDMG_BW_CONFIG])
2885 chandef->edmg.bw_config =
2886 nla_get_u8(info->attrs[NL80211_ATTR_WIPHY_EDMG_BW_CONFIG]);
2887 } else {
2888 chandef->edmg.bw_config = 0;
2889 chandef->edmg.channels = 0;
2890 }
2891
2892 if (!cfg80211_chandef_valid(chandef)) {
2893 NL_SET_ERR_MSG(extack, "invalid channel definition");
2894 return -EINVAL;
2895 }
2896
2897 if (!cfg80211_chandef_usable(&rdev->wiphy, chandef,
2898 IEEE80211_CHAN_DISABLED)) {
2899 NL_SET_ERR_MSG(extack, "(extension) channel is disabled");
2900 return -EINVAL;
2901 }
2902
2903 if ((chandef->width == NL80211_CHAN_WIDTH_5 ||
2904 chandef->width == NL80211_CHAN_WIDTH_10) &&
2905 !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ)) {
2906 NL_SET_ERR_MSG(extack, "5/10 MHz not supported");
2907 return -EINVAL;
2908 }
2909
2910 return 0;
2911 }
2912
2913 static int __nl80211_set_channel(struct cfg80211_registered_device *rdev,
2914 struct net_device *dev,
2915 struct genl_info *info)
2916 {
2917 struct cfg80211_chan_def chandef;
2918 int result;
2919 enum nl80211_iftype iftype = NL80211_IFTYPE_MONITOR;
2920 struct wireless_dev *wdev = NULL;
2921
2922 if (dev)
2923 wdev = dev->ieee80211_ptr;
2924 if (!nl80211_can_set_dev_channel(wdev))
2925 return -EOPNOTSUPP;
2926 if (wdev)
2927 iftype = wdev->iftype;
2928
2929 result = nl80211_parse_chandef(rdev, info, &chandef);
2930 if (result)
2931 return result;
2932
2933 switch (iftype) {
2934 case NL80211_IFTYPE_AP:
2935 case NL80211_IFTYPE_P2P_GO:
2936 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &chandef,
2937 iftype)) {
2938 result = -EINVAL;
2939 break;
2940 }
2941 if (wdev->beacon_interval) {
2942 if (!dev || !rdev->ops->set_ap_chanwidth ||
2943 !(rdev->wiphy.features &
2944 NL80211_FEATURE_AP_MODE_CHAN_WIDTH_CHANGE)) {
2945 result = -EBUSY;
2946 break;
2947 }
2948
2949 /* Only allow dynamic channel width changes */
2950 if (chandef.chan != wdev->preset_chandef.chan) {
2951 result = -EBUSY;
2952 break;
2953 }
2954 result = rdev_set_ap_chanwidth(rdev, dev, &chandef);
2955 if (result)
2956 break;
2957 }
2958 wdev->preset_chandef = chandef;
2959 result = 0;
2960 break;
2961 case NL80211_IFTYPE_MESH_POINT:
2962 result = cfg80211_set_mesh_channel(rdev, wdev, &chandef);
2963 break;
2964 case NL80211_IFTYPE_MONITOR:
2965 result = cfg80211_set_monitor_channel(rdev, &chandef);
2966 break;
2967 default:
2968 result = -EINVAL;
2969 }
2970
2971 return result;
2972 }
2973
2974 static int nl80211_set_channel(struct sk_buff *skb, struct genl_info *info)
2975 {
2976 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2977 struct net_device *netdev = info->user_ptr[1];
2978
2979 return __nl80211_set_channel(rdev, netdev, info);
2980 }
2981
2982 static int nl80211_set_wds_peer(struct sk_buff *skb, struct genl_info *info)
2983 {
2984 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2985 struct net_device *dev = info->user_ptr[1];
2986 struct wireless_dev *wdev = dev->ieee80211_ptr;
2987 const u8 *bssid;
2988
2989 if (!info->attrs[NL80211_ATTR_MAC])
2990 return -EINVAL;
2991
2992 if (netif_running(dev))
2993 return -EBUSY;
2994
2995 if (!rdev->ops->set_wds_peer)
2996 return -EOPNOTSUPP;
2997
2998 if (wdev->iftype != NL80211_IFTYPE_WDS)
2999 return -EOPNOTSUPP;
3000
3001 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
3002 return rdev_set_wds_peer(rdev, dev, bssid);
3003 }
3004
3005 static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info)
3006 {
3007 struct cfg80211_registered_device *rdev;
3008 struct net_device *netdev = NULL;
3009 struct wireless_dev *wdev;
3010 int result = 0, rem_txq_params = 0;
3011 struct nlattr *nl_txq_params;
3012 u32 changed;
3013 u8 retry_short = 0, retry_long = 0;
3014 u32 frag_threshold = 0, rts_threshold = 0;
3015 u8 coverage_class = 0;
3016 u32 txq_limit = 0, txq_memory_limit = 0, txq_quantum = 0;
3017
3018 ASSERT_RTNL();
3019
3020 /*
3021 * Try to find the wiphy and netdev. Normally this
3022 * function shouldn't need the netdev, but this is
3023 * done for backward compatibility -- previously
3024 * setting the channel was done per wiphy, but now
3025 * it is per netdev. Previous userland like hostapd
3026 * also passed a netdev to set_wiphy, so that it is
3027 * possible to let that go to the right netdev!
3028 */
3029
3030 if (info->attrs[NL80211_ATTR_IFINDEX]) {
3031 int ifindex = nla_get_u32(info->attrs[NL80211_ATTR_IFINDEX]);
3032
3033 netdev = __dev_get_by_index(genl_info_net(info), ifindex);
3034 if (netdev && netdev->ieee80211_ptr)
3035 rdev = wiphy_to_rdev(netdev->ieee80211_ptr->wiphy);
3036 else
3037 netdev = NULL;
3038 }
3039
3040 if (!netdev) {
3041 rdev = __cfg80211_rdev_from_attrs(genl_info_net(info),
3042 info->attrs);
3043 if (IS_ERR(rdev))
3044 return PTR_ERR(rdev);
3045 wdev = NULL;
3046 netdev = NULL;
3047 result = 0;
3048 } else
3049 wdev = netdev->ieee80211_ptr;
3050
3051 /*
3052 * end workaround code, by now the rdev is available
3053 * and locked, and wdev may or may not be NULL.
3054 */
3055
3056 if (info->attrs[NL80211_ATTR_WIPHY_NAME])
3057 result = cfg80211_dev_rename(
3058 rdev, nla_data(info->attrs[NL80211_ATTR_WIPHY_NAME]));
3059
3060 if (result)
3061 return result;
3062
3063 if (info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS]) {
3064 struct ieee80211_txq_params txq_params;
3065 struct nlattr *tb[NL80211_TXQ_ATTR_MAX + 1];
3066
3067 if (!rdev->ops->set_txq_params)
3068 return -EOPNOTSUPP;
3069
3070 if (!netdev)
3071 return -EINVAL;
3072
3073 if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
3074 netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3075 return -EINVAL;
3076
3077 if (!netif_running(netdev))
3078 return -ENETDOWN;
3079
3080 nla_for_each_nested(nl_txq_params,
3081 info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS],
3082 rem_txq_params) {
3083 result = nla_parse_nested_deprecated(tb,
3084 NL80211_TXQ_ATTR_MAX,
3085 nl_txq_params,
3086 txq_params_policy,
3087 info->extack);
3088 if (result)
3089 return result;
3090 result = parse_txq_params(tb, &txq_params);
3091 if (result)
3092 return result;
3093
3094 result = rdev_set_txq_params(rdev, netdev,
3095 &txq_params);
3096 if (result)
3097 return result;
3098 }
3099 }
3100
3101 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
3102 result = __nl80211_set_channel(
3103 rdev,
3104 nl80211_can_set_dev_channel(wdev) ? netdev : NULL,
3105 info);
3106 if (result)
3107 return result;
3108 }
3109
3110 if (info->attrs[NL80211_ATTR_WIPHY_TX_POWER_SETTING]) {
3111 struct wireless_dev *txp_wdev = wdev;
3112 enum nl80211_tx_power_setting type;
3113 int idx, mbm = 0;
3114
3115 if (!(rdev->wiphy.features & NL80211_FEATURE_VIF_TXPOWER))
3116 txp_wdev = NULL;
3117
3118 if (!rdev->ops->set_tx_power)
3119 return -EOPNOTSUPP;
3120
3121 idx = NL80211_ATTR_WIPHY_TX_POWER_SETTING;
3122 type = nla_get_u32(info->attrs[idx]);
3123
3124 if (!info->attrs[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] &&
3125 (type != NL80211_TX_POWER_AUTOMATIC))
3126 return -EINVAL;
3127
3128 if (type != NL80211_TX_POWER_AUTOMATIC) {
3129 idx = NL80211_ATTR_WIPHY_TX_POWER_LEVEL;
3130 mbm = nla_get_u32(info->attrs[idx]);
3131 }
3132
3133 result = rdev_set_tx_power(rdev, txp_wdev, type, mbm);
3134 if (result)
3135 return result;
3136 }
3137
3138 if (info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX] &&
3139 info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]) {
3140 u32 tx_ant, rx_ant;
3141
3142 if ((!rdev->wiphy.available_antennas_tx &&
3143 !rdev->wiphy.available_antennas_rx) ||
3144 !rdev->ops->set_antenna)
3145 return -EOPNOTSUPP;
3146
3147 tx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX]);
3148 rx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]);
3149
3150 /* reject antenna configurations which don't match the
3151 * available antenna masks, except for the "all" mask */
3152 if ((~tx_ant && (tx_ant & ~rdev->wiphy.available_antennas_tx)) ||
3153 (~rx_ant && (rx_ant & ~rdev->wiphy.available_antennas_rx)))
3154 return -EINVAL;
3155
3156 tx_ant = tx_ant & rdev->wiphy.available_antennas_tx;
3157 rx_ant = rx_ant & rdev->wiphy.available_antennas_rx;
3158
3159 result = rdev_set_antenna(rdev, tx_ant, rx_ant);
3160 if (result)
3161 return result;
3162 }
3163
3164 changed = 0;
3165
3166 if (info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]) {
3167 retry_short = nla_get_u8(
3168 info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]);
3169
3170 changed |= WIPHY_PARAM_RETRY_SHORT;
3171 }
3172
3173 if (info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]) {
3174 retry_long = nla_get_u8(
3175 info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]);
3176
3177 changed |= WIPHY_PARAM_RETRY_LONG;
3178 }
3179
3180 if (info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]) {
3181 frag_threshold = nla_get_u32(
3182 info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]);
3183 if (frag_threshold < 256)
3184 return -EINVAL;
3185
3186 if (frag_threshold != (u32) -1) {
3187 /*
3188 * Fragments (apart from the last one) are required to
3189 * have even length. Make the fragmentation code
3190 * simpler by stripping LSB should someone try to use
3191 * odd threshold value.
3192 */
3193 frag_threshold &= ~0x1;
3194 }
3195 changed |= WIPHY_PARAM_FRAG_THRESHOLD;
3196 }
3197
3198 if (info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]) {
3199 rts_threshold = nla_get_u32(
3200 info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]);
3201 changed |= WIPHY_PARAM_RTS_THRESHOLD;
3202 }
3203
3204 if (info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]) {
3205 if (info->attrs[NL80211_ATTR_WIPHY_DYN_ACK])
3206 return -EINVAL;
3207
3208 coverage_class = nla_get_u8(
3209 info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]);
3210 changed |= WIPHY_PARAM_COVERAGE_CLASS;
3211 }
3212
3213 if (info->attrs[NL80211_ATTR_WIPHY_DYN_ACK]) {
3214 if (!(rdev->wiphy.features & NL80211_FEATURE_ACKTO_ESTIMATION))
3215 return -EOPNOTSUPP;
3216
3217 changed |= WIPHY_PARAM_DYN_ACK;
3218 }
3219
3220 if (info->attrs[NL80211_ATTR_TXQ_LIMIT]) {
3221 if (!wiphy_ext_feature_isset(&rdev->wiphy,
3222 NL80211_EXT_FEATURE_TXQS))
3223 return -EOPNOTSUPP;
3224 txq_limit = nla_get_u32(
3225 info->attrs[NL80211_ATTR_TXQ_LIMIT]);
3226 changed |= WIPHY_PARAM_TXQ_LIMIT;
3227 }
3228
3229 if (info->attrs[NL80211_ATTR_TXQ_MEMORY_LIMIT]) {
3230 if (!wiphy_ext_feature_isset(&rdev->wiphy,
3231 NL80211_EXT_FEATURE_TXQS))
3232 return -EOPNOTSUPP;
3233 txq_memory_limit = nla_get_u32(
3234 info->attrs[NL80211_ATTR_TXQ_MEMORY_LIMIT]);
3235 changed |= WIPHY_PARAM_TXQ_MEMORY_LIMIT;
3236 }
3237
3238 if (info->attrs[NL80211_ATTR_TXQ_QUANTUM]) {
3239 if (!wiphy_ext_feature_isset(&rdev->wiphy,
3240 NL80211_EXT_FEATURE_TXQS))
3241 return -EOPNOTSUPP;
3242 txq_quantum = nla_get_u32(
3243 info->attrs[NL80211_ATTR_TXQ_QUANTUM]);
3244 changed |= WIPHY_PARAM_TXQ_QUANTUM;
3245 }
3246
3247 if (changed) {
3248 u8 old_retry_short, old_retry_long;
3249 u32 old_frag_threshold, old_rts_threshold;
3250 u8 old_coverage_class;
3251 u32 old_txq_limit, old_txq_memory_limit, old_txq_quantum;
3252
3253 if (!rdev->ops->set_wiphy_params)
3254 return -EOPNOTSUPP;
3255
3256 old_retry_short = rdev->wiphy.retry_short;
3257 old_retry_long = rdev->wiphy.retry_long;
3258 old_frag_threshold = rdev->wiphy.frag_threshold;
3259 old_rts_threshold = rdev->wiphy.rts_threshold;
3260 old_coverage_class = rdev->wiphy.coverage_class;
3261 old_txq_limit = rdev->wiphy.txq_limit;
3262 old_txq_memory_limit = rdev->wiphy.txq_memory_limit;
3263 old_txq_quantum = rdev->wiphy.txq_quantum;
3264
3265 if (changed & WIPHY_PARAM_RETRY_SHORT)
3266 rdev->wiphy.retry_short = retry_short;
3267 if (changed & WIPHY_PARAM_RETRY_LONG)
3268 rdev->wiphy.retry_long = retry_long;
3269 if (changed & WIPHY_PARAM_FRAG_THRESHOLD)
3270 rdev->wiphy.frag_threshold = frag_threshold;
3271 if (changed & WIPHY_PARAM_RTS_THRESHOLD)
3272 rdev->wiphy.rts_threshold = rts_threshold;
3273 if (changed & WIPHY_PARAM_COVERAGE_CLASS)
3274 rdev->wiphy.coverage_class = coverage_class;
3275 if (changed & WIPHY_PARAM_TXQ_LIMIT)
3276 rdev->wiphy.txq_limit = txq_limit;
3277 if (changed & WIPHY_PARAM_TXQ_MEMORY_LIMIT)
3278 rdev->wiphy.txq_memory_limit = txq_memory_limit;
3279 if (changed & WIPHY_PARAM_TXQ_QUANTUM)
3280 rdev->wiphy.txq_quantum = txq_quantum;
3281
3282 result = rdev_set_wiphy_params(rdev, changed);
3283 if (result) {
3284 rdev->wiphy.retry_short = old_retry_short;
3285 rdev->wiphy.retry_long = old_retry_long;
3286 rdev->wiphy.frag_threshold = old_frag_threshold;
3287 rdev->wiphy.rts_threshold = old_rts_threshold;
3288 rdev->wiphy.coverage_class = old_coverage_class;
3289 rdev->wiphy.txq_limit = old_txq_limit;
3290 rdev->wiphy.txq_memory_limit = old_txq_memory_limit;
3291 rdev->wiphy.txq_quantum = old_txq_quantum;
3292 return result;
3293 }
3294 }
3295 return 0;
3296 }
3297
3298 static int nl80211_send_chandef(struct sk_buff *msg,
3299 const struct cfg80211_chan_def *chandef)
3300 {
3301 if (WARN_ON(!cfg80211_chandef_valid(chandef)))
3302 return -EINVAL;
3303
3304 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ,
3305 chandef->chan->center_freq))
3306 return -ENOBUFS;
3307 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ_OFFSET,
3308 chandef->chan->freq_offset))
3309 return -ENOBUFS;
3310 switch (chandef->width) {
3311 case NL80211_CHAN_WIDTH_20_NOHT:
3312 case NL80211_CHAN_WIDTH_20:
3313 case NL80211_CHAN_WIDTH_40:
3314 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
3315 cfg80211_get_chandef_type(chandef)))
3316 return -ENOBUFS;
3317 break;
3318 default:
3319 break;
3320 }
3321 if (nla_put_u32(msg, NL80211_ATTR_CHANNEL_WIDTH, chandef->width))
3322 return -ENOBUFS;
3323 if (nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ1, chandef->center_freq1))
3324 return -ENOBUFS;
3325 if (chandef->center_freq2 &&
3326 nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ2, chandef->center_freq2))
3327 return -ENOBUFS;
3328 return 0;
3329 }
3330
3331 static int nl80211_send_iface(struct sk_buff *msg, u32 portid, u32 seq, int flags,
3332 struct cfg80211_registered_device *rdev,
3333 struct wireless_dev *wdev,
3334 enum nl80211_commands cmd)
3335 {
3336 struct net_device *dev = wdev->netdev;
3337 void *hdr;
3338
3339 WARN_ON(cmd != NL80211_CMD_NEW_INTERFACE &&
3340 cmd != NL80211_CMD_DEL_INTERFACE &&
3341 cmd != NL80211_CMD_SET_INTERFACE);
3342
3343 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
3344 if (!hdr)
3345 return -1;
3346
3347 if (dev &&
3348 (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
3349 nla_put_string(msg, NL80211_ATTR_IFNAME, dev->name)))
3350 goto nla_put_failure;
3351
3352 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
3353 nla_put_u32(msg, NL80211_ATTR_IFTYPE, wdev->iftype) ||
3354 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
3355 NL80211_ATTR_PAD) ||
3356 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, wdev_address(wdev)) ||
3357 nla_put_u32(msg, NL80211_ATTR_GENERATION,
3358 rdev->devlist_generation ^
3359 (cfg80211_rdev_list_generation << 2)) ||
3360 nla_put_u8(msg, NL80211_ATTR_4ADDR, wdev->use_4addr))
3361 goto nla_put_failure;
3362
3363 if (rdev->ops->get_channel) {
3364 int ret;
3365 struct cfg80211_chan_def chandef = {};
3366
3367 ret = rdev_get_channel(rdev, wdev, &chandef);
3368 if (ret == 0) {
3369 if (nl80211_send_chandef(msg, &chandef))
3370 goto nla_put_failure;
3371 }
3372 }
3373
3374 if (rdev->ops->get_tx_power) {
3375 int dbm, ret;
3376
3377 ret = rdev_get_tx_power(rdev, wdev, &dbm);
3378 if (ret == 0 &&
3379 nla_put_u32(msg, NL80211_ATTR_WIPHY_TX_POWER_LEVEL,
3380 DBM_TO_MBM(dbm)))
3381 goto nla_put_failure;
3382 }
3383
3384 wdev_lock(wdev);
3385 switch (wdev->iftype) {
3386 case NL80211_IFTYPE_AP:
3387 if (wdev->ssid_len &&
3388 nla_put(msg, NL80211_ATTR_SSID, wdev->ssid_len, wdev->ssid))
3389 goto nla_put_failure_locked;
3390 break;
3391 case NL80211_IFTYPE_STATION:
3392 case NL80211_IFTYPE_P2P_CLIENT:
3393 case NL80211_IFTYPE_ADHOC: {
3394 const u8 *ssid_ie;
3395 if (!wdev->current_bss)
3396 break;
3397 rcu_read_lock();
3398 ssid_ie = ieee80211_bss_get_ie(&wdev->current_bss->pub,
3399 WLAN_EID_SSID);
3400 if (ssid_ie &&
3401 nla_put(msg, NL80211_ATTR_SSID, ssid_ie[1], ssid_ie + 2))
3402 goto nla_put_failure_rcu_locked;
3403 rcu_read_unlock();
3404 break;
3405 }
3406 default:
3407 /* nothing */
3408 break;
3409 }
3410 wdev_unlock(wdev);
3411
3412 if (rdev->ops->get_txq_stats) {
3413 struct cfg80211_txq_stats txqstats = {};
3414 int ret = rdev_get_txq_stats(rdev, wdev, &txqstats);
3415
3416 if (ret == 0 &&
3417 !nl80211_put_txq_stats(msg, &txqstats,
3418 NL80211_ATTR_TXQ_STATS))
3419 goto nla_put_failure;
3420 }
3421
3422 genlmsg_end(msg, hdr);
3423 return 0;
3424
3425 nla_put_failure_rcu_locked:
3426 rcu_read_unlock();
3427 nla_put_failure_locked:
3428 wdev_unlock(wdev);
3429 nla_put_failure:
3430 genlmsg_cancel(msg, hdr);
3431 return -EMSGSIZE;
3432 }
3433
3434 static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *cb)
3435 {
3436 int wp_idx = 0;
3437 int if_idx = 0;
3438 int wp_start = cb->args[0];
3439 int if_start = cb->args[1];
3440 int filter_wiphy = -1;
3441 struct cfg80211_registered_device *rdev;
3442 struct wireless_dev *wdev;
3443 int ret;
3444
3445 rtnl_lock();
3446 if (!cb->args[2]) {
3447 struct nl80211_dump_wiphy_state state = {
3448 .filter_wiphy = -1,
3449 };
3450
3451 ret = nl80211_dump_wiphy_parse(skb, cb, &state);
3452 if (ret)
3453 goto out_unlock;
3454
3455 filter_wiphy = state.filter_wiphy;
3456
3457 /*
3458 * if filtering, set cb->args[2] to +1 since 0 is the default
3459 * value needed to determine that parsing is necessary.
3460 */
3461 if (filter_wiphy >= 0)
3462 cb->args[2] = filter_wiphy + 1;
3463 else
3464 cb->args[2] = -1;
3465 } else if (cb->args[2] > 0) {
3466 filter_wiphy = cb->args[2] - 1;
3467 }
3468
3469 list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
3470 if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
3471 continue;
3472 if (wp_idx < wp_start) {
3473 wp_idx++;
3474 continue;
3475 }
3476
3477 if (filter_wiphy >= 0 && filter_wiphy != rdev->wiphy_idx)
3478 continue;
3479
3480 if_idx = 0;
3481
3482 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
3483 if (if_idx < if_start) {
3484 if_idx++;
3485 continue;
3486 }
3487 if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).portid,
3488 cb->nlh->nlmsg_seq, NLM_F_MULTI,
3489 rdev, wdev,
3490 NL80211_CMD_NEW_INTERFACE) < 0) {
3491 goto out;
3492 }
3493 if_idx++;
3494 }
3495
3496 wp_idx++;
3497 }
3498 out:
3499 cb->args[0] = wp_idx;
3500 cb->args[1] = if_idx;
3501
3502 ret = skb->len;
3503 out_unlock:
3504 rtnl_unlock();
3505
3506 return ret;
3507 }
3508
3509 static int nl80211_get_interface(struct sk_buff *skb, struct genl_info *info)
3510 {
3511 struct sk_buff *msg;
3512 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3513 struct wireless_dev *wdev = info->user_ptr[1];
3514
3515 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3516 if (!msg)
3517 return -ENOMEM;
3518
3519 if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
3520 rdev, wdev, NL80211_CMD_NEW_INTERFACE) < 0) {
3521 nlmsg_free(msg);
3522 return -ENOBUFS;
3523 }
3524
3525 return genlmsg_reply(msg, info);
3526 }
3527
3528 static const struct nla_policy mntr_flags_policy[NL80211_MNTR_FLAG_MAX + 1] = {
3529 [NL80211_MNTR_FLAG_FCSFAIL] = { .type = NLA_FLAG },
3530 [NL80211_MNTR_FLAG_PLCPFAIL] = { .type = NLA_FLAG },
3531 [NL80211_MNTR_FLAG_CONTROL] = { .type = NLA_FLAG },
3532 [NL80211_MNTR_FLAG_OTHER_BSS] = { .type = NLA_FLAG },
3533 [NL80211_MNTR_FLAG_COOK_FRAMES] = { .type = NLA_FLAG },
3534 [NL80211_MNTR_FLAG_ACTIVE] = { .type = NLA_FLAG },
3535 };
3536
3537 static int parse_monitor_flags(struct nlattr *nla, u32 *mntrflags)
3538 {
3539 struct nlattr *flags[NL80211_MNTR_FLAG_MAX + 1];
3540 int flag;
3541
3542 *mntrflags = 0;
3543
3544 if (!nla)
3545 return -EINVAL;
3546
3547 if (nla_parse_nested_deprecated(flags, NL80211_MNTR_FLAG_MAX, nla, mntr_flags_policy, NULL))
3548 return -EINVAL;
3549
3550 for (flag = 1; flag <= NL80211_MNTR_FLAG_MAX; flag++)
3551 if (flags[flag])
3552 *mntrflags |= (1<<flag);
3553
3554 *mntrflags |= MONITOR_FLAG_CHANGED;
3555
3556 return 0;
3557 }
3558
3559 static int nl80211_parse_mon_options(struct cfg80211_registered_device *rdev,
3560 enum nl80211_iftype type,
3561 struct genl_info *info,
3562 struct vif_params *params)
3563 {
3564 bool change = false;
3565 int err;
3566
3567 if (info->attrs[NL80211_ATTR_MNTR_FLAGS]) {
3568 if (type != NL80211_IFTYPE_MONITOR)
3569 return -EINVAL;
3570
3571 err = parse_monitor_flags(info->attrs[NL80211_ATTR_MNTR_FLAGS],
3572 &params->flags);
3573 if (err)
3574 return err;
3575
3576 change = true;
3577 }
3578
3579 if (params->flags & MONITOR_FLAG_ACTIVE &&
3580 !(rdev->wiphy.features & NL80211_FEATURE_ACTIVE_MONITOR))
3581 return -EOPNOTSUPP;
3582
3583 if (info->attrs[NL80211_ATTR_MU_MIMO_GROUP_DATA]) {
3584 const u8 *mumimo_groups;
3585 u32 cap_flag = NL80211_EXT_FEATURE_MU_MIMO_AIR_SNIFFER;
3586
3587 if (type != NL80211_IFTYPE_MONITOR)
3588 return -EINVAL;
3589
3590 if (!wiphy_ext_feature_isset(&rdev->wiphy, cap_flag))
3591 return -EOPNOTSUPP;
3592
3593 mumimo_groups =
3594 nla_data(info->attrs[NL80211_ATTR_MU_MIMO_GROUP_DATA]);
3595
3596 /* bits 0 and 63 are reserved and must be zero */
3597 if ((mumimo_groups[0] & BIT(0)) ||
3598 (mumimo_groups[VHT_MUMIMO_GROUPS_DATA_LEN - 1] & BIT(7)))
3599 return -EINVAL;
3600
3601 params->vht_mumimo_groups = mumimo_groups;
3602 change = true;
3603 }
3604
3605 if (info->attrs[NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR]) {
3606 u32 cap_flag = NL80211_EXT_FEATURE_MU_MIMO_AIR_SNIFFER;
3607
3608 if (type != NL80211_IFTYPE_MONITOR)
3609 return -EINVAL;
3610
3611 if (!wiphy_ext_feature_isset(&rdev->wiphy, cap_flag))
3612 return -EOPNOTSUPP;
3613
3614 params->vht_mumimo_follow_addr =
3615 nla_data(info->attrs[NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR]);
3616 change = true;
3617 }
3618
3619 return change ? 1 : 0;
3620 }
3621
3622 static int nl80211_valid_4addr(struct cfg80211_registered_device *rdev,
3623 struct net_device *netdev, u8 use_4addr,
3624 enum nl80211_iftype iftype)
3625 {
3626 if (!use_4addr) {
3627 if (netdev && netif_is_bridge_port(netdev))
3628 return -EBUSY;
3629 return 0;
3630 }
3631
3632 switch (iftype) {
3633 case NL80211_IFTYPE_AP_VLAN:
3634 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_AP)
3635 return 0;
3636 break;
3637 case NL80211_IFTYPE_STATION:
3638 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_STATION)
3639 return 0;
3640 break;
3641 default:
3642 break;
3643 }
3644
3645 return -EOPNOTSUPP;
3646 }
3647
3648 static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info)
3649 {
3650 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3651 struct vif_params params;
3652 int err;
3653 enum nl80211_iftype otype, ntype;
3654 struct net_device *dev = info->user_ptr[1];
3655 bool change = false;
3656
3657 memset(&params, 0, sizeof(params));
3658
3659 otype = ntype = dev->ieee80211_ptr->iftype;
3660
3661 if (info->attrs[NL80211_ATTR_IFTYPE]) {
3662 ntype = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
3663 if (otype != ntype)
3664 change = true;
3665 }
3666
3667 if (info->attrs[NL80211_ATTR_MESH_ID]) {
3668 struct wireless_dev *wdev = dev->ieee80211_ptr;
3669
3670 if (ntype != NL80211_IFTYPE_MESH_POINT)
3671 return -EINVAL;
3672 if (netif_running(dev))
3673 return -EBUSY;
3674
3675 wdev_lock(wdev);
3676 BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
3677 IEEE80211_MAX_MESH_ID_LEN);
3678 wdev->mesh_id_up_len =
3679 nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
3680 memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
3681 wdev->mesh_id_up_len);
3682 wdev_unlock(wdev);
3683 }
3684
3685 if (info->attrs[NL80211_ATTR_4ADDR]) {
3686 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
3687 change = true;
3688 err = nl80211_valid_4addr(rdev, dev, params.use_4addr, ntype);
3689 if (err)
3690 return err;
3691 } else {
3692 params.use_4addr = -1;
3693 }
3694
3695 err = nl80211_parse_mon_options(rdev, ntype, info, &params);
3696 if (err < 0)
3697 return err;
3698 if (err > 0)
3699 change = true;
3700
3701 if (change)
3702 err = cfg80211_change_iface(rdev, dev, ntype, &params);
3703 else
3704 err = 0;
3705
3706 if (!err && params.use_4addr != -1)
3707 dev->ieee80211_ptr->use_4addr = params.use_4addr;
3708
3709 if (change && !err) {
3710 struct wireless_dev *wdev = dev->ieee80211_ptr;
3711
3712 nl80211_notify_iface(rdev, wdev, NL80211_CMD_SET_INTERFACE);
3713 }
3714
3715 return err;
3716 }
3717
3718 static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info)
3719 {
3720 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3721 struct vif_params params;
3722 struct wireless_dev *wdev;
3723 struct sk_buff *msg;
3724 int err;
3725 enum nl80211_iftype type = NL80211_IFTYPE_UNSPECIFIED;
3726
3727 /* to avoid failing a new interface creation due to pending removal */
3728 cfg80211_destroy_ifaces(rdev);
3729
3730 memset(&params, 0, sizeof(params));
3731
3732 if (!info->attrs[NL80211_ATTR_IFNAME])
3733 return -EINVAL;
3734
3735 if (info->attrs[NL80211_ATTR_IFTYPE])
3736 type = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
3737
3738 if (!rdev->ops->add_virtual_intf)
3739 return -EOPNOTSUPP;
3740
3741 if ((type == NL80211_IFTYPE_P2P_DEVICE || type == NL80211_IFTYPE_NAN ||
3742 rdev->wiphy.features & NL80211_FEATURE_MAC_ON_CREATE) &&
3743 info->attrs[NL80211_ATTR_MAC]) {
3744 nla_memcpy(params.macaddr, info->attrs[NL80211_ATTR_MAC],
3745 ETH_ALEN);
3746 if (!is_valid_ether_addr(params.macaddr))
3747 return -EADDRNOTAVAIL;
3748 }
3749
3750 if (info->attrs[NL80211_ATTR_4ADDR]) {
3751 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
3752 err = nl80211_valid_4addr(rdev, NULL, params.use_4addr, type);
3753 if (err)
3754 return err;
3755 }
3756
3757 if (!cfg80211_iftype_allowed(&rdev->wiphy, type, params.use_4addr, 0))
3758 return -EOPNOTSUPP;
3759
3760 err = nl80211_parse_mon_options(rdev, type, info, &params);
3761 if (err < 0)
3762 return err;
3763
3764 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3765 if (!msg)
3766 return -ENOMEM;
3767
3768 wdev = rdev_add_virtual_intf(rdev,
3769 nla_data(info->attrs[NL80211_ATTR_IFNAME]),
3770 NET_NAME_USER, type, &params);
3771 if (WARN_ON(!wdev)) {
3772 nlmsg_free(msg);
3773 return -EPROTO;
3774 } else if (IS_ERR(wdev)) {
3775 nlmsg_free(msg);
3776 return PTR_ERR(wdev);
3777 }
3778
3779 if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
3780 wdev->owner_nlportid = info->snd_portid;
3781
3782 switch (type) {
3783 case NL80211_IFTYPE_MESH_POINT:
3784 if (!info->attrs[NL80211_ATTR_MESH_ID])
3785 break;
3786 wdev_lock(wdev);
3787 BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
3788 IEEE80211_MAX_MESH_ID_LEN);
3789 wdev->mesh_id_up_len =
3790 nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
3791 memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
3792 wdev->mesh_id_up_len);
3793 wdev_unlock(wdev);
3794 break;
3795 case NL80211_IFTYPE_NAN:
3796 case NL80211_IFTYPE_P2P_DEVICE:
3797 /*
3798 * P2P Device and NAN do not have a netdev, so don't go
3799 * through the netdev notifier and must be added here
3800 */
3801 cfg80211_init_wdev(rdev, wdev);
3802 break;
3803 default:
3804 break;
3805 }
3806
3807 if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
3808 rdev, wdev, NL80211_CMD_NEW_INTERFACE) < 0) {
3809 nlmsg_free(msg);
3810 return -ENOBUFS;
3811 }
3812
3813 return genlmsg_reply(msg, info);
3814 }
3815
3816 static int nl80211_del_interface(struct sk_buff *skb, struct genl_info *info)
3817 {
3818 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3819 struct wireless_dev *wdev = info->user_ptr[1];
3820
3821 if (!rdev->ops->del_virtual_intf)
3822 return -EOPNOTSUPP;
3823
3824 /*
3825 * If we remove a wireless device without a netdev then clear
3826 * user_ptr[1] so that nl80211_post_doit won't dereference it
3827 * to check if it needs to do dev_put(). Otherwise it crashes
3828 * since the wdev has been freed, unlike with a netdev where
3829 * we need the dev_put() for the netdev to really be freed.
3830 */
3831 if (!wdev->netdev)
3832 info->user_ptr[1] = NULL;
3833
3834 return rdev_del_virtual_intf(rdev, wdev);
3835 }
3836
3837 static int nl80211_set_noack_map(struct sk_buff *skb, struct genl_info *info)
3838 {
3839 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3840 struct net_device *dev = info->user_ptr[1];
3841 u16 noack_map;
3842
3843 if (!info->attrs[NL80211_ATTR_NOACK_MAP])
3844 return -EINVAL;
3845
3846 if (!rdev->ops->set_noack_map)
3847 return -EOPNOTSUPP;
3848
3849 noack_map = nla_get_u16(info->attrs[NL80211_ATTR_NOACK_MAP]);
3850
3851 return rdev_set_noack_map(rdev, dev, noack_map);
3852 }
3853
3854 struct get_key_cookie {
3855 struct sk_buff *msg;
3856 int error;
3857 int idx;
3858 };
3859
3860 static void get_key_callback(void *c, struct key_params *params)
3861 {
3862 struct nlattr *key;
3863 struct get_key_cookie *cookie = c;
3864
3865 if ((params->key &&
3866 nla_put(cookie->msg, NL80211_ATTR_KEY_DATA,
3867 params->key_len, params->key)) ||
3868 (params->seq &&
3869 nla_put(cookie->msg, NL80211_ATTR_KEY_SEQ,
3870 params->seq_len, params->seq)) ||
3871 (params->cipher &&
3872 nla_put_u32(cookie->msg, NL80211_ATTR_KEY_CIPHER,
3873 params->cipher)))
3874 goto nla_put_failure;
3875
3876 key = nla_nest_start_noflag(cookie->msg, NL80211_ATTR_KEY);
3877 if (!key)
3878 goto nla_put_failure;
3879
3880 if ((params->key &&
3881 nla_put(cookie->msg, NL80211_KEY_DATA,
3882 params->key_len, params->key)) ||
3883 (params->seq &&
3884 nla_put(cookie->msg, NL80211_KEY_SEQ,
3885 params->seq_len, params->seq)) ||
3886 (params->cipher &&
3887 nla_put_u32(cookie->msg, NL80211_KEY_CIPHER,
3888 params->cipher)))
3889 goto nla_put_failure;
3890
3891 if (nla_put_u8(cookie->msg, NL80211_KEY_IDX, cookie->idx))
3892 goto nla_put_failure;
3893
3894 nla_nest_end(cookie->msg, key);
3895
3896 return;
3897 nla_put_failure:
3898 cookie->error = 1;
3899 }
3900
3901 static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info)
3902 {
3903 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3904 int err;
3905 struct net_device *dev = info->user_ptr[1];
3906 u8 key_idx = 0;
3907 const u8 *mac_addr = NULL;
3908 bool pairwise;
3909 struct get_key_cookie cookie = {
3910 .error = 0,
3911 };
3912 void *hdr;
3913 struct sk_buff *msg;
3914 bool bigtk_support = false;
3915
3916 if (wiphy_ext_feature_isset(&rdev->wiphy,
3917 NL80211_EXT_FEATURE_BEACON_PROTECTION))
3918 bigtk_support = true;
3919
3920 if ((dev->ieee80211_ptr->iftype == NL80211_IFTYPE_STATION ||
3921 dev->ieee80211_ptr->iftype == NL80211_IFTYPE_P2P_CLIENT) &&
3922 wiphy_ext_feature_isset(&rdev->wiphy,
3923 NL80211_EXT_FEATURE_BEACON_PROTECTION_CLIENT))
3924 bigtk_support = true;
3925
3926 if (info->attrs[NL80211_ATTR_KEY_IDX]) {
3927 key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
3928
3929 if (key_idx >= 6 && key_idx <= 7 && !bigtk_support) {
3930 GENL_SET_ERR_MSG(info, "BIGTK not supported");
3931 return -EINVAL;
3932 }
3933 }
3934
3935 if (info->attrs[NL80211_ATTR_MAC])
3936 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3937
3938 pairwise = !!mac_addr;
3939 if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
3940 u32 kt = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
3941
3942 if (kt != NL80211_KEYTYPE_GROUP &&
3943 kt != NL80211_KEYTYPE_PAIRWISE)
3944 return -EINVAL;
3945 pairwise = kt == NL80211_KEYTYPE_PAIRWISE;
3946 }
3947
3948 if (!rdev->ops->get_key)
3949 return -EOPNOTSUPP;
3950
3951 if (!pairwise && mac_addr && !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
3952 return -ENOENT;
3953
3954 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3955 if (!msg)
3956 return -ENOMEM;
3957
3958 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
3959 NL80211_CMD_NEW_KEY);
3960 if (!hdr)
3961 goto nla_put_failure;
3962
3963 cookie.msg = msg;
3964 cookie.idx = key_idx;
3965
3966 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
3967 nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_idx))
3968 goto nla_put_failure;
3969 if (mac_addr &&
3970 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr))
3971 goto nla_put_failure;
3972
3973 err = rdev_get_key(rdev, dev, key_idx, pairwise, mac_addr, &cookie,
3974 get_key_callback);
3975
3976 if (err)
3977 goto free_msg;
3978
3979 if (cookie.error)
3980 goto nla_put_failure;
3981
3982 genlmsg_end(msg, hdr);
3983 return genlmsg_reply(msg, info);
3984
3985 nla_put_failure:
3986 err = -ENOBUFS;
3987 free_msg:
3988 nlmsg_free(msg);
3989 return err;
3990 }
3991
3992 static int nl80211_set_key(struct sk_buff *skb, struct genl_info *info)
3993 {
3994 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3995 struct key_parse key;
3996 int err;
3997 struct net_device *dev = info->user_ptr[1];
3998
3999 err = nl80211_parse_key(info, &key);
4000 if (err)
4001 return err;
4002
4003 if (key.idx < 0)
4004 return -EINVAL;
4005
4006 /* Only support setting default key and
4007 * Extended Key ID action NL80211_KEY_SET_TX.
4008 */
4009 if (!key.def && !key.defmgmt && !key.defbeacon &&
4010 !(key.p.mode == NL80211_KEY_SET_TX))
4011 return -EINVAL;
4012
4013 wdev_lock(dev->ieee80211_ptr);
4014
4015 if (key.def) {
4016 if (!rdev->ops->set_default_key) {
4017 err = -EOPNOTSUPP;
4018 goto out;
4019 }
4020
4021 err = nl80211_key_allowed(dev->ieee80211_ptr);
4022 if (err)
4023 goto out;
4024
4025 err = rdev_set_default_key(rdev, dev, key.idx,
4026 key.def_uni, key.def_multi);
4027
4028 if (err)
4029 goto out;
4030
4031 #ifdef CONFIG_CFG80211_WEXT
4032 dev->ieee80211_ptr->wext.default_key = key.idx;
4033 #endif
4034 } else if (key.defmgmt) {
4035 if (key.def_uni || !key.def_multi) {
4036 err = -EINVAL;
4037 goto out;
4038 }
4039
4040 if (!rdev->ops->set_default_mgmt_key) {
4041 err = -EOPNOTSUPP;
4042 goto out;
4043 }
4044
4045 err = nl80211_key_allowed(dev->ieee80211_ptr);
4046 if (err)
4047 goto out;
4048
4049 err = rdev_set_default_mgmt_key(rdev, dev, key.idx);
4050 if (err)
4051 goto out;
4052
4053 #ifdef CONFIG_CFG80211_WEXT
4054 dev->ieee80211_ptr->wext.default_mgmt_key = key.idx;
4055 #endif
4056 } else if (key.defbeacon) {
4057 if (key.def_uni || !key.def_multi) {
4058 err = -EINVAL;
4059 goto out;
4060 }
4061
4062 if (!rdev->ops->set_default_beacon_key) {
4063 err = -EOPNOTSUPP;
4064 goto out;
4065 }
4066
4067 err = nl80211_key_allowed(dev->ieee80211_ptr);
4068 if (err)
4069 goto out;
4070
4071 err = rdev_set_default_beacon_key(rdev, dev, key.idx);
4072 if (err)
4073 goto out;
4074 } else if (key.p.mode == NL80211_KEY_SET_TX &&
4075 wiphy_ext_feature_isset(&rdev->wiphy,
4076 NL80211_EXT_FEATURE_EXT_KEY_ID)) {
4077 u8 *mac_addr = NULL;
4078
4079 if (info->attrs[NL80211_ATTR_MAC])
4080 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4081
4082 if (!mac_addr || key.idx < 0 || key.idx > 1) {
4083 err = -EINVAL;
4084 goto out;
4085 }
4086
4087 err = rdev_add_key(rdev, dev, key.idx,
4088 NL80211_KEYTYPE_PAIRWISE,
4089 mac_addr, &key.p);
4090 } else {
4091 err = -EINVAL;
4092 }
4093 out:
4094 wdev_unlock(dev->ieee80211_ptr);
4095
4096 return err;
4097 }
4098
4099 static int nl80211_new_key(struct sk_buff *skb, struct genl_info *info)
4100 {
4101 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4102 int err;
4103 struct net_device *dev = info->user_ptr[1];
4104 struct key_parse key;
4105 const u8 *mac_addr = NULL;
4106
4107 err = nl80211_parse_key(info, &key);
4108 if (err)
4109 return err;
4110
4111 if (!key.p.key) {
4112 GENL_SET_ERR_MSG(info, "no key");
4113 return -EINVAL;
4114 }
4115
4116 if (info->attrs[NL80211_ATTR_MAC])
4117 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4118
4119 if (key.type == -1) {
4120 if (mac_addr)
4121 key.type = NL80211_KEYTYPE_PAIRWISE;
4122 else
4123 key.type = NL80211_KEYTYPE_GROUP;
4124 }
4125
4126 /* for now */
4127 if (key.type != NL80211_KEYTYPE_PAIRWISE &&
4128 key.type != NL80211_KEYTYPE_GROUP) {
4129 GENL_SET_ERR_MSG(info, "key type not pairwise or group");
4130 return -EINVAL;
4131 }
4132
4133 if (key.type == NL80211_KEYTYPE_GROUP &&
4134 info->attrs[NL80211_ATTR_VLAN_ID])
4135 key.p.vlan_id = nla_get_u16(info->attrs[NL80211_ATTR_VLAN_ID]);
4136
4137 if (!rdev->ops->add_key)
4138 return -EOPNOTSUPP;
4139
4140 if (cfg80211_validate_key_settings(rdev, &key.p, key.idx,
4141 key.type == NL80211_KEYTYPE_PAIRWISE,
4142 mac_addr)) {
4143 GENL_SET_ERR_MSG(info, "key setting validation failed");
4144 return -EINVAL;
4145 }
4146
4147 wdev_lock(dev->ieee80211_ptr);
4148 err = nl80211_key_allowed(dev->ieee80211_ptr);
4149 if (err)
4150 GENL_SET_ERR_MSG(info, "key not allowed");
4151 if (!err) {
4152 err = rdev_add_key(rdev, dev, key.idx,
4153 key.type == NL80211_KEYTYPE_PAIRWISE,
4154 mac_addr, &key.p);
4155 if (err)
4156 GENL_SET_ERR_MSG(info, "key addition failed");
4157 }
4158 wdev_unlock(dev->ieee80211_ptr);
4159
4160 return err;
4161 }
4162
4163 static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info)
4164 {
4165 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4166 int err;
4167 struct net_device *dev = info->user_ptr[1];
4168 u8 *mac_addr = NULL;
4169 struct key_parse key;
4170
4171 err = nl80211_parse_key(info, &key);
4172 if (err)
4173 return err;
4174
4175 if (info->attrs[NL80211_ATTR_MAC])
4176 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4177
4178 if (key.type == -1) {
4179 if (mac_addr)
4180 key.type = NL80211_KEYTYPE_PAIRWISE;
4181 else
4182 key.type = NL80211_KEYTYPE_GROUP;
4183 }
4184
4185 /* for now */
4186 if (key.type != NL80211_KEYTYPE_PAIRWISE &&
4187 key.type != NL80211_KEYTYPE_GROUP)
4188 return -EINVAL;
4189
4190 if (!rdev->ops->del_key)
4191 return -EOPNOTSUPP;
4192
4193 wdev_lock(dev->ieee80211_ptr);
4194 err = nl80211_key_allowed(dev->ieee80211_ptr);
4195
4196 if (key.type == NL80211_KEYTYPE_GROUP && mac_addr &&
4197 !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
4198 err = -ENOENT;
4199
4200 if (!err)
4201 err = rdev_del_key(rdev, dev, key.idx,
4202 key.type == NL80211_KEYTYPE_PAIRWISE,
4203 mac_addr);
4204
4205 #ifdef CONFIG_CFG80211_WEXT
4206 if (!err) {
4207 if (key.idx == dev->ieee80211_ptr->wext.default_key)
4208 dev->ieee80211_ptr->wext.default_key = -1;
4209 else if (key.idx == dev->ieee80211_ptr->wext.default_mgmt_key)
4210 dev->ieee80211_ptr->wext.default_mgmt_key = -1;
4211 }
4212 #endif
4213 wdev_unlock(dev->ieee80211_ptr);
4214
4215 return err;
4216 }
4217
4218 /* This function returns an error or the number of nested attributes */
4219 static int validate_acl_mac_addrs(struct nlattr *nl_attr)
4220 {
4221 struct nlattr *attr;
4222 int n_entries = 0, tmp;
4223
4224 nla_for_each_nested(attr, nl_attr, tmp) {
4225 if (nla_len(attr) != ETH_ALEN)
4226 return -EINVAL;
4227
4228 n_entries++;
4229 }
4230
4231 return n_entries;
4232 }
4233
4234 /*
4235 * This function parses ACL information and allocates memory for ACL data.
4236 * On successful return, the calling function is responsible to free the
4237 * ACL buffer returned by this function.
4238 */
4239 static struct cfg80211_acl_data *parse_acl_data(struct wiphy *wiphy,
4240 struct genl_info *info)
4241 {
4242 enum nl80211_acl_policy acl_policy;
4243 struct nlattr *attr;
4244 struct cfg80211_acl_data *acl;
4245 int i = 0, n_entries, tmp;
4246
4247 if (!wiphy->max_acl_mac_addrs)
4248 return ERR_PTR(-EOPNOTSUPP);
4249
4250 if (!info->attrs[NL80211_ATTR_ACL_POLICY])
4251 return ERR_PTR(-EINVAL);
4252
4253 acl_policy = nla_get_u32(info->attrs[NL80211_ATTR_ACL_POLICY]);
4254 if (acl_policy != NL80211_ACL_POLICY_ACCEPT_UNLESS_LISTED &&
4255 acl_policy != NL80211_ACL_POLICY_DENY_UNLESS_LISTED)
4256 return ERR_PTR(-EINVAL);
4257
4258 if (!info->attrs[NL80211_ATTR_MAC_ADDRS])
4259 return ERR_PTR(-EINVAL);
4260
4261 n_entries = validate_acl_mac_addrs(info->attrs[NL80211_ATTR_MAC_ADDRS]);
4262 if (n_entries < 0)
4263 return ERR_PTR(n_entries);
4264
4265 if (n_entries > wiphy->max_acl_mac_addrs)
4266 return ERR_PTR(-ENOTSUPP);
4267
4268 acl = kzalloc(struct_size(acl, mac_addrs, n_entries), GFP_KERNEL);
4269 if (!acl)
4270 return ERR_PTR(-ENOMEM);
4271
4272 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_MAC_ADDRS], tmp) {
4273 memcpy(acl->mac_addrs[i].addr, nla_data(attr), ETH_ALEN);
4274 i++;
4275 }
4276
4277 acl->n_acl_entries = n_entries;
4278 acl->acl_policy = acl_policy;
4279
4280 return acl;
4281 }
4282
4283 static int nl80211_set_mac_acl(struct sk_buff *skb, struct genl_info *info)
4284 {
4285 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4286 struct net_device *dev = info->user_ptr[1];
4287 struct cfg80211_acl_data *acl;
4288 int err;
4289
4290 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
4291 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4292 return -EOPNOTSUPP;
4293
4294 if (!dev->ieee80211_ptr->beacon_interval)
4295 return -EINVAL;
4296
4297 acl = parse_acl_data(&rdev->wiphy, info);
4298 if (IS_ERR(acl))
4299 return PTR_ERR(acl);
4300
4301 err = rdev_set_mac_acl(rdev, dev, acl);
4302
4303 kfree(acl);
4304
4305 return err;
4306 }
4307
4308 static u32 rateset_to_mask(struct ieee80211_supported_band *sband,
4309 u8 *rates, u8 rates_len)
4310 {
4311 u8 i;
4312 u32 mask = 0;
4313
4314 for (i = 0; i < rates_len; i++) {
4315 int rate = (rates[i] & 0x7f) * 5;
4316 int ridx;
4317
4318 for (ridx = 0; ridx < sband->n_bitrates; ridx++) {
4319 struct ieee80211_rate *srate =
4320 &sband->bitrates[ridx];
4321 if (rate == srate->bitrate) {
4322 mask |= 1 << ridx;
4323 break;
4324 }
4325 }
4326 if (ridx == sband->n_bitrates)
4327 return 0; /* rate not found */
4328 }
4329
4330 return mask;
4331 }
4332
4333 static bool ht_rateset_to_mask(struct ieee80211_supported_band *sband,
4334 u8 *rates, u8 rates_len,
4335 u8 mcs[IEEE80211_HT_MCS_MASK_LEN])
4336 {
4337 u8 i;
4338
4339 memset(mcs, 0, IEEE80211_HT_MCS_MASK_LEN);
4340
4341 for (i = 0; i < rates_len; i++) {
4342 int ridx, rbit;
4343
4344 ridx = rates[i] / 8;
4345 rbit = BIT(rates[i] % 8);
4346
4347 /* check validity */
4348 if ((ridx < 0) || (ridx >= IEEE80211_HT_MCS_MASK_LEN))
4349 return false;
4350
4351 /* check availability */
4352 ridx = array_index_nospec(ridx, IEEE80211_HT_MCS_MASK_LEN);
4353 if (sband->ht_cap.mcs.rx_mask[ridx] & rbit)
4354 mcs[ridx] |= rbit;
4355 else
4356 return false;
4357 }
4358
4359 return true;
4360 }
4361
4362 static u16 vht_mcs_map_to_mcs_mask(u8 vht_mcs_map)
4363 {
4364 u16 mcs_mask = 0;
4365
4366 switch (vht_mcs_map) {
4367 case IEEE80211_VHT_MCS_NOT_SUPPORTED:
4368 break;
4369 case IEEE80211_VHT_MCS_SUPPORT_0_7:
4370 mcs_mask = 0x00FF;
4371 break;
4372 case IEEE80211_VHT_MCS_SUPPORT_0_8:
4373 mcs_mask = 0x01FF;
4374 break;
4375 case IEEE80211_VHT_MCS_SUPPORT_0_9:
4376 mcs_mask = 0x03FF;
4377 break;
4378 default:
4379 break;
4380 }
4381
4382 return mcs_mask;
4383 }
4384
4385 static void vht_build_mcs_mask(u16 vht_mcs_map,
4386 u16 vht_mcs_mask[NL80211_VHT_NSS_MAX])
4387 {
4388 u8 nss;
4389
4390 for (nss = 0; nss < NL80211_VHT_NSS_MAX; nss++) {
4391 vht_mcs_mask[nss] = vht_mcs_map_to_mcs_mask(vht_mcs_map & 0x03);
4392 vht_mcs_map >>= 2;
4393 }
4394 }
4395
4396 static bool vht_set_mcs_mask(struct ieee80211_supported_band *sband,
4397 struct nl80211_txrate_vht *txrate,
4398 u16 mcs[NL80211_VHT_NSS_MAX])
4399 {
4400 u16 tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
4401 u16 tx_mcs_mask[NL80211_VHT_NSS_MAX] = {};
4402 u8 i;
4403
4404 if (!sband->vht_cap.vht_supported)
4405 return false;
4406
4407 memset(mcs, 0, sizeof(u16) * NL80211_VHT_NSS_MAX);
4408
4409 /* Build vht_mcs_mask from VHT capabilities */
4410 vht_build_mcs_mask(tx_mcs_map, tx_mcs_mask);
4411
4412 for (i = 0; i < NL80211_VHT_NSS_MAX; i++) {
4413 if ((tx_mcs_mask[i] & txrate->mcs[i]) == txrate->mcs[i])
4414 mcs[i] = txrate->mcs[i];
4415 else
4416 return false;
4417 }
4418
4419 return true;
4420 }
4421
4422 static int nl80211_parse_tx_bitrate_mask(struct genl_info *info,
4423 struct nlattr *attrs[],
4424 enum nl80211_attrs attr,
4425 struct cfg80211_bitrate_mask *mask)
4426 {
4427 struct nlattr *tb[NL80211_TXRATE_MAX + 1];
4428 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4429 int rem, i;
4430 struct nlattr *tx_rates;
4431 struct ieee80211_supported_band *sband;
4432 u16 vht_tx_mcs_map;
4433
4434 memset(mask, 0, sizeof(*mask));
4435 /* Default to all rates enabled */
4436 for (i = 0; i < NUM_NL80211_BANDS; i++) {
4437 sband = rdev->wiphy.bands[i];
4438
4439 if (!sband)
4440 continue;
4441
4442 mask->control[i].legacy = (1 << sband->n_bitrates) - 1;
4443 memcpy(mask->control[i].ht_mcs,
4444 sband->ht_cap.mcs.rx_mask,
4445 sizeof(mask->control[i].ht_mcs));
4446
4447 if (!sband->vht_cap.vht_supported)
4448 continue;
4449
4450 vht_tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
4451 vht_build_mcs_mask(vht_tx_mcs_map, mask->control[i].vht_mcs);
4452 }
4453
4454 /* if no rates are given set it back to the defaults */
4455 if (!attrs[attr])
4456 goto out;
4457
4458 /* The nested attribute uses enum nl80211_band as the index. This maps
4459 * directly to the enum nl80211_band values used in cfg80211.
4460 */
4461 BUILD_BUG_ON(NL80211_MAX_SUPP_HT_RATES > IEEE80211_HT_MCS_MASK_LEN * 8);
4462 nla_for_each_nested(tx_rates, attrs[attr], rem) {
4463 enum nl80211_band band = nla_type(tx_rates);
4464 int err;
4465
4466 if (band < 0 || band >= NUM_NL80211_BANDS)
4467 return -EINVAL;
4468 sband = rdev->wiphy.bands[band];
4469 if (sband == NULL)
4470 return -EINVAL;
4471 err = nla_parse_nested_deprecated(tb, NL80211_TXRATE_MAX,
4472 tx_rates,
4473 nl80211_txattr_policy,
4474 info->extack);
4475 if (err)
4476 return err;
4477 if (tb[NL80211_TXRATE_LEGACY]) {
4478 mask->control[band].legacy = rateset_to_mask(
4479 sband,
4480 nla_data(tb[NL80211_TXRATE_LEGACY]),
4481 nla_len(tb[NL80211_TXRATE_LEGACY]));
4482 if ((mask->control[band].legacy == 0) &&
4483 nla_len(tb[NL80211_TXRATE_LEGACY]))
4484 return -EINVAL;
4485 }
4486 if (tb[NL80211_TXRATE_HT]) {
4487 if (!ht_rateset_to_mask(
4488 sband,
4489 nla_data(tb[NL80211_TXRATE_HT]),
4490 nla_len(tb[NL80211_TXRATE_HT]),
4491 mask->control[band].ht_mcs))
4492 return -EINVAL;
4493 }
4494 if (tb[NL80211_TXRATE_VHT]) {
4495 if (!vht_set_mcs_mask(
4496 sband,
4497 nla_data(tb[NL80211_TXRATE_VHT]),
4498 mask->control[band].vht_mcs))
4499 return -EINVAL;
4500 }
4501 if (tb[NL80211_TXRATE_GI]) {
4502 mask->control[band].gi =
4503 nla_get_u8(tb[NL80211_TXRATE_GI]);
4504 if (mask->control[band].gi > NL80211_TXRATE_FORCE_LGI)
4505 return -EINVAL;
4506 }
4507
4508 if (mask->control[band].legacy == 0) {
4509 /* don't allow empty legacy rates if HT or VHT
4510 * are not even supported.
4511 */
4512 if (!(rdev->wiphy.bands[band]->ht_cap.ht_supported ||
4513 rdev->wiphy.bands[band]->vht_cap.vht_supported))
4514 return -EINVAL;
4515
4516 for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++)
4517 if (mask->control[band].ht_mcs[i])
4518 goto out;
4519
4520 for (i = 0; i < NL80211_VHT_NSS_MAX; i++)
4521 if (mask->control[band].vht_mcs[i])
4522 goto out;
4523
4524 /* legacy and mcs rates may not be both empty */
4525 return -EINVAL;
4526 }
4527 }
4528
4529 out:
4530 return 0;
4531 }
4532
4533 static int validate_beacon_tx_rate(struct cfg80211_registered_device *rdev,
4534 enum nl80211_band band,
4535 struct cfg80211_bitrate_mask *beacon_rate)
4536 {
4537 u32 count_ht, count_vht, i;
4538 u32 rate = beacon_rate->control[band].legacy;
4539
4540 /* Allow only one rate */
4541 if (hweight32(rate) > 1)
4542 return -EINVAL;
4543
4544 count_ht = 0;
4545 for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++) {
4546 if (hweight8(beacon_rate->control[band].ht_mcs[i]) > 1) {
4547 return -EINVAL;
4548 } else if (beacon_rate->control[band].ht_mcs[i]) {
4549 count_ht++;
4550 if (count_ht > 1)
4551 return -EINVAL;
4552 }
4553 if (count_ht && rate)
4554 return -EINVAL;
4555 }
4556
4557 count_vht = 0;
4558 for (i = 0; i < NL80211_VHT_NSS_MAX; i++) {
4559 if (hweight16(beacon_rate->control[band].vht_mcs[i]) > 1) {
4560 return -EINVAL;
4561 } else if (beacon_rate->control[band].vht_mcs[i]) {
4562 count_vht++;
4563 if (count_vht > 1)
4564 return -EINVAL;
4565 }
4566 if (count_vht && rate)
4567 return -EINVAL;
4568 }
4569
4570 if ((count_ht && count_vht) || (!rate && !count_ht && !count_vht))
4571 return -EINVAL;
4572
4573 if (rate &&
4574 !wiphy_ext_feature_isset(&rdev->wiphy,
4575 NL80211_EXT_FEATURE_BEACON_RATE_LEGACY))
4576 return -EINVAL;
4577 if (count_ht &&
4578 !wiphy_ext_feature_isset(&rdev->wiphy,
4579 NL80211_EXT_FEATURE_BEACON_RATE_HT))
4580 return -EINVAL;
4581 if (count_vht &&
4582 !wiphy_ext_feature_isset(&rdev->wiphy,
4583 NL80211_EXT_FEATURE_BEACON_RATE_VHT))
4584 return -EINVAL;
4585
4586 return 0;
4587 }
4588
4589 static int nl80211_parse_beacon(struct cfg80211_registered_device *rdev,
4590 struct nlattr *attrs[],
4591 struct cfg80211_beacon_data *bcn)
4592 {
4593 bool haveinfo = false;
4594 int err;
4595
4596 memset(bcn, 0, sizeof(*bcn));
4597
4598 if (attrs[NL80211_ATTR_BEACON_HEAD]) {
4599 bcn->head = nla_data(attrs[NL80211_ATTR_BEACON_HEAD]);
4600 bcn->head_len = nla_len(attrs[NL80211_ATTR_BEACON_HEAD]);
4601 if (!bcn->head_len)
4602 return -EINVAL;
4603 haveinfo = true;
4604 }
4605
4606 if (attrs[NL80211_ATTR_BEACON_TAIL]) {
4607 bcn->tail = nla_data(attrs[NL80211_ATTR_BEACON_TAIL]);
4608 bcn->tail_len = nla_len(attrs[NL80211_ATTR_BEACON_TAIL]);
4609 haveinfo = true;
4610 }
4611
4612 if (!haveinfo)
4613 return -EINVAL;
4614
4615 if (attrs[NL80211_ATTR_IE]) {
4616 bcn->beacon_ies = nla_data(attrs[NL80211_ATTR_IE]);
4617 bcn->beacon_ies_len = nla_len(attrs[NL80211_ATTR_IE]);
4618 }
4619
4620 if (attrs[NL80211_ATTR_IE_PROBE_RESP]) {
4621 bcn->proberesp_ies =
4622 nla_data(attrs[NL80211_ATTR_IE_PROBE_RESP]);
4623 bcn->proberesp_ies_len =
4624 nla_len(attrs[NL80211_ATTR_IE_PROBE_RESP]);
4625 }
4626
4627 if (attrs[NL80211_ATTR_IE_ASSOC_RESP]) {
4628 bcn->assocresp_ies =
4629 nla_data(attrs[NL80211_ATTR_IE_ASSOC_RESP]);
4630 bcn->assocresp_ies_len =
4631 nla_len(attrs[NL80211_ATTR_IE_ASSOC_RESP]);
4632 }
4633
4634 if (attrs[NL80211_ATTR_PROBE_RESP]) {
4635 bcn->probe_resp = nla_data(attrs[NL80211_ATTR_PROBE_RESP]);
4636 bcn->probe_resp_len = nla_len(attrs[NL80211_ATTR_PROBE_RESP]);
4637 }
4638
4639 if (attrs[NL80211_ATTR_FTM_RESPONDER]) {
4640 struct nlattr *tb[NL80211_FTM_RESP_ATTR_MAX + 1];
4641
4642 err = nla_parse_nested_deprecated(tb,
4643 NL80211_FTM_RESP_ATTR_MAX,
4644 attrs[NL80211_ATTR_FTM_RESPONDER],
4645 NULL, NULL);
4646 if (err)
4647 return err;
4648
4649 if (tb[NL80211_FTM_RESP_ATTR_ENABLED] &&
4650 wiphy_ext_feature_isset(&rdev->wiphy,
4651 NL80211_EXT_FEATURE_ENABLE_FTM_RESPONDER))
4652 bcn->ftm_responder = 1;
4653 else
4654 return -EOPNOTSUPP;
4655
4656 if (tb[NL80211_FTM_RESP_ATTR_LCI]) {
4657 bcn->lci = nla_data(tb[NL80211_FTM_RESP_ATTR_LCI]);
4658 bcn->lci_len = nla_len(tb[NL80211_FTM_RESP_ATTR_LCI]);
4659 }
4660
4661 if (tb[NL80211_FTM_RESP_ATTR_CIVICLOC]) {
4662 bcn->civicloc = nla_data(tb[NL80211_FTM_RESP_ATTR_CIVICLOC]);
4663 bcn->civicloc_len = nla_len(tb[NL80211_FTM_RESP_ATTR_CIVICLOC]);
4664 }
4665 } else {
4666 bcn->ftm_responder = -1;
4667 }
4668
4669 return 0;
4670 }
4671
4672 static int nl80211_parse_he_obss_pd(struct nlattr *attrs,
4673 struct ieee80211_he_obss_pd *he_obss_pd)
4674 {
4675 struct nlattr *tb[NL80211_HE_OBSS_PD_ATTR_MAX + 1];
4676 int err;
4677
4678 err = nla_parse_nested(tb, NL80211_HE_OBSS_PD_ATTR_MAX, attrs,
4679 he_obss_pd_policy, NULL);
4680 if (err)
4681 return err;
4682
4683 if (!tb[NL80211_HE_OBSS_PD_ATTR_MIN_OFFSET] ||
4684 !tb[NL80211_HE_OBSS_PD_ATTR_MAX_OFFSET])
4685 return -EINVAL;
4686
4687 he_obss_pd->min_offset =
4688 nla_get_u32(tb[NL80211_HE_OBSS_PD_ATTR_MIN_OFFSET]);
4689 he_obss_pd->max_offset =
4690 nla_get_u32(tb[NL80211_HE_OBSS_PD_ATTR_MAX_OFFSET]);
4691
4692 if (he_obss_pd->min_offset >= he_obss_pd->max_offset)
4693 return -EINVAL;
4694
4695 he_obss_pd->enable = true;
4696
4697 return 0;
4698 }
4699
4700 static int nl80211_parse_he_bss_color(struct nlattr *attrs,
4701 struct cfg80211_he_bss_color *he_bss_color)
4702 {
4703 struct nlattr *tb[NL80211_HE_BSS_COLOR_ATTR_MAX + 1];
4704 int err;
4705
4706 err = nla_parse_nested(tb, NL80211_HE_BSS_COLOR_ATTR_MAX, attrs,
4707 he_bss_color_policy, NULL);
4708 if (err)
4709 return err;
4710
4711 if (!tb[NL80211_HE_BSS_COLOR_ATTR_COLOR])
4712 return -EINVAL;
4713
4714 he_bss_color->color =
4715 nla_get_u8(tb[NL80211_HE_BSS_COLOR_ATTR_COLOR]);
4716 he_bss_color->enabled =
4717 !nla_get_flag(tb[NL80211_HE_BSS_COLOR_ATTR_DISABLED]);
4718 he_bss_color->partial =
4719 nla_get_flag(tb[NL80211_HE_BSS_COLOR_ATTR_PARTIAL]);
4720
4721 return 0;
4722 }
4723
4724 static void nl80211_check_ap_rate_selectors(struct cfg80211_ap_settings *params,
4725 const u8 *rates)
4726 {
4727 int i;
4728
4729 if (!rates)
4730 return;
4731
4732 for (i = 0; i < rates[1]; i++) {
4733 if (rates[2 + i] == BSS_MEMBERSHIP_SELECTOR_HT_PHY)
4734 params->ht_required = true;
4735 if (rates[2 + i] == BSS_MEMBERSHIP_SELECTOR_VHT_PHY)
4736 params->vht_required = true;
4737 if (rates[2 + i] == BSS_MEMBERSHIP_SELECTOR_HE_PHY)
4738 params->he_required = true;
4739 }
4740 }
4741
4742 /*
4743 * Since the nl80211 API didn't include, from the beginning, attributes about
4744 * HT/VHT requirements/capabilities, we parse them out of the IEs for the
4745 * benefit of drivers that rebuild IEs in the firmware.
