projects / GitHub / moto-9609 / android_kernel_motorola_exynos9610.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
nl80211: validate beacon head
[GitHub/moto-9609/android_kernel_motorola_exynos9610.git] / net / wireless / nl80211.c
1 /*
2 * This is the new netlink-based wireless configuration interface.
3 *
4 * Copyright 2006-2010 Johannes Berg <johannes@sipsolutions.net>
5 * Copyright 2013-2014 Intel Mobile Communications GmbH
6 * Copyright 2015-2017 Intel Deutschland GmbH
7 */
8
9 #include <linux/if.h>
10 #include <linux/module.h>
11 #include <linux/err.h>
12 #include <linux/slab.h>
13 #include <linux/list.h>
14 #include <linux/if_ether.h>
15 #include <linux/ieee80211.h>
16 #include <linux/nl80211.h>
17 #include <linux/rtnetlink.h>
18 #include <linux/netlink.h>
19 #include <linux/nospec.h>
20 #include <linux/etherdevice.h>
21 #include <net/net_namespace.h>
22 #include <net/genetlink.h>
23 #include <net/cfg80211.h>
24 #include <net/sock.h>
25 #include <net/inet_connection_sock.h>
26 #include "core.h"
27 #include "nl80211.h"
28 #include "reg.h"
29 #include "rdev-ops.h"
30
31 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
32 struct genl_info *info,
33 struct cfg80211_crypto_settings *settings,
34 int cipher_limit);
35
36 /* the netlink family */
37 static struct genl_family nl80211_fam;
38
39 /* multicast groups */
40 enum nl80211_multicast_groups {
41 NL80211_MCGRP_CONFIG,
42 NL80211_MCGRP_SCAN,
43 NL80211_MCGRP_REGULATORY,
44 NL80211_MCGRP_MLME,
45 NL80211_MCGRP_VENDOR,
46 NL80211_MCGRP_NAN,
47 NL80211_MCGRP_TESTMODE /* keep last - ifdef! */
48 };
49
50 static const struct genl_multicast_group nl80211_mcgrps[] = {
51 [NL80211_MCGRP_CONFIG] = { .name = NL80211_MULTICAST_GROUP_CONFIG },
52 [NL80211_MCGRP_SCAN] = { .name = NL80211_MULTICAST_GROUP_SCAN },
53 [NL80211_MCGRP_REGULATORY] = { .name = NL80211_MULTICAST_GROUP_REG },
54 [NL80211_MCGRP_MLME] = { .name = NL80211_MULTICAST_GROUP_MLME },
55 [NL80211_MCGRP_VENDOR] = { .name = NL80211_MULTICAST_GROUP_VENDOR },
56 [NL80211_MCGRP_NAN] = { .name = NL80211_MULTICAST_GROUP_NAN },
57 #ifdef CONFIG_NL80211_TESTMODE
58 [NL80211_MCGRP_TESTMODE] = { .name = NL80211_MULTICAST_GROUP_TESTMODE }
59 #endif
60 };
61
62 /* returns ERR_PTR values */
63 static struct wireless_dev *
64 __cfg80211_wdev_from_attrs(struct net *netns, struct nlattr **attrs)
65 {
66 struct cfg80211_registered_device *rdev;
67 struct wireless_dev *result = NULL;
68 bool have_ifidx = attrs[NL80211_ATTR_IFINDEX];
69 bool have_wdev_id = attrs[NL80211_ATTR_WDEV];
70 u64 wdev_id;
71 int wiphy_idx = -1;
72 int ifidx = -1;
73
74 ASSERT_RTNL();
75
76 if (!have_ifidx && !have_wdev_id)
77 return ERR_PTR(-EINVAL);
78
79 if (have_ifidx)
80 ifidx = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
81 if (have_wdev_id) {
82 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
83 wiphy_idx = wdev_id >> 32;
84 }
85
86 list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
87 struct wireless_dev *wdev;
88
89 if (wiphy_net(&rdev->wiphy) != netns)
90 continue;
91
92 if (have_wdev_id && rdev->wiphy_idx != wiphy_idx)
93 continue;
94
95 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
96 if (have_ifidx && wdev->netdev &&
97 wdev->netdev->ifindex == ifidx) {
98 result = wdev;
99 break;
100 }
101 if (have_wdev_id && wdev->identifier == (u32)wdev_id) {
102 result = wdev;
103 break;
104 }
105 }
106
107 if (result)
108 break;
109 }
110
111 if (result)
112 return result;
113 return ERR_PTR(-ENODEV);
114 }
115
116 static struct cfg80211_registered_device *
117 __cfg80211_rdev_from_attrs(struct net *netns, struct nlattr **attrs)
118 {
119 struct cfg80211_registered_device *rdev = NULL, *tmp;
120 struct net_device *netdev;
121
122 ASSERT_RTNL();
123
124 if (!attrs[NL80211_ATTR_WIPHY] &&
125 !attrs[NL80211_ATTR_IFINDEX] &&
126 !attrs[NL80211_ATTR_WDEV])
127 return ERR_PTR(-EINVAL);
128
129 if (attrs[NL80211_ATTR_WIPHY])
130 rdev = cfg80211_rdev_by_wiphy_idx(
131 nla_get_u32(attrs[NL80211_ATTR_WIPHY]));
132
133 if (attrs[NL80211_ATTR_WDEV]) {
134 u64 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
135 struct wireless_dev *wdev;
136 bool found = false;
137
138 tmp = cfg80211_rdev_by_wiphy_idx(wdev_id >> 32);
139 if (tmp) {
140 /* make sure wdev exists */
141 list_for_each_entry(wdev, &tmp->wiphy.wdev_list, list) {
142 if (wdev->identifier != (u32)wdev_id)
143 continue;
144 found = true;
145 break;
146 }
147
148 if (!found)
149 tmp = NULL;
150
151 if (rdev && tmp != rdev)
152 return ERR_PTR(-EINVAL);
153 rdev = tmp;
154 }
155 }
156
157 if (attrs[NL80211_ATTR_IFINDEX]) {
158 int ifindex = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
159
160 netdev = __dev_get_by_index(netns, ifindex);
161 if (netdev) {
162 if (netdev->ieee80211_ptr)
163 tmp = wiphy_to_rdev(
164 netdev->ieee80211_ptr->wiphy);
165 else
166 tmp = NULL;
167
168 /* not wireless device -- return error */
169 if (!tmp)
170 return ERR_PTR(-EINVAL);
171
172 /* mismatch -- return error */
173 if (rdev && tmp != rdev)
174 return ERR_PTR(-EINVAL);
175
176 rdev = tmp;
177 }
178 }
179
180 if (!rdev)
181 return ERR_PTR(-ENODEV);
182
183 if (netns != wiphy_net(&rdev->wiphy))
184 return ERR_PTR(-ENODEV);
185
186 return rdev;
187 }
188
189 /*
190 * This function returns a pointer to the driver
191 * that the genl_info item that is passed refers to.
192 *
193 * The result of this can be a PTR_ERR and hence must
194 * be checked with IS_ERR() for errors.
195 */
196 static struct cfg80211_registered_device *
197 cfg80211_get_dev_from_info(struct net *netns, struct genl_info *info)
198 {
199 return __cfg80211_rdev_from_attrs(netns, info->attrs);
200 }
201
202 static int validate_beacon_head(const struct nlattr *attr,
203 struct netlink_ext_ack *extack)
204 {
205 const u8 *data = nla_data(attr);
206 unsigned int len = nla_len(attr);
207 const struct element *elem;
208 const struct ieee80211_mgmt *mgmt = (void *)data;
209 unsigned int fixedlen = offsetof(struct ieee80211_mgmt,
210 u.beacon.variable);
211
212 if (len < fixedlen)
213 goto err;
214
215 if (ieee80211_hdrlen(mgmt->frame_control) !=
216 offsetof(struct ieee80211_mgmt, u.beacon))
217 goto err;
218
219 data += fixedlen;
220 len -= fixedlen;
221
222 for_each_element(elem, data, len) {
223 /* nothing */
224 }
225
226 if (for_each_element_completed(elem, data, len))
227 return 0;
228
229 err:
230 NL_SET_ERR_MSG_ATTR(extack, attr, "malformed beacon head");
231 return -EINVAL;
232 }
233
234 /* policy for the attributes */
235 static const struct nla_policy nl80211_policy[NUM_NL80211_ATTR] = {
236 [NL80211_ATTR_WIPHY] = { .type = NLA_U32 },
237 [NL80211_ATTR_WIPHY_NAME] = { .type = NLA_NUL_STRING,
238 .len = 20-1 },
239 [NL80211_ATTR_WIPHY_TXQ_PARAMS] = { .type = NLA_NESTED },
240
241 [NL80211_ATTR_WIPHY_FREQ] = { .type = NLA_U32 },
242 [NL80211_ATTR_WIPHY_CHANNEL_TYPE] = { .type = NLA_U32 },
243 [NL80211_ATTR_CHANNEL_WIDTH] = { .type = NLA_U32 },
244 [NL80211_ATTR_CENTER_FREQ1] = { .type = NLA_U32 },
245 [NL80211_ATTR_CENTER_FREQ2] = { .type = NLA_U32 },
246
247 [NL80211_ATTR_WIPHY_RETRY_SHORT] = { .type = NLA_U8 },
248 [NL80211_ATTR_WIPHY_RETRY_LONG] = { .type = NLA_U8 },
249 [NL80211_ATTR_WIPHY_FRAG_THRESHOLD] = { .type = NLA_U32 },
250 [NL80211_ATTR_WIPHY_RTS_THRESHOLD] = { .type = NLA_U32 },
251 [NL80211_ATTR_WIPHY_COVERAGE_CLASS] = { .type = NLA_U8 },
252 [NL80211_ATTR_WIPHY_DYN_ACK] = { .type = NLA_FLAG },
253
254 [NL80211_ATTR_IFTYPE] = { .type = NLA_U32 },
255 [NL80211_ATTR_IFINDEX] = { .type = NLA_U32 },
256 [NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 },
257
258 [NL80211_ATTR_MAC] = { .len = ETH_ALEN },
259 [NL80211_ATTR_PREV_BSSID] = { .len = ETH_ALEN },
260
261 [NL80211_ATTR_KEY] = { .type = NLA_NESTED, },
262 [NL80211_ATTR_KEY_DATA] = { .type = NLA_BINARY,
263 .len = WLAN_MAX_KEY_LEN },
264 [NL80211_ATTR_KEY_IDX] = { .type = NLA_U8 },
265 [NL80211_ATTR_KEY_CIPHER] = { .type = NLA_U32 },
266 [NL80211_ATTR_KEY_DEFAULT] = { .type = NLA_FLAG },
267 [NL80211_ATTR_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
268 [NL80211_ATTR_KEY_TYPE] = { .type = NLA_U32 },
269
270 [NL80211_ATTR_BEACON_INTERVAL] = { .type = NLA_U32 },
271 [NL80211_ATTR_DTIM_PERIOD] = { .type = NLA_U32 },
272 [NL80211_ATTR_BEACON_HEAD] = { .type = NLA_BINARY,
273 .len = IEEE80211_MAX_DATA_LEN },
274 [NL80211_ATTR_BEACON_TAIL] = { .type = NLA_BINARY,
275 .len = IEEE80211_MAX_DATA_LEN },
276 [NL80211_ATTR_STA_AID] = { .type = NLA_U16 },
277 [NL80211_ATTR_STA_FLAGS] = { .type = NLA_NESTED },
278 [NL80211_ATTR_STA_LISTEN_INTERVAL] = { .type = NLA_U16 },
279 [NL80211_ATTR_STA_SUPPORTED_RATES] = { .type = NLA_BINARY,
280 .len = NL80211_MAX_SUPP_RATES },
281 [NL80211_ATTR_STA_PLINK_ACTION] = { .type = NLA_U8 },
282 [NL80211_ATTR_STA_VLAN] = { .type = NLA_U32 },
283 [NL80211_ATTR_MNTR_FLAGS] = { /* NLA_NESTED can't be empty */ },
284 [NL80211_ATTR_MESH_ID] = { .type = NLA_BINARY,
285 .len = IEEE80211_MAX_MESH_ID_LEN },
286 [NL80211_ATTR_MPATH_NEXT_HOP] = { .type = NLA_U32 },
287
288 [NL80211_ATTR_REG_ALPHA2] = { .type = NLA_STRING, .len = 2 },
289 [NL80211_ATTR_REG_RULES] = { .type = NLA_NESTED },
290
291 [NL80211_ATTR_BSS_CTS_PROT] = { .type = NLA_U8 },
292 [NL80211_ATTR_BSS_SHORT_PREAMBLE] = { .type = NLA_U8 },
293 [NL80211_ATTR_BSS_SHORT_SLOT_TIME] = { .type = NLA_U8 },
294 [NL80211_ATTR_BSS_BASIC_RATES] = { .type = NLA_BINARY,
295 .len = NL80211_MAX_SUPP_RATES },
296 [NL80211_ATTR_BSS_HT_OPMODE] = { .type = NLA_U16 },
297
298 [NL80211_ATTR_MESH_CONFIG] = { .type = NLA_NESTED },
299 [NL80211_ATTR_SUPPORT_MESH_AUTH] = { .type = NLA_FLAG },
300
301 [NL80211_ATTR_HT_CAPABILITY] = { .len = NL80211_HT_CAPABILITY_LEN },
302
303 [NL80211_ATTR_MGMT_SUBTYPE] = { .type = NLA_U8 },
304 [NL80211_ATTR_IE] = { .type = NLA_BINARY,
305 .len = IEEE80211_MAX_DATA_LEN },
306 [NL80211_ATTR_SCAN_FREQUENCIES] = { .type = NLA_NESTED },
307 [NL80211_ATTR_SCAN_SSIDS] = { .type = NLA_NESTED },
308
309 [NL80211_ATTR_SSID] = { .type = NLA_BINARY,
310 .len = IEEE80211_MAX_SSID_LEN },
311 [NL80211_ATTR_AUTH_TYPE] = { .type = NLA_U32 },
312 [NL80211_ATTR_REASON_CODE] = { .type = NLA_U16 },
313 [NL80211_ATTR_FREQ_FIXED] = { .type = NLA_FLAG },
314 [NL80211_ATTR_TIMED_OUT] = { .type = NLA_FLAG },
315 [NL80211_ATTR_USE_MFP] = { .type = NLA_U32 },
316 [NL80211_ATTR_STA_FLAGS2] = {
317 .len = sizeof(struct nl80211_sta_flag_update),
318 },
319 [NL80211_ATTR_CONTROL_PORT] = { .type = NLA_FLAG },
320 [NL80211_ATTR_CONTROL_PORT_ETHERTYPE] = { .type = NLA_U16 },
321 [NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT] = { .type = NLA_FLAG },
322 [NL80211_ATTR_PRIVACY] = { .type = NLA_FLAG },
323 [NL80211_ATTR_CIPHER_SUITE_GROUP] = { .type = NLA_U32 },
324 [NL80211_ATTR_WPA_VERSIONS] = { .type = NLA_U32 },
325 [NL80211_ATTR_PID] = { .type = NLA_U32 },
326 [NL80211_ATTR_4ADDR] = { .type = NLA_U8 },
327 [NL80211_ATTR_PMKID] = { .len = WLAN_PMKID_LEN },
328 [NL80211_ATTR_DURATION] = { .type = NLA_U32 },
329 [NL80211_ATTR_COOKIE] = { .type = NLA_U64 },
330 [NL80211_ATTR_TX_RATES] = { .type = NLA_NESTED },
331 [NL80211_ATTR_FRAME] = { .type = NLA_BINARY,
332 .len = IEEE80211_MAX_DATA_LEN },
333 [NL80211_ATTR_FRAME_MATCH] = { .type = NLA_BINARY, },
334 [NL80211_ATTR_PS_STATE] = { .type = NLA_U32 },
335 [NL80211_ATTR_CQM] = { .type = NLA_NESTED, },
336 [NL80211_ATTR_LOCAL_STATE_CHANGE] = { .type = NLA_FLAG },
337 [NL80211_ATTR_AP_ISOLATE] = { .type = NLA_U8 },
338 [NL80211_ATTR_WIPHY_TX_POWER_SETTING] = { .type = NLA_U32 },
339 [NL80211_ATTR_WIPHY_TX_POWER_LEVEL] = { .type = NLA_U32 },
340 [NL80211_ATTR_FRAME_TYPE] = { .type = NLA_U16 },
341 [NL80211_ATTR_WIPHY_ANTENNA_TX] = { .type = NLA_U32 },
342 [NL80211_ATTR_WIPHY_ANTENNA_RX] = { .type = NLA_U32 },
343 [NL80211_ATTR_MCAST_RATE] = { .type = NLA_U32 },
344 [NL80211_ATTR_OFFCHANNEL_TX_OK] = { .type = NLA_FLAG },
345 [NL80211_ATTR_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
346 [NL80211_ATTR_WOWLAN_TRIGGERS] = { .type = NLA_NESTED },
347 [NL80211_ATTR_STA_PLINK_STATE] = { .type = NLA_U8 },
348 [NL80211_ATTR_SCHED_SCAN_INTERVAL] = { .type = NLA_U32 },
349 [NL80211_ATTR_REKEY_DATA] = { .type = NLA_NESTED },
350 [NL80211_ATTR_SCAN_SUPP_RATES] = { .type = NLA_NESTED },
351 [NL80211_ATTR_HIDDEN_SSID] = { .type = NLA_U32 },
352 [NL80211_ATTR_IE_PROBE_RESP] = { .type = NLA_BINARY,
353 .len = IEEE80211_MAX_DATA_LEN },
354 [NL80211_ATTR_IE_ASSOC_RESP] = { .type = NLA_BINARY,
355 .len = IEEE80211_MAX_DATA_LEN },
356 [NL80211_ATTR_ROAM_SUPPORT] = { .type = NLA_FLAG },
357 [NL80211_ATTR_SCHED_SCAN_MATCH] = { .type = NLA_NESTED },
358 [NL80211_ATTR_TX_NO_CCK_RATE] = { .type = NLA_FLAG },
359 [NL80211_ATTR_TDLS_ACTION] = { .type = NLA_U8 },
360 [NL80211_ATTR_TDLS_DIALOG_TOKEN] = { .type = NLA_U8 },
361 [NL80211_ATTR_TDLS_OPERATION] = { .type = NLA_U8 },
362 [NL80211_ATTR_TDLS_SUPPORT] = { .type = NLA_FLAG },
363 [NL80211_ATTR_TDLS_EXTERNAL_SETUP] = { .type = NLA_FLAG },
364 [NL80211_ATTR_TDLS_INITIATOR] = { .type = NLA_FLAG },
365 [NL80211_ATTR_DONT_WAIT_FOR_ACK] = { .type = NLA_FLAG },
366 [NL80211_ATTR_PROBE_RESP] = { .type = NLA_BINARY,
367 .len = IEEE80211_MAX_DATA_LEN },
368 [NL80211_ATTR_DFS_REGION] = { .type = NLA_U8 },
369 [NL80211_ATTR_DISABLE_HT] = { .type = NLA_FLAG },
370 [NL80211_ATTR_HT_CAPABILITY_MASK] = {
371 .len = NL80211_HT_CAPABILITY_LEN
372 },
373 [NL80211_ATTR_NOACK_MAP] = { .type = NLA_U16 },
374 [NL80211_ATTR_INACTIVITY_TIMEOUT] = { .type = NLA_U16 },
375 [NL80211_ATTR_BG_SCAN_PERIOD] = { .type = NLA_U16 },
376 [NL80211_ATTR_WDEV] = { .type = NLA_U64 },
377 [NL80211_ATTR_USER_REG_HINT_TYPE] = { .type = NLA_U32 },
378 [NL80211_ATTR_AUTH_DATA] = { .type = NLA_BINARY, },
379 [NL80211_ATTR_VHT_CAPABILITY] = { .len = NL80211_VHT_CAPABILITY_LEN },
380 [NL80211_ATTR_SCAN_FLAGS] = { .type = NLA_U32 },
381 [NL80211_ATTR_P2P_CTWINDOW] = { .type = NLA_U8 },
382 [NL80211_ATTR_P2P_OPPPS] = { .type = NLA_U8 },
383 [NL80211_ATTR_LOCAL_MESH_POWER_MODE] = {. type = NLA_U32 },
384 [NL80211_ATTR_ACL_POLICY] = {. type = NLA_U32 },
385 [NL80211_ATTR_MAC_ADDRS] = { .type = NLA_NESTED },
386 [NL80211_ATTR_STA_CAPABILITY] = { .type = NLA_U16 },
387 [NL80211_ATTR_STA_EXT_CAPABILITY] = { .type = NLA_BINARY, },
388 [NL80211_ATTR_SPLIT_WIPHY_DUMP] = { .type = NLA_FLAG, },
389 [NL80211_ATTR_DISABLE_VHT] = { .type = NLA_FLAG },
390 [NL80211_ATTR_VHT_CAPABILITY_MASK] = {
391 .len = NL80211_VHT_CAPABILITY_LEN,
392 },
393 [NL80211_ATTR_MDID] = { .type = NLA_U16 },
394 [NL80211_ATTR_IE_RIC] = { .type = NLA_BINARY,
395 .len = IEEE80211_MAX_DATA_LEN },
396 [NL80211_ATTR_PEER_AID] = { .type = NLA_U16 },
397 [NL80211_ATTR_CH_SWITCH_COUNT] = { .type = NLA_U32 },
398 [NL80211_ATTR_CH_SWITCH_BLOCK_TX] = { .type = NLA_FLAG },
399 [NL80211_ATTR_CSA_IES] = { .type = NLA_NESTED },
400 [NL80211_ATTR_CSA_C_OFF_BEACON] = { .type = NLA_BINARY },
401 [NL80211_ATTR_CSA_C_OFF_PRESP] = { .type = NLA_BINARY },
402 [NL80211_ATTR_STA_SUPPORTED_CHANNELS] = { .type = NLA_BINARY },
403 [NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES] = { .type = NLA_BINARY },
404 [NL80211_ATTR_HANDLE_DFS] = { .type = NLA_FLAG },
405 [NL80211_ATTR_OPMODE_NOTIF] = { .type = NLA_U8 },
406 [NL80211_ATTR_VENDOR_ID] = { .type = NLA_U32 },
407 [NL80211_ATTR_VENDOR_SUBCMD] = { .type = NLA_U32 },
408 [NL80211_ATTR_VENDOR_DATA] = { .type = NLA_BINARY },
409 [NL80211_ATTR_QOS_MAP] = { .type = NLA_BINARY,
410 .len = IEEE80211_QOS_MAP_LEN_MAX },
411 [NL80211_ATTR_MAC_HINT] = { .len = ETH_ALEN },
412 [NL80211_ATTR_WIPHY_FREQ_HINT] = { .type = NLA_U32 },
413 [NL80211_ATTR_TDLS_PEER_CAPABILITY] = { .type = NLA_U32 },
414 [NL80211_ATTR_SOCKET_OWNER] = { .type = NLA_FLAG },
415 [NL80211_ATTR_CSA_C_OFFSETS_TX] = { .type = NLA_BINARY },
416 [NL80211_ATTR_USE_RRM] = { .type = NLA_FLAG },
417 [NL80211_ATTR_TSID] = { .type = NLA_U8 },
418 [NL80211_ATTR_USER_PRIO] = { .type = NLA_U8 },
419 [NL80211_ATTR_ADMITTED_TIME] = { .type = NLA_U16 },
420 [NL80211_ATTR_SMPS_MODE] = { .type = NLA_U8 },
421 [NL80211_ATTR_MAC_MASK] = { .len = ETH_ALEN },
422 [NL80211_ATTR_WIPHY_SELF_MANAGED_REG] = { .type = NLA_FLAG },
423 [NL80211_ATTR_NETNS_FD] = { .type = NLA_U32 },
424 [NL80211_ATTR_SCHED_SCAN_DELAY] = { .type = NLA_U32 },
425 [NL80211_ATTR_REG_INDOOR] = { .type = NLA_FLAG },
426 [NL80211_ATTR_PBSS] = { .type = NLA_FLAG },
427 [NL80211_ATTR_BSS_SELECT] = { .type = NLA_NESTED },
428 [NL80211_ATTR_STA_SUPPORT_P2P_PS] = { .type = NLA_U8 },
429 [NL80211_ATTR_MU_MIMO_GROUP_DATA] = {
430 .len = VHT_MUMIMO_GROUPS_DATA_LEN
431 },
432 [NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR] = { .len = ETH_ALEN },
433 [NL80211_ATTR_NAN_MASTER_PREF] = { .type = NLA_U8 },
434 [NL80211_ATTR_BANDS] = { .type = NLA_U32 },
435 [NL80211_ATTR_NAN_FUNC] = { .type = NLA_NESTED },
436 [NL80211_ATTR_FILS_KEK] = { .type = NLA_BINARY,
437 .len = FILS_MAX_KEK_LEN },
438 [NL80211_ATTR_FILS_NONCES] = { .len = 2 * FILS_NONCE_LEN },
439 [NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED] = { .type = NLA_FLAG, },
440 [NL80211_ATTR_BSSID] = { .len = ETH_ALEN },
441 [NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI] = { .type = NLA_S8 },
442 [NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST] = {
443 .len = sizeof(struct nl80211_bss_select_rssi_adjust)
444 },
445 [NL80211_ATTR_TIMEOUT_REASON] = { .type = NLA_U32 },
446 [NL80211_ATTR_FILS_ERP_USERNAME] = { .type = NLA_BINARY,
447 .len = FILS_ERP_MAX_USERNAME_LEN },
448 [NL80211_ATTR_FILS_ERP_REALM] = { .type = NLA_BINARY,
449 .len = FILS_ERP_MAX_REALM_LEN },
450 [NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] = { .type = NLA_U16 },
451 [NL80211_ATTR_FILS_ERP_RRK] = { .type = NLA_BINARY,
452 .len = FILS_ERP_MAX_RRK_LEN },
453 [NL80211_ATTR_FILS_CACHE_ID] = { .len = 2 },
454 [NL80211_ATTR_PMK] = { .type = NLA_BINARY, .len = PMK_MAX_LEN },
455 [NL80211_ATTR_SCHED_SCAN_MULTI] = { .type = NLA_FLAG },
456 #ifdef CONFIG_CFG80211_SLSI_SAE
457 [NL80211_ATTR_EXTERNAL_AUTH_SUPPORT] = { .type = NLA_FLAG },
458 #endif
459 };
460
461 /* policy for the key attributes */
462 static const struct nla_policy nl80211_key_policy[NL80211_KEY_MAX + 1] = {
463 [NL80211_KEY_DATA] = { .type = NLA_BINARY, .len = WLAN_MAX_KEY_LEN },
464 [NL80211_KEY_IDX] = { .type = NLA_U8 },
465 [NL80211_KEY_CIPHER] = { .type = NLA_U32 },
466 [NL80211_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
467 [NL80211_KEY_DEFAULT] = { .type = NLA_FLAG },
468 [NL80211_KEY_DEFAULT_MGMT] = { .type = NLA_FLAG },
469 [NL80211_KEY_TYPE] = { .type = NLA_U32 },
470 [NL80211_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
471 };
472
473 /* policy for the key default flags */
474 static const struct nla_policy
475 nl80211_key_default_policy[NUM_NL80211_KEY_DEFAULT_TYPES] = {
476 [NL80211_KEY_DEFAULT_TYPE_UNICAST] = { .type = NLA_FLAG },
477 [NL80211_KEY_DEFAULT_TYPE_MULTICAST] = { .type = NLA_FLAG },
478 };
479
480 #ifdef CONFIG_PM
481 /* policy for WoWLAN attributes */
482 static const struct nla_policy
483 nl80211_wowlan_policy[NUM_NL80211_WOWLAN_TRIG] = {
484 [NL80211_WOWLAN_TRIG_ANY] = { .type = NLA_FLAG },
485 [NL80211_WOWLAN_TRIG_DISCONNECT] = { .type = NLA_FLAG },
486 [NL80211_WOWLAN_TRIG_MAGIC_PKT] = { .type = NLA_FLAG },
487 [NL80211_WOWLAN_TRIG_PKT_PATTERN] = { .type = NLA_NESTED },
488 [NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE] = { .type = NLA_FLAG },
489 [NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST] = { .type = NLA_FLAG },
490 [NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE] = { .type = NLA_FLAG },
491 [NL80211_WOWLAN_TRIG_RFKILL_RELEASE] = { .type = NLA_FLAG },
492 [NL80211_WOWLAN_TRIG_TCP_CONNECTION] = { .type = NLA_NESTED },
493 [NL80211_WOWLAN_TRIG_NET_DETECT] = { .type = NLA_NESTED },
494 };
495
496 static const struct nla_policy
497 nl80211_wowlan_tcp_policy[NUM_NL80211_WOWLAN_TCP] = {
498 [NL80211_WOWLAN_TCP_SRC_IPV4] = { .type = NLA_U32 },
499 [NL80211_WOWLAN_TCP_DST_IPV4] = { .type = NLA_U32 },
500 [NL80211_WOWLAN_TCP_DST_MAC] = { .len = ETH_ALEN },
501 [NL80211_WOWLAN_TCP_SRC_PORT] = { .type = NLA_U16 },
502 [NL80211_WOWLAN_TCP_DST_PORT] = { .type = NLA_U16 },
503 [NL80211_WOWLAN_TCP_DATA_PAYLOAD] = { .len = 1 },
504 [NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ] = {
505 .len = sizeof(struct nl80211_wowlan_tcp_data_seq)
506 },
507 [NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN] = {
508 .len = sizeof(struct nl80211_wowlan_tcp_data_token)
509 },
510 [NL80211_WOWLAN_TCP_DATA_INTERVAL] = { .type = NLA_U32 },
511 [NL80211_WOWLAN_TCP_WAKE_PAYLOAD] = { .len = 1 },
512 [NL80211_WOWLAN_TCP_WAKE_MASK] = { .len = 1 },
513 };
514 #endif /* CONFIG_PM */
515
516 /* policy for coalesce rule attributes */
517 static const struct nla_policy
518 nl80211_coalesce_policy[NUM_NL80211_ATTR_COALESCE_RULE] = {
519 [NL80211_ATTR_COALESCE_RULE_DELAY] = { .type = NLA_U32 },
520 [NL80211_ATTR_COALESCE_RULE_CONDITION] = { .type = NLA_U32 },
521 [NL80211_ATTR_COALESCE_RULE_PKT_PATTERN] = { .type = NLA_NESTED },
522 };
523
524 /* policy for GTK rekey offload attributes */
525 static const struct nla_policy
526 nl80211_rekey_policy[NUM_NL80211_REKEY_DATA] = {
527 [NL80211_REKEY_DATA_KEK] = { .len = NL80211_KEK_LEN },
528 [NL80211_REKEY_DATA_KCK] = { .len = NL80211_KCK_LEN },
529 [NL80211_REKEY_DATA_REPLAY_CTR] = { .len = NL80211_REPLAY_CTR_LEN },
530 };
531
532 static const struct nla_policy
533 nl80211_match_policy[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1] = {
534 [NL80211_SCHED_SCAN_MATCH_ATTR_SSID] = { .type = NLA_BINARY,
535 .len = IEEE80211_MAX_SSID_LEN },
536 [NL80211_SCHED_SCAN_MATCH_ATTR_BSSID] = { .len = ETH_ALEN },
537 [NL80211_SCHED_SCAN_MATCH_ATTR_RSSI] = { .type = NLA_U32 },
538 };
539
540 static const struct nla_policy
541 nl80211_plan_policy[NL80211_SCHED_SCAN_PLAN_MAX + 1] = {
542 [NL80211_SCHED_SCAN_PLAN_INTERVAL] = { .type = NLA_U32 },
543 [NL80211_SCHED_SCAN_PLAN_ITERATIONS] = { .type = NLA_U32 },
544 };
545
546 static const struct nla_policy
547 nl80211_bss_select_policy[NL80211_BSS_SELECT_ATTR_MAX + 1] = {
548 [NL80211_BSS_SELECT_ATTR_RSSI] = { .type = NLA_FLAG },
549 [NL80211_BSS_SELECT_ATTR_BAND_PREF] = { .type = NLA_U32 },
550 [NL80211_BSS_SELECT_ATTR_RSSI_ADJUST] = {
551 .len = sizeof(struct nl80211_bss_select_rssi_adjust)
552 },
553 };
554
555 /* policy for NAN function attributes */
556 static const struct nla_policy
557 nl80211_nan_func_policy[NL80211_NAN_FUNC_ATTR_MAX + 1] = {
558 [NL80211_NAN_FUNC_TYPE] = { .type = NLA_U8 },
559 [NL80211_NAN_FUNC_SERVICE_ID] = {
560 .len = NL80211_NAN_FUNC_SERVICE_ID_LEN },
561 [NL80211_NAN_FUNC_PUBLISH_TYPE] = { .type = NLA_U8 },
562 [NL80211_NAN_FUNC_PUBLISH_BCAST] = { .type = NLA_FLAG },
563 [NL80211_NAN_FUNC_SUBSCRIBE_ACTIVE] = { .type = NLA_FLAG },
564 [NL80211_NAN_FUNC_FOLLOW_UP_ID] = { .type = NLA_U8 },
565 [NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID] = { .type = NLA_U8 },
566 [NL80211_NAN_FUNC_FOLLOW_UP_DEST] = { .len = ETH_ALEN },
567 [NL80211_NAN_FUNC_CLOSE_RANGE] = { .type = NLA_FLAG },
568 [NL80211_NAN_FUNC_TTL] = { .type = NLA_U32 },
569 [NL80211_NAN_FUNC_SERVICE_INFO] = { .type = NLA_BINARY,
570 .len = NL80211_NAN_FUNC_SERVICE_SPEC_INFO_MAX_LEN },
571 [NL80211_NAN_FUNC_SRF] = { .type = NLA_NESTED },
572 [NL80211_NAN_FUNC_RX_MATCH_FILTER] = { .type = NLA_NESTED },
573 [NL80211_NAN_FUNC_TX_MATCH_FILTER] = { .type = NLA_NESTED },
574 [NL80211_NAN_FUNC_INSTANCE_ID] = { .type = NLA_U8 },
575 [NL80211_NAN_FUNC_TERM_REASON] = { .type = NLA_U8 },
576 };
577
578 /* policy for Service Response Filter attributes */
579 static const struct nla_policy
580 nl80211_nan_srf_policy[NL80211_NAN_SRF_ATTR_MAX + 1] = {
581 [NL80211_NAN_SRF_INCLUDE] = { .type = NLA_FLAG },
582 [NL80211_NAN_SRF_BF] = { .type = NLA_BINARY,
583 .len = NL80211_NAN_FUNC_SRF_MAX_LEN },
584 [NL80211_NAN_SRF_BF_IDX] = { .type = NLA_U8 },
585 [NL80211_NAN_SRF_MAC_ADDRS] = { .type = NLA_NESTED },
586 };
587
588 /* policy for packet pattern attributes */
589 static const struct nla_policy
590 nl80211_packet_pattern_policy[MAX_NL80211_PKTPAT + 1] = {
591 [NL80211_PKTPAT_MASK] = { .type = NLA_BINARY, },
592 [NL80211_PKTPAT_PATTERN] = { .type = NLA_BINARY, },
593 [NL80211_PKTPAT_OFFSET] = { .type = NLA_U32 },
594 };
595
596 static int nl80211_prepare_wdev_dump(struct sk_buff *skb,
597 struct netlink_callback *cb,
598 struct cfg80211_registered_device **rdev,
599 struct wireless_dev **wdev)
600 {
601 int err;
602
603 if (!cb->args[0]) {
604 err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
605 genl_family_attrbuf(&nl80211_fam),
606 nl80211_fam.maxattr, nl80211_policy, NULL);
607 if (err)
608 return err;
609
610 *wdev = __cfg80211_wdev_from_attrs(
611 sock_net(skb->sk),
612 genl_family_attrbuf(&nl80211_fam));
613 if (IS_ERR(*wdev))
614 return PTR_ERR(*wdev);
615 *rdev = wiphy_to_rdev((*wdev)->wiphy);
616 /* 0 is the first index - add 1 to parse only once */
617 cb->args[0] = (*rdev)->wiphy_idx + 1;
618 cb->args[1] = (*wdev)->identifier;
619 } else {
620 /* subtract the 1 again here */
621 struct wiphy *wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1);
622 struct wireless_dev *tmp;
623
624 if (!wiphy)
625 return -ENODEV;
626 *rdev = wiphy_to_rdev(wiphy);
627 *wdev = NULL;
628
629 list_for_each_entry(tmp, &(*rdev)->wiphy.wdev_list, list) {
630 if (tmp->identifier == cb->args[1]) {
631 *wdev = tmp;
632 break;
633 }
634 }
635
636 if (!*wdev)
637 return -ENODEV;
638 }
639
640 return 0;
641 }
642
643 /* IE validation */
644 static bool is_valid_ie_attr(const struct nlattr *attr)
645 {
646 const u8 *pos;
647 int len;
648
649 if (!attr)
650 return true;
651
652 pos = nla_data(attr);
653 len = nla_len(attr);
654
655 while (len) {
656 u8 elemlen;
657
658 if (len < 2)
659 return false;
660 len -= 2;
661
662 elemlen = pos[1];
663 if (elemlen > len)
664 return false;
665
666 len -= elemlen;
667 pos += 2 + elemlen;
668 }
669
670 return true;
671 }
672
673 /* message building helper */
674 static inline void *nl80211hdr_put(struct sk_buff *skb, u32 portid, u32 seq,
675 int flags, u8 cmd)
676 {
677 /* since there is no private header just add the generic one */
678 return genlmsg_put(skb, portid, seq, &nl80211_fam, flags, cmd);
679 }
680
681 static int nl80211_msg_put_channel(struct sk_buff *msg,
682 struct ieee80211_channel *chan,
683 bool large)
684 {
685 /* Some channels must be completely excluded from the
686 * list to protect old user-space tools from breaking
687 */
688 if (!large && chan->flags &
689 (IEEE80211_CHAN_NO_10MHZ | IEEE80211_CHAN_NO_20MHZ))
690 return 0;
691
692 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_FREQ,
693 chan->center_freq))
694 goto nla_put_failure;
695
696 if ((chan->flags & IEEE80211_CHAN_DISABLED) &&
697 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_DISABLED))
698 goto nla_put_failure;
699 if (chan->flags & IEEE80211_CHAN_NO_IR) {
700 if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_IR))
701 goto nla_put_failure;
702 if (nla_put_flag(msg, __NL80211_FREQUENCY_ATTR_NO_IBSS))
703 goto nla_put_failure;
704 }
705 if (chan->flags & IEEE80211_CHAN_RADAR) {
706 if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_RADAR))
707 goto nla_put_failure;
708 if (large) {
709 u32 time;
710
711 time = elapsed_jiffies_msecs(chan->dfs_state_entered);
712
713 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_STATE,
714 chan->dfs_state))
715 goto nla_put_failure;
716 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_TIME,
717 time))
718 goto nla_put_failure;
719 if (nla_put_u32(msg,
720 NL80211_FREQUENCY_ATTR_DFS_CAC_TIME,
721 chan->dfs_cac_ms))
722 goto nla_put_failure;
723 }
724 }
725
726 if (large) {
727 if ((chan->flags & IEEE80211_CHAN_NO_HT40MINUS) &&
728 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_MINUS))
729 goto nla_put_failure;
730 if ((chan->flags & IEEE80211_CHAN_NO_HT40PLUS) &&
731 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_PLUS))
732 goto nla_put_failure;
733 if ((chan->flags & IEEE80211_CHAN_NO_80MHZ) &&
734 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_80MHZ))
735 goto nla_put_failure;
736 if ((chan->flags & IEEE80211_CHAN_NO_160MHZ) &&
737 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_160MHZ))
738 goto nla_put_failure;
739 if ((chan->flags & IEEE80211_CHAN_INDOOR_ONLY) &&
740 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_INDOOR_ONLY))
741 goto nla_put_failure;
742 if ((chan->flags & IEEE80211_CHAN_IR_CONCURRENT) &&
743 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_IR_CONCURRENT))
744 goto nla_put_failure;
745 if ((chan->flags & IEEE80211_CHAN_NO_20MHZ) &&
746 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_20MHZ))
747 goto nla_put_failure;
748 if ((chan->flags & IEEE80211_CHAN_NO_10MHZ) &&
749 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_10MHZ))
750 goto nla_put_failure;
751 }
752
753 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_MAX_TX_POWER,
754 DBM_TO_MBM(chan->max_power)))
755 goto nla_put_failure;
756
757 return 0;
758
759 nla_put_failure:
760 return -ENOBUFS;
761 }
762
763 /* netlink command implementations */
764
765 struct key_parse {
766 struct key_params p;
767 int idx;
768 int type;
769 bool def, defmgmt;
770 bool def_uni, def_multi;
771 };
772
773 static int nl80211_parse_key_new(struct nlattr *key, struct key_parse *k)
774 {
775 struct nlattr *tb[NL80211_KEY_MAX + 1];
776 int err = nla_parse_nested(tb, NL80211_KEY_MAX, key,
777 nl80211_key_policy, NULL);
778 if (err)
779 return err;
780
781 k->def = !!tb[NL80211_KEY_DEFAULT];
782 k->defmgmt = !!tb[NL80211_KEY_DEFAULT_MGMT];
783
784 if (k->def) {
785 k->def_uni = true;
786 k->def_multi = true;
787 }
788 if (k->defmgmt)
789 k->def_multi = true;
790
791 if (tb[NL80211_KEY_IDX])
792 k->idx = nla_get_u8(tb[NL80211_KEY_IDX]);
793
794 if (tb[NL80211_KEY_DATA]) {
795 k->p.key = nla_data(tb[NL80211_KEY_DATA]);
796 k->p.key_len = nla_len(tb[NL80211_KEY_DATA]);
797 }
798
799 if (tb[NL80211_KEY_SEQ]) {
800 k->p.seq = nla_data(tb[NL80211_KEY_SEQ]);
801 k->p.seq_len = nla_len(tb[NL80211_KEY_SEQ]);
802 }
803
804 if (tb[NL80211_KEY_CIPHER])
805 k->p.cipher = nla_get_u32(tb[NL80211_KEY_CIPHER]);
806
807 if (tb[NL80211_KEY_TYPE]) {
808 k->type = nla_get_u32(tb[NL80211_KEY_TYPE]);
809 if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES)
810 return -EINVAL;
811 }
812
813 if (tb[NL80211_KEY_DEFAULT_TYPES]) {
814 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
815
816 err = nla_parse_nested(kdt, NUM_NL80211_KEY_DEFAULT_TYPES - 1,
817 tb[NL80211_KEY_DEFAULT_TYPES],
818 nl80211_key_default_policy, NULL);
819 if (err)
820 return err;
821
822 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
823 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
824 }
825
826 return 0;
827 }
828
829 static int nl80211_parse_key_old(struct genl_info *info, struct key_parse *k)
830 {
831 if (info->attrs[NL80211_ATTR_KEY_DATA]) {
832 k->p.key = nla_data(info->attrs[NL80211_ATTR_KEY_DATA]);
833 k->p.key_len = nla_len(info->attrs[NL80211_ATTR_KEY_DATA]);
834 }
835
836 if (info->attrs[NL80211_ATTR_KEY_SEQ]) {
837 k->p.seq = nla_data(info->attrs[NL80211_ATTR_KEY_SEQ]);
838 k->p.seq_len = nla_len(info->attrs[NL80211_ATTR_KEY_SEQ]);
839 }
840
841 if (info->attrs[NL80211_ATTR_KEY_IDX])
842 k->idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
843
844 if (info->attrs[NL80211_ATTR_KEY_CIPHER])
845 k->p.cipher = nla_get_u32(info->attrs[NL80211_ATTR_KEY_CIPHER]);
846
847 k->def = !!info->attrs[NL80211_ATTR_KEY_DEFAULT];
848 k->defmgmt = !!info->attrs[NL80211_ATTR_KEY_DEFAULT_MGMT];
849
850 if (k->def) {
851 k->def_uni = true;
852 k->def_multi = true;
853 }
854 if (k->defmgmt)
855 k->def_multi = true;
856
857 if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
858 k->type = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
859 if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES)
860 return -EINVAL;
861 }
862
863 if (info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES]) {
864 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
865 int err = nla_parse_nested(kdt,
866 NUM_NL80211_KEY_DEFAULT_TYPES - 1,
867 info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES],
868 nl80211_key_default_policy,
869 info->extack);
870 if (err)
871 return err;
872
873 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
874 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
875 }
876
877 return 0;
878 }
879
880 static int nl80211_parse_key(struct genl_info *info, struct key_parse *k)
881 {
882 int err;
883
884 memset(k, 0, sizeof(*k));
885 k->idx = -1;
886 k->type = -1;
887
888 if (info->attrs[NL80211_ATTR_KEY])
889 err = nl80211_parse_key_new(info->attrs[NL80211_ATTR_KEY], k);
890 else
891 err = nl80211_parse_key_old(info, k);
892
893 if (err)
894 return err;
895
896 if (k->def && k->defmgmt)
897 return -EINVAL;
898
899 if (k->defmgmt) {
900 if (k->def_uni || !k->def_multi)
901 return -EINVAL;
902 }
903
904 if (k->idx != -1) {
905 if (k->defmgmt) {
906 if (k->idx < 4 || k->idx > 5)
907 return -EINVAL;
908 } else if (k->def) {
909 if (k->idx < 0 || k->idx > 3)
910 return -EINVAL;
911 } else {
912 if (k->idx < 0 || k->idx > 5)
913 return -EINVAL;
914 }
915 }
916
917 return 0;
918 }
919
920 static struct cfg80211_cached_keys *
921 nl80211_parse_connkeys(struct cfg80211_registered_device *rdev,
922 struct nlattr *keys, bool *no_ht)
923 {
924 struct key_parse parse;
925 struct nlattr *key;
926 struct cfg80211_cached_keys *result;
927 int rem, err, def = 0;
928 bool have_key = false;
929
930 nla_for_each_nested(key, keys, rem) {
931 have_key = true;
932 break;
933 }
934
935 if (!have_key)
936 return NULL;
937
938 result = kzalloc(sizeof(*result), GFP_KERNEL);
939 if (!result)
940 return ERR_PTR(-ENOMEM);
941
942 result->def = -1;
943
944 nla_for_each_nested(key, keys, rem) {
945 memset(&parse, 0, sizeof(parse));
946 parse.idx = -1;
947
948 err = nl80211_parse_key_new(key, &parse);
949 if (err)
950 goto error;
951 err = -EINVAL;
952 if (!parse.p.key)
953 goto error;
954 if (parse.idx < 0 || parse.idx > 3)
955 goto error;
956 if (parse.def) {
957 if (def)
958 goto error;
959 def = 1;
960 result->def = parse.idx;
961 if (!parse.def_uni || !parse.def_multi)
962 goto error;
963 } else if (parse.defmgmt)
964 goto error;
965 err = cfg80211_validate_key_settings(rdev, &parse.p,
966 parse.idx, false, NULL);
967 if (err)
968 goto error;
969 if (parse.p.cipher != WLAN_CIPHER_SUITE_WEP40 &&
970 parse.p.cipher != WLAN_CIPHER_SUITE_WEP104) {
971 err = -EINVAL;
972 goto error;
973 }
974 result->params[parse.idx].cipher = parse.p.cipher;
975 result->params[parse.idx].key_len = parse.p.key_len;
976 result->params[parse.idx].key = result->data[parse.idx];
977 memcpy(result->data[parse.idx], parse.p.key, parse.p.key_len);
978
979 /* must be WEP key if we got here */
980 if (no_ht)
981 *no_ht = true;
982 }
983
984 if (result->def < 0) {
985 err = -EINVAL;
986 goto error;
987 }
988
989 return result;
990 error:
991 kfree(result);
992 return ERR_PTR(err);
993 }
994
995 static int nl80211_key_allowed(struct wireless_dev *wdev)
996 {
997 ASSERT_WDEV_LOCK(wdev);
998
999 switch (wdev->iftype) {
1000 case NL80211_IFTYPE_AP:
1001 case NL80211_IFTYPE_AP_VLAN:
1002 case NL80211_IFTYPE_P2P_GO:
1003 case NL80211_IFTYPE_MESH_POINT:
1004 break;
1005 case NL80211_IFTYPE_ADHOC:
1006 case NL80211_IFTYPE_STATION:
1007 case NL80211_IFTYPE_P2P_CLIENT:
1008 if (!wdev->current_bss)
1009 return -ENOLINK;
1010 break;
1011 case NL80211_IFTYPE_UNSPECIFIED:
1012 case NL80211_IFTYPE_OCB:
1013 case NL80211_IFTYPE_MONITOR:
1014 case NL80211_IFTYPE_NAN:
1015 case NL80211_IFTYPE_P2P_DEVICE:
1016 case NL80211_IFTYPE_WDS:
1017 case NUM_NL80211_IFTYPES:
1018 return -EINVAL;
1019 }
1020
1021 return 0;
1022 }
1023
1024 static struct ieee80211_channel *nl80211_get_valid_chan(struct wiphy *wiphy,
1025 struct nlattr *tb)
1026 {
1027 struct ieee80211_channel *chan;
1028
1029 if (tb == NULL)
1030 return NULL;
1031 chan = ieee80211_get_channel(wiphy, nla_get_u32(tb));
1032 if (!chan || chan->flags & IEEE80211_CHAN_DISABLED)
1033 return NULL;
1034 return chan;
1035 }
1036
1037 static int nl80211_put_iftypes(struct sk_buff *msg, u32 attr, u16 ifmodes)
1038 {
1039 struct nlattr *nl_modes = nla_nest_start(msg, attr);
1040 int i;
1041
1042 if (!nl_modes)
1043 goto nla_put_failure;
1044
1045 i = 0;
1046 while (ifmodes) {
1047 if ((ifmodes & 1) && nla_put_flag(msg, i))
1048 goto nla_put_failure;
1049 ifmodes >>= 1;
1050 i++;
1051 }
1052
1053 nla_nest_end(msg, nl_modes);
1054 return 0;
1055
1056 nla_put_failure:
1057 return -ENOBUFS;
1058 }
1059
1060 static int nl80211_put_iface_combinations(struct wiphy *wiphy,
1061 struct sk_buff *msg,
1062 bool large)
1063 {
1064 struct nlattr *nl_combis;
1065 int i, j;
1066
1067 nl_combis = nla_nest_start(msg,
1068 NL80211_ATTR_INTERFACE_COMBINATIONS);
1069 if (!nl_combis)
1070 goto nla_put_failure;
1071
1072 for (i = 0; i < wiphy->n_iface_combinations; i++) {
1073 const struct ieee80211_iface_combination *c;
1074 struct nlattr *nl_combi, *nl_limits;
1075
1076 c = &wiphy->iface_combinations[i];
1077
1078 nl_combi = nla_nest_start(msg, i + 1);
1079 if (!nl_combi)
1080 goto nla_put_failure;
1081
1082 nl_limits = nla_nest_start(msg, NL80211_IFACE_COMB_LIMITS);
1083 if (!nl_limits)
1084 goto nla_put_failure;
1085
1086 for (j = 0; j < c->n_limits; j++) {
1087 struct nlattr *nl_limit;
1088
1089 nl_limit = nla_nest_start(msg, j + 1);
1090 if (!nl_limit)
1091 goto nla_put_failure;
1092 if (nla_put_u32(msg, NL80211_IFACE_LIMIT_MAX,
1093 c->limits[j].max))
1094 goto nla_put_failure;
1095 if (nl80211_put_iftypes(msg, NL80211_IFACE_LIMIT_TYPES,
1096 c->limits[j].types))
1097 goto nla_put_failure;
1098 nla_nest_end(msg, nl_limit);
1099 }
1100
1101 nla_nest_end(msg, nl_limits);
1102
1103 if (c->beacon_int_infra_match &&
1104 nla_put_flag(msg, NL80211_IFACE_COMB_STA_AP_BI_MATCH))
1105 goto nla_put_failure;
1106 if (nla_put_u32(msg, NL80211_IFACE_COMB_NUM_CHANNELS,
1107 c->num_different_channels) ||
1108 nla_put_u32(msg, NL80211_IFACE_COMB_MAXNUM,
1109 c->max_interfaces))
1110 goto nla_put_failure;
1111 if (large &&
1112 (nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_WIDTHS,
1113 c->radar_detect_widths) ||
1114 nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_REGIONS,
1115 c->radar_detect_regions)))
1116 goto nla_put_failure;
1117 if (c->beacon_int_min_gcd &&
1118 nla_put_u32(msg, NL80211_IFACE_COMB_BI_MIN_GCD,
1119 c->beacon_int_min_gcd))
1120 goto nla_put_failure;
1121
1122 nla_nest_end(msg, nl_combi);
1123 }
1124
1125 nla_nest_end(msg, nl_combis);
1126
1127 return 0;
1128 nla_put_failure:
1129 return -ENOBUFS;
1130 }
1131
1132 #ifdef CONFIG_PM
1133 static int nl80211_send_wowlan_tcp_caps(struct cfg80211_registered_device *rdev,
1134 struct sk_buff *msg)
1135 {
1136 const struct wiphy_wowlan_tcp_support *tcp = rdev->wiphy.wowlan->tcp;
1137 struct nlattr *nl_tcp;
1138
1139 if (!tcp)
1140 return 0;
1141
1142 nl_tcp = nla_nest_start(msg, NL80211_WOWLAN_TRIG_TCP_CONNECTION);
1143 if (!nl_tcp)
1144 return -ENOBUFS;
1145
1146 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
1147 tcp->data_payload_max))
1148 return -ENOBUFS;
1149
1150 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
1151 tcp->data_payload_max))
1152 return -ENOBUFS;
1153
1154 if (tcp->seq && nla_put_flag(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ))
1155 return -ENOBUFS;
1156
1157 if (tcp->tok && nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
1158 sizeof(*tcp->tok), tcp->tok))
1159 return -ENOBUFS;
1160
1161 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
1162 tcp->data_interval_max))
1163 return -ENOBUFS;
1164
1165 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
1166 tcp->wake_payload_max))
1167 return -ENOBUFS;
1168
1169 nla_nest_end(msg, nl_tcp);
1170 return 0;
1171 }
1172
1173 static int nl80211_send_wowlan(struct sk_buff *msg,
1174 struct cfg80211_registered_device *rdev,
1175 bool large)
1176 {
1177 struct nlattr *nl_wowlan;
1178
1179 if (!rdev->wiphy.wowlan)
1180 return 0;
1181
1182 nl_wowlan = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS_SUPPORTED);
1183 if (!nl_wowlan)
1184 return -ENOBUFS;
1185
1186 if (((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_ANY) &&
1187 nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
1188 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_DISCONNECT) &&
1189 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
1190 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT) &&
1191 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
1192 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_SUPPORTS_GTK_REKEY) &&
1193 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED)) ||
1194 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE) &&
1195 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
1196 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ) &&
1197 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
1198 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE) &&
1199 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
1200 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE) &&
1201 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
1202 return -ENOBUFS;
1203
1204 if (rdev->wiphy.wowlan->n_patterns) {
1205 struct nl80211_pattern_support pat = {
1206 .max_patterns = rdev->wiphy.wowlan->n_patterns,
1207 .min_pattern_len = rdev->wiphy.wowlan->pattern_min_len,
1208 .max_pattern_len = rdev->wiphy.wowlan->pattern_max_len,
1209 .max_pkt_offset = rdev->wiphy.wowlan->max_pkt_offset,
1210 };
1211
1212 if (nla_put(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
1213 sizeof(pat), &pat))
1214 return -ENOBUFS;
1215 }
1216
1217 if ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_NET_DETECT) &&
1218 nla_put_u32(msg, NL80211_WOWLAN_TRIG_NET_DETECT,
1219 rdev->wiphy.wowlan->max_nd_match_sets))
1220 return -ENOBUFS;
1221
1222 if (large && nl80211_send_wowlan_tcp_caps(rdev, msg))
1223 return -ENOBUFS;
1224
1225 nla_nest_end(msg, nl_wowlan);
1226
1227 return 0;
1228 }
1229 #endif
1230
1231 static int nl80211_send_coalesce(struct sk_buff *msg,
1232 struct cfg80211_registered_device *rdev)
1233 {
1234 struct nl80211_coalesce_rule_support rule;
1235
1236 if (!rdev->wiphy.coalesce)
1237 return 0;
1238
1239 rule.max_rules = rdev->wiphy.coalesce->n_rules;
1240 rule.max_delay = rdev->wiphy.coalesce->max_delay;
1241 rule.pat.max_patterns = rdev->wiphy.coalesce->n_patterns;
1242 rule.pat.min_pattern_len = rdev->wiphy.coalesce->pattern_min_len;
1243 rule.pat.max_pattern_len = rdev->wiphy.coalesce->pattern_max_len;
1244 rule.pat.max_pkt_offset = rdev->wiphy.coalesce->max_pkt_offset;
1245
1246 if (nla_put(msg, NL80211_ATTR_COALESCE_RULE, sizeof(rule), &rule))
1247 return -ENOBUFS;
1248
1249 return 0;
1250 }
1251
1252 static int nl80211_send_band_rateinfo(struct sk_buff *msg,
1253 struct ieee80211_supported_band *sband)
1254 {
1255 struct nlattr *nl_rates, *nl_rate;
1256 struct ieee80211_rate *rate;
1257 int i;
1258
1259 /* add HT info */
1260 if (sband->ht_cap.ht_supported &&
1261 (nla_put(msg, NL80211_BAND_ATTR_HT_MCS_SET,
1262 sizeof(sband->ht_cap.mcs),
1263 &sband->ht_cap.mcs) ||
1264 nla_put_u16(msg, NL80211_BAND_ATTR_HT_CAPA,
1265 sband->ht_cap.cap) ||
1266 nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_FACTOR,
1267 sband->ht_cap.ampdu_factor) ||
1268 nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_DENSITY,
1269 sband->ht_cap.ampdu_density)))
1270 return -ENOBUFS;
1271
1272 /* add VHT info */
1273 if (sband->vht_cap.vht_supported &&
1274 (nla_put(msg, NL80211_BAND_ATTR_VHT_MCS_SET,
1275 sizeof(sband->vht_cap.vht_mcs),
1276 &sband->vht_cap.vht_mcs) ||
1277 nla_put_u32(msg, NL80211_BAND_ATTR_VHT_CAPA,
1278 sband->vht_cap.cap)))
1279 return -ENOBUFS;
1280
1281 /* add bitrates */
1282 nl_rates = nla_nest_start(msg, NL80211_BAND_ATTR_RATES);
1283 if (!nl_rates)
1284 return -ENOBUFS;
1285
1286 for (i = 0; i < sband->n_bitrates; i++) {
1287 nl_rate = nla_nest_start(msg, i);
1288 if (!nl_rate)
1289 return -ENOBUFS;
1290
1291 rate = &sband->bitrates[i];
1292 if (nla_put_u32(msg, NL80211_BITRATE_ATTR_RATE,
1293 rate->bitrate))
1294 return -ENOBUFS;
1295 if ((rate->flags & IEEE80211_RATE_SHORT_PREAMBLE) &&
1296 nla_put_flag(msg,
1297 NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE))
1298 return -ENOBUFS;
1299
1300 nla_nest_end(msg, nl_rate);
1301 }
1302
1303 nla_nest_end(msg, nl_rates);
1304
1305 return 0;
1306 }
1307
1308 static int
1309 nl80211_send_mgmt_stypes(struct sk_buff *msg,
1310 const struct ieee80211_txrx_stypes *mgmt_stypes)
1311 {
1312 u16 stypes;
1313 struct nlattr *nl_ftypes, *nl_ifs;
1314 enum nl80211_iftype ift;
1315 int i;
1316
1317 if (!mgmt_stypes)
1318 return 0;
1319
1320 nl_ifs = nla_nest_start(msg, NL80211_ATTR_TX_FRAME_TYPES);
1321 if (!nl_ifs)
1322 return -ENOBUFS;
1323
1324 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
1325 nl_ftypes = nla_nest_start(msg, ift);
1326 if (!nl_ftypes)
1327 return -ENOBUFS;
1328 i = 0;
1329 stypes = mgmt_stypes[ift].tx;
1330 while (stypes) {
1331 if ((stypes & 1) &&
1332 nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
1333 (i << 4) | IEEE80211_FTYPE_MGMT))
1334 return -ENOBUFS;
1335 stypes >>= 1;
1336 i++;
1337 }
1338 nla_nest_end(msg, nl_ftypes);
1339 }
1340
1341 nla_nest_end(msg, nl_ifs);
1342
1343 nl_ifs = nla_nest_start(msg, NL80211_ATTR_RX_FRAME_TYPES);
1344 if (!nl_ifs)
1345 return -ENOBUFS;
1346
1347 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
1348 nl_ftypes = nla_nest_start(msg, ift);
1349 if (!nl_ftypes)
1350 return -ENOBUFS;
1351 i = 0;
1352 stypes = mgmt_stypes[ift].rx;
1353 while (stypes) {
1354 if ((stypes & 1) &&
1355 nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
1356 (i << 4) | IEEE80211_FTYPE_MGMT))
1357 return -ENOBUFS;
1358 stypes >>= 1;
1359 i++;
1360 }
1361 nla_nest_end(msg, nl_ftypes);
1362 }
1363 nla_nest_end(msg, nl_ifs);
1364
1365 return 0;
1366 }
1367
1368 #define CMD(op, n) \
1369 do { \
1370 if (rdev->ops->op) { \
1371 i++; \
1372 if (nla_put_u32(msg, i, NL80211_CMD_ ## n)) \
1373 goto nla_put_failure; \
1374 } \
1375 } while (0)
1376
1377 static int nl80211_add_commands_unsplit(struct cfg80211_registered_device *rdev,
1378 struct sk_buff *msg)
1379 {
1380 int i = 0;
1381
1382 /*
1383 * do *NOT* add anything into this function, new things need to be
1384 * advertised only to new versions of userspace that can deal with
1385 * the split (and they can't possibly care about new features...
