search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Linux 4.19.168
[linux/fpc-iii.git] / net / wireless / nl80211.c
blob5f0605275fa39a821ba7dc4595743c72ac5ac8b8
1 /*
2 * This is the new netlink-based wireless configuration interface.
3 *
4 * Copyright 2006-2010 Johannes Berg <johannes@sipsolutions.net>
5 * Copyright 2013-2014 Intel Mobile Communications GmbH
6 * Copyright 2015-2017 Intel Deutschland GmbH
7 * Copyright (C) 2018 Intel Corporation
8 */
9
10 #include <linux/if.h>
11 #include <linux/module.h>
12 #include <linux/err.h>
13 #include <linux/slab.h>
14 #include <linux/list.h>
15 #include <linux/if_ether.h>
16 #include <linux/ieee80211.h>
17 #include <linux/nl80211.h>
18 #include <linux/rtnetlink.h>
19 #include <linux/netlink.h>
20 #include <linux/nospec.h>
21 #include <linux/etherdevice.h>
22 #include <net/net_namespace.h>
23 #include <net/genetlink.h>
24 #include <net/cfg80211.h>
25 #include <net/sock.h>
26 #include <net/inet_connection_sock.h>
27 #include "core.h"
28 #include "nl80211.h"
29 #include "reg.h"
30 #include "rdev-ops.h"
31
32 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
33 struct genl_info *info,
34 struct cfg80211_crypto_settings *settings,
35 int cipher_limit);
36
37 /* the netlink family */
38 static struct genl_family nl80211_fam;
39
40 /* multicast groups */
41 enum nl80211_multicast_groups {
42 NL80211_MCGRP_CONFIG,
43 NL80211_MCGRP_SCAN,
44 NL80211_MCGRP_REGULATORY,
45 NL80211_MCGRP_MLME,
46 NL80211_MCGRP_VENDOR,
47 NL80211_MCGRP_NAN,
48 NL80211_MCGRP_TESTMODE /* keep last - ifdef! */
49 };
50
51 static const struct genl_multicast_group nl80211_mcgrps[] = {
52 [NL80211_MCGRP_CONFIG] = { .name = NL80211_MULTICAST_GROUP_CONFIG },
53 [NL80211_MCGRP_SCAN] = { .name = NL80211_MULTICAST_GROUP_SCAN },
54 [NL80211_MCGRP_REGULATORY] = { .name = NL80211_MULTICAST_GROUP_REG },
55 [NL80211_MCGRP_MLME] = { .name = NL80211_MULTICAST_GROUP_MLME },
56 [NL80211_MCGRP_VENDOR] = { .name = NL80211_MULTICAST_GROUP_VENDOR },
57 [NL80211_MCGRP_NAN] = { .name = NL80211_MULTICAST_GROUP_NAN },
58 #ifdef CONFIG_NL80211_TESTMODE
59 [NL80211_MCGRP_TESTMODE] = { .name = NL80211_MULTICAST_GROUP_TESTMODE }
60 #endif
61 };
62
63 /* returns ERR_PTR values */
64 static struct wireless_dev *
65 __cfg80211_wdev_from_attrs(struct net *netns, struct nlattr **attrs)
66 {
67 struct cfg80211_registered_device *rdev;
68 struct wireless_dev *result = NULL;
69 bool have_ifidx = attrs[NL80211_ATTR_IFINDEX];
70 bool have_wdev_id = attrs[NL80211_ATTR_WDEV];
71 u64 wdev_id;
72 int wiphy_idx = -1;
73 int ifidx = -1;
74
75 ASSERT_RTNL();
76
77 if (!have_ifidx && !have_wdev_id)
78 return ERR_PTR(-EINVAL);
79
80 if (have_ifidx)
81 ifidx = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
82 if (have_wdev_id) {
83 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
84 wiphy_idx = wdev_id >> 32;
85 }
86
87 list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
88 struct wireless_dev *wdev;
89
90 if (wiphy_net(&rdev->wiphy) != netns)
91 continue;
92
93 if (have_wdev_id && rdev->wiphy_idx != wiphy_idx)
94 continue;
95
96 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
97 if (have_ifidx && wdev->netdev &&
98 wdev->netdev->ifindex == ifidx) {
99 result = wdev;
100 break;
101 }
102 if (have_wdev_id && wdev->identifier == (u32)wdev_id) {
103 result = wdev;
104 break;
105 }
106 }
107
108 if (result)
109 break;
110 }
111
112 if (result)
113 return result;
114 return ERR_PTR(-ENODEV);
115 }
116
117 static struct cfg80211_registered_device *
118 __cfg80211_rdev_from_attrs(struct net *netns, struct nlattr **attrs)
119 {
120 struct cfg80211_registered_device *rdev = NULL, *tmp;
121 struct net_device *netdev;
122
123 ASSERT_RTNL();
124
125 if (!attrs[NL80211_ATTR_WIPHY] &&
126 !attrs[NL80211_ATTR_IFINDEX] &&
127 !attrs[NL80211_ATTR_WDEV])
128 return ERR_PTR(-EINVAL);
129
130 if (attrs[NL80211_ATTR_WIPHY])
131 rdev = cfg80211_rdev_by_wiphy_idx(
132 nla_get_u32(attrs[NL80211_ATTR_WIPHY]));
133
134 if (attrs[NL80211_ATTR_WDEV]) {
135 u64 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
136 struct wireless_dev *wdev;
137 bool found = false;
138
139 tmp = cfg80211_rdev_by_wiphy_idx(wdev_id >> 32);
140 if (tmp) {
141 /* make sure wdev exists */
142 list_for_each_entry(wdev, &tmp->wiphy.wdev_list, list) {
143 if (wdev->identifier != (u32)wdev_id)
144 continue;
145 found = true;
146 break;
147 }
148
149 if (!found)
150 tmp = NULL;
151
152 if (rdev && tmp != rdev)
153 return ERR_PTR(-EINVAL);
154 rdev = tmp;
155 }
156 }
157
158 if (attrs[NL80211_ATTR_IFINDEX]) {
159 int ifindex = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
160
161 netdev = __dev_get_by_index(netns, ifindex);
162 if (netdev) {
163 if (netdev->ieee80211_ptr)
164 tmp = wiphy_to_rdev(
165 netdev->ieee80211_ptr->wiphy);
166 else
167 tmp = NULL;
168
169 /* not wireless device -- return error */
170 if (!tmp)
171 return ERR_PTR(-EINVAL);
172
173 /* mismatch -- return error */
174 if (rdev && tmp != rdev)
175 return ERR_PTR(-EINVAL);
176
177 rdev = tmp;
178 }
179 }
180
181 if (!rdev)
182 return ERR_PTR(-ENODEV);
183
184 if (netns != wiphy_net(&rdev->wiphy))
185 return ERR_PTR(-ENODEV);
186
187 return rdev;
188 }
189
190 /*
191 * This function returns a pointer to the driver
192 * that the genl_info item that is passed refers to.
193 *
194 * The result of this can be a PTR_ERR and hence must
195 * be checked with IS_ERR() for errors.
196 */
197 static struct cfg80211_registered_device *
198 cfg80211_get_dev_from_info(struct net *netns, struct genl_info *info)
199 {
200 return __cfg80211_rdev_from_attrs(netns, info->attrs);
201 }
202
203 static int validate_beacon_head(const struct nlattr *attr,
204 struct netlink_ext_ack *extack)
205 {
206 const u8 *data = nla_data(attr);
207 unsigned int len = nla_len(attr);
208 const struct element *elem;
209 const struct ieee80211_mgmt *mgmt = (void *)data;
210 unsigned int fixedlen = offsetof(struct ieee80211_mgmt,
211 u.beacon.variable);
212
213 if (len < fixedlen)
214 goto err;
215
216 if (ieee80211_hdrlen(mgmt->frame_control) !=
217 offsetof(struct ieee80211_mgmt, u.beacon))
218 goto err;
219
220 data += fixedlen;
221 len -= fixedlen;
222
223 for_each_element(elem, data, len) {
224 /* nothing */
225 }
226
227 if (for_each_element_completed(elem, data, len))
228 return 0;
229
230 err:
231 NL_SET_ERR_MSG_ATTR(extack, attr, "malformed beacon head");
232 return -EINVAL;
233 }
234
235 /* policy for the attributes */
236 static const struct nla_policy nl80211_policy[NUM_NL80211_ATTR] = {
237 [NL80211_ATTR_WIPHY] = { .type = NLA_U32 },
238 [NL80211_ATTR_WIPHY_NAME] = { .type = NLA_NUL_STRING,
239 .len = 20-1 },
240 [NL80211_ATTR_WIPHY_TXQ_PARAMS] = { .type = NLA_NESTED },
241
242 [NL80211_ATTR_WIPHY_FREQ] = { .type = NLA_U32 },
243 [NL80211_ATTR_WIPHY_CHANNEL_TYPE] = { .type = NLA_U32 },
244 [NL80211_ATTR_CHANNEL_WIDTH] = { .type = NLA_U32 },
245 [NL80211_ATTR_CENTER_FREQ1] = { .type = NLA_U32 },
246 [NL80211_ATTR_CENTER_FREQ2] = { .type = NLA_U32 },
247
248 [NL80211_ATTR_WIPHY_RETRY_SHORT] = { .type = NLA_U8 },
249 [NL80211_ATTR_WIPHY_RETRY_LONG] = { .type = NLA_U8 },
250 [NL80211_ATTR_WIPHY_FRAG_THRESHOLD] = { .type = NLA_U32 },
251 [NL80211_ATTR_WIPHY_RTS_THRESHOLD] = { .type = NLA_U32 },
252 [NL80211_ATTR_WIPHY_COVERAGE_CLASS] = { .type = NLA_U8 },
253 [NL80211_ATTR_WIPHY_DYN_ACK] = { .type = NLA_FLAG },
254
255 [NL80211_ATTR_IFTYPE] = { .type = NLA_U32 },
256 [NL80211_ATTR_IFINDEX] = { .type = NLA_U32 },
257 [NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 },
258
259 [NL80211_ATTR_MAC] = { .len = ETH_ALEN },
260 [NL80211_ATTR_PREV_BSSID] = { .len = ETH_ALEN },
261
262 [NL80211_ATTR_KEY] = { .type = NLA_NESTED, },
263 [NL80211_ATTR_KEY_DATA] = { .type = NLA_BINARY,
264 .len = WLAN_MAX_KEY_LEN },
265 [NL80211_ATTR_KEY_IDX] = { .type = NLA_U8 },
266 [NL80211_ATTR_KEY_CIPHER] = { .type = NLA_U32 },
267 [NL80211_ATTR_KEY_DEFAULT] = { .type = NLA_FLAG },
268 [NL80211_ATTR_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
269 [NL80211_ATTR_KEY_TYPE] = { .type = NLA_U32 },
270
271 [NL80211_ATTR_BEACON_INTERVAL] = { .type = NLA_U32 },
272 [NL80211_ATTR_DTIM_PERIOD] = { .type = NLA_U32 },
273 [NL80211_ATTR_BEACON_HEAD] = { .type = NLA_BINARY,
274 .len = IEEE80211_MAX_DATA_LEN },
275 [NL80211_ATTR_BEACON_TAIL] = { .type = NLA_BINARY,
276 .len = IEEE80211_MAX_DATA_LEN },
277 [NL80211_ATTR_STA_AID] = { .type = NLA_U16 },
278 [NL80211_ATTR_STA_FLAGS] = { .type = NLA_NESTED },
279 [NL80211_ATTR_STA_LISTEN_INTERVAL] = { .type = NLA_U16 },
280 [NL80211_ATTR_STA_SUPPORTED_RATES] = { .type = NLA_BINARY,
281 .len = NL80211_MAX_SUPP_RATES },
282 [NL80211_ATTR_STA_PLINK_ACTION] = { .type = NLA_U8 },
283 [NL80211_ATTR_STA_VLAN] = { .type = NLA_U32 },
284 [NL80211_ATTR_MNTR_FLAGS] = { /* NLA_NESTED can't be empty */ },
285 [NL80211_ATTR_MESH_ID] = { .type = NLA_BINARY,
286 .len = IEEE80211_MAX_MESH_ID_LEN },
287 [NL80211_ATTR_MPATH_NEXT_HOP] = { .type = NLA_BINARY,
288 .len = ETH_ALEN },
289
290 [NL80211_ATTR_REG_ALPHA2] = { .type = NLA_STRING, .len = 2 },
291 [NL80211_ATTR_REG_RULES] = { .type = NLA_NESTED },
292
293 [NL80211_ATTR_BSS_CTS_PROT] = { .type = NLA_U8 },
294 [NL80211_ATTR_BSS_SHORT_PREAMBLE] = { .type = NLA_U8 },
295 [NL80211_ATTR_BSS_SHORT_SLOT_TIME] = { .type = NLA_U8 },
296 [NL80211_ATTR_BSS_BASIC_RATES] = { .type = NLA_BINARY,
297 .len = NL80211_MAX_SUPP_RATES },
298 [NL80211_ATTR_BSS_HT_OPMODE] = { .type = NLA_U16 },
299
300 [NL80211_ATTR_MESH_CONFIG] = { .type = NLA_NESTED },
301 [NL80211_ATTR_SUPPORT_MESH_AUTH] = { .type = NLA_FLAG },
302
303 [NL80211_ATTR_HT_CAPABILITY] = { .len = NL80211_HT_CAPABILITY_LEN },
304
305 [NL80211_ATTR_MGMT_SUBTYPE] = { .type = NLA_U8 },
306 [NL80211_ATTR_IE] = { .type = NLA_BINARY,
307 .len = IEEE80211_MAX_DATA_LEN },
308 [NL80211_ATTR_SCAN_FREQUENCIES] = { .type = NLA_NESTED },
309 [NL80211_ATTR_SCAN_SSIDS] = { .type = NLA_NESTED },
310
311 [NL80211_ATTR_SSID] = { .type = NLA_BINARY,
312 .len = IEEE80211_MAX_SSID_LEN },
313 [NL80211_ATTR_AUTH_TYPE] = { .type = NLA_U32 },
314 [NL80211_ATTR_REASON_CODE] = { .type = NLA_U16 },
315 [NL80211_ATTR_FREQ_FIXED] = { .type = NLA_FLAG },
316 [NL80211_ATTR_TIMED_OUT] = { .type = NLA_FLAG },
317 [NL80211_ATTR_USE_MFP] = { .type = NLA_U32 },
318 [NL80211_ATTR_STA_FLAGS2] = {
319 .len = sizeof(struct nl80211_sta_flag_update),
320 },
321 [NL80211_ATTR_CONTROL_PORT] = { .type = NLA_FLAG },
322 [NL80211_ATTR_CONTROL_PORT_ETHERTYPE] = { .type = NLA_U16 },
323 [NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT] = { .type = NLA_FLAG },
324 [NL80211_ATTR_CONTROL_PORT_OVER_NL80211] = { .type = NLA_FLAG },
325 [NL80211_ATTR_PRIVACY] = { .type = NLA_FLAG },
326 [NL80211_ATTR_STATUS_CODE] = { .type = NLA_U16 },
327 [NL80211_ATTR_CIPHER_SUITE_GROUP] = { .type = NLA_U32 },
328 [NL80211_ATTR_WPA_VERSIONS] = { .type = NLA_U32 },
329 [NL80211_ATTR_PID] = { .type = NLA_U32 },
330 [NL80211_ATTR_4ADDR] = { .type = NLA_U8 },
331 [NL80211_ATTR_PMKID] = { .len = WLAN_PMKID_LEN },
332 [NL80211_ATTR_DURATION] = { .type = NLA_U32 },
333 [NL80211_ATTR_COOKIE] = { .type = NLA_U64 },
334 [NL80211_ATTR_TX_RATES] = { .type = NLA_NESTED },
335 [NL80211_ATTR_FRAME] = { .type = NLA_BINARY,
336 .len = IEEE80211_MAX_DATA_LEN },
337 [NL80211_ATTR_FRAME_MATCH] = { .type = NLA_BINARY, },
338 [NL80211_ATTR_PS_STATE] = { .type = NLA_U32 },
339 [NL80211_ATTR_CQM] = { .type = NLA_NESTED, },
340 [NL80211_ATTR_LOCAL_STATE_CHANGE] = { .type = NLA_FLAG },
341 [NL80211_ATTR_AP_ISOLATE] = { .type = NLA_U8 },
342 [NL80211_ATTR_WIPHY_TX_POWER_SETTING] = { .type = NLA_U32 },
343 [NL80211_ATTR_WIPHY_TX_POWER_LEVEL] = { .type = NLA_U32 },
344 [NL80211_ATTR_FRAME_TYPE] = { .type = NLA_U16 },
345 [NL80211_ATTR_WIPHY_ANTENNA_TX] = { .type = NLA_U32 },
346 [NL80211_ATTR_WIPHY_ANTENNA_RX] = { .type = NLA_U32 },
347 [NL80211_ATTR_MCAST_RATE] = { .type = NLA_U32 },
348 [NL80211_ATTR_OFFCHANNEL_TX_OK] = { .type = NLA_FLAG },
349 [NL80211_ATTR_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
350 [NL80211_ATTR_WOWLAN_TRIGGERS] = { .type = NLA_NESTED },
351 [NL80211_ATTR_STA_PLINK_STATE] = { .type = NLA_U8 },
352 [NL80211_ATTR_MEASUREMENT_DURATION] = { .type = NLA_U16 },
353 [NL80211_ATTR_MEASUREMENT_DURATION_MANDATORY] = { .type = NLA_FLAG },
354 [NL80211_ATTR_SCHED_SCAN_INTERVAL] = { .type = NLA_U32 },
355 [NL80211_ATTR_REKEY_DATA] = { .type = NLA_NESTED },
356 [NL80211_ATTR_SCAN_SUPP_RATES] = { .type = NLA_NESTED },
357 [NL80211_ATTR_HIDDEN_SSID] = { .type = NLA_U32 },
358 [NL80211_ATTR_IE_PROBE_RESP] = { .type = NLA_BINARY,
359 .len = IEEE80211_MAX_DATA_LEN },
360 [NL80211_ATTR_IE_ASSOC_RESP] = { .type = NLA_BINARY,
361 .len = IEEE80211_MAX_DATA_LEN },
362 [NL80211_ATTR_ROAM_SUPPORT] = { .type = NLA_FLAG },
363 [NL80211_ATTR_SCHED_SCAN_MATCH] = { .type = NLA_NESTED },
364 [NL80211_ATTR_TX_NO_CCK_RATE] = { .type = NLA_FLAG },
365 [NL80211_ATTR_TDLS_ACTION] = { .type = NLA_U8 },
366 [NL80211_ATTR_TDLS_DIALOG_TOKEN] = { .type = NLA_U8 },
367 [NL80211_ATTR_TDLS_OPERATION] = { .type = NLA_U8 },
368 [NL80211_ATTR_TDLS_SUPPORT] = { .type = NLA_FLAG },
369 [NL80211_ATTR_TDLS_EXTERNAL_SETUP] = { .type = NLA_FLAG },
370 [NL80211_ATTR_TDLS_INITIATOR] = { .type = NLA_FLAG },
371 [NL80211_ATTR_DONT_WAIT_FOR_ACK] = { .type = NLA_FLAG },
372 [NL80211_ATTR_PROBE_RESP] = { .type = NLA_BINARY,
373 .len = IEEE80211_MAX_DATA_LEN },
374 [NL80211_ATTR_DFS_REGION] = { .type = NLA_U8 },
375 [NL80211_ATTR_DISABLE_HT] = { .type = NLA_FLAG },
376 [NL80211_ATTR_HT_CAPABILITY_MASK] = {
377 .len = NL80211_HT_CAPABILITY_LEN
378 },
379 [NL80211_ATTR_NOACK_MAP] = { .type = NLA_U16 },
380 [NL80211_ATTR_INACTIVITY_TIMEOUT] = { .type = NLA_U16 },
381 [NL80211_ATTR_BG_SCAN_PERIOD] = { .type = NLA_U16 },
382 [NL80211_ATTR_WDEV] = { .type = NLA_U64 },
383 [NL80211_ATTR_USER_REG_HINT_TYPE] = { .type = NLA_U32 },
384 [NL80211_ATTR_AUTH_DATA] = { .type = NLA_BINARY, },
385 [NL80211_ATTR_VHT_CAPABILITY] = { .len = NL80211_VHT_CAPABILITY_LEN },
386 [NL80211_ATTR_SCAN_FLAGS] = { .type = NLA_U32 },
387 [NL80211_ATTR_P2P_CTWINDOW] = { .type = NLA_U8 },
388 [NL80211_ATTR_P2P_OPPPS] = { .type = NLA_U8 },
389 [NL80211_ATTR_LOCAL_MESH_POWER_MODE] = {. type = NLA_U32 },
390 [NL80211_ATTR_ACL_POLICY] = {. type = NLA_U32 },
391 [NL80211_ATTR_MAC_ADDRS] = { .type = NLA_NESTED },
392 [NL80211_ATTR_STA_CAPABILITY] = { .type = NLA_U16 },
393 [NL80211_ATTR_STA_EXT_CAPABILITY] = { .type = NLA_BINARY, },
394 [NL80211_ATTR_SPLIT_WIPHY_DUMP] = { .type = NLA_FLAG, },
395 [NL80211_ATTR_DISABLE_VHT] = { .type = NLA_FLAG },
396 [NL80211_ATTR_VHT_CAPABILITY_MASK] = {
397 .len = NL80211_VHT_CAPABILITY_LEN,
398 },
399 [NL80211_ATTR_MDID] = { .type = NLA_U16 },
400 [NL80211_ATTR_IE_RIC] = { .type = NLA_BINARY,
401 .len = IEEE80211_MAX_DATA_LEN },
402 [NL80211_ATTR_CRIT_PROT_ID] = { .type = NLA_U16 },
403 [NL80211_ATTR_MAX_CRIT_PROT_DURATION] = { .type = NLA_U16 },
404 [NL80211_ATTR_PEER_AID] = { .type = NLA_U16 },
405 [NL80211_ATTR_CH_SWITCH_COUNT] = { .type = NLA_U32 },
406 [NL80211_ATTR_CH_SWITCH_BLOCK_TX] = { .type = NLA_FLAG },
407 [NL80211_ATTR_CSA_IES] = { .type = NLA_NESTED },
408 [NL80211_ATTR_CSA_C_OFF_BEACON] = { .type = NLA_BINARY },
409 [NL80211_ATTR_CSA_C_OFF_PRESP] = { .type = NLA_BINARY },
410 [NL80211_ATTR_STA_SUPPORTED_CHANNELS] = { .type = NLA_BINARY },
411 [NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES] = { .type = NLA_BINARY },
412 [NL80211_ATTR_HANDLE_DFS] = { .type = NLA_FLAG },
413 [NL80211_ATTR_OPMODE_NOTIF] = { .type = NLA_U8 },
414 [NL80211_ATTR_VENDOR_ID] = { .type = NLA_U32 },
415 [NL80211_ATTR_VENDOR_SUBCMD] = { .type = NLA_U32 },
416 [NL80211_ATTR_VENDOR_DATA] = { .type = NLA_BINARY },
417 [NL80211_ATTR_QOS_MAP] = { .type = NLA_BINARY,
418 .len = IEEE80211_QOS_MAP_LEN_MAX },
419 [NL80211_ATTR_MAC_HINT] = { .len = ETH_ALEN },
420 [NL80211_ATTR_WIPHY_FREQ_HINT] = { .type = NLA_U32 },
421 [NL80211_ATTR_TDLS_PEER_CAPABILITY] = { .type = NLA_U32 },
422 [NL80211_ATTR_SOCKET_OWNER] = { .type = NLA_FLAG },
423 [NL80211_ATTR_CSA_C_OFFSETS_TX] = { .type = NLA_BINARY },
424 [NL80211_ATTR_USE_RRM] = { .type = NLA_FLAG },
425 [NL80211_ATTR_TSID] = { .type = NLA_U8 },
426 [NL80211_ATTR_USER_PRIO] = { .type = NLA_U8 },
427 [NL80211_ATTR_ADMITTED_TIME] = { .type = NLA_U16 },
428 [NL80211_ATTR_SMPS_MODE] = { .type = NLA_U8 },
429 [NL80211_ATTR_OPER_CLASS] = { .type = NLA_U8 },
430 [NL80211_ATTR_MAC_MASK] = { .len = ETH_ALEN },
431 [NL80211_ATTR_WIPHY_SELF_MANAGED_REG] = { .type = NLA_FLAG },
432 [NL80211_ATTR_NETNS_FD] = { .type = NLA_U32 },
433 [NL80211_ATTR_SCHED_SCAN_DELAY] = { .type = NLA_U32 },
434 [NL80211_ATTR_REG_INDOOR] = { .type = NLA_FLAG },
435 [NL80211_ATTR_PBSS] = { .type = NLA_FLAG },
436 [NL80211_ATTR_BSS_SELECT] = { .type = NLA_NESTED },
437 [NL80211_ATTR_STA_SUPPORT_P2P_PS] = { .type = NLA_U8 },
438 [NL80211_ATTR_MU_MIMO_GROUP_DATA] = {
439 .len = VHT_MUMIMO_GROUPS_DATA_LEN
440 },
441 [NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR] = { .len = ETH_ALEN },
442 [NL80211_ATTR_NAN_MASTER_PREF] = { .type = NLA_U8 },
443 [NL80211_ATTR_BANDS] = { .type = NLA_U32 },
444 [NL80211_ATTR_NAN_FUNC] = { .type = NLA_NESTED },
445 [NL80211_ATTR_FILS_KEK] = { .type = NLA_BINARY,
446 .len = FILS_MAX_KEK_LEN },
447 [NL80211_ATTR_FILS_NONCES] = { .len = 2 * FILS_NONCE_LEN },
448 [NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED] = { .type = NLA_FLAG, },
449 [NL80211_ATTR_BSSID] = { .len = ETH_ALEN },
450 [NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI] = { .type = NLA_S8 },
451 [NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST] = {
452 .len = sizeof(struct nl80211_bss_select_rssi_adjust)
453 },
454 [NL80211_ATTR_TIMEOUT_REASON] = { .type = NLA_U32 },
455 [NL80211_ATTR_FILS_ERP_USERNAME] = { .type = NLA_BINARY,
456 .len = FILS_ERP_MAX_USERNAME_LEN },
457 [NL80211_ATTR_FILS_ERP_REALM] = { .type = NLA_BINARY,
458 .len = FILS_ERP_MAX_REALM_LEN },
459 [NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] = { .type = NLA_U16 },
460 [NL80211_ATTR_FILS_ERP_RRK] = { .type = NLA_BINARY,
461 .len = FILS_ERP_MAX_RRK_LEN },
462 [NL80211_ATTR_FILS_CACHE_ID] = { .len = 2 },
463 [NL80211_ATTR_PMK] = { .type = NLA_BINARY, .len = PMK_MAX_LEN },
464 [NL80211_ATTR_SCHED_SCAN_MULTI] = { .type = NLA_FLAG },
465 [NL80211_ATTR_EXTERNAL_AUTH_SUPPORT] = { .type = NLA_FLAG },
466
467 [NL80211_ATTR_TXQ_LIMIT] = { .type = NLA_U32 },
468 [NL80211_ATTR_TXQ_MEMORY_LIMIT] = { .type = NLA_U32 },
469 [NL80211_ATTR_TXQ_QUANTUM] = { .type = NLA_U32 },
470 [NL80211_ATTR_HE_CAPABILITY] = { .type = NLA_BINARY,
471 .len = NL80211_HE_MAX_CAPABILITY_LEN },
472 };
473
474 /* policy for the key attributes */
475 static const struct nla_policy nl80211_key_policy[NL80211_KEY_MAX + 1] = {
476 [NL80211_KEY_DATA] = { .type = NLA_BINARY, .len = WLAN_MAX_KEY_LEN },
477 [NL80211_KEY_IDX] = { .type = NLA_U8 },
478 [NL80211_KEY_CIPHER] = { .type = NLA_U32 },
479 [NL80211_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
480 [NL80211_KEY_DEFAULT] = { .type = NLA_FLAG },
481 [NL80211_KEY_DEFAULT_MGMT] = { .type = NLA_FLAG },
482 [NL80211_KEY_TYPE] = { .type = NLA_U32 },
483 [NL80211_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
484 };
485
486 /* policy for the key default flags */
487 static const struct nla_policy
488 nl80211_key_default_policy[NUM_NL80211_KEY_DEFAULT_TYPES] = {
489 [NL80211_KEY_DEFAULT_TYPE_UNICAST] = { .type = NLA_FLAG },
490 [NL80211_KEY_DEFAULT_TYPE_MULTICAST] = { .type = NLA_FLAG },
491 };
492
493 #ifdef CONFIG_PM
494 /* policy for WoWLAN attributes */
495 static const struct nla_policy
496 nl80211_wowlan_policy[NUM_NL80211_WOWLAN_TRIG] = {
497 [NL80211_WOWLAN_TRIG_ANY] = { .type = NLA_FLAG },
498 [NL80211_WOWLAN_TRIG_DISCONNECT] = { .type = NLA_FLAG },
499 [NL80211_WOWLAN_TRIG_MAGIC_PKT] = { .type = NLA_FLAG },
500 [NL80211_WOWLAN_TRIG_PKT_PATTERN] = { .type = NLA_NESTED },
501 [NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE] = { .type = NLA_FLAG },
502 [NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST] = { .type = NLA_FLAG },
503 [NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE] = { .type = NLA_FLAG },
504 [NL80211_WOWLAN_TRIG_RFKILL_RELEASE] = { .type = NLA_FLAG },
505 [NL80211_WOWLAN_TRIG_TCP_CONNECTION] = { .type = NLA_NESTED },
506 [NL80211_WOWLAN_TRIG_NET_DETECT] = { .type = NLA_NESTED },
507 };
508
509 static const struct nla_policy
510 nl80211_wowlan_tcp_policy[NUM_NL80211_WOWLAN_TCP] = {
511 [NL80211_WOWLAN_TCP_SRC_IPV4] = { .type = NLA_U32 },
512 [NL80211_WOWLAN_TCP_DST_IPV4] = { .type = NLA_U32 },
513 [NL80211_WOWLAN_TCP_DST_MAC] = { .len = ETH_ALEN },
514 [NL80211_WOWLAN_TCP_SRC_PORT] = { .type = NLA_U16 },
515 [NL80211_WOWLAN_TCP_DST_PORT] = { .type = NLA_U16 },
516 [NL80211_WOWLAN_TCP_DATA_PAYLOAD] = { .len = 1 },
517 [NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ] = {
518 .len = sizeof(struct nl80211_wowlan_tcp_data_seq)
519 },
520 [NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN] = {
521 .len = sizeof(struct nl80211_wowlan_tcp_data_token)
522 },
523 [NL80211_WOWLAN_TCP_DATA_INTERVAL] = { .type = NLA_U32 },
524 [NL80211_WOWLAN_TCP_WAKE_PAYLOAD] = { .len = 1 },
525 [NL80211_WOWLAN_TCP_WAKE_MASK] = { .len = 1 },
526 };
527 #endif /* CONFIG_PM */
528
529 /* policy for coalesce rule attributes */
530 static const struct nla_policy
531 nl80211_coalesce_policy[NUM_NL80211_ATTR_COALESCE_RULE] = {
532 [NL80211_ATTR_COALESCE_RULE_DELAY] = { .type = NLA_U32 },
533 [NL80211_ATTR_COALESCE_RULE_CONDITION] = { .type = NLA_U32 },
534 [NL80211_ATTR_COALESCE_RULE_PKT_PATTERN] = { .type = NLA_NESTED },
535 };
536
537 /* policy for GTK rekey offload attributes */
538 static const struct nla_policy
539 nl80211_rekey_policy[NUM_NL80211_REKEY_DATA] = {
540 [NL80211_REKEY_DATA_KEK] = { .len = NL80211_KEK_LEN },
541 [NL80211_REKEY_DATA_KCK] = { .len = NL80211_KCK_LEN },
542 [NL80211_REKEY_DATA_REPLAY_CTR] = { .len = NL80211_REPLAY_CTR_LEN },
543 };
544
545 static const struct nla_policy
546 nl80211_match_policy[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1] = {
547 [NL80211_SCHED_SCAN_MATCH_ATTR_SSID] = { .type = NLA_BINARY,
548 .len = IEEE80211_MAX_SSID_LEN },
549 [NL80211_SCHED_SCAN_MATCH_ATTR_BSSID] = { .len = ETH_ALEN },
550 [NL80211_SCHED_SCAN_MATCH_ATTR_RSSI] = { .type = NLA_U32 },
551 };
552
553 static const struct nla_policy
554 nl80211_plan_policy[NL80211_SCHED_SCAN_PLAN_MAX + 1] = {
555 [NL80211_SCHED_SCAN_PLAN_INTERVAL] = { .type = NLA_U32 },
556 [NL80211_SCHED_SCAN_PLAN_ITERATIONS] = { .type = NLA_U32 },
557 };
558
559 static const struct nla_policy
560 nl80211_bss_select_policy[NL80211_BSS_SELECT_ATTR_MAX + 1] = {
561 [NL80211_BSS_SELECT_ATTR_RSSI] = { .type = NLA_FLAG },
562 [NL80211_BSS_SELECT_ATTR_BAND_PREF] = { .type = NLA_U32 },
563 [NL80211_BSS_SELECT_ATTR_RSSI_ADJUST] = {
564 .len = sizeof(struct nl80211_bss_select_rssi_adjust)
565 },
566 };
567
568 /* policy for NAN function attributes */
569 static const struct nla_policy
570 nl80211_nan_func_policy[NL80211_NAN_FUNC_ATTR_MAX + 1] = {
571 [NL80211_NAN_FUNC_TYPE] = { .type = NLA_U8 },
572 [NL80211_NAN_FUNC_SERVICE_ID] = {
573 .len = NL80211_NAN_FUNC_SERVICE_ID_LEN },
574 [NL80211_NAN_FUNC_PUBLISH_TYPE] = { .type = NLA_U8 },
575 [NL80211_NAN_FUNC_PUBLISH_BCAST] = { .type = NLA_FLAG },
576 [NL80211_NAN_FUNC_SUBSCRIBE_ACTIVE] = { .type = NLA_FLAG },
577 [NL80211_NAN_FUNC_FOLLOW_UP_ID] = { .type = NLA_U8 },
578 [NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID] = { .type = NLA_U8 },
579 [NL80211_NAN_FUNC_FOLLOW_UP_DEST] = { .len = ETH_ALEN },
580 [NL80211_NAN_FUNC_CLOSE_RANGE] = { .type = NLA_FLAG },
581 [NL80211_NAN_FUNC_TTL] = { .type = NLA_U32 },
582 [NL80211_NAN_FUNC_SERVICE_INFO] = { .type = NLA_BINARY,
583 .len = NL80211_NAN_FUNC_SERVICE_SPEC_INFO_MAX_LEN },
584 [NL80211_NAN_FUNC_SRF] = { .type = NLA_NESTED },
585 [NL80211_NAN_FUNC_RX_MATCH_FILTER] = { .type = NLA_NESTED },
586 [NL80211_NAN_FUNC_TX_MATCH_FILTER] = { .type = NLA_NESTED },
587 [NL80211_NAN_FUNC_INSTANCE_ID] = { .type = NLA_U8 },
588 [NL80211_NAN_FUNC_TERM_REASON] = { .type = NLA_U8 },
589 };
590
591 /* policy for Service Response Filter attributes */
592 static const struct nla_policy
593 nl80211_nan_srf_policy[NL80211_NAN_SRF_ATTR_MAX + 1] = {
594 [NL80211_NAN_SRF_INCLUDE] = { .type = NLA_FLAG },
595 [NL80211_NAN_SRF_BF] = { .type = NLA_BINARY,
596 .len = NL80211_NAN_FUNC_SRF_MAX_LEN },
597 [NL80211_NAN_SRF_BF_IDX] = { .type = NLA_U8 },
598 [NL80211_NAN_SRF_MAC_ADDRS] = { .type = NLA_NESTED },
599 };
600
601 /* policy for packet pattern attributes */
602 static const struct nla_policy
603 nl80211_packet_pattern_policy[MAX_NL80211_PKTPAT + 1] = {
604 [NL80211_PKTPAT_MASK] = { .type = NLA_BINARY, },
605 [NL80211_PKTPAT_PATTERN] = { .type = NLA_BINARY, },
606 [NL80211_PKTPAT_OFFSET] = { .type = NLA_U32 },
607 };
608
609 static int nl80211_prepare_wdev_dump(struct sk_buff *skb,
610 struct netlink_callback *cb,
611 struct cfg80211_registered_device **rdev,
612 struct wireless_dev **wdev)
613 {
614 int err;
615
616 if (!cb->args[0]) {
617 err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
618 genl_family_attrbuf(&nl80211_fam),
619 nl80211_fam.maxattr, nl80211_policy, NULL);
620 if (err)
621 return err;
622
623 *wdev = __cfg80211_wdev_from_attrs(
624 sock_net(skb->sk),
625 genl_family_attrbuf(&nl80211_fam));
626 if (IS_ERR(*wdev))
627 return PTR_ERR(*wdev);
628 *rdev = wiphy_to_rdev((*wdev)->wiphy);
629 /* 0 is the first index - add 1 to parse only once */
630 cb->args[0] = (*rdev)->wiphy_idx + 1;
631 cb->args[1] = (*wdev)->identifier;
632 } else {
633 /* subtract the 1 again here */
634 struct wiphy *wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1);
635 struct wireless_dev *tmp;
636
637 if (!wiphy)
638 return -ENODEV;
639 *rdev = wiphy_to_rdev(wiphy);
640 *wdev = NULL;
641
642 list_for_each_entry(tmp, &(*rdev)->wiphy.wdev_list, list) {
643 if (tmp->identifier == cb->args[1]) {
644 *wdev = tmp;
645 break;
646 }
647 }
648
649 if (!*wdev)
650 return -ENODEV;
651 }
652
653 return 0;
654 }
655
656 /* IE validation */
657 static bool is_valid_ie_attr(const struct nlattr *attr)
658 {
659 const u8 *pos;
660 int len;
661
662 if (!attr)
663 return true;
664
665 pos = nla_data(attr);
666 len = nla_len(attr);
667
668 while (len) {
669 u8 elemlen;
670
671 if (len < 2)
672 return false;
673 len -= 2;
674
675 elemlen = pos[1];
676 if (elemlen > len)
677 return false;
678
679 len -= elemlen;
680 pos += 2 + elemlen;
681 }
682
683 return true;
684 }
685
686 /* message building helper */
687 static inline void *nl80211hdr_put(struct sk_buff *skb, u32 portid, u32 seq,
688 int flags, u8 cmd)
689 {
690 /* since there is no private header just add the generic one */
691 return genlmsg_put(skb, portid, seq, &nl80211_fam, flags, cmd);
692 }
693
694 static int nl80211_msg_put_wmm_rules(struct sk_buff *msg,
695 const struct ieee80211_reg_rule *rule)
696 {
697 int j;
698 struct nlattr *nl_wmm_rules =
699 nla_nest_start(msg, NL80211_FREQUENCY_ATTR_WMM);
700
701 if (!nl_wmm_rules)
702 goto nla_put_failure;
703
704 for (j = 0; j < IEEE80211_NUM_ACS; j++) {
705 struct nlattr *nl_wmm_rule = nla_nest_start(msg, j);
706
707 if (!nl_wmm_rule)
708 goto nla_put_failure;
709
710 if (nla_put_u16(msg, NL80211_WMMR_CW_MIN,
711 rule->wmm_rule.client[j].cw_min) ||
712 nla_put_u16(msg, NL80211_WMMR_CW_MAX,
713 rule->wmm_rule.client[j].cw_max) ||
714 nla_put_u8(msg, NL80211_WMMR_AIFSN,
715 rule->wmm_rule.client[j].aifsn) ||
716 nla_put_u16(msg, NL80211_WMMR_TXOP,
717 rule->wmm_rule.client[j].cot))
718 goto nla_put_failure;
719
720 nla_nest_end(msg, nl_wmm_rule);
721 }
722 nla_nest_end(msg, nl_wmm_rules);
723
724 return 0;
725
726 nla_put_failure:
727 return -ENOBUFS;
728 }
729
730 static int nl80211_msg_put_channel(struct sk_buff *msg, struct wiphy *wiphy,
731 struct ieee80211_channel *chan,
732 bool large)
733 {
734 /* Some channels must be completely excluded from the
735 * list to protect old user-space tools from breaking
736 */
737 if (!large && chan->flags &
738 (IEEE80211_CHAN_NO_10MHZ | IEEE80211_CHAN_NO_20MHZ))
739 return 0;
740
741 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_FREQ,
742 chan->center_freq))
743 goto nla_put_failure;
744
745 if ((chan->flags & IEEE80211_CHAN_DISABLED) &&
746 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_DISABLED))
747 goto nla_put_failure;
748 if (chan->flags & IEEE80211_CHAN_NO_IR) {
749 if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_IR))
750 goto nla_put_failure;
751 if (nla_put_flag(msg, __NL80211_FREQUENCY_ATTR_NO_IBSS))
752 goto nla_put_failure;
753 }
754 if (chan->flags & IEEE80211_CHAN_RADAR) {
755 if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_RADAR))
756 goto nla_put_failure;
757 if (large) {
758 u32 time;
759
760 time = elapsed_jiffies_msecs(chan->dfs_state_entered);
761
762 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_STATE,
763 chan->dfs_state))
764 goto nla_put_failure;
765 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_TIME,
766 time))
767 goto nla_put_failure;
768 if (nla_put_u32(msg,
769 NL80211_FREQUENCY_ATTR_DFS_CAC_TIME,
770 chan->dfs_cac_ms))
771 goto nla_put_failure;
772 }
773 }
774
775 if (large) {
776 if ((chan->flags & IEEE80211_CHAN_NO_HT40MINUS) &&
777 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_MINUS))
778 goto nla_put_failure;
779 if ((chan->flags & IEEE80211_CHAN_NO_HT40PLUS) &&
780 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_PLUS))
781 goto nla_put_failure;
782 if ((chan->flags & IEEE80211_CHAN_NO_80MHZ) &&
783 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_80MHZ))
784 goto nla_put_failure;
785 if ((chan->flags & IEEE80211_CHAN_NO_160MHZ) &&
786 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_160MHZ))
787 goto nla_put_failure;
788 if ((chan->flags & IEEE80211_CHAN_INDOOR_ONLY) &&
789 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_INDOOR_ONLY))
790 goto nla_put_failure;
791 if ((chan->flags & IEEE80211_CHAN_IR_CONCURRENT) &&
792 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_IR_CONCURRENT))
793 goto nla_put_failure;
794 if ((chan->flags & IEEE80211_CHAN_NO_20MHZ) &&
795 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_20MHZ))
796 goto nla_put_failure;
797 if ((chan->flags & IEEE80211_CHAN_NO_10MHZ) &&
798 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_10MHZ))
799 goto nla_put_failure;
800 }
801
802 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_MAX_TX_POWER,
803 DBM_TO_MBM(chan->max_power)))
804 goto nla_put_failure;
805
806 if (large) {
807 const struct ieee80211_reg_rule *rule =
808 freq_reg_info(wiphy, MHZ_TO_KHZ(chan->center_freq));
809
810 if (!IS_ERR_OR_NULL(rule) && rule->has_wmm) {
811 if (nl80211_msg_put_wmm_rules(msg, rule))
812 goto nla_put_failure;
813 }
814 }
815
816 return 0;
817
818 nla_put_failure:
819 return -ENOBUFS;
820 }
821
822 static bool nl80211_put_txq_stats(struct sk_buff *msg,
823 struct cfg80211_txq_stats *txqstats,
824 int attrtype)
825 {
826 struct nlattr *txqattr;
827
828 #define PUT_TXQVAL_U32(attr, memb) do { \
829 if (txqstats->filled & BIT(NL80211_TXQ_STATS_ ## attr) && \
830 nla_put_u32(msg, NL80211_TXQ_STATS_ ## attr, txqstats->memb)) \
831 return false; \
832 } while (0)
833
834 txqattr = nla_nest_start(msg, attrtype);
835 if (!txqattr)
836 return false;
837
838 PUT_TXQVAL_U32(BACKLOG_BYTES, backlog_bytes);
839 PUT_TXQVAL_U32(BACKLOG_PACKETS, backlog_packets);
840 PUT_TXQVAL_U32(FLOWS, flows);
841 PUT_TXQVAL_U32(DROPS, drops);
842 PUT_TXQVAL_U32(ECN_MARKS, ecn_marks);
843 PUT_TXQVAL_U32(OVERLIMIT, overlimit);
844 PUT_TXQVAL_U32(OVERMEMORY, overmemory);
845 PUT_TXQVAL_U32(COLLISIONS, collisions);
846 PUT_TXQVAL_U32(TX_BYTES, tx_bytes);
847 PUT_TXQVAL_U32(TX_PACKETS, tx_packets);
848 PUT_TXQVAL_U32(MAX_FLOWS, max_flows);
849 nla_nest_end(msg, txqattr);
850
851 #undef PUT_TXQVAL_U32
852 return true;
853 }
854
855 /* netlink command implementations */
856
857 struct key_parse {
858 struct key_params p;
859 int idx;
860 int type;
861 bool def, defmgmt;
862 bool def_uni, def_multi;
863 };
864
865 static int nl80211_parse_key_new(struct genl_info *info, struct nlattr *key,
866 struct key_parse *k)
867 {
868 struct nlattr *tb[NL80211_KEY_MAX + 1];
869 int err = nla_parse_nested(tb, NL80211_KEY_MAX, key,
870 nl80211_key_policy, info->extack);
871 if (err)
872 return err;
873
874 k->def = !!tb[NL80211_KEY_DEFAULT];
875 k->defmgmt = !!tb[NL80211_KEY_DEFAULT_MGMT];
876
877 if (k->def) {
878 k->def_uni = true;
879 k->def_multi = true;
880 }
881 if (k->defmgmt)
882 k->def_multi = true;
883
884 if (tb[NL80211_KEY_IDX])
885 k->idx = nla_get_u8(tb[NL80211_KEY_IDX]);
886
887 if (tb[NL80211_KEY_DATA]) {
888 k->p.key = nla_data(tb[NL80211_KEY_DATA]);
889 k->p.key_len = nla_len(tb[NL80211_KEY_DATA]);
890 }
891
892 if (tb[NL80211_KEY_SEQ]) {
893 k->p.seq = nla_data(tb[NL80211_KEY_SEQ]);
894 k->p.seq_len = nla_len(tb[NL80211_KEY_SEQ]);
895 }
896
897 if (tb[NL80211_KEY_CIPHER])
898 k->p.cipher = nla_get_u32(tb[NL80211_KEY_CIPHER]);
899
900 if (tb[NL80211_KEY_TYPE]) {
901 k->type = nla_get_u32(tb[NL80211_KEY_TYPE]);
902 if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES)
903 return genl_err_attr(info, -EINVAL,
904 tb[NL80211_KEY_TYPE]);
905 }
906
907 if (tb[NL80211_KEY_DEFAULT_TYPES]) {
908 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
909
910 err = nla_parse_nested(kdt, NUM_NL80211_KEY_DEFAULT_TYPES - 1,
911 tb[NL80211_KEY_DEFAULT_TYPES],
912 nl80211_key_default_policy,
913 info->extack);
914 if (err)
915 return err;
916
917 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
918 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
919 }
920
921 return 0;
922 }
923
924 static int nl80211_parse_key_old(struct genl_info *info, struct key_parse *k)
925 {
926 if (info->attrs[NL80211_ATTR_KEY_DATA]) {
927 k->p.key = nla_data(info->attrs[NL80211_ATTR_KEY_DATA]);
928 k->p.key_len = nla_len(info->attrs[NL80211_ATTR_KEY_DATA]);
929 }
930
931 if (info->attrs[NL80211_ATTR_KEY_SEQ]) {
932 k->p.seq = nla_data(info->attrs[NL80211_ATTR_KEY_SEQ]);
933 k->p.seq_len = nla_len(info->attrs[NL80211_ATTR_KEY_SEQ]);
934 }
935
936 if (info->attrs[NL80211_ATTR_KEY_IDX])
937 k->idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
938
939 if (info->attrs[NL80211_ATTR_KEY_CIPHER])
940 k->p.cipher = nla_get_u32(info->attrs[NL80211_ATTR_KEY_CIPHER]);
941
942 k->def = !!info->attrs[NL80211_ATTR_KEY_DEFAULT];
943 k->defmgmt = !!info->attrs[NL80211_ATTR_KEY_DEFAULT_MGMT];
944
945 if (k->def) {
946 k->def_uni = true;
947 k->def_multi = true;
948 }
949 if (k->defmgmt)
950 k->def_multi = true;
951
952 if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
953 k->type = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
954 if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES) {
955 GENL_SET_ERR_MSG(info, "key type out of range");
956 return -EINVAL;
957 }
958 }
959
960 if (info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES]) {
961 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
962 int err = nla_parse_nested(kdt,
963 NUM_NL80211_KEY_DEFAULT_TYPES - 1,
964 info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES],
965 nl80211_key_default_policy,
966 info->extack);
967 if (err)
968 return err;
969
970 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
971 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
972 }
973
974 return 0;
975 }
976
977 static int nl80211_parse_key(struct genl_info *info, struct key_parse *k)
978 {
979 int err;
980
981 memset(k, 0, sizeof(*k));
982 k->idx = -1;
983 k->type = -1;
984
985 if (info->attrs[NL80211_ATTR_KEY])
986 err = nl80211_parse_key_new(info, info->attrs[NL80211_ATTR_KEY], k);
987 else
988 err = nl80211_parse_key_old(info, k);
989
990 if (err)
991 return err;
992
993 if (k->def && k->defmgmt) {
994 GENL_SET_ERR_MSG(info, "key with def && defmgmt is invalid");
995 return -EINVAL;
996 }
997
998 if (k->defmgmt) {
999 if (k->def_uni || !k->def_multi) {
1000 GENL_SET_ERR_MSG(info, "defmgmt key must be mcast");
1001 return -EINVAL;
1002 }
1003 }
1004
1005 if (k->idx != -1) {
1006 if (k->defmgmt) {
1007 if (k->idx < 4 || k->idx > 5) {
1008 GENL_SET_ERR_MSG(info,
1009 "defmgmt key idx not 4 or 5");
1010 return -EINVAL;
1011 }
1012 } else if (k->def) {
1013 if (k->idx < 0 || k->idx > 3) {
1014 GENL_SET_ERR_MSG(info, "def key idx not 0-3");
1015 return -EINVAL;
1016 }
1017 } else {
1018 if (k->idx < 0 || k->idx > 5) {
1019 GENL_SET_ERR_MSG(info, "key idx not 0-5");
1020 return -EINVAL;
1021 }
1022 }
1023 }
1024
1025 return 0;
1026 }
1027
1028 static struct cfg80211_cached_keys *
1029 nl80211_parse_connkeys(struct cfg80211_registered_device *rdev,
1030 struct genl_info *info, bool *no_ht)
1031 {
1032 struct nlattr *keys = info->attrs[NL80211_ATTR_KEYS];
1033 struct key_parse parse;
1034 struct nlattr *key;
1035 struct cfg80211_cached_keys *result;
1036 int rem, err, def = 0;
1037 bool have_key = false;
1038
1039 nla_for_each_nested(key, keys, rem) {
1040 have_key = true;
1041 break;
1042 }
1043
1044 if (!have_key)
1045 return NULL;
1046
1047 result = kzalloc(sizeof(*result), GFP_KERNEL);
1048 if (!result)
1049 return ERR_PTR(-ENOMEM);
1050
1051 result->def = -1;
1052
1053 nla_for_each_nested(key, keys, rem) {
1054 memset(&parse, 0, sizeof(parse));
1055 parse.idx = -1;
1056
1057 err = nl80211_parse_key_new(info, key, &parse);
1058 if (err)
1059 goto error;
1060 err = -EINVAL;
1061 if (!parse.p.key)
1062 goto error;
1063 if (parse.idx < 0 || parse.idx > 3) {
1064 GENL_SET_ERR_MSG(info, "key index out of range [0-3]");
1065 goto error;
1066 }
1067 if (parse.def) {
1068 if (def) {
1069 GENL_SET_ERR_MSG(info,
1070 "only one key can be default");
1071 goto error;
1072 }
1073 def = 1;
1074 result->def = parse.idx;
1075 if (!parse.def_uni || !parse.def_multi)
1076 goto error;
1077 } else if (parse.defmgmt)
1078 goto error;
1079 err = cfg80211_validate_key_settings(rdev, &parse.p,
1080 parse.idx, false, NULL);
1081 if (err)
1082 goto error;
1083 if (parse.p.cipher != WLAN_CIPHER_SUITE_WEP40 &&
1084 parse.p.cipher != WLAN_CIPHER_SUITE_WEP104) {
1085 GENL_SET_ERR_MSG(info, "connect key must be WEP");
1086 err = -EINVAL;
1087 goto error;
1088 }
1089 result->params[parse.idx].cipher = parse.p.cipher;
1090 result->params[parse.idx].key_len = parse.p.key_len;
1091 result->params[parse.idx].key = result->data[parse.idx];
1092 memcpy(result->data[parse.idx], parse.p.key, parse.p.key_len);
1093
1094 /* must be WEP key if we got here */
1095 if (no_ht)
1096 *no_ht = true;
1097 }
1098
1099 if (result->def < 0) {
1100 err = -EINVAL;
1101 GENL_SET_ERR_MSG(info, "need a default/TX key");
1102 goto error;
1103 }
1104
1105 return result;
1106 error:
1107 kfree(result);
1108 return ERR_PTR(err);
1109 }
1110
1111 static int nl80211_key_allowed(struct wireless_dev *wdev)
1112 {
1113 ASSERT_WDEV_LOCK(wdev);
1114
1115 switch (wdev->iftype) {
1116 case NL80211_IFTYPE_AP:
1117 case NL80211_IFTYPE_AP_VLAN:
1118 case NL80211_IFTYPE_P2P_GO:
1119 case NL80211_IFTYPE_MESH_POINT:
1120 break;
1121 case NL80211_IFTYPE_ADHOC:
1122 case NL80211_IFTYPE_STATION:
1123 case NL80211_IFTYPE_P2P_CLIENT:
1124 if (!wdev->current_bss)
1125 return -ENOLINK;
1126 break;
1127 case NL80211_IFTYPE_UNSPECIFIED:
1128 case NL80211_IFTYPE_OCB:
1129 case NL80211_IFTYPE_MONITOR:
1130 case NL80211_IFTYPE_NAN:
1131 case NL80211_IFTYPE_P2P_DEVICE:
1132 case NL80211_IFTYPE_WDS:
1133 case NUM_NL80211_IFTYPES:
1134 return -EINVAL;
1135 }
1136
1137 return 0;
1138 }
1139
1140 static struct ieee80211_channel *nl80211_get_valid_chan(struct wiphy *wiphy,
1141 struct nlattr *tb)
1142 {
1143 struct ieee80211_channel *chan;
1144
1145 if (tb == NULL)
1146 return NULL;
1147 chan = ieee80211_get_channel(wiphy, nla_get_u32(tb));
1148 if (!chan || chan->flags & IEEE80211_CHAN_DISABLED)
1149 return NULL;
1150 return chan;
1151 }
1152
1153 static int nl80211_put_iftypes(struct sk_buff *msg, u32 attr, u16 ifmodes)
1154 {
1155 struct nlattr *nl_modes = nla_nest_start(msg, attr);
1156 int i;
1157
1158 if (!nl_modes)
1159 goto nla_put_failure;
1160
1161 i = 0;
1162 while (ifmodes) {
1163 if ((ifmodes & 1) && nla_put_flag(msg, i))
1164 goto nla_put_failure;
1165 ifmodes >>= 1;
1166 i++;
1167 }
1168
1169 nla_nest_end(msg, nl_modes);
1170 return 0;
1171
1172 nla_put_failure:
1173 return -ENOBUFS;
1174 }
1175
1176 static int nl80211_put_iface_combinations(struct wiphy *wiphy,
1177 struct sk_buff *msg,
1178 bool large)
1179 {
1180 struct nlattr *nl_combis;
1181 int i, j;
1182
1183 nl_combis = nla_nest_start(msg,
1184 NL80211_ATTR_INTERFACE_COMBINATIONS);
1185 if (!nl_combis)
1186 goto nla_put_failure;
1187
1188 for (i = 0; i < wiphy->n_iface_combinations; i++) {
1189 const struct ieee80211_iface_combination *c;
1190 struct nlattr *nl_combi, *nl_limits;
1191
1192 c = &wiphy->iface_combinations[i];
1193
1194 nl_combi = nla_nest_start(msg, i + 1);
1195 if (!nl_combi)
1196 goto nla_put_failure;
1197
1198 nl_limits = nla_nest_start(msg, NL80211_IFACE_COMB_LIMITS);
1199 if (!nl_limits)
1200 goto nla_put_failure;
1201
1202 for (j = 0; j < c->n_limits; j++) {
1203 struct nlattr *nl_limit;
1204
1205 nl_limit = nla_nest_start(msg, j + 1);
1206 if (!nl_limit)
1207 goto nla_put_failure;
1208 if (nla_put_u32(msg, NL80211_IFACE_LIMIT_MAX,
1209 c->limits[j].max))
1210 goto nla_put_failure;
1211 if (nl80211_put_iftypes(msg, NL80211_IFACE_LIMIT_TYPES,
1212 c->limits[j].types))
1213 goto nla_put_failure;
1214 nla_nest_end(msg, nl_limit);
1215 }
1216
1217 nla_nest_end(msg, nl_limits);
1218
1219 if (c->beacon_int_infra_match &&
1220 nla_put_flag(msg, NL80211_IFACE_COMB_STA_AP_BI_MATCH))
1221 goto nla_put_failure;
1222 if (nla_put_u32(msg, NL80211_IFACE_COMB_NUM_CHANNELS,
1223 c->num_different_channels) ||
1224 nla_put_u32(msg, NL80211_IFACE_COMB_MAXNUM,
1225 c->max_interfaces))
1226 goto nla_put_failure;
1227 if (large &&
1228 (nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_WIDTHS,
1229 c->radar_detect_widths) ||
1230 nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_REGIONS,
1231 c->radar_detect_regions)))
1232 goto nla_put_failure;
1233 if (c->beacon_int_min_gcd &&
1234 nla_put_u32(msg, NL80211_IFACE_COMB_BI_MIN_GCD,
1235 c->beacon_int_min_gcd))
1236 goto nla_put_failure;
1237
1238 nla_nest_end(msg, nl_combi);
1239 }
1240
1241 nla_nest_end(msg, nl_combis);
1242
1243 return 0;
1244 nla_put_failure:
1245 return -ENOBUFS;
1246 }
1247
1248 #ifdef CONFIG_PM
1249 static int nl80211_send_wowlan_tcp_caps(struct cfg80211_registered_device *rdev,
1250 struct sk_buff *msg)
1251 {
1252 const struct wiphy_wowlan_tcp_support *tcp = rdev->wiphy.wowlan->tcp;
1253 struct nlattr *nl_tcp;
1254
1255 if (!tcp)
1256 return 0;
1257
1258 nl_tcp = nla_nest_start(msg, NL80211_WOWLAN_TRIG_TCP_CONNECTION);
1259 if (!nl_tcp)
1260 return -ENOBUFS;
1261
1262 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
1263 tcp->data_payload_max))
1264 return -ENOBUFS;
1265
1266 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
1267 tcp->data_payload_max))
1268 return -ENOBUFS;
1269
1270 if (tcp->seq && nla_put_flag(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ))
1271 return -ENOBUFS;
1272
1273 if (tcp->tok && nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
1274 sizeof(*tcp->tok), tcp->tok))
1275 return -ENOBUFS;
1276
1277 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
1278 tcp->data_interval_max))
1279 return -ENOBUFS;
1280
1281 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
1282 tcp->wake_payload_max))
1283 return -ENOBUFS;
1284
1285 nla_nest_end(msg, nl_tcp);
1286 return 0;
1287 }
1288
1289 static int nl80211_send_wowlan(struct sk_buff *msg,
1290 struct cfg80211_registered_device *rdev,
1291 bool large)
1292 {
1293 struct nlattr *nl_wowlan;
1294
1295 if (!rdev->wiphy.wowlan)
1296 return 0;
1297
1298 nl_wowlan = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS_SUPPORTED);
1299 if (!nl_wowlan)
1300 return -ENOBUFS;
1301
1302 if (((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_ANY) &&
1303 nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
1304 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_DISCONNECT) &&
1305 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
1306 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT) &&
1307 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
1308 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_SUPPORTS_GTK_REKEY) &&
1309 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED)) ||
1310 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE) &&
1311 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
1312 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ) &&
1313 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
1314 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE) &&
1315 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
1316 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE) &&
1317 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
1318 return -ENOBUFS;
1319
1320 if (rdev->wiphy.wowlan->n_patterns) {
1321 struct nl80211_pattern_support pat = {
1322 .max_patterns = rdev->wiphy.wowlan->n_patterns,
1323 .min_pattern_len = rdev->wiphy.wowlan->pattern_min_len,
1324 .max_pattern_len = rdev->wiphy.wowlan->pattern_max_len,
1325 .max_pkt_offset = rdev->wiphy.wowlan->max_pkt_offset,
1326 };
1327
1328 if (nla_put(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
1329 sizeof(pat), &pat))
1330 return -ENOBUFS;
1331 }
1332
1333 if ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_NET_DETECT) &&
1334 nla_put_u32(msg, NL80211_WOWLAN_TRIG_NET_DETECT,
1335 rdev->wiphy.wowlan->max_nd_match_sets))
1336 return -ENOBUFS;
1337
1338 if (large && nl80211_send_wowlan_tcp_caps(rdev, msg))
1339 return -ENOBUFS;
1340
1341 nla_nest_end(msg, nl_wowlan);
1342
1343 return 0;
1344 }
1345 #endif
1346
1347 static int nl80211_send_coalesce(struct sk_buff *msg,
1348 struct cfg80211_registered_device *rdev)
1349 {
1350 struct nl80211_coalesce_rule_support rule;
1351
1352 if (!rdev->wiphy.coalesce)
1353 return 0;
1354
1355 rule.max_rules = rdev->wiphy.coalesce->n_rules;
1356 rule.max_delay = rdev->wiphy.coalesce->max_delay;
1357 rule.pat.max_patterns = rdev->wiphy.coalesce->n_patterns;
1358 rule.pat.min_pattern_len = rdev->wiphy.coalesce->pattern_min_len;
1359 rule.pat.max_pattern_len = rdev->wiphy.coalesce->pattern_max_len;
1360 rule.pat.max_pkt_offset = rdev->wiphy.coalesce->max_pkt_offset;
1361
1362 if (nla_put(msg, NL80211_ATTR_COALESCE_RULE, sizeof(rule), &rule))
1363 return -ENOBUFS;
1364
1365 return 0;
1366 }
1367
1368 static int
1369 nl80211_send_iftype_data(struct sk_buff *msg,
1370 const struct ieee80211_sband_iftype_data *iftdata)
1371 {
1372 const struct ieee80211_sta_he_cap *he_cap = &iftdata->he_cap;
1373
1374 if (nl80211_put_iftypes(msg, NL80211_BAND_IFTYPE_ATTR_IFTYPES,
1375 iftdata->types_mask))
1376 return -ENOBUFS;
1377
1378 if (he_cap->has_he) {
1379 if (nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_MAC,
1380 sizeof(he_cap->he_cap_elem.mac_cap_info),
1381 he_cap->he_cap_elem.mac_cap_info) ||
1382 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_PHY,
1383 sizeof(he_cap->he_cap_elem.phy_cap_info),
1384 he_cap->he_cap_elem.phy_cap_info) ||
1385 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_MCS_SET,
1386 sizeof(he_cap->he_mcs_nss_supp),
1387 &he_cap->he_mcs_nss_supp) ||
1388 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_PPE,
1389 sizeof(he_cap->ppe_thres), he_cap->ppe_thres))
1390 return -ENOBUFS;
1391 }
1392
1393 return 0;
1394 }
1395
1396 static int nl80211_send_band_rateinfo(struct sk_buff *msg,
1397 struct ieee80211_supported_band *sband)
1398 {
1399 struct nlattr *nl_rates, *nl_rate;
1400 struct ieee80211_rate *rate;
1401 int i;
1402
1403 /* add HT info */
1404 if (sband->ht_cap.ht_supported &&
1405 (nla_put(msg, NL80211_BAND_ATTR_HT_MCS_SET,
1406 sizeof(sband->ht_cap.mcs),
1407 &sband->ht_cap.mcs) ||
1408 nla_put_u16(msg, NL80211_BAND_ATTR_HT_CAPA,
1409 sband->ht_cap.cap) ||
1410 nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_FACTOR,
1411 sband->ht_cap.ampdu_factor) ||
1412 nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_DENSITY,
1413 sband->ht_cap.ampdu_density)))
1414 return -ENOBUFS;
1415
1416 /* add VHT info */
1417 if (sband->vht_cap.vht_supported &&
1418 (nla_put(msg, NL80211_BAND_ATTR_VHT_MCS_SET,
1419 sizeof(sband->vht_cap.vht_mcs),
1420 &sband->vht_cap.vht_mcs) ||
1421 nla_put_u32(msg, NL80211_BAND_ATTR_VHT_CAPA,
1422 sband->vht_cap.cap)))
1423 return -ENOBUFS;
1424
1425 if (sband->n_iftype_data) {
1426 struct nlattr *nl_iftype_data =
1427 nla_nest_start(msg, NL80211_BAND_ATTR_IFTYPE_DATA);
1428 int err;
1429
1430 if (!nl_iftype_data)
1431 return -ENOBUFS;
1432
1433 for (i = 0; i < sband->n_iftype_data; i++) {
1434 struct nlattr *iftdata;
1435
1436 iftdata = nla_nest_start(msg, i + 1);
1437 if (!iftdata)
1438 return -ENOBUFS;
1439
1440 err = nl80211_send_iftype_data(msg,
1441 &sband->iftype_data[i]);
1442 if (err)
1443 return err;
1444
1445 nla_nest_end(msg, iftdata);
1446 }
1447
1448 nla_nest_end(msg, nl_iftype_data);
1449 }
1450
1451 /* add bitrates */
1452 nl_rates = nla_nest_start(msg, NL80211_BAND_ATTR_RATES);
1453 if (!nl_rates)
1454 return -ENOBUFS;
1455
1456 for (i = 0; i < sband->n_bitrates; i++) {
1457 nl_rate = nla_nest_start(msg, i);
1458 if (!nl_rate)
1459 return -ENOBUFS;
1460
1461 rate = &sband->bitrates[i];
1462 if (nla_put_u32(msg, NL80211_BITRATE_ATTR_RATE,
1463 rate->bitrate))
1464 return -ENOBUFS;
1465 if ((rate->flags & IEEE80211_RATE_SHORT_PREAMBLE) &&
1466 nla_put_flag(msg,
1467 NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE))
1468 return -ENOBUFS;
1469
1470 nla_nest_end(msg, nl_rate);
1471 }
1472
1473 nla_nest_end(msg, nl_rates);
1474
1475 return 0;
1476 }
1477
1478 static int
1479 nl80211_send_mgmt_stypes(struct sk_buff *msg,
1480 const struct ieee80211_txrx_stypes *mgmt_stypes)
1481 {
1482 u16 stypes;
1483 struct nlattr *nl_ftypes, *nl_ifs;
1484 enum nl80211_iftype ift;
1485 int i;
1486
1487 if (!mgmt_stypes)
1488 return 0;
1489
1490 nl_ifs = nla_nest_start(msg, NL80211_ATTR_TX_FRAME_TYPES);
1491 if (!nl_ifs)
1492 return -ENOBUFS;
1493
1494 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
1495 nl_ftypes = nla_nest_start(msg, ift);
1496 if (!nl_ftypes)
1497 return -ENOBUFS;
1498 i = 0;
1499 stypes = mgmt_stypes[ift].tx;
1500 while (stypes) {
1501 if ((stypes & 1) &&
1502 nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
1503 (i << 4) | IEEE80211_FTYPE_MGMT))
1504 return -ENOBUFS;
1505 stypes >>= 1;
1506 i++;
1507 }
1508 nla_nest_end(msg, nl_ftypes);
1509 }
1510
1511 nla_nest_end(msg, nl_ifs);
1512
1513 nl_ifs = nla_nest_start(msg, NL80211_ATTR_RX_FRAME_TYPES);
1514 if (!nl_ifs)
1515 return -ENOBUFS;
1516
1517 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
1518 nl_ftypes = nla_nest_start(msg, ift);
1519 if (!nl_ftypes)
1520 return -ENOBUFS;
1521 i = 0;
1522 stypes = mgmt_stypes[ift].rx;
1523 while (stypes) {
1524 if ((stypes & 1) &&
1525 nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
1526 (i << 4) | IEEE80211_FTYPE_MGMT))
1527 return -ENOBUFS;
1528 stypes >>= 1;
1529 i++;
1530 }
1531 nla_nest_end(msg, nl_ftypes);
1532 }
1533 nla_nest_end(msg, nl_ifs);
1534
1535 return 0;
1536 }
1537
1538 #define CMD(op, n) \
1539 do { \
1540 if (rdev->ops->op) { \
1541 i++; \
1542 if (nla_put_u32(msg, i, NL80211_CMD_ ## n)) \
1543 goto nla_put_failure; \
1544 } \
1545 } while (0)
1546
1547 static int nl80211_add_commands_unsplit(struct cfg80211_registered_device *rdev,
1548 struct sk_buff *msg)
1549 {
1550 int i = 0;
1551
1552 /*
1553 * do *NOT* add anything into this function, new things need to be
1554 * advertised only to new versions of userspace that can deal with
1555 * the split (and they can't possibly care about new features...