4746 */
4747 static void nl80211_calculate_ap_params(struct cfg80211_ap_settings *params)
4748 {
4749 const struct cfg80211_beacon_data *bcn = &params->beacon;
4750 size_t ies_len = bcn->tail_len;
4751 const u8 *ies = bcn->tail;
4752 const u8 *rates;
4753 const u8 *cap;
4754
4755 rates = cfg80211_find_ie(WLAN_EID_SUPP_RATES, ies, ies_len);
4756 nl80211_check_ap_rate_selectors(params, rates);
4757
4758 rates = cfg80211_find_ie(WLAN_EID_EXT_SUPP_RATES, ies, ies_len);
4759 nl80211_check_ap_rate_selectors(params, rates);
4760
4761 cap = cfg80211_find_ie(WLAN_EID_HT_CAPABILITY, ies, ies_len);
4762 if (cap && cap[1] >= sizeof(*params->ht_cap))
4763 params->ht_cap = (void *)(cap + 2);
4764 cap = cfg80211_find_ie(WLAN_EID_VHT_CAPABILITY, ies, ies_len);
4765 if (cap && cap[1] >= sizeof(*params->vht_cap))
4766 params->vht_cap = (void *)(cap + 2);
4767 cap = cfg80211_find_ext_ie(WLAN_EID_EXT_HE_CAPABILITY, ies, ies_len);
4768 if (cap && cap[1] >= sizeof(*params->he_cap) + 1)
4769 params->he_cap = (void *)(cap + 3);
4770 cap = cfg80211_find_ext_ie(WLAN_EID_EXT_HE_OPERATION, ies, ies_len);
4771 if (cap && cap[1] >= sizeof(*params->he_oper) + 1)
4772 params->he_oper = (void *)(cap + 3);
4773 }
4774
4775 static bool nl80211_get_ap_channel(struct cfg80211_registered_device *rdev,
4776 struct cfg80211_ap_settings *params)
4777 {
4778 struct wireless_dev *wdev;
4779 bool ret = false;
4780
4781 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
4782 if (wdev->iftype != NL80211_IFTYPE_AP &&
4783 wdev->iftype != NL80211_IFTYPE_P2P_GO)
4784 continue;
4785
4786 if (!wdev->preset_chandef.chan)
4787 continue;
4788
4789 params->chandef = wdev->preset_chandef;
4790 ret = true;
4791 break;
4792 }
4793
4794 return ret;
4795 }
4796
4797 static bool nl80211_valid_auth_type(struct cfg80211_registered_device *rdev,
4798 enum nl80211_auth_type auth_type,
4799 enum nl80211_commands cmd)
4800 {
4801 if (auth_type > NL80211_AUTHTYPE_MAX)
4802 return false;
4803
4804 switch (cmd) {
4805 case NL80211_CMD_AUTHENTICATE:
4806 if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) &&
4807 auth_type == NL80211_AUTHTYPE_SAE)
4808 return false;
4809 if (!wiphy_ext_feature_isset(&rdev->wiphy,
4810 NL80211_EXT_FEATURE_FILS_STA) &&
4811 (auth_type == NL80211_AUTHTYPE_FILS_SK ||
4812 auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
4813 auth_type == NL80211_AUTHTYPE_FILS_PK))
4814 return false;
4815 return true;
4816 case NL80211_CMD_CONNECT:
4817 if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) &&
4818 !wiphy_ext_feature_isset(&rdev->wiphy,
4819 NL80211_EXT_FEATURE_SAE_OFFLOAD) &&
4820 auth_type == NL80211_AUTHTYPE_SAE)
4821 return false;
4822
4823 /* FILS with SK PFS or PK not supported yet */
4824 if (auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
4825 auth_type == NL80211_AUTHTYPE_FILS_PK)
4826 return false;
4827 if (!wiphy_ext_feature_isset(
4828 &rdev->wiphy,
4829 NL80211_EXT_FEATURE_FILS_SK_OFFLOAD) &&
4830 auth_type == NL80211_AUTHTYPE_FILS_SK)
4831 return false;
4832 return true;
4833 case NL80211_CMD_START_AP:
4834 /* SAE not supported yet */
4835 if (auth_type == NL80211_AUTHTYPE_SAE)
4836 return false;
4837 /* FILS not supported yet */
4838 if (auth_type == NL80211_AUTHTYPE_FILS_SK ||
4839 auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
4840 auth_type == NL80211_AUTHTYPE_FILS_PK)
4841 return false;
4842 return true;
4843 default:
4844 return false;
4845 }
4846 }
4847
4848 static int nl80211_start_ap(struct sk_buff *skb, struct genl_info *info)
4849 {
4850 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4851 struct net_device *dev = info->user_ptr[1];
4852 struct wireless_dev *wdev = dev->ieee80211_ptr;
4853 struct cfg80211_ap_settings params;
4854 int err;
4855
4856 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
4857 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4858 return -EOPNOTSUPP;
4859
4860 if (!rdev->ops->start_ap)
4861 return -EOPNOTSUPP;
4862
4863 if (wdev->beacon_interval)
4864 return -EALREADY;
4865
4866 memset(&params, 0, sizeof(params));
4867
4868 /* these are required for START_AP */
4869 if (!info->attrs[NL80211_ATTR_BEACON_INTERVAL] ||
4870 !info->attrs[NL80211_ATTR_DTIM_PERIOD] ||
4871 !info->attrs[NL80211_ATTR_BEACON_HEAD])
4872 return -EINVAL;
4873
4874 err = nl80211_parse_beacon(rdev, info->attrs, &params.beacon);
4875 if (err)
4876 return err;
4877
4878 params.beacon_interval =
4879 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
4880 params.dtim_period =
4881 nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
4882
4883 err = cfg80211_validate_beacon_int(rdev, dev->ieee80211_ptr->iftype,
4884 params.beacon_interval);
4885 if (err)
4886 return err;
4887
4888 /*
4889 * In theory, some of these attributes should be required here
4890 * but since they were not used when the command was originally
4891 * added, keep them optional for old user space programs to let
4892 * them continue to work with drivers that do not need the
4893 * additional information -- drivers must check!
4894 */
4895 if (info->attrs[NL80211_ATTR_SSID]) {
4896 params.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
4897 params.ssid_len =
4898 nla_len(info->attrs[NL80211_ATTR_SSID]);
4899 if (params.ssid_len == 0 ||
4900 params.ssid_len > IEEE80211_MAX_SSID_LEN)
4901 return -EINVAL;
4902 }
4903
4904 if (info->attrs[NL80211_ATTR_HIDDEN_SSID])
4905 params.hidden_ssid = nla_get_u32(
4906 info->attrs[NL80211_ATTR_HIDDEN_SSID]);
4907
4908 params.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
4909
4910 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
4911 params.auth_type = nla_get_u32(
4912 info->attrs[NL80211_ATTR_AUTH_TYPE]);
4913 if (!nl80211_valid_auth_type(rdev, params.auth_type,
4914 NL80211_CMD_START_AP))
4915 return -EINVAL;
4916 } else
4917 params.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
4918
4919 err = nl80211_crypto_settings(rdev, info, &params.crypto,
4920 NL80211_MAX_NR_CIPHER_SUITES);
4921 if (err)
4922 return err;
4923
4924 if (info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]) {
4925 if (!(rdev->wiphy.features & NL80211_FEATURE_INACTIVITY_TIMER))
4926 return -EOPNOTSUPP;
4927 params.inactivity_timeout = nla_get_u16(
4928 info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]);
4929 }
4930
4931 if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
4932 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4933 return -EINVAL;
4934 params.p2p_ctwindow =
4935 nla_get_u8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
4936 if (params.p2p_ctwindow != 0 &&
4937 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN))
4938 return -EINVAL;
4939 }
4940
4941 if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
4942 u8 tmp;
4943
4944 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4945 return -EINVAL;
4946 tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
4947 params.p2p_opp_ps = tmp;
4948 if (params.p2p_opp_ps != 0 &&
4949 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS))
4950 return -EINVAL;
4951 }
4952
4953 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
4954 err = nl80211_parse_chandef(rdev, info, &params.chandef);
4955 if (err)
4956 return err;
4957 } else if (wdev->preset_chandef.chan) {
4958 params.chandef = wdev->preset_chandef;
4959 } else if (!nl80211_get_ap_channel(rdev, &params))
4960 return -EINVAL;
4961
4962 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &params.chandef,
4963 wdev->iftype))
4964 return -EINVAL;
4965
4966 if (info->attrs[NL80211_ATTR_TX_RATES]) {
4967 err = nl80211_parse_tx_bitrate_mask(info, info->attrs,
4968 NL80211_ATTR_TX_RATES,
4969 &params.beacon_rate);
4970 if (err)
4971 return err;
4972
4973 err = validate_beacon_tx_rate(rdev, params.chandef.chan->band,
4974 &params.beacon_rate);
4975 if (err)
4976 return err;
4977 }
4978
4979 if (info->attrs[NL80211_ATTR_SMPS_MODE]) {
4980 params.smps_mode =
4981 nla_get_u8(info->attrs[NL80211_ATTR_SMPS_MODE]);
4982 switch (params.smps_mode) {
4983 case NL80211_SMPS_OFF:
4984 break;
4985 case NL80211_SMPS_STATIC:
4986 if (!(rdev->wiphy.features &
4987 NL80211_FEATURE_STATIC_SMPS))
4988 return -EINVAL;
4989 break;
4990 case NL80211_SMPS_DYNAMIC:
4991 if (!(rdev->wiphy.features &
4992 NL80211_FEATURE_DYNAMIC_SMPS))
4993 return -EINVAL;
4994 break;
4995 default:
4996 return -EINVAL;
4997 }
4998 } else {
4999 params.smps_mode = NL80211_SMPS_OFF;
5000 }
5001
5002 params.pbss = nla_get_flag(info->attrs[NL80211_ATTR_PBSS]);
5003 if (params.pbss && !rdev->wiphy.bands[NL80211_BAND_60GHZ])
5004 return -EOPNOTSUPP;
5005
5006 if (info->attrs[NL80211_ATTR_ACL_POLICY]) {
5007 params.acl = parse_acl_data(&rdev->wiphy, info);
5008 if (IS_ERR(params.acl))
5009 return PTR_ERR(params.acl);
5010 }
5011
5012 params.twt_responder =
5013 nla_get_flag(info->attrs[NL80211_ATTR_TWT_RESPONDER]);
5014
5015 if (info->attrs[NL80211_ATTR_HE_OBSS_PD]) {
5016 err = nl80211_parse_he_obss_pd(
5017 info->attrs[NL80211_ATTR_HE_OBSS_PD],
5018 &params.he_obss_pd);
5019 if (err)
5020 goto out;
5021 }
5022
5023 if (info->attrs[NL80211_ATTR_HE_BSS_COLOR]) {
5024 err = nl80211_parse_he_bss_color(
5025 info->attrs[NL80211_ATTR_HE_BSS_COLOR],
5026 &params.he_bss_color);
5027 if (err)
5028 goto out;
5029 }
5030
5031 nl80211_calculate_ap_params(&params);
5032
5033 if (info->attrs[NL80211_ATTR_EXTERNAL_AUTH_SUPPORT])
5034 params.flags |= AP_SETTINGS_EXTERNAL_AUTH_SUPPORT;
5035
5036 wdev_lock(wdev);
5037 err = rdev_start_ap(rdev, dev, &params);
5038 if (!err) {
5039 wdev->preset_chandef = params.chandef;
5040 wdev->beacon_interval = params.beacon_interval;
5041 wdev->chandef = params.chandef;
5042 wdev->ssid_len = params.ssid_len;
5043 memcpy(wdev->ssid, params.ssid, wdev->ssid_len);
5044
5045 if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
5046 wdev->conn_owner_nlportid = info->snd_portid;
5047 }
5048 wdev_unlock(wdev);
5049
5050 out:
5051 kfree(params.acl);
5052
5053 return err;
5054 }
5055
5056 static int nl80211_set_beacon(struct sk_buff *skb, struct genl_info *info)
5057 {
5058 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5059 struct net_device *dev = info->user_ptr[1];
5060 struct wireless_dev *wdev = dev->ieee80211_ptr;
5061 struct cfg80211_beacon_data params;
5062 int err;
5063
5064 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
5065 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
5066 return -EOPNOTSUPP;
5067
5068 if (!rdev->ops->change_beacon)
5069 return -EOPNOTSUPP;
5070
5071 if (!wdev->beacon_interval)
5072 return -EINVAL;
5073
5074 err = nl80211_parse_beacon(rdev, info->attrs, &params);
5075 if (err)
5076 return err;
5077
5078 wdev_lock(wdev);
5079 err = rdev_change_beacon(rdev, dev, &params);
5080 wdev_unlock(wdev);
5081
5082 return err;
5083 }
5084
5085 static int nl80211_stop_ap(struct sk_buff *skb, struct genl_info *info)
5086 {
5087 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5088 struct net_device *dev = info->user_ptr[1];
5089
5090 return cfg80211_stop_ap(rdev, dev, false);
5091 }
5092
5093 static const struct nla_policy sta_flags_policy[NL80211_STA_FLAG_MAX + 1] = {
5094 [NL80211_STA_FLAG_AUTHORIZED] = { .type = NLA_FLAG },
5095 [NL80211_STA_FLAG_SHORT_PREAMBLE] = { .type = NLA_FLAG },
5096 [NL80211_STA_FLAG_WME] = { .type = NLA_FLAG },
5097 [NL80211_STA_FLAG_MFP] = { .type = NLA_FLAG },
5098 [NL80211_STA_FLAG_AUTHENTICATED] = { .type = NLA_FLAG },
5099 [NL80211_STA_FLAG_TDLS_PEER] = { .type = NLA_FLAG },
5100 };
5101
5102 static int parse_station_flags(struct genl_info *info,
5103 enum nl80211_iftype iftype,
5104 struct station_parameters *params)
5105 {
5106 struct nlattr *flags[NL80211_STA_FLAG_MAX + 1];
5107 struct nlattr *nla;
5108 int flag;
5109
5110 /*
5111 * Try parsing the new attribute first so userspace
5112 * can specify both for older kernels.
5113 */
5114 nla = info->attrs[NL80211_ATTR_STA_FLAGS2];
5115 if (nla) {
5116 struct nl80211_sta_flag_update *sta_flags;
5117
5118 sta_flags = nla_data(nla);
5119 params->sta_flags_mask = sta_flags->mask;
5120 params->sta_flags_set = sta_flags->set;
5121 params->sta_flags_set &= params->sta_flags_mask;
5122 if ((params->sta_flags_mask |
5123 params->sta_flags_set) & BIT(__NL80211_STA_FLAG_INVALID))
5124 return -EINVAL;
5125 return 0;
5126 }
5127
5128 /* if present, parse the old attribute */
5129
5130 nla = info->attrs[NL80211_ATTR_STA_FLAGS];
5131 if (!nla)
5132 return 0;
5133
5134 if (nla_parse_nested_deprecated(flags, NL80211_STA_FLAG_MAX, nla, sta_flags_policy, info->extack))
5135 return -EINVAL;
5136
5137 /*
5138 * Only allow certain flags for interface types so that
5139 * other attributes are silently ignored. Remember that
5140 * this is backward compatibility code with old userspace
5141 * and shouldn't be hit in other cases anyway.
5142 */
5143 switch (iftype) {
5144 case NL80211_IFTYPE_AP:
5145 case NL80211_IFTYPE_AP_VLAN:
5146 case NL80211_IFTYPE_P2P_GO:
5147 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
5148 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
5149 BIT(NL80211_STA_FLAG_WME) |
5150 BIT(NL80211_STA_FLAG_MFP);
5151 break;
5152 case NL80211_IFTYPE_P2P_CLIENT:
5153 case NL80211_IFTYPE_STATION:
5154 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
5155 BIT(NL80211_STA_FLAG_TDLS_PEER);
5156 break;
5157 case NL80211_IFTYPE_MESH_POINT:
5158 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHENTICATED) |
5159 BIT(NL80211_STA_FLAG_MFP) |
5160 BIT(NL80211_STA_FLAG_AUTHORIZED);
5161 break;
5162 default:
5163 return -EINVAL;
5164 }
5165
5166 for (flag = 1; flag <= NL80211_STA_FLAG_MAX; flag++) {
5167 if (flags[flag]) {
5168 params->sta_flags_set |= (1<<flag);
5169
5170 /* no longer support new API additions in old API */
5171 if (flag > NL80211_STA_FLAG_MAX_OLD_API)
5172 return -EINVAL;
5173 }
5174 }
5175
5176 return 0;
5177 }
5178
5179 bool nl80211_put_sta_rate(struct sk_buff *msg, struct rate_info *info, int attr)
5180 {
5181 struct nlattr *rate;
5182 u32 bitrate;
5183 u16 bitrate_compat;
5184 enum nl80211_rate_info rate_flg;
5185
5186 rate = nla_nest_start_noflag(msg, attr);
5187 if (!rate)
5188 return false;
5189
5190 /* cfg80211_calculate_bitrate will return 0 for mcs >= 32 */
5191 bitrate = cfg80211_calculate_bitrate(info);
5192 /* report 16-bit bitrate only if we can */
5193 bitrate_compat = bitrate < (1UL << 16) ? bitrate : 0;
5194 if (bitrate > 0 &&
5195 nla_put_u32(msg, NL80211_RATE_INFO_BITRATE32, bitrate))
5196 return false;
5197 if (bitrate_compat > 0 &&
5198 nla_put_u16(msg, NL80211_RATE_INFO_BITRATE, bitrate_compat))
5199 return false;
5200
5201 switch (info->bw) {
5202 case RATE_INFO_BW_5:
5203 rate_flg = NL80211_RATE_INFO_5_MHZ_WIDTH;
5204 break;
5205 case RATE_INFO_BW_10:
5206 rate_flg = NL80211_RATE_INFO_10_MHZ_WIDTH;
5207 break;
5208 default:
5209 WARN_ON(1);
5210 fallthrough;
5211 case RATE_INFO_BW_20:
5212 rate_flg = 0;
5213 break;
5214 case RATE_INFO_BW_40:
5215 rate_flg = NL80211_RATE_INFO_40_MHZ_WIDTH;
5216 break;
5217 case RATE_INFO_BW_80:
5218 rate_flg = NL80211_RATE_INFO_80_MHZ_WIDTH;
5219 break;
5220 case RATE_INFO_BW_160:
5221 rate_flg = NL80211_RATE_INFO_160_MHZ_WIDTH;
5222 break;
5223 case RATE_INFO_BW_HE_RU:
5224 rate_flg = 0;
5225 WARN_ON(!(info->flags & RATE_INFO_FLAGS_HE_MCS));
5226 }
5227
5228 if (rate_flg && nla_put_flag(msg, rate_flg))
5229 return false;
5230
5231 if (info->flags & RATE_INFO_FLAGS_MCS) {
5232 if (nla_put_u8(msg, NL80211_RATE_INFO_MCS, info->mcs))
5233 return false;
5234 if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
5235 nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
5236 return false;
5237 } else if (info->flags & RATE_INFO_FLAGS_VHT_MCS) {
5238 if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_MCS, info->mcs))
5239 return false;
5240 if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_NSS, info->nss))
5241 return false;
5242 if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
5243 nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
5244 return false;
5245 } else if (info->flags & RATE_INFO_FLAGS_HE_MCS) {
5246 if (nla_put_u8(msg, NL80211_RATE_INFO_HE_MCS, info->mcs))
5247 return false;
5248 if (nla_put_u8(msg, NL80211_RATE_INFO_HE_NSS, info->nss))
5249 return false;
5250 if (nla_put_u8(msg, NL80211_RATE_INFO_HE_GI, info->he_gi))
5251 return false;
5252 if (nla_put_u8(msg, NL80211_RATE_INFO_HE_DCM, info->he_dcm))
5253 return false;
5254 if (info->bw == RATE_INFO_BW_HE_RU &&
5255 nla_put_u8(msg, NL80211_RATE_INFO_HE_RU_ALLOC,
5256 info->he_ru_alloc))
5257 return false;
5258 }
5259
5260 nla_nest_end(msg, rate);
5261 return true;
5262 }
5263
5264 static bool nl80211_put_signal(struct sk_buff *msg, u8 mask, s8 *signal,
5265 int id)
5266 {
5267 void *attr;
5268 int i = 0;
5269
5270 if (!mask)
5271 return true;
5272
5273 attr = nla_nest_start_noflag(msg, id);
5274 if (!attr)
5275 return false;
5276
5277 for (i = 0; i < IEEE80211_MAX_CHAINS; i++) {
5278 if (!(mask & BIT(i)))
5279 continue;
5280
5281 if (nla_put_u8(msg, i, signal[i]))
5282 return false;
5283 }
5284
5285 nla_nest_end(msg, attr);
5286
5287 return true;
5288 }
5289
5290 static int nl80211_send_station(struct sk_buff *msg, u32 cmd, u32 portid,
5291 u32 seq, int flags,
5292 struct cfg80211_registered_device *rdev,
5293 struct net_device *dev,
5294 const u8 *mac_addr, struct station_info *sinfo)
5295 {
5296 void *hdr;
5297 struct nlattr *sinfoattr, *bss_param;
5298
5299 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
5300 if (!hdr) {
5301 cfg80211_sinfo_release_content(sinfo);
5302 return -1;
5303 }
5304
5305 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
5306 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
5307 nla_put_u32(msg, NL80211_ATTR_GENERATION, sinfo->generation))
5308 goto nla_put_failure;
5309
5310 sinfoattr = nla_nest_start_noflag(msg, NL80211_ATTR_STA_INFO);
5311 if (!sinfoattr)
5312 goto nla_put_failure;
5313
5314 #define PUT_SINFO(attr, memb, type) do { \
5315 BUILD_BUG_ON(sizeof(type) == sizeof(u64)); \
5316 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_ ## attr) && \
5317 nla_put_ ## type(msg, NL80211_STA_INFO_ ## attr, \
5318 sinfo->memb)) \
5319 goto nla_put_failure; \
5320 } while (0)
5321 #define PUT_SINFO_U64(attr, memb) do { \
5322 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_ ## attr) && \
5323 nla_put_u64_64bit(msg, NL80211_STA_INFO_ ## attr, \
5324 sinfo->memb, NL80211_STA_INFO_PAD)) \
5325 goto nla_put_failure; \
5326 } while (0)
5327
5328 PUT_SINFO(CONNECTED_TIME, connected_time, u32);
5329 PUT_SINFO(INACTIVE_TIME, inactive_time, u32);
5330 PUT_SINFO_U64(ASSOC_AT_BOOTTIME, assoc_at);
5331
5332 if (sinfo->filled & (BIT_ULL(NL80211_STA_INFO_RX_BYTES) |
5333 BIT_ULL(NL80211_STA_INFO_RX_BYTES64)) &&
5334 nla_put_u32(msg, NL80211_STA_INFO_RX_BYTES,
5335 (u32)sinfo->rx_bytes))
5336 goto nla_put_failure;
5337
5338 if (sinfo->filled & (BIT_ULL(NL80211_STA_INFO_TX_BYTES) |
5339 BIT_ULL(NL80211_STA_INFO_TX_BYTES64)) &&
5340 nla_put_u32(msg, NL80211_STA_INFO_TX_BYTES,
5341 (u32)sinfo->tx_bytes))
5342 goto nla_put_failure;
5343
5344 PUT_SINFO_U64(RX_BYTES64, rx_bytes);
5345 PUT_SINFO_U64(TX_BYTES64, tx_bytes);
5346 PUT_SINFO(LLID, llid, u16);
5347 PUT_SINFO(PLID, plid, u16);
5348 PUT_SINFO(PLINK_STATE, plink_state, u8);
5349 PUT_SINFO_U64(RX_DURATION, rx_duration);
5350 PUT_SINFO_U64(TX_DURATION, tx_duration);
5351
5352 if (wiphy_ext_feature_isset(&rdev->wiphy,
5353 NL80211_EXT_FEATURE_AIRTIME_FAIRNESS))
5354 PUT_SINFO(AIRTIME_WEIGHT, airtime_weight, u16);
5355
5356 switch (rdev->wiphy.signal_type) {
5357 case CFG80211_SIGNAL_TYPE_MBM:
5358 PUT_SINFO(SIGNAL, signal, u8);
5359 PUT_SINFO(SIGNAL_AVG, signal_avg, u8);
5360 break;
5361 default:
5362 break;
5363 }
5364 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_CHAIN_SIGNAL)) {
5365 if (!nl80211_put_signal(msg, sinfo->chains,
5366 sinfo->chain_signal,
5367 NL80211_STA_INFO_CHAIN_SIGNAL))
5368 goto nla_put_failure;
5369 }
5370 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_CHAIN_SIGNAL_AVG)) {
5371 if (!nl80211_put_signal(msg, sinfo->chains,
5372 sinfo->chain_signal_avg,
5373 NL80211_STA_INFO_CHAIN_SIGNAL_AVG))
5374 goto nla_put_failure;
5375 }
5376 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_TX_BITRATE)) {
5377 if (!nl80211_put_sta_rate(msg, &sinfo->txrate,
5378 NL80211_STA_INFO_TX_BITRATE))
5379 goto nla_put_failure;
5380 }
5381 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_RX_BITRATE)) {
5382 if (!nl80211_put_sta_rate(msg, &sinfo->rxrate,
5383 NL80211_STA_INFO_RX_BITRATE))
5384 goto nla_put_failure;
5385 }
5386
5387 PUT_SINFO(RX_PACKETS, rx_packets, u32);
5388 PUT_SINFO(TX_PACKETS, tx_packets, u32);
5389 PUT_SINFO(TX_RETRIES, tx_retries, u32);
5390 PUT_SINFO(TX_FAILED, tx_failed, u32);
5391 PUT_SINFO(EXPECTED_THROUGHPUT, expected_throughput, u32);
5392 PUT_SINFO(AIRTIME_LINK_METRIC, airtime_link_metric, u32);
5393 PUT_SINFO(BEACON_LOSS, beacon_loss_count, u32);
5394 PUT_SINFO(LOCAL_PM, local_pm, u32);
5395 PUT_SINFO(PEER_PM, peer_pm, u32);
5396 PUT_SINFO(NONPEER_PM, nonpeer_pm, u32);
5397 PUT_SINFO(CONNECTED_TO_GATE, connected_to_gate, u8);
5398 PUT_SINFO(CONNECTED_TO_AS, connected_to_as, u8);
5399
5400 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_BSS_PARAM)) {
5401 bss_param = nla_nest_start_noflag(msg,
5402 NL80211_STA_INFO_BSS_PARAM);
5403 if (!bss_param)
5404 goto nla_put_failure;
5405
5406 if (((sinfo->bss_param.flags & BSS_PARAM_FLAGS_CTS_PROT) &&
5407 nla_put_flag(msg, NL80211_STA_BSS_PARAM_CTS_PROT)) ||
5408 ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_PREAMBLE) &&
5409 nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_PREAMBLE)) ||
5410 ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_SLOT_TIME) &&
5411 nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_SLOT_TIME)) ||
5412 nla_put_u8(msg, NL80211_STA_BSS_PARAM_DTIM_PERIOD,
5413 sinfo->bss_param.dtim_period) ||
5414 nla_put_u16(msg, NL80211_STA_BSS_PARAM_BEACON_INTERVAL,
5415 sinfo->bss_param.beacon_interval))
5416 goto nla_put_failure;
5417
5418 nla_nest_end(msg, bss_param);
5419 }
5420 if ((sinfo->filled & BIT_ULL(NL80211_STA_INFO_STA_FLAGS)) &&
5421 nla_put(msg, NL80211_STA_INFO_STA_FLAGS,
5422 sizeof(struct nl80211_sta_flag_update),
5423 &sinfo->sta_flags))
5424 goto nla_put_failure;
5425
5426 PUT_SINFO_U64(T_OFFSET, t_offset);
5427 PUT_SINFO_U64(RX_DROP_MISC, rx_dropped_misc);
5428 PUT_SINFO_U64(BEACON_RX, rx_beacon);
5429 PUT_SINFO(BEACON_SIGNAL_AVG, rx_beacon_signal_avg, u8);
5430 PUT_SINFO(RX_MPDUS, rx_mpdu_count, u32);
5431 PUT_SINFO(FCS_ERROR_COUNT, fcs_err_count, u32);
5432 if (wiphy_ext_feature_isset(&rdev->wiphy,
5433 NL80211_EXT_FEATURE_ACK_SIGNAL_SUPPORT)) {
5434 PUT_SINFO(ACK_SIGNAL, ack_signal, u8);
5435 PUT_SINFO(ACK_SIGNAL_AVG, avg_ack_signal, s8);
5436 }
5437
5438 #undef PUT_SINFO
5439 #undef PUT_SINFO_U64
5440
5441 if (sinfo->pertid) {
5442 struct nlattr *tidsattr;
5443 int tid;
5444
5445 tidsattr = nla_nest_start_noflag(msg,
5446 NL80211_STA_INFO_TID_STATS);
5447 if (!tidsattr)
5448 goto nla_put_failure;
5449
5450 for (tid = 0; tid < IEEE80211_NUM_TIDS + 1; tid++) {
5451 struct cfg80211_tid_stats *tidstats;
5452 struct nlattr *tidattr;
5453
5454 tidstats = &sinfo->pertid[tid];
5455
5456 if (!tidstats->filled)
5457 continue;
5458
5459 tidattr = nla_nest_start_noflag(msg, tid + 1);
5460 if (!tidattr)
5461 goto nla_put_failure;
5462
5463 #define PUT_TIDVAL_U64(attr, memb) do { \
5464 if (tidstats->filled & BIT(NL80211_TID_STATS_ ## attr) && \
5465 nla_put_u64_64bit(msg, NL80211_TID_STATS_ ## attr, \
5466 tidstats->memb, NL80211_TID_STATS_PAD)) \
5467 goto nla_put_failure; \
5468 } while (0)
5469
5470 PUT_TIDVAL_U64(RX_MSDU, rx_msdu);
5471 PUT_TIDVAL_U64(TX_MSDU, tx_msdu);
5472 PUT_TIDVAL_U64(TX_MSDU_RETRIES, tx_msdu_retries);
5473 PUT_TIDVAL_U64(TX_MSDU_FAILED, tx_msdu_failed);
5474
5475 #undef PUT_TIDVAL_U64
5476 if ((tidstats->filled &
5477 BIT(NL80211_TID_STATS_TXQ_STATS)) &&
5478 !nl80211_put_txq_stats(msg, &tidstats->txq_stats,
5479 NL80211_TID_STATS_TXQ_STATS))
5480 goto nla_put_failure;
5481
5482 nla_nest_end(msg, tidattr);
5483 }
5484
5485 nla_nest_end(msg, tidsattr);
5486 }
5487
5488 nla_nest_end(msg, sinfoattr);
5489
5490 if (sinfo->assoc_req_ies_len &&
5491 nla_put(msg, NL80211_ATTR_IE, sinfo->assoc_req_ies_len,
5492 sinfo->assoc_req_ies))
5493 goto nla_put_failure;
5494
5495 cfg80211_sinfo_release_content(sinfo);
5496 genlmsg_end(msg, hdr);
5497 return 0;
5498
5499 nla_put_failure:
5500 cfg80211_sinfo_release_content(sinfo);
5501 genlmsg_cancel(msg, hdr);
5502 return -EMSGSIZE;
5503 }
5504
5505 static int nl80211_dump_station(struct sk_buff *skb,
5506 struct netlink_callback *cb)
5507 {
5508 struct station_info sinfo;
5509 struct cfg80211_registered_device *rdev;
5510 struct wireless_dev *wdev;
5511 u8 mac_addr[ETH_ALEN];
5512 int sta_idx = cb->args[2];
5513 int err;
5514
5515 rtnl_lock();
5516 err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev);
5517 if (err)
5518 goto out_err;
5519
5520 if (!wdev->netdev) {
5521 err = -EINVAL;
5522 goto out_err;
5523 }
5524
5525 if (!rdev->ops->dump_station) {
5526 err = -EOPNOTSUPP;
5527 goto out_err;
5528 }
5529
5530 while (1) {
5531 memset(&sinfo, 0, sizeof(sinfo));
5532 err = rdev_dump_station(rdev, wdev->netdev, sta_idx,
5533 mac_addr, &sinfo);
5534 if (err == -ENOENT)
5535 break;
5536 if (err)
5537 goto out_err;
5538
5539 if (nl80211_send_station(skb, NL80211_CMD_NEW_STATION,
5540 NETLINK_CB(cb->skb).portid,
5541 cb->nlh->nlmsg_seq, NLM_F_MULTI,
5542 rdev, wdev->netdev, mac_addr,
5543 &sinfo) < 0)
5544 goto out;
5545
5546 sta_idx++;
5547 }
5548
5549 out:
5550 cb->args[2] = sta_idx;
5551 err = skb->len;
5552 out_err:
5553 rtnl_unlock();
5554
5555 return err;
5556 }
5557
5558 static int nl80211_get_station(struct sk_buff *skb, struct genl_info *info)
5559 {
5560 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5561 struct net_device *dev = info->user_ptr[1];
5562 struct station_info sinfo;
5563 struct sk_buff *msg;
5564 u8 *mac_addr = NULL;
5565 int err;
5566
5567 memset(&sinfo, 0, sizeof(sinfo));
5568
5569 if (!info->attrs[NL80211_ATTR_MAC])
5570 return -EINVAL;
5571
5572 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
5573
5574 if (!rdev->ops->get_station)
5575 return -EOPNOTSUPP;
5576
5577 err = rdev_get_station(rdev, dev, mac_addr, &sinfo);
5578 if (err)
5579 return err;
5580
5581 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5582 if (!msg) {
5583 cfg80211_sinfo_release_content(&sinfo);
5584 return -ENOMEM;
5585 }
5586
5587 if (nl80211_send_station(msg, NL80211_CMD_NEW_STATION,
5588 info->snd_portid, info->snd_seq, 0,
5589 rdev, dev, mac_addr, &sinfo) < 0) {
5590 nlmsg_free(msg);
5591 return -ENOBUFS;
5592 }
5593
5594 return genlmsg_reply(msg, info);
5595 }
5596
5597 int cfg80211_check_station_change(struct wiphy *wiphy,
5598 struct station_parameters *params,
5599 enum cfg80211_station_type statype)
5600 {
5601 if (params->listen_interval != -1 &&
5602 statype != CFG80211_STA_AP_CLIENT_UNASSOC)
5603 return -EINVAL;
5604
5605 if (params->support_p2p_ps != -1 &&
5606 statype != CFG80211_STA_AP_CLIENT_UNASSOC)
5607 return -EINVAL;
5608
5609 if (params->aid &&
5610 !(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) &&
5611 statype != CFG80211_STA_AP_CLIENT_UNASSOC)
5612 return -EINVAL;
5613
5614 /* When you run into this, adjust the code below for the new flag */
5615 BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 7);
5616
5617 switch (statype) {
5618 case CFG80211_STA_MESH_PEER_KERNEL:
5619 case CFG80211_STA_MESH_PEER_USER:
5620 /*
5621 * No ignoring the TDLS flag here -- the userspace mesh
5622 * code doesn't have the bug of including TDLS in the
5623 * mask everywhere.
5624 */
5625 if (params->sta_flags_mask &
5626 ~(BIT(NL80211_STA_FLAG_AUTHENTICATED) |
5627 BIT(NL80211_STA_FLAG_MFP) |
5628 BIT(NL80211_STA_FLAG_AUTHORIZED)))
5629 return -EINVAL;
5630 break;
5631 case CFG80211_STA_TDLS_PEER_SETUP:
5632 case CFG80211_STA_TDLS_PEER_ACTIVE:
5633 if (!(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
5634 return -EINVAL;
5635 /* ignore since it can't change */
5636 params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
5637 break;
5638 default:
5639 /* disallow mesh-specific things */
5640 if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION)
5641 return -EINVAL;
5642 if (params->local_pm)
5643 return -EINVAL;
5644 if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE)
5645 return -EINVAL;
5646 }
5647
5648 if (statype != CFG80211_STA_TDLS_PEER_SETUP &&
5649 statype != CFG80211_STA_TDLS_PEER_ACTIVE) {
5650 /* TDLS can't be set, ... */
5651 if (params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))
5652 return -EINVAL;
5653 /*
5654 * ... but don't bother the driver with it. This works around
5655 * a hostapd/wpa_supplicant issue -- it always includes the
5656 * TLDS_PEER flag in the mask even for AP mode.
5657 */
5658 params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
5659 }
5660
5661 if (statype != CFG80211_STA_TDLS_PEER_SETUP &&
5662 statype != CFG80211_STA_AP_CLIENT_UNASSOC) {
5663 /* reject other things that can't change */
5664 if (params->sta_modify_mask & STATION_PARAM_APPLY_UAPSD)
5665 return -EINVAL;
5666 if (params->sta_modify_mask & STATION_PARAM_APPLY_CAPABILITY)
5667 return -EINVAL;
5668 if (params->supported_rates)
5669 return -EINVAL;
5670 if (params->ext_capab || params->ht_capa || params->vht_capa ||
5671 params->he_capa)
5672 return -EINVAL;
5673 }
5674
5675 if (statype != CFG80211_STA_AP_CLIENT &&
5676 statype != CFG80211_STA_AP_CLIENT_UNASSOC) {
5677 if (params->vlan)
5678 return -EINVAL;
5679 }
5680
5681 switch (statype) {
5682 case CFG80211_STA_AP_MLME_CLIENT:
5683 /* Use this only for authorizing/unauthorizing a station */
5684 if (!(params->sta_flags_mask & BIT(NL80211_STA_FLAG_AUTHORIZED)))
5685 return -EOPNOTSUPP;
5686 break;
5687 case CFG80211_STA_AP_CLIENT:
5688 case CFG80211_STA_AP_CLIENT_UNASSOC:
5689 /* accept only the listed bits */
5690 if (params->sta_flags_mask &
5691 ~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
5692 BIT(NL80211_STA_FLAG_AUTHENTICATED) |
5693 BIT(NL80211_STA_FLAG_ASSOCIATED) |
5694 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
5695 BIT(NL80211_STA_FLAG_WME) |
5696 BIT(NL80211_STA_FLAG_MFP)))
5697 return -EINVAL;
5698
5699 /* but authenticated/associated only if driver handles it */
5700 if (!(wiphy->features & NL80211_FEATURE_FULL_AP_CLIENT_STATE) &&
5701 params->sta_flags_mask &
5702 (BIT(NL80211_STA_FLAG_AUTHENTICATED) |
5703 BIT(NL80211_STA_FLAG_ASSOCIATED)))
5704 return -EINVAL;
5705 break;
5706 case CFG80211_STA_IBSS:
5707 case CFG80211_STA_AP_STA:
5708 /* reject any changes other than AUTHORIZED */
5709 if (params->sta_flags_mask & ~BIT(NL80211_STA_FLAG_AUTHORIZED))
5710 return -EINVAL;
5711 break;
5712 case CFG80211_STA_TDLS_PEER_SETUP:
5713 /* reject any changes other than AUTHORIZED or WME */
5714 if (params->sta_flags_mask & ~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
5715 BIT(NL80211_STA_FLAG_WME)))
5716 return -EINVAL;
5717 /* force (at least) rates when authorizing */
5718 if (params->sta_flags_set & BIT(NL80211_STA_FLAG_AUTHORIZED) &&
5719 !params->supported_rates)
5720 return -EINVAL;
5721 break;
5722 case CFG80211_STA_TDLS_PEER_ACTIVE:
5723 /* reject any changes */
5724 return -EINVAL;
5725 case CFG80211_STA_MESH_PEER_KERNEL:
5726 if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE)
5727 return -EINVAL;
5728 break;
5729 case CFG80211_STA_MESH_PEER_USER:
5730 if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION &&
5731 params->plink_action != NL80211_PLINK_ACTION_BLOCK)
5732 return -EINVAL;
5733 break;
5734 }
5735
5736 /*
5737 * Older kernel versions ignored this attribute entirely, so don't
5738 * reject attempts to update it but mark it as unused instead so the
5739 * driver won't look at the data.
5740 */
5741 if (statype != CFG80211_STA_AP_CLIENT_UNASSOC &&
5742 statype != CFG80211_STA_TDLS_PEER_SETUP)
5743 params->opmode_notif_used = false;
5744
5745 return 0;
5746 }
5747 EXPORT_SYMBOL(cfg80211_check_station_change);
5748
5749 /*
5750 * Get vlan interface making sure it is running and on the right wiphy.
5751 */
5752 static struct net_device *get_vlan(struct genl_info *info,
5753 struct cfg80211_registered_device *rdev)
5754 {
5755 struct nlattr *vlanattr = info->attrs[NL80211_ATTR_STA_VLAN];
5756 struct net_device *v;
5757 int ret;
5758
5759 if (!vlanattr)
5760 return NULL;
5761
5762 v = dev_get_by_index(genl_info_net(info), nla_get_u32(vlanattr));
5763 if (!v)
5764 return ERR_PTR(-ENODEV);
5765
5766 if (!v->ieee80211_ptr || v->ieee80211_ptr->wiphy != &rdev->wiphy) {
5767 ret = -EINVAL;
5768 goto error;
5769 }
5770
5771 if (v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
5772 v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
5773 v->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) {
5774 ret = -EINVAL;
5775 goto error;
5776 }
5777
5778 if (!netif_running(v)) {
5779 ret = -ENETDOWN;
5780 goto error;
5781 }
5782
5783 return v;
5784 error:
5785 dev_put(v);
5786 return ERR_PTR(ret);
5787 }
5788
5789 static const struct nla_policy
5790 nl80211_sta_wme_policy[NL80211_STA_WME_MAX + 1] = {
5791 [NL80211_STA_WME_UAPSD_QUEUES] = { .type = NLA_U8 },
5792 [NL80211_STA_WME_MAX_SP] = { .type = NLA_U8 },
5793 };
5794
5795 static int nl80211_parse_sta_wme(struct genl_info *info,
5796 struct station_parameters *params)
5797 {
5798 struct nlattr *tb[NL80211_STA_WME_MAX + 1];
5799 struct nlattr *nla;
5800 int err;
5801
5802 /* parse WME attributes if present */
5803 if (!info->attrs[NL80211_ATTR_STA_WME])
5804 return 0;
5805
5806 nla = info->attrs[NL80211_ATTR_STA_WME];
5807 err = nla_parse_nested_deprecated(tb, NL80211_STA_WME_MAX, nla,
5808 nl80211_sta_wme_policy,
5809 info->extack);
5810 if (err)
5811 return err;
5812
5813 if (tb[NL80211_STA_WME_UAPSD_QUEUES])
5814 params->uapsd_queues = nla_get_u8(
5815 tb[NL80211_STA_WME_UAPSD_QUEUES]);
5816 if (params->uapsd_queues & ~IEEE80211_WMM_IE_STA_QOSINFO_AC_MASK)
5817 return -EINVAL;
5818
5819 if (tb[NL80211_STA_WME_MAX_SP])
5820 params->max_sp = nla_get_u8(tb[NL80211_STA_WME_MAX_SP]);
5821
5822 if (params->max_sp & ~IEEE80211_WMM_IE_STA_QOSINFO_SP_MASK)
5823 return -EINVAL;
5824
5825 params->sta_modify_mask |= STATION_PARAM_APPLY_UAPSD;
5826
5827 return 0;
5828 }
5829
5830 static int nl80211_parse_sta_channel_info(struct genl_info *info,
5831 struct station_parameters *params)
5832 {
5833 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]) {
5834 params->supported_channels =
5835 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]);
5836 params->supported_channels_len =
5837 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]);
5838 /*
5839 * Need to include at least one (first channel, number of
5840 * channels) tuple for each subband, and must have proper
5841 * tuples for the rest of the data as well.
5842 */
5843 if (params->supported_channels_len < 2)
5844 return -EINVAL;
5845 if (params->supported_channels_len % 2)
5846 return -EINVAL;
5847 }
5848
5849 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]) {
5850 params->supported_oper_classes =
5851 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]);
5852 params->supported_oper_classes_len =
5853 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]);
5854 /*
5855 * The value of the Length field of the Supported Operating
5856 * Classes element is between 2 and 253.
5857 */
5858 if (params->supported_oper_classes_len < 2 ||
5859 params->supported_oper_classes_len > 253)
5860 return -EINVAL;
5861 }
5862 return 0;
5863 }
5864
5865 static int nl80211_set_station_tdls(struct genl_info *info,
5866 struct station_parameters *params)
5867 {
5868 int err;
5869 /* Dummy STA entry gets updated once the peer capabilities are known */
5870 if (info->attrs[NL80211_ATTR_PEER_AID])
5871 params->aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
5872 if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
5873 params->ht_capa =
5874 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
5875 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
5876 params->vht_capa =
5877 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
5878 if (info->attrs[NL80211_ATTR_HE_CAPABILITY]) {
5879 params->he_capa =
5880 nla_data(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
5881 params->he_capa_len =
5882 nla_len(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
5883
5884 if (params->he_capa_len < NL80211_HE_MIN_CAPABILITY_LEN)
5885 return -EINVAL;
5886 }
5887
5888 err = nl80211_parse_sta_channel_info(info, params);
5889 if (err)
5890 return err;
5891
5892 return nl80211_parse_sta_wme(info, params);
5893 }
5894
5895 static int nl80211_parse_sta_txpower_setting(struct genl_info *info,
5896 struct station_parameters *params)
5897 {
5898 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5899 int idx;
5900
5901 if (info->attrs[NL80211_ATTR_STA_TX_POWER_SETTING]) {
5902 if (!rdev->ops->set_tx_power ||
5903 !wiphy_ext_feature_isset(&rdev->wiphy,
5904 NL80211_EXT_FEATURE_STA_TX_PWR))
5905 return -EOPNOTSUPP;
5906
5907 idx = NL80211_ATTR_STA_TX_POWER_SETTING;
5908 params->txpwr.type = nla_get_u8(info->attrs[idx]);
5909
5910 if (params->txpwr.type == NL80211_TX_POWER_LIMITED) {
5911 idx = NL80211_ATTR_STA_TX_POWER;
5912
5913 if (info->attrs[idx])
5914 params->txpwr.power =
5915 nla_get_s16(info->attrs[idx]);
5916 else
5917 return -EINVAL;
5918 }
5919 params->sta_modify_mask |= STATION_PARAM_APPLY_STA_TXPOWER;
5920 }
5921
5922 return 0;
5923 }
5924
5925 static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info)
5926 {
5927 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5928 struct net_device *dev = info->user_ptr[1];
5929 struct station_parameters params;
5930 u8 *mac_addr;
5931 int err;
5932
5933 memset(&params, 0, sizeof(params));
5934
5935 if (!rdev->ops->change_station)
5936 return -EOPNOTSUPP;
5937
5938 /*
5939 * AID and listen_interval properties can be set only for unassociated
5940 * station. Include these parameters here and will check them in
5941 * cfg80211_check_station_change().
5942 */
5943 if (info->attrs[NL80211_ATTR_STA_AID])
5944 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
5945
5946 if (info->attrs[NL80211_ATTR_VLAN_ID])
5947 params.vlan_id = nla_get_u16(info->attrs[NL80211_ATTR_VLAN_ID]);
5948
5949 if (info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
5950 params.listen_interval =
5951 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
5952 else
5953 params.listen_interval = -1;
5954
5955 if (info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS])
5956 params.support_p2p_ps =
5957 nla_get_u8(info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]);
5958 else
5959 params.support_p2p_ps = -1;
5960
5961 if (!info->attrs[NL80211_ATTR_MAC])
5962 return -EINVAL;
5963
5964 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
5965
5966 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) {
5967 params.supported_rates =
5968 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
5969 params.supported_rates_len =
5970 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
5971 }
5972
5973 if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
5974 params.capability =
5975 nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]);
5976 params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY;
5977 }
5978
5979 if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) {
5980 params.ext_capab =
5981 nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
5982 params.ext_capab_len =
5983 nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
5984 }
5985
5986 if (parse_station_flags(info, dev->ieee80211_ptr->iftype, &params))
5987 return -EINVAL;
5988
5989 if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION])
5990 params.plink_action =
5991 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
5992
5993 if (info->attrs[NL80211_ATTR_STA_PLINK_STATE]) {
5994 params.plink_state =
5995 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_STATE]);
5996 if (info->attrs[NL80211_ATTR_MESH_PEER_AID])
5997 params.peer_aid = nla_get_u16(
5998 info->attrs[NL80211_ATTR_MESH_PEER_AID]);
5999 params.sta_modify_mask |= STATION_PARAM_APPLY_PLINK_STATE;
6000 }
6001
6002 if (info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE])
6003 params.local_pm = nla_get_u32(
6004 info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE]);
6005
6006 if (info->attrs[NL80211_ATTR_OPMODE_NOTIF]) {
6007 params.opmode_notif_used = true;
6008 params.opmode_notif =
6009 nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]);
6010 }
6011
6012 if (info->attrs[NL80211_ATTR_HE_6GHZ_CAPABILITY])
6013 params.he_6ghz_capa =
6014 nla_data(info->attrs[NL80211_ATTR_HE_6GHZ_CAPABILITY]);
6015
6016 if (info->attrs[NL80211_ATTR_AIRTIME_WEIGHT])
6017 params.airtime_weight =
6018 nla_get_u16(info->attrs[NL80211_ATTR_AIRTIME_WEIGHT]);
6019
6020 if (params.airtime_weight &&
6021 !wiphy_ext_feature_isset(&rdev->wiphy,
6022 NL80211_EXT_FEATURE_AIRTIME_FAIRNESS))
6023 return -EOPNOTSUPP;
6024
6025 err = nl80211_parse_sta_txpower_setting(info, &params);
6026 if (err)
6027 return err;
6028
6029 /* Include parameters for TDLS peer (will check later) */
6030 err = nl80211_set_station_tdls(info, &params);
6031 if (err)
6032 return err;
6033
6034 params.vlan = get_vlan(info, rdev);
6035 if (IS_ERR(params.vlan))
6036 return PTR_ERR(params.vlan);
6037
6038 switch (dev->ieee80211_ptr->iftype) {
6039 case NL80211_IFTYPE_AP:
6040 case NL80211_IFTYPE_AP_VLAN:
6041 case NL80211_IFTYPE_P2P_GO:
6042 case NL80211_IFTYPE_P2P_CLIENT:
6043 case NL80211_IFTYPE_STATION:
6044 case NL80211_IFTYPE_ADHOC:
6045 case NL80211_IFTYPE_MESH_POINT:
6046 break;
6047 default:
6048 err = -EOPNOTSUPP;
6049 goto out_put_vlan;
6050 }
6051
6052 /* driver will call cfg80211_check_station_change() */
6053 err = rdev_change_station(rdev, dev, mac_addr, &params);
6054
6055 out_put_vlan:
6056 if (params.vlan)
6057 dev_put(params.vlan);
6058
6059 return err;
6060 }
6061
6062 static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info)
6063 {
6064 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6065 int err;
6066 struct net_device *dev = info->user_ptr[1];
6067 struct station_parameters params;
6068 u8 *mac_addr = NULL;
6069 u32 auth_assoc = BIT(NL80211_STA_FLAG_AUTHENTICATED) |
6070 BIT(NL80211_STA_FLAG_ASSOCIATED);
6071
6072 memset(&params, 0, sizeof(params));
6073
6074 if (!rdev->ops->add_station)
6075 return -EOPNOTSUPP;
6076
6077 if (!info->attrs[NL80211_ATTR_MAC])
6078 return -EINVAL;
6079
6080 if (!info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
6081 return -EINVAL;
6082
6083 if (!info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES])
6084 return -EINVAL;
6085
6086 if (!info->attrs[NL80211_ATTR_STA_AID] &&
6087 !info->attrs[NL80211_ATTR_PEER_AID])
6088 return -EINVAL;
6089
6090 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
6091 params.supported_rates =
6092 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
6093 params.supported_rates_len =
6094 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
6095 params.listen_interval =
6096 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
6097
6098 if (info->attrs[NL80211_ATTR_VLAN_ID])
6099 params.vlan_id = nla_get_u16(info->attrs[NL80211_ATTR_VLAN_ID]);
6100
6101 if (info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]) {
6102 params.support_p2p_ps =
6103 nla_get_u8(info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]);
6104 } else {
6105 /*
6106 * if not specified, assume it's supported for P2P GO interface,
6107 * and is NOT supported for AP interface
6108 */
6109 params.support_p2p_ps =
6110 dev->ieee80211_ptr->iftype == NL80211_IFTYPE_P2P_GO;
6111 }
6112
6113 if (info->attrs[NL80211_ATTR_PEER_AID])
6114 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
6115 else
6116 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
6117
6118 if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
6119 params.capability =
6120 nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]);
6121 params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY;
6122 }
6123
6124 if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) {
6125 params.ext_capab =
6126 nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
6127 params.ext_capab_len =
6128 nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
6129 }
6130
6131 if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
6132 params.ht_capa =
6133 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
6134
6135 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
6136 params.vht_capa =
6137 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
6138
6139 if (info->attrs[NL80211_ATTR_HE_CAPABILITY]) {
6140 params.he_capa =
6141 nla_data(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
6142 params.he_capa_len =
6143 nla_len(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
6144
6145 /* max len is validated in nla policy */
6146 if (params.he_capa_len < NL80211_HE_MIN_CAPABILITY_LEN)
6147 return -EINVAL;
6148 }
6149
6150 if (info->attrs[NL80211_ATTR_HE_6GHZ_CAPABILITY])
6151 params.he_6ghz_capa =
6152 nla_data(info->attrs[NL80211_ATTR_HE_6GHZ_CAPABILITY]);
6153
6154 if (info->attrs[NL80211_ATTR_OPMODE_NOTIF]) {
6155 params.opmode_notif_used = true;
6156 params.opmode_notif =
6157 nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]);
6158 }
6159
6160 if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION])
6161 params.plink_action =
6162 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
6163
6164 if (info->attrs[NL80211_ATTR_AIRTIME_WEIGHT])
6165 params.airtime_weight =
6166 nla_get_u16(info->attrs[NL80211_ATTR_AIRTIME_WEIGHT]);
6167
6168 if (params.airtime_weight &&
6169 !wiphy_ext_feature_isset(&rdev->wiphy,
6170 NL80211_EXT_FEATURE_AIRTIME_FAIRNESS))
6171 return -EOPNOTSUPP;
6172
6173 err = nl80211_parse_sta_txpower_setting(info, &params);
6174 if (err)
6175 return err;
6176
6177 err = nl80211_parse_sta_channel_info(info, &params);
6178 if (err)
6179 return err;
6180
6181 err = nl80211_parse_sta_wme(info, &params);
6182 if (err)
6183 return err;
6184
6185 if (parse_station_flags(info, dev->ieee80211_ptr->iftype, &params))
6186 return -EINVAL;
6187
6188 /* HT/VHT requires QoS, but if we don't have that just ignore HT/VHT
6189 * as userspace might just pass through the capabilities from the IEs
6190 * directly, rather than enforcing this restriction and returning an
6191 * error in this case.
6192 */
6193 if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_WME))) {
6194 params.ht_capa = NULL;
6195 params.vht_capa = NULL;
6196
6197 /* HE requires WME */
6198 if (params.he_capa_len || params.he_6ghz_capa)
6199 return -EINVAL;
6200 }
6201
6202 /* Ensure that HT/VHT capabilities are not set for 6 GHz HE STA */
6203 if (params.he_6ghz_capa && (params.ht_capa || params.vht_capa))
6204 return -EINVAL;
6205
6206 /* When you run into this, adjust the code below for the new flag */
6207 BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 7);
6208
6209 switch (dev->ieee80211_ptr->iftype) {
6210 case NL80211_IFTYPE_AP:
6211 case NL80211_IFTYPE_AP_VLAN:
6212 case NL80211_IFTYPE_P2P_GO:
6213 /* ignore WME attributes if iface/sta is not capable */
6214 if (!(rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) ||
6215 !(params.sta_flags_set & BIT(NL80211_STA_FLAG_WME)))
6216 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
6217
6218 /* TDLS peers cannot be added */
6219 if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) ||
6220 info->attrs[NL80211_ATTR_PEER_AID])
6221 return -EINVAL;
6222 /* but don't bother the driver with it */
6223 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
6224
6225 /* allow authenticated/associated only if driver handles it */
6226 if (!(rdev->wiphy.features &
6227 NL80211_FEATURE_FULL_AP_CLIENT_STATE) &&
6228 params.sta_flags_mask & auth_assoc)
6229 return -EINVAL;
6230
6231 /* Older userspace, or userspace wanting to be compatible with
6232 * !NL80211_FEATURE_FULL_AP_CLIENT_STATE, will not set the auth
6233 * and assoc flags in the mask, but assumes the station will be
6234 * added as associated anyway since this was the required driver
6235 * behaviour before NL80211_FEATURE_FULL_AP_CLIENT_STATE was
6236 * introduced.
6237 * In order to not bother drivers with this quirk in the API
6238 * set the flags in both the mask and set for new stations in
6239 * this case.
6240 */
6241 if (!(params.sta_flags_mask & auth_assoc)) {
6242 params.sta_flags_mask |= auth_assoc;
6243 params.sta_flags_set |= auth_assoc;
6244 }
6245
6246 /* must be last in here for error handling */
6247 params.vlan = get_vlan(info, rdev);
6248 if (IS_ERR(params.vlan))
6249 return PTR_ERR(params.vlan);
6250 break;
6251 case NL80211_IFTYPE_MESH_POINT:
6252 /* ignore uAPSD data */
6253 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
6254
6255 /* associated is disallowed */
6256 if (params.sta_flags_mask & BIT(NL80211_STA_FLAG_ASSOCIATED))
6257 return -EINVAL;
6258 /* TDLS peers cannot be added */
6259 if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) ||
6260 info->attrs[NL80211_ATTR_PEER_AID])
6261 return -EINVAL;
6262 break;
6263 case NL80211_IFTYPE_STATION:
6264 case NL80211_IFTYPE_P2P_CLIENT:
6265 /* ignore uAPSD data */
6266 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
6267
6268 /* these are disallowed */
6269 if (params.sta_flags_mask &
6270 (BIT(NL80211_STA_FLAG_ASSOCIATED) |
6271 BIT(NL80211_STA_FLAG_AUTHENTICATED)))
6272 return -EINVAL;
6273 /* Only TDLS peers can be added */
6274 if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
6275 return -EINVAL;
6276 /* Can only add if TDLS ... */
6277 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS))
6278 return -EOPNOTSUPP;
6279 /* ... with external setup is supported */
6280 if (!(rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP))
6281 return -EOPNOTSUPP;
6282 /*
6283 * Older wpa_supplicant versions always mark the TDLS peer
6284 * as authorized, but it shouldn't yet be.