1386 */
1387 CMD(add_virtual_intf, NEW_INTERFACE);
1388 CMD(change_virtual_intf, SET_INTERFACE);
1389 CMD(add_key, NEW_KEY);
1390 CMD(start_ap, START_AP);
1391 CMD(add_station, NEW_STATION);
1392 CMD(add_mpath, NEW_MPATH);
1393 CMD(update_mesh_config, SET_MESH_CONFIG);
1394 CMD(change_bss, SET_BSS);
1395 CMD(auth, AUTHENTICATE);
1396 CMD(assoc, ASSOCIATE);
1397 CMD(deauth, DEAUTHENTICATE);
1398 CMD(disassoc, DISASSOCIATE);
1399 CMD(join_ibss, JOIN_IBSS);
1400 CMD(join_mesh, JOIN_MESH);
1401 CMD(set_pmksa, SET_PMKSA);
1402 CMD(del_pmksa, DEL_PMKSA);
1403 CMD(flush_pmksa, FLUSH_PMKSA);
1404 if (rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL)
1405 CMD(remain_on_channel, REMAIN_ON_CHANNEL);
1406 CMD(set_bitrate_mask, SET_TX_BITRATE_MASK);
1407 CMD(mgmt_tx, FRAME);
1408 CMD(mgmt_tx_cancel_wait, FRAME_WAIT_CANCEL);
1409 if (rdev->wiphy.flags & WIPHY_FLAG_NETNS_OK) {
1410 i++;
1411 if (nla_put_u32(msg, i, NL80211_CMD_SET_WIPHY_NETNS))
1412 goto nla_put_failure;
1413 }
1414 if (rdev->ops->set_monitor_channel || rdev->ops->start_ap ||
1415 rdev->ops->join_mesh) {
1416 i++;
1417 if (nla_put_u32(msg, i, NL80211_CMD_SET_CHANNEL))
1418 goto nla_put_failure;
1419 }
1420 CMD(set_wds_peer, SET_WDS_PEER);
1421 if (rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) {
1422 CMD(tdls_mgmt, TDLS_MGMT);
1423 CMD(tdls_oper, TDLS_OPER);
1424 }
1425 if (rdev->wiphy.max_sched_scan_reqs)
1426 CMD(sched_scan_start, START_SCHED_SCAN);
1427 CMD(probe_client, PROBE_CLIENT);
1428 CMD(set_noack_map, SET_NOACK_MAP);
1429 if (rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS) {
1430 i++;
1431 if (nla_put_u32(msg, i, NL80211_CMD_REGISTER_BEACONS))
1432 goto nla_put_failure;
1433 }
1434 CMD(start_p2p_device, START_P2P_DEVICE);
1435 CMD(set_mcast_rate, SET_MCAST_RATE);
1436 #ifdef CONFIG_NL80211_TESTMODE
1437 CMD(testmode_cmd, TESTMODE);
1438 #endif
1439
1440 if (rdev->ops->connect || rdev->ops->auth) {
1441 i++;
1442 if (nla_put_u32(msg, i, NL80211_CMD_CONNECT))
1443 goto nla_put_failure;
1444 }
1445
1446 if (rdev->ops->disconnect || rdev->ops->deauth) {
1447 i++;
1448 if (nla_put_u32(msg, i, NL80211_CMD_DISCONNECT))
1449 goto nla_put_failure;
1450 }
1451
1452 return i;
1453 nla_put_failure:
1454 return -ENOBUFS;
1455 }
1456
1457 struct nl80211_dump_wiphy_state {
1458 s64 filter_wiphy;
1459 long start;
1460 long split_start, band_start, chan_start, capa_start;
1461 bool split;
1462 };
1463
1464 static int nl80211_send_wiphy(struct cfg80211_registered_device *rdev,
1465 enum nl80211_commands cmd,
1466 struct sk_buff *msg, u32 portid, u32 seq,
1467 int flags, struct nl80211_dump_wiphy_state *state)
1468 {
1469 void *hdr;
1470 struct nlattr *nl_bands, *nl_band;
1471 struct nlattr *nl_freqs, *nl_freq;
1472 struct nlattr *nl_cmds;
1473 enum nl80211_band band;
1474 struct ieee80211_channel *chan;
1475 int i;
1476 const struct ieee80211_txrx_stypes *mgmt_stypes =
1477 rdev->wiphy.mgmt_stypes;
1478 u32 features;
1479
1480 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
1481 if (!hdr)
1482 return -ENOBUFS;
1483
1484 if (WARN_ON(!state))
1485 return -EINVAL;
1486
1487 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
1488 nla_put_string(msg, NL80211_ATTR_WIPHY_NAME,
1489 wiphy_name(&rdev->wiphy)) ||
1490 nla_put_u32(msg, NL80211_ATTR_GENERATION,
1491 cfg80211_rdev_list_generation))
1492 goto nla_put_failure;
1493
1494 if (cmd != NL80211_CMD_NEW_WIPHY)
1495 goto finish;
1496
1497 switch (state->split_start) {
1498 case 0:
1499 if (nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_SHORT,
1500 rdev->wiphy.retry_short) ||
1501 nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_LONG,
1502 rdev->wiphy.retry_long) ||
1503 nla_put_u32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD,
1504 rdev->wiphy.frag_threshold) ||
1505 nla_put_u32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD,
1506 rdev->wiphy.rts_threshold) ||
1507 nla_put_u8(msg, NL80211_ATTR_WIPHY_COVERAGE_CLASS,
1508 rdev->wiphy.coverage_class) ||
1509 nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCAN_SSIDS,
1510 rdev->wiphy.max_scan_ssids) ||
1511 nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS,
1512 rdev->wiphy.max_sched_scan_ssids) ||
1513 nla_put_u16(msg, NL80211_ATTR_MAX_SCAN_IE_LEN,
1514 rdev->wiphy.max_scan_ie_len) ||
1515 nla_put_u16(msg, NL80211_ATTR_MAX_SCHED_SCAN_IE_LEN,
1516 rdev->wiphy.max_sched_scan_ie_len) ||
1517 nla_put_u8(msg, NL80211_ATTR_MAX_MATCH_SETS,
1518 rdev->wiphy.max_match_sets) ||
1519 nla_put_u32(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_PLANS,
1520 rdev->wiphy.max_sched_scan_plans) ||
1521 nla_put_u32(msg, NL80211_ATTR_MAX_SCAN_PLAN_INTERVAL,
1522 rdev->wiphy.max_sched_scan_plan_interval) ||
1523 nla_put_u32(msg, NL80211_ATTR_MAX_SCAN_PLAN_ITERATIONS,
1524 rdev->wiphy.max_sched_scan_plan_iterations))
1525 goto nla_put_failure;
1526
1527 if ((rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN) &&
1528 nla_put_flag(msg, NL80211_ATTR_SUPPORT_IBSS_RSN))
1529 goto nla_put_failure;
1530 if ((rdev->wiphy.flags & WIPHY_FLAG_MESH_AUTH) &&
1531 nla_put_flag(msg, NL80211_ATTR_SUPPORT_MESH_AUTH))
1532 goto nla_put_failure;
1533 if ((rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) &&
1534 nla_put_flag(msg, NL80211_ATTR_SUPPORT_AP_UAPSD))
1535 goto nla_put_failure;
1536 if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_FW_ROAM) &&
1537 nla_put_flag(msg, NL80211_ATTR_ROAM_SUPPORT))
1538 goto nla_put_failure;
1539 if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) &&
1540 nla_put_flag(msg, NL80211_ATTR_TDLS_SUPPORT))
1541 goto nla_put_failure;
1542 if ((rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP) &&
1543 nla_put_flag(msg, NL80211_ATTR_TDLS_EXTERNAL_SETUP))
1544 goto nla_put_failure;
1545 state->split_start++;
1546 if (state->split)
1547 break;
1548 case 1:
1549 if (nla_put(msg, NL80211_ATTR_CIPHER_SUITES,
1550 sizeof(u32) * rdev->wiphy.n_cipher_suites,
1551 rdev->wiphy.cipher_suites))
1552 goto nla_put_failure;
1553
1554 if (nla_put_u8(msg, NL80211_ATTR_MAX_NUM_PMKIDS,
1555 rdev->wiphy.max_num_pmkids))
1556 goto nla_put_failure;
1557
1558 if ((rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
1559 nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE))
1560 goto nla_put_failure;
1561
1562 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_TX,
1563 rdev->wiphy.available_antennas_tx) ||
1564 nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_RX,
1565 rdev->wiphy.available_antennas_rx))
1566 goto nla_put_failure;
1567
1568 if ((rdev->wiphy.flags & WIPHY_FLAG_AP_PROBE_RESP_OFFLOAD) &&
1569 nla_put_u32(msg, NL80211_ATTR_PROBE_RESP_OFFLOAD,
1570 rdev->wiphy.probe_resp_offload))
1571 goto nla_put_failure;
1572
1573 if ((rdev->wiphy.available_antennas_tx ||
1574 rdev->wiphy.available_antennas_rx) &&
1575 rdev->ops->get_antenna) {
1576 u32 tx_ant = 0, rx_ant = 0;
1577 int res;
1578
1579 res = rdev_get_antenna(rdev, &tx_ant, &rx_ant);
1580 if (!res) {
1581 if (nla_put_u32(msg,
1582 NL80211_ATTR_WIPHY_ANTENNA_TX,
1583 tx_ant) ||
1584 nla_put_u32(msg,
1585 NL80211_ATTR_WIPHY_ANTENNA_RX,
1586 rx_ant))
1587 goto nla_put_failure;
1588 }
1589 }
1590
1591 state->split_start++;
1592 if (state->split)
1593 break;
1594 case 2:
1595 if (nl80211_put_iftypes(msg, NL80211_ATTR_SUPPORTED_IFTYPES,
1596 rdev->wiphy.interface_modes))
1597 goto nla_put_failure;
1598 state->split_start++;
1599 if (state->split)
1600 break;
1601 case 3:
1602 nl_bands = nla_nest_start(msg, NL80211_ATTR_WIPHY_BANDS);
1603 if (!nl_bands)
1604 goto nla_put_failure;
1605
1606 for (band = state->band_start;
1607 band < NUM_NL80211_BANDS; band++) {
1608 struct ieee80211_supported_band *sband;
1609
1610 sband = rdev->wiphy.bands[band];
1611
1612 if (!sband)
1613 continue;
1614
1615 nl_band = nla_nest_start(msg, band);
1616 if (!nl_band)
1617 goto nla_put_failure;
1618
1619 switch (state->chan_start) {
1620 case 0:
1621 if (nl80211_send_band_rateinfo(msg, sband))
1622 goto nla_put_failure;
1623 state->chan_start++;
1624 if (state->split)
1625 break;
1626 default:
1627 /* add frequencies */
1628 nl_freqs = nla_nest_start(
1629 msg, NL80211_BAND_ATTR_FREQS);
1630 if (!nl_freqs)
1631 goto nla_put_failure;
1632
1633 for (i = state->chan_start - 1;
1634 i < sband->n_channels;
1635 i++) {
1636 nl_freq = nla_nest_start(msg, i);
1637 if (!nl_freq)
1638 goto nla_put_failure;
1639
1640 chan = &sband->channels[i];
1641
1642 if (nl80211_msg_put_channel(
1643 msg, chan,
1644 state->split))
1645 goto nla_put_failure;
1646
1647 nla_nest_end(msg, nl_freq);
1648 if (state->split)
1649 break;
1650 }
1651 if (i < sband->n_channels)
1652 state->chan_start = i + 2;
1653 else
1654 state->chan_start = 0;
1655 nla_nest_end(msg, nl_freqs);
1656 }
1657
1658 nla_nest_end(msg, nl_band);
1659
1660 if (state->split) {
1661 /* start again here */
1662 if (state->chan_start)
1663 band--;
1664 break;
1665 }
1666 }
1667 nla_nest_end(msg, nl_bands);
1668
1669 if (band < NUM_NL80211_BANDS)
1670 state->band_start = band + 1;
1671 else
1672 state->band_start = 0;
1673
1674 /* if bands & channels are done, continue outside */
1675 if (state->band_start == 0 && state->chan_start == 0)
1676 state->split_start++;
1677 if (state->split)
1678 break;
1679 case 4:
1680 nl_cmds = nla_nest_start(msg, NL80211_ATTR_SUPPORTED_COMMANDS);
1681 if (!nl_cmds)
1682 goto nla_put_failure;
1683
1684 i = nl80211_add_commands_unsplit(rdev, msg);
1685 if (i < 0)
1686 goto nla_put_failure;
1687 if (state->split) {
1688 CMD(crit_proto_start, CRIT_PROTOCOL_START);
1689 CMD(crit_proto_stop, CRIT_PROTOCOL_STOP);
1690 if (rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH)
1691 CMD(channel_switch, CHANNEL_SWITCH);
1692 CMD(set_qos_map, SET_QOS_MAP);
1693 if (rdev->wiphy.features &
1694 NL80211_FEATURE_SUPPORTS_WMM_ADMISSION)
1695 CMD(add_tx_ts, ADD_TX_TS);
1696 CMD(set_multicast_to_unicast, SET_MULTICAST_TO_UNICAST);
1697 CMD(update_connect_params, UPDATE_CONNECT_PARAMS);
1698 }
1699 #undef CMD
1700
1701 nla_nest_end(msg, nl_cmds);
1702 state->split_start++;
1703 if (state->split)
1704 break;
1705 case 5:
1706 if (rdev->ops->remain_on_channel &&
1707 (rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL) &&
1708 nla_put_u32(msg,
1709 NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION,
1710 rdev->wiphy.max_remain_on_channel_duration))
1711 goto nla_put_failure;
1712
1713 if ((rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX) &&
1714 nla_put_flag(msg, NL80211_ATTR_OFFCHANNEL_TX_OK))
1715 goto nla_put_failure;
1716
1717 if (nl80211_send_mgmt_stypes(msg, mgmt_stypes))
1718 goto nla_put_failure;
1719 state->split_start++;
1720 if (state->split)
1721 break;
1722 case 6:
1723 #ifdef CONFIG_PM
1724 if (nl80211_send_wowlan(msg, rdev, state->split))
1725 goto nla_put_failure;
1726 state->split_start++;
1727 if (state->split)
1728 break;
1729 #else
1730 state->split_start++;
1731 #endif
1732 case 7:
1733 if (nl80211_put_iftypes(msg, NL80211_ATTR_SOFTWARE_IFTYPES,
1734 rdev->wiphy.software_iftypes))
1735 goto nla_put_failure;
1736
1737 if (nl80211_put_iface_combinations(&rdev->wiphy, msg,
1738 state->split))
1739 goto nla_put_failure;
1740
1741 state->split_start++;
1742 if (state->split)
1743 break;
1744 case 8:
1745 if ((rdev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME) &&
1746 nla_put_u32(msg, NL80211_ATTR_DEVICE_AP_SME,
1747 rdev->wiphy.ap_sme_capa))
1748 goto nla_put_failure;
1749
1750 features = rdev->wiphy.features;
1751 /*
1752 * We can only add the per-channel limit information if the
1753 * dump is split, otherwise it makes it too big. Therefore
1754 * only advertise it in that case.
1755 */
1756 if (state->split)
1757 features |= NL80211_FEATURE_ADVERTISE_CHAN_LIMITS;
1758 if (nla_put_u32(msg, NL80211_ATTR_FEATURE_FLAGS, features))
1759 goto nla_put_failure;
1760
1761 if (rdev->wiphy.ht_capa_mod_mask &&
1762 nla_put(msg, NL80211_ATTR_HT_CAPABILITY_MASK,
1763 sizeof(*rdev->wiphy.ht_capa_mod_mask),
1764 rdev->wiphy.ht_capa_mod_mask))
1765 goto nla_put_failure;
1766
1767 if (rdev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME &&
1768 rdev->wiphy.max_acl_mac_addrs &&
1769 nla_put_u32(msg, NL80211_ATTR_MAC_ACL_MAX,
1770 rdev->wiphy.max_acl_mac_addrs))
1771 goto nla_put_failure;
1772
1773 /*
1774 * Any information below this point is only available to
1775 * applications that can deal with it being split. This
1776 * helps ensure that newly added capabilities don't break
1777 * older tools by overrunning their buffers.
1778 *
1779 * We still increment split_start so that in the split
1780 * case we'll continue with more data in the next round,
1781 * but break unconditionally so unsplit data stops here.
1782 */
1783 state->split_start++;
1784 break;
1785 case 9:
1786 if (rdev->wiphy.extended_capabilities &&
1787 (nla_put(msg, NL80211_ATTR_EXT_CAPA,
1788 rdev->wiphy.extended_capabilities_len,
1789 rdev->wiphy.extended_capabilities) ||
1790 nla_put(msg, NL80211_ATTR_EXT_CAPA_MASK,
1791 rdev->wiphy.extended_capabilities_len,
1792 rdev->wiphy.extended_capabilities_mask)))
1793 goto nla_put_failure;
1794
1795 if (rdev->wiphy.vht_capa_mod_mask &&
1796 nla_put(msg, NL80211_ATTR_VHT_CAPABILITY_MASK,
1797 sizeof(*rdev->wiphy.vht_capa_mod_mask),
1798 rdev->wiphy.vht_capa_mod_mask))
1799 goto nla_put_failure;
1800
1801 state->split_start++;
1802 break;
1803 case 10:
1804 if (nl80211_send_coalesce(msg, rdev))
1805 goto nla_put_failure;
1806
1807 if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ) &&
1808 (nla_put_flag(msg, NL80211_ATTR_SUPPORT_5_MHZ) ||
1809 nla_put_flag(msg, NL80211_ATTR_SUPPORT_10_MHZ)))
1810 goto nla_put_failure;
1811
1812 if (rdev->wiphy.max_ap_assoc_sta &&
1813 nla_put_u32(msg, NL80211_ATTR_MAX_AP_ASSOC_STA,
1814 rdev->wiphy.max_ap_assoc_sta))
1815 goto nla_put_failure;
1816
1817 state->split_start++;
1818 break;
1819 case 11:
1820 if (rdev->wiphy.n_vendor_commands) {
1821 const struct nl80211_vendor_cmd_info *info;
1822 struct nlattr *nested;
1823
1824 nested = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA);
1825 if (!nested)
1826 goto nla_put_failure;
1827
1828 for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) {
1829 info = &rdev->wiphy.vendor_commands[i].info;
1830 if (nla_put(msg, i + 1, sizeof(*info), info))
1831 goto nla_put_failure;
1832 }
1833 nla_nest_end(msg, nested);
1834 }
1835
1836 if (rdev->wiphy.n_vendor_events) {
1837 const struct nl80211_vendor_cmd_info *info;
1838 struct nlattr *nested;
1839
1840 nested = nla_nest_start(msg,
1841 NL80211_ATTR_VENDOR_EVENTS);
1842 if (!nested)
1843 goto nla_put_failure;
1844
1845 for (i = 0; i < rdev->wiphy.n_vendor_events; i++) {
1846 info = &rdev->wiphy.vendor_events[i];
1847 if (nla_put(msg, i + 1, sizeof(*info), info))
1848 goto nla_put_failure;
1849 }
1850 nla_nest_end(msg, nested);
1851 }
1852 state->split_start++;
1853 break;
1854 case 12:
1855 if (rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH &&
1856 nla_put_u8(msg, NL80211_ATTR_MAX_CSA_COUNTERS,
1857 rdev->wiphy.max_num_csa_counters))
1858 goto nla_put_failure;
1859
1860 if (rdev->wiphy.regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
1861 nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
1862 goto nla_put_failure;
1863
1864 if (rdev->wiphy.max_sched_scan_reqs &&
1865 nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_MAX_REQS,
1866 rdev->wiphy.max_sched_scan_reqs))
1867 goto nla_put_failure;
1868
1869 if (nla_put(msg, NL80211_ATTR_EXT_FEATURES,
1870 sizeof(rdev->wiphy.ext_features),
1871 rdev->wiphy.ext_features))
1872 goto nla_put_failure;
1873
1874 if (rdev->wiphy.bss_select_support) {
1875 struct nlattr *nested;
1876 u32 bss_select_support = rdev->wiphy.bss_select_support;
1877
1878 nested = nla_nest_start(msg, NL80211_ATTR_BSS_SELECT);
1879 if (!nested)
1880 goto nla_put_failure;
1881
1882 i = 0;
1883 while (bss_select_support) {
1884 if ((bss_select_support & 1) &&
1885 nla_put_flag(msg, i))
1886 goto nla_put_failure;
1887 i++;
1888 bss_select_support >>= 1;
1889 }
1890 nla_nest_end(msg, nested);
1891 }
1892
1893 state->split_start++;
1894 break;
1895 case 13:
1896 if (rdev->wiphy.num_iftype_ext_capab &&
1897 rdev->wiphy.iftype_ext_capab) {
1898 struct nlattr *nested_ext_capab, *nested;
1899
1900 nested = nla_nest_start(msg,
1901 NL80211_ATTR_IFTYPE_EXT_CAPA);
1902 if (!nested)
1903 goto nla_put_failure;
1904
1905 for (i = state->capa_start;
1906 i < rdev->wiphy.num_iftype_ext_capab; i++) {
1907 const struct wiphy_iftype_ext_capab *capab;
1908
1909 capab = &rdev->wiphy.iftype_ext_capab[i];
1910
1911 nested_ext_capab = nla_nest_start(msg, i);
1912 if (!nested_ext_capab ||
1913 nla_put_u32(msg, NL80211_ATTR_IFTYPE,
1914 capab->iftype) ||
1915 nla_put(msg, NL80211_ATTR_EXT_CAPA,
1916 capab->extended_capabilities_len,
1917 capab->extended_capabilities) ||
1918 nla_put(msg, NL80211_ATTR_EXT_CAPA_MASK,
1919 capab->extended_capabilities_len,
1920 capab->extended_capabilities_mask))
1921 goto nla_put_failure;
1922
1923 nla_nest_end(msg, nested_ext_capab);
1924 if (state->split)
1925 break;
1926 }
1927 nla_nest_end(msg, nested);
1928 if (i < rdev->wiphy.num_iftype_ext_capab) {
1929 state->capa_start = i + 1;
1930 break;
1931 }
1932 }
1933
1934 if (nla_put_u32(msg, NL80211_ATTR_BANDS,
1935 rdev->wiphy.nan_supported_bands))
1936 goto nla_put_failure;
1937
1938 /* done */
1939 state->split_start = 0;
1940 break;
1941 }
1942 finish:
1943 genlmsg_end(msg, hdr);
1944 return 0;
1945
1946 nla_put_failure:
1947 genlmsg_cancel(msg, hdr);
1948 return -EMSGSIZE;
1949 }
1950
1951 static int nl80211_dump_wiphy_parse(struct sk_buff *skb,
1952 struct netlink_callback *cb,
1953 struct nl80211_dump_wiphy_state *state)
1954 {
1955 struct nlattr **tb = genl_family_attrbuf(&nl80211_fam);
1956 int ret = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize, tb,
1957 nl80211_fam.maxattr, nl80211_policy, NULL);
1958 /* ignore parse errors for backward compatibility */
1959 if (ret)
1960 return 0;
1961
1962 state->split = tb[NL80211_ATTR_SPLIT_WIPHY_DUMP];
1963 if (tb[NL80211_ATTR_WIPHY])
1964 state->filter_wiphy = nla_get_u32(tb[NL80211_ATTR_WIPHY]);
1965 if (tb[NL80211_ATTR_WDEV])
1966 state->filter_wiphy = nla_get_u64(tb[NL80211_ATTR_WDEV]) >> 32;
1967 if (tb[NL80211_ATTR_IFINDEX]) {
1968 struct net_device *netdev;
1969 struct cfg80211_registered_device *rdev;
1970 int ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]);
1971
1972 netdev = __dev_get_by_index(sock_net(skb->sk), ifidx);
1973 if (!netdev)
1974 return -ENODEV;
1975 if (netdev->ieee80211_ptr) {
1976 rdev = wiphy_to_rdev(
1977 netdev->ieee80211_ptr->wiphy);
1978 state->filter_wiphy = rdev->wiphy_idx;
1979 }
1980 }
1981
1982 return 0;
1983 }
1984
1985 static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb)
1986 {
1987 int idx = 0, ret;
1988 struct nl80211_dump_wiphy_state *state = (void *)cb->args[0];
1989 struct cfg80211_registered_device *rdev;
1990
1991 rtnl_lock();
1992 if (!state) {
1993 state = kzalloc(sizeof(*state), GFP_KERNEL);
1994 if (!state) {
1995 rtnl_unlock();
1996 return -ENOMEM;
1997 }
1998 state->filter_wiphy = -1;
1999 ret = nl80211_dump_wiphy_parse(skb, cb, state);
2000 if (ret) {
2001 kfree(state);
2002 rtnl_unlock();
2003 return ret;
2004 }
2005 cb->args[0] = (long)state;
2006 }
2007
2008 list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
2009 if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
2010 continue;
2011 if (++idx <= state->start)
2012 continue;
2013 if (state->filter_wiphy != -1 &&
2014 state->filter_wiphy != rdev->wiphy_idx)
2015 continue;
2016 /* attempt to fit multiple wiphy data chunks into the skb */
2017 do {
2018 ret = nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY,
2019 skb,
2020 NETLINK_CB(cb->skb).portid,
2021 cb->nlh->nlmsg_seq,
2022 NLM_F_MULTI, state);
2023 if (ret < 0) {
2024 /*
2025 * If sending the wiphy data didn't fit (ENOBUFS
2026 * or EMSGSIZE returned), this SKB is still
2027 * empty (so it's not too big because another
2028 * wiphy dataset is already in the skb) and
2029 * we've not tried to adjust the dump allocation
2030 * yet ... then adjust the alloc size to be
2031 * bigger, and return 1 but with the empty skb.
2032 * This results in an empty message being RX'ed
2033 * in userspace, but that is ignored.
2034 *
2035 * We can then retry with the larger buffer.
2036 */
2037 if ((ret == -ENOBUFS || ret == -EMSGSIZE) &&
2038 !skb->len && !state->split &&
2039 cb->min_dump_alloc < 4096) {
2040 cb->min_dump_alloc = 4096;
2041 state->split_start = 0;
2042 rtnl_unlock();
2043 return 1;
2044 }
2045 idx--;
2046 break;
2047 }
2048 } while (state->split_start > 0);
2049 break;
2050 }
2051 rtnl_unlock();
2052
2053 state->start = idx;
2054
2055 return skb->len;
2056 }
2057
2058 static int nl80211_dump_wiphy_done(struct netlink_callback *cb)
2059 {
2060 kfree((void *)cb->args[0]);
2061 return 0;
2062 }
2063
2064 static int nl80211_get_wiphy(struct sk_buff *skb, struct genl_info *info)
2065 {
2066 struct sk_buff *msg;
2067 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2068 struct nl80211_dump_wiphy_state state = {};
2069
2070 msg = nlmsg_new(4096, GFP_KERNEL);
2071 if (!msg)
2072 return -ENOMEM;
2073
2074 if (nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY, msg,
2075 info->snd_portid, info->snd_seq, 0,
2076 &state) < 0) {
2077 nlmsg_free(msg);
2078 return -ENOBUFS;
2079 }
2080
2081 return genlmsg_reply(msg, info);
2082 }
2083
2084 static const struct nla_policy txq_params_policy[NL80211_TXQ_ATTR_MAX + 1] = {
2085 [NL80211_TXQ_ATTR_QUEUE] = { .type = NLA_U8 },
2086 [NL80211_TXQ_ATTR_TXOP] = { .type = NLA_U16 },
2087 [NL80211_TXQ_ATTR_CWMIN] = { .type = NLA_U16 },
2088 [NL80211_TXQ_ATTR_CWMAX] = { .type = NLA_U16 },
2089 [NL80211_TXQ_ATTR_AIFS] = { .type = NLA_U8 },
2090 };
2091
2092 static int parse_txq_params(struct nlattr *tb[],
2093 struct ieee80211_txq_params *txq_params)
2094 {
2095 u8 ac;
2096
2097 if (!tb[NL80211_TXQ_ATTR_AC] || !tb[NL80211_TXQ_ATTR_TXOP] ||
2098 !tb[NL80211_TXQ_ATTR_CWMIN] || !tb[NL80211_TXQ_ATTR_CWMAX] ||
2099 !tb[NL80211_TXQ_ATTR_AIFS])
2100 return -EINVAL;
2101
2102 ac = nla_get_u8(tb[NL80211_TXQ_ATTR_AC]);
2103 txq_params->txop = nla_get_u16(tb[NL80211_TXQ_ATTR_TXOP]);
2104 txq_params->cwmin = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMIN]);
2105 txq_params->cwmax = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMAX]);
2106 txq_params->aifs = nla_get_u8(tb[NL80211_TXQ_ATTR_AIFS]);
2107
2108 if (ac >= NL80211_NUM_ACS)
2109 return -EINVAL;
2110 txq_params->ac = array_index_nospec(ac, NL80211_NUM_ACS);
2111 return 0;
2112 }
2113
2114 static bool nl80211_can_set_dev_channel(struct wireless_dev *wdev)
2115 {
2116 /*
2117 * You can only set the channel explicitly for WDS interfaces,
2118 * all others have their channel managed via their respective
2119 * "establish a connection" command (connect, join, ...)
2120 *
2121 * For AP/GO and mesh mode, the channel can be set with the
2122 * channel userspace API, but is only stored and passed to the
2123 * low-level driver when the AP starts or the mesh is joined.
2124 * This is for backward compatibility, userspace can also give
2125 * the channel in the start-ap or join-mesh commands instead.
2126 *
2127 * Monitors are special as they are normally slaved to
2128 * whatever else is going on, so they have their own special
2129 * operation to set the monitor channel if possible.
2130 */
2131 return !wdev ||
2132 wdev->iftype == NL80211_IFTYPE_AP ||
2133 wdev->iftype == NL80211_IFTYPE_MESH_POINT ||
2134 wdev->iftype == NL80211_IFTYPE_MONITOR ||
2135 wdev->iftype == NL80211_IFTYPE_P2P_GO;
2136 }
2137
2138 static int nl80211_parse_chandef(struct cfg80211_registered_device *rdev,
2139 struct genl_info *info,
2140 struct cfg80211_chan_def *chandef)
2141 {
2142 u32 control_freq;
2143
2144 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
2145 return -EINVAL;
2146
2147 control_freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]);
2148
2149 chandef->chan = ieee80211_get_channel(&rdev->wiphy, control_freq);
2150 chandef->width = NL80211_CHAN_WIDTH_20_NOHT;
2151 chandef->center_freq1 = control_freq;
2152 chandef->center_freq2 = 0;
2153
2154 /* Primary channel not allowed */
2155 if (!chandef->chan || chandef->chan->flags & IEEE80211_CHAN_DISABLED)
2156 return -EINVAL;
2157
2158 if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
2159 enum nl80211_channel_type chantype;
2160
2161 chantype = nla_get_u32(
2162 info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
2163
2164 switch (chantype) {
2165 case NL80211_CHAN_NO_HT:
2166 case NL80211_CHAN_HT20:
2167 case NL80211_CHAN_HT40PLUS:
2168 case NL80211_CHAN_HT40MINUS:
2169 cfg80211_chandef_create(chandef, chandef->chan,
2170 chantype);
2171 break;
2172 default:
2173 return -EINVAL;
2174 }
2175 } else if (info->attrs[NL80211_ATTR_CHANNEL_WIDTH]) {
2176 chandef->width =
2177 nla_get_u32(info->attrs[NL80211_ATTR_CHANNEL_WIDTH]);
2178 if (info->attrs[NL80211_ATTR_CENTER_FREQ1])
2179 chandef->center_freq1 =
2180 nla_get_u32(
2181 info->attrs[NL80211_ATTR_CENTER_FREQ1]);
2182 if (info->attrs[NL80211_ATTR_CENTER_FREQ2])
2183 chandef->center_freq2 =
2184 nla_get_u32(
2185 info->attrs[NL80211_ATTR_CENTER_FREQ2]);
2186 }
2187
2188 if (!cfg80211_chandef_valid(chandef))
2189 return -EINVAL;
2190
2191 if (!cfg80211_chandef_usable(&rdev->wiphy, chandef,
2192 IEEE80211_CHAN_DISABLED))
2193 return -EINVAL;
2194
2195 if ((chandef->width == NL80211_CHAN_WIDTH_5 ||
2196 chandef->width == NL80211_CHAN_WIDTH_10) &&
2197 !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ))
2198 return -EINVAL;
2199
2200 return 0;
2201 }
2202
2203 static int __nl80211_set_channel(struct cfg80211_registered_device *rdev,
2204 struct net_device *dev,
2205 struct genl_info *info)
2206 {
2207 struct cfg80211_chan_def chandef;
2208 int result;
2209 enum nl80211_iftype iftype = NL80211_IFTYPE_MONITOR;
2210 struct wireless_dev *wdev = NULL;
2211
2212 if (dev)
2213 wdev = dev->ieee80211_ptr;
2214 if (!nl80211_can_set_dev_channel(wdev))
2215 return -EOPNOTSUPP;
2216 if (wdev)
2217 iftype = wdev->iftype;
2218
2219 result = nl80211_parse_chandef(rdev, info, &chandef);
2220 if (result)
2221 return result;
2222
2223 switch (iftype) {
2224 case NL80211_IFTYPE_AP:
2225 case NL80211_IFTYPE_P2P_GO:
2226 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &chandef,
2227 iftype)) {
2228 result = -EINVAL;
2229 break;
2230 }
2231 if (wdev->beacon_interval) {
2232 if (!dev || !rdev->ops->set_ap_chanwidth ||
2233 !(rdev->wiphy.features &
2234 NL80211_FEATURE_AP_MODE_CHAN_WIDTH_CHANGE)) {
2235 result = -EBUSY;
2236 break;
2237 }
2238
2239 /* Only allow dynamic channel width changes */
2240 if (chandef.chan != wdev->preset_chandef.chan) {
2241 result = -EBUSY;
2242 break;
2243 }
2244 result = rdev_set_ap_chanwidth(rdev, dev, &chandef);
2245 if (result)
2246 break;
2247 }
2248 wdev->preset_chandef = chandef;
2249 result = 0;
2250 break;
2251 case NL80211_IFTYPE_MESH_POINT:
2252 result = cfg80211_set_mesh_channel(rdev, wdev, &chandef);
2253 break;
2254 case NL80211_IFTYPE_MONITOR:
2255 result = cfg80211_set_monitor_channel(rdev, &chandef);
2256 break;
2257 default:
2258 result = -EINVAL;
2259 }
2260
2261 return result;
2262 }
2263
2264 static int nl80211_set_channel(struct sk_buff *skb, struct genl_info *info)
2265 {
2266 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2267 struct net_device *netdev = info->user_ptr[1];
2268
2269 return __nl80211_set_channel(rdev, netdev, info);
2270 }
2271
2272 static int nl80211_set_wds_peer(struct sk_buff *skb, struct genl_info *info)
2273 {
2274 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2275 struct net_device *dev = info->user_ptr[1];
2276 struct wireless_dev *wdev = dev->ieee80211_ptr;
2277 const u8 *bssid;
2278
2279 if (!info->attrs[NL80211_ATTR_MAC])
2280 return -EINVAL;
2281
2282 if (netif_running(dev))
2283 return -EBUSY;
2284
2285 if (!rdev->ops->set_wds_peer)
2286 return -EOPNOTSUPP;
2287
2288 if (wdev->iftype != NL80211_IFTYPE_WDS)
2289 return -EOPNOTSUPP;
2290
2291 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
2292 return rdev_set_wds_peer(rdev, dev, bssid);
2293 }
2294
2295 static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info)
2296 {
2297 struct cfg80211_registered_device *rdev;
2298 struct net_device *netdev = NULL;
2299 struct wireless_dev *wdev;
2300 int result = 0, rem_txq_params = 0;
2301 struct nlattr *nl_txq_params;
2302 u32 changed;
2303 u8 retry_short = 0, retry_long = 0;
2304 u32 frag_threshold = 0, rts_threshold = 0;
2305 u8 coverage_class = 0;
2306
2307 ASSERT_RTNL();
2308
2309 /*
2310 * Try to find the wiphy and netdev. Normally this
2311 * function shouldn't need the netdev, but this is
2312 * done for backward compatibility -- previously
2313 * setting the channel was done per wiphy, but now
2314 * it is per netdev. Previous userland like hostapd
2315 * also passed a netdev to set_wiphy, so that it is
2316 * possible to let that go to the right netdev!
2317 */
2318
2319 if (info->attrs[NL80211_ATTR_IFINDEX]) {
2320 int ifindex = nla_get_u32(info->attrs[NL80211_ATTR_IFINDEX]);
2321
2322 netdev = __dev_get_by_index(genl_info_net(info), ifindex);
2323 if (netdev && netdev->ieee80211_ptr)
2324 rdev = wiphy_to_rdev(netdev->ieee80211_ptr->wiphy);
2325 else
2326 netdev = NULL;
2327 }
2328
2329 if (!netdev) {
2330 rdev = __cfg80211_rdev_from_attrs(genl_info_net(info),
2331 info->attrs);
2332 if (IS_ERR(rdev))
2333 return PTR_ERR(rdev);
2334 wdev = NULL;
2335 netdev = NULL;
2336 result = 0;
2337 } else
2338 wdev = netdev->ieee80211_ptr;
2339
2340 /*
2341 * end workaround code, by now the rdev is available
2342 * and locked, and wdev may or may not be NULL.
2343 */
2344
2345 if (info->attrs[NL80211_ATTR_WIPHY_NAME])
2346 result = cfg80211_dev_rename(
2347 rdev, nla_data(info->attrs[NL80211_ATTR_WIPHY_NAME]));
2348
2349 if (result)
2350 return result;
2351
2352 if (info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS]) {
2353 struct ieee80211_txq_params txq_params;
2354 struct nlattr *tb[NL80211_TXQ_ATTR_MAX + 1];
2355
2356 if (!rdev->ops->set_txq_params)
2357 return -EOPNOTSUPP;
2358
2359 if (!netdev)
2360 return -EINVAL;
2361
2362 if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
2363 netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
2364 return -EINVAL;
2365
2366 if (!netif_running(netdev))
2367 return -ENETDOWN;
2368
2369 nla_for_each_nested(nl_txq_params,
2370 info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS],
2371 rem_txq_params) {
2372 result = nla_parse_nested(tb, NL80211_TXQ_ATTR_MAX,
2373 nl_txq_params,
2374 txq_params_policy,
2375 info->extack);
2376 if (result)
2377 return result;
2378 result = parse_txq_params(tb, &txq_params);
2379 if (result)
2380 return result;
2381
2382 result = rdev_set_txq_params(rdev, netdev,
2383 &txq_params);
2384 if (result)
2385 return result;
2386 }
2387 }
2388
2389 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
2390 result = __nl80211_set_channel(
2391 rdev,
2392 nl80211_can_set_dev_channel(wdev) ? netdev : NULL,
2393 info);
2394 if (result)
2395 return result;
2396 }
2397
2398 if (info->attrs[NL80211_ATTR_WIPHY_TX_POWER_SETTING]) {
2399 struct wireless_dev *txp_wdev = wdev;
2400 enum nl80211_tx_power_setting type;
2401 int idx, mbm = 0;
2402
2403 if (!(rdev->wiphy.features & NL80211_FEATURE_VIF_TXPOWER))
2404 txp_wdev = NULL;
2405
2406 if (!rdev->ops->set_tx_power)
2407 return -EOPNOTSUPP;
2408
2409 idx = NL80211_ATTR_WIPHY_TX_POWER_SETTING;
2410 type = nla_get_u32(info->attrs[idx]);
2411
2412 if (!info->attrs[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] &&
2413 (type != NL80211_TX_POWER_AUTOMATIC))
2414 return -EINVAL;
2415
2416 if (type != NL80211_TX_POWER_AUTOMATIC) {
2417 idx = NL80211_ATTR_WIPHY_TX_POWER_LEVEL;
2418 mbm = nla_get_u32(info->attrs[idx]);
2419 }
2420
2421 result = rdev_set_tx_power(rdev, txp_wdev, type, mbm);
2422 if (result)
2423 return result;
2424 }
2425
2426 if (info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX] &&
2427 info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]) {
2428 u32 tx_ant, rx_ant;
2429
2430 if ((!rdev->wiphy.available_antennas_tx &&
2431 !rdev->wiphy.available_antennas_rx) ||
2432 !rdev->ops->set_antenna)
2433 return -EOPNOTSUPP;
2434
2435 tx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX]);
2436 rx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]);
2437
2438 /* reject antenna configurations which don't match the
2439 * available antenna masks, except for the "all" mask */
2440 if ((~tx_ant && (tx_ant & ~rdev->wiphy.available_antennas_tx)) ||
2441 (~rx_ant && (rx_ant & ~rdev->wiphy.available_antennas_rx)))
2442 return -EINVAL;
2443
2444 tx_ant = tx_ant & rdev->wiphy.available_antennas_tx;
2445 rx_ant = rx_ant & rdev->wiphy.available_antennas_rx;
2446
2447 result = rdev_set_antenna(rdev, tx_ant, rx_ant);
2448 if (result)
2449 return result;
2450 }
2451
2452 changed = 0;
2453
2454 if (info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]) {
2455 retry_short = nla_get_u8(
2456 info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]);
2457 if (retry_short == 0)
2458 return -EINVAL;
2459
2460 changed |= WIPHY_PARAM_RETRY_SHORT;
2461 }
2462
2463 if (info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]) {
2464 retry_long = nla_get_u8(
2465 info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]);
2466 if (retry_long == 0)
2467 return -EINVAL;
2468
2469 changed |= WIPHY_PARAM_RETRY_LONG;
2470 }
2471
2472 if (info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]) {
2473 frag_threshold = nla_get_u32(
2474 info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]);
2475 if (frag_threshold < 256)
2476 return -EINVAL;
2477
2478 if (frag_threshold != (u32) -1) {
2479 /*
2480 * Fragments (apart from the last one) are required to
2481 * have even length. Make the fragmentation code
2482 * simpler by stripping LSB should someone try to use
2483 * odd threshold value.
2484 */
2485 frag_threshold &= ~0x1;
2486 }
2487 changed |= WIPHY_PARAM_FRAG_THRESHOLD;
2488 }
2489
2490 if (info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]) {
2491 rts_threshold = nla_get_u32(
2492 info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]);
2493 changed |= WIPHY_PARAM_RTS_THRESHOLD;
2494 }
2495
2496 if (info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]) {
2497 if (info->attrs[NL80211_ATTR_WIPHY_DYN_ACK])
2498 return -EINVAL;
2499
2500 coverage_class = nla_get_u8(
2501 info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]);
2502 changed |= WIPHY_PARAM_COVERAGE_CLASS;
2503 }
2504
2505 if (info->attrs[NL80211_ATTR_WIPHY_DYN_ACK]) {
2506 if (!(rdev->wiphy.features & NL80211_FEATURE_ACKTO_ESTIMATION))
2507 return -EOPNOTSUPP;
2508
2509 changed |= WIPHY_PARAM_DYN_ACK;
2510 }
2511
2512 if (changed) {
2513 u8 old_retry_short, old_retry_long;
2514 u32 old_frag_threshold, old_rts_threshold;
2515 u8 old_coverage_class;
2516
2517 if (!rdev->ops->set_wiphy_params)
2518 return -EOPNOTSUPP;
2519
2520 old_retry_short = rdev->wiphy.retry_short;
2521 old_retry_long = rdev->wiphy.retry_long;
2522 old_frag_threshold = rdev->wiphy.frag_threshold;
2523 old_rts_threshold = rdev->wiphy.rts_threshold;
2524 old_coverage_class = rdev->wiphy.coverage_class;
2525
2526 if (changed & WIPHY_PARAM_RETRY_SHORT)
2527 rdev->wiphy.retry_short = retry_short;
2528 if (changed & WIPHY_PARAM_RETRY_LONG)
2529 rdev->wiphy.retry_long = retry_long;
2530 if (changed & WIPHY_PARAM_FRAG_THRESHOLD)
2531 rdev->wiphy.frag_threshold = frag_threshold;
2532 if (changed & WIPHY_PARAM_RTS_THRESHOLD)
2533 rdev->wiphy.rts_threshold = rts_threshold;
2534 if (changed & WIPHY_PARAM_COVERAGE_CLASS)
2535 rdev->wiphy.coverage_class = coverage_class;
2536
2537 result = rdev_set_wiphy_params(rdev, changed);
2538 if (result) {
2539 rdev->wiphy.retry_short = old_retry_short;
2540 rdev->wiphy.retry_long = old_retry_long;
2541 rdev->wiphy.frag_threshold = old_frag_threshold;
2542 rdev->wiphy.rts_threshold = old_rts_threshold;
2543 rdev->wiphy.coverage_class = old_coverage_class;
2544 return result;
2545 }
2546 }
2547 return 0;
2548 }
2549
2550 static inline u64 wdev_id(struct wireless_dev *wdev)
2551 {
2552 return (u64)wdev->identifier |
2553 ((u64)wiphy_to_rdev(wdev->wiphy)->wiphy_idx << 32);
2554 }
2555
2556 static int nl80211_send_chandef(struct sk_buff *msg,
2557 const struct cfg80211_chan_def *chandef)
2558 {
2559 if (WARN_ON(!cfg80211_chandef_valid(chandef)))
2560 return -EINVAL;
2561
2562 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ,
2563 chandef->chan->center_freq))
2564 return -ENOBUFS;
2565 switch (chandef->width) {
2566 case NL80211_CHAN_WIDTH_20_NOHT:
2567 case NL80211_CHAN_WIDTH_20:
2568 case NL80211_CHAN_WIDTH_40:
2569 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
2570 cfg80211_get_chandef_type(chandef)))
2571 return -ENOBUFS;
2572 break;
2573 default:
2574 break;
2575 }
2576 if (nla_put_u32(msg, NL80211_ATTR_CHANNEL_WIDTH, chandef->width))
2577 return -ENOBUFS;
2578 if (nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ1, chandef->center_freq1))
2579 return -ENOBUFS;
2580 if (chandef->center_freq2 &&
2581 nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ2, chandef->center_freq2))
2582 return -ENOBUFS;
2583 return 0;
2584 }
2585
2586 static int nl80211_send_iface(struct sk_buff *msg, u32 portid, u32 seq, int flags,
2587 struct cfg80211_registered_device *rdev,
2588 struct wireless_dev *wdev, bool removal)
2589 {
2590 struct net_device *dev = wdev->netdev;
2591 u8 cmd = NL80211_CMD_NEW_INTERFACE;
2592 void *hdr;
2593
2594 if (removal)
2595 cmd = NL80211_CMD_DEL_INTERFACE;
2596
2597 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
2598 if (!hdr)
2599 return -1;
2600
2601 if (dev &&
2602 (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
2603 nla_put_string(msg, NL80211_ATTR_IFNAME, dev->name)))
2604 goto nla_put_failure;
2605
2606 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
2607 nla_put_u32(msg, NL80211_ATTR_IFTYPE, wdev->iftype) ||
2608 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
2609 NL80211_ATTR_PAD) ||
2610 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, wdev_address(wdev)) ||
2611 nla_put_u32(msg, NL80211_ATTR_GENERATION,
2612 rdev->devlist_generation ^
2613 (cfg80211_rdev_list_generation << 2)))
2614 goto nla_put_failure;
2615
2616 if (rdev->ops->get_channel) {
2617 int ret;
2618 struct cfg80211_chan_def chandef;
2619
2620 ret = rdev_get_channel(rdev, wdev, &chandef);
2621 if (ret == 0) {
2622 if (nl80211_send_chandef(msg, &chandef))
2623 goto nla_put_failure;
2624 }
2625 }
2626
2627 if (rdev->ops->get_tx_power) {
2628 int dbm, ret;
2629
2630 ret = rdev_get_tx_power(rdev, wdev, &dbm);
2631 if (ret == 0 &&
2632 nla_put_u32(msg, NL80211_ATTR_WIPHY_TX_POWER_LEVEL,
2633 DBM_TO_MBM(dbm)))
2634 goto nla_put_failure;
2635 }
2636
2637 if (wdev->ssid_len) {
2638 if (nla_put(msg, NL80211_ATTR_SSID, wdev->ssid_len, wdev->ssid))
2639 goto nla_put_failure;
2640 }
2641
2642 genlmsg_end(msg, hdr);
2643 return 0;
2644
2645 nla_put_failure:
2646 genlmsg_cancel(msg, hdr);
2647 return -EMSGSIZE;
2648 }
2649
2650 static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *cb)
2651 {
2652 int wp_idx = 0;
2653 int if_idx = 0;
2654 int wp_start = cb->args[0];
2655 int if_start = cb->args[1];
2656 int filter_wiphy = -1;
2657 struct cfg80211_registered_device *rdev;
2658 struct wireless_dev *wdev;
2659 int ret;
2660
2661 rtnl_lock();
2662 if (!cb->args[2]) {
2663 struct nl80211_dump_wiphy_state state = {
2664 .filter_wiphy = -1,
2665 };
2666
2667 ret = nl80211_dump_wiphy_parse(skb, cb, &state);
2668 if (ret)
2669 goto out_unlock;
2670
2671 filter_wiphy = state.filter_wiphy;
2672
2673 /*
2674 * if filtering, set cb->args[2] to +1 since 0 is the default
2675 * value needed to determine that parsing is necessary.