1556 */
1557 CMD(add_virtual_intf, NEW_INTERFACE);
1558 CMD(change_virtual_intf, SET_INTERFACE);
1559 CMD(add_key, NEW_KEY);
1560 CMD(start_ap, START_AP);
1561 CMD(add_station, NEW_STATION);
1562 CMD(add_mpath, NEW_MPATH);
1563 CMD(update_mesh_config, SET_MESH_CONFIG);
1564 CMD(change_bss, SET_BSS);
1565 CMD(auth, AUTHENTICATE);
1566 CMD(assoc, ASSOCIATE);
1567 CMD(deauth, DEAUTHENTICATE);
1568 CMD(disassoc, DISASSOCIATE);
1569 CMD(join_ibss, JOIN_IBSS);
1570 CMD(join_mesh, JOIN_MESH);
1571 CMD(set_pmksa, SET_PMKSA);
1572 CMD(del_pmksa, DEL_PMKSA);
1573 CMD(flush_pmksa, FLUSH_PMKSA);
1574 if (rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL)
1575 CMD(remain_on_channel, REMAIN_ON_CHANNEL);
1576 CMD(set_bitrate_mask, SET_TX_BITRATE_MASK);
1577 CMD(mgmt_tx, FRAME);
1578 CMD(mgmt_tx_cancel_wait, FRAME_WAIT_CANCEL);
1579 if (rdev->wiphy.flags & WIPHY_FLAG_NETNS_OK) {
1580 i++;
1581 if (nla_put_u32(msg, i, NL80211_CMD_SET_WIPHY_NETNS))
1582 goto nla_put_failure;
1583 }
1584 if (rdev->ops->set_monitor_channel || rdev->ops->start_ap ||
1585 rdev->ops->join_mesh) {
1586 i++;
1587 if (nla_put_u32(msg, i, NL80211_CMD_SET_CHANNEL))
1588 goto nla_put_failure;
1589 }
1590 CMD(set_wds_peer, SET_WDS_PEER);
1591 if (rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) {
1592 CMD(tdls_mgmt, TDLS_MGMT);
1593 CMD(tdls_oper, TDLS_OPER);
1594 }
1595 if (rdev->wiphy.max_sched_scan_reqs)
1596 CMD(sched_scan_start, START_SCHED_SCAN);
1597 CMD(probe_client, PROBE_CLIENT);
1598 CMD(set_noack_map, SET_NOACK_MAP);
1599 if (rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS) {
1600 i++;
1601 if (nla_put_u32(msg, i, NL80211_CMD_REGISTER_BEACONS))
1602 goto nla_put_failure;
1603 }
1604 CMD(start_p2p_device, START_P2P_DEVICE);
1605 CMD(set_mcast_rate, SET_MCAST_RATE);
1606 #ifdef CONFIG_NL80211_TESTMODE
1607 CMD(testmode_cmd, TESTMODE);
1608 #endif
1609
1610 if (rdev->ops->connect || rdev->ops->auth) {
1611 i++;
1612 if (nla_put_u32(msg, i, NL80211_CMD_CONNECT))
1613 goto nla_put_failure;
1614 }
1615
1616 if (rdev->ops->disconnect || rdev->ops->deauth) {
1617 i++;
1618 if (nla_put_u32(msg, i, NL80211_CMD_DISCONNECT))
1619 goto nla_put_failure;
1620 }
1621
1622 return i;
1623 nla_put_failure:
1624 return -ENOBUFS;
1625 }
1626
1627 struct nl80211_dump_wiphy_state {
1628 s64 filter_wiphy;
1629 long start;
1630 long split_start, band_start, chan_start, capa_start;
1631 bool split;
1632 };
1633
1634 static int nl80211_send_wiphy(struct cfg80211_registered_device *rdev,
1635 enum nl80211_commands cmd,
1636 struct sk_buff *msg, u32 portid, u32 seq,
1637 int flags, struct nl80211_dump_wiphy_state *state)
1638 {
1639 void *hdr;
1640 struct nlattr *nl_bands, *nl_band;
1641 struct nlattr *nl_freqs, *nl_freq;
1642 struct nlattr *nl_cmds;
1643 enum nl80211_band band;
1644 struct ieee80211_channel *chan;
1645 int i;
1646 const struct ieee80211_txrx_stypes *mgmt_stypes =
1647 rdev->wiphy.mgmt_stypes;
1648 u32 features;
1649
1650 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
1651 if (!hdr)
1652 return -ENOBUFS;
1653
1654 if (WARN_ON(!state))
1655 return -EINVAL;
1656
1657 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
1658 nla_put_string(msg, NL80211_ATTR_WIPHY_NAME,
1659 wiphy_name(&rdev->wiphy)) ||
1660 nla_put_u32(msg, NL80211_ATTR_GENERATION,
1661 cfg80211_rdev_list_generation))
1662 goto nla_put_failure;
1663
1664 if (cmd != NL80211_CMD_NEW_WIPHY)
1665 goto finish;
1666
1667 switch (state->split_start) {
1668 case 0:
1669 if (nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_SHORT,
1670 rdev->wiphy.retry_short) ||
1671 nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_LONG,
1672 rdev->wiphy.retry_long) ||
1673 nla_put_u32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD,
1674 rdev->wiphy.frag_threshold) ||
1675 nla_put_u32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD,
1676 rdev->wiphy.rts_threshold) ||
1677 nla_put_u8(msg, NL80211_ATTR_WIPHY_COVERAGE_CLASS,
1678 rdev->wiphy.coverage_class) ||
1679 nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCAN_SSIDS,
1680 rdev->wiphy.max_scan_ssids) ||
1681 nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS,
1682 rdev->wiphy.max_sched_scan_ssids) ||
1683 nla_put_u16(msg, NL80211_ATTR_MAX_SCAN_IE_LEN,
1684 rdev->wiphy.max_scan_ie_len) ||
1685 nla_put_u16(msg, NL80211_ATTR_MAX_SCHED_SCAN_IE_LEN,
1686 rdev->wiphy.max_sched_scan_ie_len) ||
1687 nla_put_u8(msg, NL80211_ATTR_MAX_MATCH_SETS,
1688 rdev->wiphy.max_match_sets) ||
1689 nla_put_u32(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_PLANS,
1690 rdev->wiphy.max_sched_scan_plans) ||
1691 nla_put_u32(msg, NL80211_ATTR_MAX_SCAN_PLAN_INTERVAL,
1692 rdev->wiphy.max_sched_scan_plan_interval) ||
1693 nla_put_u32(msg, NL80211_ATTR_MAX_SCAN_PLAN_ITERATIONS,
1694 rdev->wiphy.max_sched_scan_plan_iterations))
1695 goto nla_put_failure;
1696
1697 if ((rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN) &&
1698 nla_put_flag(msg, NL80211_ATTR_SUPPORT_IBSS_RSN))
1699 goto nla_put_failure;
1700 if ((rdev->wiphy.flags & WIPHY_FLAG_MESH_AUTH) &&
1701 nla_put_flag(msg, NL80211_ATTR_SUPPORT_MESH_AUTH))
1702 goto nla_put_failure;
1703 if ((rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) &&
1704 nla_put_flag(msg, NL80211_ATTR_SUPPORT_AP_UAPSD))
1705 goto nla_put_failure;
1706 if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_FW_ROAM) &&
1707 nla_put_flag(msg, NL80211_ATTR_ROAM_SUPPORT))
1708 goto nla_put_failure;
1709 if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) &&
1710 nla_put_flag(msg, NL80211_ATTR_TDLS_SUPPORT))
1711 goto nla_put_failure;
1712 if ((rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP) &&
1713 nla_put_flag(msg, NL80211_ATTR_TDLS_EXTERNAL_SETUP))
1714 goto nla_put_failure;
1715 state->split_start++;
1716 if (state->split)
1717 break;
1718 case 1:
1719 if (nla_put(msg, NL80211_ATTR_CIPHER_SUITES,
1720 sizeof(u32) * rdev->wiphy.n_cipher_suites,
1721 rdev->wiphy.cipher_suites))
1722 goto nla_put_failure;
1723
1724 if (nla_put_u8(msg, NL80211_ATTR_MAX_NUM_PMKIDS,
1725 rdev->wiphy.max_num_pmkids))
1726 goto nla_put_failure;
1727
1728 if ((rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
1729 nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE))
1730 goto nla_put_failure;
1731
1732 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_TX,
1733 rdev->wiphy.available_antennas_tx) ||
1734 nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_RX,
1735 rdev->wiphy.available_antennas_rx))
1736 goto nla_put_failure;
1737
1738 if ((rdev->wiphy.flags & WIPHY_FLAG_AP_PROBE_RESP_OFFLOAD) &&
1739 nla_put_u32(msg, NL80211_ATTR_PROBE_RESP_OFFLOAD,
1740 rdev->wiphy.probe_resp_offload))
1741 goto nla_put_failure;
1742
1743 if ((rdev->wiphy.available_antennas_tx ||
1744 rdev->wiphy.available_antennas_rx) &&
1745 rdev->ops->get_antenna) {
1746 u32 tx_ant = 0, rx_ant = 0;
1747 int res;
1748
1749 res = rdev_get_antenna(rdev, &tx_ant, &rx_ant);
1750 if (!res) {
1751 if (nla_put_u32(msg,
1752 NL80211_ATTR_WIPHY_ANTENNA_TX,
1753 tx_ant) ||
1754 nla_put_u32(msg,
1755 NL80211_ATTR_WIPHY_ANTENNA_RX,
1756 rx_ant))
1757 goto nla_put_failure;
1758 }
1759 }
1760
1761 state->split_start++;
1762 if (state->split)
1763 break;
1764 case 2:
1765 if (nl80211_put_iftypes(msg, NL80211_ATTR_SUPPORTED_IFTYPES,
1766 rdev->wiphy.interface_modes))
1767 goto nla_put_failure;
1768 state->split_start++;
1769 if (state->split)
1770 break;
1771 case 3:
1772 nl_bands = nla_nest_start(msg, NL80211_ATTR_WIPHY_BANDS);
1773 if (!nl_bands)
1774 goto nla_put_failure;
1775
1776 for (band = state->band_start;
1777 band < NUM_NL80211_BANDS; band++) {
1778 struct ieee80211_supported_band *sband;
1779
1780 sband = rdev->wiphy.bands[band];
1781
1782 if (!sband)
1783 continue;
1784
1785 nl_band = nla_nest_start(msg, band);
1786 if (!nl_band)
1787 goto nla_put_failure;
1788
1789 switch (state->chan_start) {
1790 case 0:
1791 if (nl80211_send_band_rateinfo(msg, sband))
1792 goto nla_put_failure;
1793 state->chan_start++;
1794 if (state->split)
1795 break;
1796 default:
1797 /* add frequencies */
1798 nl_freqs = nla_nest_start(
1799 msg, NL80211_BAND_ATTR_FREQS);
1800 if (!nl_freqs)
1801 goto nla_put_failure;
1802
1803 for (i = state->chan_start - 1;
1804 i < sband->n_channels;
1805 i++) {
1806 nl_freq = nla_nest_start(msg, i);
1807 if (!nl_freq)
1808 goto nla_put_failure;
1809
1810 chan = &sband->channels[i];
1811
1812 if (nl80211_msg_put_channel(
1813 msg, &rdev->wiphy, chan,
1814 state->split))
1815 goto nla_put_failure;
1816
1817 nla_nest_end(msg, nl_freq);
1818 if (state->split)
1819 break;
1820 }
1821 if (i < sband->n_channels)
1822 state->chan_start = i + 2;
1823 else
1824 state->chan_start = 0;
1825 nla_nest_end(msg, nl_freqs);
1826 }
1827
1828 nla_nest_end(msg, nl_band);
1829
1830 if (state->split) {
1831 /* start again here */
1832 if (state->chan_start)
1833 band--;
1834 break;
1835 }
1836 }
1837 nla_nest_end(msg, nl_bands);
1838
1839 if (band < NUM_NL80211_BANDS)
1840 state->band_start = band + 1;
1841 else
1842 state->band_start = 0;
1843
1844 /* if bands & channels are done, continue outside */
1845 if (state->band_start == 0 && state->chan_start == 0)
1846 state->split_start++;
1847 if (state->split)
1848 break;
1849 case 4:
1850 nl_cmds = nla_nest_start(msg, NL80211_ATTR_SUPPORTED_COMMANDS);
1851 if (!nl_cmds)
1852 goto nla_put_failure;
1853
1854 i = nl80211_add_commands_unsplit(rdev, msg);
1855 if (i < 0)
1856 goto nla_put_failure;
1857 if (state->split) {
1858 CMD(crit_proto_start, CRIT_PROTOCOL_START);
1859 CMD(crit_proto_stop, CRIT_PROTOCOL_STOP);
1860 if (rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH)
1861 CMD(channel_switch, CHANNEL_SWITCH);
1862 CMD(set_qos_map, SET_QOS_MAP);
1863 if (rdev->wiphy.features &
1864 NL80211_FEATURE_SUPPORTS_WMM_ADMISSION)
1865 CMD(add_tx_ts, ADD_TX_TS);
1866 CMD(set_multicast_to_unicast, SET_MULTICAST_TO_UNICAST);
1867 CMD(update_connect_params, UPDATE_CONNECT_PARAMS);
1868 }
1869 #undef CMD
1870
1871 nla_nest_end(msg, nl_cmds);
1872 state->split_start++;
1873 if (state->split)
1874 break;
1875 case 5:
1876 if (rdev->ops->remain_on_channel &&
1877 (rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL) &&
1878 nla_put_u32(msg,
1879 NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION,
1880 rdev->wiphy.max_remain_on_channel_duration))
1881 goto nla_put_failure;
1882
1883 if ((rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX) &&
1884 nla_put_flag(msg, NL80211_ATTR_OFFCHANNEL_TX_OK))
1885 goto nla_put_failure;
1886
1887 if (nl80211_send_mgmt_stypes(msg, mgmt_stypes))
1888 goto nla_put_failure;
1889 state->split_start++;
1890 if (state->split)
1891 break;
1892 case 6:
1893 #ifdef CONFIG_PM
1894 if (nl80211_send_wowlan(msg, rdev, state->split))
1895 goto nla_put_failure;
1896 state->split_start++;
1897 if (state->split)
1898 break;
1899 #else
1900 state->split_start++;
1901 #endif
1902 case 7:
1903 if (nl80211_put_iftypes(msg, NL80211_ATTR_SOFTWARE_IFTYPES,
1904 rdev->wiphy.software_iftypes))
1905 goto nla_put_failure;
1906
1907 if (nl80211_put_iface_combinations(&rdev->wiphy, msg,
1908 state->split))
1909 goto nla_put_failure;
1910
1911 state->split_start++;
1912 if (state->split)
1913 break;
1914 case 8:
1915 if ((rdev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME) &&
1916 nla_put_u32(msg, NL80211_ATTR_DEVICE_AP_SME,
1917 rdev->wiphy.ap_sme_capa))
1918 goto nla_put_failure;
1919
1920 features = rdev->wiphy.features;
1921 /*
1922 * We can only add the per-channel limit information if the
1923 * dump is split, otherwise it makes it too big. Therefore
1924 * only advertise it in that case.
1925 */
1926 if (state->split)
1927 features |= NL80211_FEATURE_ADVERTISE_CHAN_LIMITS;
1928 if (nla_put_u32(msg, NL80211_ATTR_FEATURE_FLAGS, features))
1929 goto nla_put_failure;
1930
1931 if (rdev->wiphy.ht_capa_mod_mask &&
1932 nla_put(msg, NL80211_ATTR_HT_CAPABILITY_MASK,
1933 sizeof(*rdev->wiphy.ht_capa_mod_mask),
1934 rdev->wiphy.ht_capa_mod_mask))
1935 goto nla_put_failure;
1936
1937 if (rdev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME &&
1938 rdev->wiphy.max_acl_mac_addrs &&
1939 nla_put_u32(msg, NL80211_ATTR_MAC_ACL_MAX,
1940 rdev->wiphy.max_acl_mac_addrs))
1941 goto nla_put_failure;
1942
1943 /*
1944 * Any information below this point is only available to
1945 * applications that can deal with it being split. This
1946 * helps ensure that newly added capabilities don't break
1947 * older tools by overrunning their buffers.
1948 *
1949 * We still increment split_start so that in the split
1950 * case we'll continue with more data in the next round,
1951 * but break unconditionally so unsplit data stops here.
1952 */
1953 if (state->split)
1954 state->split_start++;
1955 else
1956 state->split_start = 0;
1957 break;
1958 case 9:
1959 if (rdev->wiphy.extended_capabilities &&
1960 (nla_put(msg, NL80211_ATTR_EXT_CAPA,
1961 rdev->wiphy.extended_capabilities_len,
1962 rdev->wiphy.extended_capabilities) ||
1963 nla_put(msg, NL80211_ATTR_EXT_CAPA_MASK,
1964 rdev->wiphy.extended_capabilities_len,
1965 rdev->wiphy.extended_capabilities_mask)))
1966 goto nla_put_failure;
1967
1968 if (rdev->wiphy.vht_capa_mod_mask &&
1969 nla_put(msg, NL80211_ATTR_VHT_CAPABILITY_MASK,
1970 sizeof(*rdev->wiphy.vht_capa_mod_mask),
1971 rdev->wiphy.vht_capa_mod_mask))
1972 goto nla_put_failure;
1973
1974 state->split_start++;
1975 break;
1976 case 10:
1977 if (nl80211_send_coalesce(msg, rdev))
1978 goto nla_put_failure;
1979
1980 if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ) &&
1981 (nla_put_flag(msg, NL80211_ATTR_SUPPORT_5_MHZ) ||
1982 nla_put_flag(msg, NL80211_ATTR_SUPPORT_10_MHZ)))
1983 goto nla_put_failure;
1984
1985 if (rdev->wiphy.max_ap_assoc_sta &&
1986 nla_put_u32(msg, NL80211_ATTR_MAX_AP_ASSOC_STA,
1987 rdev->wiphy.max_ap_assoc_sta))
1988 goto nla_put_failure;
1989
1990 state->split_start++;
1991 break;
1992 case 11:
1993 if (rdev->wiphy.n_vendor_commands) {
1994 const struct nl80211_vendor_cmd_info *info;
1995 struct nlattr *nested;
1996
1997 nested = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA);
1998 if (!nested)
1999 goto nla_put_failure;
2000
2001 for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) {
2002 info = &rdev->wiphy.vendor_commands[i].info;
2003 if (nla_put(msg, i + 1, sizeof(*info), info))
2004 goto nla_put_failure;
2005 }
2006 nla_nest_end(msg, nested);
2007 }
2008
2009 if (rdev->wiphy.n_vendor_events) {
2010 const struct nl80211_vendor_cmd_info *info;
2011 struct nlattr *nested;
2012
2013 nested = nla_nest_start(msg,
2014 NL80211_ATTR_VENDOR_EVENTS);
2015 if (!nested)
2016 goto nla_put_failure;
2017
2018 for (i = 0; i < rdev->wiphy.n_vendor_events; i++) {
2019 info = &rdev->wiphy.vendor_events[i];
2020 if (nla_put(msg, i + 1, sizeof(*info), info))
2021 goto nla_put_failure;
2022 }
2023 nla_nest_end(msg, nested);
2024 }
2025 state->split_start++;
2026 break;
2027 case 12:
2028 if (rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH &&
2029 nla_put_u8(msg, NL80211_ATTR_MAX_CSA_COUNTERS,
2030 rdev->wiphy.max_num_csa_counters))
2031 goto nla_put_failure;
2032
2033 if (rdev->wiphy.regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
2034 nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
2035 goto nla_put_failure;
2036
2037 if (rdev->wiphy.max_sched_scan_reqs &&
2038 nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_MAX_REQS,
2039 rdev->wiphy.max_sched_scan_reqs))
2040 goto nla_put_failure;
2041
2042 if (nla_put(msg, NL80211_ATTR_EXT_FEATURES,
2043 sizeof(rdev->wiphy.ext_features),
2044 rdev->wiphy.ext_features))
2045 goto nla_put_failure;
2046
2047 if (rdev->wiphy.bss_select_support) {
2048 struct nlattr *nested;
2049 u32 bss_select_support = rdev->wiphy.bss_select_support;
2050
2051 nested = nla_nest_start(msg, NL80211_ATTR_BSS_SELECT);
2052 if (!nested)
2053 goto nla_put_failure;
2054
2055 i = 0;
2056 while (bss_select_support) {
2057 if ((bss_select_support & 1) &&
2058 nla_put_flag(msg, i))
2059 goto nla_put_failure;
2060 i++;
2061 bss_select_support >>= 1;
2062 }
2063 nla_nest_end(msg, nested);
2064 }
2065
2066 state->split_start++;
2067 break;
2068 case 13:
2069 if (rdev->wiphy.num_iftype_ext_capab &&
2070 rdev->wiphy.iftype_ext_capab) {
2071 struct nlattr *nested_ext_capab, *nested;
2072
2073 nested = nla_nest_start(msg,
2074 NL80211_ATTR_IFTYPE_EXT_CAPA);
2075 if (!nested)
2076 goto nla_put_failure;
2077
2078 for (i = state->capa_start;
2079 i < rdev->wiphy.num_iftype_ext_capab; i++) {
2080 const struct wiphy_iftype_ext_capab *capab;
2081
2082 capab = &rdev->wiphy.iftype_ext_capab[i];
2083
2084 nested_ext_capab = nla_nest_start(msg, i);
2085 if (!nested_ext_capab ||
2086 nla_put_u32(msg, NL80211_ATTR_IFTYPE,
2087 capab->iftype) ||
2088 nla_put(msg, NL80211_ATTR_EXT_CAPA,
2089 capab->extended_capabilities_len,
2090 capab->extended_capabilities) ||
2091 nla_put(msg, NL80211_ATTR_EXT_CAPA_MASK,
2092 capab->extended_capabilities_len,
2093 capab->extended_capabilities_mask))
2094 goto nla_put_failure;
2095
2096 nla_nest_end(msg, nested_ext_capab);
2097 if (state->split)
2098 break;
2099 }
2100 nla_nest_end(msg, nested);
2101 if (i < rdev->wiphy.num_iftype_ext_capab) {
2102 state->capa_start = i + 1;
2103 break;
2104 }
2105 }
2106
2107 if (nla_put_u32(msg, NL80211_ATTR_BANDS,
2108 rdev->wiphy.nan_supported_bands))
2109 goto nla_put_failure;
2110
2111 if (wiphy_ext_feature_isset(&rdev->wiphy,
2112 NL80211_EXT_FEATURE_TXQS)) {
2113 struct cfg80211_txq_stats txqstats = {};
2114 int res;
2115
2116 res = rdev_get_txq_stats(rdev, NULL, &txqstats);
2117 if (!res &&
2118 !nl80211_put_txq_stats(msg, &txqstats,
2119 NL80211_ATTR_TXQ_STATS))
2120 goto nla_put_failure;
2121
2122 if (nla_put_u32(msg, NL80211_ATTR_TXQ_LIMIT,
2123 rdev->wiphy.txq_limit))
2124 goto nla_put_failure;
2125 if (nla_put_u32(msg, NL80211_ATTR_TXQ_MEMORY_LIMIT,
2126 rdev->wiphy.txq_memory_limit))
2127 goto nla_put_failure;
2128 if (nla_put_u32(msg, NL80211_ATTR_TXQ_QUANTUM,
2129 rdev->wiphy.txq_quantum))
2130 goto nla_put_failure;
2131 }
2132
2133 /* done */
2134 state->split_start = 0;
2135 break;
2136 }
2137 finish:
2138 genlmsg_end(msg, hdr);
2139 return 0;
2140
2141 nla_put_failure:
2142 genlmsg_cancel(msg, hdr);
2143 return -EMSGSIZE;
2144 }
2145
2146 static int nl80211_dump_wiphy_parse(struct sk_buff *skb,
2147 struct netlink_callback *cb,
2148 struct nl80211_dump_wiphy_state *state)
2149 {
2150 struct nlattr **tb = genl_family_attrbuf(&nl80211_fam);
2151 int ret = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize, tb,
2152 nl80211_fam.maxattr, nl80211_policy, NULL);
2153 /* ignore parse errors for backward compatibility */
2154 if (ret)
2155 return 0;
2156
2157 state->split = tb[NL80211_ATTR_SPLIT_WIPHY_DUMP];
2158 if (tb[NL80211_ATTR_WIPHY])
2159 state->filter_wiphy = nla_get_u32(tb[NL80211_ATTR_WIPHY]);
2160 if (tb[NL80211_ATTR_WDEV])
2161 state->filter_wiphy = nla_get_u64(tb[NL80211_ATTR_WDEV]) >> 32;
2162 if (tb[NL80211_ATTR_IFINDEX]) {
2163 struct net_device *netdev;
2164 struct cfg80211_registered_device *rdev;
2165 int ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]);
2166
2167 netdev = __dev_get_by_index(sock_net(skb->sk), ifidx);
2168 if (!netdev)
2169 return -ENODEV;
2170 if (netdev->ieee80211_ptr) {
2171 rdev = wiphy_to_rdev(
2172 netdev->ieee80211_ptr->wiphy);
2173 state->filter_wiphy = rdev->wiphy_idx;
2174 }
2175 }
2176
2177 return 0;
2178 }
2179
2180 static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb)
2181 {
2182 int idx = 0, ret;
2183 struct nl80211_dump_wiphy_state *state = (void *)cb->args[0];
2184 struct cfg80211_registered_device *rdev;
2185
2186 rtnl_lock();
2187 if (!state) {
2188 state = kzalloc(sizeof(*state), GFP_KERNEL);
2189 if (!state) {
2190 rtnl_unlock();
2191 return -ENOMEM;
2192 }
2193 state->filter_wiphy = -1;
2194 ret = nl80211_dump_wiphy_parse(skb, cb, state);
2195 if (ret) {
2196 kfree(state);
2197 rtnl_unlock();
2198 return ret;
2199 }
2200 cb->args[0] = (long)state;
2201 }
2202
2203 list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
2204 if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
2205 continue;
2206 if (++idx <= state->start)
2207 continue;
2208 if (state->filter_wiphy != -1 &&
2209 state->filter_wiphy != rdev->wiphy_idx)
2210 continue;
2211 /* attempt to fit multiple wiphy data chunks into the skb */
2212 do {
2213 ret = nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY,
2214 skb,
2215 NETLINK_CB(cb->skb).portid,
2216 cb->nlh->nlmsg_seq,
2217 NLM_F_MULTI, state);
2218 if (ret < 0) {
2219 /*
2220 * If sending the wiphy data didn't fit (ENOBUFS
2221 * or EMSGSIZE returned), this SKB is still
2222 * empty (so it's not too big because another
2223 * wiphy dataset is already in the skb) and
2224 * we've not tried to adjust the dump allocation
2225 * yet ... then adjust the alloc size to be
2226 * bigger, and return 1 but with the empty skb.
2227 * This results in an empty message being RX'ed
2228 * in userspace, but that is ignored.
2229 *
2230 * We can then retry with the larger buffer.
2231 */
2232 if ((ret == -ENOBUFS || ret == -EMSGSIZE) &&
2233 !skb->len && !state->split &&
2234 cb->min_dump_alloc < 4096) {
2235 cb->min_dump_alloc = 4096;
2236 state->split_start = 0;
2237 rtnl_unlock();
2238 return 1;
2239 }
2240 idx--;
2241 break;
2242 }
2243 } while (state->split_start > 0);
2244 break;
2245 }
2246 rtnl_unlock();
2247
2248 state->start = idx;
2249
2250 return skb->len;
2251 }
2252
2253 static int nl80211_dump_wiphy_done(struct netlink_callback *cb)
2254 {
2255 kfree((void *)cb->args[0]);
2256 return 0;
2257 }
2258
2259 static int nl80211_get_wiphy(struct sk_buff *skb, struct genl_info *info)
2260 {
2261 struct sk_buff *msg;
2262 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2263 struct nl80211_dump_wiphy_state state = {};
2264
2265 msg = nlmsg_new(4096, GFP_KERNEL);
2266 if (!msg)
2267 return -ENOMEM;
2268
2269 if (nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY, msg,
2270 info->snd_portid, info->snd_seq, 0,
2271 &state) < 0) {
2272 nlmsg_free(msg);
2273 return -ENOBUFS;
2274 }
2275
2276 return genlmsg_reply(msg, info);
2277 }
2278
2279 static const struct nla_policy txq_params_policy[NL80211_TXQ_ATTR_MAX + 1] = {
2280 [NL80211_TXQ_ATTR_QUEUE] = { .type = NLA_U8 },
2281 [NL80211_TXQ_ATTR_TXOP] = { .type = NLA_U16 },
2282 [NL80211_TXQ_ATTR_CWMIN] = { .type = NLA_U16 },
2283 [NL80211_TXQ_ATTR_CWMAX] = { .type = NLA_U16 },
2284 [NL80211_TXQ_ATTR_AIFS] = { .type = NLA_U8 },
2285 };
2286
2287 static int parse_txq_params(struct nlattr *tb[],
2288 struct ieee80211_txq_params *txq_params)
2289 {
2290 u8 ac;
2291
2292 if (!tb[NL80211_TXQ_ATTR_AC] || !tb[NL80211_TXQ_ATTR_TXOP] ||
2293 !tb[NL80211_TXQ_ATTR_CWMIN] || !tb[NL80211_TXQ_ATTR_CWMAX] ||
2294 !tb[NL80211_TXQ_ATTR_AIFS])
2295 return -EINVAL;
2296
2297 ac = nla_get_u8(tb[NL80211_TXQ_ATTR_AC]);
2298 txq_params->txop = nla_get_u16(tb[NL80211_TXQ_ATTR_TXOP]);
2299 txq_params->cwmin = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMIN]);
2300 txq_params->cwmax = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMAX]);
2301 txq_params->aifs = nla_get_u8(tb[NL80211_TXQ_ATTR_AIFS]);
2302
2303 if (ac >= NL80211_NUM_ACS)
2304 return -EINVAL;
2305 txq_params->ac = array_index_nospec(ac, NL80211_NUM_ACS);
2306 return 0;
2307 }
2308
2309 static bool nl80211_can_set_dev_channel(struct wireless_dev *wdev)
2310 {
2311 /*
2312 * You can only set the channel explicitly for WDS interfaces,
2313 * all others have their channel managed via their respective
2314 * "establish a connection" command (connect, join, ...)
2315 *
2316 * For AP/GO and mesh mode, the channel can be set with the
2317 * channel userspace API, but is only stored and passed to the
2318 * low-level driver when the AP starts or the mesh is joined.
2319 * This is for backward compatibility, userspace can also give
2320 * the channel in the start-ap or join-mesh commands instead.
2321 *
2322 * Monitors are special as they are normally slaved to
2323 * whatever else is going on, so they have their own special
2324 * operation to set the monitor channel if possible.
2325 */
2326 return !wdev ||
2327 wdev->iftype == NL80211_IFTYPE_AP ||
2328 wdev->iftype == NL80211_IFTYPE_MESH_POINT ||
2329 wdev->iftype == NL80211_IFTYPE_MONITOR ||
2330 wdev->iftype == NL80211_IFTYPE_P2P_GO;
2331 }
2332
2333 static int nl80211_parse_chandef(struct cfg80211_registered_device *rdev,
2334 struct genl_info *info,
2335 struct cfg80211_chan_def *chandef)
2336 {
2337 u32 control_freq;
2338
2339 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
2340 return -EINVAL;
2341
2342 control_freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]);
2343
2344 memset(chandef, 0, sizeof(*chandef));
2345
2346 chandef->chan = ieee80211_get_channel(&rdev->wiphy, control_freq);
2347 chandef->width = NL80211_CHAN_WIDTH_20_NOHT;
2348 chandef->center_freq1 = control_freq;
2349 chandef->center_freq2 = 0;
2350
2351 /* Primary channel not allowed */
2352 if (!chandef->chan || chandef->chan->flags & IEEE80211_CHAN_DISABLED)
2353 return -EINVAL;
2354
2355 if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
2356 enum nl80211_channel_type chantype;
2357
2358 chantype = nla_get_u32(
2359 info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
2360
2361 switch (chantype) {
2362 case NL80211_CHAN_NO_HT:
2363 case NL80211_CHAN_HT20:
2364 case NL80211_CHAN_HT40PLUS:
2365 case NL80211_CHAN_HT40MINUS:
2366 cfg80211_chandef_create(chandef, chandef->chan,
2367 chantype);
2368 /* user input for center_freq is incorrect */
2369 if (info->attrs[NL80211_ATTR_CENTER_FREQ1] &&
2370 chandef->center_freq1 != nla_get_u32(
2371 info->attrs[NL80211_ATTR_CENTER_FREQ1]))
2372 return -EINVAL;
2373 /* center_freq2 must be zero */
2374 if (info->attrs[NL80211_ATTR_CENTER_FREQ2] &&
2375 nla_get_u32(info->attrs[NL80211_ATTR_CENTER_FREQ2]))
2376 return -EINVAL;
2377 break;
2378 default:
2379 return -EINVAL;
2380 }
2381 } else if (info->attrs[NL80211_ATTR_CHANNEL_WIDTH]) {
2382 chandef->width =
2383 nla_get_u32(info->attrs[NL80211_ATTR_CHANNEL_WIDTH]);
2384 if (info->attrs[NL80211_ATTR_CENTER_FREQ1])
2385 chandef->center_freq1 =
2386 nla_get_u32(
2387 info->attrs[NL80211_ATTR_CENTER_FREQ1]);
2388 if (info->attrs[NL80211_ATTR_CENTER_FREQ2])
2389 chandef->center_freq2 =
2390 nla_get_u32(
2391 info->attrs[NL80211_ATTR_CENTER_FREQ2]);
2392 }
2393
2394 if (!cfg80211_chandef_valid(chandef))
2395 return -EINVAL;
2396
2397 if (!cfg80211_chandef_usable(&rdev->wiphy, chandef,
2398 IEEE80211_CHAN_DISABLED))
2399 return -EINVAL;
2400
2401 if ((chandef->width == NL80211_CHAN_WIDTH_5 ||
2402 chandef->width == NL80211_CHAN_WIDTH_10) &&
2403 !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ))
2404 return -EINVAL;
2405
2406 return 0;
2407 }
2408
2409 static int __nl80211_set_channel(struct cfg80211_registered_device *rdev,
2410 struct net_device *dev,
2411 struct genl_info *info)
2412 {
2413 struct cfg80211_chan_def chandef;
2414 int result;
2415 enum nl80211_iftype iftype = NL80211_IFTYPE_MONITOR;
2416 struct wireless_dev *wdev = NULL;
2417
2418 if (dev)
2419 wdev = dev->ieee80211_ptr;
2420 if (!nl80211_can_set_dev_channel(wdev))
2421 return -EOPNOTSUPP;
2422 if (wdev)
2423 iftype = wdev->iftype;
2424
2425 result = nl80211_parse_chandef(rdev, info, &chandef);
2426 if (result)
2427 return result;
2428
2429 switch (iftype) {
2430 case NL80211_IFTYPE_AP:
2431 case NL80211_IFTYPE_P2P_GO:
2432 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &chandef,
2433 iftype)) {
2434 result = -EINVAL;
2435 break;
2436 }
2437 if (wdev->beacon_interval) {
2438 if (!dev || !rdev->ops->set_ap_chanwidth ||
2439 !(rdev->wiphy.features &
2440 NL80211_FEATURE_AP_MODE_CHAN_WIDTH_CHANGE)) {
2441 result = -EBUSY;
2442 break;
2443 }
2444
2445 /* Only allow dynamic channel width changes */
2446 if (chandef.chan != wdev->preset_chandef.chan) {
2447 result = -EBUSY;
2448 break;
2449 }
2450 result = rdev_set_ap_chanwidth(rdev, dev, &chandef);
2451 if (result)
2452 break;
2453 }
2454 wdev->preset_chandef = chandef;
2455 result = 0;
2456 break;
2457 case NL80211_IFTYPE_MESH_POINT:
2458 result = cfg80211_set_mesh_channel(rdev, wdev, &chandef);
2459 break;
2460 case NL80211_IFTYPE_MONITOR:
2461 result = cfg80211_set_monitor_channel(rdev, &chandef);
2462 break;
2463 default:
2464 result = -EINVAL;
2465 }
2466
2467 return result;
2468 }
2469
2470 static int nl80211_set_channel(struct sk_buff *skb, struct genl_info *info)
2471 {
2472 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2473 struct net_device *netdev = info->user_ptr[1];
2474
2475 return __nl80211_set_channel(rdev, netdev, info);
2476 }
2477
2478 static int nl80211_set_wds_peer(struct sk_buff *skb, struct genl_info *info)
2479 {
2480 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2481 struct net_device *dev = info->user_ptr[1];
2482 struct wireless_dev *wdev = dev->ieee80211_ptr;
2483 const u8 *bssid;
2484
2485 if (!info->attrs[NL80211_ATTR_MAC])
2486 return -EINVAL;
2487
2488 if (netif_running(dev))
2489 return -EBUSY;
2490
2491 if (!rdev->ops->set_wds_peer)
2492 return -EOPNOTSUPP;
2493
2494 if (wdev->iftype != NL80211_IFTYPE_WDS)
2495 return -EOPNOTSUPP;
2496
2497 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
2498 return rdev_set_wds_peer(rdev, dev, bssid);
2499 }
2500
2501 static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info)
2502 {
2503 struct cfg80211_registered_device *rdev;
2504 struct net_device *netdev = NULL;
2505 struct wireless_dev *wdev;
2506 int result = 0, rem_txq_params = 0;
2507 struct nlattr *nl_txq_params;
2508 u32 changed;
2509 u8 retry_short = 0, retry_long = 0;
2510 u32 frag_threshold = 0, rts_threshold = 0;
2511 u8 coverage_class = 0;
2512 u32 txq_limit = 0, txq_memory_limit = 0, txq_quantum = 0;
2513
2514 ASSERT_RTNL();
2515
2516 /*
2517 * Try to find the wiphy and netdev. Normally this
2518 * function shouldn't need the netdev, but this is
2519 * done for backward compatibility -- previously
2520 * setting the channel was done per wiphy, but now
2521 * it is per netdev. Previous userland like hostapd
2522 * also passed a netdev to set_wiphy, so that it is
2523 * possible to let that go to the right netdev!
2524 */
2525
2526 if (info->attrs[NL80211_ATTR_IFINDEX]) {
2527 int ifindex = nla_get_u32(info->attrs[NL80211_ATTR_IFINDEX]);
2528
2529 netdev = __dev_get_by_index(genl_info_net(info), ifindex);
2530 if (netdev && netdev->ieee80211_ptr)
2531 rdev = wiphy_to_rdev(netdev->ieee80211_ptr->wiphy);
2532 else
2533 netdev = NULL;
2534 }
2535
2536 if (!netdev) {
2537 rdev = __cfg80211_rdev_from_attrs(genl_info_net(info),
2538 info->attrs);
2539 if (IS_ERR(rdev))
2540 return PTR_ERR(rdev);
2541 wdev = NULL;
2542 netdev = NULL;
2543 result = 0;
2544 } else
2545 wdev = netdev->ieee80211_ptr;
2546
2547 /*
2548 * end workaround code, by now the rdev is available
2549 * and locked, and wdev may or may not be NULL.
2550 */
2551
2552 if (info->attrs[NL80211_ATTR_WIPHY_NAME])
2553 result = cfg80211_dev_rename(
2554 rdev, nla_data(info->attrs[NL80211_ATTR_WIPHY_NAME]));
2555
2556 if (result)
2557 return result;
2558
2559 if (info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS]) {
2560 struct ieee80211_txq_params txq_params;
2561 struct nlattr *tb[NL80211_TXQ_ATTR_MAX + 1];
2562
2563 if (!rdev->ops->set_txq_params)
2564 return -EOPNOTSUPP;
2565
2566 if (!netdev)
2567 return -EINVAL;
2568
2569 if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
2570 netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
2571 return -EINVAL;
2572
2573 if (!netif_running(netdev))
2574 return -ENETDOWN;
2575
2576 nla_for_each_nested(nl_txq_params,
2577 info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS],
2578 rem_txq_params) {
2579 result = nla_parse_nested(tb, NL80211_TXQ_ATTR_MAX,
2580 nl_txq_params,
2581 txq_params_policy,
2582 info->extack);
2583 if (result)
2584 return result;
2585 result = parse_txq_params(tb, &txq_params);
2586 if (result)
2587 return result;
2588
2589 result = rdev_set_txq_params(rdev, netdev,
2590 &txq_params);
2591 if (result)
2592 return result;
2593 }
2594 }
2595
2596 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
2597 result = __nl80211_set_channel(
2598 rdev,
2599 nl80211_can_set_dev_channel(wdev) ? netdev : NULL,
2600 info);
2601 if (result)
2602 return result;
2603 }
2604
2605 if (info->attrs[NL80211_ATTR_WIPHY_TX_POWER_SETTING]) {
2606 struct wireless_dev *txp_wdev = wdev;
2607 enum nl80211_tx_power_setting type;
2608 int idx, mbm = 0;
2609
2610 if (!(rdev->wiphy.features & NL80211_FEATURE_VIF_TXPOWER))
2611 txp_wdev = NULL;
2612
2613 if (!rdev->ops->set_tx_power)
2614 return -EOPNOTSUPP;
2615
2616 idx = NL80211_ATTR_WIPHY_TX_POWER_SETTING;
2617 type = nla_get_u32(info->attrs[idx]);
2618
2619 if (!info->attrs[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] &&
2620 (type != NL80211_TX_POWER_AUTOMATIC))
2621 return -EINVAL;
2622
2623 if (type != NL80211_TX_POWER_AUTOMATIC) {
2624 idx = NL80211_ATTR_WIPHY_TX_POWER_LEVEL;
2625 mbm = nla_get_u32(info->attrs[idx]);
2626 }
2627
2628 result = rdev_set_tx_power(rdev, txp_wdev, type, mbm);
2629 if (result)
2630 return result;
2631 }
2632
2633 if (info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX] &&
2634 info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]) {
2635 u32 tx_ant, rx_ant;
2636
2637 if ((!rdev->wiphy.available_antennas_tx &&
2638 !rdev->wiphy.available_antennas_rx) ||
2639 !rdev->ops->set_antenna)
2640 return -EOPNOTSUPP;
2641
2642 tx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX]);
2643 rx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]);
2644
2645 /* reject antenna configurations which don't match the
2646 * available antenna masks, except for the "all" mask */
2647 if ((~tx_ant && (tx_ant & ~rdev->wiphy.available_antennas_tx)) ||
2648 (~rx_ant && (rx_ant & ~rdev->wiphy.available_antennas_rx)))
2649 return -EINVAL;
2650
2651 tx_ant = tx_ant & rdev->wiphy.available_antennas_tx;
2652 rx_ant = rx_ant & rdev->wiphy.available_antennas_rx;
2653
2654 result = rdev_set_antenna(rdev, tx_ant, rx_ant);
2655 if (result)
2656 return result;
2657 }
2658
2659 changed = 0;
2660
2661 if (info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]) {
2662 retry_short = nla_get_u8(
2663 info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]);
2664 if (retry_short == 0)
2665 return -EINVAL;
2666
2667 changed |= WIPHY_PARAM_RETRY_SHORT;
2668 }
2669
2670 if (info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]) {
2671 retry_long = nla_get_u8(
2672 info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]);
2673 if (retry_long == 0)
2674 return -EINVAL;
2675
2676 changed |= WIPHY_PARAM_RETRY_LONG;
2677 }
2678
2679 if (info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]) {
2680 frag_threshold = nla_get_u32(
2681 info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]);
2682 if (frag_threshold < 256)
2683 return -EINVAL;
2684
2685 if (frag_threshold != (u32) -1) {
2686 /*
2687 * Fragments (apart from the last one) are required to
2688 * have even length. Make the fragmentation code
2689 * simpler by stripping LSB should someone try to use
2690 * odd threshold value.
2691 */
2692 frag_threshold &= ~0x1;
2693 }
2694 changed |= WIPHY_PARAM_FRAG_THRESHOLD;
2695 }
2696
2697 if (info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]) {
2698 rts_threshold = nla_get_u32(
2699 info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]);
2700 changed |= WIPHY_PARAM_RTS_THRESHOLD;
2701 }
2702
2703 if (info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]) {
2704 if (info->attrs[NL80211_ATTR_WIPHY_DYN_ACK])
2705 return -EINVAL;
2706
2707 coverage_class = nla_get_u8(
2708 info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]);
2709 changed |= WIPHY_PARAM_COVERAGE_CLASS;
2710 }
2711
2712 if (info->attrs[NL80211_ATTR_WIPHY_DYN_ACK]) {
2713 if (!(rdev->wiphy.features & NL80211_FEATURE_ACKTO_ESTIMATION))
2714 return -EOPNOTSUPP;
2715
2716 changed |= WIPHY_PARAM_DYN_ACK;
2717 }
2718
2719 if (info->attrs[NL80211_ATTR_TXQ_LIMIT]) {
2720 if (!wiphy_ext_feature_isset(&rdev->wiphy,
2721 NL80211_EXT_FEATURE_TXQS))
2722 return -EOPNOTSUPP;
2723 txq_limit = nla_get_u32(
2724 info->attrs[NL80211_ATTR_TXQ_LIMIT]);
2725 changed |= WIPHY_PARAM_TXQ_LIMIT;
2726 }
2727
2728 if (info->attrs[NL80211_ATTR_TXQ_MEMORY_LIMIT]) {
2729 if (!wiphy_ext_feature_isset(&rdev->wiphy,
2730 NL80211_EXT_FEATURE_TXQS))
2731 return -EOPNOTSUPP;
2732 txq_memory_limit = nla_get_u32(
2733 info->attrs[NL80211_ATTR_TXQ_MEMORY_LIMIT]);
2734 changed |= WIPHY_PARAM_TXQ_MEMORY_LIMIT;
2735 }
2736
2737 if (info->attrs[NL80211_ATTR_TXQ_QUANTUM]) {
2738 if (!wiphy_ext_feature_isset(&rdev->wiphy,
2739 NL80211_EXT_FEATURE_TXQS))
2740 return -EOPNOTSUPP;
2741 txq_quantum = nla_get_u32(
2742 info->attrs[NL80211_ATTR_TXQ_QUANTUM]);
2743 changed |= WIPHY_PARAM_TXQ_QUANTUM;
2744 }
2745
2746 if (changed) {
2747 u8 old_retry_short, old_retry_long;
2748 u32 old_frag_threshold, old_rts_threshold;
2749 u8 old_coverage_class;
2750 u32 old_txq_limit, old_txq_memory_limit, old_txq_quantum;
2751
2752 if (!rdev->ops->set_wiphy_params)
2753 return -EOPNOTSUPP;
2754
2755 old_retry_short = rdev->wiphy.retry_short;
2756 old_retry_long = rdev->wiphy.retry_long;
2757 old_frag_threshold = rdev->wiphy.frag_threshold;
2758 old_rts_threshold = rdev->wiphy.rts_threshold;
2759 old_coverage_class = rdev->wiphy.coverage_class;
2760 old_txq_limit = rdev->wiphy.txq_limit;
2761 old_txq_memory_limit = rdev->wiphy.txq_memory_limit;
2762 old_txq_quantum = rdev->wiphy.txq_quantum;
2763
2764 if (changed & WIPHY_PARAM_RETRY_SHORT)
2765 rdev->wiphy.retry_short = retry_short;
2766 if (changed & WIPHY_PARAM_RETRY_LONG)
2767 rdev->wiphy.retry_long = retry_long;
2768 if (changed & WIPHY_PARAM_FRAG_THRESHOLD)
2769 rdev->wiphy.frag_threshold = frag_threshold;
2770 if (changed & WIPHY_PARAM_RTS_THRESHOLD)
2771 rdev->wiphy.rts_threshold = rts_threshold;
2772 if (changed & WIPHY_PARAM_COVERAGE_CLASS)
2773 rdev->wiphy.coverage_class = coverage_class;
2774 if (changed & WIPHY_PARAM_TXQ_LIMIT)
2775 rdev->wiphy.txq_limit = txq_limit;
2776 if (changed & WIPHY_PARAM_TXQ_MEMORY_LIMIT)
2777 rdev->wiphy.txq_memory_limit = txq_memory_limit;
2778 if (changed & WIPHY_PARAM_TXQ_QUANTUM)
2779 rdev->wiphy.txq_quantum = txq_quantum;
2780
2781 result = rdev_set_wiphy_params(rdev, changed);
2782 if (result) {
2783 rdev->wiphy.retry_short = old_retry_short;
2784 rdev->wiphy.retry_long = old_retry_long;
2785 rdev->wiphy.frag_threshold = old_frag_threshold;
2786 rdev->wiphy.rts_threshold = old_rts_threshold;
2787 rdev->wiphy.coverage_class = old_coverage_class;
2788 rdev->wiphy.txq_limit = old_txq_limit;
2789 rdev->wiphy.txq_memory_limit = old_txq_memory_limit;
2790 rdev->wiphy.txq_quantum = old_txq_quantum;
2791 return result;
2792 }
2793 }
2794 return 0;
2795 }
2796
2797 static inline u64 wdev_id(struct wireless_dev *wdev)
2798 {
2799 return (u64)wdev->identifier |
2800 ((u64)wiphy_to_rdev(wdev->wiphy)->wiphy_idx << 32);
2801 }
2802
2803 static int nl80211_send_chandef(struct sk_buff *msg,
2804 const struct cfg80211_chan_def *chandef)
2805 {
2806 if (WARN_ON(!cfg80211_chandef_valid(chandef)))
2807 return -EINVAL;
2808
2809 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ,
2810 chandef->chan->center_freq))
2811 return -ENOBUFS;
2812 switch (chandef->width) {
2813 case NL80211_CHAN_WIDTH_20_NOHT:
2814 case NL80211_CHAN_WIDTH_20:
2815 case NL80211_CHAN_WIDTH_40:
2816 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
2817 cfg80211_get_chandef_type(chandef)))
2818 return -ENOBUFS;
2819 break;
2820 default:
2821 break;
2822 }
2823 if (nla_put_u32(msg, NL80211_ATTR_CHANNEL_WIDTH, chandef->width))
2824 return -ENOBUFS;
2825 if (nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ1, chandef->center_freq1))
2826 return -ENOBUFS;
2827 if (chandef->center_freq2 &&
2828 nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ2, chandef->center_freq2))
2829 return -ENOBUFS;
2830 return 0;
2831 }
2832
2833 static int nl80211_send_iface(struct sk_buff *msg, u32 portid, u32 seq, int flags,
2834 struct cfg80211_registered_device *rdev,
2835 struct wireless_dev *wdev, bool removal)
2836 {
2837 struct net_device *dev = wdev->netdev;
2838 u8 cmd = NL80211_CMD_NEW_INTERFACE;
2839 void *hdr;
2840
2841 if (removal)
2842 cmd = NL80211_CMD_DEL_INTERFACE;
2843
2844 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
2845 if (!hdr)
2846 return -1;
2847
2848 if (dev &&
2849 (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
2850 nla_put_string(msg, NL80211_ATTR_IFNAME, dev->name)))
2851 goto nla_put_failure;
2852
2853 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
2854 nla_put_u32(msg, NL80211_ATTR_IFTYPE, wdev->iftype) ||
2855 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
2856 NL80211_ATTR_PAD) ||
2857 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, wdev_address(wdev)) ||
2858 nla_put_u32(msg, NL80211_ATTR_GENERATION,
2859 rdev->devlist_generation ^
2860 (cfg80211_rdev_list_generation << 2)) ||
2861 nla_put_u8(msg, NL80211_ATTR_4ADDR, wdev->use_4addr))
2862 goto nla_put_failure;
2863
2864 if (rdev->ops->get_channel) {
2865 int ret;
2866 struct cfg80211_chan_def chandef = {};
2867
2868 ret = rdev_get_channel(rdev, wdev, &chandef);
2869 if (ret == 0) {
2870 if (nl80211_send_chandef(msg, &chandef))
2871 goto nla_put_failure;
2872 }
2873 }
2874
2875 if (rdev->ops->get_tx_power) {
2876 int dbm, ret;
2877
2878 ret = rdev_get_tx_power(rdev, wdev, &dbm);
2879 if (ret == 0 &&
2880 nla_put_u32(msg, NL80211_ATTR_WIPHY_TX_POWER_LEVEL,
2881 DBM_TO_MBM(dbm)))
2882 goto nla_put_failure;
2883 }
2884
2885 wdev_lock(wdev);
2886 switch (wdev->iftype) {
2887 case NL80211_IFTYPE_AP:
2888 if (wdev->ssid_len &&
2889 nla_put(msg, NL80211_ATTR_SSID, wdev->ssid_len, wdev->ssid))
2890 goto nla_put_failure_locked;
2891 break;
2892 case NL80211_IFTYPE_STATION:
2893 case NL80211_IFTYPE_P2P_CLIENT:
2894 case NL80211_IFTYPE_ADHOC: {
2895 const u8 *ssid_ie;
2896 if (!wdev->current_bss)
2897 break;
2898 rcu_read_lock();
2899 ssid_ie = ieee80211_bss_get_ie(&wdev->current_bss->pub,
2900 WLAN_EID_SSID);
2901 if (ssid_ie &&
2902 nla_put(msg, NL80211_ATTR_SSID, ssid_ie[1], ssid_ie + 2))
2903 goto nla_put_failure_rcu_locked;
2904 rcu_read_unlock();
2905 break;
2906 }
2907 default:
2908 /* nothing */
2909 break;
2910 }
2911 wdev_unlock(wdev);
2912
2913 if (rdev->ops->get_txq_stats) {
2914 struct cfg80211_txq_stats txqstats = {};
2915 int ret = rdev_get_txq_stats(rdev, wdev, &txqstats);
2916
2917 if (ret == 0 &&
2918 !nl80211_put_txq_stats(msg, &txqstats,
2919 NL80211_ATTR_TXQ_STATS))
2920 goto nla_put_failure;
2921 }
2922
2923 genlmsg_end(msg, hdr);
2924 return 0;
2925
2926 nla_put_failure_rcu_locked:
2927 rcu_read_unlock();
2928 nla_put_failure_locked:
2929 wdev_unlock(wdev);
2930 nla_put_failure:
2931 genlmsg_cancel(msg, hdr);
2932 return -EMSGSIZE;
2933 }
2934
2935 static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *cb)
2936 {
2937 int wp_idx = 0;
2938 int if_idx = 0;
2939 int wp_start = cb->args[0];
2940 int if_start = cb->args[1];
2941 int filter_wiphy = -1;
2942 struct cfg80211_registered_device *rdev;
2943 struct wireless_dev *wdev;
2944 int ret;
2945
2946 rtnl_lock();
2947 if (!cb->args[2]) {
2948 struct nl80211_dump_wiphy_state state = {
2949 .filter_wiphy = -1,
2950 };
2951
2952 ret = nl80211_dump_wiphy_parse(skb, cb, &state);
2953 if (ret)
2954 goto out_unlock;
2955
2956 filter_wiphy = state.filter_wiphy;
2957
2958 /*
2959 * if filtering, set cb->args[2] to +1 since 0 is the default
2960 * value needed to determine that parsing is necessary.
2961 */
2962 if (filter_wiphy >= 0)
2963 cb->args[2] = filter_wiphy + 1;
2964 else
2965 cb->args[2] = -1;
2966 } else if (cb->args[2] > 0) {
2967 filter_wiphy = cb->args[2] - 1;
2968 }
2969
2970 list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
2971 if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
2972 continue;
2973 if (wp_idx < wp_start) {
2974 wp_idx++;
2975 continue;
2976 }
2977
2978 if (filter_wiphy >= 0 && filter_wiphy != rdev->wiphy_idx)
2979 continue;
2980
2981 if_idx = 0;
2982
2983 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
2984 if (if_idx < if_start) {
2985 if_idx++;
2986 continue;
2987 }
2988 if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).portid,
2989 cb->nlh->nlmsg_seq, NLM_F_MULTI,
2990 rdev, wdev, false) < 0) {
2991 goto out;
2992 }
2993 if_idx++;
2994 }
2995
2996 wp_idx++;
2997 }
2998 out:
2999 cb->args[0] = wp_idx;
3000 cb->args[1] = if_idx;
3001
3002 ret = skb->len;
3003 out_unlock:
3004 rtnl_unlock();
3005
3006 return ret;
3007 }
3008
3009 static int nl80211_get_interface(struct sk_buff *skb, struct genl_info *info)
3010 {
3011 struct sk_buff *msg;
3012 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3013 struct wireless_dev *wdev = info->user_ptr[1];
3014
3015 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3016 if (!msg)
3017 return -ENOMEM;
3018
3019 if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
3020 rdev, wdev, false) < 0) {
3021 nlmsg_free(msg);
3022 return -ENOBUFS;
3023 }
3024
3025 return genlmsg_reply(msg, info);
3026 }
3027
3028 static const struct nla_policy mntr_flags_policy[NL80211_MNTR_FLAG_MAX + 1] = {
3029 [NL80211_MNTR_FLAG_FCSFAIL] = { .type = NLA_FLAG },
3030 [NL80211_MNTR_FLAG_PLCPFAIL] = { .type = NLA_FLAG },
3031 [NL80211_MNTR_FLAG_CONTROL] = { .type = NLA_FLAG },
3032 [NL80211_MNTR_FLAG_OTHER_BSS] = { .type = NLA_FLAG },
3033 [NL80211_MNTR_FLAG_COOK_FRAMES] = { .type = NLA_FLAG },
3034 [NL80211_MNTR_FLAG_ACTIVE] = { .type = NLA_FLAG },
3035 };
3036
3037 static int parse_monitor_flags(struct nlattr *nla, u32 *mntrflags)
3038 {
3039 struct nlattr *flags[NL80211_MNTR_FLAG_MAX + 1];
3040 int flag;
3041
3042 *mntrflags = 0;
3043
3044 if (!nla)
3045 return -EINVAL;
3046
3047 if (nla_parse_nested(flags, NL80211_MNTR_FLAG_MAX, nla,
3048 mntr_flags_policy, NULL))
3049 return -EINVAL;
3050
3051 for (flag = 1; flag <= NL80211_MNTR_FLAG_MAX; flag++)
3052 if (flags[flag])
3053 *mntrflags |= (1<<flag);
3054
3055 *mntrflags |= MONITOR_FLAG_CHANGED;
3056
3057 return 0;
3058 }
3059
3060 static int nl80211_parse_mon_options(struct cfg80211_registered_device *rdev,
3061 enum nl80211_iftype type,
3062 struct genl_info *info,
3063 struct vif_params *params)
3064 {
3065 bool change = false;
3066 int err;
3067
3068 if (info->attrs[NL80211_ATTR_MNTR_FLAGS]) {
3069 if (type != NL80211_IFTYPE_MONITOR)
3070 return -EINVAL;
3071
3072 err = parse_monitor_flags(info->attrs[NL80211_ATTR_MNTR_FLAGS],
3073 &params->flags);
3074 if (err)
3075 return err;
3076
3077 change = true;
3078 }
3079
3080 if (params->flags & MONITOR_FLAG_ACTIVE &&
3081 !(rdev->wiphy.features & NL80211_FEATURE_ACTIVE_MONITOR))
3082 return -EOPNOTSUPP;
3083
3084 if (info->attrs[NL80211_ATTR_MU_MIMO_GROUP_DATA]) {
3085 const u8 *mumimo_groups;
3086 u32 cap_flag = NL80211_EXT_FEATURE_MU_MIMO_AIR_SNIFFER;
3087
3088 if (type != NL80211_IFTYPE_MONITOR)
3089 return -EINVAL;
3090
3091 if (!wiphy_ext_feature_isset(&rdev->wiphy, cap_flag))
3092 return -EOPNOTSUPP;
3093
3094 mumimo_groups =
3095 nla_data(info->attrs[NL80211_ATTR_MU_MIMO_GROUP_DATA]);
3096
3097 /* bits 0 and 63 are reserved and must be zero */
3098 if ((mumimo_groups[0] & BIT(0)) ||
3099 (mumimo_groups[VHT_MUMIMO_GROUPS_DATA_LEN - 1] & BIT(7)))
3100 return -EINVAL;
3101
3102 params->vht_mumimo_groups = mumimo_groups;
3103 change = true;
3104 }
3105
3106 if (info->attrs[NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR]) {
3107 u32 cap_flag = NL80211_EXT_FEATURE_MU_MIMO_AIR_SNIFFER;
3108
3109 if (type != NL80211_IFTYPE_MONITOR)
3110 return -EINVAL;
3111
3112 if (!wiphy_ext_feature_isset(&rdev->wiphy, cap_flag))
3113 return -EOPNOTSUPP;
3114
3115 params->vht_mumimo_follow_addr =
3116 nla_data(info->attrs[NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR]);
3117 change = true;
3118 }
3119
3120 return change ? 1 : 0;
3121 }
3122
3123 static int nl80211_valid_4addr(struct cfg80211_registered_device *rdev,
3124 struct net_device *netdev, u8 use_4addr,
3125 enum nl80211_iftype iftype)
3126 {
3127 if (!use_4addr) {
3128 if (netdev && (netdev->priv_flags & IFF_BRIDGE_PORT))
3129 return -EBUSY;
3130 return 0;
3131 }
3132
3133 switch (iftype) {
3134 case NL80211_IFTYPE_AP_VLAN:
3135 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_AP)
3136 return 0;
3137 break;
3138 case NL80211_IFTYPE_STATION:
3139 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_STATION)
3140 return 0;
3141 break;
3142 default:
3143 break;
3144 }
3145
3146 return -EOPNOTSUPP;
3147 }
3148
3149 static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info)
3150 {
3151 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3152 struct vif_params params;
3153 int err;
3154 enum nl80211_iftype otype, ntype;
3155 struct net_device *dev = info->user_ptr[1];
3156 bool change = false;
3157
3158 memset(&params, 0, sizeof(params));
3159
3160 otype = ntype = dev->ieee80211_ptr->iftype;
3161
3162 if (info->attrs[NL80211_ATTR_IFTYPE]) {
3163 ntype = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
3164 if (otype != ntype)
3165 change = true;
3166 if (ntype > NL80211_IFTYPE_MAX)
3167 return -EINVAL;
3168 }
3169
3170 if (info->attrs[NL80211_ATTR_MESH_ID]) {
3171 struct wireless_dev *wdev = dev->ieee80211_ptr;
3172
3173 if (ntype != NL80211_IFTYPE_MESH_POINT)
3174 return -EINVAL;
3175 if (netif_running(dev))
3176 return -EBUSY;
3177
3178 wdev_lock(wdev);
3179 BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
3180 IEEE80211_MAX_MESH_ID_LEN);
3181 wdev->mesh_id_up_len =
3182 nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
3183 memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
3184 wdev->mesh_id_up_len);
3185 wdev_unlock(wdev);
3186 }
3187
3188 if (info->attrs[NL80211_ATTR_4ADDR]) {
3189 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
3190 change = true;
3191 err = nl80211_valid_4addr(rdev, dev, params.use_4addr, ntype);
3192 if (err)
3193 return err;
3194 } else {
3195 params.use_4addr = -1;
3196 }
3197
3198 err = nl80211_parse_mon_options(rdev, ntype, info, &params);
3199 if (err < 0)
3200 return err;
3201 if (err > 0)
3202 change = true;
3203
3204 if (change)
3205 err = cfg80211_change_iface(rdev, dev, ntype, &params);
3206 else
3207 err = 0;
3208
3209 if (!err && params.use_4addr != -1)
3210 dev->ieee80211_ptr->use_4addr = params.use_4addr;
3211
3212 return err;
3213 }
3214
3215 static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info)
3216 {
3217 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3218 struct vif_params params;
3219 struct wireless_dev *wdev;
3220 struct sk_buff *msg;
3221 int err;
3222 enum nl80211_iftype type = NL80211_IFTYPE_UNSPECIFIED;
3223
3224 /* to avoid failing a new interface creation due to pending removal */
3225 cfg80211_destroy_ifaces(rdev);
3226
3227 memset(&params, 0, sizeof(params));
3228
3229 if (!info->attrs[NL80211_ATTR_IFNAME])
3230 return -EINVAL;
3231
3232 if (info->attrs[NL80211_ATTR_IFTYPE]) {
3233 type = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
3234 if (type > NL80211_IFTYPE_MAX)
3235 return -EINVAL;
3236 }
3237
3238 if (!rdev->ops->add_virtual_intf)
3239 return -EOPNOTSUPP;
3240
3241 if ((type == NL80211_IFTYPE_P2P_DEVICE || type == NL80211_IFTYPE_NAN ||
3242 rdev->wiphy.features & NL80211_FEATURE_MAC_ON_CREATE) &&
3243 info->attrs[NL80211_ATTR_MAC]) {
3244 nla_memcpy(params.macaddr, info->attrs[NL80211_ATTR_MAC],
3245 ETH_ALEN);
3246 if (!is_valid_ether_addr(params.macaddr))
3247 return -EADDRNOTAVAIL;
3248 }
3249
3250 if (info->attrs[NL80211_ATTR_4ADDR]) {
3251 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
3252 err = nl80211_valid_4addr(rdev, NULL, params.use_4addr, type);
3253 if (err)
3254 return err;
3255 }
3256
3257 if (!cfg80211_iftype_allowed(&rdev->wiphy, type, params.use_4addr, 0))
3258 return -EOPNOTSUPP;
3259
3260 err = nl80211_parse_mon_options(rdev, type, info, &params);
3261 if (err < 0)
3262 return err;
3263
3264 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3265 if (!msg)
3266 return -ENOMEM;
3267
3268 wdev = rdev_add_virtual_intf(rdev,
3269 nla_data(info->attrs[NL80211_ATTR_IFNAME]),
3270 NET_NAME_USER, type, &params);
3271 if (WARN_ON(!wdev)) {
3272 nlmsg_free(msg);
3273 return -EPROTO;
3274 } else if (IS_ERR(wdev)) {
3275 nlmsg_free(msg);
3276 return PTR_ERR(wdev);
3277 }
3278
3279 if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
3280 wdev->owner_nlportid = info->snd_portid;
3281
3282 switch (type) {
3283 case NL80211_IFTYPE_MESH_POINT:
3284 if (!info->attrs[NL80211_ATTR_MESH_ID])
3285 break;
3286 wdev_lock(wdev);
3287 BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
3288 IEEE80211_MAX_MESH_ID_LEN);
3289 wdev->mesh_id_up_len =
3290 nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
3291 memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
3292 wdev->mesh_id_up_len);
3293 wdev_unlock(wdev);
3294 break;
3295 case NL80211_IFTYPE_NAN:
3296 case NL80211_IFTYPE_P2P_DEVICE:
3297 /*
3298 * P2P Device and NAN do not have a netdev, so don't go
3299 * through the netdev notifier and must be added here
3300 */
3301 mutex_init(&wdev->mtx);
3302 INIT_LIST_HEAD(&wdev->event_list);
3303 spin_lock_init(&wdev->event_lock);
3304 INIT_LIST_HEAD(&wdev->mgmt_registrations);
3305 spin_lock_init(&wdev->mgmt_registrations_lock);
3306
3307 wdev->identifier = ++rdev->wdev_id;
3308 list_add_rcu(&wdev->list, &rdev->wiphy.wdev_list);
3309 rdev->devlist_generation++;
3310 break;
3311 default:
3312 break;
3313 }
3314
3315 if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
3316 rdev, wdev, false) < 0) {
3317 nlmsg_free(msg);
3318 return -ENOBUFS;
3319 }
3320
3321 /*
3322 * For wdevs which have no associated netdev object (e.g. of type
3323 * NL80211_IFTYPE_P2P_DEVICE), emit the NEW_INTERFACE event here.
3324 * For all other types, the event will be generated from the
3325 * netdev notifier
3326 */
3327 if (!wdev->netdev)
3328 nl80211_notify_iface(rdev, wdev, NL80211_CMD_NEW_INTERFACE);
3329
3330 return genlmsg_reply(msg, info);
3331 }
3332
3333 static int nl80211_del_interface(struct sk_buff *skb, struct genl_info *info)
3334 {
3335 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3336 struct wireless_dev *wdev = info->user_ptr[1];
3337
3338 if (!rdev->ops->del_virtual_intf)
3339 return -EOPNOTSUPP;
3340
3341 /*
3342 * If we remove a wireless device without a netdev then clear
3343 * user_ptr[1] so that nl80211_post_doit won't dereference it
3344 * to check if it needs to do dev_put(). Otherwise it crashes
3345 * since the wdev has been freed, unlike with a netdev where
3346 * we need the dev_put() for the netdev to really be freed.
3347 */
3348 if (!wdev->netdev)
3349 info->user_ptr[1] = NULL;
3350
3351 return rdev_del_virtual_intf(rdev, wdev);
3352 }
3353
3354 static int nl80211_set_noack_map(struct sk_buff *skb, struct genl_info *info)
3355 {
3356 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3357 struct net_device *dev = info->user_ptr[1];
3358 u16 noack_map;
3359
3360 if (!info->attrs[NL80211_ATTR_NOACK_MAP])
3361 return -EINVAL;
3362
3363 if (!rdev->ops->set_noack_map)
3364 return -EOPNOTSUPP;
3365
3366 noack_map = nla_get_u16(info->attrs[NL80211_ATTR_NOACK_MAP]);
3367
3368 return rdev_set_noack_map(rdev, dev, noack_map);
3369 }
3370
3371 struct get_key_cookie {
3372 struct sk_buff *msg;
3373 int error;
3374 int idx;
3375 };
3376
3377 static void get_key_callback(void *c, struct key_params *params)
3378 {
3379 struct nlattr *key;
3380 struct get_key_cookie *cookie = c;
3381
3382 if ((params->key &&
3383 nla_put(cookie->msg, NL80211_ATTR_KEY_DATA,
3384 params->key_len, params->key)) ||
3385 (params->seq &&
3386 nla_put(cookie->msg, NL80211_ATTR_KEY_SEQ,
3387 params->seq_len, params->seq)) ||
3388 (params->cipher &&
3389 nla_put_u32(cookie->msg, NL80211_ATTR_KEY_CIPHER,
3390 params->cipher)))
3391 goto nla_put_failure;
3392
3393 key = nla_nest_start(cookie->msg, NL80211_ATTR_KEY);
3394 if (!key)
3395 goto nla_put_failure;
3396
3397 if ((params->key &&
3398 nla_put(cookie->msg, NL80211_KEY_DATA,
3399 params->key_len, params->key)) ||
3400 (params->seq &&
3401 nla_put(cookie->msg, NL80211_KEY_SEQ,
3402 params->seq_len, params->seq)) ||
3403 (params->cipher &&
3404 nla_put_u32(cookie->msg, NL80211_KEY_CIPHER,
3405 params->cipher)))
3406 goto nla_put_failure;
3407
3408 if (nla_put_u8(cookie->msg, NL80211_KEY_IDX, cookie->idx))
3409 goto nla_put_failure;
3410
3411 nla_nest_end(cookie->msg, key);
3412
3413 return;
3414 nla_put_failure:
3415 cookie->error = 1;
3416 }
3417
3418 static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info)
3419 {
3420 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3421 int err;
3422 struct net_device *dev = info->user_ptr[1];
3423 u8 key_idx = 0;
3424 const u8 *mac_addr = NULL;
3425 bool pairwise;
3426 struct get_key_cookie cookie = {
3427 .error = 0,
3428 };
3429 void *hdr;
3430 struct sk_buff *msg;
3431
3432 if (info->attrs[NL80211_ATTR_KEY_IDX])
3433 key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
3434
3435 if (key_idx > 5)
3436 return -EINVAL;
3437
3438 if (info->attrs[NL80211_ATTR_MAC])
3439 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3440
3441 pairwise = !!mac_addr;
3442 if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
3443 u32 kt = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
3444
3445 if (kt >= NUM_NL80211_KEYTYPES)
3446 return -EINVAL;
3447 if (kt != NL80211_KEYTYPE_GROUP &&
3448 kt != NL80211_KEYTYPE_PAIRWISE)
3449 return -EINVAL;
3450 pairwise = kt == NL80211_KEYTYPE_PAIRWISE;
3451 }
3452
3453 if (!rdev->ops->get_key)
3454 return -EOPNOTSUPP;
3455
3456 if (!pairwise && mac_addr && !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
3457 return -ENOENT;
3458
3459 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3460 if (!msg)
3461 return -ENOMEM;
3462
3463 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
3464 NL80211_CMD_NEW_KEY);
3465 if (!hdr)
3466 goto nla_put_failure;
3467
3468 cookie.msg = msg;
3469 cookie.idx = key_idx;
3470
3471 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
3472 nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_idx))
3473 goto nla_put_failure;
3474 if (mac_addr &&
3475 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr))
3476 goto nla_put_failure;
3477
3478 err = rdev_get_key(rdev, dev, key_idx, pairwise, mac_addr, &cookie,
3479 get_key_callback);
3480
3481 if (err)
3482 goto free_msg;
3483
3484 if (cookie.error)
3485 goto nla_put_failure;
3486
3487 genlmsg_end(msg, hdr);
3488 return genlmsg_reply(msg, info);
3489
3490 nla_put_failure:
3491 err = -ENOBUFS;
3492 free_msg:
3493 nlmsg_free(msg);
3494 return err;
3495 }
3496
3497 static int nl80211_set_key(struct sk_buff *skb, struct genl_info *info)
3498 {
3499 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3500 struct key_parse key;
3501 int err;
3502 struct net_device *dev = info->user_ptr[1];
3503
3504 err = nl80211_parse_key(info, &key);
3505 if (err)
3506 return err;
3507
3508 if (key.idx < 0)
3509 return -EINVAL;
3510
3511 /* only support setting default key */
3512 if (!key.def && !key.defmgmt)
3513 return -EINVAL;
3514
3515 wdev_lock(dev->ieee80211_ptr);
3516
3517 if (key.def) {
3518 if (!rdev->ops->set_default_key) {
3519 err = -EOPNOTSUPP;
3520 goto out;
3521 }
3522
3523 err = nl80211_key_allowed(dev->ieee80211_ptr);
3524 if (err)
3525 goto out;
3526
3527 err = rdev_set_default_key(rdev, dev, key.idx,
3528 key.def_uni, key.def_multi);
3529
3530 if (err)
3531 goto out;
3532
3533 #ifdef CONFIG_CFG80211_WEXT
3534 dev->ieee80211_ptr->wext.default_key = key.idx;
3535 #endif
3536 } else {
3537 if (key.def_uni || !key.def_multi) {
3538 err = -EINVAL;
3539 goto out;
3540 }
3541
3542 if (!rdev->ops->set_default_mgmt_key) {
3543 err = -EOPNOTSUPP;
3544 goto out;
3545 }
3546
3547 err = nl80211_key_allowed(dev->ieee80211_ptr);
3548 if (err)
3549 goto out;
3550
3551 err = rdev_set_default_mgmt_key(rdev, dev, key.idx);
3552 if (err)
3553 goto out;
3554
3555 #ifdef CONFIG_CFG80211_WEXT
3556 dev->ieee80211_ptr->wext.default_mgmt_key = key.idx;
3557 #endif
3558 }
3559
3560 out:
3561 wdev_unlock(dev->ieee80211_ptr);
3562
3563 return err;
3564 }
3565
3566 static int nl80211_new_key(struct sk_buff *skb, struct genl_info *info)
3567 {
3568 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3569 int err;
3570 struct net_device *dev = info->user_ptr[1];
3571 struct key_parse key;
3572 const u8 *mac_addr = NULL;
3573
3574 err = nl80211_parse_key(info, &key);
3575 if (err)
3576 return err;
3577
3578 if (!key.p.key)
3579 return -EINVAL;
3580
3581 if (info->attrs[NL80211_ATTR_MAC])
3582 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3583
3584 if (key.type == -1) {
3585 if (mac_addr)
3586 key.type = NL80211_KEYTYPE_PAIRWISE;
3587 else
3588 key.type = NL80211_KEYTYPE_GROUP;
3589 }
3590
3591 /* for now */
3592 if (key.type != NL80211_KEYTYPE_PAIRWISE &&
3593 key.type != NL80211_KEYTYPE_GROUP)
3594 return -EINVAL;
3595
3596 if (!rdev->ops->add_key)
3597 return -EOPNOTSUPP;
3598
3599 if (cfg80211_validate_key_settings(rdev, &key.p, key.idx,
3600 key.type == NL80211_KEYTYPE_PAIRWISE,
3601 mac_addr))
3602 return -EINVAL;
3603
3604 wdev_lock(dev->ieee80211_ptr);
3605 err = nl80211_key_allowed(dev->ieee80211_ptr);
3606 if (!err)
3607 err = rdev_add_key(rdev, dev, key.idx,
3608 key.type == NL80211_KEYTYPE_PAIRWISE,
3609 mac_addr, &key.p);
3610 wdev_unlock(dev->ieee80211_ptr);
3611
3612 return err;
3613 }
3614
3615 static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info)
3616 {
3617 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3618 int err;
3619 struct net_device *dev = info->user_ptr[1];
3620 u8 *mac_addr = NULL;
3621 struct key_parse key;
3622
3623 err = nl80211_parse_key(info, &key);
3624 if (err)
3625 return err;
3626
3627 if (key.idx < 0)
3628 return -EINVAL;
3629
3630 if (info->attrs[NL80211_ATTR_MAC])
3631 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3632
3633 if (key.type == -1) {
3634 if (mac_addr)
3635 key.type = NL80211_KEYTYPE_PAIRWISE;
3636 else
3637 key.type = NL80211_KEYTYPE_GROUP;
3638 }
3639
3640 /* for now */
3641 if (key.type != NL80211_KEYTYPE_PAIRWISE &&
3642 key.type != NL80211_KEYTYPE_GROUP)
3643 return -EINVAL;
3644
3645 if (!rdev->ops->del_key)
3646 return -EOPNOTSUPP;
3647
3648 wdev_lock(dev->ieee80211_ptr);
3649 err = nl80211_key_allowed(dev->ieee80211_ptr);
3650
3651 if (key.type == NL80211_KEYTYPE_GROUP && mac_addr &&
3652 !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
3653 err = -ENOENT;
3654
3655 if (!err)
3656 err = rdev_del_key(rdev, dev, key.idx,
3657 key.type == NL80211_KEYTYPE_PAIRWISE,
3658 mac_addr);
3659
3660 #ifdef CONFIG_CFG80211_WEXT
3661 if (!err) {
3662 if (key.idx == dev->ieee80211_ptr->wext.default_key)
3663 dev->ieee80211_ptr->wext.default_key = -1;
3664 else if (key.idx == dev->ieee80211_ptr->wext.default_mgmt_key)
3665 dev->ieee80211_ptr->wext.default_mgmt_key = -1;
3666 }
3667 #endif
3668 wdev_unlock(dev->ieee80211_ptr);
3669
3670 return err;
3671 }
3672
3673 /* This function returns an error or the number of nested attributes */
3674 static int validate_acl_mac_addrs(struct nlattr *nl_attr)
3675 {
3676 struct nlattr *attr;
3677 int n_entries = 0, tmp;
3678
3679 nla_for_each_nested(attr, nl_attr, tmp) {
3680 if (nla_len(attr) != ETH_ALEN)
3681 return -EINVAL;
3682
3683 n_entries++;
3684 }
3685
3686 return n_entries;
3687 }
3688
3689 /*
3690 * This function parses ACL information and allocates memory for ACL data.
3691 * On successful return, the calling function is responsible to free the
3692 * ACL buffer returned by this function.