6285 */
6286 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_AUTHORIZED);
6287 break;
6288 default:
6289 return -EOPNOTSUPP;
6290 }
6291
6292 /* be aware of params.vlan when changing code here */
6293
6294 err = rdev_add_station(rdev, dev, mac_addr, &params);
6295
6296 if (params.vlan)
6297 dev_put(params.vlan);
6298 return err;
6299 }
6300
6301 static int nl80211_del_station(struct sk_buff *skb, struct genl_info *info)
6302 {
6303 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6304 struct net_device *dev = info->user_ptr[1];
6305 struct station_del_parameters params;
6306
6307 memset(&params, 0, sizeof(params));
6308
6309 if (info->attrs[NL80211_ATTR_MAC])
6310 params.mac = nla_data(info->attrs[NL80211_ATTR_MAC]);
6311
6312 switch (dev->ieee80211_ptr->iftype) {
6313 case NL80211_IFTYPE_AP:
6314 case NL80211_IFTYPE_AP_VLAN:
6315 case NL80211_IFTYPE_MESH_POINT:
6316 case NL80211_IFTYPE_P2P_GO:
6317 /* always accept these */
6318 break;
6319 case NL80211_IFTYPE_ADHOC:
6320 /* conditionally accept */
6321 if (wiphy_ext_feature_isset(&rdev->wiphy,
6322 NL80211_EXT_FEATURE_DEL_IBSS_STA))
6323 break;
6324 return -EINVAL;
6325 default:
6326 return -EINVAL;
6327 }
6328
6329 if (!rdev->ops->del_station)
6330 return -EOPNOTSUPP;
6331
6332 if (info->attrs[NL80211_ATTR_MGMT_SUBTYPE]) {
6333 params.subtype =
6334 nla_get_u8(info->attrs[NL80211_ATTR_MGMT_SUBTYPE]);
6335 if (params.subtype != IEEE80211_STYPE_DISASSOC >> 4 &&
6336 params.subtype != IEEE80211_STYPE_DEAUTH >> 4)
6337 return -EINVAL;
6338 } else {
6339 /* Default to Deauthentication frame */
6340 params.subtype = IEEE80211_STYPE_DEAUTH >> 4;
6341 }
6342
6343 if (info->attrs[NL80211_ATTR_REASON_CODE]) {
6344 params.reason_code =
6345 nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
6346 if (params.reason_code == 0)
6347 return -EINVAL; /* 0 is reserved */
6348 } else {
6349 /* Default to reason code 2 */
6350 params.reason_code = WLAN_REASON_PREV_AUTH_NOT_VALID;
6351 }
6352
6353 return rdev_del_station(rdev, dev, &params);
6354 }
6355
6356 static int nl80211_send_mpath(struct sk_buff *msg, u32 portid, u32 seq,
6357 int flags, struct net_device *dev,
6358 u8 *dst, u8 *next_hop,
6359 struct mpath_info *pinfo)
6360 {
6361 void *hdr;
6362 struct nlattr *pinfoattr;
6363
6364 hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_MPATH);
6365 if (!hdr)
6366 return -1;
6367
6368 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
6369 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, dst) ||
6370 nla_put(msg, NL80211_ATTR_MPATH_NEXT_HOP, ETH_ALEN, next_hop) ||
6371 nla_put_u32(msg, NL80211_ATTR_GENERATION, pinfo->generation))
6372 goto nla_put_failure;
6373
6374 pinfoattr = nla_nest_start_noflag(msg, NL80211_ATTR_MPATH_INFO);
6375 if (!pinfoattr)
6376 goto nla_put_failure;
6377 if ((pinfo->filled & MPATH_INFO_FRAME_QLEN) &&
6378 nla_put_u32(msg, NL80211_MPATH_INFO_FRAME_QLEN,
6379 pinfo->frame_qlen))
6380 goto nla_put_failure;
6381 if (((pinfo->filled & MPATH_INFO_SN) &&
6382 nla_put_u32(msg, NL80211_MPATH_INFO_SN, pinfo->sn)) ||
6383 ((pinfo->filled & MPATH_INFO_METRIC) &&
6384 nla_put_u32(msg, NL80211_MPATH_INFO_METRIC,
6385 pinfo->metric)) ||
6386 ((pinfo->filled & MPATH_INFO_EXPTIME) &&
6387 nla_put_u32(msg, NL80211_MPATH_INFO_EXPTIME,
6388 pinfo->exptime)) ||
6389 ((pinfo->filled & MPATH_INFO_FLAGS) &&
6390 nla_put_u8(msg, NL80211_MPATH_INFO_FLAGS,
6391 pinfo->flags)) ||
6392 ((pinfo->filled & MPATH_INFO_DISCOVERY_TIMEOUT) &&
6393 nla_put_u32(msg, NL80211_MPATH_INFO_DISCOVERY_TIMEOUT,
6394 pinfo->discovery_timeout)) ||
6395 ((pinfo->filled & MPATH_INFO_DISCOVERY_RETRIES) &&
6396 nla_put_u8(msg, NL80211_MPATH_INFO_DISCOVERY_RETRIES,
6397 pinfo->discovery_retries)) ||
6398 ((pinfo->filled & MPATH_INFO_HOP_COUNT) &&
6399 nla_put_u8(msg, NL80211_MPATH_INFO_HOP_COUNT,
6400 pinfo->hop_count)) ||
6401 ((pinfo->filled & MPATH_INFO_PATH_CHANGE) &&
6402 nla_put_u32(msg, NL80211_MPATH_INFO_PATH_CHANGE,
6403 pinfo->path_change_count)))
6404 goto nla_put_failure;
6405
6406 nla_nest_end(msg, pinfoattr);
6407
6408 genlmsg_end(msg, hdr);
6409 return 0;
6410
6411 nla_put_failure:
6412 genlmsg_cancel(msg, hdr);
6413 return -EMSGSIZE;
6414 }
6415
6416 static int nl80211_dump_mpath(struct sk_buff *skb,
6417 struct netlink_callback *cb)
6418 {
6419 struct mpath_info pinfo;
6420 struct cfg80211_registered_device *rdev;
6421 struct wireless_dev *wdev;
6422 u8 dst[ETH_ALEN];
6423 u8 next_hop[ETH_ALEN];
6424 int path_idx = cb->args[2];
6425 int err;
6426
6427 rtnl_lock();
6428 err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev);
6429 if (err)
6430 goto out_err;
6431
6432 if (!rdev->ops->dump_mpath) {
6433 err = -EOPNOTSUPP;
6434 goto out_err;
6435 }
6436
6437 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) {
6438 err = -EOPNOTSUPP;
6439 goto out_err;
6440 }
6441
6442 while (1) {
6443 err = rdev_dump_mpath(rdev, wdev->netdev, path_idx, dst,
6444 next_hop, &pinfo);
6445 if (err == -ENOENT)
6446 break;
6447 if (err)
6448 goto out_err;
6449
6450 if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid,
6451 cb->nlh->nlmsg_seq, NLM_F_MULTI,
6452 wdev->netdev, dst, next_hop,
6453 &pinfo) < 0)
6454 goto out;
6455
6456 path_idx++;
6457 }
6458
6459 out:
6460 cb->args[2] = path_idx;
6461 err = skb->len;
6462 out_err:
6463 rtnl_unlock();
6464 return err;
6465 }
6466
6467 static int nl80211_get_mpath(struct sk_buff *skb, struct genl_info *info)
6468 {
6469 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6470 int err;
6471 struct net_device *dev = info->user_ptr[1];
6472 struct mpath_info pinfo;
6473 struct sk_buff *msg;
6474 u8 *dst = NULL;
6475 u8 next_hop[ETH_ALEN];
6476
6477 memset(&pinfo, 0, sizeof(pinfo));
6478
6479 if (!info->attrs[NL80211_ATTR_MAC])
6480 return -EINVAL;
6481
6482 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
6483
6484 if (!rdev->ops->get_mpath)
6485 return -EOPNOTSUPP;
6486
6487 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
6488 return -EOPNOTSUPP;
6489
6490 err = rdev_get_mpath(rdev, dev, dst, next_hop, &pinfo);
6491 if (err)
6492 return err;
6493
6494 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
6495 if (!msg)
6496 return -ENOMEM;
6497
6498 if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0,
6499 dev, dst, next_hop, &pinfo) < 0) {
6500 nlmsg_free(msg);
6501 return -ENOBUFS;
6502 }
6503
6504 return genlmsg_reply(msg, info);
6505 }
6506
6507 static int nl80211_set_mpath(struct sk_buff *skb, struct genl_info *info)
6508 {
6509 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6510 struct net_device *dev = info->user_ptr[1];
6511 u8 *dst = NULL;
6512 u8 *next_hop = NULL;
6513
6514 if (!info->attrs[NL80211_ATTR_MAC])
6515 return -EINVAL;
6516
6517 if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
6518 return -EINVAL;
6519
6520 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
6521 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
6522
6523 if (!rdev->ops->change_mpath)
6524 return -EOPNOTSUPP;
6525
6526 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
6527 return -EOPNOTSUPP;
6528
6529 return rdev_change_mpath(rdev, dev, dst, next_hop);
6530 }
6531
6532 static int nl80211_new_mpath(struct sk_buff *skb, struct genl_info *info)
6533 {
6534 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6535 struct net_device *dev = info->user_ptr[1];
6536 u8 *dst = NULL;
6537 u8 *next_hop = NULL;
6538
6539 if (!info->attrs[NL80211_ATTR_MAC])
6540 return -EINVAL;
6541
6542 if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
6543 return -EINVAL;
6544
6545 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
6546 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
6547
6548 if (!rdev->ops->add_mpath)
6549 return -EOPNOTSUPP;
6550
6551 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
6552 return -EOPNOTSUPP;
6553
6554 return rdev_add_mpath(rdev, dev, dst, next_hop);
6555 }
6556
6557 static int nl80211_del_mpath(struct sk_buff *skb, struct genl_info *info)
6558 {
6559 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6560 struct net_device *dev = info->user_ptr[1];
6561 u8 *dst = NULL;
6562
6563 if (info->attrs[NL80211_ATTR_MAC])
6564 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
6565
6566 if (!rdev->ops->del_mpath)
6567 return -EOPNOTSUPP;
6568
6569 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
6570 return -EOPNOTSUPP;
6571
6572 return rdev_del_mpath(rdev, dev, dst);
6573 }
6574
6575 static int nl80211_get_mpp(struct sk_buff *skb, struct genl_info *info)
6576 {
6577 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6578 int err;
6579 struct net_device *dev = info->user_ptr[1];
6580 struct mpath_info pinfo;
6581 struct sk_buff *msg;
6582 u8 *dst = NULL;
6583 u8 mpp[ETH_ALEN];
6584
6585 memset(&pinfo, 0, sizeof(pinfo));
6586
6587 if (!info->attrs[NL80211_ATTR_MAC])
6588 return -EINVAL;
6589
6590 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
6591
6592 if (!rdev->ops->get_mpp)
6593 return -EOPNOTSUPP;
6594
6595 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
6596 return -EOPNOTSUPP;
6597
6598 err = rdev_get_mpp(rdev, dev, dst, mpp, &pinfo);
6599 if (err)
6600 return err;
6601
6602 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
6603 if (!msg)
6604 return -ENOMEM;
6605
6606 if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0,
6607 dev, dst, mpp, &pinfo) < 0) {
6608 nlmsg_free(msg);
6609 return -ENOBUFS;
6610 }
6611
6612 return genlmsg_reply(msg, info);
6613 }
6614
6615 static int nl80211_dump_mpp(struct sk_buff *skb,
6616 struct netlink_callback *cb)
6617 {
6618 struct mpath_info pinfo;
6619 struct cfg80211_registered_device *rdev;
6620 struct wireless_dev *wdev;
6621 u8 dst[ETH_ALEN];
6622 u8 mpp[ETH_ALEN];
6623 int path_idx = cb->args[2];
6624 int err;
6625
6626 rtnl_lock();
6627 err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev);
6628 if (err)
6629 goto out_err;
6630
6631 if (!rdev->ops->dump_mpp) {
6632 err = -EOPNOTSUPP;
6633 goto out_err;
6634 }
6635
6636 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) {
6637 err = -EOPNOTSUPP;
6638 goto out_err;
6639 }
6640
6641 while (1) {
6642 err = rdev_dump_mpp(rdev, wdev->netdev, path_idx, dst,
6643 mpp, &pinfo);
6644 if (err == -ENOENT)
6645 break;
6646 if (err)
6647 goto out_err;
6648
6649 if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid,
6650 cb->nlh->nlmsg_seq, NLM_F_MULTI,
6651 wdev->netdev, dst, mpp,
6652 &pinfo) < 0)
6653 goto out;
6654
6655 path_idx++;
6656 }
6657
6658 out:
6659 cb->args[2] = path_idx;
6660 err = skb->len;
6661 out_err:
6662 rtnl_unlock();
6663 return err;
6664 }
6665
6666 static int nl80211_set_bss(struct sk_buff *skb, struct genl_info *info)
6667 {
6668 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6669 struct net_device *dev = info->user_ptr[1];
6670 struct wireless_dev *wdev = dev->ieee80211_ptr;
6671 struct bss_parameters params;
6672 int err;
6673
6674 memset(&params, 0, sizeof(params));
6675 /* default to not changing parameters */
6676 params.use_cts_prot = -1;
6677 params.use_short_preamble = -1;
6678 params.use_short_slot_time = -1;
6679 params.ap_isolate = -1;
6680 params.ht_opmode = -1;
6681 params.p2p_ctwindow = -1;
6682 params.p2p_opp_ps = -1;
6683
6684 if (info->attrs[NL80211_ATTR_BSS_CTS_PROT])
6685 params.use_cts_prot =
6686 nla_get_u8(info->attrs[NL80211_ATTR_BSS_CTS_PROT]);
6687 if (info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE])
6688 params.use_short_preamble =
6689 nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]);
6690 if (info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME])
6691 params.use_short_slot_time =
6692 nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]);
6693 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
6694 params.basic_rates =
6695 nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
6696 params.basic_rates_len =
6697 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
6698 }
6699 if (info->attrs[NL80211_ATTR_AP_ISOLATE])
6700 params.ap_isolate = !!nla_get_u8(info->attrs[NL80211_ATTR_AP_ISOLATE]);
6701 if (info->attrs[NL80211_ATTR_BSS_HT_OPMODE])
6702 params.ht_opmode =
6703 nla_get_u16(info->attrs[NL80211_ATTR_BSS_HT_OPMODE]);
6704
6705 if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
6706 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
6707 return -EINVAL;
6708 params.p2p_ctwindow =
6709 nla_get_u8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
6710 if (params.p2p_ctwindow != 0 &&
6711 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN))
6712 return -EINVAL;
6713 }
6714
6715 if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
6716 u8 tmp;
6717
6718 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
6719 return -EINVAL;
6720 tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
6721 params.p2p_opp_ps = tmp;
6722 if (params.p2p_opp_ps &&
6723 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS))
6724 return -EINVAL;
6725 }
6726
6727 if (!rdev->ops->change_bss)
6728 return -EOPNOTSUPP;
6729
6730 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
6731 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
6732 return -EOPNOTSUPP;
6733
6734 wdev_lock(wdev);
6735 err = rdev_change_bss(rdev, dev, &params);
6736 wdev_unlock(wdev);
6737
6738 return err;
6739 }
6740
6741 static int nl80211_req_set_reg(struct sk_buff *skb, struct genl_info *info)
6742 {
6743 char *data = NULL;
6744 bool is_indoor;
6745 enum nl80211_user_reg_hint_type user_reg_hint_type;
6746 u32 owner_nlportid;
6747
6748 /*
6749 * You should only get this when cfg80211 hasn't yet initialized
6750 * completely when built-in to the kernel right between the time
6751 * window between nl80211_init() and regulatory_init(), if that is
6752 * even possible.
6753 */
6754 if (unlikely(!rcu_access_pointer(cfg80211_regdomain)))
6755 return -EINPROGRESS;
6756
6757 if (info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE])
6758 user_reg_hint_type =
6759 nla_get_u32(info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE]);
6760 else
6761 user_reg_hint_type = NL80211_USER_REG_HINT_USER;
6762
6763 switch (user_reg_hint_type) {
6764 case NL80211_USER_REG_HINT_USER:
6765 case NL80211_USER_REG_HINT_CELL_BASE:
6766 if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
6767 return -EINVAL;
6768
6769 data = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
6770 return regulatory_hint_user(data, user_reg_hint_type);
6771 case NL80211_USER_REG_HINT_INDOOR:
6772 if (info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
6773 owner_nlportid = info->snd_portid;
6774 is_indoor = !!info->attrs[NL80211_ATTR_REG_INDOOR];
6775 } else {
6776 owner_nlportid = 0;
6777 is_indoor = true;
6778 }
6779
6780 return regulatory_hint_indoor(is_indoor, owner_nlportid);
6781 default:
6782 return -EINVAL;
6783 }
6784 }
6785
6786 static int nl80211_reload_regdb(struct sk_buff *skb, struct genl_info *info)
6787 {
6788 return reg_reload_regdb();
6789 }
6790
6791 static int nl80211_get_mesh_config(struct sk_buff *skb,
6792 struct genl_info *info)
6793 {
6794 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6795 struct net_device *dev = info->user_ptr[1];
6796 struct wireless_dev *wdev = dev->ieee80211_ptr;
6797 struct mesh_config cur_params;
6798 int err = 0;
6799 void *hdr;
6800 struct nlattr *pinfoattr;
6801 struct sk_buff *msg;
6802
6803 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
6804 return -EOPNOTSUPP;
6805
6806 if (!rdev->ops->get_mesh_config)
6807 return -EOPNOTSUPP;
6808
6809 wdev_lock(wdev);
6810 /* If not connected, get default parameters */
6811 if (!wdev->mesh_id_len)
6812 memcpy(&cur_params, &default_mesh_config, sizeof(cur_params));
6813 else
6814 err = rdev_get_mesh_config(rdev, dev, &cur_params);
6815 wdev_unlock(wdev);
6816
6817 if (err)
6818 return err;
6819
6820 /* Draw up a netlink message to send back */
6821 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
6822 if (!msg)
6823 return -ENOMEM;
6824 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
6825 NL80211_CMD_GET_MESH_CONFIG);
6826 if (!hdr)
6827 goto out;
6828 pinfoattr = nla_nest_start_noflag(msg, NL80211_ATTR_MESH_CONFIG);
6829 if (!pinfoattr)
6830 goto nla_put_failure;
6831 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
6832 nla_put_u16(msg, NL80211_MESHCONF_RETRY_TIMEOUT,
6833 cur_params.dot11MeshRetryTimeout) ||
6834 nla_put_u16(msg, NL80211_MESHCONF_CONFIRM_TIMEOUT,
6835 cur_params.dot11MeshConfirmTimeout) ||
6836 nla_put_u16(msg, NL80211_MESHCONF_HOLDING_TIMEOUT,
6837 cur_params.dot11MeshHoldingTimeout) ||
6838 nla_put_u16(msg, NL80211_MESHCONF_MAX_PEER_LINKS,
6839 cur_params.dot11MeshMaxPeerLinks) ||
6840 nla_put_u8(msg, NL80211_MESHCONF_MAX_RETRIES,
6841 cur_params.dot11MeshMaxRetries) ||
6842 nla_put_u8(msg, NL80211_MESHCONF_TTL,
6843 cur_params.dot11MeshTTL) ||
6844 nla_put_u8(msg, NL80211_MESHCONF_ELEMENT_TTL,
6845 cur_params.element_ttl) ||
6846 nla_put_u8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
6847 cur_params.auto_open_plinks) ||
6848 nla_put_u32(msg, NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
6849 cur_params.dot11MeshNbrOffsetMaxNeighbor) ||
6850 nla_put_u8(msg, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
6851 cur_params.dot11MeshHWMPmaxPREQretries) ||
6852 nla_put_u32(msg, NL80211_MESHCONF_PATH_REFRESH_TIME,
6853 cur_params.path_refresh_time) ||
6854 nla_put_u16(msg, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
6855 cur_params.min_discovery_timeout) ||
6856 nla_put_u32(msg, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
6857 cur_params.dot11MeshHWMPactivePathTimeout) ||
6858 nla_put_u16(msg, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
6859 cur_params.dot11MeshHWMPpreqMinInterval) ||
6860 nla_put_u16(msg, NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
6861 cur_params.dot11MeshHWMPperrMinInterval) ||
6862 nla_put_u16(msg, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
6863 cur_params.dot11MeshHWMPnetDiameterTraversalTime) ||
6864 nla_put_u8(msg, NL80211_MESHCONF_HWMP_ROOTMODE,
6865 cur_params.dot11MeshHWMPRootMode) ||
6866 nla_put_u16(msg, NL80211_MESHCONF_HWMP_RANN_INTERVAL,
6867 cur_params.dot11MeshHWMPRannInterval) ||
6868 nla_put_u8(msg, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
6869 cur_params.dot11MeshGateAnnouncementProtocol) ||
6870 nla_put_u8(msg, NL80211_MESHCONF_FORWARDING,
6871 cur_params.dot11MeshForwarding) ||
6872 nla_put_s32(msg, NL80211_MESHCONF_RSSI_THRESHOLD,
6873 cur_params.rssi_threshold) ||
6874 nla_put_u32(msg, NL80211_MESHCONF_HT_OPMODE,
6875 cur_params.ht_opmode) ||
6876 nla_put_u32(msg, NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
6877 cur_params.dot11MeshHWMPactivePathToRootTimeout) ||
6878 nla_put_u16(msg, NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
6879 cur_params.dot11MeshHWMProotInterval) ||
6880 nla_put_u16(msg, NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
6881 cur_params.dot11MeshHWMPconfirmationInterval) ||
6882 nla_put_u32(msg, NL80211_MESHCONF_POWER_MODE,
6883 cur_params.power_mode) ||
6884 nla_put_u16(msg, NL80211_MESHCONF_AWAKE_WINDOW,
6885 cur_params.dot11MeshAwakeWindowDuration) ||
6886 nla_put_u32(msg, NL80211_MESHCONF_PLINK_TIMEOUT,
6887 cur_params.plink_timeout) ||
6888 nla_put_u8(msg, NL80211_MESHCONF_CONNECTED_TO_GATE,
6889 cur_params.dot11MeshConnectedToMeshGate) ||
6890 nla_put_u8(msg, NL80211_MESHCONF_NOLEARN,
6891 cur_params.dot11MeshNolearn) ||
6892 nla_put_u8(msg, NL80211_MESHCONF_CONNECTED_TO_AS,
6893 cur_params.dot11MeshConnectedToAuthServer))
6894 goto nla_put_failure;
6895 nla_nest_end(msg, pinfoattr);
6896 genlmsg_end(msg, hdr);
6897 return genlmsg_reply(msg, info);
6898
6899 nla_put_failure:
6900 out:
6901 nlmsg_free(msg);
6902 return -ENOBUFS;
6903 }
6904
6905 static const struct nla_policy
6906 nl80211_meshconf_params_policy[NL80211_MESHCONF_ATTR_MAX+1] = {
6907 [NL80211_MESHCONF_RETRY_TIMEOUT] =
6908 NLA_POLICY_RANGE(NLA_U16, 1, 255),
6909 [NL80211_MESHCONF_CONFIRM_TIMEOUT] =
6910 NLA_POLICY_RANGE(NLA_U16, 1, 255),
6911 [NL80211_MESHCONF_HOLDING_TIMEOUT] =
6912 NLA_POLICY_RANGE(NLA_U16, 1, 255),
6913 [NL80211_MESHCONF_MAX_PEER_LINKS] =
6914 NLA_POLICY_RANGE(NLA_U16, 0, 255),
6915 [NL80211_MESHCONF_MAX_RETRIES] = NLA_POLICY_MAX(NLA_U8, 16),
6916 [NL80211_MESHCONF_TTL] = NLA_POLICY_MIN(NLA_U8, 1),
6917 [NL80211_MESHCONF_ELEMENT_TTL] = NLA_POLICY_MIN(NLA_U8, 1),
6918 [NL80211_MESHCONF_AUTO_OPEN_PLINKS] = NLA_POLICY_MAX(NLA_U8, 1),
6919 [NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR] =
6920 NLA_POLICY_RANGE(NLA_U32, 1, 255),
6921 [NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES] = { .type = NLA_U8 },
6922 [NL80211_MESHCONF_PATH_REFRESH_TIME] = { .type = NLA_U32 },
6923 [NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT] = NLA_POLICY_MIN(NLA_U16, 1),
6924 [NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT] = { .type = NLA_U32 },
6925 [NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL] =
6926 NLA_POLICY_MIN(NLA_U16, 1),
6927 [NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL] =
6928 NLA_POLICY_MIN(NLA_U16, 1),
6929 [NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME] =
6930 NLA_POLICY_MIN(NLA_U16, 1),
6931 [NL80211_MESHCONF_HWMP_ROOTMODE] = NLA_POLICY_MAX(NLA_U8, 4),
6932 [NL80211_MESHCONF_HWMP_RANN_INTERVAL] =
6933 NLA_POLICY_MIN(NLA_U16, 1),
6934 [NL80211_MESHCONF_GATE_ANNOUNCEMENTS] = NLA_POLICY_MAX(NLA_U8, 1),
6935 [NL80211_MESHCONF_FORWARDING] = NLA_POLICY_MAX(NLA_U8, 1),
6936 [NL80211_MESHCONF_RSSI_THRESHOLD] =
6937 NLA_POLICY_RANGE(NLA_S32, -255, 0),
6938 [NL80211_MESHCONF_HT_OPMODE] = { .type = NLA_U16 },
6939 [NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT] = { .type = NLA_U32 },
6940 [NL80211_MESHCONF_HWMP_ROOT_INTERVAL] =
6941 NLA_POLICY_MIN(NLA_U16, 1),
6942 [NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL] =
6943 NLA_POLICY_MIN(NLA_U16, 1),
6944 [NL80211_MESHCONF_POWER_MODE] =
6945 NLA_POLICY_RANGE(NLA_U32,
6946 NL80211_MESH_POWER_ACTIVE,
6947 NL80211_MESH_POWER_MAX),
6948 [NL80211_MESHCONF_AWAKE_WINDOW] = { .type = NLA_U16 },
6949 [NL80211_MESHCONF_PLINK_TIMEOUT] = { .type = NLA_U32 },
6950 [NL80211_MESHCONF_CONNECTED_TO_GATE] = NLA_POLICY_RANGE(NLA_U8, 0, 1),
6951 [NL80211_MESHCONF_NOLEARN] = NLA_POLICY_RANGE(NLA_U8, 0, 1),
6952 [NL80211_MESHCONF_CONNECTED_TO_AS] = NLA_POLICY_RANGE(NLA_U8, 0, 1),
6953 };
6954
6955 static const struct nla_policy
6956 nl80211_mesh_setup_params_policy[NL80211_MESH_SETUP_ATTR_MAX+1] = {
6957 [NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC] = { .type = NLA_U8 },
6958 [NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL] = { .type = NLA_U8 },
6959 [NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC] = { .type = NLA_U8 },
6960 [NL80211_MESH_SETUP_USERSPACE_AUTH] = { .type = NLA_FLAG },
6961 [NL80211_MESH_SETUP_AUTH_PROTOCOL] = { .type = NLA_U8 },
6962 [NL80211_MESH_SETUP_USERSPACE_MPM] = { .type = NLA_FLAG },
6963 [NL80211_MESH_SETUP_IE] =
6964 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
6965 IEEE80211_MAX_DATA_LEN),
6966 [NL80211_MESH_SETUP_USERSPACE_AMPE] = { .type = NLA_FLAG },
6967 };
6968
6969 static int nl80211_parse_mesh_config(struct genl_info *info,
6970 struct mesh_config *cfg,
6971 u32 *mask_out)
6972 {
6973 struct nlattr *tb[NL80211_MESHCONF_ATTR_MAX + 1];
6974 u32 mask = 0;
6975 u16 ht_opmode;
6976
6977 #define FILL_IN_MESH_PARAM_IF_SET(tb, cfg, param, mask, attr, fn) \
6978 do { \
6979 if (tb[attr]) { \
6980 cfg->param = fn(tb[attr]); \
6981 mask |= BIT((attr) - 1); \
6982 } \
6983 } while (0)
6984
6985 if (!info->attrs[NL80211_ATTR_MESH_CONFIG])
6986 return -EINVAL;
6987 if (nla_parse_nested_deprecated(tb, NL80211_MESHCONF_ATTR_MAX, info->attrs[NL80211_ATTR_MESH_CONFIG], nl80211_meshconf_params_policy, info->extack))
6988 return -EINVAL;
6989
6990 /* This makes sure that there aren't more than 32 mesh config
6991 * parameters (otherwise our bitfield scheme would not work.) */
6992 BUILD_BUG_ON(NL80211_MESHCONF_ATTR_MAX > 32);
6993
6994 /* Fill in the params struct */
6995 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshRetryTimeout, mask,
6996 NL80211_MESHCONF_RETRY_TIMEOUT, nla_get_u16);
6997 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConfirmTimeout, mask,
6998 NL80211_MESHCONF_CONFIRM_TIMEOUT,
6999 nla_get_u16);
7000 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHoldingTimeout, mask,
7001 NL80211_MESHCONF_HOLDING_TIMEOUT,
7002 nla_get_u16);
7003 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxPeerLinks, mask,
7004 NL80211_MESHCONF_MAX_PEER_LINKS,
7005 nla_get_u16);
7006 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxRetries, mask,
7007 NL80211_MESHCONF_MAX_RETRIES, nla_get_u8);
7008 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshTTL, mask,
7009 NL80211_MESHCONF_TTL, nla_get_u8);
7010 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, element_ttl, mask,
7011 NL80211_MESHCONF_ELEMENT_TTL, nla_get_u8);
7012 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, auto_open_plinks, mask,
7013 NL80211_MESHCONF_AUTO_OPEN_PLINKS,
7014 nla_get_u8);
7015 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshNbrOffsetMaxNeighbor,
7016 mask,
7017 NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
7018 nla_get_u32);
7019 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPmaxPREQretries, mask,
7020 NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
7021 nla_get_u8);
7022 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, path_refresh_time, mask,
7023 NL80211_MESHCONF_PATH_REFRESH_TIME,
7024 nla_get_u32);
7025 if (mask & BIT(NL80211_MESHCONF_PATH_REFRESH_TIME) &&
7026 (cfg->path_refresh_time < 1 || cfg->path_refresh_time > 65535))
7027 return -EINVAL;
7028 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, min_discovery_timeout, mask,
7029 NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
7030 nla_get_u16);
7031 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathTimeout,
7032 mask,
7033 NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
7034 nla_get_u32);
7035 if (mask & BIT(NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT) &&
7036 (cfg->dot11MeshHWMPactivePathTimeout < 1 ||
7037 cfg->dot11MeshHWMPactivePathTimeout > 65535))
7038 return -EINVAL;
7039 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPpreqMinInterval, mask,
7040 NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
7041 nla_get_u16);
7042 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPperrMinInterval, mask,
7043 NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
7044 nla_get_u16);
7045 FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
7046 dot11MeshHWMPnetDiameterTraversalTime, mask,
7047 NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
7048 nla_get_u16);
7049 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRootMode, mask,
7050 NL80211_MESHCONF_HWMP_ROOTMODE, nla_get_u8);
7051 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRannInterval, mask,
7052 NL80211_MESHCONF_HWMP_RANN_INTERVAL,
7053 nla_get_u16);
7054 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshGateAnnouncementProtocol,
7055 mask, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
7056 nla_get_u8);
7057 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshForwarding, mask,
7058 NL80211_MESHCONF_FORWARDING, nla_get_u8);
7059 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, rssi_threshold, mask,
7060 NL80211_MESHCONF_RSSI_THRESHOLD,
7061 nla_get_s32);
7062 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConnectedToMeshGate, mask,
7063 NL80211_MESHCONF_CONNECTED_TO_GATE,
7064 nla_get_u8);
7065 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConnectedToAuthServer, mask,
7066 NL80211_MESHCONF_CONNECTED_TO_AS,
7067 nla_get_u8);
7068 /*
7069 * Check HT operation mode based on
7070 * IEEE 802.11-2016 9.4.2.57 HT Operation element.
7071 */
7072 if (tb[NL80211_MESHCONF_HT_OPMODE]) {
7073 ht_opmode = nla_get_u16(tb[NL80211_MESHCONF_HT_OPMODE]);
7074
7075 if (ht_opmode & ~(IEEE80211_HT_OP_MODE_PROTECTION |
7076 IEEE80211_HT_OP_MODE_NON_GF_STA_PRSNT |
7077 IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT))
7078 return -EINVAL;
7079
7080 /* NON_HT_STA bit is reserved, but some programs set it */
7081 ht_opmode &= ~IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT;
7082
7083 cfg->ht_opmode = ht_opmode;
7084 mask |= (1 << (NL80211_MESHCONF_HT_OPMODE - 1));
7085 }
7086 FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
7087 dot11MeshHWMPactivePathToRootTimeout, mask,
7088 NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
7089 nla_get_u32);
7090 if (mask & BIT(NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT) &&
7091 (cfg->dot11MeshHWMPactivePathToRootTimeout < 1 ||
7092 cfg->dot11MeshHWMPactivePathToRootTimeout > 65535))
7093 return -EINVAL;
7094 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMProotInterval, mask,
7095 NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
7096 nla_get_u16);
7097 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPconfirmationInterval,
7098 mask,
7099 NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
7100 nla_get_u16);
7101 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, power_mode, mask,
7102 NL80211_MESHCONF_POWER_MODE, nla_get_u32);
7103 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshAwakeWindowDuration, mask,
7104 NL80211_MESHCONF_AWAKE_WINDOW, nla_get_u16);
7105 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, plink_timeout, mask,
7106 NL80211_MESHCONF_PLINK_TIMEOUT, nla_get_u32);
7107 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshNolearn, mask,
7108 NL80211_MESHCONF_NOLEARN, nla_get_u8);
7109 if (mask_out)
7110 *mask_out = mask;
7111
7112 return 0;
7113
7114 #undef FILL_IN_MESH_PARAM_IF_SET
7115 }
7116
7117 static int nl80211_parse_mesh_setup(struct genl_info *info,
7118 struct mesh_setup *setup)
7119 {
7120 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7121 struct nlattr *tb[NL80211_MESH_SETUP_ATTR_MAX + 1];
7122
7123 if (!info->attrs[NL80211_ATTR_MESH_SETUP])
7124 return -EINVAL;
7125 if (nla_parse_nested_deprecated(tb, NL80211_MESH_SETUP_ATTR_MAX, info->attrs[NL80211_ATTR_MESH_SETUP], nl80211_mesh_setup_params_policy, info->extack))
7126 return -EINVAL;
7127
7128 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])
7129 setup->sync_method =
7130 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])) ?
7131 IEEE80211_SYNC_METHOD_VENDOR :
7132 IEEE80211_SYNC_METHOD_NEIGHBOR_OFFSET;
7133
7134 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])
7135 setup->path_sel_proto =
7136 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])) ?
7137 IEEE80211_PATH_PROTOCOL_VENDOR :
7138 IEEE80211_PATH_PROTOCOL_HWMP;
7139
7140 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])
7141 setup->path_metric =
7142 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])) ?
7143 IEEE80211_PATH_METRIC_VENDOR :
7144 IEEE80211_PATH_METRIC_AIRTIME;
7145
7146 if (tb[NL80211_MESH_SETUP_IE]) {
7147 struct nlattr *ieattr =
7148 tb[NL80211_MESH_SETUP_IE];
7149 setup->ie = nla_data(ieattr);
7150 setup->ie_len = nla_len(ieattr);
7151 }
7152 if (tb[NL80211_MESH_SETUP_USERSPACE_MPM] &&
7153 !(rdev->wiphy.features & NL80211_FEATURE_USERSPACE_MPM))
7154 return -EINVAL;
7155 setup->user_mpm = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_MPM]);
7156 setup->is_authenticated = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AUTH]);
7157 setup->is_secure = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AMPE]);
7158 if (setup->is_secure)
7159 setup->user_mpm = true;
7160
7161 if (tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]) {
7162 if (!setup->user_mpm)
7163 return -EINVAL;
7164 setup->auth_id =
7165 nla_get_u8(tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]);
7166 }
7167
7168 return 0;
7169 }
7170
7171 static int nl80211_update_mesh_config(struct sk_buff *skb,
7172 struct genl_info *info)
7173 {
7174 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7175 struct net_device *dev = info->user_ptr[1];
7176 struct wireless_dev *wdev = dev->ieee80211_ptr;
7177 struct mesh_config cfg;
7178 u32 mask;
7179 int err;
7180
7181 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
7182 return -EOPNOTSUPP;
7183
7184 if (!rdev->ops->update_mesh_config)
7185 return -EOPNOTSUPP;
7186
7187 err = nl80211_parse_mesh_config(info, &cfg, &mask);
7188 if (err)
7189 return err;
7190
7191 wdev_lock(wdev);
7192 if (!wdev->mesh_id_len)
7193 err = -ENOLINK;
7194
7195 if (!err)
7196 err = rdev_update_mesh_config(rdev, dev, mask, &cfg);
7197
7198 wdev_unlock(wdev);
7199
7200 return err;
7201 }
7202
7203 static int nl80211_put_regdom(const struct ieee80211_regdomain *regdom,
7204 struct sk_buff *msg)
7205 {
7206 struct nlattr *nl_reg_rules;
7207 unsigned int i;
7208
7209 if (nla_put_string(msg, NL80211_ATTR_REG_ALPHA2, regdom->alpha2) ||
7210 (regdom->dfs_region &&
7211 nla_put_u8(msg, NL80211_ATTR_DFS_REGION, regdom->dfs_region)))
7212 goto nla_put_failure;
7213
7214 nl_reg_rules = nla_nest_start_noflag(msg, NL80211_ATTR_REG_RULES);
7215 if (!nl_reg_rules)
7216 goto nla_put_failure;
7217
7218 for (i = 0; i < regdom->n_reg_rules; i++) {
7219 struct nlattr *nl_reg_rule;
7220 const struct ieee80211_reg_rule *reg_rule;
7221 const struct ieee80211_freq_range *freq_range;
7222 const struct ieee80211_power_rule *power_rule;
7223 unsigned int max_bandwidth_khz;
7224
7225 reg_rule = &regdom->reg_rules[i];
7226 freq_range = &reg_rule->freq_range;
7227 power_rule = &reg_rule->power_rule;
7228
7229 nl_reg_rule = nla_nest_start_noflag(msg, i);
7230 if (!nl_reg_rule)
7231 goto nla_put_failure;
7232
7233 max_bandwidth_khz = freq_range->max_bandwidth_khz;
7234 if (!max_bandwidth_khz)
7235 max_bandwidth_khz = reg_get_max_bandwidth(regdom,
7236 reg_rule);
7237
7238 if (nla_put_u32(msg, NL80211_ATTR_REG_RULE_FLAGS,
7239 reg_rule->flags) ||
7240 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_START,
7241 freq_range->start_freq_khz) ||
7242 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_END,
7243 freq_range->end_freq_khz) ||
7244 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_MAX_BW,
7245 max_bandwidth_khz) ||
7246 nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN,
7247 power_rule->max_antenna_gain) ||
7248 nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_EIRP,
7249 power_rule->max_eirp) ||
7250 nla_put_u32(msg, NL80211_ATTR_DFS_CAC_TIME,
7251 reg_rule->dfs_cac_ms))
7252 goto nla_put_failure;
7253
7254 nla_nest_end(msg, nl_reg_rule);
7255 }
7256
7257 nla_nest_end(msg, nl_reg_rules);
7258 return 0;
7259
7260 nla_put_failure:
7261 return -EMSGSIZE;
7262 }
7263
7264 static int nl80211_get_reg_do(struct sk_buff *skb, struct genl_info *info)
7265 {
7266 const struct ieee80211_regdomain *regdom = NULL;
7267 struct cfg80211_registered_device *rdev;
7268 struct wiphy *wiphy = NULL;
7269 struct sk_buff *msg;
7270 void *hdr;
7271
7272 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
7273 if (!msg)
7274 return -ENOBUFS;
7275
7276 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
7277 NL80211_CMD_GET_REG);
7278 if (!hdr)
7279 goto put_failure;
7280
7281 if (info->attrs[NL80211_ATTR_WIPHY]) {
7282 bool self_managed;
7283
7284 rdev = cfg80211_get_dev_from_info(genl_info_net(info), info);
7285 if (IS_ERR(rdev)) {
7286 nlmsg_free(msg);
7287 return PTR_ERR(rdev);
7288 }
7289
7290 wiphy = &rdev->wiphy;
7291 self_managed = wiphy->regulatory_flags &
7292 REGULATORY_WIPHY_SELF_MANAGED;
7293 regdom = get_wiphy_regdom(wiphy);
7294
7295 /* a self-managed-reg device must have a private regdom */
7296 if (WARN_ON(!regdom && self_managed)) {
7297 nlmsg_free(msg);
7298 return -EINVAL;
7299 }
7300
7301 if (regdom &&
7302 nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
7303 goto nla_put_failure;
7304 }
7305
7306 if (!wiphy && reg_last_request_cell_base() &&
7307 nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE,
7308 NL80211_USER_REG_HINT_CELL_BASE))
7309 goto nla_put_failure;
7310
7311 rcu_read_lock();
7312
7313 if (!regdom)
7314 regdom = rcu_dereference(cfg80211_regdomain);
7315
7316 if (nl80211_put_regdom(regdom, msg))
7317 goto nla_put_failure_rcu;
7318
7319 rcu_read_unlock();
7320
7321 genlmsg_end(msg, hdr);
7322 return genlmsg_reply(msg, info);
7323
7324 nla_put_failure_rcu:
7325 rcu_read_unlock();
7326 nla_put_failure:
7327 put_failure:
7328 nlmsg_free(msg);
7329 return -EMSGSIZE;
7330 }
7331
7332 static int nl80211_send_regdom(struct sk_buff *msg, struct netlink_callback *cb,
7333 u32 seq, int flags, struct wiphy *wiphy,
7334 const struct ieee80211_regdomain *regdom)
7335 {
7336 void *hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags,
7337 NL80211_CMD_GET_REG);
7338
7339 if (!hdr)
7340 return -1;
7341
7342 genl_dump_check_consistent(cb, hdr);
7343
7344 if (nl80211_put_regdom(regdom, msg))
7345 goto nla_put_failure;
7346
7347 if (!wiphy && reg_last_request_cell_base() &&
7348 nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE,
7349 NL80211_USER_REG_HINT_CELL_BASE))
7350 goto nla_put_failure;
7351
7352 if (wiphy &&
7353 nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
7354 goto nla_put_failure;
7355
7356 if (wiphy && wiphy->regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
7357 nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
7358 goto nla_put_failure;
7359
7360 genlmsg_end(msg, hdr);
7361 return 0;
7362
7363 nla_put_failure:
7364 genlmsg_cancel(msg, hdr);
7365 return -EMSGSIZE;
7366 }
7367
7368 static int nl80211_get_reg_dump(struct sk_buff *skb,
7369 struct netlink_callback *cb)
7370 {
7371 const struct ieee80211_regdomain *regdom = NULL;
7372 struct cfg80211_registered_device *rdev;
7373 int err, reg_idx, start = cb->args[2];
7374
7375 rtnl_lock();
7376
7377 if (cfg80211_regdomain && start == 0) {
7378 err = nl80211_send_regdom(skb, cb, cb->nlh->nlmsg_seq,
7379 NLM_F_MULTI, NULL,
7380 rtnl_dereference(cfg80211_regdomain));
7381 if (err < 0)
7382 goto out_err;
7383 }
7384
7385 /* the global regdom is idx 0 */
7386 reg_idx = 1;
7387 list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
7388 regdom = get_wiphy_regdom(&rdev->wiphy);
7389 if (!regdom)
7390 continue;
7391
7392 if (++reg_idx <= start)
7393 continue;
7394
7395 err = nl80211_send_regdom(skb, cb, cb->nlh->nlmsg_seq,
7396 NLM_F_MULTI, &rdev->wiphy, regdom);
7397 if (err < 0) {
7398 reg_idx--;
7399 break;
7400 }
7401 }
7402
7403 cb->args[2] = reg_idx;
7404 err = skb->len;
7405 out_err:
7406 rtnl_unlock();
7407 return err;
7408 }
7409
7410 #ifdef CONFIG_CFG80211_CRDA_SUPPORT
7411 static const struct nla_policy reg_rule_policy[NL80211_REG_RULE_ATTR_MAX + 1] = {
7412 [NL80211_ATTR_REG_RULE_FLAGS] = { .type = NLA_U32 },
7413 [NL80211_ATTR_FREQ_RANGE_START] = { .type = NLA_U32 },
7414 [NL80211_ATTR_FREQ_RANGE_END] = { .type = NLA_U32 },
7415 [NL80211_ATTR_FREQ_RANGE_MAX_BW] = { .type = NLA_U32 },
7416 [NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN] = { .type = NLA_U32 },
7417 [NL80211_ATTR_POWER_RULE_MAX_EIRP] = { .type = NLA_U32 },
7418 [NL80211_ATTR_DFS_CAC_TIME] = { .type = NLA_U32 },
7419 };
7420
7421 static int parse_reg_rule(struct nlattr *tb[],
7422 struct ieee80211_reg_rule *reg_rule)
7423 {
7424 struct ieee80211_freq_range *freq_range = &reg_rule->freq_range;
7425 struct ieee80211_power_rule *power_rule = &reg_rule->power_rule;
7426
7427 if (!tb[NL80211_ATTR_REG_RULE_FLAGS])
7428 return -EINVAL;
7429 if (!tb[NL80211_ATTR_FREQ_RANGE_START])
7430 return -EINVAL;
7431 if (!tb[NL80211_ATTR_FREQ_RANGE_END])
7432 return -EINVAL;
7433 if (!tb[NL80211_ATTR_FREQ_RANGE_MAX_BW])
7434 return -EINVAL;
7435 if (!tb[NL80211_ATTR_POWER_RULE_MAX_EIRP])
7436 return -EINVAL;
7437
7438 reg_rule->flags = nla_get_u32(tb[NL80211_ATTR_REG_RULE_FLAGS]);
7439
7440 freq_range->start_freq_khz =
7441 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]);
7442 freq_range->end_freq_khz =
7443 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]);
7444 freq_range->max_bandwidth_khz =
7445 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]);
7446
7447 power_rule->max_eirp =
7448 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]);
7449
7450 if (tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN])
7451 power_rule->max_antenna_gain =
7452 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]);
7453
7454 if (tb[NL80211_ATTR_DFS_CAC_TIME])
7455 reg_rule->dfs_cac_ms =
7456 nla_get_u32(tb[NL80211_ATTR_DFS_CAC_TIME]);
7457
7458 return 0;
7459 }
7460
7461 static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info)
7462 {
7463 struct nlattr *tb[NL80211_REG_RULE_ATTR_MAX + 1];
7464 struct nlattr *nl_reg_rule;
7465 char *alpha2;
7466 int rem_reg_rules, r;
7467 u32 num_rules = 0, rule_idx = 0;
7468 enum nl80211_dfs_regions dfs_region = NL80211_DFS_UNSET;
7469 struct ieee80211_regdomain *rd;
7470
7471 if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
7472 return -EINVAL;
7473
7474 if (!info->attrs[NL80211_ATTR_REG_RULES])
7475 return -EINVAL;
7476
7477 alpha2 = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
7478
7479 if (info->attrs[NL80211_ATTR_DFS_REGION])
7480 dfs_region = nla_get_u8(info->attrs[NL80211_ATTR_DFS_REGION]);
7481
7482 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
7483 rem_reg_rules) {
7484 num_rules++;
7485 if (num_rules > NL80211_MAX_SUPP_REG_RULES)
7486 return -EINVAL;
7487 }
7488
7489 if (!reg_is_valid_request(alpha2))
7490 return -EINVAL;
7491
7492 rd = kzalloc(struct_size(rd, reg_rules, num_rules), GFP_KERNEL);
7493 if (!rd)
7494 return -ENOMEM;
7495
7496 rd->n_reg_rules = num_rules;
7497 rd->alpha2[0] = alpha2[0];
7498 rd->alpha2[1] = alpha2[1];
7499
7500 /*
7501 * Disable DFS master mode if the DFS region was
7502 * not supported or known on this kernel.
7503 */
7504 if (reg_supported_dfs_region(dfs_region))
7505 rd->dfs_region = dfs_region;
7506
7507 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
7508 rem_reg_rules) {
7509 r = nla_parse_nested_deprecated(tb, NL80211_REG_RULE_ATTR_MAX,
7510 nl_reg_rule, reg_rule_policy,
7511 info->extack);
7512 if (r)
7513 goto bad_reg;
7514 r = parse_reg_rule(tb, &rd->reg_rules[rule_idx]);
7515 if (r)
7516 goto bad_reg;
7517
7518 rule_idx++;
7519
7520 if (rule_idx > NL80211_MAX_SUPP_REG_RULES) {
7521 r = -EINVAL;
7522 goto bad_reg;
7523 }
7524 }
7525
7526 /* set_regdom takes ownership of rd */
7527 return set_regdom(rd, REGD_SOURCE_CRDA);
7528 bad_reg:
7529 kfree(rd);
7530 return r;
7531 }
7532 #endif /* CONFIG_CFG80211_CRDA_SUPPORT */
7533
7534 static int validate_scan_freqs(struct nlattr *freqs)
7535 {
7536 struct nlattr *attr1, *attr2;
7537 int n_channels = 0, tmp1, tmp2;
7538
7539 nla_for_each_nested(attr1, freqs, tmp1)
7540 if (nla_len(attr1) != sizeof(u32))
7541 return 0;
7542
7543 nla_for_each_nested(attr1, freqs, tmp1) {
7544 n_channels++;
7545 /*
7546 * Some hardware has a limited channel list for
7547 * scanning, and it is pretty much nonsensical
7548 * to scan for a channel twice, so disallow that
7549 * and don't require drivers to check that the
7550 * channel list they get isn't longer than what
7551 * they can scan, as long as they can scan all
7552 * the channels they registered at once.
7553 */
7554 nla_for_each_nested(attr2, freqs, tmp2)
7555 if (attr1 != attr2 &&
7556 nla_get_u32(attr1) == nla_get_u32(attr2))
7557 return 0;
7558 }
7559
7560 return n_channels;
7561 }
7562
7563 static bool is_band_valid(struct wiphy *wiphy, enum nl80211_band b)
7564 {
7565 return b < NUM_NL80211_BANDS && wiphy->bands[b];
7566 }
7567
7568 static int parse_bss_select(struct nlattr *nla, struct wiphy *wiphy,
7569 struct cfg80211_bss_selection *bss_select)
7570 {
7571 struct nlattr *attr[NL80211_BSS_SELECT_ATTR_MAX + 1];
7572 struct nlattr *nest;
7573 int err;
7574 bool found = false;
7575 int i;
7576
7577 /* only process one nested attribute */
7578 nest = nla_data(nla);
7579 if (!nla_ok(nest, nla_len(nest)))
7580 return -EINVAL;
7581
7582 err = nla_parse_nested_deprecated(attr, NL80211_BSS_SELECT_ATTR_MAX,
7583 nest, nl80211_bss_select_policy,
7584 NULL);
7585 if (err)
7586 return err;
7587
7588 /* only one attribute may be given */
7589 for (i = 0; i <= NL80211_BSS_SELECT_ATTR_MAX; i++) {
7590 if (attr[i]) {
7591 if (found)
7592 return -EINVAL;
7593 found = true;
7594 }
7595 }
7596
7597 bss_select->behaviour = __NL80211_BSS_SELECT_ATTR_INVALID;
7598
7599 if (attr[NL80211_BSS_SELECT_ATTR_RSSI])
7600 bss_select->behaviour = NL80211_BSS_SELECT_ATTR_RSSI;
7601
7602 if (attr[NL80211_BSS_SELECT_ATTR_BAND_PREF]) {
7603 bss_select->behaviour = NL80211_BSS_SELECT_ATTR_BAND_PREF;
7604 bss_select->param.band_pref =
7605 nla_get_u32(attr[NL80211_BSS_SELECT_ATTR_BAND_PREF]);
7606 if (!is_band_valid(wiphy, bss_select->param.band_pref))
7607 return -EINVAL;
7608 }
7609
7610 if (attr[NL80211_BSS_SELECT_ATTR_RSSI_ADJUST]) {
7611 struct nl80211_bss_select_rssi_adjust *adj_param;
7612
7613 adj_param = nla_data(attr[NL80211_BSS_SELECT_ATTR_RSSI_ADJUST]);
7614 bss_select->behaviour = NL80211_BSS_SELECT_ATTR_RSSI_ADJUST;
7615 bss_select->param.adjust.band = adj_param->band;
7616 bss_select->param.adjust.delta = adj_param->delta;
7617 if (!is_band_valid(wiphy, bss_select->param.adjust.band))
7618 return -EINVAL;
7619 }
7620
7621 /* user-space did not provide behaviour attribute */
7622 if (bss_select->behaviour == __NL80211_BSS_SELECT_ATTR_INVALID)
7623 return -EINVAL;
7624
7625 if (!(wiphy->bss_select_support & BIT(bss_select->behaviour)))
7626 return -EINVAL;
7627
7628 return 0;
7629 }
7630
7631 int nl80211_parse_random_mac(struct nlattr **attrs,
7632 u8 *mac_addr, u8 *mac_addr_mask)
7633 {
7634 int i;
7635
7636 if (!attrs[NL80211_ATTR_MAC] && !attrs[NL80211_ATTR_MAC_MASK]) {
7637 eth_zero_addr(mac_addr);
7638 eth_zero_addr(mac_addr_mask);
7639 mac_addr[0] = 0x2;
7640 mac_addr_mask[0] = 0x3;
7641
7642 return 0;
7643 }
7644
7645 /* need both or none */
7646 if (!attrs[NL80211_ATTR_MAC] || !attrs[NL80211_ATTR_MAC_MASK])
7647 return -EINVAL;
7648
7649 memcpy(mac_addr, nla_data(attrs[NL80211_ATTR_MAC]), ETH_ALEN);
7650 memcpy(mac_addr_mask, nla_data(attrs[NL80211_ATTR_MAC_MASK]), ETH_ALEN);
7651
7652 /* don't allow or configure an mcast address */
7653 if (!is_multicast_ether_addr(mac_addr_mask) ||
7654 is_multicast_ether_addr(mac_addr))
7655 return -EINVAL;
7656
7657 /*
7658 * allow users to pass a MAC address that has bits set outside
7659 * of the mask, but don't bother drivers with having to deal
7660 * with such bits
7661 */
7662 for (i = 0; i < ETH_ALEN; i++)
7663 mac_addr[i] &= mac_addr_mask[i];
7664
7665 return 0;
7666 }
7667
7668 static bool cfg80211_off_channel_oper_allowed(struct wireless_dev *wdev)
7669 {
7670 ASSERT_WDEV_LOCK(wdev);
7671
7672 if (!cfg80211_beaconing_iface_active(wdev))
7673 return true;
7674
7675 if (!(wdev->chandef.chan->flags & IEEE80211_CHAN_RADAR))
7676 return true;
7677
7678 return regulatory_pre_cac_allowed(wdev->wiphy);
7679 }
7680
7681 static bool nl80211_check_scan_feat(struct wiphy *wiphy, u32 flags, u32 flag,
7682 enum nl80211_ext_feature_index feat)
7683 {
7684 if (!(flags & flag))
7685 return true;
7686 if (wiphy_ext_feature_isset(wiphy, feat))
7687 return true;
7688 return false;
7689 }
7690
7691 static int
7692 nl80211_check_scan_flags(struct wiphy *wiphy, struct wireless_dev *wdev,
7693 void *request, struct nlattr **attrs,
7694 bool is_sched_scan)
7695 {
7696 u8 *mac_addr, *mac_addr_mask;
7697 u32 *flags;
7698 enum nl80211_feature_flags randomness_flag;
7699
7700 if (!attrs[NL80211_ATTR_SCAN_FLAGS])
7701 return 0;
7702
7703 if (is_sched_scan) {
7704 struct cfg80211_sched_scan_request *req = request;
7705
7706 randomness_flag = wdev ?
7707 NL80211_FEATURE_SCHED_SCAN_RANDOM_MAC_ADDR :
7708 NL80211_FEATURE_ND_RANDOM_MAC_ADDR;
7709 flags = &req->flags;
7710 mac_addr = req->mac_addr;
7711 mac_addr_mask = req->mac_addr_mask;
7712 } else {
7713 struct cfg80211_scan_request *req = request;
7714
7715 randomness_flag = NL80211_FEATURE_SCAN_RANDOM_MAC_ADDR;
7716 flags = &req->flags;
7717 mac_addr = req->mac_addr;
7718 mac_addr_mask = req->mac_addr_mask;
7719 }
7720
7721 *flags = nla_get_u32(attrs[NL80211_ATTR_SCAN_FLAGS]);
7722
7723 if (((*flags & NL80211_SCAN_FLAG_LOW_PRIORITY) &&
7724 !(wiphy->features & NL80211_FEATURE_LOW_PRIORITY_SCAN)) ||
7725 !nl80211_check_scan_feat(wiphy, *flags,
7726 NL80211_SCAN_FLAG_LOW_SPAN,
7727 NL80211_EXT_FEATURE_LOW_SPAN_SCAN) ||
7728 !nl80211_check_scan_feat(wiphy, *flags,
7729 NL80211_SCAN_FLAG_LOW_POWER,
7730 NL80211_EXT_FEATURE_LOW_POWER_SCAN) ||
7731 !nl80211_check_scan_feat(wiphy, *flags,
7732 NL80211_SCAN_FLAG_HIGH_ACCURACY,
7733 NL80211_EXT_FEATURE_HIGH_ACCURACY_SCAN) ||
7734 !nl80211_check_scan_feat(wiphy, *flags,
7735 NL80211_SCAN_FLAG_FILS_MAX_CHANNEL_TIME,
7736 NL80211_EXT_FEATURE_FILS_MAX_CHANNEL_TIME) ||
7737 !nl80211_check_scan_feat(wiphy, *flags,
7738 NL80211_SCAN_FLAG_ACCEPT_BCAST_PROBE_RESP,
7739 NL80211_EXT_FEATURE_ACCEPT_BCAST_PROBE_RESP) ||
7740 !nl80211_check_scan_feat(wiphy, *flags,
7741 NL80211_SCAN_FLAG_OCE_PROBE_REQ_DEFERRAL_SUPPRESSION,
7742 NL80211_EXT_FEATURE_OCE_PROBE_REQ_DEFERRAL_SUPPRESSION) ||
7743 !nl80211_check_scan_feat(wiphy, *flags,
7744 NL80211_SCAN_FLAG_OCE_PROBE_REQ_HIGH_TX_RATE,
7745 NL80211_EXT_FEATURE_OCE_PROBE_REQ_HIGH_TX_RATE) ||
7746 !nl80211_check_scan_feat(wiphy, *flags,
7747 NL80211_SCAN_FLAG_RANDOM_SN,
7748 NL80211_EXT_FEATURE_SCAN_RANDOM_SN) ||
7749 !nl80211_check_scan_feat(wiphy, *flags,
7750 NL80211_SCAN_FLAG_MIN_PREQ_CONTENT,
7751 NL80211_EXT_FEATURE_SCAN_MIN_PREQ_CONTENT))
7752 return -EOPNOTSUPP;
7753
7754 if (*flags & NL80211_SCAN_FLAG_RANDOM_ADDR) {
7755 int err;
7756
7757 if (!(wiphy->features & randomness_flag) ||
7758 (wdev && wdev->current_bss))
7759 return -EOPNOTSUPP;
7760
7761 err = nl80211_parse_random_mac(attrs, mac_addr, mac_addr_mask);
7762 if (err)
7763 return err;
7764 }
7765
7766 return 0;
7767 }
7768
7769 static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info)
7770 {
7771 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7772 struct wireless_dev *wdev = info->user_ptr[1];
7773 struct cfg80211_scan_request *request;
7774 struct nlattr *scan_freqs = NULL;
7775 bool scan_freqs_khz = false;
7776 struct nlattr *attr;
7777 struct wiphy *wiphy;
7778 int err, tmp, n_ssids = 0, n_channels, i;
7779 size_t ie_len;
7780
7781 wiphy = &rdev->wiphy;
7782
7783 if (wdev->iftype == NL80211_IFTYPE_NAN)
7784 return -EOPNOTSUPP;
7785
7786 if (!rdev->ops->scan)
7787 return -EOPNOTSUPP;
7788
7789 if (rdev->scan_req || rdev->scan_msg)
7790 return -EBUSY;
7791
7792 if (info->attrs[NL80211_ATTR_SCAN_FREQ_KHZ]) {
7793 if (!wiphy_ext_feature_isset(wiphy,
7794 NL80211_EXT_FEATURE_SCAN_FREQ_KHZ))
7795 return -EOPNOTSUPP;
7796 scan_freqs = info->attrs[NL80211_ATTR_SCAN_FREQ_KHZ];
7797 scan_freqs_khz = true;
7798 } else if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES])
7799 scan_freqs = info->attrs[NL80211_ATTR_SCAN_FREQUENCIES];
7800
7801 if (scan_freqs) {
7802 n_channels = validate_scan_freqs(scan_freqs);
7803 if (!n_channels)
7804 return -EINVAL;
7805 } else {
7806 n_channels = ieee80211_get_num_supported_channels(wiphy);
7807 }
7808
7809 if (info->attrs[NL80211_ATTR_SCAN_SSIDS])
7810 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp)
7811 n_ssids++;
7812
7813 if (n_ssids > wiphy->max_scan_ssids)
7814 return -EINVAL;
7815
7816 if (info->attrs[NL80211_ATTR_IE])
7817 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
7818 else
7819 ie_len = 0;
7820
7821 if (ie_len > wiphy->max_scan_ie_len)
7822 return -EINVAL;
7823
7824 request = kzalloc(sizeof(*request)
7825 + sizeof(*request->ssids) * n_ssids
7826 + sizeof(*request->channels) * n_channels
7827 + ie_len, GFP_KERNEL);
7828 if (!request)
7829 return -ENOMEM;
7830
7831 if (n_ssids)
7832 request->ssids = (void *)&request->channels[n_channels];
7833 request->n_ssids = n_ssids;
7834 if (ie_len) {
7835 if (n_ssids)
7836 request->ie = (void *)(request->ssids + n_ssids);
7837 else
7838 request->ie = (void *)(request->channels + n_channels);
7839 }
7840
7841 i = 0;
7842 if (scan_freqs) {
7843 /* user specified, bail out if channel not found */
7844 nla_for_each_nested(attr, scan_freqs, tmp) {
7845 struct ieee80211_channel *chan;
7846 int freq = nla_get_u32(attr);
7847
7848 if (!scan_freqs_khz)
7849 freq = MHZ_TO_KHZ(freq);
7850
7851 chan = ieee80211_get_channel_khz(wiphy, freq);
7852 if (!chan) {
7853 err = -EINVAL;
7854 goto out_free;
7855 }
7856
7857 /* ignore disabled channels */
7858 if (chan->flags & IEEE80211_CHAN_DISABLED)
7859 continue;
7860
7861 request->channels[i] = chan;
7862 i++;
7863 }
7864 } else {
7865 enum nl80211_band band;
7866
7867 /* all channels */
7868 for (band = 0; band < NUM_NL80211_BANDS; band++) {
7869 int j;
7870
7871 if (!wiphy->bands[band])
7872 continue;
7873 for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
7874 struct ieee80211_channel *chan;
7875
7876 chan = &wiphy->bands[band]->channels[j];
7877
7878 if (chan->flags & IEEE80211_CHAN_DISABLED)
7879 continue;
7880
7881 request->channels[i] = chan;
7882 i++;
7883 }
7884 }
7885 }
7886
7887 if (!i) {
7888 err = -EINVAL;
7889 goto out_free;
7890 }
7891
7892 request->n_channels = i;
7893
7894 wdev_lock(wdev);
7895 if (!cfg80211_off_channel_oper_allowed(wdev)) {
7896 struct ieee80211_channel *chan;
7897
7898 if (request->n_channels != 1) {
7899 wdev_unlock(wdev);
7900 err = -EBUSY;
7901 goto out_free;
7902 }
7903
7904 chan = request->channels[0];
7905 if (chan->center_freq != wdev->chandef.chan->center_freq) {
7906 wdev_unlock(wdev);
7907 err = -EBUSY;
7908 goto out_free;
7909 }
7910 }
7911 wdev_unlock(wdev);
7912
7913 i = 0;
7914 if (n_ssids) {
7915 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) {
7916 if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
7917 err = -EINVAL;
7918 goto out_free;
7919 }
7920 request->ssids[i].ssid_len = nla_len(attr);
7921 memcpy(request->ssids[i].ssid, nla_data(attr), nla_len(attr));
7922 i++;
7923 }
7924 }
7925
7926 if (info->attrs[NL80211_ATTR_IE]) {
7927 request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
7928 memcpy((void *)request->ie,
7929 nla_data(info->attrs[NL80211_ATTR_IE]),
7930 request->ie_len);
7931 }
7932
7933 for (i = 0; i < NUM_NL80211_BANDS; i++)
7934 if (wiphy->bands[i])
7935 request->rates[i] =
7936 (1 << wiphy->bands[i]->n_bitrates) - 1;
7937
7938 if (info->attrs[NL80211_ATTR_SCAN_SUPP_RATES]) {
7939 nla_for_each_nested(attr,
7940 info->attrs[NL80211_ATTR_SCAN_SUPP_RATES],
7941 tmp) {
7942 enum nl80211_band band = nla_type(attr);
7943
7944 if (band < 0 || band >= NUM_NL80211_BANDS) {
7945 err = -EINVAL;
7946 goto out_free;
7947 }
7948
7949 if (!wiphy->bands[band])
7950 continue;
7951
7952 err = ieee80211_get_ratemask(wiphy->bands[band],
7953 nla_data(attr),
7954 nla_len(attr),
7955 &request->rates[band]);
7956 if (err)
7957 goto out_free;
7958 }
7959 }
7960
7961 if (info->attrs[NL80211_ATTR_MEASUREMENT_DURATION]) {
7962 if (!wiphy_ext_feature_isset(wiphy,
7963 NL80211_EXT_FEATURE_SET_SCAN_DWELL)) {
7964 err = -EOPNOTSUPP;
7965 goto out_free;
7966 }
7967
7968 request->duration =
7969 nla_get_u16(info->attrs[NL80211_ATTR_MEASUREMENT_DURATION]);
7970 request->duration_mandatory =
7971 nla_get_flag(info->attrs[NL80211_ATTR_MEASUREMENT_DURATION_MANDATORY]);
7972 }
7973
7974 err = nl80211_check_scan_flags(wiphy, wdev, request, info->attrs,
7975 false);
7976 if (err)
7977 goto out_free;
7978
7979 request->no_cck =
7980 nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
7981
7982 /* Initial implementation used NL80211_ATTR_MAC to set the specific
7983 * BSSID to scan for. This was problematic because that same attribute
7984 * was already used for another purpose (local random MAC address). The
7985 * NL80211_ATTR_BSSID attribute was added to fix this. For backwards
7986 * compatibility with older userspace components, also use the
7987 * NL80211_ATTR_MAC value here if it can be determined to be used for
7988 * the specific BSSID use case instead of the random MAC address
7989 * (NL80211_ATTR_SCAN_FLAGS is used to enable random MAC address use).
7990 */
7991 if (info->attrs[NL80211_ATTR_BSSID])
7992 memcpy(request->bssid,
7993 nla_data(info->attrs[NL80211_ATTR_BSSID]), ETH_ALEN);
7994 else if (!(request->flags & NL80211_SCAN_FLAG_RANDOM_ADDR) &&
7995 info->attrs[NL80211_ATTR_MAC])
7996 memcpy(request->bssid, nla_data(info->attrs[NL80211_ATTR_MAC]),
7997 ETH_ALEN);
7998 else
7999 eth_broadcast_addr(request->bssid);
8000
8001 request->wdev = wdev;
8002 request->wiphy = &rdev->wiphy;
8003 request->scan_start = jiffies;
8004
8005 rdev->scan_req = request;
8006 err = rdev_scan(rdev, request);
8007
8008 if (err)
8009 goto out_free;
8010
8011 nl80211_send_scan_start(rdev, wdev);
8012 if (wdev->netdev)
8013 dev_hold(wdev->netdev);
8014
8015 return 0;
8016
8017 out_free:
8018 rdev->scan_req = NULL;
8019 kfree(request);
8020
8021 return err;
8022 }
8023
8024 static int nl80211_abort_scan(struct sk_buff *skb, struct genl_info *info)
8025 {
8026 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8027 struct wireless_dev *wdev = info->user_ptr[1];
8028
8029 if (!rdev->ops->abort_scan)
8030 return -EOPNOTSUPP;
8031
8032 if (rdev->scan_msg)
8033 return 0;
8034
8035 if (!rdev->scan_req)
8036 return -ENOENT;
8037
8038 rdev_abort_scan(rdev, wdev);
8039 return 0;
8040 }
8041
8042 static int
8043 nl80211_parse_sched_scan_plans(struct wiphy *wiphy, int n_plans,
8044 struct cfg80211_sched_scan_request *request,
8045 struct nlattr **attrs)
8046 {
8047 int tmp, err, i = 0;
8048 struct nlattr *attr;
8049
8050 if (!attrs[NL80211_ATTR_SCHED_SCAN_PLANS]) {
8051 u32 interval;
8052
8053 /*
8054 * If scan plans are not specified,
8055 * %NL80211_ATTR_SCHED_SCAN_INTERVAL will be specified. In this
8056 * case one scan plan will be set with the specified scan
8057 * interval and infinite number of iterations.
8058 */
8059 interval = nla_get_u32(attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]);
8060 if (!interval)
8061 return -EINVAL;
8062
8063 request->scan_plans[0].interval =
8064 DIV_ROUND_UP(interval, MSEC_PER_SEC);
8065 if (!request->scan_plans[0].interval)
8066 return -EINVAL;
8067
8068 if (request->scan_plans[0].interval >
8069 wiphy->max_sched_scan_plan_interval)
8070 request->scan_plans[0].interval =
8071 wiphy->max_sched_scan_plan_interval;
8072
8073 return 0;
8074 }
8075
8076 nla_for_each_nested(attr, attrs[NL80211_ATTR_SCHED_SCAN_PLANS], tmp) {
8077 struct nlattr *plan[NL80211_SCHED_SCAN_PLAN_MAX + 1];
8078
8079 if (WARN_ON(i >= n_plans))
8080 return -EINVAL;
8081
8082 err = nla_parse_nested_deprecated(plan,
8083 NL80211_SCHED_SCAN_PLAN_MAX,
8084 attr, nl80211_plan_policy,
8085 NULL);
8086 if (err)
8087 return err;
8088
8089 if (!plan[NL80211_SCHED_SCAN_PLAN_INTERVAL])
8090 return -EINVAL;
8091
8092 request->scan_plans[i].interval =
8093 nla_get_u32(plan[NL80211_SCHED_SCAN_PLAN_INTERVAL]);
8094 if (!request->scan_plans[i].interval ||
8095 request->scan_plans[i].interval >
8096 wiphy->max_sched_scan_plan_interval)
8097 return -EINVAL;
8098
8099 if (plan[NL80211_SCHED_SCAN_PLAN_ITERATIONS]) {
8100 request->scan_plans[i].iterations =
8101 nla_get_u32(plan[NL80211_SCHED_SCAN_PLAN_ITERATIONS]);
8102 if (!request->scan_plans[i].iterations ||
8103 (request->scan_plans[i].iterations >
8104 wiphy->max_sched_scan_plan_iterations))
8105 return -EINVAL;
8106 } else if (i < n_plans - 1) {
8107 /*
8108 * All scan plans but the last one must specify
8109 * a finite number of iterations
8110 */
8111 return -EINVAL;
8112 }
8113
8114 i++;
8115 }
8116
8117 /*
8118 * The last scan plan must not specify the number of
8119 * iterations, it is supposed to run infinitely
8120 */
8121 if (request->scan_plans[n_plans - 1].iterations)
8122 return -EINVAL;
8123
8124 return 0;
8125 }
8126
8127 static int
8128 nl80211_parse_sched_scan_per_band_rssi(struct wiphy *wiphy,
8129 struct cfg80211_match_set *match_sets,
8130 struct nlattr *tb_band_rssi,
8131 s32 rssi_thold)
8132 {
8133 struct nlattr *attr;
8134 int i, tmp, ret = 0;
8135
8136 if (!wiphy_ext_feature_isset(wiphy,
8137 NL80211_EXT_FEATURE_SCHED_SCAN_BAND_SPECIFIC_RSSI_THOLD)) {
8138 if (tb_band_rssi)
8139 ret = -EOPNOTSUPP;
8140 else
8141 for (i = 0; i < NUM_NL80211_BANDS; i++)
8142 match_sets->per_band_rssi_thold[i] =
8143 NL80211_SCAN_RSSI_THOLD_OFF;
8144 return ret;
8145 }
8146
8147 for (i = 0; i < NUM_NL80211_BANDS; i++)
8148 match_sets->per_band_rssi_thold[i] = rssi_thold;
8149
8150 nla_for_each_nested(attr, tb_band_rssi, tmp) {
8151 enum nl80211_band band = nla_type(attr);
8152
8153 if (band < 0 || band >= NUM_NL80211_BANDS)
8154 return -EINVAL;
8155
8156 match_sets->per_band_rssi_thold[band] = nla_get_s32(attr);
8157 }
8158
8159 return 0;
8160 }
8161
8162 static struct cfg80211_sched_scan_request *
8163 nl80211_parse_sched_scan(struct wiphy *wiphy, struct wireless_dev *wdev,
8164 struct nlattr **attrs, int max_match_sets)
8165 {
8166 struct cfg80211_sched_scan_request *request;
8167 struct nlattr *attr;
8168 int err, tmp, n_ssids = 0, n_match_sets = 0, n_channels, i, n_plans = 0;
8169 enum nl80211_band band;
8170 size_t ie_len;
8171 struct nlattr *tb[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1];
8172 s32 default_match_rssi = NL80211_SCAN_RSSI_THOLD_OFF;
8173
8174 if (attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
8175 n_channels = validate_scan_freqs(
8176 attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
8177 if (!n_channels)
8178 return ERR_PTR(-EINVAL);
8179 } else {
8180 n_channels = ieee80211_get_num_supported_channels(wiphy);
8181 }
8182
8183 if (attrs[NL80211_ATTR_SCAN_SSIDS])
8184 nla_for_each_nested(attr, attrs[NL80211_ATTR_SCAN_SSIDS],
8185 tmp)
8186 n_ssids++;
8187
8188 if (n_ssids > wiphy->max_sched_scan_ssids)
8189 return ERR_PTR(-EINVAL);
8190
8191 /*
8192 * First, count the number of 'real' matchsets. Due to an issue with
8193 * the old implementation, matchsets containing only the RSSI attribute
8194 * (NL80211_SCHED_SCAN_MATCH_ATTR_RSSI) are considered as the 'default'
8195 * RSSI for all matchsets, rather than their own matchset for reporting
8196 * all APs with a strong RSSI. This is needed to be compatible with
8197 * older userspace that treated a matchset with only the RSSI as the
8198 * global RSSI for all other matchsets - if there are other matchsets.