2676 */
2677 if (filter_wiphy >= 0)
2678 cb->args[2] = filter_wiphy + 1;
2679 else
2680 cb->args[2] = -1;
2681 } else if (cb->args[2] > 0) {
2682 filter_wiphy = cb->args[2] - 1;
2683 }
2684
2685 list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
2686 if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
2687 continue;
2688 if (wp_idx < wp_start) {
2689 wp_idx++;
2690 continue;
2691 }
2692
2693 if (filter_wiphy >= 0 && filter_wiphy != rdev->wiphy_idx)
2694 continue;
2695
2696 if_idx = 0;
2697
2698 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
2699 if (if_idx < if_start) {
2700 if_idx++;
2701 continue;
2702 }
2703 if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).portid,
2704 cb->nlh->nlmsg_seq, NLM_F_MULTI,
2705 rdev, wdev, false) < 0) {
2706 goto out;
2707 }
2708 if_idx++;
2709 }
2710
2711 wp_idx++;
2712 }
2713 out:
2714 cb->args[0] = wp_idx;
2715 cb->args[1] = if_idx;
2716
2717 ret = skb->len;
2718 out_unlock:
2719 rtnl_unlock();
2720
2721 return ret;
2722 }
2723
2724 static int nl80211_get_interface(struct sk_buff *skb, struct genl_info *info)
2725 {
2726 struct sk_buff *msg;
2727 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2728 struct wireless_dev *wdev = info->user_ptr[1];
2729
2730 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2731 if (!msg)
2732 return -ENOMEM;
2733
2734 if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
2735 rdev, wdev, false) < 0) {
2736 nlmsg_free(msg);
2737 return -ENOBUFS;
2738 }
2739
2740 return genlmsg_reply(msg, info);
2741 }
2742
2743 static const struct nla_policy mntr_flags_policy[NL80211_MNTR_FLAG_MAX + 1] = {
2744 [NL80211_MNTR_FLAG_FCSFAIL] = { .type = NLA_FLAG },
2745 [NL80211_MNTR_FLAG_PLCPFAIL] = { .type = NLA_FLAG },
2746 [NL80211_MNTR_FLAG_CONTROL] = { .type = NLA_FLAG },
2747 [NL80211_MNTR_FLAG_OTHER_BSS] = { .type = NLA_FLAG },
2748 [NL80211_MNTR_FLAG_COOK_FRAMES] = { .type = NLA_FLAG },
2749 [NL80211_MNTR_FLAG_ACTIVE] = { .type = NLA_FLAG },
2750 };
2751
2752 static int parse_monitor_flags(struct nlattr *nla, u32 *mntrflags)
2753 {
2754 struct nlattr *flags[NL80211_MNTR_FLAG_MAX + 1];
2755 int flag;
2756
2757 *mntrflags = 0;
2758
2759 if (!nla)
2760 return -EINVAL;
2761
2762 if (nla_parse_nested(flags, NL80211_MNTR_FLAG_MAX, nla,
2763 mntr_flags_policy, NULL))
2764 return -EINVAL;
2765
2766 for (flag = 1; flag <= NL80211_MNTR_FLAG_MAX; flag++)
2767 if (flags[flag])
2768 *mntrflags |= (1<<flag);
2769
2770 *mntrflags |= MONITOR_FLAG_CHANGED;
2771
2772 return 0;
2773 }
2774
2775 static int nl80211_parse_mon_options(struct cfg80211_registered_device *rdev,
2776 enum nl80211_iftype type,
2777 struct genl_info *info,
2778 struct vif_params *params)
2779 {
2780 bool change = false;
2781 int err;
2782
2783 if (info->attrs[NL80211_ATTR_MNTR_FLAGS]) {
2784 if (type != NL80211_IFTYPE_MONITOR)
2785 return -EINVAL;
2786
2787 err = parse_monitor_flags(info->attrs[NL80211_ATTR_MNTR_FLAGS],
2788 &params->flags);
2789 if (err)
2790 return err;
2791
2792 change = true;
2793 }
2794
2795 if (params->flags & MONITOR_FLAG_ACTIVE &&
2796 !(rdev->wiphy.features & NL80211_FEATURE_ACTIVE_MONITOR))
2797 return -EOPNOTSUPP;
2798
2799 if (info->attrs[NL80211_ATTR_MU_MIMO_GROUP_DATA]) {
2800 const u8 *mumimo_groups;
2801 u32 cap_flag = NL80211_EXT_FEATURE_MU_MIMO_AIR_SNIFFER;
2802
2803 if (type != NL80211_IFTYPE_MONITOR)
2804 return -EINVAL;
2805
2806 if (!wiphy_ext_feature_isset(&rdev->wiphy, cap_flag))
2807 return -EOPNOTSUPP;
2808
2809 mumimo_groups =
2810 nla_data(info->attrs[NL80211_ATTR_MU_MIMO_GROUP_DATA]);
2811
2812 /* bits 0 and 63 are reserved and must be zero */
2813 if ((mumimo_groups[0] & BIT(0)) ||
2814 (mumimo_groups[VHT_MUMIMO_GROUPS_DATA_LEN - 1] & BIT(7)))
2815 return -EINVAL;
2816
2817 params->vht_mumimo_groups = mumimo_groups;
2818 change = true;
2819 }
2820
2821 if (info->attrs[NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR]) {
2822 u32 cap_flag = NL80211_EXT_FEATURE_MU_MIMO_AIR_SNIFFER;
2823
2824 if (type != NL80211_IFTYPE_MONITOR)
2825 return -EINVAL;
2826
2827 if (!wiphy_ext_feature_isset(&rdev->wiphy, cap_flag))
2828 return -EOPNOTSUPP;
2829
2830 params->vht_mumimo_follow_addr =
2831 nla_data(info->attrs[NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR]);
2832 change = true;
2833 }
2834
2835 return change ? 1 : 0;
2836 }
2837
2838 static int nl80211_valid_4addr(struct cfg80211_registered_device *rdev,
2839 struct net_device *netdev, u8 use_4addr,
2840 enum nl80211_iftype iftype)
2841 {
2842 if (!use_4addr) {
2843 if (netdev && (netdev->priv_flags & IFF_BRIDGE_PORT))
2844 return -EBUSY;
2845 return 0;
2846 }
2847
2848 switch (iftype) {
2849 case NL80211_IFTYPE_AP_VLAN:
2850 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_AP)
2851 return 0;
2852 break;
2853 case NL80211_IFTYPE_STATION:
2854 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_STATION)
2855 return 0;
2856 break;
2857 default:
2858 break;
2859 }
2860
2861 return -EOPNOTSUPP;
2862 }
2863
2864 static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info)
2865 {
2866 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2867 struct vif_params params;
2868 int err;
2869 enum nl80211_iftype otype, ntype;
2870 struct net_device *dev = info->user_ptr[1];
2871 bool change = false;
2872
2873 memset(&params, 0, sizeof(params));
2874
2875 otype = ntype = dev->ieee80211_ptr->iftype;
2876
2877 if (info->attrs[NL80211_ATTR_IFTYPE]) {
2878 ntype = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
2879 if (otype != ntype)
2880 change = true;
2881 if (ntype > NL80211_IFTYPE_MAX)
2882 return -EINVAL;
2883 }
2884
2885 if (info->attrs[NL80211_ATTR_MESH_ID]) {
2886 struct wireless_dev *wdev = dev->ieee80211_ptr;
2887
2888 if (ntype != NL80211_IFTYPE_MESH_POINT)
2889 return -EINVAL;
2890 if (netif_running(dev))
2891 return -EBUSY;
2892
2893 wdev_lock(wdev);
2894 BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
2895 IEEE80211_MAX_MESH_ID_LEN);
2896 wdev->mesh_id_up_len =
2897 nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
2898 memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
2899 wdev->mesh_id_up_len);
2900 wdev_unlock(wdev);
2901 }
2902
2903 if (info->attrs[NL80211_ATTR_4ADDR]) {
2904 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
2905 change = true;
2906 err = nl80211_valid_4addr(rdev, dev, params.use_4addr, ntype);
2907 if (err)
2908 return err;
2909 } else {
2910 params.use_4addr = -1;
2911 }
2912
2913 err = nl80211_parse_mon_options(rdev, ntype, info, &params);
2914 if (err < 0)
2915 return err;
2916 if (err > 0)
2917 change = true;
2918
2919 if (change)
2920 err = cfg80211_change_iface(rdev, dev, ntype, &params);
2921 else
2922 err = 0;
2923
2924 if (!err && params.use_4addr != -1)
2925 dev->ieee80211_ptr->use_4addr = params.use_4addr;
2926
2927 return err;
2928 }
2929
2930 static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info)
2931 {
2932 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2933 struct vif_params params;
2934 struct wireless_dev *wdev;
2935 struct sk_buff *msg;
2936 int err;
2937 enum nl80211_iftype type = NL80211_IFTYPE_UNSPECIFIED;
2938
2939 /* to avoid failing a new interface creation due to pending removal */
2940 cfg80211_destroy_ifaces(rdev);
2941
2942 memset(&params, 0, sizeof(params));
2943
2944 if (!info->attrs[NL80211_ATTR_IFNAME])
2945 return -EINVAL;
2946
2947 if (info->attrs[NL80211_ATTR_IFTYPE]) {
2948 type = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
2949 if (type > NL80211_IFTYPE_MAX)
2950 return -EINVAL;
2951 }
2952
2953 if (!rdev->ops->add_virtual_intf ||
2954 !(rdev->wiphy.interface_modes & (1 << type)))
2955 return -EOPNOTSUPP;
2956
2957 if ((type == NL80211_IFTYPE_P2P_DEVICE || type == NL80211_IFTYPE_NAN ||
2958 rdev->wiphy.features & NL80211_FEATURE_MAC_ON_CREATE) &&
2959 info->attrs[NL80211_ATTR_MAC]) {
2960 nla_memcpy(params.macaddr, info->attrs[NL80211_ATTR_MAC],
2961 ETH_ALEN);
2962 if (!is_valid_ether_addr(params.macaddr))
2963 return -EADDRNOTAVAIL;
2964 }
2965
2966 if (info->attrs[NL80211_ATTR_4ADDR]) {
2967 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
2968 err = nl80211_valid_4addr(rdev, NULL, params.use_4addr, type);
2969 if (err)
2970 return err;
2971 }
2972
2973 err = nl80211_parse_mon_options(rdev, type, info, &params);
2974 if (err < 0)
2975 return err;
2976
2977 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2978 if (!msg)
2979 return -ENOMEM;
2980
2981 wdev = rdev_add_virtual_intf(rdev,
2982 nla_data(info->attrs[NL80211_ATTR_IFNAME]),
2983 NET_NAME_USER, type, &params);
2984 if (WARN_ON(!wdev)) {
2985 nlmsg_free(msg);
2986 return -EPROTO;
2987 } else if (IS_ERR(wdev)) {
2988 nlmsg_free(msg);
2989 return PTR_ERR(wdev);
2990 }
2991
2992 if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
2993 wdev->owner_nlportid = info->snd_portid;
2994
2995 switch (type) {
2996 case NL80211_IFTYPE_MESH_POINT:
2997 if (!info->attrs[NL80211_ATTR_MESH_ID])
2998 break;
2999 wdev_lock(wdev);
3000 BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
3001 IEEE80211_MAX_MESH_ID_LEN);
3002 wdev->mesh_id_up_len =
3003 nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
3004 memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
3005 wdev->mesh_id_up_len);
3006 wdev_unlock(wdev);
3007 break;
3008 case NL80211_IFTYPE_NAN:
3009 case NL80211_IFTYPE_P2P_DEVICE:
3010 /*
3011 * P2P Device and NAN do not have a netdev, so don't go
3012 * through the netdev notifier and must be added here
3013 */
3014 mutex_init(&wdev->mtx);
3015 INIT_LIST_HEAD(&wdev->event_list);
3016 spin_lock_init(&wdev->event_lock);
3017 INIT_LIST_HEAD(&wdev->mgmt_registrations);
3018 spin_lock_init(&wdev->mgmt_registrations_lock);
3019
3020 wdev->identifier = ++rdev->wdev_id;
3021 list_add_rcu(&wdev->list, &rdev->wiphy.wdev_list);
3022 rdev->devlist_generation++;
3023 break;
3024 default:
3025 break;
3026 }
3027
3028 if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
3029 rdev, wdev, false) < 0) {
3030 nlmsg_free(msg);
3031 return -ENOBUFS;
3032 }
3033
3034 /*
3035 * For wdevs which have no associated netdev object (e.g. of type
3036 * NL80211_IFTYPE_P2P_DEVICE), emit the NEW_INTERFACE event here.
3037 * For all other types, the event will be generated from the
3038 * netdev notifier
3039 */
3040 if (!wdev->netdev)
3041 nl80211_notify_iface(rdev, wdev, NL80211_CMD_NEW_INTERFACE);
3042
3043 return genlmsg_reply(msg, info);
3044 }
3045
3046 static int nl80211_del_interface(struct sk_buff *skb, struct genl_info *info)
3047 {
3048 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3049 struct wireless_dev *wdev = info->user_ptr[1];
3050
3051 if (!rdev->ops->del_virtual_intf)
3052 return -EOPNOTSUPP;
3053
3054 /*
3055 * If we remove a wireless device without a netdev then clear
3056 * user_ptr[1] so that nl80211_post_doit won't dereference it
3057 * to check if it needs to do dev_put(). Otherwise it crashes
3058 * since the wdev has been freed, unlike with a netdev where
3059 * we need the dev_put() for the netdev to really be freed.
3060 */
3061 if (!wdev->netdev)
3062 info->user_ptr[1] = NULL;
3063
3064 return rdev_del_virtual_intf(rdev, wdev);
3065 }
3066
3067 static int nl80211_set_noack_map(struct sk_buff *skb, struct genl_info *info)
3068 {
3069 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3070 struct net_device *dev = info->user_ptr[1];
3071 u16 noack_map;
3072
3073 if (!info->attrs[NL80211_ATTR_NOACK_MAP])
3074 return -EINVAL;
3075
3076 if (!rdev->ops->set_noack_map)
3077 return -EOPNOTSUPP;
3078
3079 noack_map = nla_get_u16(info->attrs[NL80211_ATTR_NOACK_MAP]);
3080
3081 return rdev_set_noack_map(rdev, dev, noack_map);
3082 }
3083
3084 struct get_key_cookie {
3085 struct sk_buff *msg;
3086 int error;
3087 int idx;
3088 };
3089
3090 static void get_key_callback(void *c, struct key_params *params)
3091 {
3092 struct nlattr *key;
3093 struct get_key_cookie *cookie = c;
3094
3095 if ((params->key &&
3096 nla_put(cookie->msg, NL80211_ATTR_KEY_DATA,
3097 params->key_len, params->key)) ||
3098 (params->seq &&
3099 nla_put(cookie->msg, NL80211_ATTR_KEY_SEQ,
3100 params->seq_len, params->seq)) ||
3101 (params->cipher &&
3102 nla_put_u32(cookie->msg, NL80211_ATTR_KEY_CIPHER,
3103 params->cipher)))
3104 goto nla_put_failure;
3105
3106 key = nla_nest_start(cookie->msg, NL80211_ATTR_KEY);
3107 if (!key)
3108 goto nla_put_failure;
3109
3110 if ((params->key &&
3111 nla_put(cookie->msg, NL80211_KEY_DATA,
3112 params->key_len, params->key)) ||
3113 (params->seq &&
3114 nla_put(cookie->msg, NL80211_KEY_SEQ,
3115 params->seq_len, params->seq)) ||
3116 (params->cipher &&
3117 nla_put_u32(cookie->msg, NL80211_KEY_CIPHER,
3118 params->cipher)))
3119 goto nla_put_failure;
3120
3121 if (nla_put_u8(cookie->msg, NL80211_ATTR_KEY_IDX, cookie->idx))
3122 goto nla_put_failure;
3123
3124 nla_nest_end(cookie->msg, key);
3125
3126 return;
3127 nla_put_failure:
3128 cookie->error = 1;
3129 }
3130
3131 static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info)
3132 {
3133 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3134 int err;
3135 struct net_device *dev = info->user_ptr[1];
3136 u8 key_idx = 0;
3137 const u8 *mac_addr = NULL;
3138 bool pairwise;
3139 struct get_key_cookie cookie = {
3140 .error = 0,
3141 };
3142 void *hdr;
3143 struct sk_buff *msg;
3144
3145 if (info->attrs[NL80211_ATTR_KEY_IDX])
3146 key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
3147
3148 if (key_idx > 5)
3149 return -EINVAL;
3150
3151 if (info->attrs[NL80211_ATTR_MAC])
3152 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3153
3154 pairwise = !!mac_addr;
3155 if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
3156 u32 kt = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
3157
3158 if (kt >= NUM_NL80211_KEYTYPES)
3159 return -EINVAL;
3160 if (kt != NL80211_KEYTYPE_GROUP &&
3161 kt != NL80211_KEYTYPE_PAIRWISE)
3162 return -EINVAL;
3163 pairwise = kt == NL80211_KEYTYPE_PAIRWISE;
3164 }
3165
3166 if (!rdev->ops->get_key)
3167 return -EOPNOTSUPP;
3168
3169 if (!pairwise && mac_addr && !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
3170 return -ENOENT;
3171
3172 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3173 if (!msg)
3174 return -ENOMEM;
3175
3176 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
3177 NL80211_CMD_NEW_KEY);
3178 if (!hdr)
3179 goto nla_put_failure;
3180
3181 cookie.msg = msg;
3182 cookie.idx = key_idx;
3183
3184 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
3185 nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_idx))
3186 goto nla_put_failure;
3187 if (mac_addr &&
3188 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr))
3189 goto nla_put_failure;
3190
3191 err = rdev_get_key(rdev, dev, key_idx, pairwise, mac_addr, &cookie,
3192 get_key_callback);
3193
3194 if (err)
3195 goto free_msg;
3196
3197 if (cookie.error)
3198 goto nla_put_failure;
3199
3200 genlmsg_end(msg, hdr);
3201 return genlmsg_reply(msg, info);
3202
3203 nla_put_failure:
3204 err = -ENOBUFS;
3205 free_msg:
3206 nlmsg_free(msg);
3207 return err;
3208 }
3209
3210 static int nl80211_set_key(struct sk_buff *skb, struct genl_info *info)
3211 {
3212 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3213 struct key_parse key;
3214 int err;
3215 struct net_device *dev = info->user_ptr[1];
3216
3217 err = nl80211_parse_key(info, &key);
3218 if (err)
3219 return err;
3220
3221 if (key.idx < 0)
3222 return -EINVAL;
3223
3224 /* only support setting default key */
3225 if (!key.def && !key.defmgmt)
3226 return -EINVAL;
3227
3228 wdev_lock(dev->ieee80211_ptr);
3229
3230 if (key.def) {
3231 if (!rdev->ops->set_default_key) {
3232 err = -EOPNOTSUPP;
3233 goto out;
3234 }
3235
3236 err = nl80211_key_allowed(dev->ieee80211_ptr);
3237 if (err)
3238 goto out;
3239
3240 err = rdev_set_default_key(rdev, dev, key.idx,
3241 key.def_uni, key.def_multi);
3242
3243 if (err)
3244 goto out;
3245
3246 #ifdef CONFIG_CFG80211_WEXT
3247 dev->ieee80211_ptr->wext.default_key = key.idx;
3248 #endif
3249 } else {
3250 if (key.def_uni || !key.def_multi) {
3251 err = -EINVAL;
3252 goto out;
3253 }
3254
3255 if (!rdev->ops->set_default_mgmt_key) {
3256 err = -EOPNOTSUPP;
3257 goto out;
3258 }
3259
3260 err = nl80211_key_allowed(dev->ieee80211_ptr);
3261 if (err)
3262 goto out;
3263
3264 err = rdev_set_default_mgmt_key(rdev, dev, key.idx);
3265 if (err)
3266 goto out;
3267
3268 #ifdef CONFIG_CFG80211_WEXT
3269 dev->ieee80211_ptr->wext.default_mgmt_key = key.idx;
3270 #endif
3271 }
3272
3273 out:
3274 wdev_unlock(dev->ieee80211_ptr);
3275
3276 return err;
3277 }
3278
3279 static int nl80211_new_key(struct sk_buff *skb, struct genl_info *info)
3280 {
3281 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3282 int err;
3283 struct net_device *dev = info->user_ptr[1];
3284 struct key_parse key;
3285 const u8 *mac_addr = NULL;
3286
3287 err = nl80211_parse_key(info, &key);
3288 if (err)
3289 return err;
3290
3291 if (!key.p.key)
3292 return -EINVAL;
3293
3294 if (info->attrs[NL80211_ATTR_MAC])
3295 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3296
3297 if (key.type == -1) {
3298 if (mac_addr)
3299 key.type = NL80211_KEYTYPE_PAIRWISE;
3300 else
3301 key.type = NL80211_KEYTYPE_GROUP;
3302 }
3303
3304 /* for now */
3305 if (key.type != NL80211_KEYTYPE_PAIRWISE &&
3306 key.type != NL80211_KEYTYPE_GROUP)
3307 return -EINVAL;
3308
3309 if (!rdev->ops->add_key)
3310 return -EOPNOTSUPP;
3311
3312 if (cfg80211_validate_key_settings(rdev, &key.p, key.idx,
3313 key.type == NL80211_KEYTYPE_PAIRWISE,
3314 mac_addr))
3315 return -EINVAL;
3316
3317 wdev_lock(dev->ieee80211_ptr);
3318 err = nl80211_key_allowed(dev->ieee80211_ptr);
3319 if (!err)
3320 err = rdev_add_key(rdev, dev, key.idx,
3321 key.type == NL80211_KEYTYPE_PAIRWISE,
3322 mac_addr, &key.p);
3323 wdev_unlock(dev->ieee80211_ptr);
3324
3325 return err;
3326 }
3327
3328 static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info)
3329 {
3330 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3331 int err;
3332 struct net_device *dev = info->user_ptr[1];
3333 u8 *mac_addr = NULL;
3334 struct key_parse key;
3335
3336 err = nl80211_parse_key(info, &key);
3337 if (err)
3338 return err;
3339
3340 if (info->attrs[NL80211_ATTR_MAC])
3341 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3342
3343 if (key.type == -1) {
3344 if (mac_addr)
3345 key.type = NL80211_KEYTYPE_PAIRWISE;
3346 else
3347 key.type = NL80211_KEYTYPE_GROUP;
3348 }
3349
3350 /* for now */
3351 if (key.type != NL80211_KEYTYPE_PAIRWISE &&
3352 key.type != NL80211_KEYTYPE_GROUP)
3353 return -EINVAL;
3354
3355 if (!rdev->ops->del_key)
3356 return -EOPNOTSUPP;
3357
3358 wdev_lock(dev->ieee80211_ptr);
3359 err = nl80211_key_allowed(dev->ieee80211_ptr);
3360
3361 if (key.type == NL80211_KEYTYPE_GROUP && mac_addr &&
3362 !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
3363 err = -ENOENT;
3364
3365 if (!err)
3366 err = rdev_del_key(rdev, dev, key.idx,
3367 key.type == NL80211_KEYTYPE_PAIRWISE,
3368 mac_addr);
3369
3370 #ifdef CONFIG_CFG80211_WEXT
3371 if (!err) {
3372 if (key.idx == dev->ieee80211_ptr->wext.default_key)
3373 dev->ieee80211_ptr->wext.default_key = -1;
3374 else if (key.idx == dev->ieee80211_ptr->wext.default_mgmt_key)
3375 dev->ieee80211_ptr->wext.default_mgmt_key = -1;
3376 }
3377 #endif
3378 wdev_unlock(dev->ieee80211_ptr);
3379
3380 return err;
3381 }
3382
3383 /* This function returns an error or the number of nested attributes */
3384 static int validate_acl_mac_addrs(struct nlattr *nl_attr)
3385 {
3386 struct nlattr *attr;
3387 int n_entries = 0, tmp;
3388
3389 nla_for_each_nested(attr, nl_attr, tmp) {
3390 if (nla_len(attr) != ETH_ALEN)
3391 return -EINVAL;
3392
3393 n_entries++;
3394 }
3395
3396 return n_entries;
3397 }
3398
3399 /*
3400 * This function parses ACL information and allocates memory for ACL data.
3401 * On successful return, the calling function is responsible to free the
3402 * ACL buffer returned by this function.
3403 */
3404 static struct cfg80211_acl_data *parse_acl_data(struct wiphy *wiphy,
3405 struct genl_info *info)
3406 {
3407 enum nl80211_acl_policy acl_policy;
3408 struct nlattr *attr;
3409 struct cfg80211_acl_data *acl;
3410 int i = 0, n_entries, tmp;
3411
3412 if (!wiphy->max_acl_mac_addrs)
3413 return ERR_PTR(-EOPNOTSUPP);
3414
3415 if (!info->attrs[NL80211_ATTR_ACL_POLICY])
3416 return ERR_PTR(-EINVAL);
3417
3418 acl_policy = nla_get_u32(info->attrs[NL80211_ATTR_ACL_POLICY]);
3419 if (acl_policy != NL80211_ACL_POLICY_ACCEPT_UNLESS_LISTED &&
3420 acl_policy != NL80211_ACL_POLICY_DENY_UNLESS_LISTED)
3421 return ERR_PTR(-EINVAL);
3422
3423 if (!info->attrs[NL80211_ATTR_MAC_ADDRS])
3424 return ERR_PTR(-EINVAL);
3425
3426 n_entries = validate_acl_mac_addrs(info->attrs[NL80211_ATTR_MAC_ADDRS]);
3427 if (n_entries < 0)
3428 return ERR_PTR(n_entries);
3429
3430 if (n_entries > wiphy->max_acl_mac_addrs)
3431 return ERR_PTR(-ENOTSUPP);
3432
3433 acl = kzalloc(sizeof(*acl) + (sizeof(struct mac_address) * n_entries),
3434 GFP_KERNEL);
3435 if (!acl)
3436 return ERR_PTR(-ENOMEM);
3437
3438 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_MAC_ADDRS], tmp) {
3439 memcpy(acl->mac_addrs[i].addr, nla_data(attr), ETH_ALEN);
3440 i++;
3441 }
3442
3443 acl->n_acl_entries = n_entries;
3444 acl->acl_policy = acl_policy;
3445
3446 return acl;
3447 }
3448
3449 static int nl80211_set_mac_acl(struct sk_buff *skb, struct genl_info *info)
3450 {
3451 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3452 struct net_device *dev = info->user_ptr[1];
3453 struct cfg80211_acl_data *acl;
3454 int err;
3455
3456 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
3457 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3458 return -EOPNOTSUPP;
3459
3460 if (!dev->ieee80211_ptr->beacon_interval)
3461 return -EINVAL;
3462
3463 acl = parse_acl_data(&rdev->wiphy, info);
3464 if (IS_ERR(acl))
3465 return PTR_ERR(acl);
3466
3467 err = rdev_set_mac_acl(rdev, dev, acl);
3468
3469 kfree(acl);
3470
3471 return err;
3472 }
3473
3474 static u32 rateset_to_mask(struct ieee80211_supported_band *sband,
3475 u8 *rates, u8 rates_len)
3476 {
3477 u8 i;
3478 u32 mask = 0;
3479
3480 for (i = 0; i < rates_len; i++) {
3481 int rate = (rates[i] & 0x7f) * 5;
3482 int ridx;
3483
3484 for (ridx = 0; ridx < sband->n_bitrates; ridx++) {
3485 struct ieee80211_rate *srate =
3486 &sband->bitrates[ridx];
3487 if (rate == srate->bitrate) {
3488 mask |= 1 << ridx;
3489 break;
3490 }
3491 }
3492 if (ridx == sband->n_bitrates)
3493 return 0; /* rate not found */
3494 }
3495
3496 return mask;
3497 }
3498
3499 static bool ht_rateset_to_mask(struct ieee80211_supported_band *sband,
3500 u8 *rates, u8 rates_len,
3501 u8 mcs[IEEE80211_HT_MCS_MASK_LEN])
3502 {
3503 u8 i;
3504
3505 memset(mcs, 0, IEEE80211_HT_MCS_MASK_LEN);
3506
3507 for (i = 0; i < rates_len; i++) {
3508 int ridx, rbit;
3509
3510 ridx = rates[i] / 8;
3511 rbit = BIT(rates[i] % 8);
3512
3513 /* check validity */
3514 if ((ridx < 0) || (ridx >= IEEE80211_HT_MCS_MASK_LEN))
3515 return false;
3516
3517 /* check availability */
3518 ridx = array_index_nospec(ridx, IEEE80211_HT_MCS_MASK_LEN);
3519 if (sband->ht_cap.mcs.rx_mask[ridx] & rbit)
3520 mcs[ridx] |= rbit;
3521 else
3522 return false;
3523 }
3524
3525 return true;
3526 }
3527
3528 static u16 vht_mcs_map_to_mcs_mask(u8 vht_mcs_map)
3529 {
3530 u16 mcs_mask = 0;
3531
3532 switch (vht_mcs_map) {
3533 case IEEE80211_VHT_MCS_NOT_SUPPORTED:
3534 break;
3535 case IEEE80211_VHT_MCS_SUPPORT_0_7:
3536 mcs_mask = 0x00FF;
3537 break;
3538 case IEEE80211_VHT_MCS_SUPPORT_0_8:
3539 mcs_mask = 0x01FF;
3540 break;
3541 case IEEE80211_VHT_MCS_SUPPORT_0_9:
3542 mcs_mask = 0x03FF;
3543 break;
3544 default:
3545 break;
3546 }
3547
3548 return mcs_mask;
3549 }
3550
3551 static void vht_build_mcs_mask(u16 vht_mcs_map,
3552 u16 vht_mcs_mask[NL80211_VHT_NSS_MAX])
3553 {
3554 u8 nss;
3555
3556 for (nss = 0; nss < NL80211_VHT_NSS_MAX; nss++) {
3557 vht_mcs_mask[nss] = vht_mcs_map_to_mcs_mask(vht_mcs_map & 0x03);
3558 vht_mcs_map >>= 2;
3559 }
3560 }
3561
3562 static bool vht_set_mcs_mask(struct ieee80211_supported_band *sband,
3563 struct nl80211_txrate_vht *txrate,
3564 u16 mcs[NL80211_VHT_NSS_MAX])
3565 {
3566 u16 tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
3567 u16 tx_mcs_mask[NL80211_VHT_NSS_MAX] = {};
3568 u8 i;
3569
3570 if (!sband->vht_cap.vht_supported)
3571 return false;
3572
3573 memset(mcs, 0, sizeof(u16) * NL80211_VHT_NSS_MAX);
3574
3575 /* Build vht_mcs_mask from VHT capabilities */
3576 vht_build_mcs_mask(tx_mcs_map, tx_mcs_mask);
3577
3578 for (i = 0; i < NL80211_VHT_NSS_MAX; i++) {
3579 if ((tx_mcs_mask[i] & txrate->mcs[i]) == txrate->mcs[i])
3580 mcs[i] = txrate->mcs[i];
3581 else
3582 return false;
3583 }
3584
3585 return true;
3586 }
3587
3588 static const struct nla_policy nl80211_txattr_policy[NL80211_TXRATE_MAX + 1] = {
3589 [NL80211_TXRATE_LEGACY] = { .type = NLA_BINARY,
3590 .len = NL80211_MAX_SUPP_RATES },
3591 [NL80211_TXRATE_HT] = { .type = NLA_BINARY,
3592 .len = NL80211_MAX_SUPP_HT_RATES },
3593 [NL80211_TXRATE_VHT] = { .len = sizeof(struct nl80211_txrate_vht)},
3594 [NL80211_TXRATE_GI] = { .type = NLA_U8 },
3595 };
3596
3597 static int nl80211_parse_tx_bitrate_mask(struct genl_info *info,
3598 struct cfg80211_bitrate_mask *mask)
3599 {
3600 struct nlattr *tb[NL80211_TXRATE_MAX + 1];
3601 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3602 int rem, i;
3603 struct nlattr *tx_rates;
3604 struct ieee80211_supported_band *sband;
3605 u16 vht_tx_mcs_map;
3606
3607 memset(mask, 0, sizeof(*mask));
3608 /* Default to all rates enabled */
3609 for (i = 0; i < NUM_NL80211_BANDS; i++) {
3610 sband = rdev->wiphy.bands[i];
3611
3612 if (!sband)
3613 continue;
3614
3615 mask->control[i].legacy = (1 << sband->n_bitrates) - 1;
3616 memcpy(mask->control[i].ht_mcs,
3617 sband->ht_cap.mcs.rx_mask,
3618 sizeof(mask->control[i].ht_mcs));
3619
3620 if (!sband->vht_cap.vht_supported)
3621 continue;
3622
3623 vht_tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
3624 vht_build_mcs_mask(vht_tx_mcs_map, mask->control[i].vht_mcs);
3625 }
3626
3627 /* if no rates are given set it back to the defaults */
3628 if (!info->attrs[NL80211_ATTR_TX_RATES])
3629 goto out;
3630
3631 /* The nested attribute uses enum nl80211_band as the index. This maps
3632 * directly to the enum nl80211_band values used in cfg80211.
3633 */
3634 BUILD_BUG_ON(NL80211_MAX_SUPP_HT_RATES > IEEE80211_HT_MCS_MASK_LEN * 8);
3635 nla_for_each_nested(tx_rates, info->attrs[NL80211_ATTR_TX_RATES], rem) {
3636 enum nl80211_band band = nla_type(tx_rates);
3637 int err;
3638
3639 if (band < 0 || band >= NUM_NL80211_BANDS)
3640 return -EINVAL;
3641 sband = rdev->wiphy.bands[band];
3642 if (sband == NULL)
3643 return -EINVAL;
3644 err = nla_parse_nested(tb, NL80211_TXRATE_MAX, tx_rates,
3645 nl80211_txattr_policy, info->extack);
3646 if (err)
3647 return err;
3648 if (tb[NL80211_TXRATE_LEGACY]) {
3649 mask->control[band].legacy = rateset_to_mask(
3650 sband,
3651 nla_data(tb[NL80211_TXRATE_LEGACY]),
3652 nla_len(tb[NL80211_TXRATE_LEGACY]));
3653 if ((mask->control[band].legacy == 0) &&
3654 nla_len(tb[NL80211_TXRATE_LEGACY]))
3655 return -EINVAL;
3656 }
3657 if (tb[NL80211_TXRATE_HT]) {
3658 if (!ht_rateset_to_mask(
3659 sband,
3660 nla_data(tb[NL80211_TXRATE_HT]),
3661 nla_len(tb[NL80211_TXRATE_HT]),
3662 mask->control[band].ht_mcs))
3663 return -EINVAL;
3664 }
3665 if (tb[NL80211_TXRATE_VHT]) {
3666 if (!vht_set_mcs_mask(
3667 sband,
3668 nla_data(tb[NL80211_TXRATE_VHT]),
3669 mask->control[band].vht_mcs))
3670 return -EINVAL;
3671 }
3672 if (tb[NL80211_TXRATE_GI]) {
3673 mask->control[band].gi =
3674 nla_get_u8(tb[NL80211_TXRATE_GI]);
3675 if (mask->control[band].gi > NL80211_TXRATE_FORCE_LGI)
3676 return -EINVAL;
3677 }
3678
3679 if (mask->control[band].legacy == 0) {
3680 /* don't allow empty legacy rates if HT or VHT
3681 * are not even supported.
3682 */
3683 if (!(rdev->wiphy.bands[band]->ht_cap.ht_supported ||
3684 rdev->wiphy.bands[band]->vht_cap.vht_supported))
3685 return -EINVAL;
3686
3687 for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++)
3688 if (mask->control[band].ht_mcs[i])
3689 goto out;
3690
3691 for (i = 0; i < NL80211_VHT_NSS_MAX; i++)
3692 if (mask->control[band].vht_mcs[i])
3693 goto out;
3694
3695 /* legacy and mcs rates may not be both empty */
3696 return -EINVAL;
3697 }
3698 }
3699
3700 out:
3701 return 0;
3702 }
3703
3704 static int validate_beacon_tx_rate(struct cfg80211_registered_device *rdev,
3705 enum nl80211_band band,
3706 struct cfg80211_bitrate_mask *beacon_rate)
3707 {
3708 u32 count_ht, count_vht, i;
3709 u32 rate = beacon_rate->control[band].legacy;
3710
3711 /* Allow only one rate */
3712 if (hweight32(rate) > 1)
3713 return -EINVAL;
3714
3715 count_ht = 0;
3716 for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++) {
3717 if (hweight8(beacon_rate->control[band].ht_mcs[i]) > 1) {
3718 return -EINVAL;
3719 } else if (beacon_rate->control[band].ht_mcs[i]) {
3720 count_ht++;
3721 if (count_ht > 1)
3722 return -EINVAL;
3723 }
3724 if (count_ht && rate)
3725 return -EINVAL;
3726 }
3727
3728 count_vht = 0;
3729 for (i = 0; i < NL80211_VHT_NSS_MAX; i++) {
3730 if (hweight16(beacon_rate->control[band].vht_mcs[i]) > 1) {
3731 return -EINVAL;
3732 } else if (beacon_rate->control[band].vht_mcs[i]) {
3733 count_vht++;
3734 if (count_vht > 1)
3735 return -EINVAL;
3736 }
3737 if (count_vht && rate)
3738 return -EINVAL;
3739 }
3740
3741 if ((count_ht && count_vht) || (!rate && !count_ht && !count_vht))
3742 return -EINVAL;
3743
3744 if (rate &&
3745 !wiphy_ext_feature_isset(&rdev->wiphy,
3746 NL80211_EXT_FEATURE_BEACON_RATE_LEGACY))
3747 return -EINVAL;
3748 if (count_ht &&
3749 !wiphy_ext_feature_isset(&rdev->wiphy,
3750 NL80211_EXT_FEATURE_BEACON_RATE_HT))
3751 return -EINVAL;
3752 if (count_vht &&
3753 !wiphy_ext_feature_isset(&rdev->wiphy,
3754 NL80211_EXT_FEATURE_BEACON_RATE_VHT))
3755 return -EINVAL;
3756
3757 return 0;
3758 }
3759
3760 static int nl80211_parse_beacon(struct nlattr *attrs[],
3761 struct cfg80211_beacon_data *bcn)
3762 {
3763 bool haveinfo = false;
3764
3765 if (!is_valid_ie_attr(attrs[NL80211_ATTR_BEACON_TAIL]) ||
3766 !is_valid_ie_attr(attrs[NL80211_ATTR_IE]) ||
3767 !is_valid_ie_attr(attrs[NL80211_ATTR_IE_PROBE_RESP]) ||
3768 !is_valid_ie_attr(attrs[NL80211_ATTR_IE_ASSOC_RESP]))
3769 return -EINVAL;
3770
3771 memset(bcn, 0, sizeof(*bcn));
3772
3773 if (attrs[NL80211_ATTR_BEACON_HEAD]) {
3774 int ret = validate_beacon_head(attrs[NL80211_ATTR_BEACON_HEAD],
3775 NULL);
3776
3777 if (ret)
3778 return ret;
3779
3780 bcn->head = nla_data(attrs[NL80211_ATTR_BEACON_HEAD]);
3781 bcn->head_len = nla_len(attrs[NL80211_ATTR_BEACON_HEAD]);
3782 if (!bcn->head_len)
3783 return -EINVAL;
3784 haveinfo = true;
3785 }
3786
3787 if (attrs[NL80211_ATTR_BEACON_TAIL]) {
3788 bcn->tail = nla_data(attrs[NL80211_ATTR_BEACON_TAIL]);
3789 bcn->tail_len = nla_len(attrs[NL80211_ATTR_BEACON_TAIL]);
3790 haveinfo = true;
3791 }
3792
3793 if (!haveinfo)
3794 return -EINVAL;
3795
3796 if (attrs[NL80211_ATTR_IE]) {
3797 bcn->beacon_ies = nla_data(attrs[NL80211_ATTR_IE]);
3798 bcn->beacon_ies_len = nla_len(attrs[NL80211_ATTR_IE]);
3799 }
3800
3801 if (attrs[NL80211_ATTR_IE_PROBE_RESP]) {
3802 bcn->proberesp_ies =
3803 nla_data(attrs[NL80211_ATTR_IE_PROBE_RESP]);
3804 bcn->proberesp_ies_len =
3805 nla_len(attrs[NL80211_ATTR_IE_PROBE_RESP]);
3806 }
3807
3808 if (attrs[NL80211_ATTR_IE_ASSOC_RESP]) {
3809 bcn->assocresp_ies =
3810 nla_data(attrs[NL80211_ATTR_IE_ASSOC_RESP]);
3811 bcn->assocresp_ies_len =
3812 nla_len(attrs[NL80211_ATTR_IE_ASSOC_RESP]);
3813 }
3814
3815 if (attrs[NL80211_ATTR_PROBE_RESP]) {
3816 bcn->probe_resp = nla_data(attrs[NL80211_ATTR_PROBE_RESP]);
3817 bcn->probe_resp_len = nla_len(attrs[NL80211_ATTR_PROBE_RESP]);
3818 }
3819
3820 return 0;
3821 }
3822
3823 static void nl80211_check_ap_rate_selectors(struct cfg80211_ap_settings *params,
3824 const u8 *rates)
3825 {
3826 int i;
3827
3828 if (!rates)
3829 return;
3830
3831 for (i = 0; i < rates[1]; i++) {
3832 if (rates[2 + i] == BSS_MEMBERSHIP_SELECTOR_HT_PHY)
3833 params->ht_required = true;
3834 if (rates[2 + i] == BSS_MEMBERSHIP_SELECTOR_VHT_PHY)
3835 params->vht_required = true;
3836 }
3837 }
3838
3839 /*
3840 * Since the nl80211 API didn't include, from the beginning, attributes about
3841 * HT/VHT requirements/capabilities, we parse them out of the IEs for the
3842 * benefit of drivers that rebuild IEs in the firmware.
3843 */
3844 static void nl80211_calculate_ap_params(struct cfg80211_ap_settings *params)
3845 {
3846 const struct cfg80211_beacon_data *bcn = &params->beacon;
3847 size_t ies_len = bcn->tail_len;
3848 const u8 *ies = bcn->tail;
3849 const u8 *rates;
3850 const u8 *cap;
3851
3852 rates = cfg80211_find_ie(WLAN_EID_SUPP_RATES, ies, ies_len);
3853 nl80211_check_ap_rate_selectors(params, rates);
3854
3855 rates = cfg80211_find_ie(WLAN_EID_EXT_SUPP_RATES, ies, ies_len);
3856 nl80211_check_ap_rate_selectors(params, rates);
3857
3858 cap = cfg80211_find_ie(WLAN_EID_HT_CAPABILITY, ies, ies_len);
3859 if (cap && cap[1] >= sizeof(*params->ht_cap))
3860 params->ht_cap = (void *)(cap + 2);
3861 cap = cfg80211_find_ie(WLAN_EID_VHT_CAPABILITY, ies, ies_len);
3862 if (cap && cap[1] >= sizeof(*params->vht_cap))
3863 params->vht_cap = (void *)(cap + 2);
3864 }
3865
3866 static bool nl80211_get_ap_channel(struct cfg80211_registered_device *rdev,
3867 struct cfg80211_ap_settings *params)
3868 {
3869 struct wireless_dev *wdev;
3870 bool ret = false;
3871
3872 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
3873 if (wdev->iftype != NL80211_IFTYPE_AP &&
3874 wdev->iftype != NL80211_IFTYPE_P2P_GO)
3875 continue;
3876
3877 if (!wdev->preset_chandef.chan)
3878 continue;
3879
3880 params->chandef = wdev->preset_chandef;
3881 ret = true;
3882 break;
3883 }
3884
3885 return ret;
3886 }
3887
3888 static bool nl80211_valid_auth_type(struct cfg80211_registered_device *rdev,
3889 enum nl80211_auth_type auth_type,
3890 enum nl80211_commands cmd)
3891 {
3892 if (auth_type > NL80211_AUTHTYPE_MAX)
3893 return false;
3894
3895 switch (cmd) {
3896 case NL80211_CMD_AUTHENTICATE:
3897 if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) &&
3898 auth_type == NL80211_AUTHTYPE_SAE)
3899 return false;
3900 if (!wiphy_ext_feature_isset(&rdev->wiphy,
3901 NL80211_EXT_FEATURE_FILS_STA) &&
3902 (auth_type == NL80211_AUTHTYPE_FILS_SK ||
3903 auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
3904 auth_type == NL80211_AUTHTYPE_FILS_PK))
3905 return false;
3906 return true;
3907 case NL80211_CMD_CONNECT:
3908 if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) &&
3909 auth_type == NL80211_AUTHTYPE_SAE)
3910 return false;
3911 /* FILS with SK PFS or PK not supported yet */
3912 if (auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
3913 auth_type == NL80211_AUTHTYPE_FILS_PK)
3914 return false;
3915 if (!wiphy_ext_feature_isset(
3916 &rdev->wiphy,
3917 NL80211_EXT_FEATURE_FILS_SK_OFFLOAD) &&
3918 auth_type == NL80211_AUTHTYPE_FILS_SK)
3919 return false;
3920 return true;
3921 case NL80211_CMD_START_AP:
3922 /* SAE not supported yet */
3923 if (auth_type == NL80211_AUTHTYPE_SAE)
3924 return false;
3925 /* FILS not supported yet */
3926 if (auth_type == NL80211_AUTHTYPE_FILS_SK ||
3927 auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
3928 auth_type == NL80211_AUTHTYPE_FILS_PK)
3929 return false;
3930 return true;
3931 default:
3932 return false;
3933 }
3934 }
3935
3936 static int nl80211_start_ap(struct sk_buff *skb, struct genl_info *info)
3937 {
3938 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3939 struct net_device *dev = info->user_ptr[1];
3940 struct wireless_dev *wdev = dev->ieee80211_ptr;
3941 struct cfg80211_ap_settings params;
3942 int err;
3943
3944 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
3945 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3946 return -EOPNOTSUPP;
3947
3948 if (!rdev->ops->start_ap)
3949 return -EOPNOTSUPP;
3950
3951 if (wdev->beacon_interval)
3952 return -EALREADY;
3953
3954 memset(&params, 0, sizeof(params));
3955
3956 /* these are required for START_AP */
3957 if (!info->attrs[NL80211_ATTR_BEACON_INTERVAL] ||
3958 !info->attrs[NL80211_ATTR_DTIM_PERIOD] ||
3959 !info->attrs[NL80211_ATTR_BEACON_HEAD])
3960 return -EINVAL;
3961
3962 err = nl80211_parse_beacon(info->attrs, &params.beacon);
3963 if (err)
3964 return err;
3965
3966 params.beacon_interval =
3967 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
3968 params.dtim_period =
3969 nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
3970
3971 err = cfg80211_validate_beacon_int(rdev, dev->ieee80211_ptr->iftype,
3972 params.beacon_interval);
3973 if (err)
3974 return err;
3975
3976 /*
3977 * In theory, some of these attributes should be required here
3978 * but since they were not used when the command was originally
3979 * added, keep them optional for old user space programs to let
3980 * them continue to work with drivers that do not need the
3981 * additional information -- drivers must check!
3982 */
3983 if (info->attrs[NL80211_ATTR_SSID]) {
3984 params.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
3985 params.ssid_len =
3986 nla_len(info->attrs[NL80211_ATTR_SSID]);
3987 if (params.ssid_len == 0 ||
3988 params.ssid_len > IEEE80211_MAX_SSID_LEN)
3989 return -EINVAL;
3990 }
3991
3992 if (info->attrs[NL80211_ATTR_HIDDEN_SSID]) {
3993 params.hidden_ssid = nla_get_u32(
3994 info->attrs[NL80211_ATTR_HIDDEN_SSID]);
3995 if (params.hidden_ssid != NL80211_HIDDEN_SSID_NOT_IN_USE &&
3996 params.hidden_ssid != NL80211_HIDDEN_SSID_ZERO_LEN &&
3997 params.hidden_ssid != NL80211_HIDDEN_SSID_ZERO_CONTENTS)
3998 return -EINVAL;
3999 }
4000
4001 params.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
4002
4003 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
4004 params.auth_type = nla_get_u32(
4005 info->attrs[NL80211_ATTR_AUTH_TYPE]);
4006 if (!nl80211_valid_auth_type(rdev, params.auth_type,
4007 NL80211_CMD_START_AP))
4008 return -EINVAL;
4009 } else
4010 params.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
4011
4012 err = nl80211_crypto_settings(rdev, info, &params.crypto,
4013 NL80211_MAX_NR_CIPHER_SUITES);
4014 if (err)
4015 return err;
4016
4017 if (info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]) {
4018 if (!(rdev->wiphy.features & NL80211_FEATURE_INACTIVITY_TIMER))
4019 return -EOPNOTSUPP;
4020 params.inactivity_timeout = nla_get_u16(
4021 info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]);
4022 }
4023
4024 if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
4025 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4026 return -EINVAL;
4027 params.p2p_ctwindow =
4028 nla_get_u8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
4029 if (params.p2p_ctwindow > 127)
4030 return -EINVAL;
4031 if (params.p2p_ctwindow != 0 &&
4032 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN))
4033 return -EINVAL;
4034 }
4035
4036 if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
4037 u8 tmp;
4038
4039 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4040 return -EINVAL;
4041 tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
4042 if (tmp > 1)
4043 return -EINVAL;
4044 params.p2p_opp_ps = tmp;
4045 if (params.p2p_opp_ps != 0 &&
4046 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS))
4047 return -EINVAL;
4048 }
4049
4050 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
4051 err = nl80211_parse_chandef(rdev, info, &params.chandef);
4052 if (err)
4053 return err;
4054 } else if (wdev->preset_chandef.chan) {
4055 params.chandef = wdev->preset_chandef;
4056 } else if (!nl80211_get_ap_channel(rdev, &params))
4057 return -EINVAL;
4058
4059 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &params.chandef,
4060 wdev->iftype))
4061 return -EINVAL;
4062
4063 if (info->attrs[NL80211_ATTR_TX_RATES]) {
4064 err = nl80211_parse_tx_bitrate_mask(info, &params.beacon_rate);
4065 if (err)
4066 return err;
4067
4068 err = validate_beacon_tx_rate(rdev, params.chandef.chan->band,
4069 &params.beacon_rate);
4070 if (err)
4071 return err;
4072 }
4073
4074 if (info->attrs[NL80211_ATTR_SMPS_MODE]) {
4075 params.smps_mode =
4076 nla_get_u8(info->attrs[NL80211_ATTR_SMPS_MODE]);
4077 switch (params.smps_mode) {
4078 case NL80211_SMPS_OFF:
4079 break;
4080 case NL80211_SMPS_STATIC:
4081 if (!(rdev->wiphy.features &
4082 NL80211_FEATURE_STATIC_SMPS))
4083 return -EINVAL;
4084 break;
4085 case NL80211_SMPS_DYNAMIC:
4086 if (!(rdev->wiphy.features &
4087 NL80211_FEATURE_DYNAMIC_SMPS))
4088 return -EINVAL;
4089 break;
4090 default:
4091 return -EINVAL;
4092 }
4093 } else {
4094 params.smps_mode = NL80211_SMPS_OFF;
4095 }
4096
4097 params.pbss = nla_get_flag(info->attrs[NL80211_ATTR_PBSS]);
4098 if (params.pbss && !rdev->wiphy.bands[NL80211_BAND_60GHZ])
4099 return -EOPNOTSUPP;
4100
4101 if (info->attrs[NL80211_ATTR_ACL_POLICY]) {
4102 params.acl = parse_acl_data(&rdev->wiphy, info);
4103 if (IS_ERR(params.acl))
4104 return PTR_ERR(params.acl);
4105 }
4106
4107 nl80211_calculate_ap_params(&params);
4108
4109 wdev_lock(wdev);
4110 err = rdev_start_ap(rdev, dev, &params);
4111 if (!err) {
4112 wdev->preset_chandef = params.chandef;
4113 wdev->beacon_interval = params.beacon_interval;
4114 wdev->chandef = params.chandef;
4115 wdev->ssid_len = params.ssid_len;
4116 memcpy(wdev->ssid, params.ssid, wdev->ssid_len);
4117 }
4118 wdev_unlock(wdev);
4119
4120 kfree(params.acl);
4121
4122 return err;
4123 }
4124
4125 static int nl80211_set_beacon(struct sk_buff *skb, struct genl_info *info)
4126 {
4127 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4128 struct net_device *dev = info->user_ptr[1];
4129 struct wireless_dev *wdev = dev->ieee80211_ptr;
4130 struct cfg80211_beacon_data params;
4131 int err;
4132
4133 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
4134 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4135 return -EOPNOTSUPP;
4136
4137 if (!rdev->ops->change_beacon)
4138 return -EOPNOTSUPP;
4139
4140 if (!wdev->beacon_interval)
4141 return -EINVAL;
4142
4143 err = nl80211_parse_beacon(info->attrs, &params);
4144 if (err)
4145 return err;
4146
4147 wdev_lock(wdev);
4148 err = rdev_change_beacon(rdev, dev, &params);
4149 wdev_unlock(wdev);
4150
4151 return err;
4152 }
4153
4154 static int nl80211_stop_ap(struct sk_buff *skb, struct genl_info *info)
4155 {
4156 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4157 struct net_device *dev = info->user_ptr[1];
4158
4159 return cfg80211_stop_ap(rdev, dev, false);
4160 }
4161
4162 static const struct nla_policy sta_flags_policy[NL80211_STA_FLAG_MAX + 1] = {
4163 [NL80211_STA_FLAG_AUTHORIZED] = { .type = NLA_FLAG },
4164 [NL80211_STA_FLAG_SHORT_PREAMBLE] = { .type = NLA_FLAG },
4165 [NL80211_STA_FLAG_WME] = { .type = NLA_FLAG },
4166 [NL80211_STA_FLAG_MFP] = { .type = NLA_FLAG },
4167 [NL80211_STA_FLAG_AUTHENTICATED] = { .type = NLA_FLAG },
4168 [NL80211_STA_FLAG_TDLS_PEER] = { .type = NLA_FLAG },
4169 };
4170
4171 static int parse_station_flags(struct genl_info *info,
4172 enum nl80211_iftype iftype,
4173 struct station_parameters *params)
4174 {
4175 struct nlattr *flags[NL80211_STA_FLAG_MAX + 1];
4176 struct nlattr *nla;
4177 int flag;
4178
4179 /*
4180 * Try parsing the new attribute first so userspace
4181 * can specify both for older kernels.
4182 */
4183 nla = info->attrs[NL80211_ATTR_STA_FLAGS2];
4184 if (nla) {
4185 struct nl80211_sta_flag_update *sta_flags;
4186
4187 sta_flags = nla_data(nla);
4188 params->sta_flags_mask = sta_flags->mask;
4189 params->sta_flags_set = sta_flags->set;
4190 params->sta_flags_set &= params->sta_flags_mask;
4191 if ((params->sta_flags_mask |
4192 params->sta_flags_set) & BIT(__NL80211_STA_FLAG_INVALID))
4193 return -EINVAL;
4194 return 0;
4195 }
4196
4197 /* if present, parse the old attribute */
4198
4199 nla = info->attrs[NL80211_ATTR_STA_FLAGS];
4200 if (!nla)
4201 return 0;
4202
4203 if (nla_parse_nested(flags, NL80211_STA_FLAG_MAX, nla,
4204 sta_flags_policy, info->extack))
4205 return -EINVAL;
4206
4207 /*
4208 * Only allow certain flags for interface types so that
4209 * other attributes are silently ignored. Remember that
4210 * this is backward compatibility code with old userspace
4211 * and shouldn't be hit in other cases anyway.