3693 */
3694 static struct cfg80211_acl_data *parse_acl_data(struct wiphy *wiphy,
3695 struct genl_info *info)
3696 {
3697 enum nl80211_acl_policy acl_policy;
3698 struct nlattr *attr;
3699 struct cfg80211_acl_data *acl;
3700 int i = 0, n_entries, tmp;
3701
3702 if (!wiphy->max_acl_mac_addrs)
3703 return ERR_PTR(-EOPNOTSUPP);
3704
3705 if (!info->attrs[NL80211_ATTR_ACL_POLICY])
3706 return ERR_PTR(-EINVAL);
3707
3708 acl_policy = nla_get_u32(info->attrs[NL80211_ATTR_ACL_POLICY]);
3709 if (acl_policy != NL80211_ACL_POLICY_ACCEPT_UNLESS_LISTED &&
3710 acl_policy != NL80211_ACL_POLICY_DENY_UNLESS_LISTED)
3711 return ERR_PTR(-EINVAL);
3712
3713 if (!info->attrs[NL80211_ATTR_MAC_ADDRS])
3714 return ERR_PTR(-EINVAL);
3715
3716 n_entries = validate_acl_mac_addrs(info->attrs[NL80211_ATTR_MAC_ADDRS]);
3717 if (n_entries < 0)
3718 return ERR_PTR(n_entries);
3719
3720 if (n_entries > wiphy->max_acl_mac_addrs)
3721 return ERR_PTR(-ENOTSUPP);
3722
3723 acl = kzalloc(sizeof(*acl) + (sizeof(struct mac_address) * n_entries),
3724 GFP_KERNEL);
3725 if (!acl)
3726 return ERR_PTR(-ENOMEM);
3727
3728 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_MAC_ADDRS], tmp) {
3729 memcpy(acl->mac_addrs[i].addr, nla_data(attr), ETH_ALEN);
3730 i++;
3731 }
3732
3733 acl->n_acl_entries = n_entries;
3734 acl->acl_policy = acl_policy;
3735
3736 return acl;
3737 }
3738
3739 static int nl80211_set_mac_acl(struct sk_buff *skb, struct genl_info *info)
3740 {
3741 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3742 struct net_device *dev = info->user_ptr[1];
3743 struct cfg80211_acl_data *acl;
3744 int err;
3745
3746 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
3747 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3748 return -EOPNOTSUPP;
3749
3750 if (!dev->ieee80211_ptr->beacon_interval)
3751 return -EINVAL;
3752
3753 acl = parse_acl_data(&rdev->wiphy, info);
3754 if (IS_ERR(acl))
3755 return PTR_ERR(acl);
3756
3757 err = rdev_set_mac_acl(rdev, dev, acl);
3758
3759 kfree(acl);
3760
3761 return err;
3762 }
3763
3764 static u32 rateset_to_mask(struct ieee80211_supported_band *sband,
3765 u8 *rates, u8 rates_len)
3766 {
3767 u8 i;
3768 u32 mask = 0;
3769
3770 for (i = 0; i < rates_len; i++) {
3771 int rate = (rates[i] & 0x7f) * 5;
3772 int ridx;
3773
3774 for (ridx = 0; ridx < sband->n_bitrates; ridx++) {
3775 struct ieee80211_rate *srate =
3776 &sband->bitrates[ridx];
3777 if (rate == srate->bitrate) {
3778 mask |= 1 << ridx;
3779 break;
3780 }
3781 }
3782 if (ridx == sband->n_bitrates)
3783 return 0; /* rate not found */
3784 }
3785
3786 return mask;
3787 }
3788
3789 static bool ht_rateset_to_mask(struct ieee80211_supported_band *sband,
3790 u8 *rates, u8 rates_len,
3791 u8 mcs[IEEE80211_HT_MCS_MASK_LEN])
3792 {
3793 u8 i;
3794
3795 memset(mcs, 0, IEEE80211_HT_MCS_MASK_LEN);
3796
3797 for (i = 0; i < rates_len; i++) {
3798 int ridx, rbit;
3799
3800 ridx = rates[i] / 8;
3801 rbit = BIT(rates[i] % 8);
3802
3803 /* check validity */
3804 if ((ridx < 0) || (ridx >= IEEE80211_HT_MCS_MASK_LEN))
3805 return false;
3806
3807 /* check availability */
3808 ridx = array_index_nospec(ridx, IEEE80211_HT_MCS_MASK_LEN);
3809 if (sband->ht_cap.mcs.rx_mask[ridx] & rbit)
3810 mcs[ridx] |= rbit;
3811 else
3812 return false;
3813 }
3814
3815 return true;
3816 }
3817
3818 static u16 vht_mcs_map_to_mcs_mask(u8 vht_mcs_map)
3819 {
3820 u16 mcs_mask = 0;
3821
3822 switch (vht_mcs_map) {
3823 case IEEE80211_VHT_MCS_NOT_SUPPORTED:
3824 break;
3825 case IEEE80211_VHT_MCS_SUPPORT_0_7:
3826 mcs_mask = 0x00FF;
3827 break;
3828 case IEEE80211_VHT_MCS_SUPPORT_0_8:
3829 mcs_mask = 0x01FF;
3830 break;
3831 case IEEE80211_VHT_MCS_SUPPORT_0_9:
3832 mcs_mask = 0x03FF;
3833 break;
3834 default:
3835 break;
3836 }
3837
3838 return mcs_mask;
3839 }
3840
3841 static void vht_build_mcs_mask(u16 vht_mcs_map,
3842 u16 vht_mcs_mask[NL80211_VHT_NSS_MAX])
3843 {
3844 u8 nss;
3845
3846 for (nss = 0; nss < NL80211_VHT_NSS_MAX; nss++) {
3847 vht_mcs_mask[nss] = vht_mcs_map_to_mcs_mask(vht_mcs_map & 0x03);
3848 vht_mcs_map >>= 2;
3849 }
3850 }
3851
3852 static bool vht_set_mcs_mask(struct ieee80211_supported_band *sband,
3853 struct nl80211_txrate_vht *txrate,
3854 u16 mcs[NL80211_VHT_NSS_MAX])
3855 {
3856 u16 tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
3857 u16 tx_mcs_mask[NL80211_VHT_NSS_MAX] = {};
3858 u8 i;
3859
3860 if (!sband->vht_cap.vht_supported)
3861 return false;
3862
3863 memset(mcs, 0, sizeof(u16) * NL80211_VHT_NSS_MAX);
3864
3865 /* Build vht_mcs_mask from VHT capabilities */
3866 vht_build_mcs_mask(tx_mcs_map, tx_mcs_mask);
3867
3868 for (i = 0; i < NL80211_VHT_NSS_MAX; i++) {
3869 if ((tx_mcs_mask[i] & txrate->mcs[i]) == txrate->mcs[i])
3870 mcs[i] = txrate->mcs[i];
3871 else
3872 return false;
3873 }
3874
3875 return true;
3876 }
3877
3878 static const struct nla_policy nl80211_txattr_policy[NL80211_TXRATE_MAX + 1] = {
3879 [NL80211_TXRATE_LEGACY] = { .type = NLA_BINARY,
3880 .len = NL80211_MAX_SUPP_RATES },
3881 [NL80211_TXRATE_HT] = { .type = NLA_BINARY,
3882 .len = NL80211_MAX_SUPP_HT_RATES },
3883 [NL80211_TXRATE_VHT] = { .len = sizeof(struct nl80211_txrate_vht)},
3884 [NL80211_TXRATE_GI] = { .type = NLA_U8 },
3885 };
3886
3887 static int nl80211_parse_tx_bitrate_mask(struct genl_info *info,
3888 struct cfg80211_bitrate_mask *mask)
3889 {
3890 struct nlattr *tb[NL80211_TXRATE_MAX + 1];
3891 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3892 int rem, i;
3893 struct nlattr *tx_rates;
3894 struct ieee80211_supported_band *sband;
3895 u16 vht_tx_mcs_map;
3896
3897 memset(mask, 0, sizeof(*mask));
3898 /* Default to all rates enabled */
3899 for (i = 0; i < NUM_NL80211_BANDS; i++) {
3900 sband = rdev->wiphy.bands[i];
3901
3902 if (!sband)
3903 continue;
3904
3905 mask->control[i].legacy = (1 << sband->n_bitrates) - 1;
3906 memcpy(mask->control[i].ht_mcs,
3907 sband->ht_cap.mcs.rx_mask,
3908 sizeof(mask->control[i].ht_mcs));
3909
3910 if (!sband->vht_cap.vht_supported)
3911 continue;
3912
3913 vht_tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
3914 vht_build_mcs_mask(vht_tx_mcs_map, mask->control[i].vht_mcs);
3915 }
3916
3917 /* if no rates are given set it back to the defaults */
3918 if (!info->attrs[NL80211_ATTR_TX_RATES])
3919 goto out;
3920
3921 /* The nested attribute uses enum nl80211_band as the index. This maps
3922 * directly to the enum nl80211_band values used in cfg80211.
3923 */
3924 BUILD_BUG_ON(NL80211_MAX_SUPP_HT_RATES > IEEE80211_HT_MCS_MASK_LEN * 8);
3925 nla_for_each_nested(tx_rates, info->attrs[NL80211_ATTR_TX_RATES], rem) {
3926 enum nl80211_band band = nla_type(tx_rates);
3927 int err;
3928
3929 if (band < 0 || band >= NUM_NL80211_BANDS)
3930 return -EINVAL;
3931 sband = rdev->wiphy.bands[band];
3932 if (sband == NULL)
3933 return -EINVAL;
3934 err = nla_parse_nested(tb, NL80211_TXRATE_MAX, tx_rates,
3935 nl80211_txattr_policy, info->extack);
3936 if (err)
3937 return err;
3938 if (tb[NL80211_TXRATE_LEGACY]) {
3939 mask->control[band].legacy = rateset_to_mask(
3940 sband,
3941 nla_data(tb[NL80211_TXRATE_LEGACY]),
3942 nla_len(tb[NL80211_TXRATE_LEGACY]));
3943 if ((mask->control[band].legacy == 0) &&
3944 nla_len(tb[NL80211_TXRATE_LEGACY]))
3945 return -EINVAL;
3946 }
3947 if (tb[NL80211_TXRATE_HT]) {
3948 if (!ht_rateset_to_mask(
3949 sband,
3950 nla_data(tb[NL80211_TXRATE_HT]),
3951 nla_len(tb[NL80211_TXRATE_HT]),
3952 mask->control[band].ht_mcs))
3953 return -EINVAL;
3954 }
3955 if (tb[NL80211_TXRATE_VHT]) {
3956 if (!vht_set_mcs_mask(
3957 sband,
3958 nla_data(tb[NL80211_TXRATE_VHT]),
3959 mask->control[band].vht_mcs))
3960 return -EINVAL;
3961 }
3962 if (tb[NL80211_TXRATE_GI]) {
3963 mask->control[band].gi =
3964 nla_get_u8(tb[NL80211_TXRATE_GI]);
3965 if (mask->control[band].gi > NL80211_TXRATE_FORCE_LGI)
3966 return -EINVAL;
3967 }
3968
3969 if (mask->control[band].legacy == 0) {
3970 /* don't allow empty legacy rates if HT or VHT
3971 * are not even supported.
3972 */
3973 if (!(rdev->wiphy.bands[band]->ht_cap.ht_supported ||
3974 rdev->wiphy.bands[band]->vht_cap.vht_supported))
3975 return -EINVAL;
3976
3977 for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++)
3978 if (mask->control[band].ht_mcs[i])
3979 goto out;
3980
3981 for (i = 0; i < NL80211_VHT_NSS_MAX; i++)
3982 if (mask->control[band].vht_mcs[i])
3983 goto out;
3984
3985 /* legacy and mcs rates may not be both empty */
3986 return -EINVAL;
3987 }
3988 }
3989
3990 out:
3991 return 0;
3992 }
3993
3994 static int validate_beacon_tx_rate(struct cfg80211_registered_device *rdev,
3995 enum nl80211_band band,
3996 struct cfg80211_bitrate_mask *beacon_rate)
3997 {
3998 u32 count_ht, count_vht, i;
3999 u32 rate = beacon_rate->control[band].legacy;
4000
4001 /* Allow only one rate */
4002 if (hweight32(rate) > 1)
4003 return -EINVAL;
4004
4005 count_ht = 0;
4006 for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++) {
4007 if (hweight8(beacon_rate->control[band].ht_mcs[i]) > 1) {
4008 return -EINVAL;
4009 } else if (beacon_rate->control[band].ht_mcs[i]) {
4010 count_ht++;
4011 if (count_ht > 1)
4012 return -EINVAL;
4013 }
4014 if (count_ht && rate)
4015 return -EINVAL;
4016 }
4017
4018 count_vht = 0;
4019 for (i = 0; i < NL80211_VHT_NSS_MAX; i++) {
4020 if (hweight16(beacon_rate->control[band].vht_mcs[i]) > 1) {
4021 return -EINVAL;
4022 } else if (beacon_rate->control[band].vht_mcs[i]) {
4023 count_vht++;
4024 if (count_vht > 1)
4025 return -EINVAL;
4026 }
4027 if (count_vht && rate)
4028 return -EINVAL;
4029 }
4030
4031 if ((count_ht && count_vht) || (!rate && !count_ht && !count_vht))
4032 return -EINVAL;
4033
4034 if (rate &&
4035 !wiphy_ext_feature_isset(&rdev->wiphy,
4036 NL80211_EXT_FEATURE_BEACON_RATE_LEGACY))
4037 return -EINVAL;
4038 if (count_ht &&
4039 !wiphy_ext_feature_isset(&rdev->wiphy,
4040 NL80211_EXT_FEATURE_BEACON_RATE_HT))
4041 return -EINVAL;
4042 if (count_vht &&
4043 !wiphy_ext_feature_isset(&rdev->wiphy,
4044 NL80211_EXT_FEATURE_BEACON_RATE_VHT))
4045 return -EINVAL;
4046
4047 return 0;
4048 }
4049
4050 static int nl80211_parse_beacon(struct nlattr *attrs[],
4051 struct cfg80211_beacon_data *bcn)
4052 {
4053 bool haveinfo = false;
4054
4055 if (!is_valid_ie_attr(attrs[NL80211_ATTR_BEACON_TAIL]) ||
4056 !is_valid_ie_attr(attrs[NL80211_ATTR_IE]) ||
4057 !is_valid_ie_attr(attrs[NL80211_ATTR_IE_PROBE_RESP]) ||
4058 !is_valid_ie_attr(attrs[NL80211_ATTR_IE_ASSOC_RESP]))
4059 return -EINVAL;
4060
4061 memset(bcn, 0, sizeof(*bcn));
4062
4063 if (attrs[NL80211_ATTR_BEACON_HEAD]) {
4064 int ret = validate_beacon_head(attrs[NL80211_ATTR_BEACON_HEAD],
4065 NULL);
4066
4067 if (ret)
4068 return ret;
4069
4070 bcn->head = nla_data(attrs[NL80211_ATTR_BEACON_HEAD]);
4071 bcn->head_len = nla_len(attrs[NL80211_ATTR_BEACON_HEAD]);
4072 if (!bcn->head_len)
4073 return -EINVAL;
4074 haveinfo = true;
4075 }
4076
4077 if (attrs[NL80211_ATTR_BEACON_TAIL]) {
4078 bcn->tail = nla_data(attrs[NL80211_ATTR_BEACON_TAIL]);
4079 bcn->tail_len = nla_len(attrs[NL80211_ATTR_BEACON_TAIL]);
4080 haveinfo = true;
4081 }
4082
4083 if (!haveinfo)
4084 return -EINVAL;
4085
4086 if (attrs[NL80211_ATTR_IE]) {
4087 bcn->beacon_ies = nla_data(attrs[NL80211_ATTR_IE]);
4088 bcn->beacon_ies_len = nla_len(attrs[NL80211_ATTR_IE]);
4089 }
4090
4091 if (attrs[NL80211_ATTR_IE_PROBE_RESP]) {
4092 bcn->proberesp_ies =
4093 nla_data(attrs[NL80211_ATTR_IE_PROBE_RESP]);
4094 bcn->proberesp_ies_len =
4095 nla_len(attrs[NL80211_ATTR_IE_PROBE_RESP]);
4096 }
4097
4098 if (attrs[NL80211_ATTR_IE_ASSOC_RESP]) {
4099 bcn->assocresp_ies =
4100 nla_data(attrs[NL80211_ATTR_IE_ASSOC_RESP]);
4101 bcn->assocresp_ies_len =
4102 nla_len(attrs[NL80211_ATTR_IE_ASSOC_RESP]);
4103 }
4104
4105 if (attrs[NL80211_ATTR_PROBE_RESP]) {
4106 bcn->probe_resp = nla_data(attrs[NL80211_ATTR_PROBE_RESP]);
4107 bcn->probe_resp_len = nla_len(attrs[NL80211_ATTR_PROBE_RESP]);
4108 }
4109
4110 return 0;
4111 }
4112
4113 static void nl80211_check_ap_rate_selectors(struct cfg80211_ap_settings *params,
4114 const u8 *rates)
4115 {
4116 int i;
4117
4118 if (!rates)
4119 return;
4120
4121 for (i = 0; i < rates[1]; i++) {
4122 if (rates[2 + i] == BSS_MEMBERSHIP_SELECTOR_HT_PHY)
4123 params->ht_required = true;
4124 if (rates[2 + i] == BSS_MEMBERSHIP_SELECTOR_VHT_PHY)
4125 params->vht_required = true;
4126 }
4127 }
4128
4129 /*
4130 * Since the nl80211 API didn't include, from the beginning, attributes about
4131 * HT/VHT requirements/capabilities, we parse them out of the IEs for the
4132 * benefit of drivers that rebuild IEs in the firmware.
4133 */
4134 static void nl80211_calculate_ap_params(struct cfg80211_ap_settings *params)
4135 {
4136 const struct cfg80211_beacon_data *bcn = &params->beacon;
4137 size_t ies_len = bcn->tail_len;
4138 const u8 *ies = bcn->tail;
4139 const u8 *rates;
4140 const u8 *cap;
4141
4142 rates = cfg80211_find_ie(WLAN_EID_SUPP_RATES, ies, ies_len);
4143 nl80211_check_ap_rate_selectors(params, rates);
4144
4145 rates = cfg80211_find_ie(WLAN_EID_EXT_SUPP_RATES, ies, ies_len);
4146 nl80211_check_ap_rate_selectors(params, rates);
4147
4148 cap = cfg80211_find_ie(WLAN_EID_HT_CAPABILITY, ies, ies_len);
4149 if (cap && cap[1] >= sizeof(*params->ht_cap))
4150 params->ht_cap = (void *)(cap + 2);
4151 cap = cfg80211_find_ie(WLAN_EID_VHT_CAPABILITY, ies, ies_len);
4152 if (cap && cap[1] >= sizeof(*params->vht_cap))
4153 params->vht_cap = (void *)(cap + 2);
4154 }
4155
4156 static bool nl80211_get_ap_channel(struct cfg80211_registered_device *rdev,
4157 struct cfg80211_ap_settings *params)
4158 {
4159 struct wireless_dev *wdev;
4160 bool ret = false;
4161
4162 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
4163 if (wdev->iftype != NL80211_IFTYPE_AP &&
4164 wdev->iftype != NL80211_IFTYPE_P2P_GO)
4165 continue;
4166
4167 if (!wdev->preset_chandef.chan)
4168 continue;
4169
4170 params->chandef = wdev->preset_chandef;
4171 ret = true;
4172 break;
4173 }
4174
4175 return ret;
4176 }
4177
4178 static bool nl80211_valid_auth_type(struct cfg80211_registered_device *rdev,
4179 enum nl80211_auth_type auth_type,
4180 enum nl80211_commands cmd)
4181 {
4182 if (auth_type > NL80211_AUTHTYPE_MAX)
4183 return false;
4184
4185 switch (cmd) {
4186 case NL80211_CMD_AUTHENTICATE:
4187 if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) &&
4188 auth_type == NL80211_AUTHTYPE_SAE)
4189 return false;
4190 if (!wiphy_ext_feature_isset(&rdev->wiphy,
4191 NL80211_EXT_FEATURE_FILS_STA) &&
4192 (auth_type == NL80211_AUTHTYPE_FILS_SK ||
4193 auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
4194 auth_type == NL80211_AUTHTYPE_FILS_PK))
4195 return false;
4196 return true;
4197 case NL80211_CMD_CONNECT:
4198 if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) &&
4199 auth_type == NL80211_AUTHTYPE_SAE)
4200 return false;
4201
4202 /* FILS with SK PFS or PK not supported yet */
4203 if (auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
4204 auth_type == NL80211_AUTHTYPE_FILS_PK)
4205 return false;
4206 if (!wiphy_ext_feature_isset(
4207 &rdev->wiphy,
4208 NL80211_EXT_FEATURE_FILS_SK_OFFLOAD) &&
4209 auth_type == NL80211_AUTHTYPE_FILS_SK)
4210 return false;
4211 return true;
4212 case NL80211_CMD_START_AP:
4213 /* SAE not supported yet */
4214 if (auth_type == NL80211_AUTHTYPE_SAE)
4215 return false;
4216 /* FILS not supported yet */
4217 if (auth_type == NL80211_AUTHTYPE_FILS_SK ||
4218 auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
4219 auth_type == NL80211_AUTHTYPE_FILS_PK)
4220 return false;
4221 return true;
4222 default:
4223 return false;
4224 }
4225 }
4226
4227 static int nl80211_start_ap(struct sk_buff *skb, struct genl_info *info)
4228 {
4229 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4230 struct net_device *dev = info->user_ptr[1];
4231 struct wireless_dev *wdev = dev->ieee80211_ptr;
4232 struct cfg80211_ap_settings params;
4233 int err;
4234
4235 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
4236 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4237 return -EOPNOTSUPP;
4238
4239 if (!rdev->ops->start_ap)
4240 return -EOPNOTSUPP;
4241
4242 if (wdev->beacon_interval)
4243 return -EALREADY;
4244
4245 memset(&params, 0, sizeof(params));
4246
4247 /* these are required for START_AP */
4248 if (!info->attrs[NL80211_ATTR_BEACON_INTERVAL] ||
4249 !info->attrs[NL80211_ATTR_DTIM_PERIOD] ||
4250 !info->attrs[NL80211_ATTR_BEACON_HEAD])
4251 return -EINVAL;
4252
4253 err = nl80211_parse_beacon(info->attrs, &params.beacon);
4254 if (err)
4255 return err;
4256
4257 params.beacon_interval =
4258 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
4259 params.dtim_period =
4260 nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
4261
4262 err = cfg80211_validate_beacon_int(rdev, dev->ieee80211_ptr->iftype,
4263 params.beacon_interval);
4264 if (err)
4265 return err;
4266
4267 /*
4268 * In theory, some of these attributes should be required here
4269 * but since they were not used when the command was originally
4270 * added, keep them optional for old user space programs to let
4271 * them continue to work with drivers that do not need the
4272 * additional information -- drivers must check!
4273 */
4274 if (info->attrs[NL80211_ATTR_SSID]) {
4275 params.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
4276 params.ssid_len =
4277 nla_len(info->attrs[NL80211_ATTR_SSID]);
4278 if (params.ssid_len == 0 ||
4279 params.ssid_len > IEEE80211_MAX_SSID_LEN)
4280 return -EINVAL;
4281 }
4282
4283 if (info->attrs[NL80211_ATTR_HIDDEN_SSID]) {
4284 params.hidden_ssid = nla_get_u32(
4285 info->attrs[NL80211_ATTR_HIDDEN_SSID]);
4286 if (params.hidden_ssid != NL80211_HIDDEN_SSID_NOT_IN_USE &&
4287 params.hidden_ssid != NL80211_HIDDEN_SSID_ZERO_LEN &&
4288 params.hidden_ssid != NL80211_HIDDEN_SSID_ZERO_CONTENTS)
4289 return -EINVAL;
4290 }
4291
4292 params.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
4293
4294 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
4295 params.auth_type = nla_get_u32(
4296 info->attrs[NL80211_ATTR_AUTH_TYPE]);
4297 if (!nl80211_valid_auth_type(rdev, params.auth_type,
4298 NL80211_CMD_START_AP))
4299 return -EINVAL;
4300 } else
4301 params.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
4302
4303 err = nl80211_crypto_settings(rdev, info, &params.crypto,
4304 NL80211_MAX_NR_CIPHER_SUITES);
4305 if (err)
4306 return err;
4307
4308 if (info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]) {
4309 if (!(rdev->wiphy.features & NL80211_FEATURE_INACTIVITY_TIMER))
4310 return -EOPNOTSUPP;
4311 params.inactivity_timeout = nla_get_u16(
4312 info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]);
4313 }
4314
4315 if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
4316 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4317 return -EINVAL;
4318 params.p2p_ctwindow =
4319 nla_get_u8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
4320 if (params.p2p_ctwindow > 127)
4321 return -EINVAL;
4322 if (params.p2p_ctwindow != 0 &&
4323 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN))
4324 return -EINVAL;
4325 }
4326
4327 if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
4328 u8 tmp;
4329
4330 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4331 return -EINVAL;
4332 tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
4333 if (tmp > 1)
4334 return -EINVAL;
4335 params.p2p_opp_ps = tmp;
4336 if (params.p2p_opp_ps != 0 &&
4337 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS))
4338 return -EINVAL;
4339 }
4340
4341 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
4342 err = nl80211_parse_chandef(rdev, info, &params.chandef);
4343 if (err)
4344 return err;
4345 } else if (wdev->preset_chandef.chan) {
4346 params.chandef = wdev->preset_chandef;
4347 } else if (!nl80211_get_ap_channel(rdev, &params))
4348 return -EINVAL;
4349
4350 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &params.chandef,
4351 wdev->iftype))
4352 return -EINVAL;
4353
4354 if (info->attrs[NL80211_ATTR_TX_RATES]) {
4355 err = nl80211_parse_tx_bitrate_mask(info, &params.beacon_rate);
4356 if (err)
4357 return err;
4358
4359 err = validate_beacon_tx_rate(rdev, params.chandef.chan->band,
4360 &params.beacon_rate);
4361 if (err)
4362 return err;
4363 }
4364
4365 if (info->attrs[NL80211_ATTR_SMPS_MODE]) {
4366 params.smps_mode =
4367 nla_get_u8(info->attrs[NL80211_ATTR_SMPS_MODE]);
4368 switch (params.smps_mode) {
4369 case NL80211_SMPS_OFF:
4370 break;
4371 case NL80211_SMPS_STATIC:
4372 if (!(rdev->wiphy.features &
4373 NL80211_FEATURE_STATIC_SMPS))
4374 return -EINVAL;
4375 break;
4376 case NL80211_SMPS_DYNAMIC:
4377 if (!(rdev->wiphy.features &
4378 NL80211_FEATURE_DYNAMIC_SMPS))
4379 return -EINVAL;
4380 break;
4381 default:
4382 return -EINVAL;
4383 }
4384 } else {
4385 params.smps_mode = NL80211_SMPS_OFF;
4386 }
4387
4388 params.pbss = nla_get_flag(info->attrs[NL80211_ATTR_PBSS]);
4389 if (params.pbss && !rdev->wiphy.bands[NL80211_BAND_60GHZ])
4390 return -EOPNOTSUPP;
4391
4392 if (info->attrs[NL80211_ATTR_ACL_POLICY]) {
4393 params.acl = parse_acl_data(&rdev->wiphy, info);
4394 if (IS_ERR(params.acl))
4395 return PTR_ERR(params.acl);
4396 }
4397
4398 nl80211_calculate_ap_params(&params);
4399
4400 wdev_lock(wdev);
4401 err = rdev_start_ap(rdev, dev, &params);
4402 if (!err) {
4403 wdev->preset_chandef = params.chandef;
4404 wdev->beacon_interval = params.beacon_interval;
4405 wdev->chandef = params.chandef;
4406 wdev->ssid_len = params.ssid_len;
4407 memcpy(wdev->ssid, params.ssid, wdev->ssid_len);
4408
4409 if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
4410 wdev->conn_owner_nlportid = info->snd_portid;
4411 }
4412 wdev_unlock(wdev);
4413
4414 kfree(params.acl);
4415
4416 return err;
4417 }
4418
4419 static int nl80211_set_beacon(struct sk_buff *skb, struct genl_info *info)
4420 {
4421 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4422 struct net_device *dev = info->user_ptr[1];
4423 struct wireless_dev *wdev = dev->ieee80211_ptr;
4424 struct cfg80211_beacon_data params;
4425 int err;
4426
4427 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
4428 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4429 return -EOPNOTSUPP;
4430
4431 if (!rdev->ops->change_beacon)
4432 return -EOPNOTSUPP;
4433
4434 if (!wdev->beacon_interval)
4435 return -EINVAL;
4436
4437 err = nl80211_parse_beacon(info->attrs, &params);
4438 if (err)
4439 return err;
4440
4441 wdev_lock(wdev);
4442 err = rdev_change_beacon(rdev, dev, &params);
4443 wdev_unlock(wdev);
4444
4445 return err;
4446 }
4447
4448 static int nl80211_stop_ap(struct sk_buff *skb, struct genl_info *info)
4449 {
4450 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4451 struct net_device *dev = info->user_ptr[1];
4452
4453 return cfg80211_stop_ap(rdev, dev, false);
4454 }
4455
4456 static const struct nla_policy sta_flags_policy[NL80211_STA_FLAG_MAX + 1] = {
4457 [NL80211_STA_FLAG_AUTHORIZED] = { .type = NLA_FLAG },
4458 [NL80211_STA_FLAG_SHORT_PREAMBLE] = { .type = NLA_FLAG },
4459 [NL80211_STA_FLAG_WME] = { .type = NLA_FLAG },
4460 [NL80211_STA_FLAG_MFP] = { .type = NLA_FLAG },
4461 [NL80211_STA_FLAG_AUTHENTICATED] = { .type = NLA_FLAG },
4462 [NL80211_STA_FLAG_TDLS_PEER] = { .type = NLA_FLAG },
4463 };
4464
4465 static int parse_station_flags(struct genl_info *info,
4466 enum nl80211_iftype iftype,
4467 struct station_parameters *params)
4468 {
4469 struct nlattr *flags[NL80211_STA_FLAG_MAX + 1];
4470 struct nlattr *nla;
4471 int flag;
4472
4473 /*
4474 * Try parsing the new attribute first so userspace
4475 * can specify both for older kernels.
4476 */
4477 nla = info->attrs[NL80211_ATTR_STA_FLAGS2];
4478 if (nla) {
4479 struct nl80211_sta_flag_update *sta_flags;
4480
4481 sta_flags = nla_data(nla);
4482 params->sta_flags_mask = sta_flags->mask;
4483 params->sta_flags_set = sta_flags->set;
4484 params->sta_flags_set &= params->sta_flags_mask;
4485 if ((params->sta_flags_mask |
4486 params->sta_flags_set) & BIT(__NL80211_STA_FLAG_INVALID))
4487 return -EINVAL;
4488 return 0;
4489 }
4490
4491 /* if present, parse the old attribute */
4492
4493 nla = info->attrs[NL80211_ATTR_STA_FLAGS];
4494 if (!nla)
4495 return 0;
4496
4497 if (nla_parse_nested(flags, NL80211_STA_FLAG_MAX, nla,
4498 sta_flags_policy, info->extack))
4499 return -EINVAL;
4500
4501 /*
4502 * Only allow certain flags for interface types so that
4503 * other attributes are silently ignored. Remember that
4504 * this is backward compatibility code with old userspace
4505 * and shouldn't be hit in other cases anyway.
4506 */
4507 switch (iftype) {
4508 case NL80211_IFTYPE_AP:
4509 case NL80211_IFTYPE_AP_VLAN:
4510 case NL80211_IFTYPE_P2P_GO:
4511 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
4512 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
4513 BIT(NL80211_STA_FLAG_WME) |
4514 BIT(NL80211_STA_FLAG_MFP);
4515 break;
4516 case NL80211_IFTYPE_P2P_CLIENT:
4517 case NL80211_IFTYPE_STATION:
4518 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
4519 BIT(NL80211_STA_FLAG_TDLS_PEER);
4520 break;
4521 case NL80211_IFTYPE_MESH_POINT:
4522 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHENTICATED) |
4523 BIT(NL80211_STA_FLAG_MFP) |
4524 BIT(NL80211_STA_FLAG_AUTHORIZED);
4525 break;
4526 default:
4527 return -EINVAL;
4528 }
4529
4530 for (flag = 1; flag <= NL80211_STA_FLAG_MAX; flag++) {
4531 if (flags[flag]) {
4532 params->sta_flags_set |= (1<<flag);
4533
4534 /* no longer support new API additions in old API */
4535 if (flag > NL80211_STA_FLAG_MAX_OLD_API)
4536 return -EINVAL;
4537 }
4538 }
4539
4540 return 0;
4541 }
4542
4543 static bool nl80211_put_sta_rate(struct sk_buff *msg, struct rate_info *info,
4544 int attr)
4545 {
4546 struct nlattr *rate;
4547 u32 bitrate;
4548 u16 bitrate_compat;
4549 enum nl80211_rate_info rate_flg;
4550
4551 rate = nla_nest_start(msg, attr);
4552 if (!rate)
4553 return false;
4554
4555 /* cfg80211_calculate_bitrate will return 0 for mcs >= 32 */
4556 bitrate = cfg80211_calculate_bitrate(info);
4557 /* report 16-bit bitrate only if we can */
4558 bitrate_compat = bitrate < (1UL << 16) ? bitrate : 0;
4559 if (bitrate > 0 &&
4560 nla_put_u32(msg, NL80211_RATE_INFO_BITRATE32, bitrate))
4561 return false;
4562 if (bitrate_compat > 0 &&
4563 nla_put_u16(msg, NL80211_RATE_INFO_BITRATE, bitrate_compat))
4564 return false;
4565
4566 switch (info->bw) {
4567 case RATE_INFO_BW_5:
4568 rate_flg = NL80211_RATE_INFO_5_MHZ_WIDTH;
4569 break;
4570 case RATE_INFO_BW_10:
4571 rate_flg = NL80211_RATE_INFO_10_MHZ_WIDTH;
4572 break;
4573 default:
4574 WARN_ON(1);
4575 /* fall through */
4576 case RATE_INFO_BW_20:
4577 rate_flg = 0;
4578 break;
4579 case RATE_INFO_BW_40:
4580 rate_flg = NL80211_RATE_INFO_40_MHZ_WIDTH;
4581 break;
4582 case RATE_INFO_BW_80:
4583 rate_flg = NL80211_RATE_INFO_80_MHZ_WIDTH;
4584 break;
4585 case RATE_INFO_BW_160:
4586 rate_flg = NL80211_RATE_INFO_160_MHZ_WIDTH;
4587 break;
4588 case RATE_INFO_BW_HE_RU:
4589 rate_flg = 0;
4590 WARN_ON(!(info->flags & RATE_INFO_FLAGS_HE_MCS));
4591 }
4592
4593 if (rate_flg && nla_put_flag(msg, rate_flg))
4594 return false;
4595
4596 if (info->flags & RATE_INFO_FLAGS_MCS) {
4597 if (nla_put_u8(msg, NL80211_RATE_INFO_MCS, info->mcs))
4598 return false;
4599 if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
4600 nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
4601 return false;
4602 } else if (info->flags & RATE_INFO_FLAGS_VHT_MCS) {
4603 if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_MCS, info->mcs))
4604 return false;
4605 if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_NSS, info->nss))
4606 return false;
4607 if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
4608 nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
4609 return false;
4610 } else if (info->flags & RATE_INFO_FLAGS_HE_MCS) {
4611 if (nla_put_u8(msg, NL80211_RATE_INFO_HE_MCS, info->mcs))
4612 return false;
4613 if (nla_put_u8(msg, NL80211_RATE_INFO_HE_NSS, info->nss))
4614 return false;
4615 if (nla_put_u8(msg, NL80211_RATE_INFO_HE_GI, info->he_gi))
4616 return false;
4617 if (nla_put_u8(msg, NL80211_RATE_INFO_HE_DCM, info->he_dcm))
4618 return false;
4619 if (info->bw == RATE_INFO_BW_HE_RU &&
4620 nla_put_u8(msg, NL80211_RATE_INFO_HE_RU_ALLOC,
4621 info->he_ru_alloc))
4622 return false;
4623 }
4624
4625 nla_nest_end(msg, rate);
4626 return true;
4627 }
4628
4629 static bool nl80211_put_signal(struct sk_buff *msg, u8 mask, s8 *signal,
4630 int id)
4631 {
4632 void *attr;
4633 int i = 0;
4634
4635 if (!mask)
4636 return true;
4637
4638 attr = nla_nest_start(msg, id);
4639 if (!attr)
4640 return false;
4641
4642 for (i = 0; i < IEEE80211_MAX_CHAINS; i++) {
4643 if (!(mask & BIT(i)))
4644 continue;
4645
4646 if (nla_put_u8(msg, i, signal[i]))
4647 return false;
4648 }
4649
4650 nla_nest_end(msg, attr);
4651
4652 return true;
4653 }
4654
4655 static int nl80211_send_station(struct sk_buff *msg, u32 cmd, u32 portid,
4656 u32 seq, int flags,
4657 struct cfg80211_registered_device *rdev,
4658 struct net_device *dev,
4659 const u8 *mac_addr, struct station_info *sinfo)
4660 {
4661 void *hdr;
4662 struct nlattr *sinfoattr, *bss_param;
4663
4664 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
4665 if (!hdr) {
4666 cfg80211_sinfo_release_content(sinfo);
4667 return -1;
4668 }
4669
4670 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
4671 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
4672 nla_put_u32(msg, NL80211_ATTR_GENERATION, sinfo->generation))
4673 goto nla_put_failure;
4674
4675 sinfoattr = nla_nest_start(msg, NL80211_ATTR_STA_INFO);
4676 if (!sinfoattr)
4677 goto nla_put_failure;
4678
4679 #define PUT_SINFO(attr, memb, type) do { \
4680 BUILD_BUG_ON(sizeof(type) == sizeof(u64)); \
4681 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_ ## attr) && \
4682 nla_put_ ## type(msg, NL80211_STA_INFO_ ## attr, \
4683 sinfo->memb)) \
4684 goto nla_put_failure; \
4685 } while (0)
4686 #define PUT_SINFO_U64(attr, memb) do { \
4687 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_ ## attr) && \
4688 nla_put_u64_64bit(msg, NL80211_STA_INFO_ ## attr, \
4689 sinfo->memb, NL80211_STA_INFO_PAD)) \
4690 goto nla_put_failure; \
4691 } while (0)
4692
4693 PUT_SINFO(CONNECTED_TIME, connected_time, u32);
4694 PUT_SINFO(INACTIVE_TIME, inactive_time, u32);
4695
4696 if (sinfo->filled & (BIT_ULL(NL80211_STA_INFO_RX_BYTES) |
4697 BIT_ULL(NL80211_STA_INFO_RX_BYTES64)) &&
4698 nla_put_u32(msg, NL80211_STA_INFO_RX_BYTES,
4699 (u32)sinfo->rx_bytes))
4700 goto nla_put_failure;
4701
4702 if (sinfo->filled & (BIT_ULL(NL80211_STA_INFO_TX_BYTES) |
4703 BIT_ULL(NL80211_STA_INFO_TX_BYTES64)) &&
4704 nla_put_u32(msg, NL80211_STA_INFO_TX_BYTES,
4705 (u32)sinfo->tx_bytes))
4706 goto nla_put_failure;
4707
4708 PUT_SINFO_U64(RX_BYTES64, rx_bytes);
4709 PUT_SINFO_U64(TX_BYTES64, tx_bytes);
4710 PUT_SINFO(LLID, llid, u16);
4711 PUT_SINFO(PLID, plid, u16);
4712 PUT_SINFO(PLINK_STATE, plink_state, u8);
4713 PUT_SINFO_U64(RX_DURATION, rx_duration);
4714
4715 switch (rdev->wiphy.signal_type) {
4716 case CFG80211_SIGNAL_TYPE_MBM:
4717 PUT_SINFO(SIGNAL, signal, u8);
4718 PUT_SINFO(SIGNAL_AVG, signal_avg, u8);
4719 break;
4720 default:
4721 break;
4722 }
4723 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_CHAIN_SIGNAL)) {
4724 if (!nl80211_put_signal(msg, sinfo->chains,
4725 sinfo->chain_signal,
4726 NL80211_STA_INFO_CHAIN_SIGNAL))
4727 goto nla_put_failure;
4728 }
4729 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_CHAIN_SIGNAL_AVG)) {
4730 if (!nl80211_put_signal(msg, sinfo->chains,
4731 sinfo->chain_signal_avg,
4732 NL80211_STA_INFO_CHAIN_SIGNAL_AVG))
4733 goto nla_put_failure;
4734 }
4735 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_TX_BITRATE)) {
4736 if (!nl80211_put_sta_rate(msg, &sinfo->txrate,
4737 NL80211_STA_INFO_TX_BITRATE))
4738 goto nla_put_failure;
4739 }
4740 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_RX_BITRATE)) {
4741 if (!nl80211_put_sta_rate(msg, &sinfo->rxrate,
4742 NL80211_STA_INFO_RX_BITRATE))
4743 goto nla_put_failure;
4744 }
4745
4746 PUT_SINFO(RX_PACKETS, rx_packets, u32);
4747 PUT_SINFO(TX_PACKETS, tx_packets, u32);
4748 PUT_SINFO(TX_RETRIES, tx_retries, u32);
4749 PUT_SINFO(TX_FAILED, tx_failed, u32);
4750 PUT_SINFO(EXPECTED_THROUGHPUT, expected_throughput, u32);
4751 PUT_SINFO(BEACON_LOSS, beacon_loss_count, u32);
4752 PUT_SINFO(LOCAL_PM, local_pm, u32);
4753 PUT_SINFO(PEER_PM, peer_pm, u32);
4754 PUT_SINFO(NONPEER_PM, nonpeer_pm, u32);
4755
4756 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_BSS_PARAM)) {
4757 bss_param = nla_nest_start(msg, NL80211_STA_INFO_BSS_PARAM);
4758 if (!bss_param)
4759 goto nla_put_failure;
4760
4761 if (((sinfo->bss_param.flags & BSS_PARAM_FLAGS_CTS_PROT) &&
4762 nla_put_flag(msg, NL80211_STA_BSS_PARAM_CTS_PROT)) ||
4763 ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_PREAMBLE) &&
4764 nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_PREAMBLE)) ||
4765 ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_SLOT_TIME) &&
4766 nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_SLOT_TIME)) ||
4767 nla_put_u8(msg, NL80211_STA_BSS_PARAM_DTIM_PERIOD,
4768 sinfo->bss_param.dtim_period) ||
4769 nla_put_u16(msg, NL80211_STA_BSS_PARAM_BEACON_INTERVAL,
4770 sinfo->bss_param.beacon_interval))
4771 goto nla_put_failure;
4772
4773 nla_nest_end(msg, bss_param);
4774 }
4775 if ((sinfo->filled & BIT_ULL(NL80211_STA_INFO_STA_FLAGS)) &&
4776 nla_put(msg, NL80211_STA_INFO_STA_FLAGS,
4777 sizeof(struct nl80211_sta_flag_update),
4778 &sinfo->sta_flags))
4779 goto nla_put_failure;
4780
4781 PUT_SINFO_U64(T_OFFSET, t_offset);
4782 PUT_SINFO_U64(RX_DROP_MISC, rx_dropped_misc);
4783 PUT_SINFO_U64(BEACON_RX, rx_beacon);
4784 PUT_SINFO(BEACON_SIGNAL_AVG, rx_beacon_signal_avg, u8);
4785 PUT_SINFO(ACK_SIGNAL, ack_signal, u8);
4786 if (wiphy_ext_feature_isset(&rdev->wiphy,
4787 NL80211_EXT_FEATURE_DATA_ACK_SIGNAL_SUPPORT))
4788 PUT_SINFO(DATA_ACK_SIGNAL_AVG, avg_ack_signal, s8);
4789
4790 #undef PUT_SINFO
4791 #undef PUT_SINFO_U64
4792
4793 if (sinfo->pertid) {
4794 struct nlattr *tidsattr;
4795 int tid;
4796
4797 tidsattr = nla_nest_start(msg, NL80211_STA_INFO_TID_STATS);
4798 if (!tidsattr)
4799 goto nla_put_failure;
4800
4801 for (tid = 0; tid < IEEE80211_NUM_TIDS + 1; tid++) {
4802 struct cfg80211_tid_stats *tidstats;
4803 struct nlattr *tidattr;
4804
4805 tidstats = &sinfo->pertid[tid];
4806
4807 if (!tidstats->filled)
4808 continue;
4809
4810 tidattr = nla_nest_start(msg, tid + 1);
4811 if (!tidattr)
4812 goto nla_put_failure;
4813
4814 #define PUT_TIDVAL_U64(attr, memb) do { \
4815 if (tidstats->filled & BIT(NL80211_TID_STATS_ ## attr) && \
4816 nla_put_u64_64bit(msg, NL80211_TID_STATS_ ## attr, \
4817 tidstats->memb, NL80211_TID_STATS_PAD)) \
4818 goto nla_put_failure; \
4819 } while (0)
4820
4821 PUT_TIDVAL_U64(RX_MSDU, rx_msdu);
4822 PUT_TIDVAL_U64(TX_MSDU, tx_msdu);
4823 PUT_TIDVAL_U64(TX_MSDU_RETRIES, tx_msdu_retries);
4824 PUT_TIDVAL_U64(TX_MSDU_FAILED, tx_msdu_failed);
4825
4826 #undef PUT_TIDVAL_U64
4827 if ((tidstats->filled &
4828 BIT(NL80211_TID_STATS_TXQ_STATS)) &&
4829 !nl80211_put_txq_stats(msg, &tidstats->txq_stats,
4830 NL80211_TID_STATS_TXQ_STATS))
4831 goto nla_put_failure;
4832
4833 nla_nest_end(msg, tidattr);
4834 }
4835
4836 nla_nest_end(msg, tidsattr);
4837 }
4838
4839 nla_nest_end(msg, sinfoattr);
4840
4841 if (sinfo->assoc_req_ies_len &&
4842 nla_put(msg, NL80211_ATTR_IE, sinfo->assoc_req_ies_len,
4843 sinfo->assoc_req_ies))
4844 goto nla_put_failure;
4845
4846 cfg80211_sinfo_release_content(sinfo);
4847 genlmsg_end(msg, hdr);
4848 return 0;
4849
4850 nla_put_failure:
4851 cfg80211_sinfo_release_content(sinfo);
4852 genlmsg_cancel(msg, hdr);
4853 return -EMSGSIZE;
4854 }
4855
4856 static int nl80211_dump_station(struct sk_buff *skb,
4857 struct netlink_callback *cb)
4858 {
4859 struct station_info sinfo;
4860 struct cfg80211_registered_device *rdev;
4861 struct wireless_dev *wdev;
4862 u8 mac_addr[ETH_ALEN];
4863 int sta_idx = cb->args[2];
4864 int err;
4865
4866 rtnl_lock();
4867 err = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev);
4868 if (err)
4869 goto out_err;
4870
4871 if (!wdev->netdev) {
4872 err = -EINVAL;
4873 goto out_err;
4874 }
4875
4876 if (!rdev->ops->dump_station) {
4877 err = -EOPNOTSUPP;
4878 goto out_err;
4879 }
4880
4881 while (1) {
4882 memset(&sinfo, 0, sizeof(sinfo));
4883 err = rdev_dump_station(rdev, wdev->netdev, sta_idx,
4884 mac_addr, &sinfo);
4885 if (err == -ENOENT)
4886 break;
4887 if (err)
4888 goto out_err;
4889
4890 if (nl80211_send_station(skb, NL80211_CMD_NEW_STATION,
4891 NETLINK_CB(cb->skb).portid,
4892 cb->nlh->nlmsg_seq, NLM_F_MULTI,
4893 rdev, wdev->netdev, mac_addr,
4894 &sinfo) < 0)
4895 goto out;
4896
4897 sta_idx++;
4898 }
4899
4900 out:
4901 cb->args[2] = sta_idx;
4902 err = skb->len;
4903 out_err:
4904 rtnl_unlock();
4905
4906 return err;
4907 }
4908
4909 static int nl80211_get_station(struct sk_buff *skb, struct genl_info *info)
4910 {
4911 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4912 struct net_device *dev = info->user_ptr[1];
4913 struct station_info sinfo;
4914 struct sk_buff *msg;
4915 u8 *mac_addr = NULL;
4916 int err;
4917
4918 memset(&sinfo, 0, sizeof(sinfo));
4919
4920 if (!info->attrs[NL80211_ATTR_MAC])
4921 return -EINVAL;
4922
4923 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4924
4925 if (!rdev->ops->get_station)
4926 return -EOPNOTSUPP;
4927
4928 err = rdev_get_station(rdev, dev, mac_addr, &sinfo);
4929 if (err)
4930 return err;
4931
4932 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4933 if (!msg) {
4934 cfg80211_sinfo_release_content(&sinfo);
4935 return -ENOMEM;
4936 }
4937
4938 if (nl80211_send_station(msg, NL80211_CMD_NEW_STATION,
4939 info->snd_portid, info->snd_seq, 0,
4940 rdev, dev, mac_addr, &sinfo) < 0) {
4941 nlmsg_free(msg);
4942 return -ENOBUFS;
4943 }
4944
4945 return genlmsg_reply(msg, info);
4946 }
4947
4948 int cfg80211_check_station_change(struct wiphy *wiphy,
4949 struct station_parameters *params,
4950 enum cfg80211_station_type statype)
4951 {
4952 if (params->listen_interval != -1 &&
4953 statype != CFG80211_STA_AP_CLIENT_UNASSOC)
4954 return -EINVAL;
4955
4956 if (params->support_p2p_ps != -1 &&
4957 statype != CFG80211_STA_AP_CLIENT_UNASSOC)
4958 return -EINVAL;
4959
4960 if (params->aid &&
4961 !(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) &&
4962 statype != CFG80211_STA_AP_CLIENT_UNASSOC)
4963 return -EINVAL;
4964
4965 /* When you run into this, adjust the code below for the new flag */
4966 BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 7);
4967
4968 switch (statype) {
4969 case CFG80211_STA_MESH_PEER_KERNEL:
4970 case CFG80211_STA_MESH_PEER_USER:
4971 /*
4972 * No ignoring the TDLS flag here -- the userspace mesh
4973 * code doesn't have the bug of including TDLS in the
4974 * mask everywhere.
4975 */
4976 if (params->sta_flags_mask &
4977 ~(BIT(NL80211_STA_FLAG_AUTHENTICATED) |
4978 BIT(NL80211_STA_FLAG_MFP) |
4979 BIT(NL80211_STA_FLAG_AUTHORIZED)))
4980 return -EINVAL;
4981 break;
4982 case CFG80211_STA_TDLS_PEER_SETUP:
4983 case CFG80211_STA_TDLS_PEER_ACTIVE:
4984 if (!(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
4985 return -EINVAL;
4986 /* ignore since it can't change */
4987 params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
4988 break;
4989 default:
4990 /* disallow mesh-specific things */
4991 if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION)
4992 return -EINVAL;
4993 if (params->local_pm)
4994 return -EINVAL;
4995 if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE)
4996 return -EINVAL;
4997 }
4998
4999 if (statype != CFG80211_STA_TDLS_PEER_SETUP &&
5000 statype != CFG80211_STA_TDLS_PEER_ACTIVE) {
5001 /* TDLS can't be set, ... */
5002 if (params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))
5003 return -EINVAL;
5004 /*
5005 * ... but don't bother the driver with it. This works around
5006 * a hostapd/wpa_supplicant issue -- it always includes the
5007 * TLDS_PEER flag in the mask even for AP mode.
5008 */
5009 params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
5010 }
5011
5012 if (statype != CFG80211_STA_TDLS_PEER_SETUP &&
5013 statype != CFG80211_STA_AP_CLIENT_UNASSOC) {
5014 /* reject other things that can't change */
5015 if (params->sta_modify_mask & STATION_PARAM_APPLY_UAPSD)
5016 return -EINVAL;
5017 if (params->sta_modify_mask & STATION_PARAM_APPLY_CAPABILITY)
5018 return -EINVAL;
5019 if (params->supported_rates)
5020 return -EINVAL;
5021 if (params->ext_capab || params->ht_capa || params->vht_capa ||
5022 params->he_capa)
5023 return -EINVAL;
5024 }
5025
5026 if (statype != CFG80211_STA_AP_CLIENT &&
5027 statype != CFG80211_STA_AP_CLIENT_UNASSOC) {
5028 if (params->vlan)
5029 return -EINVAL;
5030 }
5031
5032 switch (statype) {
5033 case CFG80211_STA_AP_MLME_CLIENT:
5034 /* Use this only for authorizing/unauthorizing a station */
5035 if (!(params->sta_flags_mask & BIT(NL80211_STA_FLAG_AUTHORIZED)))
5036 return -EOPNOTSUPP;
5037 break;
5038 case CFG80211_STA_AP_CLIENT:
5039 case CFG80211_STA_AP_CLIENT_UNASSOC:
5040 /* accept only the listed bits */
5041 if (params->sta_flags_mask &
5042 ~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
5043 BIT(NL80211_STA_FLAG_AUTHENTICATED) |
5044 BIT(NL80211_STA_FLAG_ASSOCIATED) |
5045 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
5046 BIT(NL80211_STA_FLAG_WME) |
5047 BIT(NL80211_STA_FLAG_MFP)))
5048 return -EINVAL;
5049
5050 /* but authenticated/associated only if driver handles it */
5051 if (!(wiphy->features & NL80211_FEATURE_FULL_AP_CLIENT_STATE) &&
5052 params->sta_flags_mask &
5053 (BIT(NL80211_STA_FLAG_AUTHENTICATED) |
5054 BIT(NL80211_STA_FLAG_ASSOCIATED)))
5055 return -EINVAL;
5056 break;
5057 case CFG80211_STA_IBSS:
5058 case CFG80211_STA_AP_STA:
5059 /* reject any changes other than AUTHORIZED */
5060 if (params->sta_flags_mask & ~BIT(NL80211_STA_FLAG_AUTHORIZED))
5061 return -EINVAL;
5062 break;
5063 case CFG80211_STA_TDLS_PEER_SETUP:
5064 /* reject any changes other than AUTHORIZED or WME */
5065 if (params->sta_flags_mask & ~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
5066 BIT(NL80211_STA_FLAG_WME)))
5067 return -EINVAL;
5068 /* force (at least) rates when authorizing */
5069 if (params->sta_flags_set & BIT(NL80211_STA_FLAG_AUTHORIZED) &&
5070 !params->supported_rates)
5071 return -EINVAL;
5072 break;
5073 case CFG80211_STA_TDLS_PEER_ACTIVE:
5074 /* reject any changes */
5075 return -EINVAL;
5076 case CFG80211_STA_MESH_PEER_KERNEL:
5077 if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE)
5078 return -EINVAL;
5079 break;
5080 case CFG80211_STA_MESH_PEER_USER:
5081 if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION &&
5082 params->plink_action != NL80211_PLINK_ACTION_BLOCK)
5083 return -EINVAL;
5084 break;
5085 }
5086
5087 /*
5088 * Older kernel versions ignored this attribute entirely, so don't
5089 * reject attempts to update it but mark it as unused instead so the
5090 * driver won't look at the data.
5091 */
5092 if (statype != CFG80211_STA_AP_CLIENT_UNASSOC &&
5093 statype != CFG80211_STA_TDLS_PEER_SETUP)
5094 params->opmode_notif_used = false;
5095
5096 return 0;
5097 }
5098 EXPORT_SYMBOL(cfg80211_check_station_change);
5099
5100 /*
5101 * Get vlan interface making sure it is running and on the right wiphy.
5102 */
5103 static struct net_device *get_vlan(struct genl_info *info,
5104 struct cfg80211_registered_device *rdev)
5105 {
5106 struct nlattr *vlanattr = info->attrs[NL80211_ATTR_STA_VLAN];
5107 struct net_device *v;
5108 int ret;
5109
5110 if (!vlanattr)
5111 return NULL;
5112
5113 v = dev_get_by_index(genl_info_net(info), nla_get_u32(vlanattr));
5114 if (!v)
5115 return ERR_PTR(-ENODEV);
5116
5117 if (!v->ieee80211_ptr || v->ieee80211_ptr->wiphy != &rdev->wiphy) {
5118 ret = -EINVAL;
5119 goto error;
5120 }
5121
5122 if (v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
5123 v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
5124 v->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) {
5125 ret = -EINVAL;
5126 goto error;
5127 }
5128
5129 if (!netif_running(v)) {
5130 ret = -ENETDOWN;
5131 goto error;
5132 }
5133
5134 return v;
5135 error:
5136 dev_put(v);
5137 return ERR_PTR(ret);
5138 }
5139
5140 static const struct nla_policy
5141 nl80211_sta_wme_policy[NL80211_STA_WME_MAX + 1] = {
5142 [NL80211_STA_WME_UAPSD_QUEUES] = { .type = NLA_U8 },
5143 [NL80211_STA_WME_MAX_SP] = { .type = NLA_U8 },
5144 };
5145
5146 static int nl80211_parse_sta_wme(struct genl_info *info,
5147 struct station_parameters *params)
5148 {
5149 struct nlattr *tb[NL80211_STA_WME_MAX + 1];
5150 struct nlattr *nla;
5151 int err;
5152
5153 /* parse WME attributes if present */
5154 if (!info->attrs[NL80211_ATTR_STA_WME])
5155 return 0;
5156
5157 nla = info->attrs[NL80211_ATTR_STA_WME];
5158 err = nla_parse_nested(tb, NL80211_STA_WME_MAX, nla,
5159 nl80211_sta_wme_policy, info->extack);
5160 if (err)
5161 return err;
5162
5163 if (tb[NL80211_STA_WME_UAPSD_QUEUES])
5164 params->uapsd_queues = nla_get_u8(
5165 tb[NL80211_STA_WME_UAPSD_QUEUES]);
5166 if (params->uapsd_queues & ~IEEE80211_WMM_IE_STA_QOSINFO_AC_MASK)
5167 return -EINVAL;
5168
5169 if (tb[NL80211_STA_WME_MAX_SP])
5170 params->max_sp = nla_get_u8(tb[NL80211_STA_WME_MAX_SP]);
5171
5172 if (params->max_sp & ~IEEE80211_WMM_IE_STA_QOSINFO_SP_MASK)
5173 return -EINVAL;
5174
5175 params->sta_modify_mask |= STATION_PARAM_APPLY_UAPSD;
5176
5177 return 0;
5178 }
5179
5180 static int nl80211_parse_sta_channel_info(struct genl_info *info,
5181 struct station_parameters *params)
5182 {
5183 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]) {
5184 params->supported_channels =
5185 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]);
5186 params->supported_channels_len =
5187 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]);
5188 /*
5189 * Need to include at least one (first channel, number of
5190 * channels) tuple for each subband, and must have proper
5191 * tuples for the rest of the data as well.
5192 */
5193 if (params->supported_channels_len < 2)
5194 return -EINVAL;
5195 if (params->supported_channels_len % 2)
5196 return -EINVAL;
5197 }
5198
5199 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]) {
5200 params->supported_oper_classes =
5201 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]);
5202 params->supported_oper_classes_len =
5203 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]);
5204 /*
5205 * The value of the Length field of the Supported Operating
5206 * Classes element is between 2 and 253.
5207 */
5208 if (params->supported_oper_classes_len < 2 ||
5209 params->supported_oper_classes_len > 253)
5210 return -EINVAL;
5211 }
5212 return 0;
5213 }
5214
5215 static int nl80211_set_station_tdls(struct genl_info *info,
5216 struct station_parameters *params)
5217 {
5218 int err;
5219 /* Dummy STA entry gets updated once the peer capabilities are known */
5220 if (info->attrs[NL80211_ATTR_PEER_AID])
5221 params->aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
5222 if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
5223 params->ht_capa =
5224 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
5225 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
5226 params->vht_capa =
5227 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
5228 if (info->attrs[NL80211_ATTR_HE_CAPABILITY]) {
5229 params->he_capa =
5230 nla_data(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
5231 params->he_capa_len =
5232 nla_len(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
5233
5234 if (params->he_capa_len < NL80211_HE_MIN_CAPABILITY_LEN)
5235 return -EINVAL;
5236 }
5237
5238 err = nl80211_parse_sta_channel_info(info, params);
5239 if (err)
5240 return err;
5241
5242 return nl80211_parse_sta_wme(info, params);
5243 }
5244
5245 static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info)
5246 {
5247 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5248 struct net_device *dev = info->user_ptr[1];
5249 struct station_parameters params;
5250 u8 *mac_addr;
5251 int err;
5252
5253 memset(&params, 0, sizeof(params));
5254
5255 if (!rdev->ops->change_station)
5256 return -EOPNOTSUPP;
5257
5258 /*
5259 * AID and listen_interval properties can be set only for unassociated
5260 * station. Include these parameters here and will check them in
5261 * cfg80211_check_station_change().
5262 */
5263 if (info->attrs[NL80211_ATTR_STA_AID])
5264 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
5265
5266 if (info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
5267 params.listen_interval =
5268 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
5269 else
5270 params.listen_interval = -1;
5271
5272 if (info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]) {
5273 u8 tmp;
5274
5275 tmp = nla_get_u8(info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]);
5276 if (tmp >= NUM_NL80211_P2P_PS_STATUS)
5277 return -EINVAL;
5278
5279 params.support_p2p_ps = tmp;
5280 } else {
5281 params.support_p2p_ps = -1;
5282 }
5283
5284 if (!info->attrs[NL80211_ATTR_MAC])
5285 return -EINVAL;
5286
5287 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
5288
5289 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) {
5290 params.supported_rates =
5291 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
5292 params.supported_rates_len =
5293 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
5294 }
5295
5296 if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
5297 params.capability =
5298 nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]);
5299 params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY;
5300 }
5301
5302 if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) {
5303 params.ext_capab =
5304 nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
5305 params.ext_capab_len =
5306 nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
5307 }
5308
5309 if (parse_station_flags(info, dev->ieee80211_ptr->iftype, &params))
5310 return -EINVAL;
5311
5312 if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION]) {
5313 params.plink_action =
5314 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
5315 if (params.plink_action >= NUM_NL80211_PLINK_ACTIONS)
5316 return -EINVAL;
5317 }
5318
5319 if (info->attrs[NL80211_ATTR_STA_PLINK_STATE]) {
5320 params.plink_state =
5321 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_STATE]);
5322 if (params.plink_state >= NUM_NL80211_PLINK_STATES)
5323 return -EINVAL;
5324 if (info->attrs[NL80211_ATTR_MESH_PEER_AID]) {
5325 params.peer_aid = nla_get_u16(
5326 info->attrs[NL80211_ATTR_MESH_PEER_AID]);
5327 if (params.peer_aid > IEEE80211_MAX_AID)
5328 return -EINVAL;
5329 }
5330 params.sta_modify_mask |= STATION_PARAM_APPLY_PLINK_STATE;
5331 }
5332
5333 if (info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE]) {
5334 enum nl80211_mesh_power_mode pm = nla_get_u32(
5335 info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE]);
5336
5337 if (pm <= NL80211_MESH_POWER_UNKNOWN ||
5338 pm > NL80211_MESH_POWER_MAX)
5339 return -EINVAL;
5340
5341 params.local_pm = pm;
5342 }
5343
5344 if (info->attrs[NL80211_ATTR_OPMODE_NOTIF]) {
5345 params.opmode_notif_used = true;
5346 params.opmode_notif =
5347 nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]);
5348 }
5349
5350 /* Include parameters for TDLS peer (will check later) */
5351 err = nl80211_set_station_tdls(info, &params);
5352 if (err)
5353 return err;
5354
5355 params.vlan = get_vlan(info, rdev);
5356 if (IS_ERR(params.vlan))
5357 return PTR_ERR(params.vlan);
5358
5359 switch (dev->ieee80211_ptr->iftype) {
5360 case NL80211_IFTYPE_AP:
5361 case NL80211_IFTYPE_AP_VLAN:
5362 case NL80211_IFTYPE_P2P_GO:
5363 case NL80211_IFTYPE_P2P_CLIENT:
5364 case NL80211_IFTYPE_STATION:
5365 case NL80211_IFTYPE_ADHOC:
5366 case NL80211_IFTYPE_MESH_POINT:
5367 break;
5368 default:
5369 err = -EOPNOTSUPP;
5370 goto out_put_vlan;
5371 }
5372
5373 /* driver will call cfg80211_check_station_change() */
5374 err = rdev_change_station(rdev, dev, mac_addr, &params);
5375
5376 out_put_vlan:
5377 if (params.vlan)
5378 dev_put(params.vlan);
5379
5380 return err;
5381 }
5382
5383 static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info)
5384 {
5385 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5386 int err;
5387 struct net_device *dev = info->user_ptr[1];
5388 struct station_parameters params;
5389 u8 *mac_addr = NULL;
5390 u32 auth_assoc = BIT(NL80211_STA_FLAG_AUTHENTICATED) |
5391 BIT(NL80211_STA_FLAG_ASSOCIATED);
5392
5393 memset(&params, 0, sizeof(params));
5394
5395 if (!rdev->ops->add_station)
5396 return -EOPNOTSUPP;
5397
5398 if (!info->attrs[NL80211_ATTR_MAC])
5399 return -EINVAL;
5400
5401 if (!info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
5402 return -EINVAL;
5403
5404 if (!info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES])
5405 return -EINVAL;
5406
5407 if (!info->attrs[NL80211_ATTR_STA_AID] &&
5408 !info->attrs[NL80211_ATTR_PEER_AID])
5409 return -EINVAL;
5410
5411 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
5412 params.supported_rates =
5413 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
5414 params.supported_rates_len =
5415 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
5416 params.listen_interval =
5417 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
5418
5419 if (info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]) {
5420 u8 tmp;
5421
5422 tmp = nla_get_u8(info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]);
5423 if (tmp >= NUM_NL80211_P2P_PS_STATUS)
5424 return -EINVAL;
5425
5426 params.support_p2p_ps = tmp;
5427 } else {
5428 /*
5429 * if not specified, assume it's supported for P2P GO interface,
5430 * and is NOT supported for AP interface
5431 */
5432 params.support_p2p_ps =
5433 dev->ieee80211_ptr->iftype == NL80211_IFTYPE_P2P_GO;
5434 }
5435
5436 if (info->attrs[NL80211_ATTR_PEER_AID])
5437 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
5438 else
5439 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
5440 if (!params.aid || params.aid > IEEE80211_MAX_AID)
5441 return -EINVAL;
5442
5443 if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
5444 params.capability =
5445 nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]);
5446 params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY;
5447 }
5448
5449 if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) {
5450 params.ext_capab =
5451 nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
5452 params.ext_capab_len =
5453 nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
5454 }
5455
5456 if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
5457 params.ht_capa =
5458 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
5459
5460 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
5461 params.vht_capa =
5462 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
5463
5464 if (info->attrs[NL80211_ATTR_HE_CAPABILITY]) {
5465 params.he_capa =
5466 nla_data(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
5467 params.he_capa_len =
5468 nla_len(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
5469
5470 /* max len is validated in nla policy */
5471 if (params.he_capa_len < NL80211_HE_MIN_CAPABILITY_LEN)
5472 return -EINVAL;
5473 }
5474
5475 if (info->attrs[NL80211_ATTR_OPMODE_NOTIF]) {
5476 params.opmode_notif_used = true;
5477 params.opmode_notif =
5478 nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]);
5479 }
5480
5481 if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION]) {
5482 params.plink_action =
5483 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
5484 if (params.plink_action >= NUM_NL80211_PLINK_ACTIONS)
5485 return -EINVAL;
5486 }
5487
5488 err = nl80211_parse_sta_channel_info(info, &params);
5489 if (err)
5490 return err;
5491
5492 err = nl80211_parse_sta_wme(info, &params);
5493 if (err)
5494 return err;
5495
5496 if (parse_station_flags(info, dev->ieee80211_ptr->iftype, &params))
5497 return -EINVAL;
5498
5499 /* HT/VHT requires QoS, but if we don't have that just ignore HT/VHT
5500 * as userspace might just pass through the capabilities from the IEs
5501 * directly, rather than enforcing this restriction and returning an
5502 * error in this case.
5503 */
5504 if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_WME))) {
5505 params.ht_capa = NULL;
5506 params.vht_capa = NULL;
5507
5508 /* HE requires WME */
5509 if (params.he_capa_len)
5510 return -EINVAL;
5511 }
5512
5513 /* When you run into this, adjust the code below for the new flag */
5514 BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 7);
5515
5516 switch (dev->ieee80211_ptr->iftype) {
5517 case NL80211_IFTYPE_AP:
5518 case NL80211_IFTYPE_AP_VLAN:
5519 case NL80211_IFTYPE_P2P_GO:
5520 /* ignore WME attributes if iface/sta is not capable */
5521 if (!(rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) ||
5522 !(params.sta_flags_set & BIT(NL80211_STA_FLAG_WME)))
5523 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
5524
5525 /* TDLS peers cannot be added */
5526 if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) ||
5527 info->attrs[NL80211_ATTR_PEER_AID])
5528 return -EINVAL;
5529 /* but don't bother the driver with it */
5530 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
5531
5532 /* allow authenticated/associated only if driver handles it */
5533 if (!(rdev->wiphy.features &
5534 NL80211_FEATURE_FULL_AP_CLIENT_STATE) &&
5535 params.sta_flags_mask & auth_assoc)
5536 return -EINVAL;
5537
5538 /* Older userspace, or userspace wanting to be compatible with
5539 * !NL80211_FEATURE_FULL_AP_CLIENT_STATE, will not set the auth
5540 * and assoc flags in the mask, but assumes the station will be
5541 * added as associated anyway since this was the required driver
5542 * behaviour before NL80211_FEATURE_FULL_AP_CLIENT_STATE was
5543 * introduced.
5544 * In order to not bother drivers with this quirk in the API
5545 * set the flags in both the mask and set for new stations in
5546 * this case.
5547 */
5548 if (!(params.sta_flags_mask & auth_assoc)) {
5549 params.sta_flags_mask |= auth_assoc;
5550 params.sta_flags_set |= auth_assoc;
5551 }
5552
5553 /* must be last in here for error handling */
5554 params.vlan = get_vlan(info, rdev);
5555 if (IS_ERR(params.vlan))
5556 return PTR_ERR(params.vlan);
5557 break;
5558 case NL80211_IFTYPE_MESH_POINT:
5559 /* ignore uAPSD data */
5560 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
5561
5562 /* associated is disallowed */
5563 if (params.sta_flags_mask & BIT(NL80211_STA_FLAG_ASSOCIATED))
5564 return -EINVAL;
5565 /* TDLS peers cannot be added */
5566 if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) ||
5567 info->attrs[NL80211_ATTR_PEER_AID])
5568 return -EINVAL;
5569 break;
5570 case NL80211_IFTYPE_STATION:
5571 case NL80211_IFTYPE_P2P_CLIENT:
5572 /* ignore uAPSD data */
5573 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
5574
5575 /* these are disallowed */
5576 if (params.sta_flags_mask &
5577 (BIT(NL80211_STA_FLAG_ASSOCIATED) |
5578 BIT(NL80211_STA_FLAG_AUTHENTICATED)))
5579 return -EINVAL;
5580 /* Only TDLS peers can be added */
5581 if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
5582 return -EINVAL;
5583 /* Can only add if TDLS ... */
5584 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS))
5585 return -EOPNOTSUPP;
5586 /* ... with external setup is supported */
5587 if (!(rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP))
5588 return -EOPNOTSUPP;
5589 /*
5590 * Older wpa_supplicant versions always mark the TDLS peer
5591 * as authorized, but it shouldn't yet be.