8199 */
8200 if (attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
8201 nla_for_each_nested(attr,
8202 attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
8203 tmp) {
8204 struct nlattr *rssi;
8205
8206 err = nla_parse_nested_deprecated(tb,
8207 NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
8208 attr,
8209 nl80211_match_policy,
8210 NULL);
8211 if (err)
8212 return ERR_PTR(err);
8213
8214 /* SSID and BSSID are mutually exclusive */
8215 if (tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID] &&
8216 tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID])
8217 return ERR_PTR(-EINVAL);
8218
8219 /* add other standalone attributes here */
8220 if (tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID] ||
8221 tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID]) {
8222 n_match_sets++;
8223 continue;
8224 }
8225 rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
8226 if (rssi)
8227 default_match_rssi = nla_get_s32(rssi);
8228 }
8229 }
8230
8231 /* However, if there's no other matchset, add the RSSI one */
8232 if (!n_match_sets && default_match_rssi != NL80211_SCAN_RSSI_THOLD_OFF)
8233 n_match_sets = 1;
8234
8235 if (n_match_sets > max_match_sets)
8236 return ERR_PTR(-EINVAL);
8237
8238 if (attrs[NL80211_ATTR_IE])
8239 ie_len = nla_len(attrs[NL80211_ATTR_IE]);
8240 else
8241 ie_len = 0;
8242
8243 if (ie_len > wiphy->max_sched_scan_ie_len)
8244 return ERR_PTR(-EINVAL);
8245
8246 if (attrs[NL80211_ATTR_SCHED_SCAN_PLANS]) {
8247 /*
8248 * NL80211_ATTR_SCHED_SCAN_INTERVAL must not be specified since
8249 * each scan plan already specifies its own interval
8250 */
8251 if (attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
8252 return ERR_PTR(-EINVAL);
8253
8254 nla_for_each_nested(attr,
8255 attrs[NL80211_ATTR_SCHED_SCAN_PLANS], tmp)
8256 n_plans++;
8257 } else {
8258 /*
8259 * The scan interval attribute is kept for backward
8260 * compatibility. If no scan plans are specified and sched scan
8261 * interval is specified, one scan plan will be set with this
8262 * scan interval and infinite number of iterations.
8263 */
8264 if (!attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
8265 return ERR_PTR(-EINVAL);
8266
8267 n_plans = 1;
8268 }
8269
8270 if (!n_plans || n_plans > wiphy->max_sched_scan_plans)
8271 return ERR_PTR(-EINVAL);
8272
8273 if (!wiphy_ext_feature_isset(
8274 wiphy, NL80211_EXT_FEATURE_SCHED_SCAN_RELATIVE_RSSI) &&
8275 (attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI] ||
8276 attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]))
8277 return ERR_PTR(-EINVAL);
8278
8279 request = kzalloc(sizeof(*request)
8280 + sizeof(*request->ssids) * n_ssids
8281 + sizeof(*request->match_sets) * n_match_sets
8282 + sizeof(*request->scan_plans) * n_plans
8283 + sizeof(*request->channels) * n_channels
8284 + ie_len, GFP_KERNEL);
8285 if (!request)
8286 return ERR_PTR(-ENOMEM);
8287
8288 if (n_ssids)
8289 request->ssids = (void *)&request->channels[n_channels];
8290 request->n_ssids = n_ssids;
8291 if (ie_len) {
8292 if (n_ssids)
8293 request->ie = (void *)(request->ssids + n_ssids);
8294 else
8295 request->ie = (void *)(request->channels + n_channels);
8296 }
8297
8298 if (n_match_sets) {
8299 if (request->ie)
8300 request->match_sets = (void *)(request->ie + ie_len);
8301 else if (n_ssids)
8302 request->match_sets =
8303 (void *)(request->ssids + n_ssids);
8304 else
8305 request->match_sets =
8306 (void *)(request->channels + n_channels);
8307 }
8308 request->n_match_sets = n_match_sets;
8309
8310 if (n_match_sets)
8311 request->scan_plans = (void *)(request->match_sets +
8312 n_match_sets);
8313 else if (request->ie)
8314 request->scan_plans = (void *)(request->ie + ie_len);
8315 else if (n_ssids)
8316 request->scan_plans = (void *)(request->ssids + n_ssids);
8317 else
8318 request->scan_plans = (void *)(request->channels + n_channels);
8319
8320 request->n_scan_plans = n_plans;
8321
8322 i = 0;
8323 if (attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
8324 /* user specified, bail out if channel not found */
8325 nla_for_each_nested(attr,
8326 attrs[NL80211_ATTR_SCAN_FREQUENCIES],
8327 tmp) {
8328 struct ieee80211_channel *chan;
8329
8330 chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
8331
8332 if (!chan) {
8333 err = -EINVAL;
8334 goto out_free;
8335 }
8336
8337 /* ignore disabled channels */
8338 if (chan->flags & IEEE80211_CHAN_DISABLED)
8339 continue;
8340
8341 request->channels[i] = chan;
8342 i++;
8343 }
8344 } else {
8345 /* all channels */
8346 for (band = 0; band < NUM_NL80211_BANDS; band++) {
8347 int j;
8348
8349 if (!wiphy->bands[band])
8350 continue;
8351 for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
8352 struct ieee80211_channel *chan;
8353
8354 chan = &wiphy->bands[band]->channels[j];
8355
8356 if (chan->flags & IEEE80211_CHAN_DISABLED)
8357 continue;
8358
8359 request->channels[i] = chan;
8360 i++;
8361 }
8362 }
8363 }
8364
8365 if (!i) {
8366 err = -EINVAL;
8367 goto out_free;
8368 }
8369
8370 request->n_channels = i;
8371
8372 i = 0;
8373 if (n_ssids) {
8374 nla_for_each_nested(attr, attrs[NL80211_ATTR_SCAN_SSIDS],
8375 tmp) {
8376 if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
8377 err = -EINVAL;
8378 goto out_free;
8379 }
8380 request->ssids[i].ssid_len = nla_len(attr);
8381 memcpy(request->ssids[i].ssid, nla_data(attr),
8382 nla_len(attr));
8383 i++;
8384 }
8385 }
8386
8387 i = 0;
8388 if (attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
8389 nla_for_each_nested(attr,
8390 attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
8391 tmp) {
8392 struct nlattr *ssid, *bssid, *rssi;
8393
8394 err = nla_parse_nested_deprecated(tb,
8395 NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
8396 attr,
8397 nl80211_match_policy,
8398 NULL);
8399 if (err)
8400 goto out_free;
8401 ssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID];
8402 bssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID];
8403
8404 if (!ssid && !bssid) {
8405 i++;
8406 continue;
8407 }
8408
8409 if (WARN_ON(i >= n_match_sets)) {
8410 /* this indicates a programming error,
8411 * the loop above should have verified
8412 * things properly
8413 */
8414 err = -EINVAL;
8415 goto out_free;
8416 }
8417
8418 if (ssid) {
8419 if (nla_len(ssid) > IEEE80211_MAX_SSID_LEN) {
8420 err = -EINVAL;
8421 goto out_free;
8422 }
8423 memcpy(request->match_sets[i].ssid.ssid,
8424 nla_data(ssid), nla_len(ssid));
8425 request->match_sets[i].ssid.ssid_len =
8426 nla_len(ssid);
8427 }
8428 if (bssid) {
8429 if (nla_len(bssid) != ETH_ALEN) {
8430 err = -EINVAL;
8431 goto out_free;
8432 }
8433 memcpy(request->match_sets[i].bssid,
8434 nla_data(bssid), ETH_ALEN);
8435 }
8436
8437 /* special attribute - old implementation w/a */
8438 request->match_sets[i].rssi_thold = default_match_rssi;
8439 rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
8440 if (rssi)
8441 request->match_sets[i].rssi_thold =
8442 nla_get_s32(rssi);
8443
8444 /* Parse per band RSSI attribute */
8445 err = nl80211_parse_sched_scan_per_band_rssi(wiphy,
8446 &request->match_sets[i],
8447 tb[NL80211_SCHED_SCAN_MATCH_PER_BAND_RSSI],
8448 request->match_sets[i].rssi_thold);
8449 if (err)
8450 goto out_free;
8451
8452 i++;
8453 }
8454
8455 /* there was no other matchset, so the RSSI one is alone */
8456 if (i == 0 && n_match_sets)
8457 request->match_sets[0].rssi_thold = default_match_rssi;
8458
8459 request->min_rssi_thold = INT_MAX;
8460 for (i = 0; i < n_match_sets; i++)
8461 request->min_rssi_thold =
8462 min(request->match_sets[i].rssi_thold,
8463 request->min_rssi_thold);
8464 } else {
8465 request->min_rssi_thold = NL80211_SCAN_RSSI_THOLD_OFF;
8466 }
8467
8468 if (ie_len) {
8469 request->ie_len = ie_len;
8470 memcpy((void *)request->ie,
8471 nla_data(attrs[NL80211_ATTR_IE]),
8472 request->ie_len);
8473 }
8474
8475 err = nl80211_check_scan_flags(wiphy, wdev, request, attrs, true);
8476 if (err)
8477 goto out_free;
8478
8479 if (attrs[NL80211_ATTR_SCHED_SCAN_DELAY])
8480 request->delay =
8481 nla_get_u32(attrs[NL80211_ATTR_SCHED_SCAN_DELAY]);
8482
8483 if (attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI]) {
8484 request->relative_rssi = nla_get_s8(
8485 attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI]);
8486 request->relative_rssi_set = true;
8487 }
8488
8489 if (request->relative_rssi_set &&
8490 attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]) {
8491 struct nl80211_bss_select_rssi_adjust *rssi_adjust;
8492
8493 rssi_adjust = nla_data(
8494 attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]);
8495 request->rssi_adjust.band = rssi_adjust->band;
8496 request->rssi_adjust.delta = rssi_adjust->delta;
8497 if (!is_band_valid(wiphy, request->rssi_adjust.band)) {
8498 err = -EINVAL;
8499 goto out_free;
8500 }
8501 }
8502
8503 err = nl80211_parse_sched_scan_plans(wiphy, n_plans, request, attrs);
8504 if (err)
8505 goto out_free;
8506
8507 request->scan_start = jiffies;
8508
8509 return request;
8510
8511 out_free:
8512 kfree(request);
8513 return ERR_PTR(err);
8514 }
8515
8516 static int nl80211_start_sched_scan(struct sk_buff *skb,
8517 struct genl_info *info)
8518 {
8519 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8520 struct net_device *dev = info->user_ptr[1];
8521 struct wireless_dev *wdev = dev->ieee80211_ptr;
8522 struct cfg80211_sched_scan_request *sched_scan_req;
8523 bool want_multi;
8524 int err;
8525
8526 if (!rdev->wiphy.max_sched_scan_reqs || !rdev->ops->sched_scan_start)
8527 return -EOPNOTSUPP;
8528
8529 want_multi = info->attrs[NL80211_ATTR_SCHED_SCAN_MULTI];
8530 err = cfg80211_sched_scan_req_possible(rdev, want_multi);
8531 if (err)
8532 return err;
8533
8534 sched_scan_req = nl80211_parse_sched_scan(&rdev->wiphy, wdev,
8535 info->attrs,
8536 rdev->wiphy.max_match_sets);
8537
8538 err = PTR_ERR_OR_ZERO(sched_scan_req);
8539 if (err)
8540 goto out_err;
8541
8542 /* leave request id zero for legacy request
8543 * or if driver does not support multi-scheduled scan
8544 */
8545 if (want_multi && rdev->wiphy.max_sched_scan_reqs > 1)
8546 sched_scan_req->reqid = cfg80211_assign_cookie(rdev);
8547
8548 err = rdev_sched_scan_start(rdev, dev, sched_scan_req);
8549 if (err)
8550 goto out_free;
8551
8552 sched_scan_req->dev = dev;
8553 sched_scan_req->wiphy = &rdev->wiphy;
8554
8555 if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
8556 sched_scan_req->owner_nlportid = info->snd_portid;
8557
8558 cfg80211_add_sched_scan_req(rdev, sched_scan_req);
8559
8560 nl80211_send_sched_scan(sched_scan_req, NL80211_CMD_START_SCHED_SCAN);
8561 return 0;
8562
8563 out_free:
8564 kfree(sched_scan_req);
8565 out_err:
8566 return err;
8567 }
8568
8569 static int nl80211_stop_sched_scan(struct sk_buff *skb,
8570 struct genl_info *info)
8571 {
8572 struct cfg80211_sched_scan_request *req;
8573 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8574 u64 cookie;
8575
8576 if (!rdev->wiphy.max_sched_scan_reqs || !rdev->ops->sched_scan_stop)
8577 return -EOPNOTSUPP;
8578
8579 if (info->attrs[NL80211_ATTR_COOKIE]) {
8580 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
8581 return __cfg80211_stop_sched_scan(rdev, cookie, false);
8582 }
8583
8584 req = list_first_or_null_rcu(&rdev->sched_scan_req_list,
8585 struct cfg80211_sched_scan_request,
8586 list);
8587 if (!req || req->reqid ||
8588 (req->owner_nlportid &&
8589 req->owner_nlportid != info->snd_portid))
8590 return -ENOENT;
8591
8592 return cfg80211_stop_sched_scan_req(rdev, req, false);
8593 }
8594
8595 static int nl80211_start_radar_detection(struct sk_buff *skb,
8596 struct genl_info *info)
8597 {
8598 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8599 struct net_device *dev = info->user_ptr[1];
8600 struct wireless_dev *wdev = dev->ieee80211_ptr;
8601 struct wiphy *wiphy = wdev->wiphy;
8602 struct cfg80211_chan_def chandef;
8603 enum nl80211_dfs_regions dfs_region;
8604 unsigned int cac_time_ms;
8605 int err;
8606
8607 dfs_region = reg_get_dfs_region(wiphy);
8608 if (dfs_region == NL80211_DFS_UNSET)
8609 return -EINVAL;
8610
8611 err = nl80211_parse_chandef(rdev, info, &chandef);
8612 if (err)
8613 return err;
8614
8615 if (netif_carrier_ok(dev))
8616 return -EBUSY;
8617
8618 if (wdev->cac_started)
8619 return -EBUSY;
8620
8621 err = cfg80211_chandef_dfs_required(wiphy, &chandef, wdev->iftype);
8622 if (err < 0)
8623 return err;
8624
8625 if (err == 0)
8626 return -EINVAL;
8627
8628 if (!cfg80211_chandef_dfs_usable(wiphy, &chandef))
8629 return -EINVAL;
8630
8631 /* CAC start is offloaded to HW and can't be started manually */
8632 if (wiphy_ext_feature_isset(wiphy, NL80211_EXT_FEATURE_DFS_OFFLOAD))
8633 return -EOPNOTSUPP;
8634
8635 if (!rdev->ops->start_radar_detection)
8636 return -EOPNOTSUPP;
8637
8638 cac_time_ms = cfg80211_chandef_dfs_cac_time(&rdev->wiphy, &chandef);
8639 if (WARN_ON(!cac_time_ms))
8640 cac_time_ms = IEEE80211_DFS_MIN_CAC_TIME_MS;
8641
8642 err = rdev_start_radar_detection(rdev, dev, &chandef, cac_time_ms);
8643 if (!err) {
8644 wdev->chandef = chandef;
8645 wdev->cac_started = true;
8646 wdev->cac_start_time = jiffies;
8647 wdev->cac_time_ms = cac_time_ms;
8648 }
8649 return err;
8650 }
8651
8652 static int nl80211_notify_radar_detection(struct sk_buff *skb,
8653 struct genl_info *info)
8654 {
8655 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8656 struct net_device *dev = info->user_ptr[1];
8657 struct wireless_dev *wdev = dev->ieee80211_ptr;
8658 struct wiphy *wiphy = wdev->wiphy;
8659 struct cfg80211_chan_def chandef;
8660 enum nl80211_dfs_regions dfs_region;
8661 int err;
8662
8663 dfs_region = reg_get_dfs_region(wiphy);
8664 if (dfs_region == NL80211_DFS_UNSET) {
8665 GENL_SET_ERR_MSG(info,
8666 "DFS Region is not set. Unexpected Radar indication");
8667 return -EINVAL;
8668 }
8669
8670 err = nl80211_parse_chandef(rdev, info, &chandef);
8671 if (err) {
8672 GENL_SET_ERR_MSG(info, "Unable to extract chandef info");
8673 return err;
8674 }
8675
8676 err = cfg80211_chandef_dfs_required(wiphy, &chandef, wdev->iftype);
8677 if (err < 0) {
8678 GENL_SET_ERR_MSG(info, "chandef is invalid");
8679 return err;
8680 }
8681
8682 if (err == 0) {
8683 GENL_SET_ERR_MSG(info,
8684 "Unexpected Radar indication for chandef/iftype");
8685 return -EINVAL;
8686 }
8687
8688 /* Do not process this notification if radar is already detected
8689 * by kernel on this channel, and return success.
8690 */
8691 if (chandef.chan->dfs_state == NL80211_DFS_UNAVAILABLE)
8692 return 0;
8693
8694 cfg80211_set_dfs_state(wiphy, &chandef, NL80211_DFS_UNAVAILABLE);
8695
8696 cfg80211_sched_dfs_chan_update(rdev);
8697
8698 rdev->radar_chandef = chandef;
8699
8700 /* Propagate this notification to other radios as well */
8701 queue_work(cfg80211_wq, &rdev->propagate_radar_detect_wk);
8702
8703 return 0;
8704 }
8705
8706 static int nl80211_channel_switch(struct sk_buff *skb, struct genl_info *info)
8707 {
8708 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8709 struct net_device *dev = info->user_ptr[1];
8710 struct wireless_dev *wdev = dev->ieee80211_ptr;
8711 struct cfg80211_csa_settings params;
8712 /* csa_attrs is defined static to avoid waste of stack size - this
8713 * function is called under RTNL lock, so this should not be a problem.
8714 */
8715 static struct nlattr *csa_attrs[NL80211_ATTR_MAX+1];
8716 int err;
8717 bool need_new_beacon = false;
8718 bool need_handle_dfs_flag = true;
8719 int len, i;
8720 u32 cs_count;
8721
8722 if (!rdev->ops->channel_switch ||
8723 !(rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH))
8724 return -EOPNOTSUPP;
8725
8726 switch (dev->ieee80211_ptr->iftype) {
8727 case NL80211_IFTYPE_AP:
8728 case NL80211_IFTYPE_P2P_GO:
8729 need_new_beacon = true;
8730 /* For all modes except AP the handle_dfs flag needs to be
8731 * supplied to tell the kernel that userspace will handle radar
8732 * events when they happen. Otherwise a switch to a channel
8733 * requiring DFS will be rejected.
8734 */
8735 need_handle_dfs_flag = false;
8736
8737 /* useless if AP is not running */
8738 if (!wdev->beacon_interval)
8739 return -ENOTCONN;
8740 break;
8741 case NL80211_IFTYPE_ADHOC:
8742 if (!wdev->ssid_len)
8743 return -ENOTCONN;
8744 break;
8745 case NL80211_IFTYPE_MESH_POINT:
8746 if (!wdev->mesh_id_len)
8747 return -ENOTCONN;
8748 break;
8749 default:
8750 return -EOPNOTSUPP;
8751 }
8752
8753 memset(&params, 0, sizeof(params));
8754 params.beacon_csa.ftm_responder = -1;
8755
8756 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
8757 !info->attrs[NL80211_ATTR_CH_SWITCH_COUNT])
8758 return -EINVAL;
8759
8760 /* only important for AP, IBSS and mesh create IEs internally */
8761 if (need_new_beacon && !info->attrs[NL80211_ATTR_CSA_IES])
8762 return -EINVAL;
8763
8764 /* Even though the attribute is u32, the specification says
8765 * u8, so let's make sure we don't overflow.
8766 */
8767 cs_count = nla_get_u32(info->attrs[NL80211_ATTR_CH_SWITCH_COUNT]);
8768 if (cs_count > 255)
8769 return -EINVAL;
8770
8771 params.count = cs_count;
8772
8773 if (!need_new_beacon)
8774 goto skip_beacons;
8775
8776 err = nl80211_parse_beacon(rdev, info->attrs, &params.beacon_after);
8777 if (err)
8778 return err;
8779
8780 err = nla_parse_nested_deprecated(csa_attrs, NL80211_ATTR_MAX,
8781 info->attrs[NL80211_ATTR_CSA_IES],
8782 nl80211_policy, info->extack);
8783 if (err)
8784 return err;
8785
8786 err = nl80211_parse_beacon(rdev, csa_attrs, &params.beacon_csa);
8787 if (err)
8788 return err;
8789
8790 if (!csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON])
8791 return -EINVAL;
8792
8793 len = nla_len(csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON]);
8794 if (!len || (len % sizeof(u16)))
8795 return -EINVAL;
8796
8797 params.n_counter_offsets_beacon = len / sizeof(u16);
8798 if (rdev->wiphy.max_num_csa_counters &&
8799 (params.n_counter_offsets_beacon >
8800 rdev->wiphy.max_num_csa_counters))
8801 return -EINVAL;
8802
8803 params.counter_offsets_beacon =
8804 nla_data(csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON]);
8805
8806 /* sanity checks - counters should fit and be the same */
8807 for (i = 0; i < params.n_counter_offsets_beacon; i++) {
8808 u16 offset = params.counter_offsets_beacon[i];
8809
8810 if (offset >= params.beacon_csa.tail_len)
8811 return -EINVAL;
8812
8813 if (params.beacon_csa.tail[offset] != params.count)
8814 return -EINVAL;
8815 }
8816
8817 if (csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]) {
8818 len = nla_len(csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]);
8819 if (!len || (len % sizeof(u16)))
8820 return -EINVAL;
8821
8822 params.n_counter_offsets_presp = len / sizeof(u16);
8823 if (rdev->wiphy.max_num_csa_counters &&
8824 (params.n_counter_offsets_presp >
8825 rdev->wiphy.max_num_csa_counters))
8826 return -EINVAL;
8827
8828 params.counter_offsets_presp =
8829 nla_data(csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]);
8830
8831 /* sanity checks - counters should fit and be the same */
8832 for (i = 0; i < params.n_counter_offsets_presp; i++) {
8833 u16 offset = params.counter_offsets_presp[i];
8834
8835 if (offset >= params.beacon_csa.probe_resp_len)
8836 return -EINVAL;
8837
8838 if (params.beacon_csa.probe_resp[offset] !=
8839 params.count)
8840 return -EINVAL;
8841 }
8842 }
8843
8844 skip_beacons:
8845 err = nl80211_parse_chandef(rdev, info, &params.chandef);
8846 if (err)
8847 return err;
8848
8849 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &params.chandef,
8850 wdev->iftype))
8851 return -EINVAL;
8852
8853 err = cfg80211_chandef_dfs_required(wdev->wiphy,
8854 &params.chandef,
8855 wdev->iftype);
8856 if (err < 0)
8857 return err;
8858
8859 if (err > 0) {
8860 params.radar_required = true;
8861 if (need_handle_dfs_flag &&
8862 !nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS])) {
8863 return -EINVAL;
8864 }
8865 }
8866
8867 if (info->attrs[NL80211_ATTR_CH_SWITCH_BLOCK_TX])
8868 params.block_tx = true;
8869
8870 wdev_lock(wdev);
8871 err = rdev_channel_switch(rdev, dev, &params);
8872 wdev_unlock(wdev);
8873
8874 return err;
8875 }
8876
8877 static int nl80211_send_bss(struct sk_buff *msg, struct netlink_callback *cb,
8878 u32 seq, int flags,
8879 struct cfg80211_registered_device *rdev,
8880 struct wireless_dev *wdev,
8881 struct cfg80211_internal_bss *intbss)
8882 {
8883 struct cfg80211_bss *res = &intbss->pub;
8884 const struct cfg80211_bss_ies *ies;
8885 void *hdr;
8886 struct nlattr *bss;
8887
8888 ASSERT_WDEV_LOCK(wdev);
8889
8890 hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags,
8891 NL80211_CMD_NEW_SCAN_RESULTS);
8892 if (!hdr)
8893 return -1;
8894
8895 genl_dump_check_consistent(cb, hdr);
8896
8897 if (nla_put_u32(msg, NL80211_ATTR_GENERATION, rdev->bss_generation))
8898 goto nla_put_failure;
8899 if (wdev->netdev &&
8900 nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex))
8901 goto nla_put_failure;
8902 if (nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
8903 NL80211_ATTR_PAD))
8904 goto nla_put_failure;
8905
8906 bss = nla_nest_start_noflag(msg, NL80211_ATTR_BSS);
8907 if (!bss)
8908 goto nla_put_failure;
8909 if ((!is_zero_ether_addr(res->bssid) &&
8910 nla_put(msg, NL80211_BSS_BSSID, ETH_ALEN, res->bssid)))
8911 goto nla_put_failure;
8912
8913 rcu_read_lock();
8914 /* indicate whether we have probe response data or not */
8915 if (rcu_access_pointer(res->proberesp_ies) &&
8916 nla_put_flag(msg, NL80211_BSS_PRESP_DATA))
8917 goto fail_unlock_rcu;
8918
8919 /* this pointer prefers to be pointed to probe response data
8920 * but is always valid
8921 */
8922 ies = rcu_dereference(res->ies);
8923 if (ies) {
8924 if (nla_put_u64_64bit(msg, NL80211_BSS_TSF, ies->tsf,
8925 NL80211_BSS_PAD))
8926 goto fail_unlock_rcu;
8927 if (ies->len && nla_put(msg, NL80211_BSS_INFORMATION_ELEMENTS,
8928 ies->len, ies->data))
8929 goto fail_unlock_rcu;
8930 }
8931
8932 /* and this pointer is always (unless driver didn't know) beacon data */
8933 ies = rcu_dereference(res->beacon_ies);
8934 if (ies && ies->from_beacon) {
8935 if (nla_put_u64_64bit(msg, NL80211_BSS_BEACON_TSF, ies->tsf,
8936 NL80211_BSS_PAD))
8937 goto fail_unlock_rcu;
8938 if (ies->len && nla_put(msg, NL80211_BSS_BEACON_IES,
8939 ies->len, ies->data))
8940 goto fail_unlock_rcu;
8941 }
8942 rcu_read_unlock();
8943
8944 if (res->beacon_interval &&
8945 nla_put_u16(msg, NL80211_BSS_BEACON_INTERVAL, res->beacon_interval))
8946 goto nla_put_failure;
8947 if (nla_put_u16(msg, NL80211_BSS_CAPABILITY, res->capability) ||
8948 nla_put_u32(msg, NL80211_BSS_FREQUENCY, res->channel->center_freq) ||
8949 nla_put_u32(msg, NL80211_BSS_FREQUENCY_OFFSET,
8950 res->channel->freq_offset) ||
8951 nla_put_u32(msg, NL80211_BSS_CHAN_WIDTH, res->scan_width) ||
8952 nla_put_u32(msg, NL80211_BSS_SEEN_MS_AGO,
8953 jiffies_to_msecs(jiffies - intbss->ts)))
8954 goto nla_put_failure;
8955
8956 if (intbss->parent_tsf &&
8957 (nla_put_u64_64bit(msg, NL80211_BSS_PARENT_TSF,
8958 intbss->parent_tsf, NL80211_BSS_PAD) ||
8959 nla_put(msg, NL80211_BSS_PARENT_BSSID, ETH_ALEN,
8960 intbss->parent_bssid)))
8961 goto nla_put_failure;
8962
8963 if (intbss->ts_boottime &&
8964 nla_put_u64_64bit(msg, NL80211_BSS_LAST_SEEN_BOOTTIME,
8965 intbss->ts_boottime, NL80211_BSS_PAD))
8966 goto nla_put_failure;
8967
8968 if (!nl80211_put_signal(msg, intbss->pub.chains,
8969 intbss->pub.chain_signal,
8970 NL80211_BSS_CHAIN_SIGNAL))
8971 goto nla_put_failure;
8972
8973 switch (rdev->wiphy.signal_type) {
8974 case CFG80211_SIGNAL_TYPE_MBM:
8975 if (nla_put_u32(msg, NL80211_BSS_SIGNAL_MBM, res->signal))
8976 goto nla_put_failure;
8977 break;
8978 case CFG80211_SIGNAL_TYPE_UNSPEC:
8979 if (nla_put_u8(msg, NL80211_BSS_SIGNAL_UNSPEC, res->signal))
8980 goto nla_put_failure;
8981 break;
8982 default:
8983 break;
8984 }
8985
8986 switch (wdev->iftype) {
8987 case NL80211_IFTYPE_P2P_CLIENT:
8988 case NL80211_IFTYPE_STATION:
8989 if (intbss == wdev->current_bss &&
8990 nla_put_u32(msg, NL80211_BSS_STATUS,
8991 NL80211_BSS_STATUS_ASSOCIATED))
8992 goto nla_put_failure;
8993 break;
8994 case NL80211_IFTYPE_ADHOC:
8995 if (intbss == wdev->current_bss &&
8996 nla_put_u32(msg, NL80211_BSS_STATUS,
8997 NL80211_BSS_STATUS_IBSS_JOINED))
8998 goto nla_put_failure;
8999 break;
9000 default:
9001 break;
9002 }
9003
9004 nla_nest_end(msg, bss);
9005
9006 genlmsg_end(msg, hdr);
9007 return 0;
9008
9009 fail_unlock_rcu:
9010 rcu_read_unlock();
9011 nla_put_failure:
9012 genlmsg_cancel(msg, hdr);
9013 return -EMSGSIZE;
9014 }
9015
9016 static int nl80211_dump_scan(struct sk_buff *skb, struct netlink_callback *cb)
9017 {
9018 struct cfg80211_registered_device *rdev;
9019 struct cfg80211_internal_bss *scan;
9020 struct wireless_dev *wdev;
9021 int start = cb->args[2], idx = 0;
9022 int err;
9023
9024 rtnl_lock();
9025 err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev);
9026 if (err) {
9027 rtnl_unlock();
9028 return err;
9029 }
9030
9031 wdev_lock(wdev);
9032 spin_lock_bh(&rdev->bss_lock);
9033
9034 /*
9035 * dump_scan will be called multiple times to break up the scan results
9036 * into multiple messages. It is unlikely that any more bss-es will be
9037 * expired after the first call, so only call only call this on the
9038 * first dump_scan invocation.
9039 */
9040 if (start == 0)
9041 cfg80211_bss_expire(rdev);
9042
9043 cb->seq = rdev->bss_generation;
9044
9045 list_for_each_entry(scan, &rdev->bss_list, list) {
9046 if (++idx <= start)
9047 continue;
9048 if (nl80211_send_bss(skb, cb,
9049 cb->nlh->nlmsg_seq, NLM_F_MULTI,
9050 rdev, wdev, scan) < 0) {
9051 idx--;
9052 break;
9053 }
9054 }
9055
9056 spin_unlock_bh(&rdev->bss_lock);
9057 wdev_unlock(wdev);
9058
9059 cb->args[2] = idx;
9060 rtnl_unlock();
9061
9062 return skb->len;
9063 }
9064
9065 static int nl80211_send_survey(struct sk_buff *msg, u32 portid, u32 seq,
9066 int flags, struct net_device *dev,
9067 bool allow_radio_stats,
9068 struct survey_info *survey)
9069 {
9070 void *hdr;
9071 struct nlattr *infoattr;
9072
9073 /* skip radio stats if userspace didn't request them */
9074 if (!survey->channel && !allow_radio_stats)
9075 return 0;
9076
9077 hdr = nl80211hdr_put(msg, portid, seq, flags,
9078 NL80211_CMD_NEW_SURVEY_RESULTS);
9079 if (!hdr)
9080 return -ENOMEM;
9081
9082 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
9083 goto nla_put_failure;
9084
9085 infoattr = nla_nest_start_noflag(msg, NL80211_ATTR_SURVEY_INFO);
9086 if (!infoattr)
9087 goto nla_put_failure;
9088
9089 if (survey->channel &&
9090 nla_put_u32(msg, NL80211_SURVEY_INFO_FREQUENCY,
9091 survey->channel->center_freq))
9092 goto nla_put_failure;
9093
9094 if ((survey->filled & SURVEY_INFO_NOISE_DBM) &&
9095 nla_put_u8(msg, NL80211_SURVEY_INFO_NOISE, survey->noise))
9096 goto nla_put_failure;
9097 if ((survey->filled & SURVEY_INFO_IN_USE) &&
9098 nla_put_flag(msg, NL80211_SURVEY_INFO_IN_USE))
9099 goto nla_put_failure;
9100 if ((survey->filled & SURVEY_INFO_TIME) &&
9101 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME,
9102 survey->time, NL80211_SURVEY_INFO_PAD))
9103 goto nla_put_failure;
9104 if ((survey->filled & SURVEY_INFO_TIME_BUSY) &&
9105 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_BUSY,
9106 survey->time_busy, NL80211_SURVEY_INFO_PAD))
9107 goto nla_put_failure;
9108 if ((survey->filled & SURVEY_INFO_TIME_EXT_BUSY) &&
9109 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_EXT_BUSY,
9110 survey->time_ext_busy, NL80211_SURVEY_INFO_PAD))
9111 goto nla_put_failure;
9112 if ((survey->filled & SURVEY_INFO_TIME_RX) &&
9113 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_RX,
9114 survey->time_rx, NL80211_SURVEY_INFO_PAD))
9115 goto nla_put_failure;
9116 if ((survey->filled & SURVEY_INFO_TIME_TX) &&
9117 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_TX,
9118 survey->time_tx, NL80211_SURVEY_INFO_PAD))
9119 goto nla_put_failure;
9120 if ((survey->filled & SURVEY_INFO_TIME_SCAN) &&
9121 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_SCAN,
9122 survey->time_scan, NL80211_SURVEY_INFO_PAD))
9123 goto nla_put_failure;
9124 if ((survey->filled & SURVEY_INFO_TIME_BSS_RX) &&
9125 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_BSS_RX,
9126 survey->time_bss_rx, NL80211_SURVEY_INFO_PAD))
9127 goto nla_put_failure;
9128
9129 nla_nest_end(msg, infoattr);
9130
9131 genlmsg_end(msg, hdr);
9132 return 0;
9133
9134 nla_put_failure:
9135 genlmsg_cancel(msg, hdr);
9136 return -EMSGSIZE;
9137 }
9138
9139 static int nl80211_dump_survey(struct sk_buff *skb, struct netlink_callback *cb)
9140 {
9141 struct nlattr **attrbuf;
9142 struct survey_info survey;
9143 struct cfg80211_registered_device *rdev;
9144 struct wireless_dev *wdev;
9145 int survey_idx = cb->args[2];
9146 int res;
9147 bool radio_stats;
9148
9149 attrbuf = kcalloc(NUM_NL80211_ATTR, sizeof(*attrbuf), GFP_KERNEL);
9150 if (!attrbuf)
9151 return -ENOMEM;
9152
9153 rtnl_lock();
9154 res = nl80211_prepare_wdev_dump(cb, &rdev, &wdev);
9155 if (res)
9156 goto out_err;
9157
9158 /* prepare_wdev_dump parsed the attributes */
9159 radio_stats = attrbuf[NL80211_ATTR_SURVEY_RADIO_STATS];
9160
9161 if (!wdev->netdev) {
9162 res = -EINVAL;
9163 goto out_err;
9164 }
9165
9166 if (!rdev->ops->dump_survey) {
9167 res = -EOPNOTSUPP;
9168 goto out_err;
9169 }
9170
9171 while (1) {
9172 res = rdev_dump_survey(rdev, wdev->netdev, survey_idx, &survey);
9173 if (res == -ENOENT)
9174 break;
9175 if (res)
9176 goto out_err;
9177
9178 /* don't send disabled channels, but do send non-channel data */
9179 if (survey.channel &&
9180 survey.channel->flags & IEEE80211_CHAN_DISABLED) {
9181 survey_idx++;
9182 continue;
9183 }
9184
9185 if (nl80211_send_survey(skb,
9186 NETLINK_CB(cb->skb).portid,
9187 cb->nlh->nlmsg_seq, NLM_F_MULTI,
9188 wdev->netdev, radio_stats, &survey) < 0)
9189 goto out;
9190 survey_idx++;
9191 }
9192
9193 out:
9194 cb->args[2] = survey_idx;
9195 res = skb->len;
9196 out_err:
9197 kfree(attrbuf);
9198 rtnl_unlock();
9199 return res;
9200 }
9201
9202 static bool nl80211_valid_wpa_versions(u32 wpa_versions)
9203 {
9204 return !(wpa_versions & ~(NL80211_WPA_VERSION_1 |
9205 NL80211_WPA_VERSION_2 |
9206 NL80211_WPA_VERSION_3));
9207 }
9208
9209 static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info)
9210 {
9211 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9212 struct net_device *dev = info->user_ptr[1];
9213 struct ieee80211_channel *chan;
9214 const u8 *bssid, *ssid, *ie = NULL, *auth_data = NULL;
9215 int err, ssid_len, ie_len = 0, auth_data_len = 0;
9216 enum nl80211_auth_type auth_type;
9217 struct key_parse key;
9218 bool local_state_change;
9219 u32 freq;
9220
9221 if (!info->attrs[NL80211_ATTR_MAC])
9222 return -EINVAL;
9223
9224 if (!info->attrs[NL80211_ATTR_AUTH_TYPE])
9225 return -EINVAL;
9226
9227 if (!info->attrs[NL80211_ATTR_SSID])
9228 return -EINVAL;
9229
9230 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
9231 return -EINVAL;
9232
9233 err = nl80211_parse_key(info, &key);
9234 if (err)
9235 return err;
9236
9237 if (key.idx >= 0) {
9238 if (key.type != -1 && key.type != NL80211_KEYTYPE_GROUP)
9239 return -EINVAL;
9240 if (!key.p.key || !key.p.key_len)
9241 return -EINVAL;
9242 if ((key.p.cipher != WLAN_CIPHER_SUITE_WEP40 ||
9243 key.p.key_len != WLAN_KEY_LEN_WEP40) &&
9244 (key.p.cipher != WLAN_CIPHER_SUITE_WEP104 ||
9245 key.p.key_len != WLAN_KEY_LEN_WEP104))
9246 return -EINVAL;
9247 if (key.idx > 3)
9248 return -EINVAL;
9249 } else {
9250 key.p.key_len = 0;
9251 key.p.key = NULL;
9252 }
9253
9254 if (key.idx >= 0) {
9255 int i;
9256 bool ok = false;
9257
9258 for (i = 0; i < rdev->wiphy.n_cipher_suites; i++) {
9259 if (key.p.cipher == rdev->wiphy.cipher_suites[i]) {
9260 ok = true;
9261 break;
9262 }
9263 }
9264 if (!ok)
9265 return -EINVAL;
9266 }
9267
9268 if (!rdev->ops->auth)
9269 return -EOPNOTSUPP;
9270
9271 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
9272 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
9273 return -EOPNOTSUPP;
9274
9275 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
9276 freq = MHZ_TO_KHZ(nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
9277 if (info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET])
9278 freq +=
9279 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET]);
9280
9281 chan = nl80211_get_valid_chan(&rdev->wiphy, freq);
9282 if (!chan)
9283 return -EINVAL;
9284
9285 ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
9286 ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
9287
9288 if (info->attrs[NL80211_ATTR_IE]) {
9289 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
9290 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
9291 }
9292
9293 auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
9294 if (!nl80211_valid_auth_type(rdev, auth_type, NL80211_CMD_AUTHENTICATE))
9295 return -EINVAL;
9296
9297 if ((auth_type == NL80211_AUTHTYPE_SAE ||
9298 auth_type == NL80211_AUTHTYPE_FILS_SK ||
9299 auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
9300 auth_type == NL80211_AUTHTYPE_FILS_PK) &&
9301 !info->attrs[NL80211_ATTR_AUTH_DATA])
9302 return -EINVAL;
9303
9304 if (info->attrs[NL80211_ATTR_AUTH_DATA]) {
9305 if (auth_type != NL80211_AUTHTYPE_SAE &&
9306 auth_type != NL80211_AUTHTYPE_FILS_SK &&
9307 auth_type != NL80211_AUTHTYPE_FILS_SK_PFS &&
9308 auth_type != NL80211_AUTHTYPE_FILS_PK)
9309 return -EINVAL;
9310 auth_data = nla_data(info->attrs[NL80211_ATTR_AUTH_DATA]);
9311 auth_data_len = nla_len(info->attrs[NL80211_ATTR_AUTH_DATA]);
9312 /* need to include at least Auth Transaction and Status Code */
9313 if (auth_data_len < 4)
9314 return -EINVAL;
9315 }
9316
9317 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
9318
9319 /*
9320 * Since we no longer track auth state, ignore
9321 * requests to only change local state.
9322 */
9323 if (local_state_change)
9324 return 0;
9325
9326 wdev_lock(dev->ieee80211_ptr);
9327 err = cfg80211_mlme_auth(rdev, dev, chan, auth_type, bssid,
9328 ssid, ssid_len, ie, ie_len,
9329 key.p.key, key.p.key_len, key.idx,
9330 auth_data, auth_data_len);
9331 wdev_unlock(dev->ieee80211_ptr);
9332 return err;
9333 }
9334
9335 static int validate_pae_over_nl80211(struct cfg80211_registered_device *rdev,
9336 struct genl_info *info)
9337 {
9338 if (!info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
9339 GENL_SET_ERR_MSG(info, "SOCKET_OWNER not set");
9340 return -EINVAL;
9341 }
9342
9343 if (!rdev->ops->tx_control_port ||
9344 !wiphy_ext_feature_isset(&rdev->wiphy,
9345 NL80211_EXT_FEATURE_CONTROL_PORT_OVER_NL80211))
9346 return -EOPNOTSUPP;
9347
9348 return 0;
9349 }
9350
9351 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
9352 struct genl_info *info,
9353 struct cfg80211_crypto_settings *settings,
9354 int cipher_limit)
9355 {
9356 memset(settings, 0, sizeof(*settings));
9357
9358 settings->control_port = info->attrs[NL80211_ATTR_CONTROL_PORT];
9359
9360 if (info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) {
9361 u16 proto;
9362
9363 proto = nla_get_u16(
9364 info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]);
9365 settings->control_port_ethertype = cpu_to_be16(proto);
9366 if (!(rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
9367 proto != ETH_P_PAE)
9368 return -EINVAL;
9369 if (info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT])
9370 settings->control_port_no_encrypt = true;
9371 } else
9372 settings->control_port_ethertype = cpu_to_be16(ETH_P_PAE);
9373
9374 if (info->attrs[NL80211_ATTR_CONTROL_PORT_OVER_NL80211]) {
9375 int r = validate_pae_over_nl80211(rdev, info);
9376
9377 if (r < 0)
9378 return r;
9379
9380 settings->control_port_over_nl80211 = true;
9381
9382 if (info->attrs[NL80211_ATTR_CONTROL_PORT_NO_PREAUTH])
9383 settings->control_port_no_preauth = true;
9384 }
9385
9386 if (info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]) {
9387 void *data;
9388 int len, i;
9389
9390 data = nla_data(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
9391 len = nla_len(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
9392 settings->n_ciphers_pairwise = len / sizeof(u32);
9393
9394 if (len % sizeof(u32))
9395 return -EINVAL;
9396
9397 if (settings->n_ciphers_pairwise > cipher_limit)
9398 return -EINVAL;
9399
9400 memcpy(settings->ciphers_pairwise, data, len);
9401
9402 for (i = 0; i < settings->n_ciphers_pairwise; i++)
9403 if (!cfg80211_supported_cipher_suite(
9404 &rdev->wiphy,
9405 settings->ciphers_pairwise[i]))
9406 return -EINVAL;
9407 }
9408
9409 if (info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]) {
9410 settings->cipher_group =
9411 nla_get_u32(info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]);
9412 if (!cfg80211_supported_cipher_suite(&rdev->wiphy,
9413 settings->cipher_group))
9414 return -EINVAL;
9415 }
9416
9417 if (info->attrs[NL80211_ATTR_WPA_VERSIONS]) {
9418 settings->wpa_versions =
9419 nla_get_u32(info->attrs[NL80211_ATTR_WPA_VERSIONS]);
9420 if (!nl80211_valid_wpa_versions(settings->wpa_versions))
9421 return -EINVAL;
9422 }
9423
9424 if (info->attrs[NL80211_ATTR_AKM_SUITES]) {
9425 void *data;
9426 int len;
9427
9428 data = nla_data(info->attrs[NL80211_ATTR_AKM_SUITES]);
9429 len = nla_len(info->attrs[NL80211_ATTR_AKM_SUITES]);
9430 settings->n_akm_suites = len / sizeof(u32);
9431
9432 if (len % sizeof(u32))
9433 return -EINVAL;
9434
9435 if (settings->n_akm_suites > NL80211_MAX_NR_AKM_SUITES)
9436 return -EINVAL;
9437
9438 memcpy(settings->akm_suites, data, len);
9439 }
9440
9441 if (info->attrs[NL80211_ATTR_PMK]) {
9442 if (nla_len(info->attrs[NL80211_ATTR_PMK]) != WLAN_PMK_LEN)
9443 return -EINVAL;
9444 if (!wiphy_ext_feature_isset(&rdev->wiphy,
9445 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_PSK) &&
9446 !wiphy_ext_feature_isset(&rdev->wiphy,
9447 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_AP_PSK))
9448 return -EINVAL;
9449 settings->psk = nla_data(info->attrs[NL80211_ATTR_PMK]);
9450 }
9451
9452 if (info->attrs[NL80211_ATTR_SAE_PASSWORD]) {
9453 if (!wiphy_ext_feature_isset(&rdev->wiphy,
9454 NL80211_EXT_FEATURE_SAE_OFFLOAD))
9455 return -EINVAL;
9456 settings->sae_pwd =
9457 nla_data(info->attrs[NL80211_ATTR_SAE_PASSWORD]);
9458 settings->sae_pwd_len =
9459 nla_len(info->attrs[NL80211_ATTR_SAE_PASSWORD]);
9460 }
9461
9462 return 0;
9463 }
9464
9465 static int nl80211_associate(struct sk_buff *skb, struct genl_info *info)
9466 {
9467 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9468 struct net_device *dev = info->user_ptr[1];
9469 struct ieee80211_channel *chan;
9470 struct cfg80211_assoc_request req = {};
9471 const u8 *bssid, *ssid;
9472 int err, ssid_len = 0;
9473 u32 freq;
9474
9475 if (dev->ieee80211_ptr->conn_owner_nlportid &&
9476 dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
9477 return -EPERM;
9478
9479 if (!info->attrs[NL80211_ATTR_MAC] ||
9480 !info->attrs[NL80211_ATTR_SSID] ||
9481 !info->attrs[NL80211_ATTR_WIPHY_FREQ])
9482 return -EINVAL;
9483
9484 if (!rdev->ops->assoc)
9485 return -EOPNOTSUPP;
9486
9487 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
9488 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
9489 return -EOPNOTSUPP;
9490
9491 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
9492
9493 freq = MHZ_TO_KHZ(nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
9494 if (info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET])
9495 freq +=
9496 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET]);
9497 chan = nl80211_get_valid_chan(&rdev->wiphy, freq);
9498 if (!chan)
9499 return -EINVAL;
9500
9501 ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
9502 ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
9503
9504 if (info->attrs[NL80211_ATTR_IE]) {
9505 req.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
9506 req.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
9507 }
9508
9509 if (info->attrs[NL80211_ATTR_USE_MFP]) {
9510 enum nl80211_mfp mfp =
9511 nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
9512 if (mfp == NL80211_MFP_REQUIRED)
9513 req.use_mfp = true;
9514 else if (mfp != NL80211_MFP_NO)
9515 return -EINVAL;
9516 }
9517
9518 if (info->attrs[NL80211_ATTR_PREV_BSSID])
9519 req.prev_bssid = nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]);
9520
9521 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
9522 req.flags |= ASSOC_REQ_DISABLE_HT;
9523
9524 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
9525 memcpy(&req.ht_capa_mask,
9526 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
9527 sizeof(req.ht_capa_mask));
9528
9529 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
9530 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
9531 return -EINVAL;
9532 memcpy(&req.ht_capa,
9533 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
9534 sizeof(req.ht_capa));
9535 }
9536
9537 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT]))
9538 req.flags |= ASSOC_REQ_DISABLE_VHT;
9539
9540 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
9541 memcpy(&req.vht_capa_mask,
9542 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]),
9543 sizeof(req.vht_capa_mask));
9544
9545 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {
9546 if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
9547 return -EINVAL;
9548 memcpy(&req.vht_capa,
9549 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]),
9550 sizeof(req.vht_capa));
9551 }
9552
9553 if (nla_get_flag(info->attrs[NL80211_ATTR_USE_RRM])) {
9554 if (!((rdev->wiphy.features &
9555 NL80211_FEATURE_DS_PARAM_SET_IE_IN_PROBES) &&
9556 (rdev->wiphy.features & NL80211_FEATURE_QUIET)) &&
9557 !wiphy_ext_feature_isset(&rdev->wiphy,
9558 NL80211_EXT_FEATURE_RRM))
9559 return -EINVAL;
9560 req.flags |= ASSOC_REQ_USE_RRM;
9561 }
9562
9563 if (info->attrs[NL80211_ATTR_FILS_KEK]) {
9564 req.fils_kek = nla_data(info->attrs[NL80211_ATTR_FILS_KEK]);
9565 req.fils_kek_len = nla_len(info->attrs[NL80211_ATTR_FILS_KEK]);
9566 if (!info->attrs[NL80211_ATTR_FILS_NONCES])
9567 return -EINVAL;
9568 req.fils_nonces =
9569 nla_data(info->attrs[NL80211_ATTR_FILS_NONCES]);
9570 }
9571
9572 err = nl80211_crypto_settings(rdev, info, &req.crypto, 1);
9573 if (!err) {
9574 wdev_lock(dev->ieee80211_ptr);
9575
9576 err = cfg80211_mlme_assoc(rdev, dev, chan, bssid,
9577 ssid, ssid_len, &req);
9578
9579 if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
9580 dev->ieee80211_ptr->conn_owner_nlportid =
9581 info->snd_portid;
9582 memcpy(dev->ieee80211_ptr->disconnect_bssid,
9583 bssid, ETH_ALEN);
9584 }
9585
9586 wdev_unlock(dev->ieee80211_ptr);
9587 }
9588
9589 return err;
9590 }
9591
9592 static int nl80211_deauthenticate(struct sk_buff *skb, struct genl_info *info)
9593 {
9594 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9595 struct net_device *dev = info->user_ptr[1];
9596 const u8 *ie = NULL, *bssid;
9597 int ie_len = 0, err;
9598 u16 reason_code;
9599 bool local_state_change;
9600
9601 if (dev->ieee80211_ptr->conn_owner_nlportid &&
9602 dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
9603 return -EPERM;
9604
9605 if (!info->attrs[NL80211_ATTR_MAC])
9606 return -EINVAL;
9607
9608 if (!info->attrs[NL80211_ATTR_REASON_CODE])
9609 return -EINVAL;
9610
9611 if (!rdev->ops->deauth)
9612 return -EOPNOTSUPP;
9613
9614 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
9615 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
9616 return -EOPNOTSUPP;
9617
9618 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
9619
9620 reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
9621 if (reason_code == 0) {
9622 /* Reason Code 0 is reserved */
9623 return -EINVAL;
9624 }
9625
9626 if (info->attrs[NL80211_ATTR_IE]) {
9627 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
9628 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
9629 }
9630
9631 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
9632
9633 wdev_lock(dev->ieee80211_ptr);
9634 err = cfg80211_mlme_deauth(rdev, dev, bssid, ie, ie_len, reason_code,
9635 local_state_change);
9636 wdev_unlock(dev->ieee80211_ptr);
9637 return err;
9638 }
9639
9640 static int nl80211_disassociate(struct sk_buff *skb, struct genl_info *info)
9641 {
9642 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9643 struct net_device *dev = info->user_ptr[1];
9644 const u8 *ie = NULL, *bssid;
9645 int ie_len = 0, err;
9646 u16 reason_code;
9647 bool local_state_change;
9648
9649 if (dev->ieee80211_ptr->conn_owner_nlportid &&
9650 dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
9651 return -EPERM;
9652
9653 if (!info->attrs[NL80211_ATTR_MAC])
9654 return -EINVAL;
9655
9656 if (!info->attrs[NL80211_ATTR_REASON_CODE])
9657 return -EINVAL;
9658
9659 if (!rdev->ops->disassoc)
9660 return -EOPNOTSUPP;
9661
9662 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
9663 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
9664 return -EOPNOTSUPP;
9665
9666 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
9667
9668 reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
9669 if (reason_code == 0) {
9670 /* Reason Code 0 is reserved */
9671 return -EINVAL;
9672 }
9673
9674 if (info->attrs[NL80211_ATTR_IE]) {
9675 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
9676 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
9677 }
9678
9679 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
9680
9681 wdev_lock(dev->ieee80211_ptr);
9682 err = cfg80211_mlme_disassoc(rdev, dev, bssid, ie, ie_len, reason_code,
9683 local_state_change);
9684 wdev_unlock(dev->ieee80211_ptr);
9685 return err;
9686 }
9687
9688 static bool
9689 nl80211_parse_mcast_rate(struct cfg80211_registered_device *rdev,
9690 int mcast_rate[NUM_NL80211_BANDS],
9691 int rateval)
9692 {
9693 struct wiphy *wiphy = &rdev->wiphy;
9694 bool found = false;
9695 int band, i;
9696
9697 for (band = 0; band < NUM_NL80211_BANDS; band++) {
9698 struct ieee80211_supported_band *sband;
9699
9700 sband = wiphy->bands[band];
9701 if (!sband)
9702 continue;
9703
9704 for (i = 0; i < sband->n_bitrates; i++) {
9705 if (sband->bitrates[i].bitrate == rateval) {
9706 mcast_rate[band] = i + 1;
9707 found = true;
9708 break;
9709 }
9710 }
9711 }
9712
9713 return found;
9714 }
9715
9716 static int nl80211_join_ibss(struct sk_buff *skb, struct genl_info *info)
9717 {
9718 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9719 struct net_device *dev = info->user_ptr[1];
9720 struct cfg80211_ibss_params ibss;
9721 struct wiphy *wiphy;
9722 struct cfg80211_cached_keys *connkeys = NULL;
9723 int err;
9724
9725 memset(&ibss, 0, sizeof(ibss));
9726
9727 if (!info->attrs[NL80211_ATTR_SSID] ||
9728 !nla_len(info->attrs[NL80211_ATTR_SSID]))
9729 return -EINVAL;
9730
9731 ibss.beacon_interval = 100;
9732
9733 if (info->attrs[NL80211_ATTR_BEACON_INTERVAL])
9734 ibss.beacon_interval =
9735 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
9736
9737 err = cfg80211_validate_beacon_int(rdev, NL80211_IFTYPE_ADHOC,
9738 ibss.beacon_interval);
9739 if (err)
9740 return err;
9741
9742 if (!rdev->ops->join_ibss)
9743 return -EOPNOTSUPP;
9744
9745 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
9746 return -EOPNOTSUPP;
9747
9748 wiphy = &rdev->wiphy;
9749
9750 if (info->attrs[NL80211_ATTR_MAC]) {
9751 ibss.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
9752
9753 if (!is_valid_ether_addr(ibss.bssid))
9754 return -EINVAL;
9755 }
9756 ibss.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
9757 ibss.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
9758
9759 if (info->attrs[NL80211_ATTR_IE]) {
9760 ibss.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
9761 ibss.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
9762 }
9763
9764 err = nl80211_parse_chandef(rdev, info, &ibss.chandef);
9765 if (err)
9766 return err;
9767
9768 if (!cfg80211_reg_can_beacon(&rdev->wiphy, &ibss.chandef,
9769 NL80211_IFTYPE_ADHOC))
9770 return -EINVAL;
9771
9772 switch (ibss.chandef.width) {
9773 case NL80211_CHAN_WIDTH_5:
9774 case NL80211_CHAN_WIDTH_10:
9775 case NL80211_CHAN_WIDTH_20_NOHT:
9776 break;
9777 case NL80211_CHAN_WIDTH_20:
9778 case NL80211_CHAN_WIDTH_40:
9779 if (!(rdev->wiphy.features & NL80211_FEATURE_HT_IBSS))
9780 return -EINVAL;
9781 break;
9782 case NL80211_CHAN_WIDTH_80:
9783 case NL80211_CHAN_WIDTH_80P80:
9784 case NL80211_CHAN_WIDTH_160:
9785 if (!(rdev->wiphy.features & NL80211_FEATURE_HT_IBSS))
9786 return -EINVAL;
9787 if (!wiphy_ext_feature_isset(&rdev->wiphy,
9788 NL80211_EXT_FEATURE_VHT_IBSS))
9789 return -EINVAL;
9790 break;
9791 default:
9792 return -EINVAL;
9793 }
9794
9795 ibss.channel_fixed = !!info->attrs[NL80211_ATTR_FREQ_FIXED];
9796 ibss.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
9797
9798 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
9799 u8 *rates =
9800 nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
9801 int n_rates =
9802 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
9803 struct ieee80211_supported_band *sband =
9804 wiphy->bands[ibss.chandef.chan->band];
9805
9806 err = ieee80211_get_ratemask(sband, rates, n_rates,
9807 &ibss.basic_rates);
9808 if (err)
9809 return err;
9810 }
9811
9812 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
9813 memcpy(&ibss.ht_capa_mask,
9814 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
9815 sizeof(ibss.ht_capa_mask));
9816
9817 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
9818 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
9819 return -EINVAL;
9820 memcpy(&ibss.ht_capa,
9821 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
9822 sizeof(ibss.ht_capa));
9823 }
9824
9825 if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
9826 !nl80211_parse_mcast_rate(rdev, ibss.mcast_rate,
9827 nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
9828 return -EINVAL;
9829
9830 if (ibss.privacy && info->attrs[NL80211_ATTR_KEYS]) {
9831 bool no_ht = false;
9832
9833 connkeys = nl80211_parse_connkeys(rdev, info, &no_ht);
9834 if (IS_ERR(connkeys))
9835 return PTR_ERR(connkeys);
9836
9837 if ((ibss.chandef.width != NL80211_CHAN_WIDTH_20_NOHT) &&
9838 no_ht) {
9839 kfree_sensitive(connkeys);
9840 return -EINVAL;
9841 }
9842 }
9843
9844 ibss.control_port =
9845 nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT]);
9846
9847 if (info->attrs[NL80211_ATTR_CONTROL_PORT_OVER_NL80211]) {
9848 int r = validate_pae_over_nl80211(rdev, info);
9849
9850 if (r < 0) {
9851 kfree_sensitive(connkeys);
9852 return r;
9853 }
9854
9855 ibss.control_port_over_nl80211 = true;
9856 }
9857
9858 ibss.userspace_handles_dfs =
9859 nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS]);
9860
9861 wdev_lock(dev->ieee80211_ptr);
9862 err = __cfg80211_join_ibss(rdev, dev, &ibss, connkeys);
9863 if (err)
9864 kfree_sensitive(connkeys);
9865 else if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
9866 dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid;
9867 wdev_unlock(dev->ieee80211_ptr);
9868
9869 return err;
9870 }
9871
9872 static int nl80211_leave_ibss(struct sk_buff *skb, struct genl_info *info)
9873 {
9874 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9875 struct net_device *dev = info->user_ptr[1];
9876
9877 if (!rdev->ops->leave_ibss)
9878 return -EOPNOTSUPP;
9879
9880 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
9881 return -EOPNOTSUPP;
9882
9883 return cfg80211_leave_ibss(rdev, dev, false);
9884 }
9885
9886 static int nl80211_set_mcast_rate(struct sk_buff *skb, struct genl_info *info)
9887 {
9888 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9889 struct net_device *dev = info->user_ptr[1];
9890 int mcast_rate[NUM_NL80211_BANDS];
9891 u32 nla_rate;
9892 int err;
9893
9894 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC &&
9895 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
9896 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_OCB)
9897 return -EOPNOTSUPP;
9898
9899 if (!rdev->ops->set_mcast_rate)
9900 return -EOPNOTSUPP;
9901
9902 memset(mcast_rate, 0, sizeof(mcast_rate));
9903
9904 if (!info->attrs[NL80211_ATTR_MCAST_RATE])
9905 return -EINVAL;
9906
9907 nla_rate = nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE]);
9908 if (!nl80211_parse_mcast_rate(rdev, mcast_rate, nla_rate))
9909 return -EINVAL;
9910
9911 err = rdev_set_mcast_rate(rdev, dev, mcast_rate);
9912
9913 return err;
9914 }
9915
9916 static struct sk_buff *
9917 __cfg80211_alloc_vendor_skb(struct cfg80211_registered_device *rdev,
9918 struct wireless_dev *wdev, int approxlen,
9919 u32 portid, u32 seq, enum nl80211_commands cmd,
9920 enum nl80211_attrs attr,
9921 const struct nl80211_vendor_cmd_info *info,
9922 gfp_t gfp)
9923 {
9924 struct sk_buff *skb;
9925 void *hdr;
9926 struct nlattr *data;
9927
9928 skb = nlmsg_new(approxlen + 100, gfp);
9929 if (!skb)
9930 return NULL;
9931
9932 hdr = nl80211hdr_put(skb, portid, seq, 0, cmd);
9933 if (!hdr) {
9934 kfree_skb(skb);
9935 return NULL;
9936 }
9937
9938 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
9939 goto nla_put_failure;
9940
9941 if (info) {
9942 if (nla_put_u32(skb, NL80211_ATTR_VENDOR_ID,
9943 info->vendor_id))
9944 goto nla_put_failure;
9945 if (nla_put_u32(skb, NL80211_ATTR_VENDOR_SUBCMD,
9946 info->subcmd))
9947 goto nla_put_failure;
9948 }
9949
9950 if (wdev) {
9951 if (nla_put_u64_64bit(skb, NL80211_ATTR_WDEV,
9952 wdev_id(wdev), NL80211_ATTR_PAD))
9953 goto nla_put_failure;
9954 if (wdev->netdev &&
9955 nla_put_u32(skb, NL80211_ATTR_IFINDEX,
9956 wdev->netdev->ifindex))
9957 goto nla_put_failure;
9958 }
9959
9960 data = nla_nest_start_noflag(skb, attr);
9961 if (!data)
9962 goto nla_put_failure;
9963
9964 ((void **)skb->cb)[0] = rdev;
9965 ((void **)skb->cb)[1] = hdr;
9966 ((void **)skb->cb)[2] = data;
9967
9968 return skb;
9969
9970 nla_put_failure:
9971 kfree_skb(skb);
9972 return NULL;
9973 }
9974
9975 struct sk_buff *__cfg80211_alloc_event_skb(struct wiphy *wiphy,
9976 struct wireless_dev *wdev,
9977 enum nl80211_commands cmd,
9978 enum nl80211_attrs attr,
9979 unsigned int portid,
9980 int vendor_event_idx,
9981 int approxlen, gfp_t gfp)
9982 {
9983 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
9984 const struct nl80211_vendor_cmd_info *info;
9985
9986 switch (cmd) {
9987 case NL80211_CMD_TESTMODE:
9988 if (WARN_ON(vendor_event_idx != -1))
9989 return NULL;
9990 info = NULL;
9991 break;
9992 case NL80211_CMD_VENDOR:
9993 if (WARN_ON(vendor_event_idx < 0 ||
9994 vendor_event_idx >= wiphy->n_vendor_events))
9995 return NULL;
9996 info = &wiphy->vendor_events[vendor_event_idx];
9997 break;
9998 default:
9999 WARN_ON(1);
10000 return NULL;
10001 }
10002
10003 return __cfg80211_alloc_vendor_skb(rdev, wdev, approxlen, portid, 0,
10004 cmd, attr, info, gfp);
10005 }
10006 EXPORT_SYMBOL(__cfg80211_alloc_event_skb);
10007
10008 void __cfg80211_send_event_skb(struct sk_buff *skb, gfp_t gfp)
10009 {
10010 struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
10011 void *hdr = ((void **)skb->cb)[1];
10012 struct nlmsghdr *nlhdr = nlmsg_hdr(skb);
10013 struct nlattr *data = ((void **)skb->cb)[2];
10014 enum nl80211_multicast_groups mcgrp = NL80211_MCGRP_TESTMODE;
10015
10016 /* clear CB data for netlink core to own from now on */
10017 memset(skb->cb, 0, sizeof(skb->cb));
10018
10019 nla_nest_end(skb, data);
10020 genlmsg_end(skb, hdr);
10021
10022 if (nlhdr->nlmsg_pid) {
10023 genlmsg_unicast(wiphy_net(&rdev->wiphy), skb,
10024 nlhdr->nlmsg_pid);
10025 } else {
10026 if (data->nla_type == NL80211_ATTR_VENDOR_DATA)
10027 mcgrp = NL80211_MCGRP_VENDOR;
10028
10029 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
10030 skb, 0, mcgrp, gfp);
10031 }
10032 }
10033 EXPORT_SYMBOL(__cfg80211_send_event_skb);
10034
10035 #ifdef CONFIG_NL80211_TESTMODE
10036 static int nl80211_testmode_do(struct sk_buff *skb, struct genl_info *info)
10037 {
10038 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10039 struct wireless_dev *wdev =
10040 __cfg80211_wdev_from_attrs(genl_info_net(info), info->attrs);
10041 int err;
10042
10043 if (!rdev->ops->testmode_cmd)
10044 return -EOPNOTSUPP;
10045
10046 if (IS_ERR(wdev)) {
10047 err = PTR_ERR(wdev);
10048 if (err != -EINVAL)
10049 return err;
10050 wdev = NULL;
10051 } else if (wdev->wiphy != &rdev->wiphy) {
10052 return -EINVAL;
10053 }
10054
10055 if (!info->attrs[NL80211_ATTR_TESTDATA])
10056 return -EINVAL;
10057
10058 rdev->cur_cmd_info = info;
10059 err = rdev_testmode_cmd(rdev, wdev,
10060 nla_data(info->attrs[NL80211_ATTR_TESTDATA]),
10061 nla_len(info->attrs[NL80211_ATTR_TESTDATA]));
10062 rdev->cur_cmd_info = NULL;
10063
10064 return err;
10065 }
10066
10067 static int nl80211_testmode_dump(struct sk_buff *skb,
10068 struct netlink_callback *cb)
10069 {
10070 struct cfg80211_registered_device *rdev;
10071 struct nlattr **attrbuf = NULL;
10072 int err;
10073 long phy_idx;
10074 void *data = NULL;
10075 int data_len = 0;
10076
10077 rtnl_lock();
10078
10079 if (cb->args[0]) {
10080 /*
10081 * 0 is a valid index, but not valid for args[0],
10082 * so we need to offset by 1.