4212 */
4213 switch (iftype) {
4214 case NL80211_IFTYPE_AP:
4215 case NL80211_IFTYPE_AP_VLAN:
4216 case NL80211_IFTYPE_P2P_GO:
4217 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
4218 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
4219 BIT(NL80211_STA_FLAG_WME) |
4220 BIT(NL80211_STA_FLAG_MFP);
4221 break;
4222 case NL80211_IFTYPE_P2P_CLIENT:
4223 case NL80211_IFTYPE_STATION:
4224 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
4225 BIT(NL80211_STA_FLAG_TDLS_PEER);
4226 break;
4227 case NL80211_IFTYPE_MESH_POINT:
4228 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHENTICATED) |
4229 BIT(NL80211_STA_FLAG_MFP) |
4230 BIT(NL80211_STA_FLAG_AUTHORIZED);
4231 break;
4232 default:
4233 return -EINVAL;
4234 }
4235
4236 for (flag = 1; flag <= NL80211_STA_FLAG_MAX; flag++) {
4237 if (flags[flag]) {
4238 params->sta_flags_set |= (1<<flag);
4239
4240 /* no longer support new API additions in old API */
4241 if (flag > NL80211_STA_FLAG_MAX_OLD_API)
4242 return -EINVAL;
4243 }
4244 }
4245
4246 return 0;
4247 }
4248
4249 static bool nl80211_put_sta_rate(struct sk_buff *msg, struct rate_info *info,
4250 int attr)
4251 {
4252 struct nlattr *rate;
4253 u32 bitrate;
4254 u16 bitrate_compat;
4255 enum nl80211_rate_info rate_flg;
4256
4257 rate = nla_nest_start(msg, attr);
4258 if (!rate)
4259 return false;
4260
4261 /* cfg80211_calculate_bitrate will return 0 for mcs >= 32 */
4262 bitrate = cfg80211_calculate_bitrate(info);
4263 /* report 16-bit bitrate only if we can */
4264 bitrate_compat = bitrate < (1UL << 16) ? bitrate : 0;
4265 if (bitrate > 0 &&
4266 nla_put_u32(msg, NL80211_RATE_INFO_BITRATE32, bitrate))
4267 return false;
4268 if (bitrate_compat > 0 &&
4269 nla_put_u16(msg, NL80211_RATE_INFO_BITRATE, bitrate_compat))
4270 return false;
4271
4272 switch (info->bw) {
4273 case RATE_INFO_BW_5:
4274 rate_flg = NL80211_RATE_INFO_5_MHZ_WIDTH;
4275 break;
4276 case RATE_INFO_BW_10:
4277 rate_flg = NL80211_RATE_INFO_10_MHZ_WIDTH;
4278 break;
4279 default:
4280 WARN_ON(1);
4281 /* fall through */
4282 case RATE_INFO_BW_20:
4283 rate_flg = 0;
4284 break;
4285 case RATE_INFO_BW_40:
4286 rate_flg = NL80211_RATE_INFO_40_MHZ_WIDTH;
4287 break;
4288 case RATE_INFO_BW_80:
4289 rate_flg = NL80211_RATE_INFO_80_MHZ_WIDTH;
4290 break;
4291 case RATE_INFO_BW_160:
4292 rate_flg = NL80211_RATE_INFO_160_MHZ_WIDTH;
4293 break;
4294 }
4295
4296 if (rate_flg && nla_put_flag(msg, rate_flg))
4297 return false;
4298
4299 if (info->flags & RATE_INFO_FLAGS_MCS) {
4300 if (nla_put_u8(msg, NL80211_RATE_INFO_MCS, info->mcs))
4301 return false;
4302 if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
4303 nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
4304 return false;
4305 } else if (info->flags & RATE_INFO_FLAGS_VHT_MCS) {
4306 if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_MCS, info->mcs))
4307 return false;
4308 if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_NSS, info->nss))
4309 return false;
4310 if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
4311 nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
4312 return false;
4313 }
4314
4315 nla_nest_end(msg, rate);
4316 return true;
4317 }
4318
4319 static bool nl80211_put_signal(struct sk_buff *msg, u8 mask, s8 *signal,
4320 int id)
4321 {
4322 void *attr;
4323 int i = 0;
4324
4325 if (!mask)
4326 return true;
4327
4328 attr = nla_nest_start(msg, id);
4329 if (!attr)
4330 return false;
4331
4332 for (i = 0; i < IEEE80211_MAX_CHAINS; i++) {
4333 if (!(mask & BIT(i)))
4334 continue;
4335
4336 if (nla_put_u8(msg, i, signal[i]))
4337 return false;
4338 }
4339
4340 nla_nest_end(msg, attr);
4341
4342 return true;
4343 }
4344
4345 static int nl80211_send_station(struct sk_buff *msg, u32 cmd, u32 portid,
4346 u32 seq, int flags,
4347 struct cfg80211_registered_device *rdev,
4348 struct net_device *dev,
4349 const u8 *mac_addr, struct station_info *sinfo)
4350 {
4351 void *hdr;
4352 struct nlattr *sinfoattr, *bss_param;
4353
4354 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
4355 if (!hdr)
4356 return -1;
4357
4358 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
4359 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
4360 nla_put_u32(msg, NL80211_ATTR_GENERATION, sinfo->generation))
4361 goto nla_put_failure;
4362
4363 sinfoattr = nla_nest_start(msg, NL80211_ATTR_STA_INFO);
4364 if (!sinfoattr)
4365 goto nla_put_failure;
4366
4367 #define PUT_SINFO(attr, memb, type) do { \
4368 BUILD_BUG_ON(sizeof(type) == sizeof(u64)); \
4369 if (sinfo->filled & (1ULL << NL80211_STA_INFO_ ## attr) && \
4370 nla_put_ ## type(msg, NL80211_STA_INFO_ ## attr, \
4371 sinfo->memb)) \
4372 goto nla_put_failure; \
4373 } while (0)
4374 #define PUT_SINFO_U64(attr, memb) do { \
4375 if (sinfo->filled & (1ULL << NL80211_STA_INFO_ ## attr) && \
4376 nla_put_u64_64bit(msg, NL80211_STA_INFO_ ## attr, \
4377 sinfo->memb, NL80211_STA_INFO_PAD)) \
4378 goto nla_put_failure; \
4379 } while (0)
4380
4381 PUT_SINFO(CONNECTED_TIME, connected_time, u32);
4382 PUT_SINFO(INACTIVE_TIME, inactive_time, u32);
4383
4384 if (sinfo->filled & (BIT(NL80211_STA_INFO_RX_BYTES) |
4385 BIT(NL80211_STA_INFO_RX_BYTES64)) &&
4386 nla_put_u32(msg, NL80211_STA_INFO_RX_BYTES,
4387 (u32)sinfo->rx_bytes))
4388 goto nla_put_failure;
4389
4390 if (sinfo->filled & (BIT(NL80211_STA_INFO_TX_BYTES) |
4391 BIT(NL80211_STA_INFO_TX_BYTES64)) &&
4392 nla_put_u32(msg, NL80211_STA_INFO_TX_BYTES,
4393 (u32)sinfo->tx_bytes))
4394 goto nla_put_failure;
4395
4396 PUT_SINFO_U64(RX_BYTES64, rx_bytes);
4397 PUT_SINFO_U64(TX_BYTES64, tx_bytes);
4398 PUT_SINFO(LLID, llid, u16);
4399 PUT_SINFO(PLID, plid, u16);
4400 PUT_SINFO(PLINK_STATE, plink_state, u8);
4401 PUT_SINFO_U64(RX_DURATION, rx_duration);
4402
4403 switch (rdev->wiphy.signal_type) {
4404 case CFG80211_SIGNAL_TYPE_MBM:
4405 PUT_SINFO(SIGNAL, signal, u8);
4406 PUT_SINFO(SIGNAL_AVG, signal_avg, u8);
4407 break;
4408 default:
4409 break;
4410 }
4411 if (sinfo->filled & BIT(NL80211_STA_INFO_CHAIN_SIGNAL)) {
4412 if (!nl80211_put_signal(msg, sinfo->chains,
4413 sinfo->chain_signal,
4414 NL80211_STA_INFO_CHAIN_SIGNAL))
4415 goto nla_put_failure;
4416 }
4417 if (sinfo->filled & BIT(NL80211_STA_INFO_CHAIN_SIGNAL_AVG)) {
4418 if (!nl80211_put_signal(msg, sinfo->chains,
4419 sinfo->chain_signal_avg,
4420 NL80211_STA_INFO_CHAIN_SIGNAL_AVG))
4421 goto nla_put_failure;
4422 }
4423 if (sinfo->filled & BIT(NL80211_STA_INFO_TX_BITRATE)) {
4424 if (!nl80211_put_sta_rate(msg, &sinfo->txrate,
4425 NL80211_STA_INFO_TX_BITRATE))
4426 goto nla_put_failure;
4427 }
4428 if (sinfo->filled & BIT(NL80211_STA_INFO_RX_BITRATE)) {
4429 if (!nl80211_put_sta_rate(msg, &sinfo->rxrate,
4430 NL80211_STA_INFO_RX_BITRATE))
4431 goto nla_put_failure;
4432 }
4433
4434 PUT_SINFO(RX_PACKETS, rx_packets, u32);
4435 PUT_SINFO(TX_PACKETS, tx_packets, u32);
4436 PUT_SINFO(TX_RETRIES, tx_retries, u32);
4437 PUT_SINFO(TX_FAILED, tx_failed, u32);
4438 PUT_SINFO(EXPECTED_THROUGHPUT, expected_throughput, u32);
4439 PUT_SINFO(BEACON_LOSS, beacon_loss_count, u32);
4440 PUT_SINFO(LOCAL_PM, local_pm, u32);
4441 PUT_SINFO(PEER_PM, peer_pm, u32);
4442 PUT_SINFO(NONPEER_PM, nonpeer_pm, u32);
4443
4444 if (sinfo->filled & BIT(NL80211_STA_INFO_BSS_PARAM)) {
4445 bss_param = nla_nest_start(msg, NL80211_STA_INFO_BSS_PARAM);
4446 if (!bss_param)
4447 goto nla_put_failure;
4448
4449 if (((sinfo->bss_param.flags & BSS_PARAM_FLAGS_CTS_PROT) &&
4450 nla_put_flag(msg, NL80211_STA_BSS_PARAM_CTS_PROT)) ||
4451 ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_PREAMBLE) &&
4452 nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_PREAMBLE)) ||
4453 ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_SLOT_TIME) &&
4454 nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_SLOT_TIME)) ||
4455 nla_put_u8(msg, NL80211_STA_BSS_PARAM_DTIM_PERIOD,
4456 sinfo->bss_param.dtim_period) ||
4457 nla_put_u16(msg, NL80211_STA_BSS_PARAM_BEACON_INTERVAL,
4458 sinfo->bss_param.beacon_interval))
4459 goto nla_put_failure;
4460
4461 nla_nest_end(msg, bss_param);
4462 }
4463 if ((sinfo->filled & BIT(NL80211_STA_INFO_STA_FLAGS)) &&
4464 nla_put(msg, NL80211_STA_INFO_STA_FLAGS,
4465 sizeof(struct nl80211_sta_flag_update),
4466 &sinfo->sta_flags))
4467 goto nla_put_failure;
4468
4469 PUT_SINFO_U64(T_OFFSET, t_offset);
4470 PUT_SINFO_U64(RX_DROP_MISC, rx_dropped_misc);
4471 PUT_SINFO_U64(BEACON_RX, rx_beacon);
4472 PUT_SINFO(BEACON_SIGNAL_AVG, rx_beacon_signal_avg, u8);
4473
4474 #undef PUT_SINFO
4475 #undef PUT_SINFO_U64
4476
4477 if (sinfo->filled & BIT(NL80211_STA_INFO_TID_STATS)) {
4478 struct nlattr *tidsattr;
4479 int tid;
4480
4481 tidsattr = nla_nest_start(msg, NL80211_STA_INFO_TID_STATS);
4482 if (!tidsattr)
4483 goto nla_put_failure;
4484
4485 for (tid = 0; tid < IEEE80211_NUM_TIDS + 1; tid++) {
4486 struct cfg80211_tid_stats *tidstats;
4487 struct nlattr *tidattr;
4488
4489 tidstats = &sinfo->pertid[tid];
4490
4491 if (!tidstats->filled)
4492 continue;
4493
4494 tidattr = nla_nest_start(msg, tid + 1);
4495 if (!tidattr)
4496 goto nla_put_failure;
4497
4498 #define PUT_TIDVAL_U64(attr, memb) do { \
4499 if (tidstats->filled & BIT(NL80211_TID_STATS_ ## attr) && \
4500 nla_put_u64_64bit(msg, NL80211_TID_STATS_ ## attr, \
4501 tidstats->memb, NL80211_TID_STATS_PAD)) \
4502 goto nla_put_failure; \
4503 } while (0)
4504
4505 PUT_TIDVAL_U64(RX_MSDU, rx_msdu);
4506 PUT_TIDVAL_U64(TX_MSDU, tx_msdu);
4507 PUT_TIDVAL_U64(TX_MSDU_RETRIES, tx_msdu_retries);
4508 PUT_TIDVAL_U64(TX_MSDU_FAILED, tx_msdu_failed);
4509
4510 #undef PUT_TIDVAL_U64
4511 nla_nest_end(msg, tidattr);
4512 }
4513
4514 nla_nest_end(msg, tidsattr);
4515 }
4516
4517 nla_nest_end(msg, sinfoattr);
4518
4519 if (sinfo->assoc_req_ies_len &&
4520 nla_put(msg, NL80211_ATTR_IE, sinfo->assoc_req_ies_len,
4521 sinfo->assoc_req_ies))
4522 goto nla_put_failure;
4523
4524 genlmsg_end(msg, hdr);
4525 return 0;
4526
4527 nla_put_failure:
4528 genlmsg_cancel(msg, hdr);
4529 return -EMSGSIZE;
4530 }
4531
4532 static int nl80211_dump_station(struct sk_buff *skb,
4533 struct netlink_callback *cb)
4534 {
4535 struct station_info sinfo;
4536 struct cfg80211_registered_device *rdev;
4537 struct wireless_dev *wdev;
4538 u8 mac_addr[ETH_ALEN];
4539 int sta_idx = cb->args[2];
4540 int err;
4541
4542 rtnl_lock();
4543 err = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev);
4544 if (err)
4545 goto out_err;
4546
4547 if (!wdev->netdev) {
4548 err = -EINVAL;
4549 goto out_err;
4550 }
4551
4552 if (!rdev->ops->dump_station) {
4553 err = -EOPNOTSUPP;
4554 goto out_err;
4555 }
4556
4557 while (1) {
4558 memset(&sinfo, 0, sizeof(sinfo));
4559 err = rdev_dump_station(rdev, wdev->netdev, sta_idx,
4560 mac_addr, &sinfo);
4561 if (err == -ENOENT)
4562 break;
4563 if (err)
4564 goto out_err;
4565
4566 if (nl80211_send_station(skb, NL80211_CMD_NEW_STATION,
4567 NETLINK_CB(cb->skb).portid,
4568 cb->nlh->nlmsg_seq, NLM_F_MULTI,
4569 rdev, wdev->netdev, mac_addr,
4570 &sinfo) < 0)
4571 goto out;
4572
4573 sta_idx++;
4574 }
4575
4576 out:
4577 cb->args[2] = sta_idx;
4578 err = skb->len;
4579 out_err:
4580 rtnl_unlock();
4581
4582 return err;
4583 }
4584
4585 static int nl80211_get_station(struct sk_buff *skb, struct genl_info *info)
4586 {
4587 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4588 struct net_device *dev = info->user_ptr[1];
4589 struct station_info sinfo;
4590 struct sk_buff *msg;
4591 u8 *mac_addr = NULL;
4592 int err;
4593
4594 memset(&sinfo, 0, sizeof(sinfo));
4595
4596 if (!info->attrs[NL80211_ATTR_MAC])
4597 return -EINVAL;
4598
4599 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4600
4601 if (!rdev->ops->get_station)
4602 return -EOPNOTSUPP;
4603
4604 err = rdev_get_station(rdev, dev, mac_addr, &sinfo);
4605 if (err)
4606 return err;
4607
4608 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4609 if (!msg)
4610 return -ENOMEM;
4611
4612 if (nl80211_send_station(msg, NL80211_CMD_NEW_STATION,
4613 info->snd_portid, info->snd_seq, 0,
4614 rdev, dev, mac_addr, &sinfo) < 0) {
4615 nlmsg_free(msg);
4616 return -ENOBUFS;
4617 }
4618
4619 return genlmsg_reply(msg, info);
4620 }
4621
4622 int cfg80211_check_station_change(struct wiphy *wiphy,
4623 struct station_parameters *params,
4624 enum cfg80211_station_type statype)
4625 {
4626 if (params->listen_interval != -1 &&
4627 statype != CFG80211_STA_AP_CLIENT_UNASSOC)
4628 return -EINVAL;
4629
4630 if (params->support_p2p_ps != -1 &&
4631 statype != CFG80211_STA_AP_CLIENT_UNASSOC)
4632 return -EINVAL;
4633
4634 if (params->aid &&
4635 !(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) &&
4636 statype != CFG80211_STA_AP_CLIENT_UNASSOC)
4637 return -EINVAL;
4638
4639 /* When you run into this, adjust the code below for the new flag */
4640 BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 7);
4641
4642 switch (statype) {
4643 case CFG80211_STA_MESH_PEER_KERNEL:
4644 case CFG80211_STA_MESH_PEER_USER:
4645 /*
4646 * No ignoring the TDLS flag here -- the userspace mesh
4647 * code doesn't have the bug of including TDLS in the
4648 * mask everywhere.
4649 */
4650 if (params->sta_flags_mask &
4651 ~(BIT(NL80211_STA_FLAG_AUTHENTICATED) |
4652 BIT(NL80211_STA_FLAG_MFP) |
4653 BIT(NL80211_STA_FLAG_AUTHORIZED)))
4654 return -EINVAL;
4655 break;
4656 case CFG80211_STA_TDLS_PEER_SETUP:
4657 case CFG80211_STA_TDLS_PEER_ACTIVE:
4658 if (!(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
4659 return -EINVAL;
4660 /* ignore since it can't change */
4661 params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
4662 break;
4663 default:
4664 /* disallow mesh-specific things */
4665 if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION)
4666 return -EINVAL;
4667 if (params->local_pm)
4668 return -EINVAL;
4669 if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE)
4670 return -EINVAL;
4671 }
4672
4673 if (statype != CFG80211_STA_TDLS_PEER_SETUP &&
4674 statype != CFG80211_STA_TDLS_PEER_ACTIVE) {
4675 /* TDLS can't be set, ... */
4676 if (params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))
4677 return -EINVAL;
4678 /*
4679 * ... but don't bother the driver with it. This works around
4680 * a hostapd/wpa_supplicant issue -- it always includes the
4681 * TLDS_PEER flag in the mask even for AP mode.
4682 */
4683 params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
4684 }
4685
4686 if (statype != CFG80211_STA_TDLS_PEER_SETUP &&
4687 statype != CFG80211_STA_AP_CLIENT_UNASSOC) {
4688 /* reject other things that can't change */
4689 if (params->sta_modify_mask & STATION_PARAM_APPLY_UAPSD)
4690 return -EINVAL;
4691 if (params->sta_modify_mask & STATION_PARAM_APPLY_CAPABILITY)
4692 return -EINVAL;
4693 if (params->supported_rates)
4694 return -EINVAL;
4695 if (params->ext_capab || params->ht_capa || params->vht_capa)
4696 return -EINVAL;
4697 }
4698
4699 if (statype != CFG80211_STA_AP_CLIENT &&
4700 statype != CFG80211_STA_AP_CLIENT_UNASSOC) {
4701 if (params->vlan)
4702 return -EINVAL;
4703 }
4704
4705 switch (statype) {
4706 case CFG80211_STA_AP_MLME_CLIENT:
4707 /* Use this only for authorizing/unauthorizing a station */
4708 if (!(params->sta_flags_mask & BIT(NL80211_STA_FLAG_AUTHORIZED)))
4709 return -EOPNOTSUPP;
4710 break;
4711 case CFG80211_STA_AP_CLIENT:
4712 case CFG80211_STA_AP_CLIENT_UNASSOC:
4713 /* accept only the listed bits */
4714 if (params->sta_flags_mask &
4715 ~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
4716 BIT(NL80211_STA_FLAG_AUTHENTICATED) |
4717 BIT(NL80211_STA_FLAG_ASSOCIATED) |
4718 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
4719 BIT(NL80211_STA_FLAG_WME) |
4720 BIT(NL80211_STA_FLAG_MFP)))
4721 return -EINVAL;
4722
4723 /* but authenticated/associated only if driver handles it */
4724 if (!(wiphy->features & NL80211_FEATURE_FULL_AP_CLIENT_STATE) &&
4725 params->sta_flags_mask &
4726 (BIT(NL80211_STA_FLAG_AUTHENTICATED) |
4727 BIT(NL80211_STA_FLAG_ASSOCIATED)))
4728 return -EINVAL;
4729 break;
4730 case CFG80211_STA_IBSS:
4731 case CFG80211_STA_AP_STA:
4732 /* reject any changes other than AUTHORIZED */
4733 if (params->sta_flags_mask & ~BIT(NL80211_STA_FLAG_AUTHORIZED))
4734 return -EINVAL;
4735 break;
4736 case CFG80211_STA_TDLS_PEER_SETUP:
4737 /* reject any changes other than AUTHORIZED or WME */
4738 if (params->sta_flags_mask & ~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
4739 BIT(NL80211_STA_FLAG_WME)))
4740 return -EINVAL;
4741 /* force (at least) rates when authorizing */
4742 if (params->sta_flags_set & BIT(NL80211_STA_FLAG_AUTHORIZED) &&
4743 !params->supported_rates)
4744 return -EINVAL;
4745 break;
4746 case CFG80211_STA_TDLS_PEER_ACTIVE:
4747 /* reject any changes */
4748 return -EINVAL;
4749 case CFG80211_STA_MESH_PEER_KERNEL:
4750 if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE)
4751 return -EINVAL;
4752 break;
4753 case CFG80211_STA_MESH_PEER_USER:
4754 if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION &&
4755 params->plink_action != NL80211_PLINK_ACTION_BLOCK)
4756 return -EINVAL;
4757 break;
4758 }
4759
4760 /*
4761 * Older kernel versions ignored this attribute entirely, so don't
4762 * reject attempts to update it but mark it as unused instead so the
4763 * driver won't look at the data.
4764 */
4765 if (statype != CFG80211_STA_AP_CLIENT_UNASSOC &&
4766 statype != CFG80211_STA_TDLS_PEER_SETUP)
4767 params->opmode_notif_used = false;
4768
4769 return 0;
4770 }
4771 EXPORT_SYMBOL(cfg80211_check_station_change);
4772
4773 /*
4774 * Get vlan interface making sure it is running and on the right wiphy.
4775 */
4776 static struct net_device *get_vlan(struct genl_info *info,
4777 struct cfg80211_registered_device *rdev)
4778 {
4779 struct nlattr *vlanattr = info->attrs[NL80211_ATTR_STA_VLAN];
4780 struct net_device *v;
4781 int ret;
4782
4783 if (!vlanattr)
4784 return NULL;
4785
4786 v = dev_get_by_index(genl_info_net(info), nla_get_u32(vlanattr));
4787 if (!v)
4788 return ERR_PTR(-ENODEV);
4789
4790 if (!v->ieee80211_ptr || v->ieee80211_ptr->wiphy != &rdev->wiphy) {
4791 ret = -EINVAL;
4792 goto error;
4793 }
4794
4795 if (v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
4796 v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
4797 v->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) {
4798 ret = -EINVAL;
4799 goto error;
4800 }
4801
4802 if (!netif_running(v)) {
4803 ret = -ENETDOWN;
4804 goto error;
4805 }
4806
4807 return v;
4808 error:
4809 dev_put(v);
4810 return ERR_PTR(ret);
4811 }
4812
4813 static const struct nla_policy
4814 nl80211_sta_wme_policy[NL80211_STA_WME_MAX + 1] = {
4815 [NL80211_STA_WME_UAPSD_QUEUES] = { .type = NLA_U8 },
4816 [NL80211_STA_WME_MAX_SP] = { .type = NLA_U8 },
4817 };
4818
4819 static int nl80211_parse_sta_wme(struct genl_info *info,
4820 struct station_parameters *params)
4821 {
4822 struct nlattr *tb[NL80211_STA_WME_MAX + 1];
4823 struct nlattr *nla;
4824 int err;
4825
4826 /* parse WME attributes if present */
4827 if (!info->attrs[NL80211_ATTR_STA_WME])
4828 return 0;
4829
4830 nla = info->attrs[NL80211_ATTR_STA_WME];
4831 err = nla_parse_nested(tb, NL80211_STA_WME_MAX, nla,
4832 nl80211_sta_wme_policy, info->extack);
4833 if (err)
4834 return err;
4835
4836 if (tb[NL80211_STA_WME_UAPSD_QUEUES])
4837 params->uapsd_queues = nla_get_u8(
4838 tb[NL80211_STA_WME_UAPSD_QUEUES]);
4839 if (params->uapsd_queues & ~IEEE80211_WMM_IE_STA_QOSINFO_AC_MASK)
4840 return -EINVAL;
4841
4842 if (tb[NL80211_STA_WME_MAX_SP])
4843 params->max_sp = nla_get_u8(tb[NL80211_STA_WME_MAX_SP]);
4844
4845 if (params->max_sp & ~IEEE80211_WMM_IE_STA_QOSINFO_SP_MASK)
4846 return -EINVAL;
4847
4848 params->sta_modify_mask |= STATION_PARAM_APPLY_UAPSD;
4849
4850 return 0;
4851 }
4852
4853 static int nl80211_parse_sta_channel_info(struct genl_info *info,
4854 struct station_parameters *params)
4855 {
4856 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]) {
4857 params->supported_channels =
4858 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]);
4859 params->supported_channels_len =
4860 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]);
4861 /*
4862 * Need to include at least one (first channel, number of
4863 * channels) tuple for each subband, and must have proper
4864 * tuples for the rest of the data as well.
4865 */
4866 if (params->supported_channels_len < 2)
4867 return -EINVAL;
4868 if (params->supported_channels_len % 2)
4869 return -EINVAL;
4870 }
4871
4872 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]) {
4873 params->supported_oper_classes =
4874 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]);
4875 params->supported_oper_classes_len =
4876 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]);
4877 /*
4878 * The value of the Length field of the Supported Operating
4879 * Classes element is between 2 and 253.
4880 */
4881 if (params->supported_oper_classes_len < 2 ||
4882 params->supported_oper_classes_len > 253)
4883 return -EINVAL;
4884 }
4885 return 0;
4886 }
4887
4888 static int nl80211_set_station_tdls(struct genl_info *info,
4889 struct station_parameters *params)
4890 {
4891 int err;
4892 /* Dummy STA entry gets updated once the peer capabilities are known */
4893 if (info->attrs[NL80211_ATTR_PEER_AID])
4894 params->aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
4895 if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
4896 params->ht_capa =
4897 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
4898 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
4899 params->vht_capa =
4900 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
4901
4902 err = nl80211_parse_sta_channel_info(info, params);
4903 if (err)
4904 return err;
4905
4906 return nl80211_parse_sta_wme(info, params);
4907 }
4908
4909 static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info)
4910 {
4911 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4912 struct net_device *dev = info->user_ptr[1];
4913 struct station_parameters params;
4914 u8 *mac_addr;
4915 int err;
4916
4917 memset(&params, 0, sizeof(params));
4918
4919 if (!rdev->ops->change_station)
4920 return -EOPNOTSUPP;
4921
4922 /*
4923 * AID and listen_interval properties can be set only for unassociated
4924 * station. Include these parameters here and will check them in
4925 * cfg80211_check_station_change().
4926 */
4927 if (info->attrs[NL80211_ATTR_STA_AID])
4928 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
4929
4930 if (info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
4931 params.listen_interval =
4932 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
4933 else
4934 params.listen_interval = -1;
4935
4936 if (info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]) {
4937 u8 tmp;
4938
4939 tmp = nla_get_u8(info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]);
4940 if (tmp >= NUM_NL80211_P2P_PS_STATUS)
4941 return -EINVAL;
4942
4943 params.support_p2p_ps = tmp;
4944 } else {
4945 params.support_p2p_ps = -1;
4946 }
4947
4948 if (!info->attrs[NL80211_ATTR_MAC])
4949 return -EINVAL;
4950
4951 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4952
4953 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) {
4954 params.supported_rates =
4955 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
4956 params.supported_rates_len =
4957 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
4958 }
4959
4960 if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
4961 params.capability =
4962 nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]);
4963 params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY;
4964 }
4965
4966 if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) {
4967 params.ext_capab =
4968 nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
4969 params.ext_capab_len =
4970 nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
4971 }
4972
4973 if (parse_station_flags(info, dev->ieee80211_ptr->iftype, &params))
4974 return -EINVAL;
4975
4976 if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION]) {
4977 params.plink_action =
4978 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
4979 if (params.plink_action >= NUM_NL80211_PLINK_ACTIONS)
4980 return -EINVAL;
4981 }
4982
4983 if (info->attrs[NL80211_ATTR_STA_PLINK_STATE]) {
4984 params.plink_state =
4985 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_STATE]);
4986 if (params.plink_state >= NUM_NL80211_PLINK_STATES)
4987 return -EINVAL;
4988 if (info->attrs[NL80211_ATTR_MESH_PEER_AID]) {
4989 params.peer_aid = nla_get_u16(
4990 info->attrs[NL80211_ATTR_MESH_PEER_AID]);
4991 if (params.peer_aid > IEEE80211_MAX_AID)
4992 return -EINVAL;
4993 }
4994 params.sta_modify_mask |= STATION_PARAM_APPLY_PLINK_STATE;
4995 }
4996
4997 if (info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE]) {
4998 enum nl80211_mesh_power_mode pm = nla_get_u32(
4999 info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE]);
5000
5001 if (pm <= NL80211_MESH_POWER_UNKNOWN ||
5002 pm > NL80211_MESH_POWER_MAX)
5003 return -EINVAL;
5004
5005 params.local_pm = pm;
5006 }
5007
5008 if (info->attrs[NL80211_ATTR_OPMODE_NOTIF]) {
5009 params.opmode_notif_used = true;
5010 params.opmode_notif =
5011 nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]);
5012 }
5013
5014 /* Include parameters for TDLS peer (will check later) */
5015 err = nl80211_set_station_tdls(info, &params);
5016 if (err)
5017 return err;
5018
5019 params.vlan = get_vlan(info, rdev);
5020 if (IS_ERR(params.vlan))
5021 return PTR_ERR(params.vlan);
5022
5023 switch (dev->ieee80211_ptr->iftype) {
5024 case NL80211_IFTYPE_AP:
5025 case NL80211_IFTYPE_AP_VLAN:
5026 case NL80211_IFTYPE_P2P_GO:
5027 case NL80211_IFTYPE_P2P_CLIENT:
5028 case NL80211_IFTYPE_STATION:
5029 case NL80211_IFTYPE_ADHOC:
5030 case NL80211_IFTYPE_MESH_POINT:
5031 break;
5032 default:
5033 err = -EOPNOTSUPP;
5034 goto out_put_vlan;
5035 }
5036
5037 /* driver will call cfg80211_check_station_change() */
5038 err = rdev_change_station(rdev, dev, mac_addr, &params);
5039
5040 out_put_vlan:
5041 if (params.vlan)
5042 dev_put(params.vlan);
5043
5044 return err;
5045 }
5046
5047 static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info)
5048 {
5049 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5050 int err;
5051 struct net_device *dev = info->user_ptr[1];
5052 struct station_parameters params;
5053 u8 *mac_addr = NULL;
5054 u32 auth_assoc = BIT(NL80211_STA_FLAG_AUTHENTICATED) |
5055 BIT(NL80211_STA_FLAG_ASSOCIATED);
5056
5057 memset(&params, 0, sizeof(params));
5058
5059 if (!rdev->ops->add_station)
5060 return -EOPNOTSUPP;
5061
5062 if (!info->attrs[NL80211_ATTR_MAC])
5063 return -EINVAL;
5064
5065 if (!info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
5066 return -EINVAL;
5067
5068 if (!info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES])
5069 return -EINVAL;
5070
5071 if (!info->attrs[NL80211_ATTR_STA_AID] &&
5072 !info->attrs[NL80211_ATTR_PEER_AID])
5073 return -EINVAL;
5074
5075 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
5076 params.supported_rates =
5077 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
5078 params.supported_rates_len =
5079 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
5080 params.listen_interval =
5081 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
5082
5083 if (info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]) {
5084 u8 tmp;
5085
5086 tmp = nla_get_u8(info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]);
5087 if (tmp >= NUM_NL80211_P2P_PS_STATUS)
5088 return -EINVAL;
5089
5090 params.support_p2p_ps = tmp;
5091 } else {
5092 /*
5093 * if not specified, assume it's supported for P2P GO interface,
5094 * and is NOT supported for AP interface
5095 */
5096 params.support_p2p_ps =
5097 dev->ieee80211_ptr->iftype == NL80211_IFTYPE_P2P_GO;
5098 }
5099
5100 if (info->attrs[NL80211_ATTR_PEER_AID])
5101 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
5102 else
5103 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
5104 if (!params.aid || params.aid > IEEE80211_MAX_AID)
5105 return -EINVAL;
5106
5107 if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
5108 params.capability =
5109 nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]);
5110 params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY;
5111 }
5112
5113 if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) {
5114 params.ext_capab =
5115 nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
5116 params.ext_capab_len =
5117 nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
5118 }
5119
5120 if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
5121 params.ht_capa =
5122 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
5123
5124 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
5125 params.vht_capa =
5126 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
5127
5128 if (info->attrs[NL80211_ATTR_OPMODE_NOTIF]) {
5129 params.opmode_notif_used = true;
5130 params.opmode_notif =
5131 nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]);
5132 }
5133
5134 if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION]) {
5135 params.plink_action =
5136 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
5137 if (params.plink_action >= NUM_NL80211_PLINK_ACTIONS)
5138 return -EINVAL;
5139 }
5140
5141 err = nl80211_parse_sta_channel_info(info, &params);
5142 if (err)
5143 return err;
5144
5145 err = nl80211_parse_sta_wme(info, &params);
5146 if (err)
5147 return err;
5148
5149 if (parse_station_flags(info, dev->ieee80211_ptr->iftype, &params))
5150 return -EINVAL;
5151
5152 /* HT/VHT requires QoS, but if we don't have that just ignore HT/VHT
5153 * as userspace might just pass through the capabilities from the IEs
5154 * directly, rather than enforcing this restriction and returning an
5155 * error in this case.
5156 */
5157 if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_WME))) {
5158 params.ht_capa = NULL;
5159 params.vht_capa = NULL;
5160 }
5161
5162 /* When you run into this, adjust the code below for the new flag */
5163 BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 7);
5164
5165 switch (dev->ieee80211_ptr->iftype) {
5166 case NL80211_IFTYPE_AP:
5167 case NL80211_IFTYPE_AP_VLAN:
5168 case NL80211_IFTYPE_P2P_GO:
5169 /* ignore WME attributes if iface/sta is not capable */
5170 if (!(rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) ||
5171 !(params.sta_flags_set & BIT(NL80211_STA_FLAG_WME)))
5172 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
5173
5174 /* TDLS peers cannot be added */
5175 if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) ||
5176 info->attrs[NL80211_ATTR_PEER_AID])
5177 return -EINVAL;
5178 /* but don't bother the driver with it */
5179 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
5180
5181 /* allow authenticated/associated only if driver handles it */
5182 if (!(rdev->wiphy.features &
5183 NL80211_FEATURE_FULL_AP_CLIENT_STATE) &&
5184 params.sta_flags_mask & auth_assoc)
5185 return -EINVAL;
5186
5187 /* Older userspace, or userspace wanting to be compatible with
5188 * !NL80211_FEATURE_FULL_AP_CLIENT_STATE, will not set the auth
5189 * and assoc flags in the mask, but assumes the station will be
5190 * added as associated anyway since this was the required driver
5191 * behaviour before NL80211_FEATURE_FULL_AP_CLIENT_STATE was
5192 * introduced.
5193 * In order to not bother drivers with this quirk in the API
5194 * set the flags in both the mask and set for new stations in
5195 * this case.
5196 */
5197 if (!(params.sta_flags_mask & auth_assoc)) {
5198 params.sta_flags_mask |= auth_assoc;
5199 params.sta_flags_set |= auth_assoc;
5200 }
5201
5202 /* must be last in here for error handling */
5203 params.vlan = get_vlan(info, rdev);
5204 if (IS_ERR(params.vlan))
5205 return PTR_ERR(params.vlan);
5206 break;
5207 case NL80211_IFTYPE_MESH_POINT:
5208 /* ignore uAPSD data */
5209 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
5210
5211 /* associated is disallowed */
5212 if (params.sta_flags_mask & BIT(NL80211_STA_FLAG_ASSOCIATED))
5213 return -EINVAL;
5214 /* TDLS peers cannot be added */
5215 if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) ||
5216 info->attrs[NL80211_ATTR_PEER_AID])
5217 return -EINVAL;
5218 break;
5219 case NL80211_IFTYPE_STATION:
5220 case NL80211_IFTYPE_P2P_CLIENT:
5221 /* ignore uAPSD data */
5222 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
5223
5224 /* these are disallowed */
5225 if (params.sta_flags_mask &
5226 (BIT(NL80211_STA_FLAG_ASSOCIATED) |
5227 BIT(NL80211_STA_FLAG_AUTHENTICATED)))
5228 return -EINVAL;
5229 /* Only TDLS peers can be added */
5230 if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
5231 return -EINVAL;
5232 /* Can only add if TDLS ... */
5233 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS))
5234 return -EOPNOTSUPP;
5235 /* ... with external setup is supported */
5236 if (!(rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP))
5237 return -EOPNOTSUPP;
5238 /*
5239 * Older wpa_supplicant versions always mark the TDLS peer
5240 * as authorized, but it shouldn't yet be.
5241 */
5242 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_AUTHORIZED);
5243 break;
5244 default:
5245 return -EOPNOTSUPP;
5246 }
5247
5248 /* be aware of params.vlan when changing code here */
5249
5250 err = rdev_add_station(rdev, dev, mac_addr, &params);
5251
5252 if (params.vlan)
5253 dev_put(params.vlan);
5254 return err;
5255 }
5256
5257 static int nl80211_del_station(struct sk_buff *skb, struct genl_info *info)
5258 {
5259 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5260 struct net_device *dev = info->user_ptr[1];
5261 struct station_del_parameters params;
5262
5263 memset(&params, 0, sizeof(params));
5264
5265 if (info->attrs[NL80211_ATTR_MAC])
5266 params.mac = nla_data(info->attrs[NL80211_ATTR_MAC]);
5267
5268 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
5269 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
5270 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
5271 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
5272 return -EINVAL;
5273
5274 if (!rdev->ops->del_station)
5275 return -EOPNOTSUPP;
5276
5277 if (info->attrs[NL80211_ATTR_MGMT_SUBTYPE]) {
5278 params.subtype =
5279 nla_get_u8(info->attrs[NL80211_ATTR_MGMT_SUBTYPE]);
5280 if (params.subtype != IEEE80211_STYPE_DISASSOC >> 4 &&
5281 params.subtype != IEEE80211_STYPE_DEAUTH >> 4)
5282 return -EINVAL;
5283 } else {
5284 /* Default to Deauthentication frame */
5285 params.subtype = IEEE80211_STYPE_DEAUTH >> 4;
5286 }
5287
5288 if (info->attrs[NL80211_ATTR_REASON_CODE]) {
5289 params.reason_code =
5290 nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
5291 if (params.reason_code == 0)
5292 return -EINVAL; /* 0 is reserved */
5293 } else {
5294 /* Default to reason code 2 */
5295 params.reason_code = WLAN_REASON_PREV_AUTH_NOT_VALID;
5296 }
5297
5298 return rdev_del_station(rdev, dev, &params);
5299 }
5300
5301 static int nl80211_send_mpath(struct sk_buff *msg, u32 portid, u32 seq,
5302 int flags, struct net_device *dev,
5303 u8 *dst, u8 *next_hop,
5304 struct mpath_info *pinfo)
5305 {
5306 void *hdr;
5307 struct nlattr *pinfoattr;
5308
5309 hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_MPATH);
5310 if (!hdr)
5311 return -1;
5312
5313 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
5314 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, dst) ||
5315 nla_put(msg, NL80211_ATTR_MPATH_NEXT_HOP, ETH_ALEN, next_hop) ||
5316 nla_put_u32(msg, NL80211_ATTR_GENERATION, pinfo->generation))
5317 goto nla_put_failure;
5318
5319 pinfoattr = nla_nest_start(msg, NL80211_ATTR_MPATH_INFO);
5320 if (!pinfoattr)
5321 goto nla_put_failure;
5322 if ((pinfo->filled & MPATH_INFO_FRAME_QLEN) &&
5323 nla_put_u32(msg, NL80211_MPATH_INFO_FRAME_QLEN,
5324 pinfo->frame_qlen))
5325 goto nla_put_failure;
5326 if (((pinfo->filled & MPATH_INFO_SN) &&
5327 nla_put_u32(msg, NL80211_MPATH_INFO_SN, pinfo->sn)) ||
5328 ((pinfo->filled & MPATH_INFO_METRIC) &&
5329 nla_put_u32(msg, NL80211_MPATH_INFO_METRIC,
5330 pinfo->metric)) ||
5331 ((pinfo->filled & MPATH_INFO_EXPTIME) &&
5332 nla_put_u32(msg, NL80211_MPATH_INFO_EXPTIME,
5333 pinfo->exptime)) ||
5334 ((pinfo->filled & MPATH_INFO_FLAGS) &&
5335 nla_put_u8(msg, NL80211_MPATH_INFO_FLAGS,
5336 pinfo->flags)) ||
5337 ((pinfo->filled & MPATH_INFO_DISCOVERY_TIMEOUT) &&
5338 nla_put_u32(msg, NL80211_MPATH_INFO_DISCOVERY_TIMEOUT,
5339 pinfo->discovery_timeout)) ||
5340 ((pinfo->filled & MPATH_INFO_DISCOVERY_RETRIES) &&
5341 nla_put_u8(msg, NL80211_MPATH_INFO_DISCOVERY_RETRIES,
5342 pinfo->discovery_retries)))
5343 goto nla_put_failure;
5344
5345 nla_nest_end(msg, pinfoattr);
5346
5347 genlmsg_end(msg, hdr);
5348 return 0;
5349
5350 nla_put_failure:
5351 genlmsg_cancel(msg, hdr);
5352 return -EMSGSIZE;
5353 }
5354
5355 static int nl80211_dump_mpath(struct sk_buff *skb,
5356 struct netlink_callback *cb)
5357 {
5358 struct mpath_info pinfo;
5359 struct cfg80211_registered_device *rdev;
5360 struct wireless_dev *wdev;
5361 u8 dst[ETH_ALEN];
5362 u8 next_hop[ETH_ALEN];
5363 int path_idx = cb->args[2];
5364 int err;
5365
5366 rtnl_lock();
5367 err = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev);
5368 if (err)
5369 goto out_err;
5370
5371 if (!rdev->ops->dump_mpath) {
5372 err = -EOPNOTSUPP;
5373 goto out_err;
5374 }
5375
5376 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) {
5377 err = -EOPNOTSUPP;
5378 goto out_err;
5379 }
5380
5381 while (1) {
5382 err = rdev_dump_mpath(rdev, wdev->netdev, path_idx, dst,
5383 next_hop, &pinfo);
5384 if (err == -ENOENT)
5385 break;
5386 if (err)
5387 goto out_err;
5388
5389 if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid,
5390 cb->nlh->nlmsg_seq, NLM_F_MULTI,
5391 wdev->netdev, dst, next_hop,
5392 &pinfo) < 0)
5393 goto out;
5394
5395 path_idx++;
5396 }
5397
5398 out:
5399 cb->args[2] = path_idx;
5400 err = skb->len;
5401 out_err:
5402 rtnl_unlock();
5403 return err;
5404 }
5405
5406 static int nl80211_get_mpath(struct sk_buff *skb, struct genl_info *info)
5407 {
5408 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5409 int err;
5410 struct net_device *dev = info->user_ptr[1];
5411 struct mpath_info pinfo;
5412 struct sk_buff *msg;
5413 u8 *dst = NULL;
5414 u8 next_hop[ETH_ALEN];
5415
5416 memset(&pinfo, 0, sizeof(pinfo));
5417
5418 if (!info->attrs[NL80211_ATTR_MAC])
5419 return -EINVAL;
5420
5421 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
5422
5423 if (!rdev->ops->get_mpath)
5424 return -EOPNOTSUPP;
5425
5426 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
5427 return -EOPNOTSUPP;
5428
5429 err = rdev_get_mpath(rdev, dev, dst, next_hop, &pinfo);
5430 if (err)
5431 return err;
5432
5433 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5434 if (!msg)
5435 return -ENOMEM;
5436
5437 if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0,
5438 dev, dst, next_hop, &pinfo) < 0) {
5439 nlmsg_free(msg);
5440 return -ENOBUFS;
5441 }
5442
5443 return genlmsg_reply(msg, info);
5444 }
5445
5446 static int nl80211_set_mpath(struct sk_buff *skb, struct genl_info *info)
5447 {
5448 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5449 struct net_device *dev = info->user_ptr[1];
5450 u8 *dst = NULL;
5451 u8 *next_hop = NULL;
5452
5453 if (!info->attrs[NL80211_ATTR_MAC])
5454 return -EINVAL;
5455
5456 if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
5457 return -EINVAL;
5458
5459 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
5460 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
5461
5462 if (!rdev->ops->change_mpath)
5463 return -EOPNOTSUPP;
5464
5465 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
5466 return -EOPNOTSUPP;
5467
5468 return rdev_change_mpath(rdev, dev, dst, next_hop);
5469 }
5470
5471 static int nl80211_new_mpath(struct sk_buff *skb, struct genl_info *info)
5472 {
5473 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5474 struct net_device *dev = info->user_ptr[1];
5475 u8 *dst = NULL;
5476 u8 *next_hop = NULL;
5477
5478 if (!info->attrs[NL80211_ATTR_MAC])
5479 return -EINVAL;
5480
5481 if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
5482 return -EINVAL;
5483
5484 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
5485 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
5486
5487 if (!rdev->ops->add_mpath)
5488 return -EOPNOTSUPP;
5489
5490 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
5491 return -EOPNOTSUPP;
5492
5493 return rdev_add_mpath(rdev, dev, dst, next_hop);
5494 }
5495
5496 static int nl80211_del_mpath(struct sk_buff *skb, struct genl_info *info)
5497 {
5498 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5499 struct net_device *dev = info->user_ptr[1];
5500 u8 *dst = NULL;
5501
5502 if (info->attrs[NL80211_ATTR_MAC])
5503 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
5504
5505 if (!rdev->ops->del_mpath)
5506 return -EOPNOTSUPP;
5507
5508 return rdev_del_mpath(rdev, dev, dst);
5509 }
5510
5511 static int nl80211_get_mpp(struct sk_buff *skb, struct genl_info *info)
5512 {
5513 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5514 int err;
5515 struct net_device *dev = info->user_ptr[1];
5516 struct mpath_info pinfo;
5517 struct sk_buff *msg;
5518 u8 *dst = NULL;
5519 u8 mpp[ETH_ALEN];
5520
5521 memset(&pinfo, 0, sizeof(pinfo));
5522
5523 if (!info->attrs[NL80211_ATTR_MAC])
5524 return -EINVAL;
5525
5526 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
5527
5528 if (!rdev->ops->get_mpp)
5529 return -EOPNOTSUPP;
5530
5531 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
5532 return -EOPNOTSUPP;
5533
5534 err = rdev_get_mpp(rdev, dev, dst, mpp, &pinfo);
5535 if (err)
5536 return err;
5537
5538 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5539 if (!msg)
5540 return -ENOMEM;
5541
5542 if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0,
5543 dev, dst, mpp, &pinfo) < 0) {
5544 nlmsg_free(msg);
5545 return -ENOBUFS;
5546 }
5547
5548 return genlmsg_reply(msg, info);
5549 }
5550
5551 static int nl80211_dump_mpp(struct sk_buff *skb,
5552 struct netlink_callback *cb)
5553 {
5554 struct mpath_info pinfo;
5555 struct cfg80211_registered_device *rdev;
5556 struct wireless_dev *wdev;
5557 u8 dst[ETH_ALEN];
5558 u8 mpp[ETH_ALEN];
5559 int path_idx = cb->args[2];
5560 int err;
5561
5562 rtnl_lock();
5563 err = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev);
5564 if (err)
5565 goto out_err;
5566
5567 if (!rdev->ops->dump_mpp) {
5568 err = -EOPNOTSUPP;
5569 goto out_err;
5570 }
5571
5572 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) {
5573 err = -EOPNOTSUPP;
5574 goto out_err;
5575 }
5576
5577 while (1) {
5578 err = rdev_dump_mpp(rdev, wdev->netdev, path_idx, dst,
5579 mpp, &pinfo);
5580 if (err == -ENOENT)
5581 break;
5582 if (err)
5583 goto out_err;
5584
5585 if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid,
5586 cb->nlh->nlmsg_seq, NLM_F_MULTI,
5587 wdev->netdev, dst, mpp,
5588 &pinfo) < 0)
5589 goto out;
5590
5591 path_idx++;
5592 }
5593
5594 out:
5595 cb->args[2] = path_idx;
5596 err = skb->len;
5597 out_err:
5598 rtnl_unlock();
5599 return err;
5600 }
5601
5602 static int nl80211_set_bss(struct sk_buff *skb, struct genl_info *info)
5603 {
5604 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5605 struct net_device *dev = info->user_ptr[1];
5606 struct wireless_dev *wdev = dev->ieee80211_ptr;
5607 struct bss_parameters params;
5608 int err;
5609
5610 memset(&params, 0, sizeof(params));
5611 /* default to not changing parameters */
5612 params.use_cts_prot = -1;
5613 params.use_short_preamble = -1;
5614 params.use_short_slot_time = -1;
5615 params.ap_isolate = -1;
5616 params.ht_opmode = -1;
5617 params.p2p_ctwindow = -1;
5618 params.p2p_opp_ps = -1;
5619
5620 if (info->attrs[NL80211_ATTR_BSS_CTS_PROT])
5621 params.use_cts_prot =
5622 nla_get_u8(info->attrs[NL80211_ATTR_BSS_CTS_PROT]);
5623 if (info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE])
5624 params.use_short_preamble =
5625 nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]);
5626 if (info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME])
5627 params.use_short_slot_time =
5628 nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]);
5629 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
5630 params.basic_rates =
5631 nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
5632 params.basic_rates_len =
5633 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
5634 }
5635 if (info->attrs[NL80211_ATTR_AP_ISOLATE])
5636 params.ap_isolate = !!nla_get_u8(info->attrs[NL80211_ATTR_AP_ISOLATE]);
5637 if (info->attrs[NL80211_ATTR_BSS_HT_OPMODE])
5638 params.ht_opmode =
5639 nla_get_u16(info->attrs[NL80211_ATTR_BSS_HT_OPMODE]);
5640
5641 if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
5642 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
5643 return -EINVAL;
5644 params.p2p_ctwindow =
5645 nla_get_s8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
5646 if (params.p2p_ctwindow < 0)
5647 return -EINVAL;
5648 if (params.p2p_ctwindow != 0 &&
5649 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN))
5650 return -EINVAL;
5651 }
5652
5653 if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
5654 u8 tmp;
5655
5656 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
5657 return -EINVAL;
5658 tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
5659 if (tmp > 1)
5660 return -EINVAL;
5661 params.p2p_opp_ps = tmp;
5662 if (params.p2p_opp_ps &&
5663 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS))
5664 return -EINVAL;
5665 }
5666
5667 if (!rdev->ops->change_bss)
5668 return -EOPNOTSUPP;
5669
5670 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
5671 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
5672 return -EOPNOTSUPP;
5673
5674 wdev_lock(wdev);
5675 err = rdev_change_bss(rdev, dev, &params);
5676 wdev_unlock(wdev);
5677
5678 return err;
5679 }
5680
5681 static int nl80211_req_set_reg(struct sk_buff *skb, struct genl_info *info)
5682 {
5683 char *data = NULL;
5684 bool is_indoor;
5685 enum nl80211_user_reg_hint_type user_reg_hint_type;
5686 u32 owner_nlportid;
5687
5688 /*
5689 * You should only get this when cfg80211 hasn't yet initialized
5690 * completely when built-in to the kernel right between the time
5691 * window between nl80211_init() and regulatory_init(), if that is
5692 * even possible.