5592 */
5593 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_AUTHORIZED);
5594 break;
5595 default:
5596 return -EOPNOTSUPP;
5597 }
5598
5599 /* be aware of params.vlan when changing code here */
5600
5601 err = rdev_add_station(rdev, dev, mac_addr, &params);
5602
5603 if (params.vlan)
5604 dev_put(params.vlan);
5605 return err;
5606 }
5607
5608 static int nl80211_del_station(struct sk_buff *skb, struct genl_info *info)
5609 {
5610 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5611 struct net_device *dev = info->user_ptr[1];
5612 struct station_del_parameters params;
5613
5614 memset(&params, 0, sizeof(params));
5615
5616 if (info->attrs[NL80211_ATTR_MAC])
5617 params.mac = nla_data(info->attrs[NL80211_ATTR_MAC]);
5618
5619 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
5620 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
5621 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
5622 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
5623 return -EINVAL;
5624
5625 if (!rdev->ops->del_station)
5626 return -EOPNOTSUPP;
5627
5628 if (info->attrs[NL80211_ATTR_MGMT_SUBTYPE]) {
5629 params.subtype =
5630 nla_get_u8(info->attrs[NL80211_ATTR_MGMT_SUBTYPE]);
5631 if (params.subtype != IEEE80211_STYPE_DISASSOC >> 4 &&
5632 params.subtype != IEEE80211_STYPE_DEAUTH >> 4)
5633 return -EINVAL;
5634 } else {
5635 /* Default to Deauthentication frame */
5636 params.subtype = IEEE80211_STYPE_DEAUTH >> 4;
5637 }
5638
5639 if (info->attrs[NL80211_ATTR_REASON_CODE]) {
5640 params.reason_code =
5641 nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
5642 if (params.reason_code == 0)
5643 return -EINVAL; /* 0 is reserved */
5644 } else {
5645 /* Default to reason code 2 */
5646 params.reason_code = WLAN_REASON_PREV_AUTH_NOT_VALID;
5647 }
5648
5649 return rdev_del_station(rdev, dev, &params);
5650 }
5651
5652 static int nl80211_send_mpath(struct sk_buff *msg, u32 portid, u32 seq,
5653 int flags, struct net_device *dev,
5654 u8 *dst, u8 *next_hop,
5655 struct mpath_info *pinfo)
5656 {
5657 void *hdr;
5658 struct nlattr *pinfoattr;
5659
5660 hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_MPATH);
5661 if (!hdr)
5662 return -1;
5663
5664 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
5665 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, dst) ||
5666 nla_put(msg, NL80211_ATTR_MPATH_NEXT_HOP, ETH_ALEN, next_hop) ||
5667 nla_put_u32(msg, NL80211_ATTR_GENERATION, pinfo->generation))
5668 goto nla_put_failure;
5669
5670 pinfoattr = nla_nest_start(msg, NL80211_ATTR_MPATH_INFO);
5671 if (!pinfoattr)
5672 goto nla_put_failure;
5673 if ((pinfo->filled & MPATH_INFO_FRAME_QLEN) &&
5674 nla_put_u32(msg, NL80211_MPATH_INFO_FRAME_QLEN,
5675 pinfo->frame_qlen))
5676 goto nla_put_failure;
5677 if (((pinfo->filled & MPATH_INFO_SN) &&
5678 nla_put_u32(msg, NL80211_MPATH_INFO_SN, pinfo->sn)) ||
5679 ((pinfo->filled & MPATH_INFO_METRIC) &&
5680 nla_put_u32(msg, NL80211_MPATH_INFO_METRIC,
5681 pinfo->metric)) ||
5682 ((pinfo->filled & MPATH_INFO_EXPTIME) &&
5683 nla_put_u32(msg, NL80211_MPATH_INFO_EXPTIME,
5684 pinfo->exptime)) ||
5685 ((pinfo->filled & MPATH_INFO_FLAGS) &&
5686 nla_put_u8(msg, NL80211_MPATH_INFO_FLAGS,
5687 pinfo->flags)) ||
5688 ((pinfo->filled & MPATH_INFO_DISCOVERY_TIMEOUT) &&
5689 nla_put_u32(msg, NL80211_MPATH_INFO_DISCOVERY_TIMEOUT,
5690 pinfo->discovery_timeout)) ||
5691 ((pinfo->filled & MPATH_INFO_DISCOVERY_RETRIES) &&
5692 nla_put_u8(msg, NL80211_MPATH_INFO_DISCOVERY_RETRIES,
5693 pinfo->discovery_retries)))
5694 goto nla_put_failure;
5695
5696 nla_nest_end(msg, pinfoattr);
5697
5698 genlmsg_end(msg, hdr);
5699 return 0;
5700
5701 nla_put_failure:
5702 genlmsg_cancel(msg, hdr);
5703 return -EMSGSIZE;
5704 }
5705
5706 static int nl80211_dump_mpath(struct sk_buff *skb,
5707 struct netlink_callback *cb)
5708 {
5709 struct mpath_info pinfo;
5710 struct cfg80211_registered_device *rdev;
5711 struct wireless_dev *wdev;
5712 u8 dst[ETH_ALEN];
5713 u8 next_hop[ETH_ALEN];
5714 int path_idx = cb->args[2];
5715 int err;
5716
5717 rtnl_lock();
5718 err = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev);
5719 if (err)
5720 goto out_err;
5721
5722 if (!rdev->ops->dump_mpath) {
5723 err = -EOPNOTSUPP;
5724 goto out_err;
5725 }
5726
5727 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) {
5728 err = -EOPNOTSUPP;
5729 goto out_err;
5730 }
5731
5732 while (1) {
5733 err = rdev_dump_mpath(rdev, wdev->netdev, path_idx, dst,
5734 next_hop, &pinfo);
5735 if (err == -ENOENT)
5736 break;
5737 if (err)
5738 goto out_err;
5739
5740 if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid,
5741 cb->nlh->nlmsg_seq, NLM_F_MULTI,
5742 wdev->netdev, dst, next_hop,
5743 &pinfo) < 0)
5744 goto out;
5745
5746 path_idx++;
5747 }
5748
5749 out:
5750 cb->args[2] = path_idx;
5751 err = skb->len;
5752 out_err:
5753 rtnl_unlock();
5754 return err;
5755 }
5756
5757 static int nl80211_get_mpath(struct sk_buff *skb, struct genl_info *info)
5758 {
5759 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5760 int err;
5761 struct net_device *dev = info->user_ptr[1];
5762 struct mpath_info pinfo;
5763 struct sk_buff *msg;
5764 u8 *dst = NULL;
5765 u8 next_hop[ETH_ALEN];
5766
5767 memset(&pinfo, 0, sizeof(pinfo));
5768
5769 if (!info->attrs[NL80211_ATTR_MAC])
5770 return -EINVAL;
5771
5772 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
5773
5774 if (!rdev->ops->get_mpath)
5775 return -EOPNOTSUPP;
5776
5777 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
5778 return -EOPNOTSUPP;
5779
5780 err = rdev_get_mpath(rdev, dev, dst, next_hop, &pinfo);
5781 if (err)
5782 return err;
5783
5784 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5785 if (!msg)
5786 return -ENOMEM;
5787
5788 if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0,
5789 dev, dst, next_hop, &pinfo) < 0) {
5790 nlmsg_free(msg);
5791 return -ENOBUFS;
5792 }
5793
5794 return genlmsg_reply(msg, info);
5795 }
5796
5797 static int nl80211_set_mpath(struct sk_buff *skb, struct genl_info *info)
5798 {
5799 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5800 struct net_device *dev = info->user_ptr[1];
5801 u8 *dst = NULL;
5802 u8 *next_hop = NULL;
5803
5804 if (!info->attrs[NL80211_ATTR_MAC])
5805 return -EINVAL;
5806
5807 if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
5808 return -EINVAL;
5809
5810 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
5811 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
5812
5813 if (!rdev->ops->change_mpath)
5814 return -EOPNOTSUPP;
5815
5816 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
5817 return -EOPNOTSUPP;
5818
5819 return rdev_change_mpath(rdev, dev, dst, next_hop);
5820 }
5821
5822 static int nl80211_new_mpath(struct sk_buff *skb, struct genl_info *info)
5823 {
5824 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5825 struct net_device *dev = info->user_ptr[1];
5826 u8 *dst = NULL;
5827 u8 *next_hop = NULL;
5828
5829 if (!info->attrs[NL80211_ATTR_MAC])
5830 return -EINVAL;
5831
5832 if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
5833 return -EINVAL;
5834
5835 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
5836 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
5837
5838 if (!rdev->ops->add_mpath)
5839 return -EOPNOTSUPP;
5840
5841 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
5842 return -EOPNOTSUPP;
5843
5844 return rdev_add_mpath(rdev, dev, dst, next_hop);
5845 }
5846
5847 static int nl80211_del_mpath(struct sk_buff *skb, struct genl_info *info)
5848 {
5849 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5850 struct net_device *dev = info->user_ptr[1];
5851 u8 *dst = NULL;
5852
5853 if (info->attrs[NL80211_ATTR_MAC])
5854 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
5855
5856 if (!rdev->ops->del_mpath)
5857 return -EOPNOTSUPP;
5858
5859 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
5860 return -EOPNOTSUPP;
5861
5862 return rdev_del_mpath(rdev, dev, dst);
5863 }
5864
5865 static int nl80211_get_mpp(struct sk_buff *skb, struct genl_info *info)
5866 {
5867 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5868 int err;
5869 struct net_device *dev = info->user_ptr[1];
5870 struct mpath_info pinfo;
5871 struct sk_buff *msg;
5872 u8 *dst = NULL;
5873 u8 mpp[ETH_ALEN];
5874
5875 memset(&pinfo, 0, sizeof(pinfo));
5876
5877 if (!info->attrs[NL80211_ATTR_MAC])
5878 return -EINVAL;
5879
5880 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
5881
5882 if (!rdev->ops->get_mpp)
5883 return -EOPNOTSUPP;
5884
5885 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
5886 return -EOPNOTSUPP;
5887
5888 err = rdev_get_mpp(rdev, dev, dst, mpp, &pinfo);
5889 if (err)
5890 return err;
5891
5892 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5893 if (!msg)
5894 return -ENOMEM;
5895
5896 if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0,
5897 dev, dst, mpp, &pinfo) < 0) {
5898 nlmsg_free(msg);
5899 return -ENOBUFS;
5900 }
5901
5902 return genlmsg_reply(msg, info);
5903 }
5904
5905 static int nl80211_dump_mpp(struct sk_buff *skb,
5906 struct netlink_callback *cb)
5907 {
5908 struct mpath_info pinfo;
5909 struct cfg80211_registered_device *rdev;
5910 struct wireless_dev *wdev;
5911 u8 dst[ETH_ALEN];
5912 u8 mpp[ETH_ALEN];
5913 int path_idx = cb->args[2];
5914 int err;
5915
5916 rtnl_lock();
5917 err = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev);
5918 if (err)
5919 goto out_err;
5920
5921 if (!rdev->ops->dump_mpp) {
5922 err = -EOPNOTSUPP;
5923 goto out_err;
5924 }
5925
5926 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) {
5927 err = -EOPNOTSUPP;
5928 goto out_err;
5929 }
5930
5931 while (1) {
5932 err = rdev_dump_mpp(rdev, wdev->netdev, path_idx, dst,
5933 mpp, &pinfo);
5934 if (err == -ENOENT)
5935 break;
5936 if (err)
5937 goto out_err;
5938
5939 if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid,
5940 cb->nlh->nlmsg_seq, NLM_F_MULTI,
5941 wdev->netdev, dst, mpp,
5942 &pinfo) < 0)
5943 goto out;
5944
5945 path_idx++;
5946 }
5947
5948 out:
5949 cb->args[2] = path_idx;
5950 err = skb->len;
5951 out_err:
5952 rtnl_unlock();
5953 return err;
5954 }
5955
5956 static int nl80211_set_bss(struct sk_buff *skb, struct genl_info *info)
5957 {
5958 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5959 struct net_device *dev = info->user_ptr[1];
5960 struct wireless_dev *wdev = dev->ieee80211_ptr;
5961 struct bss_parameters params;
5962 int err;
5963
5964 memset(&params, 0, sizeof(params));
5965 /* default to not changing parameters */
5966 params.use_cts_prot = -1;
5967 params.use_short_preamble = -1;
5968 params.use_short_slot_time = -1;
5969 params.ap_isolate = -1;
5970 params.ht_opmode = -1;
5971 params.p2p_ctwindow = -1;
5972 params.p2p_opp_ps = -1;
5973
5974 if (info->attrs[NL80211_ATTR_BSS_CTS_PROT])
5975 params.use_cts_prot =
5976 nla_get_u8(info->attrs[NL80211_ATTR_BSS_CTS_PROT]);
5977 if (info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE])
5978 params.use_short_preamble =
5979 nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]);
5980 if (info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME])
5981 params.use_short_slot_time =
5982 nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]);
5983 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
5984 params.basic_rates =
5985 nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
5986 params.basic_rates_len =
5987 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
5988 }
5989 if (info->attrs[NL80211_ATTR_AP_ISOLATE])
5990 params.ap_isolate = !!nla_get_u8(info->attrs[NL80211_ATTR_AP_ISOLATE]);
5991 if (info->attrs[NL80211_ATTR_BSS_HT_OPMODE])
5992 params.ht_opmode =
5993 nla_get_u16(info->attrs[NL80211_ATTR_BSS_HT_OPMODE]);
5994
5995 if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
5996 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
5997 return -EINVAL;
5998 params.p2p_ctwindow =
5999 nla_get_s8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
6000 if (params.p2p_ctwindow < 0)
6001 return -EINVAL;
6002 if (params.p2p_ctwindow != 0 &&
6003 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN))
6004 return -EINVAL;
6005 }
6006
6007 if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
6008 u8 tmp;
6009
6010 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
6011 return -EINVAL;
6012 tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
6013 if (tmp > 1)
6014 return -EINVAL;
6015 params.p2p_opp_ps = tmp;
6016 if (params.p2p_opp_ps &&
6017 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS))
6018 return -EINVAL;
6019 }
6020
6021 if (!rdev->ops->change_bss)
6022 return -EOPNOTSUPP;
6023
6024 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
6025 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
6026 return -EOPNOTSUPP;
6027
6028 wdev_lock(wdev);
6029 err = rdev_change_bss(rdev, dev, &params);
6030 wdev_unlock(wdev);
6031
6032 return err;
6033 }
6034
6035 static int nl80211_req_set_reg(struct sk_buff *skb, struct genl_info *info)
6036 {
6037 char *data = NULL;
6038 bool is_indoor;
6039 enum nl80211_user_reg_hint_type user_reg_hint_type;
6040 u32 owner_nlportid;
6041
6042 /*
6043 * You should only get this when cfg80211 hasn't yet initialized
6044 * completely when built-in to the kernel right between the time
6045 * window between nl80211_init() and regulatory_init(), if that is
6046 * even possible.
6047 */
6048 if (unlikely(!rcu_access_pointer(cfg80211_regdomain)))
6049 return -EINPROGRESS;
6050
6051 if (info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE])
6052 user_reg_hint_type =
6053 nla_get_u32(info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE]);
6054 else
6055 user_reg_hint_type = NL80211_USER_REG_HINT_USER;
6056
6057 switch (user_reg_hint_type) {
6058 case NL80211_USER_REG_HINT_USER:
6059 case NL80211_USER_REG_HINT_CELL_BASE:
6060 if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
6061 return -EINVAL;
6062
6063 data = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
6064 return regulatory_hint_user(data, user_reg_hint_type);
6065 case NL80211_USER_REG_HINT_INDOOR:
6066 if (info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
6067 owner_nlportid = info->snd_portid;
6068 is_indoor = !!info->attrs[NL80211_ATTR_REG_INDOOR];
6069 } else {
6070 owner_nlportid = 0;
6071 is_indoor = true;
6072 }
6073
6074 return regulatory_hint_indoor(is_indoor, owner_nlportid);
6075 default:
6076 return -EINVAL;
6077 }
6078 }
6079
6080 static int nl80211_reload_regdb(struct sk_buff *skb, struct genl_info *info)
6081 {
6082 return reg_reload_regdb();
6083 }
6084
6085 static int nl80211_get_mesh_config(struct sk_buff *skb,
6086 struct genl_info *info)
6087 {
6088 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6089 struct net_device *dev = info->user_ptr[1];
6090 struct wireless_dev *wdev = dev->ieee80211_ptr;
6091 struct mesh_config cur_params;
6092 int err = 0;
6093 void *hdr;
6094 struct nlattr *pinfoattr;
6095 struct sk_buff *msg;
6096
6097 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
6098 return -EOPNOTSUPP;
6099
6100 if (!rdev->ops->get_mesh_config)
6101 return -EOPNOTSUPP;
6102
6103 wdev_lock(wdev);
6104 /* If not connected, get default parameters */
6105 if (!wdev->mesh_id_len)
6106 memcpy(&cur_params, &default_mesh_config, sizeof(cur_params));
6107 else
6108 err = rdev_get_mesh_config(rdev, dev, &cur_params);
6109 wdev_unlock(wdev);
6110
6111 if (err)
6112 return err;
6113
6114 /* Draw up a netlink message to send back */
6115 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
6116 if (!msg)
6117 return -ENOMEM;
6118 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
6119 NL80211_CMD_GET_MESH_CONFIG);
6120 if (!hdr)
6121 goto out;
6122 pinfoattr = nla_nest_start(msg, NL80211_ATTR_MESH_CONFIG);
6123 if (!pinfoattr)
6124 goto nla_put_failure;
6125 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
6126 nla_put_u16(msg, NL80211_MESHCONF_RETRY_TIMEOUT,
6127 cur_params.dot11MeshRetryTimeout) ||
6128 nla_put_u16(msg, NL80211_MESHCONF_CONFIRM_TIMEOUT,
6129 cur_params.dot11MeshConfirmTimeout) ||
6130 nla_put_u16(msg, NL80211_MESHCONF_HOLDING_TIMEOUT,
6131 cur_params.dot11MeshHoldingTimeout) ||
6132 nla_put_u16(msg, NL80211_MESHCONF_MAX_PEER_LINKS,
6133 cur_params.dot11MeshMaxPeerLinks) ||
6134 nla_put_u8(msg, NL80211_MESHCONF_MAX_RETRIES,
6135 cur_params.dot11MeshMaxRetries) ||
6136 nla_put_u8(msg, NL80211_MESHCONF_TTL,
6137 cur_params.dot11MeshTTL) ||
6138 nla_put_u8(msg, NL80211_MESHCONF_ELEMENT_TTL,
6139 cur_params.element_ttl) ||
6140 nla_put_u8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
6141 cur_params.auto_open_plinks) ||
6142 nla_put_u32(msg, NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
6143 cur_params.dot11MeshNbrOffsetMaxNeighbor) ||
6144 nla_put_u8(msg, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
6145 cur_params.dot11MeshHWMPmaxPREQretries) ||
6146 nla_put_u32(msg, NL80211_MESHCONF_PATH_REFRESH_TIME,
6147 cur_params.path_refresh_time) ||
6148 nla_put_u16(msg, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
6149 cur_params.min_discovery_timeout) ||
6150 nla_put_u32(msg, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
6151 cur_params.dot11MeshHWMPactivePathTimeout) ||
6152 nla_put_u16(msg, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
6153 cur_params.dot11MeshHWMPpreqMinInterval) ||
6154 nla_put_u16(msg, NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
6155 cur_params.dot11MeshHWMPperrMinInterval) ||
6156 nla_put_u16(msg, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
6157 cur_params.dot11MeshHWMPnetDiameterTraversalTime) ||
6158 nla_put_u8(msg, NL80211_MESHCONF_HWMP_ROOTMODE,
6159 cur_params.dot11MeshHWMPRootMode) ||
6160 nla_put_u16(msg, NL80211_MESHCONF_HWMP_RANN_INTERVAL,
6161 cur_params.dot11MeshHWMPRannInterval) ||
6162 nla_put_u8(msg, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
6163 cur_params.dot11MeshGateAnnouncementProtocol) ||
6164 nla_put_u8(msg, NL80211_MESHCONF_FORWARDING,
6165 cur_params.dot11MeshForwarding) ||
6166 nla_put_s32(msg, NL80211_MESHCONF_RSSI_THRESHOLD,
6167 cur_params.rssi_threshold) ||
6168 nla_put_u32(msg, NL80211_MESHCONF_HT_OPMODE,
6169 cur_params.ht_opmode) ||
6170 nla_put_u32(msg, NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
6171 cur_params.dot11MeshHWMPactivePathToRootTimeout) ||
6172 nla_put_u16(msg, NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
6173 cur_params.dot11MeshHWMProotInterval) ||
6174 nla_put_u16(msg, NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
6175 cur_params.dot11MeshHWMPconfirmationInterval) ||
6176 nla_put_u32(msg, NL80211_MESHCONF_POWER_MODE,
6177 cur_params.power_mode) ||
6178 nla_put_u16(msg, NL80211_MESHCONF_AWAKE_WINDOW,
6179 cur_params.dot11MeshAwakeWindowDuration) ||
6180 nla_put_u32(msg, NL80211_MESHCONF_PLINK_TIMEOUT,
6181 cur_params.plink_timeout))
6182 goto nla_put_failure;
6183 nla_nest_end(msg, pinfoattr);
6184 genlmsg_end(msg, hdr);
6185 return genlmsg_reply(msg, info);
6186
6187 nla_put_failure:
6188 out:
6189 nlmsg_free(msg);
6190 return -ENOBUFS;
6191 }
6192
6193 static const struct nla_policy nl80211_meshconf_params_policy[NL80211_MESHCONF_ATTR_MAX+1] = {
6194 [NL80211_MESHCONF_RETRY_TIMEOUT] = { .type = NLA_U16 },
6195 [NL80211_MESHCONF_CONFIRM_TIMEOUT] = { .type = NLA_U16 },
6196 [NL80211_MESHCONF_HOLDING_TIMEOUT] = { .type = NLA_U16 },
6197 [NL80211_MESHCONF_MAX_PEER_LINKS] = { .type = NLA_U16 },
6198 [NL80211_MESHCONF_MAX_RETRIES] = { .type = NLA_U8 },
6199 [NL80211_MESHCONF_TTL] = { .type = NLA_U8 },
6200 [NL80211_MESHCONF_ELEMENT_TTL] = { .type = NLA_U8 },
6201 [NL80211_MESHCONF_AUTO_OPEN_PLINKS] = { .type = NLA_U8 },
6202 [NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR] = { .type = NLA_U32 },
6203 [NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES] = { .type = NLA_U8 },
6204 [NL80211_MESHCONF_PATH_REFRESH_TIME] = { .type = NLA_U32 },
6205 [NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT] = { .type = NLA_U16 },
6206 [NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT] = { .type = NLA_U32 },
6207 [NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL] = { .type = NLA_U16 },
6208 [NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL] = { .type = NLA_U16 },
6209 [NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME] = { .type = NLA_U16 },
6210 [NL80211_MESHCONF_HWMP_ROOTMODE] = { .type = NLA_U8 },
6211 [NL80211_MESHCONF_HWMP_RANN_INTERVAL] = { .type = NLA_U16 },
6212 [NL80211_MESHCONF_GATE_ANNOUNCEMENTS] = { .type = NLA_U8 },
6213 [NL80211_MESHCONF_FORWARDING] = { .type = NLA_U8 },
6214 [NL80211_MESHCONF_RSSI_THRESHOLD] = { .type = NLA_U32 },
6215 [NL80211_MESHCONF_HT_OPMODE] = { .type = NLA_U16 },
6216 [NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT] = { .type = NLA_U32 },
6217 [NL80211_MESHCONF_HWMP_ROOT_INTERVAL] = { .type = NLA_U16 },
6218 [NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL] = { .type = NLA_U16 },
6219 [NL80211_MESHCONF_POWER_MODE] = { .type = NLA_U32 },
6220 [NL80211_MESHCONF_AWAKE_WINDOW] = { .type = NLA_U16 },
6221 [NL80211_MESHCONF_PLINK_TIMEOUT] = { .type = NLA_U32 },
6222 };
6223
6224 static const struct nla_policy
6225 nl80211_mesh_setup_params_policy[NL80211_MESH_SETUP_ATTR_MAX+1] = {
6226 [NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC] = { .type = NLA_U8 },
6227 [NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL] = { .type = NLA_U8 },
6228 [NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC] = { .type = NLA_U8 },
6229 [NL80211_MESH_SETUP_USERSPACE_AUTH] = { .type = NLA_FLAG },
6230 [NL80211_MESH_SETUP_AUTH_PROTOCOL] = { .type = NLA_U8 },
6231 [NL80211_MESH_SETUP_USERSPACE_MPM] = { .type = NLA_FLAG },
6232 [NL80211_MESH_SETUP_IE] = { .type = NLA_BINARY,
6233 .len = IEEE80211_MAX_DATA_LEN },
6234 [NL80211_MESH_SETUP_USERSPACE_AMPE] = { .type = NLA_FLAG },
6235 };
6236
6237 static int nl80211_check_bool(const struct nlattr *nla, u8 min, u8 max, bool *out)
6238 {
6239 u8 val = nla_get_u8(nla);
6240 if (val < min || val > max)
6241 return -EINVAL;
6242 *out = val;
6243 return 0;
6244 }
6245
6246 static int nl80211_check_u8(const struct nlattr *nla, u8 min, u8 max, u8 *out)
6247 {
6248 u8 val = nla_get_u8(nla);
6249 if (val < min || val > max)
6250 return -EINVAL;
6251 *out = val;
6252 return 0;
6253 }
6254
6255 static int nl80211_check_u16(const struct nlattr *nla, u16 min, u16 max, u16 *out)
6256 {
6257 u16 val = nla_get_u16(nla);
6258 if (val < min || val > max)
6259 return -EINVAL;
6260 *out = val;
6261 return 0;
6262 }
6263
6264 static int nl80211_check_u32(const struct nlattr *nla, u32 min, u32 max, u32 *out)
6265 {
6266 u32 val = nla_get_u32(nla);
6267 if (val < min || val > max)
6268 return -EINVAL;
6269 *out = val;
6270 return 0;
6271 }
6272
6273 static int nl80211_check_s32(const struct nlattr *nla, s32 min, s32 max, s32 *out)
6274 {
6275 s32 val = nla_get_s32(nla);
6276 if (val < min || val > max)
6277 return -EINVAL;
6278 *out = val;
6279 return 0;
6280 }
6281
6282 static int nl80211_check_power_mode(const struct nlattr *nla,
6283 enum nl80211_mesh_power_mode min,
6284 enum nl80211_mesh_power_mode max,
6285 enum nl80211_mesh_power_mode *out)
6286 {
6287 u32 val = nla_get_u32(nla);
6288 if (val < min || val > max)
6289 return -EINVAL;
6290 *out = val;
6291 return 0;
6292 }
6293
6294 static int nl80211_parse_mesh_config(struct genl_info *info,
6295 struct mesh_config *cfg,
6296 u32 *mask_out)
6297 {
6298 struct nlattr *tb[NL80211_MESHCONF_ATTR_MAX + 1];
6299 u32 mask = 0;
6300 u16 ht_opmode;
6301
6302 #define FILL_IN_MESH_PARAM_IF_SET(tb, cfg, param, min, max, mask, attr, fn) \
6303 do { \
6304 if (tb[attr]) { \
6305 if (fn(tb[attr], min, max, &cfg->param)) \
6306 return -EINVAL; \
6307 mask |= (1 << (attr - 1)); \
6308 } \
6309 } while (0)
6310
6311 if (!info->attrs[NL80211_ATTR_MESH_CONFIG])
6312 return -EINVAL;
6313 if (nla_parse_nested(tb, NL80211_MESHCONF_ATTR_MAX,
6314 info->attrs[NL80211_ATTR_MESH_CONFIG],
6315 nl80211_meshconf_params_policy, info->extack))
6316 return -EINVAL;
6317
6318 /* This makes sure that there aren't more than 32 mesh config
6319 * parameters (otherwise our bitfield scheme would not work.) */
6320 BUILD_BUG_ON(NL80211_MESHCONF_ATTR_MAX > 32);
6321
6322 /* Fill in the params struct */
6323 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshRetryTimeout, 1, 255,
6324 mask, NL80211_MESHCONF_RETRY_TIMEOUT,
6325 nl80211_check_u16);
6326 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConfirmTimeout, 1, 255,
6327 mask, NL80211_MESHCONF_CONFIRM_TIMEOUT,
6328 nl80211_check_u16);
6329 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHoldingTimeout, 1, 255,
6330 mask, NL80211_MESHCONF_HOLDING_TIMEOUT,
6331 nl80211_check_u16);
6332 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxPeerLinks, 0, 255,
6333 mask, NL80211_MESHCONF_MAX_PEER_LINKS,
6334 nl80211_check_u16);
6335 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxRetries, 0, 16,
6336 mask, NL80211_MESHCONF_MAX_RETRIES,
6337 nl80211_check_u8);
6338 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshTTL, 1, 255,
6339 mask, NL80211_MESHCONF_TTL, nl80211_check_u8);
6340 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, element_ttl, 1, 255,
6341 mask, NL80211_MESHCONF_ELEMENT_TTL,
6342 nl80211_check_u8);
6343 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, auto_open_plinks, 0, 1,
6344 mask, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
6345 nl80211_check_bool);
6346 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshNbrOffsetMaxNeighbor,
6347 1, 255, mask,
6348 NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
6349 nl80211_check_u32);
6350 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPmaxPREQretries, 0, 255,
6351 mask, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
6352 nl80211_check_u8);
6353 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, path_refresh_time, 1, 65535,
6354 mask, NL80211_MESHCONF_PATH_REFRESH_TIME,
6355 nl80211_check_u32);
6356 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, min_discovery_timeout, 1, 65535,
6357 mask, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
6358 nl80211_check_u16);
6359 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathTimeout,
6360 1, 65535, mask,
6361 NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
6362 nl80211_check_u32);
6363 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPpreqMinInterval,
6364 1, 65535, mask,
6365 NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
6366 nl80211_check_u16);
6367 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPperrMinInterval,
6368 1, 65535, mask,
6369 NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
6370 nl80211_check_u16);
6371 FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
6372 dot11MeshHWMPnetDiameterTraversalTime,
6373 1, 65535, mask,
6374 NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
6375 nl80211_check_u16);
6376 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRootMode, 0, 4,
6377 mask, NL80211_MESHCONF_HWMP_ROOTMODE,
6378 nl80211_check_u8);
6379 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRannInterval, 1, 65535,
6380 mask, NL80211_MESHCONF_HWMP_RANN_INTERVAL,
6381 nl80211_check_u16);
6382 FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
6383 dot11MeshGateAnnouncementProtocol, 0, 1,
6384 mask, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
6385 nl80211_check_bool);
6386 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshForwarding, 0, 1,
6387 mask, NL80211_MESHCONF_FORWARDING,
6388 nl80211_check_bool);
6389 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, rssi_threshold, -255, 0,
6390 mask, NL80211_MESHCONF_RSSI_THRESHOLD,
6391 nl80211_check_s32);
6392 /*
6393 * Check HT operation mode based on
6394 * IEEE 802.11-2016 9.4.2.57 HT Operation element.
6395 */
6396 if (tb[NL80211_MESHCONF_HT_OPMODE]) {
6397 ht_opmode = nla_get_u16(tb[NL80211_MESHCONF_HT_OPMODE]);
6398
6399 if (ht_opmode & ~(IEEE80211_HT_OP_MODE_PROTECTION |
6400 IEEE80211_HT_OP_MODE_NON_GF_STA_PRSNT |
6401 IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT))
6402 return -EINVAL;
6403
6404 /* NON_HT_STA bit is reserved, but some programs set it */
6405 ht_opmode &= ~IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT;
6406
6407 cfg->ht_opmode = ht_opmode;
6408 mask |= (1 << (NL80211_MESHCONF_HT_OPMODE - 1));
6409 }
6410 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathToRootTimeout,
6411 1, 65535, mask,
6412 NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
6413 nl80211_check_u32);
6414 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMProotInterval, 1, 65535,
6415 mask, NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
6416 nl80211_check_u16);
6417 FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
6418 dot11MeshHWMPconfirmationInterval,
6419 1, 65535, mask,
6420 NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
6421 nl80211_check_u16);
6422 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, power_mode,
6423 NL80211_MESH_POWER_ACTIVE,
6424 NL80211_MESH_POWER_MAX,
6425 mask, NL80211_MESHCONF_POWER_MODE,
6426 nl80211_check_power_mode);
6427 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshAwakeWindowDuration,
6428 0, 65535, mask,
6429 NL80211_MESHCONF_AWAKE_WINDOW, nl80211_check_u16);
6430 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, plink_timeout, 0, 0xffffffff,
6431 mask, NL80211_MESHCONF_PLINK_TIMEOUT,
6432 nl80211_check_u32);
6433 if (mask_out)
6434 *mask_out = mask;
6435
6436 return 0;
6437
6438 #undef FILL_IN_MESH_PARAM_IF_SET
6439 }
6440
6441 static int nl80211_parse_mesh_setup(struct genl_info *info,
6442 struct mesh_setup *setup)
6443 {
6444 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6445 struct nlattr *tb[NL80211_MESH_SETUP_ATTR_MAX + 1];
6446
6447 if (!info->attrs[NL80211_ATTR_MESH_SETUP])
6448 return -EINVAL;
6449 if (nla_parse_nested(tb, NL80211_MESH_SETUP_ATTR_MAX,
6450 info->attrs[NL80211_ATTR_MESH_SETUP],
6451 nl80211_mesh_setup_params_policy, info->extack))
6452 return -EINVAL;
6453
6454 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])
6455 setup->sync_method =
6456 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])) ?
6457 IEEE80211_SYNC_METHOD_VENDOR :
6458 IEEE80211_SYNC_METHOD_NEIGHBOR_OFFSET;
6459
6460 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])
6461 setup->path_sel_proto =
6462 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])) ?
6463 IEEE80211_PATH_PROTOCOL_VENDOR :
6464 IEEE80211_PATH_PROTOCOL_HWMP;
6465
6466 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])
6467 setup->path_metric =
6468 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])) ?
6469 IEEE80211_PATH_METRIC_VENDOR :
6470 IEEE80211_PATH_METRIC_AIRTIME;
6471
6472 if (tb[NL80211_MESH_SETUP_IE]) {
6473 struct nlattr *ieattr =
6474 tb[NL80211_MESH_SETUP_IE];
6475 if (!is_valid_ie_attr(ieattr))
6476 return -EINVAL;
6477 setup->ie = nla_data(ieattr);
6478 setup->ie_len = nla_len(ieattr);
6479 }
6480 if (tb[NL80211_MESH_SETUP_USERSPACE_MPM] &&
6481 !(rdev->wiphy.features & NL80211_FEATURE_USERSPACE_MPM))
6482 return -EINVAL;
6483 setup->user_mpm = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_MPM]);
6484 setup->is_authenticated = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AUTH]);
6485 setup->is_secure = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AMPE]);
6486 if (setup->is_secure)
6487 setup->user_mpm = true;
6488
6489 if (tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]) {
6490 if (!setup->user_mpm)
6491 return -EINVAL;
6492 setup->auth_id =
6493 nla_get_u8(tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]);
6494 }
6495
6496 return 0;
6497 }
6498
6499 static int nl80211_update_mesh_config(struct sk_buff *skb,
6500 struct genl_info *info)
6501 {
6502 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6503 struct net_device *dev = info->user_ptr[1];
6504 struct wireless_dev *wdev = dev->ieee80211_ptr;
6505 struct mesh_config cfg;
6506 u32 mask;
6507 int err;
6508
6509 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
6510 return -EOPNOTSUPP;
6511
6512 if (!rdev->ops->update_mesh_config)
6513 return -EOPNOTSUPP;
6514
6515 err = nl80211_parse_mesh_config(info, &cfg, &mask);
6516 if (err)
6517 return err;
6518
6519 wdev_lock(wdev);
6520 if (!wdev->mesh_id_len)
6521 err = -ENOLINK;
6522
6523 if (!err)
6524 err = rdev_update_mesh_config(rdev, dev, mask, &cfg);
6525
6526 wdev_unlock(wdev);
6527
6528 return err;
6529 }
6530
6531 static int nl80211_put_regdom(const struct ieee80211_regdomain *regdom,
6532 struct sk_buff *msg)
6533 {
6534 struct nlattr *nl_reg_rules;
6535 unsigned int i;
6536
6537 if (nla_put_string(msg, NL80211_ATTR_REG_ALPHA2, regdom->alpha2) ||
6538 (regdom->dfs_region &&
6539 nla_put_u8(msg, NL80211_ATTR_DFS_REGION, regdom->dfs_region)))
6540 goto nla_put_failure;
6541
6542 nl_reg_rules = nla_nest_start(msg, NL80211_ATTR_REG_RULES);
6543 if (!nl_reg_rules)
6544 goto nla_put_failure;
6545
6546 for (i = 0; i < regdom->n_reg_rules; i++) {
6547 struct nlattr *nl_reg_rule;
6548 const struct ieee80211_reg_rule *reg_rule;
6549 const struct ieee80211_freq_range *freq_range;
6550 const struct ieee80211_power_rule *power_rule;
6551 unsigned int max_bandwidth_khz;
6552
6553 reg_rule = &regdom->reg_rules[i];
6554 freq_range = &reg_rule->freq_range;
6555 power_rule = &reg_rule->power_rule;
6556
6557 nl_reg_rule = nla_nest_start(msg, i);
6558 if (!nl_reg_rule)
6559 goto nla_put_failure;
6560
6561 max_bandwidth_khz = freq_range->max_bandwidth_khz;
6562 if (!max_bandwidth_khz)
6563 max_bandwidth_khz = reg_get_max_bandwidth(regdom,
6564 reg_rule);
6565
6566 if (nla_put_u32(msg, NL80211_ATTR_REG_RULE_FLAGS,
6567 reg_rule->flags) ||
6568 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_START,
6569 freq_range->start_freq_khz) ||
6570 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_END,
6571 freq_range->end_freq_khz) ||
6572 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_MAX_BW,
6573 max_bandwidth_khz) ||
6574 nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN,
6575 power_rule->max_antenna_gain) ||
6576 nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_EIRP,
6577 power_rule->max_eirp) ||
6578 nla_put_u32(msg, NL80211_ATTR_DFS_CAC_TIME,
6579 reg_rule->dfs_cac_ms))
6580 goto nla_put_failure;
6581
6582 nla_nest_end(msg, nl_reg_rule);
6583 }
6584
6585 nla_nest_end(msg, nl_reg_rules);
6586 return 0;
6587
6588 nla_put_failure:
6589 return -EMSGSIZE;
6590 }
6591
6592 static int nl80211_get_reg_do(struct sk_buff *skb, struct genl_info *info)
6593 {
6594 const struct ieee80211_regdomain *regdom = NULL;
6595 struct cfg80211_registered_device *rdev;
6596 struct wiphy *wiphy = NULL;
6597 struct sk_buff *msg;
6598 void *hdr;
6599
6600 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
6601 if (!msg)
6602 return -ENOBUFS;
6603
6604 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
6605 NL80211_CMD_GET_REG);
6606 if (!hdr)
6607 goto put_failure;
6608
6609 if (info->attrs[NL80211_ATTR_WIPHY]) {
6610 bool self_managed;
6611
6612 rdev = cfg80211_get_dev_from_info(genl_info_net(info), info);
6613 if (IS_ERR(rdev)) {
6614 nlmsg_free(msg);
6615 return PTR_ERR(rdev);
6616 }
6617
6618 wiphy = &rdev->wiphy;
6619 self_managed = wiphy->regulatory_flags &
6620 REGULATORY_WIPHY_SELF_MANAGED;
6621 regdom = get_wiphy_regdom(wiphy);
6622
6623 /* a self-managed-reg device must have a private regdom */
6624 if (WARN_ON(!regdom && self_managed)) {
6625 nlmsg_free(msg);
6626 return -EINVAL;
6627 }
6628
6629 if (regdom &&
6630 nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
6631 goto nla_put_failure;
6632 }
6633
6634 if (!wiphy && reg_last_request_cell_base() &&
6635 nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE,
6636 NL80211_USER_REG_HINT_CELL_BASE))
6637 goto nla_put_failure;
6638
6639 rcu_read_lock();
6640
6641 if (!regdom)
6642 regdom = rcu_dereference(cfg80211_regdomain);
6643
6644 if (nl80211_put_regdom(regdom, msg))
6645 goto nla_put_failure_rcu;
6646
6647 rcu_read_unlock();
6648
6649 genlmsg_end(msg, hdr);
6650 return genlmsg_reply(msg, info);
6651
6652 nla_put_failure_rcu:
6653 rcu_read_unlock();
6654 nla_put_failure:
6655 put_failure:
6656 nlmsg_free(msg);
6657 return -EMSGSIZE;
6658 }
6659
6660 static int nl80211_send_regdom(struct sk_buff *msg, struct netlink_callback *cb,
6661 u32 seq, int flags, struct wiphy *wiphy,
6662 const struct ieee80211_regdomain *regdom)
6663 {
6664 void *hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags,
6665 NL80211_CMD_GET_REG);
6666
6667 if (!hdr)
6668 return -1;
6669
6670 genl_dump_check_consistent(cb, hdr);
6671
6672 if (nl80211_put_regdom(regdom, msg))
6673 goto nla_put_failure;
6674
6675 if (!wiphy && reg_last_request_cell_base() &&
6676 nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE,
6677 NL80211_USER_REG_HINT_CELL_BASE))
6678 goto nla_put_failure;
6679
6680 if (wiphy &&
6681 nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
6682 goto nla_put_failure;
6683
6684 if (wiphy && wiphy->regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
6685 nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
6686 goto nla_put_failure;
6687
6688 genlmsg_end(msg, hdr);
6689 return 0;
6690
6691 nla_put_failure:
6692 genlmsg_cancel(msg, hdr);
6693 return -EMSGSIZE;
6694 }
6695
6696 static int nl80211_get_reg_dump(struct sk_buff *skb,
6697 struct netlink_callback *cb)
6698 {
6699 const struct ieee80211_regdomain *regdom = NULL;
6700 struct cfg80211_registered_device *rdev;
6701 int err, reg_idx, start = cb->args[2];
6702
6703 rtnl_lock();
6704
6705 if (cfg80211_regdomain && start == 0) {
6706 err = nl80211_send_regdom(skb, cb, cb->nlh->nlmsg_seq,
6707 NLM_F_MULTI, NULL,
6708 rtnl_dereference(cfg80211_regdomain));
6709 if (err < 0)
6710 goto out_err;
6711 }
6712
6713 /* the global regdom is idx 0 */
6714 reg_idx = 1;
6715 list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
6716 regdom = get_wiphy_regdom(&rdev->wiphy);
6717 if (!regdom)
6718 continue;
6719
6720 if (++reg_idx <= start)
6721 continue;
6722
6723 err = nl80211_send_regdom(skb, cb, cb->nlh->nlmsg_seq,
6724 NLM_F_MULTI, &rdev->wiphy, regdom);
6725 if (err < 0) {
6726 reg_idx--;
6727 break;
6728 }
6729 }
6730
6731 cb->args[2] = reg_idx;
6732 err = skb->len;
6733 out_err:
6734 rtnl_unlock();
6735 return err;
6736 }
6737
6738 #ifdef CONFIG_CFG80211_CRDA_SUPPORT
6739 static const struct nla_policy reg_rule_policy[NL80211_REG_RULE_ATTR_MAX + 1] = {
6740 [NL80211_ATTR_REG_RULE_FLAGS] = { .type = NLA_U32 },
6741 [NL80211_ATTR_FREQ_RANGE_START] = { .type = NLA_U32 },
6742 [NL80211_ATTR_FREQ_RANGE_END] = { .type = NLA_U32 },
6743 [NL80211_ATTR_FREQ_RANGE_MAX_BW] = { .type = NLA_U32 },
6744 [NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN] = { .type = NLA_U32 },
6745 [NL80211_ATTR_POWER_RULE_MAX_EIRP] = { .type = NLA_U32 },
6746 [NL80211_ATTR_DFS_CAC_TIME] = { .type = NLA_U32 },
6747 };
6748
6749 static int parse_reg_rule(struct nlattr *tb[],
6750 struct ieee80211_reg_rule *reg_rule)
6751 {
6752 struct ieee80211_freq_range *freq_range = &reg_rule->freq_range;
6753 struct ieee80211_power_rule *power_rule = &reg_rule->power_rule;
6754
6755 if (!tb[NL80211_ATTR_REG_RULE_FLAGS])
6756 return -EINVAL;
6757 if (!tb[NL80211_ATTR_FREQ_RANGE_START])
6758 return -EINVAL;
6759 if (!tb[NL80211_ATTR_FREQ_RANGE_END])
6760 return -EINVAL;
6761 if (!tb[NL80211_ATTR_FREQ_RANGE_MAX_BW])
6762 return -EINVAL;
6763 if (!tb[NL80211_ATTR_POWER_RULE_MAX_EIRP])
6764 return -EINVAL;
6765
6766 reg_rule->flags = nla_get_u32(tb[NL80211_ATTR_REG_RULE_FLAGS]);
6767
6768 freq_range->start_freq_khz =
6769 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]);
6770 freq_range->end_freq_khz =
6771 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]);
6772 freq_range->max_bandwidth_khz =
6773 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]);
6774
6775 power_rule->max_eirp =
6776 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]);
6777
6778 if (tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN])
6779 power_rule->max_antenna_gain =
6780 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]);
6781
6782 if (tb[NL80211_ATTR_DFS_CAC_TIME])
6783 reg_rule->dfs_cac_ms =
6784 nla_get_u32(tb[NL80211_ATTR_DFS_CAC_TIME]);
6785
6786 return 0;
6787 }
6788
6789 static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info)
6790 {
6791 struct nlattr *tb[NL80211_REG_RULE_ATTR_MAX + 1];
6792 struct nlattr *nl_reg_rule;
6793 char *alpha2;
6794 int rem_reg_rules, r;
6795 u32 num_rules = 0, rule_idx = 0, size_of_regd;
6796 enum nl80211_dfs_regions dfs_region = NL80211_DFS_UNSET;
6797 struct ieee80211_regdomain *rd;
6798
6799 if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
6800 return -EINVAL;
6801
6802 if (!info->attrs[NL80211_ATTR_REG_RULES])
6803 return -EINVAL;
6804
6805 alpha2 = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
6806
6807 if (info->attrs[NL80211_ATTR_DFS_REGION])
6808 dfs_region = nla_get_u8(info->attrs[NL80211_ATTR_DFS_REGION]);
6809
6810 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
6811 rem_reg_rules) {
6812 num_rules++;
6813 if (num_rules > NL80211_MAX_SUPP_REG_RULES)
6814 return -EINVAL;
6815 }
6816
6817 if (!reg_is_valid_request(alpha2))
6818 return -EINVAL;
6819
6820 size_of_regd = sizeof(struct ieee80211_regdomain) +
6821 num_rules * sizeof(struct ieee80211_reg_rule);
6822
6823 rd = kzalloc(size_of_regd, GFP_KERNEL);
6824 if (!rd)
6825 return -ENOMEM;
6826
6827 rd->n_reg_rules = num_rules;
6828 rd->alpha2[0] = alpha2[0];
6829 rd->alpha2[1] = alpha2[1];
6830
6831 /*
6832 * Disable DFS master mode if the DFS region was
6833 * not supported or known on this kernel.
6834 */
6835 if (reg_supported_dfs_region(dfs_region))
6836 rd->dfs_region = dfs_region;
6837
6838 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
6839 rem_reg_rules) {
6840 r = nla_parse_nested(tb, NL80211_REG_RULE_ATTR_MAX,
6841 nl_reg_rule, reg_rule_policy,
6842 info->extack);
6843 if (r)
6844 goto bad_reg;
6845 r = parse_reg_rule(tb, &rd->reg_rules[rule_idx]);
6846 if (r)
6847 goto bad_reg;
6848
6849 rule_idx++;
6850
6851 if (rule_idx > NL80211_MAX_SUPP_REG_RULES) {
6852 r = -EINVAL;
6853 goto bad_reg;
6854 }
6855 }
6856
6857 /* set_regdom takes ownership of rd */
6858 return set_regdom(rd, REGD_SOURCE_CRDA);
6859 bad_reg:
6860 kfree(rd);
6861 return r;
6862 }
6863 #endif /* CONFIG_CFG80211_CRDA_SUPPORT */
6864
6865 static int validate_scan_freqs(struct nlattr *freqs)
6866 {
6867 struct nlattr *attr1, *attr2;
6868 int n_channels = 0, tmp1, tmp2;
6869
6870 nla_for_each_nested(attr1, freqs, tmp1)
6871 if (nla_len(attr1) != sizeof(u32))
6872 return 0;
6873
6874 nla_for_each_nested(attr1, freqs, tmp1) {
6875 n_channels++;
6876 /*
6877 * Some hardware has a limited channel list for
6878 * scanning, and it is pretty much nonsensical
6879 * to scan for a channel twice, so disallow that
6880 * and don't require drivers to check that the
6881 * channel list they get isn't longer than what
6882 * they can scan, as long as they can scan all
6883 * the channels they registered at once.
6884 */
6885 nla_for_each_nested(attr2, freqs, tmp2)
6886 if (attr1 != attr2 &&
6887 nla_get_u32(attr1) == nla_get_u32(attr2))
6888 return 0;
6889 }
6890
6891 return n_channels;
6892 }
6893
6894 static bool is_band_valid(struct wiphy *wiphy, enum nl80211_band b)
6895 {
6896 return b < NUM_NL80211_BANDS && wiphy->bands[b];
6897 }
6898
6899 static int parse_bss_select(struct nlattr *nla, struct wiphy *wiphy,
6900 struct cfg80211_bss_selection *bss_select)
6901 {
6902 struct nlattr *attr[NL80211_BSS_SELECT_ATTR_MAX + 1];
6903 struct nlattr *nest;
6904 int err;
6905 bool found = false;
6906 int i;
6907
6908 /* only process one nested attribute */
6909 nest = nla_data(nla);
6910 if (!nla_ok(nest, nla_len(nest)))
6911 return -EINVAL;
6912
6913 err = nla_parse_nested(attr, NL80211_BSS_SELECT_ATTR_MAX, nest,
6914 nl80211_bss_select_policy, NULL);
6915 if (err)
6916 return err;
6917
6918 /* only one attribute may be given */
6919 for (i = 0; i <= NL80211_BSS_SELECT_ATTR_MAX; i++) {
6920 if (attr[i]) {
6921 if (found)
6922 return -EINVAL;
6923 found = true;
6924 }
6925 }
6926
6927 bss_select->behaviour = __NL80211_BSS_SELECT_ATTR_INVALID;
6928
6929 if (attr[NL80211_BSS_SELECT_ATTR_RSSI])
6930 bss_select->behaviour = NL80211_BSS_SELECT_ATTR_RSSI;
6931
6932 if (attr[NL80211_BSS_SELECT_ATTR_BAND_PREF]) {
6933 bss_select->behaviour = NL80211_BSS_SELECT_ATTR_BAND_PREF;
6934 bss_select->param.band_pref =
6935 nla_get_u32(attr[NL80211_BSS_SELECT_ATTR_BAND_PREF]);
6936 if (!is_band_valid(wiphy, bss_select->param.band_pref))
6937 return -EINVAL;
6938 }
6939
6940 if (attr[NL80211_BSS_SELECT_ATTR_RSSI_ADJUST]) {
6941 struct nl80211_bss_select_rssi_adjust *adj_param;
6942
6943 adj_param = nla_data(attr[NL80211_BSS_SELECT_ATTR_RSSI_ADJUST]);
6944 bss_select->behaviour = NL80211_BSS_SELECT_ATTR_RSSI_ADJUST;
6945 bss_select->param.adjust.band = adj_param->band;
6946 bss_select->param.adjust.delta = adj_param->delta;
6947 if (!is_band_valid(wiphy, bss_select->param.adjust.band))
6948 return -EINVAL;
6949 }
6950
6951 /* user-space did not provide behaviour attribute */
6952 if (bss_select->behaviour == __NL80211_BSS_SELECT_ATTR_INVALID)
6953 return -EINVAL;
6954
6955 if (!(wiphy->bss_select_support & BIT(bss_select->behaviour)))
6956 return -EINVAL;
6957
6958 return 0;
6959 }
6960
6961 static int nl80211_parse_random_mac(struct nlattr **attrs,
6962 u8 *mac_addr, u8 *mac_addr_mask)
6963 {
6964 int i;
6965
6966 if (!attrs[NL80211_ATTR_MAC] && !attrs[NL80211_ATTR_MAC_MASK]) {
6967 eth_zero_addr(mac_addr);
6968 eth_zero_addr(mac_addr_mask);
6969 mac_addr[0] = 0x2;
6970 mac_addr_mask[0] = 0x3;
6971
6972 return 0;
6973 }
6974
6975 /* need both or none */
6976 if (!attrs[NL80211_ATTR_MAC] || !attrs[NL80211_ATTR_MAC_MASK])
6977 return -EINVAL;
6978
6979 memcpy(mac_addr, nla_data(attrs[NL80211_ATTR_MAC]), ETH_ALEN);
6980 memcpy(mac_addr_mask, nla_data(attrs[NL80211_ATTR_MAC_MASK]), ETH_ALEN);
6981
6982 /* don't allow or configure an mcast address */
6983 if (!is_multicast_ether_addr(mac_addr_mask) ||
6984 is_multicast_ether_addr(mac_addr))
6985 return -EINVAL;
6986
6987 /*
6988 * allow users to pass a MAC address that has bits set outside
6989 * of the mask, but don't bother drivers with having to deal
6990 * with such bits
6991 */
6992 for (i = 0; i < ETH_ALEN; i++)
6993 mac_addr[i] &= mac_addr_mask[i];
6994
6995 return 0;
6996 }
6997
6998 static bool cfg80211_off_channel_oper_allowed(struct wireless_dev *wdev)
6999 {
7000 ASSERT_WDEV_LOCK(wdev);
7001
7002 if (!cfg80211_beaconing_iface_active(wdev))
7003 return true;
7004
7005 if (!(wdev->chandef.chan->flags & IEEE80211_CHAN_RADAR))
7006 return true;
7007
7008 return regulatory_pre_cac_allowed(wdev->wiphy);
7009 }
7010
7011 static bool nl80211_check_scan_feat(struct wiphy *wiphy, u32 flags, u32 flag,
7012 enum nl80211_ext_feature_index feat)
7013 {
7014 if (!(flags & flag))
7015 return true;
7016 if (wiphy_ext_feature_isset(wiphy, feat))
7017 return true;
7018 return false;
7019 }
7020
7021 static int
7022 nl80211_check_scan_flags(struct wiphy *wiphy, struct wireless_dev *wdev,
7023 void *request, struct nlattr **attrs,
7024 bool is_sched_scan)
7025 {
7026 u8 *mac_addr, *mac_addr_mask;
7027 u32 *flags;
7028 enum nl80211_feature_flags randomness_flag;
7029
7030 if (!attrs[NL80211_ATTR_SCAN_FLAGS])
7031 return 0;
7032
7033 if (is_sched_scan) {
7034 struct cfg80211_sched_scan_request *req = request;
7035
7036 randomness_flag = wdev ?
7037 NL80211_FEATURE_SCHED_SCAN_RANDOM_MAC_ADDR :
7038 NL80211_FEATURE_ND_RANDOM_MAC_ADDR;
7039 flags = &req->flags;
7040 mac_addr = req->mac_addr;
7041 mac_addr_mask = req->mac_addr_mask;
7042 } else {
7043 struct cfg80211_scan_request *req = request;
7044
7045 randomness_flag = NL80211_FEATURE_SCAN_RANDOM_MAC_ADDR;
7046 flags = &req->flags;
7047 mac_addr = req->mac_addr;
7048 mac_addr_mask = req->mac_addr_mask;
7049 }
7050
7051 *flags = nla_get_u32(attrs[NL80211_ATTR_SCAN_FLAGS]);
7052
7053 if (((*flags & NL80211_SCAN_FLAG_LOW_PRIORITY) &&
7054 !(wiphy->features & NL80211_FEATURE_LOW_PRIORITY_SCAN)) ||
7055 !nl80211_check_scan_feat(wiphy, *flags,
7056 NL80211_SCAN_FLAG_LOW_SPAN,
7057 NL80211_EXT_FEATURE_LOW_SPAN_SCAN) ||
7058 !nl80211_check_scan_feat(wiphy, *flags,
7059 NL80211_SCAN_FLAG_LOW_POWER,
7060 NL80211_EXT_FEATURE_LOW_POWER_SCAN) ||
7061 !nl80211_check_scan_feat(wiphy, *flags,
7062 NL80211_SCAN_FLAG_HIGH_ACCURACY,
7063 NL80211_EXT_FEATURE_HIGH_ACCURACY_SCAN) ||
7064 !nl80211_check_scan_feat(wiphy, *flags,
7065 NL80211_SCAN_FLAG_FILS_MAX_CHANNEL_TIME,
7066 NL80211_EXT_FEATURE_FILS_MAX_CHANNEL_TIME) ||
7067 !nl80211_check_scan_feat(wiphy, *flags,
7068 NL80211_SCAN_FLAG_ACCEPT_BCAST_PROBE_RESP,
7069 NL80211_EXT_FEATURE_ACCEPT_BCAST_PROBE_RESP) ||
7070 !nl80211_check_scan_feat(wiphy, *flags,
7071 NL80211_SCAN_FLAG_OCE_PROBE_REQ_DEFERRAL_SUPPRESSION,
7072 NL80211_EXT_FEATURE_OCE_PROBE_REQ_DEFERRAL_SUPPRESSION) ||
7073 !nl80211_check_scan_feat(wiphy, *flags,
7074 NL80211_SCAN_FLAG_OCE_PROBE_REQ_HIGH_TX_RATE,
7075 NL80211_EXT_FEATURE_OCE_PROBE_REQ_HIGH_TX_RATE) ||
7076 !nl80211_check_scan_feat(wiphy, *flags,
7077 NL80211_SCAN_FLAG_RANDOM_SN,
7078 NL80211_EXT_FEATURE_SCAN_RANDOM_SN) ||
7079 !nl80211_check_scan_feat(wiphy, *flags,
7080 NL80211_SCAN_FLAG_MIN_PREQ_CONTENT,
7081 NL80211_EXT_FEATURE_SCAN_MIN_PREQ_CONTENT))
7082 return -EOPNOTSUPP;
7083
7084 if (*flags & NL80211_SCAN_FLAG_RANDOM_ADDR) {
7085 int err;
7086
7087 if (!(wiphy->features & randomness_flag) ||
7088 (wdev && wdev->current_bss))
7089 return -EOPNOTSUPP;
7090
7091 err = nl80211_parse_random_mac(attrs, mac_addr, mac_addr_mask);
7092 if (err)
7093 return err;
7094 }
7095
7096 return 0;
7097 }
7098
7099 static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info)
7100 {
7101 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7102 struct wireless_dev *wdev = info->user_ptr[1];
7103 struct cfg80211_scan_request *request;
7104 struct nlattr *attr;
7105 struct wiphy *wiphy;
7106 int err, tmp, n_ssids = 0, n_channels, i;
7107 size_t ie_len;
7108
7109 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
7110 return -EINVAL;
7111
7112 wiphy = &rdev->wiphy;
7113
7114 if (wdev->iftype == NL80211_IFTYPE_NAN)
7115 return -EOPNOTSUPP;
7116
7117 if (!rdev->ops->scan)
7118 return -EOPNOTSUPP;
7119
7120 if (rdev->scan_req || rdev->scan_msg) {
7121 err = -EBUSY;
7122 goto unlock;
7123 }
7124
7125 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
7126 n_channels = validate_scan_freqs(
7127 info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
7128 if (!n_channels) {
7129 err = -EINVAL;
7130 goto unlock;
7131 }
7132 } else {
7133 n_channels = ieee80211_get_num_supported_channels(wiphy);
7134 }
7135
7136 if (info->attrs[NL80211_ATTR_SCAN_SSIDS])
7137 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp)
7138 n_ssids++;
7139
7140 if (n_ssids > wiphy->max_scan_ssids) {
7141 err = -EINVAL;
7142 goto unlock;
7143 }
7144
7145 if (info->attrs[NL80211_ATTR_IE])
7146 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
7147 else
7148 ie_len = 0;
7149
7150 if (ie_len > wiphy->max_scan_ie_len) {
7151 err = -EINVAL;
7152 goto unlock;
7153 }
7154
7155 request = kzalloc(sizeof(*request)
7156 + sizeof(*request->ssids) * n_ssids
7157 + sizeof(*request->channels) * n_channels
7158 + ie_len, GFP_KERNEL);
7159 if (!request) {
7160 err = -ENOMEM;
7161 goto unlock;
7162 }
7163
7164 if (n_ssids)
7165 request->ssids = (void *)&request->channels[n_channels];
7166 request->n_ssids = n_ssids;
7167 if (ie_len) {
7168 if (n_ssids)
7169 request->ie = (void *)(request->ssids + n_ssids);
7170 else
7171 request->ie = (void *)(request->channels + n_channels);
7172 }
7173
7174 i = 0;
7175 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
7176 /* user specified, bail out if channel not found */
7177 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_FREQUENCIES], tmp) {
7178 struct ieee80211_channel *chan;
7179
7180 chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
7181
7182 if (!chan) {
7183 err = -EINVAL;
7184 goto out_free;
7185 }
7186
7187 /* ignore disabled channels */
7188 if (chan->flags & IEEE80211_CHAN_DISABLED)
7189 continue;
7190
7191 request->channels[i] = chan;
7192 i++;
7193 }
7194 } else {
7195 enum nl80211_band band;
7196
7197 /* all channels */
7198 for (band = 0; band < NUM_NL80211_BANDS; band++) {
7199 int j;
7200
7201 if (!wiphy->bands[band])
7202 continue;
7203 for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
7204 struct ieee80211_channel *chan;
7205
7206 chan = &wiphy->bands[band]->channels[j];
7207
7208 if (chan->flags & IEEE80211_CHAN_DISABLED)
7209 continue;
7210
7211 request->channels[i] = chan;
7212 i++;
7213 }
7214 }
7215 }
7216
7217 if (!i) {
7218 err = -EINVAL;
7219 goto out_free;
7220 }
7221
7222 request->n_channels = i;
7223
7224 wdev_lock(wdev);
7225 if (!cfg80211_off_channel_oper_allowed(wdev)) {
7226 struct ieee80211_channel *chan;
7227
7228 if (request->n_channels != 1) {
7229 wdev_unlock(wdev);
7230 err = -EBUSY;
7231 goto out_free;
7232 }
7233
7234 chan = request->channels[0];
7235 if (chan->center_freq != wdev->chandef.chan->center_freq) {
7236 wdev_unlock(wdev);
7237 err = -EBUSY;
7238 goto out_free;
7239 }
7240 }
7241 wdev_unlock(wdev);
7242
7243 i = 0;
7244 if (n_ssids) {
7245 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) {
7246 if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
7247 err = -EINVAL;
7248 goto out_free;
7249 }
7250 request->ssids[i].ssid_len = nla_len(attr);
7251 memcpy(request->ssids[i].ssid, nla_data(attr), nla_len(attr));
7252 i++;
7253 }
7254 }
7255
7256 if (info->attrs[NL80211_ATTR_IE]) {
7257 request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
7258 memcpy((void *)request->ie,
7259 nla_data(info->attrs[NL80211_ATTR_IE]),
7260 request->ie_len);
7261 }
7262
7263 for (i = 0; i < NUM_NL80211_BANDS; i++)
7264 if (wiphy->bands[i])
7265 request->rates[i] =
7266 (1 << wiphy->bands[i]->n_bitrates) - 1;
7267
7268 if (info->attrs[NL80211_ATTR_SCAN_SUPP_RATES]) {
7269 nla_for_each_nested(attr,
7270 info->attrs[NL80211_ATTR_SCAN_SUPP_RATES],
7271 tmp) {
7272 enum nl80211_band band = nla_type(attr);
7273
7274 if (band < 0 || band >= NUM_NL80211_BANDS) {
7275 err = -EINVAL;
7276 goto out_free;
7277 }
7278
7279 if (!wiphy->bands[band])
7280 continue;
7281
7282 err = ieee80211_get_ratemask(wiphy->bands[band],
7283 nla_data(attr),
7284 nla_len(attr),
7285 &request->rates[band]);
7286 if (err)
7287 goto out_free;
7288 }
7289 }
7290
7291 if (info->attrs[NL80211_ATTR_MEASUREMENT_DURATION]) {
7292 if (!wiphy_ext_feature_isset(wiphy,
7293 NL80211_EXT_FEATURE_SET_SCAN_DWELL)) {
7294 err = -EOPNOTSUPP;
7295 goto out_free;
7296 }
7297
7298 request->duration =
7299 nla_get_u16(info->attrs[NL80211_ATTR_MEASUREMENT_DURATION]);
7300 request->duration_mandatory =
7301 nla_get_flag(info->attrs[NL80211_ATTR_MEASUREMENT_DURATION_MANDATORY]);
7302 }
7303
7304 err = nl80211_check_scan_flags(wiphy, wdev, request, info->attrs,
7305 false);
7306 if (err)
7307 goto out_free;
7308
7309 request->no_cck =
7310 nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
7311
7312 /* Initial implementation used NL80211_ATTR_MAC to set the specific
7313 * BSSID to scan for. This was problematic because that same attribute
7314 * was already used for another purpose (local random MAC address). The
7315 * NL80211_ATTR_BSSID attribute was added to fix this. For backwards
7316 * compatibility with older userspace components, also use the
7317 * NL80211_ATTR_MAC value here if it can be determined to be used for
7318 * the specific BSSID use case instead of the random MAC address
7319 * (NL80211_ATTR_SCAN_FLAGS is used to enable random MAC address use).
7320 */
7321 if (info->attrs[NL80211_ATTR_BSSID])
7322 memcpy(request->bssid,
7323 nla_data(info->attrs[NL80211_ATTR_BSSID]), ETH_ALEN);
7324 else if (!(request->flags & NL80211_SCAN_FLAG_RANDOM_ADDR) &&
7325 info->attrs[NL80211_ATTR_MAC])
7326 memcpy(request->bssid, nla_data(info->attrs[NL80211_ATTR_MAC]),
7327 ETH_ALEN);
7328 else
7329 eth_broadcast_addr(request->bssid);
7330
7331 request->wdev = wdev;
7332 request->wiphy = &rdev->wiphy;
7333 request->scan_start = jiffies;
7334
7335 rdev->scan_req = request;
7336 err = rdev_scan(rdev, request);
7337
7338 if (!err) {
7339 nl80211_send_scan_start(rdev, wdev);
7340 if (wdev->netdev)
7341 dev_hold(wdev->netdev);
7342 } else {
7343 out_free:
7344 rdev->scan_req = NULL;
7345 kfree(request);
7346 }
7347
7348 unlock:
7349 return err;
7350 }
7351
7352 static int nl80211_abort_scan(struct sk_buff *skb, struct genl_info *info)
7353 {
7354 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7355 struct wireless_dev *wdev = info->user_ptr[1];
7356
7357 if (!rdev->ops->abort_scan)
7358 return -EOPNOTSUPP;
7359
7360 if (rdev->scan_msg)
7361 return 0;
7362
7363 if (!rdev->scan_req)
7364 return -ENOENT;
7365
7366 rdev_abort_scan(rdev, wdev);
7367 return 0;
7368 }
7369
7370 static int
7371 nl80211_parse_sched_scan_plans(struct wiphy *wiphy, int n_plans,
7372 struct cfg80211_sched_scan_request *request,
7373 struct nlattr **attrs)
7374 {
7375 int tmp, err, i = 0;
7376 struct nlattr *attr;
7377
7378 if (!attrs[NL80211_ATTR_SCHED_SCAN_PLANS]) {
7379 u32 interval;
7380
7381 /*
7382 * If scan plans are not specified,
7383 * %NL80211_ATTR_SCHED_SCAN_INTERVAL will be specified. In this
7384 * case one scan plan will be set with the specified scan
7385 * interval and infinite number of iterations.
7386 */
7387 interval = nla_get_u32(attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]);
7388 if (!interval)
7389 return -EINVAL;
7390
7391 request->scan_plans[0].interval =
7392 DIV_ROUND_UP(interval, MSEC_PER_SEC);
7393 if (!request->scan_plans[0].interval)
7394 return -EINVAL;
7395
7396 if (request->scan_plans[0].interval >
7397 wiphy->max_sched_scan_plan_interval)
7398 request->scan_plans[0].interval =
7399 wiphy->max_sched_scan_plan_interval;
7400
7401 return 0;
7402 }
7403
7404 nla_for_each_nested(attr, attrs[NL80211_ATTR_SCHED_SCAN_PLANS], tmp) {
7405 struct nlattr *plan[NL80211_SCHED_SCAN_PLAN_MAX + 1];
7406
7407 if (WARN_ON(i >= n_plans))
7408 return -EINVAL;
7409
7410 err = nla_parse_nested(plan, NL80211_SCHED_SCAN_PLAN_MAX,
7411 attr, nl80211_plan_policy, NULL);
7412 if (err)
7413 return err;
7414
7415 if (!plan[NL80211_SCHED_SCAN_PLAN_INTERVAL])
7416 return -EINVAL;
7417
7418 request->scan_plans[i].interval =
7419 nla_get_u32(plan[NL80211_SCHED_SCAN_PLAN_INTERVAL]);
7420 if (!request->scan_plans[i].interval ||
7421 request->scan_plans[i].interval >
7422 wiphy->max_sched_scan_plan_interval)
7423 return -EINVAL;
7424
7425 if (plan[NL80211_SCHED_SCAN_PLAN_ITERATIONS]) {
7426 request->scan_plans[i].iterations =
7427 nla_get_u32(plan[NL80211_SCHED_SCAN_PLAN_ITERATIONS]);
7428 if (!request->scan_plans[i].iterations ||
7429 (request->scan_plans[i].iterations >
7430 wiphy->max_sched_scan_plan_iterations))
7431 return -EINVAL;
7432 } else if (i < n_plans - 1) {
7433 /*
7434 * All scan plans but the last one must specify
7435 * a finite number of iterations
7436 */
7437 return -EINVAL;
7438 }
7439
7440 i++;
7441 }
7442
7443 /*
7444 * The last scan plan must not specify the number of
7445 * iterations, it is supposed to run infinitely
7446 */
7447 if (request->scan_plans[n_plans - 1].iterations)
7448 return -EINVAL;
7449
7450 return 0;
7451 }
7452
7453 static struct cfg80211_sched_scan_request *
7454 nl80211_parse_sched_scan(struct wiphy *wiphy, struct wireless_dev *wdev,
7455 struct nlattr **attrs, int max_match_sets)
7456 {
7457 struct cfg80211_sched_scan_request *request;
7458 struct nlattr *attr;
7459 int err, tmp, n_ssids = 0, n_match_sets = 0, n_channels, i, n_plans = 0;
7460 enum nl80211_band band;
7461 size_t ie_len;
7462 struct nlattr *tb[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1];
7463 s32 default_match_rssi = NL80211_SCAN_RSSI_THOLD_OFF;
7464
7465 if (!is_valid_ie_attr(attrs[NL80211_ATTR_IE]))
7466 return ERR_PTR(-EINVAL);
7467
7468 if (attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
7469 n_channels = validate_scan_freqs(
7470 attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
7471 if (!n_channels)
7472 return ERR_PTR(-EINVAL);
7473 } else {
7474 n_channels = ieee80211_get_num_supported_channels(wiphy);
7475 }
7476
7477 if (attrs[NL80211_ATTR_SCAN_SSIDS])
7478 nla_for_each_nested(attr, attrs[NL80211_ATTR_SCAN_SSIDS],
7479 tmp)
7480 n_ssids++;
7481
7482 if (n_ssids > wiphy->max_sched_scan_ssids)
7483 return ERR_PTR(-EINVAL);
7484
7485 /*
7486 * First, count the number of 'real' matchsets. Due to an issue with
7487 * the old implementation, matchsets containing only the RSSI attribute
7488 * (NL80211_SCHED_SCAN_MATCH_ATTR_RSSI) are considered as the 'default'
7489 * RSSI for all matchsets, rather than their own matchset for reporting
7490 * all APs with a strong RSSI. This is needed to be compatible with
7491 * older userspace that treated a matchset with only the RSSI as the
7492 * global RSSI for all other matchsets - if there are other matchsets.
7493 */
7494 if (attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
7495 nla_for_each_nested(attr,
7496 attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
7497 tmp) {
7498 struct nlattr *rssi;
7499
7500 err = nla_parse_nested(tb,
7501 NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
7502 attr, nl80211_match_policy,
7503 NULL);
7504 if (err)
7505 return ERR_PTR(err);
7506
7507 /* SSID and BSSID are mutually exclusive */
7508 if (tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID] &&
7509 tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID])
7510 return ERR_PTR(-EINVAL);
7511
7512 /* add other standalone attributes here */
7513 if (tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID] ||
7514 tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID]) {
7515 n_match_sets++;
7516 continue;
7517 }
7518 rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
7519 if (rssi)
7520 default_match_rssi = nla_get_s32(rssi);
7521 }
7522 }
7523
7524 /* However, if there's no other matchset, add the RSSI one */
7525 if (!n_match_sets && default_match_rssi != NL80211_SCAN_RSSI_THOLD_OFF)
7526 n_match_sets = 1;
7527
7528 if (n_match_sets > max_match_sets)
7529 return ERR_PTR(-EINVAL);
7530
7531 if (attrs[NL80211_ATTR_IE])
7532 ie_len = nla_len(attrs[NL80211_ATTR_IE]);
7533 else
7534 ie_len = 0;
7535
7536 if (ie_len > wiphy->max_sched_scan_ie_len)
7537 return ERR_PTR(-EINVAL);
7538
7539 if (attrs[NL80211_ATTR_SCHED_SCAN_PLANS]) {
7540 /*
7541 * NL80211_ATTR_SCHED_SCAN_INTERVAL must not be specified since
7542 * each scan plan already specifies its own interval
7543 */
7544 if (attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
7545 return ERR_PTR(-EINVAL);
7546
7547 nla_for_each_nested(attr,
7548 attrs[NL80211_ATTR_SCHED_SCAN_PLANS], tmp)
7549 n_plans++;
7550 } else {
7551 /*
7552 * The scan interval attribute is kept for backward
7553 * compatibility. If no scan plans are specified and sched scan
7554 * interval is specified, one scan plan will be set with this
7555 * scan interval and infinite number of iterations.