10083 */
10084 phy_idx = cb->args[0] - 1;
10085
10086 rdev = cfg80211_rdev_by_wiphy_idx(phy_idx);
10087 if (!rdev) {
10088 err = -ENOENT;
10089 goto out_err;
10090 }
10091 } else {
10092 attrbuf = kcalloc(NUM_NL80211_ATTR, sizeof(*attrbuf),
10093 GFP_KERNEL);
10094 if (!attrbuf) {
10095 err = -ENOMEM;
10096 goto out_err;
10097 }
10098
10099 err = nlmsg_parse_deprecated(cb->nlh,
10100 GENL_HDRLEN + nl80211_fam.hdrsize,
10101 attrbuf, nl80211_fam.maxattr,
10102 nl80211_policy, NULL);
10103 if (err)
10104 goto out_err;
10105
10106 rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk), attrbuf);
10107 if (IS_ERR(rdev)) {
10108 err = PTR_ERR(rdev);
10109 goto out_err;
10110 }
10111 phy_idx = rdev->wiphy_idx;
10112
10113 if (attrbuf[NL80211_ATTR_TESTDATA])
10114 cb->args[1] = (long)attrbuf[NL80211_ATTR_TESTDATA];
10115 }
10116
10117 if (cb->args[1]) {
10118 data = nla_data((void *)cb->args[1]);
10119 data_len = nla_len((void *)cb->args[1]);
10120 }
10121
10122 if (!rdev->ops->testmode_dump) {
10123 err = -EOPNOTSUPP;
10124 goto out_err;
10125 }
10126
10127 while (1) {
10128 void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid,
10129 cb->nlh->nlmsg_seq, NLM_F_MULTI,
10130 NL80211_CMD_TESTMODE);
10131 struct nlattr *tmdata;
10132
10133 if (!hdr)
10134 break;
10135
10136 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, phy_idx)) {
10137 genlmsg_cancel(skb, hdr);
10138 break;
10139 }
10140
10141 tmdata = nla_nest_start_noflag(skb, NL80211_ATTR_TESTDATA);
10142 if (!tmdata) {
10143 genlmsg_cancel(skb, hdr);
10144 break;
10145 }
10146 err = rdev_testmode_dump(rdev, skb, cb, data, data_len);
10147 nla_nest_end(skb, tmdata);
10148
10149 if (err == -ENOBUFS || err == -ENOENT) {
10150 genlmsg_cancel(skb, hdr);
10151 break;
10152 } else if (err) {
10153 genlmsg_cancel(skb, hdr);
10154 goto out_err;
10155 }
10156
10157 genlmsg_end(skb, hdr);
10158 }
10159
10160 err = skb->len;
10161 /* see above */
10162 cb->args[0] = phy_idx + 1;
10163 out_err:
10164 kfree(attrbuf);
10165 rtnl_unlock();
10166 return err;
10167 }
10168 #endif
10169
10170 static int nl80211_connect(struct sk_buff *skb, struct genl_info *info)
10171 {
10172 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10173 struct net_device *dev = info->user_ptr[1];
10174 struct cfg80211_connect_params connect;
10175 struct wiphy *wiphy;
10176 struct cfg80211_cached_keys *connkeys = NULL;
10177 u32 freq = 0;
10178 int err;
10179
10180 memset(&connect, 0, sizeof(connect));
10181
10182 if (!info->attrs[NL80211_ATTR_SSID] ||
10183 !nla_len(info->attrs[NL80211_ATTR_SSID]))
10184 return -EINVAL;
10185
10186 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
10187 connect.auth_type =
10188 nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
10189 if (!nl80211_valid_auth_type(rdev, connect.auth_type,
10190 NL80211_CMD_CONNECT))
10191 return -EINVAL;
10192 } else
10193 connect.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
10194
10195 connect.privacy = info->attrs[NL80211_ATTR_PRIVACY];
10196
10197 if (info->attrs[NL80211_ATTR_WANT_1X_4WAY_HS] &&
10198 !wiphy_ext_feature_isset(&rdev->wiphy,
10199 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
10200 return -EINVAL;
10201 connect.want_1x = info->attrs[NL80211_ATTR_WANT_1X_4WAY_HS];
10202
10203 err = nl80211_crypto_settings(rdev, info, &connect.crypto,
10204 NL80211_MAX_NR_CIPHER_SUITES);
10205 if (err)
10206 return err;
10207
10208 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
10209 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
10210 return -EOPNOTSUPP;
10211
10212 wiphy = &rdev->wiphy;
10213
10214 connect.bg_scan_period = -1;
10215 if (info->attrs[NL80211_ATTR_BG_SCAN_PERIOD] &&
10216 (wiphy->flags & WIPHY_FLAG_SUPPORTS_FW_ROAM)) {
10217 connect.bg_scan_period =
10218 nla_get_u16(info->attrs[NL80211_ATTR_BG_SCAN_PERIOD]);
10219 }
10220
10221 if (info->attrs[NL80211_ATTR_MAC])
10222 connect.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
10223 else if (info->attrs[NL80211_ATTR_MAC_HINT])
10224 connect.bssid_hint =
10225 nla_data(info->attrs[NL80211_ATTR_MAC_HINT]);
10226 connect.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
10227 connect.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
10228
10229 if (info->attrs[NL80211_ATTR_IE]) {
10230 connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
10231 connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
10232 }
10233
10234 if (info->attrs[NL80211_ATTR_USE_MFP]) {
10235 connect.mfp = nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
10236 if (connect.mfp == NL80211_MFP_OPTIONAL &&
10237 !wiphy_ext_feature_isset(&rdev->wiphy,
10238 NL80211_EXT_FEATURE_MFP_OPTIONAL))
10239 return -EOPNOTSUPP;
10240 } else {
10241 connect.mfp = NL80211_MFP_NO;
10242 }
10243
10244 if (info->attrs[NL80211_ATTR_PREV_BSSID])
10245 connect.prev_bssid =
10246 nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]);
10247
10248 if (info->attrs[NL80211_ATTR_WIPHY_FREQ])
10249 freq = MHZ_TO_KHZ(nla_get_u32(
10250 info->attrs[NL80211_ATTR_WIPHY_FREQ]));
10251 if (info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET])
10252 freq +=
10253 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET]);
10254
10255 if (freq) {
10256 connect.channel = nl80211_get_valid_chan(wiphy, freq);
10257 if (!connect.channel)
10258 return -EINVAL;
10259 } else if (info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]) {
10260 freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]);
10261 freq = MHZ_TO_KHZ(freq);
10262 connect.channel_hint = nl80211_get_valid_chan(wiphy, freq);
10263 if (!connect.channel_hint)
10264 return -EINVAL;
10265 }
10266
10267 if (info->attrs[NL80211_ATTR_WIPHY_EDMG_CHANNELS]) {
10268 connect.edmg.channels =
10269 nla_get_u8(info->attrs[NL80211_ATTR_WIPHY_EDMG_CHANNELS]);
10270
10271 if (info->attrs[NL80211_ATTR_WIPHY_EDMG_BW_CONFIG])
10272 connect.edmg.bw_config =
10273 nla_get_u8(info->attrs[NL80211_ATTR_WIPHY_EDMG_BW_CONFIG]);
10274 }
10275
10276 if (connect.privacy && info->attrs[NL80211_ATTR_KEYS]) {
10277 connkeys = nl80211_parse_connkeys(rdev, info, NULL);
10278 if (IS_ERR(connkeys))
10279 return PTR_ERR(connkeys);
10280 }
10281
10282 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
10283 connect.flags |= ASSOC_REQ_DISABLE_HT;
10284
10285 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
10286 memcpy(&connect.ht_capa_mask,
10287 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
10288 sizeof(connect.ht_capa_mask));
10289
10290 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
10291 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) {
10292 kfree_sensitive(connkeys);
10293 return -EINVAL;
10294 }
10295 memcpy(&connect.ht_capa,
10296 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
10297 sizeof(connect.ht_capa));
10298 }
10299
10300 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT]))
10301 connect.flags |= ASSOC_REQ_DISABLE_VHT;
10302
10303 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
10304 memcpy(&connect.vht_capa_mask,
10305 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]),
10306 sizeof(connect.vht_capa_mask));
10307
10308 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {
10309 if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]) {
10310 kfree_sensitive(connkeys);
10311 return -EINVAL;
10312 }
10313 memcpy(&connect.vht_capa,
10314 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]),
10315 sizeof(connect.vht_capa));
10316 }
10317
10318 if (nla_get_flag(info->attrs[NL80211_ATTR_USE_RRM])) {
10319 if (!((rdev->wiphy.features &
10320 NL80211_FEATURE_DS_PARAM_SET_IE_IN_PROBES) &&
10321 (rdev->wiphy.features & NL80211_FEATURE_QUIET)) &&
10322 !wiphy_ext_feature_isset(&rdev->wiphy,
10323 NL80211_EXT_FEATURE_RRM)) {
10324 kfree_sensitive(connkeys);
10325 return -EINVAL;
10326 }
10327 connect.flags |= ASSOC_REQ_USE_RRM;
10328 }
10329
10330 connect.pbss = nla_get_flag(info->attrs[NL80211_ATTR_PBSS]);
10331 if (connect.pbss && !rdev->wiphy.bands[NL80211_BAND_60GHZ]) {
10332 kfree_sensitive(connkeys);
10333 return -EOPNOTSUPP;
10334 }
10335
10336 if (info->attrs[NL80211_ATTR_BSS_SELECT]) {
10337 /* bss selection makes no sense if bssid is set */
10338 if (connect.bssid) {
10339 kfree_sensitive(connkeys);
10340 return -EINVAL;
10341 }
10342
10343 err = parse_bss_select(info->attrs[NL80211_ATTR_BSS_SELECT],
10344 wiphy, &connect.bss_select);
10345 if (err) {
10346 kfree_sensitive(connkeys);
10347 return err;
10348 }
10349 }
10350
10351 if (wiphy_ext_feature_isset(&rdev->wiphy,
10352 NL80211_EXT_FEATURE_FILS_SK_OFFLOAD) &&
10353 info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] &&
10354 info->attrs[NL80211_ATTR_FILS_ERP_REALM] &&
10355 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] &&
10356 info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
10357 connect.fils_erp_username =
10358 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
10359 connect.fils_erp_username_len =
10360 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
10361 connect.fils_erp_realm =
10362 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
10363 connect.fils_erp_realm_len =
10364 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
10365 connect.fils_erp_next_seq_num =
10366 nla_get_u16(
10367 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM]);
10368 connect.fils_erp_rrk =
10369 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
10370 connect.fils_erp_rrk_len =
10371 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
10372 } else if (info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] ||
10373 info->attrs[NL80211_ATTR_FILS_ERP_REALM] ||
10374 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] ||
10375 info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
10376 kfree_sensitive(connkeys);
10377 return -EINVAL;
10378 }
10379
10380 if (nla_get_flag(info->attrs[NL80211_ATTR_EXTERNAL_AUTH_SUPPORT])) {
10381 if (!info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
10382 kfree_sensitive(connkeys);
10383 GENL_SET_ERR_MSG(info,
10384 "external auth requires connection ownership");
10385 return -EINVAL;
10386 }
10387 connect.flags |= CONNECT_REQ_EXTERNAL_AUTH_SUPPORT;
10388 }
10389
10390 wdev_lock(dev->ieee80211_ptr);
10391
10392 err = cfg80211_connect(rdev, dev, &connect, connkeys,
10393 connect.prev_bssid);
10394 if (err)
10395 kfree_sensitive(connkeys);
10396
10397 if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
10398 dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid;
10399 if (connect.bssid)
10400 memcpy(dev->ieee80211_ptr->disconnect_bssid,
10401 connect.bssid, ETH_ALEN);
10402 else
10403 eth_zero_addr(dev->ieee80211_ptr->disconnect_bssid);
10404 }
10405
10406 wdev_unlock(dev->ieee80211_ptr);
10407
10408 return err;
10409 }
10410
10411 static int nl80211_update_connect_params(struct sk_buff *skb,
10412 struct genl_info *info)
10413 {
10414 struct cfg80211_connect_params connect = {};
10415 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10416 struct net_device *dev = info->user_ptr[1];
10417 struct wireless_dev *wdev = dev->ieee80211_ptr;
10418 bool fils_sk_offload;
10419 u32 auth_type;
10420 u32 changed = 0;
10421 int ret;
10422
10423 if (!rdev->ops->update_connect_params)
10424 return -EOPNOTSUPP;
10425
10426 if (info->attrs[NL80211_ATTR_IE]) {
10427 connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
10428 connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
10429 changed |= UPDATE_ASSOC_IES;
10430 }
10431
10432 fils_sk_offload = wiphy_ext_feature_isset(&rdev->wiphy,
10433 NL80211_EXT_FEATURE_FILS_SK_OFFLOAD);
10434
10435 /*
10436 * when driver supports fils-sk offload all attributes must be
10437 * provided. So the else covers "fils-sk-not-all" and
10438 * "no-fils-sk-any".
10439 */
10440 if (fils_sk_offload &&
10441 info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] &&
10442 info->attrs[NL80211_ATTR_FILS_ERP_REALM] &&
10443 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] &&
10444 info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
10445 connect.fils_erp_username =
10446 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
10447 connect.fils_erp_username_len =
10448 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
10449 connect.fils_erp_realm =
10450 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
10451 connect.fils_erp_realm_len =
10452 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
10453 connect.fils_erp_next_seq_num =
10454 nla_get_u16(
10455 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM]);
10456 connect.fils_erp_rrk =
10457 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
10458 connect.fils_erp_rrk_len =
10459 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
10460 changed |= UPDATE_FILS_ERP_INFO;
10461 } else if (info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] ||
10462 info->attrs[NL80211_ATTR_FILS_ERP_REALM] ||
10463 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] ||
10464 info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
10465 return -EINVAL;
10466 }
10467
10468 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
10469 auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
10470 if (!nl80211_valid_auth_type(rdev, auth_type,
10471 NL80211_CMD_CONNECT))
10472 return -EINVAL;
10473
10474 if (auth_type == NL80211_AUTHTYPE_FILS_SK &&
10475 fils_sk_offload && !(changed & UPDATE_FILS_ERP_INFO))
10476 return -EINVAL;
10477
10478 connect.auth_type = auth_type;
10479 changed |= UPDATE_AUTH_TYPE;
10480 }
10481
10482 wdev_lock(dev->ieee80211_ptr);
10483 if (!wdev->current_bss)
10484 ret = -ENOLINK;
10485 else
10486 ret = rdev_update_connect_params(rdev, dev, &connect, changed);
10487 wdev_unlock(dev->ieee80211_ptr);
10488
10489 return ret;
10490 }
10491
10492 static int nl80211_disconnect(struct sk_buff *skb, struct genl_info *info)
10493 {
10494 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10495 struct net_device *dev = info->user_ptr[1];
10496 u16 reason;
10497 int ret;
10498
10499 if (dev->ieee80211_ptr->conn_owner_nlportid &&
10500 dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
10501 return -EPERM;
10502
10503 if (!info->attrs[NL80211_ATTR_REASON_CODE])
10504 reason = WLAN_REASON_DEAUTH_LEAVING;
10505 else
10506 reason = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
10507
10508 if (reason == 0)
10509 return -EINVAL;
10510
10511 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
10512 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
10513 return -EOPNOTSUPP;
10514
10515 wdev_lock(dev->ieee80211_ptr);
10516 ret = cfg80211_disconnect(rdev, dev, reason, true);
10517 wdev_unlock(dev->ieee80211_ptr);
10518 return ret;
10519 }
10520
10521 static int nl80211_wiphy_netns(struct sk_buff *skb, struct genl_info *info)
10522 {
10523 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10524 struct net *net;
10525 int err;
10526
10527 if (info->attrs[NL80211_ATTR_PID]) {
10528 u32 pid = nla_get_u32(info->attrs[NL80211_ATTR_PID]);
10529
10530 net = get_net_ns_by_pid(pid);
10531 } else if (info->attrs[NL80211_ATTR_NETNS_FD]) {
10532 u32 fd = nla_get_u32(info->attrs[NL80211_ATTR_NETNS_FD]);
10533
10534 net = get_net_ns_by_fd(fd);
10535 } else {
10536 return -EINVAL;
10537 }
10538
10539 if (IS_ERR(net))
10540 return PTR_ERR(net);
10541
10542 err = 0;
10543
10544 /* check if anything to do */
10545 if (!net_eq(wiphy_net(&rdev->wiphy), net))
10546 err = cfg80211_switch_netns(rdev, net);
10547
10548 put_net(net);
10549 return err;
10550 }
10551
10552 static int nl80211_setdel_pmksa(struct sk_buff *skb, struct genl_info *info)
10553 {
10554 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10555 int (*rdev_ops)(struct wiphy *wiphy, struct net_device *dev,
10556 struct cfg80211_pmksa *pmksa) = NULL;
10557 struct net_device *dev = info->user_ptr[1];
10558 struct cfg80211_pmksa pmksa;
10559
10560 memset(&pmksa, 0, sizeof(struct cfg80211_pmksa));
10561
10562 if (!info->attrs[NL80211_ATTR_PMKID])
10563 return -EINVAL;
10564
10565 pmksa.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]);
10566
10567 if (info->attrs[NL80211_ATTR_MAC]) {
10568 pmksa.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
10569 } else if (info->attrs[NL80211_ATTR_SSID] &&
10570 info->attrs[NL80211_ATTR_FILS_CACHE_ID] &&
10571 (info->genlhdr->cmd == NL80211_CMD_DEL_PMKSA ||
10572 info->attrs[NL80211_ATTR_PMK])) {
10573 pmksa.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
10574 pmksa.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
10575 pmksa.cache_id =
10576 nla_data(info->attrs[NL80211_ATTR_FILS_CACHE_ID]);
10577 } else {
10578 return -EINVAL;
10579 }
10580 if (info->attrs[NL80211_ATTR_PMK]) {
10581 pmksa.pmk = nla_data(info->attrs[NL80211_ATTR_PMK]);
10582 pmksa.pmk_len = nla_len(info->attrs[NL80211_ATTR_PMK]);
10583 }
10584
10585 if (info->attrs[NL80211_ATTR_PMK_LIFETIME])
10586 pmksa.pmk_lifetime =
10587 nla_get_u32(info->attrs[NL80211_ATTR_PMK_LIFETIME]);
10588
10589 if (info->attrs[NL80211_ATTR_PMK_REAUTH_THRESHOLD])
10590 pmksa.pmk_reauth_threshold =
10591 nla_get_u8(
10592 info->attrs[NL80211_ATTR_PMK_REAUTH_THRESHOLD]);
10593
10594 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
10595 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT &&
10596 !(dev->ieee80211_ptr->iftype == NL80211_IFTYPE_AP &&
10597 wiphy_ext_feature_isset(&rdev->wiphy,
10598 NL80211_EXT_FEATURE_AP_PMKSA_CACHING)))
10599 return -EOPNOTSUPP;
10600
10601 switch (info->genlhdr->cmd) {
10602 case NL80211_CMD_SET_PMKSA:
10603 rdev_ops = rdev->ops->set_pmksa;
10604 break;
10605 case NL80211_CMD_DEL_PMKSA:
10606 rdev_ops = rdev->ops->del_pmksa;
10607 break;
10608 default:
10609 WARN_ON(1);
10610 break;
10611 }
10612
10613 if (!rdev_ops)
10614 return -EOPNOTSUPP;
10615
10616 return rdev_ops(&rdev->wiphy, dev, &pmksa);
10617 }
10618
10619 static int nl80211_flush_pmksa(struct sk_buff *skb, struct genl_info *info)
10620 {
10621 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10622 struct net_device *dev = info->user_ptr[1];
10623
10624 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
10625 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
10626 return -EOPNOTSUPP;
10627
10628 if (!rdev->ops->flush_pmksa)
10629 return -EOPNOTSUPP;
10630
10631 return rdev_flush_pmksa(rdev, dev);
10632 }
10633
10634 static int nl80211_tdls_mgmt(struct sk_buff *skb, struct genl_info *info)
10635 {
10636 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10637 struct net_device *dev = info->user_ptr[1];
10638 u8 action_code, dialog_token;
10639 u32 peer_capability = 0;
10640 u16 status_code;
10641 u8 *peer;
10642 bool initiator;
10643
10644 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
10645 !rdev->ops->tdls_mgmt)
10646 return -EOPNOTSUPP;
10647
10648 if (!info->attrs[NL80211_ATTR_TDLS_ACTION] ||
10649 !info->attrs[NL80211_ATTR_STATUS_CODE] ||
10650 !info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN] ||
10651 !info->attrs[NL80211_ATTR_IE] ||
10652 !info->attrs[NL80211_ATTR_MAC])
10653 return -EINVAL;
10654
10655 peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
10656 action_code = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_ACTION]);
10657 status_code = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
10658 dialog_token = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN]);
10659 initiator = nla_get_flag(info->attrs[NL80211_ATTR_TDLS_INITIATOR]);
10660 if (info->attrs[NL80211_ATTR_TDLS_PEER_CAPABILITY])
10661 peer_capability =
10662 nla_get_u32(info->attrs[NL80211_ATTR_TDLS_PEER_CAPABILITY]);
10663
10664 return rdev_tdls_mgmt(rdev, dev, peer, action_code,
10665 dialog_token, status_code, peer_capability,
10666 initiator,
10667 nla_data(info->attrs[NL80211_ATTR_IE]),
10668 nla_len(info->attrs[NL80211_ATTR_IE]));
10669 }
10670
10671 static int nl80211_tdls_oper(struct sk_buff *skb, struct genl_info *info)
10672 {
10673 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10674 struct net_device *dev = info->user_ptr[1];
10675 enum nl80211_tdls_operation operation;
10676 u8 *peer;
10677
10678 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
10679 !rdev->ops->tdls_oper)
10680 return -EOPNOTSUPP;
10681
10682 if (!info->attrs[NL80211_ATTR_TDLS_OPERATION] ||
10683 !info->attrs[NL80211_ATTR_MAC])
10684 return -EINVAL;
10685
10686 operation = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_OPERATION]);
10687 peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
10688
10689 return rdev_tdls_oper(rdev, dev, peer, operation);
10690 }
10691
10692 static int nl80211_remain_on_channel(struct sk_buff *skb,
10693 struct genl_info *info)
10694 {
10695 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10696 struct wireless_dev *wdev = info->user_ptr[1];
10697 struct cfg80211_chan_def chandef;
10698 const struct cfg80211_chan_def *compat_chandef;
10699 struct sk_buff *msg;
10700 void *hdr;
10701 u64 cookie;
10702 u32 duration;
10703 int err;
10704
10705 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
10706 !info->attrs[NL80211_ATTR_DURATION])
10707 return -EINVAL;
10708
10709 duration = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
10710
10711 if (!rdev->ops->remain_on_channel ||
10712 !(rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL))
10713 return -EOPNOTSUPP;
10714
10715 /*
10716 * We should be on that channel for at least a minimum amount of
10717 * time (10ms) but no longer than the driver supports.
10718 */
10719 if (duration < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
10720 duration > rdev->wiphy.max_remain_on_channel_duration)
10721 return -EINVAL;
10722
10723 err = nl80211_parse_chandef(rdev, info, &chandef);
10724 if (err)
10725 return err;
10726
10727 wdev_lock(wdev);
10728 if (!cfg80211_off_channel_oper_allowed(wdev) &&
10729 !cfg80211_chandef_identical(&wdev->chandef, &chandef)) {
10730 compat_chandef = cfg80211_chandef_compatible(&wdev->chandef,
10731 &chandef);
10732 if (compat_chandef != &chandef) {
10733 wdev_unlock(wdev);
10734 return -EBUSY;
10735 }
10736 }
10737 wdev_unlock(wdev);
10738
10739 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
10740 if (!msg)
10741 return -ENOMEM;
10742
10743 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
10744 NL80211_CMD_REMAIN_ON_CHANNEL);
10745 if (!hdr) {
10746 err = -ENOBUFS;
10747 goto free_msg;
10748 }
10749
10750 err = rdev_remain_on_channel(rdev, wdev, chandef.chan,
10751 duration, &cookie);
10752
10753 if (err)
10754 goto free_msg;
10755
10756 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
10757 NL80211_ATTR_PAD))
10758 goto nla_put_failure;
10759
10760 genlmsg_end(msg, hdr);
10761
10762 return genlmsg_reply(msg, info);
10763
10764 nla_put_failure:
10765 err = -ENOBUFS;
10766 free_msg:
10767 nlmsg_free(msg);
10768 return err;
10769 }
10770
10771 static int nl80211_cancel_remain_on_channel(struct sk_buff *skb,
10772 struct genl_info *info)
10773 {
10774 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10775 struct wireless_dev *wdev = info->user_ptr[1];
10776 u64 cookie;
10777
10778 if (!info->attrs[NL80211_ATTR_COOKIE])
10779 return -EINVAL;
10780
10781 if (!rdev->ops->cancel_remain_on_channel)
10782 return -EOPNOTSUPP;
10783
10784 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
10785
10786 return rdev_cancel_remain_on_channel(rdev, wdev, cookie);
10787 }
10788
10789 static int nl80211_set_tx_bitrate_mask(struct sk_buff *skb,
10790 struct genl_info *info)
10791 {
10792 struct cfg80211_bitrate_mask mask;
10793 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10794 struct net_device *dev = info->user_ptr[1];
10795 int err;
10796
10797 if (!rdev->ops->set_bitrate_mask)
10798 return -EOPNOTSUPP;
10799
10800 err = nl80211_parse_tx_bitrate_mask(info, info->attrs,
10801 NL80211_ATTR_TX_RATES, &mask);
10802 if (err)
10803 return err;
10804
10805 return rdev_set_bitrate_mask(rdev, dev, NULL, &mask);
10806 }
10807
10808 static int nl80211_register_mgmt(struct sk_buff *skb, struct genl_info *info)
10809 {
10810 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10811 struct wireless_dev *wdev = info->user_ptr[1];
10812 u16 frame_type = IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_ACTION;
10813
10814 if (!info->attrs[NL80211_ATTR_FRAME_MATCH])
10815 return -EINVAL;
10816
10817 if (info->attrs[NL80211_ATTR_FRAME_TYPE])
10818 frame_type = nla_get_u16(info->attrs[NL80211_ATTR_FRAME_TYPE]);
10819
10820 switch (wdev->iftype) {
10821 case NL80211_IFTYPE_STATION:
10822 case NL80211_IFTYPE_ADHOC:
10823 case NL80211_IFTYPE_P2P_CLIENT:
10824 case NL80211_IFTYPE_AP:
10825 case NL80211_IFTYPE_AP_VLAN:
10826 case NL80211_IFTYPE_MESH_POINT:
10827 case NL80211_IFTYPE_P2P_GO:
10828 case NL80211_IFTYPE_P2P_DEVICE:
10829 break;
10830 case NL80211_IFTYPE_NAN:
10831 default:
10832 return -EOPNOTSUPP;
10833 }
10834
10835 /* not much point in registering if we can't reply */
10836 if (!rdev->ops->mgmt_tx)
10837 return -EOPNOTSUPP;
10838
10839 if (info->attrs[NL80211_ATTR_RECEIVE_MULTICAST] &&
10840 !wiphy_ext_feature_isset(&rdev->wiphy,
10841 NL80211_EXT_FEATURE_MULTICAST_REGISTRATIONS)) {
10842 GENL_SET_ERR_MSG(info,
10843 "multicast RX registrations are not supported");
10844 return -EOPNOTSUPP;
10845 }
10846
10847 return cfg80211_mlme_register_mgmt(wdev, info->snd_portid, frame_type,
10848 nla_data(info->attrs[NL80211_ATTR_FRAME_MATCH]),
10849 nla_len(info->attrs[NL80211_ATTR_FRAME_MATCH]),
10850 info->attrs[NL80211_ATTR_RECEIVE_MULTICAST],
10851 info->extack);
10852 }
10853
10854 static int nl80211_tx_mgmt(struct sk_buff *skb, struct genl_info *info)
10855 {
10856 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10857 struct wireless_dev *wdev = info->user_ptr[1];
10858 struct cfg80211_chan_def chandef;
10859 int err;
10860 void *hdr = NULL;
10861 u64 cookie;
10862 struct sk_buff *msg = NULL;
10863 struct cfg80211_mgmt_tx_params params = {
10864 .dont_wait_for_ack =
10865 info->attrs[NL80211_ATTR_DONT_WAIT_FOR_ACK],
10866 };
10867
10868 if (!info->attrs[NL80211_ATTR_FRAME])
10869 return -EINVAL;
10870
10871 if (!rdev->ops->mgmt_tx)
10872 return -EOPNOTSUPP;
10873
10874 switch (wdev->iftype) {
10875 case NL80211_IFTYPE_P2P_DEVICE:
10876 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
10877 return -EINVAL;
10878 case NL80211_IFTYPE_STATION:
10879 case NL80211_IFTYPE_ADHOC:
10880 case NL80211_IFTYPE_P2P_CLIENT:
10881 case NL80211_IFTYPE_AP:
10882 case NL80211_IFTYPE_AP_VLAN:
10883 case NL80211_IFTYPE_MESH_POINT:
10884 case NL80211_IFTYPE_P2P_GO:
10885 break;
10886 case NL80211_IFTYPE_NAN:
10887 default:
10888 return -EOPNOTSUPP;
10889 }
10890
10891 if (info->attrs[NL80211_ATTR_DURATION]) {
10892 if (!(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
10893 return -EINVAL;
10894 params.wait = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
10895
10896 /*
10897 * We should wait on the channel for at least a minimum amount
10898 * of time (10ms) but no longer than the driver supports.
10899 */
10900 if (params.wait < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
10901 params.wait > rdev->wiphy.max_remain_on_channel_duration)
10902 return -EINVAL;
10903 }
10904
10905 params.offchan = info->attrs[NL80211_ATTR_OFFCHANNEL_TX_OK];
10906
10907 if (params.offchan && !(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
10908 return -EINVAL;
10909
10910 params.no_cck = nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
10911
10912 /* get the channel if any has been specified, otherwise pass NULL to
10913 * the driver. The latter will use the current one
10914 */
10915 chandef.chan = NULL;
10916 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
10917 err = nl80211_parse_chandef(rdev, info, &chandef);
10918 if (err)
10919 return err;
10920 }
10921
10922 if (!chandef.chan && params.offchan)
10923 return -EINVAL;
10924
10925 wdev_lock(wdev);
10926 if (params.offchan && !cfg80211_off_channel_oper_allowed(wdev)) {
10927 wdev_unlock(wdev);
10928 return -EBUSY;
10929 }
10930 wdev_unlock(wdev);
10931
10932 params.buf = nla_data(info->attrs[NL80211_ATTR_FRAME]);
10933 params.len = nla_len(info->attrs[NL80211_ATTR_FRAME]);
10934
10935 if (info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]) {
10936 int len = nla_len(info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]);
10937 int i;
10938
10939 if (len % sizeof(u16))
10940 return -EINVAL;
10941
10942 params.n_csa_offsets = len / sizeof(u16);
10943 params.csa_offsets =
10944 nla_data(info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]);
10945
10946 /* check that all the offsets fit the frame */
10947 for (i = 0; i < params.n_csa_offsets; i++) {
10948 if (params.csa_offsets[i] >= params.len)
10949 return -EINVAL;
10950 }
10951 }
10952
10953 if (!params.dont_wait_for_ack) {
10954 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
10955 if (!msg)
10956 return -ENOMEM;
10957
10958 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
10959 NL80211_CMD_FRAME);
10960 if (!hdr) {
10961 err = -ENOBUFS;
10962 goto free_msg;
10963 }
10964 }
10965
10966 params.chan = chandef.chan;
10967 err = cfg80211_mlme_mgmt_tx(rdev, wdev, &params, &cookie);
10968 if (err)
10969 goto free_msg;
10970
10971 if (msg) {
10972 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
10973 NL80211_ATTR_PAD))
10974 goto nla_put_failure;
10975
10976 genlmsg_end(msg, hdr);
10977 return genlmsg_reply(msg, info);
10978 }
10979
10980 return 0;
10981
10982 nla_put_failure:
10983 err = -ENOBUFS;
10984 free_msg:
10985 nlmsg_free(msg);
10986 return err;
10987 }
10988
10989 static int nl80211_tx_mgmt_cancel_wait(struct sk_buff *skb, struct genl_info *info)
10990 {
10991 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10992 struct wireless_dev *wdev = info->user_ptr[1];
10993 u64 cookie;
10994
10995 if (!info->attrs[NL80211_ATTR_COOKIE])
10996 return -EINVAL;
10997
10998 if (!rdev->ops->mgmt_tx_cancel_wait)
10999 return -EOPNOTSUPP;
11000
11001 switch (wdev->iftype) {
11002 case NL80211_IFTYPE_STATION:
11003 case NL80211_IFTYPE_ADHOC:
11004 case NL80211_IFTYPE_P2P_CLIENT:
11005 case NL80211_IFTYPE_AP:
11006 case NL80211_IFTYPE_AP_VLAN:
11007 case NL80211_IFTYPE_P2P_GO:
11008 case NL80211_IFTYPE_P2P_DEVICE:
11009 break;
11010 case NL80211_IFTYPE_NAN:
11011 default:
11012 return -EOPNOTSUPP;
11013 }
11014
11015 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
11016
11017 return rdev_mgmt_tx_cancel_wait(rdev, wdev, cookie);
11018 }
11019
11020 static int nl80211_set_power_save(struct sk_buff *skb, struct genl_info *info)
11021 {
11022 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11023 struct wireless_dev *wdev;
11024 struct net_device *dev = info->user_ptr[1];
11025 u8 ps_state;
11026 bool state;
11027 int err;
11028
11029 if (!info->attrs[NL80211_ATTR_PS_STATE])
11030 return -EINVAL;
11031
11032 ps_state = nla_get_u32(info->attrs[NL80211_ATTR_PS_STATE]);
11033
11034 wdev = dev->ieee80211_ptr;
11035
11036 if (!rdev->ops->set_power_mgmt)
11037 return -EOPNOTSUPP;
11038
11039 state = (ps_state == NL80211_PS_ENABLED) ? true : false;
11040
11041 if (state == wdev->ps)
11042 return 0;
11043
11044 err = rdev_set_power_mgmt(rdev, dev, state, wdev->ps_timeout);
11045 if (!err)
11046 wdev->ps = state;
11047 return err;
11048 }
11049
11050 static int nl80211_get_power_save(struct sk_buff *skb, struct genl_info *info)
11051 {
11052 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11053 enum nl80211_ps_state ps_state;
11054 struct wireless_dev *wdev;
11055 struct net_device *dev = info->user_ptr[1];
11056 struct sk_buff *msg;
11057 void *hdr;
11058 int err;
11059
11060 wdev = dev->ieee80211_ptr;
11061
11062 if (!rdev->ops->set_power_mgmt)
11063 return -EOPNOTSUPP;
11064
11065 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
11066 if (!msg)
11067 return -ENOMEM;
11068
11069 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
11070 NL80211_CMD_GET_POWER_SAVE);
11071 if (!hdr) {
11072 err = -ENOBUFS;
11073 goto free_msg;
11074 }
11075
11076 if (wdev->ps)
11077 ps_state = NL80211_PS_ENABLED;
11078 else
11079 ps_state = NL80211_PS_DISABLED;
11080
11081 if (nla_put_u32(msg, NL80211_ATTR_PS_STATE, ps_state))
11082 goto nla_put_failure;
11083
11084 genlmsg_end(msg, hdr);
11085 return genlmsg_reply(msg, info);
11086
11087 nla_put_failure:
11088 err = -ENOBUFS;
11089 free_msg:
11090 nlmsg_free(msg);
11091 return err;
11092 }
11093
11094 static const struct nla_policy
11095 nl80211_attr_cqm_policy[NL80211_ATTR_CQM_MAX + 1] = {
11096 [NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_BINARY },
11097 [NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U32 },
11098 [NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 },
11099 [NL80211_ATTR_CQM_TXE_RATE] = { .type = NLA_U32 },
11100 [NL80211_ATTR_CQM_TXE_PKTS] = { .type = NLA_U32 },
11101 [NL80211_ATTR_CQM_TXE_INTVL] = { .type = NLA_U32 },
11102 [NL80211_ATTR_CQM_RSSI_LEVEL] = { .type = NLA_S32 },
11103 };
11104
11105 static int nl80211_set_cqm_txe(struct genl_info *info,
11106 u32 rate, u32 pkts, u32 intvl)
11107 {
11108 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11109 struct net_device *dev = info->user_ptr[1];
11110 struct wireless_dev *wdev = dev->ieee80211_ptr;
11111
11112 if (rate > 100 || intvl > NL80211_CQM_TXE_MAX_INTVL)
11113 return -EINVAL;
11114
11115 if (!rdev->ops->set_cqm_txe_config)
11116 return -EOPNOTSUPP;
11117
11118 if (wdev->iftype != NL80211_IFTYPE_STATION &&
11119 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
11120 return -EOPNOTSUPP;
11121
11122 return rdev_set_cqm_txe_config(rdev, dev, rate, pkts, intvl);
11123 }
11124
11125 static int cfg80211_cqm_rssi_update(struct cfg80211_registered_device *rdev,
11126 struct net_device *dev)
11127 {
11128 struct wireless_dev *wdev = dev->ieee80211_ptr;
11129 s32 last, low, high;
11130 u32 hyst;
11131 int i, n, low_index;
11132 int err;
11133
11134 /* RSSI reporting disabled? */
11135 if (!wdev->cqm_config)
11136 return rdev_set_cqm_rssi_range_config(rdev, dev, 0, 0);
11137
11138 /*
11139 * Obtain current RSSI value if possible, if not and no RSSI threshold
11140 * event has been received yet, we should receive an event after a
11141 * connection is established and enough beacons received to calculate
11142 * the average.
11143 */
11144 if (!wdev->cqm_config->last_rssi_event_value && wdev->current_bss &&
11145 rdev->ops->get_station) {
11146 struct station_info sinfo = {};
11147 u8 *mac_addr;
11148
11149 mac_addr = wdev->current_bss->pub.bssid;
11150
11151 err = rdev_get_station(rdev, dev, mac_addr, &sinfo);
11152 if (err)
11153 return err;
11154
11155 cfg80211_sinfo_release_content(&sinfo);
11156 if (sinfo.filled & BIT_ULL(NL80211_STA_INFO_BEACON_SIGNAL_AVG))
11157 wdev->cqm_config->last_rssi_event_value =
11158 (s8) sinfo.rx_beacon_signal_avg;
11159 }
11160
11161 last = wdev->cqm_config->last_rssi_event_value;
11162 hyst = wdev->cqm_config->rssi_hyst;
11163 n = wdev->cqm_config->n_rssi_thresholds;
11164
11165 for (i = 0; i < n; i++) {
11166 i = array_index_nospec(i, n);
11167 if (last < wdev->cqm_config->rssi_thresholds[i])
11168 break;
11169 }
11170
11171 low_index = i - 1;
11172 if (low_index >= 0) {
11173 low_index = array_index_nospec(low_index, n);
11174 low = wdev->cqm_config->rssi_thresholds[low_index] - hyst;
11175 } else {
11176 low = S32_MIN;
11177 }
11178 if (i < n) {
11179 i = array_index_nospec(i, n);
11180 high = wdev->cqm_config->rssi_thresholds[i] + hyst - 1;
11181 } else {
11182 high = S32_MAX;
11183 }
11184
11185 return rdev_set_cqm_rssi_range_config(rdev, dev, low, high);
11186 }
11187
11188 static int nl80211_set_cqm_rssi(struct genl_info *info,
11189 const s32 *thresholds, int n_thresholds,
11190 u32 hysteresis)
11191 {
11192 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11193 struct net_device *dev = info->user_ptr[1];
11194 struct wireless_dev *wdev = dev->ieee80211_ptr;
11195 int i, err;
11196 s32 prev = S32_MIN;
11197
11198 /* Check all values negative and sorted */
11199 for (i = 0; i < n_thresholds; i++) {
11200 if (thresholds[i] > 0 || thresholds[i] <= prev)
11201 return -EINVAL;
11202
11203 prev = thresholds[i];
11204 }
11205
11206 if (wdev->iftype != NL80211_IFTYPE_STATION &&
11207 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
11208 return -EOPNOTSUPP;
11209
11210 wdev_lock(wdev);
11211 cfg80211_cqm_config_free(wdev);
11212 wdev_unlock(wdev);
11213
11214 if (n_thresholds <= 1 && rdev->ops->set_cqm_rssi_config) {
11215 if (n_thresholds == 0 || thresholds[0] == 0) /* Disabling */
11216 return rdev_set_cqm_rssi_config(rdev, dev, 0, 0);
11217
11218 return rdev_set_cqm_rssi_config(rdev, dev,
11219 thresholds[0], hysteresis);
11220 }
11221
11222 if (!wiphy_ext_feature_isset(&rdev->wiphy,
11223 NL80211_EXT_FEATURE_CQM_RSSI_LIST))
11224 return -EOPNOTSUPP;
11225
11226 if (n_thresholds == 1 && thresholds[0] == 0) /* Disabling */
11227 n_thresholds = 0;
11228
11229 wdev_lock(wdev);
11230 if (n_thresholds) {
11231 struct cfg80211_cqm_config *cqm_config;
11232
11233 cqm_config = kzalloc(sizeof(struct cfg80211_cqm_config) +
11234 n_thresholds * sizeof(s32), GFP_KERNEL);
11235 if (!cqm_config) {
11236 err = -ENOMEM;
11237 goto unlock;
11238 }
11239
11240 cqm_config->rssi_hyst = hysteresis;
11241 cqm_config->n_rssi_thresholds = n_thresholds;
11242 memcpy(cqm_config->rssi_thresholds, thresholds,
11243 n_thresholds * sizeof(s32));
11244
11245 wdev->cqm_config = cqm_config;
11246 }
11247
11248 err = cfg80211_cqm_rssi_update(rdev, dev);
11249
11250 unlock:
11251 wdev_unlock(wdev);
11252
11253 return err;
11254 }
11255
11256 static int nl80211_set_cqm(struct sk_buff *skb, struct genl_info *info)
11257 {
11258 struct nlattr *attrs[NL80211_ATTR_CQM_MAX + 1];
11259 struct nlattr *cqm;
11260 int err;
11261
11262 cqm = info->attrs[NL80211_ATTR_CQM];
11263 if (!cqm)
11264 return -EINVAL;
11265
11266 err = nla_parse_nested_deprecated(attrs, NL80211_ATTR_CQM_MAX, cqm,
11267 nl80211_attr_cqm_policy,
11268 info->extack);
11269 if (err)
11270 return err;
11271
11272 if (attrs[NL80211_ATTR_CQM_RSSI_THOLD] &&
11273 attrs[NL80211_ATTR_CQM_RSSI_HYST]) {
11274 const s32 *thresholds =
11275 nla_data(attrs[NL80211_ATTR_CQM_RSSI_THOLD]);
11276 int len = nla_len(attrs[NL80211_ATTR_CQM_RSSI_THOLD]);
11277 u32 hysteresis = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_HYST]);
11278
11279 if (len % 4)
11280 return -EINVAL;
11281
11282 return nl80211_set_cqm_rssi(info, thresholds, len / 4,
11283 hysteresis);
11284 }
11285
11286 if (attrs[NL80211_ATTR_CQM_TXE_RATE] &&
11287 attrs[NL80211_ATTR_CQM_TXE_PKTS] &&
11288 attrs[NL80211_ATTR_CQM_TXE_INTVL]) {
11289 u32 rate = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_RATE]);
11290 u32 pkts = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_PKTS]);
11291 u32 intvl = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_INTVL]);
11292
11293 return nl80211_set_cqm_txe(info, rate, pkts, intvl);
11294 }
11295
11296 return -EINVAL;
11297 }
11298
11299 static int nl80211_join_ocb(struct sk_buff *skb, struct genl_info *info)
11300 {
11301 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11302 struct net_device *dev = info->user_ptr[1];
11303 struct ocb_setup setup = {};
11304 int err;
11305
11306 err = nl80211_parse_chandef(rdev, info, &setup.chandef);
11307 if (err)
11308 return err;
11309
11310 return cfg80211_join_ocb(rdev, dev, &setup);
11311 }
11312
11313 static int nl80211_leave_ocb(struct sk_buff *skb, struct genl_info *info)
11314 {
11315 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11316 struct net_device *dev = info->user_ptr[1];
11317
11318 return cfg80211_leave_ocb(rdev, dev);
11319 }
11320
11321 static int nl80211_join_mesh(struct sk_buff *skb, struct genl_info *info)
11322 {
11323 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11324 struct net_device *dev = info->user_ptr[1];
11325 struct mesh_config cfg;
11326 struct mesh_setup setup;
11327 int err;
11328
11329 /* start with default */
11330 memcpy(&cfg, &default_mesh_config, sizeof(cfg));
11331 memcpy(&setup, &default_mesh_setup, sizeof(setup));
11332
11333 if (info->attrs[NL80211_ATTR_MESH_CONFIG]) {
11334 /* and parse parameters if given */
11335 err = nl80211_parse_mesh_config(info, &cfg, NULL);
11336 if (err)
11337 return err;
11338 }
11339
11340 if (!info->attrs[NL80211_ATTR_MESH_ID] ||
11341 !nla_len(info->attrs[NL80211_ATTR_MESH_ID]))
11342 return -EINVAL;
11343
11344 setup.mesh_id = nla_data(info->attrs[NL80211_ATTR_MESH_ID]);
11345 setup.mesh_id_len = nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
11346
11347 if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
11348 !nl80211_parse_mcast_rate(rdev, setup.mcast_rate,
11349 nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
11350 return -EINVAL;
11351
11352 if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) {
11353 setup.beacon_interval =
11354 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
11355
11356 err = cfg80211_validate_beacon_int(rdev,
11357 NL80211_IFTYPE_MESH_POINT,
11358 setup.beacon_interval);
11359 if (err)
11360 return err;
11361 }
11362
11363 if (info->attrs[NL80211_ATTR_DTIM_PERIOD]) {
11364 setup.dtim_period =
11365 nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
11366 if (setup.dtim_period < 1 || setup.dtim_period > 100)
11367 return -EINVAL;
11368 }
11369
11370 if (info->attrs[NL80211_ATTR_MESH_SETUP]) {
11371 /* parse additional setup parameters if given */
11372 err = nl80211_parse_mesh_setup(info, &setup);
11373 if (err)
11374 return err;
11375 }
11376
11377 if (setup.user_mpm)
11378 cfg.auto_open_plinks = false;
11379
11380 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
11381 err = nl80211_parse_chandef(rdev, info, &setup.chandef);
11382 if (err)
11383 return err;
11384 } else {
11385 /* __cfg80211_join_mesh() will sort it out */
11386 setup.chandef.chan = NULL;
11387 }
11388
11389 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
11390 u8 *rates = nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
11391 int n_rates =
11392 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
11393 struct ieee80211_supported_band *sband;
11394
11395 if (!setup.chandef.chan)
11396 return -EINVAL;
11397
11398 sband = rdev->wiphy.bands[setup.chandef.chan->band];
11399
11400 err = ieee80211_get_ratemask(sband, rates, n_rates,
11401 &setup.basic_rates);
11402 if (err)
11403 return err;
11404 }
11405
11406 if (info->attrs[NL80211_ATTR_TX_RATES]) {
11407 err = nl80211_parse_tx_bitrate_mask(info, info->attrs,
11408 NL80211_ATTR_TX_RATES,
11409 &setup.beacon_rate);
11410 if (err)
11411 return err;
11412
11413 if (!setup.chandef.chan)
11414 return -EINVAL;
11415
11416 err = validate_beacon_tx_rate(rdev, setup.chandef.chan->band,
11417 &setup.beacon_rate);
11418 if (err)
11419 return err;
11420 }
11421
11422 setup.userspace_handles_dfs =
11423 nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS]);
11424
11425 if (info->attrs[NL80211_ATTR_CONTROL_PORT_OVER_NL80211]) {
11426 int r = validate_pae_over_nl80211(rdev, info);
11427
11428 if (r < 0)
11429 return r;
11430
11431 setup.control_port_over_nl80211 = true;
11432 }
11433
11434 wdev_lock(dev->ieee80211_ptr);
11435 err = __cfg80211_join_mesh(rdev, dev, &setup, &cfg);
11436 if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER])
11437 dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid;
11438 wdev_unlock(dev->ieee80211_ptr);
11439
11440 return err;
11441 }
11442
11443 static int nl80211_leave_mesh(struct sk_buff *skb, struct genl_info *info)
11444 {
11445 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11446 struct net_device *dev = info->user_ptr[1];
11447
11448 return cfg80211_leave_mesh(rdev, dev);
11449 }
11450
11451 #ifdef CONFIG_PM
11452 static int nl80211_send_wowlan_patterns(struct sk_buff *msg,
11453 struct cfg80211_registered_device *rdev)
11454 {
11455 struct cfg80211_wowlan *wowlan = rdev->wiphy.wowlan_config;
11456 struct nlattr *nl_pats, *nl_pat;
11457 int i, pat_len;
11458
11459 if (!wowlan->n_patterns)
11460 return 0;
11461
11462 nl_pats = nla_nest_start_noflag(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN);
11463 if (!nl_pats)
11464 return -ENOBUFS;
11465
11466 for (i = 0; i < wowlan->n_patterns; i++) {
11467 nl_pat = nla_nest_start_noflag(msg, i + 1);
11468 if (!nl_pat)
11469 return -ENOBUFS;
11470 pat_len = wowlan->patterns[i].pattern_len;
11471 if (nla_put(msg, NL80211_PKTPAT_MASK, DIV_ROUND_UP(pat_len, 8),
11472 wowlan->patterns[i].mask) ||
11473 nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len,
11474 wowlan->patterns[i].pattern) ||
11475 nla_put_u32(msg, NL80211_PKTPAT_OFFSET,
11476 wowlan->patterns[i].pkt_offset))
11477 return -ENOBUFS;
11478 nla_nest_end(msg, nl_pat);
11479 }
11480 nla_nest_end(msg, nl_pats);
11481
11482 return 0;
11483 }
11484
11485 static int nl80211_send_wowlan_tcp(struct sk_buff *msg,
11486 struct cfg80211_wowlan_tcp *tcp)
11487 {
11488 struct nlattr *nl_tcp;
11489
11490 if (!tcp)
11491 return 0;
11492
11493 nl_tcp = nla_nest_start_noflag(msg,
11494 NL80211_WOWLAN_TRIG_TCP_CONNECTION);
11495 if (!nl_tcp)
11496 return -ENOBUFS;
11497
11498 if (nla_put_in_addr(msg, NL80211_WOWLAN_TCP_SRC_IPV4, tcp->src) ||
11499 nla_put_in_addr(msg, NL80211_WOWLAN_TCP_DST_IPV4, tcp->dst) ||
11500 nla_put(msg, NL80211_WOWLAN_TCP_DST_MAC, ETH_ALEN, tcp->dst_mac) ||
11501 nla_put_u16(msg, NL80211_WOWLAN_TCP_SRC_PORT, tcp->src_port) ||
11502 nla_put_u16(msg, NL80211_WOWLAN_TCP_DST_PORT, tcp->dst_port) ||
11503 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
11504 tcp->payload_len, tcp->payload) ||
11505 nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
11506 tcp->data_interval) ||
11507 nla_put(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
11508 tcp->wake_len, tcp->wake_data) ||
11509 nla_put(msg, NL80211_WOWLAN_TCP_WAKE_MASK,
11510 DIV_ROUND_UP(tcp->wake_len, 8), tcp->wake_mask))
11511 return -ENOBUFS;
11512
11513 if (tcp->payload_seq.len &&
11514 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ,
11515 sizeof(tcp->payload_seq), &tcp->payload_seq))
11516 return -ENOBUFS;
11517
11518 if (tcp->payload_tok.len &&
11519 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
11520 sizeof(tcp->payload_tok) + tcp->tokens_size,
11521 &tcp->payload_tok))
11522 return -ENOBUFS;
11523
11524 nla_nest_end(msg, nl_tcp);
11525
11526 return 0;
11527 }
11528
11529 static int nl80211_send_wowlan_nd(struct sk_buff *msg,
11530 struct cfg80211_sched_scan_request *req)
11531 {
11532 struct nlattr *nd, *freqs, *matches, *match, *scan_plans, *scan_plan;
11533 int i;
11534
11535 if (!req)
11536 return 0;
11537
11538 nd = nla_nest_start_noflag(msg, NL80211_WOWLAN_TRIG_NET_DETECT);
11539 if (!nd)
11540 return -ENOBUFS;
11541
11542 if (req->n_scan_plans == 1 &&
11543 nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_INTERVAL,
11544 req->scan_plans[0].interval * 1000))
11545 return -ENOBUFS;
11546
11547 if (nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_DELAY, req->delay))
11548 return -ENOBUFS;
11549
11550 if (req->relative_rssi_set) {
11551 struct nl80211_bss_select_rssi_adjust rssi_adjust;
11552
11553 if (nla_put_s8(msg, NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI,
11554 req->relative_rssi))
11555 return -ENOBUFS;
11556
11557 rssi_adjust.band = req->rssi_adjust.band;
11558 rssi_adjust.delta = req->rssi_adjust.delta;
11559 if (nla_put(msg, NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST,
11560 sizeof(rssi_adjust), &rssi_adjust))
11561 return -ENOBUFS;
11562 }
11563
11564 freqs = nla_nest_start_noflag(msg, NL80211_ATTR_SCAN_FREQUENCIES);
11565 if (!freqs)
11566 return -ENOBUFS;
11567
11568 for (i = 0; i < req->n_channels; i++) {
11569 if (nla_put_u32(msg, i, req->channels[i]->center_freq))
11570 return -ENOBUFS;
11571 }
11572
11573 nla_nest_end(msg, freqs);
11574
11575 if (req->n_match_sets) {
11576 matches = nla_nest_start_noflag(msg,
11577 NL80211_ATTR_SCHED_SCAN_MATCH);
11578 if (!matches)
11579 return -ENOBUFS;
11580
11581 for (i = 0; i < req->n_match_sets; i++) {
11582 match = nla_nest_start_noflag(msg, i);
11583 if (!match)
11584 return -ENOBUFS;
11585
11586 if (nla_put(msg, NL80211_SCHED_SCAN_MATCH_ATTR_SSID,
11587 req->match_sets[i].ssid.ssid_len,
11588 req->match_sets[i].ssid.ssid))
11589 return -ENOBUFS;
11590 nla_nest_end(msg, match);
11591 }
11592 nla_nest_end(msg, matches);
11593 }
11594
11595 scan_plans = nla_nest_start_noflag(msg, NL80211_ATTR_SCHED_SCAN_PLANS);
11596 if (!scan_plans)
11597 return -ENOBUFS;
11598
11599 for (i = 0; i < req->n_scan_plans; i++) {
11600 scan_plan = nla_nest_start_noflag(msg, i + 1);
11601 if (!scan_plan)
11602 return -ENOBUFS;
11603
11604 if (nla_put_u32(msg, NL80211_SCHED_SCAN_PLAN_INTERVAL,
11605 req->scan_plans[i].interval) ||
11606 (req->scan_plans[i].iterations &&
11607 nla_put_u32(msg, NL80211_SCHED_SCAN_PLAN_ITERATIONS,
11608 req->scan_plans[i].iterations)))
11609 return -ENOBUFS;
11610 nla_nest_end(msg, scan_plan);
11611 }
11612 nla_nest_end(msg, scan_plans);
11613
11614 nla_nest_end(msg, nd);
11615
11616 return 0;
11617 }
11618
11619 static int nl80211_get_wowlan(struct sk_buff *skb, struct genl_info *info)
11620 {
11621 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11622 struct sk_buff *msg;
11623 void *hdr;
11624 u32 size = NLMSG_DEFAULT_SIZE;
11625
11626 if (!rdev->wiphy.wowlan)
11627 return -EOPNOTSUPP;
11628
11629 if (rdev->wiphy.wowlan_config && rdev->wiphy.wowlan_config->tcp) {
11630 /* adjust size to have room for all the data */
11631 size += rdev->wiphy.wowlan_config->tcp->tokens_size +
11632 rdev->wiphy.wowlan_config->tcp->payload_len +
11633 rdev->wiphy.wowlan_config->tcp->wake_len +
11634 rdev->wiphy.wowlan_config->tcp->wake_len / 8;
11635 }
11636
11637 msg = nlmsg_new(size, GFP_KERNEL);
11638 if (!msg)
11639 return -ENOMEM;
11640
11641 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
11642 NL80211_CMD_GET_WOWLAN);
11643 if (!hdr)
11644 goto nla_put_failure;
11645
11646 if (rdev->wiphy.wowlan_config) {
11647 struct nlattr *nl_wowlan;
11648
11649 nl_wowlan = nla_nest_start_noflag(msg,
11650 NL80211_ATTR_WOWLAN_TRIGGERS);
11651 if (!nl_wowlan)
11652 goto nla_put_failure;
11653
11654 if ((rdev->wiphy.wowlan_config->any &&
11655 nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
11656 (rdev->wiphy.wowlan_config->disconnect &&
11657 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
11658 (rdev->wiphy.wowlan_config->magic_pkt &&
11659 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
11660 (rdev->wiphy.wowlan_config->gtk_rekey_failure &&
11661 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
11662 (rdev->wiphy.wowlan_config->eap_identity_req &&
11663 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
11664 (rdev->wiphy.wowlan_config->four_way_handshake &&
11665 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
11666 (rdev->wiphy.wowlan_config->rfkill_release &&
11667 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
11668 goto nla_put_failure;
11669
11670 if (nl80211_send_wowlan_patterns(msg, rdev))
11671 goto nla_put_failure;
11672
11673 if (nl80211_send_wowlan_tcp(msg,
11674 rdev->wiphy.wowlan_config->tcp))
11675 goto nla_put_failure;
11676
11677 if (nl80211_send_wowlan_nd(
11678 msg,
11679 rdev->wiphy.wowlan_config->nd_config))
11680 goto nla_put_failure;
11681
11682 nla_nest_end(msg, nl_wowlan);
11683 }
11684
11685 genlmsg_end(msg, hdr);
11686 return genlmsg_reply(msg, info);
11687
11688 nla_put_failure:
11689 nlmsg_free(msg);
11690 return -ENOBUFS;
11691 }
11692
11693 static int nl80211_parse_wowlan_tcp(struct cfg80211_registered_device *rdev,
11694 struct nlattr *attr,
11695 struct cfg80211_wowlan *trig)
11696 {
11697 struct nlattr *tb[NUM_NL80211_WOWLAN_TCP];
11698 struct cfg80211_wowlan_tcp *cfg;
11699 struct nl80211_wowlan_tcp_data_token *tok = NULL;
11700 struct nl80211_wowlan_tcp_data_seq *seq = NULL;
11701 u32 size;
11702 u32 data_size, wake_size, tokens_size = 0, wake_mask_size;
11703 int err, port;
11704
11705 if (!rdev->wiphy.wowlan->tcp)
11706 return -EINVAL;
11707
11708 err = nla_parse_nested_deprecated(tb, MAX_NL80211_WOWLAN_TCP, attr,
11709 nl80211_wowlan_tcp_policy, NULL);
11710 if (err)
11711 return err;
11712
11713 if (!tb[NL80211_WOWLAN_TCP_SRC_IPV4] ||
11714 !tb[NL80211_WOWLAN_TCP_DST_IPV4] ||
11715 !tb[NL80211_WOWLAN_TCP_DST_MAC] ||
11716 !tb[NL80211_WOWLAN_TCP_DST_PORT] ||
11717 !tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD] ||
11718 !tb[NL80211_WOWLAN_TCP_DATA_INTERVAL] ||
11719 !tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD] ||
11720 !tb[NL80211_WOWLAN_TCP_WAKE_MASK])
11721 return -EINVAL;
11722
11723 data_size = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]);
11724 if (data_size > rdev->wiphy.wowlan->tcp->data_payload_max)
11725 return -EINVAL;
11726
11727 if (nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) >
11728 rdev->wiphy.wowlan->tcp->data_interval_max ||
11729 nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) == 0)
11730 return -EINVAL;
11731
11732 wake_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]);
11733 if (wake_size > rdev->wiphy.wowlan->tcp->wake_payload_max)
11734 return -EINVAL;
11735
11736 wake_mask_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_MASK]);
11737 if (wake_mask_size != DIV_ROUND_UP(wake_size, 8))
11738 return -EINVAL;
11739
11740 if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]) {
11741 u32 tokln = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]);
11742
11743 tok = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]);
11744 tokens_size = tokln - sizeof(*tok);
11745
11746 if (!tok->len || tokens_size % tok->len)
11747 return -EINVAL;
11748 if (!rdev->wiphy.wowlan->tcp->tok)
11749 return -EINVAL;
11750 if (tok->len > rdev->wiphy.wowlan->tcp->tok->max_len)
11751 return -EINVAL;
11752 if (tok->len < rdev->wiphy.wowlan->tcp->tok->min_len)
11753 return -EINVAL;
11754 if (tokens_size > rdev->wiphy.wowlan->tcp->tok->bufsize)
11755 return -EINVAL;
11756 if (tok->offset + tok->len > data_size)
11757 return -EINVAL;
11758 }
11759
11760 if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]) {
11761 seq = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]);
11762 if (!rdev->wiphy.wowlan->tcp->seq)
11763 return -EINVAL;
11764 if (seq->len == 0 || seq->len > 4)
11765 return -EINVAL;
11766 if (seq->len + seq->offset > data_size)
11767 return -EINVAL;
11768 }
11769
11770 size = sizeof(*cfg);
11771 size += data_size;
11772 size += wake_size + wake_mask_size;
11773 size += tokens_size;
11774
11775 cfg = kzalloc(size, GFP_KERNEL);
11776 if (!cfg)
11777 return -ENOMEM;
11778 cfg->src = nla_get_in_addr(tb[NL80211_WOWLAN_TCP_SRC_IPV4]);
11779 cfg->dst = nla_get_in_addr(tb[NL80211_WOWLAN_TCP_DST_IPV4]);
11780 memcpy(cfg->dst_mac, nla_data(tb[NL80211_WOWLAN_TCP_DST_MAC]),
11781 ETH_ALEN);
11782 if (tb[NL80211_WOWLAN_TCP_SRC_PORT])
11783 port = nla_get_u16(tb[NL80211_WOWLAN_TCP_SRC_PORT]);
11784 else
11785 port = 0;
11786 #ifdef CONFIG_INET
11787 /* allocate a socket and port for it and use it */
11788 err = __sock_create(wiphy_net(&rdev->wiphy), PF_INET, SOCK_STREAM,
11789 IPPROTO_TCP, &cfg->sock, 1);
11790 if (err) {
11791 kfree(cfg);
11792 return err;
11793 }
11794 if (inet_csk_get_port(cfg->sock->sk, port)) {
11795 sock_release(cfg->sock);
11796 kfree(cfg);
11797 return -EADDRINUSE;
11798 }
11799 cfg->src_port = inet_sk(cfg->sock->sk)->inet_num;
11800 #else
11801 if (!port) {
11802 kfree(cfg);
11803 return -EINVAL;
11804 }
11805 cfg->src_port = port;
11806 #endif
11807
11808 cfg->dst_port = nla_get_u16(tb[NL80211_WOWLAN_TCP_DST_PORT]);
11809 cfg->payload_len = data_size;
11810 cfg->payload = (u8 *)cfg + sizeof(*cfg) + tokens_size;
11811 memcpy((void *)cfg->payload,
11812 nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]),
11813 data_size);
11814 if (seq)
11815 cfg->payload_seq = *seq;
11816 cfg->data_interval = nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]);
11817 cfg->wake_len = wake_size;
11818 cfg->wake_data = (u8 *)cfg + sizeof(*cfg) + tokens_size + data_size;
11819 memcpy((void *)cfg->wake_data,
11820 nla_data(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]),
11821 wake_size);
11822 cfg->wake_mask = (u8 *)cfg + sizeof(*cfg) + tokens_size +
11823 data_size + wake_size;
11824 memcpy((void *)cfg->wake_mask,
11825 nla_data(tb[NL80211_WOWLAN_TCP_WAKE_MASK]),
11826 wake_mask_size);
11827 if (tok) {
11828 cfg->tokens_size = tokens_size;
11829 memcpy(&cfg->payload_tok, tok, sizeof(*tok) + tokens_size);
11830 }
11831
11832 trig->tcp = cfg;
11833
11834 return 0;
11835 }
11836
11837 static int nl80211_parse_wowlan_nd(struct cfg80211_registered_device *rdev,
11838 const struct wiphy_wowlan_support *wowlan,
11839 struct nlattr *attr,
11840 struct cfg80211_wowlan *trig)
11841 {
11842 struct nlattr **tb;
11843 int err;
11844
11845 tb = kcalloc(NUM_NL80211_ATTR, sizeof(*tb), GFP_KERNEL);
11846 if (!tb)
11847 return -ENOMEM;
11848
11849 if (!(wowlan->flags & WIPHY_WOWLAN_NET_DETECT)) {
11850 err = -EOPNOTSUPP;
11851 goto out;
11852 }
11853
11854 err = nla_parse_nested_deprecated(tb, NL80211_ATTR_MAX, attr,
11855 nl80211_policy, NULL);
11856 if (err)
11857 goto out;
11858
11859 trig->nd_config = nl80211_parse_sched_scan(&rdev->wiphy, NULL, tb,
11860 wowlan->max_nd_match_sets);
11861 err = PTR_ERR_OR_ZERO(trig->nd_config);
11862 if (err)
11863 trig->nd_config = NULL;
11864
11865 out:
11866 kfree(tb);
11867 return err;
11868 }
11869
11870 static int nl80211_set_wowlan(struct sk_buff *skb, struct genl_info *info)
11871 {
11872 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11873 struct nlattr *tb[NUM_NL80211_WOWLAN_TRIG];
11874 struct cfg80211_wowlan new_triggers = {};
11875 struct cfg80211_wowlan *ntrig;
11876 const struct wiphy_wowlan_support *wowlan = rdev->wiphy.wowlan;
11877 int err, i;
11878 bool prev_enabled = rdev->wiphy.wowlan_config;
11879 bool regular = false;
11880
11881 if (!wowlan)
11882 return -EOPNOTSUPP;
11883
11884 if (!info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]) {
11885 cfg80211_rdev_free_wowlan(rdev);
11886 rdev->wiphy.wowlan_config = NULL;
11887 goto set_wakeup;
11888 }
11889
11890 err = nla_parse_nested_deprecated(tb, MAX_NL80211_WOWLAN_TRIG,
11891 info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS],
11892 nl80211_wowlan_policy, info->extack);
11893 if (err)
11894 return err;
11895
11896 if (tb[NL80211_WOWLAN_TRIG_ANY]) {
11897 if (!(wowlan->flags & WIPHY_WOWLAN_ANY))
11898 return -EINVAL;
11899 new_triggers.any = true;
11900 }
11901
11902 if (tb[NL80211_WOWLAN_TRIG_DISCONNECT]) {
11903 if (!(wowlan->flags & WIPHY_WOWLAN_DISCONNECT))
11904 return -EINVAL;
11905 new_triggers.disconnect = true;
11906 regular = true;
11907 }
11908
11909 if (tb[NL80211_WOWLAN_TRIG_MAGIC_PKT]) {
11910 if (!(wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT))
11911 return -EINVAL;
11912 new_triggers.magic_pkt = true;
11913 regular = true;
11914 }
11915
11916 if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED])
11917 return -EINVAL;
11918
11919 if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE]) {
11920 if (!(wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE))
11921 return -EINVAL;
11922 new_triggers.gtk_rekey_failure = true;
11923 regular = true;
11924 }
11925
11926 if (tb[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST]) {
11927 if (!(wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ))
11928 return -EINVAL;
11929 new_triggers.eap_identity_req = true;
11930 regular = true;
11931 }
11932
11933 if (tb[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE]) {
11934 if (!(wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE))
11935 return -EINVAL;
11936 new_triggers.four_way_handshake = true;
11937 regular = true;
11938 }
11939
11940 if (tb[NL80211_WOWLAN_TRIG_RFKILL_RELEASE]) {
11941 if (!(wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE))
11942 return -EINVAL;
11943 new_triggers.rfkill_release = true;
11944 regular = true;
11945 }
11946
11947 if (tb[NL80211_WOWLAN_TRIG_PKT_PATTERN]) {
11948 struct nlattr *pat;
11949 int n_patterns = 0;
11950 int rem, pat_len, mask_len, pkt_offset;
11951 struct nlattr *pat_tb[NUM_NL80211_PKTPAT];
11952
11953 regular = true;
11954
11955 nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
11956 rem)
11957 n_patterns++;
11958 if (n_patterns > wowlan->n_patterns)
11959 return -EINVAL;
11960
11961 new_triggers.patterns = kcalloc(n_patterns,
11962 sizeof(new_triggers.patterns[0]),
11963 GFP_KERNEL);
11964 if (!new_triggers.patterns)
11965 return -ENOMEM;
11966
11967 new_triggers.n_patterns = n_patterns;
11968 i = 0;
11969
11970 nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
11971 rem) {
11972 u8 *mask_pat;
11973
11974 err = nla_parse_nested_deprecated(pat_tb,
11975 MAX_NL80211_PKTPAT,
11976 pat,
11977 nl80211_packet_pattern_policy,
11978 info->extack);
11979 if (err)
11980 goto error;
11981
11982 err = -EINVAL;
11983 if (!pat_tb[NL80211_PKTPAT_MASK] ||
11984 !pat_tb[NL80211_PKTPAT_PATTERN])
11985 goto error;
11986 pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]);
11987 mask_len = DIV_ROUND_UP(pat_len, 8);
11988 if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len)
11989 goto error;
11990 if (pat_len > wowlan->pattern_max_len ||
11991 pat_len < wowlan->pattern_min_len)
11992 goto error;
11993
11994 if (!pat_tb[NL80211_PKTPAT_OFFSET])
11995 pkt_offset = 0;
11996 else
11997 pkt_offset = nla_get_u32(
11998 pat_tb[NL80211_PKTPAT_OFFSET]);
11999 if (pkt_offset > wowlan->max_pkt_offset)
12000 goto error;
12001 new_triggers.patterns[i].pkt_offset = pkt_offset;
12002
12003 mask_pat = kmalloc(mask_len + pat_len, GFP_KERNEL);
12004 if (!mask_pat) {
12005 err = -ENOMEM;
12006 goto error;
12007 }
12008 new_triggers.patterns[i].mask = mask_pat;
12009 memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_MASK]),
12010 mask_len);
12011 mask_pat += mask_len;
12012 new_triggers.patterns[i].pattern = mask_pat;
12013 new_triggers.patterns[i].pattern_len = pat_len;
12014 memcpy(mask_pat,
12015 nla_data(pat_tb[NL80211_PKTPAT_PATTERN]),
12016 pat_len);
12017 i++;
12018 }
12019 }
12020
12021 if (tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION]) {
12022 regular = true;
12023 err = nl80211_parse_wowlan_tcp(
12024 rdev, tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION],
12025 &new_triggers);
12026 if (err)
12027 goto error;
12028 }
12029
12030 if (tb[NL80211_WOWLAN_TRIG_NET_DETECT]) {
12031 regular = true;
12032 err = nl80211_parse_wowlan_nd(
12033 rdev, wowlan, tb[NL80211_WOWLAN_TRIG_NET_DETECT],
12034 &new_triggers);
12035 if (err)
12036 goto error;
12037 }
12038
12039 /* The 'any' trigger means the device continues operating more or less
12040 * as in its normal operation mode and wakes up the host on most of the
12041 * normal interrupts (like packet RX, ...)