5693 */
5694 if (unlikely(!rcu_access_pointer(cfg80211_regdomain)))
5695 return -EINPROGRESS;
5696
5697 if (info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE])
5698 user_reg_hint_type =
5699 nla_get_u32(info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE]);
5700 else
5701 user_reg_hint_type = NL80211_USER_REG_HINT_USER;
5702
5703 switch (user_reg_hint_type) {
5704 case NL80211_USER_REG_HINT_USER:
5705 case NL80211_USER_REG_HINT_CELL_BASE:
5706 if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
5707 return -EINVAL;
5708
5709 data = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
5710 return regulatory_hint_user(data, user_reg_hint_type);
5711 case NL80211_USER_REG_HINT_INDOOR:
5712 if (info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
5713 owner_nlportid = info->snd_portid;
5714 is_indoor = !!info->attrs[NL80211_ATTR_REG_INDOOR];
5715 } else {
5716 owner_nlportid = 0;
5717 is_indoor = true;
5718 }
5719
5720 return regulatory_hint_indoor(is_indoor, owner_nlportid);
5721 default:
5722 return -EINVAL;
5723 }
5724 }
5725
5726 static int nl80211_get_mesh_config(struct sk_buff *skb,
5727 struct genl_info *info)
5728 {
5729 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5730 struct net_device *dev = info->user_ptr[1];
5731 struct wireless_dev *wdev = dev->ieee80211_ptr;
5732 struct mesh_config cur_params;
5733 int err = 0;
5734 void *hdr;
5735 struct nlattr *pinfoattr;
5736 struct sk_buff *msg;
5737
5738 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
5739 return -EOPNOTSUPP;
5740
5741 if (!rdev->ops->get_mesh_config)
5742 return -EOPNOTSUPP;
5743
5744 wdev_lock(wdev);
5745 /* If not connected, get default parameters */
5746 if (!wdev->mesh_id_len)
5747 memcpy(&cur_params, &default_mesh_config, sizeof(cur_params));
5748 else
5749 err = rdev_get_mesh_config(rdev, dev, &cur_params);
5750 wdev_unlock(wdev);
5751
5752 if (err)
5753 return err;
5754
5755 /* Draw up a netlink message to send back */
5756 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5757 if (!msg)
5758 return -ENOMEM;
5759 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
5760 NL80211_CMD_GET_MESH_CONFIG);
5761 if (!hdr)
5762 goto out;
5763 pinfoattr = nla_nest_start(msg, NL80211_ATTR_MESH_CONFIG);
5764 if (!pinfoattr)
5765 goto nla_put_failure;
5766 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
5767 nla_put_u16(msg, NL80211_MESHCONF_RETRY_TIMEOUT,
5768 cur_params.dot11MeshRetryTimeout) ||
5769 nla_put_u16(msg, NL80211_MESHCONF_CONFIRM_TIMEOUT,
5770 cur_params.dot11MeshConfirmTimeout) ||
5771 nla_put_u16(msg, NL80211_MESHCONF_HOLDING_TIMEOUT,
5772 cur_params.dot11MeshHoldingTimeout) ||
5773 nla_put_u16(msg, NL80211_MESHCONF_MAX_PEER_LINKS,
5774 cur_params.dot11MeshMaxPeerLinks) ||
5775 nla_put_u8(msg, NL80211_MESHCONF_MAX_RETRIES,
5776 cur_params.dot11MeshMaxRetries) ||
5777 nla_put_u8(msg, NL80211_MESHCONF_TTL,
5778 cur_params.dot11MeshTTL) ||
5779 nla_put_u8(msg, NL80211_MESHCONF_ELEMENT_TTL,
5780 cur_params.element_ttl) ||
5781 nla_put_u8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
5782 cur_params.auto_open_plinks) ||
5783 nla_put_u32(msg, NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
5784 cur_params.dot11MeshNbrOffsetMaxNeighbor) ||
5785 nla_put_u8(msg, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
5786 cur_params.dot11MeshHWMPmaxPREQretries) ||
5787 nla_put_u32(msg, NL80211_MESHCONF_PATH_REFRESH_TIME,
5788 cur_params.path_refresh_time) ||
5789 nla_put_u16(msg, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
5790 cur_params.min_discovery_timeout) ||
5791 nla_put_u32(msg, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
5792 cur_params.dot11MeshHWMPactivePathTimeout) ||
5793 nla_put_u16(msg, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
5794 cur_params.dot11MeshHWMPpreqMinInterval) ||
5795 nla_put_u16(msg, NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
5796 cur_params.dot11MeshHWMPperrMinInterval) ||
5797 nla_put_u16(msg, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
5798 cur_params.dot11MeshHWMPnetDiameterTraversalTime) ||
5799 nla_put_u8(msg, NL80211_MESHCONF_HWMP_ROOTMODE,
5800 cur_params.dot11MeshHWMPRootMode) ||
5801 nla_put_u16(msg, NL80211_MESHCONF_HWMP_RANN_INTERVAL,
5802 cur_params.dot11MeshHWMPRannInterval) ||
5803 nla_put_u8(msg, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
5804 cur_params.dot11MeshGateAnnouncementProtocol) ||
5805 nla_put_u8(msg, NL80211_MESHCONF_FORWARDING,
5806 cur_params.dot11MeshForwarding) ||
5807 nla_put_s32(msg, NL80211_MESHCONF_RSSI_THRESHOLD,
5808 cur_params.rssi_threshold) ||
5809 nla_put_u32(msg, NL80211_MESHCONF_HT_OPMODE,
5810 cur_params.ht_opmode) ||
5811 nla_put_u32(msg, NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
5812 cur_params.dot11MeshHWMPactivePathToRootTimeout) ||
5813 nla_put_u16(msg, NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
5814 cur_params.dot11MeshHWMProotInterval) ||
5815 nla_put_u16(msg, NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
5816 cur_params.dot11MeshHWMPconfirmationInterval) ||
5817 nla_put_u32(msg, NL80211_MESHCONF_POWER_MODE,
5818 cur_params.power_mode) ||
5819 nla_put_u16(msg, NL80211_MESHCONF_AWAKE_WINDOW,
5820 cur_params.dot11MeshAwakeWindowDuration) ||
5821 nla_put_u32(msg, NL80211_MESHCONF_PLINK_TIMEOUT,
5822 cur_params.plink_timeout))
5823 goto nla_put_failure;
5824 nla_nest_end(msg, pinfoattr);
5825 genlmsg_end(msg, hdr);
5826 return genlmsg_reply(msg, info);
5827
5828 nla_put_failure:
5829 genlmsg_cancel(msg, hdr);
5830 out:
5831 nlmsg_free(msg);
5832 return -ENOBUFS;
5833 }
5834
5835 static const struct nla_policy nl80211_meshconf_params_policy[NL80211_MESHCONF_ATTR_MAX+1] = {
5836 [NL80211_MESHCONF_RETRY_TIMEOUT] = { .type = NLA_U16 },
5837 [NL80211_MESHCONF_CONFIRM_TIMEOUT] = { .type = NLA_U16 },
5838 [NL80211_MESHCONF_HOLDING_TIMEOUT] = { .type = NLA_U16 },
5839 [NL80211_MESHCONF_MAX_PEER_LINKS] = { .type = NLA_U16 },
5840 [NL80211_MESHCONF_MAX_RETRIES] = { .type = NLA_U8 },
5841 [NL80211_MESHCONF_TTL] = { .type = NLA_U8 },
5842 [NL80211_MESHCONF_ELEMENT_TTL] = { .type = NLA_U8 },
5843 [NL80211_MESHCONF_AUTO_OPEN_PLINKS] = { .type = NLA_U8 },
5844 [NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR] = { .type = NLA_U32 },
5845 [NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES] = { .type = NLA_U8 },
5846 [NL80211_MESHCONF_PATH_REFRESH_TIME] = { .type = NLA_U32 },
5847 [NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT] = { .type = NLA_U16 },
5848 [NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT] = { .type = NLA_U32 },
5849 [NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL] = { .type = NLA_U16 },
5850 [NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL] = { .type = NLA_U16 },
5851 [NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME] = { .type = NLA_U16 },
5852 [NL80211_MESHCONF_HWMP_ROOTMODE] = { .type = NLA_U8 },
5853 [NL80211_MESHCONF_HWMP_RANN_INTERVAL] = { .type = NLA_U16 },
5854 [NL80211_MESHCONF_GATE_ANNOUNCEMENTS] = { .type = NLA_U8 },
5855 [NL80211_MESHCONF_FORWARDING] = { .type = NLA_U8 },
5856 [NL80211_MESHCONF_RSSI_THRESHOLD] = { .type = NLA_U32 },
5857 [NL80211_MESHCONF_HT_OPMODE] = { .type = NLA_U16 },
5858 [NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT] = { .type = NLA_U32 },
5859 [NL80211_MESHCONF_HWMP_ROOT_INTERVAL] = { .type = NLA_U16 },
5860 [NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL] = { .type = NLA_U16 },
5861 [NL80211_MESHCONF_POWER_MODE] = { .type = NLA_U32 },
5862 [NL80211_MESHCONF_AWAKE_WINDOW] = { .type = NLA_U16 },
5863 [NL80211_MESHCONF_PLINK_TIMEOUT] = { .type = NLA_U32 },
5864 };
5865
5866 static const struct nla_policy
5867 nl80211_mesh_setup_params_policy[NL80211_MESH_SETUP_ATTR_MAX+1] = {
5868 [NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC] = { .type = NLA_U8 },
5869 [NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL] = { .type = NLA_U8 },
5870 [NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC] = { .type = NLA_U8 },
5871 [NL80211_MESH_SETUP_USERSPACE_AUTH] = { .type = NLA_FLAG },
5872 [NL80211_MESH_SETUP_AUTH_PROTOCOL] = { .type = NLA_U8 },
5873 [NL80211_MESH_SETUP_USERSPACE_MPM] = { .type = NLA_FLAG },
5874 [NL80211_MESH_SETUP_IE] = { .type = NLA_BINARY,
5875 .len = IEEE80211_MAX_DATA_LEN },
5876 [NL80211_MESH_SETUP_USERSPACE_AMPE] = { .type = NLA_FLAG },
5877 };
5878
5879 static int nl80211_check_bool(const struct nlattr *nla, u8 min, u8 max, bool *out)
5880 {
5881 u8 val = nla_get_u8(nla);
5882 if (val < min || val > max)
5883 return -EINVAL;
5884 *out = val;
5885 return 0;
5886 }
5887
5888 static int nl80211_check_u8(const struct nlattr *nla, u8 min, u8 max, u8 *out)
5889 {
5890 u8 val = nla_get_u8(nla);
5891 if (val < min || val > max)
5892 return -EINVAL;
5893 *out = val;
5894 return 0;
5895 }
5896
5897 static int nl80211_check_u16(const struct nlattr *nla, u16 min, u16 max, u16 *out)
5898 {
5899 u16 val = nla_get_u16(nla);
5900 if (val < min || val > max)
5901 return -EINVAL;
5902 *out = val;
5903 return 0;
5904 }
5905
5906 static int nl80211_check_u32(const struct nlattr *nla, u32 min, u32 max, u32 *out)
5907 {
5908 u32 val = nla_get_u32(nla);
5909 if (val < min || val > max)
5910 return -EINVAL;
5911 *out = val;
5912 return 0;
5913 }
5914
5915 static int nl80211_check_s32(const struct nlattr *nla, s32 min, s32 max, s32 *out)
5916 {
5917 s32 val = nla_get_s32(nla);
5918 if (val < min || val > max)
5919 return -EINVAL;
5920 *out = val;
5921 return 0;
5922 }
5923
5924 static int nl80211_check_power_mode(const struct nlattr *nla,
5925 enum nl80211_mesh_power_mode min,
5926 enum nl80211_mesh_power_mode max,
5927 enum nl80211_mesh_power_mode *out)
5928 {
5929 u32 val = nla_get_u32(nla);
5930 if (val < min || val > max)
5931 return -EINVAL;
5932 *out = val;
5933 return 0;
5934 }
5935
5936 static int nl80211_parse_mesh_config(struct genl_info *info,
5937 struct mesh_config *cfg,
5938 u32 *mask_out)
5939 {
5940 struct nlattr *tb[NL80211_MESHCONF_ATTR_MAX + 1];
5941 u32 mask = 0;
5942 u16 ht_opmode;
5943
5944 #define FILL_IN_MESH_PARAM_IF_SET(tb, cfg, param, min, max, mask, attr, fn) \
5945 do { \
5946 if (tb[attr]) { \
5947 if (fn(tb[attr], min, max, &cfg->param)) \
5948 return -EINVAL; \
5949 mask |= (1 << (attr - 1)); \
5950 } \
5951 } while (0)
5952
5953 if (!info->attrs[NL80211_ATTR_MESH_CONFIG])
5954 return -EINVAL;
5955 if (nla_parse_nested(tb, NL80211_MESHCONF_ATTR_MAX,
5956 info->attrs[NL80211_ATTR_MESH_CONFIG],
5957 nl80211_meshconf_params_policy, info->extack))
5958 return -EINVAL;
5959
5960 /* This makes sure that there aren't more than 32 mesh config
5961 * parameters (otherwise our bitfield scheme would not work.) */
5962 BUILD_BUG_ON(NL80211_MESHCONF_ATTR_MAX > 32);
5963
5964 /* Fill in the params struct */
5965 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshRetryTimeout, 1, 255,
5966 mask, NL80211_MESHCONF_RETRY_TIMEOUT,
5967 nl80211_check_u16);
5968 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConfirmTimeout, 1, 255,
5969 mask, NL80211_MESHCONF_CONFIRM_TIMEOUT,
5970 nl80211_check_u16);
5971 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHoldingTimeout, 1, 255,
5972 mask, NL80211_MESHCONF_HOLDING_TIMEOUT,
5973 nl80211_check_u16);
5974 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxPeerLinks, 0, 255,
5975 mask, NL80211_MESHCONF_MAX_PEER_LINKS,
5976 nl80211_check_u16);
5977 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxRetries, 0, 16,
5978 mask, NL80211_MESHCONF_MAX_RETRIES,
5979 nl80211_check_u8);
5980 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshTTL, 1, 255,
5981 mask, NL80211_MESHCONF_TTL, nl80211_check_u8);
5982 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, element_ttl, 1, 255,
5983 mask, NL80211_MESHCONF_ELEMENT_TTL,
5984 nl80211_check_u8);
5985 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, auto_open_plinks, 0, 1,
5986 mask, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
5987 nl80211_check_bool);
5988 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshNbrOffsetMaxNeighbor,
5989 1, 255, mask,
5990 NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
5991 nl80211_check_u32);
5992 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPmaxPREQretries, 0, 255,
5993 mask, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
5994 nl80211_check_u8);
5995 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, path_refresh_time, 1, 65535,
5996 mask, NL80211_MESHCONF_PATH_REFRESH_TIME,
5997 nl80211_check_u32);
5998 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, min_discovery_timeout, 1, 65535,
5999 mask, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
6000 nl80211_check_u16);
6001 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathTimeout,
6002 1, 65535, mask,
6003 NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
6004 nl80211_check_u32);
6005 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPpreqMinInterval,
6006 1, 65535, mask,
6007 NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
6008 nl80211_check_u16);
6009 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPperrMinInterval,
6010 1, 65535, mask,
6011 NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
6012 nl80211_check_u16);
6013 FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
6014 dot11MeshHWMPnetDiameterTraversalTime,
6015 1, 65535, mask,
6016 NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
6017 nl80211_check_u16);
6018 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRootMode, 0, 4,
6019 mask, NL80211_MESHCONF_HWMP_ROOTMODE,
6020 nl80211_check_u8);
6021 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRannInterval, 1, 65535,
6022 mask, NL80211_MESHCONF_HWMP_RANN_INTERVAL,
6023 nl80211_check_u16);
6024 FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
6025 dot11MeshGateAnnouncementProtocol, 0, 1,
6026 mask, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
6027 nl80211_check_bool);
6028 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshForwarding, 0, 1,
6029 mask, NL80211_MESHCONF_FORWARDING,
6030 nl80211_check_bool);
6031 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, rssi_threshold, -255, 0,
6032 mask, NL80211_MESHCONF_RSSI_THRESHOLD,
6033 nl80211_check_s32);
6034 /*
6035 * Check HT operation mode based on
6036 * IEEE 802.11-2016 9.4.2.57 HT Operation element.
6037 */
6038 if (tb[NL80211_MESHCONF_HT_OPMODE]) {
6039 ht_opmode = nla_get_u16(tb[NL80211_MESHCONF_HT_OPMODE]);
6040
6041 if (ht_opmode & ~(IEEE80211_HT_OP_MODE_PROTECTION |
6042 IEEE80211_HT_OP_MODE_NON_GF_STA_PRSNT |
6043 IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT))
6044 return -EINVAL;
6045
6046 /* NON_HT_STA bit is reserved, but some programs set it */
6047 ht_opmode &= ~IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT;
6048
6049 cfg->ht_opmode = ht_opmode;
6050 mask |= (1 << (NL80211_MESHCONF_HT_OPMODE - 1));
6051 }
6052 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathToRootTimeout,
6053 1, 65535, mask,
6054 NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
6055 nl80211_check_u32);
6056 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMProotInterval, 1, 65535,
6057 mask, NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
6058 nl80211_check_u16);
6059 FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
6060 dot11MeshHWMPconfirmationInterval,
6061 1, 65535, mask,
6062 NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
6063 nl80211_check_u16);
6064 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, power_mode,
6065 NL80211_MESH_POWER_ACTIVE,
6066 NL80211_MESH_POWER_MAX,
6067 mask, NL80211_MESHCONF_POWER_MODE,
6068 nl80211_check_power_mode);
6069 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshAwakeWindowDuration,
6070 0, 65535, mask,
6071 NL80211_MESHCONF_AWAKE_WINDOW, nl80211_check_u16);
6072 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, plink_timeout, 0, 0xffffffff,
6073 mask, NL80211_MESHCONF_PLINK_TIMEOUT,
6074 nl80211_check_u32);
6075 if (mask_out)
6076 *mask_out = mask;
6077
6078 return 0;
6079
6080 #undef FILL_IN_MESH_PARAM_IF_SET
6081 }
6082
6083 static int nl80211_parse_mesh_setup(struct genl_info *info,
6084 struct mesh_setup *setup)
6085 {
6086 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6087 struct nlattr *tb[NL80211_MESH_SETUP_ATTR_MAX + 1];
6088
6089 if (!info->attrs[NL80211_ATTR_MESH_SETUP])
6090 return -EINVAL;
6091 if (nla_parse_nested(tb, NL80211_MESH_SETUP_ATTR_MAX,
6092 info->attrs[NL80211_ATTR_MESH_SETUP],
6093 nl80211_mesh_setup_params_policy, info->extack))
6094 return -EINVAL;
6095
6096 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])
6097 setup->sync_method =
6098 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])) ?
6099 IEEE80211_SYNC_METHOD_VENDOR :
6100 IEEE80211_SYNC_METHOD_NEIGHBOR_OFFSET;
6101
6102 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])
6103 setup->path_sel_proto =
6104 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])) ?
6105 IEEE80211_PATH_PROTOCOL_VENDOR :
6106 IEEE80211_PATH_PROTOCOL_HWMP;
6107
6108 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])
6109 setup->path_metric =
6110 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])) ?
6111 IEEE80211_PATH_METRIC_VENDOR :
6112 IEEE80211_PATH_METRIC_AIRTIME;
6113
6114 if (tb[NL80211_MESH_SETUP_IE]) {
6115 struct nlattr *ieattr =
6116 tb[NL80211_MESH_SETUP_IE];
6117 if (!is_valid_ie_attr(ieattr))
6118 return -EINVAL;
6119 setup->ie = nla_data(ieattr);
6120 setup->ie_len = nla_len(ieattr);
6121 }
6122 if (tb[NL80211_MESH_SETUP_USERSPACE_MPM] &&
6123 !(rdev->wiphy.features & NL80211_FEATURE_USERSPACE_MPM))
6124 return -EINVAL;
6125 setup->user_mpm = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_MPM]);
6126 setup->is_authenticated = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AUTH]);
6127 setup->is_secure = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AMPE]);
6128 if (setup->is_secure)
6129 setup->user_mpm = true;
6130
6131 if (tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]) {
6132 if (!setup->user_mpm)
6133 return -EINVAL;
6134 setup->auth_id =
6135 nla_get_u8(tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]);
6136 }
6137
6138 return 0;
6139 }
6140
6141 static int nl80211_update_mesh_config(struct sk_buff *skb,
6142 struct genl_info *info)
6143 {
6144 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6145 struct net_device *dev = info->user_ptr[1];
6146 struct wireless_dev *wdev = dev->ieee80211_ptr;
6147 struct mesh_config cfg;
6148 u32 mask;
6149 int err;
6150
6151 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
6152 return -EOPNOTSUPP;
6153
6154 if (!rdev->ops->update_mesh_config)
6155 return -EOPNOTSUPP;
6156
6157 err = nl80211_parse_mesh_config(info, &cfg, &mask);
6158 if (err)
6159 return err;
6160
6161 wdev_lock(wdev);
6162 if (!wdev->mesh_id_len)
6163 err = -ENOLINK;
6164
6165 if (!err)
6166 err = rdev_update_mesh_config(rdev, dev, mask, &cfg);
6167
6168 wdev_unlock(wdev);
6169
6170 return err;
6171 }
6172
6173 static int nl80211_put_regdom(const struct ieee80211_regdomain *regdom,
6174 struct sk_buff *msg)
6175 {
6176 struct nlattr *nl_reg_rules;
6177 unsigned int i;
6178
6179 if (nla_put_string(msg, NL80211_ATTR_REG_ALPHA2, regdom->alpha2) ||
6180 (regdom->dfs_region &&
6181 nla_put_u8(msg, NL80211_ATTR_DFS_REGION, regdom->dfs_region)))
6182 goto nla_put_failure;
6183
6184 nl_reg_rules = nla_nest_start(msg, NL80211_ATTR_REG_RULES);
6185 if (!nl_reg_rules)
6186 goto nla_put_failure;
6187
6188 for (i = 0; i < regdom->n_reg_rules; i++) {
6189 struct nlattr *nl_reg_rule;
6190 const struct ieee80211_reg_rule *reg_rule;
6191 const struct ieee80211_freq_range *freq_range;
6192 const struct ieee80211_power_rule *power_rule;
6193 unsigned int max_bandwidth_khz;
6194
6195 reg_rule = &regdom->reg_rules[i];
6196 freq_range = &reg_rule->freq_range;
6197 power_rule = &reg_rule->power_rule;
6198
6199 nl_reg_rule = nla_nest_start(msg, i);
6200 if (!nl_reg_rule)
6201 goto nla_put_failure;
6202
6203 max_bandwidth_khz = freq_range->max_bandwidth_khz;
6204 if (!max_bandwidth_khz)
6205 max_bandwidth_khz = reg_get_max_bandwidth(regdom,
6206 reg_rule);
6207
6208 if (nla_put_u32(msg, NL80211_ATTR_REG_RULE_FLAGS,
6209 reg_rule->flags) ||
6210 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_START,
6211 freq_range->start_freq_khz) ||
6212 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_END,
6213 freq_range->end_freq_khz) ||
6214 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_MAX_BW,
6215 max_bandwidth_khz) ||
6216 nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN,
6217 power_rule->max_antenna_gain) ||
6218 nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_EIRP,
6219 power_rule->max_eirp) ||
6220 nla_put_u32(msg, NL80211_ATTR_DFS_CAC_TIME,
6221 reg_rule->dfs_cac_ms))
6222 goto nla_put_failure;
6223
6224 nla_nest_end(msg, nl_reg_rule);
6225 }
6226
6227 nla_nest_end(msg, nl_reg_rules);
6228 return 0;
6229
6230 nla_put_failure:
6231 return -EMSGSIZE;
6232 }
6233
6234 static int nl80211_get_reg_do(struct sk_buff *skb, struct genl_info *info)
6235 {
6236 const struct ieee80211_regdomain *regdom = NULL;
6237 struct cfg80211_registered_device *rdev;
6238 struct wiphy *wiphy = NULL;
6239 struct sk_buff *msg;
6240 void *hdr;
6241
6242 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
6243 if (!msg)
6244 return -ENOBUFS;
6245
6246 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
6247 NL80211_CMD_GET_REG);
6248 if (!hdr)
6249 goto put_failure;
6250
6251 if (info->attrs[NL80211_ATTR_WIPHY]) {
6252 bool self_managed;
6253
6254 rdev = cfg80211_get_dev_from_info(genl_info_net(info), info);
6255 if (IS_ERR(rdev)) {
6256 nlmsg_free(msg);
6257 return PTR_ERR(rdev);
6258 }
6259
6260 wiphy = &rdev->wiphy;
6261 self_managed = wiphy->regulatory_flags &
6262 REGULATORY_WIPHY_SELF_MANAGED;
6263 regdom = get_wiphy_regdom(wiphy);
6264
6265 /* a self-managed-reg device must have a private regdom */
6266 if (WARN_ON(!regdom && self_managed)) {
6267 nlmsg_free(msg);
6268 return -EINVAL;
6269 }
6270
6271 if (regdom &&
6272 nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
6273 goto nla_put_failure;
6274 }
6275
6276 if (!wiphy && reg_last_request_cell_base() &&
6277 nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE,
6278 NL80211_USER_REG_HINT_CELL_BASE))
6279 goto nla_put_failure;
6280
6281 rcu_read_lock();
6282
6283 if (!regdom)
6284 regdom = rcu_dereference(cfg80211_regdomain);
6285
6286 if (nl80211_put_regdom(regdom, msg))
6287 goto nla_put_failure_rcu;
6288
6289 rcu_read_unlock();
6290
6291 genlmsg_end(msg, hdr);
6292 return genlmsg_reply(msg, info);
6293
6294 nla_put_failure_rcu:
6295 rcu_read_unlock();
6296 nla_put_failure:
6297 genlmsg_cancel(msg, hdr);
6298 put_failure:
6299 nlmsg_free(msg);
6300 return -EMSGSIZE;
6301 }
6302
6303 static int nl80211_send_regdom(struct sk_buff *msg, struct netlink_callback *cb,
6304 u32 seq, int flags, struct wiphy *wiphy,
6305 const struct ieee80211_regdomain *regdom)
6306 {
6307 void *hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags,
6308 NL80211_CMD_GET_REG);
6309
6310 if (!hdr)
6311 return -1;
6312
6313 genl_dump_check_consistent(cb, hdr, &nl80211_fam);
6314
6315 if (nl80211_put_regdom(regdom, msg))
6316 goto nla_put_failure;
6317
6318 if (!wiphy && reg_last_request_cell_base() &&
6319 nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE,
6320 NL80211_USER_REG_HINT_CELL_BASE))
6321 goto nla_put_failure;
6322
6323 if (wiphy &&
6324 nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
6325 goto nla_put_failure;
6326
6327 if (wiphy && wiphy->regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
6328 nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
6329 goto nla_put_failure;
6330
6331 genlmsg_end(msg, hdr);
6332 return 0;
6333
6334 nla_put_failure:
6335 genlmsg_cancel(msg, hdr);
6336 return -EMSGSIZE;
6337 }
6338
6339 static int nl80211_get_reg_dump(struct sk_buff *skb,
6340 struct netlink_callback *cb)
6341 {
6342 const struct ieee80211_regdomain *regdom = NULL;
6343 struct cfg80211_registered_device *rdev;
6344 int err, reg_idx, start = cb->args[2];
6345
6346 rtnl_lock();
6347
6348 if (cfg80211_regdomain && start == 0) {
6349 err = nl80211_send_regdom(skb, cb, cb->nlh->nlmsg_seq,
6350 NLM_F_MULTI, NULL,
6351 rtnl_dereference(cfg80211_regdomain));
6352 if (err < 0)
6353 goto out_err;
6354 }
6355
6356 /* the global regdom is idx 0 */
6357 reg_idx = 1;
6358 list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
6359 regdom = get_wiphy_regdom(&rdev->wiphy);
6360 if (!regdom)
6361 continue;
6362
6363 if (++reg_idx <= start)
6364 continue;
6365
6366 err = nl80211_send_regdom(skb, cb, cb->nlh->nlmsg_seq,
6367 NLM_F_MULTI, &rdev->wiphy, regdom);
6368 if (err < 0) {
6369 reg_idx--;
6370 break;
6371 }
6372 }
6373
6374 cb->args[2] = reg_idx;
6375 err = skb->len;
6376 out_err:
6377 rtnl_unlock();
6378 return err;
6379 }
6380
6381 #ifdef CONFIG_CFG80211_CRDA_SUPPORT
6382 static const struct nla_policy reg_rule_policy[NL80211_REG_RULE_ATTR_MAX + 1] = {
6383 [NL80211_ATTR_REG_RULE_FLAGS] = { .type = NLA_U32 },
6384 [NL80211_ATTR_FREQ_RANGE_START] = { .type = NLA_U32 },
6385 [NL80211_ATTR_FREQ_RANGE_END] = { .type = NLA_U32 },
6386 [NL80211_ATTR_FREQ_RANGE_MAX_BW] = { .type = NLA_U32 },
6387 [NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN] = { .type = NLA_U32 },
6388 [NL80211_ATTR_POWER_RULE_MAX_EIRP] = { .type = NLA_U32 },
6389 [NL80211_ATTR_DFS_CAC_TIME] = { .type = NLA_U32 },
6390 };
6391
6392 static int parse_reg_rule(struct nlattr *tb[],
6393 struct ieee80211_reg_rule *reg_rule)
6394 {
6395 struct ieee80211_freq_range *freq_range = &reg_rule->freq_range;
6396 struct ieee80211_power_rule *power_rule = &reg_rule->power_rule;
6397
6398 if (!tb[NL80211_ATTR_REG_RULE_FLAGS])
6399 return -EINVAL;
6400 if (!tb[NL80211_ATTR_FREQ_RANGE_START])
6401 return -EINVAL;
6402 if (!tb[NL80211_ATTR_FREQ_RANGE_END])
6403 return -EINVAL;
6404 if (!tb[NL80211_ATTR_FREQ_RANGE_MAX_BW])
6405 return -EINVAL;
6406 if (!tb[NL80211_ATTR_POWER_RULE_MAX_EIRP])
6407 return -EINVAL;
6408
6409 reg_rule->flags = nla_get_u32(tb[NL80211_ATTR_REG_RULE_FLAGS]);
6410
6411 freq_range->start_freq_khz =
6412 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]);
6413 freq_range->end_freq_khz =
6414 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]);
6415 freq_range->max_bandwidth_khz =
6416 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]);
6417
6418 power_rule->max_eirp =
6419 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]);
6420
6421 if (tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN])
6422 power_rule->max_antenna_gain =
6423 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]);
6424
6425 if (tb[NL80211_ATTR_DFS_CAC_TIME])
6426 reg_rule->dfs_cac_ms =
6427 nla_get_u32(tb[NL80211_ATTR_DFS_CAC_TIME]);
6428
6429 return 0;
6430 }
6431
6432 static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info)
6433 {
6434 struct nlattr *tb[NL80211_REG_RULE_ATTR_MAX + 1];
6435 struct nlattr *nl_reg_rule;
6436 char *alpha2;
6437 int rem_reg_rules, r;
6438 u32 num_rules = 0, rule_idx = 0, size_of_regd;
6439 enum nl80211_dfs_regions dfs_region = NL80211_DFS_UNSET;
6440 struct ieee80211_regdomain *rd;
6441
6442 if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
6443 return -EINVAL;
6444
6445 if (!info->attrs[NL80211_ATTR_REG_RULES])
6446 return -EINVAL;
6447
6448 alpha2 = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
6449
6450 if (info->attrs[NL80211_ATTR_DFS_REGION])
6451 dfs_region = nla_get_u8(info->attrs[NL80211_ATTR_DFS_REGION]);
6452
6453 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
6454 rem_reg_rules) {
6455 num_rules++;
6456 if (num_rules > NL80211_MAX_SUPP_REG_RULES)
6457 return -EINVAL;
6458 }
6459
6460 if (!reg_is_valid_request(alpha2))
6461 return -EINVAL;
6462
6463 size_of_regd = sizeof(struct ieee80211_regdomain) +
6464 num_rules * sizeof(struct ieee80211_reg_rule);
6465
6466 rd = kzalloc(size_of_regd, GFP_KERNEL);
6467 if (!rd)
6468 return -ENOMEM;
6469
6470 rd->n_reg_rules = num_rules;
6471 rd->alpha2[0] = alpha2[0];
6472 rd->alpha2[1] = alpha2[1];
6473
6474 /*
6475 * Disable DFS master mode if the DFS region was
6476 * not supported or known on this kernel.
6477 */
6478 if (reg_supported_dfs_region(dfs_region))
6479 rd->dfs_region = dfs_region;
6480
6481 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
6482 rem_reg_rules) {
6483 r = nla_parse_nested(tb, NL80211_REG_RULE_ATTR_MAX,
6484 nl_reg_rule, reg_rule_policy,
6485 info->extack);
6486 if (r)
6487 goto bad_reg;
6488 r = parse_reg_rule(tb, &rd->reg_rules[rule_idx]);
6489 if (r)
6490 goto bad_reg;
6491
6492 rule_idx++;
6493
6494 if (rule_idx > NL80211_MAX_SUPP_REG_RULES) {
6495 r = -EINVAL;
6496 goto bad_reg;
6497 }
6498 }
6499
6500 /* set_regdom takes ownership of rd */
6501 return set_regdom(rd, REGD_SOURCE_CRDA);
6502 bad_reg:
6503 kfree(rd);
6504 return r;
6505 }
6506 #endif /* CONFIG_CFG80211_CRDA_SUPPORT */
6507
6508 static int validate_scan_freqs(struct nlattr *freqs)
6509 {
6510 struct nlattr *attr1, *attr2;
6511 int n_channels = 0, tmp1, tmp2;
6512
6513 nla_for_each_nested(attr1, freqs, tmp1)
6514 if (nla_len(attr1) != sizeof(u32))
6515 return 0;
6516
6517 nla_for_each_nested(attr1, freqs, tmp1) {
6518 n_channels++;
6519 /*
6520 * Some hardware has a limited channel list for
6521 * scanning, and it is pretty much nonsensical
6522 * to scan for a channel twice, so disallow that
6523 * and don't require drivers to check that the
6524 * channel list they get isn't longer than what
6525 * they can scan, as long as they can scan all
6526 * the channels they registered at once.
6527 */
6528 nla_for_each_nested(attr2, freqs, tmp2)
6529 if (attr1 != attr2 &&
6530 nla_get_u32(attr1) == nla_get_u32(attr2))
6531 return 0;
6532 }
6533
6534 return n_channels;
6535 }
6536
6537 static bool is_band_valid(struct wiphy *wiphy, enum nl80211_band b)
6538 {
6539 return b < NUM_NL80211_BANDS && wiphy->bands[b];
6540 }
6541
6542 static int parse_bss_select(struct nlattr *nla, struct wiphy *wiphy,
6543 struct cfg80211_bss_selection *bss_select)
6544 {
6545 struct nlattr *attr[NL80211_BSS_SELECT_ATTR_MAX + 1];
6546 struct nlattr *nest;
6547 int err;
6548 bool found = false;
6549 int i;
6550
6551 /* only process one nested attribute */
6552 nest = nla_data(nla);
6553 if (!nla_ok(nest, nla_len(nest)))
6554 return -EINVAL;
6555
6556 err = nla_parse_nested(attr, NL80211_BSS_SELECT_ATTR_MAX, nest,
6557 nl80211_bss_select_policy, NULL);
6558 if (err)
6559 return err;
6560
6561 /* only one attribute may be given */
6562 for (i = 0; i <= NL80211_BSS_SELECT_ATTR_MAX; i++) {
6563 if (attr[i]) {
6564 if (found)
6565 return -EINVAL;
6566 found = true;
6567 }
6568 }
6569
6570 bss_select->behaviour = __NL80211_BSS_SELECT_ATTR_INVALID;
6571
6572 if (attr[NL80211_BSS_SELECT_ATTR_RSSI])
6573 bss_select->behaviour = NL80211_BSS_SELECT_ATTR_RSSI;
6574
6575 if (attr[NL80211_BSS_SELECT_ATTR_BAND_PREF]) {
6576 bss_select->behaviour = NL80211_BSS_SELECT_ATTR_BAND_PREF;
6577 bss_select->param.band_pref =
6578 nla_get_u32(attr[NL80211_BSS_SELECT_ATTR_BAND_PREF]);
6579 if (!is_band_valid(wiphy, bss_select->param.band_pref))
6580 return -EINVAL;
6581 }
6582
6583 if (attr[NL80211_BSS_SELECT_ATTR_RSSI_ADJUST]) {
6584 struct nl80211_bss_select_rssi_adjust *adj_param;
6585
6586 adj_param = nla_data(attr[NL80211_BSS_SELECT_ATTR_RSSI_ADJUST]);
6587 bss_select->behaviour = NL80211_BSS_SELECT_ATTR_RSSI_ADJUST;
6588 bss_select->param.adjust.band = adj_param->band;
6589 bss_select->param.adjust.delta = adj_param->delta;
6590 if (!is_band_valid(wiphy, bss_select->param.adjust.band))
6591 return -EINVAL;
6592 }
6593
6594 /* user-space did not provide behaviour attribute */
6595 if (bss_select->behaviour == __NL80211_BSS_SELECT_ATTR_INVALID)
6596 return -EINVAL;
6597
6598 if (!(wiphy->bss_select_support & BIT(bss_select->behaviour)))
6599 return -EINVAL;
6600
6601 return 0;
6602 }
6603
6604 static int nl80211_parse_random_mac(struct nlattr **attrs,
6605 u8 *mac_addr, u8 *mac_addr_mask)
6606 {
6607 int i;
6608
6609 if (!attrs[NL80211_ATTR_MAC] && !attrs[NL80211_ATTR_MAC_MASK]) {
6610 eth_zero_addr(mac_addr);
6611 eth_zero_addr(mac_addr_mask);
6612 mac_addr[0] = 0x2;
6613 mac_addr_mask[0] = 0x3;
6614
6615 return 0;
6616 }
6617
6618 /* need both or none */
6619 if (!attrs[NL80211_ATTR_MAC] || !attrs[NL80211_ATTR_MAC_MASK])
6620 return -EINVAL;
6621
6622 memcpy(mac_addr, nla_data(attrs[NL80211_ATTR_MAC]), ETH_ALEN);
6623 memcpy(mac_addr_mask, nla_data(attrs[NL80211_ATTR_MAC_MASK]), ETH_ALEN);
6624
6625 /* don't allow or configure an mcast address */
6626 if (!is_multicast_ether_addr(mac_addr_mask) ||
6627 is_multicast_ether_addr(mac_addr))
6628 return -EINVAL;
6629
6630 /*
6631 * allow users to pass a MAC address that has bits set outside
6632 * of the mask, but don't bother drivers with having to deal
6633 * with such bits
6634 */
6635 for (i = 0; i < ETH_ALEN; i++)
6636 mac_addr[i] &= mac_addr_mask[i];
6637
6638 return 0;
6639 }
6640
6641 static bool cfg80211_off_channel_oper_allowed(struct wireless_dev *wdev)
6642 {
6643 ASSERT_WDEV_LOCK(wdev);
6644
6645 if (!cfg80211_beaconing_iface_active(wdev))
6646 return true;
6647
6648 if (!(wdev->chandef.chan->flags & IEEE80211_CHAN_RADAR))
6649 return true;
6650
6651 return regulatory_pre_cac_allowed(wdev->wiphy);
6652 }
6653
6654 static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info)
6655 {
6656 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6657 struct wireless_dev *wdev = info->user_ptr[1];
6658 struct cfg80211_scan_request *request;
6659 struct nlattr *attr;
6660 struct wiphy *wiphy;
6661 int err, tmp, n_ssids = 0, n_channels, i;
6662 size_t ie_len;
6663
6664 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
6665 return -EINVAL;
6666
6667 wiphy = &rdev->wiphy;
6668
6669 if (wdev->iftype == NL80211_IFTYPE_NAN)
6670 return -EOPNOTSUPP;
6671
6672 if (!rdev->ops->scan)
6673 return -EOPNOTSUPP;
6674
6675 if (rdev->scan_req || rdev->scan_msg) {
6676 err = -EBUSY;
6677 goto unlock;
6678 }
6679
6680 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
6681 n_channels = validate_scan_freqs(
6682 info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
6683 if (!n_channels) {
6684 err = -EINVAL;
6685 goto unlock;
6686 }
6687 } else {
6688 n_channels = ieee80211_get_num_supported_channels(wiphy);
6689 }
6690
6691 if (info->attrs[NL80211_ATTR_SCAN_SSIDS])
6692 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp)
6693 n_ssids++;
6694
6695 if (n_ssids > wiphy->max_scan_ssids) {
6696 err = -EINVAL;
6697 goto unlock;
6698 }
6699
6700 if (info->attrs[NL80211_ATTR_IE])
6701 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
6702 else
6703 ie_len = 0;
6704
6705 if (ie_len > wiphy->max_scan_ie_len) {
6706 err = -EINVAL;
6707 goto unlock;
6708 }
6709
6710 request = kzalloc(sizeof(*request)
6711 + sizeof(*request->ssids) * n_ssids
6712 + sizeof(*request->channels) * n_channels
6713 + ie_len, GFP_KERNEL);
6714 if (!request) {
6715 err = -ENOMEM;
6716 goto unlock;
6717 }
6718
6719 if (n_ssids)
6720 request->ssids = (void *)&request->channels[n_channels];
6721 request->n_ssids = n_ssids;
6722 if (ie_len) {
6723 if (n_ssids)
6724 request->ie = (void *)(request->ssids + n_ssids);
6725 else
6726 request->ie = (void *)(request->channels + n_channels);
6727 }
6728
6729 i = 0;
6730 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
6731 /* user specified, bail out if channel not found */
6732 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_FREQUENCIES], tmp) {
6733 struct ieee80211_channel *chan;
6734
6735 chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
6736
6737 if (!chan) {
6738 err = -EINVAL;
6739 goto out_free;
6740 }
6741
6742 /* ignore disabled channels */
6743 if (chan->flags & IEEE80211_CHAN_DISABLED)
6744 continue;
6745
6746 request->channels[i] = chan;
6747 i++;
6748 }
6749 } else {
6750 enum nl80211_band band;
6751
6752 /* all channels */
6753 for (band = 0; band < NUM_NL80211_BANDS; band++) {
6754 int j;
6755
6756 if (!wiphy->bands[band])
6757 continue;
6758 for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
6759 struct ieee80211_channel *chan;
6760
6761 chan = &wiphy->bands[band]->channels[j];
6762
6763 if (chan->flags & IEEE80211_CHAN_DISABLED)
6764 continue;
6765
6766 request->channels[i] = chan;
6767 i++;
6768 }
6769 }
6770 }
6771
6772 if (!i) {
6773 err = -EINVAL;
6774 goto out_free;
6775 }
6776
6777 request->n_channels = i;
6778
6779 wdev_lock(wdev);
6780 if (!cfg80211_off_channel_oper_allowed(wdev)) {
6781 struct ieee80211_channel *chan;
6782
6783 if (request->n_channels != 1) {
6784 wdev_unlock(wdev);
6785 err = -EBUSY;
6786 goto out_free;
6787 }
6788
6789 chan = request->channels[0];
6790 if (chan->center_freq != wdev->chandef.chan->center_freq) {
6791 wdev_unlock(wdev);
6792 err = -EBUSY;
6793 goto out_free;
6794 }
6795 }
6796 wdev_unlock(wdev);
6797
6798 i = 0;
6799 if (n_ssids) {
6800 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) {
6801 if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
6802 err = -EINVAL;
6803 goto out_free;
6804 }
6805 request->ssids[i].ssid_len = nla_len(attr);
6806 memcpy(request->ssids[i].ssid, nla_data(attr), nla_len(attr));
6807 i++;
6808 }
6809 }
6810
6811 if (info->attrs[NL80211_ATTR_IE]) {
6812 request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
6813 memcpy((void *)request->ie,
6814 nla_data(info->attrs[NL80211_ATTR_IE]),
6815 request->ie_len);
6816 }
6817
6818 for (i = 0; i < NUM_NL80211_BANDS; i++)
6819 if (wiphy->bands[i])
6820 request->rates[i] =
6821 (1 << wiphy->bands[i]->n_bitrates) - 1;
6822
6823 if (info->attrs[NL80211_ATTR_SCAN_SUPP_RATES]) {
6824 nla_for_each_nested(attr,
6825 info->attrs[NL80211_ATTR_SCAN_SUPP_RATES],
6826 tmp) {
6827 enum nl80211_band band = nla_type(attr);
6828
6829 if (band < 0 || band >= NUM_NL80211_BANDS) {
6830 err = -EINVAL;
6831 goto out_free;
6832 }
6833
6834 if (!wiphy->bands[band])
6835 continue;
6836
6837 err = ieee80211_get_ratemask(wiphy->bands[band],
6838 nla_data(attr),
6839 nla_len(attr),
6840 &request->rates[band]);
6841 if (err)
6842 goto out_free;
6843 }
6844 }
6845
6846 if (info->attrs[NL80211_ATTR_MEASUREMENT_DURATION]) {
6847 if (!wiphy_ext_feature_isset(wiphy,
6848 NL80211_EXT_FEATURE_SET_SCAN_DWELL)) {
6849 err = -EOPNOTSUPP;
6850 goto out_free;
6851 }
6852
6853 request->duration =
6854 nla_get_u16(info->attrs[NL80211_ATTR_MEASUREMENT_DURATION]);
6855 request->duration_mandatory =
6856 nla_get_flag(info->attrs[NL80211_ATTR_MEASUREMENT_DURATION_MANDATORY]);
6857 }
6858
6859 if (info->attrs[NL80211_ATTR_SCAN_FLAGS]) {
6860 request->flags = nla_get_u32(
6861 info->attrs[NL80211_ATTR_SCAN_FLAGS]);
6862 if ((request->flags & NL80211_SCAN_FLAG_LOW_PRIORITY) &&
6863 !(wiphy->features & NL80211_FEATURE_LOW_PRIORITY_SCAN)) {
6864 err = -EOPNOTSUPP;
6865 goto out_free;
6866 }
6867
6868 if (request->flags & NL80211_SCAN_FLAG_RANDOM_ADDR) {
6869 if (!(wiphy->features &
6870 NL80211_FEATURE_SCAN_RANDOM_MAC_ADDR)) {
6871 err = -EOPNOTSUPP;
6872 goto out_free;
6873 }
6874
6875 if (wdev->current_bss) {
6876 err = -EOPNOTSUPP;
6877 goto out_free;
6878 }
6879
6880 err = nl80211_parse_random_mac(info->attrs,
6881 request->mac_addr,
6882 request->mac_addr_mask);
6883 if (err)
6884 goto out_free;
6885 }
6886 }
6887
6888 request->no_cck =
6889 nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
6890
6891 /* Initial implementation used NL80211_ATTR_MAC to set the specific
6892 * BSSID to scan for. This was problematic because that same attribute
6893 * was already used for another purpose (local random MAC address). The
6894 * NL80211_ATTR_BSSID attribute was added to fix this. For backwards
6895 * compatibility with older userspace components, also use the
6896 * NL80211_ATTR_MAC value here if it can be determined to be used for
6897 * the specific BSSID use case instead of the random MAC address
6898 * (NL80211_ATTR_SCAN_FLAGS is used to enable random MAC address use).
6899 */
6900 if (info->attrs[NL80211_ATTR_BSSID])
6901 memcpy(request->bssid,
6902 nla_data(info->attrs[NL80211_ATTR_BSSID]), ETH_ALEN);
6903 else if (!(request->flags & NL80211_SCAN_FLAG_RANDOM_ADDR) &&
6904 info->attrs[NL80211_ATTR_MAC])
6905 memcpy(request->bssid, nla_data(info->attrs[NL80211_ATTR_MAC]),
6906 ETH_ALEN);
6907 else
6908 eth_broadcast_addr(request->bssid);
6909
6910 request->wdev = wdev;
6911 request->wiphy = &rdev->wiphy;
6912 request->scan_start = jiffies;
6913
6914 rdev->scan_req = request;
6915 err = rdev_scan(rdev, request);
6916
6917 if (!err) {
6918 nl80211_send_scan_start(rdev, wdev);
6919 if (wdev->netdev)
6920 dev_hold(wdev->netdev);
6921 } else {
6922 out_free:
6923 rdev->scan_req = NULL;
6924 kfree(request);
6925 }
6926
6927 unlock:
6928 return err;
6929 }
6930
6931 static int nl80211_abort_scan(struct sk_buff *skb, struct genl_info *info)
6932 {
6933 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6934 struct wireless_dev *wdev = info->user_ptr[1];
6935
6936 if (!rdev->ops->abort_scan)
6937 return -EOPNOTSUPP;
6938
6939 if (rdev->scan_msg)
6940 return 0;
6941
6942 if (!rdev->scan_req)
6943 return -ENOENT;
6944
6945 rdev_abort_scan(rdev, wdev);
6946 return 0;
6947 }
6948
6949 static int
6950 nl80211_parse_sched_scan_plans(struct wiphy *wiphy, int n_plans,
6951 struct cfg80211_sched_scan_request *request,
6952 struct nlattr **attrs)
6953 {
6954 int tmp, err, i = 0;
6955 struct nlattr *attr;
6956
6957 if (!attrs[NL80211_ATTR_SCHED_SCAN_PLANS]) {
6958 u32 interval;
6959
6960 /*
6961 * If scan plans are not specified,
6962 * %NL80211_ATTR_SCHED_SCAN_INTERVAL will be specified. In this
6963 * case one scan plan will be set with the specified scan
6964 * interval and infinite number of iterations.
6965 */
6966 interval = nla_get_u32(attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]);
6967 if (!interval)
6968 return -EINVAL;
6969
6970 request->scan_plans[0].interval =
6971 DIV_ROUND_UP(interval, MSEC_PER_SEC);
6972 if (!request->scan_plans[0].interval)
6973 return -EINVAL;
6974
6975 if (request->scan_plans[0].interval >
6976 wiphy->max_sched_scan_plan_interval)
6977 request->scan_plans[0].interval =
6978 wiphy->max_sched_scan_plan_interval;
6979
6980 return 0;
6981 }
6982
6983 nla_for_each_nested(attr, attrs[NL80211_ATTR_SCHED_SCAN_PLANS], tmp) {
6984 struct nlattr *plan[NL80211_SCHED_SCAN_PLAN_MAX + 1];
6985
6986 if (WARN_ON(i >= n_plans))
6987 return -EINVAL;
6988
6989 err = nla_parse_nested(plan, NL80211_SCHED_SCAN_PLAN_MAX,
6990 attr, nl80211_plan_policy, NULL);
6991 if (err)
6992 return err;
6993
6994 if (!plan[NL80211_SCHED_SCAN_PLAN_INTERVAL])
6995 return -EINVAL;
6996
6997 request->scan_plans[i].interval =
6998 nla_get_u32(plan[NL80211_SCHED_SCAN_PLAN_INTERVAL]);
6999 if (!request->scan_plans[i].interval ||
7000 request->scan_plans[i].interval >
7001 wiphy->max_sched_scan_plan_interval)
7002 return -EINVAL;
7003
7004 if (plan[NL80211_SCHED_SCAN_PLAN_ITERATIONS]) {
7005 request->scan_plans[i].iterations =
7006 nla_get_u32(plan[NL80211_SCHED_SCAN_PLAN_ITERATIONS]);
7007 if (!request->scan_plans[i].iterations ||
7008 (request->scan_plans[i].iterations >
7009 wiphy->max_sched_scan_plan_iterations))
7010 return -EINVAL;
7011 } else if (i < n_plans - 1) {
7012 /*
7013 * All scan plans but the last one must specify
7014 * a finite number of iterations
7015 */
7016 return -EINVAL;
7017 }
7018
7019 i++;
7020 }
7021
7022 /*
7023 * The last scan plan must not specify the number of
7024 * iterations, it is supposed to run infinitely
7025 */
7026 if (request->scan_plans[n_plans - 1].iterations)
7027 return -EINVAL;
7028
7029 return 0;
7030 }
7031
7032 static struct cfg80211_sched_scan_request *
7033 nl80211_parse_sched_scan(struct wiphy *wiphy, struct wireless_dev *wdev,
7034 struct nlattr **attrs, int max_match_sets)
7035 {
7036 struct cfg80211_sched_scan_request *request;
7037 struct nlattr *attr;
7038 int err, tmp, n_ssids = 0, n_match_sets = 0, n_channels, i, n_plans = 0;
7039 enum nl80211_band band;
7040 size_t ie_len;
7041 struct nlattr *tb[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1];
7042 s32 default_match_rssi = NL80211_SCAN_RSSI_THOLD_OFF;
7043
7044 if (!is_valid_ie_attr(attrs[NL80211_ATTR_IE]))
7045 return ERR_PTR(-EINVAL);
7046
7047 if (attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
7048 n_channels = validate_scan_freqs(
7049 attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
7050 if (!n_channels)
7051 return ERR_PTR(-EINVAL);
7052 } else {
7053 n_channels = ieee80211_get_num_supported_channels(wiphy);
7054 }
7055
7056 if (attrs[NL80211_ATTR_SCAN_SSIDS])
7057 nla_for_each_nested(attr, attrs[NL80211_ATTR_SCAN_SSIDS],
7058 tmp)
7059 n_ssids++;
7060
7061 if (n_ssids > wiphy->max_sched_scan_ssids)
7062 return ERR_PTR(-EINVAL);
7063
7064 /*
7065 * First, count the number of 'real' matchsets. Due to an issue with
7066 * the old implementation, matchsets containing only the RSSI attribute
7067 * (NL80211_SCHED_SCAN_MATCH_ATTR_RSSI) are considered as the 'default'
7068 * RSSI for all matchsets, rather than their own matchset for reporting
7069 * all APs with a strong RSSI. This is needed to be compatible with
7070 * older userspace that treated a matchset with only the RSSI as the
7071 * global RSSI for all other matchsets - if there are other matchsets.
7072 */
7073 if (attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
7074 nla_for_each_nested(attr,
7075 attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
7076 tmp) {
7077 struct nlattr *rssi;
7078
7079 err = nla_parse_nested(tb,
7080 NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
7081 attr, nl80211_match_policy,
7082 NULL);
7083 if (err)
7084 return ERR_PTR(err);
7085
7086 /* SSID and BSSID are mutually exclusive */
7087 if (tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID] &&
7088 tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID])
7089 return ERR_PTR(-EINVAL);
7090
7091 /* add other standalone attributes here */
7092 if (tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID] ||
7093 tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID]) {
7094 n_match_sets++;
7095 continue;
7096 }
7097 rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
7098 if (rssi)
7099 default_match_rssi = nla_get_s32(rssi);
7100 }
7101 }
7102
7103 /* However, if there's no other matchset, add the RSSI one */
7104 if (!n_match_sets && default_match_rssi != NL80211_SCAN_RSSI_THOLD_OFF)
7105 n_match_sets = 1;
7106
7107 if (n_match_sets > max_match_sets)
7108 return ERR_PTR(-EINVAL);
7109
7110 if (attrs[NL80211_ATTR_IE])
7111 ie_len = nla_len(attrs[NL80211_ATTR_IE]);
7112 else
7113 ie_len = 0;
7114
7115 if (ie_len > wiphy->max_sched_scan_ie_len)
7116 return ERR_PTR(-EINVAL);
7117
7118 if (attrs[NL80211_ATTR_SCHED_SCAN_PLANS]) {
7119 /*
7120 * NL80211_ATTR_SCHED_SCAN_INTERVAL must not be specified since
7121 * each scan plan already specifies its own interval
7122 */
7123 if (attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
7124 return ERR_PTR(-EINVAL);
7125
7126 nla_for_each_nested(attr,
7127 attrs[NL80211_ATTR_SCHED_SCAN_PLANS], tmp)
7128 n_plans++;
7129 } else {
7130 /*
7131 * The scan interval attribute is kept for backward
7132 * compatibility. If no scan plans are specified and sched scan
7133 * interval is specified, one scan plan will be set with this
7134 * scan interval and infinite number of iterations.
7135 */
7136 if (!attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
7137 return ERR_PTR(-EINVAL);
7138
7139 n_plans = 1;
7140 }
7141
7142 if (!n_plans || n_plans > wiphy->max_sched_scan_plans)
7143 return ERR_PTR(-EINVAL);
7144
7145 if (!wiphy_ext_feature_isset(
7146 wiphy, NL80211_EXT_FEATURE_SCHED_SCAN_RELATIVE_RSSI) &&
7147 (attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI] ||
7148 attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]))
7149 return ERR_PTR(-EINVAL);
7150
7151 request = kzalloc(sizeof(*request)
7152 + sizeof(*request->ssids) * n_ssids
7153 + sizeof(*request->match_sets) * n_match_sets
7154 + sizeof(*request->scan_plans) * n_plans
7155 + sizeof(*request->channels) * n_channels
7156 + ie_len, GFP_KERNEL);
7157 if (!request)
7158 return ERR_PTR(-ENOMEM);
7159
7160 if (n_ssids)
7161 request->ssids = (void *)&request->channels[n_channels];
7162 request->n_ssids = n_ssids;
7163 if (ie_len) {
7164 if (n_ssids)
7165 request->ie = (void *)(request->ssids + n_ssids);
7166 else
7167 request->ie = (void *)(request->channels + n_channels);
7168 }
7169
7170 if (n_match_sets) {
7171 if (request->ie)
7172 request->match_sets = (void *)(request->ie + ie_len);
7173 else if (n_ssids)
7174 request->match_sets =
7175 (void *)(request->ssids + n_ssids);
7176 else
7177 request->match_sets =
7178 (void *)(request->channels + n_channels);
7179 }
7180 request->n_match_sets = n_match_sets;
7181
7182 if (n_match_sets)
7183 request->scan_plans = (void *)(request->match_sets +
7184 n_match_sets);
7185 else if (request->ie)
7186 request->scan_plans = (void *)(request->ie + ie_len);
7187 else if (n_ssids)
7188 request->scan_plans = (void *)(request->ssids + n_ssids);
7189 else
7190 request->scan_plans = (void *)(request->channels + n_channels);
7191
7192 request->n_scan_plans = n_plans;
7193
7194 i = 0;
7195 if (attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
7196 /* user specified, bail out if channel not found */
7197 nla_for_each_nested(attr,
7198 attrs[NL80211_ATTR_SCAN_FREQUENCIES],
7199 tmp) {
7200 struct ieee80211_channel *chan;
7201
7202 chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
7203
7204 if (!chan) {
7205 err = -EINVAL;
7206 goto out_free;
7207 }
7208
7209 /* ignore disabled channels */
7210 if (chan->flags & IEEE80211_CHAN_DISABLED)
7211 continue;
7212
7213 request->channels[i] = chan;
7214 i++;
7215 }
7216 } else {
7217 /* all channels */
7218 for (band = 0; band < NUM_NL80211_BANDS; band++) {
7219 int j;
7220
7221 if (!wiphy->bands[band])
7222 continue;
7223 for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
7224 struct ieee80211_channel *chan;
7225
7226 chan = &wiphy->bands[band]->channels[j];
7227
7228 if (chan->flags & IEEE80211_CHAN_DISABLED)
7229 continue;
7230
7231 request->channels[i] = chan;
7232 i++;
7233 }
7234 }
7235 }
7236
7237 if (!i) {
7238 err = -EINVAL;
7239 goto out_free;
7240 }
7241
7242 request->n_channels = i;
7243
7244 i = 0;
7245 if (n_ssids) {
7246 nla_for_each_nested(attr, attrs[NL80211_ATTR_SCAN_SSIDS],
7247 tmp) {
7248 if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
7249 err = -EINVAL;
7250 goto out_free;
7251 }
7252 request->ssids[i].ssid_len = nla_len(attr);
7253 memcpy(request->ssids[i].ssid, nla_data(attr),
7254 nla_len(attr));
7255 i++;
7256 }
7257 }
7258
7259 i = 0;
7260 if (attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
7261 nla_for_each_nested(attr,
7262 attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
7263 tmp) {
7264 struct nlattr *ssid, *bssid, *rssi;
7265
7266 err = nla_parse_nested(tb,
7267 NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
7268 attr, nl80211_match_policy,
7269 NULL);
7270 if (err)
7271 goto out_free;
7272 ssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID];
7273 bssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID];
7274 if (ssid || bssid) {
7275 if (WARN_ON(i >= n_match_sets)) {
7276 /* this indicates a programming error,
7277 * the loop above should have verified
7278 * things properly
7279 */
7280 err = -EINVAL;
7281 goto out_free;
7282 }
7283
7284 if (ssid) {
7285 if (nla_len(ssid) > IEEE80211_MAX_SSID_LEN) {
7286 err = -EINVAL;
7287 goto out_free;
7288 }
7289 memcpy(request->match_sets[i].ssid.ssid,
7290 nla_data(ssid), nla_len(ssid));
7291 request->match_sets[i].ssid.ssid_len =
7292 nla_len(ssid);
7293 }
7294 if (bssid) {
7295 if (nla_len(bssid) != ETH_ALEN) {
7296 err = -EINVAL;
7297 goto out_free;
7298 }
7299 memcpy(request->match_sets[i].bssid,
7300 nla_data(bssid), ETH_ALEN);
7301 }
7302
7303 /* special attribute - old implementation w/a */
7304 request->match_sets[i].rssi_thold =
7305 default_match_rssi;
7306 rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
7307 if (rssi)
7308 request->match_sets[i].rssi_thold =
7309 nla_get_s32(rssi);
7310 }
7311 i++;
7312 }
7313
7314 /* there was no other matchset, so the RSSI one is alone */
7315 if (i == 0 && n_match_sets)
7316 request->match_sets[0].rssi_thold = default_match_rssi;
7317
7318 request->min_rssi_thold = INT_MAX;
7319 for (i = 0; i < n_match_sets; i++)
7320 request->min_rssi_thold =
7321 min(request->match_sets[i].rssi_thold,
7322 request->min_rssi_thold);
7323 } else {
7324 request->min_rssi_thold = NL80211_SCAN_RSSI_THOLD_OFF;
7325 }
7326
7327 if (ie_len) {
7328 request->ie_len = ie_len;
7329 memcpy((void *)request->ie,
7330 nla_data(attrs[NL80211_ATTR_IE]),
7331 request->ie_len);
7332 }
7333
7334 if (attrs[NL80211_ATTR_SCAN_FLAGS]) {
7335 request->flags = nla_get_u32(
7336 attrs[NL80211_ATTR_SCAN_FLAGS]);
7337 if ((request->flags & NL80211_SCAN_FLAG_LOW_PRIORITY) &&
7338 !(wiphy->features & NL80211_FEATURE_LOW_PRIORITY_SCAN)) {
7339 err = -EOPNOTSUPP;
7340 goto out_free;
7341 }
7342
7343 if (request->flags & NL80211_SCAN_FLAG_RANDOM_ADDR) {
7344 u32 flg = NL80211_FEATURE_SCHED_SCAN_RANDOM_MAC_ADDR;
7345
7346 if (!wdev) /* must be net-detect */
7347 flg = NL80211_FEATURE_ND_RANDOM_MAC_ADDR;
7348
7349 if (!(wiphy->features & flg)) {
7350 err = -EOPNOTSUPP;
7351 goto out_free;
7352 }
7353
7354 if (wdev && wdev->current_bss) {
7355 err = -EOPNOTSUPP;
7356 goto out_free;
7357 }
7358
7359 err = nl80211_parse_random_mac(attrs, request->mac_addr,
7360 request->mac_addr_mask);
7361 if (err)
7362 goto out_free;
7363 }
7364 }
7365
7366 if (attrs[NL80211_ATTR_SCHED_SCAN_DELAY])
7367 request->delay =
7368 nla_get_u32(attrs[NL80211_ATTR_SCHED_SCAN_DELAY]);
7369
7370 if (attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI]) {
7371 request->relative_rssi = nla_get_s8(
7372 attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI]);
7373 request->relative_rssi_set = true;
7374 }
7375
7376 if (request->relative_rssi_set &&
7377 attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]) {
7378 struct nl80211_bss_select_rssi_adjust *rssi_adjust;
7379
7380 rssi_adjust = nla_data(
7381 attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]);
7382 request->rssi_adjust.band = rssi_adjust->band;
7383 request->rssi_adjust.delta = rssi_adjust->delta;
7384 if (!is_band_valid(wiphy, request->rssi_adjust.band)) {
7385 err = -EINVAL;
7386 goto out_free;
7387 }
7388 }
7389
7390 err = nl80211_parse_sched_scan_plans(wiphy, n_plans, request, attrs);
7391 if (err)
7392 goto out_free;
7393
7394 request->scan_start = jiffies;
7395
7396 return request;
7397
7398 out_free:
7399 kfree(request);
7400 return ERR_PTR(err);
7401 }
7402
7403 static int nl80211_start_sched_scan(struct sk_buff *skb,
7404 struct genl_info *info)
7405 {
7406 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7407 struct net_device *dev = info->user_ptr[1];
7408 struct wireless_dev *wdev = dev->ieee80211_ptr;
7409 struct cfg80211_sched_scan_request *sched_scan_req;
7410 bool want_multi;
7411 int err;
7412
7413 if (!rdev->wiphy.max_sched_scan_reqs || !rdev->ops->sched_scan_start)
7414 return -EOPNOTSUPP;
7415
7416 want_multi = info->attrs[NL80211_ATTR_SCHED_SCAN_MULTI];
7417 err = cfg80211_sched_scan_req_possible(rdev, want_multi);
7418 if (err)
7419 return err;
7420
7421 sched_scan_req = nl80211_parse_sched_scan(&rdev->wiphy, wdev,
7422 info->attrs,
7423 rdev->wiphy.max_match_sets);
7424
7425 err = PTR_ERR_OR_ZERO(sched_scan_req);
7426 if (err)
7427 goto out_err;
7428
7429 /* leave request id zero for legacy request
7430 * or if driver does not support multi-scheduled scan
7431 */
7432 if (want_multi && rdev->wiphy.max_sched_scan_reqs > 1) {
7433 while (!sched_scan_req->reqid)
7434 sched_scan_req->reqid = rdev->wiphy.cookie_counter++;
7435 }
7436
7437 err = rdev_sched_scan_start(rdev, dev, sched_scan_req);
7438 if (err)
7439 goto out_free;
7440
7441 sched_scan_req->dev = dev;
7442 sched_scan_req->wiphy = &rdev->wiphy;
7443
7444 if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
7445 sched_scan_req->owner_nlportid = info->snd_portid;
7446
7447 cfg80211_add_sched_scan_req(rdev, sched_scan_req);
7448
7449 nl80211_send_sched_scan(sched_scan_req, NL80211_CMD_START_SCHED_SCAN);
7450 return 0;
7451
7452 out_free:
7453 kfree(sched_scan_req);
7454 out_err:
7455 return err;
7456 }
7457
7458 static int nl80211_stop_sched_scan(struct sk_buff *skb,
7459 struct genl_info *info)
7460 {
7461 struct cfg80211_sched_scan_request *req;
7462 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7463 u64 cookie;
7464
7465 if (!rdev->wiphy.max_sched_scan_reqs || !rdev->ops->sched_scan_stop)
7466 return -EOPNOTSUPP;
7467
7468 if (info->attrs[NL80211_ATTR_COOKIE]) {
7469 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
7470 return __cfg80211_stop_sched_scan(rdev, cookie, false);
7471 }
7472
7473 req = list_first_or_null_rcu(&rdev->sched_scan_req_list,
7474 struct cfg80211_sched_scan_request,
7475 list);
7476 if (!req || req->reqid ||
7477 (req->owner_nlportid &&
7478 req->owner_nlportid != info->snd_portid))
7479 return -ENOENT;
7480
7481 return cfg80211_stop_sched_scan_req(rdev, req, false);
7482 }
7483
7484 static int nl80211_start_radar_detection(struct sk_buff *skb,
7485 struct genl_info *info)
7486 {
7487 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7488 struct net_device *dev = info->user_ptr[1];
7489 struct wireless_dev *wdev = dev->ieee80211_ptr;
7490 struct cfg80211_chan_def chandef;
7491 enum nl80211_dfs_regions dfs_region;
7492 unsigned int cac_time_ms;
7493 int err;
7494
7495 dfs_region = reg_get_dfs_region(wdev->wiphy);
7496 if (dfs_region == NL80211_DFS_UNSET)
7497 return -EINVAL;
7498
7499 err = nl80211_parse_chandef(rdev, info, &chandef);
7500 if (err)
7501 return err;
7502
7503 if (netif_carrier_ok(dev))
7504 return -EBUSY;
7505
7506 if (wdev->cac_started)
7507 return -EBUSY;
7508
7509 err = cfg80211_chandef_dfs_required(wdev->wiphy, &chandef,
7510 wdev->iftype);
7511 if (err < 0)
7512 return err;
7513
7514 if (err == 0)
7515 return -EINVAL;
7516
7517 if (!cfg80211_chandef_dfs_usable(wdev->wiphy, &chandef))
7518 return -EINVAL;
7519
7520 if (!rdev->ops->start_radar_detection)
7521 return -EOPNOTSUPP;
7522
7523 cac_time_ms = cfg80211_chandef_dfs_cac_time(&rdev->wiphy, &chandef);
7524 if (WARN_ON(!cac_time_ms))
7525 cac_time_ms = IEEE80211_DFS_MIN_CAC_TIME_MS;
7526
7527 err = rdev_start_radar_detection(rdev, dev, &chandef, cac_time_ms);
7528 if (!err) {
7529 wdev->chandef = chandef;
7530 wdev->cac_started = true;
7531 wdev->cac_start_time = jiffies;
7532 wdev->cac_time_ms = cac_time_ms;
7533 }
7534 return err;
7535 }
7536
7537 static int nl80211_channel_switch(struct sk_buff *skb, struct genl_info *info)
7538 {
7539 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7540 struct net_device *dev = info->user_ptr[1];
7541 struct wireless_dev *wdev = dev->ieee80211_ptr;
7542 struct cfg80211_csa_settings params;
7543 /* csa_attrs is defined static to avoid waste of stack size - this
7544 * function is called under RTNL lock, so this should not be a problem.