7556 */
7557 if (!attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
7558 return ERR_PTR(-EINVAL);
7559
7560 n_plans = 1;
7561 }
7562
7563 if (!n_plans || n_plans > wiphy->max_sched_scan_plans)
7564 return ERR_PTR(-EINVAL);
7565
7566 if (!wiphy_ext_feature_isset(
7567 wiphy, NL80211_EXT_FEATURE_SCHED_SCAN_RELATIVE_RSSI) &&
7568 (attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI] ||
7569 attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]))
7570 return ERR_PTR(-EINVAL);
7571
7572 request = kzalloc(sizeof(*request)
7573 + sizeof(*request->ssids) * n_ssids
7574 + sizeof(*request->match_sets) * n_match_sets
7575 + sizeof(*request->scan_plans) * n_plans
7576 + sizeof(*request->channels) * n_channels
7577 + ie_len, GFP_KERNEL);
7578 if (!request)
7579 return ERR_PTR(-ENOMEM);
7580
7581 if (n_ssids)
7582 request->ssids = (void *)&request->channels[n_channels];
7583 request->n_ssids = n_ssids;
7584 if (ie_len) {
7585 if (n_ssids)
7586 request->ie = (void *)(request->ssids + n_ssids);
7587 else
7588 request->ie = (void *)(request->channels + n_channels);
7589 }
7590
7591 if (n_match_sets) {
7592 if (request->ie)
7593 request->match_sets = (void *)(request->ie + ie_len);
7594 else if (n_ssids)
7595 request->match_sets =
7596 (void *)(request->ssids + n_ssids);
7597 else
7598 request->match_sets =
7599 (void *)(request->channels + n_channels);
7600 }
7601 request->n_match_sets = n_match_sets;
7602
7603 if (n_match_sets)
7604 request->scan_plans = (void *)(request->match_sets +
7605 n_match_sets);
7606 else if (request->ie)
7607 request->scan_plans = (void *)(request->ie + ie_len);
7608 else if (n_ssids)
7609 request->scan_plans = (void *)(request->ssids + n_ssids);
7610 else
7611 request->scan_plans = (void *)(request->channels + n_channels);
7612
7613 request->n_scan_plans = n_plans;
7614
7615 i = 0;
7616 if (attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
7617 /* user specified, bail out if channel not found */
7618 nla_for_each_nested(attr,
7619 attrs[NL80211_ATTR_SCAN_FREQUENCIES],
7620 tmp) {
7621 struct ieee80211_channel *chan;
7622
7623 chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
7624
7625 if (!chan) {
7626 err = -EINVAL;
7627 goto out_free;
7628 }
7629
7630 /* ignore disabled channels */
7631 if (chan->flags & IEEE80211_CHAN_DISABLED)
7632 continue;
7633
7634 request->channels[i] = chan;
7635 i++;
7636 }
7637 } else {
7638 /* all channels */
7639 for (band = 0; band < NUM_NL80211_BANDS; band++) {
7640 int j;
7641
7642 if (!wiphy->bands[band])
7643 continue;
7644 for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
7645 struct ieee80211_channel *chan;
7646
7647 chan = &wiphy->bands[band]->channels[j];
7648
7649 if (chan->flags & IEEE80211_CHAN_DISABLED)
7650 continue;
7651
7652 request->channels[i] = chan;
7653 i++;
7654 }
7655 }
7656 }
7657
7658 if (!i) {
7659 err = -EINVAL;
7660 goto out_free;
7661 }
7662
7663 request->n_channels = i;
7664
7665 i = 0;
7666 if (n_ssids) {
7667 nla_for_each_nested(attr, attrs[NL80211_ATTR_SCAN_SSIDS],
7668 tmp) {
7669 if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
7670 err = -EINVAL;
7671 goto out_free;
7672 }
7673 request->ssids[i].ssid_len = nla_len(attr);
7674 memcpy(request->ssids[i].ssid, nla_data(attr),
7675 nla_len(attr));
7676 i++;
7677 }
7678 }
7679
7680 i = 0;
7681 if (attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
7682 nla_for_each_nested(attr,
7683 attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
7684 tmp) {
7685 struct nlattr *ssid, *bssid, *rssi;
7686
7687 err = nla_parse_nested(tb,
7688 NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
7689 attr, nl80211_match_policy,
7690 NULL);
7691 if (err)
7692 goto out_free;
7693 ssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID];
7694 bssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID];
7695 if (ssid || bssid) {
7696 if (WARN_ON(i >= n_match_sets)) {
7697 /* this indicates a programming error,
7698 * the loop above should have verified
7699 * things properly
7700 */
7701 err = -EINVAL;
7702 goto out_free;
7703 }
7704
7705 if (ssid) {
7706 if (nla_len(ssid) > IEEE80211_MAX_SSID_LEN) {
7707 err = -EINVAL;
7708 goto out_free;
7709 }
7710 memcpy(request->match_sets[i].ssid.ssid,
7711 nla_data(ssid), nla_len(ssid));
7712 request->match_sets[i].ssid.ssid_len =
7713 nla_len(ssid);
7714 }
7715 if (bssid) {
7716 if (nla_len(bssid) != ETH_ALEN) {
7717 err = -EINVAL;
7718 goto out_free;
7719 }
7720 memcpy(request->match_sets[i].bssid,
7721 nla_data(bssid), ETH_ALEN);
7722 }
7723
7724 /* special attribute - old implementation w/a */
7725 request->match_sets[i].rssi_thold =
7726 default_match_rssi;
7727 rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
7728 if (rssi)
7729 request->match_sets[i].rssi_thold =
7730 nla_get_s32(rssi);
7731 }
7732 i++;
7733 }
7734
7735 /* there was no other matchset, so the RSSI one is alone */
7736 if (i == 0 && n_match_sets)
7737 request->match_sets[0].rssi_thold = default_match_rssi;
7738
7739 request->min_rssi_thold = INT_MAX;
7740 for (i = 0; i < n_match_sets; i++)
7741 request->min_rssi_thold =
7742 min(request->match_sets[i].rssi_thold,
7743 request->min_rssi_thold);
7744 } else {
7745 request->min_rssi_thold = NL80211_SCAN_RSSI_THOLD_OFF;
7746 }
7747
7748 if (ie_len) {
7749 request->ie_len = ie_len;
7750 memcpy((void *)request->ie,
7751 nla_data(attrs[NL80211_ATTR_IE]),
7752 request->ie_len);
7753 }
7754
7755 err = nl80211_check_scan_flags(wiphy, wdev, request, attrs, true);
7756 if (err)
7757 goto out_free;
7758
7759 if (attrs[NL80211_ATTR_SCHED_SCAN_DELAY])
7760 request->delay =
7761 nla_get_u32(attrs[NL80211_ATTR_SCHED_SCAN_DELAY]);
7762
7763 if (attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI]) {
7764 request->relative_rssi = nla_get_s8(
7765 attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI]);
7766 request->relative_rssi_set = true;
7767 }
7768
7769 if (request->relative_rssi_set &&
7770 attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]) {
7771 struct nl80211_bss_select_rssi_adjust *rssi_adjust;
7772
7773 rssi_adjust = nla_data(
7774 attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]);
7775 request->rssi_adjust.band = rssi_adjust->band;
7776 request->rssi_adjust.delta = rssi_adjust->delta;
7777 if (!is_band_valid(wiphy, request->rssi_adjust.band)) {
7778 err = -EINVAL;
7779 goto out_free;
7780 }
7781 }
7782
7783 err = nl80211_parse_sched_scan_plans(wiphy, n_plans, request, attrs);
7784 if (err)
7785 goto out_free;
7786
7787 request->scan_start = jiffies;
7788
7789 return request;
7790
7791 out_free:
7792 kfree(request);
7793 return ERR_PTR(err);
7794 }
7795
7796 static int nl80211_start_sched_scan(struct sk_buff *skb,
7797 struct genl_info *info)
7798 {
7799 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7800 struct net_device *dev = info->user_ptr[1];
7801 struct wireless_dev *wdev = dev->ieee80211_ptr;
7802 struct cfg80211_sched_scan_request *sched_scan_req;
7803 bool want_multi;
7804 int err;
7805
7806 if (!rdev->wiphy.max_sched_scan_reqs || !rdev->ops->sched_scan_start)
7807 return -EOPNOTSUPP;
7808
7809 want_multi = info->attrs[NL80211_ATTR_SCHED_SCAN_MULTI];
7810 err = cfg80211_sched_scan_req_possible(rdev, want_multi);
7811 if (err)
7812 return err;
7813
7814 sched_scan_req = nl80211_parse_sched_scan(&rdev->wiphy, wdev,
7815 info->attrs,
7816 rdev->wiphy.max_match_sets);
7817
7818 err = PTR_ERR_OR_ZERO(sched_scan_req);
7819 if (err)
7820 goto out_err;
7821
7822 /* leave request id zero for legacy request
7823 * or if driver does not support multi-scheduled scan
7824 */
7825 if (want_multi && rdev->wiphy.max_sched_scan_reqs > 1) {
7826 while (!sched_scan_req->reqid)
7827 sched_scan_req->reqid = rdev->wiphy.cookie_counter++;
7828 }
7829
7830 err = rdev_sched_scan_start(rdev, dev, sched_scan_req);
7831 if (err)
7832 goto out_free;
7833
7834 sched_scan_req->dev = dev;
7835 sched_scan_req->wiphy = &rdev->wiphy;
7836
7837 if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
7838 sched_scan_req->owner_nlportid = info->snd_portid;
7839
7840 cfg80211_add_sched_scan_req(rdev, sched_scan_req);
7841
7842 nl80211_send_sched_scan(sched_scan_req, NL80211_CMD_START_SCHED_SCAN);
7843 return 0;
7844
7845 out_free:
7846 kfree(sched_scan_req);
7847 out_err:
7848 return err;
7849 }
7850
7851 static int nl80211_stop_sched_scan(struct sk_buff *skb,
7852 struct genl_info *info)
7853 {
7854 struct cfg80211_sched_scan_request *req;
7855 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7856 u64 cookie;
7857
7858 if (!rdev->wiphy.max_sched_scan_reqs || !rdev->ops->sched_scan_stop)
7859 return -EOPNOTSUPP;
7860
7861 if (info->attrs[NL80211_ATTR_COOKIE]) {
7862 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
7863 return __cfg80211_stop_sched_scan(rdev, cookie, false);
7864 }
7865
7866 req = list_first_or_null_rcu(&rdev->sched_scan_req_list,
7867 struct cfg80211_sched_scan_request,
7868 list);
7869 if (!req || req->reqid ||
7870 (req->owner_nlportid &&
7871 req->owner_nlportid != info->snd_portid))
7872 return -ENOENT;
7873
7874 return cfg80211_stop_sched_scan_req(rdev, req, false);
7875 }
7876
7877 static int nl80211_start_radar_detection(struct sk_buff *skb,
7878 struct genl_info *info)
7879 {
7880 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7881 struct net_device *dev = info->user_ptr[1];
7882 struct wireless_dev *wdev = dev->ieee80211_ptr;
7883 struct wiphy *wiphy = wdev->wiphy;
7884 struct cfg80211_chan_def chandef;
7885 enum nl80211_dfs_regions dfs_region;
7886 unsigned int cac_time_ms;
7887 int err;
7888
7889 dfs_region = reg_get_dfs_region(wiphy);
7890 if (dfs_region == NL80211_DFS_UNSET)
7891 return -EINVAL;
7892
7893 err = nl80211_parse_chandef(rdev, info, &chandef);
7894 if (err)
7895 return err;
7896
7897 if (netif_carrier_ok(dev))
7898 return -EBUSY;
7899
7900 if (wdev->cac_started)
7901 return -EBUSY;
7902
7903 err = cfg80211_chandef_dfs_required(wiphy, &chandef, wdev->iftype);
7904 if (err < 0)
7905 return err;
7906
7907 if (err == 0)
7908 return -EINVAL;
7909
7910 if (!cfg80211_chandef_dfs_usable(wiphy, &chandef))
7911 return -EINVAL;
7912
7913 /* CAC start is offloaded to HW and can't be started manually */
7914 if (wiphy_ext_feature_isset(wiphy, NL80211_EXT_FEATURE_DFS_OFFLOAD))
7915 return -EOPNOTSUPP;
7916
7917 if (!rdev->ops->start_radar_detection)
7918 return -EOPNOTSUPP;
7919
7920 cac_time_ms = cfg80211_chandef_dfs_cac_time(&rdev->wiphy, &chandef);
7921 if (WARN_ON(!cac_time_ms))
7922 cac_time_ms = IEEE80211_DFS_MIN_CAC_TIME_MS;
7923
7924 err = rdev_start_radar_detection(rdev, dev, &chandef, cac_time_ms);
7925 if (!err) {
7926 wdev->chandef = chandef;
7927 wdev->cac_started = true;
7928 wdev->cac_start_time = jiffies;
7929 wdev->cac_time_ms = cac_time_ms;
7930 }
7931 return err;
7932 }
7933
7934 static int nl80211_channel_switch(struct sk_buff *skb, struct genl_info *info)
7935 {
7936 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7937 struct net_device *dev = info->user_ptr[1];
7938 struct wireless_dev *wdev = dev->ieee80211_ptr;
7939 struct cfg80211_csa_settings params;
7940 /* csa_attrs is defined static to avoid waste of stack size - this
7941 * function is called under RTNL lock, so this should not be a problem.
7942 */
7943 static struct nlattr *csa_attrs[NL80211_ATTR_MAX+1];
7944 int err;
7945 bool need_new_beacon = false;
7946 bool need_handle_dfs_flag = true;
7947 int len, i;
7948 u32 cs_count;
7949
7950 if (!rdev->ops->channel_switch ||
7951 !(rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH))
7952 return -EOPNOTSUPP;
7953
7954 switch (dev->ieee80211_ptr->iftype) {
7955 case NL80211_IFTYPE_AP:
7956 case NL80211_IFTYPE_P2P_GO:
7957 need_new_beacon = true;
7958 /* For all modes except AP the handle_dfs flag needs to be
7959 * supplied to tell the kernel that userspace will handle radar
7960 * events when they happen. Otherwise a switch to a channel
7961 * requiring DFS will be rejected.
7962 */
7963 need_handle_dfs_flag = false;
7964
7965 /* useless if AP is not running */
7966 if (!wdev->beacon_interval)
7967 return -ENOTCONN;
7968 break;
7969 case NL80211_IFTYPE_ADHOC:
7970 if (!wdev->ssid_len)
7971 return -ENOTCONN;
7972 break;
7973 case NL80211_IFTYPE_MESH_POINT:
7974 if (!wdev->mesh_id_len)
7975 return -ENOTCONN;
7976 break;
7977 default:
7978 return -EOPNOTSUPP;
7979 }
7980
7981 memset(&params, 0, sizeof(params));
7982
7983 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
7984 !info->attrs[NL80211_ATTR_CH_SWITCH_COUNT])
7985 return -EINVAL;
7986
7987 /* only important for AP, IBSS and mesh create IEs internally */
7988 if (need_new_beacon && !info->attrs[NL80211_ATTR_CSA_IES])
7989 return -EINVAL;
7990
7991 /* Even though the attribute is u32, the specification says
7992 * u8, so let's make sure we don't overflow.
7993 */
7994 cs_count = nla_get_u32(info->attrs[NL80211_ATTR_CH_SWITCH_COUNT]);
7995 if (cs_count > 255)
7996 return -EINVAL;
7997
7998 params.count = cs_count;
7999
8000 if (!need_new_beacon)
8001 goto skip_beacons;
8002
8003 err = nl80211_parse_beacon(info->attrs, &params.beacon_after);
8004 if (err)
8005 return err;
8006
8007 err = nla_parse_nested(csa_attrs, NL80211_ATTR_MAX,
8008 info->attrs[NL80211_ATTR_CSA_IES],
8009 nl80211_policy, info->extack);
8010 if (err)
8011 return err;
8012
8013 err = nl80211_parse_beacon(csa_attrs, &params.beacon_csa);
8014 if (err)
8015 return err;
8016
8017 if (!csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON])
8018 return -EINVAL;
8019
8020 len = nla_len(csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON]);
8021 if (!len || (len % sizeof(u16)))
8022 return -EINVAL;
8023
8024 params.n_counter_offsets_beacon = len / sizeof(u16);
8025 if (rdev->wiphy.max_num_csa_counters &&
8026 (params.n_counter_offsets_beacon >
8027 rdev->wiphy.max_num_csa_counters))
8028 return -EINVAL;
8029
8030 params.counter_offsets_beacon =
8031 nla_data(csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON]);
8032
8033 /* sanity checks - counters should fit and be the same */
8034 for (i = 0; i < params.n_counter_offsets_beacon; i++) {
8035 u16 offset = params.counter_offsets_beacon[i];
8036
8037 if (offset >= params.beacon_csa.tail_len)
8038 return -EINVAL;
8039
8040 if (params.beacon_csa.tail[offset] != params.count)
8041 return -EINVAL;
8042 }
8043
8044 if (csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]) {
8045 len = nla_len(csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]);
8046 if (!len || (len % sizeof(u16)))
8047 return -EINVAL;
8048
8049 params.n_counter_offsets_presp = len / sizeof(u16);
8050 if (rdev->wiphy.max_num_csa_counters &&
8051 (params.n_counter_offsets_presp >
8052 rdev->wiphy.max_num_csa_counters))
8053 return -EINVAL;
8054
8055 params.counter_offsets_presp =
8056 nla_data(csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]);
8057
8058 /* sanity checks - counters should fit and be the same */
8059 for (i = 0; i < params.n_counter_offsets_presp; i++) {
8060 u16 offset = params.counter_offsets_presp[i];
8061
8062 if (offset >= params.beacon_csa.probe_resp_len)
8063 return -EINVAL;
8064
8065 if (params.beacon_csa.probe_resp[offset] !=
8066 params.count)
8067 return -EINVAL;
8068 }
8069 }
8070
8071 skip_beacons:
8072 err = nl80211_parse_chandef(rdev, info, &params.chandef);
8073 if (err)
8074 return err;
8075
8076 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &params.chandef,
8077 wdev->iftype))
8078 return -EINVAL;
8079
8080 err = cfg80211_chandef_dfs_required(wdev->wiphy,
8081 &params.chandef,
8082 wdev->iftype);
8083 if (err < 0)
8084 return err;
8085
8086 if (err > 0) {
8087 params.radar_required = true;
8088 if (need_handle_dfs_flag &&
8089 !nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS])) {
8090 return -EINVAL;
8091 }
8092 }
8093
8094 if (info->attrs[NL80211_ATTR_CH_SWITCH_BLOCK_TX])
8095 params.block_tx = true;
8096
8097 wdev_lock(wdev);
8098 err = rdev_channel_switch(rdev, dev, &params);
8099 wdev_unlock(wdev);
8100
8101 return err;
8102 }
8103
8104 static int nl80211_send_bss(struct sk_buff *msg, struct netlink_callback *cb,
8105 u32 seq, int flags,
8106 struct cfg80211_registered_device *rdev,
8107 struct wireless_dev *wdev,
8108 struct cfg80211_internal_bss *intbss)
8109 {
8110 struct cfg80211_bss *res = &intbss->pub;
8111 const struct cfg80211_bss_ies *ies;
8112 void *hdr;
8113 struct nlattr *bss;
8114
8115 ASSERT_WDEV_LOCK(wdev);
8116
8117 hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags,
8118 NL80211_CMD_NEW_SCAN_RESULTS);
8119 if (!hdr)
8120 return -1;
8121
8122 genl_dump_check_consistent(cb, hdr);
8123
8124 if (nla_put_u32(msg, NL80211_ATTR_GENERATION, rdev->bss_generation))
8125 goto nla_put_failure;
8126 if (wdev->netdev &&
8127 nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex))
8128 goto nla_put_failure;
8129 if (nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
8130 NL80211_ATTR_PAD))
8131 goto nla_put_failure;
8132
8133 bss = nla_nest_start(msg, NL80211_ATTR_BSS);
8134 if (!bss)
8135 goto nla_put_failure;
8136 if ((!is_zero_ether_addr(res->bssid) &&
8137 nla_put(msg, NL80211_BSS_BSSID, ETH_ALEN, res->bssid)))
8138 goto nla_put_failure;
8139
8140 rcu_read_lock();
8141 /* indicate whether we have probe response data or not */
8142 if (rcu_access_pointer(res->proberesp_ies) &&
8143 nla_put_flag(msg, NL80211_BSS_PRESP_DATA))
8144 goto fail_unlock_rcu;
8145
8146 /* this pointer prefers to be pointed to probe response data
8147 * but is always valid
8148 */
8149 ies = rcu_dereference(res->ies);
8150 if (ies) {
8151 if (nla_put_u64_64bit(msg, NL80211_BSS_TSF, ies->tsf,
8152 NL80211_BSS_PAD))
8153 goto fail_unlock_rcu;
8154 if (ies->len && nla_put(msg, NL80211_BSS_INFORMATION_ELEMENTS,
8155 ies->len, ies->data))
8156 goto fail_unlock_rcu;
8157 }
8158
8159 /* and this pointer is always (unless driver didn't know) beacon data */
8160 ies = rcu_dereference(res->beacon_ies);
8161 if (ies && ies->from_beacon) {
8162 if (nla_put_u64_64bit(msg, NL80211_BSS_BEACON_TSF, ies->tsf,
8163 NL80211_BSS_PAD))
8164 goto fail_unlock_rcu;
8165 if (ies->len && nla_put(msg, NL80211_BSS_BEACON_IES,
8166 ies->len, ies->data))
8167 goto fail_unlock_rcu;
8168 }
8169 rcu_read_unlock();
8170
8171 if (res->beacon_interval &&
8172 nla_put_u16(msg, NL80211_BSS_BEACON_INTERVAL, res->beacon_interval))
8173 goto nla_put_failure;
8174 if (nla_put_u16(msg, NL80211_BSS_CAPABILITY, res->capability) ||
8175 nla_put_u32(msg, NL80211_BSS_FREQUENCY, res->channel->center_freq) ||
8176 nla_put_u32(msg, NL80211_BSS_CHAN_WIDTH, res->scan_width) ||
8177 nla_put_u32(msg, NL80211_BSS_SEEN_MS_AGO,
8178 jiffies_to_msecs(jiffies - intbss->ts)))
8179 goto nla_put_failure;
8180
8181 if (intbss->parent_tsf &&
8182 (nla_put_u64_64bit(msg, NL80211_BSS_PARENT_TSF,
8183 intbss->parent_tsf, NL80211_BSS_PAD) ||
8184 nla_put(msg, NL80211_BSS_PARENT_BSSID, ETH_ALEN,
8185 intbss->parent_bssid)))
8186 goto nla_put_failure;
8187
8188 if (intbss->ts_boottime &&
8189 nla_put_u64_64bit(msg, NL80211_BSS_LAST_SEEN_BOOTTIME,
8190 intbss->ts_boottime, NL80211_BSS_PAD))
8191 goto nla_put_failure;
8192
8193 if (!nl80211_put_signal(msg, intbss->pub.chains,
8194 intbss->pub.chain_signal,
8195 NL80211_BSS_CHAIN_SIGNAL))
8196 goto nla_put_failure;
8197
8198 switch (rdev->wiphy.signal_type) {
8199 case CFG80211_SIGNAL_TYPE_MBM:
8200 if (nla_put_u32(msg, NL80211_BSS_SIGNAL_MBM, res->signal))
8201 goto nla_put_failure;
8202 break;
8203 case CFG80211_SIGNAL_TYPE_UNSPEC:
8204 if (nla_put_u8(msg, NL80211_BSS_SIGNAL_UNSPEC, res->signal))
8205 goto nla_put_failure;
8206 break;
8207 default:
8208 break;
8209 }
8210
8211 switch (wdev->iftype) {
8212 case NL80211_IFTYPE_P2P_CLIENT:
8213 case NL80211_IFTYPE_STATION:
8214 if (intbss == wdev->current_bss &&
8215 nla_put_u32(msg, NL80211_BSS_STATUS,
8216 NL80211_BSS_STATUS_ASSOCIATED))
8217 goto nla_put_failure;
8218 break;
8219 case NL80211_IFTYPE_ADHOC:
8220 if (intbss == wdev->current_bss &&
8221 nla_put_u32(msg, NL80211_BSS_STATUS,
8222 NL80211_BSS_STATUS_IBSS_JOINED))
8223 goto nla_put_failure;
8224 break;
8225 default:
8226 break;
8227 }
8228
8229 nla_nest_end(msg, bss);
8230
8231 genlmsg_end(msg, hdr);
8232 return 0;
8233
8234 fail_unlock_rcu:
8235 rcu_read_unlock();
8236 nla_put_failure:
8237 genlmsg_cancel(msg, hdr);
8238 return -EMSGSIZE;
8239 }
8240
8241 static int nl80211_dump_scan(struct sk_buff *skb, struct netlink_callback *cb)
8242 {
8243 struct cfg80211_registered_device *rdev;
8244 struct cfg80211_internal_bss *scan;
8245 struct wireless_dev *wdev;
8246 int start = cb->args[2], idx = 0;
8247 int err;
8248
8249 rtnl_lock();
8250 err = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev);
8251 if (err) {
8252 rtnl_unlock();
8253 return err;
8254 }
8255
8256 wdev_lock(wdev);
8257 spin_lock_bh(&rdev->bss_lock);
8258
8259 /*
8260 * dump_scan will be called multiple times to break up the scan results
8261 * into multiple messages. It is unlikely that any more bss-es will be
8262 * expired after the first call, so only call only call this on the
8263 * first dump_scan invocation.
8264 */
8265 if (start == 0)
8266 cfg80211_bss_expire(rdev);
8267
8268 cb->seq = rdev->bss_generation;
8269
8270 list_for_each_entry(scan, &rdev->bss_list, list) {
8271 if (++idx <= start)
8272 continue;
8273 if (nl80211_send_bss(skb, cb,
8274 cb->nlh->nlmsg_seq, NLM_F_MULTI,
8275 rdev, wdev, scan) < 0) {
8276 idx--;
8277 break;
8278 }
8279 }
8280
8281 spin_unlock_bh(&rdev->bss_lock);
8282 wdev_unlock(wdev);
8283
8284 cb->args[2] = idx;
8285 rtnl_unlock();
8286
8287 return skb->len;
8288 }
8289
8290 static int nl80211_send_survey(struct sk_buff *msg, u32 portid, u32 seq,
8291 int flags, struct net_device *dev,
8292 bool allow_radio_stats,
8293 struct survey_info *survey)
8294 {
8295 void *hdr;
8296 struct nlattr *infoattr;
8297
8298 /* skip radio stats if userspace didn't request them */
8299 if (!survey->channel && !allow_radio_stats)
8300 return 0;
8301
8302 hdr = nl80211hdr_put(msg, portid, seq, flags,
8303 NL80211_CMD_NEW_SURVEY_RESULTS);
8304 if (!hdr)
8305 return -ENOMEM;
8306
8307 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
8308 goto nla_put_failure;
8309
8310 infoattr = nla_nest_start(msg, NL80211_ATTR_SURVEY_INFO);
8311 if (!infoattr)
8312 goto nla_put_failure;
8313
8314 if (survey->channel &&
8315 nla_put_u32(msg, NL80211_SURVEY_INFO_FREQUENCY,
8316 survey->channel->center_freq))
8317 goto nla_put_failure;
8318
8319 if ((survey->filled & SURVEY_INFO_NOISE_DBM) &&
8320 nla_put_u8(msg, NL80211_SURVEY_INFO_NOISE, survey->noise))
8321 goto nla_put_failure;
8322 if ((survey->filled & SURVEY_INFO_IN_USE) &&
8323 nla_put_flag(msg, NL80211_SURVEY_INFO_IN_USE))
8324 goto nla_put_failure;
8325 if ((survey->filled & SURVEY_INFO_TIME) &&
8326 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME,
8327 survey->time, NL80211_SURVEY_INFO_PAD))
8328 goto nla_put_failure;
8329 if ((survey->filled & SURVEY_INFO_TIME_BUSY) &&
8330 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_BUSY,
8331 survey->time_busy, NL80211_SURVEY_INFO_PAD))
8332 goto nla_put_failure;
8333 if ((survey->filled & SURVEY_INFO_TIME_EXT_BUSY) &&
8334 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_EXT_BUSY,
8335 survey->time_ext_busy, NL80211_SURVEY_INFO_PAD))
8336 goto nla_put_failure;
8337 if ((survey->filled & SURVEY_INFO_TIME_RX) &&
8338 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_RX,
8339 survey->time_rx, NL80211_SURVEY_INFO_PAD))
8340 goto nla_put_failure;
8341 if ((survey->filled & SURVEY_INFO_TIME_TX) &&
8342 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_TX,
8343 survey->time_tx, NL80211_SURVEY_INFO_PAD))
8344 goto nla_put_failure;
8345 if ((survey->filled & SURVEY_INFO_TIME_SCAN) &&
8346 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_SCAN,
8347 survey->time_scan, NL80211_SURVEY_INFO_PAD))
8348 goto nla_put_failure;
8349
8350 nla_nest_end(msg, infoattr);
8351
8352 genlmsg_end(msg, hdr);
8353 return 0;
8354
8355 nla_put_failure:
8356 genlmsg_cancel(msg, hdr);
8357 return -EMSGSIZE;
8358 }
8359
8360 static int nl80211_dump_survey(struct sk_buff *skb, struct netlink_callback *cb)
8361 {
8362 struct nlattr **attrbuf = genl_family_attrbuf(&nl80211_fam);
8363 struct survey_info survey;
8364 struct cfg80211_registered_device *rdev;
8365 struct wireless_dev *wdev;
8366 int survey_idx = cb->args[2];
8367 int res;
8368 bool radio_stats;
8369
8370 rtnl_lock();
8371 res = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev);
8372 if (res)
8373 goto out_err;
8374
8375 /* prepare_wdev_dump parsed the attributes */
8376 radio_stats = attrbuf[NL80211_ATTR_SURVEY_RADIO_STATS];
8377
8378 if (!wdev->netdev) {
8379 res = -EINVAL;
8380 goto out_err;
8381 }
8382
8383 if (!rdev->ops->dump_survey) {
8384 res = -EOPNOTSUPP;
8385 goto out_err;
8386 }
8387
8388 while (1) {
8389 res = rdev_dump_survey(rdev, wdev->netdev, survey_idx, &survey);
8390 if (res == -ENOENT)
8391 break;
8392 if (res)
8393 goto out_err;
8394
8395 /* don't send disabled channels, but do send non-channel data */
8396 if (survey.channel &&
8397 survey.channel->flags & IEEE80211_CHAN_DISABLED) {
8398 survey_idx++;
8399 continue;
8400 }
8401
8402 if (nl80211_send_survey(skb,
8403 NETLINK_CB(cb->skb).portid,
8404 cb->nlh->nlmsg_seq, NLM_F_MULTI,
8405 wdev->netdev, radio_stats, &survey) < 0)
8406 goto out;
8407 survey_idx++;
8408 }
8409
8410 out:
8411 cb->args[2] = survey_idx;
8412 res = skb->len;
8413 out_err:
8414 rtnl_unlock();
8415 return res;
8416 }
8417
8418 static bool nl80211_valid_wpa_versions(u32 wpa_versions)
8419 {
8420 return !(wpa_versions & ~(NL80211_WPA_VERSION_1 |
8421 NL80211_WPA_VERSION_2));
8422 }
8423
8424 static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info)
8425 {
8426 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8427 struct net_device *dev = info->user_ptr[1];
8428 struct ieee80211_channel *chan;
8429 const u8 *bssid, *ssid, *ie = NULL, *auth_data = NULL;
8430 int err, ssid_len, ie_len = 0, auth_data_len = 0;
8431 enum nl80211_auth_type auth_type;
8432 struct key_parse key;
8433 bool local_state_change;
8434
8435 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
8436 return -EINVAL;
8437
8438 if (!info->attrs[NL80211_ATTR_MAC])
8439 return -EINVAL;
8440
8441 if (!info->attrs[NL80211_ATTR_AUTH_TYPE])
8442 return -EINVAL;
8443
8444 if (!info->attrs[NL80211_ATTR_SSID])
8445 return -EINVAL;
8446
8447 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
8448 return -EINVAL;
8449
8450 err = nl80211_parse_key(info, &key);
8451 if (err)
8452 return err;
8453
8454 if (key.idx >= 0) {
8455 if (key.type != -1 && key.type != NL80211_KEYTYPE_GROUP)
8456 return -EINVAL;
8457 if (!key.p.key || !key.p.key_len)
8458 return -EINVAL;
8459 if ((key.p.cipher != WLAN_CIPHER_SUITE_WEP40 ||
8460 key.p.key_len != WLAN_KEY_LEN_WEP40) &&
8461 (key.p.cipher != WLAN_CIPHER_SUITE_WEP104 ||
8462 key.p.key_len != WLAN_KEY_LEN_WEP104))
8463 return -EINVAL;
8464 if (key.idx > 3)
8465 return -EINVAL;
8466 } else {
8467 key.p.key_len = 0;
8468 key.p.key = NULL;
8469 }
8470
8471 if (key.idx >= 0) {
8472 int i;
8473 bool ok = false;
8474
8475 for (i = 0; i < rdev->wiphy.n_cipher_suites; i++) {
8476 if (key.p.cipher == rdev->wiphy.cipher_suites[i]) {
8477 ok = true;
8478 break;
8479 }
8480 }
8481 if (!ok)
8482 return -EINVAL;
8483 }
8484
8485 if (!rdev->ops->auth)
8486 return -EOPNOTSUPP;
8487
8488 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
8489 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
8490 return -EOPNOTSUPP;
8491
8492 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
8493 chan = nl80211_get_valid_chan(&rdev->wiphy,
8494 info->attrs[NL80211_ATTR_WIPHY_FREQ]);
8495 if (!chan)
8496 return -EINVAL;
8497
8498 ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
8499 ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
8500
8501 if (info->attrs[NL80211_ATTR_IE]) {
8502 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
8503 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
8504 }
8505
8506 auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
8507 if (!nl80211_valid_auth_type(rdev, auth_type, NL80211_CMD_AUTHENTICATE))
8508 return -EINVAL;
8509
8510 if ((auth_type == NL80211_AUTHTYPE_SAE ||
8511 auth_type == NL80211_AUTHTYPE_FILS_SK ||
8512 auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
8513 auth_type == NL80211_AUTHTYPE_FILS_PK) &&
8514 !info->attrs[NL80211_ATTR_AUTH_DATA])
8515 return -EINVAL;
8516
8517 if (info->attrs[NL80211_ATTR_AUTH_DATA]) {
8518 if (auth_type != NL80211_AUTHTYPE_SAE &&
8519 auth_type != NL80211_AUTHTYPE_FILS_SK &&
8520 auth_type != NL80211_AUTHTYPE_FILS_SK_PFS &&
8521 auth_type != NL80211_AUTHTYPE_FILS_PK)
8522 return -EINVAL;
8523 auth_data = nla_data(info->attrs[NL80211_ATTR_AUTH_DATA]);
8524 auth_data_len = nla_len(info->attrs[NL80211_ATTR_AUTH_DATA]);
8525 /* need to include at least Auth Transaction and Status Code */
8526 if (auth_data_len < 4)
8527 return -EINVAL;
8528 }
8529
8530 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
8531
8532 /*
8533 * Since we no longer track auth state, ignore
8534 * requests to only change local state.
8535 */
8536 if (local_state_change)
8537 return 0;
8538
8539 wdev_lock(dev->ieee80211_ptr);
8540 err = cfg80211_mlme_auth(rdev, dev, chan, auth_type, bssid,
8541 ssid, ssid_len, ie, ie_len,
8542 key.p.key, key.p.key_len, key.idx,
8543 auth_data, auth_data_len);
8544 wdev_unlock(dev->ieee80211_ptr);
8545 return err;
8546 }
8547
8548 static int validate_pae_over_nl80211(struct cfg80211_registered_device *rdev,
8549 struct genl_info *info)
8550 {
8551 if (!info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
8552 GENL_SET_ERR_MSG(info, "SOCKET_OWNER not set");
8553 return -EINVAL;
8554 }
8555
8556 if (!rdev->ops->tx_control_port ||
8557 !wiphy_ext_feature_isset(&rdev->wiphy,
8558 NL80211_EXT_FEATURE_CONTROL_PORT_OVER_NL80211))
8559 return -EOPNOTSUPP;
8560
8561 return 0;
8562 }
8563
8564 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
8565 struct genl_info *info,
8566 struct cfg80211_crypto_settings *settings,
8567 int cipher_limit)
8568 {
8569 memset(settings, 0, sizeof(*settings));
8570
8571 settings->control_port = info->attrs[NL80211_ATTR_CONTROL_PORT];
8572
8573 if (info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) {
8574 u16 proto;
8575
8576 proto = nla_get_u16(
8577 info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]);
8578 settings->control_port_ethertype = cpu_to_be16(proto);
8579 if (!(rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
8580 proto != ETH_P_PAE)
8581 return -EINVAL;
8582 if (info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT])
8583 settings->control_port_no_encrypt = true;
8584 } else
8585 settings->control_port_ethertype = cpu_to_be16(ETH_P_PAE);
8586
8587 if (info->attrs[NL80211_ATTR_CONTROL_PORT_OVER_NL80211]) {
8588 int r = validate_pae_over_nl80211(rdev, info);
8589
8590 if (r < 0)
8591 return r;
8592
8593 settings->control_port_over_nl80211 = true;
8594 }
8595
8596 if (info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]) {
8597 void *data;
8598 int len, i;
8599
8600 data = nla_data(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
8601 len = nla_len(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
8602 settings->n_ciphers_pairwise = len / sizeof(u32);
8603
8604 if (len % sizeof(u32))
8605 return -EINVAL;
8606
8607 if (settings->n_ciphers_pairwise > cipher_limit)
8608 return -EINVAL;
8609
8610 memcpy(settings->ciphers_pairwise, data, len);
8611
8612 for (i = 0; i < settings->n_ciphers_pairwise; i++)
8613 if (!cfg80211_supported_cipher_suite(
8614 &rdev->wiphy,
8615 settings->ciphers_pairwise[i]))
8616 return -EINVAL;
8617 }
8618
8619 if (info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]) {
8620 settings->cipher_group =
8621 nla_get_u32(info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]);
8622 if (!cfg80211_supported_cipher_suite(&rdev->wiphy,
8623 settings->cipher_group))
8624 return -EINVAL;
8625 }
8626
8627 if (info->attrs[NL80211_ATTR_WPA_VERSIONS]) {
8628 settings->wpa_versions =
8629 nla_get_u32(info->attrs[NL80211_ATTR_WPA_VERSIONS]);
8630 if (!nl80211_valid_wpa_versions(settings->wpa_versions))
8631 return -EINVAL;
8632 }
8633
8634 if (info->attrs[NL80211_ATTR_AKM_SUITES]) {
8635 void *data;
8636 int len;
8637
8638 data = nla_data(info->attrs[NL80211_ATTR_AKM_SUITES]);
8639 len = nla_len(info->attrs[NL80211_ATTR_AKM_SUITES]);
8640 settings->n_akm_suites = len / sizeof(u32);
8641
8642 if (len % sizeof(u32))
8643 return -EINVAL;
8644
8645 if (settings->n_akm_suites > NL80211_MAX_NR_AKM_SUITES)
8646 return -EINVAL;
8647
8648 memcpy(settings->akm_suites, data, len);
8649 }
8650
8651 if (info->attrs[NL80211_ATTR_PMK]) {
8652 if (nla_len(info->attrs[NL80211_ATTR_PMK]) != WLAN_PMK_LEN)
8653 return -EINVAL;
8654 if (!wiphy_ext_feature_isset(&rdev->wiphy,
8655 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_PSK))
8656 return -EINVAL;
8657 settings->psk = nla_data(info->attrs[NL80211_ATTR_PMK]);
8658 }
8659
8660 return 0;
8661 }
8662
8663 static int nl80211_associate(struct sk_buff *skb, struct genl_info *info)
8664 {
8665 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8666 struct net_device *dev = info->user_ptr[1];
8667 struct ieee80211_channel *chan;
8668 struct cfg80211_assoc_request req = {};
8669 const u8 *bssid, *ssid;
8670 int err, ssid_len = 0;
8671
8672 if (dev->ieee80211_ptr->conn_owner_nlportid &&
8673 dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
8674 return -EPERM;
8675
8676 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
8677 return -EINVAL;
8678
8679 if (!info->attrs[NL80211_ATTR_MAC] ||
8680 !info->attrs[NL80211_ATTR_SSID] ||
8681 !info->attrs[NL80211_ATTR_WIPHY_FREQ])
8682 return -EINVAL;
8683
8684 if (!rdev->ops->assoc)
8685 return -EOPNOTSUPP;
8686
8687 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
8688 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
8689 return -EOPNOTSUPP;
8690
8691 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
8692
8693 chan = nl80211_get_valid_chan(&rdev->wiphy,
8694 info->attrs[NL80211_ATTR_WIPHY_FREQ]);
8695 if (!chan)
8696 return -EINVAL;
8697
8698 ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
8699 ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
8700
8701 if (info->attrs[NL80211_ATTR_IE]) {
8702 req.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
8703 req.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
8704 }
8705
8706 if (info->attrs[NL80211_ATTR_USE_MFP]) {
8707 enum nl80211_mfp mfp =
8708 nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
8709 if (mfp == NL80211_MFP_REQUIRED)
8710 req.use_mfp = true;
8711 else if (mfp != NL80211_MFP_NO)
8712 return -EINVAL;
8713 }
8714
8715 if (info->attrs[NL80211_ATTR_PREV_BSSID])
8716 req.prev_bssid = nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]);
8717
8718 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
8719 req.flags |= ASSOC_REQ_DISABLE_HT;
8720
8721 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
8722 memcpy(&req.ht_capa_mask,
8723 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
8724 sizeof(req.ht_capa_mask));
8725
8726 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
8727 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
8728 return -EINVAL;
8729 memcpy(&req.ht_capa,
8730 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
8731 sizeof(req.ht_capa));
8732 }
8733
8734 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT]))
8735 req.flags |= ASSOC_REQ_DISABLE_VHT;
8736
8737 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
8738 memcpy(&req.vht_capa_mask,
8739 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]),
8740 sizeof(req.vht_capa_mask));
8741
8742 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {
8743 if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
8744 return -EINVAL;
8745 memcpy(&req.vht_capa,
8746 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]),
8747 sizeof(req.vht_capa));
8748 }
8749
8750 if (nla_get_flag(info->attrs[NL80211_ATTR_USE_RRM])) {
8751 if (!((rdev->wiphy.features &
8752 NL80211_FEATURE_DS_PARAM_SET_IE_IN_PROBES) &&
8753 (rdev->wiphy.features & NL80211_FEATURE_QUIET)) &&
8754 !wiphy_ext_feature_isset(&rdev->wiphy,
8755 NL80211_EXT_FEATURE_RRM))
8756 return -EINVAL;
8757 req.flags |= ASSOC_REQ_USE_RRM;
8758 }
8759
8760 if (info->attrs[NL80211_ATTR_FILS_KEK]) {
8761 req.fils_kek = nla_data(info->attrs[NL80211_ATTR_FILS_KEK]);
8762 req.fils_kek_len = nla_len(info->attrs[NL80211_ATTR_FILS_KEK]);
8763 if (!info->attrs[NL80211_ATTR_FILS_NONCES])
8764 return -EINVAL;
8765 req.fils_nonces =
8766 nla_data(info->attrs[NL80211_ATTR_FILS_NONCES]);
8767 }
8768
8769 err = nl80211_crypto_settings(rdev, info, &req.crypto, 1);
8770 if (!err) {
8771 wdev_lock(dev->ieee80211_ptr);
8772
8773 err = cfg80211_mlme_assoc(rdev, dev, chan, bssid,
8774 ssid, ssid_len, &req);
8775
8776 if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
8777 dev->ieee80211_ptr->conn_owner_nlportid =
8778 info->snd_portid;
8779 memcpy(dev->ieee80211_ptr->disconnect_bssid,
8780 bssid, ETH_ALEN);
8781 }
8782
8783 wdev_unlock(dev->ieee80211_ptr);
8784 }
8785
8786 return err;
8787 }
8788
8789 static int nl80211_deauthenticate(struct sk_buff *skb, struct genl_info *info)
8790 {
8791 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8792 struct net_device *dev = info->user_ptr[1];
8793 const u8 *ie = NULL, *bssid;
8794 int ie_len = 0, err;
8795 u16 reason_code;
8796 bool local_state_change;
8797
8798 if (dev->ieee80211_ptr->conn_owner_nlportid &&
8799 dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
8800 return -EPERM;
8801
8802 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
8803 return -EINVAL;
8804
8805 if (!info->attrs[NL80211_ATTR_MAC])
8806 return -EINVAL;
8807
8808 if (!info->attrs[NL80211_ATTR_REASON_CODE])
8809 return -EINVAL;
8810
8811 if (!rdev->ops->deauth)
8812 return -EOPNOTSUPP;
8813
8814 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
8815 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
8816 return -EOPNOTSUPP;
8817
8818 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
8819
8820 reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
8821 if (reason_code == 0) {
8822 /* Reason Code 0 is reserved */
8823 return -EINVAL;
8824 }
8825
8826 if (info->attrs[NL80211_ATTR_IE]) {
8827 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
8828 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
8829 }
8830
8831 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
8832
8833 wdev_lock(dev->ieee80211_ptr);
8834 err = cfg80211_mlme_deauth(rdev, dev, bssid, ie, ie_len, reason_code,
8835 local_state_change);
8836 wdev_unlock(dev->ieee80211_ptr);
8837 return err;
8838 }
8839
8840 static int nl80211_disassociate(struct sk_buff *skb, struct genl_info *info)
8841 {
8842 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8843 struct net_device *dev = info->user_ptr[1];
8844 const u8 *ie = NULL, *bssid;
8845 int ie_len = 0, err;
8846 u16 reason_code;
8847 bool local_state_change;
8848
8849 if (dev->ieee80211_ptr->conn_owner_nlportid &&
8850 dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
8851 return -EPERM;
8852
8853 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
8854 return -EINVAL;
8855
8856 if (!info->attrs[NL80211_ATTR_MAC])
8857 return -EINVAL;
8858
8859 if (!info->attrs[NL80211_ATTR_REASON_CODE])
8860 return -EINVAL;
8861
8862 if (!rdev->ops->disassoc)
8863 return -EOPNOTSUPP;
8864
8865 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
8866 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
8867 return -EOPNOTSUPP;
8868
8869 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
8870
8871 reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
8872 if (reason_code == 0) {
8873 /* Reason Code 0 is reserved */
8874 return -EINVAL;
8875 }
8876
8877 if (info->attrs[NL80211_ATTR_IE]) {
8878 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
8879 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
8880 }
8881
8882 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
8883
8884 wdev_lock(dev->ieee80211_ptr);
8885 err = cfg80211_mlme_disassoc(rdev, dev, bssid, ie, ie_len, reason_code,
8886 local_state_change);
8887 wdev_unlock(dev->ieee80211_ptr);
8888 return err;
8889 }
8890
8891 static bool
8892 nl80211_parse_mcast_rate(struct cfg80211_registered_device *rdev,
8893 int mcast_rate[NUM_NL80211_BANDS],
8894 int rateval)
8895 {
8896 struct wiphy *wiphy = &rdev->wiphy;
8897 bool found = false;
8898 int band, i;
8899
8900 for (band = 0; band < NUM_NL80211_BANDS; band++) {
8901 struct ieee80211_supported_band *sband;
8902
8903 sband = wiphy->bands[band];
8904 if (!sband)
8905 continue;
8906
8907 for (i = 0; i < sband->n_bitrates; i++) {
8908 if (sband->bitrates[i].bitrate == rateval) {
8909 mcast_rate[band] = i + 1;
8910 found = true;
8911 break;
8912 }
8913 }
8914 }
8915
8916 return found;
8917 }
8918
8919 static int nl80211_join_ibss(struct sk_buff *skb, struct genl_info *info)
8920 {
8921 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8922 struct net_device *dev = info->user_ptr[1];
8923 struct cfg80211_ibss_params ibss;
8924 struct wiphy *wiphy;
8925 struct cfg80211_cached_keys *connkeys = NULL;
8926 int err;
8927
8928 memset(&ibss, 0, sizeof(ibss));
8929
8930 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
8931 return -EINVAL;
8932
8933 if (!info->attrs[NL80211_ATTR_SSID] ||
8934 !nla_len(info->attrs[NL80211_ATTR_SSID]))
8935 return -EINVAL;
8936
8937 ibss.beacon_interval = 100;
8938
8939 if (info->attrs[NL80211_ATTR_BEACON_INTERVAL])
8940 ibss.beacon_interval =
8941 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
8942
8943 err = cfg80211_validate_beacon_int(rdev, NL80211_IFTYPE_ADHOC,
8944 ibss.beacon_interval);
8945 if (err)
8946 return err;
8947
8948 if (!rdev->ops->join_ibss)
8949 return -EOPNOTSUPP;
8950
8951 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
8952 return -EOPNOTSUPP;
8953
8954 wiphy = &rdev->wiphy;
8955
8956 if (info->attrs[NL80211_ATTR_MAC]) {
8957 ibss.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
8958
8959 if (!is_valid_ether_addr(ibss.bssid))
8960 return -EINVAL;
8961 }
8962 ibss.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
8963 ibss.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
8964
8965 if (info->attrs[NL80211_ATTR_IE]) {
8966 ibss.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
8967 ibss.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
8968 }
8969
8970 err = nl80211_parse_chandef(rdev, info, &ibss.chandef);
8971 if (err)
8972 return err;
8973
8974 if (!cfg80211_reg_can_beacon(&rdev->wiphy, &ibss.chandef,
8975 NL80211_IFTYPE_ADHOC))
8976 return -EINVAL;
8977
8978 switch (ibss.chandef.width) {
8979 case NL80211_CHAN_WIDTH_5:
8980 case NL80211_CHAN_WIDTH_10:
8981 case NL80211_CHAN_WIDTH_20_NOHT:
8982 break;
8983 case NL80211_CHAN_WIDTH_20:
8984 case NL80211_CHAN_WIDTH_40:
8985 if (!(rdev->wiphy.features & NL80211_FEATURE_HT_IBSS))
8986 return -EINVAL;
8987 break;
8988 case NL80211_CHAN_WIDTH_80:
8989 case NL80211_CHAN_WIDTH_80P80:
8990 case NL80211_CHAN_WIDTH_160:
8991 if (!(rdev->wiphy.features & NL80211_FEATURE_HT_IBSS))
8992 return -EINVAL;
8993 if (!wiphy_ext_feature_isset(&rdev->wiphy,
8994 NL80211_EXT_FEATURE_VHT_IBSS))
8995 return -EINVAL;
8996 break;
8997 default:
8998 return -EINVAL;
8999 }
9000
9001 ibss.channel_fixed = !!info->attrs[NL80211_ATTR_FREQ_FIXED];
9002 ibss.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
9003
9004 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
9005 u8 *rates =
9006 nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
9007 int n_rates =
9008 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
9009 struct ieee80211_supported_band *sband =
9010 wiphy->bands[ibss.chandef.chan->band];
9011
9012 err = ieee80211_get_ratemask(sband, rates, n_rates,
9013 &ibss.basic_rates);
9014 if (err)
9015 return err;
9016 }
9017
9018 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
9019 memcpy(&ibss.ht_capa_mask,
9020 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
9021 sizeof(ibss.ht_capa_mask));
9022
9023 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
9024 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
9025 return -EINVAL;
9026 memcpy(&ibss.ht_capa,
9027 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
9028 sizeof(ibss.ht_capa));
9029 }
9030
9031 if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
9032 !nl80211_parse_mcast_rate(rdev, ibss.mcast_rate,
9033 nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
9034 return -EINVAL;
9035
9036 if (ibss.privacy && info->attrs[NL80211_ATTR_KEYS]) {
9037 bool no_ht = false;
9038
9039 connkeys = nl80211_parse_connkeys(rdev, info, &no_ht);
9040 if (IS_ERR(connkeys))
9041 return PTR_ERR(connkeys);
9042
9043 if ((ibss.chandef.width != NL80211_CHAN_WIDTH_20_NOHT) &&
9044 no_ht) {
9045 kzfree(connkeys);
9046 return -EINVAL;
9047 }
9048 }
9049
9050 ibss.control_port =
9051 nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT]);
9052
9053 if (info->attrs[NL80211_ATTR_CONTROL_PORT_OVER_NL80211]) {
9054 int r = validate_pae_over_nl80211(rdev, info);
9055
9056 if (r < 0) {
9057 kzfree(connkeys);
9058 return r;
9059 }
9060
9061 ibss.control_port_over_nl80211 = true;
9062 }
9063
9064 ibss.userspace_handles_dfs =
9065 nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS]);
9066
9067 wdev_lock(dev->ieee80211_ptr);
9068 err = __cfg80211_join_ibss(rdev, dev, &ibss, connkeys);
9069 if (err)
9070 kzfree(connkeys);
9071 else if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
9072 dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid;
9073 wdev_unlock(dev->ieee80211_ptr);
9074
9075 return err;
9076 }
9077
9078 static int nl80211_leave_ibss(struct sk_buff *skb, struct genl_info *info)
9079 {
9080 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9081 struct net_device *dev = info->user_ptr[1];
9082
9083 if (!rdev->ops->leave_ibss)
9084 return -EOPNOTSUPP;
9085
9086 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
9087 return -EOPNOTSUPP;
9088
9089 return cfg80211_leave_ibss(rdev, dev, false);
9090 }
9091
9092 static int nl80211_set_mcast_rate(struct sk_buff *skb, struct genl_info *info)
9093 {
9094 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9095 struct net_device *dev = info->user_ptr[1];
9096 int mcast_rate[NUM_NL80211_BANDS];
9097 u32 nla_rate;
9098 int err;
9099
9100 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC &&
9101 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
9102 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_OCB)
9103 return -EOPNOTSUPP;
9104
9105 if (!rdev->ops->set_mcast_rate)
9106 return -EOPNOTSUPP;
9107
9108 memset(mcast_rate, 0, sizeof(mcast_rate));
9109
9110 if (!info->attrs[NL80211_ATTR_MCAST_RATE])
9111 return -EINVAL;
9112
9113 nla_rate = nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE]);
9114 if (!nl80211_parse_mcast_rate(rdev, mcast_rate, nla_rate))
9115 return -EINVAL;
9116
9117 err = rdev_set_mcast_rate(rdev, dev, mcast_rate);
9118
9119 return err;
9120 }
9121
9122 static struct sk_buff *
9123 __cfg80211_alloc_vendor_skb(struct cfg80211_registered_device *rdev,
9124 struct wireless_dev *wdev, int approxlen,
9125 u32 portid, u32 seq, enum nl80211_commands cmd,
9126 enum nl80211_attrs attr,
9127 const struct nl80211_vendor_cmd_info *info,
9128 gfp_t gfp)
9129 {
9130 struct sk_buff *skb;
9131 void *hdr;
9132 struct nlattr *data;
9133
9134 skb = nlmsg_new(approxlen + 100, gfp);
9135 if (!skb)
9136 return NULL;
9137
9138 hdr = nl80211hdr_put(skb, portid, seq, 0, cmd);
9139 if (!hdr) {
9140 kfree_skb(skb);
9141 return NULL;
9142 }
9143
9144 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
9145 goto nla_put_failure;
9146
9147 if (info) {
9148 if (nla_put_u32(skb, NL80211_ATTR_VENDOR_ID,
9149 info->vendor_id))
9150 goto nla_put_failure;
9151 if (nla_put_u32(skb, NL80211_ATTR_VENDOR_SUBCMD,
9152 info->subcmd))
9153 goto nla_put_failure;
9154 }
9155
9156 if (wdev) {
9157 if (nla_put_u64_64bit(skb, NL80211_ATTR_WDEV,
9158 wdev_id(wdev), NL80211_ATTR_PAD))
9159 goto nla_put_failure;
9160 if (wdev->netdev &&
9161 nla_put_u32(skb, NL80211_ATTR_IFINDEX,
9162 wdev->netdev->ifindex))
9163 goto nla_put_failure;
9164 }
9165
9166 data = nla_nest_start(skb, attr);
9167 if (!data)
9168 goto nla_put_failure;
9169
9170 ((void **)skb->cb)[0] = rdev;
9171 ((void **)skb->cb)[1] = hdr;
9172 ((void **)skb->cb)[2] = data;
9173
9174 return skb;
9175
9176 nla_put_failure:
9177 kfree_skb(skb);
9178 return NULL;
9179 }
9180
9181 struct sk_buff *__cfg80211_alloc_event_skb(struct wiphy *wiphy,
9182 struct wireless_dev *wdev,
9183 enum nl80211_commands cmd,
9184 enum nl80211_attrs attr,
9185 int vendor_event_idx,
9186 int approxlen, gfp_t gfp)
9187 {
9188 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
9189 const struct nl80211_vendor_cmd_info *info;
9190
9191 switch (cmd) {
9192 case NL80211_CMD_TESTMODE:
9193 if (WARN_ON(vendor_event_idx != -1))
9194 return NULL;
9195 info = NULL;
9196 break;
9197 case NL80211_CMD_VENDOR:
9198 if (WARN_ON(vendor_event_idx < 0 ||
9199 vendor_event_idx >= wiphy->n_vendor_events))
9200 return NULL;
9201 info = &wiphy->vendor_events[vendor_event_idx];
9202 break;
9203 default:
9204 WARN_ON(1);
9205 return NULL;
9206 }
9207
9208 return __cfg80211_alloc_vendor_skb(rdev, wdev, approxlen, 0, 0,
9209 cmd, attr, info, gfp);
9210 }
9211 EXPORT_SYMBOL(__cfg80211_alloc_event_skb);
9212
9213 void __cfg80211_send_event_skb(struct sk_buff *skb, gfp_t gfp)
9214 {
9215 struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
9216 void *hdr = ((void **)skb->cb)[1];
9217 struct nlattr *data = ((void **)skb->cb)[2];
9218 enum nl80211_multicast_groups mcgrp = NL80211_MCGRP_TESTMODE;
9219
9220 /* clear CB data for netlink core to own from now on */
9221 memset(skb->cb, 0, sizeof(skb->cb));
9222
9223 nla_nest_end(skb, data);
9224 genlmsg_end(skb, hdr);
9225
9226 if (data->nla_type == NL80211_ATTR_VENDOR_DATA)
9227 mcgrp = NL80211_MCGRP_VENDOR;
9228
9229 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), skb, 0,
9230 mcgrp, gfp);
9231 }
9232 EXPORT_SYMBOL(__cfg80211_send_event_skb);
9233
9234 #ifdef CONFIG_NL80211_TESTMODE
9235 static int nl80211_testmode_do(struct sk_buff *skb, struct genl_info *info)
9236 {
9237 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9238 struct wireless_dev *wdev =
9239 __cfg80211_wdev_from_attrs(genl_info_net(info), info->attrs);
9240 int err;
9241
9242 if (!rdev->ops->testmode_cmd)
9243 return -EOPNOTSUPP;
9244
9245 if (IS_ERR(wdev)) {
9246 err = PTR_ERR(wdev);
9247 if (err != -EINVAL)
9248 return err;
9249 wdev = NULL;
9250 } else if (wdev->wiphy != &rdev->wiphy) {
9251 return -EINVAL;
9252 }
9253
9254 if (!info->attrs[NL80211_ATTR_TESTDATA])
9255 return -EINVAL;
9256
9257 rdev->cur_cmd_info = info;
9258 err = rdev_testmode_cmd(rdev, wdev,
9259 nla_data(info->attrs[NL80211_ATTR_TESTDATA]),
9260 nla_len(info->attrs[NL80211_ATTR_TESTDATA]));
9261 rdev->cur_cmd_info = NULL;
9262
9263 return err;
9264 }
9265
9266 static int nl80211_testmode_dump(struct sk_buff *skb,
9267 struct netlink_callback *cb)
9268 {
9269 struct cfg80211_registered_device *rdev;
9270 int err;
9271 long phy_idx;
9272 void *data = NULL;
9273 int data_len = 0;
9274
9275 rtnl_lock();
9276
9277 if (cb->args[0]) {
9278 /*
9279 * 0 is a valid index, but not valid for args[0],
9280 * so we need to offset by 1.
9281 */
9282 phy_idx = cb->args[0] - 1;
9283
9284 rdev = cfg80211_rdev_by_wiphy_idx(phy_idx);
9285 if (!rdev) {
9286 err = -ENOENT;
9287 goto out_err;
9288 }
9289 } else {
9290 struct nlattr **attrbuf = genl_family_attrbuf(&nl80211_fam);
9291
9292 err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
9293 attrbuf, nl80211_fam.maxattr,
9294 nl80211_policy, NULL);
9295 if (err)
9296 goto out_err;
9297
9298 rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk), attrbuf);
9299 if (IS_ERR(rdev)) {
9300 err = PTR_ERR(rdev);
9301 goto out_err;
9302 }
9303 phy_idx = rdev->wiphy_idx;
9304
9305 if (attrbuf[NL80211_ATTR_TESTDATA])
9306 cb->args[1] = (long)attrbuf[NL80211_ATTR_TESTDATA];
9307 }
9308
9309 if (cb->args[1]) {
9310 data = nla_data((void *)cb->args[1]);
9311 data_len = nla_len((void *)cb->args[1]);
9312 }
9313
9314 if (!rdev->ops->testmode_dump) {
9315 err = -EOPNOTSUPP;
9316 goto out_err;
9317 }
9318
9319 while (1) {
9320 void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid,
9321 cb->nlh->nlmsg_seq, NLM_F_MULTI,
9322 NL80211_CMD_TESTMODE);
9323 struct nlattr *tmdata;
9324
9325 if (!hdr)
9326 break;
9327
9328 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, phy_idx)) {
9329 genlmsg_cancel(skb, hdr);
9330 break;
9331 }
9332
9333 tmdata = nla_nest_start(skb, NL80211_ATTR_TESTDATA);
9334 if (!tmdata) {
9335 genlmsg_cancel(skb, hdr);
9336 break;
9337 }
9338 err = rdev_testmode_dump(rdev, skb, cb, data, data_len);
9339 nla_nest_end(skb, tmdata);
9340
9341 if (err == -ENOBUFS || err == -ENOENT) {
9342 genlmsg_cancel(skb, hdr);
9343 break;
9344 } else if (err) {
9345 genlmsg_cancel(skb, hdr);
9346 goto out_err;
9347 }
9348
9349 genlmsg_end(skb, hdr);
9350 }
9351
9352 err = skb->len;
9353 /* see above */
9354 cb->args[0] = phy_idx + 1;
9355 out_err:
9356 rtnl_unlock();
9357 return err;
9358 }
9359 #endif
9360
9361 static int nl80211_connect(struct sk_buff *skb, struct genl_info *info)
9362 {
9363 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9364 struct net_device *dev = info->user_ptr[1];
9365 struct cfg80211_connect_params connect;
9366 struct wiphy *wiphy;
9367 struct cfg80211_cached_keys *connkeys = NULL;
9368 int err;
9369
9370 memset(&connect, 0, sizeof(connect));
9371
9372 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
9373 return -EINVAL;
9374
9375 if (!info->attrs[NL80211_ATTR_SSID] ||
9376 !nla_len(info->attrs[NL80211_ATTR_SSID]))
9377 return -EINVAL;
9378
9379 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
9380 connect.auth_type =
9381 nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
9382 if (!nl80211_valid_auth_type(rdev, connect.auth_type,
9383 NL80211_CMD_CONNECT))
9384 return -EINVAL;
9385 } else
9386 connect.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
9387
9388 connect.privacy = info->attrs[NL80211_ATTR_PRIVACY];
9389
9390 if (info->attrs[NL80211_ATTR_WANT_1X_4WAY_HS] &&
9391 !wiphy_ext_feature_isset(&rdev->wiphy,
9392 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
9393 return -EINVAL;
9394 connect.want_1x = info->attrs[NL80211_ATTR_WANT_1X_4WAY_HS];
9395
9396 err = nl80211_crypto_settings(rdev, info, &connect.crypto,
9397 NL80211_MAX_NR_CIPHER_SUITES);
9398 if (err)
9399 return err;
9400
9401 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
9402 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
9403 return -EOPNOTSUPP;
9404
9405 wiphy = &rdev->wiphy;
9406
9407 connect.bg_scan_period = -1;
9408 if (info->attrs[NL80211_ATTR_BG_SCAN_PERIOD] &&
9409 (wiphy->flags & WIPHY_FLAG_SUPPORTS_FW_ROAM)) {
9410 connect.bg_scan_period =
9411 nla_get_u16(info->attrs[NL80211_ATTR_BG_SCAN_PERIOD]);
9412 }
9413
9414 if (info->attrs[NL80211_ATTR_MAC])
9415 connect.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
9416 else if (info->attrs[NL80211_ATTR_MAC_HINT])
9417 connect.bssid_hint =
9418 nla_data(info->attrs[NL80211_ATTR_MAC_HINT]);
9419 connect.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
9420 connect.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
9421
9422 if (info->attrs[NL80211_ATTR_IE]) {
9423 connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
9424 connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
9425 }
9426
9427 if (info->attrs[NL80211_ATTR_USE_MFP]) {
9428 connect.mfp = nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
9429 if (connect.mfp == NL80211_MFP_OPTIONAL &&
9430 !wiphy_ext_feature_isset(&rdev->wiphy,
9431 NL80211_EXT_FEATURE_MFP_OPTIONAL))
9432 return -EOPNOTSUPP;
9433
9434 if (connect.mfp != NL80211_MFP_REQUIRED &&
9435 connect.mfp != NL80211_MFP_NO &&
9436 connect.mfp != NL80211_MFP_OPTIONAL)
9437 return -EINVAL;
9438 } else {
9439 connect.mfp = NL80211_MFP_NO;
9440 }
9441
9442 if (info->attrs[NL80211_ATTR_PREV_BSSID])
9443 connect.prev_bssid =
9444 nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]);
9445
9446 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
9447 connect.channel = nl80211_get_valid_chan(
9448 wiphy, info->attrs[NL80211_ATTR_WIPHY_FREQ]);
9449 if (!connect.channel)
9450 return -EINVAL;
9451 } else if (info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]) {
9452 connect.channel_hint = nl80211_get_valid_chan(
9453 wiphy, info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]);
9454 if (!connect.channel_hint)
9455 return -EINVAL;
9456 }
9457
9458 if (connect.privacy && info->attrs[NL80211_ATTR_KEYS]) {
9459 connkeys = nl80211_parse_connkeys(rdev, info, NULL);
9460 if (IS_ERR(connkeys))
9461 return PTR_ERR(connkeys);
9462 }
9463
9464 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
9465 connect.flags |= ASSOC_REQ_DISABLE_HT;
9466
9467 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
9468 memcpy(&connect.ht_capa_mask,
9469 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
9470 sizeof(connect.ht_capa_mask));
9471
9472 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
9473 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) {
9474 kzfree(connkeys);
9475 return -EINVAL;
9476 }
9477 memcpy(&connect.ht_capa,
9478 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
9479 sizeof(connect.ht_capa));
9480 }
9481
9482 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT]))
9483 connect.flags |= ASSOC_REQ_DISABLE_VHT;
9484
9485 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
9486 memcpy(&connect.vht_capa_mask,
9487 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]),
9488 sizeof(connect.vht_capa_mask));
9489
9490 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {
9491 if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]) {
9492 kzfree(connkeys);
9493 return -EINVAL;
9494 }
9495 memcpy(&connect.vht_capa,
9496 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]),
9497 sizeof(connect.vht_capa));
9498 }
9499
9500 if (nla_get_flag(info->attrs[NL80211_ATTR_USE_RRM])) {
9501 if (!((rdev->wiphy.features &
9502 NL80211_FEATURE_DS_PARAM_SET_IE_IN_PROBES) &&
9503 (rdev->wiphy.features & NL80211_FEATURE_QUIET)) &&
9504 !wiphy_ext_feature_isset(&rdev->wiphy,
9505 NL80211_EXT_FEATURE_RRM)) {
9506 kzfree(connkeys);
9507 return -EINVAL;
9508 }
9509 connect.flags |= ASSOC_REQ_USE_RRM;
9510 }
9511
9512 connect.pbss = nla_get_flag(info->attrs[NL80211_ATTR_PBSS]);
9513 if (connect.pbss && !rdev->wiphy.bands[NL80211_BAND_60GHZ]) {
9514 kzfree(connkeys);
9515 return -EOPNOTSUPP;
9516 }
9517
9518 if (info->attrs[NL80211_ATTR_BSS_SELECT]) {
9519 /* bss selection makes no sense if bssid is set */
9520 if (connect.bssid) {
9521 kzfree(connkeys);
9522 return -EINVAL;
9523 }
9524
9525 err = parse_bss_select(info->attrs[NL80211_ATTR_BSS_SELECT],
9526 wiphy, &connect.bss_select);
9527 if (err) {
9528 kzfree(connkeys);
9529 return err;
9530 }
9531 }
9532
9533 if (wiphy_ext_feature_isset(&rdev->wiphy,
9534 NL80211_EXT_FEATURE_FILS_SK_OFFLOAD) &&
9535 info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] &&
9536 info->attrs[NL80211_ATTR_FILS_ERP_REALM] &&
9537 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] &&
9538 info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
9539 connect.fils_erp_username =
9540 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
9541 connect.fils_erp_username_len =
9542 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
9543 connect.fils_erp_realm =
9544 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
9545 connect.fils_erp_realm_len =
9546 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
9547 connect.fils_erp_next_seq_num =
9548 nla_get_u16(
9549 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM]);
9550 connect.fils_erp_rrk =
9551 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
9552 connect.fils_erp_rrk_len =
9553 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
9554 } else if (info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] ||
9555 info->attrs[NL80211_ATTR_FILS_ERP_REALM] ||
9556 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] ||
9557 info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
9558 kzfree(connkeys);
9559 return -EINVAL;
9560 }
9561
9562 if (nla_get_flag(info->attrs[NL80211_ATTR_EXTERNAL_AUTH_SUPPORT])) {
9563 if (!info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
9564 kzfree(connkeys);
9565 GENL_SET_ERR_MSG(info,
9566 "external auth requires connection ownership");
9567 return -EINVAL;
9568 }
9569 connect.flags |= CONNECT_REQ_EXTERNAL_AUTH_SUPPORT;
9570 }
9571
9572 wdev_lock(dev->ieee80211_ptr);
9573
9574 err = cfg80211_connect(rdev, dev, &connect, connkeys,
9575 connect.prev_bssid);
9576 if (err)
9577 kzfree(connkeys);
9578
9579 if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
9580 dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid;
9581 if (connect.bssid)
9582 memcpy(dev->ieee80211_ptr->disconnect_bssid,
9583 connect.bssid, ETH_ALEN);
9584 else
9585 memset(dev->ieee80211_ptr->disconnect_bssid,
9586 0, ETH_ALEN);
9587 }
9588
9589 wdev_unlock(dev->ieee80211_ptr);
9590
9591 return err;
9592 }
9593
9594 static int nl80211_update_connect_params(struct sk_buff *skb,
9595 struct genl_info *info)
9596 {
9597 struct cfg80211_connect_params connect = {};
9598 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9599 struct net_device *dev = info->user_ptr[1];
9600 struct wireless_dev *wdev = dev->ieee80211_ptr;
9601 bool fils_sk_offload;
9602 u32 auth_type;
9603 u32 changed = 0;
9604 int ret;
9605
9606 if (!rdev->ops->update_connect_params)
9607 return -EOPNOTSUPP;
9608
9609 if (info->attrs[NL80211_ATTR_IE]) {
9610 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
9611 return -EINVAL;
9612 connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
9613 connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
9614 changed |= UPDATE_ASSOC_IES;
9615 }
9616
9617 fils_sk_offload = wiphy_ext_feature_isset(&rdev->wiphy,
9618 NL80211_EXT_FEATURE_FILS_SK_OFFLOAD);
9619
9620 /*
9621 * when driver supports fils-sk offload all attributes must be
9622 * provided. So the else covers "fils-sk-not-all" and
9623 * "no-fils-sk-any".
9624 */
9625 if (fils_sk_offload &&
9626 info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] &&
9627 info->attrs[NL80211_ATTR_FILS_ERP_REALM] &&
9628 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] &&
9629 info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
9630 connect.fils_erp_username =
9631 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
9632 connect.fils_erp_username_len =
9633 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
9634 connect.fils_erp_realm =
9635 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
9636 connect.fils_erp_realm_len =
9637 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
9638 connect.fils_erp_next_seq_num =
9639 nla_get_u16(
9640 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM]);
9641 connect.fils_erp_rrk =
9642 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
9643 connect.fils_erp_rrk_len =
9644 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
9645 changed |= UPDATE_FILS_ERP_INFO;
9646 } else if (info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] ||
9647 info->attrs[NL80211_ATTR_FILS_ERP_REALM] ||
9648 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] ||
9649 info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
9650 return -EINVAL;
9651 }
9652
9653 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
9654 auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
9655 if (!nl80211_valid_auth_type(rdev, auth_type,
9656 NL80211_CMD_CONNECT))
9657 return -EINVAL;
9658
9659 if (auth_type == NL80211_AUTHTYPE_FILS_SK &&
9660 fils_sk_offload && !(changed & UPDATE_FILS_ERP_INFO))
9661 return -EINVAL;
9662
9663 connect.auth_type = auth_type;
9664 changed |= UPDATE_AUTH_TYPE;
9665 }
9666
9667 wdev_lock(dev->ieee80211_ptr);
9668 if (!wdev->current_bss)
9669 ret = -ENOLINK;
9670 else
9671 ret = rdev_update_connect_params(rdev, dev, &connect, changed);
9672 wdev_unlock(dev->ieee80211_ptr);
9673
9674 return ret;
9675 }
9676
9677 static int nl80211_disconnect(struct sk_buff *skb, struct genl_info *info)
9678 {
9679 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9680 struct net_device *dev = info->user_ptr[1];
9681 u16 reason;
9682 int ret;
9683
9684 if (dev->ieee80211_ptr->conn_owner_nlportid &&
9685 dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
9686 return -EPERM;
9687
9688 if (!info->attrs[NL80211_ATTR_REASON_CODE])
9689 reason = WLAN_REASON_DEAUTH_LEAVING;
9690 else
9691 reason = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
9692
9693 if (reason == 0)
9694 return -EINVAL;
9695
9696 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
9697 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
9698 return -EOPNOTSUPP;
9699
9700 wdev_lock(dev->ieee80211_ptr);
9701 ret = cfg80211_disconnect(rdev, dev, reason, true);
9702 wdev_unlock(dev->ieee80211_ptr);
9703 return ret;
9704 }
9705
9706 static int nl80211_wiphy_netns(struct sk_buff *skb, struct genl_info *info)
9707 {
9708 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9709 struct net *net;
9710 int err;
9711
9712 if (info->attrs[NL80211_ATTR_PID]) {
9713 u32 pid = nla_get_u32(info->attrs[NL80211_ATTR_PID]);
9714
9715 net = get_net_ns_by_pid(pid);
9716 } else if (info->attrs[NL80211_ATTR_NETNS_FD]) {
9717 u32 fd = nla_get_u32(info->attrs[NL80211_ATTR_NETNS_FD]);
9718
9719 net = get_net_ns_by_fd(fd);
9720 } else {
9721 return -EINVAL;
9722 }
9723
9724 if (IS_ERR(net))
9725 return PTR_ERR(net);
9726
9727 err = 0;
9728
9729 /* check if anything to do */
9730 if (!net_eq(wiphy_net(&rdev->wiphy), net))
9731 err = cfg80211_switch_netns(rdev, net);
9732
9733 put_net(net);
9734 return err;
9735 }
9736
9737 static int nl80211_setdel_pmksa(struct sk_buff *skb, struct genl_info *info)
9738 {
9739 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9740 int (*rdev_ops)(struct wiphy *wiphy, struct net_device *dev,
9741 struct cfg80211_pmksa *pmksa) = NULL;
9742 struct net_device *dev = info->user_ptr[1];
9743 struct cfg80211_pmksa pmksa;
9744
9745 memset(&pmksa, 0, sizeof(struct cfg80211_pmksa));
9746
9747 if (!info->attrs[NL80211_ATTR_PMKID])
9748 return -EINVAL;
9749
9750 pmksa.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]);
9751
9752 if (info->attrs[NL80211_ATTR_MAC]) {
9753 pmksa.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
9754 } else if (info->attrs[NL80211_ATTR_SSID] &&
9755 info->attrs[NL80211_ATTR_FILS_CACHE_ID] &&
9756 (info->genlhdr->cmd == NL80211_CMD_DEL_PMKSA ||
9757 info->attrs[NL80211_ATTR_PMK])) {
9758 pmksa.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
9759 pmksa.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
9760 pmksa.cache_id =
9761 nla_data(info->attrs[NL80211_ATTR_FILS_CACHE_ID]);
9762 } else {
9763 return -EINVAL;
9764 }
9765 if (info->attrs[NL80211_ATTR_PMK]) {
9766 pmksa.pmk = nla_data(info->attrs[NL80211_ATTR_PMK]);
9767 pmksa.pmk_len = nla_len(info->attrs[NL80211_ATTR_PMK]);
9768 }
9769
9770 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
9771 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
9772 return -EOPNOTSUPP;
9773
9774 switch (info->genlhdr->cmd) {
9775 case NL80211_CMD_SET_PMKSA:
9776 rdev_ops = rdev->ops->set_pmksa;
9777 break;
9778 case NL80211_CMD_DEL_PMKSA:
9779 rdev_ops = rdev->ops->del_pmksa;
9780 break;
9781 default:
9782 WARN_ON(1);
9783 break;
9784 }
9785
9786 if (!rdev_ops)
9787 return -EOPNOTSUPP;
9788
9789 return rdev_ops(&rdev->wiphy, dev, &pmksa);
9790 }
9791
9792 static int nl80211_flush_pmksa(struct sk_buff *skb, struct genl_info *info)
9793 {
9794 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9795 struct net_device *dev = info->user_ptr[1];
9796
9797 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
9798 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
9799 return -EOPNOTSUPP;
9800
9801 if (!rdev->ops->flush_pmksa)
9802 return -EOPNOTSUPP;
9803
9804 return rdev_flush_pmksa(rdev, dev);
9805 }
9806
9807 static int nl80211_tdls_mgmt(struct sk_buff *skb, struct genl_info *info)
9808 {
9809 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9810 struct net_device *dev = info->user_ptr[1];
9811 u8 action_code, dialog_token;
9812 u32 peer_capability = 0;
9813 u16 status_code;
9814 u8 *peer;
9815 bool initiator;
9816
9817 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
9818 !rdev->ops->tdls_mgmt)
9819 return -EOPNOTSUPP;
9820
9821 if (!info->attrs[NL80211_ATTR_TDLS_ACTION] ||
9822 !info->attrs[NL80211_ATTR_STATUS_CODE] ||
9823 !info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN] ||
9824 !info->attrs[NL80211_ATTR_IE] ||
9825 !info->attrs[NL80211_ATTR_MAC])
9826 return -EINVAL;
9827
9828 peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
9829 action_code = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_ACTION]);
9830 status_code = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
9831 dialog_token = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN]);
9832 initiator = nla_get_flag(info->attrs[NL80211_ATTR_TDLS_INITIATOR]);
9833 if (info->attrs[NL80211_ATTR_TDLS_PEER_CAPABILITY])
9834 peer_capability =
9835 nla_get_u32(info->attrs[NL80211_ATTR_TDLS_PEER_CAPABILITY]);
9836
9837 return rdev_tdls_mgmt(rdev, dev, peer, action_code,
9838 dialog_token, status_code, peer_capability,
9839 initiator,
9840 nla_data(info->attrs[NL80211_ATTR_IE]),
9841 nla_len(info->attrs[NL80211_ATTR_IE]));
9842 }
9843
9844 static int nl80211_tdls_oper(struct sk_buff *skb, struct genl_info *info)
9845 {
9846 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9847 struct net_device *dev = info->user_ptr[1];
9848 enum nl80211_tdls_operation operation;
9849 u8 *peer;
9850
9851 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
9852 !rdev->ops->tdls_oper)
9853 return -EOPNOTSUPP;
9854
9855 if (!info->attrs[NL80211_ATTR_TDLS_OPERATION] ||
9856 !info->attrs[NL80211_ATTR_MAC])
9857 return -EINVAL;
9858
9859 operation = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_OPERATION]);
9860 peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
9861
9862 return rdev_tdls_oper(rdev, dev, peer, operation);
9863 }
9864
9865 static int nl80211_remain_on_channel(struct sk_buff *skb,
9866 struct genl_info *info)
9867 {
9868 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9869 struct wireless_dev *wdev = info->user_ptr[1];
9870 struct cfg80211_chan_def chandef;
9871 const struct cfg80211_chan_def *compat_chandef;
9872 struct sk_buff *msg;
9873 void *hdr;
9874 u64 cookie;
9875 u32 duration;
9876 int err;
9877
9878 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
9879 !info->attrs[NL80211_ATTR_DURATION])
9880 return -EINVAL;
9881
9882 duration = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
9883
9884 if (!rdev->ops->remain_on_channel ||
9885 !(rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL))
9886 return -EOPNOTSUPP;
9887
9888 /*
9889 * We should be on that channel for at least a minimum amount of
9890 * time (10ms) but no longer than the driver supports.