12042 * It therefore makes little sense to combine with the more constrained
12043 * wakeup trigger modes.
12044 */
12045 if (new_triggers.any && regular) {
12046 err = -EINVAL;
12047 goto error;
12048 }
12049
12050 ntrig = kmemdup(&new_triggers, sizeof(new_triggers), GFP_KERNEL);
12051 if (!ntrig) {
12052 err = -ENOMEM;
12053 goto error;
12054 }
12055 cfg80211_rdev_free_wowlan(rdev);
12056 rdev->wiphy.wowlan_config = ntrig;
12057
12058 set_wakeup:
12059 if (rdev->ops->set_wakeup &&
12060 prev_enabled != !!rdev->wiphy.wowlan_config)
12061 rdev_set_wakeup(rdev, rdev->wiphy.wowlan_config);
12062
12063 return 0;
12064 error:
12065 for (i = 0; i < new_triggers.n_patterns; i++)
12066 kfree(new_triggers.patterns[i].mask);
12067 kfree(new_triggers.patterns);
12068 if (new_triggers.tcp && new_triggers.tcp->sock)
12069 sock_release(new_triggers.tcp->sock);
12070 kfree(new_triggers.tcp);
12071 kfree(new_triggers.nd_config);
12072 return err;
12073 }
12074 #endif
12075
12076 static int nl80211_send_coalesce_rules(struct sk_buff *msg,
12077 struct cfg80211_registered_device *rdev)
12078 {
12079 struct nlattr *nl_pats, *nl_pat, *nl_rule, *nl_rules;
12080 int i, j, pat_len;
12081 struct cfg80211_coalesce_rules *rule;
12082
12083 if (!rdev->coalesce->n_rules)
12084 return 0;
12085
12086 nl_rules = nla_nest_start_noflag(msg, NL80211_ATTR_COALESCE_RULE);
12087 if (!nl_rules)
12088 return -ENOBUFS;
12089
12090 for (i = 0; i < rdev->coalesce->n_rules; i++) {
12091 nl_rule = nla_nest_start_noflag(msg, i + 1);
12092 if (!nl_rule)
12093 return -ENOBUFS;
12094
12095 rule = &rdev->coalesce->rules[i];
12096 if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_DELAY,
12097 rule->delay))
12098 return -ENOBUFS;
12099
12100 if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_CONDITION,
12101 rule->condition))
12102 return -ENOBUFS;
12103
12104 nl_pats = nla_nest_start_noflag(msg,
12105 NL80211_ATTR_COALESCE_RULE_PKT_PATTERN);
12106 if (!nl_pats)
12107 return -ENOBUFS;
12108
12109 for (j = 0; j < rule->n_patterns; j++) {
12110 nl_pat = nla_nest_start_noflag(msg, j + 1);
12111 if (!nl_pat)
12112 return -ENOBUFS;
12113 pat_len = rule->patterns[j].pattern_len;
12114 if (nla_put(msg, NL80211_PKTPAT_MASK,
12115 DIV_ROUND_UP(pat_len, 8),
12116 rule->patterns[j].mask) ||
12117 nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len,
12118 rule->patterns[j].pattern) ||
12119 nla_put_u32(msg, NL80211_PKTPAT_OFFSET,
12120 rule->patterns[j].pkt_offset))
12121 return -ENOBUFS;
12122 nla_nest_end(msg, nl_pat);
12123 }
12124 nla_nest_end(msg, nl_pats);
12125 nla_nest_end(msg, nl_rule);
12126 }
12127 nla_nest_end(msg, nl_rules);
12128
12129 return 0;
12130 }
12131
12132 static int nl80211_get_coalesce(struct sk_buff *skb, struct genl_info *info)
12133 {
12134 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12135 struct sk_buff *msg;
12136 void *hdr;
12137
12138 if (!rdev->wiphy.coalesce)
12139 return -EOPNOTSUPP;
12140
12141 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
12142 if (!msg)
12143 return -ENOMEM;
12144
12145 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
12146 NL80211_CMD_GET_COALESCE);
12147 if (!hdr)
12148 goto nla_put_failure;
12149
12150 if (rdev->coalesce && nl80211_send_coalesce_rules(msg, rdev))
12151 goto nla_put_failure;
12152
12153 genlmsg_end(msg, hdr);
12154 return genlmsg_reply(msg, info);
12155
12156 nla_put_failure:
12157 nlmsg_free(msg);
12158 return -ENOBUFS;
12159 }
12160
12161 void cfg80211_rdev_free_coalesce(struct cfg80211_registered_device *rdev)
12162 {
12163 struct cfg80211_coalesce *coalesce = rdev->coalesce;
12164 int i, j;
12165 struct cfg80211_coalesce_rules *rule;
12166
12167 if (!coalesce)
12168 return;
12169
12170 for (i = 0; i < coalesce->n_rules; i++) {
12171 rule = &coalesce->rules[i];
12172 for (j = 0; j < rule->n_patterns; j++)
12173 kfree(rule->patterns[j].mask);
12174 kfree(rule->patterns);
12175 }
12176 kfree(coalesce->rules);
12177 kfree(coalesce);
12178 rdev->coalesce = NULL;
12179 }
12180
12181 static int nl80211_parse_coalesce_rule(struct cfg80211_registered_device *rdev,
12182 struct nlattr *rule,
12183 struct cfg80211_coalesce_rules *new_rule)
12184 {
12185 int err, i;
12186 const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce;
12187 struct nlattr *tb[NUM_NL80211_ATTR_COALESCE_RULE], *pat;
12188 int rem, pat_len, mask_len, pkt_offset, n_patterns = 0;
12189 struct nlattr *pat_tb[NUM_NL80211_PKTPAT];
12190
12191 err = nla_parse_nested_deprecated(tb, NL80211_ATTR_COALESCE_RULE_MAX,
12192 rule, nl80211_coalesce_policy, NULL);
12193 if (err)
12194 return err;
12195
12196 if (tb[NL80211_ATTR_COALESCE_RULE_DELAY])
12197 new_rule->delay =
12198 nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_DELAY]);
12199 if (new_rule->delay > coalesce->max_delay)
12200 return -EINVAL;
12201
12202 if (tb[NL80211_ATTR_COALESCE_RULE_CONDITION])
12203 new_rule->condition =
12204 nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_CONDITION]);
12205
12206 if (!tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN])
12207 return -EINVAL;
12208
12209 nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN],
12210 rem)
12211 n_patterns++;
12212 if (n_patterns > coalesce->n_patterns)
12213 return -EINVAL;
12214
12215 new_rule->patterns = kcalloc(n_patterns, sizeof(new_rule->patterns[0]),
12216 GFP_KERNEL);
12217 if (!new_rule->patterns)
12218 return -ENOMEM;
12219
12220 new_rule->n_patterns = n_patterns;
12221 i = 0;
12222
12223 nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN],
12224 rem) {
12225 u8 *mask_pat;
12226
12227 err = nla_parse_nested_deprecated(pat_tb, MAX_NL80211_PKTPAT,
12228 pat,
12229 nl80211_packet_pattern_policy,
12230 NULL);
12231 if (err)
12232 return err;
12233
12234 if (!pat_tb[NL80211_PKTPAT_MASK] ||
12235 !pat_tb[NL80211_PKTPAT_PATTERN])
12236 return -EINVAL;
12237 pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]);
12238 mask_len = DIV_ROUND_UP(pat_len, 8);
12239 if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len)
12240 return -EINVAL;
12241 if (pat_len > coalesce->pattern_max_len ||
12242 pat_len < coalesce->pattern_min_len)
12243 return -EINVAL;
12244
12245 if (!pat_tb[NL80211_PKTPAT_OFFSET])
12246 pkt_offset = 0;
12247 else
12248 pkt_offset = nla_get_u32(pat_tb[NL80211_PKTPAT_OFFSET]);
12249 if (pkt_offset > coalesce->max_pkt_offset)
12250 return -EINVAL;
12251 new_rule->patterns[i].pkt_offset = pkt_offset;
12252
12253 mask_pat = kmalloc(mask_len + pat_len, GFP_KERNEL);
12254 if (!mask_pat)
12255 return -ENOMEM;
12256
12257 new_rule->patterns[i].mask = mask_pat;
12258 memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_MASK]),
12259 mask_len);
12260
12261 mask_pat += mask_len;
12262 new_rule->patterns[i].pattern = mask_pat;
12263 new_rule->patterns[i].pattern_len = pat_len;
12264 memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_PATTERN]),
12265 pat_len);
12266 i++;
12267 }
12268
12269 return 0;
12270 }
12271
12272 static int nl80211_set_coalesce(struct sk_buff *skb, struct genl_info *info)
12273 {
12274 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12275 const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce;
12276 struct cfg80211_coalesce new_coalesce = {};
12277 struct cfg80211_coalesce *n_coalesce;
12278 int err, rem_rule, n_rules = 0, i, j;
12279 struct nlattr *rule;
12280 struct cfg80211_coalesce_rules *tmp_rule;
12281
12282 if (!rdev->wiphy.coalesce || !rdev->ops->set_coalesce)
12283 return -EOPNOTSUPP;
12284
12285 if (!info->attrs[NL80211_ATTR_COALESCE_RULE]) {
12286 cfg80211_rdev_free_coalesce(rdev);
12287 rdev_set_coalesce(rdev, NULL);
12288 return 0;
12289 }
12290
12291 nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE],
12292 rem_rule)
12293 n_rules++;
12294 if (n_rules > coalesce->n_rules)
12295 return -EINVAL;
12296
12297 new_coalesce.rules = kcalloc(n_rules, sizeof(new_coalesce.rules[0]),
12298 GFP_KERNEL);
12299 if (!new_coalesce.rules)
12300 return -ENOMEM;
12301
12302 new_coalesce.n_rules = n_rules;
12303 i = 0;
12304
12305 nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE],
12306 rem_rule) {
12307 err = nl80211_parse_coalesce_rule(rdev, rule,
12308 &new_coalesce.rules[i]);
12309 if (err)
12310 goto error;
12311
12312 i++;
12313 }
12314
12315 err = rdev_set_coalesce(rdev, &new_coalesce);
12316 if (err)
12317 goto error;
12318
12319 n_coalesce = kmemdup(&new_coalesce, sizeof(new_coalesce), GFP_KERNEL);
12320 if (!n_coalesce) {
12321 err = -ENOMEM;
12322 goto error;
12323 }
12324 cfg80211_rdev_free_coalesce(rdev);
12325 rdev->coalesce = n_coalesce;
12326
12327 return 0;
12328 error:
12329 for (i = 0; i < new_coalesce.n_rules; i++) {
12330 tmp_rule = &new_coalesce.rules[i];
12331 for (j = 0; j < tmp_rule->n_patterns; j++)
12332 kfree(tmp_rule->patterns[j].mask);
12333 kfree(tmp_rule->patterns);
12334 }
12335 kfree(new_coalesce.rules);
12336
12337 return err;
12338 }
12339
12340 static int nl80211_set_rekey_data(struct sk_buff *skb, struct genl_info *info)
12341 {
12342 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12343 struct net_device *dev = info->user_ptr[1];
12344 struct wireless_dev *wdev = dev->ieee80211_ptr;
12345 struct nlattr *tb[NUM_NL80211_REKEY_DATA];
12346 struct cfg80211_gtk_rekey_data rekey_data;
12347 int err;
12348
12349 if (!info->attrs[NL80211_ATTR_REKEY_DATA])
12350 return -EINVAL;
12351
12352 err = nla_parse_nested_deprecated(tb, MAX_NL80211_REKEY_DATA,
12353 info->attrs[NL80211_ATTR_REKEY_DATA],
12354 nl80211_rekey_policy, info->extack);
12355 if (err)
12356 return err;
12357
12358 if (!tb[NL80211_REKEY_DATA_REPLAY_CTR] || !tb[NL80211_REKEY_DATA_KEK] ||
12359 !tb[NL80211_REKEY_DATA_KCK])
12360 return -EINVAL;
12361 if (nla_len(tb[NL80211_REKEY_DATA_REPLAY_CTR]) != NL80211_REPLAY_CTR_LEN)
12362 return -ERANGE;
12363 if (nla_len(tb[NL80211_REKEY_DATA_KEK]) != NL80211_KEK_LEN &&
12364 !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_EXT_KEK_KCK &&
12365 nla_len(tb[NL80211_REKEY_DATA_KEK]) == NL80211_KEK_EXT_LEN))
12366 return -ERANGE;
12367 if (nla_len(tb[NL80211_REKEY_DATA_KCK]) != NL80211_KCK_LEN &&
12368 !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_EXT_KEK_KCK &&
12369 nla_len(tb[NL80211_REKEY_DATA_KEK]) == NL80211_KCK_EXT_LEN))
12370 return -ERANGE;
12371
12372 rekey_data.kek = nla_data(tb[NL80211_REKEY_DATA_KEK]);
12373 rekey_data.kck = nla_data(tb[NL80211_REKEY_DATA_KCK]);
12374 rekey_data.replay_ctr = nla_data(tb[NL80211_REKEY_DATA_REPLAY_CTR]);
12375 rekey_data.kek_len = nla_len(tb[NL80211_REKEY_DATA_KEK]);
12376 rekey_data.kck_len = nla_len(tb[NL80211_REKEY_DATA_KCK]);
12377 if (tb[NL80211_REKEY_DATA_AKM])
12378 rekey_data.akm = nla_get_u32(tb[NL80211_REKEY_DATA_AKM]);
12379
12380 wdev_lock(wdev);
12381 if (!wdev->current_bss) {
12382 err = -ENOTCONN;
12383 goto out;
12384 }
12385
12386 if (!rdev->ops->set_rekey_data) {
12387 err = -EOPNOTSUPP;
12388 goto out;
12389 }
12390
12391 err = rdev_set_rekey_data(rdev, dev, &rekey_data);
12392 out:
12393 wdev_unlock(wdev);
12394 return err;
12395 }
12396
12397 static int nl80211_register_unexpected_frame(struct sk_buff *skb,
12398 struct genl_info *info)
12399 {
12400 struct net_device *dev = info->user_ptr[1];
12401 struct wireless_dev *wdev = dev->ieee80211_ptr;
12402
12403 if (wdev->iftype != NL80211_IFTYPE_AP &&
12404 wdev->iftype != NL80211_IFTYPE_P2P_GO)
12405 return -EINVAL;
12406
12407 if (wdev->ap_unexpected_nlportid)
12408 return -EBUSY;
12409
12410 wdev->ap_unexpected_nlportid = info->snd_portid;
12411 return 0;
12412 }
12413
12414 static int nl80211_probe_client(struct sk_buff *skb,
12415 struct genl_info *info)
12416 {
12417 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12418 struct net_device *dev = info->user_ptr[1];
12419 struct wireless_dev *wdev = dev->ieee80211_ptr;
12420 struct sk_buff *msg;
12421 void *hdr;
12422 const u8 *addr;
12423 u64 cookie;
12424 int err;
12425
12426 if (wdev->iftype != NL80211_IFTYPE_AP &&
12427 wdev->iftype != NL80211_IFTYPE_P2P_GO)
12428 return -EOPNOTSUPP;
12429
12430 if (!info->attrs[NL80211_ATTR_MAC])
12431 return -EINVAL;
12432
12433 if (!rdev->ops->probe_client)
12434 return -EOPNOTSUPP;
12435
12436 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
12437 if (!msg)
12438 return -ENOMEM;
12439
12440 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
12441 NL80211_CMD_PROBE_CLIENT);
12442 if (!hdr) {
12443 err = -ENOBUFS;
12444 goto free_msg;
12445 }
12446
12447 addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
12448
12449 err = rdev_probe_client(rdev, dev, addr, &cookie);
12450 if (err)
12451 goto free_msg;
12452
12453 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
12454 NL80211_ATTR_PAD))
12455 goto nla_put_failure;
12456
12457 genlmsg_end(msg, hdr);
12458
12459 return genlmsg_reply(msg, info);
12460
12461 nla_put_failure:
12462 err = -ENOBUFS;
12463 free_msg:
12464 nlmsg_free(msg);
12465 return err;
12466 }
12467
12468 static int nl80211_register_beacons(struct sk_buff *skb, struct genl_info *info)
12469 {
12470 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12471 struct cfg80211_beacon_registration *reg, *nreg;
12472 int rv;
12473
12474 if (!(rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS))
12475 return -EOPNOTSUPP;
12476
12477 nreg = kzalloc(sizeof(*nreg), GFP_KERNEL);
12478 if (!nreg)
12479 return -ENOMEM;
12480
12481 /* First, check if already registered. */
12482 spin_lock_bh(&rdev->beacon_registrations_lock);
12483 list_for_each_entry(reg, &rdev->beacon_registrations, list) {
12484 if (reg->nlportid == info->snd_portid) {
12485 rv = -EALREADY;
12486 goto out_err;
12487 }
12488 }
12489 /* Add it to the list */
12490 nreg->nlportid = info->snd_portid;
12491 list_add(&nreg->list, &rdev->beacon_registrations);
12492
12493 spin_unlock_bh(&rdev->beacon_registrations_lock);
12494
12495 return 0;
12496 out_err:
12497 spin_unlock_bh(&rdev->beacon_registrations_lock);
12498 kfree(nreg);
12499 return rv;
12500 }
12501
12502 static int nl80211_start_p2p_device(struct sk_buff *skb, struct genl_info *info)
12503 {
12504 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12505 struct wireless_dev *wdev = info->user_ptr[1];
12506 int err;
12507
12508 if (!rdev->ops->start_p2p_device)
12509 return -EOPNOTSUPP;
12510
12511 if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
12512 return -EOPNOTSUPP;
12513
12514 if (wdev_running(wdev))
12515 return 0;
12516
12517 if (rfkill_blocked(rdev->rfkill))
12518 return -ERFKILL;
12519
12520 err = rdev_start_p2p_device(rdev, wdev);
12521 if (err)
12522 return err;
12523
12524 wdev->is_running = true;
12525 rdev->opencount++;
12526
12527 return 0;
12528 }
12529
12530 static int nl80211_stop_p2p_device(struct sk_buff *skb, struct genl_info *info)
12531 {
12532 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12533 struct wireless_dev *wdev = info->user_ptr[1];
12534
12535 if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
12536 return -EOPNOTSUPP;
12537
12538 if (!rdev->ops->stop_p2p_device)
12539 return -EOPNOTSUPP;
12540
12541 cfg80211_stop_p2p_device(rdev, wdev);
12542
12543 return 0;
12544 }
12545
12546 static int nl80211_start_nan(struct sk_buff *skb, struct genl_info *info)
12547 {
12548 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12549 struct wireless_dev *wdev = info->user_ptr[1];
12550 struct cfg80211_nan_conf conf = {};
12551 int err;
12552
12553 if (wdev->iftype != NL80211_IFTYPE_NAN)
12554 return -EOPNOTSUPP;
12555
12556 if (wdev_running(wdev))
12557 return -EEXIST;
12558
12559 if (rfkill_blocked(rdev->rfkill))
12560 return -ERFKILL;
12561
12562 if (!info->attrs[NL80211_ATTR_NAN_MASTER_PREF])
12563 return -EINVAL;
12564
12565 conf.master_pref =
12566 nla_get_u8(info->attrs[NL80211_ATTR_NAN_MASTER_PREF]);
12567
12568 if (info->attrs[NL80211_ATTR_BANDS]) {
12569 u32 bands = nla_get_u32(info->attrs[NL80211_ATTR_BANDS]);
12570
12571 if (bands & ~(u32)wdev->wiphy->nan_supported_bands)
12572 return -EOPNOTSUPP;
12573
12574 if (bands && !(bands & BIT(NL80211_BAND_2GHZ)))
12575 return -EINVAL;
12576
12577 conf.bands = bands;
12578 }
12579
12580 err = rdev_start_nan(rdev, wdev, &conf);
12581 if (err)
12582 return err;
12583
12584 wdev->is_running = true;
12585 rdev->opencount++;
12586
12587 return 0;
12588 }
12589
12590 static int nl80211_stop_nan(struct sk_buff *skb, struct genl_info *info)
12591 {
12592 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12593 struct wireless_dev *wdev = info->user_ptr[1];
12594
12595 if (wdev->iftype != NL80211_IFTYPE_NAN)
12596 return -EOPNOTSUPP;
12597
12598 cfg80211_stop_nan(rdev, wdev);
12599
12600 return 0;
12601 }
12602
12603 static int validate_nan_filter(struct nlattr *filter_attr)
12604 {
12605 struct nlattr *attr;
12606 int len = 0, n_entries = 0, rem;
12607
12608 nla_for_each_nested(attr, filter_attr, rem) {
12609 len += nla_len(attr);
12610 n_entries++;
12611 }
12612
12613 if (len >= U8_MAX)
12614 return -EINVAL;
12615
12616 return n_entries;
12617 }
12618
12619 static int handle_nan_filter(struct nlattr *attr_filter,
12620 struct cfg80211_nan_func *func,
12621 bool tx)
12622 {
12623 struct nlattr *attr;
12624 int n_entries, rem, i;
12625 struct cfg80211_nan_func_filter *filter;
12626
12627 n_entries = validate_nan_filter(attr_filter);
12628 if (n_entries < 0)
12629 return n_entries;
12630
12631 BUILD_BUG_ON(sizeof(*func->rx_filters) != sizeof(*func->tx_filters));
12632
12633 filter = kcalloc(n_entries, sizeof(*func->rx_filters), GFP_KERNEL);
12634 if (!filter)
12635 return -ENOMEM;
12636
12637 i = 0;
12638 nla_for_each_nested(attr, attr_filter, rem) {
12639 filter[i].filter = nla_memdup(attr, GFP_KERNEL);
12640 filter[i].len = nla_len(attr);
12641 i++;
12642 }
12643 if (tx) {
12644 func->num_tx_filters = n_entries;
12645 func->tx_filters = filter;
12646 } else {
12647 func->num_rx_filters = n_entries;
12648 func->rx_filters = filter;
12649 }
12650
12651 return 0;
12652 }
12653
12654 static int nl80211_nan_add_func(struct sk_buff *skb,
12655 struct genl_info *info)
12656 {
12657 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12658 struct wireless_dev *wdev = info->user_ptr[1];
12659 struct nlattr *tb[NUM_NL80211_NAN_FUNC_ATTR], *func_attr;
12660 struct cfg80211_nan_func *func;
12661 struct sk_buff *msg = NULL;
12662 void *hdr = NULL;
12663 int err = 0;
12664
12665 if (wdev->iftype != NL80211_IFTYPE_NAN)
12666 return -EOPNOTSUPP;
12667
12668 if (!wdev_running(wdev))
12669 return -ENOTCONN;
12670
12671 if (!info->attrs[NL80211_ATTR_NAN_FUNC])
12672 return -EINVAL;
12673
12674 err = nla_parse_nested_deprecated(tb, NL80211_NAN_FUNC_ATTR_MAX,
12675 info->attrs[NL80211_ATTR_NAN_FUNC],
12676 nl80211_nan_func_policy,
12677 info->extack);
12678 if (err)
12679 return err;
12680
12681 func = kzalloc(sizeof(*func), GFP_KERNEL);
12682 if (!func)
12683 return -ENOMEM;
12684
12685 func->cookie = cfg80211_assign_cookie(rdev);
12686
12687 if (!tb[NL80211_NAN_FUNC_TYPE] ||
12688 nla_get_u8(tb[NL80211_NAN_FUNC_TYPE]) > NL80211_NAN_FUNC_MAX_TYPE) {
12689 err = -EINVAL;
12690 goto out;
12691 }
12692
12693
12694 func->type = nla_get_u8(tb[NL80211_NAN_FUNC_TYPE]);
12695
12696 if (!tb[NL80211_NAN_FUNC_SERVICE_ID]) {
12697 err = -EINVAL;
12698 goto out;
12699 }
12700
12701 memcpy(func->service_id, nla_data(tb[NL80211_NAN_FUNC_SERVICE_ID]),
12702 sizeof(func->service_id));
12703
12704 func->close_range =
12705 nla_get_flag(tb[NL80211_NAN_FUNC_CLOSE_RANGE]);
12706
12707 if (tb[NL80211_NAN_FUNC_SERVICE_INFO]) {
12708 func->serv_spec_info_len =
12709 nla_len(tb[NL80211_NAN_FUNC_SERVICE_INFO]);
12710 func->serv_spec_info =
12711 kmemdup(nla_data(tb[NL80211_NAN_FUNC_SERVICE_INFO]),
12712 func->serv_spec_info_len,
12713 GFP_KERNEL);
12714 if (!func->serv_spec_info) {
12715 err = -ENOMEM;
12716 goto out;
12717 }
12718 }
12719
12720 if (tb[NL80211_NAN_FUNC_TTL])
12721 func->ttl = nla_get_u32(tb[NL80211_NAN_FUNC_TTL]);
12722
12723 switch (func->type) {
12724 case NL80211_NAN_FUNC_PUBLISH:
12725 if (!tb[NL80211_NAN_FUNC_PUBLISH_TYPE]) {
12726 err = -EINVAL;
12727 goto out;
12728 }
12729
12730 func->publish_type =
12731 nla_get_u8(tb[NL80211_NAN_FUNC_PUBLISH_TYPE]);
12732 func->publish_bcast =
12733 nla_get_flag(tb[NL80211_NAN_FUNC_PUBLISH_BCAST]);
12734
12735 if ((!(func->publish_type & NL80211_NAN_SOLICITED_PUBLISH)) &&
12736 func->publish_bcast) {
12737 err = -EINVAL;
12738 goto out;
12739 }
12740 break;
12741 case NL80211_NAN_FUNC_SUBSCRIBE:
12742 func->subscribe_active =
12743 nla_get_flag(tb[NL80211_NAN_FUNC_SUBSCRIBE_ACTIVE]);
12744 break;
12745 case NL80211_NAN_FUNC_FOLLOW_UP:
12746 if (!tb[NL80211_NAN_FUNC_FOLLOW_UP_ID] ||
12747 !tb[NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID] ||
12748 !tb[NL80211_NAN_FUNC_FOLLOW_UP_DEST]) {
12749 err = -EINVAL;
12750 goto out;
12751 }
12752
12753 func->followup_id =
12754 nla_get_u8(tb[NL80211_NAN_FUNC_FOLLOW_UP_ID]);
12755 func->followup_reqid =
12756 nla_get_u8(tb[NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID]);
12757 memcpy(func->followup_dest.addr,
12758 nla_data(tb[NL80211_NAN_FUNC_FOLLOW_UP_DEST]),
12759 sizeof(func->followup_dest.addr));
12760 if (func->ttl) {
12761 err = -EINVAL;
12762 goto out;
12763 }
12764 break;
12765 default:
12766 err = -EINVAL;
12767 goto out;
12768 }
12769
12770 if (tb[NL80211_NAN_FUNC_SRF]) {
12771 struct nlattr *srf_tb[NUM_NL80211_NAN_SRF_ATTR];
12772
12773 err = nla_parse_nested_deprecated(srf_tb,
12774 NL80211_NAN_SRF_ATTR_MAX,
12775 tb[NL80211_NAN_FUNC_SRF],
12776 nl80211_nan_srf_policy,
12777 info->extack);
12778 if (err)
12779 goto out;
12780
12781 func->srf_include =
12782 nla_get_flag(srf_tb[NL80211_NAN_SRF_INCLUDE]);
12783
12784 if (srf_tb[NL80211_NAN_SRF_BF]) {
12785 if (srf_tb[NL80211_NAN_SRF_MAC_ADDRS] ||
12786 !srf_tb[NL80211_NAN_SRF_BF_IDX]) {
12787 err = -EINVAL;
12788 goto out;
12789 }
12790
12791 func->srf_bf_len =
12792 nla_len(srf_tb[NL80211_NAN_SRF_BF]);
12793 func->srf_bf =
12794 kmemdup(nla_data(srf_tb[NL80211_NAN_SRF_BF]),
12795 func->srf_bf_len, GFP_KERNEL);
12796 if (!func->srf_bf) {
12797 err = -ENOMEM;
12798 goto out;
12799 }
12800
12801 func->srf_bf_idx =
12802 nla_get_u8(srf_tb[NL80211_NAN_SRF_BF_IDX]);
12803 } else {
12804 struct nlattr *attr, *mac_attr =
12805 srf_tb[NL80211_NAN_SRF_MAC_ADDRS];
12806 int n_entries, rem, i = 0;
12807
12808 if (!mac_attr) {
12809 err = -EINVAL;
12810 goto out;
12811 }
12812
12813 n_entries = validate_acl_mac_addrs(mac_attr);
12814 if (n_entries <= 0) {
12815 err = -EINVAL;
12816 goto out;
12817 }
12818
12819 func->srf_num_macs = n_entries;
12820 func->srf_macs =
12821 kcalloc(n_entries, sizeof(*func->srf_macs),
12822 GFP_KERNEL);
12823 if (!func->srf_macs) {
12824 err = -ENOMEM;
12825 goto out;
12826 }
12827
12828 nla_for_each_nested(attr, mac_attr, rem)
12829 memcpy(func->srf_macs[i++].addr, nla_data(attr),
12830 sizeof(*func->srf_macs));
12831 }
12832 }
12833
12834 if (tb[NL80211_NAN_FUNC_TX_MATCH_FILTER]) {
12835 err = handle_nan_filter(tb[NL80211_NAN_FUNC_TX_MATCH_FILTER],
12836 func, true);
12837 if (err)
12838 goto out;
12839 }
12840
12841 if (tb[NL80211_NAN_FUNC_RX_MATCH_FILTER]) {
12842 err = handle_nan_filter(tb[NL80211_NAN_FUNC_RX_MATCH_FILTER],
12843 func, false);
12844 if (err)
12845 goto out;
12846 }
12847
12848 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
12849 if (!msg) {
12850 err = -ENOMEM;
12851 goto out;
12852 }
12853
12854 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
12855 NL80211_CMD_ADD_NAN_FUNCTION);
12856 /* This can't really happen - we just allocated 4KB */
12857 if (WARN_ON(!hdr)) {
12858 err = -ENOMEM;
12859 goto out;
12860 }
12861
12862 err = rdev_add_nan_func(rdev, wdev, func);
12863 out:
12864 if (err < 0) {
12865 cfg80211_free_nan_func(func);
12866 nlmsg_free(msg);
12867 return err;
12868 }
12869
12870 /* propagate the instance id and cookie to userspace */
12871 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, func->cookie,
12872 NL80211_ATTR_PAD))
12873 goto nla_put_failure;
12874
12875 func_attr = nla_nest_start_noflag(msg, NL80211_ATTR_NAN_FUNC);
12876 if (!func_attr)
12877 goto nla_put_failure;
12878
12879 if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID,
12880 func->instance_id))
12881 goto nla_put_failure;
12882
12883 nla_nest_end(msg, func_attr);
12884
12885 genlmsg_end(msg, hdr);
12886 return genlmsg_reply(msg, info);
12887
12888 nla_put_failure:
12889 nlmsg_free(msg);
12890 return -ENOBUFS;
12891 }
12892
12893 static int nl80211_nan_del_func(struct sk_buff *skb,
12894 struct genl_info *info)
12895 {
12896 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12897 struct wireless_dev *wdev = info->user_ptr[1];
12898 u64 cookie;
12899
12900 if (wdev->iftype != NL80211_IFTYPE_NAN)
12901 return -EOPNOTSUPP;
12902
12903 if (!wdev_running(wdev))
12904 return -ENOTCONN;
12905
12906 if (!info->attrs[NL80211_ATTR_COOKIE])
12907 return -EINVAL;
12908
12909 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
12910
12911 rdev_del_nan_func(rdev, wdev, cookie);
12912
12913 return 0;
12914 }
12915
12916 static int nl80211_nan_change_config(struct sk_buff *skb,
12917 struct genl_info *info)
12918 {
12919 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12920 struct wireless_dev *wdev = info->user_ptr[1];
12921 struct cfg80211_nan_conf conf = {};
12922 u32 changed = 0;
12923
12924 if (wdev->iftype != NL80211_IFTYPE_NAN)
12925 return -EOPNOTSUPP;
12926
12927 if (!wdev_running(wdev))
12928 return -ENOTCONN;
12929
12930 if (info->attrs[NL80211_ATTR_NAN_MASTER_PREF]) {
12931 conf.master_pref =
12932 nla_get_u8(info->attrs[NL80211_ATTR_NAN_MASTER_PREF]);
12933 if (conf.master_pref <= 1 || conf.master_pref == 255)
12934 return -EINVAL;
12935
12936 changed |= CFG80211_NAN_CONF_CHANGED_PREF;
12937 }
12938
12939 if (info->attrs[NL80211_ATTR_BANDS]) {
12940 u32 bands = nla_get_u32(info->attrs[NL80211_ATTR_BANDS]);
12941
12942 if (bands & ~(u32)wdev->wiphy->nan_supported_bands)
12943 return -EOPNOTSUPP;
12944
12945 if (bands && !(bands & BIT(NL80211_BAND_2GHZ)))
12946 return -EINVAL;
12947
12948 conf.bands = bands;
12949 changed |= CFG80211_NAN_CONF_CHANGED_BANDS;
12950 }
12951
12952 if (!changed)
12953 return -EINVAL;
12954
12955 return rdev_nan_change_conf(rdev, wdev, &conf, changed);
12956 }
12957
12958 void cfg80211_nan_match(struct wireless_dev *wdev,
12959 struct cfg80211_nan_match_params *match, gfp_t gfp)
12960 {
12961 struct wiphy *wiphy = wdev->wiphy;
12962 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12963 struct nlattr *match_attr, *local_func_attr, *peer_func_attr;
12964 struct sk_buff *msg;
12965 void *hdr;
12966
12967 if (WARN_ON(!match->inst_id || !match->peer_inst_id || !match->addr))
12968 return;
12969
12970 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12971 if (!msg)
12972 return;
12973
12974 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NAN_MATCH);
12975 if (!hdr) {
12976 nlmsg_free(msg);
12977 return;
12978 }
12979
12980 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12981 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
12982 wdev->netdev->ifindex)) ||
12983 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
12984 NL80211_ATTR_PAD))
12985 goto nla_put_failure;
12986
12987 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, match->cookie,
12988 NL80211_ATTR_PAD) ||
12989 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, match->addr))
12990 goto nla_put_failure;
12991
12992 match_attr = nla_nest_start_noflag(msg, NL80211_ATTR_NAN_MATCH);
12993 if (!match_attr)
12994 goto nla_put_failure;
12995
12996 local_func_attr = nla_nest_start_noflag(msg,
12997 NL80211_NAN_MATCH_FUNC_LOCAL);
12998 if (!local_func_attr)
12999 goto nla_put_failure;
13000
13001 if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, match->inst_id))
13002 goto nla_put_failure;
13003
13004 nla_nest_end(msg, local_func_attr);
13005
13006 peer_func_attr = nla_nest_start_noflag(msg,
13007 NL80211_NAN_MATCH_FUNC_PEER);
13008 if (!peer_func_attr)
13009 goto nla_put_failure;
13010
13011 if (nla_put_u8(msg, NL80211_NAN_FUNC_TYPE, match->type) ||
13012 nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, match->peer_inst_id))
13013 goto nla_put_failure;
13014
13015 if (match->info && match->info_len &&
13016 nla_put(msg, NL80211_NAN_FUNC_SERVICE_INFO, match->info_len,
13017 match->info))
13018 goto nla_put_failure;
13019
13020 nla_nest_end(msg, peer_func_attr);
13021 nla_nest_end(msg, match_attr);
13022 genlmsg_end(msg, hdr);
13023
13024 if (!wdev->owner_nlportid)
13025 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
13026 msg, 0, NL80211_MCGRP_NAN, gfp);
13027 else
13028 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg,
13029 wdev->owner_nlportid);
13030
13031 return;
13032
13033 nla_put_failure:
13034 nlmsg_free(msg);
13035 }
13036 EXPORT_SYMBOL(cfg80211_nan_match);
13037
13038 void cfg80211_nan_func_terminated(struct wireless_dev *wdev,
13039 u8 inst_id,
13040 enum nl80211_nan_func_term_reason reason,
13041 u64 cookie, gfp_t gfp)
13042 {
13043 struct wiphy *wiphy = wdev->wiphy;
13044 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
13045 struct sk_buff *msg;
13046 struct nlattr *func_attr;
13047 void *hdr;
13048
13049 if (WARN_ON(!inst_id))
13050 return;
13051
13052 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
13053 if (!msg)
13054 return;
13055
13056 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DEL_NAN_FUNCTION);
13057 if (!hdr) {
13058 nlmsg_free(msg);
13059 return;
13060 }
13061
13062 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
13063 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
13064 wdev->netdev->ifindex)) ||
13065 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
13066 NL80211_ATTR_PAD))
13067 goto nla_put_failure;
13068
13069 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
13070 NL80211_ATTR_PAD))
13071 goto nla_put_failure;
13072
13073 func_attr = nla_nest_start_noflag(msg, NL80211_ATTR_NAN_FUNC);
13074 if (!func_attr)
13075 goto nla_put_failure;
13076
13077 if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, inst_id) ||
13078 nla_put_u8(msg, NL80211_NAN_FUNC_TERM_REASON, reason))
13079 goto nla_put_failure;
13080
13081 nla_nest_end(msg, func_attr);
13082 genlmsg_end(msg, hdr);
13083
13084 if (!wdev->owner_nlportid)
13085 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
13086 msg, 0, NL80211_MCGRP_NAN, gfp);
13087 else
13088 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg,
13089 wdev->owner_nlportid);
13090
13091 return;
13092
13093 nla_put_failure:
13094 nlmsg_free(msg);
13095 }
13096 EXPORT_SYMBOL(cfg80211_nan_func_terminated);
13097
13098 static int nl80211_get_protocol_features(struct sk_buff *skb,
13099 struct genl_info *info)
13100 {
13101 void *hdr;
13102 struct sk_buff *msg;
13103
13104 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
13105 if (!msg)
13106 return -ENOMEM;
13107
13108 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
13109 NL80211_CMD_GET_PROTOCOL_FEATURES);
13110 if (!hdr)
13111 goto nla_put_failure;
13112
13113 if (nla_put_u32(msg, NL80211_ATTR_PROTOCOL_FEATURES,
13114 NL80211_PROTOCOL_FEATURE_SPLIT_WIPHY_DUMP))
13115 goto nla_put_failure;
13116
13117 genlmsg_end(msg, hdr);
13118 return genlmsg_reply(msg, info);
13119
13120 nla_put_failure:
13121 kfree_skb(msg);
13122 return -ENOBUFS;
13123 }
13124
13125 static int nl80211_update_ft_ies(struct sk_buff *skb, struct genl_info *info)
13126 {
13127 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13128 struct cfg80211_update_ft_ies_params ft_params;
13129 struct net_device *dev = info->user_ptr[1];
13130
13131 if (!rdev->ops->update_ft_ies)
13132 return -EOPNOTSUPP;
13133
13134 if (!info->attrs[NL80211_ATTR_MDID] ||
13135 !info->attrs[NL80211_ATTR_IE])
13136 return -EINVAL;
13137
13138 memset(&ft_params, 0, sizeof(ft_params));
13139 ft_params.md = nla_get_u16(info->attrs[NL80211_ATTR_MDID]);
13140 ft_params.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
13141 ft_params.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
13142
13143 return rdev_update_ft_ies(rdev, dev, &ft_params);
13144 }
13145
13146 static int nl80211_crit_protocol_start(struct sk_buff *skb,
13147 struct genl_info *info)
13148 {
13149 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13150 struct wireless_dev *wdev = info->user_ptr[1];
13151 enum nl80211_crit_proto_id proto = NL80211_CRIT_PROTO_UNSPEC;
13152 u16 duration;
13153 int ret;
13154
13155 if (!rdev->ops->crit_proto_start)
13156 return -EOPNOTSUPP;
13157
13158 if (WARN_ON(!rdev->ops->crit_proto_stop))
13159 return -EINVAL;
13160
13161 if (rdev->crit_proto_nlportid)
13162 return -EBUSY;
13163
13164 /* determine protocol if provided */
13165 if (info->attrs[NL80211_ATTR_CRIT_PROT_ID])
13166 proto = nla_get_u16(info->attrs[NL80211_ATTR_CRIT_PROT_ID]);
13167
13168 if (proto >= NUM_NL80211_CRIT_PROTO)
13169 return -EINVAL;
13170
13171 /* timeout must be provided */
13172 if (!info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION])
13173 return -EINVAL;
13174
13175 duration =
13176 nla_get_u16(info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION]);
13177
13178 if (duration > NL80211_CRIT_PROTO_MAX_DURATION)
13179 return -ERANGE;
13180
13181 ret = rdev_crit_proto_start(rdev, wdev, proto, duration);
13182 if (!ret)
13183 rdev->crit_proto_nlportid = info->snd_portid;
13184
13185 return ret;
13186 }
13187
13188 static int nl80211_crit_protocol_stop(struct sk_buff *skb,
13189 struct genl_info *info)
13190 {
13191 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13192 struct wireless_dev *wdev = info->user_ptr[1];
13193
13194 if (!rdev->ops->crit_proto_stop)
13195 return -EOPNOTSUPP;
13196
13197 if (rdev->crit_proto_nlportid) {
13198 rdev->crit_proto_nlportid = 0;
13199 rdev_crit_proto_stop(rdev, wdev);
13200 }
13201 return 0;
13202 }
13203
13204 static int nl80211_vendor_check_policy(const struct wiphy_vendor_command *vcmd,
13205 struct nlattr *attr,
13206 struct netlink_ext_ack *extack)
13207 {
13208 if (vcmd->policy == VENDOR_CMD_RAW_DATA) {
13209 if (attr->nla_type & NLA_F_NESTED) {
13210 NL_SET_ERR_MSG_ATTR(extack, attr,
13211 "unexpected nested data");
13212 return -EINVAL;
13213 }
13214
13215 return 0;
13216 }
13217
13218 if (!(attr->nla_type & NLA_F_NESTED)) {
13219 NL_SET_ERR_MSG_ATTR(extack, attr, "expected nested data");
13220 return -EINVAL;
13221 }
13222
13223 return nla_validate_nested(attr, vcmd->maxattr, vcmd->policy, extack);
13224 }
13225
13226 static int nl80211_vendor_cmd(struct sk_buff *skb, struct genl_info *info)
13227 {
13228 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13229 struct wireless_dev *wdev =
13230 __cfg80211_wdev_from_attrs(genl_info_net(info), info->attrs);
13231 int i, err;
13232 u32 vid, subcmd;
13233
13234 if (!rdev->wiphy.vendor_commands)
13235 return -EOPNOTSUPP;
13236
13237 if (IS_ERR(wdev)) {
13238 err = PTR_ERR(wdev);
13239 if (err != -EINVAL)
13240 return err;
13241 wdev = NULL;
13242 } else if (wdev->wiphy != &rdev->wiphy) {
13243 return -EINVAL;
13244 }
13245
13246 if (!info->attrs[NL80211_ATTR_VENDOR_ID] ||
13247 !info->attrs[NL80211_ATTR_VENDOR_SUBCMD])
13248 return -EINVAL;
13249
13250 vid = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_ID]);
13251 subcmd = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_SUBCMD]);
13252 for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) {
13253 const struct wiphy_vendor_command *vcmd;
13254 void *data = NULL;
13255 int len = 0;
13256
13257 vcmd = &rdev->wiphy.vendor_commands[i];
13258
13259 if (vcmd->info.vendor_id != vid || vcmd->info.subcmd != subcmd)
13260 continue;
13261
13262 if (vcmd->flags & (WIPHY_VENDOR_CMD_NEED_WDEV |
13263 WIPHY_VENDOR_CMD_NEED_NETDEV)) {
13264 if (!wdev)
13265 return -EINVAL;
13266 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_NETDEV &&
13267 !wdev->netdev)
13268 return -EINVAL;
13269
13270 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_RUNNING) {
13271 if (!wdev_running(wdev))
13272 return -ENETDOWN;
13273 }
13274 } else {
13275 wdev = NULL;
13276 }
13277
13278 if (!vcmd->doit)
13279 return -EOPNOTSUPP;
13280
13281 if (info->attrs[NL80211_ATTR_VENDOR_DATA]) {
13282 data = nla_data(info->attrs[NL80211_ATTR_VENDOR_DATA]);
13283 len = nla_len(info->attrs[NL80211_ATTR_VENDOR_DATA]);
13284
13285 err = nl80211_vendor_check_policy(vcmd,
13286 info->attrs[NL80211_ATTR_VENDOR_DATA],
13287 info->extack);
13288 if (err)
13289 return err;
13290 }
13291
13292 rdev->cur_cmd_info = info;
13293 err = vcmd->doit(&rdev->wiphy, wdev, data, len);
13294 rdev->cur_cmd_info = NULL;
13295 return err;
13296 }
13297
13298 return -EOPNOTSUPP;
13299 }
13300
13301 static int nl80211_prepare_vendor_dump(struct sk_buff *skb,
13302 struct netlink_callback *cb,
13303 struct cfg80211_registered_device **rdev,
13304 struct wireless_dev **wdev)
13305 {
13306 struct nlattr **attrbuf;
13307 u32 vid, subcmd;
13308 unsigned int i;
13309 int vcmd_idx = -1;
13310 int err;
13311 void *data = NULL;
13312 unsigned int data_len = 0;
13313
13314 if (cb->args[0]) {
13315 /* subtract the 1 again here */
13316 struct wiphy *wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1);
13317 struct wireless_dev *tmp;
13318
13319 if (!wiphy)
13320 return -ENODEV;
13321 *rdev = wiphy_to_rdev(wiphy);
13322 *wdev = NULL;
13323
13324 if (cb->args[1]) {
13325 list_for_each_entry(tmp, &wiphy->wdev_list, list) {
13326 if (tmp->identifier == cb->args[1] - 1) {
13327 *wdev = tmp;
13328 break;
13329 }
13330 }
13331 }
13332
13333 /* keep rtnl locked in successful case */
13334 return 0;
13335 }
13336
13337 attrbuf = kcalloc(NUM_NL80211_ATTR, sizeof(*attrbuf), GFP_KERNEL);
13338 if (!attrbuf)
13339 return -ENOMEM;
13340
13341 err = nlmsg_parse_deprecated(cb->nlh,
13342 GENL_HDRLEN + nl80211_fam.hdrsize,
13343 attrbuf, nl80211_fam.maxattr,
13344 nl80211_policy, NULL);
13345 if (err)
13346 goto out;
13347
13348 if (!attrbuf[NL80211_ATTR_VENDOR_ID] ||
13349 !attrbuf[NL80211_ATTR_VENDOR_SUBCMD]) {
13350 err = -EINVAL;
13351 goto out;
13352 }
13353
13354 *wdev = __cfg80211_wdev_from_attrs(sock_net(skb->sk), attrbuf);
13355 if (IS_ERR(*wdev))
13356 *wdev = NULL;
13357
13358 *rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk), attrbuf);
13359 if (IS_ERR(*rdev)) {
13360 err = PTR_ERR(*rdev);
13361 goto out;
13362 }
13363
13364 vid = nla_get_u32(attrbuf[NL80211_ATTR_VENDOR_ID]);
13365 subcmd = nla_get_u32(attrbuf[NL80211_ATTR_VENDOR_SUBCMD]);
13366
13367 for (i = 0; i < (*rdev)->wiphy.n_vendor_commands; i++) {
13368 const struct wiphy_vendor_command *vcmd;
13369
13370 vcmd = &(*rdev)->wiphy.vendor_commands[i];
13371
13372 if (vcmd->info.vendor_id != vid || vcmd->info.subcmd != subcmd)
13373 continue;
13374
13375 if (!vcmd->dumpit) {
13376 err = -EOPNOTSUPP;
13377 goto out;
13378 }
13379
13380 vcmd_idx = i;
13381 break;
13382 }
13383
13384 if (vcmd_idx < 0) {
13385 err = -EOPNOTSUPP;
13386 goto out;
13387 }
13388
13389 if (attrbuf[NL80211_ATTR_VENDOR_DATA]) {
13390 data = nla_data(attrbuf[NL80211_ATTR_VENDOR_DATA]);
13391 data_len = nla_len(attrbuf[NL80211_ATTR_VENDOR_DATA]);
13392
13393 err = nl80211_vendor_check_policy(
13394 &(*rdev)->wiphy.vendor_commands[vcmd_idx],
13395 attrbuf[NL80211_ATTR_VENDOR_DATA],
13396 cb->extack);
13397 if (err)
13398 goto out;
13399 }
13400
13401 /* 0 is the first index - add 1 to parse only once */
13402 cb->args[0] = (*rdev)->wiphy_idx + 1;
13403 /* add 1 to know if it was NULL */
13404 cb->args[1] = *wdev ? (*wdev)->identifier + 1 : 0;
13405 cb->args[2] = vcmd_idx;
13406 cb->args[3] = (unsigned long)data;
13407 cb->args[4] = data_len;
13408
13409 /* keep rtnl locked in successful case */
13410 err = 0;
13411 out:
13412 kfree(attrbuf);
13413 return err;
13414 }
13415
13416 static int nl80211_vendor_cmd_dump(struct sk_buff *skb,
13417 struct netlink_callback *cb)
13418 {
13419 struct cfg80211_registered_device *rdev;
13420 struct wireless_dev *wdev;
13421 unsigned int vcmd_idx;
13422 const struct wiphy_vendor_command *vcmd;
13423 void *data;
13424 int data_len;
13425 int err;
13426 struct nlattr *vendor_data;
13427
13428 rtnl_lock();
13429 err = nl80211_prepare_vendor_dump(skb, cb, &rdev, &wdev);
13430 if (err)
13431 goto out;
13432
13433 vcmd_idx = cb->args[2];
13434 data = (void *)cb->args[3];
13435 data_len = cb->args[4];
13436 vcmd = &rdev->wiphy.vendor_commands[vcmd_idx];
13437
13438 if (vcmd->flags & (WIPHY_VENDOR_CMD_NEED_WDEV |
13439 WIPHY_VENDOR_CMD_NEED_NETDEV)) {
13440 if (!wdev) {
13441 err = -EINVAL;
13442 goto out;
13443 }
13444 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_NETDEV &&
13445 !wdev->netdev) {
13446 err = -EINVAL;
13447 goto out;
13448 }
13449
13450 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_RUNNING) {
13451 if (!wdev_running(wdev)) {
13452 err = -ENETDOWN;
13453 goto out;
13454 }
13455 }
13456 }
13457
13458 while (1) {
13459 void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid,
13460 cb->nlh->nlmsg_seq, NLM_F_MULTI,
13461 NL80211_CMD_VENDOR);
13462 if (!hdr)
13463 break;
13464
13465 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
13466 (wdev && nla_put_u64_64bit(skb, NL80211_ATTR_WDEV,
13467 wdev_id(wdev),
13468 NL80211_ATTR_PAD))) {
13469 genlmsg_cancel(skb, hdr);
13470 break;
13471 }
13472
13473 vendor_data = nla_nest_start_noflag(skb,
13474 NL80211_ATTR_VENDOR_DATA);
13475 if (!vendor_data) {
13476 genlmsg_cancel(skb, hdr);
13477 break;
13478 }
13479
13480 err = vcmd->dumpit(&rdev->wiphy, wdev, skb, data, data_len,
13481 (unsigned long *)&cb->args[5]);
13482 nla_nest_end(skb, vendor_data);
13483
13484 if (err == -ENOBUFS || err == -ENOENT) {
13485 genlmsg_cancel(skb, hdr);
13486 break;
13487 } else if (err <= 0) {
13488 genlmsg_cancel(skb, hdr);
13489 goto out;
13490 }
13491
13492 genlmsg_end(skb, hdr);
13493 }
13494
13495 err = skb->len;
13496 out:
13497 rtnl_unlock();
13498 return err;
13499 }
13500
13501 struct sk_buff *__cfg80211_alloc_reply_skb(struct wiphy *wiphy,
13502 enum nl80211_commands cmd,
13503 enum nl80211_attrs attr,
13504 int approxlen)
13505 {
13506 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
13507
13508 if (WARN_ON(!rdev->cur_cmd_info))
13509 return NULL;
13510
13511 return __cfg80211_alloc_vendor_skb(rdev, NULL, approxlen,
13512 rdev->cur_cmd_info->snd_portid,
13513 rdev->cur_cmd_info->snd_seq,
13514 cmd, attr, NULL, GFP_KERNEL);
13515 }
13516 EXPORT_SYMBOL(__cfg80211_alloc_reply_skb);
13517
13518 int cfg80211_vendor_cmd_reply(struct sk_buff *skb)
13519 {
13520 struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
13521 void *hdr = ((void **)skb->cb)[1];
13522 struct nlattr *data = ((void **)skb->cb)[2];
13523
13524 /* clear CB data for netlink core to own from now on */
13525 memset(skb->cb, 0, sizeof(skb->cb));
13526
13527 if (WARN_ON(!rdev->cur_cmd_info)) {
13528 kfree_skb(skb);
13529 return -EINVAL;
13530 }
13531
13532 nla_nest_end(skb, data);
13533 genlmsg_end(skb, hdr);
13534 return genlmsg_reply(skb, rdev->cur_cmd_info);
13535 }
13536 EXPORT_SYMBOL_GPL(cfg80211_vendor_cmd_reply);
13537
13538 unsigned int cfg80211_vendor_cmd_get_sender(struct wiphy *wiphy)
13539 {
13540 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
13541
13542 if (WARN_ON(!rdev->cur_cmd_info))
13543 return 0;
13544
13545 return rdev->cur_cmd_info->snd_portid;
13546 }
13547 EXPORT_SYMBOL_GPL(cfg80211_vendor_cmd_get_sender);
13548
13549 static int nl80211_set_qos_map(struct sk_buff *skb,
13550 struct genl_info *info)
13551 {
13552 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13553 struct cfg80211_qos_map *qos_map = NULL;
13554 struct net_device *dev = info->user_ptr[1];
13555 u8 *pos, len, num_des, des_len, des;
13556 int ret;
13557
13558 if (!rdev->ops->set_qos_map)
13559 return -EOPNOTSUPP;
13560
13561 if (info->attrs[NL80211_ATTR_QOS_MAP]) {
13562 pos = nla_data(info->attrs[NL80211_ATTR_QOS_MAP]);
13563 len = nla_len(info->attrs[NL80211_ATTR_QOS_MAP]);
13564
13565 if (len % 2 || len < IEEE80211_QOS_MAP_LEN_MIN ||
13566 len > IEEE80211_QOS_MAP_LEN_MAX)
13567 return -EINVAL;
13568
13569 qos_map = kzalloc(sizeof(struct cfg80211_qos_map), GFP_KERNEL);
13570 if (!qos_map)
13571 return -ENOMEM;
13572
13573 num_des = (len - IEEE80211_QOS_MAP_LEN_MIN) >> 1;
13574 if (num_des) {
13575 des_len = num_des *
13576 sizeof(struct cfg80211_dscp_exception);
13577 memcpy(qos_map->dscp_exception, pos, des_len);
13578 qos_map->num_des = num_des;
13579 for (des = 0; des < num_des; des++) {
13580 if (qos_map->dscp_exception[des].up > 7) {
13581 kfree(qos_map);
13582 return -EINVAL;
13583 }
13584 }
13585 pos += des_len;
13586 }
13587 memcpy(qos_map->up, pos, IEEE80211_QOS_MAP_LEN_MIN);
13588 }
13589
13590 wdev_lock(dev->ieee80211_ptr);
13591 ret = nl80211_key_allowed(dev->ieee80211_ptr);
13592 if (!ret)
13593 ret = rdev_set_qos_map(rdev, dev, qos_map);
13594 wdev_unlock(dev->ieee80211_ptr);
13595
13596 kfree(qos_map);
13597 return ret;
13598 }
13599
13600 static int nl80211_add_tx_ts(struct sk_buff *skb, struct genl_info *info)
13601 {
13602 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13603 struct net_device *dev = info->user_ptr[1];
13604 struct wireless_dev *wdev = dev->ieee80211_ptr;
13605 const u8 *peer;
13606 u8 tsid, up;
13607 u16 admitted_time = 0;
13608 int err;
13609
13610 if (!(rdev->wiphy.features & NL80211_FEATURE_SUPPORTS_WMM_ADMISSION))
13611 return -EOPNOTSUPP;
13612
13613 if (!info->attrs[NL80211_ATTR_TSID] || !info->attrs[NL80211_ATTR_MAC] ||
13614 !info->attrs[NL80211_ATTR_USER_PRIO])
13615 return -EINVAL;
13616
13617 tsid = nla_get_u8(info->attrs[NL80211_ATTR_TSID]);
13618 up = nla_get_u8(info->attrs[NL80211_ATTR_USER_PRIO]);
13619
13620 /* WMM uses TIDs 0-7 even for TSPEC */
13621 if (tsid >= IEEE80211_FIRST_TSPEC_TSID) {
13622 /* TODO: handle 802.11 TSPEC/admission control
13623 * need more attributes for that (e.g. BA session requirement);
13624 * change the WMM adminssion test above to allow both then
13625 */
13626 return -EINVAL;
13627 }
13628
13629 peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
13630
13631 if (info->attrs[NL80211_ATTR_ADMITTED_TIME]) {
13632 admitted_time =
13633 nla_get_u16(info->attrs[NL80211_ATTR_ADMITTED_TIME]);
13634 if (!admitted_time)
13635 return -EINVAL;
13636 }
13637
13638 wdev_lock(wdev);
13639 switch (wdev->iftype) {
13640 case NL80211_IFTYPE_STATION:
13641 case NL80211_IFTYPE_P2P_CLIENT:
13642 if (wdev->current_bss)
13643 break;
13644 err = -ENOTCONN;
13645 goto out;
13646 default:
13647 err = -EOPNOTSUPP;
13648 goto out;
13649 }
13650
13651 err = rdev_add_tx_ts(rdev, dev, tsid, peer, up, admitted_time);
13652
13653 out:
13654 wdev_unlock(wdev);
13655 return err;
13656 }
13657
13658 static int nl80211_del_tx_ts(struct sk_buff *skb, struct genl_info *info)
13659 {
13660 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13661 struct net_device *dev = info->user_ptr[1];
13662 struct wireless_dev *wdev = dev->ieee80211_ptr;
13663 const u8 *peer;
13664 u8 tsid;
13665 int err;
13666
13667 if (!info->attrs[NL80211_ATTR_TSID] || !info->attrs[NL80211_ATTR_MAC])
13668 return -EINVAL;
13669
13670 tsid = nla_get_u8(info->attrs[NL80211_ATTR_TSID]);
13671 peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
13672
13673 wdev_lock(wdev);
13674 err = rdev_del_tx_ts(rdev, dev, tsid, peer);
13675 wdev_unlock(wdev);
13676
13677 return err;
13678 }
13679
13680 static int nl80211_tdls_channel_switch(struct sk_buff *skb,
13681 struct genl_info *info)
13682 {
13683 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13684 struct net_device *dev = info->user_ptr[1];
13685 struct wireless_dev *wdev = dev->ieee80211_ptr;
13686 struct cfg80211_chan_def chandef = {};
13687 const u8 *addr;
13688 u8 oper_class;
13689 int err;
13690
13691 if (!rdev->ops->tdls_channel_switch ||
13692 !(rdev->wiphy.features & NL80211_FEATURE_TDLS_CHANNEL_SWITCH))
13693 return -EOPNOTSUPP;
13694
13695 switch (dev->ieee80211_ptr->iftype) {
13696 case NL80211_IFTYPE_STATION:
13697 case NL80211_IFTYPE_P2P_CLIENT:
13698 break;
13699 default:
13700 return -EOPNOTSUPP;
13701 }
13702
13703 if (!info->attrs[NL80211_ATTR_MAC] ||
13704 !info->attrs[NL80211_ATTR_OPER_CLASS])
13705 return -EINVAL;
13706
13707 err = nl80211_parse_chandef(rdev, info, &chandef);
13708 if (err)
13709 return err;
13710
13711 /*
13712 * Don't allow wide channels on the 2.4Ghz band, as per IEEE802.11-2012
13713 * section 10.22.6.2.1. Disallow 5/10Mhz channels as well for now, the
13714 * specification is not defined for them.