7545 */
7546 static struct nlattr *csa_attrs[NL80211_ATTR_MAX+1];
7547 int err;
7548 bool need_new_beacon = false;
7549 bool need_handle_dfs_flag = true;
7550 int len, i;
7551 u32 cs_count;
7552
7553 if (!rdev->ops->channel_switch ||
7554 !(rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH))
7555 return -EOPNOTSUPP;
7556
7557 switch (dev->ieee80211_ptr->iftype) {
7558 case NL80211_IFTYPE_AP:
7559 case NL80211_IFTYPE_P2P_GO:
7560 need_new_beacon = true;
7561 /* For all modes except AP the handle_dfs flag needs to be
7562 * supplied to tell the kernel that userspace will handle radar
7563 * events when they happen. Otherwise a switch to a channel
7564 * requiring DFS will be rejected.
7565 */
7566 need_handle_dfs_flag = false;
7567
7568 /* useless if AP is not running */
7569 if (!wdev->beacon_interval)
7570 return -ENOTCONN;
7571 break;
7572 case NL80211_IFTYPE_ADHOC:
7573 if (!wdev->ssid_len)
7574 return -ENOTCONN;
7575 break;
7576 case NL80211_IFTYPE_MESH_POINT:
7577 if (!wdev->mesh_id_len)
7578 return -ENOTCONN;
7579 break;
7580 default:
7581 return -EOPNOTSUPP;
7582 }
7583
7584 memset(&params, 0, sizeof(params));
7585
7586 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
7587 !info->attrs[NL80211_ATTR_CH_SWITCH_COUNT])
7588 return -EINVAL;
7589
7590 /* only important for AP, IBSS and mesh create IEs internally */
7591 if (need_new_beacon && !info->attrs[NL80211_ATTR_CSA_IES])
7592 return -EINVAL;
7593
7594 /* Even though the attribute is u32, the specification says
7595 * u8, so let's make sure we don't overflow.
7596 */
7597 cs_count = nla_get_u32(info->attrs[NL80211_ATTR_CH_SWITCH_COUNT]);
7598 if (cs_count > 255)
7599 return -EINVAL;
7600
7601 params.count = cs_count;
7602
7603 if (!need_new_beacon)
7604 goto skip_beacons;
7605
7606 err = nl80211_parse_beacon(info->attrs, &params.beacon_after);
7607 if (err)
7608 return err;
7609
7610 err = nla_parse_nested(csa_attrs, NL80211_ATTR_MAX,
7611 info->attrs[NL80211_ATTR_CSA_IES],
7612 nl80211_policy, info->extack);
7613 if (err)
7614 return err;
7615
7616 err = nl80211_parse_beacon(csa_attrs, &params.beacon_csa);
7617 if (err)
7618 return err;
7619
7620 if (!csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON])
7621 return -EINVAL;
7622
7623 len = nla_len(csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON]);
7624 if (!len || (len % sizeof(u16)))
7625 return -EINVAL;
7626
7627 params.n_counter_offsets_beacon = len / sizeof(u16);
7628 if (rdev->wiphy.max_num_csa_counters &&
7629 (params.n_counter_offsets_beacon >
7630 rdev->wiphy.max_num_csa_counters))
7631 return -EINVAL;
7632
7633 params.counter_offsets_beacon =
7634 nla_data(csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON]);
7635
7636 /* sanity checks - counters should fit and be the same */
7637 for (i = 0; i < params.n_counter_offsets_beacon; i++) {
7638 u16 offset = params.counter_offsets_beacon[i];
7639
7640 if (offset >= params.beacon_csa.tail_len)
7641 return -EINVAL;
7642
7643 if (params.beacon_csa.tail[offset] != params.count)
7644 return -EINVAL;
7645 }
7646
7647 if (csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]) {
7648 len = nla_len(csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]);
7649 if (!len || (len % sizeof(u16)))
7650 return -EINVAL;
7651
7652 params.n_counter_offsets_presp = len / sizeof(u16);
7653 if (rdev->wiphy.max_num_csa_counters &&
7654 (params.n_counter_offsets_presp >
7655 rdev->wiphy.max_num_csa_counters))
7656 return -EINVAL;
7657
7658 params.counter_offsets_presp =
7659 nla_data(csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]);
7660
7661 /* sanity checks - counters should fit and be the same */
7662 for (i = 0; i < params.n_counter_offsets_presp; i++) {
7663 u16 offset = params.counter_offsets_presp[i];
7664
7665 if (offset >= params.beacon_csa.probe_resp_len)
7666 return -EINVAL;
7667
7668 if (params.beacon_csa.probe_resp[offset] !=
7669 params.count)
7670 return -EINVAL;
7671 }
7672 }
7673
7674 skip_beacons:
7675 err = nl80211_parse_chandef(rdev, info, &params.chandef);
7676 if (err)
7677 return err;
7678
7679 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &params.chandef,
7680 wdev->iftype))
7681 return -EINVAL;
7682
7683 err = cfg80211_chandef_dfs_required(wdev->wiphy,
7684 &params.chandef,
7685 wdev->iftype);
7686 if (err < 0)
7687 return err;
7688
7689 if (err > 0) {
7690 params.radar_required = true;
7691 if (need_handle_dfs_flag &&
7692 !nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS])) {
7693 return -EINVAL;
7694 }
7695 }
7696
7697 if (info->attrs[NL80211_ATTR_CH_SWITCH_BLOCK_TX])
7698 params.block_tx = true;
7699
7700 wdev_lock(wdev);
7701 err = rdev_channel_switch(rdev, dev, &params);
7702 wdev_unlock(wdev);
7703
7704 return err;
7705 }
7706
7707 static int nl80211_send_bss(struct sk_buff *msg, struct netlink_callback *cb,
7708 u32 seq, int flags,
7709 struct cfg80211_registered_device *rdev,
7710 struct wireless_dev *wdev,
7711 struct cfg80211_internal_bss *intbss)
7712 {
7713 struct cfg80211_bss *res = &intbss->pub;
7714 const struct cfg80211_bss_ies *ies;
7715 void *hdr;
7716 struct nlattr *bss;
7717
7718 ASSERT_WDEV_LOCK(wdev);
7719
7720 hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags,
7721 NL80211_CMD_NEW_SCAN_RESULTS);
7722 if (!hdr)
7723 return -1;
7724
7725 genl_dump_check_consistent(cb, hdr, &nl80211_fam);
7726
7727 if (nla_put_u32(msg, NL80211_ATTR_GENERATION, rdev->bss_generation))
7728 goto nla_put_failure;
7729 if (wdev->netdev &&
7730 nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex))
7731 goto nla_put_failure;
7732 if (nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
7733 NL80211_ATTR_PAD))
7734 goto nla_put_failure;
7735
7736 bss = nla_nest_start(msg, NL80211_ATTR_BSS);
7737 if (!bss)
7738 goto nla_put_failure;
7739 if ((!is_zero_ether_addr(res->bssid) &&
7740 nla_put(msg, NL80211_BSS_BSSID, ETH_ALEN, res->bssid)))
7741 goto nla_put_failure;
7742
7743 rcu_read_lock();
7744 /* indicate whether we have probe response data or not */
7745 if (rcu_access_pointer(res->proberesp_ies) &&
7746 nla_put_flag(msg, NL80211_BSS_PRESP_DATA))
7747 goto fail_unlock_rcu;
7748
7749 /* this pointer prefers to be pointed to probe response data
7750 * but is always valid
7751 */
7752 ies = rcu_dereference(res->ies);
7753 if (ies) {
7754 if (nla_put_u64_64bit(msg, NL80211_BSS_TSF, ies->tsf,
7755 NL80211_BSS_PAD))
7756 goto fail_unlock_rcu;
7757 if (ies->len && nla_put(msg, NL80211_BSS_INFORMATION_ELEMENTS,
7758 ies->len, ies->data))
7759 goto fail_unlock_rcu;
7760 }
7761
7762 /* and this pointer is always (unless driver didn't know) beacon data */
7763 ies = rcu_dereference(res->beacon_ies);
7764 if (ies && ies->from_beacon) {
7765 if (nla_put_u64_64bit(msg, NL80211_BSS_BEACON_TSF, ies->tsf,
7766 NL80211_BSS_PAD))
7767 goto fail_unlock_rcu;
7768 if (ies->len && nla_put(msg, NL80211_BSS_BEACON_IES,
7769 ies->len, ies->data))
7770 goto fail_unlock_rcu;
7771 }
7772 rcu_read_unlock();
7773
7774 if (res->beacon_interval &&
7775 nla_put_u16(msg, NL80211_BSS_BEACON_INTERVAL, res->beacon_interval))
7776 goto nla_put_failure;
7777 if (nla_put_u16(msg, NL80211_BSS_CAPABILITY, res->capability) ||
7778 nla_put_u32(msg, NL80211_BSS_FREQUENCY, res->channel->center_freq) ||
7779 nla_put_u32(msg, NL80211_BSS_CHAN_WIDTH, res->scan_width) ||
7780 nla_put_u32(msg, NL80211_BSS_SEEN_MS_AGO,
7781 jiffies_to_msecs(jiffies - intbss->ts)))
7782 goto nla_put_failure;
7783
7784 if (intbss->parent_tsf &&
7785 (nla_put_u64_64bit(msg, NL80211_BSS_PARENT_TSF,
7786 intbss->parent_tsf, NL80211_BSS_PAD) ||
7787 nla_put(msg, NL80211_BSS_PARENT_BSSID, ETH_ALEN,
7788 intbss->parent_bssid)))
7789 goto nla_put_failure;
7790
7791 if (intbss->ts_boottime &&
7792 nla_put_u64_64bit(msg, NL80211_BSS_LAST_SEEN_BOOTTIME,
7793 intbss->ts_boottime, NL80211_BSS_PAD))
7794 goto nla_put_failure;
7795
7796 switch (rdev->wiphy.signal_type) {
7797 case CFG80211_SIGNAL_TYPE_MBM:
7798 if (nla_put_u32(msg, NL80211_BSS_SIGNAL_MBM, res->signal))
7799 goto nla_put_failure;
7800 break;
7801 case CFG80211_SIGNAL_TYPE_UNSPEC:
7802 if (nla_put_u8(msg, NL80211_BSS_SIGNAL_UNSPEC, res->signal))
7803 goto nla_put_failure;
7804 break;
7805 default:
7806 break;
7807 }
7808
7809 switch (wdev->iftype) {
7810 case NL80211_IFTYPE_P2P_CLIENT:
7811 case NL80211_IFTYPE_STATION:
7812 if (intbss == wdev->current_bss &&
7813 nla_put_u32(msg, NL80211_BSS_STATUS,
7814 NL80211_BSS_STATUS_ASSOCIATED))
7815 goto nla_put_failure;
7816 break;
7817 case NL80211_IFTYPE_ADHOC:
7818 if (intbss == wdev->current_bss &&
7819 nla_put_u32(msg, NL80211_BSS_STATUS,
7820 NL80211_BSS_STATUS_IBSS_JOINED))
7821 goto nla_put_failure;
7822 break;
7823 default:
7824 break;
7825 }
7826
7827 nla_nest_end(msg, bss);
7828
7829 genlmsg_end(msg, hdr);
7830 return 0;
7831
7832 fail_unlock_rcu:
7833 rcu_read_unlock();
7834 nla_put_failure:
7835 genlmsg_cancel(msg, hdr);
7836 return -EMSGSIZE;
7837 }
7838
7839 static int nl80211_dump_scan(struct sk_buff *skb, struct netlink_callback *cb)
7840 {
7841 struct cfg80211_registered_device *rdev;
7842 struct cfg80211_internal_bss *scan;
7843 struct wireless_dev *wdev;
7844 int start = cb->args[2], idx = 0;
7845 int err;
7846
7847 rtnl_lock();
7848 err = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev);
7849 if (err) {
7850 rtnl_unlock();
7851 return err;
7852 }
7853
7854 wdev_lock(wdev);
7855 spin_lock_bh(&rdev->bss_lock);
7856 cfg80211_bss_expire(rdev);
7857
7858 cb->seq = rdev->bss_generation;
7859
7860 list_for_each_entry(scan, &rdev->bss_list, list) {
7861 if (++idx <= start)
7862 continue;
7863 if (nl80211_send_bss(skb, cb,
7864 cb->nlh->nlmsg_seq, NLM_F_MULTI,
7865 rdev, wdev, scan) < 0) {
7866 idx--;
7867 break;
7868 }
7869 }
7870
7871 spin_unlock_bh(&rdev->bss_lock);
7872 wdev_unlock(wdev);
7873
7874 cb->args[2] = idx;
7875 rtnl_unlock();
7876
7877 return skb->len;
7878 }
7879
7880 static int nl80211_send_survey(struct sk_buff *msg, u32 portid, u32 seq,
7881 int flags, struct net_device *dev,
7882 bool allow_radio_stats,
7883 struct survey_info *survey)
7884 {
7885 void *hdr;
7886 struct nlattr *infoattr;
7887
7888 /* skip radio stats if userspace didn't request them */
7889 if (!survey->channel && !allow_radio_stats)
7890 return 0;
7891
7892 hdr = nl80211hdr_put(msg, portid, seq, flags,
7893 NL80211_CMD_NEW_SURVEY_RESULTS);
7894 if (!hdr)
7895 return -ENOMEM;
7896
7897 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
7898 goto nla_put_failure;
7899
7900 infoattr = nla_nest_start(msg, NL80211_ATTR_SURVEY_INFO);
7901 if (!infoattr)
7902 goto nla_put_failure;
7903
7904 if (survey->channel &&
7905 nla_put_u32(msg, NL80211_SURVEY_INFO_FREQUENCY,
7906 survey->channel->center_freq))
7907 goto nla_put_failure;
7908
7909 if ((survey->filled & SURVEY_INFO_NOISE_DBM) &&
7910 nla_put_u8(msg, NL80211_SURVEY_INFO_NOISE, survey->noise))
7911 goto nla_put_failure;
7912 if ((survey->filled & SURVEY_INFO_IN_USE) &&
7913 nla_put_flag(msg, NL80211_SURVEY_INFO_IN_USE))
7914 goto nla_put_failure;
7915 if ((survey->filled & SURVEY_INFO_TIME) &&
7916 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME,
7917 survey->time, NL80211_SURVEY_INFO_PAD))
7918 goto nla_put_failure;
7919 if ((survey->filled & SURVEY_INFO_TIME_BUSY) &&
7920 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_BUSY,
7921 survey->time_busy, NL80211_SURVEY_INFO_PAD))
7922 goto nla_put_failure;
7923 if ((survey->filled & SURVEY_INFO_TIME_EXT_BUSY) &&
7924 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_EXT_BUSY,
7925 survey->time_ext_busy, NL80211_SURVEY_INFO_PAD))
7926 goto nla_put_failure;
7927 if ((survey->filled & SURVEY_INFO_TIME_RX) &&
7928 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_RX,
7929 survey->time_rx, NL80211_SURVEY_INFO_PAD))
7930 goto nla_put_failure;
7931 if ((survey->filled & SURVEY_INFO_TIME_TX) &&
7932 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_TX,
7933 survey->time_tx, NL80211_SURVEY_INFO_PAD))
7934 goto nla_put_failure;
7935 if ((survey->filled & SURVEY_INFO_TIME_SCAN) &&
7936 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_SCAN,
7937 survey->time_scan, NL80211_SURVEY_INFO_PAD))
7938 goto nla_put_failure;
7939
7940 nla_nest_end(msg, infoattr);
7941
7942 genlmsg_end(msg, hdr);
7943 return 0;
7944
7945 nla_put_failure:
7946 genlmsg_cancel(msg, hdr);
7947 return -EMSGSIZE;
7948 }
7949
7950 static int nl80211_dump_survey(struct sk_buff *skb, struct netlink_callback *cb)
7951 {
7952 struct nlattr **attrbuf = genl_family_attrbuf(&nl80211_fam);
7953 struct survey_info survey;
7954 struct cfg80211_registered_device *rdev;
7955 struct wireless_dev *wdev;
7956 int survey_idx = cb->args[2];
7957 int res;
7958 bool radio_stats;
7959
7960 rtnl_lock();
7961 res = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev);
7962 if (res)
7963 goto out_err;
7964
7965 /* prepare_wdev_dump parsed the attributes */
7966 radio_stats = attrbuf[NL80211_ATTR_SURVEY_RADIO_STATS];
7967
7968 if (!wdev->netdev) {
7969 res = -EINVAL;
7970 goto out_err;
7971 }
7972
7973 if (!rdev->ops->dump_survey) {
7974 res = -EOPNOTSUPP;
7975 goto out_err;
7976 }
7977
7978 while (1) {
7979 res = rdev_dump_survey(rdev, wdev->netdev, survey_idx, &survey);
7980 if (res == -ENOENT)
7981 break;
7982 if (res)
7983 goto out_err;
7984
7985 /* don't send disabled channels, but do send non-channel data */
7986 if (survey.channel &&
7987 survey.channel->flags & IEEE80211_CHAN_DISABLED) {
7988 survey_idx++;
7989 continue;
7990 }
7991
7992 if (nl80211_send_survey(skb,
7993 NETLINK_CB(cb->skb).portid,
7994 cb->nlh->nlmsg_seq, NLM_F_MULTI,
7995 wdev->netdev, radio_stats, &survey) < 0)
7996 goto out;
7997 survey_idx++;
7998 }
7999
8000 out:
8001 cb->args[2] = survey_idx;
8002 res = skb->len;
8003 out_err:
8004 rtnl_unlock();
8005 return res;
8006 }
8007
8008 static bool nl80211_valid_wpa_versions(u32 wpa_versions)
8009 {
8010 return !(wpa_versions & ~(NL80211_WPA_VERSION_1 |
8011 NL80211_WPA_VERSION_2));
8012 }
8013
8014 static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info)
8015 {
8016 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8017 struct net_device *dev = info->user_ptr[1];
8018 struct ieee80211_channel *chan;
8019 const u8 *bssid, *ssid, *ie = NULL, *auth_data = NULL;
8020 int err, ssid_len, ie_len = 0, auth_data_len = 0;
8021 enum nl80211_auth_type auth_type;
8022 struct key_parse key;
8023 bool local_state_change;
8024
8025 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
8026 return -EINVAL;
8027
8028 if (!info->attrs[NL80211_ATTR_MAC])
8029 return -EINVAL;
8030
8031 if (!info->attrs[NL80211_ATTR_AUTH_TYPE])
8032 return -EINVAL;
8033
8034 if (!info->attrs[NL80211_ATTR_SSID])
8035 return -EINVAL;
8036
8037 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
8038 return -EINVAL;
8039
8040 err = nl80211_parse_key(info, &key);
8041 if (err)
8042 return err;
8043
8044 if (key.idx >= 0) {
8045 if (key.type != -1 && key.type != NL80211_KEYTYPE_GROUP)
8046 return -EINVAL;
8047 if (!key.p.key || !key.p.key_len)
8048 return -EINVAL;
8049 if ((key.p.cipher != WLAN_CIPHER_SUITE_WEP40 ||
8050 key.p.key_len != WLAN_KEY_LEN_WEP40) &&
8051 (key.p.cipher != WLAN_CIPHER_SUITE_WEP104 ||
8052 key.p.key_len != WLAN_KEY_LEN_WEP104))
8053 return -EINVAL;
8054 if (key.idx > 3)
8055 return -EINVAL;
8056 } else {
8057 key.p.key_len = 0;
8058 key.p.key = NULL;
8059 }
8060
8061 if (key.idx >= 0) {
8062 int i;
8063 bool ok = false;
8064
8065 for (i = 0; i < rdev->wiphy.n_cipher_suites; i++) {
8066 if (key.p.cipher == rdev->wiphy.cipher_suites[i]) {
8067 ok = true;
8068 break;
8069 }
8070 }
8071 if (!ok)
8072 return -EINVAL;
8073 }
8074
8075 if (!rdev->ops->auth)
8076 return -EOPNOTSUPP;
8077
8078 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
8079 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
8080 return -EOPNOTSUPP;
8081
8082 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
8083 chan = nl80211_get_valid_chan(&rdev->wiphy,
8084 info->attrs[NL80211_ATTR_WIPHY_FREQ]);
8085 if (!chan)
8086 return -EINVAL;
8087
8088 ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
8089 ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
8090
8091 if (info->attrs[NL80211_ATTR_IE]) {
8092 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
8093 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
8094 }
8095
8096 auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
8097 if (!nl80211_valid_auth_type(rdev, auth_type, NL80211_CMD_AUTHENTICATE))
8098 return -EINVAL;
8099
8100 if ((auth_type == NL80211_AUTHTYPE_SAE ||
8101 auth_type == NL80211_AUTHTYPE_FILS_SK ||
8102 auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
8103 auth_type == NL80211_AUTHTYPE_FILS_PK) &&
8104 !info->attrs[NL80211_ATTR_AUTH_DATA])
8105 return -EINVAL;
8106
8107 if (info->attrs[NL80211_ATTR_AUTH_DATA]) {
8108 if (auth_type != NL80211_AUTHTYPE_SAE &&
8109 auth_type != NL80211_AUTHTYPE_FILS_SK &&
8110 auth_type != NL80211_AUTHTYPE_FILS_SK_PFS &&
8111 auth_type != NL80211_AUTHTYPE_FILS_PK)
8112 return -EINVAL;
8113 auth_data = nla_data(info->attrs[NL80211_ATTR_AUTH_DATA]);
8114 auth_data_len = nla_len(info->attrs[NL80211_ATTR_AUTH_DATA]);
8115 /* need to include at least Auth Transaction and Status Code */
8116 if (auth_data_len < 4)
8117 return -EINVAL;
8118 }
8119
8120 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
8121
8122 /*
8123 * Since we no longer track auth state, ignore
8124 * requests to only change local state.
8125 */
8126 if (local_state_change)
8127 return 0;
8128
8129 wdev_lock(dev->ieee80211_ptr);
8130 err = cfg80211_mlme_auth(rdev, dev, chan, auth_type, bssid,
8131 ssid, ssid_len, ie, ie_len,
8132 key.p.key, key.p.key_len, key.idx,
8133 auth_data, auth_data_len);
8134 wdev_unlock(dev->ieee80211_ptr);
8135 return err;
8136 }
8137
8138 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
8139 struct genl_info *info,
8140 struct cfg80211_crypto_settings *settings,
8141 int cipher_limit)
8142 {
8143 memset(settings, 0, sizeof(*settings));
8144
8145 settings->control_port = info->attrs[NL80211_ATTR_CONTROL_PORT];
8146
8147 if (info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) {
8148 u16 proto;
8149
8150 proto = nla_get_u16(
8151 info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]);
8152 settings->control_port_ethertype = cpu_to_be16(proto);
8153 if (!(rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
8154 proto != ETH_P_PAE)
8155 return -EINVAL;
8156 if (info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT])
8157 settings->control_port_no_encrypt = true;
8158 } else
8159 settings->control_port_ethertype = cpu_to_be16(ETH_P_PAE);
8160
8161 if (info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]) {
8162 void *data;
8163 int len, i;
8164
8165 data = nla_data(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
8166 len = nla_len(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
8167 settings->n_ciphers_pairwise = len / sizeof(u32);
8168
8169 if (len % sizeof(u32))
8170 return -EINVAL;
8171
8172 if (settings->n_ciphers_pairwise > cipher_limit)
8173 return -EINVAL;
8174
8175 memcpy(settings->ciphers_pairwise, data, len);
8176
8177 for (i = 0; i < settings->n_ciphers_pairwise; i++)
8178 if (!cfg80211_supported_cipher_suite(
8179 &rdev->wiphy,
8180 settings->ciphers_pairwise[i]))
8181 return -EINVAL;
8182 }
8183
8184 if (info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]) {
8185 settings->cipher_group =
8186 nla_get_u32(info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]);
8187 if (!cfg80211_supported_cipher_suite(&rdev->wiphy,
8188 settings->cipher_group))
8189 return -EINVAL;
8190 }
8191
8192 if (info->attrs[NL80211_ATTR_WPA_VERSIONS]) {
8193 settings->wpa_versions =
8194 nla_get_u32(info->attrs[NL80211_ATTR_WPA_VERSIONS]);
8195 if (!nl80211_valid_wpa_versions(settings->wpa_versions))
8196 return -EINVAL;
8197 }
8198
8199 if (info->attrs[NL80211_ATTR_AKM_SUITES]) {
8200 void *data;
8201 int len;
8202
8203 data = nla_data(info->attrs[NL80211_ATTR_AKM_SUITES]);
8204 len = nla_len(info->attrs[NL80211_ATTR_AKM_SUITES]);
8205 settings->n_akm_suites = len / sizeof(u32);
8206
8207 if (len % sizeof(u32))
8208 return -EINVAL;
8209
8210 if (settings->n_akm_suites > NL80211_MAX_NR_AKM_SUITES)
8211 return -EINVAL;
8212
8213 memcpy(settings->akm_suites, data, len);
8214 }
8215
8216 if (info->attrs[NL80211_ATTR_PMK]) {
8217 if (nla_len(info->attrs[NL80211_ATTR_PMK]) != WLAN_PMK_LEN)
8218 return -EINVAL;
8219 if (!wiphy_ext_feature_isset(&rdev->wiphy,
8220 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_PSK))
8221 return -EINVAL;
8222 settings->psk = nla_data(info->attrs[NL80211_ATTR_PMK]);
8223 }
8224
8225 return 0;
8226 }
8227
8228 static int nl80211_associate(struct sk_buff *skb, struct genl_info *info)
8229 {
8230 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8231 struct net_device *dev = info->user_ptr[1];
8232 struct ieee80211_channel *chan;
8233 struct cfg80211_assoc_request req = {};
8234 const u8 *bssid, *ssid;
8235 int err, ssid_len = 0;
8236
8237 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
8238 return -EINVAL;
8239
8240 if (!info->attrs[NL80211_ATTR_MAC] ||
8241 !info->attrs[NL80211_ATTR_SSID] ||
8242 !info->attrs[NL80211_ATTR_WIPHY_FREQ])
8243 return -EINVAL;
8244
8245 if (!rdev->ops->assoc)
8246 return -EOPNOTSUPP;
8247
8248 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
8249 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
8250 return -EOPNOTSUPP;
8251
8252 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
8253
8254 chan = nl80211_get_valid_chan(&rdev->wiphy,
8255 info->attrs[NL80211_ATTR_WIPHY_FREQ]);
8256 if (!chan)
8257 return -EINVAL;
8258
8259 ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
8260 ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
8261
8262 if (info->attrs[NL80211_ATTR_IE]) {
8263 req.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
8264 req.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
8265 }
8266
8267 if (info->attrs[NL80211_ATTR_USE_MFP]) {
8268 enum nl80211_mfp mfp =
8269 nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
8270 if (mfp == NL80211_MFP_REQUIRED)
8271 req.use_mfp = true;
8272 else if (mfp != NL80211_MFP_NO)
8273 return -EINVAL;
8274 }
8275
8276 if (info->attrs[NL80211_ATTR_PREV_BSSID])
8277 req.prev_bssid = nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]);
8278
8279 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
8280 req.flags |= ASSOC_REQ_DISABLE_HT;
8281
8282 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
8283 memcpy(&req.ht_capa_mask,
8284 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
8285 sizeof(req.ht_capa_mask));
8286
8287 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
8288 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
8289 return -EINVAL;
8290 memcpy(&req.ht_capa,
8291 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
8292 sizeof(req.ht_capa));
8293 }
8294
8295 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT]))
8296 req.flags |= ASSOC_REQ_DISABLE_VHT;
8297
8298 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
8299 memcpy(&req.vht_capa_mask,
8300 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]),
8301 sizeof(req.vht_capa_mask));
8302
8303 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {
8304 if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
8305 return -EINVAL;
8306 memcpy(&req.vht_capa,
8307 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]),
8308 sizeof(req.vht_capa));
8309 }
8310
8311 if (nla_get_flag(info->attrs[NL80211_ATTR_USE_RRM])) {
8312 if (!((rdev->wiphy.features &
8313 NL80211_FEATURE_DS_PARAM_SET_IE_IN_PROBES) &&
8314 (rdev->wiphy.features & NL80211_FEATURE_QUIET)) &&
8315 !wiphy_ext_feature_isset(&rdev->wiphy,
8316 NL80211_EXT_FEATURE_RRM))
8317 return -EINVAL;
8318 req.flags |= ASSOC_REQ_USE_RRM;
8319 }
8320
8321 if (info->attrs[NL80211_ATTR_FILS_KEK]) {
8322 req.fils_kek = nla_data(info->attrs[NL80211_ATTR_FILS_KEK]);
8323 req.fils_kek_len = nla_len(info->attrs[NL80211_ATTR_FILS_KEK]);
8324 if (!info->attrs[NL80211_ATTR_FILS_NONCES])
8325 return -EINVAL;
8326 req.fils_nonces =
8327 nla_data(info->attrs[NL80211_ATTR_FILS_NONCES]);
8328 }
8329
8330 err = nl80211_crypto_settings(rdev, info, &req.crypto, 1);
8331 if (!err) {
8332 wdev_lock(dev->ieee80211_ptr);
8333
8334 err = cfg80211_mlme_assoc(rdev, dev, chan, bssid,
8335 ssid, ssid_len, &req);
8336
8337 if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
8338 dev->ieee80211_ptr->conn_owner_nlportid =
8339 info->snd_portid;
8340 memcpy(dev->ieee80211_ptr->disconnect_bssid,
8341 bssid, ETH_ALEN);
8342 }
8343
8344 wdev_unlock(dev->ieee80211_ptr);
8345 }
8346
8347 return err;
8348 }
8349
8350 static int nl80211_deauthenticate(struct sk_buff *skb, struct genl_info *info)
8351 {
8352 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8353 struct net_device *dev = info->user_ptr[1];
8354 const u8 *ie = NULL, *bssid;
8355 int ie_len = 0, err;
8356 u16 reason_code;
8357 bool local_state_change;
8358
8359 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
8360 return -EINVAL;
8361
8362 if (!info->attrs[NL80211_ATTR_MAC])
8363 return -EINVAL;
8364
8365 if (!info->attrs[NL80211_ATTR_REASON_CODE])
8366 return -EINVAL;
8367
8368 if (!rdev->ops->deauth)
8369 return -EOPNOTSUPP;
8370
8371 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
8372 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
8373 return -EOPNOTSUPP;
8374
8375 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
8376
8377 reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
8378 if (reason_code == 0) {
8379 /* Reason Code 0 is reserved */
8380 return -EINVAL;
8381 }
8382
8383 if (info->attrs[NL80211_ATTR_IE]) {
8384 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
8385 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
8386 }
8387
8388 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
8389
8390 wdev_lock(dev->ieee80211_ptr);
8391 err = cfg80211_mlme_deauth(rdev, dev, bssid, ie, ie_len, reason_code,
8392 local_state_change);
8393 wdev_unlock(dev->ieee80211_ptr);
8394 return err;
8395 }
8396
8397 static int nl80211_disassociate(struct sk_buff *skb, struct genl_info *info)
8398 {
8399 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8400 struct net_device *dev = info->user_ptr[1];
8401 const u8 *ie = NULL, *bssid;
8402 int ie_len = 0, err;
8403 u16 reason_code;
8404 bool local_state_change;
8405
8406 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
8407 return -EINVAL;
8408
8409 if (!info->attrs[NL80211_ATTR_MAC])
8410 return -EINVAL;
8411
8412 if (!info->attrs[NL80211_ATTR_REASON_CODE])
8413 return -EINVAL;
8414
8415 if (!rdev->ops->disassoc)
8416 return -EOPNOTSUPP;
8417
8418 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
8419 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
8420 return -EOPNOTSUPP;
8421
8422 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
8423
8424 reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
8425 if (reason_code == 0) {
8426 /* Reason Code 0 is reserved */
8427 return -EINVAL;
8428 }
8429
8430 if (info->attrs[NL80211_ATTR_IE]) {
8431 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
8432 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
8433 }
8434
8435 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
8436
8437 wdev_lock(dev->ieee80211_ptr);
8438 err = cfg80211_mlme_disassoc(rdev, dev, bssid, ie, ie_len, reason_code,
8439 local_state_change);
8440 wdev_unlock(dev->ieee80211_ptr);
8441 return err;
8442 }
8443
8444 static bool
8445 nl80211_parse_mcast_rate(struct cfg80211_registered_device *rdev,
8446 int mcast_rate[NUM_NL80211_BANDS],
8447 int rateval)
8448 {
8449 struct wiphy *wiphy = &rdev->wiphy;
8450 bool found = false;
8451 int band, i;
8452
8453 for (band = 0; band < NUM_NL80211_BANDS; band++) {
8454 struct ieee80211_supported_band *sband;
8455
8456 sband = wiphy->bands[band];
8457 if (!sband)
8458 continue;
8459
8460 for (i = 0; i < sband->n_bitrates; i++) {
8461 if (sband->bitrates[i].bitrate == rateval) {
8462 mcast_rate[band] = i + 1;
8463 found = true;
8464 break;
8465 }
8466 }
8467 }
8468
8469 return found;
8470 }
8471
8472 static int nl80211_join_ibss(struct sk_buff *skb, struct genl_info *info)
8473 {
8474 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8475 struct net_device *dev = info->user_ptr[1];
8476 struct cfg80211_ibss_params ibss;
8477 struct wiphy *wiphy;
8478 struct cfg80211_cached_keys *connkeys = NULL;
8479 int err;
8480
8481 memset(&ibss, 0, sizeof(ibss));
8482
8483 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
8484 return -EINVAL;
8485
8486 if (!info->attrs[NL80211_ATTR_SSID] ||
8487 !nla_len(info->attrs[NL80211_ATTR_SSID]))
8488 return -EINVAL;
8489
8490 ibss.beacon_interval = 100;
8491
8492 if (info->attrs[NL80211_ATTR_BEACON_INTERVAL])
8493 ibss.beacon_interval =
8494 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
8495
8496 err = cfg80211_validate_beacon_int(rdev, NL80211_IFTYPE_ADHOC,
8497 ibss.beacon_interval);
8498 if (err)
8499 return err;
8500
8501 if (!rdev->ops->join_ibss)
8502 return -EOPNOTSUPP;
8503
8504 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
8505 return -EOPNOTSUPP;
8506
8507 wiphy = &rdev->wiphy;
8508
8509 if (info->attrs[NL80211_ATTR_MAC]) {
8510 ibss.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
8511
8512 if (!is_valid_ether_addr(ibss.bssid))
8513 return -EINVAL;
8514 }
8515 ibss.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
8516 ibss.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
8517
8518 if (info->attrs[NL80211_ATTR_IE]) {
8519 ibss.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
8520 ibss.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
8521 }
8522
8523 err = nl80211_parse_chandef(rdev, info, &ibss.chandef);
8524 if (err)
8525 return err;
8526
8527 if (!cfg80211_reg_can_beacon(&rdev->wiphy, &ibss.chandef,
8528 NL80211_IFTYPE_ADHOC))
8529 return -EINVAL;
8530
8531 switch (ibss.chandef.width) {
8532 case NL80211_CHAN_WIDTH_5:
8533 case NL80211_CHAN_WIDTH_10:
8534 case NL80211_CHAN_WIDTH_20_NOHT:
8535 break;
8536 case NL80211_CHAN_WIDTH_20:
8537 case NL80211_CHAN_WIDTH_40:
8538 if (!(rdev->wiphy.features & NL80211_FEATURE_HT_IBSS))
8539 return -EINVAL;
8540 break;
8541 case NL80211_CHAN_WIDTH_80:
8542 case NL80211_CHAN_WIDTH_80P80:
8543 case NL80211_CHAN_WIDTH_160:
8544 if (!(rdev->wiphy.features & NL80211_FEATURE_HT_IBSS))
8545 return -EINVAL;
8546 if (!wiphy_ext_feature_isset(&rdev->wiphy,
8547 NL80211_EXT_FEATURE_VHT_IBSS))
8548 return -EINVAL;
8549 break;
8550 default:
8551 return -EINVAL;
8552 }
8553
8554 ibss.channel_fixed = !!info->attrs[NL80211_ATTR_FREQ_FIXED];
8555 ibss.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
8556
8557 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
8558 u8 *rates =
8559 nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
8560 int n_rates =
8561 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
8562 struct ieee80211_supported_band *sband =
8563 wiphy->bands[ibss.chandef.chan->band];
8564
8565 err = ieee80211_get_ratemask(sband, rates, n_rates,
8566 &ibss.basic_rates);
8567 if (err)
8568 return err;
8569 }
8570
8571 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
8572 memcpy(&ibss.ht_capa_mask,
8573 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
8574 sizeof(ibss.ht_capa_mask));
8575
8576 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
8577 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
8578 return -EINVAL;
8579 memcpy(&ibss.ht_capa,
8580 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
8581 sizeof(ibss.ht_capa));
8582 }
8583
8584 if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
8585 !nl80211_parse_mcast_rate(rdev, ibss.mcast_rate,
8586 nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
8587 return -EINVAL;
8588
8589 if (ibss.privacy && info->attrs[NL80211_ATTR_KEYS]) {
8590 bool no_ht = false;
8591
8592 connkeys = nl80211_parse_connkeys(rdev,
8593 info->attrs[NL80211_ATTR_KEYS],
8594 &no_ht);
8595 if (IS_ERR(connkeys))
8596 return PTR_ERR(connkeys);
8597
8598 if ((ibss.chandef.width != NL80211_CHAN_WIDTH_20_NOHT) &&
8599 no_ht) {
8600 kzfree(connkeys);
8601 return -EINVAL;
8602 }
8603 }
8604
8605 ibss.control_port =
8606 nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT]);
8607
8608 ibss.userspace_handles_dfs =
8609 nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS]);
8610
8611 err = cfg80211_join_ibss(rdev, dev, &ibss, connkeys);
8612 if (err)
8613 kzfree(connkeys);
8614 return err;
8615 }
8616
8617 static int nl80211_leave_ibss(struct sk_buff *skb, struct genl_info *info)
8618 {
8619 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8620 struct net_device *dev = info->user_ptr[1];
8621
8622 if (!rdev->ops->leave_ibss)
8623 return -EOPNOTSUPP;
8624
8625 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
8626 return -EOPNOTSUPP;
8627
8628 return cfg80211_leave_ibss(rdev, dev, false);
8629 }
8630
8631 static int nl80211_set_mcast_rate(struct sk_buff *skb, struct genl_info *info)
8632 {
8633 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8634 struct net_device *dev = info->user_ptr[1];
8635 int mcast_rate[NUM_NL80211_BANDS];
8636 u32 nla_rate;
8637 int err;
8638
8639 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC &&
8640 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
8641 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_OCB)
8642 return -EOPNOTSUPP;
8643
8644 if (!rdev->ops->set_mcast_rate)
8645 return -EOPNOTSUPP;
8646
8647 memset(mcast_rate, 0, sizeof(mcast_rate));
8648
8649 if (!info->attrs[NL80211_ATTR_MCAST_RATE])
8650 return -EINVAL;
8651
8652 nla_rate = nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE]);
8653 if (!nl80211_parse_mcast_rate(rdev, mcast_rate, nla_rate))
8654 return -EINVAL;
8655
8656 err = rdev_set_mcast_rate(rdev, dev, mcast_rate);
8657
8658 return err;
8659 }
8660
8661 static struct sk_buff *
8662 __cfg80211_alloc_vendor_skb(struct cfg80211_registered_device *rdev,
8663 struct wireless_dev *wdev, int approxlen,
8664 u32 portid, u32 seq, enum nl80211_commands cmd,
8665 enum nl80211_attrs attr,
8666 const struct nl80211_vendor_cmd_info *info,
8667 gfp_t gfp)
8668 {
8669 struct sk_buff *skb;
8670 void *hdr;
8671 struct nlattr *data;
8672
8673 skb = nlmsg_new(approxlen + 100, gfp);
8674 if (!skb)
8675 return NULL;
8676
8677 hdr = nl80211hdr_put(skb, portid, seq, 0, cmd);
8678 if (!hdr) {
8679 kfree_skb(skb);
8680 return NULL;
8681 }
8682
8683 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
8684 goto nla_put_failure;
8685
8686 if (info) {
8687 if (nla_put_u32(skb, NL80211_ATTR_VENDOR_ID,
8688 info->vendor_id))
8689 goto nla_put_failure;
8690 if (nla_put_u32(skb, NL80211_ATTR_VENDOR_SUBCMD,
8691 info->subcmd))
8692 goto nla_put_failure;
8693 }
8694
8695 if (wdev) {
8696 if (nla_put_u64_64bit(skb, NL80211_ATTR_WDEV,
8697 wdev_id(wdev), NL80211_ATTR_PAD))
8698 goto nla_put_failure;
8699 if (wdev->netdev &&
8700 nla_put_u32(skb, NL80211_ATTR_IFINDEX,
8701 wdev->netdev->ifindex))
8702 goto nla_put_failure;
8703 }
8704
8705 data = nla_nest_start(skb, attr);
8706 if (!data)
8707 goto nla_put_failure;
8708
8709 ((void **)skb->cb)[0] = rdev;
8710 ((void **)skb->cb)[1] = hdr;
8711 ((void **)skb->cb)[2] = data;
8712
8713 return skb;
8714
8715 nla_put_failure:
8716 kfree_skb(skb);
8717 return NULL;
8718 }
8719
8720 struct sk_buff *__cfg80211_alloc_event_skb(struct wiphy *wiphy,
8721 struct wireless_dev *wdev,
8722 enum nl80211_commands cmd,
8723 enum nl80211_attrs attr,
8724 int vendor_event_idx,
8725 int approxlen, gfp_t gfp)
8726 {
8727 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
8728 const struct nl80211_vendor_cmd_info *info;
8729
8730 switch (cmd) {
8731 case NL80211_CMD_TESTMODE:
8732 if (WARN_ON(vendor_event_idx != -1))
8733 return NULL;
8734 info = NULL;
8735 break;
8736 case NL80211_CMD_VENDOR:
8737 if (WARN_ON(vendor_event_idx < 0 ||
8738 vendor_event_idx >= wiphy->n_vendor_events))
8739 return NULL;
8740 info = &wiphy->vendor_events[vendor_event_idx];
8741 break;
8742 default:
8743 WARN_ON(1);
8744 return NULL;
8745 }
8746
8747 return __cfg80211_alloc_vendor_skb(rdev, wdev, approxlen, 0, 0,
8748 cmd, attr, info, gfp);
8749 }
8750 EXPORT_SYMBOL(__cfg80211_alloc_event_skb);
8751
8752 void __cfg80211_send_event_skb(struct sk_buff *skb, gfp_t gfp)
8753 {
8754 struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
8755 void *hdr = ((void **)skb->cb)[1];
8756 struct nlattr *data = ((void **)skb->cb)[2];
8757 enum nl80211_multicast_groups mcgrp = NL80211_MCGRP_TESTMODE;
8758
8759 /* clear CB data for netlink core to own from now on */
8760 memset(skb->cb, 0, sizeof(skb->cb));
8761
8762 nla_nest_end(skb, data);
8763 genlmsg_end(skb, hdr);
8764
8765 if (data->nla_type == NL80211_ATTR_VENDOR_DATA)
8766 mcgrp = NL80211_MCGRP_VENDOR;
8767
8768 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), skb, 0,
8769 mcgrp, gfp);
8770 }
8771 EXPORT_SYMBOL(__cfg80211_send_event_skb);
8772
8773 #ifdef CONFIG_NL80211_TESTMODE
8774 static int nl80211_testmode_do(struct sk_buff *skb, struct genl_info *info)
8775 {
8776 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8777 struct wireless_dev *wdev =
8778 __cfg80211_wdev_from_attrs(genl_info_net(info), info->attrs);
8779 int err;
8780
8781 if (!rdev->ops->testmode_cmd)
8782 return -EOPNOTSUPP;
8783
8784 if (IS_ERR(wdev)) {
8785 err = PTR_ERR(wdev);
8786 if (err != -EINVAL)
8787 return err;
8788 wdev = NULL;
8789 } else if (wdev->wiphy != &rdev->wiphy) {
8790 return -EINVAL;
8791 }
8792
8793 if (!info->attrs[NL80211_ATTR_TESTDATA])
8794 return -EINVAL;
8795
8796 rdev->cur_cmd_info = info;
8797 err = rdev_testmode_cmd(rdev, wdev,
8798 nla_data(info->attrs[NL80211_ATTR_TESTDATA]),
8799 nla_len(info->attrs[NL80211_ATTR_TESTDATA]));
8800 rdev->cur_cmd_info = NULL;
8801
8802 return err;
8803 }
8804
8805 static int nl80211_testmode_dump(struct sk_buff *skb,
8806 struct netlink_callback *cb)
8807 {
8808 struct cfg80211_registered_device *rdev;
8809 int err;
8810 long phy_idx;
8811 void *data = NULL;
8812 int data_len = 0;
8813
8814 rtnl_lock();
8815
8816 if (cb->args[0]) {
8817 /*
8818 * 0 is a valid index, but not valid for args[0],
8819 * so we need to offset by 1.