9891 */
9892 if (duration < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
9893 duration > rdev->wiphy.max_remain_on_channel_duration)
9894 return -EINVAL;
9895
9896 err = nl80211_parse_chandef(rdev, info, &chandef);
9897 if (err)
9898 return err;
9899
9900 wdev_lock(wdev);
9901 if (!cfg80211_off_channel_oper_allowed(wdev) &&
9902 !cfg80211_chandef_identical(&wdev->chandef, &chandef)) {
9903 compat_chandef = cfg80211_chandef_compatible(&wdev->chandef,
9904 &chandef);
9905 if (compat_chandef != &chandef) {
9906 wdev_unlock(wdev);
9907 return -EBUSY;
9908 }
9909 }
9910 wdev_unlock(wdev);
9911
9912 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
9913 if (!msg)
9914 return -ENOMEM;
9915
9916 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
9917 NL80211_CMD_REMAIN_ON_CHANNEL);
9918 if (!hdr) {
9919 err = -ENOBUFS;
9920 goto free_msg;
9921 }
9922
9923 err = rdev_remain_on_channel(rdev, wdev, chandef.chan,
9924 duration, &cookie);
9925
9926 if (err)
9927 goto free_msg;
9928
9929 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
9930 NL80211_ATTR_PAD))
9931 goto nla_put_failure;
9932
9933 genlmsg_end(msg, hdr);
9934
9935 return genlmsg_reply(msg, info);
9936
9937 nla_put_failure:
9938 err = -ENOBUFS;
9939 free_msg:
9940 nlmsg_free(msg);
9941 return err;
9942 }
9943
9944 static int nl80211_cancel_remain_on_channel(struct sk_buff *skb,
9945 struct genl_info *info)
9946 {
9947 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9948 struct wireless_dev *wdev = info->user_ptr[1];
9949 u64 cookie;
9950
9951 if (!info->attrs[NL80211_ATTR_COOKIE])
9952 return -EINVAL;
9953
9954 if (!rdev->ops->cancel_remain_on_channel)
9955 return -EOPNOTSUPP;
9956
9957 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
9958
9959 return rdev_cancel_remain_on_channel(rdev, wdev, cookie);
9960 }
9961
9962 static int nl80211_set_tx_bitrate_mask(struct sk_buff *skb,
9963 struct genl_info *info)
9964 {
9965 struct cfg80211_bitrate_mask mask;
9966 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9967 struct net_device *dev = info->user_ptr[1];
9968 int err;
9969
9970 if (!rdev->ops->set_bitrate_mask)
9971 return -EOPNOTSUPP;
9972
9973 err = nl80211_parse_tx_bitrate_mask(info, &mask);
9974 if (err)
9975 return err;
9976
9977 return rdev_set_bitrate_mask(rdev, dev, NULL, &mask);
9978 }
9979
9980 static int nl80211_register_mgmt(struct sk_buff *skb, struct genl_info *info)
9981 {
9982 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9983 struct wireless_dev *wdev = info->user_ptr[1];
9984 u16 frame_type = IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_ACTION;
9985
9986 if (!info->attrs[NL80211_ATTR_FRAME_MATCH])
9987 return -EINVAL;
9988
9989 if (info->attrs[NL80211_ATTR_FRAME_TYPE])
9990 frame_type = nla_get_u16(info->attrs[NL80211_ATTR_FRAME_TYPE]);
9991
9992 switch (wdev->iftype) {
9993 case NL80211_IFTYPE_STATION:
9994 case NL80211_IFTYPE_ADHOC:
9995 case NL80211_IFTYPE_P2P_CLIENT:
9996 case NL80211_IFTYPE_AP:
9997 case NL80211_IFTYPE_AP_VLAN:
9998 case NL80211_IFTYPE_MESH_POINT:
9999 case NL80211_IFTYPE_P2P_GO:
10000 case NL80211_IFTYPE_P2P_DEVICE:
10001 break;
10002 case NL80211_IFTYPE_NAN:
10003 default:
10004 return -EOPNOTSUPP;
10005 }
10006
10007 /* not much point in registering if we can't reply */
10008 if (!rdev->ops->mgmt_tx)
10009 return -EOPNOTSUPP;
10010
10011 return cfg80211_mlme_register_mgmt(wdev, info->snd_portid, frame_type,
10012 nla_data(info->attrs[NL80211_ATTR_FRAME_MATCH]),
10013 nla_len(info->attrs[NL80211_ATTR_FRAME_MATCH]));
10014 }
10015
10016 static int nl80211_tx_mgmt(struct sk_buff *skb, struct genl_info *info)
10017 {
10018 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10019 struct wireless_dev *wdev = info->user_ptr[1];
10020 struct cfg80211_chan_def chandef;
10021 int err;
10022 void *hdr = NULL;
10023 u64 cookie;
10024 struct sk_buff *msg = NULL;
10025 struct cfg80211_mgmt_tx_params params = {
10026 .dont_wait_for_ack =
10027 info->attrs[NL80211_ATTR_DONT_WAIT_FOR_ACK],
10028 };
10029
10030 if (!info->attrs[NL80211_ATTR_FRAME])
10031 return -EINVAL;
10032
10033 if (!rdev->ops->mgmt_tx)
10034 return -EOPNOTSUPP;
10035
10036 switch (wdev->iftype) {
10037 case NL80211_IFTYPE_P2P_DEVICE:
10038 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
10039 return -EINVAL;
10040 case NL80211_IFTYPE_STATION:
10041 case NL80211_IFTYPE_ADHOC:
10042 case NL80211_IFTYPE_P2P_CLIENT:
10043 case NL80211_IFTYPE_AP:
10044 case NL80211_IFTYPE_AP_VLAN:
10045 case NL80211_IFTYPE_MESH_POINT:
10046 case NL80211_IFTYPE_P2P_GO:
10047 break;
10048 case NL80211_IFTYPE_NAN:
10049 default:
10050 return -EOPNOTSUPP;
10051 }
10052
10053 if (info->attrs[NL80211_ATTR_DURATION]) {
10054 if (!(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
10055 return -EINVAL;
10056 params.wait = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
10057
10058 /*
10059 * We should wait on the channel for at least a minimum amount
10060 * of time (10ms) but no longer than the driver supports.
10061 */
10062 if (params.wait < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
10063 params.wait > rdev->wiphy.max_remain_on_channel_duration)
10064 return -EINVAL;
10065 }
10066
10067 params.offchan = info->attrs[NL80211_ATTR_OFFCHANNEL_TX_OK];
10068
10069 if (params.offchan && !(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
10070 return -EINVAL;
10071
10072 params.no_cck = nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
10073
10074 /* get the channel if any has been specified, otherwise pass NULL to
10075 * the driver. The latter will use the current one
10076 */
10077 chandef.chan = NULL;
10078 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
10079 err = nl80211_parse_chandef(rdev, info, &chandef);
10080 if (err)
10081 return err;
10082 }
10083
10084 if (!chandef.chan && params.offchan)
10085 return -EINVAL;
10086
10087 wdev_lock(wdev);
10088 if (params.offchan && !cfg80211_off_channel_oper_allowed(wdev)) {
10089 wdev_unlock(wdev);
10090 return -EBUSY;
10091 }
10092 wdev_unlock(wdev);
10093
10094 params.buf = nla_data(info->attrs[NL80211_ATTR_FRAME]);
10095 params.len = nla_len(info->attrs[NL80211_ATTR_FRAME]);
10096
10097 if (info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]) {
10098 int len = nla_len(info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]);
10099 int i;
10100
10101 if (len % sizeof(u16))
10102 return -EINVAL;
10103
10104 params.n_csa_offsets = len / sizeof(u16);
10105 params.csa_offsets =
10106 nla_data(info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]);
10107
10108 /* check that all the offsets fit the frame */
10109 for (i = 0; i < params.n_csa_offsets; i++) {
10110 if (params.csa_offsets[i] >= params.len)
10111 return -EINVAL;
10112 }
10113 }
10114
10115 if (!params.dont_wait_for_ack) {
10116 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
10117 if (!msg)
10118 return -ENOMEM;
10119
10120 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
10121 NL80211_CMD_FRAME);
10122 if (!hdr) {
10123 err = -ENOBUFS;
10124 goto free_msg;
10125 }
10126 }
10127
10128 params.chan = chandef.chan;
10129 err = cfg80211_mlme_mgmt_tx(rdev, wdev, &params, &cookie);
10130 if (err)
10131 goto free_msg;
10132
10133 if (msg) {
10134 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
10135 NL80211_ATTR_PAD))
10136 goto nla_put_failure;
10137
10138 genlmsg_end(msg, hdr);
10139 return genlmsg_reply(msg, info);
10140 }
10141
10142 return 0;
10143
10144 nla_put_failure:
10145 err = -ENOBUFS;
10146 free_msg:
10147 nlmsg_free(msg);
10148 return err;
10149 }
10150
10151 static int nl80211_tx_mgmt_cancel_wait(struct sk_buff *skb, struct genl_info *info)
10152 {
10153 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10154 struct wireless_dev *wdev = info->user_ptr[1];
10155 u64 cookie;
10156
10157 if (!info->attrs[NL80211_ATTR_COOKIE])
10158 return -EINVAL;
10159
10160 if (!rdev->ops->mgmt_tx_cancel_wait)
10161 return -EOPNOTSUPP;
10162
10163 switch (wdev->iftype) {
10164 case NL80211_IFTYPE_STATION:
10165 case NL80211_IFTYPE_ADHOC:
10166 case NL80211_IFTYPE_P2P_CLIENT:
10167 case NL80211_IFTYPE_AP:
10168 case NL80211_IFTYPE_AP_VLAN:
10169 case NL80211_IFTYPE_P2P_GO:
10170 case NL80211_IFTYPE_P2P_DEVICE:
10171 break;
10172 case NL80211_IFTYPE_NAN:
10173 default:
10174 return -EOPNOTSUPP;
10175 }
10176
10177 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
10178
10179 return rdev_mgmt_tx_cancel_wait(rdev, wdev, cookie);
10180 }
10181
10182 static int nl80211_set_power_save(struct sk_buff *skb, struct genl_info *info)
10183 {
10184 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10185 struct wireless_dev *wdev;
10186 struct net_device *dev = info->user_ptr[1];
10187 u8 ps_state;
10188 bool state;
10189 int err;
10190
10191 if (!info->attrs[NL80211_ATTR_PS_STATE])
10192 return -EINVAL;
10193
10194 ps_state = nla_get_u32(info->attrs[NL80211_ATTR_PS_STATE]);
10195
10196 if (ps_state != NL80211_PS_DISABLED && ps_state != NL80211_PS_ENABLED)
10197 return -EINVAL;
10198
10199 wdev = dev->ieee80211_ptr;
10200
10201 if (!rdev->ops->set_power_mgmt)
10202 return -EOPNOTSUPP;
10203
10204 state = (ps_state == NL80211_PS_ENABLED) ? true : false;
10205
10206 if (state == wdev->ps)
10207 return 0;
10208
10209 err = rdev_set_power_mgmt(rdev, dev, state, wdev->ps_timeout);
10210 if (!err)
10211 wdev->ps = state;
10212 return err;
10213 }
10214
10215 static int nl80211_get_power_save(struct sk_buff *skb, struct genl_info *info)
10216 {
10217 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10218 enum nl80211_ps_state ps_state;
10219 struct wireless_dev *wdev;
10220 struct net_device *dev = info->user_ptr[1];
10221 struct sk_buff *msg;
10222 void *hdr;
10223 int err;
10224
10225 wdev = dev->ieee80211_ptr;
10226
10227 if (!rdev->ops->set_power_mgmt)
10228 return -EOPNOTSUPP;
10229
10230 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
10231 if (!msg)
10232 return -ENOMEM;
10233
10234 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
10235 NL80211_CMD_GET_POWER_SAVE);
10236 if (!hdr) {
10237 err = -ENOBUFS;
10238 goto free_msg;
10239 }
10240
10241 if (wdev->ps)
10242 ps_state = NL80211_PS_ENABLED;
10243 else
10244 ps_state = NL80211_PS_DISABLED;
10245
10246 if (nla_put_u32(msg, NL80211_ATTR_PS_STATE, ps_state))
10247 goto nla_put_failure;
10248
10249 genlmsg_end(msg, hdr);
10250 return genlmsg_reply(msg, info);
10251
10252 nla_put_failure:
10253 err = -ENOBUFS;
10254 free_msg:
10255 nlmsg_free(msg);
10256 return err;
10257 }
10258
10259 static const struct nla_policy
10260 nl80211_attr_cqm_policy[NL80211_ATTR_CQM_MAX + 1] = {
10261 [NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_BINARY },
10262 [NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U32 },
10263 [NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 },
10264 [NL80211_ATTR_CQM_TXE_RATE] = { .type = NLA_U32 },
10265 [NL80211_ATTR_CQM_TXE_PKTS] = { .type = NLA_U32 },
10266 [NL80211_ATTR_CQM_TXE_INTVL] = { .type = NLA_U32 },
10267 [NL80211_ATTR_CQM_RSSI_LEVEL] = { .type = NLA_S32 },
10268 };
10269
10270 static int nl80211_set_cqm_txe(struct genl_info *info,
10271 u32 rate, u32 pkts, u32 intvl)
10272 {
10273 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10274 struct net_device *dev = info->user_ptr[1];
10275 struct wireless_dev *wdev = dev->ieee80211_ptr;
10276
10277 if (rate > 100 || intvl > NL80211_CQM_TXE_MAX_INTVL)
10278 return -EINVAL;
10279
10280 if (!rdev->ops->set_cqm_txe_config)
10281 return -EOPNOTSUPP;
10282
10283 if (wdev->iftype != NL80211_IFTYPE_STATION &&
10284 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
10285 return -EOPNOTSUPP;
10286
10287 return rdev_set_cqm_txe_config(rdev, dev, rate, pkts, intvl);
10288 }
10289
10290 static int cfg80211_cqm_rssi_update(struct cfg80211_registered_device *rdev,
10291 struct net_device *dev)
10292 {
10293 struct wireless_dev *wdev = dev->ieee80211_ptr;
10294 s32 last, low, high;
10295 u32 hyst;
10296 int i, n, low_index;
10297 int err;
10298
10299 /* RSSI reporting disabled? */
10300 if (!wdev->cqm_config)
10301 return rdev_set_cqm_rssi_range_config(rdev, dev, 0, 0);
10302
10303 /*
10304 * Obtain current RSSI value if possible, if not and no RSSI threshold
10305 * event has been received yet, we should receive an event after a
10306 * connection is established and enough beacons received to calculate
10307 * the average.
10308 */
10309 if (!wdev->cqm_config->last_rssi_event_value && wdev->current_bss &&
10310 rdev->ops->get_station) {
10311 struct station_info sinfo = {};
10312 u8 *mac_addr;
10313
10314 mac_addr = wdev->current_bss->pub.bssid;
10315
10316 err = rdev_get_station(rdev, dev, mac_addr, &sinfo);
10317 if (err)
10318 return err;
10319
10320 cfg80211_sinfo_release_content(&sinfo);
10321 if (sinfo.filled & BIT_ULL(NL80211_STA_INFO_BEACON_SIGNAL_AVG))
10322 wdev->cqm_config->last_rssi_event_value =
10323 (s8) sinfo.rx_beacon_signal_avg;
10324 }
10325
10326 last = wdev->cqm_config->last_rssi_event_value;
10327 hyst = wdev->cqm_config->rssi_hyst;
10328 n = wdev->cqm_config->n_rssi_thresholds;
10329
10330 for (i = 0; i < n; i++) {
10331 i = array_index_nospec(i, n);
10332 if (last < wdev->cqm_config->rssi_thresholds[i])
10333 break;
10334 }
10335
10336 low_index = i - 1;
10337 if (low_index >= 0) {
10338 low_index = array_index_nospec(low_index, n);
10339 low = wdev->cqm_config->rssi_thresholds[low_index] - hyst;
10340 } else {
10341 low = S32_MIN;
10342 }
10343 if (i < n) {
10344 i = array_index_nospec(i, n);
10345 high = wdev->cqm_config->rssi_thresholds[i] + hyst - 1;
10346 } else {
10347 high = S32_MAX;
10348 }
10349
10350 return rdev_set_cqm_rssi_range_config(rdev, dev, low, high);
10351 }
10352
10353 static int nl80211_set_cqm_rssi(struct genl_info *info,
10354 const s32 *thresholds, int n_thresholds,
10355 u32 hysteresis)
10356 {
10357 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10358 struct net_device *dev = info->user_ptr[1];
10359 struct wireless_dev *wdev = dev->ieee80211_ptr;
10360 int i, err;
10361 s32 prev = S32_MIN;
10362
10363 /* Check all values negative and sorted */
10364 for (i = 0; i < n_thresholds; i++) {
10365 if (thresholds[i] > 0 || thresholds[i] <= prev)
10366 return -EINVAL;
10367
10368 prev = thresholds[i];
10369 }
10370
10371 if (wdev->iftype != NL80211_IFTYPE_STATION &&
10372 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
10373 return -EOPNOTSUPP;
10374
10375 wdev_lock(wdev);
10376 cfg80211_cqm_config_free(wdev);
10377 wdev_unlock(wdev);
10378
10379 if (n_thresholds <= 1 && rdev->ops->set_cqm_rssi_config) {
10380 if (n_thresholds == 0 || thresholds[0] == 0) /* Disabling */
10381 return rdev_set_cqm_rssi_config(rdev, dev, 0, 0);
10382
10383 return rdev_set_cqm_rssi_config(rdev, dev,
10384 thresholds[0], hysteresis);
10385 }
10386
10387 if (!wiphy_ext_feature_isset(&rdev->wiphy,
10388 NL80211_EXT_FEATURE_CQM_RSSI_LIST))
10389 return -EOPNOTSUPP;
10390
10391 if (n_thresholds == 1 && thresholds[0] == 0) /* Disabling */
10392 n_thresholds = 0;
10393
10394 wdev_lock(wdev);
10395 if (n_thresholds) {
10396 struct cfg80211_cqm_config *cqm_config;
10397
10398 cqm_config = kzalloc(sizeof(struct cfg80211_cqm_config) +
10399 n_thresholds * sizeof(s32), GFP_KERNEL);
10400 if (!cqm_config) {
10401 err = -ENOMEM;
10402 goto unlock;
10403 }
10404
10405 cqm_config->rssi_hyst = hysteresis;
10406 cqm_config->n_rssi_thresholds = n_thresholds;
10407 memcpy(cqm_config->rssi_thresholds, thresholds,
10408 n_thresholds * sizeof(s32));
10409
10410 wdev->cqm_config = cqm_config;
10411 }
10412
10413 err = cfg80211_cqm_rssi_update(rdev, dev);
10414
10415 unlock:
10416 wdev_unlock(wdev);
10417
10418 return err;
10419 }
10420
10421 static int nl80211_set_cqm(struct sk_buff *skb, struct genl_info *info)
10422 {
10423 struct nlattr *attrs[NL80211_ATTR_CQM_MAX + 1];
10424 struct nlattr *cqm;
10425 int err;
10426
10427 cqm = info->attrs[NL80211_ATTR_CQM];
10428 if (!cqm)
10429 return -EINVAL;
10430
10431 err = nla_parse_nested(attrs, NL80211_ATTR_CQM_MAX, cqm,
10432 nl80211_attr_cqm_policy, info->extack);
10433 if (err)
10434 return err;
10435
10436 if (attrs[NL80211_ATTR_CQM_RSSI_THOLD] &&
10437 attrs[NL80211_ATTR_CQM_RSSI_HYST]) {
10438 const s32 *thresholds =
10439 nla_data(attrs[NL80211_ATTR_CQM_RSSI_THOLD]);
10440 int len = nla_len(attrs[NL80211_ATTR_CQM_RSSI_THOLD]);
10441 u32 hysteresis = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_HYST]);
10442
10443 if (len % 4)
10444 return -EINVAL;
10445
10446 return nl80211_set_cqm_rssi(info, thresholds, len / 4,
10447 hysteresis);
10448 }
10449
10450 if (attrs[NL80211_ATTR_CQM_TXE_RATE] &&
10451 attrs[NL80211_ATTR_CQM_TXE_PKTS] &&
10452 attrs[NL80211_ATTR_CQM_TXE_INTVL]) {
10453 u32 rate = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_RATE]);
10454 u32 pkts = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_PKTS]);
10455 u32 intvl = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_INTVL]);
10456
10457 return nl80211_set_cqm_txe(info, rate, pkts, intvl);
10458 }
10459
10460 return -EINVAL;
10461 }
10462
10463 static int nl80211_join_ocb(struct sk_buff *skb, struct genl_info *info)
10464 {
10465 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10466 struct net_device *dev = info->user_ptr[1];
10467 struct ocb_setup setup = {};
10468 int err;
10469
10470 err = nl80211_parse_chandef(rdev, info, &setup.chandef);
10471 if (err)
10472 return err;
10473
10474 return cfg80211_join_ocb(rdev, dev, &setup);
10475 }
10476
10477 static int nl80211_leave_ocb(struct sk_buff *skb, struct genl_info *info)
10478 {
10479 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10480 struct net_device *dev = info->user_ptr[1];
10481
10482 return cfg80211_leave_ocb(rdev, dev);
10483 }
10484
10485 static int nl80211_join_mesh(struct sk_buff *skb, struct genl_info *info)
10486 {
10487 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10488 struct net_device *dev = info->user_ptr[1];
10489 struct mesh_config cfg;
10490 struct mesh_setup setup;
10491 int err;
10492
10493 /* start with default */
10494 memcpy(&cfg, &default_mesh_config, sizeof(cfg));
10495 memcpy(&setup, &default_mesh_setup, sizeof(setup));
10496
10497 if (info->attrs[NL80211_ATTR_MESH_CONFIG]) {
10498 /* and parse parameters if given */
10499 err = nl80211_parse_mesh_config(info, &cfg, NULL);
10500 if (err)
10501 return err;
10502 }
10503
10504 if (!info->attrs[NL80211_ATTR_MESH_ID] ||
10505 !nla_len(info->attrs[NL80211_ATTR_MESH_ID]))
10506 return -EINVAL;
10507
10508 setup.mesh_id = nla_data(info->attrs[NL80211_ATTR_MESH_ID]);
10509 setup.mesh_id_len = nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
10510
10511 if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
10512 !nl80211_parse_mcast_rate(rdev, setup.mcast_rate,
10513 nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
10514 return -EINVAL;
10515
10516 if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) {
10517 setup.beacon_interval =
10518 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
10519
10520 err = cfg80211_validate_beacon_int(rdev,
10521 NL80211_IFTYPE_MESH_POINT,
10522 setup.beacon_interval);
10523 if (err)
10524 return err;
10525 }
10526
10527 if (info->attrs[NL80211_ATTR_DTIM_PERIOD]) {
10528 setup.dtim_period =
10529 nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
10530 if (setup.dtim_period < 1 || setup.dtim_period > 100)
10531 return -EINVAL;
10532 }
10533
10534 if (info->attrs[NL80211_ATTR_MESH_SETUP]) {
10535 /* parse additional setup parameters if given */
10536 err = nl80211_parse_mesh_setup(info, &setup);
10537 if (err)
10538 return err;
10539 }
10540
10541 if (setup.user_mpm)
10542 cfg.auto_open_plinks = false;
10543
10544 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
10545 err = nl80211_parse_chandef(rdev, info, &setup.chandef);
10546 if (err)
10547 return err;
10548 } else {
10549 /* __cfg80211_join_mesh() will sort it out */
10550 setup.chandef.chan = NULL;
10551 }
10552
10553 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
10554 u8 *rates = nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
10555 int n_rates =
10556 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
10557 struct ieee80211_supported_band *sband;
10558
10559 if (!setup.chandef.chan)
10560 return -EINVAL;
10561
10562 sband = rdev->wiphy.bands[setup.chandef.chan->band];
10563
10564 err = ieee80211_get_ratemask(sband, rates, n_rates,
10565 &setup.basic_rates);
10566 if (err)
10567 return err;
10568 }
10569
10570 if (info->attrs[NL80211_ATTR_TX_RATES]) {
10571 err = nl80211_parse_tx_bitrate_mask(info, &setup.beacon_rate);
10572 if (err)
10573 return err;
10574
10575 if (!setup.chandef.chan)
10576 return -EINVAL;
10577
10578 err = validate_beacon_tx_rate(rdev, setup.chandef.chan->band,
10579 &setup.beacon_rate);
10580 if (err)
10581 return err;
10582 }
10583
10584 setup.userspace_handles_dfs =
10585 nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS]);
10586
10587 if (info->attrs[NL80211_ATTR_CONTROL_PORT_OVER_NL80211]) {
10588 int r = validate_pae_over_nl80211(rdev, info);
10589
10590 if (r < 0)
10591 return r;
10592
10593 setup.control_port_over_nl80211 = true;
10594 }
10595
10596 wdev_lock(dev->ieee80211_ptr);
10597 err = __cfg80211_join_mesh(rdev, dev, &setup, &cfg);
10598 if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER])
10599 dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid;
10600 wdev_unlock(dev->ieee80211_ptr);
10601
10602 return err;
10603 }
10604
10605 static int nl80211_leave_mesh(struct sk_buff *skb, struct genl_info *info)
10606 {
10607 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10608 struct net_device *dev = info->user_ptr[1];
10609
10610 return cfg80211_leave_mesh(rdev, dev);
10611 }
10612
10613 #ifdef CONFIG_PM
10614 static int nl80211_send_wowlan_patterns(struct sk_buff *msg,
10615 struct cfg80211_registered_device *rdev)
10616 {
10617 struct cfg80211_wowlan *wowlan = rdev->wiphy.wowlan_config;
10618 struct nlattr *nl_pats, *nl_pat;
10619 int i, pat_len;
10620
10621 if (!wowlan->n_patterns)
10622 return 0;
10623
10624 nl_pats = nla_nest_start(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN);
10625 if (!nl_pats)
10626 return -ENOBUFS;
10627
10628 for (i = 0; i < wowlan->n_patterns; i++) {
10629 nl_pat = nla_nest_start(msg, i + 1);
10630 if (!nl_pat)
10631 return -ENOBUFS;
10632 pat_len = wowlan->patterns[i].pattern_len;
10633 if (nla_put(msg, NL80211_PKTPAT_MASK, DIV_ROUND_UP(pat_len, 8),
10634 wowlan->patterns[i].mask) ||
10635 nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len,
10636 wowlan->patterns[i].pattern) ||
10637 nla_put_u32(msg, NL80211_PKTPAT_OFFSET,
10638 wowlan->patterns[i].pkt_offset))
10639 return -ENOBUFS;
10640 nla_nest_end(msg, nl_pat);
10641 }
10642 nla_nest_end(msg, nl_pats);
10643
10644 return 0;
10645 }
10646
10647 static int nl80211_send_wowlan_tcp(struct sk_buff *msg,
10648 struct cfg80211_wowlan_tcp *tcp)
10649 {
10650 struct nlattr *nl_tcp;
10651
10652 if (!tcp)
10653 return 0;
10654
10655 nl_tcp = nla_nest_start(msg, NL80211_WOWLAN_TRIG_TCP_CONNECTION);
10656 if (!nl_tcp)
10657 return -ENOBUFS;
10658
10659 if (nla_put_in_addr(msg, NL80211_WOWLAN_TCP_SRC_IPV4, tcp->src) ||
10660 nla_put_in_addr(msg, NL80211_WOWLAN_TCP_DST_IPV4, tcp->dst) ||
10661 nla_put(msg, NL80211_WOWLAN_TCP_DST_MAC, ETH_ALEN, tcp->dst_mac) ||
10662 nla_put_u16(msg, NL80211_WOWLAN_TCP_SRC_PORT, tcp->src_port) ||
10663 nla_put_u16(msg, NL80211_WOWLAN_TCP_DST_PORT, tcp->dst_port) ||
10664 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
10665 tcp->payload_len, tcp->payload) ||
10666 nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
10667 tcp->data_interval) ||
10668 nla_put(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
10669 tcp->wake_len, tcp->wake_data) ||
10670 nla_put(msg, NL80211_WOWLAN_TCP_WAKE_MASK,
10671 DIV_ROUND_UP(tcp->wake_len, 8), tcp->wake_mask))
10672 return -ENOBUFS;
10673
10674 if (tcp->payload_seq.len &&
10675 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ,
10676 sizeof(tcp->payload_seq), &tcp->payload_seq))
10677 return -ENOBUFS;
10678
10679 if (tcp->payload_tok.len &&
10680 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
10681 sizeof(tcp->payload_tok) + tcp->tokens_size,
10682 &tcp->payload_tok))
10683 return -ENOBUFS;
10684
10685 nla_nest_end(msg, nl_tcp);
10686
10687 return 0;
10688 }
10689
10690 static int nl80211_send_wowlan_nd(struct sk_buff *msg,
10691 struct cfg80211_sched_scan_request *req)
10692 {
10693 struct nlattr *nd, *freqs, *matches, *match, *scan_plans, *scan_plan;
10694 int i;
10695
10696 if (!req)
10697 return 0;
10698
10699 nd = nla_nest_start(msg, NL80211_WOWLAN_TRIG_NET_DETECT);
10700 if (!nd)
10701 return -ENOBUFS;
10702
10703 if (req->n_scan_plans == 1 &&
10704 nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_INTERVAL,
10705 req->scan_plans[0].interval * 1000))
10706 return -ENOBUFS;
10707
10708 if (nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_DELAY, req->delay))
10709 return -ENOBUFS;
10710
10711 if (req->relative_rssi_set) {
10712 struct nl80211_bss_select_rssi_adjust rssi_adjust;
10713
10714 if (nla_put_s8(msg, NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI,
10715 req->relative_rssi))
10716 return -ENOBUFS;
10717
10718 rssi_adjust.band = req->rssi_adjust.band;
10719 rssi_adjust.delta = req->rssi_adjust.delta;
10720 if (nla_put(msg, NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST,
10721 sizeof(rssi_adjust), &rssi_adjust))
10722 return -ENOBUFS;
10723 }
10724
10725 freqs = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQUENCIES);
10726 if (!freqs)
10727 return -ENOBUFS;
10728
10729 for (i = 0; i < req->n_channels; i++) {
10730 if (nla_put_u32(msg, i, req->channels[i]->center_freq))
10731 return -ENOBUFS;
10732 }
10733
10734 nla_nest_end(msg, freqs);
10735
10736 if (req->n_match_sets) {
10737 matches = nla_nest_start(msg, NL80211_ATTR_SCHED_SCAN_MATCH);
10738 if (!matches)
10739 return -ENOBUFS;
10740
10741 for (i = 0; i < req->n_match_sets; i++) {
10742 match = nla_nest_start(msg, i);
10743 if (!match)
10744 return -ENOBUFS;
10745
10746 if (nla_put(msg, NL80211_SCHED_SCAN_MATCH_ATTR_SSID,
10747 req->match_sets[i].ssid.ssid_len,
10748 req->match_sets[i].ssid.ssid))
10749 return -ENOBUFS;
10750 nla_nest_end(msg, match);
10751 }
10752 nla_nest_end(msg, matches);
10753 }
10754
10755 scan_plans = nla_nest_start(msg, NL80211_ATTR_SCHED_SCAN_PLANS);
10756 if (!scan_plans)
10757 return -ENOBUFS;
10758
10759 for (i = 0; i < req->n_scan_plans; i++) {
10760 scan_plan = nla_nest_start(msg, i + 1);
10761 if (!scan_plan)
10762 return -ENOBUFS;
10763
10764 if (!scan_plan ||
10765 nla_put_u32(msg, NL80211_SCHED_SCAN_PLAN_INTERVAL,
10766 req->scan_plans[i].interval) ||
10767 (req->scan_plans[i].iterations &&
10768 nla_put_u32(msg, NL80211_SCHED_SCAN_PLAN_ITERATIONS,
10769 req->scan_plans[i].iterations)))
10770 return -ENOBUFS;
10771 nla_nest_end(msg, scan_plan);
10772 }
10773 nla_nest_end(msg, scan_plans);
10774
10775 nla_nest_end(msg, nd);
10776
10777 return 0;
10778 }
10779
10780 static int nl80211_get_wowlan(struct sk_buff *skb, struct genl_info *info)
10781 {
10782 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10783 struct sk_buff *msg;
10784 void *hdr;
10785 u32 size = NLMSG_DEFAULT_SIZE;
10786
10787 if (!rdev->wiphy.wowlan)
10788 return -EOPNOTSUPP;
10789
10790 if (rdev->wiphy.wowlan_config && rdev->wiphy.wowlan_config->tcp) {
10791 /* adjust size to have room for all the data */
10792 size += rdev->wiphy.wowlan_config->tcp->tokens_size +
10793 rdev->wiphy.wowlan_config->tcp->payload_len +
10794 rdev->wiphy.wowlan_config->tcp->wake_len +
10795 rdev->wiphy.wowlan_config->tcp->wake_len / 8;
10796 }
10797
10798 msg = nlmsg_new(size, GFP_KERNEL);
10799 if (!msg)
10800 return -ENOMEM;
10801
10802 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
10803 NL80211_CMD_GET_WOWLAN);
10804 if (!hdr)
10805 goto nla_put_failure;
10806
10807 if (rdev->wiphy.wowlan_config) {
10808 struct nlattr *nl_wowlan;
10809
10810 nl_wowlan = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS);
10811 if (!nl_wowlan)
10812 goto nla_put_failure;
10813
10814 if ((rdev->wiphy.wowlan_config->any &&
10815 nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
10816 (rdev->wiphy.wowlan_config->disconnect &&
10817 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
10818 (rdev->wiphy.wowlan_config->magic_pkt &&
10819 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
10820 (rdev->wiphy.wowlan_config->gtk_rekey_failure &&
10821 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
10822 (rdev->wiphy.wowlan_config->eap_identity_req &&
10823 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
10824 (rdev->wiphy.wowlan_config->four_way_handshake &&
10825 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
10826 (rdev->wiphy.wowlan_config->rfkill_release &&
10827 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
10828 goto nla_put_failure;
10829
10830 if (nl80211_send_wowlan_patterns(msg, rdev))
10831 goto nla_put_failure;
10832
10833 if (nl80211_send_wowlan_tcp(msg,
10834 rdev->wiphy.wowlan_config->tcp))
10835 goto nla_put_failure;
10836
10837 if (nl80211_send_wowlan_nd(
10838 msg,
10839 rdev->wiphy.wowlan_config->nd_config))
10840 goto nla_put_failure;
10841
10842 nla_nest_end(msg, nl_wowlan);
10843 }
10844
10845 genlmsg_end(msg, hdr);
10846 return genlmsg_reply(msg, info);
10847
10848 nla_put_failure:
10849 nlmsg_free(msg);
10850 return -ENOBUFS;
10851 }
10852
10853 static int nl80211_parse_wowlan_tcp(struct cfg80211_registered_device *rdev,
10854 struct nlattr *attr,
10855 struct cfg80211_wowlan *trig)
10856 {
10857 struct nlattr *tb[NUM_NL80211_WOWLAN_TCP];
10858 struct cfg80211_wowlan_tcp *cfg;
10859 struct nl80211_wowlan_tcp_data_token *tok = NULL;
10860 struct nl80211_wowlan_tcp_data_seq *seq = NULL;
10861 u32 size;
10862 u32 data_size, wake_size, tokens_size = 0, wake_mask_size;
10863 int err, port;
10864
10865 if (!rdev->wiphy.wowlan->tcp)
10866 return -EINVAL;
10867
10868 err = nla_parse_nested(tb, MAX_NL80211_WOWLAN_TCP, attr,
10869 nl80211_wowlan_tcp_policy, NULL);
10870 if (err)
10871 return err;
10872
10873 if (!tb[NL80211_WOWLAN_TCP_SRC_IPV4] ||
10874 !tb[NL80211_WOWLAN_TCP_DST_IPV4] ||
10875 !tb[NL80211_WOWLAN_TCP_DST_MAC] ||
10876 !tb[NL80211_WOWLAN_TCP_DST_PORT] ||
10877 !tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD] ||
10878 !tb[NL80211_WOWLAN_TCP_DATA_INTERVAL] ||
10879 !tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD] ||
10880 !tb[NL80211_WOWLAN_TCP_WAKE_MASK])
10881 return -EINVAL;
10882
10883 data_size = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]);
10884 if (data_size > rdev->wiphy.wowlan->tcp->data_payload_max)
10885 return -EINVAL;
10886
10887 if (nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) >
10888 rdev->wiphy.wowlan->tcp->data_interval_max ||
10889 nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) == 0)
10890 return -EINVAL;
10891
10892 wake_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]);
10893 if (wake_size > rdev->wiphy.wowlan->tcp->wake_payload_max)
10894 return -EINVAL;
10895
10896 wake_mask_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_MASK]);
10897 if (wake_mask_size != DIV_ROUND_UP(wake_size, 8))
10898 return -EINVAL;
10899
10900 if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]) {
10901 u32 tokln = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]);
10902
10903 tok = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]);
10904 tokens_size = tokln - sizeof(*tok);
10905
10906 if (!tok->len || tokens_size % tok->len)
10907 return -EINVAL;
10908 if (!rdev->wiphy.wowlan->tcp->tok)
10909 return -EINVAL;
10910 if (tok->len > rdev->wiphy.wowlan->tcp->tok->max_len)
10911 return -EINVAL;
10912 if (tok->len < rdev->wiphy.wowlan->tcp->tok->min_len)
10913 return -EINVAL;
10914 if (tokens_size > rdev->wiphy.wowlan->tcp->tok->bufsize)
10915 return -EINVAL;
10916 if (tok->offset + tok->len > data_size)
10917 return -EINVAL;
10918 }
10919
10920 if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]) {
10921 seq = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]);
10922 if (!rdev->wiphy.wowlan->tcp->seq)
10923 return -EINVAL;
10924 if (seq->len == 0 || seq->len > 4)
10925 return -EINVAL;
10926 if (seq->len + seq->offset > data_size)
10927 return -EINVAL;
10928 }
10929
10930 size = sizeof(*cfg);
10931 size += data_size;
10932 size += wake_size + wake_mask_size;
10933 size += tokens_size;
10934
10935 cfg = kzalloc(size, GFP_KERNEL);
10936 if (!cfg)
10937 return -ENOMEM;
10938 cfg->src = nla_get_in_addr(tb[NL80211_WOWLAN_TCP_SRC_IPV4]);
10939 cfg->dst = nla_get_in_addr(tb[NL80211_WOWLAN_TCP_DST_IPV4]);
10940 memcpy(cfg->dst_mac, nla_data(tb[NL80211_WOWLAN_TCP_DST_MAC]),
10941 ETH_ALEN);
10942 if (tb[NL80211_WOWLAN_TCP_SRC_PORT])
10943 port = nla_get_u16(tb[NL80211_WOWLAN_TCP_SRC_PORT]);
10944 else
10945 port = 0;
10946 #ifdef CONFIG_INET
10947 /* allocate a socket and port for it and use it */
10948 err = __sock_create(wiphy_net(&rdev->wiphy), PF_INET, SOCK_STREAM,
10949 IPPROTO_TCP, &cfg->sock, 1);
10950 if (err) {
10951 kfree(cfg);
10952 return err;
10953 }
10954 if (inet_csk_get_port(cfg->sock->sk, port)) {
10955 sock_release(cfg->sock);
10956 kfree(cfg);
10957 return -EADDRINUSE;
10958 }
10959 cfg->src_port = inet_sk(cfg->sock->sk)->inet_num;
10960 #else
10961 if (!port) {
10962 kfree(cfg);
10963 return -EINVAL;
10964 }
10965 cfg->src_port = port;
10966 #endif
10967
10968 cfg->dst_port = nla_get_u16(tb[NL80211_WOWLAN_TCP_DST_PORT]);
10969 cfg->payload_len = data_size;
10970 cfg->payload = (u8 *)cfg + sizeof(*cfg) + tokens_size;
10971 memcpy((void *)cfg->payload,
10972 nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]),
10973 data_size);
10974 if (seq)
10975 cfg->payload_seq = *seq;
10976 cfg->data_interval = nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]);
10977 cfg->wake_len = wake_size;
10978 cfg->wake_data = (u8 *)cfg + sizeof(*cfg) + tokens_size + data_size;
10979 memcpy((void *)cfg->wake_data,
10980 nla_data(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]),
10981 wake_size);
10982 cfg->wake_mask = (u8 *)cfg + sizeof(*cfg) + tokens_size +
10983 data_size + wake_size;
10984 memcpy((void *)cfg->wake_mask,
10985 nla_data(tb[NL80211_WOWLAN_TCP_WAKE_MASK]),
10986 wake_mask_size);
10987 if (tok) {
10988 cfg->tokens_size = tokens_size;
10989 memcpy(&cfg->payload_tok, tok, sizeof(*tok) + tokens_size);
10990 }
10991
10992 trig->tcp = cfg;
10993
10994 return 0;
10995 }
10996
10997 static int nl80211_parse_wowlan_nd(struct cfg80211_registered_device *rdev,
10998 const struct wiphy_wowlan_support *wowlan,
10999 struct nlattr *attr,
11000 struct cfg80211_wowlan *trig)
11001 {
11002 struct nlattr **tb;
11003 int err;
11004
11005 tb = kcalloc(NUM_NL80211_ATTR, sizeof(*tb), GFP_KERNEL);
11006 if (!tb)
11007 return -ENOMEM;
11008
11009 if (!(wowlan->flags & WIPHY_WOWLAN_NET_DETECT)) {
11010 err = -EOPNOTSUPP;
11011 goto out;
11012 }
11013
11014 err = nla_parse_nested(tb, NL80211_ATTR_MAX, attr, nl80211_policy,
11015 NULL);
11016 if (err)
11017 goto out;
11018
11019 trig->nd_config = nl80211_parse_sched_scan(&rdev->wiphy, NULL, tb,
11020 wowlan->max_nd_match_sets);
11021 err = PTR_ERR_OR_ZERO(trig->nd_config);
11022 if (err)
11023 trig->nd_config = NULL;
11024
11025 out:
11026 kfree(tb);
11027 return err;
11028 }
11029
11030 static int nl80211_set_wowlan(struct sk_buff *skb, struct genl_info *info)
11031 {
11032 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11033 struct nlattr *tb[NUM_NL80211_WOWLAN_TRIG];
11034 struct cfg80211_wowlan new_triggers = {};
11035 struct cfg80211_wowlan *ntrig;
11036 const struct wiphy_wowlan_support *wowlan = rdev->wiphy.wowlan;
11037 int err, i;
11038 bool prev_enabled = rdev->wiphy.wowlan_config;
11039 bool regular = false;
11040
11041 if (!wowlan)
11042 return -EOPNOTSUPP;
11043
11044 if (!info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]) {
11045 cfg80211_rdev_free_wowlan(rdev);
11046 rdev->wiphy.wowlan_config = NULL;
11047 goto set_wakeup;
11048 }
11049
11050 err = nla_parse_nested(tb, MAX_NL80211_WOWLAN_TRIG,
11051 info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS],
11052 nl80211_wowlan_policy, info->extack);
11053 if (err)
11054 return err;
11055
11056 if (tb[NL80211_WOWLAN_TRIG_ANY]) {
11057 if (!(wowlan->flags & WIPHY_WOWLAN_ANY))
11058 return -EINVAL;
11059 new_triggers.any = true;
11060 }
11061
11062 if (tb[NL80211_WOWLAN_TRIG_DISCONNECT]) {
11063 if (!(wowlan->flags & WIPHY_WOWLAN_DISCONNECT))
11064 return -EINVAL;
11065 new_triggers.disconnect = true;
11066 regular = true;
11067 }
11068
11069 if (tb[NL80211_WOWLAN_TRIG_MAGIC_PKT]) {
11070 if (!(wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT))
11071 return -EINVAL;
11072 new_triggers.magic_pkt = true;
11073 regular = true;
11074 }
11075
11076 if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED])
11077 return -EINVAL;
11078
11079 if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE]) {
11080 if (!(wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE))
11081 return -EINVAL;
11082 new_triggers.gtk_rekey_failure = true;
11083 regular = true;
11084 }
11085
11086 if (tb[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST]) {
11087 if (!(wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ))
11088 return -EINVAL;
11089 new_triggers.eap_identity_req = true;
11090 regular = true;
11091 }
11092
11093 if (tb[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE]) {
11094 if (!(wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE))
11095 return -EINVAL;
11096 new_triggers.four_way_handshake = true;
11097 regular = true;
11098 }
11099
11100 if (tb[NL80211_WOWLAN_TRIG_RFKILL_RELEASE]) {
11101 if (!(wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE))
11102 return -EINVAL;
11103 new_triggers.rfkill_release = true;
11104 regular = true;
11105 }
11106
11107 if (tb[NL80211_WOWLAN_TRIG_PKT_PATTERN]) {
11108 struct nlattr *pat;
11109 int n_patterns = 0;
11110 int rem, pat_len, mask_len, pkt_offset;
11111 struct nlattr *pat_tb[NUM_NL80211_PKTPAT];
11112
11113 regular = true;
11114
11115 nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
11116 rem)
11117 n_patterns++;
11118 if (n_patterns > wowlan->n_patterns)
11119 return -EINVAL;
11120
11121 new_triggers.patterns = kcalloc(n_patterns,
11122 sizeof(new_triggers.patterns[0]),
11123 GFP_KERNEL);
11124 if (!new_triggers.patterns)
11125 return -ENOMEM;
11126
11127 new_triggers.n_patterns = n_patterns;
11128 i = 0;
11129
11130 nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
11131 rem) {
11132 u8 *mask_pat;
11133
11134 err = nla_parse_nested(pat_tb, MAX_NL80211_PKTPAT, pat,
11135 nl80211_packet_pattern_policy,
11136 info->extack);
11137 if (err)
11138 goto error;
11139
11140 err = -EINVAL;
11141 if (!pat_tb[NL80211_PKTPAT_MASK] ||
11142 !pat_tb[NL80211_PKTPAT_PATTERN])
11143 goto error;
11144 pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]);
11145 mask_len = DIV_ROUND_UP(pat_len, 8);
11146 if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len)
11147 goto error;
11148 if (pat_len > wowlan->pattern_max_len ||
11149 pat_len < wowlan->pattern_min_len)
11150 goto error;
11151
11152 if (!pat_tb[NL80211_PKTPAT_OFFSET])
11153 pkt_offset = 0;
11154 else
11155 pkt_offset = nla_get_u32(
11156 pat_tb[NL80211_PKTPAT_OFFSET]);
11157 if (pkt_offset > wowlan->max_pkt_offset)
11158 goto error;
11159 new_triggers.patterns[i].pkt_offset = pkt_offset;
11160
11161 mask_pat = kmalloc(mask_len + pat_len, GFP_KERNEL);
11162 if (!mask_pat) {
11163 err = -ENOMEM;
11164 goto error;
11165 }
11166 new_triggers.patterns[i].mask = mask_pat;
11167 memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_MASK]),
11168 mask_len);
11169 mask_pat += mask_len;
11170 new_triggers.patterns[i].pattern = mask_pat;
11171 new_triggers.patterns[i].pattern_len = pat_len;
11172 memcpy(mask_pat,
11173 nla_data(pat_tb[NL80211_PKTPAT_PATTERN]),
11174 pat_len);
11175 i++;
11176 }
11177 }
11178
11179 if (tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION]) {
11180 regular = true;
11181 err = nl80211_parse_wowlan_tcp(
11182 rdev, tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION],
11183 &new_triggers);
11184 if (err)
11185 goto error;
11186 }
11187
11188 if (tb[NL80211_WOWLAN_TRIG_NET_DETECT]) {
11189 regular = true;
11190 err = nl80211_parse_wowlan_nd(
11191 rdev, wowlan, tb[NL80211_WOWLAN_TRIG_NET_DETECT],
11192 &new_triggers);
11193 if (err)
11194 goto error;
11195 }
11196
11197 /* The 'any' trigger means the device continues operating more or less
11198 * as in its normal operation mode and wakes up the host on most of the
11199 * normal interrupts (like packet RX, ...)
11200 * It therefore makes little sense to combine with the more constrained
11201 * wakeup trigger modes.
11202 */
11203 if (new_triggers.any && regular) {
11204 err = -EINVAL;
11205 goto error;
11206 }
11207
11208 ntrig = kmemdup(&new_triggers, sizeof(new_triggers), GFP_KERNEL);
11209 if (!ntrig) {
11210 err = -ENOMEM;
11211 goto error;
11212 }
11213 cfg80211_rdev_free_wowlan(rdev);
11214 rdev->wiphy.wowlan_config = ntrig;
11215
11216 set_wakeup:
11217 if (rdev->ops->set_wakeup &&
11218 prev_enabled != !!rdev->wiphy.wowlan_config)
11219 rdev_set_wakeup(rdev, rdev->wiphy.wowlan_config);
11220
11221 return 0;
11222 error:
11223 for (i = 0; i < new_triggers.n_patterns; i++)
11224 kfree(new_triggers.patterns[i].mask);
11225 kfree(new_triggers.patterns);
11226 if (new_triggers.tcp && new_triggers.tcp->sock)
11227 sock_release(new_triggers.tcp->sock);
11228 kfree(new_triggers.tcp);
11229 kfree(new_triggers.nd_config);
11230 return err;
11231 }
11232 #endif
11233
11234 static int nl80211_send_coalesce_rules(struct sk_buff *msg,
11235 struct cfg80211_registered_device *rdev)
11236 {
11237 struct nlattr *nl_pats, *nl_pat, *nl_rule, *nl_rules;
11238 int i, j, pat_len;
11239 struct cfg80211_coalesce_rules *rule;
11240
11241 if (!rdev->coalesce->n_rules)
11242 return 0;
11243
11244 nl_rules = nla_nest_start(msg, NL80211_ATTR_COALESCE_RULE);
11245 if (!nl_rules)
11246 return -ENOBUFS;
11247
11248 for (i = 0; i < rdev->coalesce->n_rules; i++) {
11249 nl_rule = nla_nest_start(msg, i + 1);
11250 if (!nl_rule)
11251 return -ENOBUFS;
11252
11253 rule = &rdev->coalesce->rules[i];
11254 if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_DELAY,
11255 rule->delay))
11256 return -ENOBUFS;
11257
11258 if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_CONDITION,
11259 rule->condition))
11260 return -ENOBUFS;
11261
11262 nl_pats = nla_nest_start(msg,
11263 NL80211_ATTR_COALESCE_RULE_PKT_PATTERN);
11264 if (!nl_pats)
11265 return -ENOBUFS;
11266
11267 for (j = 0; j < rule->n_patterns; j++) {
11268 nl_pat = nla_nest_start(msg, j + 1);
11269 if (!nl_pat)
11270 return -ENOBUFS;
11271 pat_len = rule->patterns[j].pattern_len;
11272 if (nla_put(msg, NL80211_PKTPAT_MASK,
11273 DIV_ROUND_UP(pat_len, 8),
11274 rule->patterns[j].mask) ||
11275 nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len,
11276 rule->patterns[j].pattern) ||
11277 nla_put_u32(msg, NL80211_PKTPAT_OFFSET,
11278 rule->patterns[j].pkt_offset))
11279 return -ENOBUFS;
11280 nla_nest_end(msg, nl_pat);
11281 }
11282 nla_nest_end(msg, nl_pats);
11283 nla_nest_end(msg, nl_rule);
11284 }
11285 nla_nest_end(msg, nl_rules);
11286
11287 return 0;
11288 }
11289
11290 static int nl80211_get_coalesce(struct sk_buff *skb, struct genl_info *info)
11291 {
11292 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11293 struct sk_buff *msg;
11294 void *hdr;
11295
11296 if (!rdev->wiphy.coalesce)
11297 return -EOPNOTSUPP;
11298
11299 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
11300 if (!msg)
11301 return -ENOMEM;
11302
11303 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
11304 NL80211_CMD_GET_COALESCE);
11305 if (!hdr)
11306 goto nla_put_failure;
11307
11308 if (rdev->coalesce && nl80211_send_coalesce_rules(msg, rdev))
11309 goto nla_put_failure;
11310
11311 genlmsg_end(msg, hdr);
11312 return genlmsg_reply(msg, info);
11313
11314 nla_put_failure:
11315 nlmsg_free(msg);
11316 return -ENOBUFS;
11317 }
11318
11319 void cfg80211_rdev_free_coalesce(struct cfg80211_registered_device *rdev)
11320 {
11321 struct cfg80211_coalesce *coalesce = rdev->coalesce;
11322 int i, j;
11323 struct cfg80211_coalesce_rules *rule;
11324
11325 if (!coalesce)
11326 return;
11327
11328 for (i = 0; i < coalesce->n_rules; i++) {
11329 rule = &coalesce->rules[i];
11330 for (j = 0; j < rule->n_patterns; j++)
11331 kfree(rule->patterns[j].mask);
11332 kfree(rule->patterns);
11333 }
11334 kfree(coalesce->rules);
11335 kfree(coalesce);
11336 rdev->coalesce = NULL;
11337 }
11338
11339 static int nl80211_parse_coalesce_rule(struct cfg80211_registered_device *rdev,
11340 struct nlattr *rule,
11341 struct cfg80211_coalesce_rules *new_rule)
11342 {
11343 int err, i;
11344 const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce;
11345 struct nlattr *tb[NUM_NL80211_ATTR_COALESCE_RULE], *pat;
11346 int rem, pat_len, mask_len, pkt_offset, n_patterns = 0;
11347 struct nlattr *pat_tb[NUM_NL80211_PKTPAT];
11348
11349 err = nla_parse_nested(tb, NL80211_ATTR_COALESCE_RULE_MAX, rule,
11350 nl80211_coalesce_policy, NULL);
11351 if (err)
11352 return err;
11353
11354 if (tb[NL80211_ATTR_COALESCE_RULE_DELAY])
11355 new_rule->delay =
11356 nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_DELAY]);
11357 if (new_rule->delay > coalesce->max_delay)
11358 return -EINVAL;
11359
11360 if (tb[NL80211_ATTR_COALESCE_RULE_CONDITION])
11361 new_rule->condition =
11362 nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_CONDITION]);
11363 if (new_rule->condition != NL80211_COALESCE_CONDITION_MATCH &&
11364 new_rule->condition != NL80211_COALESCE_CONDITION_NO_MATCH)
11365 return -EINVAL;
11366
11367 if (!tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN])
11368 return -EINVAL;
11369
11370 nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN],
11371 rem)
11372 n_patterns++;
11373 if (n_patterns > coalesce->n_patterns)
11374 return -EINVAL;
11375
11376 new_rule->patterns = kcalloc(n_patterns, sizeof(new_rule->patterns[0]),
11377 GFP_KERNEL);
11378 if (!new_rule->patterns)
11379 return -ENOMEM;
11380
11381 new_rule->n_patterns = n_patterns;
11382 i = 0;
11383
11384 nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN],
11385 rem) {
11386 u8 *mask_pat;
11387
11388 err = nla_parse_nested(pat_tb, MAX_NL80211_PKTPAT, pat,
11389 nl80211_packet_pattern_policy, NULL);
11390 if (err)
11391 return err;
11392
11393 if (!pat_tb[NL80211_PKTPAT_MASK] ||
11394 !pat_tb[NL80211_PKTPAT_PATTERN])
11395 return -EINVAL;
11396 pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]);
11397 mask_len = DIV_ROUND_UP(pat_len, 8);
11398 if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len)
11399 return -EINVAL;
11400 if (pat_len > coalesce->pattern_max_len ||
11401 pat_len < coalesce->pattern_min_len)
11402 return -EINVAL;
11403
11404 if (!pat_tb[NL80211_PKTPAT_OFFSET])
11405 pkt_offset = 0;
11406 else
11407 pkt_offset = nla_get_u32(pat_tb[NL80211_PKTPAT_OFFSET]);
11408 if (pkt_offset > coalesce->max_pkt_offset)
11409 return -EINVAL;
11410 new_rule->patterns[i].pkt_offset = pkt_offset;
11411
11412 mask_pat = kmalloc(mask_len + pat_len, GFP_KERNEL);
11413 if (!mask_pat)
11414 return -ENOMEM;
11415
11416 new_rule->patterns[i].mask = mask_pat;
11417 memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_MASK]),
11418 mask_len);
11419
11420 mask_pat += mask_len;
11421 new_rule->patterns[i].pattern = mask_pat;
11422 new_rule->patterns[i].pattern_len = pat_len;
11423 memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_PATTERN]),
11424 pat_len);
11425 i++;
11426 }
11427
11428 return 0;
11429 }
11430
11431 static int nl80211_set_coalesce(struct sk_buff *skb, struct genl_info *info)
11432 {
11433 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11434 const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce;
11435 struct cfg80211_coalesce new_coalesce = {};
11436 struct cfg80211_coalesce *n_coalesce;
11437 int err, rem_rule, n_rules = 0, i, j;
11438 struct nlattr *rule;
11439 struct cfg80211_coalesce_rules *tmp_rule;
11440
11441 if (!rdev->wiphy.coalesce || !rdev->ops->set_coalesce)
11442 return -EOPNOTSUPP;
11443
11444 if (!info->attrs[NL80211_ATTR_COALESCE_RULE]) {
11445 cfg80211_rdev_free_coalesce(rdev);
11446 rdev_set_coalesce(rdev, NULL);
11447 return 0;
11448 }
11449
11450 nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE],
11451 rem_rule)
11452 n_rules++;
11453 if (n_rules > coalesce->n_rules)
11454 return -EINVAL;
11455
11456 new_coalesce.rules = kcalloc(n_rules, sizeof(new_coalesce.rules[0]),
11457 GFP_KERNEL);
11458 if (!new_coalesce.rules)
11459 return -ENOMEM;
11460
11461 new_coalesce.n_rules = n_rules;
11462 i = 0;
11463
11464 nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE],
11465 rem_rule) {
11466 err = nl80211_parse_coalesce_rule(rdev, rule,
11467 &new_coalesce.rules[i]);
11468 if (err)
11469 goto error;
11470
11471 i++;
11472 }
11473
11474 err = rdev_set_coalesce(rdev, &new_coalesce);
11475 if (err)
11476 goto error;
11477
11478 n_coalesce = kmemdup(&new_coalesce, sizeof(new_coalesce), GFP_KERNEL);
11479 if (!n_coalesce) {
11480 err = -ENOMEM;
11481 goto error;
11482 }
11483 cfg80211_rdev_free_coalesce(rdev);
11484 rdev->coalesce = n_coalesce;
11485
11486 return 0;
11487 error:
11488 for (i = 0; i < new_coalesce.n_rules; i++) {
11489 tmp_rule = &new_coalesce.rules[i];
11490 for (j = 0; j < tmp_rule->n_patterns; j++)
11491 kfree(tmp_rule->patterns[j].mask);
11492 kfree(tmp_rule->patterns);
11493 }
11494 kfree(new_coalesce.rules);
11495
11496 return err;
11497 }
11498
11499 static int nl80211_set_rekey_data(struct sk_buff *skb, struct genl_info *info)
11500 {
11501 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11502 struct net_device *dev = info->user_ptr[1];
11503 struct wireless_dev *wdev = dev->ieee80211_ptr;
11504 struct nlattr *tb[NUM_NL80211_REKEY_DATA];
11505 struct cfg80211_gtk_rekey_data rekey_data = {};
11506 int err;
11507
11508 if (!info->attrs[NL80211_ATTR_REKEY_DATA])
11509 return -EINVAL;
11510
11511 err = nla_parse_nested(tb, MAX_NL80211_REKEY_DATA,
11512 info->attrs[NL80211_ATTR_REKEY_DATA],
11513 nl80211_rekey_policy, info->extack);
11514 if (err)
11515 return err;
11516
11517 if (!tb[NL80211_REKEY_DATA_REPLAY_CTR] || !tb[NL80211_REKEY_DATA_KEK] ||
11518 !tb[NL80211_REKEY_DATA_KCK])
11519 return -EINVAL;
11520 if (nla_len(tb[NL80211_REKEY_DATA_REPLAY_CTR]) != NL80211_REPLAY_CTR_LEN)
11521 return -ERANGE;
11522 if (nla_len(tb[NL80211_REKEY_DATA_KEK]) != NL80211_KEK_LEN)
11523 return -ERANGE;
11524 if (nla_len(tb[NL80211_REKEY_DATA_KCK]) != NL80211_KCK_LEN)
11525 return -ERANGE;
11526
11527 rekey_data.kek = nla_data(tb[NL80211_REKEY_DATA_KEK]);
11528 rekey_data.kck = nla_data(tb[NL80211_REKEY_DATA_KCK]);
11529 rekey_data.replay_ctr = nla_data(tb[NL80211_REKEY_DATA_REPLAY_CTR]);
11530
11531 wdev_lock(wdev);
11532 if (!wdev->current_bss) {
11533 err = -ENOTCONN;
11534 goto out;
11535 }
11536
11537 if (!rdev->ops->set_rekey_data) {
11538 err = -EOPNOTSUPP;
11539 goto out;
11540 }
11541
11542 err = rdev_set_rekey_data(rdev, dev, &rekey_data);
11543 out:
11544 wdev_unlock(wdev);
11545 return err;
11546 }
11547
11548 static int nl80211_register_unexpected_frame(struct sk_buff *skb,
11549 struct genl_info *info)
11550 {
11551 struct net_device *dev = info->user_ptr[1];
11552 struct wireless_dev *wdev = dev->ieee80211_ptr;
11553
11554 if (wdev->iftype != NL80211_IFTYPE_AP &&
11555 wdev->iftype != NL80211_IFTYPE_P2P_GO)
11556 return -EINVAL;
11557
11558 if (wdev->ap_unexpected_nlportid)
11559 return -EBUSY;
11560
11561 wdev->ap_unexpected_nlportid = info->snd_portid;
11562 return 0;
11563 }
11564
11565 static int nl80211_probe_client(struct sk_buff *skb,
11566 struct genl_info *info)
11567 {
11568 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11569 struct net_device *dev = info->user_ptr[1];
11570 struct wireless_dev *wdev = dev->ieee80211_ptr;
11571 struct sk_buff *msg;
11572 void *hdr;
11573 const u8 *addr;
11574 u64 cookie;
11575 int err;
11576
11577 if (wdev->iftype != NL80211_IFTYPE_AP &&
11578 wdev->iftype != NL80211_IFTYPE_P2P_GO)
11579 return -EOPNOTSUPP;
11580
11581 if (!info->attrs[NL80211_ATTR_MAC])
11582 return -EINVAL;
11583
11584 if (!rdev->ops->probe_client)
11585 return -EOPNOTSUPP;
11586
11587 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
11588 if (!msg)
11589 return -ENOMEM;
11590
11591 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
11592 NL80211_CMD_PROBE_CLIENT);
11593 if (!hdr) {
11594 err = -ENOBUFS;
11595 goto free_msg;
11596 }
11597
11598 addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
11599
11600 err = rdev_probe_client(rdev, dev, addr, &cookie);
11601 if (err)
11602 goto free_msg;
11603
11604 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
11605 NL80211_ATTR_PAD))
11606 goto nla_put_failure;
11607
11608 genlmsg_end(msg, hdr);
11609
11610 return genlmsg_reply(msg, info);
11611
11612 nla_put_failure:
11613 err = -ENOBUFS;
11614 free_msg:
11615 nlmsg_free(msg);
11616 return err;
11617 }
11618
11619 static int nl80211_register_beacons(struct sk_buff *skb, struct genl_info *info)
11620 {
11621 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11622 struct cfg80211_beacon_registration *reg, *nreg;
11623 int rv;
11624
11625 if (!(rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS))
11626 return -EOPNOTSUPP;
11627
11628 nreg = kzalloc(sizeof(*nreg), GFP_KERNEL);
11629 if (!nreg)
11630 return -ENOMEM;
11631
11632 /* First, check if already registered. */
11633 spin_lock_bh(&rdev->beacon_registrations_lock);
11634 list_for_each_entry(reg, &rdev->beacon_registrations, list) {
11635 if (reg->nlportid == info->snd_portid) {
11636 rv = -EALREADY;
11637 goto out_err;
11638 }
11639 }
11640 /* Add it to the list */
11641 nreg->nlportid = info->snd_portid;
11642 list_add(&nreg->list, &rdev->beacon_registrations);
11643
11644 spin_unlock_bh(&rdev->beacon_registrations_lock);
11645
11646 return 0;
11647 out_err:
11648 spin_unlock_bh(&rdev->beacon_registrations_lock);
11649 kfree(nreg);
11650 return rv;
11651 }
11652
11653 static int nl80211_start_p2p_device(struct sk_buff *skb, struct genl_info *info)
11654 {
11655 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11656 struct wireless_dev *wdev = info->user_ptr[1];
11657 int err;
11658
11659 if (!rdev->ops->start_p2p_device)
11660 return -EOPNOTSUPP;
11661
11662 if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
11663 return -EOPNOTSUPP;
11664
11665 if (wdev_running(wdev))
11666 return 0;
11667
11668 if (rfkill_blocked(rdev->rfkill))
11669 return -ERFKILL;
11670
11671 err = rdev_start_p2p_device(rdev, wdev);
11672 if (err)
11673 return err;
11674
11675 wdev->is_running = true;
11676 rdev->opencount++;
11677
11678 return 0;
11679 }
11680
11681 static int nl80211_stop_p2p_device(struct sk_buff *skb, struct genl_info *info)
11682 {
11683 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11684 struct wireless_dev *wdev = info->user_ptr[1];
11685
11686 if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
11687 return -EOPNOTSUPP;
11688
11689 if (!rdev->ops->stop_p2p_device)
11690 return -EOPNOTSUPP;
11691
11692 cfg80211_stop_p2p_device(rdev, wdev);
11693
11694 return 0;
11695 }
11696
11697 static int nl80211_start_nan(struct sk_buff *skb, struct genl_info *info)
11698 {
11699 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11700 struct wireless_dev *wdev = info->user_ptr[1];
11701 struct cfg80211_nan_conf conf = {};
11702 int err;
11703
11704 if (wdev->iftype != NL80211_IFTYPE_NAN)
11705 return -EOPNOTSUPP;
11706
11707 if (wdev_running(wdev))
11708 return -EEXIST;
11709
11710 if (rfkill_blocked(rdev->rfkill))
11711 return -ERFKILL;
11712
11713 if (!info->attrs[NL80211_ATTR_NAN_MASTER_PREF])
11714 return -EINVAL;
11715
11716 conf.master_pref =
11717 nla_get_u8(info->attrs[NL80211_ATTR_NAN_MASTER_PREF]);
11718 if (!conf.master_pref)
11719 return -EINVAL;
11720
11721 if (info->attrs[NL80211_ATTR_BANDS]) {
11722 u32 bands = nla_get_u32(info->attrs[NL80211_ATTR_BANDS]);
11723
11724 if (bands & ~(u32)wdev->wiphy->nan_supported_bands)
11725 return -EOPNOTSUPP;
11726
11727 if (bands && !(bands & BIT(NL80211_BAND_2GHZ)))
11728 return -EINVAL;
11729
11730 conf.bands = bands;
11731 }
11732
11733 err = rdev_start_nan(rdev, wdev, &conf);
11734 if (err)
11735 return err;
11736
11737 wdev->is_running = true;
11738 rdev->opencount++;
11739
11740 return 0;
11741 }
11742
11743 static int nl80211_stop_nan(struct sk_buff *skb, struct genl_info *info)
11744 {
11745 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11746 struct wireless_dev *wdev = info->user_ptr[1];
11747
11748 if (wdev->iftype != NL80211_IFTYPE_NAN)
11749 return -EOPNOTSUPP;
11750
11751 cfg80211_stop_nan(rdev, wdev);
11752
11753 return 0;
11754 }
11755
11756 static int validate_nan_filter(struct nlattr *filter_attr)
11757 {
11758 struct nlattr *attr;
11759 int len = 0, n_entries = 0, rem;
11760
11761 nla_for_each_nested(attr, filter_attr, rem) {
11762 len += nla_len(attr);
11763 n_entries++;
11764 }
11765
11766 if (len >= U8_MAX)
11767 return -EINVAL;
11768
11769 return n_entries;
11770 }
11771
11772 static int handle_nan_filter(struct nlattr *attr_filter,
11773 struct cfg80211_nan_func *func,
11774 bool tx)
11775 {
11776 struct nlattr *attr;
11777 int n_entries, rem, i;
11778 struct cfg80211_nan_func_filter *filter;
11779
11780 n_entries = validate_nan_filter(attr_filter);
11781 if (n_entries < 0)
11782 return n_entries;
11783
11784 BUILD_BUG_ON(sizeof(*func->rx_filters) != sizeof(*func->tx_filters));
11785
11786 filter = kcalloc(n_entries, sizeof(*func->rx_filters), GFP_KERNEL);
11787 if (!filter)
11788 return -ENOMEM;
11789
11790 i = 0;
11791 nla_for_each_nested(attr, attr_filter, rem) {
11792 filter[i].filter = nla_memdup(attr, GFP_KERNEL);
11793 filter[i].len = nla_len(attr);
11794 i++;
11795 }
11796 if (tx) {
11797 func->num_tx_filters = n_entries;
11798 func->tx_filters = filter;
11799 } else {
11800 func->num_rx_filters = n_entries;
11801 func->rx_filters = filter;
11802 }
11803
11804 return 0;
11805 }
11806
11807 static int nl80211_nan_add_func(struct sk_buff *skb,
11808 struct genl_info *info)
11809 {
11810 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11811 struct wireless_dev *wdev = info->user_ptr[1];
11812 struct nlattr *tb[NUM_NL80211_NAN_FUNC_ATTR], *func_attr;
11813 struct cfg80211_nan_func *func;
11814 struct sk_buff *msg = NULL;
11815 void *hdr = NULL;
11816 int err = 0;
11817
11818 if (wdev->iftype != NL80211_IFTYPE_NAN)
11819 return -EOPNOTSUPP;
11820
11821 if (!wdev_running(wdev))
11822 return -ENOTCONN;
11823
11824 if (!info->attrs[NL80211_ATTR_NAN_FUNC])
11825 return -EINVAL;
11826
11827 err = nla_parse_nested(tb, NL80211_NAN_FUNC_ATTR_MAX,
11828 info->attrs[NL80211_ATTR_NAN_FUNC],
11829 nl80211_nan_func_policy, info->extack);
11830 if (err)
11831 return err;
11832
11833 func = kzalloc(sizeof(*func), GFP_KERNEL);
11834 if (!func)
11835 return -ENOMEM;
11836
11837 func->cookie = wdev->wiphy->cookie_counter++;
11838
11839 if (!tb[NL80211_NAN_FUNC_TYPE] ||
11840 nla_get_u8(tb[NL80211_NAN_FUNC_TYPE]) > NL80211_NAN_FUNC_MAX_TYPE) {
11841 err = -EINVAL;
11842 goto out;
11843 }
11844
11845
11846 func->type = nla_get_u8(tb[NL80211_NAN_FUNC_TYPE]);
11847
11848 if (!tb[NL80211_NAN_FUNC_SERVICE_ID]) {
11849 err = -EINVAL;
11850 goto out;
11851 }
11852
11853 memcpy(func->service_id, nla_data(tb[NL80211_NAN_FUNC_SERVICE_ID]),
11854 sizeof(func->service_id));
11855
11856 func->close_range =
11857 nla_get_flag(tb[NL80211_NAN_FUNC_CLOSE_RANGE]);
11858
11859 if (tb[NL80211_NAN_FUNC_SERVICE_INFO]) {
11860 func->serv_spec_info_len =
11861 nla_len(tb[NL80211_NAN_FUNC_SERVICE_INFO]);
11862 func->serv_spec_info =
11863 kmemdup(nla_data(tb[NL80211_NAN_FUNC_SERVICE_INFO]),
11864 func->serv_spec_info_len,
11865 GFP_KERNEL);
11866 if (!func->serv_spec_info) {
11867 err = -ENOMEM;
11868 goto out;
11869 }
11870 }
11871
11872 if (tb[NL80211_NAN_FUNC_TTL])
11873 func->ttl = nla_get_u32(tb[NL80211_NAN_FUNC_TTL]);
11874
11875 switch (func->type) {
11876 case NL80211_NAN_FUNC_PUBLISH:
11877 if (!tb[NL80211_NAN_FUNC_PUBLISH_TYPE]) {
11878 err = -EINVAL;
11879 goto out;
11880 }
11881
11882 func->publish_type =
11883 nla_get_u8(tb[NL80211_NAN_FUNC_PUBLISH_TYPE]);
11884 func->publish_bcast =
11885 nla_get_flag(tb[NL80211_NAN_FUNC_PUBLISH_BCAST]);
11886
11887 if ((!(func->publish_type & NL80211_NAN_SOLICITED_PUBLISH)) &&
11888 func->publish_bcast) {
11889 err = -EINVAL;
11890 goto out;
11891 }
11892 break;
11893 case NL80211_NAN_FUNC_SUBSCRIBE:
11894 func->subscribe_active =
11895 nla_get_flag(tb[NL80211_NAN_FUNC_SUBSCRIBE_ACTIVE]);
11896 break;
11897 case NL80211_NAN_FUNC_FOLLOW_UP:
11898 if (!tb[NL80211_NAN_FUNC_FOLLOW_UP_ID] ||
11899 !tb[NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID] ||
11900 !tb[NL80211_NAN_FUNC_FOLLOW_UP_DEST]) {
11901 err = -EINVAL;
11902 goto out;
11903 }
11904
11905 func->followup_id =
11906 nla_get_u8(tb[NL80211_NAN_FUNC_FOLLOW_UP_ID]);
11907 func->followup_reqid =
11908 nla_get_u8(tb[NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID]);
11909 memcpy(func->followup_dest.addr,
11910 nla_data(tb[NL80211_NAN_FUNC_FOLLOW_UP_DEST]),
11911 sizeof(func->followup_dest.addr));
11912 if (func->ttl) {
11913 err = -EINVAL;
11914 goto out;
11915 }
11916 break;
11917 default:
11918 err = -EINVAL;
11919 goto out;
11920 }
11921
11922 if (tb[NL80211_NAN_FUNC_SRF]) {
11923 struct nlattr *srf_tb[NUM_NL80211_NAN_SRF_ATTR];
11924
11925 err = nla_parse_nested(srf_tb, NL80211_NAN_SRF_ATTR_MAX,
11926 tb[NL80211_NAN_FUNC_SRF],
11927 nl80211_nan_srf_policy, info->extack);
11928 if (err)
11929 goto out;
11930
11931 func->srf_include =
11932 nla_get_flag(srf_tb[NL80211_NAN_SRF_INCLUDE]);
11933
11934 if (srf_tb[NL80211_NAN_SRF_BF]) {
11935 if (srf_tb[NL80211_NAN_SRF_MAC_ADDRS] ||
11936 !srf_tb[NL80211_NAN_SRF_BF_IDX]) {
11937 err = -EINVAL;
11938 goto out;
11939 }
11940
11941 func->srf_bf_len =
11942 nla_len(srf_tb[NL80211_NAN_SRF_BF]);
11943 func->srf_bf =
11944 kmemdup(nla_data(srf_tb[NL80211_NAN_SRF_BF]),
11945 func->srf_bf_len, GFP_KERNEL);
11946 if (!func->srf_bf) {
11947 err = -ENOMEM;
11948 goto out;
11949 }
11950
11951 func->srf_bf_idx =
11952 nla_get_u8(srf_tb[NL80211_NAN_SRF_BF_IDX]);
11953 } else {
11954 struct nlattr *attr, *mac_attr =
11955 srf_tb[NL80211_NAN_SRF_MAC_ADDRS];
11956 int n_entries, rem, i = 0;
11957
11958 if (!mac_attr) {
11959 err = -EINVAL;
11960 goto out;
11961 }
11962
11963 n_entries = validate_acl_mac_addrs(mac_attr);
11964 if (n_entries <= 0) {
11965 err = -EINVAL;
11966 goto out;
11967 }
11968
11969 func->srf_num_macs = n_entries;
11970 func->srf_macs =
11971 kcalloc(n_entries, sizeof(*func->srf_macs),
11972 GFP_KERNEL);
11973 if (!func->srf_macs) {
11974 err = -ENOMEM;
11975 goto out;
11976 }
11977
11978 nla_for_each_nested(attr, mac_attr, rem)
11979 memcpy(func->srf_macs[i++].addr, nla_data(attr),
11980 sizeof(*func->srf_macs));
11981 }
11982 }
11983
11984 if (tb[NL80211_NAN_FUNC_TX_MATCH_FILTER]) {
11985 err = handle_nan_filter(tb[NL80211_NAN_FUNC_TX_MATCH_FILTER],
11986 func, true);
11987 if (err)
11988 goto out;
11989 }
11990
11991 if (tb[NL80211_NAN_FUNC_RX_MATCH_FILTER]) {
11992 err = handle_nan_filter(tb[NL80211_NAN_FUNC_RX_MATCH_FILTER],
11993 func, false);
11994 if (err)
11995 goto out;
11996 }
11997
11998 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
11999 if (!msg) {
12000 err = -ENOMEM;
12001 goto out;
12002 }
12003
12004 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
12005 NL80211_CMD_ADD_NAN_FUNCTION);
12006 /* This can't really happen - we just allocated 4KB */
12007 if (WARN_ON(!hdr)) {
12008 err = -ENOMEM;
12009 goto out;
12010 }
12011
12012 err = rdev_add_nan_func(rdev, wdev, func);
12013 out:
12014 if (err < 0) {
12015 cfg80211_free_nan_func(func);
12016 nlmsg_free(msg);
12017 return err;
12018 }
12019
12020 /* propagate the instance id and cookie to userspace */
12021 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, func->cookie,
12022 NL80211_ATTR_PAD))
12023 goto nla_put_failure;
12024
12025 func_attr = nla_nest_start(msg, NL80211_ATTR_NAN_FUNC);
12026 if (!func_attr)
12027 goto nla_put_failure;
12028
12029 if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID,
12030 func->instance_id))
12031 goto nla_put_failure;
12032
12033 nla_nest_end(msg, func_attr);
12034
12035 genlmsg_end(msg, hdr);
12036 return genlmsg_reply(msg, info);
12037
12038 nla_put_failure:
12039 nlmsg_free(msg);
12040 return -ENOBUFS;
12041 }
12042
12043 static int nl80211_nan_del_func(struct sk_buff *skb,
12044 struct genl_info *info)
12045 {
12046 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12047 struct wireless_dev *wdev = info->user_ptr[1];
12048 u64 cookie;
12049
12050 if (wdev->iftype != NL80211_IFTYPE_NAN)
12051 return -EOPNOTSUPP;
12052
12053 if (!wdev_running(wdev))
12054 return -ENOTCONN;
12055
12056 if (!info->attrs[NL80211_ATTR_COOKIE])
12057 return -EINVAL;
12058
12059 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
12060
12061 rdev_del_nan_func(rdev, wdev, cookie);
12062
12063 return 0;
12064 }
12065
12066 static int nl80211_nan_change_config(struct sk_buff *skb,
12067 struct genl_info *info)
12068 {
12069 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12070 struct wireless_dev *wdev = info->user_ptr[1];
12071 struct cfg80211_nan_conf conf = {};
12072 u32 changed = 0;
12073
12074 if (wdev->iftype != NL80211_IFTYPE_NAN)
12075 return -EOPNOTSUPP;
12076
12077 if (!wdev_running(wdev))
12078 return -ENOTCONN;
12079
12080 if (info->attrs[NL80211_ATTR_NAN_MASTER_PREF]) {
12081 conf.master_pref =
12082 nla_get_u8(info->attrs[NL80211_ATTR_NAN_MASTER_PREF]);
12083 if (conf.master_pref <= 1 || conf.master_pref == 255)
12084 return -EINVAL;
12085
12086 changed |= CFG80211_NAN_CONF_CHANGED_PREF;