13715 */
13716 if (chandef.chan->band == NL80211_BAND_2GHZ &&
13717 chandef.width != NL80211_CHAN_WIDTH_20_NOHT &&
13718 chandef.width != NL80211_CHAN_WIDTH_20)
13719 return -EINVAL;
13720
13721 /* we will be active on the TDLS link */
13722 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &chandef,
13723 wdev->iftype))
13724 return -EINVAL;
13725
13726 /* don't allow switching to DFS channels */
13727 if (cfg80211_chandef_dfs_required(wdev->wiphy, &chandef, wdev->iftype))
13728 return -EINVAL;
13729
13730 addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
13731 oper_class = nla_get_u8(info->attrs[NL80211_ATTR_OPER_CLASS]);
13732
13733 wdev_lock(wdev);
13734 err = rdev_tdls_channel_switch(rdev, dev, addr, oper_class, &chandef);
13735 wdev_unlock(wdev);
13736
13737 return err;
13738 }
13739
13740 static int nl80211_tdls_cancel_channel_switch(struct sk_buff *skb,
13741 struct genl_info *info)
13742 {
13743 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13744 struct net_device *dev = info->user_ptr[1];
13745 struct wireless_dev *wdev = dev->ieee80211_ptr;
13746 const u8 *addr;
13747
13748 if (!rdev->ops->tdls_channel_switch ||
13749 !rdev->ops->tdls_cancel_channel_switch ||
13750 !(rdev->wiphy.features & NL80211_FEATURE_TDLS_CHANNEL_SWITCH))
13751 return -EOPNOTSUPP;
13752
13753 switch (dev->ieee80211_ptr->iftype) {
13754 case NL80211_IFTYPE_STATION:
13755 case NL80211_IFTYPE_P2P_CLIENT:
13756 break;
13757 default:
13758 return -EOPNOTSUPP;
13759 }
13760
13761 if (!info->attrs[NL80211_ATTR_MAC])
13762 return -EINVAL;
13763
13764 addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
13765
13766 wdev_lock(wdev);
13767 rdev_tdls_cancel_channel_switch(rdev, dev, addr);
13768 wdev_unlock(wdev);
13769
13770 return 0;
13771 }
13772
13773 static int nl80211_set_multicast_to_unicast(struct sk_buff *skb,
13774 struct genl_info *info)
13775 {
13776 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13777 struct net_device *dev = info->user_ptr[1];
13778 struct wireless_dev *wdev = dev->ieee80211_ptr;
13779 const struct nlattr *nla;
13780 bool enabled;
13781
13782 if (!rdev->ops->set_multicast_to_unicast)
13783 return -EOPNOTSUPP;
13784
13785 if (wdev->iftype != NL80211_IFTYPE_AP &&
13786 wdev->iftype != NL80211_IFTYPE_P2P_GO)
13787 return -EOPNOTSUPP;
13788
13789 nla = info->attrs[NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED];
13790 enabled = nla_get_flag(nla);
13791
13792 return rdev_set_multicast_to_unicast(rdev, dev, enabled);
13793 }
13794
13795 static int nl80211_set_pmk(struct sk_buff *skb, struct genl_info *info)
13796 {
13797 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13798 struct net_device *dev = info->user_ptr[1];
13799 struct wireless_dev *wdev = dev->ieee80211_ptr;
13800 struct cfg80211_pmk_conf pmk_conf = {};
13801 int ret;
13802
13803 if (wdev->iftype != NL80211_IFTYPE_STATION &&
13804 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
13805 return -EOPNOTSUPP;
13806
13807 if (!wiphy_ext_feature_isset(&rdev->wiphy,
13808 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
13809 return -EOPNOTSUPP;
13810
13811 if (!info->attrs[NL80211_ATTR_MAC] || !info->attrs[NL80211_ATTR_PMK])
13812 return -EINVAL;
13813
13814 wdev_lock(wdev);
13815 if (!wdev->current_bss) {
13816 ret = -ENOTCONN;
13817 goto out;
13818 }
13819
13820 pmk_conf.aa = nla_data(info->attrs[NL80211_ATTR_MAC]);
13821 if (memcmp(pmk_conf.aa, wdev->current_bss->pub.bssid, ETH_ALEN)) {
13822 ret = -EINVAL;
13823 goto out;
13824 }
13825
13826 pmk_conf.pmk = nla_data(info->attrs[NL80211_ATTR_PMK]);
13827 pmk_conf.pmk_len = nla_len(info->attrs[NL80211_ATTR_PMK]);
13828 if (pmk_conf.pmk_len != WLAN_PMK_LEN &&
13829 pmk_conf.pmk_len != WLAN_PMK_LEN_SUITE_B_192) {
13830 ret = -EINVAL;
13831 goto out;
13832 }
13833
13834 if (info->attrs[NL80211_ATTR_PMKR0_NAME]) {
13835 int r0_name_len = nla_len(info->attrs[NL80211_ATTR_PMKR0_NAME]);
13836
13837 if (r0_name_len != WLAN_PMK_NAME_LEN) {
13838 ret = -EINVAL;
13839 goto out;
13840 }
13841
13842 pmk_conf.pmk_r0_name =
13843 nla_data(info->attrs[NL80211_ATTR_PMKR0_NAME]);
13844 }
13845
13846 ret = rdev_set_pmk(rdev, dev, &pmk_conf);
13847 out:
13848 wdev_unlock(wdev);
13849 return ret;
13850 }
13851
13852 static int nl80211_del_pmk(struct sk_buff *skb, struct genl_info *info)
13853 {
13854 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13855 struct net_device *dev = info->user_ptr[1];
13856 struct wireless_dev *wdev = dev->ieee80211_ptr;
13857 const u8 *aa;
13858 int ret;
13859
13860 if (wdev->iftype != NL80211_IFTYPE_STATION &&
13861 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
13862 return -EOPNOTSUPP;
13863
13864 if (!wiphy_ext_feature_isset(&rdev->wiphy,
13865 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
13866 return -EOPNOTSUPP;
13867
13868 if (!info->attrs[NL80211_ATTR_MAC])
13869 return -EINVAL;
13870
13871 wdev_lock(wdev);
13872 aa = nla_data(info->attrs[NL80211_ATTR_MAC]);
13873 ret = rdev_del_pmk(rdev, dev, aa);
13874 wdev_unlock(wdev);
13875
13876 return ret;
13877 }
13878
13879 static int nl80211_external_auth(struct sk_buff *skb, struct genl_info *info)
13880 {
13881 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13882 struct net_device *dev = info->user_ptr[1];
13883 struct cfg80211_external_auth_params params;
13884
13885 if (!rdev->ops->external_auth)
13886 return -EOPNOTSUPP;
13887
13888 if (!info->attrs[NL80211_ATTR_SSID] &&
13889 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
13890 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
13891 return -EINVAL;
13892
13893 if (!info->attrs[NL80211_ATTR_BSSID])
13894 return -EINVAL;
13895
13896 if (!info->attrs[NL80211_ATTR_STATUS_CODE])
13897 return -EINVAL;
13898
13899 memset(&params, 0, sizeof(params));
13900
13901 if (info->attrs[NL80211_ATTR_SSID]) {
13902 params.ssid.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
13903 if (params.ssid.ssid_len == 0 ||
13904 params.ssid.ssid_len > IEEE80211_MAX_SSID_LEN)
13905 return -EINVAL;
13906 memcpy(params.ssid.ssid,
13907 nla_data(info->attrs[NL80211_ATTR_SSID]),
13908 params.ssid.ssid_len);
13909 }
13910
13911 memcpy(params.bssid, nla_data(info->attrs[NL80211_ATTR_BSSID]),
13912 ETH_ALEN);
13913
13914 params.status = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
13915
13916 if (info->attrs[NL80211_ATTR_PMKID])
13917 params.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]);
13918
13919 return rdev_external_auth(rdev, dev, &params);
13920 }
13921
13922 static int nl80211_tx_control_port(struct sk_buff *skb, struct genl_info *info)
13923 {
13924 bool dont_wait_for_ack = info->attrs[NL80211_ATTR_DONT_WAIT_FOR_ACK];
13925 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13926 struct net_device *dev = info->user_ptr[1];
13927 struct wireless_dev *wdev = dev->ieee80211_ptr;
13928 const u8 *buf;
13929 size_t len;
13930 u8 *dest;
13931 u16 proto;
13932 bool noencrypt;
13933 u64 cookie = 0;
13934 int err;
13935
13936 if (!wiphy_ext_feature_isset(&rdev->wiphy,
13937 NL80211_EXT_FEATURE_CONTROL_PORT_OVER_NL80211))
13938 return -EOPNOTSUPP;
13939
13940 if (!rdev->ops->tx_control_port)
13941 return -EOPNOTSUPP;
13942
13943 if (!info->attrs[NL80211_ATTR_FRAME] ||
13944 !info->attrs[NL80211_ATTR_MAC] ||
13945 !info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) {
13946 GENL_SET_ERR_MSG(info, "Frame, MAC or ethertype missing");
13947 return -EINVAL;
13948 }
13949
13950 wdev_lock(wdev);
13951
13952 switch (wdev->iftype) {
13953 case NL80211_IFTYPE_AP:
13954 case NL80211_IFTYPE_P2P_GO:
13955 case NL80211_IFTYPE_MESH_POINT:
13956 break;
13957 case NL80211_IFTYPE_ADHOC:
13958 case NL80211_IFTYPE_STATION:
13959 case NL80211_IFTYPE_P2P_CLIENT:
13960 if (wdev->current_bss)
13961 break;
13962 err = -ENOTCONN;
13963 goto out;
13964 default:
13965 err = -EOPNOTSUPP;
13966 goto out;
13967 }
13968
13969 wdev_unlock(wdev);
13970
13971 buf = nla_data(info->attrs[NL80211_ATTR_FRAME]);
13972 len = nla_len(info->attrs[NL80211_ATTR_FRAME]);
13973 dest = nla_data(info->attrs[NL80211_ATTR_MAC]);
13974 proto = nla_get_u16(info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]);
13975 noencrypt =
13976 nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT]);
13977
13978 err = rdev_tx_control_port(rdev, dev, buf, len,
13979 dest, cpu_to_be16(proto), noencrypt,
13980 dont_wait_for_ack ? NULL : &cookie);
13981 if (!err && !dont_wait_for_ack)
13982 nl_set_extack_cookie_u64(info->extack, cookie);
13983 return err;
13984 out:
13985 wdev_unlock(wdev);
13986 return err;
13987 }
13988
13989 static int nl80211_get_ftm_responder_stats(struct sk_buff *skb,
13990 struct genl_info *info)
13991 {
13992 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13993 struct net_device *dev = info->user_ptr[1];
13994 struct wireless_dev *wdev = dev->ieee80211_ptr;
13995 struct cfg80211_ftm_responder_stats ftm_stats = {};
13996 struct sk_buff *msg;
13997 void *hdr;
13998 struct nlattr *ftm_stats_attr;
13999 int err;
14000
14001 if (wdev->iftype != NL80211_IFTYPE_AP || !wdev->beacon_interval)
14002 return -EOPNOTSUPP;
14003
14004 err = rdev_get_ftm_responder_stats(rdev, dev, &ftm_stats);
14005 if (err)
14006 return err;
14007
14008 if (!ftm_stats.filled)
14009 return -ENODATA;
14010
14011 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
14012 if (!msg)
14013 return -ENOMEM;
14014
14015 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
14016 NL80211_CMD_GET_FTM_RESPONDER_STATS);
14017 if (!hdr)
14018 goto nla_put_failure;
14019
14020 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
14021 goto nla_put_failure;
14022
14023 ftm_stats_attr = nla_nest_start_noflag(msg,
14024 NL80211_ATTR_FTM_RESPONDER_STATS);
14025 if (!ftm_stats_attr)
14026 goto nla_put_failure;
14027
14028 #define SET_FTM(field, name, type) \
14029 do { if ((ftm_stats.filled & BIT(NL80211_FTM_STATS_ ## name)) && \
14030 nla_put_ ## type(msg, NL80211_FTM_STATS_ ## name, \
14031 ftm_stats.field)) \
14032 goto nla_put_failure; } while (0)
14033 #define SET_FTM_U64(field, name) \
14034 do { if ((ftm_stats.filled & BIT(NL80211_FTM_STATS_ ## name)) && \
14035 nla_put_u64_64bit(msg, NL80211_FTM_STATS_ ## name, \
14036 ftm_stats.field, NL80211_FTM_STATS_PAD)) \
14037 goto nla_put_failure; } while (0)
14038
14039 SET_FTM(success_num, SUCCESS_NUM, u32);
14040 SET_FTM(partial_num, PARTIAL_NUM, u32);
14041 SET_FTM(failed_num, FAILED_NUM, u32);
14042 SET_FTM(asap_num, ASAP_NUM, u32);
14043 SET_FTM(non_asap_num, NON_ASAP_NUM, u32);
14044 SET_FTM_U64(total_duration_ms, TOTAL_DURATION_MSEC);
14045 SET_FTM(unknown_triggers_num, UNKNOWN_TRIGGERS_NUM, u32);
14046 SET_FTM(reschedule_requests_num, RESCHEDULE_REQUESTS_NUM, u32);
14047 SET_FTM(out_of_window_triggers_num, OUT_OF_WINDOW_TRIGGERS_NUM, u32);
14048 #undef SET_FTM
14049
14050 nla_nest_end(msg, ftm_stats_attr);
14051
14052 genlmsg_end(msg, hdr);
14053 return genlmsg_reply(msg, info);
14054
14055 nla_put_failure:
14056 nlmsg_free(msg);
14057 return -ENOBUFS;
14058 }
14059
14060 static int nl80211_update_owe_info(struct sk_buff *skb, struct genl_info *info)
14061 {
14062 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14063 struct cfg80211_update_owe_info owe_info;
14064 struct net_device *dev = info->user_ptr[1];
14065
14066 if (!rdev->ops->update_owe_info)
14067 return -EOPNOTSUPP;
14068
14069 if (!info->attrs[NL80211_ATTR_STATUS_CODE] ||
14070 !info->attrs[NL80211_ATTR_MAC])
14071 return -EINVAL;
14072
14073 memset(&owe_info, 0, sizeof(owe_info));
14074 owe_info.status = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
14075 nla_memcpy(owe_info.peer, info->attrs[NL80211_ATTR_MAC], ETH_ALEN);
14076
14077 if (info->attrs[NL80211_ATTR_IE]) {
14078 owe_info.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
14079 owe_info.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
14080 }
14081
14082 return rdev_update_owe_info(rdev, dev, &owe_info);
14083 }
14084
14085 static int nl80211_probe_mesh_link(struct sk_buff *skb, struct genl_info *info)
14086 {
14087 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14088 struct net_device *dev = info->user_ptr[1];
14089 struct wireless_dev *wdev = dev->ieee80211_ptr;
14090 struct station_info sinfo = {};
14091 const u8 *buf;
14092 size_t len;
14093 u8 *dest;
14094 int err;
14095
14096 if (!rdev->ops->probe_mesh_link || !rdev->ops->get_station)
14097 return -EOPNOTSUPP;
14098
14099 if (!info->attrs[NL80211_ATTR_MAC] ||
14100 !info->attrs[NL80211_ATTR_FRAME]) {
14101 GENL_SET_ERR_MSG(info, "Frame or MAC missing");
14102 return -EINVAL;
14103 }
14104
14105 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
14106 return -EOPNOTSUPP;
14107
14108 dest = nla_data(info->attrs[NL80211_ATTR_MAC]);
14109 buf = nla_data(info->attrs[NL80211_ATTR_FRAME]);
14110 len = nla_len(info->attrs[NL80211_ATTR_FRAME]);
14111
14112 if (len < sizeof(struct ethhdr))
14113 return -EINVAL;
14114
14115 if (!ether_addr_equal(buf, dest) || is_multicast_ether_addr(buf) ||
14116 !ether_addr_equal(buf + ETH_ALEN, dev->dev_addr))
14117 return -EINVAL;
14118
14119 err = rdev_get_station(rdev, dev, dest, &sinfo);
14120 if (err)
14121 return err;
14122
14123 cfg80211_sinfo_release_content(&sinfo);
14124
14125 return rdev_probe_mesh_link(rdev, dev, dest, buf, len);
14126 }
14127
14128 static int parse_tid_conf(struct cfg80211_registered_device *rdev,
14129 struct nlattr *attrs[], struct net_device *dev,
14130 struct cfg80211_tid_cfg *tid_conf,
14131 struct genl_info *info, const u8 *peer)
14132 {
14133 struct netlink_ext_ack *extack = info->extack;
14134 u64 mask;
14135 int err;
14136
14137 if (!attrs[NL80211_TID_CONFIG_ATTR_TIDS])
14138 return -EINVAL;
14139
14140 tid_conf->config_override =
14141 nla_get_flag(attrs[NL80211_TID_CONFIG_ATTR_OVERRIDE]);
14142 tid_conf->tids = nla_get_u16(attrs[NL80211_TID_CONFIG_ATTR_TIDS]);
14143
14144 if (tid_conf->config_override) {
14145 if (rdev->ops->reset_tid_config) {
14146 err = rdev_reset_tid_config(rdev, dev, peer,
14147 tid_conf->tids);
14148 if (err)
14149 return err;
14150 } else {
14151 return -EINVAL;
14152 }
14153 }
14154
14155 if (attrs[NL80211_TID_CONFIG_ATTR_NOACK]) {
14156 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_NOACK);
14157 tid_conf->noack =
14158 nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_NOACK]);
14159 }
14160
14161 if (attrs[NL80211_TID_CONFIG_ATTR_RETRY_SHORT]) {
14162 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_RETRY_SHORT);
14163 tid_conf->retry_short =
14164 nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_RETRY_SHORT]);
14165
14166 if (tid_conf->retry_short > rdev->wiphy.max_data_retry_count)
14167 return -EINVAL;
14168 }
14169
14170 if (attrs[NL80211_TID_CONFIG_ATTR_RETRY_LONG]) {
14171 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_RETRY_LONG);
14172 tid_conf->retry_long =
14173 nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_RETRY_LONG]);
14174
14175 if (tid_conf->retry_long > rdev->wiphy.max_data_retry_count)
14176 return -EINVAL;
14177 }
14178
14179 if (attrs[NL80211_TID_CONFIG_ATTR_AMPDU_CTRL]) {
14180 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL);
14181 tid_conf->ampdu =
14182 nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_AMPDU_CTRL]);
14183 }
14184
14185 if (attrs[NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL]) {
14186 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL);
14187 tid_conf->rtscts =
14188 nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL]);
14189 }
14190
14191 if (attrs[NL80211_TID_CONFIG_ATTR_AMSDU_CTRL]) {
14192 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_AMSDU_CTRL);
14193 tid_conf->amsdu =
14194 nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_AMSDU_CTRL]);
14195 }
14196
14197 if (attrs[NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE]) {
14198 u32 idx = NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE, attr;
14199
14200 tid_conf->txrate_type = nla_get_u8(attrs[idx]);
14201
14202 if (tid_conf->txrate_type != NL80211_TX_RATE_AUTOMATIC) {
14203 attr = NL80211_TID_CONFIG_ATTR_TX_RATE;
14204 err = nl80211_parse_tx_bitrate_mask(info, attrs, attr,
14205 &tid_conf->txrate_mask);
14206 if (err)
14207 return err;
14208
14209 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_TX_RATE);
14210 }
14211 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE);
14212 }
14213
14214 if (peer)
14215 mask = rdev->wiphy.tid_config_support.peer;
14216 else
14217 mask = rdev->wiphy.tid_config_support.vif;
14218
14219 if (tid_conf->mask & ~mask) {
14220 NL_SET_ERR_MSG(extack, "unsupported TID configuration");
14221 return -ENOTSUPP;
14222 }
14223
14224 return 0;
14225 }
14226
14227 static int nl80211_set_tid_config(struct sk_buff *skb,
14228 struct genl_info *info)
14229 {
14230 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14231 struct nlattr *attrs[NL80211_TID_CONFIG_ATTR_MAX + 1];
14232 struct net_device *dev = info->user_ptr[1];
14233 struct cfg80211_tid_config *tid_config;
14234 struct nlattr *tid;
14235 int conf_idx = 0, rem_conf;
14236 int ret = -EINVAL;
14237 u32 num_conf = 0;
14238
14239 if (!info->attrs[NL80211_ATTR_TID_CONFIG])
14240 return -EINVAL;
14241
14242 if (!rdev->ops->set_tid_config)
14243 return -EOPNOTSUPP;
14244
14245 nla_for_each_nested(tid, info->attrs[NL80211_ATTR_TID_CONFIG],
14246 rem_conf)
14247 num_conf++;
14248
14249 tid_config = kzalloc(struct_size(tid_config, tid_conf, num_conf),
14250 GFP_KERNEL);
14251 if (!tid_config)
14252 return -ENOMEM;
14253
14254 tid_config->n_tid_conf = num_conf;
14255
14256 if (info->attrs[NL80211_ATTR_MAC])
14257 tid_config->peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
14258
14259 nla_for_each_nested(tid, info->attrs[NL80211_ATTR_TID_CONFIG],
14260 rem_conf) {
14261 ret = nla_parse_nested(attrs, NL80211_TID_CONFIG_ATTR_MAX,
14262 tid, NULL, NULL);
14263
14264 if (ret)
14265 goto bad_tid_conf;
14266
14267 ret = parse_tid_conf(rdev, attrs, dev,
14268 &tid_config->tid_conf[conf_idx],
14269 info, tid_config->peer);
14270 if (ret)
14271 goto bad_tid_conf;
14272
14273 conf_idx++;
14274 }
14275
14276 ret = rdev_set_tid_config(rdev, dev, tid_config);
14277
14278 bad_tid_conf:
14279 kfree(tid_config);
14280 return ret;
14281 }
14282
14283 #define NL80211_FLAG_NEED_WIPHY 0x01
14284 #define NL80211_FLAG_NEED_NETDEV 0x02
14285 #define NL80211_FLAG_NEED_RTNL 0x04
14286 #define NL80211_FLAG_CHECK_NETDEV_UP 0x08
14287 #define NL80211_FLAG_NEED_NETDEV_UP (NL80211_FLAG_NEED_NETDEV |\
14288 NL80211_FLAG_CHECK_NETDEV_UP)
14289 #define NL80211_FLAG_NEED_WDEV 0x10
14290 /* If a netdev is associated, it must be UP, P2P must be started */
14291 #define NL80211_FLAG_NEED_WDEV_UP (NL80211_FLAG_NEED_WDEV |\
14292 NL80211_FLAG_CHECK_NETDEV_UP)
14293 #define NL80211_FLAG_CLEAR_SKB 0x20
14294
14295 static int nl80211_pre_doit(const struct genl_ops *ops, struct sk_buff *skb,
14296 struct genl_info *info)
14297 {
14298 struct cfg80211_registered_device *rdev;
14299 struct wireless_dev *wdev;
14300 struct net_device *dev;
14301 bool rtnl = ops->internal_flags & NL80211_FLAG_NEED_RTNL;
14302
14303 if (rtnl)
14304 rtnl_lock();
14305
14306 if (ops->internal_flags & NL80211_FLAG_NEED_WIPHY) {
14307 rdev = cfg80211_get_dev_from_info(genl_info_net(info), info);
14308 if (IS_ERR(rdev)) {
14309 if (rtnl)
14310 rtnl_unlock();
14311 return PTR_ERR(rdev);
14312 }
14313 info->user_ptr[0] = rdev;
14314 } else if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV ||
14315 ops->internal_flags & NL80211_FLAG_NEED_WDEV) {
14316 ASSERT_RTNL();
14317
14318 wdev = __cfg80211_wdev_from_attrs(genl_info_net(info),
14319 info->attrs);
14320 if (IS_ERR(wdev)) {
14321 if (rtnl)
14322 rtnl_unlock();
14323 return PTR_ERR(wdev);
14324 }
14325
14326 dev = wdev->netdev;
14327 rdev = wiphy_to_rdev(wdev->wiphy);
14328
14329 if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV) {
14330 if (!dev) {
14331 if (rtnl)
14332 rtnl_unlock();
14333 return -EINVAL;
14334 }
14335
14336 info->user_ptr[1] = dev;
14337 } else {
14338 info->user_ptr[1] = wdev;
14339 }
14340
14341 if (ops->internal_flags & NL80211_FLAG_CHECK_NETDEV_UP &&
14342 !wdev_running(wdev)) {
14343 if (rtnl)
14344 rtnl_unlock();
14345 return -ENETDOWN;
14346 }
14347
14348 if (dev)
14349 dev_hold(dev);
14350
14351 info->user_ptr[0] = rdev;
14352 }
14353
14354 return 0;
14355 }
14356
14357 static void nl80211_post_doit(const struct genl_ops *ops, struct sk_buff *skb,
14358 struct genl_info *info)
14359 {
14360 if (info->user_ptr[1]) {
14361 if (ops->internal_flags & NL80211_FLAG_NEED_WDEV) {
14362 struct wireless_dev *wdev = info->user_ptr[1];
14363
14364 if (wdev->netdev)
14365 dev_put(wdev->netdev);
14366 } else {
14367 dev_put(info->user_ptr[1]);
14368 }
14369 }
14370
14371 if (ops->internal_flags & NL80211_FLAG_NEED_RTNL)
14372 rtnl_unlock();
14373
14374 /* If needed, clear the netlink message payload from the SKB
14375 * as it might contain key data that shouldn't stick around on
14376 * the heap after the SKB is freed. The netlink message header
14377 * is still needed for further processing, so leave it intact.
14378 */
14379 if (ops->internal_flags & NL80211_FLAG_CLEAR_SKB) {
14380 struct nlmsghdr *nlh = nlmsg_hdr(skb);
14381
14382 memset(nlmsg_data(nlh), 0, nlmsg_len(nlh));
14383 }
14384 }
14385
14386 static const struct genl_ops nl80211_ops[] = {
14387 {
14388 .cmd = NL80211_CMD_GET_WIPHY,
14389 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14390 .doit = nl80211_get_wiphy,
14391 .dumpit = nl80211_dump_wiphy,
14392 .done = nl80211_dump_wiphy_done,
14393 /* can be retrieved by unprivileged users */
14394 .internal_flags = NL80211_FLAG_NEED_WIPHY |
14395 NL80211_FLAG_NEED_RTNL,
14396 },
14397 {
14398 .cmd = NL80211_CMD_SET_WIPHY,
14399 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14400 .doit = nl80211_set_wiphy,
14401 .flags = GENL_UNS_ADMIN_PERM,
14402 .internal_flags = NL80211_FLAG_NEED_RTNL,
14403 },
14404 {
14405 .cmd = NL80211_CMD_GET_INTERFACE,
14406 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14407 .doit = nl80211_get_interface,
14408 .dumpit = nl80211_dump_interface,
14409 /* can be retrieved by unprivileged users */
14410 .internal_flags = NL80211_FLAG_NEED_WDEV |
14411 NL80211_FLAG_NEED_RTNL,
14412 },
14413 {
14414 .cmd = NL80211_CMD_SET_INTERFACE,
14415 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14416 .doit = nl80211_set_interface,
14417 .flags = GENL_UNS_ADMIN_PERM,
14418 .internal_flags = NL80211_FLAG_NEED_NETDEV |
14419 NL80211_FLAG_NEED_RTNL,
14420 },
14421 {
14422 .cmd = NL80211_CMD_NEW_INTERFACE,
14423 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14424 .doit = nl80211_new_interface,
14425 .flags = GENL_UNS_ADMIN_PERM,
14426 .internal_flags = NL80211_FLAG_NEED_WIPHY |
14427 NL80211_FLAG_NEED_RTNL,
14428 },
14429 {
14430 .cmd = NL80211_CMD_DEL_INTERFACE,
14431 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14432 .doit = nl80211_del_interface,
14433 .flags = GENL_UNS_ADMIN_PERM,
14434 .internal_flags = NL80211_FLAG_NEED_WDEV |
14435 NL80211_FLAG_NEED_RTNL,
14436 },
14437 {
14438 .cmd = NL80211_CMD_GET_KEY,
14439 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14440 .doit = nl80211_get_key,
14441 .flags = GENL_UNS_ADMIN_PERM,
14442 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14443 NL80211_FLAG_NEED_RTNL,
14444 },
14445 {
14446 .cmd = NL80211_CMD_SET_KEY,
14447 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14448 .doit = nl80211_set_key,
14449 .flags = GENL_UNS_ADMIN_PERM,
14450 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14451 NL80211_FLAG_NEED_RTNL |
14452 NL80211_FLAG_CLEAR_SKB,
14453 },
14454 {
14455 .cmd = NL80211_CMD_NEW_KEY,
14456 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14457 .doit = nl80211_new_key,
14458 .flags = GENL_UNS_ADMIN_PERM,
14459 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14460 NL80211_FLAG_NEED_RTNL |
14461 NL80211_FLAG_CLEAR_SKB,
14462 },
14463 {
14464 .cmd = NL80211_CMD_DEL_KEY,
14465 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14466 .doit = nl80211_del_key,
14467 .flags = GENL_UNS_ADMIN_PERM,
14468 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14469 NL80211_FLAG_NEED_RTNL,
14470 },
14471 {
14472 .cmd = NL80211_CMD_SET_BEACON,
14473 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14474 .flags = GENL_UNS_ADMIN_PERM,
14475 .doit = nl80211_set_beacon,
14476 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14477 NL80211_FLAG_NEED_RTNL,
14478 },
14479 {
14480 .cmd = NL80211_CMD_START_AP,
14481 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14482 .flags = GENL_UNS_ADMIN_PERM,
14483 .doit = nl80211_start_ap,
14484 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14485 NL80211_FLAG_NEED_RTNL,
14486 },
14487 {
14488 .cmd = NL80211_CMD_STOP_AP,
14489 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14490 .flags = GENL_UNS_ADMIN_PERM,
14491 .doit = nl80211_stop_ap,
14492 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14493 NL80211_FLAG_NEED_RTNL,
14494 },
14495 {
14496 .cmd = NL80211_CMD_GET_STATION,
14497 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14498 .doit = nl80211_get_station,
14499 .dumpit = nl80211_dump_station,
14500 .internal_flags = NL80211_FLAG_NEED_NETDEV |
14501 NL80211_FLAG_NEED_RTNL,
14502 },
14503 {
14504 .cmd = NL80211_CMD_SET_STATION,
14505 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14506 .doit = nl80211_set_station,
14507 .flags = GENL_UNS_ADMIN_PERM,
14508 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14509 NL80211_FLAG_NEED_RTNL,
14510 },
14511 {
14512 .cmd = NL80211_CMD_NEW_STATION,
14513 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14514 .doit = nl80211_new_station,
14515 .flags = GENL_UNS_ADMIN_PERM,
14516 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14517 NL80211_FLAG_NEED_RTNL,
14518 },
14519 {
14520 .cmd = NL80211_CMD_DEL_STATION,
14521 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14522 .doit = nl80211_del_station,
14523 .flags = GENL_UNS_ADMIN_PERM,
14524 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14525 NL80211_FLAG_NEED_RTNL,
14526 },
14527 {
14528 .cmd = NL80211_CMD_GET_MPATH,
14529 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14530 .doit = nl80211_get_mpath,
14531 .dumpit = nl80211_dump_mpath,
14532 .flags = GENL_UNS_ADMIN_PERM,
14533 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14534 NL80211_FLAG_NEED_RTNL,
14535 },
14536 {
14537 .cmd = NL80211_CMD_GET_MPP,
14538 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14539 .doit = nl80211_get_mpp,
14540 .dumpit = nl80211_dump_mpp,
14541 .flags = GENL_UNS_ADMIN_PERM,
14542 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14543 NL80211_FLAG_NEED_RTNL,
14544 },
14545 {
14546 .cmd = NL80211_CMD_SET_MPATH,
14547 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14548 .doit = nl80211_set_mpath,
14549 .flags = GENL_UNS_ADMIN_PERM,
14550 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14551 NL80211_FLAG_NEED_RTNL,
14552 },
14553 {
14554 .cmd = NL80211_CMD_NEW_MPATH,
14555 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14556 .doit = nl80211_new_mpath,
14557 .flags = GENL_UNS_ADMIN_PERM,
14558 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14559 NL80211_FLAG_NEED_RTNL,
14560 },
14561 {
14562 .cmd = NL80211_CMD_DEL_MPATH,
14563 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14564 .doit = nl80211_del_mpath,
14565 .flags = GENL_UNS_ADMIN_PERM,
14566 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14567 NL80211_FLAG_NEED_RTNL,
14568 },
14569 {
14570 .cmd = NL80211_CMD_SET_BSS,
14571 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14572 .doit = nl80211_set_bss,
14573 .flags = GENL_UNS_ADMIN_PERM,
14574 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14575 NL80211_FLAG_NEED_RTNL,
14576 },
14577 {
14578 .cmd = NL80211_CMD_GET_REG,
14579 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14580 .doit = nl80211_get_reg_do,
14581 .dumpit = nl80211_get_reg_dump,
14582 .internal_flags = NL80211_FLAG_NEED_RTNL,
14583 /* can be retrieved by unprivileged users */
14584 },
14585 #ifdef CONFIG_CFG80211_CRDA_SUPPORT
14586 {
14587 .cmd = NL80211_CMD_SET_REG,
14588 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14589 .doit = nl80211_set_reg,
14590 .flags = GENL_ADMIN_PERM,
14591 .internal_flags = NL80211_FLAG_NEED_RTNL,
14592 },
14593 #endif
14594 {
14595 .cmd = NL80211_CMD_REQ_SET_REG,
14596 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14597 .doit = nl80211_req_set_reg,
14598 .flags = GENL_ADMIN_PERM,
14599 },
14600 {
14601 .cmd = NL80211_CMD_RELOAD_REGDB,
14602 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14603 .doit = nl80211_reload_regdb,
14604 .flags = GENL_ADMIN_PERM,
14605 },
14606 {
14607 .cmd = NL80211_CMD_GET_MESH_CONFIG,
14608 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14609 .doit = nl80211_get_mesh_config,
14610 /* can be retrieved by unprivileged users */
14611 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14612 NL80211_FLAG_NEED_RTNL,
14613 },
14614 {
14615 .cmd = NL80211_CMD_SET_MESH_CONFIG,
14616 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14617 .doit = nl80211_update_mesh_config,
14618 .flags = GENL_UNS_ADMIN_PERM,
14619 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14620 NL80211_FLAG_NEED_RTNL,
14621 },
14622 {
14623 .cmd = NL80211_CMD_TRIGGER_SCAN,
14624 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14625 .doit = nl80211_trigger_scan,
14626 .flags = GENL_UNS_ADMIN_PERM,
14627 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14628 NL80211_FLAG_NEED_RTNL,
14629 },
14630 {
14631 .cmd = NL80211_CMD_ABORT_SCAN,
14632 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14633 .doit = nl80211_abort_scan,
14634 .flags = GENL_UNS_ADMIN_PERM,
14635 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14636 NL80211_FLAG_NEED_RTNL,
14637 },
14638 {
14639 .cmd = NL80211_CMD_GET_SCAN,
14640 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14641 .dumpit = nl80211_dump_scan,
14642 },
14643 {
14644 .cmd = NL80211_CMD_START_SCHED_SCAN,
14645 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14646 .doit = nl80211_start_sched_scan,
14647 .flags = GENL_UNS_ADMIN_PERM,
14648 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14649 NL80211_FLAG_NEED_RTNL,
14650 },
14651 {
14652 .cmd = NL80211_CMD_STOP_SCHED_SCAN,
14653 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14654 .doit = nl80211_stop_sched_scan,
14655 .flags = GENL_UNS_ADMIN_PERM,
14656 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14657 NL80211_FLAG_NEED_RTNL,
14658 },
14659 {
14660 .cmd = NL80211_CMD_AUTHENTICATE,
14661 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14662 .doit = nl80211_authenticate,
14663 .flags = GENL_UNS_ADMIN_PERM,
14664 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14665 NL80211_FLAG_NEED_RTNL |
14666 NL80211_FLAG_CLEAR_SKB,
14667 },
14668 {
14669 .cmd = NL80211_CMD_ASSOCIATE,
14670 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14671 .doit = nl80211_associate,
14672 .flags = GENL_UNS_ADMIN_PERM,
14673 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14674 NL80211_FLAG_NEED_RTNL |
14675 NL80211_FLAG_CLEAR_SKB,
14676 },
14677 {
14678 .cmd = NL80211_CMD_DEAUTHENTICATE,
14679 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14680 .doit = nl80211_deauthenticate,
14681 .flags = GENL_UNS_ADMIN_PERM,
14682 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14683 NL80211_FLAG_NEED_RTNL,
14684 },
14685 {
14686 .cmd = NL80211_CMD_DISASSOCIATE,
14687 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14688 .doit = nl80211_disassociate,
14689 .flags = GENL_UNS_ADMIN_PERM,
14690 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14691 NL80211_FLAG_NEED_RTNL,
14692 },
14693 {
14694 .cmd = NL80211_CMD_JOIN_IBSS,
14695 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14696 .doit = nl80211_join_ibss,
14697 .flags = GENL_UNS_ADMIN_PERM,
14698 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14699 NL80211_FLAG_NEED_RTNL,
14700 },
14701 {
14702 .cmd = NL80211_CMD_LEAVE_IBSS,
14703 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14704 .doit = nl80211_leave_ibss,
14705 .flags = GENL_UNS_ADMIN_PERM,
14706 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14707 NL80211_FLAG_NEED_RTNL,
14708 },
14709 #ifdef CONFIG_NL80211_TESTMODE
14710 {
14711 .cmd = NL80211_CMD_TESTMODE,
14712 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14713 .doit = nl80211_testmode_do,
14714 .dumpit = nl80211_testmode_dump,
14715 .flags = GENL_UNS_ADMIN_PERM,
14716 .internal_flags = NL80211_FLAG_NEED_WIPHY |
14717 NL80211_FLAG_NEED_RTNL,
14718 },
14719 #endif
14720 {
14721 .cmd = NL80211_CMD_CONNECT,
14722 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14723 .doit = nl80211_connect,
14724 .flags = GENL_UNS_ADMIN_PERM,
14725 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14726 NL80211_FLAG_NEED_RTNL |
14727 NL80211_FLAG_CLEAR_SKB,
14728 },
14729 {
14730 .cmd = NL80211_CMD_UPDATE_CONNECT_PARAMS,
14731 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14732 .doit = nl80211_update_connect_params,
14733 .flags = GENL_ADMIN_PERM,
14734 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14735 NL80211_FLAG_NEED_RTNL |
14736 NL80211_FLAG_CLEAR_SKB,
14737 },
14738 {
14739 .cmd = NL80211_CMD_DISCONNECT,
14740 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14741 .doit = nl80211_disconnect,
14742 .flags = GENL_UNS_ADMIN_PERM,
14743 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14744 NL80211_FLAG_NEED_RTNL,
14745 },
14746 {
14747 .cmd = NL80211_CMD_SET_WIPHY_NETNS,
14748 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14749 .doit = nl80211_wiphy_netns,
14750 .flags = GENL_UNS_ADMIN_PERM,
14751 .internal_flags = NL80211_FLAG_NEED_WIPHY |
14752 NL80211_FLAG_NEED_RTNL,
14753 },
14754 {
14755 .cmd = NL80211_CMD_GET_SURVEY,
14756 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14757 .dumpit = nl80211_dump_survey,
14758 },
14759 {
14760 .cmd = NL80211_CMD_SET_PMKSA,
14761 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14762 .doit = nl80211_setdel_pmksa,
14763 .flags = GENL_UNS_ADMIN_PERM,
14764 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14765 NL80211_FLAG_NEED_RTNL |
14766 NL80211_FLAG_CLEAR_SKB,
14767 },
14768 {
14769 .cmd = NL80211_CMD_DEL_PMKSA,
14770 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14771 .doit = nl80211_setdel_pmksa,
14772 .flags = GENL_UNS_ADMIN_PERM,
14773 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14774 NL80211_FLAG_NEED_RTNL,
14775 },
14776 {
14777 .cmd = NL80211_CMD_FLUSH_PMKSA,
14778 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14779 .doit = nl80211_flush_pmksa,
14780 .flags = GENL_UNS_ADMIN_PERM,
14781 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14782 NL80211_FLAG_NEED_RTNL,
14783 },
14784 {
14785 .cmd = NL80211_CMD_REMAIN_ON_CHANNEL,
14786 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14787 .doit = nl80211_remain_on_channel,
14788 .flags = GENL_UNS_ADMIN_PERM,
14789 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14790 NL80211_FLAG_NEED_RTNL,
14791 },
14792 {
14793 .cmd = NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
14794 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14795 .doit = nl80211_cancel_remain_on_channel,
14796 .flags = GENL_UNS_ADMIN_PERM,
14797 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14798 NL80211_FLAG_NEED_RTNL,
14799 },
14800 {
14801 .cmd = NL80211_CMD_SET_TX_BITRATE_MASK,
14802 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14803 .doit = nl80211_set_tx_bitrate_mask,
14804 .flags = GENL_UNS_ADMIN_PERM,
14805 .internal_flags = NL80211_FLAG_NEED_NETDEV |
14806 NL80211_FLAG_NEED_RTNL,
14807 },
14808 {
14809 .cmd = NL80211_CMD_REGISTER_FRAME,
14810 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14811 .doit = nl80211_register_mgmt,
14812 .flags = GENL_UNS_ADMIN_PERM,
14813 .internal_flags = NL80211_FLAG_NEED_WDEV |
14814 NL80211_FLAG_NEED_RTNL,
14815 },
14816 {
14817 .cmd = NL80211_CMD_FRAME,
14818 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14819 .doit = nl80211_tx_mgmt,
14820 .flags = GENL_UNS_ADMIN_PERM,
14821 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14822 NL80211_FLAG_NEED_RTNL,
14823 },
14824 {
14825 .cmd = NL80211_CMD_FRAME_WAIT_CANCEL,
14826 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14827 .doit = nl80211_tx_mgmt_cancel_wait,
14828 .flags = GENL_UNS_ADMIN_PERM,
14829 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14830 NL80211_FLAG_NEED_RTNL,
14831 },
14832 {
14833 .cmd = NL80211_CMD_SET_POWER_SAVE,
14834 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14835 .doit = nl80211_set_power_save,
14836 .flags = GENL_UNS_ADMIN_PERM,
14837 .internal_flags = NL80211_FLAG_NEED_NETDEV |
14838 NL80211_FLAG_NEED_RTNL,
14839 },
14840 {
14841 .cmd = NL80211_CMD_GET_POWER_SAVE,
14842 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14843 .doit = nl80211_get_power_save,
14844 /* can be retrieved by unprivileged users */
14845 .internal_flags = NL80211_FLAG_NEED_NETDEV |
14846 NL80211_FLAG_NEED_RTNL,
14847 },
14848 {
14849 .cmd = NL80211_CMD_SET_CQM,
14850 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14851 .doit = nl80211_set_cqm,
14852 .flags = GENL_UNS_ADMIN_PERM,
14853 .internal_flags = NL80211_FLAG_NEED_NETDEV |
14854 NL80211_FLAG_NEED_RTNL,
14855 },
14856 {
14857 .cmd = NL80211_CMD_SET_CHANNEL,
14858 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14859 .doit = nl80211_set_channel,
14860 .flags = GENL_UNS_ADMIN_PERM,
14861 .internal_flags = NL80211_FLAG_NEED_NETDEV |
14862 NL80211_FLAG_NEED_RTNL,
14863 },
14864 {
14865 .cmd = NL80211_CMD_SET_WDS_PEER,
14866 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14867 .doit = nl80211_set_wds_peer,
14868 .flags = GENL_UNS_ADMIN_PERM,
14869 .internal_flags = NL80211_FLAG_NEED_NETDEV |
14870 NL80211_FLAG_NEED_RTNL,
14871 },
14872 {
14873 .cmd = NL80211_CMD_JOIN_MESH,
14874 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14875 .doit = nl80211_join_mesh,
14876 .flags = GENL_UNS_ADMIN_PERM,
14877 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14878 NL80211_FLAG_NEED_RTNL,
14879 },
14880 {
14881 .cmd = NL80211_CMD_LEAVE_MESH,
14882 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14883 .doit = nl80211_leave_mesh,
14884 .flags = GENL_UNS_ADMIN_PERM,
14885 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14886 NL80211_FLAG_NEED_RTNL,
14887 },
14888 {
14889 .cmd = NL80211_CMD_JOIN_OCB,
14890 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14891 .doit = nl80211_join_ocb,
14892 .flags = GENL_UNS_ADMIN_PERM,
14893 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14894 NL80211_FLAG_NEED_RTNL,
14895 },
14896 {
14897 .cmd = NL80211_CMD_LEAVE_OCB,
14898 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14899 .doit = nl80211_leave_ocb,
14900 .flags = GENL_UNS_ADMIN_PERM,
14901 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14902 NL80211_FLAG_NEED_RTNL,
14903 },
14904 #ifdef CONFIG_PM
14905 {
14906 .cmd = NL80211_CMD_GET_WOWLAN,
14907 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14908 .doit = nl80211_get_wowlan,
14909 /* can be retrieved by unprivileged users */
14910 .internal_flags = NL80211_FLAG_NEED_WIPHY |
14911 NL80211_FLAG_NEED_RTNL,
14912 },
14913 {
14914 .cmd = NL80211_CMD_SET_WOWLAN,
14915 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14916 .doit = nl80211_set_wowlan,
14917 .flags = GENL_UNS_ADMIN_PERM,
14918 .internal_flags = NL80211_FLAG_NEED_WIPHY |
14919 NL80211_FLAG_NEED_RTNL,
14920 },
14921 #endif
14922 {
14923 .cmd = NL80211_CMD_SET_REKEY_OFFLOAD,
14924 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14925 .doit = nl80211_set_rekey_data,
14926 .flags = GENL_UNS_ADMIN_PERM,
14927 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14928 NL80211_FLAG_NEED_RTNL |
14929 NL80211_FLAG_CLEAR_SKB,
14930 },
14931 {
14932 .cmd = NL80211_CMD_TDLS_MGMT,
14933 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14934 .doit = nl80211_tdls_mgmt,
14935 .flags = GENL_UNS_ADMIN_PERM,
14936 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14937 NL80211_FLAG_NEED_RTNL,
14938 },
14939 {
14940 .cmd = NL80211_CMD_TDLS_OPER,
14941 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14942 .doit = nl80211_tdls_oper,
14943 .flags = GENL_UNS_ADMIN_PERM,
14944 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14945 NL80211_FLAG_NEED_RTNL,
14946 },
14947 {
14948 .cmd = NL80211_CMD_UNEXPECTED_FRAME,
14949 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14950 .doit = nl80211_register_unexpected_frame,
14951 .flags = GENL_UNS_ADMIN_PERM,
14952 .internal_flags = NL80211_FLAG_NEED_NETDEV |
14953 NL80211_FLAG_NEED_RTNL,
14954 },
14955 {
14956 .cmd = NL80211_CMD_PROBE_CLIENT,
14957 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14958 .doit = nl80211_probe_client,
14959 .flags = GENL_UNS_ADMIN_PERM,
14960 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14961 NL80211_FLAG_NEED_RTNL,
14962 },
14963 {
14964 .cmd = NL80211_CMD_REGISTER_BEACONS,
14965 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14966 .doit = nl80211_register_beacons,
14967 .flags = GENL_UNS_ADMIN_PERM,
14968 .internal_flags = NL80211_FLAG_NEED_WIPHY |
14969 NL80211_FLAG_NEED_RTNL,
14970 },
14971 {
14972 .cmd = NL80211_CMD_SET_NOACK_MAP,
14973 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14974 .doit = nl80211_set_noack_map,
14975 .flags = GENL_UNS_ADMIN_PERM,
14976 .internal_flags = NL80211_FLAG_NEED_NETDEV |
14977 NL80211_FLAG_NEED_RTNL,
14978 },
14979 {
14980 .cmd = NL80211_CMD_START_P2P_DEVICE,
14981 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14982 .doit = nl80211_start_p2p_device,
14983 .flags = GENL_UNS_ADMIN_PERM,
14984 .internal_flags = NL80211_FLAG_NEED_WDEV |
14985 NL80211_FLAG_NEED_RTNL,
14986 },
14987 {
14988 .cmd = NL80211_CMD_STOP_P2P_DEVICE,
14989 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14990 .doit = nl80211_stop_p2p_device,
14991 .flags = GENL_UNS_ADMIN_PERM,
14992 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14993 NL80211_FLAG_NEED_RTNL,
14994 },
14995 {
14996 .cmd = NL80211_CMD_START_NAN,
14997 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14998 .doit = nl80211_start_nan,
14999 .flags = GENL_ADMIN_PERM,
15000 .internal_flags = NL80211_FLAG_NEED_WDEV |
15001 NL80211_FLAG_NEED_RTNL,
15002 },
15003 {
15004 .cmd = NL80211_CMD_STOP_NAN,
15005 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15006 .doit = nl80211_stop_nan,
15007 .flags = GENL_ADMIN_PERM,
15008 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
15009 NL80211_FLAG_NEED_RTNL,
15010 },
15011 {
15012 .cmd = NL80211_CMD_ADD_NAN_FUNCTION,
15013 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15014 .doit = nl80211_nan_add_func,
15015 .flags = GENL_ADMIN_PERM,
15016 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
15017 NL80211_FLAG_NEED_RTNL,
15018 },
15019 {
15020 .cmd = NL80211_CMD_DEL_NAN_FUNCTION,
15021 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15022 .doit = nl80211_nan_del_func,
15023 .flags = GENL_ADMIN_PERM,
15024 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
15025 NL80211_FLAG_NEED_RTNL,
15026 },
15027 {
15028 .cmd = NL80211_CMD_CHANGE_NAN_CONFIG,
15029 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15030 .doit = nl80211_nan_change_config,
15031 .flags = GENL_ADMIN_PERM,
15032 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
15033 NL80211_FLAG_NEED_RTNL,
15034 },
15035 {
15036 .cmd = NL80211_CMD_SET_MCAST_RATE,
15037 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15038 .doit = nl80211_set_mcast_rate,
15039 .flags = GENL_UNS_ADMIN_PERM,
15040 .internal_flags = NL80211_FLAG_NEED_NETDEV |
15041 NL80211_FLAG_NEED_RTNL,
15042 },
15043 {
15044 .cmd = NL80211_CMD_SET_MAC_ACL,
15045 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15046 .doit = nl80211_set_mac_acl,
15047 .flags = GENL_UNS_ADMIN_PERM,
15048 .internal_flags = NL80211_FLAG_NEED_NETDEV |
15049 NL80211_FLAG_NEED_RTNL,
15050 },
15051 {
15052 .cmd = NL80211_CMD_RADAR_DETECT,
15053 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15054 .doit = nl80211_start_radar_detection,
15055 .flags = GENL_UNS_ADMIN_PERM,
15056 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15057 NL80211_FLAG_NEED_RTNL,
15058 },
15059 {
15060 .cmd = NL80211_CMD_GET_PROTOCOL_FEATURES,
15061 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15062 .doit = nl80211_get_protocol_features,
15063 },
15064 {
15065 .cmd = NL80211_CMD_UPDATE_FT_IES,
15066 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15067 .doit = nl80211_update_ft_ies,
15068 .flags = GENL_UNS_ADMIN_PERM,
15069 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15070 NL80211_FLAG_NEED_RTNL,
15071 },
15072 {
15073 .cmd = NL80211_CMD_CRIT_PROTOCOL_START,
15074 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15075 .doit = nl80211_crit_protocol_start,
15076 .flags = GENL_UNS_ADMIN_PERM,
15077 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
15078 NL80211_FLAG_NEED_RTNL,
15079 },
15080 {
15081 .cmd = NL80211_CMD_CRIT_PROTOCOL_STOP,
15082 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15083 .doit = nl80211_crit_protocol_stop,
15084 .flags = GENL_UNS_ADMIN_PERM,
15085 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
15086 NL80211_FLAG_NEED_RTNL,
15087 },
15088 {
15089 .cmd = NL80211_CMD_GET_COALESCE,
15090 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15091 .doit = nl80211_get_coalesce,
15092 .internal_flags = NL80211_FLAG_NEED_WIPHY |
15093 NL80211_FLAG_NEED_RTNL,
15094 },
15095 {
15096 .cmd = NL80211_CMD_SET_COALESCE,
15097 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15098 .doit = nl80211_set_coalesce,
15099 .flags = GENL_UNS_ADMIN_PERM,
15100 .internal_flags = NL80211_FLAG_NEED_WIPHY |
15101 NL80211_FLAG_NEED_RTNL,
15102 },
15103 {
15104 .cmd = NL80211_CMD_CHANNEL_SWITCH,
15105 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15106 .doit = nl80211_channel_switch,
15107 .flags = GENL_UNS_ADMIN_PERM,
15108 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15109 NL80211_FLAG_NEED_RTNL,
15110 },
15111 {
15112 .cmd = NL80211_CMD_VENDOR,
15113 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15114 .doit = nl80211_vendor_cmd,
15115 .dumpit = nl80211_vendor_cmd_dump,
15116 .flags = GENL_UNS_ADMIN_PERM,
15117 .internal_flags = NL80211_FLAG_NEED_WIPHY |
15118 NL80211_FLAG_NEED_RTNL |
15119 NL80211_FLAG_CLEAR_SKB,
15120 },
15121 {
15122 .cmd = NL80211_CMD_SET_QOS_MAP,
15123 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15124 .doit = nl80211_set_qos_map,
15125 .flags = GENL_UNS_ADMIN_PERM,
15126 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15127 NL80211_FLAG_NEED_RTNL,
15128 },
15129 {
15130 .cmd = NL80211_CMD_ADD_TX_TS,
15131 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15132 .doit = nl80211_add_tx_ts,
15133 .flags = GENL_UNS_ADMIN_PERM,
15134 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15135 NL80211_FLAG_NEED_RTNL,
15136 },
15137 {
15138 .cmd = NL80211_CMD_DEL_TX_TS,
15139 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15140 .doit = nl80211_del_tx_ts,
15141 .flags = GENL_UNS_ADMIN_PERM,
15142 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15143 NL80211_FLAG_NEED_RTNL,
15144 },
15145 {
15146 .cmd = NL80211_CMD_TDLS_CHANNEL_SWITCH,
15147 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15148 .doit = nl80211_tdls_channel_switch,
15149 .flags = GENL_UNS_ADMIN_PERM,
15150 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15151 NL80211_FLAG_NEED_RTNL,
15152 },
15153 {
15154 .cmd = NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH,
15155 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15156 .doit = nl80211_tdls_cancel_channel_switch,
15157 .flags = GENL_UNS_ADMIN_PERM,
15158 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15159 NL80211_FLAG_NEED_RTNL,
15160 },
15161 {
15162 .cmd = NL80211_CMD_SET_MULTICAST_TO_UNICAST,
15163 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15164 .doit = nl80211_set_multicast_to_unicast,
15165 .flags = GENL_UNS_ADMIN_PERM,
15166 .internal_flags = NL80211_FLAG_NEED_NETDEV |
15167 NL80211_FLAG_NEED_RTNL,
15168 },
15169 {
15170 .cmd = NL80211_CMD_SET_PMK,
15171 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15172 .doit = nl80211_set_pmk,
15173 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15174 NL80211_FLAG_NEED_RTNL |
15175 NL80211_FLAG_CLEAR_SKB,
15176 },
15177 {
15178 .cmd = NL80211_CMD_DEL_PMK,
15179 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15180 .doit = nl80211_del_pmk,
15181 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15182 NL80211_FLAG_NEED_RTNL,
15183 },
15184 {
15185 .cmd = NL80211_CMD_EXTERNAL_AUTH,
15186 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15187 .doit = nl80211_external_auth,
15188 .flags = GENL_ADMIN_PERM,
15189 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15190 NL80211_FLAG_NEED_RTNL,
15191 },
15192 {
15193 .cmd = NL80211_CMD_CONTROL_PORT_FRAME,
15194 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15195 .doit = nl80211_tx_control_port,
15196 .flags = GENL_UNS_ADMIN_PERM,
15197 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15198 NL80211_FLAG_NEED_RTNL,
15199 },
15200 {
15201 .cmd = NL80211_CMD_GET_FTM_RESPONDER_STATS,
15202 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15203 .doit = nl80211_get_ftm_responder_stats,
15204 .internal_flags = NL80211_FLAG_NEED_NETDEV |
15205 NL80211_FLAG_NEED_RTNL,
15206 },
15207 {
15208 .cmd = NL80211_CMD_PEER_MEASUREMENT_START,
15209 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15210 .doit = nl80211_pmsr_start,
15211 .flags = GENL_UNS_ADMIN_PERM,
15212 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
15213 NL80211_FLAG_NEED_RTNL,
15214 },
15215 {
15216 .cmd = NL80211_CMD_NOTIFY_RADAR,
15217 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15218 .doit = nl80211_notify_radar_detection,
15219 .flags = GENL_UNS_ADMIN_PERM,
15220 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15221 NL80211_FLAG_NEED_RTNL,
15222 },
15223 {
15224 .cmd = NL80211_CMD_UPDATE_OWE_INFO,
15225 .doit = nl80211_update_owe_info,
15226 .flags = GENL_ADMIN_PERM,
15227 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15228 NL80211_FLAG_NEED_RTNL,
15229 },
15230 {
15231 .cmd = NL80211_CMD_PROBE_MESH_LINK,
15232 .doit = nl80211_probe_mesh_link,
15233 .flags = GENL_UNS_ADMIN_PERM,
15234 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15235 NL80211_FLAG_NEED_RTNL,
15236 },
15237 {
15238 .cmd = NL80211_CMD_SET_TID_CONFIG,
15239 .doit = nl80211_set_tid_config,
15240 .flags = GENL_UNS_ADMIN_PERM,
15241 .internal_flags = NL80211_FLAG_NEED_NETDEV |
15242 NL80211_FLAG_NEED_RTNL,
15243 },
15244 };
15245
15246 static struct genl_family nl80211_fam __ro_after_init = {
15247 .name = NL80211_GENL_NAME, /* have users key off the name instead */
15248 .hdrsize = 0, /* no private header */
15249 .version = 1, /* no particular meaning now */
15250 .maxattr = NL80211_ATTR_MAX,
15251 .policy = nl80211_policy,
15252 .netnsok = true,
15253 .pre_doit = nl80211_pre_doit,
15254 .post_doit = nl80211_post_doit,
15255 .module = THIS_MODULE,
15256 .ops = nl80211_ops,
15257 .n_ops = ARRAY_SIZE(nl80211_ops),
15258 .mcgrps = nl80211_mcgrps,
15259 .n_mcgrps = ARRAY_SIZE(nl80211_mcgrps),
15260 .parallel_ops = true,
15261 };
15262
15263 /* notification functions */
15264
15265 void nl80211_notify_wiphy(struct cfg80211_registered_device *rdev,
15266 enum nl80211_commands cmd)
15267 {
15268 struct sk_buff *msg;
15269 struct nl80211_dump_wiphy_state state = {};
15270
15271 WARN_ON(cmd != NL80211_CMD_NEW_WIPHY &&
15272 cmd != NL80211_CMD_DEL_WIPHY);
15273
15274 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
15275 if (!msg)
15276 return;
15277
15278 if (nl80211_send_wiphy(rdev, cmd, msg, 0, 0, 0, &state) < 0) {
15279 nlmsg_free(msg);
15280 return;
15281 }
15282
15283 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15284 NL80211_MCGRP_CONFIG, GFP_KERNEL);
15285 }
15286
15287 void nl80211_notify_iface(struct cfg80211_registered_device *rdev,
15288 struct wireless_dev *wdev,
15289 enum nl80211_commands cmd)
15290 {
15291 struct sk_buff *msg;
15292
15293 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
15294 if (!msg)
15295 return;
15296
15297 if (nl80211_send_iface(msg, 0, 0, 0, rdev, wdev, cmd) < 0) {
15298 nlmsg_free(msg);
15299 return;
15300 }
15301
15302 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15303 NL80211_MCGRP_CONFIG, GFP_KERNEL);
15304 }
15305
15306 static int nl80211_add_scan_req(struct sk_buff *msg,
15307 struct cfg80211_registered_device *rdev)
15308 {
15309 struct cfg80211_scan_request *req = rdev->scan_req;
15310 struct nlattr *nest;
15311 int i;
15312
15313 if (WARN_ON(!req))
15314 return 0;
15315
15316 nest = nla_nest_start_noflag(msg, NL80211_ATTR_SCAN_SSIDS);
15317 if (!nest)
15318 goto nla_put_failure;
15319 for (i = 0; i < req->n_ssids; i++) {
15320 if (nla_put(msg, i, req->ssids[i].ssid_len, req->ssids[i].ssid))
15321 goto nla_put_failure;
15322 }
15323 nla_nest_end(msg, nest);
15324
15325 if (req->flags & NL80211_SCAN_FLAG_FREQ_KHZ) {
15326 nest = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQ_KHZ);
15327 if (!nest)
15328 goto nla_put_failure;
15329 for (i = 0; i < req->n_channels; i++) {
15330 if (nla_put_u32(msg, i,
15331 ieee80211_channel_to_khz(req->channels[i])))
15332 goto nla_put_failure;
15333 }
15334 nla_nest_end(msg, nest);
15335 } else {
15336 nest = nla_nest_start_noflag(msg,
15337 NL80211_ATTR_SCAN_FREQUENCIES);
15338 if (!nest)
15339 goto nla_put_failure;
15340 for (i = 0; i < req->n_channels; i++) {
15341 if (nla_put_u32(msg, i, req->channels[i]->center_freq))
15342 goto nla_put_failure;
15343 }
15344 nla_nest_end(msg, nest);
15345 }
15346
15347 if (req->ie &&
15348 nla_put(msg, NL80211_ATTR_IE, req->ie_len, req->ie))
15349 goto nla_put_failure;
15350
15351 if (req->flags &&
15352 nla_put_u32(msg, NL80211_ATTR_SCAN_FLAGS, req->flags))
15353 goto nla_put_failure;
15354
15355 if (req->info.scan_start_tsf &&
15356 (nla_put_u64_64bit(msg, NL80211_ATTR_SCAN_START_TIME_TSF,
15357 req->info.scan_start_tsf, NL80211_BSS_PAD) ||
15358 nla_put(msg, NL80211_ATTR_SCAN_START_TIME_TSF_BSSID, ETH_ALEN,
15359 req->info.tsf_bssid)))
15360 goto nla_put_failure;
15361
15362 return 0;
15363 nla_put_failure:
15364 return -ENOBUFS;
15365 }
15366
15367 static int nl80211_prep_scan_msg(struct sk_buff *msg,
15368 struct cfg80211_registered_device *rdev,
15369 struct wireless_dev *wdev,
15370 u32 portid, u32 seq, int flags,
15371 u32 cmd)
15372 {
15373 void *hdr;
15374
15375 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
15376 if (!hdr)
15377 return -1;
15378
15379 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15380 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
15381 wdev->netdev->ifindex)) ||
15382 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
15383 NL80211_ATTR_PAD))
15384 goto nla_put_failure;
15385
15386 /* ignore errors and send incomplete event anyway */
15387 nl80211_add_scan_req(msg, rdev);
15388
15389 genlmsg_end(msg, hdr);
15390 return 0;
15391
15392 nla_put_failure:
15393 genlmsg_cancel(msg, hdr);
15394 return -EMSGSIZE;
15395 }
15396
15397 static int
15398 nl80211_prep_sched_scan_msg(struct sk_buff *msg,
15399 struct cfg80211_sched_scan_request *req, u32 cmd)
15400 {
15401 void *hdr;
15402
15403 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
15404 if (!hdr)
15405 return -1;
15406
15407 if (nla_put_u32(msg, NL80211_ATTR_WIPHY,
15408 wiphy_to_rdev(req->wiphy)->wiphy_idx) ||
15409 nla_put_u32(msg, NL80211_ATTR_IFINDEX, req->dev->ifindex) ||
15410 nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, req->reqid,
15411 NL80211_ATTR_PAD))
15412 goto nla_put_failure;
15413
15414 genlmsg_end(msg, hdr);
15415 return 0;
15416
15417 nla_put_failure:
15418 genlmsg_cancel(msg, hdr);
15419 return -EMSGSIZE;
15420 }
15421
15422 void nl80211_send_scan_start(struct cfg80211_registered_device *rdev,
15423 struct wireless_dev *wdev)
15424 {
15425 struct sk_buff *msg;
15426
15427 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
15428 if (!msg)
15429 return;
15430
15431 if (nl80211_prep_scan_msg(msg, rdev, wdev, 0, 0, 0,
15432 NL80211_CMD_TRIGGER_SCAN) < 0) {
15433 nlmsg_free(msg);
15434 return;
15435 }
15436
15437 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15438 NL80211_MCGRP_SCAN, GFP_KERNEL);
15439 }
15440
15441 struct sk_buff *nl80211_build_scan_msg(struct cfg80211_registered_device *rdev,
15442 struct wireless_dev *wdev, bool aborted)
15443 {
15444 struct sk_buff *msg;
15445
15446 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
15447 if (!msg)
15448 return NULL;
15449
15450 if (nl80211_prep_scan_msg(msg, rdev, wdev, 0, 0, 0,
15451 aborted ? NL80211_CMD_SCAN_ABORTED :
15452 NL80211_CMD_NEW_SCAN_RESULTS) < 0) {
15453 nlmsg_free(msg);
15454 return NULL;
15455 }
15456
15457 return msg;
15458 }
15459
15460 /* send message created by nl80211_build_scan_msg() */
15461 void nl80211_send_scan_msg(struct cfg80211_registered_device *rdev,
15462 struct sk_buff *msg)
15463 {
15464 if (!msg)
15465 return;
15466
15467 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15468 NL80211_MCGRP_SCAN, GFP_KERNEL);
15469 }
15470
15471 void nl80211_send_sched_scan(struct cfg80211_sched_scan_request *req, u32 cmd)
15472 {
15473 struct sk_buff *msg;
15474
15475 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
15476 if (!msg)
15477 return;
15478
15479 if (nl80211_prep_sched_scan_msg(msg, req, cmd) < 0) {
15480 nlmsg_free(msg);
15481 return;
15482 }
15483
15484 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(req->wiphy), msg, 0,
15485 NL80211_MCGRP_SCAN, GFP_KERNEL);
15486 }
15487
15488 static bool nl80211_reg_change_event_fill(struct sk_buff *msg,
15489 struct regulatory_request *request)
15490 {
15491 /* Userspace can always count this one always being set */
15492 if (nla_put_u8(msg, NL80211_ATTR_REG_INITIATOR, request->initiator))
15493 goto nla_put_failure;
15494
15495 if (request->alpha2[0] == '0' && request->alpha2[1] == '0') {
15496 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
15497 NL80211_REGDOM_TYPE_WORLD))
15498 goto nla_put_failure;
15499 } else if (request->alpha2[0] == '9' && request->alpha2[1] == '9') {
15500 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
15501 NL80211_REGDOM_TYPE_CUSTOM_WORLD))
15502 goto nla_put_failure;
15503 } else if ((request->alpha2[0] == '9' && request->alpha2[1] == '8') ||
15504 request->intersect) {
15505 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
15506 NL80211_REGDOM_TYPE_INTERSECTION))
15507 goto nla_put_failure;
15508 } else {
15509 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
15510 NL80211_REGDOM_TYPE_COUNTRY) ||
15511 nla_put_string(msg, NL80211_ATTR_REG_ALPHA2,
15512 request->alpha2))
15513 goto nla_put_failure;
15514 }
15515
15516 if (request->wiphy_idx != WIPHY_IDX_INVALID) {
15517 struct wiphy *wiphy = wiphy_idx_to_wiphy(request->wiphy_idx);
15518
15519 if (wiphy &&
15520 nla_put_u32(msg, NL80211_ATTR_WIPHY, request->wiphy_idx))
15521 goto nla_put_failure;
15522
15523 if (wiphy &&
15524 wiphy->regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
15525 nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
15526 goto nla_put_failure;
15527 }
15528
15529 return true;
15530
15531 nla_put_failure:
15532 return false;
15533 }
15534
15535 /*
15536 * This can happen on global regulatory changes or device specific settings
15537 * based on custom regulatory domains.