8820 */
8821 phy_idx = cb->args[0] - 1;
8822
8823 rdev = cfg80211_rdev_by_wiphy_idx(phy_idx);
8824 if (!rdev) {
8825 err = -ENOENT;
8826 goto out_err;
8827 }
8828 } else {
8829 struct nlattr **attrbuf = genl_family_attrbuf(&nl80211_fam);
8830
8831 err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
8832 attrbuf, nl80211_fam.maxattr,
8833 nl80211_policy, NULL);
8834 if (err)
8835 goto out_err;
8836
8837 rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk), attrbuf);
8838 if (IS_ERR(rdev)) {
8839 err = PTR_ERR(rdev);
8840 goto out_err;
8841 }
8842 phy_idx = rdev->wiphy_idx;
8843
8844 if (attrbuf[NL80211_ATTR_TESTDATA])
8845 cb->args[1] = (long)attrbuf[NL80211_ATTR_TESTDATA];
8846 }
8847
8848 if (cb->args[1]) {
8849 data = nla_data((void *)cb->args[1]);
8850 data_len = nla_len((void *)cb->args[1]);
8851 }
8852
8853 if (!rdev->ops->testmode_dump) {
8854 err = -EOPNOTSUPP;
8855 goto out_err;
8856 }
8857
8858 while (1) {
8859 void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid,
8860 cb->nlh->nlmsg_seq, NLM_F_MULTI,
8861 NL80211_CMD_TESTMODE);
8862 struct nlattr *tmdata;
8863
8864 if (!hdr)
8865 break;
8866
8867 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, phy_idx)) {
8868 genlmsg_cancel(skb, hdr);
8869 break;
8870 }
8871
8872 tmdata = nla_nest_start(skb, NL80211_ATTR_TESTDATA);
8873 if (!tmdata) {
8874 genlmsg_cancel(skb, hdr);
8875 break;
8876 }
8877 err = rdev_testmode_dump(rdev, skb, cb, data, data_len);
8878 nla_nest_end(skb, tmdata);
8879
8880 if (err == -ENOBUFS || err == -ENOENT) {
8881 genlmsg_cancel(skb, hdr);
8882 break;
8883 } else if (err) {
8884 genlmsg_cancel(skb, hdr);
8885 goto out_err;
8886 }
8887
8888 genlmsg_end(skb, hdr);
8889 }
8890
8891 err = skb->len;
8892 /* see above */
8893 cb->args[0] = phy_idx + 1;
8894 out_err:
8895 rtnl_unlock();
8896 return err;
8897 }
8898 #endif
8899
8900 static int nl80211_connect(struct sk_buff *skb, struct genl_info *info)
8901 {
8902 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8903 struct net_device *dev = info->user_ptr[1];
8904 struct cfg80211_connect_params connect;
8905 struct wiphy *wiphy;
8906 struct cfg80211_cached_keys *connkeys = NULL;
8907 int err;
8908
8909 memset(&connect, 0, sizeof(connect));
8910
8911 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
8912 return -EINVAL;
8913
8914 if (!info->attrs[NL80211_ATTR_SSID] ||
8915 !nla_len(info->attrs[NL80211_ATTR_SSID]))
8916 return -EINVAL;
8917
8918 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
8919 connect.auth_type =
8920 nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
8921 if (!nl80211_valid_auth_type(rdev, connect.auth_type,
8922 NL80211_CMD_CONNECT))
8923 return -EINVAL;
8924 } else
8925 connect.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
8926
8927 connect.privacy = info->attrs[NL80211_ATTR_PRIVACY];
8928
8929 if (info->attrs[NL80211_ATTR_WANT_1X_4WAY_HS] &&
8930 !wiphy_ext_feature_isset(&rdev->wiphy,
8931 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
8932 return -EINVAL;
8933 connect.want_1x = info->attrs[NL80211_ATTR_WANT_1X_4WAY_HS];
8934
8935 err = nl80211_crypto_settings(rdev, info, &connect.crypto,
8936 NL80211_MAX_NR_CIPHER_SUITES);
8937 if (err)
8938 return err;
8939
8940 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
8941 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
8942 return -EOPNOTSUPP;
8943
8944 wiphy = &rdev->wiphy;
8945
8946 connect.bg_scan_period = -1;
8947 if (info->attrs[NL80211_ATTR_BG_SCAN_PERIOD] &&
8948 (wiphy->flags & WIPHY_FLAG_SUPPORTS_FW_ROAM)) {
8949 connect.bg_scan_period =
8950 nla_get_u16(info->attrs[NL80211_ATTR_BG_SCAN_PERIOD]);
8951 }
8952
8953 if (info->attrs[NL80211_ATTR_MAC])
8954 connect.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
8955 else if (info->attrs[NL80211_ATTR_MAC_HINT])
8956 connect.bssid_hint =
8957 nla_data(info->attrs[NL80211_ATTR_MAC_HINT]);
8958 connect.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
8959 connect.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
8960
8961 if (info->attrs[NL80211_ATTR_IE]) {
8962 connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
8963 connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
8964 }
8965
8966 if (info->attrs[NL80211_ATTR_USE_MFP]) {
8967 connect.mfp = nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
8968 if (connect.mfp != NL80211_MFP_REQUIRED &&
8969 connect.mfp != NL80211_MFP_NO)
8970 return -EINVAL;
8971 } else {
8972 connect.mfp = NL80211_MFP_NO;
8973 }
8974
8975 if (info->attrs[NL80211_ATTR_PREV_BSSID])
8976 connect.prev_bssid =
8977 nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]);
8978
8979 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
8980 connect.channel = nl80211_get_valid_chan(
8981 wiphy, info->attrs[NL80211_ATTR_WIPHY_FREQ]);
8982 if (!connect.channel)
8983 return -EINVAL;
8984 } else if (info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]) {
8985 connect.channel_hint = nl80211_get_valid_chan(
8986 wiphy, info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]);
8987 if (!connect.channel_hint)
8988 return -EINVAL;
8989 }
8990
8991 if (connect.privacy && info->attrs[NL80211_ATTR_KEYS]) {
8992 connkeys = nl80211_parse_connkeys(rdev,
8993 info->attrs[NL80211_ATTR_KEYS], NULL);
8994 if (IS_ERR(connkeys))
8995 return PTR_ERR(connkeys);
8996 }
8997
8998 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
8999 connect.flags |= ASSOC_REQ_DISABLE_HT;
9000
9001 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
9002 memcpy(&connect.ht_capa_mask,
9003 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
9004 sizeof(connect.ht_capa_mask));
9005
9006 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
9007 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) {
9008 kzfree(connkeys);
9009 return -EINVAL;
9010 }
9011 memcpy(&connect.ht_capa,
9012 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
9013 sizeof(connect.ht_capa));
9014 }
9015
9016 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT]))
9017 connect.flags |= ASSOC_REQ_DISABLE_VHT;
9018
9019 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
9020 memcpy(&connect.vht_capa_mask,
9021 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]),
9022 sizeof(connect.vht_capa_mask));
9023
9024 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {
9025 if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]) {
9026 kzfree(connkeys);
9027 return -EINVAL;
9028 }
9029 memcpy(&connect.vht_capa,
9030 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]),
9031 sizeof(connect.vht_capa));
9032 }
9033
9034 if (nla_get_flag(info->attrs[NL80211_ATTR_USE_RRM])) {
9035 if (!((rdev->wiphy.features &
9036 NL80211_FEATURE_DS_PARAM_SET_IE_IN_PROBES) &&
9037 (rdev->wiphy.features & NL80211_FEATURE_QUIET)) &&
9038 !wiphy_ext_feature_isset(&rdev->wiphy,
9039 NL80211_EXT_FEATURE_RRM)) {
9040 kzfree(connkeys);
9041 return -EINVAL;
9042 }
9043 connect.flags |= ASSOC_REQ_USE_RRM;
9044 }
9045
9046 connect.pbss = nla_get_flag(info->attrs[NL80211_ATTR_PBSS]);
9047 if (connect.pbss && !rdev->wiphy.bands[NL80211_BAND_60GHZ]) {
9048 kzfree(connkeys);
9049 return -EOPNOTSUPP;
9050 }
9051
9052 if (info->attrs[NL80211_ATTR_BSS_SELECT]) {
9053 /* bss selection makes no sense if bssid is set */
9054 if (connect.bssid) {
9055 kzfree(connkeys);
9056 return -EINVAL;
9057 }
9058
9059 err = parse_bss_select(info->attrs[NL80211_ATTR_BSS_SELECT],
9060 wiphy, &connect.bss_select);
9061 if (err) {
9062 kzfree(connkeys);
9063 return err;
9064 }
9065 }
9066
9067 if (wiphy_ext_feature_isset(&rdev->wiphy,
9068 NL80211_EXT_FEATURE_FILS_SK_OFFLOAD) &&
9069 info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] &&
9070 info->attrs[NL80211_ATTR_FILS_ERP_REALM] &&
9071 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] &&
9072 info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
9073 connect.fils_erp_username =
9074 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
9075 connect.fils_erp_username_len =
9076 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
9077 connect.fils_erp_realm =
9078 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
9079 connect.fils_erp_realm_len =
9080 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
9081 connect.fils_erp_next_seq_num =
9082 nla_get_u16(
9083 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM]);
9084 connect.fils_erp_rrk =
9085 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
9086 connect.fils_erp_rrk_len =
9087 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
9088 } else if (info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] ||
9089 info->attrs[NL80211_ATTR_FILS_ERP_REALM] ||
9090 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] ||
9091 info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
9092 kzfree(connkeys);
9093 return -EINVAL;
9094 }
9095 #ifdef CONFIG_CFG80211_SLSI_SAE
9096 if (nla_get_flag(info->attrs[NL80211_ATTR_EXTERNAL_AUTH_SUPPORT]))
9097 connect.flags |= CONNECT_REQ_EXTERNAL_AUTH_SUPPORT;
9098 #endif
9099 wdev_lock(dev->ieee80211_ptr);
9100
9101 err = cfg80211_connect(rdev, dev, &connect, connkeys,
9102 connect.prev_bssid);
9103 if (err)
9104 kzfree(connkeys);
9105
9106 if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
9107 dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid;
9108 if (connect.bssid)
9109 memcpy(dev->ieee80211_ptr->disconnect_bssid,
9110 connect.bssid, ETH_ALEN);
9111 else
9112 memset(dev->ieee80211_ptr->disconnect_bssid,
9113 0, ETH_ALEN);
9114 }
9115
9116 wdev_unlock(dev->ieee80211_ptr);
9117
9118 return err;
9119 }
9120
9121 static int nl80211_update_connect_params(struct sk_buff *skb,
9122 struct genl_info *info)
9123 {
9124 struct cfg80211_connect_params connect = {};
9125 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9126 struct net_device *dev = info->user_ptr[1];
9127 struct wireless_dev *wdev = dev->ieee80211_ptr;
9128 u32 changed = 0;
9129 int ret;
9130
9131 if (!rdev->ops->update_connect_params)
9132 return -EOPNOTSUPP;
9133
9134 if (info->attrs[NL80211_ATTR_IE]) {
9135 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
9136 return -EINVAL;
9137 connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
9138 connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
9139 changed |= UPDATE_ASSOC_IES;
9140 }
9141
9142 wdev_lock(dev->ieee80211_ptr);
9143 if (!wdev->current_bss)
9144 ret = -ENOLINK;
9145 else
9146 ret = rdev_update_connect_params(rdev, dev, &connect, changed);
9147 wdev_unlock(dev->ieee80211_ptr);
9148
9149 return ret;
9150 }
9151
9152 static int nl80211_disconnect(struct sk_buff *skb, struct genl_info *info)
9153 {
9154 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9155 struct net_device *dev = info->user_ptr[1];
9156 u16 reason;
9157 int ret;
9158
9159 if (!info->attrs[NL80211_ATTR_REASON_CODE])
9160 reason = WLAN_REASON_DEAUTH_LEAVING;
9161 else
9162 reason = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
9163
9164 if (reason == 0)
9165 return -EINVAL;
9166
9167 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
9168 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
9169 return -EOPNOTSUPP;
9170
9171 wdev_lock(dev->ieee80211_ptr);
9172 ret = cfg80211_disconnect(rdev, dev, reason, true);
9173 wdev_unlock(dev->ieee80211_ptr);
9174 return ret;
9175 }
9176
9177 static int nl80211_wiphy_netns(struct sk_buff *skb, struct genl_info *info)
9178 {
9179 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9180 struct net *net;
9181 int err;
9182
9183 if (info->attrs[NL80211_ATTR_PID]) {
9184 u32 pid = nla_get_u32(info->attrs[NL80211_ATTR_PID]);
9185
9186 net = get_net_ns_by_pid(pid);
9187 } else if (info->attrs[NL80211_ATTR_NETNS_FD]) {
9188 u32 fd = nla_get_u32(info->attrs[NL80211_ATTR_NETNS_FD]);
9189
9190 net = get_net_ns_by_fd(fd);
9191 } else {
9192 return -EINVAL;
9193 }
9194
9195 if (IS_ERR(net))
9196 return PTR_ERR(net);
9197
9198 err = 0;
9199
9200 /* check if anything to do */
9201 if (!net_eq(wiphy_net(&rdev->wiphy), net))
9202 err = cfg80211_switch_netns(rdev, net);
9203
9204 put_net(net);
9205 return err;
9206 }
9207
9208 static int nl80211_setdel_pmksa(struct sk_buff *skb, struct genl_info *info)
9209 {
9210 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9211 int (*rdev_ops)(struct wiphy *wiphy, struct net_device *dev,
9212 struct cfg80211_pmksa *pmksa) = NULL;
9213 struct net_device *dev = info->user_ptr[1];
9214 struct cfg80211_pmksa pmksa;
9215
9216 memset(&pmksa, 0, sizeof(struct cfg80211_pmksa));
9217
9218 if (!info->attrs[NL80211_ATTR_PMKID])
9219 return -EINVAL;
9220
9221 pmksa.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]);
9222
9223 if (info->attrs[NL80211_ATTR_MAC]) {
9224 pmksa.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
9225 } else if (info->attrs[NL80211_ATTR_SSID] &&
9226 info->attrs[NL80211_ATTR_FILS_CACHE_ID] &&
9227 (info->genlhdr->cmd == NL80211_CMD_DEL_PMKSA ||
9228 info->attrs[NL80211_ATTR_PMK])) {
9229 pmksa.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
9230 pmksa.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
9231 pmksa.cache_id =
9232 nla_data(info->attrs[NL80211_ATTR_FILS_CACHE_ID]);
9233 } else {
9234 return -EINVAL;
9235 }
9236 if (info->attrs[NL80211_ATTR_PMK]) {
9237 pmksa.pmk = nla_data(info->attrs[NL80211_ATTR_PMK]);
9238 pmksa.pmk_len = nla_len(info->attrs[NL80211_ATTR_PMK]);
9239 }
9240
9241 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
9242 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
9243 return -EOPNOTSUPP;
9244
9245 switch (info->genlhdr->cmd) {
9246 case NL80211_CMD_SET_PMKSA:
9247 rdev_ops = rdev->ops->set_pmksa;
9248 break;
9249 case NL80211_CMD_DEL_PMKSA:
9250 rdev_ops = rdev->ops->del_pmksa;
9251 break;
9252 default:
9253 WARN_ON(1);
9254 break;
9255 }
9256
9257 if (!rdev_ops)
9258 return -EOPNOTSUPP;
9259
9260 return rdev_ops(&rdev->wiphy, dev, &pmksa);
9261 }
9262
9263 static int nl80211_flush_pmksa(struct sk_buff *skb, struct genl_info *info)
9264 {
9265 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9266 struct net_device *dev = info->user_ptr[1];
9267
9268 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
9269 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
9270 return -EOPNOTSUPP;
9271
9272 if (!rdev->ops->flush_pmksa)
9273 return -EOPNOTSUPP;
9274
9275 return rdev_flush_pmksa(rdev, dev);
9276 }
9277
9278 static int nl80211_tdls_mgmt(struct sk_buff *skb, struct genl_info *info)
9279 {
9280 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9281 struct net_device *dev = info->user_ptr[1];
9282 u8 action_code, dialog_token;
9283 u32 peer_capability = 0;
9284 u16 status_code;
9285 u8 *peer;
9286 bool initiator;
9287
9288 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
9289 !rdev->ops->tdls_mgmt)
9290 return -EOPNOTSUPP;
9291
9292 if (!info->attrs[NL80211_ATTR_TDLS_ACTION] ||
9293 !info->attrs[NL80211_ATTR_STATUS_CODE] ||
9294 !info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN] ||
9295 !info->attrs[NL80211_ATTR_IE] ||
9296 !info->attrs[NL80211_ATTR_MAC])
9297 return -EINVAL;
9298
9299 peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
9300 action_code = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_ACTION]);
9301 status_code = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
9302 dialog_token = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN]);
9303 initiator = nla_get_flag(info->attrs[NL80211_ATTR_TDLS_INITIATOR]);
9304 if (info->attrs[NL80211_ATTR_TDLS_PEER_CAPABILITY])
9305 peer_capability =
9306 nla_get_u32(info->attrs[NL80211_ATTR_TDLS_PEER_CAPABILITY]);
9307
9308 return rdev_tdls_mgmt(rdev, dev, peer, action_code,
9309 dialog_token, status_code, peer_capability,
9310 initiator,
9311 nla_data(info->attrs[NL80211_ATTR_IE]),
9312 nla_len(info->attrs[NL80211_ATTR_IE]));
9313 }
9314
9315 static int nl80211_tdls_oper(struct sk_buff *skb, struct genl_info *info)
9316 {
9317 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9318 struct net_device *dev = info->user_ptr[1];
9319 enum nl80211_tdls_operation operation;
9320 u8 *peer;
9321
9322 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
9323 !rdev->ops->tdls_oper)
9324 return -EOPNOTSUPP;
9325
9326 if (!info->attrs[NL80211_ATTR_TDLS_OPERATION] ||
9327 !info->attrs[NL80211_ATTR_MAC])
9328 return -EINVAL;
9329
9330 operation = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_OPERATION]);
9331 peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
9332
9333 return rdev_tdls_oper(rdev, dev, peer, operation);
9334 }
9335
9336 static int nl80211_remain_on_channel(struct sk_buff *skb,
9337 struct genl_info *info)
9338 {
9339 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9340 struct wireless_dev *wdev = info->user_ptr[1];
9341 struct cfg80211_chan_def chandef;
9342 const struct cfg80211_chan_def *compat_chandef;
9343 struct sk_buff *msg;
9344 void *hdr;
9345 u64 cookie;
9346 u32 duration;
9347 int err;
9348
9349 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
9350 !info->attrs[NL80211_ATTR_DURATION])
9351 return -EINVAL;
9352
9353 duration = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
9354
9355 if (!rdev->ops->remain_on_channel ||
9356 !(rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL))
9357 return -EOPNOTSUPP;
9358
9359 /*
9360 * We should be on that channel for at least a minimum amount of
9361 * time (10ms) but no longer than the driver supports.
9362 */
9363 if (duration < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
9364 duration > rdev->wiphy.max_remain_on_channel_duration)
9365 return -EINVAL;
9366
9367 err = nl80211_parse_chandef(rdev, info, &chandef);
9368 if (err)
9369 return err;
9370
9371 wdev_lock(wdev);
9372 if (!cfg80211_off_channel_oper_allowed(wdev) &&
9373 !cfg80211_chandef_identical(&wdev->chandef, &chandef)) {
9374 compat_chandef = cfg80211_chandef_compatible(&wdev->chandef,
9375 &chandef);
9376 if (compat_chandef != &chandef) {
9377 wdev_unlock(wdev);
9378 return -EBUSY;
9379 }
9380 }
9381 wdev_unlock(wdev);
9382
9383 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
9384 if (!msg)
9385 return -ENOMEM;
9386
9387 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
9388 NL80211_CMD_REMAIN_ON_CHANNEL);
9389 if (!hdr) {
9390 err = -ENOBUFS;
9391 goto free_msg;
9392 }
9393
9394 err = rdev_remain_on_channel(rdev, wdev, chandef.chan,
9395 duration, &cookie);
9396
9397 if (err)
9398 goto free_msg;
9399
9400 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
9401 NL80211_ATTR_PAD))
9402 goto nla_put_failure;
9403
9404 genlmsg_end(msg, hdr);
9405
9406 return genlmsg_reply(msg, info);
9407
9408 nla_put_failure:
9409 err = -ENOBUFS;
9410 free_msg:
9411 nlmsg_free(msg);
9412 return err;
9413 }
9414
9415 static int nl80211_cancel_remain_on_channel(struct sk_buff *skb,
9416 struct genl_info *info)
9417 {
9418 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9419 struct wireless_dev *wdev = info->user_ptr[1];
9420 u64 cookie;
9421
9422 if (!info->attrs[NL80211_ATTR_COOKIE])
9423 return -EINVAL;
9424
9425 if (!rdev->ops->cancel_remain_on_channel)
9426 return -EOPNOTSUPP;
9427
9428 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
9429
9430 return rdev_cancel_remain_on_channel(rdev, wdev, cookie);
9431 }
9432
9433 static int nl80211_set_tx_bitrate_mask(struct sk_buff *skb,
9434 struct genl_info *info)
9435 {
9436 struct cfg80211_bitrate_mask mask;
9437 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9438 struct net_device *dev = info->user_ptr[1];
9439 int err;
9440
9441 if (!rdev->ops->set_bitrate_mask)
9442 return -EOPNOTSUPP;
9443
9444 err = nl80211_parse_tx_bitrate_mask(info, &mask);
9445 if (err)
9446 return err;
9447
9448 return rdev_set_bitrate_mask(rdev, dev, NULL, &mask);
9449 }
9450
9451 static int nl80211_register_mgmt(struct sk_buff *skb, struct genl_info *info)
9452 {
9453 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9454 struct wireless_dev *wdev = info->user_ptr[1];
9455 u16 frame_type = IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_ACTION;
9456
9457 if (!info->attrs[NL80211_ATTR_FRAME_MATCH])
9458 return -EINVAL;
9459
9460 if (info->attrs[NL80211_ATTR_FRAME_TYPE])
9461 frame_type = nla_get_u16(info->attrs[NL80211_ATTR_FRAME_TYPE]);
9462
9463 switch (wdev->iftype) {
9464 case NL80211_IFTYPE_STATION:
9465 case NL80211_IFTYPE_ADHOC:
9466 case NL80211_IFTYPE_P2P_CLIENT:
9467 case NL80211_IFTYPE_AP:
9468 case NL80211_IFTYPE_AP_VLAN:
9469 case NL80211_IFTYPE_MESH_POINT:
9470 case NL80211_IFTYPE_P2P_GO:
9471 case NL80211_IFTYPE_P2P_DEVICE:
9472 break;
9473 case NL80211_IFTYPE_NAN:
9474 default:
9475 return -EOPNOTSUPP;
9476 }
9477
9478 /* not much point in registering if we can't reply */
9479 if (!rdev->ops->mgmt_tx)
9480 return -EOPNOTSUPP;
9481
9482 return cfg80211_mlme_register_mgmt(wdev, info->snd_portid, frame_type,
9483 nla_data(info->attrs[NL80211_ATTR_FRAME_MATCH]),
9484 nla_len(info->attrs[NL80211_ATTR_FRAME_MATCH]));
9485 }
9486
9487 static int nl80211_tx_mgmt(struct sk_buff *skb, struct genl_info *info)
9488 {
9489 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9490 struct wireless_dev *wdev = info->user_ptr[1];
9491 struct cfg80211_chan_def chandef;
9492 int err;
9493 void *hdr = NULL;
9494 u64 cookie;
9495 struct sk_buff *msg = NULL;
9496 struct cfg80211_mgmt_tx_params params = {
9497 .dont_wait_for_ack =
9498 info->attrs[NL80211_ATTR_DONT_WAIT_FOR_ACK],
9499 };
9500
9501 if (!info->attrs[NL80211_ATTR_FRAME])
9502 return -EINVAL;
9503
9504 if (!rdev->ops->mgmt_tx)
9505 return -EOPNOTSUPP;
9506
9507 switch (wdev->iftype) {
9508 case NL80211_IFTYPE_P2P_DEVICE:
9509 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
9510 return -EINVAL;
9511 case NL80211_IFTYPE_STATION:
9512 case NL80211_IFTYPE_ADHOC:
9513 case NL80211_IFTYPE_P2P_CLIENT:
9514 case NL80211_IFTYPE_AP:
9515 case NL80211_IFTYPE_AP_VLAN:
9516 case NL80211_IFTYPE_MESH_POINT:
9517 case NL80211_IFTYPE_P2P_GO:
9518 break;
9519 case NL80211_IFTYPE_NAN:
9520 default:
9521 return -EOPNOTSUPP;
9522 }
9523
9524 if (info->attrs[NL80211_ATTR_DURATION]) {
9525 if (!(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
9526 return -EINVAL;
9527 params.wait = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
9528
9529 /*
9530 * We should wait on the channel for at least a minimum amount
9531 * of time (10ms) but no longer than the driver supports.
9532 */
9533 if (params.wait < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
9534 params.wait > rdev->wiphy.max_remain_on_channel_duration)
9535 return -EINVAL;
9536 }
9537
9538 params.offchan = info->attrs[NL80211_ATTR_OFFCHANNEL_TX_OK];
9539
9540 if (params.offchan && !(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
9541 return -EINVAL;
9542
9543 params.no_cck = nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
9544
9545 /* get the channel if any has been specified, otherwise pass NULL to
9546 * the driver. The latter will use the current one
9547 */
9548 chandef.chan = NULL;
9549 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
9550 err = nl80211_parse_chandef(rdev, info, &chandef);
9551 if (err)
9552 return err;
9553 }
9554
9555 if (!chandef.chan && params.offchan)
9556 return -EINVAL;
9557
9558 wdev_lock(wdev);
9559 if (params.offchan && !cfg80211_off_channel_oper_allowed(wdev)) {
9560 wdev_unlock(wdev);
9561 return -EBUSY;
9562 }
9563 wdev_unlock(wdev);
9564
9565 params.buf = nla_data(info->attrs[NL80211_ATTR_FRAME]);
9566 params.len = nla_len(info->attrs[NL80211_ATTR_FRAME]);
9567
9568 if (info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]) {
9569 int len = nla_len(info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]);
9570 int i;
9571
9572 if (len % sizeof(u16))
9573 return -EINVAL;
9574
9575 params.n_csa_offsets = len / sizeof(u16);
9576 params.csa_offsets =
9577 nla_data(info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]);
9578
9579 /* check that all the offsets fit the frame */
9580 for (i = 0; i < params.n_csa_offsets; i++) {
9581 if (params.csa_offsets[i] >= params.len)
9582 return -EINVAL;
9583 }
9584 }
9585
9586 if (!params.dont_wait_for_ack) {
9587 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
9588 if (!msg)
9589 return -ENOMEM;
9590
9591 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
9592 NL80211_CMD_FRAME);
9593 if (!hdr) {
9594 err = -ENOBUFS;
9595 goto free_msg;
9596 }
9597 }
9598
9599 params.chan = chandef.chan;
9600 err = cfg80211_mlme_mgmt_tx(rdev, wdev, &params, &cookie);
9601 if (err)
9602 goto free_msg;
9603
9604 if (msg) {
9605 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
9606 NL80211_ATTR_PAD))
9607 goto nla_put_failure;
9608
9609 genlmsg_end(msg, hdr);
9610 return genlmsg_reply(msg, info);
9611 }
9612
9613 return 0;
9614
9615 nla_put_failure:
9616 err = -ENOBUFS;
9617 free_msg:
9618 nlmsg_free(msg);
9619 return err;
9620 }
9621
9622 static int nl80211_tx_mgmt_cancel_wait(struct sk_buff *skb, struct genl_info *info)
9623 {
9624 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9625 struct wireless_dev *wdev = info->user_ptr[1];
9626 u64 cookie;
9627
9628 if (!info->attrs[NL80211_ATTR_COOKIE])
9629 return -EINVAL;
9630
9631 if (!rdev->ops->mgmt_tx_cancel_wait)
9632 return -EOPNOTSUPP;
9633
9634 switch (wdev->iftype) {
9635 case NL80211_IFTYPE_STATION:
9636 case NL80211_IFTYPE_ADHOC:
9637 case NL80211_IFTYPE_P2P_CLIENT:
9638 case NL80211_IFTYPE_AP:
9639 case NL80211_IFTYPE_AP_VLAN:
9640 case NL80211_IFTYPE_P2P_GO:
9641 case NL80211_IFTYPE_P2P_DEVICE:
9642 break;
9643 case NL80211_IFTYPE_NAN:
9644 default:
9645 return -EOPNOTSUPP;
9646 }
9647
9648 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
9649
9650 return rdev_mgmt_tx_cancel_wait(rdev, wdev, cookie);
9651 }
9652
9653 static int nl80211_set_power_save(struct sk_buff *skb, struct genl_info *info)
9654 {
9655 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9656 struct wireless_dev *wdev;
9657 struct net_device *dev = info->user_ptr[1];
9658 u8 ps_state;
9659 bool state;
9660 int err;
9661
9662 if (!info->attrs[NL80211_ATTR_PS_STATE])
9663 return -EINVAL;
9664
9665 ps_state = nla_get_u32(info->attrs[NL80211_ATTR_PS_STATE]);
9666
9667 if (ps_state != NL80211_PS_DISABLED && ps_state != NL80211_PS_ENABLED)
9668 return -EINVAL;
9669
9670 wdev = dev->ieee80211_ptr;
9671
9672 if (!rdev->ops->set_power_mgmt)
9673 return -EOPNOTSUPP;
9674
9675 state = (ps_state == NL80211_PS_ENABLED) ? true : false;
9676
9677 if (state == wdev->ps)
9678 return 0;
9679
9680 err = rdev_set_power_mgmt(rdev, dev, state, wdev->ps_timeout);
9681 if (!err)
9682 wdev->ps = state;
9683 return err;
9684 }
9685
9686 static int nl80211_get_power_save(struct sk_buff *skb, struct genl_info *info)
9687 {
9688 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9689 enum nl80211_ps_state ps_state;
9690 struct wireless_dev *wdev;
9691 struct net_device *dev = info->user_ptr[1];
9692 struct sk_buff *msg;
9693 void *hdr;
9694 int err;
9695
9696 wdev = dev->ieee80211_ptr;
9697
9698 if (!rdev->ops->set_power_mgmt)
9699 return -EOPNOTSUPP;
9700
9701 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
9702 if (!msg)
9703 return -ENOMEM;
9704
9705 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
9706 NL80211_CMD_GET_POWER_SAVE);
9707 if (!hdr) {
9708 err = -ENOBUFS;
9709 goto free_msg;
9710 }
9711
9712 if (wdev->ps)
9713 ps_state = NL80211_PS_ENABLED;
9714 else
9715 ps_state = NL80211_PS_DISABLED;
9716
9717 if (nla_put_u32(msg, NL80211_ATTR_PS_STATE, ps_state))
9718 goto nla_put_failure;
9719
9720 genlmsg_end(msg, hdr);
9721 return genlmsg_reply(msg, info);
9722
9723 nla_put_failure:
9724 err = -ENOBUFS;
9725 free_msg:
9726 nlmsg_free(msg);
9727 return err;
9728 }
9729
9730 static const struct nla_policy
9731 nl80211_attr_cqm_policy[NL80211_ATTR_CQM_MAX + 1] = {
9732 [NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_BINARY },
9733 [NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U32 },
9734 [NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 },
9735 [NL80211_ATTR_CQM_TXE_RATE] = { .type = NLA_U32 },
9736 [NL80211_ATTR_CQM_TXE_PKTS] = { .type = NLA_U32 },
9737 [NL80211_ATTR_CQM_TXE_INTVL] = { .type = NLA_U32 },
9738 [NL80211_ATTR_CQM_RSSI_LEVEL] = { .type = NLA_S32 },
9739 };
9740
9741 static int nl80211_set_cqm_txe(struct genl_info *info,
9742 u32 rate, u32 pkts, u32 intvl)
9743 {
9744 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9745 struct net_device *dev = info->user_ptr[1];
9746 struct wireless_dev *wdev = dev->ieee80211_ptr;
9747
9748 if (rate > 100 || intvl > NL80211_CQM_TXE_MAX_INTVL)
9749 return -EINVAL;
9750
9751 if (!rdev->ops->set_cqm_txe_config)
9752 return -EOPNOTSUPP;
9753
9754 if (wdev->iftype != NL80211_IFTYPE_STATION &&
9755 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
9756 return -EOPNOTSUPP;
9757
9758 return rdev_set_cqm_txe_config(rdev, dev, rate, pkts, intvl);
9759 }
9760
9761 static int cfg80211_cqm_rssi_update(struct cfg80211_registered_device *rdev,
9762 struct net_device *dev)
9763 {
9764 struct wireless_dev *wdev = dev->ieee80211_ptr;
9765 s32 last, low, high;
9766 u32 hyst;
9767 int i, n, low_index;
9768 int err;
9769
9770 /* RSSI reporting disabled? */
9771 if (!wdev->cqm_config)
9772 return rdev_set_cqm_rssi_range_config(rdev, dev, 0, 0);
9773
9774 /*
9775 * Obtain current RSSI value if possible, if not and no RSSI threshold
9776 * event has been received yet, we should receive an event after a
9777 * connection is established and enough beacons received to calculate
9778 * the average.
9779 */
9780 if (!wdev->cqm_config->last_rssi_event_value && wdev->current_bss &&
9781 rdev->ops->get_station) {
9782 struct station_info sinfo;
9783 u8 *mac_addr;
9784
9785 mac_addr = wdev->current_bss->pub.bssid;
9786
9787 err = rdev_get_station(rdev, dev, mac_addr, &sinfo);
9788 if (err)
9789 return err;
9790
9791 if (sinfo.filled & BIT(NL80211_STA_INFO_BEACON_SIGNAL_AVG))
9792 wdev->cqm_config->last_rssi_event_value =
9793 (s8) sinfo.rx_beacon_signal_avg;
9794 }
9795
9796 last = wdev->cqm_config->last_rssi_event_value;
9797 hyst = wdev->cqm_config->rssi_hyst;
9798 n = wdev->cqm_config->n_rssi_thresholds;
9799
9800 for (i = 0; i < n; i++)
9801 if (last < wdev->cqm_config->rssi_thresholds[i])
9802 break;
9803
9804 low_index = i - 1;
9805 if (low_index >= 0) {
9806 low_index = array_index_nospec(low_index, n);
9807 low = wdev->cqm_config->rssi_thresholds[low_index] - hyst;
9808 } else {
9809 low = S32_MIN;
9810 }
9811 if (i < n) {
9812 i = array_index_nospec(i, n);
9813 high = wdev->cqm_config->rssi_thresholds[i] + hyst - 1;
9814 } else {
9815 high = S32_MAX;
9816 }
9817
9818 return rdev_set_cqm_rssi_range_config(rdev, dev, low, high);
9819 }
9820
9821 static int nl80211_set_cqm_rssi(struct genl_info *info,
9822 const s32 *thresholds, int n_thresholds,
9823 u32 hysteresis)
9824 {
9825 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9826 struct net_device *dev = info->user_ptr[1];
9827 struct wireless_dev *wdev = dev->ieee80211_ptr;
9828 int i, err;
9829 s32 prev = S32_MIN;
9830
9831 /* Check all values negative and sorted */
9832 for (i = 0; i < n_thresholds; i++) {
9833 if (thresholds[i] > 0 || thresholds[i] <= prev)
9834 return -EINVAL;
9835
9836 prev = thresholds[i];
9837 }
9838
9839 if (wdev->iftype != NL80211_IFTYPE_STATION &&
9840 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
9841 return -EOPNOTSUPP;
9842
9843 wdev_lock(wdev);
9844 cfg80211_cqm_config_free(wdev);
9845 wdev_unlock(wdev);
9846
9847 if (n_thresholds <= 1 && rdev->ops->set_cqm_rssi_config) {
9848 if (n_thresholds == 0 || thresholds[0] == 0) /* Disabling */
9849 return rdev_set_cqm_rssi_config(rdev, dev, 0, 0);
9850
9851 return rdev_set_cqm_rssi_config(rdev, dev,
9852 thresholds[0], hysteresis);
9853 }
9854
9855 if (!wiphy_ext_feature_isset(&rdev->wiphy,
9856 NL80211_EXT_FEATURE_CQM_RSSI_LIST))
9857 return -EOPNOTSUPP;
9858
9859 if (n_thresholds == 1 && thresholds[0] == 0) /* Disabling */
9860 n_thresholds = 0;
9861
9862 wdev_lock(wdev);
9863 if (n_thresholds) {
9864 struct cfg80211_cqm_config *cqm_config;
9865
9866 cqm_config = kzalloc(sizeof(struct cfg80211_cqm_config) +
9867 n_thresholds * sizeof(s32), GFP_KERNEL);
9868 if (!cqm_config) {
9869 err = -ENOMEM;
9870 goto unlock;
9871 }
9872
9873 cqm_config->rssi_hyst = hysteresis;
9874 cqm_config->n_rssi_thresholds = n_thresholds;
9875 memcpy(cqm_config->rssi_thresholds, thresholds,
9876 n_thresholds * sizeof(s32));
9877
9878 wdev->cqm_config = cqm_config;
9879 }
9880
9881 err = cfg80211_cqm_rssi_update(rdev, dev);
9882
9883 unlock:
9884 wdev_unlock(wdev);
9885
9886 return err;
9887 }
9888
9889 static int nl80211_set_cqm(struct sk_buff *skb, struct genl_info *info)
9890 {
9891 struct nlattr *attrs[NL80211_ATTR_CQM_MAX + 1];
9892 struct nlattr *cqm;
9893 int err;
9894
9895 cqm = info->attrs[NL80211_ATTR_CQM];
9896 if (!cqm)
9897 return -EINVAL;
9898
9899 err = nla_parse_nested(attrs, NL80211_ATTR_CQM_MAX, cqm,
9900 nl80211_attr_cqm_policy, info->extack);
9901 if (err)
9902 return err;
9903
9904 if (attrs[NL80211_ATTR_CQM_RSSI_THOLD] &&
9905 attrs[NL80211_ATTR_CQM_RSSI_HYST]) {
9906 const s32 *thresholds =
9907 nla_data(attrs[NL80211_ATTR_CQM_RSSI_THOLD]);
9908 int len = nla_len(attrs[NL80211_ATTR_CQM_RSSI_THOLD]);
9909 u32 hysteresis = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_HYST]);
9910
9911 if (len % 4)
9912 return -EINVAL;
9913
9914 return nl80211_set_cqm_rssi(info, thresholds, len / 4,
9915 hysteresis);
9916 }
9917
9918 if (attrs[NL80211_ATTR_CQM_TXE_RATE] &&
9919 attrs[NL80211_ATTR_CQM_TXE_PKTS] &&
9920 attrs[NL80211_ATTR_CQM_TXE_INTVL]) {
9921 u32 rate = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_RATE]);
9922 u32 pkts = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_PKTS]);
9923 u32 intvl = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_INTVL]);
9924
9925 return nl80211_set_cqm_txe(info, rate, pkts, intvl);
9926 }
9927
9928 return -EINVAL;
9929 }
9930
9931 static int nl80211_join_ocb(struct sk_buff *skb, struct genl_info *info)
9932 {
9933 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9934 struct net_device *dev = info->user_ptr[1];
9935 struct ocb_setup setup = {};
9936 int err;
9937
9938 err = nl80211_parse_chandef(rdev, info, &setup.chandef);
9939 if (err)
9940 return err;
9941
9942 return cfg80211_join_ocb(rdev, dev, &setup);
9943 }
9944
9945 static int nl80211_leave_ocb(struct sk_buff *skb, struct genl_info *info)
9946 {
9947 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9948 struct net_device *dev = info->user_ptr[1];
9949
9950 return cfg80211_leave_ocb(rdev, dev);
9951 }
9952
9953 static int nl80211_join_mesh(struct sk_buff *skb, struct genl_info *info)
9954 {
9955 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9956 struct net_device *dev = info->user_ptr[1];
9957 struct mesh_config cfg;
9958 struct mesh_setup setup;
9959 int err;
9960
9961 /* start with default */
9962 memcpy(&cfg, &default_mesh_config, sizeof(cfg));
9963 memcpy(&setup, &default_mesh_setup, sizeof(setup));
9964
9965 if (info->attrs[NL80211_ATTR_MESH_CONFIG]) {
9966 /* and parse parameters if given */
9967 err = nl80211_parse_mesh_config(info, &cfg, NULL);
9968 if (err)
9969 return err;
9970 }
9971
9972 if (!info->attrs[NL80211_ATTR_MESH_ID] ||
9973 !nla_len(info->attrs[NL80211_ATTR_MESH_ID]))
9974 return -EINVAL;
9975
9976 setup.mesh_id = nla_data(info->attrs[NL80211_ATTR_MESH_ID]);
9977 setup.mesh_id_len = nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
9978
9979 if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
9980 !nl80211_parse_mcast_rate(rdev, setup.mcast_rate,
9981 nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
9982 return -EINVAL;
9983
9984 if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) {
9985 setup.beacon_interval =
9986 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
9987
9988 err = cfg80211_validate_beacon_int(rdev,
9989 NL80211_IFTYPE_MESH_POINT,
9990 setup.beacon_interval);
9991 if (err)
9992 return err;
9993 }
9994
9995 if (info->attrs[NL80211_ATTR_DTIM_PERIOD]) {
9996 setup.dtim_period =
9997 nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
9998 if (setup.dtim_period < 1 || setup.dtim_period > 100)
9999 return -EINVAL;
10000 }
10001
10002 if (info->attrs[NL80211_ATTR_MESH_SETUP]) {
10003 /* parse additional setup parameters if given */
10004 err = nl80211_parse_mesh_setup(info, &setup);
10005 if (err)
10006 return err;
10007 }
10008
10009 if (setup.user_mpm)
10010 cfg.auto_open_plinks = false;
10011
10012 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
10013 err = nl80211_parse_chandef(rdev, info, &setup.chandef);
10014 if (err)
10015 return err;
10016 } else {
10017 /* cfg80211_join_mesh() will sort it out */
10018 setup.chandef.chan = NULL;
10019 }
10020
10021 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
10022 u8 *rates = nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
10023 int n_rates =
10024 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
10025 struct ieee80211_supported_band *sband;
10026
10027 if (!setup.chandef.chan)
10028 return -EINVAL;
10029
10030 sband = rdev->wiphy.bands[setup.chandef.chan->band];
10031
10032 err = ieee80211_get_ratemask(sband, rates, n_rates,
10033 &setup.basic_rates);
10034 if (err)
10035 return err;
10036 }
10037
10038 if (info->attrs[NL80211_ATTR_TX_RATES]) {
10039 err = nl80211_parse_tx_bitrate_mask(info, &setup.beacon_rate);
10040 if (err)
10041 return err;
10042
10043 if (!setup.chandef.chan)
10044 return -EINVAL;
10045
10046 err = validate_beacon_tx_rate(rdev, setup.chandef.chan->band,
10047 &setup.beacon_rate);
10048 if (err)
10049 return err;
10050 }
10051
10052 setup.userspace_handles_dfs =
10053 nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS]);
10054
10055 return cfg80211_join_mesh(rdev, dev, &setup, &cfg);
10056 }
10057
10058 static int nl80211_leave_mesh(struct sk_buff *skb, struct genl_info *info)
10059 {
10060 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10061 struct net_device *dev = info->user_ptr[1];
10062
10063 return cfg80211_leave_mesh(rdev, dev);
10064 }
10065
10066 #ifdef CONFIG_PM
10067 static int nl80211_send_wowlan_patterns(struct sk_buff *msg,
10068 struct cfg80211_registered_device *rdev)
10069 {
10070 struct cfg80211_wowlan *wowlan = rdev->wiphy.wowlan_config;
10071 struct nlattr *nl_pats, *nl_pat;
10072 int i, pat_len;
10073
10074 if (!wowlan->n_patterns)
10075 return 0;
10076
10077 nl_pats = nla_nest_start(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN);
10078 if (!nl_pats)
10079 return -ENOBUFS;
10080
10081 for (i = 0; i < wowlan->n_patterns; i++) {
10082 nl_pat = nla_nest_start(msg, i + 1);
10083 if (!nl_pat)
10084 return -ENOBUFS;
10085 pat_len = wowlan->patterns[i].pattern_len;
10086 if (nla_put(msg, NL80211_PKTPAT_MASK, DIV_ROUND_UP(pat_len, 8),
10087 wowlan->patterns[i].mask) ||
10088 nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len,
10089 wowlan->patterns[i].pattern) ||
10090 nla_put_u32(msg, NL80211_PKTPAT_OFFSET,
10091 wowlan->patterns[i].pkt_offset))
10092 return -ENOBUFS;
10093 nla_nest_end(msg, nl_pat);
10094 }
10095 nla_nest_end(msg, nl_pats);
10096
10097 return 0;
10098 }
10099
10100 static int nl80211_send_wowlan_tcp(struct sk_buff *msg,
10101 struct cfg80211_wowlan_tcp *tcp)
10102 {
10103 struct nlattr *nl_tcp;
10104
10105 if (!tcp)
10106 return 0;
10107
10108 nl_tcp = nla_nest_start(msg, NL80211_WOWLAN_TRIG_TCP_CONNECTION);
10109 if (!nl_tcp)
10110 return -ENOBUFS;
10111
10112 if (nla_put_in_addr(msg, NL80211_WOWLAN_TCP_SRC_IPV4, tcp->src) ||
10113 nla_put_in_addr(msg, NL80211_WOWLAN_TCP_DST_IPV4, tcp->dst) ||
10114 nla_put(msg, NL80211_WOWLAN_TCP_DST_MAC, ETH_ALEN, tcp->dst_mac) ||
10115 nla_put_u16(msg, NL80211_WOWLAN_TCP_SRC_PORT, tcp->src_port) ||
10116 nla_put_u16(msg, NL80211_WOWLAN_TCP_DST_PORT, tcp->dst_port) ||
10117 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
10118 tcp->payload_len, tcp->payload) ||
10119 nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
10120 tcp->data_interval) ||
10121 nla_put(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
10122 tcp->wake_len, tcp->wake_data) ||
10123 nla_put(msg, NL80211_WOWLAN_TCP_WAKE_MASK,
10124 DIV_ROUND_UP(tcp->wake_len, 8), tcp->wake_mask))
10125 return -ENOBUFS;
10126
10127 if (tcp->payload_seq.len &&
10128 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ,
10129 sizeof(tcp->payload_seq), &tcp->payload_seq))
10130 return -ENOBUFS;
10131
10132 if (tcp->payload_tok.len &&
10133 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
10134 sizeof(tcp->payload_tok) + tcp->tokens_size,
10135 &tcp->payload_tok))
10136 return -ENOBUFS;
10137
10138 nla_nest_end(msg, nl_tcp);
10139
10140 return 0;
10141 }
10142
10143 static int nl80211_send_wowlan_nd(struct sk_buff *msg,
10144 struct cfg80211_sched_scan_request *req)
10145 {
10146 struct nlattr *nd, *freqs, *matches, *match, *scan_plans, *scan_plan;
10147 int i;
10148
10149 if (!req)
10150 return 0;
10151
10152 nd = nla_nest_start(msg, NL80211_WOWLAN_TRIG_NET_DETECT);
10153 if (!nd)
10154 return -ENOBUFS;
10155
10156 if (req->n_scan_plans == 1 &&
10157 nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_INTERVAL,
10158 req->scan_plans[0].interval * 1000))
10159 return -ENOBUFS;
10160
10161 if (nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_DELAY, req->delay))
10162 return -ENOBUFS;
10163
10164 if (req->relative_rssi_set) {
10165 struct nl80211_bss_select_rssi_adjust rssi_adjust;
10166
10167 if (nla_put_s8(msg, NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI,
10168 req->relative_rssi))
10169 return -ENOBUFS;
10170
10171 rssi_adjust.band = req->rssi_adjust.band;
10172 rssi_adjust.delta = req->rssi_adjust.delta;
10173 if (nla_put(msg, NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST,
10174 sizeof(rssi_adjust), &rssi_adjust))
10175 return -ENOBUFS;
10176 }
10177
10178 freqs = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQUENCIES);
10179 if (!freqs)
10180 return -ENOBUFS;
10181
10182 for (i = 0; i < req->n_channels; i++) {
10183 if (nla_put_u32(msg, i, req->channels[i]->center_freq))
10184 return -ENOBUFS;
10185 }
10186
10187 nla_nest_end(msg, freqs);
10188
10189 if (req->n_match_sets) {
10190 matches = nla_nest_start(msg, NL80211_ATTR_SCHED_SCAN_MATCH);
10191 if (!matches)
10192 return -ENOBUFS;
10193
10194 for (i = 0; i < req->n_match_sets; i++) {
10195 match = nla_nest_start(msg, i);
10196 if (!match)
10197 return -ENOBUFS;
10198
10199 if (nla_put(msg, NL80211_SCHED_SCAN_MATCH_ATTR_SSID,
10200 req->match_sets[i].ssid.ssid_len,
10201 req->match_sets[i].ssid.ssid))
10202 return -ENOBUFS;
10203 nla_nest_end(msg, match);
10204 }
10205 nla_nest_end(msg, matches);
10206 }
10207
10208 scan_plans = nla_nest_start(msg, NL80211_ATTR_SCHED_SCAN_PLANS);
10209 if (!scan_plans)
10210 return -ENOBUFS;
10211
10212 for (i = 0; i < req->n_scan_plans; i++) {
10213 scan_plan = nla_nest_start(msg, i + 1);
10214 if (!scan_plan)
10215 return -ENOBUFS;
10216
10217 if (!scan_plan ||
10218 nla_put_u32(msg, NL80211_SCHED_SCAN_PLAN_INTERVAL,
10219 req->scan_plans[i].interval) ||
10220 (req->scan_plans[i].iterations &&
10221 nla_put_u32(msg, NL80211_SCHED_SCAN_PLAN_ITERATIONS,
10222 req->scan_plans[i].iterations)))
10223 return -ENOBUFS;
10224 nla_nest_end(msg, scan_plan);
10225 }
10226 nla_nest_end(msg, scan_plans);
10227
10228 nla_nest_end(msg, nd);
10229
10230 return 0;
10231 }
10232
10233 static int nl80211_get_wowlan(struct sk_buff *skb, struct genl_info *info)
10234 {
10235 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10236 struct sk_buff *msg;
10237 void *hdr;
10238 u32 size = NLMSG_DEFAULT_SIZE;
10239
10240 if (!rdev->wiphy.wowlan)
10241 return -EOPNOTSUPP;
10242
10243 if (rdev->wiphy.wowlan_config && rdev->wiphy.wowlan_config->tcp) {
10244 /* adjust size to have room for all the data */
10245 size += rdev->wiphy.wowlan_config->tcp->tokens_size +
10246 rdev->wiphy.wowlan_config->tcp->payload_len +
10247 rdev->wiphy.wowlan_config->tcp->wake_len +
10248 rdev->wiphy.wowlan_config->tcp->wake_len / 8;
10249 }
10250
10251 msg = nlmsg_new(size, GFP_KERNEL);
10252 if (!msg)
10253 return -ENOMEM;
10254
10255 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
10256 NL80211_CMD_GET_WOWLAN);
10257 if (!hdr)
10258 goto nla_put_failure;
10259
10260 if (rdev->wiphy.wowlan_config) {
10261 struct nlattr *nl_wowlan;
10262
10263 nl_wowlan = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS);
10264 if (!nl_wowlan)
10265 goto nla_put_failure;
10266
10267 if ((rdev->wiphy.wowlan_config->any &&
10268 nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
10269 (rdev->wiphy.wowlan_config->disconnect &&
10270 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
10271 (rdev->wiphy.wowlan_config->magic_pkt &&
10272 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
10273 (rdev->wiphy.wowlan_config->gtk_rekey_failure &&
10274 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
10275 (rdev->wiphy.wowlan_config->eap_identity_req &&
10276 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
10277 (rdev->wiphy.wowlan_config->four_way_handshake &&
10278 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
10279 (rdev->wiphy.wowlan_config->rfkill_release &&
10280 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
10281 goto nla_put_failure;
10282
10283 if (nl80211_send_wowlan_patterns(msg, rdev))
10284 goto nla_put_failure;
10285
10286 if (nl80211_send_wowlan_tcp(msg,
10287 rdev->wiphy.wowlan_config->tcp))
10288 goto nla_put_failure;
10289
10290 if (nl80211_send_wowlan_nd(
10291 msg,
10292 rdev->wiphy.wowlan_config->nd_config))
10293 goto nla_put_failure;
10294
10295 nla_nest_end(msg, nl_wowlan);
10296 }
10297
10298 genlmsg_end(msg, hdr);
10299 return genlmsg_reply(msg, info);
10300
10301 nla_put_failure:
10302 nlmsg_free(msg);
10303 return -ENOBUFS;
10304 }
10305
10306 static int nl80211_parse_wowlan_tcp(struct cfg80211_registered_device *rdev,
10307 struct nlattr *attr,
10308 struct cfg80211_wowlan *trig)
10309 {
10310 struct nlattr *tb[NUM_NL80211_WOWLAN_TCP];
10311 struct cfg80211_wowlan_tcp *cfg;
10312 struct nl80211_wowlan_tcp_data_token *tok = NULL;
10313 struct nl80211_wowlan_tcp_data_seq *seq = NULL;
10314 u32 size;
10315 u32 data_size, wake_size, tokens_size = 0, wake_mask_size;
10316 int err, port;
10317
10318 if (!rdev->wiphy.wowlan->tcp)
10319 return -EINVAL;
10320
10321 err = nla_parse_nested(tb, MAX_NL80211_WOWLAN_TCP, attr,
10322 nl80211_wowlan_tcp_policy, NULL);
10323 if (err)
10324 return err;
10325
10326 if (!tb[NL80211_WOWLAN_TCP_SRC_IPV4] ||
10327 !tb[NL80211_WOWLAN_TCP_DST_IPV4] ||
10328 !tb[NL80211_WOWLAN_TCP_DST_MAC] ||
10329 !tb[NL80211_WOWLAN_TCP_DST_PORT] ||
10330 !tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD] ||
10331 !tb[NL80211_WOWLAN_TCP_DATA_INTERVAL] ||
10332 !tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD] ||
10333 !tb[NL80211_WOWLAN_TCP_WAKE_MASK])
10334 return -EINVAL;
10335
10336 data_size = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]);
10337 if (data_size > rdev->wiphy.wowlan->tcp->data_payload_max)
10338 return -EINVAL;
10339
10340 if (nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) >
10341 rdev->wiphy.wowlan->tcp->data_interval_max ||
10342 nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) == 0)
10343 return -EINVAL;
10344
10345 wake_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]);
10346 if (wake_size > rdev->wiphy.wowlan->tcp->wake_payload_max)
10347 return -EINVAL;
10348
10349 wake_mask_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_MASK]);
10350 if (wake_mask_size != DIV_ROUND_UP(wake_size, 8))
10351 return -EINVAL;
10352
10353 if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]) {
10354 u32 tokln = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]);
10355
10356 tok = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]);
10357 tokens_size = tokln - sizeof(*tok);
10358
10359 if (!tok->len || tokens_size % tok->len)
10360 return -EINVAL;
10361 if (!rdev->wiphy.wowlan->tcp->tok)
10362 return -EINVAL;
10363 if (tok->len > rdev->wiphy.wowlan->tcp->tok->max_len)
10364 return -EINVAL;
10365 if (tok->len < rdev->wiphy.wowlan->tcp->tok->min_len)
10366 return -EINVAL;
10367 if (tokens_size > rdev->wiphy.wowlan->tcp->tok->bufsize)
10368 return -EINVAL;
10369 if (tok->offset + tok->len > data_size)
10370 return -EINVAL;
10371 }
10372
10373 if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]) {
10374 seq = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]);
10375 if (!rdev->wiphy.wowlan->tcp->seq)
10376 return -EINVAL;
10377 if (seq->len == 0 || seq->len > 4)
10378 return -EINVAL;
10379 if (seq->len + seq->offset > data_size)
10380 return -EINVAL;
10381 }
10382
10383 size = sizeof(*cfg);
10384 size += data_size;
10385 size += wake_size + wake_mask_size;
10386 size += tokens_size;
10387
10388 cfg = kzalloc(size, GFP_KERNEL);
10389 if (!cfg)
10390 return -ENOMEM;
10391 cfg->src = nla_get_in_addr(tb[NL80211_WOWLAN_TCP_SRC_IPV4]);
10392 cfg->dst = nla_get_in_addr(tb[NL80211_WOWLAN_TCP_DST_IPV4]);
10393 memcpy(cfg->dst_mac, nla_data(tb[NL80211_WOWLAN_TCP_DST_MAC]),
10394 ETH_ALEN);
10395 if (tb[NL80211_WOWLAN_TCP_SRC_PORT])
10396 port = nla_get_u16(tb[NL80211_WOWLAN_TCP_SRC_PORT]);
10397 else
10398 port = 0;
10399 #ifdef CONFIG_INET
10400 /* allocate a socket and port for it and use it */
10401 err = __sock_create(wiphy_net(&rdev->wiphy), PF_INET, SOCK_STREAM,
10402 IPPROTO_TCP, &cfg->sock, 1);
10403 if (err) {
10404 kfree(cfg);
10405 return err;
10406 }
10407 if (inet_csk_get_port(cfg->sock->sk, port)) {
10408 sock_release(cfg->sock);
10409 kfree(cfg);
10410 return -EADDRINUSE;
10411 }
10412 cfg->src_port = inet_sk(cfg->sock->sk)->inet_num;
10413 #else
10414 if (!port) {
10415 kfree(cfg);
10416 return -EINVAL;
10417 }
10418 cfg->src_port = port;
10419 #endif
10420
10421 cfg->dst_port = nla_get_u16(tb[NL80211_WOWLAN_TCP_DST_PORT]);
10422 cfg->payload_len = data_size;
10423 cfg->payload = (u8 *)cfg + sizeof(*cfg) + tokens_size;
10424 memcpy((void *)cfg->payload,
10425 nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]),
10426 data_size);
10427 if (seq)
10428 cfg->payload_seq = *seq;
10429 cfg->data_interval = nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]);
10430 cfg->wake_len = wake_size;
10431 cfg->wake_data = (u8 *)cfg + sizeof(*cfg) + tokens_size + data_size;
10432 memcpy((void *)cfg->wake_data,
10433 nla_data(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]),
10434 wake_size);
10435 cfg->wake_mask = (u8 *)cfg + sizeof(*cfg) + tokens_size +
10436 data_size + wake_size;
10437 memcpy((void *)cfg->wake_mask,
10438 nla_data(tb[NL80211_WOWLAN_TCP_WAKE_MASK]),
10439 wake_mask_size);
10440 if (tok) {
10441 cfg->tokens_size = tokens_size;
10442 memcpy(&cfg->payload_tok, tok, sizeof(*tok) + tokens_size);
10443 }
10444
10445 trig->tcp = cfg;
10446
10447 return 0;
10448 }
10449
10450 static int nl80211_parse_wowlan_nd(struct cfg80211_registered_device *rdev,
10451 const struct wiphy_wowlan_support *wowlan,
10452 struct nlattr *attr,
10453 struct cfg80211_wowlan *trig)
10454 {
10455 struct nlattr **tb;
10456 int err;
10457
10458 tb = kzalloc(NUM_NL80211_ATTR * sizeof(*tb), GFP_KERNEL);
10459 if (!tb)
10460 return -ENOMEM;
10461
10462 if (!(wowlan->flags & WIPHY_WOWLAN_NET_DETECT)) {
10463 err = -EOPNOTSUPP;
10464 goto out;
10465 }
10466
10467 err = nla_parse_nested(tb, NL80211_ATTR_MAX, attr, nl80211_policy,
10468 NULL);
10469 if (err)
10470 goto out;
10471
10472 trig->nd_config = nl80211_parse_sched_scan(&rdev->wiphy, NULL, tb,
10473 wowlan->max_nd_match_sets);
10474 err = PTR_ERR_OR_ZERO(trig->nd_config);
10475 if (err)
10476 trig->nd_config = NULL;
10477
10478 out:
10479 kfree(tb);
10480 return err;
10481 }
10482
10483 static int nl80211_set_wowlan(struct sk_buff *skb, struct genl_info *info)
10484 {
10485 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10486 struct nlattr *tb[NUM_NL80211_WOWLAN_TRIG];
10487 struct cfg80211_wowlan new_triggers = {};
10488 struct cfg80211_wowlan *ntrig;
10489 const struct wiphy_wowlan_support *wowlan = rdev->wiphy.wowlan;
10490 int err, i;
10491 bool prev_enabled = rdev->wiphy.wowlan_config;
10492 bool regular = false;
10493
10494 if (!wowlan)
10495 return -EOPNOTSUPP;
10496
10497 if (!info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]) {
10498 cfg80211_rdev_free_wowlan(rdev);
10499 rdev->wiphy.wowlan_config = NULL;
10500 goto set_wakeup;
10501 }
10502
10503 err = nla_parse_nested(tb, MAX_NL80211_WOWLAN_TRIG,
10504 info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS],
10505 nl80211_wowlan_policy, info->extack);
10506 if (err)
10507 return err;
10508
10509 if (tb[NL80211_WOWLAN_TRIG_ANY]) {
10510 if (!(wowlan->flags & WIPHY_WOWLAN_ANY))
10511 return -EINVAL;
10512 new_triggers.any = true;
10513 }
10514
10515 if (tb[NL80211_WOWLAN_TRIG_DISCONNECT]) {
10516 if (!(wowlan->flags & WIPHY_WOWLAN_DISCONNECT))
10517 return -EINVAL;
10518 new_triggers.disconnect = true;
10519 regular = true;
10520 }
10521
10522 if (tb[NL80211_WOWLAN_TRIG_MAGIC_PKT]) {
10523 if (!(wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT))
10524 return -EINVAL;
10525 new_triggers.magic_pkt = true;
10526 regular = true;
10527 }
10528
10529 if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED])
10530 return -EINVAL;
10531
10532 if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE]) {
10533 if (!(wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE))
10534 return -EINVAL;
10535 new_triggers.gtk_rekey_failure = true;
10536 regular = true;
10537 }
10538
10539 if (tb[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST]) {
10540 if (!(wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ))
10541 return -EINVAL;
10542 new_triggers.eap_identity_req = true;
10543 regular = true;
10544 }
10545
10546 if (tb[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE]) {
10547 if (!(wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE))
10548 return -EINVAL;
10549 new_triggers.four_way_handshake = true;
10550 regular = true;
10551 }
10552
10553 if (tb[NL80211_WOWLAN_TRIG_RFKILL_RELEASE]) {
10554 if (!(wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE))
10555 return -EINVAL;
10556 new_triggers.rfkill_release = true;
10557 regular = true;
10558 }
10559
10560 if (tb[NL80211_WOWLAN_TRIG_PKT_PATTERN]) {
10561 struct nlattr *pat;
10562 int n_patterns = 0;
10563 int rem, pat_len, mask_len, pkt_offset;
10564 struct nlattr *pat_tb[NUM_NL80211_PKTPAT];
10565
10566 regular = true;
10567
10568 nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
10569 rem)
10570 n_patterns++;
10571 if (n_patterns > wowlan->n_patterns)
10572 return -EINVAL;
10573
10574 new_triggers.patterns = kcalloc(n_patterns,
10575 sizeof(new_triggers.patterns[0]),
10576 GFP_KERNEL);
10577 if (!new_triggers.patterns)
10578 return -ENOMEM;
10579
10580 new_triggers.n_patterns = n_patterns;
10581 i = 0;
10582
10583 nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
10584 rem) {
10585 u8 *mask_pat;
10586
10587 err = nla_parse_nested(pat_tb, MAX_NL80211_PKTPAT, pat,
10588 nl80211_packet_pattern_policy,
10589 info->extack);
10590 if (err)
10591 goto error;
10592
10593 err = -EINVAL;
10594 if (!pat_tb[NL80211_PKTPAT_MASK] ||
10595 !pat_tb[NL80211_PKTPAT_PATTERN])
10596 goto error;
10597 pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]);
10598 mask_len = DIV_ROUND_UP(pat_len, 8);
10599 if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len)
10600 goto error;
10601 if (pat_len > wowlan->pattern_max_len ||
10602 pat_len < wowlan->pattern_min_len)
10603 goto error;
10604
10605 if (!pat_tb[NL80211_PKTPAT_OFFSET])
10606 pkt_offset = 0;
10607 else
10608 pkt_offset = nla_get_u32(
10609 pat_tb[NL80211_PKTPAT_OFFSET]);
10610 if (pkt_offset > wowlan->max_pkt_offset)
10611 goto error;
10612 new_triggers.patterns[i].pkt_offset = pkt_offset;
10613
10614 mask_pat = kmalloc(mask_len + pat_len, GFP_KERNEL);
10615 if (!mask_pat) {
10616 err = -ENOMEM;
10617 goto error;
10618 }
10619 new_triggers.patterns[i].mask = mask_pat;
10620 memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_MASK]),
10621 mask_len);
10622 mask_pat += mask_len;
10623 new_triggers.patterns[i].pattern = mask_pat;
10624 new_triggers.patterns[i].pattern_len = pat_len;
10625 memcpy(mask_pat,
10626 nla_data(pat_tb[NL80211_PKTPAT_PATTERN]),
10627 pat_len);
10628 i++;
10629 }
10630 }
10631
10632 if (tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION]) {
10633 regular = true;
10634 err = nl80211_parse_wowlan_tcp(
10635 rdev, tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION],
10636 &new_triggers);
10637 if (err)
10638 goto error;
10639 }
10640
10641 if (tb[NL80211_WOWLAN_TRIG_NET_DETECT]) {
10642 regular = true;
10643 err = nl80211_parse_wowlan_nd(
10644 rdev, wowlan, tb[NL80211_WOWLAN_TRIG_NET_DETECT],
10645 &new_triggers);
10646 if (err)
10647 goto error;
10648 }
10649
10650 /* The 'any' trigger means the device continues operating more or less
10651 * as in its normal operation mode and wakes up the host on most of the
10652 * normal interrupts (like packet RX, ...)