12087 }
12088
12089 if (info->attrs[NL80211_ATTR_BANDS]) {
12090 u32 bands = nla_get_u32(info->attrs[NL80211_ATTR_BANDS]);
12091
12092 if (bands & ~(u32)wdev->wiphy->nan_supported_bands)
12093 return -EOPNOTSUPP;
12094
12095 if (bands && !(bands & BIT(NL80211_BAND_2GHZ)))
12096 return -EINVAL;
12097
12098 conf.bands = bands;
12099 changed |= CFG80211_NAN_CONF_CHANGED_BANDS;
12100 }
12101
12102 if (!changed)
12103 return -EINVAL;
12104
12105 return rdev_nan_change_conf(rdev, wdev, &conf, changed);
12106 }
12107
12108 void cfg80211_nan_match(struct wireless_dev *wdev,
12109 struct cfg80211_nan_match_params *match, gfp_t gfp)
12110 {
12111 struct wiphy *wiphy = wdev->wiphy;
12112 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12113 struct nlattr *match_attr, *local_func_attr, *peer_func_attr;
12114 struct sk_buff *msg;
12115 void *hdr;
12116
12117 if (WARN_ON(!match->inst_id || !match->peer_inst_id || !match->addr))
12118 return;
12119
12120 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12121 if (!msg)
12122 return;
12123
12124 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NAN_MATCH);
12125 if (!hdr) {
12126 nlmsg_free(msg);
12127 return;
12128 }
12129
12130 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12131 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
12132 wdev->netdev->ifindex)) ||
12133 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
12134 NL80211_ATTR_PAD))
12135 goto nla_put_failure;
12136
12137 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, match->cookie,
12138 NL80211_ATTR_PAD) ||
12139 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, match->addr))
12140 goto nla_put_failure;
12141
12142 match_attr = nla_nest_start(msg, NL80211_ATTR_NAN_MATCH);
12143 if (!match_attr)
12144 goto nla_put_failure;
12145
12146 local_func_attr = nla_nest_start(msg, NL80211_NAN_MATCH_FUNC_LOCAL);
12147 if (!local_func_attr)
12148 goto nla_put_failure;
12149
12150 if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, match->inst_id))
12151 goto nla_put_failure;
12152
12153 nla_nest_end(msg, local_func_attr);
12154
12155 peer_func_attr = nla_nest_start(msg, NL80211_NAN_MATCH_FUNC_PEER);
12156 if (!peer_func_attr)
12157 goto nla_put_failure;
12158
12159 if (nla_put_u8(msg, NL80211_NAN_FUNC_TYPE, match->type) ||
12160 nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, match->peer_inst_id))
12161 goto nla_put_failure;
12162
12163 if (match->info && match->info_len &&
12164 nla_put(msg, NL80211_NAN_FUNC_SERVICE_INFO, match->info_len,
12165 match->info))
12166 goto nla_put_failure;
12167
12168 nla_nest_end(msg, peer_func_attr);
12169 nla_nest_end(msg, match_attr);
12170 genlmsg_end(msg, hdr);
12171
12172 if (!wdev->owner_nlportid)
12173 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
12174 msg, 0, NL80211_MCGRP_NAN, gfp);
12175 else
12176 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg,
12177 wdev->owner_nlportid);
12178
12179 return;
12180
12181 nla_put_failure:
12182 nlmsg_free(msg);
12183 }
12184 EXPORT_SYMBOL(cfg80211_nan_match);
12185
12186 void cfg80211_nan_func_terminated(struct wireless_dev *wdev,
12187 u8 inst_id,
12188 enum nl80211_nan_func_term_reason reason,
12189 u64 cookie, gfp_t gfp)
12190 {
12191 struct wiphy *wiphy = wdev->wiphy;
12192 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12193 struct sk_buff *msg;
12194 struct nlattr *func_attr;
12195 void *hdr;
12196
12197 if (WARN_ON(!inst_id))
12198 return;
12199
12200 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12201 if (!msg)
12202 return;
12203
12204 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DEL_NAN_FUNCTION);
12205 if (!hdr) {
12206 nlmsg_free(msg);
12207 return;
12208 }
12209
12210 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12211 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
12212 wdev->netdev->ifindex)) ||
12213 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
12214 NL80211_ATTR_PAD))
12215 goto nla_put_failure;
12216
12217 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
12218 NL80211_ATTR_PAD))
12219 goto nla_put_failure;
12220
12221 func_attr = nla_nest_start(msg, NL80211_ATTR_NAN_FUNC);
12222 if (!func_attr)
12223 goto nla_put_failure;
12224
12225 if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, inst_id) ||
12226 nla_put_u8(msg, NL80211_NAN_FUNC_TERM_REASON, reason))
12227 goto nla_put_failure;
12228
12229 nla_nest_end(msg, func_attr);
12230 genlmsg_end(msg, hdr);
12231
12232 if (!wdev->owner_nlportid)
12233 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
12234 msg, 0, NL80211_MCGRP_NAN, gfp);
12235 else
12236 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg,
12237 wdev->owner_nlportid);
12238
12239 return;
12240
12241 nla_put_failure:
12242 nlmsg_free(msg);
12243 }
12244 EXPORT_SYMBOL(cfg80211_nan_func_terminated);
12245
12246 static int nl80211_get_protocol_features(struct sk_buff *skb,
12247 struct genl_info *info)
12248 {
12249 void *hdr;
12250 struct sk_buff *msg;
12251
12252 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
12253 if (!msg)
12254 return -ENOMEM;
12255
12256 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
12257 NL80211_CMD_GET_PROTOCOL_FEATURES);
12258 if (!hdr)
12259 goto nla_put_failure;
12260
12261 if (nla_put_u32(msg, NL80211_ATTR_PROTOCOL_FEATURES,
12262 NL80211_PROTOCOL_FEATURE_SPLIT_WIPHY_DUMP))
12263 goto nla_put_failure;
12264
12265 genlmsg_end(msg, hdr);
12266 return genlmsg_reply(msg, info);
12267
12268 nla_put_failure:
12269 kfree_skb(msg);
12270 return -ENOBUFS;
12271 }
12272
12273 static int nl80211_update_ft_ies(struct sk_buff *skb, struct genl_info *info)
12274 {
12275 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12276 struct cfg80211_update_ft_ies_params ft_params;
12277 struct net_device *dev = info->user_ptr[1];
12278
12279 if (!rdev->ops->update_ft_ies)
12280 return -EOPNOTSUPP;
12281
12282 if (!info->attrs[NL80211_ATTR_MDID] ||
12283 !info->attrs[NL80211_ATTR_IE] ||
12284 !is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
12285 return -EINVAL;
12286
12287 memset(&ft_params, 0, sizeof(ft_params));
12288 ft_params.md = nla_get_u16(info->attrs[NL80211_ATTR_MDID]);
12289 ft_params.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
12290 ft_params.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
12291
12292 return rdev_update_ft_ies(rdev, dev, &ft_params);
12293 }
12294
12295 static int nl80211_crit_protocol_start(struct sk_buff *skb,
12296 struct genl_info *info)
12297 {
12298 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12299 struct wireless_dev *wdev = info->user_ptr[1];
12300 enum nl80211_crit_proto_id proto = NL80211_CRIT_PROTO_UNSPEC;
12301 u16 duration;
12302 int ret;
12303
12304 if (!rdev->ops->crit_proto_start)
12305 return -EOPNOTSUPP;
12306
12307 if (WARN_ON(!rdev->ops->crit_proto_stop))
12308 return -EINVAL;
12309
12310 if (rdev->crit_proto_nlportid)
12311 return -EBUSY;
12312
12313 /* determine protocol if provided */
12314 if (info->attrs[NL80211_ATTR_CRIT_PROT_ID])
12315 proto = nla_get_u16(info->attrs[NL80211_ATTR_CRIT_PROT_ID]);
12316
12317 if (proto >= NUM_NL80211_CRIT_PROTO)
12318 return -EINVAL;
12319
12320 /* timeout must be provided */
12321 if (!info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION])
12322 return -EINVAL;
12323
12324 duration =
12325 nla_get_u16(info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION]);
12326
12327 if (duration > NL80211_CRIT_PROTO_MAX_DURATION)
12328 return -ERANGE;
12329
12330 ret = rdev_crit_proto_start(rdev, wdev, proto, duration);
12331 if (!ret)
12332 rdev->crit_proto_nlportid = info->snd_portid;
12333
12334 return ret;
12335 }
12336
12337 static int nl80211_crit_protocol_stop(struct sk_buff *skb,
12338 struct genl_info *info)
12339 {
12340 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12341 struct wireless_dev *wdev = info->user_ptr[1];
12342
12343 if (!rdev->ops->crit_proto_stop)
12344 return -EOPNOTSUPP;
12345
12346 if (rdev->crit_proto_nlportid) {
12347 rdev->crit_proto_nlportid = 0;
12348 rdev_crit_proto_stop(rdev, wdev);
12349 }
12350 return 0;
12351 }
12352
12353 static int nl80211_vendor_cmd(struct sk_buff *skb, struct genl_info *info)
12354 {
12355 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12356 struct wireless_dev *wdev =
12357 __cfg80211_wdev_from_attrs(genl_info_net(info), info->attrs);
12358 int i, err;
12359 u32 vid, subcmd;
12360
12361 if (!rdev->wiphy.vendor_commands)
12362 return -EOPNOTSUPP;
12363
12364 if (IS_ERR(wdev)) {
12365 err = PTR_ERR(wdev);
12366 if (err != -EINVAL)
12367 return err;
12368 wdev = NULL;
12369 } else if (wdev->wiphy != &rdev->wiphy) {
12370 return -EINVAL;
12371 }
12372
12373 if (!info->attrs[NL80211_ATTR_VENDOR_ID] ||
12374 !info->attrs[NL80211_ATTR_VENDOR_SUBCMD])
12375 return -EINVAL;
12376
12377 vid = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_ID]);
12378 subcmd = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_SUBCMD]);
12379 for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) {
12380 const struct wiphy_vendor_command *vcmd;
12381 void *data = NULL;
12382 int len = 0;
12383
12384 vcmd = &rdev->wiphy.vendor_commands[i];
12385
12386 if (vcmd->info.vendor_id != vid || vcmd->info.subcmd != subcmd)
12387 continue;
12388
12389 if (vcmd->flags & (WIPHY_VENDOR_CMD_NEED_WDEV |
12390 WIPHY_VENDOR_CMD_NEED_NETDEV)) {
12391 if (!wdev)
12392 return -EINVAL;
12393 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_NETDEV &&
12394 !wdev->netdev)
12395 return -EINVAL;
12396
12397 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_RUNNING) {
12398 if (!wdev_running(wdev))
12399 return -ENETDOWN;
12400 }
12401 } else {
12402 wdev = NULL;
12403 }
12404
12405 if (!vcmd->doit)
12406 return -EOPNOTSUPP;
12407
12408 if (info->attrs[NL80211_ATTR_VENDOR_DATA]) {
12409 data = nla_data(info->attrs[NL80211_ATTR_VENDOR_DATA]);
12410 len = nla_len(info->attrs[NL80211_ATTR_VENDOR_DATA]);
12411 }
12412
12413 rdev->cur_cmd_info = info;
12414 err = rdev->wiphy.vendor_commands[i].doit(&rdev->wiphy, wdev,
12415 data, len);
12416 rdev->cur_cmd_info = NULL;
12417 return err;
12418 }
12419
12420 return -EOPNOTSUPP;
12421 }
12422
12423 static int nl80211_prepare_vendor_dump(struct sk_buff *skb,
12424 struct netlink_callback *cb,
12425 struct cfg80211_registered_device **rdev,
12426 struct wireless_dev **wdev)
12427 {
12428 struct nlattr **attrbuf = genl_family_attrbuf(&nl80211_fam);
12429 u32 vid, subcmd;
12430 unsigned int i;
12431 int vcmd_idx = -1;
12432 int err;
12433 void *data = NULL;
12434 unsigned int data_len = 0;
12435
12436 if (cb->args[0]) {
12437 /* subtract the 1 again here */
12438 struct wiphy *wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1);
12439 struct wireless_dev *tmp;
12440
12441 if (!wiphy)
12442 return -ENODEV;
12443 *rdev = wiphy_to_rdev(wiphy);
12444 *wdev = NULL;
12445
12446 if (cb->args[1]) {
12447 list_for_each_entry(tmp, &wiphy->wdev_list, list) {
12448 if (tmp->identifier == cb->args[1] - 1) {
12449 *wdev = tmp;
12450 break;
12451 }
12452 }
12453 }
12454
12455 /* keep rtnl locked in successful case */
12456 return 0;
12457 }
12458
12459 err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize, attrbuf,
12460 nl80211_fam.maxattr, nl80211_policy, NULL);
12461 if (err)
12462 return err;
12463
12464 if (!attrbuf[NL80211_ATTR_VENDOR_ID] ||
12465 !attrbuf[NL80211_ATTR_VENDOR_SUBCMD])
12466 return -EINVAL;
12467
12468 *wdev = __cfg80211_wdev_from_attrs(sock_net(skb->sk), attrbuf);
12469 if (IS_ERR(*wdev))
12470 *wdev = NULL;
12471
12472 *rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk), attrbuf);
12473 if (IS_ERR(*rdev))
12474 return PTR_ERR(*rdev);
12475
12476 vid = nla_get_u32(attrbuf[NL80211_ATTR_VENDOR_ID]);
12477 subcmd = nla_get_u32(attrbuf[NL80211_ATTR_VENDOR_SUBCMD]);
12478
12479 for (i = 0; i < (*rdev)->wiphy.n_vendor_commands; i++) {
12480 const struct wiphy_vendor_command *vcmd;
12481
12482 vcmd = &(*rdev)->wiphy.vendor_commands[i];
12483
12484 if (vcmd->info.vendor_id != vid || vcmd->info.subcmd != subcmd)
12485 continue;
12486
12487 if (!vcmd->dumpit)
12488 return -EOPNOTSUPP;
12489
12490 vcmd_idx = i;
12491 break;
12492 }
12493
12494 if (vcmd_idx < 0)
12495 return -EOPNOTSUPP;
12496
12497 if (attrbuf[NL80211_ATTR_VENDOR_DATA]) {
12498 data = nla_data(attrbuf[NL80211_ATTR_VENDOR_DATA]);
12499 data_len = nla_len(attrbuf[NL80211_ATTR_VENDOR_DATA]);
12500 }
12501
12502 /* 0 is the first index - add 1 to parse only once */
12503 cb->args[0] = (*rdev)->wiphy_idx + 1;
12504 /* add 1 to know if it was NULL */
12505 cb->args[1] = *wdev ? (*wdev)->identifier + 1 : 0;
12506 cb->args[2] = vcmd_idx;
12507 cb->args[3] = (unsigned long)data;
12508 cb->args[4] = data_len;
12509
12510 /* keep rtnl locked in successful case */
12511 return 0;
12512 }
12513
12514 static int nl80211_vendor_cmd_dump(struct sk_buff *skb,
12515 struct netlink_callback *cb)
12516 {
12517 struct cfg80211_registered_device *rdev;
12518 struct wireless_dev *wdev;
12519 unsigned int vcmd_idx;
12520 const struct wiphy_vendor_command *vcmd;
12521 void *data;
12522 int data_len;
12523 int err;
12524 struct nlattr *vendor_data;
12525
12526 rtnl_lock();
12527 err = nl80211_prepare_vendor_dump(skb, cb, &rdev, &wdev);
12528 if (err)
12529 goto out;
12530
12531 vcmd_idx = cb->args[2];
12532 data = (void *)cb->args[3];
12533 data_len = cb->args[4];
12534 vcmd = &rdev->wiphy.vendor_commands[vcmd_idx];
12535
12536 if (vcmd->flags & (WIPHY_VENDOR_CMD_NEED_WDEV |
12537 WIPHY_VENDOR_CMD_NEED_NETDEV)) {
12538 if (!wdev) {
12539 err = -EINVAL;
12540 goto out;
12541 }
12542 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_NETDEV &&
12543 !wdev->netdev) {
12544 err = -EINVAL;
12545 goto out;
12546 }
12547
12548 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_RUNNING) {
12549 if (!wdev_running(wdev)) {
12550 err = -ENETDOWN;
12551 goto out;
12552 }
12553 }
12554 }
12555
12556 while (1) {
12557 void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid,
12558 cb->nlh->nlmsg_seq, NLM_F_MULTI,
12559 NL80211_CMD_VENDOR);
12560 if (!hdr)
12561 break;
12562
12563 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12564 (wdev && nla_put_u64_64bit(skb, NL80211_ATTR_WDEV,
12565 wdev_id(wdev),
12566 NL80211_ATTR_PAD))) {
12567 genlmsg_cancel(skb, hdr);
12568 break;
12569 }
12570
12571 vendor_data = nla_nest_start(skb, NL80211_ATTR_VENDOR_DATA);
12572 if (!vendor_data) {
12573 genlmsg_cancel(skb, hdr);
12574 break;
12575 }
12576
12577 err = vcmd->dumpit(&rdev->wiphy, wdev, skb, data, data_len,
12578 (unsigned long *)&cb->args[5]);
12579 nla_nest_end(skb, vendor_data);
12580
12581 if (err == -ENOBUFS || err == -ENOENT) {
12582 genlmsg_cancel(skb, hdr);
12583 break;
12584 } else if (err) {
12585 genlmsg_cancel(skb, hdr);
12586 goto out;
12587 }
12588
12589 genlmsg_end(skb, hdr);
12590 }
12591
12592 err = skb->len;
12593 out:
12594 rtnl_unlock();
12595 return err;
12596 }
12597
12598 struct sk_buff *__cfg80211_alloc_reply_skb(struct wiphy *wiphy,
12599 enum nl80211_commands cmd,
12600 enum nl80211_attrs attr,
12601 int approxlen)
12602 {
12603 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12604
12605 if (WARN_ON(!rdev->cur_cmd_info))
12606 return NULL;
12607
12608 return __cfg80211_alloc_vendor_skb(rdev, NULL, approxlen,
12609 rdev->cur_cmd_info->snd_portid,
12610 rdev->cur_cmd_info->snd_seq,
12611 cmd, attr, NULL, GFP_KERNEL);
12612 }
12613 EXPORT_SYMBOL(__cfg80211_alloc_reply_skb);
12614
12615 int cfg80211_vendor_cmd_reply(struct sk_buff *skb)
12616 {
12617 struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
12618 void *hdr = ((void **)skb->cb)[1];
12619 struct nlattr *data = ((void **)skb->cb)[2];
12620
12621 /* clear CB data for netlink core to own from now on */
12622 memset(skb->cb, 0, sizeof(skb->cb));
12623
12624 if (WARN_ON(!rdev->cur_cmd_info)) {
12625 kfree_skb(skb);
12626 return -EINVAL;
12627 }
12628
12629 nla_nest_end(skb, data);
12630 genlmsg_end(skb, hdr);
12631 return genlmsg_reply(skb, rdev->cur_cmd_info);
12632 }
12633 EXPORT_SYMBOL_GPL(cfg80211_vendor_cmd_reply);
12634
12635 static int nl80211_set_qos_map(struct sk_buff *skb,
12636 struct genl_info *info)
12637 {
12638 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12639 struct cfg80211_qos_map *qos_map = NULL;
12640 struct net_device *dev = info->user_ptr[1];
12641 u8 *pos, len, num_des, des_len, des;
12642 int ret;
12643
12644 if (!rdev->ops->set_qos_map)
12645 return -EOPNOTSUPP;
12646
12647 if (info->attrs[NL80211_ATTR_QOS_MAP]) {
12648 pos = nla_data(info->attrs[NL80211_ATTR_QOS_MAP]);
12649 len = nla_len(info->attrs[NL80211_ATTR_QOS_MAP]);
12650
12651 if (len % 2 || len < IEEE80211_QOS_MAP_LEN_MIN ||
12652 len > IEEE80211_QOS_MAP_LEN_MAX)
12653 return -EINVAL;
12654
12655 qos_map = kzalloc(sizeof(struct cfg80211_qos_map), GFP_KERNEL);
12656 if (!qos_map)
12657 return -ENOMEM;
12658
12659 num_des = (len - IEEE80211_QOS_MAP_LEN_MIN) >> 1;
12660 if (num_des) {
12661 des_len = num_des *
12662 sizeof(struct cfg80211_dscp_exception);
12663 memcpy(qos_map->dscp_exception, pos, des_len);
12664 qos_map->num_des = num_des;
12665 for (des = 0; des < num_des; des++) {
12666 if (qos_map->dscp_exception[des].up > 7) {
12667 kfree(qos_map);
12668 return -EINVAL;
12669 }
12670 }
12671 pos += des_len;
12672 }
12673 memcpy(qos_map->up, pos, IEEE80211_QOS_MAP_LEN_MIN);
12674 }
12675
12676 wdev_lock(dev->ieee80211_ptr);
12677 ret = nl80211_key_allowed(dev->ieee80211_ptr);
12678 if (!ret)
12679 ret = rdev_set_qos_map(rdev, dev, qos_map);
12680 wdev_unlock(dev->ieee80211_ptr);
12681
12682 kfree(qos_map);
12683 return ret;
12684 }
12685
12686 static int nl80211_add_tx_ts(struct sk_buff *skb, struct genl_info *info)
12687 {
12688 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12689 struct net_device *dev = info->user_ptr[1];
12690 struct wireless_dev *wdev = dev->ieee80211_ptr;
12691 const u8 *peer;
12692 u8 tsid, up;
12693 u16 admitted_time = 0;
12694 int err;
12695
12696 if (!(rdev->wiphy.features & NL80211_FEATURE_SUPPORTS_WMM_ADMISSION))
12697 return -EOPNOTSUPP;
12698
12699 if (!info->attrs[NL80211_ATTR_TSID] || !info->attrs[NL80211_ATTR_MAC] ||
12700 !info->attrs[NL80211_ATTR_USER_PRIO])
12701 return -EINVAL;
12702
12703 tsid = nla_get_u8(info->attrs[NL80211_ATTR_TSID]);
12704 if (tsid >= IEEE80211_NUM_TIDS)
12705 return -EINVAL;
12706
12707 up = nla_get_u8(info->attrs[NL80211_ATTR_USER_PRIO]);
12708 if (up >= IEEE80211_NUM_UPS)
12709 return -EINVAL;
12710
12711 /* WMM uses TIDs 0-7 even for TSPEC */
12712 if (tsid >= IEEE80211_FIRST_TSPEC_TSID) {
12713 /* TODO: handle 802.11 TSPEC/admission control
12714 * need more attributes for that (e.g. BA session requirement);
12715 * change the WMM adminssion test above to allow both then
12716 */
12717 return -EINVAL;
12718 }
12719
12720 peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
12721
12722 if (info->attrs[NL80211_ATTR_ADMITTED_TIME]) {
12723 admitted_time =
12724 nla_get_u16(info->attrs[NL80211_ATTR_ADMITTED_TIME]);
12725 if (!admitted_time)
12726 return -EINVAL;
12727 }
12728
12729 wdev_lock(wdev);
12730 switch (wdev->iftype) {
12731 case NL80211_IFTYPE_STATION:
12732 case NL80211_IFTYPE_P2P_CLIENT:
12733 if (wdev->current_bss)
12734 break;
12735 err = -ENOTCONN;
12736 goto out;
12737 default:
12738 err = -EOPNOTSUPP;
12739 goto out;
12740 }
12741
12742 err = rdev_add_tx_ts(rdev, dev, tsid, peer, up, admitted_time);
12743
12744 out:
12745 wdev_unlock(wdev);
12746 return err;
12747 }
12748
12749 static int nl80211_del_tx_ts(struct sk_buff *skb, struct genl_info *info)
12750 {
12751 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12752 struct net_device *dev = info->user_ptr[1];
12753 struct wireless_dev *wdev = dev->ieee80211_ptr;
12754 const u8 *peer;
12755 u8 tsid;
12756 int err;
12757
12758 if (!info->attrs[NL80211_ATTR_TSID] || !info->attrs[NL80211_ATTR_MAC])
12759 return -EINVAL;
12760
12761 tsid = nla_get_u8(info->attrs[NL80211_ATTR_TSID]);
12762 peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
12763
12764 wdev_lock(wdev);
12765 err = rdev_del_tx_ts(rdev, dev, tsid, peer);
12766 wdev_unlock(wdev);
12767
12768 return err;
12769 }
12770
12771 static int nl80211_tdls_channel_switch(struct sk_buff *skb,
12772 struct genl_info *info)
12773 {
12774 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12775 struct net_device *dev = info->user_ptr[1];
12776 struct wireless_dev *wdev = dev->ieee80211_ptr;
12777 struct cfg80211_chan_def chandef = {};
12778 const u8 *addr;
12779 u8 oper_class;
12780 int err;
12781
12782 if (!rdev->ops->tdls_channel_switch ||
12783 !(rdev->wiphy.features & NL80211_FEATURE_TDLS_CHANNEL_SWITCH))
12784 return -EOPNOTSUPP;
12785
12786 switch (dev->ieee80211_ptr->iftype) {
12787 case NL80211_IFTYPE_STATION:
12788 case NL80211_IFTYPE_P2P_CLIENT:
12789 break;
12790 default:
12791 return -EOPNOTSUPP;
12792 }
12793
12794 if (!info->attrs[NL80211_ATTR_MAC] ||
12795 !info->attrs[NL80211_ATTR_OPER_CLASS])
12796 return -EINVAL;
12797
12798 err = nl80211_parse_chandef(rdev, info, &chandef);
12799 if (err)
12800 return err;
12801
12802 /*
12803 * Don't allow wide channels on the 2.4Ghz band, as per IEEE802.11-2012
12804 * section 10.22.6.2.1. Disallow 5/10Mhz channels as well for now, the
12805 * specification is not defined for them.
12806 */
12807 if (chandef.chan->band == NL80211_BAND_2GHZ &&
12808 chandef.width != NL80211_CHAN_WIDTH_20_NOHT &&
12809 chandef.width != NL80211_CHAN_WIDTH_20)
12810 return -EINVAL;
12811
12812 /* we will be active on the TDLS link */
12813 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &chandef,
12814 wdev->iftype))
12815 return -EINVAL;
12816
12817 /* don't allow switching to DFS channels */
12818 if (cfg80211_chandef_dfs_required(wdev->wiphy, &chandef, wdev->iftype))
12819 return -EINVAL;
12820
12821 addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
12822 oper_class = nla_get_u8(info->attrs[NL80211_ATTR_OPER_CLASS]);
12823
12824 wdev_lock(wdev);
12825 err = rdev_tdls_channel_switch(rdev, dev, addr, oper_class, &chandef);
12826 wdev_unlock(wdev);
12827
12828 return err;
12829 }
12830
12831 static int nl80211_tdls_cancel_channel_switch(struct sk_buff *skb,
12832 struct genl_info *info)
12833 {
12834 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12835 struct net_device *dev = info->user_ptr[1];
12836 struct wireless_dev *wdev = dev->ieee80211_ptr;
12837 const u8 *addr;
12838
12839 if (!rdev->ops->tdls_channel_switch ||
12840 !rdev->ops->tdls_cancel_channel_switch ||
12841 !(rdev->wiphy.features & NL80211_FEATURE_TDLS_CHANNEL_SWITCH))
12842 return -EOPNOTSUPP;
12843
12844 switch (dev->ieee80211_ptr->iftype) {
12845 case NL80211_IFTYPE_STATION:
12846 case NL80211_IFTYPE_P2P_CLIENT:
12847 break;
12848 default:
12849 return -EOPNOTSUPP;
12850 }
12851
12852 if (!info->attrs[NL80211_ATTR_MAC])
12853 return -EINVAL;
12854
12855 addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
12856
12857 wdev_lock(wdev);
12858 rdev_tdls_cancel_channel_switch(rdev, dev, addr);
12859 wdev_unlock(wdev);
12860
12861 return 0;
12862 }
12863
12864 static int nl80211_set_multicast_to_unicast(struct sk_buff *skb,
12865 struct genl_info *info)
12866 {
12867 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12868 struct net_device *dev = info->user_ptr[1];
12869 struct wireless_dev *wdev = dev->ieee80211_ptr;
12870 const struct nlattr *nla;
12871 bool enabled;
12872
12873 if (!rdev->ops->set_multicast_to_unicast)
12874 return -EOPNOTSUPP;
12875
12876 if (wdev->iftype != NL80211_IFTYPE_AP &&
12877 wdev->iftype != NL80211_IFTYPE_P2P_GO)
12878 return -EOPNOTSUPP;
12879
12880 nla = info->attrs[NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED];
12881 enabled = nla_get_flag(nla);
12882
12883 return rdev_set_multicast_to_unicast(rdev, dev, enabled);
12884 }
12885
12886 static int nl80211_set_pmk(struct sk_buff *skb, struct genl_info *info)
12887 {
12888 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12889 struct net_device *dev = info->user_ptr[1];
12890 struct wireless_dev *wdev = dev->ieee80211_ptr;
12891 struct cfg80211_pmk_conf pmk_conf = {};
12892 int ret;
12893
12894 if (wdev->iftype != NL80211_IFTYPE_STATION &&
12895 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
12896 return -EOPNOTSUPP;
12897
12898 if (!wiphy_ext_feature_isset(&rdev->wiphy,
12899 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
12900 return -EOPNOTSUPP;
12901
12902 if (!info->attrs[NL80211_ATTR_MAC] || !info->attrs[NL80211_ATTR_PMK])
12903 return -EINVAL;
12904
12905 wdev_lock(wdev);
12906 if (!wdev->current_bss) {
12907 ret = -ENOTCONN;
12908 goto out;
12909 }
12910
12911 pmk_conf.aa = nla_data(info->attrs[NL80211_ATTR_MAC]);
12912 if (memcmp(pmk_conf.aa, wdev->current_bss->pub.bssid, ETH_ALEN)) {
12913 ret = -EINVAL;
12914 goto out;
12915 }
12916
12917 pmk_conf.pmk = nla_data(info->attrs[NL80211_ATTR_PMK]);
12918 pmk_conf.pmk_len = nla_len(info->attrs[NL80211_ATTR_PMK]);
12919 if (pmk_conf.pmk_len != WLAN_PMK_LEN &&
12920 pmk_conf.pmk_len != WLAN_PMK_LEN_SUITE_B_192) {
12921 ret = -EINVAL;
12922 goto out;
12923 }
12924
12925 if (info->attrs[NL80211_ATTR_PMKR0_NAME]) {
12926 int r0_name_len = nla_len(info->attrs[NL80211_ATTR_PMKR0_NAME]);
12927
12928 if (r0_name_len != WLAN_PMK_NAME_LEN) {
12929 ret = -EINVAL;
12930 goto out;
12931 }
12932
12933 pmk_conf.pmk_r0_name =
12934 nla_data(info->attrs[NL80211_ATTR_PMKR0_NAME]);
12935 }
12936
12937 ret = rdev_set_pmk(rdev, dev, &pmk_conf);
12938 out:
12939 wdev_unlock(wdev);
12940 return ret;
12941 }
12942
12943 static int nl80211_del_pmk(struct sk_buff *skb, struct genl_info *info)
12944 {
12945 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12946 struct net_device *dev = info->user_ptr[1];
12947 struct wireless_dev *wdev = dev->ieee80211_ptr;
12948 const u8 *aa;
12949 int ret;
12950
12951 if (wdev->iftype != NL80211_IFTYPE_STATION &&
12952 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
12953 return -EOPNOTSUPP;
12954
12955 if (!wiphy_ext_feature_isset(&rdev->wiphy,
12956 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
12957 return -EOPNOTSUPP;
12958
12959 if (!info->attrs[NL80211_ATTR_MAC])
12960 return -EINVAL;
12961
12962 wdev_lock(wdev);
12963 aa = nla_data(info->attrs[NL80211_ATTR_MAC]);
12964 ret = rdev_del_pmk(rdev, dev, aa);
12965 wdev_unlock(wdev);
12966
12967 return ret;
12968 }
12969
12970 static int nl80211_external_auth(struct sk_buff *skb, struct genl_info *info)
12971 {
12972 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12973 struct net_device *dev = info->user_ptr[1];
12974 struct cfg80211_external_auth_params params;
12975
12976 if (!rdev->ops->external_auth)
12977 return -EOPNOTSUPP;
12978
12979 if (!info->attrs[NL80211_ATTR_SSID])
12980 return -EINVAL;
12981
12982 if (!info->attrs[NL80211_ATTR_BSSID])
12983 return -EINVAL;
12984
12985 if (!info->attrs[NL80211_ATTR_STATUS_CODE])
12986 return -EINVAL;
12987
12988 memset(&params, 0, sizeof(params));
12989
12990 params.ssid.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
12991 if (params.ssid.ssid_len == 0 ||
12992 params.ssid.ssid_len > IEEE80211_MAX_SSID_LEN)
12993 return -EINVAL;
12994 memcpy(params.ssid.ssid, nla_data(info->attrs[NL80211_ATTR_SSID]),
12995 params.ssid.ssid_len);
12996
12997 memcpy(params.bssid, nla_data(info->attrs[NL80211_ATTR_BSSID]),
12998 ETH_ALEN);
12999
13000 params.status = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
13001
13002 return rdev_external_auth(rdev, dev, &params);
13003 }
13004
13005 static int nl80211_tx_control_port(struct sk_buff *skb, struct genl_info *info)
13006 {
13007 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13008 struct net_device *dev = info->user_ptr[1];
13009 struct wireless_dev *wdev = dev->ieee80211_ptr;
13010 const u8 *buf;
13011 size_t len;
13012 u8 *dest;
13013 u16 proto;
13014 bool noencrypt;
13015 int err;
13016
13017 if (!wiphy_ext_feature_isset(&rdev->wiphy,
13018 NL80211_EXT_FEATURE_CONTROL_PORT_OVER_NL80211))
13019 return -EOPNOTSUPP;
13020
13021 if (!rdev->ops->tx_control_port)
13022 return -EOPNOTSUPP;
13023
13024 if (!info->attrs[NL80211_ATTR_FRAME] ||
13025 !info->attrs[NL80211_ATTR_MAC] ||
13026 !info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) {
13027 GENL_SET_ERR_MSG(info, "Frame, MAC or ethertype missing");
13028 return -EINVAL;
13029 }
13030
13031 wdev_lock(wdev);
13032
13033 switch (wdev->iftype) {
13034 case NL80211_IFTYPE_AP:
13035 case NL80211_IFTYPE_P2P_GO:
13036 case NL80211_IFTYPE_MESH_POINT:
13037 break;
13038 case NL80211_IFTYPE_ADHOC:
13039 case NL80211_IFTYPE_STATION:
13040 case NL80211_IFTYPE_P2P_CLIENT:
13041 if (wdev->current_bss)
13042 break;
13043 err = -ENOTCONN;
13044 goto out;
13045 default:
13046 err = -EOPNOTSUPP;
13047 goto out;
13048 }
13049
13050 wdev_unlock(wdev);
13051
13052 buf = nla_data(info->attrs[NL80211_ATTR_FRAME]);
13053 len = nla_len(info->attrs[NL80211_ATTR_FRAME]);
13054 dest = nla_data(info->attrs[NL80211_ATTR_MAC]);
13055 proto = nla_get_u16(info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]);
13056 noencrypt =
13057 nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT]);
13058
13059 return rdev_tx_control_port(rdev, dev, buf, len,
13060 dest, cpu_to_be16(proto), noencrypt);
13061
13062 out:
13063 wdev_unlock(wdev);
13064 return err;
13065 }
13066
13067 #define NL80211_FLAG_NEED_WIPHY 0x01
13068 #define NL80211_FLAG_NEED_NETDEV 0x02
13069 #define NL80211_FLAG_NEED_RTNL 0x04
13070 #define NL80211_FLAG_CHECK_NETDEV_UP 0x08
13071 #define NL80211_FLAG_NEED_NETDEV_UP (NL80211_FLAG_NEED_NETDEV |\
13072 NL80211_FLAG_CHECK_NETDEV_UP)
13073 #define NL80211_FLAG_NEED_WDEV 0x10
13074 /* If a netdev is associated, it must be UP, P2P must be started */
13075 #define NL80211_FLAG_NEED_WDEV_UP (NL80211_FLAG_NEED_WDEV |\
13076 NL80211_FLAG_CHECK_NETDEV_UP)
13077 #define NL80211_FLAG_CLEAR_SKB 0x20
13078
13079 static int nl80211_pre_doit(const struct genl_ops *ops, struct sk_buff *skb,
13080 struct genl_info *info)
13081 {
13082 struct cfg80211_registered_device *rdev;
13083 struct wireless_dev *wdev;
13084 struct net_device *dev;
13085 bool rtnl = ops->internal_flags & NL80211_FLAG_NEED_RTNL;
13086
13087 if (rtnl)
13088 rtnl_lock();
13089
13090 if (ops->internal_flags & NL80211_FLAG_NEED_WIPHY) {
13091 rdev = cfg80211_get_dev_from_info(genl_info_net(info), info);
13092 if (IS_ERR(rdev)) {
13093 if (rtnl)
13094 rtnl_unlock();
13095 return PTR_ERR(rdev);
13096 }
13097 info->user_ptr[0] = rdev;
13098 } else if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV ||
13099 ops->internal_flags & NL80211_FLAG_NEED_WDEV) {
13100 ASSERT_RTNL();
13101
13102 wdev = __cfg80211_wdev_from_attrs(genl_info_net(info),
13103 info->attrs);
13104 if (IS_ERR(wdev)) {
13105 if (rtnl)
13106 rtnl_unlock();
13107 return PTR_ERR(wdev);
13108 }
13109
13110 dev = wdev->netdev;
13111 rdev = wiphy_to_rdev(wdev->wiphy);
13112
13113 if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV) {
13114 if (!dev) {
13115 if (rtnl)
13116 rtnl_unlock();
13117 return -EINVAL;
13118 }
13119
13120 info->user_ptr[1] = dev;
13121 } else {
13122 info->user_ptr[1] = wdev;
13123 }
13124
13125 if (ops->internal_flags & NL80211_FLAG_CHECK_NETDEV_UP &&
13126 !wdev_running(wdev)) {
13127 if (rtnl)
13128 rtnl_unlock();
13129 return -ENETDOWN;
13130 }
13131
13132 if (dev)
13133 dev_hold(dev);
13134
13135 info->user_ptr[0] = rdev;
13136 }
13137
13138 return 0;
13139 }
13140
13141 static void nl80211_post_doit(const struct genl_ops *ops, struct sk_buff *skb,
13142 struct genl_info *info)
13143 {
13144 if (info->user_ptr[1]) {
13145 if (ops->internal_flags & NL80211_FLAG_NEED_WDEV) {
13146 struct wireless_dev *wdev = info->user_ptr[1];
13147
13148 if (wdev->netdev)
13149 dev_put(wdev->netdev);
13150 } else {
13151 dev_put(info->user_ptr[1]);
13152 }
13153 }
13154
13155 if (ops->internal_flags & NL80211_FLAG_NEED_RTNL)
13156 rtnl_unlock();
13157
13158 /* If needed, clear the netlink message payload from the SKB
13159 * as it might contain key data that shouldn't stick around on
13160 * the heap after the SKB is freed. The netlink message header
13161 * is still needed for further processing, so leave it intact.
13162 */
13163 if (ops->internal_flags & NL80211_FLAG_CLEAR_SKB) {
13164 struct nlmsghdr *nlh = nlmsg_hdr(skb);
13165
13166 memset(nlmsg_data(nlh), 0, nlmsg_len(nlh));
13167 }
13168 }
13169
13170 static const struct genl_ops nl80211_ops[] = {
13171 {
13172 .cmd = NL80211_CMD_GET_WIPHY,
13173 .doit = nl80211_get_wiphy,
13174 .dumpit = nl80211_dump_wiphy,
13175 .done = nl80211_dump_wiphy_done,
13176 .policy = nl80211_policy,
13177 /* can be retrieved by unprivileged users */
13178 .internal_flags = NL80211_FLAG_NEED_WIPHY |
13179 NL80211_FLAG_NEED_RTNL,
13180 },
13181 {
13182 .cmd = NL80211_CMD_SET_WIPHY,
13183 .doit = nl80211_set_wiphy,
13184 .policy = nl80211_policy,
13185 .flags = GENL_UNS_ADMIN_PERM,
13186 .internal_flags = NL80211_FLAG_NEED_RTNL,
13187 },
13188 {
13189 .cmd = NL80211_CMD_GET_INTERFACE,
13190 .doit = nl80211_get_interface,
13191 .dumpit = nl80211_dump_interface,
13192 .policy = nl80211_policy,
13193 /* can be retrieved by unprivileged users */
13194 .internal_flags = NL80211_FLAG_NEED_WDEV |
13195 NL80211_FLAG_NEED_RTNL,
13196 },
13197 {
13198 .cmd = NL80211_CMD_SET_INTERFACE,
13199 .doit = nl80211_set_interface,
13200 .policy = nl80211_policy,
13201 .flags = GENL_UNS_ADMIN_PERM,
13202 .internal_flags = NL80211_FLAG_NEED_NETDEV |
13203 NL80211_FLAG_NEED_RTNL,
13204 },
13205 {
13206 .cmd = NL80211_CMD_NEW_INTERFACE,
13207 .doit = nl80211_new_interface,
13208 .policy = nl80211_policy,
13209 .flags = GENL_UNS_ADMIN_PERM,
13210 .internal_flags = NL80211_FLAG_NEED_WIPHY |
13211 NL80211_FLAG_NEED_RTNL,
13212 },
13213 {
13214 .cmd = NL80211_CMD_DEL_INTERFACE,
13215 .doit = nl80211_del_interface,
13216 .policy = nl80211_policy,
13217 .flags = GENL_UNS_ADMIN_PERM,
13218 .internal_flags = NL80211_FLAG_NEED_WDEV |
13219 NL80211_FLAG_NEED_RTNL,
13220 },
13221 {
13222 .cmd = NL80211_CMD_GET_KEY,
13223 .doit = nl80211_get_key,
13224 .policy = nl80211_policy,
13225 .flags = GENL_UNS_ADMIN_PERM,
13226 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13227 NL80211_FLAG_NEED_RTNL,
13228 },
13229 {
13230 .cmd = NL80211_CMD_SET_KEY,
13231 .doit = nl80211_set_key,
13232 .policy = nl80211_policy,
13233 .flags = GENL_UNS_ADMIN_PERM,
13234 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13235 NL80211_FLAG_NEED_RTNL |
13236 NL80211_FLAG_CLEAR_SKB,
13237 },
13238 {
13239 .cmd = NL80211_CMD_NEW_KEY,
13240 .doit = nl80211_new_key,
13241 .policy = nl80211_policy,
13242 .flags = GENL_UNS_ADMIN_PERM,
13243 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13244 NL80211_FLAG_NEED_RTNL |
13245 NL80211_FLAG_CLEAR_SKB,
13246 },
13247 {
13248 .cmd = NL80211_CMD_DEL_KEY,
13249 .doit = nl80211_del_key,
13250 .policy = nl80211_policy,
13251 .flags = GENL_UNS_ADMIN_PERM,
13252 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13253 NL80211_FLAG_NEED_RTNL,
13254 },
13255 {
13256 .cmd = NL80211_CMD_SET_BEACON,
13257 .policy = nl80211_policy,
13258 .flags = GENL_UNS_ADMIN_PERM,
13259 .doit = nl80211_set_beacon,
13260 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13261 NL80211_FLAG_NEED_RTNL,
13262 },
13263 {
13264 .cmd = NL80211_CMD_START_AP,
13265 .policy = nl80211_policy,
13266 .flags = GENL_UNS_ADMIN_PERM,
13267 .doit = nl80211_start_ap,
13268 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13269 NL80211_FLAG_NEED_RTNL,
13270 },
13271 {
13272 .cmd = NL80211_CMD_STOP_AP,
13273 .policy = nl80211_policy,
13274 .flags = GENL_UNS_ADMIN_PERM,
13275 .doit = nl80211_stop_ap,
13276 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13277 NL80211_FLAG_NEED_RTNL,
13278 },
13279 {
13280 .cmd = NL80211_CMD_GET_STATION,
13281 .doit = nl80211_get_station,
13282 .dumpit = nl80211_dump_station,
13283 .policy = nl80211_policy,
13284 .internal_flags = NL80211_FLAG_NEED_NETDEV |
13285 NL80211_FLAG_NEED_RTNL,
13286 },
13287 {
13288 .cmd = NL80211_CMD_SET_STATION,
13289 .doit = nl80211_set_station,
13290 .policy = nl80211_policy,
13291 .flags = GENL_UNS_ADMIN_PERM,
13292 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13293 NL80211_FLAG_NEED_RTNL,
13294 },
13295 {
13296 .cmd = NL80211_CMD_NEW_STATION,
13297 .doit = nl80211_new_station,
13298 .policy = nl80211_policy,
13299 .flags = GENL_UNS_ADMIN_PERM,
13300 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13301 NL80211_FLAG_NEED_RTNL,
13302 },
13303 {
13304 .cmd = NL80211_CMD_DEL_STATION,
13305 .doit = nl80211_del_station,
13306 .policy = nl80211_policy,
13307 .flags = GENL_UNS_ADMIN_PERM,
13308 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13309 NL80211_FLAG_NEED_RTNL,
13310 },
13311 {
13312 .cmd = NL80211_CMD_GET_MPATH,
13313 .doit = nl80211_get_mpath,
13314 .dumpit = nl80211_dump_mpath,
13315 .policy = nl80211_policy,
13316 .flags = GENL_UNS_ADMIN_PERM,
13317 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13318 NL80211_FLAG_NEED_RTNL,
13319 },
13320 {
13321 .cmd = NL80211_CMD_GET_MPP,
13322 .doit = nl80211_get_mpp,
13323 .dumpit = nl80211_dump_mpp,
13324 .policy = nl80211_policy,
13325 .flags = GENL_UNS_ADMIN_PERM,
13326 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13327 NL80211_FLAG_NEED_RTNL,
13328 },
13329 {
13330 .cmd = NL80211_CMD_SET_MPATH,
13331 .doit = nl80211_set_mpath,
13332 .policy = nl80211_policy,
13333 .flags = GENL_UNS_ADMIN_PERM,
13334 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13335 NL80211_FLAG_NEED_RTNL,
13336 },
13337 {
13338 .cmd = NL80211_CMD_NEW_MPATH,
13339 .doit = nl80211_new_mpath,
13340 .policy = nl80211_policy,
13341 .flags = GENL_UNS_ADMIN_PERM,
13342 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13343 NL80211_FLAG_NEED_RTNL,
13344 },
13345 {
13346 .cmd = NL80211_CMD_DEL_MPATH,
13347 .doit = nl80211_del_mpath,
13348 .policy = nl80211_policy,
13349 .flags = GENL_UNS_ADMIN_PERM,
13350 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13351 NL80211_FLAG_NEED_RTNL,
13352 },
13353 {
13354 .cmd = NL80211_CMD_SET_BSS,
13355 .doit = nl80211_set_bss,
13356 .policy = nl80211_policy,
13357 .flags = GENL_UNS_ADMIN_PERM,
13358 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13359 NL80211_FLAG_NEED_RTNL,
13360 },
13361 {
13362 .cmd = NL80211_CMD_GET_REG,
13363 .doit = nl80211_get_reg_do,
13364 .dumpit = nl80211_get_reg_dump,
13365 .policy = nl80211_policy,
13366 .internal_flags = NL80211_FLAG_NEED_RTNL,
13367 /* can be retrieved by unprivileged users */
13368 },
13369 #ifdef CONFIG_CFG80211_CRDA_SUPPORT
13370 {
13371 .cmd = NL80211_CMD_SET_REG,
13372 .doit = nl80211_set_reg,
13373 .policy = nl80211_policy,
13374 .flags = GENL_ADMIN_PERM,
13375 .internal_flags = NL80211_FLAG_NEED_RTNL,
13376 },
13377 #endif
13378 {
13379 .cmd = NL80211_CMD_REQ_SET_REG,
13380 .doit = nl80211_req_set_reg,
13381 .policy = nl80211_policy,
13382 .flags = GENL_ADMIN_PERM,
13383 },
13384 {
13385 .cmd = NL80211_CMD_RELOAD_REGDB,
13386 .doit = nl80211_reload_regdb,
13387 .policy = nl80211_policy,
13388 .flags = GENL_ADMIN_PERM,
13389 },
13390 {
13391 .cmd = NL80211_CMD_GET_MESH_CONFIG,
13392 .doit = nl80211_get_mesh_config,
13393 .policy = nl80211_policy,
13394 /* can be retrieved by unprivileged users */
13395 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13396 NL80211_FLAG_NEED_RTNL,
13397 },
13398 {
13399 .cmd = NL80211_CMD_SET_MESH_CONFIG,
13400 .doit = nl80211_update_mesh_config,
13401 .policy = nl80211_policy,
13402 .flags = GENL_UNS_ADMIN_PERM,
13403 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13404 NL80211_FLAG_NEED_RTNL,
13405 },
13406 {
13407 .cmd = NL80211_CMD_TRIGGER_SCAN,
13408 .doit = nl80211_trigger_scan,
13409 .policy = nl80211_policy,
13410 .flags = GENL_UNS_ADMIN_PERM,
13411 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
13412 NL80211_FLAG_NEED_RTNL,
13413 },
13414 {
13415 .cmd = NL80211_CMD_ABORT_SCAN,
13416 .doit = nl80211_abort_scan,
13417 .policy = nl80211_policy,
13418 .flags = GENL_UNS_ADMIN_PERM,
13419 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
13420 NL80211_FLAG_NEED_RTNL,
13421 },
13422 {
13423 .cmd = NL80211_CMD_GET_SCAN,
13424 .policy = nl80211_policy,
13425 .dumpit = nl80211_dump_scan,
13426 },
13427 {
13428 .cmd = NL80211_CMD_START_SCHED_SCAN,
13429 .doit = nl80211_start_sched_scan,
13430 .policy = nl80211_policy,
13431 .flags = GENL_UNS_ADMIN_PERM,
13432 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13433 NL80211_FLAG_NEED_RTNL,
13434 },
13435 {
13436 .cmd = NL80211_CMD_STOP_SCHED_SCAN,
13437 .doit = nl80211_stop_sched_scan,
13438 .policy = nl80211_policy,
13439 .flags = GENL_UNS_ADMIN_PERM,
13440 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13441 NL80211_FLAG_NEED_RTNL,
13442 },
13443 {
13444 .cmd = NL80211_CMD_AUTHENTICATE,
13445 .doit = nl80211_authenticate,
13446 .policy = nl80211_policy,
13447 .flags = GENL_UNS_ADMIN_PERM,
13448 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13449 NL80211_FLAG_NEED_RTNL |
13450 NL80211_FLAG_CLEAR_SKB,
13451 },
13452 {
13453 .cmd = NL80211_CMD_ASSOCIATE,
13454 .doit = nl80211_associate,
13455 .policy = nl80211_policy,
13456 .flags = GENL_UNS_ADMIN_PERM,
13457 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13458 NL80211_FLAG_NEED_RTNL |
13459 NL80211_FLAG_CLEAR_SKB,
13460 },
13461 {
13462 .cmd = NL80211_CMD_DEAUTHENTICATE,
13463 .doit = nl80211_deauthenticate,
13464 .policy = nl80211_policy,
13465 .flags = GENL_UNS_ADMIN_PERM,
13466 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13467 NL80211_FLAG_NEED_RTNL,
13468 },
13469 {
13470 .cmd = NL80211_CMD_DISASSOCIATE,
13471 .doit = nl80211_disassociate,
13472 .policy = nl80211_policy,
13473 .flags = GENL_UNS_ADMIN_PERM,
13474 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13475 NL80211_FLAG_NEED_RTNL,
13476 },
13477 {
13478 .cmd = NL80211_CMD_JOIN_IBSS,
13479 .doit = nl80211_join_ibss,
13480 .policy = nl80211_policy,
13481 .flags = GENL_UNS_ADMIN_PERM,
13482 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13483 NL80211_FLAG_NEED_RTNL,
13484 },
13485 {
13486 .cmd = NL80211_CMD_LEAVE_IBSS,
13487 .doit = nl80211_leave_ibss,
13488 .policy = nl80211_policy,
13489 .flags = GENL_UNS_ADMIN_PERM,
13490 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13491 NL80211_FLAG_NEED_RTNL,
13492 },
13493 #ifdef CONFIG_NL80211_TESTMODE
13494 {
13495 .cmd = NL80211_CMD_TESTMODE,
13496 .doit = nl80211_testmode_do,
13497 .dumpit = nl80211_testmode_dump,
13498 .policy = nl80211_policy,
13499 .flags = GENL_UNS_ADMIN_PERM,
13500 .internal_flags = NL80211_FLAG_NEED_WIPHY |
13501 NL80211_FLAG_NEED_RTNL,
13502 },
13503 #endif
13504 {
13505 .cmd = NL80211_CMD_CONNECT,
13506 .doit = nl80211_connect,
13507 .policy = nl80211_policy,
13508 .flags = GENL_UNS_ADMIN_PERM,
13509 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13510 NL80211_FLAG_NEED_RTNL |
13511 NL80211_FLAG_CLEAR_SKB,
13512 },
13513 {
13514 .cmd = NL80211_CMD_UPDATE_CONNECT_PARAMS,
13515 .doit = nl80211_update_connect_params,
13516 .policy = nl80211_policy,
13517 .flags = GENL_ADMIN_PERM,
13518 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13519 NL80211_FLAG_NEED_RTNL |
13520 NL80211_FLAG_CLEAR_SKB,
13521 },
13522 {
13523 .cmd = NL80211_CMD_DISCONNECT,
13524 .doit = nl80211_disconnect,
13525 .policy = nl80211_policy,
13526 .flags = GENL_UNS_ADMIN_PERM,
13527 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13528 NL80211_FLAG_NEED_RTNL,
13529 },
13530 {
13531 .cmd = NL80211_CMD_SET_WIPHY_NETNS,
13532 .doit = nl80211_wiphy_netns,
13533 .policy = nl80211_policy,
13534 .flags = GENL_UNS_ADMIN_PERM,
13535 .internal_flags = NL80211_FLAG_NEED_WIPHY |
13536 NL80211_FLAG_NEED_RTNL,
13537 },
13538 {
13539 .cmd = NL80211_CMD_GET_SURVEY,
13540 .policy = nl80211_policy,
13541 .dumpit = nl80211_dump_survey,
13542 },
13543 {
13544 .cmd = NL80211_CMD_SET_PMKSA,
13545 .doit = nl80211_setdel_pmksa,
13546 .policy = nl80211_policy,
13547 .flags = GENL_UNS_ADMIN_PERM,
13548 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13549 NL80211_FLAG_NEED_RTNL |
13550 NL80211_FLAG_CLEAR_SKB,
13551 },
13552 {
13553 .cmd = NL80211_CMD_DEL_PMKSA,
13554 .doit = nl80211_setdel_pmksa,
13555 .policy = nl80211_policy,
13556 .flags = GENL_UNS_ADMIN_PERM,
13557 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13558 NL80211_FLAG_NEED_RTNL,
13559 },
13560 {
13561 .cmd = NL80211_CMD_FLUSH_PMKSA,
13562 .doit = nl80211_flush_pmksa,
13563 .policy = nl80211_policy,
13564 .flags = GENL_UNS_ADMIN_PERM,
13565 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13566 NL80211_FLAG_NEED_RTNL,
13567 },
13568 {
13569 .cmd = NL80211_CMD_REMAIN_ON_CHANNEL,
13570 .doit = nl80211_remain_on_channel,
13571 .policy = nl80211_policy,
13572 .flags = GENL_UNS_ADMIN_PERM,
13573 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
13574 NL80211_FLAG_NEED_RTNL,
13575 },
13576 {
13577 .cmd = NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
13578 .doit = nl80211_cancel_remain_on_channel,
13579 .policy = nl80211_policy,
13580 .flags = GENL_UNS_ADMIN_PERM,
13581 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
13582 NL80211_FLAG_NEED_RTNL,
13583 },
13584 {
13585 .cmd = NL80211_CMD_SET_TX_BITRATE_MASK,
13586 .doit = nl80211_set_tx_bitrate_mask,
13587 .policy = nl80211_policy,
13588 .flags = GENL_UNS_ADMIN_PERM,
13589 .internal_flags = NL80211_FLAG_NEED_NETDEV |
13590 NL80211_FLAG_NEED_RTNL,
13591 },
13592 {
13593 .cmd = NL80211_CMD_REGISTER_FRAME,
13594 .doit = nl80211_register_mgmt,
13595 .policy = nl80211_policy,
13596 .flags = GENL_UNS_ADMIN_PERM,
13597 .internal_flags = NL80211_FLAG_NEED_WDEV |
13598 NL80211_FLAG_NEED_RTNL,
13599 },
13600 {
13601 .cmd = NL80211_CMD_FRAME,
13602 .doit = nl80211_tx_mgmt,
13603 .policy = nl80211_policy,
13604 .flags = GENL_UNS_ADMIN_PERM,
13605 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
13606 NL80211_FLAG_NEED_RTNL,
13607 },
13608 {
13609 .cmd = NL80211_CMD_FRAME_WAIT_CANCEL,
13610 .doit = nl80211_tx_mgmt_cancel_wait,
13611 .policy = nl80211_policy,
13612 .flags = GENL_UNS_ADMIN_PERM,
13613 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
13614 NL80211_FLAG_NEED_RTNL,
13615 },
13616 {
13617 .cmd = NL80211_CMD_SET_POWER_SAVE,
13618 .doit = nl80211_set_power_save,
13619 .policy = nl80211_policy,
13620 .flags = GENL_UNS_ADMIN_PERM,
13621 .internal_flags = NL80211_FLAG_NEED_NETDEV |
13622 NL80211_FLAG_NEED_RTNL,
13623 },
13624 {
13625 .cmd = NL80211_CMD_GET_POWER_SAVE,
13626 .doit = nl80211_get_power_save,
13627 .policy = nl80211_policy,
13628 /* can be retrieved by unprivileged users */
13629 .internal_flags = NL80211_FLAG_NEED_NETDEV |
13630 NL80211_FLAG_NEED_RTNL,
13631 },
13632 {
13633 .cmd = NL80211_CMD_SET_CQM,
13634 .doit = nl80211_set_cqm,
13635 .policy = nl80211_policy,
13636 .flags = GENL_UNS_ADMIN_PERM,
13637 .internal_flags = NL80211_FLAG_NEED_NETDEV |
13638 NL80211_FLAG_NEED_RTNL,
13639 },
13640 {
13641 .cmd = NL80211_CMD_SET_CHANNEL,
13642 .doit = nl80211_set_channel,
13643 .policy = nl80211_policy,
13644 .flags = GENL_UNS_ADMIN_PERM,
13645 .internal_flags = NL80211_FLAG_NEED_NETDEV |
13646 NL80211_FLAG_NEED_RTNL,
13647 },
13648 {
13649 .cmd = NL80211_CMD_SET_WDS_PEER,
13650 .doit = nl80211_set_wds_peer,
13651 .policy = nl80211_policy,
13652 .flags = GENL_UNS_ADMIN_PERM,
13653 .internal_flags = NL80211_FLAG_NEED_NETDEV |
13654 NL80211_FLAG_NEED_RTNL,
13655 },
13656 {
13657 .cmd = NL80211_CMD_JOIN_MESH,
13658 .doit = nl80211_join_mesh,
13659 .policy = nl80211_policy,
13660 .flags = GENL_UNS_ADMIN_PERM,
13661 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13662 NL80211_FLAG_NEED_RTNL,
13663 },
13664 {
13665 .cmd = NL80211_CMD_LEAVE_MESH,
13666 .doit = nl80211_leave_mesh,
13667 .policy = nl80211_policy,
13668 .flags = GENL_UNS_ADMIN_PERM,
13669 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13670 NL80211_FLAG_NEED_RTNL,
13671 },
13672 {
13673 .cmd = NL80211_CMD_JOIN_OCB,
13674 .doit = nl80211_join_ocb,
13675 .policy = nl80211_policy,
13676 .flags = GENL_UNS_ADMIN_PERM,
13677 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13678 NL80211_FLAG_NEED_RTNL,
13679 },
13680 {
13681 .cmd = NL80211_CMD_LEAVE_OCB,
13682 .doit = nl80211_leave_ocb,
13683 .policy = nl80211_policy,
13684 .flags = GENL_UNS_ADMIN_PERM,
13685 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13686 NL80211_FLAG_NEED_RTNL,
13687 },
13688 #ifdef CONFIG_PM
13689 {
13690 .cmd = NL80211_CMD_GET_WOWLAN,
13691 .doit = nl80211_get_wowlan,
13692 .policy = nl80211_policy,
13693 /* can be retrieved by unprivileged users */
13694 .internal_flags = NL80211_FLAG_NEED_WIPHY |
13695 NL80211_FLAG_NEED_RTNL,
13696 },
13697 {
13698 .cmd = NL80211_CMD_SET_WOWLAN,
13699 .doit = nl80211_set_wowlan,
13700 .policy = nl80211_policy,
13701 .flags = GENL_UNS_ADMIN_PERM,
13702 .internal_flags = NL80211_FLAG_NEED_WIPHY |
13703 NL80211_FLAG_NEED_RTNL,
13704 },
13705 #endif
13706 {
13707 .cmd = NL80211_CMD_SET_REKEY_OFFLOAD,
13708 .doit = nl80211_set_rekey_data,
13709 .policy = nl80211_policy,
13710 .flags = GENL_UNS_ADMIN_PERM,
13711 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13712 NL80211_FLAG_NEED_RTNL |
13713 NL80211_FLAG_CLEAR_SKB,
13714 },
13715 {
13716 .cmd = NL80211_CMD_TDLS_MGMT,
13717 .doit = nl80211_tdls_mgmt,
13718 .policy = nl80211_policy,
13719 .flags = GENL_UNS_ADMIN_PERM,
13720 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13721 NL80211_FLAG_NEED_RTNL,
13722 },
13723 {
13724 .cmd = NL80211_CMD_TDLS_OPER,
13725 .doit = nl80211_tdls_oper,
13726 .policy = nl80211_policy,
13727 .flags = GENL_UNS_ADMIN_PERM,
13728 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13729 NL80211_FLAG_NEED_RTNL,
13730 },
13731 {
13732 .cmd = NL80211_CMD_UNEXPECTED_FRAME,
13733 .doit = nl80211_register_unexpected_frame,
13734 .policy = nl80211_policy,
13735 .flags = GENL_UNS_ADMIN_PERM,
13736 .internal_flags = NL80211_FLAG_NEED_NETDEV |
13737 NL80211_FLAG_NEED_RTNL,
13738 },
13739 {
13740 .cmd = NL80211_CMD_PROBE_CLIENT,
13741 .doit = nl80211_probe_client,
13742 .policy = nl80211_policy,
13743 .flags = GENL_UNS_ADMIN_PERM,
13744 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13745 NL80211_FLAG_NEED_RTNL,
13746 },
13747 {
13748 .cmd = NL80211_CMD_REGISTER_BEACONS,
13749 .doit = nl80211_register_beacons,
13750 .policy = nl80211_policy,
13751 .flags = GENL_UNS_ADMIN_PERM,
13752 .internal_flags = NL80211_FLAG_NEED_WIPHY |
13753 NL80211_FLAG_NEED_RTNL,
13754 },
13755 {
13756 .cmd = NL80211_CMD_SET_NOACK_MAP,
13757 .doit = nl80211_set_noack_map,
13758 .policy = nl80211_policy,
13759 .flags = GENL_UNS_ADMIN_PERM,
13760 .internal_flags = NL80211_FLAG_NEED_NETDEV |
13761 NL80211_FLAG_NEED_RTNL,
13762 },
13763 {
13764 .cmd = NL80211_CMD_START_P2P_DEVICE,
13765 .doit = nl80211_start_p2p_device,
13766 .policy = nl80211_policy,
13767 .flags = GENL_UNS_ADMIN_PERM,
13768 .internal_flags = NL80211_FLAG_NEED_WDEV |
13769 NL80211_FLAG_NEED_RTNL,
13770 },
13771 {
13772 .cmd = NL80211_CMD_STOP_P2P_DEVICE,
13773 .doit = nl80211_stop_p2p_device,
13774 .policy = nl80211_policy,
13775 .flags = GENL_UNS_ADMIN_PERM,
13776 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
13777 NL80211_FLAG_NEED_RTNL,
13778 },
13779 {
13780 .cmd = NL80211_CMD_START_NAN,
13781 .doit = nl80211_start_nan,
13782 .policy = nl80211_policy,
13783 .flags = GENL_ADMIN_PERM,
13784 .internal_flags = NL80211_FLAG_NEED_WDEV |
13785 NL80211_FLAG_NEED_RTNL,
13786 },
13787 {
13788 .cmd = NL80211_CMD_STOP_NAN,
13789 .doit = nl80211_stop_nan,
13790 .policy = nl80211_policy,
13791 .flags = GENL_ADMIN_PERM,
13792 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
13793 NL80211_FLAG_NEED_RTNL,
13794 },
13795 {
13796 .cmd = NL80211_CMD_ADD_NAN_FUNCTION,
13797 .doit = nl80211_nan_add_func,
13798 .policy = nl80211_policy,
13799 .flags = GENL_ADMIN_PERM,
13800 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
13801 NL80211_FLAG_NEED_RTNL,
13802 },
13803 {
13804 .cmd = NL80211_CMD_DEL_NAN_FUNCTION,
13805 .doit = nl80211_nan_del_func,
13806 .policy = nl80211_policy,
13807 .flags = GENL_ADMIN_PERM,
13808 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
13809 NL80211_FLAG_NEED_RTNL,
13810 },
13811 {
13812 .cmd = NL80211_CMD_CHANGE_NAN_CONFIG,
13813 .doit = nl80211_nan_change_config,
13814 .policy = nl80211_policy,
13815 .flags = GENL_ADMIN_PERM,
13816 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
13817 NL80211_FLAG_NEED_RTNL,
13818 },
13819 {
13820 .cmd = NL80211_CMD_SET_MCAST_RATE,
13821 .doit = nl80211_set_mcast_rate,
13822 .policy = nl80211_policy,
13823 .flags = GENL_UNS_ADMIN_PERM,
13824 .internal_flags = NL80211_FLAG_NEED_NETDEV |
13825 NL80211_FLAG_NEED_RTNL,
13826 },
13827 {
13828 .cmd = NL80211_CMD_SET_MAC_ACL,
13829 .doit = nl80211_set_mac_acl,
13830 .policy = nl80211_policy,
13831 .flags = GENL_UNS_ADMIN_PERM,
13832 .internal_flags = NL80211_FLAG_NEED_NETDEV |
13833 NL80211_FLAG_NEED_RTNL,
13834 },
13835 {
13836 .cmd = NL80211_CMD_RADAR_DETECT,
13837 .doit = nl80211_start_radar_detection,
13838 .policy = nl80211_policy,
13839 .flags = GENL_UNS_ADMIN_PERM,
13840 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13841 NL80211_FLAG_NEED_RTNL,
13842 },
13843 {
13844 .cmd = NL80211_CMD_GET_PROTOCOL_FEATURES,
13845 .doit = nl80211_get_protocol_features,
13846 .policy = nl80211_policy,
13847 },
13848 {
13849 .cmd = NL80211_CMD_UPDATE_FT_IES,
13850 .doit = nl80211_update_ft_ies,
13851 .policy = nl80211_policy,
13852 .flags = GENL_UNS_ADMIN_PERM,
13853 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13854 NL80211_FLAG_NEED_RTNL,
13855 },
13856 {
13857 .cmd = NL80211_CMD_CRIT_PROTOCOL_START,
13858 .doit = nl80211_crit_protocol_start,
13859 .policy = nl80211_policy,
13860 .flags = GENL_UNS_ADMIN_PERM,
13861 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
13862 NL80211_FLAG_NEED_RTNL,
13863 },
13864 {
13865 .cmd = NL80211_CMD_CRIT_PROTOCOL_STOP,
13866 .doit = nl80211_crit_protocol_stop,
13867 .policy = nl80211_policy,
13868 .flags = GENL_UNS_ADMIN_PERM,
13869 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
13870 NL80211_FLAG_NEED_RTNL,
13871 },
13872 {
13873 .cmd = NL80211_CMD_GET_COALESCE,
13874 .doit = nl80211_get_coalesce,
13875 .policy = nl80211_policy,
13876 .internal_flags = NL80211_FLAG_NEED_WIPHY |
13877 NL80211_FLAG_NEED_RTNL,
13878 },
13879 {
13880 .cmd = NL80211_CMD_SET_COALESCE,
13881 .doit = nl80211_set_coalesce,
13882 .policy = nl80211_policy,
13883 .flags = GENL_UNS_ADMIN_PERM,
13884 .internal_flags = NL80211_FLAG_NEED_WIPHY |
13885 NL80211_FLAG_NEED_RTNL,
13886 },
13887 {
13888 .cmd = NL80211_CMD_CHANNEL_SWITCH,
13889 .doit = nl80211_channel_switch,
13890 .policy = nl80211_policy,
13891 .flags = GENL_UNS_ADMIN_PERM,
13892 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13893 NL80211_FLAG_NEED_RTNL,
13894 },
13895 {
13896 .cmd = NL80211_CMD_VENDOR,
13897 .doit = nl80211_vendor_cmd,
13898 .dumpit = nl80211_vendor_cmd_dump,
13899 .policy = nl80211_policy,
13900 .flags = GENL_UNS_ADMIN_PERM,
13901 .internal_flags = NL80211_FLAG_NEED_WIPHY |
13902 NL80211_FLAG_NEED_RTNL |
13903 NL80211_FLAG_CLEAR_SKB,
13904 },
13905 {
13906 .cmd = NL80211_CMD_SET_QOS_MAP,
13907 .doit = nl80211_set_qos_map,
13908 .policy = nl80211_policy,
13909 .flags = GENL_UNS_ADMIN_PERM,
13910 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13911 NL80211_FLAG_NEED_RTNL,
13912 },
13913 {
13914 .cmd = NL80211_CMD_ADD_TX_TS,
13915 .doit = nl80211_add_tx_ts,
13916 .policy = nl80211_policy,
13917 .flags = GENL_UNS_ADMIN_PERM,
13918 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13919 NL80211_FLAG_NEED_RTNL,
13920 },
13921 {
13922 .cmd = NL80211_CMD_DEL_TX_TS,
13923 .doit = nl80211_del_tx_ts,
13924 .policy = nl80211_policy,
13925 .flags = GENL_UNS_ADMIN_PERM,
13926 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13927 NL80211_FLAG_NEED_RTNL,
13928 },
13929 {
13930 .cmd = NL80211_CMD_TDLS_CHANNEL_SWITCH,
13931 .doit = nl80211_tdls_channel_switch,
13932 .policy = nl80211_policy,
13933 .flags = GENL_UNS_ADMIN_PERM,
13934 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13935 NL80211_FLAG_NEED_RTNL,
13936 },
13937 {
13938 .cmd = NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH,
13939 .doit = nl80211_tdls_cancel_channel_switch,
13940 .policy = nl80211_policy,
13941 .flags = GENL_UNS_ADMIN_PERM,
13942 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13943 NL80211_FLAG_NEED_RTNL,
13944 },
13945 {
13946 .cmd = NL80211_CMD_SET_MULTICAST_TO_UNICAST,
13947 .doit = nl80211_set_multicast_to_unicast,
13948 .policy = nl80211_policy,
13949 .flags = GENL_UNS_ADMIN_PERM,
13950 .internal_flags = NL80211_FLAG_NEED_NETDEV |
13951 NL80211_FLAG_NEED_RTNL,
13952 },
13953 {
13954 .cmd = NL80211_CMD_SET_PMK,
13955 .doit = nl80211_set_pmk,
13956 .policy = nl80211_policy,
13957 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13958 NL80211_FLAG_NEED_RTNL |
13959 NL80211_FLAG_CLEAR_SKB,
13960 },
13961 {
13962 .cmd = NL80211_CMD_DEL_PMK,
13963 .doit = nl80211_del_pmk,
13964 .policy = nl80211_policy,
13965 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13966 NL80211_FLAG_NEED_RTNL,
13967 },
13968 {
13969 .cmd = NL80211_CMD_EXTERNAL_AUTH,
13970 .doit = nl80211_external_auth,
13971 .policy = nl80211_policy,
13972 .flags = GENL_ADMIN_PERM,
13973 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13974 NL80211_FLAG_NEED_RTNL,
13975 },
13976 {
13977 .cmd = NL80211_CMD_CONTROL_PORT_FRAME,
13978 .doit = nl80211_tx_control_port,
13979 .policy = nl80211_policy,
13980 .flags = GENL_UNS_ADMIN_PERM,
13981 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13982 NL80211_FLAG_NEED_RTNL,
13983 },
13984 };
13985
13986 static struct genl_family nl80211_fam __ro_after_init = {
13987 .name = NL80211_GENL_NAME, /* have users key off the name instead */
13988 .hdrsize = 0, /* no private header */
13989 .version = 1, /* no particular meaning now */
13990 .maxattr = NL80211_ATTR_MAX,
13991 .netnsok = true,
13992 .pre_doit = nl80211_pre_doit,
13993 .post_doit = nl80211_post_doit,
13994 .module = THIS_MODULE,
13995 .ops = nl80211_ops,
13996 .n_ops = ARRAY_SIZE(nl80211_ops),
13997 .mcgrps = nl80211_mcgrps,
13998 .n_mcgrps = ARRAY_SIZE(nl80211_mcgrps),
13999 };
14000
14001 /* notification functions */
14002
14003 void nl80211_notify_wiphy(struct cfg80211_registered_device *rdev,
14004 enum nl80211_commands cmd)
14005 {
14006 struct sk_buff *msg;
14007 struct nl80211_dump_wiphy_state state = {};
14008
14009 WARN_ON(cmd != NL80211_CMD_NEW_WIPHY &&
14010 cmd != NL80211_CMD_DEL_WIPHY);
14011
14012 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
14013 if (!msg)
14014 return;
14015
14016 if (nl80211_send_wiphy(rdev, cmd, msg, 0, 0, 0, &state) < 0) {
14017 nlmsg_free(msg);
14018 return;
14019 }
14020
14021 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14022 NL80211_MCGRP_CONFIG, GFP_KERNEL);
14023 }
14024
14025 void nl80211_notify_iface(struct cfg80211_registered_device *rdev,
14026 struct wireless_dev *wdev,
14027 enum nl80211_commands cmd)
14028 {
14029 struct sk_buff *msg;
14030
14031 WARN_ON(cmd != NL80211_CMD_NEW_INTERFACE &&
14032 cmd != NL80211_CMD_DEL_INTERFACE);
14033
14034 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
14035 if (!msg)
14036 return;
14037
14038 if (nl80211_send_iface(msg, 0, 0, 0, rdev, wdev,
14039 cmd == NL80211_CMD_DEL_INTERFACE) < 0) {
14040 nlmsg_free(msg);
14041 return;
14042 }
14043
14044 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14045 NL80211_MCGRP_CONFIG, GFP_KERNEL);
14046 }
14047
14048 static int nl80211_add_scan_req(struct sk_buff *msg,
14049 struct cfg80211_registered_device *rdev)
14050 {
14051 struct cfg80211_scan_request *req = rdev->scan_req;
14052 struct nlattr *nest;
14053 int i;
14054
14055 if (WARN_ON(!req))
14056 return 0;
14057
14058 nest = nla_nest_start(msg, NL80211_ATTR_SCAN_SSIDS);
14059 if (!nest)
14060 goto nla_put_failure;
14061 for (i = 0; i < req->n_ssids; i++) {
14062 if (nla_put(msg, i, req->ssids[i].ssid_len, req->ssids[i].ssid))
14063 goto nla_put_failure;
14064 }
14065 nla_nest_end(msg, nest);
14066
14067 nest = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQUENCIES);
14068 if (!nest)
14069 goto nla_put_failure;
14070 for (i = 0; i < req->n_channels; i++) {
14071 if (nla_put_u32(msg, i, req->channels[i]->center_freq))
14072 goto nla_put_failure;
14073 }
14074 nla_nest_end(msg, nest);
14075
14076 if (req->ie &&
14077 nla_put(msg, NL80211_ATTR_IE, req->ie_len, req->ie))
14078 goto nla_put_failure;
14079
14080 if (req->flags &&
14081 nla_put_u32(msg, NL80211_ATTR_SCAN_FLAGS, req->flags))
14082 goto nla_put_failure;
14083
14084 if (req->info.scan_start_tsf &&
14085 (nla_put_u64_64bit(msg, NL80211_ATTR_SCAN_START_TIME_TSF,
14086 req->info.scan_start_tsf, NL80211_BSS_PAD) ||
14087 nla_put(msg, NL80211_ATTR_SCAN_START_TIME_TSF_BSSID, ETH_ALEN,
14088 req->info.tsf_bssid)))
14089 goto nla_put_failure;
14090
14091 return 0;
14092 nla_put_failure:
14093 return -ENOBUFS;
14094 }
14095
14096 static int nl80211_prep_scan_msg(struct sk_buff *msg,
14097 struct cfg80211_registered_device *rdev,
14098 struct wireless_dev *wdev,
14099 u32 portid, u32 seq, int flags,
14100 u32 cmd)
14101 {
14102 void *hdr;
14103
14104 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
14105 if (!hdr)
14106 return -1;
14107
14108 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14109 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
14110 wdev->netdev->ifindex)) ||
14111 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
14112 NL80211_ATTR_PAD))
14113 goto nla_put_failure;
14114
14115 /* ignore errors and send incomplete event anyway */
14116 nl80211_add_scan_req(msg, rdev);
14117
14118 genlmsg_end(msg, hdr);
14119 return 0;
14120
14121 nla_put_failure:
14122 genlmsg_cancel(msg, hdr);
14123 return -EMSGSIZE;
14124 }
14125
14126 static int
14127 nl80211_prep_sched_scan_msg(struct sk_buff *msg,
14128 struct cfg80211_sched_scan_request *req, u32 cmd)
14129 {
14130 void *hdr;
14131
14132 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
14133 if (!hdr)
14134 return -1;
14135
14136 if (nla_put_u32(msg, NL80211_ATTR_WIPHY,
14137 wiphy_to_rdev(req->wiphy)->wiphy_idx) ||
14138 nla_put_u32(msg, NL80211_ATTR_IFINDEX, req->dev->ifindex) ||
14139 nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, req->reqid,
14140 NL80211_ATTR_PAD))
14141 goto nla_put_failure;
14142
14143 genlmsg_end(msg, hdr);
14144 return 0;
14145
14146 nla_put_failure:
14147 genlmsg_cancel(msg, hdr);
14148 return -EMSGSIZE;
14149 }
14150
14151 void nl80211_send_scan_start(struct cfg80211_registered_device *rdev,
14152 struct wireless_dev *wdev)
14153 {
14154 struct sk_buff *msg;
14155
14156 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
14157 if (!msg)
14158 return;
14159
14160 if (nl80211_prep_scan_msg(msg, rdev, wdev, 0, 0, 0,
14161 NL80211_CMD_TRIGGER_SCAN) < 0) {
14162 nlmsg_free(msg);
14163 return;
14164 }
14165
14166 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14167 NL80211_MCGRP_SCAN, GFP_KERNEL);
14168 }
14169
14170 struct sk_buff *nl80211_build_scan_msg(struct cfg80211_registered_device *rdev,
14171 struct wireless_dev *wdev, bool aborted)
14172 {
14173 struct sk_buff *msg;
14174
14175 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
14176 if (!msg)
14177 return NULL;
14178
14179 if (nl80211_prep_scan_msg(msg, rdev, wdev, 0, 0, 0,
14180 aborted ? NL80211_CMD_SCAN_ABORTED :
14181 NL80211_CMD_NEW_SCAN_RESULTS) < 0) {
14182 nlmsg_free(msg);
14183 return NULL;
14184 }
14185
14186 return msg;
14187 }
14188
14189 /* send message created by nl80211_build_scan_msg() */
14190 void nl80211_send_scan_msg(struct cfg80211_registered_device *rdev,
14191 struct sk_buff *msg)
14192 {
14193 if (!msg)
14194 return;
14195
14196 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14197 NL80211_MCGRP_SCAN, GFP_KERNEL);
14198 }
14199
14200 void nl80211_send_sched_scan(struct cfg80211_sched_scan_request *req, u32 cmd)
14201 {
14202 struct sk_buff *msg;
14203
14204 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
14205 if (!msg)
14206 return;
14207
14208 if (nl80211_prep_sched_scan_msg(msg, req, cmd) < 0) {
14209 nlmsg_free(msg);
14210 return;
14211 }
14212
14213 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(req->wiphy), msg, 0,
14214 NL80211_MCGRP_SCAN, GFP_KERNEL);
14215 }
14216
14217 static bool nl80211_reg_change_event_fill(struct sk_buff *msg,
14218 struct regulatory_request *request)
14219 {
14220 /* Userspace can always count this one always being set */
14221 if (nla_put_u8(msg, NL80211_ATTR_REG_INITIATOR, request->initiator))
14222 goto nla_put_failure;
14223
14224 if (request->alpha2[0] == '0' && request->alpha2[1] == '0') {
14225 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
14226 NL80211_REGDOM_TYPE_WORLD))
14227 goto nla_put_failure;
14228 } else if (request->alpha2[0] == '9' && request->alpha2[1] == '9') {
14229 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
14230 NL80211_REGDOM_TYPE_CUSTOM_WORLD))
14231 goto nla_put_failure;
14232 } else if ((request->alpha2[0] == '9' && request->alpha2[1] == '8') ||
14233 request->intersect) {
14234 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
14235 NL80211_REGDOM_TYPE_INTERSECTION))
14236 goto nla_put_failure;
14237 } else {
14238 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
14239 NL80211_REGDOM_TYPE_COUNTRY) ||
14240 nla_put_string(msg, NL80211_ATTR_REG_ALPHA2,
14241 request->alpha2))
14242 goto nla_put_failure;
14243 }
14244
14245 if (request->wiphy_idx != WIPHY_IDX_INVALID) {
14246 struct wiphy *wiphy = wiphy_idx_to_wiphy(request->wiphy_idx);
14247
14248 if (wiphy &&
14249 nla_put_u32(msg, NL80211_ATTR_WIPHY, request->wiphy_idx))
14250 goto nla_put_failure;
14251
14252 if (wiphy &&
14253 wiphy->regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
14254 nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
14255 goto nla_put_failure;
14256 }
14257
14258 return true;
14259
14260 nla_put_failure:
14261 return false;
14262 }
14263
14264 /*
14265 * This can happen on global regulatory changes or device specific settings
14266 * based on custom regulatory domains.