15538 */
15539 void nl80211_common_reg_change_event(enum nl80211_commands cmd_id,
15540 struct regulatory_request *request)
15541 {
15542 struct sk_buff *msg;
15543 void *hdr;
15544
15545 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
15546 if (!msg)
15547 return;
15548
15549 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd_id);
15550 if (!hdr)
15551 goto nla_put_failure;
15552
15553 if (!nl80211_reg_change_event_fill(msg, request))
15554 goto nla_put_failure;
15555
15556 genlmsg_end(msg, hdr);
15557
15558 rcu_read_lock();
15559 genlmsg_multicast_allns(&nl80211_fam, msg, 0,
15560 NL80211_MCGRP_REGULATORY, GFP_ATOMIC);
15561 rcu_read_unlock();
15562
15563 return;
15564
15565 nla_put_failure:
15566 nlmsg_free(msg);
15567 }
15568
15569 static void nl80211_send_mlme_event(struct cfg80211_registered_device *rdev,
15570 struct net_device *netdev,
15571 const u8 *buf, size_t len,
15572 enum nl80211_commands cmd, gfp_t gfp,
15573 int uapsd_queues, const u8 *req_ies,
15574 size_t req_ies_len)
15575 {
15576 struct sk_buff *msg;
15577 void *hdr;
15578
15579 msg = nlmsg_new(100 + len + req_ies_len, gfp);
15580 if (!msg)
15581 return;
15582
15583 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
15584 if (!hdr) {
15585 nlmsg_free(msg);
15586 return;
15587 }
15588
15589 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15590 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
15591 nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
15592 (req_ies &&
15593 nla_put(msg, NL80211_ATTR_REQ_IE, req_ies_len, req_ies)))
15594 goto nla_put_failure;
15595
15596 if (uapsd_queues >= 0) {
15597 struct nlattr *nla_wmm =
15598 nla_nest_start_noflag(msg, NL80211_ATTR_STA_WME);
15599 if (!nla_wmm)
15600 goto nla_put_failure;
15601
15602 if (nla_put_u8(msg, NL80211_STA_WME_UAPSD_QUEUES,
15603 uapsd_queues))
15604 goto nla_put_failure;
15605
15606 nla_nest_end(msg, nla_wmm);
15607 }
15608
15609 genlmsg_end(msg, hdr);
15610
15611 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15612 NL80211_MCGRP_MLME, gfp);
15613 return;
15614
15615 nla_put_failure:
15616 nlmsg_free(msg);
15617 }
15618
15619 void nl80211_send_rx_auth(struct cfg80211_registered_device *rdev,
15620 struct net_device *netdev, const u8 *buf,
15621 size_t len, gfp_t gfp)
15622 {
15623 nl80211_send_mlme_event(rdev, netdev, buf, len,
15624 NL80211_CMD_AUTHENTICATE, gfp, -1, NULL, 0);
15625 }
15626
15627 void nl80211_send_rx_assoc(struct cfg80211_registered_device *rdev,
15628 struct net_device *netdev, const u8 *buf,
15629 size_t len, gfp_t gfp, int uapsd_queues,
15630 const u8 *req_ies, size_t req_ies_len)
15631 {
15632 nl80211_send_mlme_event(rdev, netdev, buf, len,
15633 NL80211_CMD_ASSOCIATE, gfp, uapsd_queues,
15634 req_ies, req_ies_len);
15635 }
15636
15637 void nl80211_send_deauth(struct cfg80211_registered_device *rdev,
15638 struct net_device *netdev, const u8 *buf,
15639 size_t len, gfp_t gfp)
15640 {
15641 nl80211_send_mlme_event(rdev, netdev, buf, len,
15642 NL80211_CMD_DEAUTHENTICATE, gfp, -1, NULL, 0);
15643 }
15644
15645 void nl80211_send_disassoc(struct cfg80211_registered_device *rdev,
15646 struct net_device *netdev, const u8 *buf,
15647 size_t len, gfp_t gfp)
15648 {
15649 nl80211_send_mlme_event(rdev, netdev, buf, len,
15650 NL80211_CMD_DISASSOCIATE, gfp, -1, NULL, 0);
15651 }
15652
15653 void cfg80211_rx_unprot_mlme_mgmt(struct net_device *dev, const u8 *buf,
15654 size_t len)
15655 {
15656 struct wireless_dev *wdev = dev->ieee80211_ptr;
15657 struct wiphy *wiphy = wdev->wiphy;
15658 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15659 const struct ieee80211_mgmt *mgmt = (void *)buf;
15660 u32 cmd;
15661
15662 if (WARN_ON(len < 2))
15663 return;
15664
15665 if (ieee80211_is_deauth(mgmt->frame_control)) {
15666 cmd = NL80211_CMD_UNPROT_DEAUTHENTICATE;
15667 } else if (ieee80211_is_disassoc(mgmt->frame_control)) {
15668 cmd = NL80211_CMD_UNPROT_DISASSOCIATE;
15669 } else if (ieee80211_is_beacon(mgmt->frame_control)) {
15670 if (wdev->unprot_beacon_reported &&
15671 elapsed_jiffies_msecs(wdev->unprot_beacon_reported) < 10000)
15672 return;
15673 cmd = NL80211_CMD_UNPROT_BEACON;
15674 wdev->unprot_beacon_reported = jiffies;
15675 } else {
15676 return;
15677 }
15678
15679 trace_cfg80211_rx_unprot_mlme_mgmt(dev, buf, len);
15680 nl80211_send_mlme_event(rdev, dev, buf, len, cmd, GFP_ATOMIC, -1,
15681 NULL, 0);
15682 }
15683 EXPORT_SYMBOL(cfg80211_rx_unprot_mlme_mgmt);
15684
15685 static void nl80211_send_mlme_timeout(struct cfg80211_registered_device *rdev,
15686 struct net_device *netdev, int cmd,
15687 const u8 *addr, gfp_t gfp)
15688 {
15689 struct sk_buff *msg;
15690 void *hdr;
15691
15692 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
15693 if (!msg)
15694 return;
15695
15696 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
15697 if (!hdr) {
15698 nlmsg_free(msg);
15699 return;
15700 }
15701
15702 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15703 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
15704 nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) ||
15705 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
15706 goto nla_put_failure;
15707
15708 genlmsg_end(msg, hdr);
15709
15710 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15711 NL80211_MCGRP_MLME, gfp);
15712 return;
15713
15714 nla_put_failure:
15715 nlmsg_free(msg);
15716 }
15717
15718 void nl80211_send_auth_timeout(struct cfg80211_registered_device *rdev,
15719 struct net_device *netdev, const u8 *addr,
15720 gfp_t gfp)
15721 {
15722 nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_AUTHENTICATE,
15723 addr, gfp);
15724 }
15725
15726 void nl80211_send_assoc_timeout(struct cfg80211_registered_device *rdev,
15727 struct net_device *netdev, const u8 *addr,
15728 gfp_t gfp)
15729 {
15730 nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_ASSOCIATE,
15731 addr, gfp);
15732 }
15733
15734 void nl80211_send_connect_result(struct cfg80211_registered_device *rdev,
15735 struct net_device *netdev,
15736 struct cfg80211_connect_resp_params *cr,
15737 gfp_t gfp)
15738 {
15739 struct sk_buff *msg;
15740 void *hdr;
15741
15742 msg = nlmsg_new(100 + cr->req_ie_len + cr->resp_ie_len +
15743 cr->fils.kek_len + cr->fils.pmk_len +
15744 (cr->fils.pmkid ? WLAN_PMKID_LEN : 0), gfp);
15745 if (!msg)
15746 return;
15747
15748 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONNECT);
15749 if (!hdr) {
15750 nlmsg_free(msg);
15751 return;
15752 }
15753
15754 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15755 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
15756 (cr->bssid &&
15757 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, cr->bssid)) ||
15758 nla_put_u16(msg, NL80211_ATTR_STATUS_CODE,
15759 cr->status < 0 ? WLAN_STATUS_UNSPECIFIED_FAILURE :
15760 cr->status) ||
15761 (cr->status < 0 &&
15762 (nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) ||
15763 nla_put_u32(msg, NL80211_ATTR_TIMEOUT_REASON,
15764 cr->timeout_reason))) ||
15765 (cr->req_ie &&
15766 nla_put(msg, NL80211_ATTR_REQ_IE, cr->req_ie_len, cr->req_ie)) ||
15767 (cr->resp_ie &&
15768 nla_put(msg, NL80211_ATTR_RESP_IE, cr->resp_ie_len,
15769 cr->resp_ie)) ||
15770 (cr->fils.update_erp_next_seq_num &&
15771 nla_put_u16(msg, NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM,
15772 cr->fils.erp_next_seq_num)) ||
15773 (cr->status == WLAN_STATUS_SUCCESS &&
15774 ((cr->fils.kek &&
15775 nla_put(msg, NL80211_ATTR_FILS_KEK, cr->fils.kek_len,
15776 cr->fils.kek)) ||
15777 (cr->fils.pmk &&
15778 nla_put(msg, NL80211_ATTR_PMK, cr->fils.pmk_len, cr->fils.pmk)) ||
15779 (cr->fils.pmkid &&
15780 nla_put(msg, NL80211_ATTR_PMKID, WLAN_PMKID_LEN, cr->fils.pmkid)))))
15781 goto nla_put_failure;
15782
15783 genlmsg_end(msg, hdr);
15784
15785 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15786 NL80211_MCGRP_MLME, gfp);
15787 return;
15788
15789 nla_put_failure:
15790 nlmsg_free(msg);
15791 }
15792
15793 void nl80211_send_roamed(struct cfg80211_registered_device *rdev,
15794 struct net_device *netdev,
15795 struct cfg80211_roam_info *info, gfp_t gfp)
15796 {
15797 struct sk_buff *msg;
15798 void *hdr;
15799 const u8 *bssid = info->bss ? info->bss->bssid : info->bssid;
15800
15801 msg = nlmsg_new(100 + info->req_ie_len + info->resp_ie_len +
15802 info->fils.kek_len + info->fils.pmk_len +
15803 (info->fils.pmkid ? WLAN_PMKID_LEN : 0), gfp);
15804 if (!msg)
15805 return;
15806
15807 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ROAM);
15808 if (!hdr) {
15809 nlmsg_free(msg);
15810 return;
15811 }
15812
15813 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15814 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
15815 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid) ||
15816 (info->req_ie &&
15817 nla_put(msg, NL80211_ATTR_REQ_IE, info->req_ie_len,
15818 info->req_ie)) ||
15819 (info->resp_ie &&
15820 nla_put(msg, NL80211_ATTR_RESP_IE, info->resp_ie_len,
15821 info->resp_ie)) ||
15822 (info->fils.update_erp_next_seq_num &&
15823 nla_put_u16(msg, NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM,
15824 info->fils.erp_next_seq_num)) ||
15825 (info->fils.kek &&
15826 nla_put(msg, NL80211_ATTR_FILS_KEK, info->fils.kek_len,
15827 info->fils.kek)) ||
15828 (info->fils.pmk &&
15829 nla_put(msg, NL80211_ATTR_PMK, info->fils.pmk_len, info->fils.pmk)) ||
15830 (info->fils.pmkid &&
15831 nla_put(msg, NL80211_ATTR_PMKID, WLAN_PMKID_LEN, info->fils.pmkid)))
15832 goto nla_put_failure;
15833
15834 genlmsg_end(msg, hdr);
15835
15836 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15837 NL80211_MCGRP_MLME, gfp);
15838 return;
15839
15840 nla_put_failure:
15841 nlmsg_free(msg);
15842 }
15843
15844 void nl80211_send_port_authorized(struct cfg80211_registered_device *rdev,
15845 struct net_device *netdev, const u8 *bssid)
15846 {
15847 struct sk_buff *msg;
15848 void *hdr;
15849
15850 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
15851 if (!msg)
15852 return;
15853
15854 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PORT_AUTHORIZED);
15855 if (!hdr) {
15856 nlmsg_free(msg);
15857 return;
15858 }
15859
15860 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15861 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
15862 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
15863 goto nla_put_failure;
15864
15865 genlmsg_end(msg, hdr);
15866
15867 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15868 NL80211_MCGRP_MLME, GFP_KERNEL);
15869 return;
15870
15871 nla_put_failure:
15872 nlmsg_free(msg);
15873 }
15874
15875 void nl80211_send_disconnected(struct cfg80211_registered_device *rdev,
15876 struct net_device *netdev, u16 reason,
15877 const u8 *ie, size_t ie_len, bool from_ap)
15878 {
15879 struct sk_buff *msg;
15880 void *hdr;
15881
15882 msg = nlmsg_new(100 + ie_len, GFP_KERNEL);
15883 if (!msg)
15884 return;
15885
15886 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DISCONNECT);
15887 if (!hdr) {
15888 nlmsg_free(msg);
15889 return;
15890 }
15891
15892 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15893 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
15894 (reason &&
15895 nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason)) ||
15896 (from_ap &&
15897 nla_put_flag(msg, NL80211_ATTR_DISCONNECTED_BY_AP)) ||
15898 (ie && nla_put(msg, NL80211_ATTR_IE, ie_len, ie)))
15899 goto nla_put_failure;
15900
15901 genlmsg_end(msg, hdr);
15902
15903 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15904 NL80211_MCGRP_MLME, GFP_KERNEL);
15905 return;
15906
15907 nla_put_failure:
15908 nlmsg_free(msg);
15909 }
15910
15911 void nl80211_send_ibss_bssid(struct cfg80211_registered_device *rdev,
15912 struct net_device *netdev, const u8 *bssid,
15913 gfp_t gfp)
15914 {
15915 struct sk_buff *msg;
15916 void *hdr;
15917
15918 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
15919 if (!msg)
15920 return;
15921
15922 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_JOIN_IBSS);
15923 if (!hdr) {
15924 nlmsg_free(msg);
15925 return;
15926 }
15927
15928 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15929 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
15930 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
15931 goto nla_put_failure;
15932
15933 genlmsg_end(msg, hdr);
15934
15935 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15936 NL80211_MCGRP_MLME, gfp);
15937 return;
15938
15939 nla_put_failure:
15940 nlmsg_free(msg);
15941 }
15942
15943 void cfg80211_notify_new_peer_candidate(struct net_device *dev, const u8 *addr,
15944 const u8 *ie, u8 ie_len,
15945 int sig_dbm, gfp_t gfp)
15946 {
15947 struct wireless_dev *wdev = dev->ieee80211_ptr;
15948 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
15949 struct sk_buff *msg;
15950 void *hdr;
15951
15952 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_MESH_POINT))
15953 return;
15954
15955 trace_cfg80211_notify_new_peer_candidate(dev, addr);
15956
15957 msg = nlmsg_new(100 + ie_len, gfp);
15958 if (!msg)
15959 return;
15960
15961 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NEW_PEER_CANDIDATE);
15962 if (!hdr) {
15963 nlmsg_free(msg);
15964 return;
15965 }
15966
15967 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15968 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
15969 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
15970 (ie_len && ie &&
15971 nla_put(msg, NL80211_ATTR_IE, ie_len, ie)) ||
15972 (sig_dbm &&
15973 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)))
15974 goto nla_put_failure;
15975
15976 genlmsg_end(msg, hdr);
15977
15978 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15979 NL80211_MCGRP_MLME, gfp);
15980 return;
15981
15982 nla_put_failure:
15983 nlmsg_free(msg);
15984 }
15985 EXPORT_SYMBOL(cfg80211_notify_new_peer_candidate);
15986
15987 void nl80211_michael_mic_failure(struct cfg80211_registered_device *rdev,
15988 struct net_device *netdev, const u8 *addr,
15989 enum nl80211_key_type key_type, int key_id,
15990 const u8 *tsc, gfp_t gfp)
15991 {
15992 struct sk_buff *msg;
15993 void *hdr;
15994
15995 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
15996 if (!msg)
15997 return;
15998
15999 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_MICHAEL_MIC_FAILURE);
16000 if (!hdr) {
16001 nlmsg_free(msg);
16002 return;
16003 }
16004
16005 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16006 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
16007 (addr && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) ||
16008 nla_put_u32(msg, NL80211_ATTR_KEY_TYPE, key_type) ||
16009 (key_id != -1 &&
16010 nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_id)) ||
16011 (tsc && nla_put(msg, NL80211_ATTR_KEY_SEQ, 6, tsc)))
16012 goto nla_put_failure;
16013
16014 genlmsg_end(msg, hdr);
16015
16016 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16017 NL80211_MCGRP_MLME, gfp);
16018 return;
16019
16020 nla_put_failure:
16021 nlmsg_free(msg);
16022 }
16023
16024 void nl80211_send_beacon_hint_event(struct wiphy *wiphy,
16025 struct ieee80211_channel *channel_before,
16026 struct ieee80211_channel *channel_after)
16027 {
16028 struct sk_buff *msg;
16029 void *hdr;
16030 struct nlattr *nl_freq;
16031
16032 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC);
16033 if (!msg)
16034 return;
16035
16036 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_BEACON_HINT);
16037 if (!hdr) {
16038 nlmsg_free(msg);
16039 return;
16040 }
16041
16042 /*
16043 * Since we are applying the beacon hint to a wiphy we know its
16044 * wiphy_idx is valid
16045 */
16046 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
16047 goto nla_put_failure;
16048
16049 /* Before */
16050 nl_freq = nla_nest_start_noflag(msg, NL80211_ATTR_FREQ_BEFORE);
16051 if (!nl_freq)
16052 goto nla_put_failure;
16053
16054 if (nl80211_msg_put_channel(msg, wiphy, channel_before, false))
16055 goto nla_put_failure;
16056 nla_nest_end(msg, nl_freq);
16057
16058 /* After */
16059 nl_freq = nla_nest_start_noflag(msg, NL80211_ATTR_FREQ_AFTER);
16060 if (!nl_freq)
16061 goto nla_put_failure;
16062
16063 if (nl80211_msg_put_channel(msg, wiphy, channel_after, false))
16064 goto nla_put_failure;
16065 nla_nest_end(msg, nl_freq);
16066
16067 genlmsg_end(msg, hdr);
16068
16069 rcu_read_lock();
16070 genlmsg_multicast_allns(&nl80211_fam, msg, 0,
16071 NL80211_MCGRP_REGULATORY, GFP_ATOMIC);
16072 rcu_read_unlock();
16073
16074 return;
16075
16076 nla_put_failure:
16077 nlmsg_free(msg);
16078 }
16079
16080 static void nl80211_send_remain_on_chan_event(
16081 int cmd, struct cfg80211_registered_device *rdev,
16082 struct wireless_dev *wdev, u64 cookie,
16083 struct ieee80211_channel *chan,
16084 unsigned int duration, gfp_t gfp)
16085 {
16086 struct sk_buff *msg;
16087 void *hdr;
16088
16089 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16090 if (!msg)
16091 return;
16092
16093 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
16094 if (!hdr) {
16095 nlmsg_free(msg);
16096 return;
16097 }
16098
16099 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16100 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
16101 wdev->netdev->ifindex)) ||
16102 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
16103 NL80211_ATTR_PAD) ||
16104 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, chan->center_freq) ||
16105 nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
16106 NL80211_CHAN_NO_HT) ||
16107 nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
16108 NL80211_ATTR_PAD))
16109 goto nla_put_failure;
16110
16111 if (cmd == NL80211_CMD_REMAIN_ON_CHANNEL &&
16112 nla_put_u32(msg, NL80211_ATTR_DURATION, duration))
16113 goto nla_put_failure;
16114
16115 genlmsg_end(msg, hdr);
16116
16117 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16118 NL80211_MCGRP_MLME, gfp);
16119 return;
16120
16121 nla_put_failure:
16122 nlmsg_free(msg);
16123 }
16124
16125 void cfg80211_ready_on_channel(struct wireless_dev *wdev, u64 cookie,
16126 struct ieee80211_channel *chan,
16127 unsigned int duration, gfp_t gfp)
16128 {
16129 struct wiphy *wiphy = wdev->wiphy;
16130 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16131
16132 trace_cfg80211_ready_on_channel(wdev, cookie, chan, duration);
16133 nl80211_send_remain_on_chan_event(NL80211_CMD_REMAIN_ON_CHANNEL,
16134 rdev, wdev, cookie, chan,
16135 duration, gfp);
16136 }
16137 EXPORT_SYMBOL(cfg80211_ready_on_channel);
16138
16139 void cfg80211_remain_on_channel_expired(struct wireless_dev *wdev, u64 cookie,
16140 struct ieee80211_channel *chan,
16141 gfp_t gfp)
16142 {
16143 struct wiphy *wiphy = wdev->wiphy;
16144 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16145
16146 trace_cfg80211_ready_on_channel_expired(wdev, cookie, chan);
16147 nl80211_send_remain_on_chan_event(NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
16148 rdev, wdev, cookie, chan, 0, gfp);
16149 }
16150 EXPORT_SYMBOL(cfg80211_remain_on_channel_expired);
16151
16152 void cfg80211_tx_mgmt_expired(struct wireless_dev *wdev, u64 cookie,
16153 struct ieee80211_channel *chan,
16154 gfp_t gfp)
16155 {
16156 struct wiphy *wiphy = wdev->wiphy;
16157 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16158
16159 trace_cfg80211_tx_mgmt_expired(wdev, cookie, chan);
16160 nl80211_send_remain_on_chan_event(NL80211_CMD_FRAME_WAIT_CANCEL,
16161 rdev, wdev, cookie, chan, 0, gfp);
16162 }
16163 EXPORT_SYMBOL(cfg80211_tx_mgmt_expired);
16164
16165 void cfg80211_new_sta(struct net_device *dev, const u8 *mac_addr,
16166 struct station_info *sinfo, gfp_t gfp)
16167 {
16168 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
16169 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16170 struct sk_buff *msg;
16171
16172 trace_cfg80211_new_sta(dev, mac_addr, sinfo);
16173
16174 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16175 if (!msg)
16176 return;
16177
16178 if (nl80211_send_station(msg, NL80211_CMD_NEW_STATION, 0, 0, 0,
16179 rdev, dev, mac_addr, sinfo) < 0) {
16180 nlmsg_free(msg);
16181 return;
16182 }
16183
16184 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16185 NL80211_MCGRP_MLME, gfp);
16186 }
16187 EXPORT_SYMBOL(cfg80211_new_sta);
16188
16189 void cfg80211_del_sta_sinfo(struct net_device *dev, const u8 *mac_addr,
16190 struct station_info *sinfo, gfp_t gfp)
16191 {
16192 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
16193 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16194 struct sk_buff *msg;
16195 struct station_info empty_sinfo = {};
16196
16197 if (!sinfo)
16198 sinfo = &empty_sinfo;
16199
16200 trace_cfg80211_del_sta(dev, mac_addr);
16201
16202 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16203 if (!msg) {
16204 cfg80211_sinfo_release_content(sinfo);
16205 return;
16206 }
16207
16208 if (nl80211_send_station(msg, NL80211_CMD_DEL_STATION, 0, 0, 0,
16209 rdev, dev, mac_addr, sinfo) < 0) {
16210 nlmsg_free(msg);
16211 return;
16212 }
16213
16214 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16215 NL80211_MCGRP_MLME, gfp);
16216 }
16217 EXPORT_SYMBOL(cfg80211_del_sta_sinfo);
16218
16219 void cfg80211_conn_failed(struct net_device *dev, const u8 *mac_addr,
16220 enum nl80211_connect_failed_reason reason,
16221 gfp_t gfp)
16222 {
16223 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
16224 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16225 struct sk_buff *msg;
16226 void *hdr;
16227
16228 msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
16229 if (!msg)
16230 return;
16231
16232 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONN_FAILED);
16233 if (!hdr) {
16234 nlmsg_free(msg);
16235 return;
16236 }
16237
16238 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
16239 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
16240 nla_put_u32(msg, NL80211_ATTR_CONN_FAILED_REASON, reason))
16241 goto nla_put_failure;
16242
16243 genlmsg_end(msg, hdr);
16244
16245 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16246 NL80211_MCGRP_MLME, gfp);
16247 return;
16248
16249 nla_put_failure:
16250 nlmsg_free(msg);
16251 }
16252 EXPORT_SYMBOL(cfg80211_conn_failed);
16253
16254 static bool __nl80211_unexpected_frame(struct net_device *dev, u8 cmd,
16255 const u8 *addr, gfp_t gfp)
16256 {
16257 struct wireless_dev *wdev = dev->ieee80211_ptr;
16258 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
16259 struct sk_buff *msg;
16260 void *hdr;
16261 u32 nlportid = READ_ONCE(wdev->ap_unexpected_nlportid);
16262
16263 if (!nlportid)
16264 return false;
16265
16266 msg = nlmsg_new(100, gfp);
16267 if (!msg)
16268 return true;
16269
16270 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
16271 if (!hdr) {
16272 nlmsg_free(msg);
16273 return true;
16274 }
16275
16276 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16277 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
16278 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
16279 goto nla_put_failure;
16280
16281 genlmsg_end(msg, hdr);
16282 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
16283 return true;
16284
16285 nla_put_failure:
16286 nlmsg_free(msg);
16287 return true;
16288 }
16289
16290 bool cfg80211_rx_spurious_frame(struct net_device *dev,
16291 const u8 *addr, gfp_t gfp)
16292 {
16293 struct wireless_dev *wdev = dev->ieee80211_ptr;
16294 bool ret;
16295
16296 trace_cfg80211_rx_spurious_frame(dev, addr);
16297
16298 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
16299 wdev->iftype != NL80211_IFTYPE_P2P_GO)) {
16300 trace_cfg80211_return_bool(false);
16301 return false;
16302 }
16303 ret = __nl80211_unexpected_frame(dev, NL80211_CMD_UNEXPECTED_FRAME,
16304 addr, gfp);
16305 trace_cfg80211_return_bool(ret);
16306 return ret;
16307 }
16308 EXPORT_SYMBOL(cfg80211_rx_spurious_frame);
16309
16310 bool cfg80211_rx_unexpected_4addr_frame(struct net_device *dev,
16311 const u8 *addr, gfp_t gfp)
16312 {
16313 struct wireless_dev *wdev = dev->ieee80211_ptr;
16314 bool ret;
16315
16316 trace_cfg80211_rx_unexpected_4addr_frame(dev, addr);
16317
16318 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
16319 wdev->iftype != NL80211_IFTYPE_P2P_GO &&
16320 wdev->iftype != NL80211_IFTYPE_AP_VLAN)) {
16321 trace_cfg80211_return_bool(false);
16322 return false;
16323 }
16324 ret = __nl80211_unexpected_frame(dev,
16325 NL80211_CMD_UNEXPECTED_4ADDR_FRAME,
16326 addr, gfp);
16327 trace_cfg80211_return_bool(ret);
16328 return ret;
16329 }
16330 EXPORT_SYMBOL(cfg80211_rx_unexpected_4addr_frame);
16331
16332 int nl80211_send_mgmt(struct cfg80211_registered_device *rdev,
16333 struct wireless_dev *wdev, u32 nlportid,
16334 int freq, int sig_dbm,
16335 const u8 *buf, size_t len, u32 flags, gfp_t gfp)
16336 {
16337 struct net_device *netdev = wdev->netdev;
16338 struct sk_buff *msg;
16339 void *hdr;
16340
16341 msg = nlmsg_new(100 + len, gfp);
16342 if (!msg)
16343 return -ENOMEM;
16344
16345 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
16346 if (!hdr) {
16347 nlmsg_free(msg);
16348 return -ENOMEM;
16349 }
16350
16351 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16352 (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
16353 netdev->ifindex)) ||
16354 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
16355 NL80211_ATTR_PAD) ||
16356 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, KHZ_TO_MHZ(freq)) ||
16357 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ_OFFSET, freq % 1000) ||
16358 (sig_dbm &&
16359 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) ||
16360 nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
16361 (flags &&
16362 nla_put_u32(msg, NL80211_ATTR_RXMGMT_FLAGS, flags)))
16363 goto nla_put_failure;
16364
16365 genlmsg_end(msg, hdr);
16366
16367 return genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
16368
16369 nla_put_failure:
16370 nlmsg_free(msg);
16371 return -ENOBUFS;
16372 }
16373
16374 static void nl80211_frame_tx_status(struct wireless_dev *wdev, u64 cookie,
16375 const u8 *buf, size_t len, bool ack,
16376 gfp_t gfp, enum nl80211_commands command)
16377 {
16378 struct wiphy *wiphy = wdev->wiphy;
16379 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16380 struct net_device *netdev = wdev->netdev;
16381 struct sk_buff *msg;
16382 void *hdr;
16383
16384 if (command == NL80211_CMD_FRAME_TX_STATUS)
16385 trace_cfg80211_mgmt_tx_status(wdev, cookie, ack);
16386 else
16387 trace_cfg80211_control_port_tx_status(wdev, cookie, ack);
16388
16389 msg = nlmsg_new(100 + len, gfp);
16390 if (!msg)
16391 return;
16392
16393 hdr = nl80211hdr_put(msg, 0, 0, 0, command);
16394 if (!hdr) {
16395 nlmsg_free(msg);
16396 return;
16397 }
16398
16399 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16400 (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
16401 netdev->ifindex)) ||
16402 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
16403 NL80211_ATTR_PAD) ||
16404 nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
16405 nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
16406 NL80211_ATTR_PAD) ||
16407 (ack && nla_put_flag(msg, NL80211_ATTR_ACK)))
16408 goto nla_put_failure;
16409
16410 genlmsg_end(msg, hdr);
16411
16412 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16413 NL80211_MCGRP_MLME, gfp);
16414 return;
16415
16416 nla_put_failure:
16417 nlmsg_free(msg);
16418 }
16419
16420 void cfg80211_control_port_tx_status(struct wireless_dev *wdev, u64 cookie,
16421 const u8 *buf, size_t len, bool ack,
16422 gfp_t gfp)
16423 {
16424 nl80211_frame_tx_status(wdev, cookie, buf, len, ack, gfp,
16425 NL80211_CMD_CONTROL_PORT_FRAME_TX_STATUS);
16426 }
16427 EXPORT_SYMBOL(cfg80211_control_port_tx_status);
16428
16429 void cfg80211_mgmt_tx_status(struct wireless_dev *wdev, u64 cookie,
16430 const u8 *buf, size_t len, bool ack, gfp_t gfp)
16431 {
16432 nl80211_frame_tx_status(wdev, cookie, buf, len, ack, gfp,
16433 NL80211_CMD_FRAME_TX_STATUS);
16434 }
16435 EXPORT_SYMBOL(cfg80211_mgmt_tx_status);
16436
16437 static int __nl80211_rx_control_port(struct net_device *dev,
16438 struct sk_buff *skb,
16439 bool unencrypted, gfp_t gfp)
16440 {
16441 struct wireless_dev *wdev = dev->ieee80211_ptr;
16442 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
16443 struct ethhdr *ehdr = eth_hdr(skb);
16444 const u8 *addr = ehdr->h_source;
16445 u16 proto = be16_to_cpu(skb->protocol);
16446 struct sk_buff *msg;
16447 void *hdr;
16448 struct nlattr *frame;
16449
16450 u32 nlportid = READ_ONCE(wdev->conn_owner_nlportid);
16451
16452 if (!nlportid)
16453 return -ENOENT;
16454
16455 msg = nlmsg_new(100 + skb->len, gfp);
16456 if (!msg)
16457 return -ENOMEM;
16458
16459 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONTROL_PORT_FRAME);
16460 if (!hdr) {
16461 nlmsg_free(msg);
16462 return -ENOBUFS;
16463 }
16464
16465 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16466 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
16467 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
16468 NL80211_ATTR_PAD) ||
16469 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
16470 nla_put_u16(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE, proto) ||
16471 (unencrypted && nla_put_flag(msg,
16472 NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT)))
16473 goto nla_put_failure;
16474
16475 frame = nla_reserve(msg, NL80211_ATTR_FRAME, skb->len);
16476 if (!frame)
16477 goto nla_put_failure;
16478
16479 skb_copy_bits(skb, 0, nla_data(frame), skb->len);
16480 genlmsg_end(msg, hdr);
16481
16482 return genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
16483
16484 nla_put_failure:
16485 nlmsg_free(msg);
16486 return -ENOBUFS;
16487 }
16488
16489 bool cfg80211_rx_control_port(struct net_device *dev,
16490 struct sk_buff *skb, bool unencrypted)
16491 {
16492 int ret;
16493
16494 trace_cfg80211_rx_control_port(dev, skb, unencrypted);
16495 ret = __nl80211_rx_control_port(dev, skb, unencrypted, GFP_ATOMIC);
16496 trace_cfg80211_return_bool(ret == 0);
16497 return ret == 0;
16498 }
16499 EXPORT_SYMBOL(cfg80211_rx_control_port);
16500
16501 static struct sk_buff *cfg80211_prepare_cqm(struct net_device *dev,
16502 const char *mac, gfp_t gfp)
16503 {
16504 struct wireless_dev *wdev = dev->ieee80211_ptr;
16505 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
16506 struct sk_buff *msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16507 void **cb;
16508
16509 if (!msg)
16510 return NULL;
16511
16512 cb = (void **)msg->cb;
16513
16514 cb[0] = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM);
16515 if (!cb[0]) {
16516 nlmsg_free(msg);
16517 return NULL;
16518 }
16519
16520 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16521 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
16522 goto nla_put_failure;
16523
16524 if (mac && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac))
16525 goto nla_put_failure;
16526
16527 cb[1] = nla_nest_start_noflag(msg, NL80211_ATTR_CQM);
16528 if (!cb[1])
16529 goto nla_put_failure;
16530
16531 cb[2] = rdev;
16532
16533 return msg;
16534 nla_put_failure:
16535 nlmsg_free(msg);
16536 return NULL;
16537 }
16538
16539 static void cfg80211_send_cqm(struct sk_buff *msg, gfp_t gfp)
16540 {
16541 void **cb = (void **)msg->cb;
16542 struct cfg80211_registered_device *rdev = cb[2];
16543
16544 nla_nest_end(msg, cb[1]);
16545 genlmsg_end(msg, cb[0]);
16546
16547 memset(msg->cb, 0, sizeof(msg->cb));
16548
16549 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16550 NL80211_MCGRP_MLME, gfp);
16551 }
16552
16553 void cfg80211_cqm_rssi_notify(struct net_device *dev,
16554 enum nl80211_cqm_rssi_threshold_event rssi_event,
16555 s32 rssi_level, gfp_t gfp)
16556 {
16557 struct sk_buff *msg;
16558 struct wireless_dev *wdev = dev->ieee80211_ptr;
16559 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
16560
16561 trace_cfg80211_cqm_rssi_notify(dev, rssi_event, rssi_level);
16562
16563 if (WARN_ON(rssi_event != NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW &&
16564 rssi_event != NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH))
16565 return;
16566
16567 if (wdev->cqm_config) {
16568 wdev->cqm_config->last_rssi_event_value = rssi_level;
16569
16570 cfg80211_cqm_rssi_update(rdev, dev);
16571
16572 if (rssi_level == 0)
16573 rssi_level = wdev->cqm_config->last_rssi_event_value;
16574 }
16575
16576 msg = cfg80211_prepare_cqm(dev, NULL, gfp);
16577 if (!msg)
16578 return;
16579
16580 if (nla_put_u32(msg, NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT,
16581 rssi_event))
16582 goto nla_put_failure;
16583
16584 if (rssi_level && nla_put_s32(msg, NL80211_ATTR_CQM_RSSI_LEVEL,
16585 rssi_level))
16586 goto nla_put_failure;
16587
16588 cfg80211_send_cqm(msg, gfp);
16589
16590 return;
16591
16592 nla_put_failure:
16593 nlmsg_free(msg);
16594 }
16595 EXPORT_SYMBOL(cfg80211_cqm_rssi_notify);
16596
16597 void cfg80211_cqm_txe_notify(struct net_device *dev,
16598 const u8 *peer, u32 num_packets,
16599 u32 rate, u32 intvl, gfp_t gfp)
16600 {
16601 struct sk_buff *msg;
16602
16603 msg = cfg80211_prepare_cqm(dev, peer, gfp);
16604 if (!msg)
16605 return;
16606
16607 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_PKTS, num_packets))
16608 goto nla_put_failure;
16609
16610 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_RATE, rate))
16611 goto nla_put_failure;
16612
16613 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_INTVL, intvl))
16614 goto nla_put_failure;
16615
16616 cfg80211_send_cqm(msg, gfp);
16617 return;
16618
16619 nla_put_failure:
16620 nlmsg_free(msg);
16621 }
16622 EXPORT_SYMBOL(cfg80211_cqm_txe_notify);
16623
16624 void cfg80211_cqm_pktloss_notify(struct net_device *dev,
16625 const u8 *peer, u32 num_packets, gfp_t gfp)
16626 {
16627 struct sk_buff *msg;
16628
16629 trace_cfg80211_cqm_pktloss_notify(dev, peer, num_packets);
16630
16631 msg = cfg80211_prepare_cqm(dev, peer, gfp);
16632 if (!msg)
16633 return;
16634
16635 if (nla_put_u32(msg, NL80211_ATTR_CQM_PKT_LOSS_EVENT, num_packets))
16636 goto nla_put_failure;
16637
16638 cfg80211_send_cqm(msg, gfp);
16639 return;
16640
16641 nla_put_failure:
16642 nlmsg_free(msg);
16643 }
16644 EXPORT_SYMBOL(cfg80211_cqm_pktloss_notify);
16645
16646 void cfg80211_cqm_beacon_loss_notify(struct net_device *dev, gfp_t gfp)
16647 {
16648 struct sk_buff *msg;
16649
16650 msg = cfg80211_prepare_cqm(dev, NULL, gfp);
16651 if (!msg)
16652 return;
16653
16654 if (nla_put_flag(msg, NL80211_ATTR_CQM_BEACON_LOSS_EVENT))
16655 goto nla_put_failure;
16656
16657 cfg80211_send_cqm(msg, gfp);
16658 return;
16659
16660 nla_put_failure:
16661 nlmsg_free(msg);
16662 }
16663 EXPORT_SYMBOL(cfg80211_cqm_beacon_loss_notify);
16664
16665 static void nl80211_gtk_rekey_notify(struct cfg80211_registered_device *rdev,
16666 struct net_device *netdev, const u8 *bssid,
16667 const u8 *replay_ctr, gfp_t gfp)
16668 {
16669 struct sk_buff *msg;
16670 struct nlattr *rekey_attr;
16671 void *hdr;
16672
16673 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16674 if (!msg)
16675 return;
16676
16677 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_REKEY_OFFLOAD);
16678 if (!hdr) {
16679 nlmsg_free(msg);
16680 return;
16681 }
16682
16683 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16684 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
16685 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
16686 goto nla_put_failure;
16687
16688 rekey_attr = nla_nest_start_noflag(msg, NL80211_ATTR_REKEY_DATA);
16689 if (!rekey_attr)
16690 goto nla_put_failure;
16691
16692 if (nla_put(msg, NL80211_REKEY_DATA_REPLAY_CTR,
16693 NL80211_REPLAY_CTR_LEN, replay_ctr))
16694 goto nla_put_failure;
16695
16696 nla_nest_end(msg, rekey_attr);
16697
16698 genlmsg_end(msg, hdr);
16699
16700 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16701 NL80211_MCGRP_MLME, gfp);
16702 return;
16703
16704 nla_put_failure:
16705 nlmsg_free(msg);
16706 }
16707
16708 void cfg80211_gtk_rekey_notify(struct net_device *dev, const u8 *bssid,
16709 const u8 *replay_ctr, gfp_t gfp)
16710 {
16711 struct wireless_dev *wdev = dev->ieee80211_ptr;
16712 struct wiphy *wiphy = wdev->wiphy;
16713 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16714
16715 trace_cfg80211_gtk_rekey_notify(dev, bssid);
16716 nl80211_gtk_rekey_notify(rdev, dev, bssid, replay_ctr, gfp);
16717 }
16718 EXPORT_SYMBOL(cfg80211_gtk_rekey_notify);
16719
16720 static void
16721 nl80211_pmksa_candidate_notify(struct cfg80211_registered_device *rdev,
16722 struct net_device *netdev, int index,
16723 const u8 *bssid, bool preauth, gfp_t gfp)
16724 {
16725 struct sk_buff *msg;
16726 struct nlattr *attr;
16727 void *hdr;
16728
16729 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16730 if (!msg)
16731 return;
16732
16733 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PMKSA_CANDIDATE);
16734 if (!hdr) {
16735 nlmsg_free(msg);
16736 return;
16737 }
16738
16739 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16740 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
16741 goto nla_put_failure;
16742
16743 attr = nla_nest_start_noflag(msg, NL80211_ATTR_PMKSA_CANDIDATE);
16744 if (!attr)
16745 goto nla_put_failure;
16746
16747 if (nla_put_u32(msg, NL80211_PMKSA_CANDIDATE_INDEX, index) ||
16748 nla_put(msg, NL80211_PMKSA_CANDIDATE_BSSID, ETH_ALEN, bssid) ||
16749 (preauth &&
16750 nla_put_flag(msg, NL80211_PMKSA_CANDIDATE_PREAUTH)))
16751 goto nla_put_failure;
16752
16753 nla_nest_end(msg, attr);
16754
16755 genlmsg_end(msg, hdr);
16756
16757 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16758 NL80211_MCGRP_MLME, gfp);
16759 return;
16760
16761 nla_put_failure:
16762 nlmsg_free(msg);
16763 }
16764
16765 void cfg80211_pmksa_candidate_notify(struct net_device *dev, int index,
16766 const u8 *bssid, bool preauth, gfp_t gfp)
16767 {
16768 struct wireless_dev *wdev = dev->ieee80211_ptr;
16769 struct wiphy *wiphy = wdev->wiphy;
16770 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16771
16772 trace_cfg80211_pmksa_candidate_notify(dev, index, bssid, preauth);
16773 nl80211_pmksa_candidate_notify(rdev, dev, index, bssid, preauth, gfp);
16774 }
16775 EXPORT_SYMBOL(cfg80211_pmksa_candidate_notify);
16776
16777 static void nl80211_ch_switch_notify(struct cfg80211_registered_device *rdev,
16778 struct net_device *netdev,
16779 struct cfg80211_chan_def *chandef,
16780 gfp_t gfp,
16781 enum nl80211_commands notif,
16782 u8 count)
16783 {
16784 struct sk_buff *msg;
16785 void *hdr;
16786
16787 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16788 if (!msg)
16789 return;
16790
16791 hdr = nl80211hdr_put(msg, 0, 0, 0, notif);
16792 if (!hdr) {
16793 nlmsg_free(msg);
16794 return;
16795 }
16796
16797 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
16798 goto nla_put_failure;
16799
16800 if (nl80211_send_chandef(msg, chandef))
16801 goto nla_put_failure;
16802
16803 if ((notif == NL80211_CMD_CH_SWITCH_STARTED_NOTIFY) &&
16804 (nla_put_u32(msg, NL80211_ATTR_CH_SWITCH_COUNT, count)))
16805 goto nla_put_failure;
16806
16807 genlmsg_end(msg, hdr);
16808
16809 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16810 NL80211_MCGRP_MLME, gfp);
16811 return;
16812
16813 nla_put_failure:
16814 nlmsg_free(msg);
16815 }
16816
16817 void cfg80211_ch_switch_notify(struct net_device *dev,
16818 struct cfg80211_chan_def *chandef)
16819 {
16820 struct wireless_dev *wdev = dev->ieee80211_ptr;
16821 struct wiphy *wiphy = wdev->wiphy;
16822 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16823
16824 ASSERT_WDEV_LOCK(wdev);
16825
16826 trace_cfg80211_ch_switch_notify(dev, chandef);
16827
16828 wdev->chandef = *chandef;
16829 wdev->preset_chandef = *chandef;
16830
16831 if (wdev->iftype == NL80211_IFTYPE_STATION &&
16832 !WARN_ON(!wdev->current_bss))
16833 cfg80211_update_assoc_bss_entry(wdev, chandef->chan);
16834
16835 cfg80211_sched_dfs_chan_update(rdev);
16836
16837 nl80211_ch_switch_notify(rdev, dev, chandef, GFP_KERNEL,
16838 NL80211_CMD_CH_SWITCH_NOTIFY, 0);
16839 }
16840 EXPORT_SYMBOL(cfg80211_ch_switch_notify);
16841
16842 void cfg80211_ch_switch_started_notify(struct net_device *dev,
16843 struct cfg80211_chan_def *chandef,
16844 u8 count)
16845 {
16846 struct wireless_dev *wdev = dev->ieee80211_ptr;
16847 struct wiphy *wiphy = wdev->wiphy;
16848 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16849
16850 trace_cfg80211_ch_switch_started_notify(dev, chandef);
16851
16852 nl80211_ch_switch_notify(rdev, dev, chandef, GFP_KERNEL,
16853 NL80211_CMD_CH_SWITCH_STARTED_NOTIFY, count);
16854 }
16855 EXPORT_SYMBOL(cfg80211_ch_switch_started_notify);
16856
16857 void
16858 nl80211_radar_notify(struct cfg80211_registered_device *rdev,
16859 const struct cfg80211_chan_def *chandef,
16860 enum nl80211_radar_event event,
16861 struct net_device *netdev, gfp_t gfp)
16862 {
16863 struct sk_buff *msg;
16864 void *hdr;
16865
16866 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16867 if (!msg)
16868 return;
16869
16870 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_RADAR_DETECT);
16871 if (!hdr) {
16872 nlmsg_free(msg);
16873 return;
16874 }
16875
16876 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
16877 goto nla_put_failure;
16878
16879 /* NOP and radar events don't need a netdev parameter */
16880 if (netdev) {
16881 struct wireless_dev *wdev = netdev->ieee80211_ptr;
16882
16883 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
16884 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
16885 NL80211_ATTR_PAD))
16886 goto nla_put_failure;
16887 }
16888
16889 if (nla_put_u32(msg, NL80211_ATTR_RADAR_EVENT, event))
16890 goto nla_put_failure;
16891
16892 if (nl80211_send_chandef(msg, chandef))
16893 goto nla_put_failure;
16894
16895 genlmsg_end(msg, hdr);
16896
16897 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16898 NL80211_MCGRP_MLME, gfp);
16899 return;
16900
16901 nla_put_failure:
16902 nlmsg_free(msg);
16903 }
16904
16905 void cfg80211_sta_opmode_change_notify(struct net_device *dev, const u8 *mac,
16906 struct sta_opmode_info *sta_opmode,
16907 gfp_t gfp)
16908 {
16909 struct sk_buff *msg;
16910 struct wireless_dev *wdev = dev->ieee80211_ptr;
16911 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
16912 void *hdr;
16913
16914 if (WARN_ON(!mac))
16915 return;
16916
16917 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16918 if (!msg)
16919 return;
16920
16921 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_STA_OPMODE_CHANGED);
16922 if (!hdr) {
16923 nlmsg_free(msg);
16924 return;
16925 }
16926
16927 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
16928 goto nla_put_failure;
16929
16930 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
16931 goto nla_put_failure;
16932
16933 if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac))
16934 goto nla_put_failure;
16935
16936 if ((sta_opmode->changed & STA_OPMODE_SMPS_MODE_CHANGED) &&
16937 nla_put_u8(msg, NL80211_ATTR_SMPS_MODE, sta_opmode->smps_mode))
16938 goto nla_put_failure;
16939
16940 if ((sta_opmode->changed & STA_OPMODE_MAX_BW_CHANGED) &&
16941 nla_put_u32(msg, NL80211_ATTR_CHANNEL_WIDTH, sta_opmode->bw))
16942 goto nla_put_failure;
16943
16944 if ((sta_opmode->changed & STA_OPMODE_N_SS_CHANGED) &&
16945 nla_put_u8(msg, NL80211_ATTR_NSS, sta_opmode->rx_nss))
16946 goto nla_put_failure;
16947
16948 genlmsg_end(msg, hdr);
16949
16950 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16951 NL80211_MCGRP_MLME, gfp);
16952
16953 return;
16954
16955 nla_put_failure:
16956 nlmsg_free(msg);
16957 }
16958 EXPORT_SYMBOL(cfg80211_sta_opmode_change_notify);
16959
16960 void cfg80211_probe_status(struct net_device *dev, const u8 *addr,
16961 u64 cookie, bool acked, s32 ack_signal,
16962 bool is_valid_ack_signal, gfp_t gfp)
16963 {
16964 struct wireless_dev *wdev = dev->ieee80211_ptr;
16965 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
16966 struct sk_buff *msg;
16967 void *hdr;
16968
16969 trace_cfg80211_probe_status(dev, addr, cookie, acked);
16970
16971 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16972
16973 if (!msg)
16974 return;
16975
16976 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PROBE_CLIENT);
16977 if (!hdr) {
16978 nlmsg_free(msg);
16979 return;
16980 }
16981
16982 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16983 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
16984 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
16985 nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
16986 NL80211_ATTR_PAD) ||
16987 (acked && nla_put_flag(msg, NL80211_ATTR_ACK)) ||
16988 (is_valid_ack_signal && nla_put_s32(msg, NL80211_ATTR_ACK_SIGNAL,
16989 ack_signal)))
16990 goto nla_put_failure;
16991
16992 genlmsg_end(msg, hdr);
16993
16994 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16995 NL80211_MCGRP_MLME, gfp);
16996 return;
16997
16998 nla_put_failure:
16999 nlmsg_free(msg);
17000 }
17001 EXPORT_SYMBOL(cfg80211_probe_status);
17002
17003 void cfg80211_report_obss_beacon_khz(struct wiphy *wiphy, const u8 *frame,
17004 size_t len, int freq, int sig_dbm)
17005 {
17006 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
17007 struct sk_buff *msg;
17008 void *hdr;
17009 struct cfg80211_beacon_registration *reg;
17010
17011 trace_cfg80211_report_obss_beacon(wiphy, frame, len, freq, sig_dbm);
17012
17013 spin_lock_bh(&rdev->beacon_registrations_lock);
17014 list_for_each_entry(reg, &rdev->beacon_registrations, list) {
17015 msg = nlmsg_new(len + 100, GFP_ATOMIC);
17016 if (!msg) {
17017 spin_unlock_bh(&rdev->beacon_registrations_lock);
17018 return;
17019 }
17020
17021 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
17022 if (!hdr)
17023 goto nla_put_failure;
17024
17025 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
17026 (freq &&
17027 (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ,
17028 KHZ_TO_MHZ(freq)) ||
17029 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ_OFFSET,
17030 freq % 1000))) ||
17031 (sig_dbm &&
17032 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) ||
17033 nla_put(msg, NL80211_ATTR_FRAME, len, frame))
17034 goto nla_put_failure;
17035
17036 genlmsg_end(msg, hdr);
17037
17038 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, reg->nlportid);
17039 }
17040 spin_unlock_bh(&rdev->beacon_registrations_lock);
17041 return;
17042
17043 nla_put_failure:
17044 spin_unlock_bh(&rdev->beacon_registrations_lock);
17045 nlmsg_free(msg);
17046 }
17047 EXPORT_SYMBOL(cfg80211_report_obss_beacon_khz);
17048
17049 #ifdef CONFIG_PM
17050 static int cfg80211_net_detect_results(struct sk_buff *msg,
17051 struct cfg80211_wowlan_wakeup *wakeup)
17052 {
17053 struct cfg80211_wowlan_nd_info *nd = wakeup->net_detect;
17054 struct nlattr *nl_results, *nl_match, *nl_freqs;
17055 int i, j;
17056
17057 nl_results = nla_nest_start_noflag(msg,
17058 NL80211_WOWLAN_TRIG_NET_DETECT_RESULTS);
17059 if (!nl_results)
17060 return -EMSGSIZE;
17061
17062 for (i = 0; i < nd->n_matches; i++) {
17063 struct cfg80211_wowlan_nd_match *match = nd->matches[i];
17064
17065 nl_match = nla_nest_start_noflag(msg, i);
17066 if (!nl_match)
17067 break;
17068
17069 /* The SSID attribute is optional in nl80211, but for
17070 * simplicity reasons it's always present in the
17071 * cfg80211 structure. If a driver can't pass the
17072 * SSID, that needs to be changed. A zero length SSID
17073 * is still a valid SSID (wildcard), so it cannot be
17074 * used for this purpose.
17075 */
17076 if (nla_put(msg, NL80211_ATTR_SSID, match->ssid.ssid_len,
17077 match->ssid.ssid)) {
17078 nla_nest_cancel(msg, nl_match);
17079 goto out;
17080 }
17081
17082 if (match->n_channels) {
17083 nl_freqs = nla_nest_start_noflag(msg,
17084 NL80211_ATTR_SCAN_FREQUENCIES);
17085 if (!nl_freqs) {
17086 nla_nest_cancel(msg, nl_match);
17087 goto out;
17088 }
17089
17090 for (j = 0; j < match->n_channels; j++) {
17091 if (nla_put_u32(msg, j, match->channels[j])) {
17092 nla_nest_cancel(msg, nl_freqs);
17093 nla_nest_cancel(msg, nl_match);
17094 goto out;
17095 }
17096 }
17097
17098 nla_nest_end(msg, nl_freqs);
17099 }
17100
17101 nla_nest_end(msg, nl_match);
17102 }
17103
17104 out:
17105 nla_nest_end(msg, nl_results);
17106 return 0;
17107 }
17108
17109 void cfg80211_report_wowlan_wakeup(struct wireless_dev *wdev,
17110 struct cfg80211_wowlan_wakeup *wakeup,
17111 gfp_t gfp)
17112 {
17113 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
17114 struct sk_buff *msg;
17115 void *hdr;
17116 int size = 200;
17117
17118 trace_cfg80211_report_wowlan_wakeup(wdev->wiphy, wdev, wakeup);
17119
17120 if (wakeup)
17121 size += wakeup->packet_present_len;
17122
17123 msg = nlmsg_new(size, gfp);
17124 if (!msg)
17125 return;
17126
17127 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_WOWLAN);
17128 if (!hdr)
17129 goto free_msg;
17130
17131 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
17132 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
17133 NL80211_ATTR_PAD))
17134 goto free_msg;
17135
17136 if (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
17137 wdev->netdev->ifindex))
17138 goto free_msg;
17139
17140 if (wakeup) {
17141 struct nlattr *reasons;
17142
17143 reasons = nla_nest_start_noflag(msg,
17144 NL80211_ATTR_WOWLAN_TRIGGERS);
17145 if (!reasons)
17146 goto free_msg;
17147
17148 if (wakeup->disconnect &&
17149 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT))
17150 goto free_msg;
17151 if (wakeup->magic_pkt &&
17152 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT))
17153 goto free_msg;
17154 if (wakeup->gtk_rekey_failure &&
17155 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE))
17156 goto free_msg;
17157 if (wakeup->eap_identity_req &&
17158 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST))
17159 goto free_msg;
17160 if (wakeup->four_way_handshake &&
17161 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE))
17162 goto free_msg;
17163 if (wakeup->rfkill_release &&
17164 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE))
17165 goto free_msg;
17166
17167 if (wakeup->pattern_idx >= 0 &&
17168 nla_put_u32(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
17169 wakeup->pattern_idx))
17170 goto free_msg;
17171
17172 if (wakeup->tcp_match &&
17173 nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_MATCH))
17174 goto free_msg;
17175
17176 if (wakeup->tcp_connlost &&
17177 nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_CONNLOST))
17178 goto free_msg;
17179
17180 if (wakeup->tcp_nomoretokens &&
17181 nla_put_flag(msg,
17182 NL80211_WOWLAN_TRIG_WAKEUP_TCP_NOMORETOKENS))
17183 goto free_msg;
17184
17185 if (wakeup->packet) {
17186 u32 pkt_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211;
17187 u32 len_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211_LEN;
17188
17189 if (!wakeup->packet_80211) {
17190 pkt_attr =
17191 NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023;
17192 len_attr =
17193 NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023_LEN;
17194 }
17195
17196 if (wakeup->packet_len &&
17197 nla_put_u32(msg, len_attr, wakeup->packet_len))
17198 goto free_msg;
17199
17200 if (nla_put(msg, pkt_attr, wakeup->packet_present_len,
17201 wakeup->packet))
17202 goto free_msg;
17203 }
17204
17205 if (wakeup->net_detect &&
17206 cfg80211_net_detect_results(msg, wakeup))
17207 goto free_msg;
17208
17209 nla_nest_end(msg, reasons);
17210 }
17211
17212 genlmsg_end(msg, hdr);
17213
17214 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
17215 NL80211_MCGRP_MLME, gfp);
17216 return;
17217
17218 free_msg:
17219 nlmsg_free(msg);
17220 }
17221 EXPORT_SYMBOL(cfg80211_report_wowlan_wakeup);
17222 #endif
17223
17224 void cfg80211_tdls_oper_request(struct net_device *dev, const u8 *peer,
17225 enum nl80211_tdls_operation oper,
17226 u16 reason_code, gfp_t gfp)
17227 {
17228 struct wireless_dev *wdev = dev->ieee80211_ptr;
17229 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
17230 struct sk_buff *msg;
17231 void *hdr;
17232
17233 trace_cfg80211_tdls_oper_request(wdev->wiphy, dev, peer, oper,
17234 reason_code);
17235
17236 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
17237 if (!msg)
17238 return;
17239
17240 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_TDLS_OPER);
17241 if (!hdr) {
17242 nlmsg_free(msg);
17243 return;
17244 }
17245
17246 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
17247 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
17248 nla_put_u8(msg, NL80211_ATTR_TDLS_OPERATION, oper) ||
17249 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer) ||
17250 (reason_code > 0 &&
17251 nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason_code)))
17252 goto nla_put_failure;
17253
17254 genlmsg_end(msg, hdr);
17255
17256 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
17257 NL80211_MCGRP_MLME, gfp);
17258 return;
17259
17260 nla_put_failure:
17261 nlmsg_free(msg);
17262 }
17263 EXPORT_SYMBOL(cfg80211_tdls_oper_request);
17264
17265 static int nl80211_netlink_notify(struct notifier_block * nb,
17266 unsigned long state,
17267 void *_notify)
17268 {
17269 struct netlink_notify *notify = _notify;
17270 struct cfg80211_registered_device *rdev;
17271 struct wireless_dev *wdev;
17272 struct cfg80211_beacon_registration *reg, *tmp;
17273
17274 if (state != NETLINK_URELEASE || notify->protocol != NETLINK_GENERIC)
17275 return NOTIFY_DONE;
17276
17277 rcu_read_lock();
17278
17279 list_for_each_entry_rcu(rdev, &cfg80211_rdev_list, list) {
17280 struct cfg80211_sched_scan_request *sched_scan_req;
17281
17282 list_for_each_entry_rcu(sched_scan_req,
17283 &rdev->sched_scan_req_list,
17284 list) {
17285 if (sched_scan_req->owner_nlportid == notify->portid) {
17286 sched_scan_req->nl_owner_dead = true;
17287 schedule_work(&rdev->sched_scan_stop_wk);
17288 }
17289 }
17290
17291 list_for_each_entry_rcu(wdev, &rdev->wiphy.wdev_list, list) {
17292 cfg80211_mlme_unregister_socket(wdev, notify->portid);
17293
17294 if (wdev->owner_nlportid == notify->portid) {
17295 wdev->nl_owner_dead = true;
17296 schedule_work(&rdev->destroy_work);
17297 } else if (wdev->conn_owner_nlportid == notify->portid) {
17298 schedule_work(&wdev->disconnect_wk);
17299 }
17300
17301 cfg80211_release_pmsr(wdev, notify->portid);
17302 }
17303
17304 spin_lock_bh(&rdev->beacon_registrations_lock);
17305 list_for_each_entry_safe(reg, tmp, &rdev->beacon_registrations,
17306 list) {
17307 if (reg->nlportid == notify->portid) {
17308 list_del(&reg->list);
17309 kfree(reg);
17310 break;
17311 }
17312 }
17313 spin_unlock_bh(&rdev->beacon_registrations_lock);
17314 }
17315
17316 rcu_read_unlock();
17317
17318 /*
17319 * It is possible that the user space process that is controlling the
17320 * indoor setting disappeared, so notify the regulatory core.
17321 */
17322 regulatory_netlink_notify(notify->portid);
17323 return NOTIFY_OK;
17324 }
17325
17326 static struct notifier_block nl80211_netlink_notifier = {
17327 .notifier_call = nl80211_netlink_notify,
17328 };
17329
17330 void cfg80211_ft_event(struct net_device *netdev,
17331 struct cfg80211_ft_event_params *ft_event)
17332 {
17333 struct wiphy *wiphy = netdev->ieee80211_ptr->wiphy;
17334 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
17335 struct sk_buff *msg;
17336 void *hdr;
17337
17338 trace_cfg80211_ft_event(wiphy, netdev, ft_event);
17339
17340 if (!ft_event->target_ap)
17341 return;
17342
17343 msg = nlmsg_new(100 + ft_event->ies_len + ft_event->ric_ies_len,
17344 GFP_KERNEL);
17345 if (!msg)
17346 return;
17347
17348 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FT_EVENT);
17349 if (!hdr)
17350 goto out;
17351
17352 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
17353 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
17354 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, ft_event->target_ap))
17355 goto out;
17356
17357 if (ft_event->ies &&
17358 nla_put(msg, NL80211_ATTR_IE, ft_event->ies_len, ft_event->ies))
17359 goto out;
17360 if (ft_event->ric_ies &&
17361 nla_put(msg, NL80211_ATTR_IE_RIC, ft_event->ric_ies_len,
17362 ft_event->ric_ies))
17363 goto out;
17364
17365 genlmsg_end(msg, hdr);
17366
17367 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
17368 NL80211_MCGRP_MLME, GFP_KERNEL);
17369 return;
17370 out:
17371 nlmsg_free(msg);
17372 }
17373 EXPORT_SYMBOL(cfg80211_ft_event);
17374
17375 void cfg80211_crit_proto_stopped(struct wireless_dev *wdev, gfp_t gfp)
17376 {
17377 struct cfg80211_registered_device *rdev;
17378 struct sk_buff *msg;
17379 void *hdr;
17380 u32 nlportid;
17381
17382 rdev = wiphy_to_rdev(wdev->wiphy);
17383 if (!rdev->crit_proto_nlportid)
17384 return;
17385
17386 nlportid = rdev->crit_proto_nlportid;
17387 rdev->crit_proto_nlportid = 0;
17388
17389 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
17390 if (!msg)
17391 return;
17392
17393 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CRIT_PROTOCOL_STOP);
17394 if (!hdr)
17395 goto nla_put_failure;
17396
17397 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
17398 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
17399 NL80211_ATTR_PAD))
17400 goto nla_put_failure;
17401
17402 genlmsg_end(msg, hdr);
17403
17404 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
17405 return;
17406
17407 nla_put_failure:
17408 nlmsg_free(msg);
17409 }
17410 EXPORT_SYMBOL(cfg80211_crit_proto_stopped);
17411
17412 void nl80211_send_ap_stopped(struct wireless_dev *wdev)
17413 {
17414 struct wiphy *wiphy = wdev->wiphy;
17415 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
17416 struct sk_buff *msg;
17417 void *hdr;
17418
17419 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
17420 if (!msg)
17421 return;
17422
17423 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_STOP_AP);
17424 if (!hdr)
17425 goto out;
17426
17427 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
17428 nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex) ||
17429 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
17430 NL80211_ATTR_PAD))
17431 goto out;
17432
17433 genlmsg_end(msg, hdr);
17434
17435 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(wiphy), msg, 0,
17436 NL80211_MCGRP_MLME, GFP_KERNEL);
17437 return;
17438 out:
17439 nlmsg_free(msg);
17440 }
17441
17442 int cfg80211_external_auth_request(struct net_device *dev,
17443 struct cfg80211_external_auth_params *params,
17444 gfp_t gfp)
17445 {
17446 struct wireless_dev *wdev = dev->ieee80211_ptr;
17447 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
17448 struct sk_buff *msg;
17449 void *hdr;
17450
17451 if (!wdev->conn_owner_nlportid)
17452 return -EINVAL;
17453
17454 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
17455 if (!msg)
17456 return -ENOMEM;
17457
17458 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_EXTERNAL_AUTH);
17459 if (!hdr)
17460 goto nla_put_failure;
17461
17462 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
17463 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
17464 nla_put_u32(msg, NL80211_ATTR_AKM_SUITES, params->key_mgmt_suite) ||
17465 nla_put_u32(msg, NL80211_ATTR_EXTERNAL_AUTH_ACTION,
17466 params->action) ||
17467 nla_put(msg, NL80211_ATTR_BSSID, ETH_ALEN, params->bssid) ||
17468 nla_put(msg, NL80211_ATTR_SSID, params->ssid.ssid_len,
17469 params->ssid.ssid))
17470 goto nla_put_failure;
17471
17472 genlmsg_end(msg, hdr);
17473 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg,
17474 wdev->conn_owner_nlportid);
17475 return 0;
17476
17477 nla_put_failure:
17478 nlmsg_free(msg);
17479 return -ENOBUFS;
17480 }
17481 EXPORT_SYMBOL(cfg80211_external_auth_request);
17482
17483 void cfg80211_update_owe_info_event(struct net_device *netdev,
17484 struct cfg80211_update_owe_info *owe_info,
17485 gfp_t gfp)
17486 {
17487 struct wiphy *wiphy = netdev->ieee80211_ptr->wiphy;
17488 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
17489 struct sk_buff *msg;
17490 void *hdr;
17491
17492 trace_cfg80211_update_owe_info_event(wiphy, netdev, owe_info);
17493
17494 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
17495 if (!msg)
17496 return;
17497
17498 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_UPDATE_OWE_INFO);
17499 if (!hdr)
17500 goto nla_put_failure;
17501
17502 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
17503 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
17504 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, owe_info->peer))
17505 goto nla_put_failure;
17506
17507 if (!owe_info->ie_len ||
17508 nla_put(msg, NL80211_ATTR_IE, owe_info->ie_len, owe_info->ie))
17509 goto nla_put_failure;
17510
17511 genlmsg_end(msg, hdr);
17512
17513 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
17514 NL80211_MCGRP_MLME, gfp);
17515 return;
17516
17517 nla_put_failure:
17518 genlmsg_cancel(msg, hdr);
17519 nlmsg_free(msg);
17520 }
17521 EXPORT_SYMBOL(cfg80211_update_owe_info_event);
17522
17523 /* initialisation/exit functions */
17524
17525 int __init nl80211_init(void)
17526 {
17527 int err;
17528
17529 err = genl_register_family(&nl80211_fam);
17530 if (err)
17531 return err;
17532
17533 err = netlink_register_notifier(&nl80211_netlink_notifier);
17534 if (err)
17535 goto err_out;
17536
17537 return 0;
17538 err_out:
17539 genl_unregister_family(&nl80211_fam);
17540 return err;
17541 }
17542
17543 void nl80211_exit(void)
17544 {
17545 netlink_unregister_notifier(&nl80211_netlink_notifier);
17546 genl_unregister_family(&nl80211_fam);
17547 }
Linux with added FPC-III support