14267 */
14268 void nl80211_common_reg_change_event(enum nl80211_commands cmd_id,
14269 struct regulatory_request *request)
14270 {
14271 struct sk_buff *msg;
14272 void *hdr;
14273
14274 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
14275 if (!msg)
14276 return;
14277
14278 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd_id);
14279 if (!hdr) {
14280 nlmsg_free(msg);
14281 return;
14282 }
14283
14284 if (nl80211_reg_change_event_fill(msg, request) == false)
14285 goto nla_put_failure;
14286
14287 genlmsg_end(msg, hdr);
14288
14289 rcu_read_lock();
14290 genlmsg_multicast_allns(&nl80211_fam, msg, 0,
14291 NL80211_MCGRP_REGULATORY, GFP_ATOMIC);
14292 rcu_read_unlock();
14293
14294 return;
14295
14296 nla_put_failure:
14297 nlmsg_free(msg);
14298 }
14299
14300 static void nl80211_send_mlme_event(struct cfg80211_registered_device *rdev,
14301 struct net_device *netdev,
14302 const u8 *buf, size_t len,
14303 enum nl80211_commands cmd, gfp_t gfp,
14304 int uapsd_queues)
14305 {
14306 struct sk_buff *msg;
14307 void *hdr;
14308
14309 msg = nlmsg_new(100 + len, gfp);
14310 if (!msg)
14311 return;
14312
14313 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
14314 if (!hdr) {
14315 nlmsg_free(msg);
14316 return;
14317 }
14318
14319 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14320 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
14321 nla_put(msg, NL80211_ATTR_FRAME, len, buf))
14322 goto nla_put_failure;
14323
14324 if (uapsd_queues >= 0) {
14325 struct nlattr *nla_wmm =
14326 nla_nest_start(msg, NL80211_ATTR_STA_WME);
14327 if (!nla_wmm)
14328 goto nla_put_failure;
14329
14330 if (nla_put_u8(msg, NL80211_STA_WME_UAPSD_QUEUES,
14331 uapsd_queues))
14332 goto nla_put_failure;
14333
14334 nla_nest_end(msg, nla_wmm);
14335 }
14336
14337 genlmsg_end(msg, hdr);
14338
14339 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14340 NL80211_MCGRP_MLME, gfp);
14341 return;
14342
14343 nla_put_failure:
14344 nlmsg_free(msg);
14345 }
14346
14347 void nl80211_send_rx_auth(struct cfg80211_registered_device *rdev,
14348 struct net_device *netdev, const u8 *buf,
14349 size_t len, gfp_t gfp)
14350 {
14351 nl80211_send_mlme_event(rdev, netdev, buf, len,
14352 NL80211_CMD_AUTHENTICATE, gfp, -1);
14353 }
14354
14355 void nl80211_send_rx_assoc(struct cfg80211_registered_device *rdev,
14356 struct net_device *netdev, const u8 *buf,
14357 size_t len, gfp_t gfp, int uapsd_queues)
14358 {
14359 nl80211_send_mlme_event(rdev, netdev, buf, len,
14360 NL80211_CMD_ASSOCIATE, gfp, uapsd_queues);
14361 }
14362
14363 void nl80211_send_deauth(struct cfg80211_registered_device *rdev,
14364 struct net_device *netdev, const u8 *buf,
14365 size_t len, gfp_t gfp)
14366 {
14367 nl80211_send_mlme_event(rdev, netdev, buf, len,
14368 NL80211_CMD_DEAUTHENTICATE, gfp, -1);
14369 }
14370
14371 void nl80211_send_disassoc(struct cfg80211_registered_device *rdev,
14372 struct net_device *netdev, const u8 *buf,
14373 size_t len, gfp_t gfp)
14374 {
14375 nl80211_send_mlme_event(rdev, netdev, buf, len,
14376 NL80211_CMD_DISASSOCIATE, gfp, -1);
14377 }
14378
14379 void cfg80211_rx_unprot_mlme_mgmt(struct net_device *dev, const u8 *buf,
14380 size_t len)
14381 {
14382 struct wireless_dev *wdev = dev->ieee80211_ptr;
14383 struct wiphy *wiphy = wdev->wiphy;
14384 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
14385 const struct ieee80211_mgmt *mgmt = (void *)buf;
14386 u32 cmd;
14387
14388 if (WARN_ON(len < 2))
14389 return;
14390
14391 if (ieee80211_is_deauth(mgmt->frame_control))
14392 cmd = NL80211_CMD_UNPROT_DEAUTHENTICATE;
14393 else
14394 cmd = NL80211_CMD_UNPROT_DISASSOCIATE;
14395
14396 trace_cfg80211_rx_unprot_mlme_mgmt(dev, buf, len);
14397 nl80211_send_mlme_event(rdev, dev, buf, len, cmd, GFP_ATOMIC, -1);
14398 }
14399 EXPORT_SYMBOL(cfg80211_rx_unprot_mlme_mgmt);
14400
14401 static void nl80211_send_mlme_timeout(struct cfg80211_registered_device *rdev,
14402 struct net_device *netdev, int cmd,
14403 const u8 *addr, gfp_t gfp)
14404 {
14405 struct sk_buff *msg;
14406 void *hdr;
14407
14408 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
14409 if (!msg)
14410 return;
14411
14412 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
14413 if (!hdr) {
14414 nlmsg_free(msg);
14415 return;
14416 }
14417
14418 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14419 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
14420 nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) ||
14421 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
14422 goto nla_put_failure;
14423
14424 genlmsg_end(msg, hdr);
14425
14426 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14427 NL80211_MCGRP_MLME, gfp);
14428 return;
14429
14430 nla_put_failure:
14431 nlmsg_free(msg);
14432 }
14433
14434 void nl80211_send_auth_timeout(struct cfg80211_registered_device *rdev,
14435 struct net_device *netdev, const u8 *addr,
14436 gfp_t gfp)
14437 {
14438 nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_AUTHENTICATE,
14439 addr, gfp);
14440 }
14441
14442 void nl80211_send_assoc_timeout(struct cfg80211_registered_device *rdev,
14443 struct net_device *netdev, const u8 *addr,
14444 gfp_t gfp)
14445 {
14446 nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_ASSOCIATE,
14447 addr, gfp);
14448 }
14449
14450 void nl80211_send_connect_result(struct cfg80211_registered_device *rdev,
14451 struct net_device *netdev,
14452 struct cfg80211_connect_resp_params *cr,
14453 gfp_t gfp)
14454 {
14455 struct sk_buff *msg;
14456 void *hdr;
14457
14458 msg = nlmsg_new(100 + cr->req_ie_len + cr->resp_ie_len +
14459 cr->fils.kek_len + cr->fils.pmk_len +
14460 (cr->fils.pmkid ? WLAN_PMKID_LEN : 0), gfp);
14461 if (!msg)
14462 return;
14463
14464 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONNECT);
14465 if (!hdr) {
14466 nlmsg_free(msg);
14467 return;
14468 }
14469
14470 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14471 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
14472 (cr->bssid &&
14473 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, cr->bssid)) ||
14474 nla_put_u16(msg, NL80211_ATTR_STATUS_CODE,
14475 cr->status < 0 ? WLAN_STATUS_UNSPECIFIED_FAILURE :
14476 cr->status) ||
14477 (cr->status < 0 &&
14478 (nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) ||
14479 nla_put_u32(msg, NL80211_ATTR_TIMEOUT_REASON,
14480 cr->timeout_reason))) ||
14481 (cr->req_ie &&
14482 nla_put(msg, NL80211_ATTR_REQ_IE, cr->req_ie_len, cr->req_ie)) ||
14483 (cr->resp_ie &&
14484 nla_put(msg, NL80211_ATTR_RESP_IE, cr->resp_ie_len,
14485 cr->resp_ie)) ||
14486 (cr->fils.update_erp_next_seq_num &&
14487 nla_put_u16(msg, NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM,
14488 cr->fils.erp_next_seq_num)) ||
14489 (cr->status == WLAN_STATUS_SUCCESS &&
14490 ((cr->fils.kek &&
14491 nla_put(msg, NL80211_ATTR_FILS_KEK, cr->fils.kek_len,
14492 cr->fils.kek)) ||
14493 (cr->fils.pmk &&
14494 nla_put(msg, NL80211_ATTR_PMK, cr->fils.pmk_len, cr->fils.pmk)) ||
14495 (cr->fils.pmkid &&
14496 nla_put(msg, NL80211_ATTR_PMKID, WLAN_PMKID_LEN, cr->fils.pmkid)))))
14497 goto nla_put_failure;
14498
14499 genlmsg_end(msg, hdr);
14500
14501 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14502 NL80211_MCGRP_MLME, gfp);
14503 return;
14504
14505 nla_put_failure:
14506 nlmsg_free(msg);
14507 }
14508
14509 void nl80211_send_roamed(struct cfg80211_registered_device *rdev,
14510 struct net_device *netdev,
14511 struct cfg80211_roam_info *info, gfp_t gfp)
14512 {
14513 struct sk_buff *msg;
14514 void *hdr;
14515 const u8 *bssid = info->bss ? info->bss->bssid : info->bssid;
14516
14517 msg = nlmsg_new(100 + info->req_ie_len + info->resp_ie_len +
14518 info->fils.kek_len + info->fils.pmk_len +
14519 (info->fils.pmkid ? WLAN_PMKID_LEN : 0), gfp);
14520 if (!msg)
14521 return;
14522
14523 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ROAM);
14524 if (!hdr) {
14525 nlmsg_free(msg);
14526 return;
14527 }
14528
14529 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14530 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
14531 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid) ||
14532 (info->req_ie &&
14533 nla_put(msg, NL80211_ATTR_REQ_IE, info->req_ie_len,
14534 info->req_ie)) ||
14535 (info->resp_ie &&
14536 nla_put(msg, NL80211_ATTR_RESP_IE, info->resp_ie_len,
14537 info->resp_ie)) ||
14538 (info->fils.update_erp_next_seq_num &&
14539 nla_put_u16(msg, NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM,
14540 info->fils.erp_next_seq_num)) ||
14541 (info->fils.kek &&
14542 nla_put(msg, NL80211_ATTR_FILS_KEK, info->fils.kek_len,
14543 info->fils.kek)) ||
14544 (info->fils.pmk &&
14545 nla_put(msg, NL80211_ATTR_PMK, info->fils.pmk_len, info->fils.pmk)) ||
14546 (info->fils.pmkid &&
14547 nla_put(msg, NL80211_ATTR_PMKID, WLAN_PMKID_LEN, info->fils.pmkid)))
14548 goto nla_put_failure;
14549
14550 genlmsg_end(msg, hdr);
14551
14552 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14553 NL80211_MCGRP_MLME, gfp);
14554 return;
14555
14556 nla_put_failure:
14557 nlmsg_free(msg);
14558 }
14559
14560 void nl80211_send_port_authorized(struct cfg80211_registered_device *rdev,
14561 struct net_device *netdev, const u8 *bssid)
14562 {
14563 struct sk_buff *msg;
14564 void *hdr;
14565
14566 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
14567 if (!msg)
14568 return;
14569
14570 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PORT_AUTHORIZED);
14571 if (!hdr) {
14572 nlmsg_free(msg);
14573 return;
14574 }
14575
14576 if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
14577 goto nla_put_failure;
14578
14579 genlmsg_end(msg, hdr);
14580
14581 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14582 NL80211_MCGRP_MLME, GFP_KERNEL);
14583 return;
14584
14585 nla_put_failure:
14586 nlmsg_free(msg);
14587 }
14588
14589 void nl80211_send_disconnected(struct cfg80211_registered_device *rdev,
14590 struct net_device *netdev, u16 reason,
14591 const u8 *ie, size_t ie_len, bool from_ap)
14592 {
14593 struct sk_buff *msg;
14594 void *hdr;
14595
14596 msg = nlmsg_new(100 + ie_len, GFP_KERNEL);
14597 if (!msg)
14598 return;
14599
14600 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DISCONNECT);
14601 if (!hdr) {
14602 nlmsg_free(msg);
14603 return;
14604 }
14605
14606 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14607 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
14608 (reason &&
14609 nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason)) ||
14610 (from_ap &&
14611 nla_put_flag(msg, NL80211_ATTR_DISCONNECTED_BY_AP)) ||
14612 (ie && nla_put(msg, NL80211_ATTR_IE, ie_len, ie)))
14613 goto nla_put_failure;
14614
14615 genlmsg_end(msg, hdr);
14616
14617 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14618 NL80211_MCGRP_MLME, GFP_KERNEL);
14619 return;
14620
14621 nla_put_failure:
14622 nlmsg_free(msg);
14623 }
14624
14625 void nl80211_send_ibss_bssid(struct cfg80211_registered_device *rdev,
14626 struct net_device *netdev, const u8 *bssid,
14627 gfp_t gfp)
14628 {
14629 struct sk_buff *msg;
14630 void *hdr;
14631
14632 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
14633 if (!msg)
14634 return;
14635
14636 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_JOIN_IBSS);
14637 if (!hdr) {
14638 nlmsg_free(msg);
14639 return;
14640 }
14641
14642 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14643 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
14644 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
14645 goto nla_put_failure;
14646
14647 genlmsg_end(msg, hdr);
14648
14649 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14650 NL80211_MCGRP_MLME, gfp);
14651 return;
14652
14653 nla_put_failure:
14654 nlmsg_free(msg);
14655 }
14656
14657 void cfg80211_notify_new_peer_candidate(struct net_device *dev, const u8 *addr,
14658 const u8* ie, u8 ie_len, gfp_t gfp)
14659 {
14660 struct wireless_dev *wdev = dev->ieee80211_ptr;
14661 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
14662 struct sk_buff *msg;
14663 void *hdr;
14664
14665 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_MESH_POINT))
14666 return;
14667
14668 trace_cfg80211_notify_new_peer_candidate(dev, addr);
14669
14670 msg = nlmsg_new(100 + ie_len, gfp);
14671 if (!msg)
14672 return;
14673
14674 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NEW_PEER_CANDIDATE);
14675 if (!hdr) {
14676 nlmsg_free(msg);
14677 return;
14678 }
14679
14680 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14681 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
14682 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
14683 (ie_len && ie &&
14684 nla_put(msg, NL80211_ATTR_IE, ie_len , ie)))
14685 goto nla_put_failure;
14686
14687 genlmsg_end(msg, hdr);
14688
14689 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14690 NL80211_MCGRP_MLME, gfp);
14691 return;
14692
14693 nla_put_failure:
14694 nlmsg_free(msg);
14695 }
14696 EXPORT_SYMBOL(cfg80211_notify_new_peer_candidate);
14697
14698 void nl80211_michael_mic_failure(struct cfg80211_registered_device *rdev,
14699 struct net_device *netdev, const u8 *addr,
14700 enum nl80211_key_type key_type, int key_id,
14701 const u8 *tsc, gfp_t gfp)
14702 {
14703 struct sk_buff *msg;
14704 void *hdr;
14705
14706 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
14707 if (!msg)
14708 return;
14709
14710 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_MICHAEL_MIC_FAILURE);
14711 if (!hdr) {
14712 nlmsg_free(msg);
14713 return;
14714 }
14715
14716 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14717 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
14718 (addr && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) ||
14719 nla_put_u32(msg, NL80211_ATTR_KEY_TYPE, key_type) ||
14720 (key_id != -1 &&
14721 nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_id)) ||
14722 (tsc && nla_put(msg, NL80211_ATTR_KEY_SEQ, 6, tsc)))
14723 goto nla_put_failure;
14724
14725 genlmsg_end(msg, hdr);
14726
14727 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14728 NL80211_MCGRP_MLME, gfp);
14729 return;
14730
14731 nla_put_failure:
14732 nlmsg_free(msg);
14733 }
14734
14735 void nl80211_send_beacon_hint_event(struct wiphy *wiphy,
14736 struct ieee80211_channel *channel_before,
14737 struct ieee80211_channel *channel_after)
14738 {
14739 struct sk_buff *msg;
14740 void *hdr;
14741 struct nlattr *nl_freq;
14742
14743 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC);
14744 if (!msg)
14745 return;
14746
14747 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_BEACON_HINT);
14748 if (!hdr) {
14749 nlmsg_free(msg);
14750 return;
14751 }
14752
14753 /*
14754 * Since we are applying the beacon hint to a wiphy we know its
14755 * wiphy_idx is valid
14756 */
14757 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
14758 goto nla_put_failure;
14759
14760 /* Before */
14761 nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_BEFORE);
14762 if (!nl_freq)
14763 goto nla_put_failure;
14764
14765 if (nl80211_msg_put_channel(msg, wiphy, channel_before, false))
14766 goto nla_put_failure;
14767 nla_nest_end(msg, nl_freq);
14768
14769 /* After */
14770 nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_AFTER);
14771 if (!nl_freq)
14772 goto nla_put_failure;
14773
14774 if (nl80211_msg_put_channel(msg, wiphy, channel_after, false))
14775 goto nla_put_failure;
14776 nla_nest_end(msg, nl_freq);
14777
14778 genlmsg_end(msg, hdr);
14779
14780 rcu_read_lock();
14781 genlmsg_multicast_allns(&nl80211_fam, msg, 0,
14782 NL80211_MCGRP_REGULATORY, GFP_ATOMIC);
14783 rcu_read_unlock();
14784
14785 return;
14786
14787 nla_put_failure:
14788 nlmsg_free(msg);
14789 }
14790
14791 static void nl80211_send_remain_on_chan_event(
14792 int cmd, struct cfg80211_registered_device *rdev,
14793 struct wireless_dev *wdev, u64 cookie,
14794 struct ieee80211_channel *chan,
14795 unsigned int duration, gfp_t gfp)
14796 {
14797 struct sk_buff *msg;
14798 void *hdr;
14799
14800 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
14801 if (!msg)
14802 return;
14803
14804 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
14805 if (!hdr) {
14806 nlmsg_free(msg);
14807 return;
14808 }
14809
14810 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14811 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
14812 wdev->netdev->ifindex)) ||
14813 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
14814 NL80211_ATTR_PAD) ||
14815 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, chan->center_freq) ||
14816 nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
14817 NL80211_CHAN_NO_HT) ||
14818 nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
14819 NL80211_ATTR_PAD))
14820 goto nla_put_failure;
14821
14822 if (cmd == NL80211_CMD_REMAIN_ON_CHANNEL &&
14823 nla_put_u32(msg, NL80211_ATTR_DURATION, duration))
14824 goto nla_put_failure;
14825
14826 genlmsg_end(msg, hdr);
14827
14828 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14829 NL80211_MCGRP_MLME, gfp);
14830 return;
14831
14832 nla_put_failure:
14833 nlmsg_free(msg);
14834 }
14835
14836 void cfg80211_ready_on_channel(struct wireless_dev *wdev, u64 cookie,
14837 struct ieee80211_channel *chan,
14838 unsigned int duration, gfp_t gfp)
14839 {
14840 struct wiphy *wiphy = wdev->wiphy;
14841 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
14842
14843 trace_cfg80211_ready_on_channel(wdev, cookie, chan, duration);
14844 nl80211_send_remain_on_chan_event(NL80211_CMD_REMAIN_ON_CHANNEL,
14845 rdev, wdev, cookie, chan,
14846 duration, gfp);
14847 }
14848 EXPORT_SYMBOL(cfg80211_ready_on_channel);
14849
14850 void cfg80211_remain_on_channel_expired(struct wireless_dev *wdev, u64 cookie,
14851 struct ieee80211_channel *chan,
14852 gfp_t gfp)
14853 {
14854 struct wiphy *wiphy = wdev->wiphy;
14855 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
14856
14857 trace_cfg80211_ready_on_channel_expired(wdev, cookie, chan);
14858 nl80211_send_remain_on_chan_event(NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
14859 rdev, wdev, cookie, chan, 0, gfp);
14860 }
14861 EXPORT_SYMBOL(cfg80211_remain_on_channel_expired);
14862
14863 void cfg80211_new_sta(struct net_device *dev, const u8 *mac_addr,
14864 struct station_info *sinfo, gfp_t gfp)
14865 {
14866 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
14867 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
14868 struct sk_buff *msg;
14869
14870 trace_cfg80211_new_sta(dev, mac_addr, sinfo);
14871
14872 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
14873 if (!msg)
14874 return;
14875
14876 if (nl80211_send_station(msg, NL80211_CMD_NEW_STATION, 0, 0, 0,
14877 rdev, dev, mac_addr, sinfo) < 0) {
14878 nlmsg_free(msg);
14879 return;
14880 }
14881
14882 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14883 NL80211_MCGRP_MLME, gfp);
14884 }
14885 EXPORT_SYMBOL(cfg80211_new_sta);
14886
14887 void cfg80211_del_sta_sinfo(struct net_device *dev, const u8 *mac_addr,
14888 struct station_info *sinfo, gfp_t gfp)
14889 {
14890 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
14891 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
14892 struct sk_buff *msg;
14893 struct station_info empty_sinfo = {};
14894
14895 if (!sinfo)
14896 sinfo = &empty_sinfo;
14897
14898 trace_cfg80211_del_sta(dev, mac_addr);
14899
14900 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
14901 if (!msg) {
14902 cfg80211_sinfo_release_content(sinfo);
14903 return;
14904 }
14905
14906 if (nl80211_send_station(msg, NL80211_CMD_DEL_STATION, 0, 0, 0,
14907 rdev, dev, mac_addr, sinfo) < 0) {
14908 nlmsg_free(msg);
14909 return;
14910 }
14911
14912 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14913 NL80211_MCGRP_MLME, gfp);
14914 }
14915 EXPORT_SYMBOL(cfg80211_del_sta_sinfo);
14916
14917 void cfg80211_conn_failed(struct net_device *dev, const u8 *mac_addr,
14918 enum nl80211_connect_failed_reason reason,
14919 gfp_t gfp)
14920 {
14921 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
14922 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
14923 struct sk_buff *msg;
14924 void *hdr;
14925
14926 msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
14927 if (!msg)
14928 return;
14929
14930 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONN_FAILED);
14931 if (!hdr) {
14932 nlmsg_free(msg);
14933 return;
14934 }
14935
14936 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
14937 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
14938 nla_put_u32(msg, NL80211_ATTR_CONN_FAILED_REASON, reason))
14939 goto nla_put_failure;
14940
14941 genlmsg_end(msg, hdr);
14942
14943 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14944 NL80211_MCGRP_MLME, gfp);
14945 return;
14946
14947 nla_put_failure:
14948 nlmsg_free(msg);
14949 }
14950 EXPORT_SYMBOL(cfg80211_conn_failed);
14951
14952 static bool __nl80211_unexpected_frame(struct net_device *dev, u8 cmd,
14953 const u8 *addr, gfp_t gfp)
14954 {
14955 struct wireless_dev *wdev = dev->ieee80211_ptr;
14956 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
14957 struct sk_buff *msg;
14958 void *hdr;
14959 u32 nlportid = READ_ONCE(wdev->ap_unexpected_nlportid);
14960
14961 if (!nlportid)
14962 return false;
14963
14964 msg = nlmsg_new(100, gfp);
14965 if (!msg)
14966 return true;
14967
14968 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
14969 if (!hdr) {
14970 nlmsg_free(msg);
14971 return true;
14972 }
14973
14974 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14975 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
14976 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
14977 goto nla_put_failure;
14978
14979 genlmsg_end(msg, hdr);
14980 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
14981 return true;
14982
14983 nla_put_failure:
14984 nlmsg_free(msg);
14985 return true;
14986 }
14987
14988 bool cfg80211_rx_spurious_frame(struct net_device *dev,
14989 const u8 *addr, gfp_t gfp)
14990 {
14991 struct wireless_dev *wdev = dev->ieee80211_ptr;
14992 bool ret;
14993
14994 trace_cfg80211_rx_spurious_frame(dev, addr);
14995
14996 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
14997 wdev->iftype != NL80211_IFTYPE_P2P_GO)) {
14998 trace_cfg80211_return_bool(false);
14999 return false;
15000 }
15001 ret = __nl80211_unexpected_frame(dev, NL80211_CMD_UNEXPECTED_FRAME,
15002 addr, gfp);
15003 trace_cfg80211_return_bool(ret);
15004 return ret;
15005 }
15006 EXPORT_SYMBOL(cfg80211_rx_spurious_frame);
15007
15008 bool cfg80211_rx_unexpected_4addr_frame(struct net_device *dev,
15009 const u8 *addr, gfp_t gfp)
15010 {
15011 struct wireless_dev *wdev = dev->ieee80211_ptr;
15012 bool ret;
15013
15014 trace_cfg80211_rx_unexpected_4addr_frame(dev, addr);
15015
15016 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
15017 wdev->iftype != NL80211_IFTYPE_P2P_GO &&
15018 wdev->iftype != NL80211_IFTYPE_AP_VLAN)) {
15019 trace_cfg80211_return_bool(false);
15020 return false;
15021 }
15022 ret = __nl80211_unexpected_frame(dev,
15023 NL80211_CMD_UNEXPECTED_4ADDR_FRAME,
15024 addr, gfp);
15025 trace_cfg80211_return_bool(ret);
15026 return ret;
15027 }
15028 EXPORT_SYMBOL(cfg80211_rx_unexpected_4addr_frame);
15029
15030 int nl80211_send_mgmt(struct cfg80211_registered_device *rdev,
15031 struct wireless_dev *wdev, u32 nlportid,
15032 int freq, int sig_dbm,
15033 const u8 *buf, size_t len, u32 flags, gfp_t gfp)
15034 {
15035 struct net_device *netdev = wdev->netdev;
15036 struct sk_buff *msg;
15037 void *hdr;
15038
15039 msg = nlmsg_new(100 + len, gfp);
15040 if (!msg)
15041 return -ENOMEM;
15042
15043 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
15044 if (!hdr) {
15045 nlmsg_free(msg);
15046 return -ENOMEM;
15047 }
15048
15049 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15050 (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
15051 netdev->ifindex)) ||
15052 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
15053 NL80211_ATTR_PAD) ||
15054 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq) ||
15055 (sig_dbm &&
15056 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) ||
15057 nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
15058 (flags &&
15059 nla_put_u32(msg, NL80211_ATTR_RXMGMT_FLAGS, flags)))
15060 goto nla_put_failure;
15061
15062 genlmsg_end(msg, hdr);
15063
15064 return genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
15065
15066 nla_put_failure:
15067 nlmsg_free(msg);
15068 return -ENOBUFS;
15069 }
15070
15071 void cfg80211_mgmt_tx_status(struct wireless_dev *wdev, u64 cookie,
15072 const u8 *buf, size_t len, bool ack, gfp_t gfp)
15073 {
15074 struct wiphy *wiphy = wdev->wiphy;
15075 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15076 struct net_device *netdev = wdev->netdev;
15077 struct sk_buff *msg;
15078 void *hdr;
15079
15080 trace_cfg80211_mgmt_tx_status(wdev, cookie, ack);
15081
15082 msg = nlmsg_new(100 + len, gfp);
15083 if (!msg)
15084 return;
15085
15086 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME_TX_STATUS);
15087 if (!hdr) {
15088 nlmsg_free(msg);
15089 return;
15090 }
15091
15092 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15093 (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
15094 netdev->ifindex)) ||
15095 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
15096 NL80211_ATTR_PAD) ||
15097 nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
15098 nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
15099 NL80211_ATTR_PAD) ||
15100 (ack && nla_put_flag(msg, NL80211_ATTR_ACK)))
15101 goto nla_put_failure;
15102
15103 genlmsg_end(msg, hdr);
15104
15105 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15106 NL80211_MCGRP_MLME, gfp);
15107 return;
15108
15109 nla_put_failure:
15110 nlmsg_free(msg);
15111 }
15112 EXPORT_SYMBOL(cfg80211_mgmt_tx_status);
15113
15114 static int __nl80211_rx_control_port(struct net_device *dev,
15115 struct sk_buff *skb,
15116 bool unencrypted, gfp_t gfp)
15117 {
15118 struct wireless_dev *wdev = dev->ieee80211_ptr;
15119 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
15120 struct ethhdr *ehdr = eth_hdr(skb);
15121 const u8 *addr = ehdr->h_source;
15122 u16 proto = be16_to_cpu(skb->protocol);
15123 struct sk_buff *msg;
15124 void *hdr;
15125 struct nlattr *frame;
15126
15127 u32 nlportid = READ_ONCE(wdev->conn_owner_nlportid);
15128
15129 if (!nlportid)
15130 return -ENOENT;
15131
15132 msg = nlmsg_new(100 + skb->len, gfp);
15133 if (!msg)
15134 return -ENOMEM;
15135
15136 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONTROL_PORT_FRAME);
15137 if (!hdr) {
15138 nlmsg_free(msg);
15139 return -ENOBUFS;
15140 }
15141
15142 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15143 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
15144 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
15145 NL80211_ATTR_PAD) ||
15146 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
15147 nla_put_u16(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE, proto) ||
15148 (unencrypted && nla_put_flag(msg,
15149 NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT)))
15150 goto nla_put_failure;
15151
15152 frame = nla_reserve(msg, NL80211_ATTR_FRAME, skb->len);
15153 if (!frame)
15154 goto nla_put_failure;
15155
15156 skb_copy_bits(skb, 0, nla_data(frame), skb->len);
15157 genlmsg_end(msg, hdr);
15158
15159 return genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
15160
15161 nla_put_failure:
15162 nlmsg_free(msg);
15163 return -ENOBUFS;
15164 }
15165
15166 bool cfg80211_rx_control_port(struct net_device *dev,
15167 struct sk_buff *skb, bool unencrypted)
15168 {
15169 int ret;
15170
15171 trace_cfg80211_rx_control_port(dev, skb, unencrypted);
15172 ret = __nl80211_rx_control_port(dev, skb, unencrypted, GFP_ATOMIC);
15173 trace_cfg80211_return_bool(ret == 0);
15174 return ret == 0;
15175 }
15176 EXPORT_SYMBOL(cfg80211_rx_control_port);
15177
15178 static struct sk_buff *cfg80211_prepare_cqm(struct net_device *dev,
15179 const char *mac, gfp_t gfp)
15180 {
15181 struct wireless_dev *wdev = dev->ieee80211_ptr;
15182 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
15183 struct sk_buff *msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
15184 void **cb;
15185
15186 if (!msg)
15187 return NULL;
15188
15189 cb = (void **)msg->cb;
15190
15191 cb[0] = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM);
15192 if (!cb[0]) {
15193 nlmsg_free(msg);
15194 return NULL;
15195 }
15196
15197 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15198 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
15199 goto nla_put_failure;
15200
15201 if (mac && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac))
15202 goto nla_put_failure;
15203
15204 cb[1] = nla_nest_start(msg, NL80211_ATTR_CQM);
15205 if (!cb[1])
15206 goto nla_put_failure;
15207
15208 cb[2] = rdev;
15209
15210 return msg;
15211 nla_put_failure:
15212 nlmsg_free(msg);
15213 return NULL;
15214 }
15215
15216 static void cfg80211_send_cqm(struct sk_buff *msg, gfp_t gfp)
15217 {
15218 void **cb = (void **)msg->cb;
15219 struct cfg80211_registered_device *rdev = cb[2];
15220
15221 nla_nest_end(msg, cb[1]);
15222 genlmsg_end(msg, cb[0]);
15223
15224 memset(msg->cb, 0, sizeof(msg->cb));
15225
15226 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15227 NL80211_MCGRP_MLME, gfp);
15228 }
15229
15230 void cfg80211_cqm_rssi_notify(struct net_device *dev,
15231 enum nl80211_cqm_rssi_threshold_event rssi_event,
15232 s32 rssi_level, gfp_t gfp)
15233 {
15234 struct sk_buff *msg;
15235 struct wireless_dev *wdev = dev->ieee80211_ptr;
15236 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
15237
15238 trace_cfg80211_cqm_rssi_notify(dev, rssi_event, rssi_level);
15239
15240 if (WARN_ON(rssi_event != NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW &&
15241 rssi_event != NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH))
15242 return;
15243
15244 if (wdev->cqm_config) {
15245 wdev->cqm_config->last_rssi_event_value = rssi_level;
15246
15247 cfg80211_cqm_rssi_update(rdev, dev);
15248
15249 if (rssi_level == 0)
15250 rssi_level = wdev->cqm_config->last_rssi_event_value;
15251 }
15252
15253 msg = cfg80211_prepare_cqm(dev, NULL, gfp);
15254 if (!msg)
15255 return;
15256
15257 if (nla_put_u32(msg, NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT,
15258 rssi_event))
15259 goto nla_put_failure;
15260
15261 if (rssi_level && nla_put_s32(msg, NL80211_ATTR_CQM_RSSI_LEVEL,
15262 rssi_level))
15263 goto nla_put_failure;
15264
15265 cfg80211_send_cqm(msg, gfp);
15266
15267 return;
15268
15269 nla_put_failure:
15270 nlmsg_free(msg);
15271 }
15272 EXPORT_SYMBOL(cfg80211_cqm_rssi_notify);
15273
15274 void cfg80211_cqm_txe_notify(struct net_device *dev,
15275 const u8 *peer, u32 num_packets,
15276 u32 rate, u32 intvl, gfp_t gfp)
15277 {
15278 struct sk_buff *msg;
15279
15280 msg = cfg80211_prepare_cqm(dev, peer, gfp);
15281 if (!msg)
15282 return;
15283
15284 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_PKTS, num_packets))
15285 goto nla_put_failure;
15286
15287 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_RATE, rate))
15288 goto nla_put_failure;
15289
15290 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_INTVL, intvl))
15291 goto nla_put_failure;
15292
15293 cfg80211_send_cqm(msg, gfp);
15294 return;
15295
15296 nla_put_failure:
15297 nlmsg_free(msg);
15298 }
15299 EXPORT_SYMBOL(cfg80211_cqm_txe_notify);
15300
15301 void cfg80211_cqm_pktloss_notify(struct net_device *dev,
15302 const u8 *peer, u32 num_packets, gfp_t gfp)
15303 {
15304 struct sk_buff *msg;
15305
15306 trace_cfg80211_cqm_pktloss_notify(dev, peer, num_packets);
15307
15308 msg = cfg80211_prepare_cqm(dev, peer, gfp);
15309 if (!msg)
15310 return;
15311
15312 if (nla_put_u32(msg, NL80211_ATTR_CQM_PKT_LOSS_EVENT, num_packets))
15313 goto nla_put_failure;
15314
15315 cfg80211_send_cqm(msg, gfp);
15316 return;
15317
15318 nla_put_failure:
15319 nlmsg_free(msg);
15320 }
15321 EXPORT_SYMBOL(cfg80211_cqm_pktloss_notify);
15322
15323 void cfg80211_cqm_beacon_loss_notify(struct net_device *dev, gfp_t gfp)
15324 {
15325 struct sk_buff *msg;
15326
15327 msg = cfg80211_prepare_cqm(dev, NULL, gfp);
15328 if (!msg)
15329 return;
15330
15331 if (nla_put_flag(msg, NL80211_ATTR_CQM_BEACON_LOSS_EVENT))
15332 goto nla_put_failure;
15333
15334 cfg80211_send_cqm(msg, gfp);
15335 return;
15336
15337 nla_put_failure:
15338 nlmsg_free(msg);
15339 }
15340 EXPORT_SYMBOL(cfg80211_cqm_beacon_loss_notify);
15341
15342 static void nl80211_gtk_rekey_notify(struct cfg80211_registered_device *rdev,
15343 struct net_device *netdev, const u8 *bssid,
15344 const u8 *replay_ctr, gfp_t gfp)
15345 {
15346 struct sk_buff *msg;
15347 struct nlattr *rekey_attr;
15348 void *hdr;
15349
15350 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
15351 if (!msg)
15352 return;
15353
15354 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_REKEY_OFFLOAD);
15355 if (!hdr) {
15356 nlmsg_free(msg);
15357 return;
15358 }
15359
15360 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15361 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
15362 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
15363 goto nla_put_failure;
15364
15365 rekey_attr = nla_nest_start(msg, NL80211_ATTR_REKEY_DATA);
15366 if (!rekey_attr)
15367 goto nla_put_failure;
15368
15369 if (nla_put(msg, NL80211_REKEY_DATA_REPLAY_CTR,
15370 NL80211_REPLAY_CTR_LEN, replay_ctr))
15371 goto nla_put_failure;
15372
15373 nla_nest_end(msg, rekey_attr);
15374
15375 genlmsg_end(msg, hdr);
15376
15377 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15378 NL80211_MCGRP_MLME, gfp);
15379 return;
15380
15381 nla_put_failure:
15382 nlmsg_free(msg);
15383 }
15384
15385 void cfg80211_gtk_rekey_notify(struct net_device *dev, const u8 *bssid,
15386 const u8 *replay_ctr, gfp_t gfp)
15387 {
15388 struct wireless_dev *wdev = dev->ieee80211_ptr;
15389 struct wiphy *wiphy = wdev->wiphy;
15390 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15391
15392 trace_cfg80211_gtk_rekey_notify(dev, bssid);
15393 nl80211_gtk_rekey_notify(rdev, dev, bssid, replay_ctr, gfp);
15394 }
15395 EXPORT_SYMBOL(cfg80211_gtk_rekey_notify);
15396
15397 static void
15398 nl80211_pmksa_candidate_notify(struct cfg80211_registered_device *rdev,
15399 struct net_device *netdev, int index,
15400 const u8 *bssid, bool preauth, gfp_t gfp)
15401 {
15402 struct sk_buff *msg;
15403 struct nlattr *attr;
15404 void *hdr;
15405
15406 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
15407 if (!msg)
15408 return;
15409
15410 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PMKSA_CANDIDATE);
15411 if (!hdr) {
15412 nlmsg_free(msg);
15413 return;
15414 }
15415
15416 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15417 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
15418 goto nla_put_failure;
15419
15420 attr = nla_nest_start(msg, NL80211_ATTR_PMKSA_CANDIDATE);
15421 if (!attr)
15422 goto nla_put_failure;
15423
15424 if (nla_put_u32(msg, NL80211_PMKSA_CANDIDATE_INDEX, index) ||
15425 nla_put(msg, NL80211_PMKSA_CANDIDATE_BSSID, ETH_ALEN, bssid) ||
15426 (preauth &&
15427 nla_put_flag(msg, NL80211_PMKSA_CANDIDATE_PREAUTH)))
15428 goto nla_put_failure;
15429
15430 nla_nest_end(msg, attr);
15431
15432 genlmsg_end(msg, hdr);
15433
15434 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15435 NL80211_MCGRP_MLME, gfp);
15436 return;
15437
15438 nla_put_failure:
15439 nlmsg_free(msg);
15440 }
15441
15442 void cfg80211_pmksa_candidate_notify(struct net_device *dev, int index,
15443 const u8 *bssid, bool preauth, gfp_t gfp)
15444 {
15445 struct wireless_dev *wdev = dev->ieee80211_ptr;
15446 struct wiphy *wiphy = wdev->wiphy;
15447 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15448
15449 trace_cfg80211_pmksa_candidate_notify(dev, index, bssid, preauth);
15450 nl80211_pmksa_candidate_notify(rdev, dev, index, bssid, preauth, gfp);
15451 }
15452 EXPORT_SYMBOL(cfg80211_pmksa_candidate_notify);
15453
15454 static void nl80211_ch_switch_notify(struct cfg80211_registered_device *rdev,
15455 struct net_device *netdev,
15456 struct cfg80211_chan_def *chandef,
15457 gfp_t gfp,
15458 enum nl80211_commands notif,
15459 u8 count)
15460 {
15461 struct sk_buff *msg;
15462 void *hdr;
15463
15464 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
15465 if (!msg)
15466 return;
15467
15468 hdr = nl80211hdr_put(msg, 0, 0, 0, notif);
15469 if (!hdr) {
15470 nlmsg_free(msg);
15471 return;
15472 }
15473
15474 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
15475 goto nla_put_failure;
15476
15477 if (nl80211_send_chandef(msg, chandef))
15478 goto nla_put_failure;
15479
15480 if ((notif == NL80211_CMD_CH_SWITCH_STARTED_NOTIFY) &&
15481 (nla_put_u32(msg, NL80211_ATTR_CH_SWITCH_COUNT, count)))
15482 goto nla_put_failure;
15483
15484 genlmsg_end(msg, hdr);
15485
15486 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15487 NL80211_MCGRP_MLME, gfp);
15488 return;
15489
15490 nla_put_failure:
15491 nlmsg_free(msg);
15492 }
15493
15494 void cfg80211_ch_switch_notify(struct net_device *dev,
15495 struct cfg80211_chan_def *chandef)
15496 {
15497 struct wireless_dev *wdev = dev->ieee80211_ptr;
15498 struct wiphy *wiphy = wdev->wiphy;
15499 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15500
15501 ASSERT_WDEV_LOCK(wdev);
15502
15503 trace_cfg80211_ch_switch_notify(dev, chandef);
15504
15505 wdev->chandef = *chandef;
15506 wdev->preset_chandef = *chandef;
15507
15508 if (wdev->iftype == NL80211_IFTYPE_STATION &&
15509 !WARN_ON(!wdev->current_bss))
15510 wdev->current_bss->pub.channel = chandef->chan;
15511
15512 nl80211_ch_switch_notify(rdev, dev, chandef, GFP_KERNEL,
15513 NL80211_CMD_CH_SWITCH_NOTIFY, 0);
15514 }
15515 EXPORT_SYMBOL(cfg80211_ch_switch_notify);
15516
15517 void cfg80211_ch_switch_started_notify(struct net_device *dev,
15518 struct cfg80211_chan_def *chandef,
15519 u8 count)
15520 {
15521 struct wireless_dev *wdev = dev->ieee80211_ptr;
15522 struct wiphy *wiphy = wdev->wiphy;
15523 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15524
15525 trace_cfg80211_ch_switch_started_notify(dev, chandef);
15526
15527 nl80211_ch_switch_notify(rdev, dev, chandef, GFP_KERNEL,
15528 NL80211_CMD_CH_SWITCH_STARTED_NOTIFY, count);
15529 }
15530 EXPORT_SYMBOL(cfg80211_ch_switch_started_notify);
15531
15532 void
15533 nl80211_radar_notify(struct cfg80211_registered_device *rdev,
15534 const struct cfg80211_chan_def *chandef,
15535 enum nl80211_radar_event event,
15536 struct net_device *netdev, gfp_t gfp)
15537 {
15538 struct sk_buff *msg;
15539 void *hdr;
15540
15541 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
15542 if (!msg)
15543 return;
15544
15545 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_RADAR_DETECT);
15546 if (!hdr) {
15547 nlmsg_free(msg);
15548 return;
15549 }
15550
15551 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
15552 goto nla_put_failure;
15553
15554 /* NOP and radar events don't need a netdev parameter */
15555 if (netdev) {
15556 struct wireless_dev *wdev = netdev->ieee80211_ptr;
15557
15558 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
15559 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
15560 NL80211_ATTR_PAD))
15561 goto nla_put_failure;
15562 }
15563
15564 if (nla_put_u32(msg, NL80211_ATTR_RADAR_EVENT, event))
15565 goto nla_put_failure;
15566
15567 if (nl80211_send_chandef(msg, chandef))
15568 goto nla_put_failure;
15569
15570 genlmsg_end(msg, hdr);
15571
15572 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15573 NL80211_MCGRP_MLME, gfp);
15574 return;
15575
15576 nla_put_failure:
15577 nlmsg_free(msg);
15578 }
15579
15580 void cfg80211_sta_opmode_change_notify(struct net_device *dev, const u8 *mac,
15581 struct sta_opmode_info *sta_opmode,
15582 gfp_t gfp)
15583 {
15584 struct sk_buff *msg;
15585 struct wireless_dev *wdev = dev->ieee80211_ptr;
15586 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
15587 void *hdr;
15588
15589 if (WARN_ON(!mac))
15590 return;
15591
15592 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
15593 if (!msg)
15594 return;
15595
15596 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_STA_OPMODE_CHANGED);
15597 if (!hdr) {
15598 nlmsg_free(msg);
15599 return;
15600 }
15601
15602 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
15603 goto nla_put_failure;
15604
15605 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
15606 goto nla_put_failure;
15607
15608 if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac))
15609 goto nla_put_failure;
15610
15611 if ((sta_opmode->changed & STA_OPMODE_SMPS_MODE_CHANGED) &&
15612 nla_put_u8(msg, NL80211_ATTR_SMPS_MODE, sta_opmode->smps_mode))
15613 goto nla_put_failure;
15614
15615 if ((sta_opmode->changed & STA_OPMODE_MAX_BW_CHANGED) &&
15616 nla_put_u32(msg, NL80211_ATTR_CHANNEL_WIDTH, sta_opmode->bw))
15617 goto nla_put_failure;
15618
15619 if ((sta_opmode->changed & STA_OPMODE_N_SS_CHANGED) &&
15620 nla_put_u8(msg, NL80211_ATTR_NSS, sta_opmode->rx_nss))
15621 goto nla_put_failure;
15622
15623 genlmsg_end(msg, hdr);
15624
15625 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15626 NL80211_MCGRP_MLME, gfp);
15627
15628 return;
15629
15630 nla_put_failure:
15631 nlmsg_free(msg);
15632 }
15633 EXPORT_SYMBOL(cfg80211_sta_opmode_change_notify);
15634
15635 void cfg80211_probe_status(struct net_device *dev, const u8 *addr,
15636 u64 cookie, bool acked, s32 ack_signal,
15637 bool is_valid_ack_signal, gfp_t gfp)
15638 {
15639 struct wireless_dev *wdev = dev->ieee80211_ptr;
15640 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
15641 struct sk_buff *msg;
15642 void *hdr;
15643
15644 trace_cfg80211_probe_status(dev, addr, cookie, acked);
15645
15646 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
15647
15648 if (!msg)
15649 return;
15650
15651 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PROBE_CLIENT);
15652 if (!hdr) {
15653 nlmsg_free(msg);
15654 return;
15655 }
15656
15657 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15658 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
15659 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
15660 nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
15661 NL80211_ATTR_PAD) ||
15662 (acked && nla_put_flag(msg, NL80211_ATTR_ACK)) ||
15663 (is_valid_ack_signal && nla_put_s32(msg, NL80211_ATTR_ACK_SIGNAL,
15664 ack_signal)))
15665 goto nla_put_failure;
15666
15667 genlmsg_end(msg, hdr);
15668
15669 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15670 NL80211_MCGRP_MLME, gfp);
15671 return;
15672
15673 nla_put_failure:
15674 nlmsg_free(msg);
15675 }
15676 EXPORT_SYMBOL(cfg80211_probe_status);
15677
15678 void cfg80211_report_obss_beacon(struct wiphy *wiphy,
15679 const u8 *frame, size_t len,
15680 int freq, int sig_dbm)
15681 {
15682 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15683 struct sk_buff *msg;
15684 void *hdr;
15685 struct cfg80211_beacon_registration *reg;
15686
15687 trace_cfg80211_report_obss_beacon(wiphy, frame, len, freq, sig_dbm);
15688
15689 spin_lock_bh(&rdev->beacon_registrations_lock);
15690 list_for_each_entry(reg, &rdev->beacon_registrations, list) {
15691 msg = nlmsg_new(len + 100, GFP_ATOMIC);
15692 if (!msg) {
15693 spin_unlock_bh(&rdev->beacon_registrations_lock);
15694 return;
15695 }
15696
15697 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
15698 if (!hdr)
15699 goto nla_put_failure;
15700
15701 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15702 (freq &&
15703 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq)) ||
15704 (sig_dbm &&
15705 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) ||
15706 nla_put(msg, NL80211_ATTR_FRAME, len, frame))
15707 goto nla_put_failure;
15708
15709 genlmsg_end(msg, hdr);
15710
15711 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, reg->nlportid);
15712 }
15713 spin_unlock_bh(&rdev->beacon_registrations_lock);
15714 return;
15715
15716 nla_put_failure:
15717 spin_unlock_bh(&rdev->beacon_registrations_lock);
15718 nlmsg_free(msg);
15719 }
15720 EXPORT_SYMBOL(cfg80211_report_obss_beacon);
15721
15722 #ifdef CONFIG_PM
15723 static int cfg80211_net_detect_results(struct sk_buff *msg,
15724 struct cfg80211_wowlan_wakeup *wakeup)
15725 {
15726 struct cfg80211_wowlan_nd_info *nd = wakeup->net_detect;
15727 struct nlattr *nl_results, *nl_match, *nl_freqs;
15728 int i, j;
15729
15730 nl_results = nla_nest_start(
15731 msg, NL80211_WOWLAN_TRIG_NET_DETECT_RESULTS);
15732 if (!nl_results)
15733 return -EMSGSIZE;
15734
15735 for (i = 0; i < nd->n_matches; i++) {
15736 struct cfg80211_wowlan_nd_match *match = nd->matches[i];
15737
15738 nl_match = nla_nest_start(msg, i);
15739 if (!nl_match)
15740 break;
15741
15742 /* The SSID attribute is optional in nl80211, but for
15743 * simplicity reasons it's always present in the
15744 * cfg80211 structure. If a driver can't pass the
15745 * SSID, that needs to be changed. A zero length SSID
15746 * is still a valid SSID (wildcard), so it cannot be
15747 * used for this purpose.
15748 */
15749 if (nla_put(msg, NL80211_ATTR_SSID, match->ssid.ssid_len,
15750 match->ssid.ssid)) {
15751 nla_nest_cancel(msg, nl_match);
15752 goto out;
15753 }
15754
15755 if (match->n_channels) {
15756 nl_freqs = nla_nest_start(
15757 msg, NL80211_ATTR_SCAN_FREQUENCIES);
15758 if (!nl_freqs) {
15759 nla_nest_cancel(msg, nl_match);
15760 goto out;
15761 }
15762
15763 for (j = 0; j < match->n_channels; j++) {
15764 if (nla_put_u32(msg, j, match->channels[j])) {
15765 nla_nest_cancel(msg, nl_freqs);
15766 nla_nest_cancel(msg, nl_match);
15767 goto out;
15768 }
15769 }
15770
15771 nla_nest_end(msg, nl_freqs);
15772 }
15773
15774 nla_nest_end(msg, nl_match);
15775 }
15776
15777 out:
15778 nla_nest_end(msg, nl_results);
15779 return 0;
15780 }
15781
15782 void cfg80211_report_wowlan_wakeup(struct wireless_dev *wdev,
15783 struct cfg80211_wowlan_wakeup *wakeup,
15784 gfp_t gfp)
15785 {
15786 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
15787 struct sk_buff *msg;
15788 void *hdr;
15789 int size = 200;
15790
15791 trace_cfg80211_report_wowlan_wakeup(wdev->wiphy, wdev, wakeup);
15792
15793 if (wakeup)
15794 size += wakeup->packet_present_len;
15795
15796 msg = nlmsg_new(size, gfp);
15797 if (!msg)
15798 return;
15799
15800 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_WOWLAN);
15801 if (!hdr)
15802 goto free_msg;
15803
15804 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15805 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
15806 NL80211_ATTR_PAD))
15807 goto free_msg;
15808
15809 if (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
15810 wdev->netdev->ifindex))
15811 goto free_msg;
15812
15813 if (wakeup) {
15814 struct nlattr *reasons;
15815
15816 reasons = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS);
15817 if (!reasons)
15818 goto free_msg;
15819
15820 if (wakeup->disconnect &&
15821 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT))
15822 goto free_msg;
15823 if (wakeup->magic_pkt &&
15824 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT))
15825 goto free_msg;
15826 if (wakeup->gtk_rekey_failure &&
15827 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE))
15828 goto free_msg;
15829 if (wakeup->eap_identity_req &&
15830 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST))
15831 goto free_msg;
15832 if (wakeup->four_way_handshake &&
15833 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE))
15834 goto free_msg;
15835 if (wakeup->rfkill_release &&
15836 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE))
15837 goto free_msg;
15838
15839 if (wakeup->pattern_idx >= 0 &&
15840 nla_put_u32(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
15841 wakeup->pattern_idx))
15842 goto free_msg;
15843
15844 if (wakeup->tcp_match &&
15845 nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_MATCH))
15846 goto free_msg;
15847
15848 if (wakeup->tcp_connlost &&
15849 nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_CONNLOST))
15850 goto free_msg;
15851
15852 if (wakeup->tcp_nomoretokens &&
15853 nla_put_flag(msg,
15854 NL80211_WOWLAN_TRIG_WAKEUP_TCP_NOMORETOKENS))
15855 goto free_msg;
15856
15857 if (wakeup->packet) {
15858 u32 pkt_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211;
15859 u32 len_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211_LEN;
15860
15861 if (!wakeup->packet_80211) {
15862 pkt_attr =
15863 NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023;
15864 len_attr =
15865 NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023_LEN;
15866 }
15867
15868 if (wakeup->packet_len &&
15869 nla_put_u32(msg, len_attr, wakeup->packet_len))
15870 goto free_msg;
15871
15872 if (nla_put(msg, pkt_attr, wakeup->packet_present_len,
15873 wakeup->packet))
15874 goto free_msg;
15875 }
15876
15877 if (wakeup->net_detect &&
15878 cfg80211_net_detect_results(msg, wakeup))
15879 goto free_msg;
15880
15881 nla_nest_end(msg, reasons);
15882 }
15883
15884 genlmsg_end(msg, hdr);
15885
15886 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15887 NL80211_MCGRP_MLME, gfp);
15888 return;
15889
15890 free_msg:
15891 nlmsg_free(msg);
15892 }
15893 EXPORT_SYMBOL(cfg80211_report_wowlan_wakeup);
15894 #endif
15895
15896 void cfg80211_tdls_oper_request(struct net_device *dev, const u8 *peer,
15897 enum nl80211_tdls_operation oper,
15898 u16 reason_code, gfp_t gfp)
15899 {
15900 struct wireless_dev *wdev = dev->ieee80211_ptr;
15901 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
15902 struct sk_buff *msg;
15903 void *hdr;
15904
15905 trace_cfg80211_tdls_oper_request(wdev->wiphy, dev, peer, oper,
15906 reason_code);
15907
15908 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
15909 if (!msg)
15910 return;
15911
15912 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_TDLS_OPER);
15913 if (!hdr) {
15914 nlmsg_free(msg);
15915 return;
15916 }
15917
15918 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15919 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
15920 nla_put_u8(msg, NL80211_ATTR_TDLS_OPERATION, oper) ||
15921 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer) ||
15922 (reason_code > 0 &&
15923 nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason_code)))
15924 goto nla_put_failure;
15925
15926 genlmsg_end(msg, hdr);
15927
15928 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15929 NL80211_MCGRP_MLME, gfp);
15930 return;
15931
15932 nla_put_failure:
15933 nlmsg_free(msg);
15934 }
15935 EXPORT_SYMBOL(cfg80211_tdls_oper_request);
15936
15937 static int nl80211_netlink_notify(struct notifier_block * nb,
15938 unsigned long state,
15939 void *_notify)
15940 {
15941 struct netlink_notify *notify = _notify;
15942 struct cfg80211_registered_device *rdev;
15943 struct wireless_dev *wdev;
15944 struct cfg80211_beacon_registration *reg, *tmp;
15945
15946 if (state != NETLINK_URELEASE || notify->protocol != NETLINK_GENERIC)
15947 return NOTIFY_DONE;
15948
15949 rcu_read_lock();
15950
15951 list_for_each_entry_rcu(rdev, &cfg80211_rdev_list, list) {
15952 struct cfg80211_sched_scan_request *sched_scan_req;
15953
15954 list_for_each_entry_rcu(sched_scan_req,
15955 &rdev->sched_scan_req_list,
15956 list) {
15957 if (sched_scan_req->owner_nlportid == notify->portid) {
15958 sched_scan_req->nl_owner_dead = true;
15959 schedule_work(&rdev->sched_scan_stop_wk);
15960 }
15961 }
15962
15963 list_for_each_entry_rcu(wdev, &rdev->wiphy.wdev_list, list) {
15964 cfg80211_mlme_unregister_socket(wdev, notify->portid);
15965
15966 if (wdev->owner_nlportid == notify->portid) {
15967 wdev->nl_owner_dead = true;
15968 schedule_work(&rdev->destroy_work);
15969 } else if (wdev->conn_owner_nlportid == notify->portid) {
15970 schedule_work(&wdev->disconnect_wk);
15971 }
15972 }
15973
15974 spin_lock_bh(&rdev->beacon_registrations_lock);
15975 list_for_each_entry_safe(reg, tmp, &rdev->beacon_registrations,
15976 list) {
15977 if (reg->nlportid == notify->portid) {
15978 list_del(&reg->list);
15979 kfree(reg);
15980 break;
15981 }
15982 }
15983 spin_unlock_bh(&rdev->beacon_registrations_lock);
15984 }
15985
15986 rcu_read_unlock();
15987
15988 /*
15989 * It is possible that the user space process that is controlling the
15990 * indoor setting disappeared, so notify the regulatory core.
15991 */
15992 regulatory_netlink_notify(notify->portid);
15993 return NOTIFY_OK;
15994 }
15995
15996 static struct notifier_block nl80211_netlink_notifier = {
15997 .notifier_call = nl80211_netlink_notify,
15998 };
15999
16000 void cfg80211_ft_event(struct net_device *netdev,
16001 struct cfg80211_ft_event_params *ft_event)
16002 {
16003 struct wiphy *wiphy = netdev->ieee80211_ptr->wiphy;
16004 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16005 struct sk_buff *msg;
16006 void *hdr;
16007
16008 trace_cfg80211_ft_event(wiphy, netdev, ft_event);
16009
16010 if (!ft_event->target_ap)
16011 return;
16012
16013 msg = nlmsg_new(100 + ft_event->ies_len + ft_event->ric_ies_len,
16014 GFP_KERNEL);
16015 if (!msg)
16016 return;
16017
16018 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FT_EVENT);
16019 if (!hdr)
16020 goto out;
16021
16022 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16023 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
16024 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, ft_event->target_ap))
16025 goto out;
16026
16027 if (ft_event->ies &&
16028 nla_put(msg, NL80211_ATTR_IE, ft_event->ies_len, ft_event->ies))
16029 goto out;
16030 if (ft_event->ric_ies &&
16031 nla_put(msg, NL80211_ATTR_IE_RIC, ft_event->ric_ies_len,
16032 ft_event->ric_ies))
16033 goto out;
16034
16035 genlmsg_end(msg, hdr);
16036
16037 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16038 NL80211_MCGRP_MLME, GFP_KERNEL);
16039 return;
16040 out:
16041 nlmsg_free(msg);
16042 }
16043 EXPORT_SYMBOL(cfg80211_ft_event);
16044
16045 void cfg80211_crit_proto_stopped(struct wireless_dev *wdev, gfp_t gfp)
16046 {
16047 struct cfg80211_registered_device *rdev;
16048 struct sk_buff *msg;
16049 void *hdr;
16050 u32 nlportid;
16051
16052 rdev = wiphy_to_rdev(wdev->wiphy);
16053 if (!rdev->crit_proto_nlportid)
16054 return;
16055
16056 nlportid = rdev->crit_proto_nlportid;
16057 rdev->crit_proto_nlportid = 0;
16058
16059 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16060 if (!msg)
16061 return;
16062
16063 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CRIT_PROTOCOL_STOP);
16064 if (!hdr)
16065 goto nla_put_failure;
16066
16067 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16068 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
16069 NL80211_ATTR_PAD))
16070 goto nla_put_failure;
16071
16072 genlmsg_end(msg, hdr);
16073
16074 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
16075 return;
16076
16077 nla_put_failure:
16078 nlmsg_free(msg);
16079 }
16080 EXPORT_SYMBOL(cfg80211_crit_proto_stopped);
16081
16082 void nl80211_send_ap_stopped(struct wireless_dev *wdev)
16083 {
16084 struct wiphy *wiphy = wdev->wiphy;
16085 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16086 struct sk_buff *msg;
16087 void *hdr;
16088
16089 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
16090 if (!msg)
16091 return;
16092
16093 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_STOP_AP);
16094 if (!hdr)
16095 goto out;
16096
16097 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16098 nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex) ||
16099 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
16100 NL80211_ATTR_PAD))
16101 goto out;
16102
16103 genlmsg_end(msg, hdr);
16104
16105 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(wiphy), msg, 0,
16106 NL80211_MCGRP_MLME, GFP_KERNEL);
16107 return;
16108 out:
16109 nlmsg_free(msg);
16110 }
16111
16112 int cfg80211_external_auth_request(struct net_device *dev,
16113 struct cfg80211_external_auth_params *params,
16114 gfp_t gfp)
16115 {
16116 struct wireless_dev *wdev = dev->ieee80211_ptr;
16117 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
16118 struct sk_buff *msg;
16119 void *hdr;
16120
16121 if (!wdev->conn_owner_nlportid)
16122 return -EINVAL;
16123
16124 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16125 if (!msg)
16126 return -ENOMEM;
16127
16128 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_EXTERNAL_AUTH);
16129 if (!hdr)
16130 goto nla_put_failure;
16131
16132 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16133 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
16134 nla_put_u32(msg, NL80211_ATTR_AKM_SUITES, params->key_mgmt_suite) ||
16135 nla_put_u32(msg, NL80211_ATTR_EXTERNAL_AUTH_ACTION,
16136 params->action) ||
16137 nla_put(msg, NL80211_ATTR_BSSID, ETH_ALEN, params->bssid) ||
16138 nla_put(msg, NL80211_ATTR_SSID, params->ssid.ssid_len,
16139 params->ssid.ssid))
16140 goto nla_put_failure;
16141
16142 genlmsg_end(msg, hdr);
16143 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg,
16144 wdev->conn_owner_nlportid);
16145 return 0;
16146
16147 nla_put_failure:
16148 nlmsg_free(msg);
16149 return -ENOBUFS;
16150 }
16151 EXPORT_SYMBOL(cfg80211_external_auth_request);
16152
16153 /* initialisation/exit functions */
16154
16155 int __init nl80211_init(void)
16156 {
16157 int err;
16158
16159 err = genl_register_family(&nl80211_fam);
16160 if (err)
16161 return err;
16162
16163 err = netlink_register_notifier(&nl80211_netlink_notifier);
16164 if (err)
16165 goto err_out;
16166
16167 return 0;
16168 err_out:
16169 genl_unregister_family(&nl80211_fam);
16170 return err;
16171 }
16172
16173 void nl80211_exit(void)
16174 {
16175 netlink_unregister_notifier(&nl80211_netlink_notifier);
16176 genl_unregister_family(&nl80211_fam);
16177 }
Linux with added FPC-III support