10653 * It therefore makes little sense to combine with the more constrained
10654 * wakeup trigger modes.
10655 */
10656 if (new_triggers.any && regular) {
10657 err = -EINVAL;
10658 goto error;
10659 }
10660
10661 ntrig = kmemdup(&new_triggers, sizeof(new_triggers), GFP_KERNEL);
10662 if (!ntrig) {
10663 err = -ENOMEM;
10664 goto error;
10665 }
10666 cfg80211_rdev_free_wowlan(rdev);
10667 rdev->wiphy.wowlan_config = ntrig;
10668
10669 set_wakeup:
10670 if (rdev->ops->set_wakeup &&
10671 prev_enabled != !!rdev->wiphy.wowlan_config)
10672 rdev_set_wakeup(rdev, rdev->wiphy.wowlan_config);
10673
10674 return 0;
10675 error:
10676 for (i = 0; i < new_triggers.n_patterns; i++)
10677 kfree(new_triggers.patterns[i].mask);
10678 kfree(new_triggers.patterns);
10679 if (new_triggers.tcp && new_triggers.tcp->sock)
10680 sock_release(new_triggers.tcp->sock);
10681 kfree(new_triggers.tcp);
10682 kfree(new_triggers.nd_config);
10683 return err;
10684 }
10685 #endif
10686
10687 static int nl80211_send_coalesce_rules(struct sk_buff *msg,
10688 struct cfg80211_registered_device *rdev)
10689 {
10690 struct nlattr *nl_pats, *nl_pat, *nl_rule, *nl_rules;
10691 int i, j, pat_len;
10692 struct cfg80211_coalesce_rules *rule;
10693
10694 if (!rdev->coalesce->n_rules)
10695 return 0;
10696
10697 nl_rules = nla_nest_start(msg, NL80211_ATTR_COALESCE_RULE);
10698 if (!nl_rules)
10699 return -ENOBUFS;
10700
10701 for (i = 0; i < rdev->coalesce->n_rules; i++) {
10702 nl_rule = nla_nest_start(msg, i + 1);
10703 if (!nl_rule)
10704 return -ENOBUFS;
10705
10706 rule = &rdev->coalesce->rules[i];
10707 if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_DELAY,
10708 rule->delay))
10709 return -ENOBUFS;
10710
10711 if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_CONDITION,
10712 rule->condition))
10713 return -ENOBUFS;
10714
10715 nl_pats = nla_nest_start(msg,
10716 NL80211_ATTR_COALESCE_RULE_PKT_PATTERN);
10717 if (!nl_pats)
10718 return -ENOBUFS;
10719
10720 for (j = 0; j < rule->n_patterns; j++) {
10721 nl_pat = nla_nest_start(msg, j + 1);
10722 if (!nl_pat)
10723 return -ENOBUFS;
10724 pat_len = rule->patterns[j].pattern_len;
10725 if (nla_put(msg, NL80211_PKTPAT_MASK,
10726 DIV_ROUND_UP(pat_len, 8),
10727 rule->patterns[j].mask) ||
10728 nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len,
10729 rule->patterns[j].pattern) ||
10730 nla_put_u32(msg, NL80211_PKTPAT_OFFSET,
10731 rule->patterns[j].pkt_offset))
10732 return -ENOBUFS;
10733 nla_nest_end(msg, nl_pat);
10734 }
10735 nla_nest_end(msg, nl_pats);
10736 nla_nest_end(msg, nl_rule);
10737 }
10738 nla_nest_end(msg, nl_rules);
10739
10740 return 0;
10741 }
10742
10743 static int nl80211_get_coalesce(struct sk_buff *skb, struct genl_info *info)
10744 {
10745 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10746 struct sk_buff *msg;
10747 void *hdr;
10748
10749 if (!rdev->wiphy.coalesce)
10750 return -EOPNOTSUPP;
10751
10752 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
10753 if (!msg)
10754 return -ENOMEM;
10755
10756 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
10757 NL80211_CMD_GET_COALESCE);
10758 if (!hdr)
10759 goto nla_put_failure;
10760
10761 if (rdev->coalesce && nl80211_send_coalesce_rules(msg, rdev))
10762 goto nla_put_failure;
10763
10764 genlmsg_end(msg, hdr);
10765 return genlmsg_reply(msg, info);
10766
10767 nla_put_failure:
10768 nlmsg_free(msg);
10769 return -ENOBUFS;
10770 }
10771
10772 void cfg80211_rdev_free_coalesce(struct cfg80211_registered_device *rdev)
10773 {
10774 struct cfg80211_coalesce *coalesce = rdev->coalesce;
10775 int i, j;
10776 struct cfg80211_coalesce_rules *rule;
10777
10778 if (!coalesce)
10779 return;
10780
10781 for (i = 0; i < coalesce->n_rules; i++) {
10782 rule = &coalesce->rules[i];
10783 for (j = 0; j < rule->n_patterns; j++)
10784 kfree(rule->patterns[j].mask);
10785 kfree(rule->patterns);
10786 }
10787 kfree(coalesce->rules);
10788 kfree(coalesce);
10789 rdev->coalesce = NULL;
10790 }
10791
10792 static int nl80211_parse_coalesce_rule(struct cfg80211_registered_device *rdev,
10793 struct nlattr *rule,
10794 struct cfg80211_coalesce_rules *new_rule)
10795 {
10796 int err, i;
10797 const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce;
10798 struct nlattr *tb[NUM_NL80211_ATTR_COALESCE_RULE], *pat;
10799 int rem, pat_len, mask_len, pkt_offset, n_patterns = 0;
10800 struct nlattr *pat_tb[NUM_NL80211_PKTPAT];
10801
10802 err = nla_parse_nested(tb, NL80211_ATTR_COALESCE_RULE_MAX, rule,
10803 nl80211_coalesce_policy, NULL);
10804 if (err)
10805 return err;
10806
10807 if (tb[NL80211_ATTR_COALESCE_RULE_DELAY])
10808 new_rule->delay =
10809 nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_DELAY]);
10810 if (new_rule->delay > coalesce->max_delay)
10811 return -EINVAL;
10812
10813 if (tb[NL80211_ATTR_COALESCE_RULE_CONDITION])
10814 new_rule->condition =
10815 nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_CONDITION]);
10816 if (new_rule->condition != NL80211_COALESCE_CONDITION_MATCH &&
10817 new_rule->condition != NL80211_COALESCE_CONDITION_NO_MATCH)
10818 return -EINVAL;
10819
10820 if (!tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN])
10821 return -EINVAL;
10822
10823 nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN],
10824 rem)
10825 n_patterns++;
10826 if (n_patterns > coalesce->n_patterns)
10827 return -EINVAL;
10828
10829 new_rule->patterns = kcalloc(n_patterns, sizeof(new_rule->patterns[0]),
10830 GFP_KERNEL);
10831 if (!new_rule->patterns)
10832 return -ENOMEM;
10833
10834 new_rule->n_patterns = n_patterns;
10835 i = 0;
10836
10837 nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN],
10838 rem) {
10839 u8 *mask_pat;
10840
10841 err = nla_parse_nested(pat_tb, MAX_NL80211_PKTPAT, pat,
10842 nl80211_packet_pattern_policy, NULL);
10843 if (err)
10844 return err;
10845
10846 if (!pat_tb[NL80211_PKTPAT_MASK] ||
10847 !pat_tb[NL80211_PKTPAT_PATTERN])
10848 return -EINVAL;
10849 pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]);
10850 mask_len = DIV_ROUND_UP(pat_len, 8);
10851 if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len)
10852 return -EINVAL;
10853 if (pat_len > coalesce->pattern_max_len ||
10854 pat_len < coalesce->pattern_min_len)
10855 return -EINVAL;
10856
10857 if (!pat_tb[NL80211_PKTPAT_OFFSET])
10858 pkt_offset = 0;
10859 else
10860 pkt_offset = nla_get_u32(pat_tb[NL80211_PKTPAT_OFFSET]);
10861 if (pkt_offset > coalesce->max_pkt_offset)
10862 return -EINVAL;
10863 new_rule->patterns[i].pkt_offset = pkt_offset;
10864
10865 mask_pat = kmalloc(mask_len + pat_len, GFP_KERNEL);
10866 if (!mask_pat)
10867 return -ENOMEM;
10868
10869 new_rule->patterns[i].mask = mask_pat;
10870 memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_MASK]),
10871 mask_len);
10872
10873 mask_pat += mask_len;
10874 new_rule->patterns[i].pattern = mask_pat;
10875 new_rule->patterns[i].pattern_len = pat_len;
10876 memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_PATTERN]),
10877 pat_len);
10878 i++;
10879 }
10880
10881 return 0;
10882 }
10883
10884 static int nl80211_set_coalesce(struct sk_buff *skb, struct genl_info *info)
10885 {
10886 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10887 const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce;
10888 struct cfg80211_coalesce new_coalesce = {};
10889 struct cfg80211_coalesce *n_coalesce;
10890 int err, rem_rule, n_rules = 0, i, j;
10891 struct nlattr *rule;
10892 struct cfg80211_coalesce_rules *tmp_rule;
10893
10894 if (!rdev->wiphy.coalesce || !rdev->ops->set_coalesce)
10895 return -EOPNOTSUPP;
10896
10897 if (!info->attrs[NL80211_ATTR_COALESCE_RULE]) {
10898 cfg80211_rdev_free_coalesce(rdev);
10899 rdev_set_coalesce(rdev, NULL);
10900 return 0;
10901 }
10902
10903 nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE],
10904 rem_rule)
10905 n_rules++;
10906 if (n_rules > coalesce->n_rules)
10907 return -EINVAL;
10908
10909 new_coalesce.rules = kcalloc(n_rules, sizeof(new_coalesce.rules[0]),
10910 GFP_KERNEL);
10911 if (!new_coalesce.rules)
10912 return -ENOMEM;
10913
10914 new_coalesce.n_rules = n_rules;
10915 i = 0;
10916
10917 nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE],
10918 rem_rule) {
10919 err = nl80211_parse_coalesce_rule(rdev, rule,
10920 &new_coalesce.rules[i]);
10921 if (err)
10922 goto error;
10923
10924 i++;
10925 }
10926
10927 err = rdev_set_coalesce(rdev, &new_coalesce);
10928 if (err)
10929 goto error;
10930
10931 n_coalesce = kmemdup(&new_coalesce, sizeof(new_coalesce), GFP_KERNEL);
10932 if (!n_coalesce) {
10933 err = -ENOMEM;
10934 goto error;
10935 }
10936 cfg80211_rdev_free_coalesce(rdev);
10937 rdev->coalesce = n_coalesce;
10938
10939 return 0;
10940 error:
10941 for (i = 0; i < new_coalesce.n_rules; i++) {
10942 tmp_rule = &new_coalesce.rules[i];
10943 for (j = 0; j < tmp_rule->n_patterns; j++)
10944 kfree(tmp_rule->patterns[j].mask);
10945 kfree(tmp_rule->patterns);
10946 }
10947 kfree(new_coalesce.rules);
10948
10949 return err;
10950 }
10951
10952 static int nl80211_set_rekey_data(struct sk_buff *skb, struct genl_info *info)
10953 {
10954 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10955 struct net_device *dev = info->user_ptr[1];
10956 struct wireless_dev *wdev = dev->ieee80211_ptr;
10957 struct nlattr *tb[NUM_NL80211_REKEY_DATA];
10958 struct cfg80211_gtk_rekey_data rekey_data;
10959 int err;
10960
10961 if (!info->attrs[NL80211_ATTR_REKEY_DATA])
10962 return -EINVAL;
10963
10964 err = nla_parse_nested(tb, MAX_NL80211_REKEY_DATA,
10965 info->attrs[NL80211_ATTR_REKEY_DATA],
10966 nl80211_rekey_policy, info->extack);
10967 if (err)
10968 return err;
10969
10970 if (!tb[NL80211_REKEY_DATA_REPLAY_CTR] || !tb[NL80211_REKEY_DATA_KEK] ||
10971 !tb[NL80211_REKEY_DATA_KCK])
10972 return -EINVAL;
10973 if (nla_len(tb[NL80211_REKEY_DATA_REPLAY_CTR]) != NL80211_REPLAY_CTR_LEN)
10974 return -ERANGE;
10975 if (nla_len(tb[NL80211_REKEY_DATA_KEK]) != NL80211_KEK_LEN)
10976 return -ERANGE;
10977 if (nla_len(tb[NL80211_REKEY_DATA_KCK]) != NL80211_KCK_LEN)
10978 return -ERANGE;
10979
10980 rekey_data.kek = nla_data(tb[NL80211_REKEY_DATA_KEK]);
10981 rekey_data.kck = nla_data(tb[NL80211_REKEY_DATA_KCK]);
10982 rekey_data.replay_ctr = nla_data(tb[NL80211_REKEY_DATA_REPLAY_CTR]);
10983
10984 wdev_lock(wdev);
10985 if (!wdev->current_bss) {
10986 err = -ENOTCONN;
10987 goto out;
10988 }
10989
10990 if (!rdev->ops->set_rekey_data) {
10991 err = -EOPNOTSUPP;
10992 goto out;
10993 }
10994
10995 err = rdev_set_rekey_data(rdev, dev, &rekey_data);
10996 out:
10997 wdev_unlock(wdev);
10998 return err;
10999 }
11000
11001 static int nl80211_register_unexpected_frame(struct sk_buff *skb,
11002 struct genl_info *info)
11003 {
11004 struct net_device *dev = info->user_ptr[1];
11005 struct wireless_dev *wdev = dev->ieee80211_ptr;
11006
11007 if (wdev->iftype != NL80211_IFTYPE_AP &&
11008 wdev->iftype != NL80211_IFTYPE_P2P_GO)
11009 return -EINVAL;
11010
11011 if (wdev->ap_unexpected_nlportid)
11012 return -EBUSY;
11013
11014 wdev->ap_unexpected_nlportid = info->snd_portid;
11015 return 0;
11016 }
11017
11018 static int nl80211_probe_client(struct sk_buff *skb,
11019 struct genl_info *info)
11020 {
11021 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11022 struct net_device *dev = info->user_ptr[1];
11023 struct wireless_dev *wdev = dev->ieee80211_ptr;
11024 struct sk_buff *msg;
11025 void *hdr;
11026 const u8 *addr;
11027 u64 cookie;
11028 int err;
11029
11030 if (wdev->iftype != NL80211_IFTYPE_AP &&
11031 wdev->iftype != NL80211_IFTYPE_P2P_GO)
11032 return -EOPNOTSUPP;
11033
11034 if (!info->attrs[NL80211_ATTR_MAC])
11035 return -EINVAL;
11036
11037 if (!rdev->ops->probe_client)
11038 return -EOPNOTSUPP;
11039
11040 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
11041 if (!msg)
11042 return -ENOMEM;
11043
11044 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
11045 NL80211_CMD_PROBE_CLIENT);
11046 if (!hdr) {
11047 err = -ENOBUFS;
11048 goto free_msg;
11049 }
11050
11051 addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
11052
11053 err = rdev_probe_client(rdev, dev, addr, &cookie);
11054 if (err)
11055 goto free_msg;
11056
11057 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
11058 NL80211_ATTR_PAD))
11059 goto nla_put_failure;
11060
11061 genlmsg_end(msg, hdr);
11062
11063 return genlmsg_reply(msg, info);
11064
11065 nla_put_failure:
11066 err = -ENOBUFS;
11067 free_msg:
11068 nlmsg_free(msg);
11069 return err;
11070 }
11071
11072 static int nl80211_register_beacons(struct sk_buff *skb, struct genl_info *info)
11073 {
11074 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11075 struct cfg80211_beacon_registration *reg, *nreg;
11076 int rv;
11077
11078 if (!(rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS))
11079 return -EOPNOTSUPP;
11080
11081 nreg = kzalloc(sizeof(*nreg), GFP_KERNEL);
11082 if (!nreg)
11083 return -ENOMEM;
11084
11085 /* First, check if already registered. */
11086 spin_lock_bh(&rdev->beacon_registrations_lock);
11087 list_for_each_entry(reg, &rdev->beacon_registrations, list) {
11088 if (reg->nlportid == info->snd_portid) {
11089 rv = -EALREADY;
11090 goto out_err;
11091 }
11092 }
11093 /* Add it to the list */
11094 nreg->nlportid = info->snd_portid;
11095 list_add(&nreg->list, &rdev->beacon_registrations);
11096
11097 spin_unlock_bh(&rdev->beacon_registrations_lock);
11098
11099 return 0;
11100 out_err:
11101 spin_unlock_bh(&rdev->beacon_registrations_lock);
11102 kfree(nreg);
11103 return rv;
11104 }
11105
11106 static int nl80211_start_p2p_device(struct sk_buff *skb, struct genl_info *info)
11107 {
11108 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11109 struct wireless_dev *wdev = info->user_ptr[1];
11110 int err;
11111
11112 if (!rdev->ops->start_p2p_device)
11113 return -EOPNOTSUPP;
11114
11115 if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
11116 return -EOPNOTSUPP;
11117
11118 if (wdev_running(wdev))
11119 return 0;
11120
11121 if (rfkill_blocked(rdev->rfkill))
11122 return -ERFKILL;
11123
11124 err = rdev_start_p2p_device(rdev, wdev);
11125 if (err)
11126 return err;
11127
11128 wdev->is_running = true;
11129 rdev->opencount++;
11130
11131 return 0;
11132 }
11133
11134 static int nl80211_stop_p2p_device(struct sk_buff *skb, struct genl_info *info)
11135 {
11136 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11137 struct wireless_dev *wdev = info->user_ptr[1];
11138
11139 if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
11140 return -EOPNOTSUPP;
11141
11142 if (!rdev->ops->stop_p2p_device)
11143 return -EOPNOTSUPP;
11144
11145 cfg80211_stop_p2p_device(rdev, wdev);
11146
11147 return 0;
11148 }
11149
11150 static int nl80211_start_nan(struct sk_buff *skb, struct genl_info *info)
11151 {
11152 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11153 struct wireless_dev *wdev = info->user_ptr[1];
11154 struct cfg80211_nan_conf conf = {};
11155 int err;
11156
11157 if (wdev->iftype != NL80211_IFTYPE_NAN)
11158 return -EOPNOTSUPP;
11159
11160 if (wdev_running(wdev))
11161 return -EEXIST;
11162
11163 if (rfkill_blocked(rdev->rfkill))
11164 return -ERFKILL;
11165
11166 if (!info->attrs[NL80211_ATTR_NAN_MASTER_PREF])
11167 return -EINVAL;
11168
11169 conf.master_pref =
11170 nla_get_u8(info->attrs[NL80211_ATTR_NAN_MASTER_PREF]);
11171 if (!conf.master_pref)
11172 return -EINVAL;
11173
11174 if (info->attrs[NL80211_ATTR_BANDS]) {
11175 u32 bands = nla_get_u32(info->attrs[NL80211_ATTR_BANDS]);
11176
11177 if (bands & ~(u32)wdev->wiphy->nan_supported_bands)
11178 return -EOPNOTSUPP;
11179
11180 if (bands && !(bands & BIT(NL80211_BAND_2GHZ)))
11181 return -EINVAL;
11182
11183 conf.bands = bands;
11184 }
11185
11186 err = rdev_start_nan(rdev, wdev, &conf);
11187 if (err)
11188 return err;
11189
11190 wdev->is_running = true;
11191 rdev->opencount++;
11192
11193 return 0;
11194 }
11195
11196 static int nl80211_stop_nan(struct sk_buff *skb, struct genl_info *info)
11197 {
11198 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11199 struct wireless_dev *wdev = info->user_ptr[1];
11200
11201 if (wdev->iftype != NL80211_IFTYPE_NAN)
11202 return -EOPNOTSUPP;
11203
11204 cfg80211_stop_nan(rdev, wdev);
11205
11206 return 0;
11207 }
11208
11209 static int validate_nan_filter(struct nlattr *filter_attr)
11210 {
11211 struct nlattr *attr;
11212 int len = 0, n_entries = 0, rem;
11213
11214 nla_for_each_nested(attr, filter_attr, rem) {
11215 len += nla_len(attr);
11216 n_entries++;
11217 }
11218
11219 if (len >= U8_MAX)
11220 return -EINVAL;
11221
11222 return n_entries;
11223 }
11224
11225 static int handle_nan_filter(struct nlattr *attr_filter,
11226 struct cfg80211_nan_func *func,
11227 bool tx)
11228 {
11229 struct nlattr *attr;
11230 int n_entries, rem, i;
11231 struct cfg80211_nan_func_filter *filter;
11232
11233 n_entries = validate_nan_filter(attr_filter);
11234 if (n_entries < 0)
11235 return n_entries;
11236
11237 BUILD_BUG_ON(sizeof(*func->rx_filters) != sizeof(*func->tx_filters));
11238
11239 filter = kcalloc(n_entries, sizeof(*func->rx_filters), GFP_KERNEL);
11240 if (!filter)
11241 return -ENOMEM;
11242
11243 i = 0;
11244 nla_for_each_nested(attr, attr_filter, rem) {
11245 filter[i].filter = nla_memdup(attr, GFP_KERNEL);
11246 filter[i].len = nla_len(attr);
11247 i++;
11248 }
11249 if (tx) {
11250 func->num_tx_filters = n_entries;
11251 func->tx_filters = filter;
11252 } else {
11253 func->num_rx_filters = n_entries;
11254 func->rx_filters = filter;
11255 }
11256
11257 return 0;
11258 }
11259
11260 static int nl80211_nan_add_func(struct sk_buff *skb,
11261 struct genl_info *info)
11262 {
11263 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11264 struct wireless_dev *wdev = info->user_ptr[1];
11265 struct nlattr *tb[NUM_NL80211_NAN_FUNC_ATTR], *func_attr;
11266 struct cfg80211_nan_func *func;
11267 struct sk_buff *msg = NULL;
11268 void *hdr = NULL;
11269 int err = 0;
11270
11271 if (wdev->iftype != NL80211_IFTYPE_NAN)
11272 return -EOPNOTSUPP;
11273
11274 if (!wdev_running(wdev))
11275 return -ENOTCONN;
11276
11277 if (!info->attrs[NL80211_ATTR_NAN_FUNC])
11278 return -EINVAL;
11279
11280 err = nla_parse_nested(tb, NL80211_NAN_FUNC_ATTR_MAX,
11281 info->attrs[NL80211_ATTR_NAN_FUNC],
11282 nl80211_nan_func_policy, info->extack);
11283 if (err)
11284 return err;
11285
11286 func = kzalloc(sizeof(*func), GFP_KERNEL);
11287 if (!func)
11288 return -ENOMEM;
11289
11290 func->cookie = wdev->wiphy->cookie_counter++;
11291
11292 if (!tb[NL80211_NAN_FUNC_TYPE] ||
11293 nla_get_u8(tb[NL80211_NAN_FUNC_TYPE]) > NL80211_NAN_FUNC_MAX_TYPE) {
11294 err = -EINVAL;
11295 goto out;
11296 }
11297
11298
11299 func->type = nla_get_u8(tb[NL80211_NAN_FUNC_TYPE]);
11300
11301 if (!tb[NL80211_NAN_FUNC_SERVICE_ID]) {
11302 err = -EINVAL;
11303 goto out;
11304 }
11305
11306 memcpy(func->service_id, nla_data(tb[NL80211_NAN_FUNC_SERVICE_ID]),
11307 sizeof(func->service_id));
11308
11309 func->close_range =
11310 nla_get_flag(tb[NL80211_NAN_FUNC_CLOSE_RANGE]);
11311
11312 if (tb[NL80211_NAN_FUNC_SERVICE_INFO]) {
11313 func->serv_spec_info_len =
11314 nla_len(tb[NL80211_NAN_FUNC_SERVICE_INFO]);
11315 func->serv_spec_info =
11316 kmemdup(nla_data(tb[NL80211_NAN_FUNC_SERVICE_INFO]),
11317 func->serv_spec_info_len,
11318 GFP_KERNEL);
11319 if (!func->serv_spec_info) {
11320 err = -ENOMEM;
11321 goto out;
11322 }
11323 }
11324
11325 if (tb[NL80211_NAN_FUNC_TTL])
11326 func->ttl = nla_get_u32(tb[NL80211_NAN_FUNC_TTL]);
11327
11328 switch (func->type) {
11329 case NL80211_NAN_FUNC_PUBLISH:
11330 if (!tb[NL80211_NAN_FUNC_PUBLISH_TYPE]) {
11331 err = -EINVAL;
11332 goto out;
11333 }
11334
11335 func->publish_type =
11336 nla_get_u8(tb[NL80211_NAN_FUNC_PUBLISH_TYPE]);
11337 func->publish_bcast =
11338 nla_get_flag(tb[NL80211_NAN_FUNC_PUBLISH_BCAST]);
11339
11340 if ((!(func->publish_type & NL80211_NAN_SOLICITED_PUBLISH)) &&
11341 func->publish_bcast) {
11342 err = -EINVAL;
11343 goto out;
11344 }
11345 break;
11346 case NL80211_NAN_FUNC_SUBSCRIBE:
11347 func->subscribe_active =
11348 nla_get_flag(tb[NL80211_NAN_FUNC_SUBSCRIBE_ACTIVE]);
11349 break;
11350 case NL80211_NAN_FUNC_FOLLOW_UP:
11351 if (!tb[NL80211_NAN_FUNC_FOLLOW_UP_ID] ||
11352 !tb[NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID] ||
11353 !tb[NL80211_NAN_FUNC_FOLLOW_UP_DEST]) {
11354 err = -EINVAL;
11355 goto out;
11356 }
11357
11358 func->followup_id =
11359 nla_get_u8(tb[NL80211_NAN_FUNC_FOLLOW_UP_ID]);
11360 func->followup_reqid =
11361 nla_get_u8(tb[NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID]);
11362 memcpy(func->followup_dest.addr,
11363 nla_data(tb[NL80211_NAN_FUNC_FOLLOW_UP_DEST]),
11364 sizeof(func->followup_dest.addr));
11365 if (func->ttl) {
11366 err = -EINVAL;
11367 goto out;
11368 }
11369 break;
11370 default:
11371 err = -EINVAL;
11372 goto out;
11373 }
11374
11375 if (tb[NL80211_NAN_FUNC_SRF]) {
11376 struct nlattr *srf_tb[NUM_NL80211_NAN_SRF_ATTR];
11377
11378 err = nla_parse_nested(srf_tb, NL80211_NAN_SRF_ATTR_MAX,
11379 tb[NL80211_NAN_FUNC_SRF],
11380 nl80211_nan_srf_policy, info->extack);
11381 if (err)
11382 goto out;
11383
11384 func->srf_include =
11385 nla_get_flag(srf_tb[NL80211_NAN_SRF_INCLUDE]);
11386
11387 if (srf_tb[NL80211_NAN_SRF_BF]) {
11388 if (srf_tb[NL80211_NAN_SRF_MAC_ADDRS] ||
11389 !srf_tb[NL80211_NAN_SRF_BF_IDX]) {
11390 err = -EINVAL;
11391 goto out;
11392 }
11393
11394 func->srf_bf_len =
11395 nla_len(srf_tb[NL80211_NAN_SRF_BF]);
11396 func->srf_bf =
11397 kmemdup(nla_data(srf_tb[NL80211_NAN_SRF_BF]),
11398 func->srf_bf_len, GFP_KERNEL);
11399 if (!func->srf_bf) {
11400 err = -ENOMEM;
11401 goto out;
11402 }
11403
11404 func->srf_bf_idx =
11405 nla_get_u8(srf_tb[NL80211_NAN_SRF_BF_IDX]);
11406 } else {
11407 struct nlattr *attr, *mac_attr =
11408 srf_tb[NL80211_NAN_SRF_MAC_ADDRS];
11409 int n_entries, rem, i = 0;
11410
11411 if (!mac_attr) {
11412 err = -EINVAL;
11413 goto out;
11414 }
11415
11416 n_entries = validate_acl_mac_addrs(mac_attr);
11417 if (n_entries <= 0) {
11418 err = -EINVAL;
11419 goto out;
11420 }
11421
11422 func->srf_num_macs = n_entries;
11423 func->srf_macs =
11424 kzalloc(sizeof(*func->srf_macs) * n_entries,
11425 GFP_KERNEL);
11426 if (!func->srf_macs) {
11427 err = -ENOMEM;
11428 goto out;
11429 }
11430
11431 nla_for_each_nested(attr, mac_attr, rem)
11432 memcpy(func->srf_macs[i++].addr, nla_data(attr),
11433 sizeof(*func->srf_macs));
11434 }
11435 }
11436
11437 if (tb[NL80211_NAN_FUNC_TX_MATCH_FILTER]) {
11438 err = handle_nan_filter(tb[NL80211_NAN_FUNC_TX_MATCH_FILTER],
11439 func, true);
11440 if (err)
11441 goto out;
11442 }
11443
11444 if (tb[NL80211_NAN_FUNC_RX_MATCH_FILTER]) {
11445 err = handle_nan_filter(tb[NL80211_NAN_FUNC_RX_MATCH_FILTER],
11446 func, false);
11447 if (err)
11448 goto out;
11449 }
11450
11451 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
11452 if (!msg) {
11453 err = -ENOMEM;
11454 goto out;
11455 }
11456
11457 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
11458 NL80211_CMD_ADD_NAN_FUNCTION);
11459 /* This can't really happen - we just allocated 4KB */
11460 if (WARN_ON(!hdr)) {
11461 err = -ENOMEM;
11462 goto out;
11463 }
11464
11465 err = rdev_add_nan_func(rdev, wdev, func);
11466 out:
11467 if (err < 0) {
11468 cfg80211_free_nan_func(func);
11469 nlmsg_free(msg);
11470 return err;
11471 }
11472
11473 /* propagate the instance id and cookie to userspace */
11474 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, func->cookie,
11475 NL80211_ATTR_PAD))
11476 goto nla_put_failure;
11477
11478 func_attr = nla_nest_start(msg, NL80211_ATTR_NAN_FUNC);
11479 if (!func_attr)
11480 goto nla_put_failure;
11481
11482 if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID,
11483 func->instance_id))
11484 goto nla_put_failure;
11485
11486 nla_nest_end(msg, func_attr);
11487
11488 genlmsg_end(msg, hdr);
11489 return genlmsg_reply(msg, info);
11490
11491 nla_put_failure:
11492 nlmsg_free(msg);
11493 return -ENOBUFS;
11494 }
11495
11496 static int nl80211_nan_del_func(struct sk_buff *skb,
11497 struct genl_info *info)
11498 {
11499 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11500 struct wireless_dev *wdev = info->user_ptr[1];
11501 u64 cookie;
11502
11503 if (wdev->iftype != NL80211_IFTYPE_NAN)
11504 return -EOPNOTSUPP;
11505
11506 if (!wdev_running(wdev))
11507 return -ENOTCONN;
11508
11509 if (!info->attrs[NL80211_ATTR_COOKIE])
11510 return -EINVAL;
11511
11512 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
11513
11514 rdev_del_nan_func(rdev, wdev, cookie);
11515
11516 return 0;
11517 }
11518
11519 static int nl80211_nan_change_config(struct sk_buff *skb,
11520 struct genl_info *info)
11521 {
11522 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11523 struct wireless_dev *wdev = info->user_ptr[1];
11524 struct cfg80211_nan_conf conf = {};
11525 u32 changed = 0;
11526
11527 if (wdev->iftype != NL80211_IFTYPE_NAN)
11528 return -EOPNOTSUPP;
11529
11530 if (!wdev_running(wdev))
11531 return -ENOTCONN;
11532
11533 if (info->attrs[NL80211_ATTR_NAN_MASTER_PREF]) {
11534 conf.master_pref =
11535 nla_get_u8(info->attrs[NL80211_ATTR_NAN_MASTER_PREF]);
11536 if (conf.master_pref <= 1 || conf.master_pref == 255)
11537 return -EINVAL;
11538
11539 changed |= CFG80211_NAN_CONF_CHANGED_PREF;
11540 }
11541
11542 if (info->attrs[NL80211_ATTR_BANDS]) {
11543 u32 bands = nla_get_u32(info->attrs[NL80211_ATTR_BANDS]);
11544
11545 if (bands & ~(u32)wdev->wiphy->nan_supported_bands)
11546 return -EOPNOTSUPP;
11547
11548 if (bands && !(bands & BIT(NL80211_BAND_2GHZ)))
11549 return -EINVAL;
11550
11551 conf.bands = bands;
11552 changed |= CFG80211_NAN_CONF_CHANGED_BANDS;
11553 }
11554
11555 if (!changed)
11556 return -EINVAL;
11557
11558 return rdev_nan_change_conf(rdev, wdev, &conf, changed);
11559 }
11560
11561 void cfg80211_nan_match(struct wireless_dev *wdev,
11562 struct cfg80211_nan_match_params *match, gfp_t gfp)
11563 {
11564 struct wiphy *wiphy = wdev->wiphy;
11565 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
11566 struct nlattr *match_attr, *local_func_attr, *peer_func_attr;
11567 struct sk_buff *msg;
11568 void *hdr;
11569
11570 if (WARN_ON(!match->inst_id || !match->peer_inst_id || !match->addr))
11571 return;
11572
11573 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11574 if (!msg)
11575 return;
11576
11577 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NAN_MATCH);
11578 if (!hdr) {
11579 nlmsg_free(msg);
11580 return;
11581 }
11582
11583 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11584 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
11585 wdev->netdev->ifindex)) ||
11586 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
11587 NL80211_ATTR_PAD))
11588 goto nla_put_failure;
11589
11590 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, match->cookie,
11591 NL80211_ATTR_PAD) ||
11592 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, match->addr))
11593 goto nla_put_failure;
11594
11595 match_attr = nla_nest_start(msg, NL80211_ATTR_NAN_MATCH);
11596 if (!match_attr)
11597 goto nla_put_failure;
11598
11599 local_func_attr = nla_nest_start(msg, NL80211_NAN_MATCH_FUNC_LOCAL);
11600 if (!local_func_attr)
11601 goto nla_put_failure;
11602
11603 if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, match->inst_id))
11604 goto nla_put_failure;
11605
11606 nla_nest_end(msg, local_func_attr);
11607
11608 peer_func_attr = nla_nest_start(msg, NL80211_NAN_MATCH_FUNC_PEER);
11609 if (!peer_func_attr)
11610 goto nla_put_failure;
11611
11612 if (nla_put_u8(msg, NL80211_NAN_FUNC_TYPE, match->type) ||
11613 nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, match->peer_inst_id))
11614 goto nla_put_failure;
11615
11616 if (match->info && match->info_len &&
11617 nla_put(msg, NL80211_NAN_FUNC_SERVICE_INFO, match->info_len,
11618 match->info))
11619 goto nla_put_failure;
11620
11621 nla_nest_end(msg, peer_func_attr);
11622 nla_nest_end(msg, match_attr);
11623 genlmsg_end(msg, hdr);
11624
11625 if (!wdev->owner_nlportid)
11626 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
11627 msg, 0, NL80211_MCGRP_NAN, gfp);
11628 else
11629 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg,
11630 wdev->owner_nlportid);
11631
11632 return;
11633
11634 nla_put_failure:
11635 nlmsg_free(msg);
11636 }
11637 EXPORT_SYMBOL(cfg80211_nan_match);
11638
11639 void cfg80211_nan_func_terminated(struct wireless_dev *wdev,
11640 u8 inst_id,
11641 enum nl80211_nan_func_term_reason reason,
11642 u64 cookie, gfp_t gfp)
11643 {
11644 struct wiphy *wiphy = wdev->wiphy;
11645 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
11646 struct sk_buff *msg;
11647 struct nlattr *func_attr;
11648 void *hdr;
11649
11650 if (WARN_ON(!inst_id))
11651 return;
11652
11653 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11654 if (!msg)
11655 return;
11656
11657 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DEL_NAN_FUNCTION);
11658 if (!hdr) {
11659 nlmsg_free(msg);
11660 return;
11661 }
11662
11663 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11664 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
11665 wdev->netdev->ifindex)) ||
11666 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
11667 NL80211_ATTR_PAD))
11668 goto nla_put_failure;
11669
11670 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
11671 NL80211_ATTR_PAD))
11672 goto nla_put_failure;
11673
11674 func_attr = nla_nest_start(msg, NL80211_ATTR_NAN_FUNC);
11675 if (!func_attr)
11676 goto nla_put_failure;
11677
11678 if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, inst_id) ||
11679 nla_put_u8(msg, NL80211_NAN_FUNC_TERM_REASON, reason))
11680 goto nla_put_failure;
11681
11682 nla_nest_end(msg, func_attr);
11683 genlmsg_end(msg, hdr);
11684
11685 if (!wdev->owner_nlportid)
11686 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
11687 msg, 0, NL80211_MCGRP_NAN, gfp);
11688 else
11689 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg,
11690 wdev->owner_nlportid);
11691
11692 return;
11693
11694 nla_put_failure:
11695 nlmsg_free(msg);
11696 }
11697 EXPORT_SYMBOL(cfg80211_nan_func_terminated);
11698
11699 static int nl80211_get_protocol_features(struct sk_buff *skb,
11700 struct genl_info *info)
11701 {
11702 void *hdr;
11703 struct sk_buff *msg;
11704
11705 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
11706 if (!msg)
11707 return -ENOMEM;
11708
11709 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
11710 NL80211_CMD_GET_PROTOCOL_FEATURES);
11711 if (!hdr)
11712 goto nla_put_failure;
11713
11714 if (nla_put_u32(msg, NL80211_ATTR_PROTOCOL_FEATURES,
11715 NL80211_PROTOCOL_FEATURE_SPLIT_WIPHY_DUMP))
11716 goto nla_put_failure;
11717
11718 genlmsg_end(msg, hdr);
11719 return genlmsg_reply(msg, info);
11720
11721 nla_put_failure:
11722 kfree_skb(msg);
11723 return -ENOBUFS;
11724 }
11725
11726 static int nl80211_update_ft_ies(struct sk_buff *skb, struct genl_info *info)
11727 {
11728 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11729 struct cfg80211_update_ft_ies_params ft_params;
11730 struct net_device *dev = info->user_ptr[1];
11731
11732 if (!rdev->ops->update_ft_ies)
11733 return -EOPNOTSUPP;
11734
11735 if (!info->attrs[NL80211_ATTR_MDID] ||
11736 !info->attrs[NL80211_ATTR_IE] ||
11737 !is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
11738 return -EINVAL;
11739
11740 memset(&ft_params, 0, sizeof(ft_params));
11741 ft_params.md = nla_get_u16(info->attrs[NL80211_ATTR_MDID]);
11742 ft_params.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
11743 ft_params.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
11744
11745 return rdev_update_ft_ies(rdev, dev, &ft_params);
11746 }
11747
11748 static int nl80211_crit_protocol_start(struct sk_buff *skb,
11749 struct genl_info *info)
11750 {
11751 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11752 struct wireless_dev *wdev = info->user_ptr[1];
11753 enum nl80211_crit_proto_id proto = NL80211_CRIT_PROTO_UNSPEC;
11754 u16 duration;
11755 int ret;
11756
11757 if (!rdev->ops->crit_proto_start)
11758 return -EOPNOTSUPP;
11759
11760 if (WARN_ON(!rdev->ops->crit_proto_stop))
11761 return -EINVAL;
11762
11763 if (rdev->crit_proto_nlportid)
11764 return -EBUSY;
11765
11766 /* determine protocol if provided */
11767 if (info->attrs[NL80211_ATTR_CRIT_PROT_ID])
11768 proto = nla_get_u16(info->attrs[NL80211_ATTR_CRIT_PROT_ID]);
11769
11770 if (proto >= NUM_NL80211_CRIT_PROTO)
11771 return -EINVAL;
11772
11773 /* timeout must be provided */
11774 if (!info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION])
11775 return -EINVAL;
11776
11777 duration =
11778 nla_get_u16(info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION]);
11779
11780 if (duration > NL80211_CRIT_PROTO_MAX_DURATION)
11781 return -ERANGE;
11782
11783 ret = rdev_crit_proto_start(rdev, wdev, proto, duration);
11784 if (!ret)
11785 rdev->crit_proto_nlportid = info->snd_portid;
11786
11787 return ret;
11788 }
11789
11790 static int nl80211_crit_protocol_stop(struct sk_buff *skb,
11791 struct genl_info *info)
11792 {
11793 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11794 struct wireless_dev *wdev = info->user_ptr[1];
11795
11796 if (!rdev->ops->crit_proto_stop)
11797 return -EOPNOTSUPP;
11798
11799 if (rdev->crit_proto_nlportid) {
11800 rdev->crit_proto_nlportid = 0;
11801 rdev_crit_proto_stop(rdev, wdev);
11802 }
11803 return 0;
11804 }
11805
11806 static int nl80211_vendor_cmd(struct sk_buff *skb, struct genl_info *info)
11807 {
11808 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11809 struct wireless_dev *wdev =
11810 __cfg80211_wdev_from_attrs(genl_info_net(info), info->attrs);
11811 int i, err;
11812 u32 vid, subcmd;
11813
11814 if (!rdev->wiphy.vendor_commands)
11815 return -EOPNOTSUPP;
11816
11817 if (IS_ERR(wdev)) {
11818 err = PTR_ERR(wdev);
11819 if (err != -EINVAL)
11820 return err;
11821 wdev = NULL;
11822 } else if (wdev->wiphy != &rdev->wiphy) {
11823 return -EINVAL;
11824 }
11825
11826 if (!info->attrs[NL80211_ATTR_VENDOR_ID] ||
11827 !info->attrs[NL80211_ATTR_VENDOR_SUBCMD])
11828 return -EINVAL;
11829
11830 vid = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_ID]);
11831 subcmd = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_SUBCMD]);
11832 for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) {
11833 const struct wiphy_vendor_command *vcmd;
11834 void *data = NULL;
11835 int len = 0;
11836
11837 vcmd = &rdev->wiphy.vendor_commands[i];
11838
11839 if (vcmd->info.vendor_id != vid || vcmd->info.subcmd != subcmd)
11840 continue;
11841
11842 if (vcmd->flags & (WIPHY_VENDOR_CMD_NEED_WDEV |
11843 WIPHY_VENDOR_CMD_NEED_NETDEV)) {
11844 if (!wdev)
11845 return -EINVAL;
11846 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_NETDEV &&
11847 !wdev->netdev)
11848 return -EINVAL;
11849
11850 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_RUNNING) {
11851 if (!wdev_running(wdev))
11852 return -ENETDOWN;
11853 }
11854
11855 if (!vcmd->doit)
11856 return -EOPNOTSUPP;
11857 } else {
11858 wdev = NULL;
11859 }
11860
11861 if (info->attrs[NL80211_ATTR_VENDOR_DATA]) {
11862 data = nla_data(info->attrs[NL80211_ATTR_VENDOR_DATA]);
11863 len = nla_len(info->attrs[NL80211_ATTR_VENDOR_DATA]);
11864 }
11865
11866 rdev->cur_cmd_info = info;
11867 err = rdev->wiphy.vendor_commands[i].doit(&rdev->wiphy, wdev,
11868 data, len);
11869 rdev->cur_cmd_info = NULL;
11870 return err;
11871 }
11872
11873 return -EOPNOTSUPP;
11874 }
11875
11876 static int nl80211_prepare_vendor_dump(struct sk_buff *skb,
11877 struct netlink_callback *cb,
11878 struct cfg80211_registered_device **rdev,
11879 struct wireless_dev **wdev)
11880 {
11881 struct nlattr **attrbuf = genl_family_attrbuf(&nl80211_fam);
11882 u32 vid, subcmd;
11883 unsigned int i;
11884 int vcmd_idx = -1;
11885 int err;
11886 void *data = NULL;
11887 unsigned int data_len = 0;
11888
11889 if (cb->args[0]) {
11890 /* subtract the 1 again here */
11891 struct wiphy *wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1);
11892 struct wireless_dev *tmp;
11893
11894 if (!wiphy)
11895 return -ENODEV;
11896 *rdev = wiphy_to_rdev(wiphy);
11897 *wdev = NULL;
11898
11899 if (cb->args[1]) {
11900 list_for_each_entry(tmp, &wiphy->wdev_list, list) {
11901 if (tmp->identifier == cb->args[1] - 1) {
11902 *wdev = tmp;
11903 break;
11904 }
11905 }
11906 }
11907
11908 /* keep rtnl locked in successful case */
11909 return 0;
11910 }
11911
11912 err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize, attrbuf,
11913 nl80211_fam.maxattr, nl80211_policy, NULL);
11914 if (err)
11915 return err;
11916
11917 if (!attrbuf[NL80211_ATTR_VENDOR_ID] ||
11918 !attrbuf[NL80211_ATTR_VENDOR_SUBCMD])
11919 return -EINVAL;
11920
11921 *wdev = __cfg80211_wdev_from_attrs(sock_net(skb->sk), attrbuf);
11922 if (IS_ERR(*wdev))
11923 *wdev = NULL;
11924
11925 *rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk), attrbuf);
11926 if (IS_ERR(*rdev))
11927 return PTR_ERR(*rdev);
11928
11929 vid = nla_get_u32(attrbuf[NL80211_ATTR_VENDOR_ID]);
11930 subcmd = nla_get_u32(attrbuf[NL80211_ATTR_VENDOR_SUBCMD]);
11931
11932 for (i = 0; i < (*rdev)->wiphy.n_vendor_commands; i++) {
11933 const struct wiphy_vendor_command *vcmd;
11934
11935 vcmd = &(*rdev)->wiphy.vendor_commands[i];
11936
11937 if (vcmd->info.vendor_id != vid || vcmd->info.subcmd != subcmd)
11938 continue;
11939
11940 if (!vcmd->dumpit)
11941 return -EOPNOTSUPP;
11942
11943 vcmd_idx = i;
11944 break;
11945 }
11946
11947 if (vcmd_idx < 0)
11948 return -EOPNOTSUPP;
11949
11950 if (attrbuf[NL80211_ATTR_VENDOR_DATA]) {
11951 data = nla_data(attrbuf[NL80211_ATTR_VENDOR_DATA]);
11952 data_len = nla_len(attrbuf[NL80211_ATTR_VENDOR_DATA]);
11953 }
11954
11955 /* 0 is the first index - add 1 to parse only once */
11956 cb->args[0] = (*rdev)->wiphy_idx + 1;
11957 /* add 1 to know if it was NULL */
11958 cb->args[1] = *wdev ? (*wdev)->identifier + 1 : 0;
11959 cb->args[2] = vcmd_idx;
11960 cb->args[3] = (unsigned long)data;
11961 cb->args[4] = data_len;
11962
11963 /* keep rtnl locked in successful case */
11964 return 0;
11965 }
11966
11967 static int nl80211_vendor_cmd_dump(struct sk_buff *skb,
11968 struct netlink_callback *cb)
11969 {
11970 struct cfg80211_registered_device *rdev;
11971 struct wireless_dev *wdev;
11972 unsigned int vcmd_idx;
11973 const struct wiphy_vendor_command *vcmd;
11974 void *data;
11975 int data_len;
11976 int err;
11977 struct nlattr *vendor_data;
11978
11979 rtnl_lock();
11980 err = nl80211_prepare_vendor_dump(skb, cb, &rdev, &wdev);
11981 if (err)
11982 goto out;
11983
11984 vcmd_idx = cb->args[2];
11985 data = (void *)cb->args[3];
11986 data_len = cb->args[4];
11987 vcmd = &rdev->wiphy.vendor_commands[vcmd_idx];
11988
11989 if (vcmd->flags & (WIPHY_VENDOR_CMD_NEED_WDEV |
11990 WIPHY_VENDOR_CMD_NEED_NETDEV)) {
11991 if (!wdev) {
11992 err = -EINVAL;
11993 goto out;
11994 }
11995 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_NETDEV &&
11996 !wdev->netdev) {
11997 err = -EINVAL;
11998 goto out;
11999 }
12000
12001 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_RUNNING) {
12002 if (!wdev_running(wdev)) {
12003 err = -ENETDOWN;
12004 goto out;
12005 }
12006 }
12007 }
12008
12009 while (1) {
12010 void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid,
12011 cb->nlh->nlmsg_seq, NLM_F_MULTI,
12012 NL80211_CMD_VENDOR);
12013 if (!hdr)
12014 break;
12015
12016 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12017 (wdev && nla_put_u64_64bit(skb, NL80211_ATTR_WDEV,
12018 wdev_id(wdev),
12019 NL80211_ATTR_PAD))) {
12020 genlmsg_cancel(skb, hdr);
12021 break;
12022 }
12023
12024 vendor_data = nla_nest_start(skb, NL80211_ATTR_VENDOR_DATA);
12025 if (!vendor_data) {
12026 genlmsg_cancel(skb, hdr);
12027 break;
12028 }
12029
12030 err = vcmd->dumpit(&rdev->wiphy, wdev, skb, data, data_len,
12031 (unsigned long *)&cb->args[5]);
12032 nla_nest_end(skb, vendor_data);
12033
12034 if (err == -ENOBUFS || err == -ENOENT) {
12035 genlmsg_cancel(skb, hdr);
12036 break;
12037 } else if (err) {
12038 genlmsg_cancel(skb, hdr);
12039 goto out;
12040 }
12041
12042 genlmsg_end(skb, hdr);
12043 }
12044
12045 err = skb->len;
12046 out:
12047 rtnl_unlock();
12048 return err;
12049 }
12050
12051 struct sk_buff *__cfg80211_alloc_reply_skb(struct wiphy *wiphy,
12052 enum nl80211_commands cmd,
12053 enum nl80211_attrs attr,
12054 int approxlen)
12055 {
12056 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12057
12058 if (WARN_ON(!rdev->cur_cmd_info))
12059 return NULL;
12060
12061 return __cfg80211_alloc_vendor_skb(rdev, NULL, approxlen,
12062 rdev->cur_cmd_info->snd_portid,
12063 rdev->cur_cmd_info->snd_seq,
12064 cmd, attr, NULL, GFP_KERNEL);
12065 }
12066 EXPORT_SYMBOL(__cfg80211_alloc_reply_skb);
12067
12068 int cfg80211_vendor_cmd_reply(struct sk_buff *skb)
12069 {
12070 struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
12071 void *hdr = ((void **)skb->cb)[1];
12072 struct nlattr *data = ((void **)skb->cb)[2];
12073
12074 /* clear CB data for netlink core to own from now on */
12075 memset(skb->cb, 0, sizeof(skb->cb));
12076
12077 if (WARN_ON(!rdev->cur_cmd_info)) {
12078 kfree_skb(skb);
12079 return -EINVAL;
12080 }
12081
12082 nla_nest_end(skb, data);
12083 genlmsg_end(skb, hdr);
12084 return genlmsg_reply(skb, rdev->cur_cmd_info);
12085 }
12086 EXPORT_SYMBOL_GPL(cfg80211_vendor_cmd_reply);
12087
12088 static int nl80211_set_qos_map(struct sk_buff *skb,
12089 struct genl_info *info)
12090 {
12091 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12092 struct cfg80211_qos_map *qos_map = NULL;
12093 struct net_device *dev = info->user_ptr[1];
12094 u8 *pos, len, num_des, des_len, des;
12095 int ret;
12096
12097 if (!rdev->ops->set_qos_map)
12098 return -EOPNOTSUPP;
12099
12100 if (info->attrs[NL80211_ATTR_QOS_MAP]) {
12101 pos = nla_data(info->attrs[NL80211_ATTR_QOS_MAP]);
12102 len = nla_len(info->attrs[NL80211_ATTR_QOS_MAP]);
12103
12104 if (len % 2 || len < IEEE80211_QOS_MAP_LEN_MIN ||
12105 len > IEEE80211_QOS_MAP_LEN_MAX)
12106 return -EINVAL;
12107
12108 qos_map = kzalloc(sizeof(struct cfg80211_qos_map), GFP_KERNEL);
12109 if (!qos_map)
12110 return -ENOMEM;
12111
12112 num_des = (len - IEEE80211_QOS_MAP_LEN_MIN) >> 1;
12113 if (num_des) {
12114 des_len = num_des *
12115 sizeof(struct cfg80211_dscp_exception);
12116 memcpy(qos_map->dscp_exception, pos, des_len);
12117 qos_map->num_des = num_des;
12118 for (des = 0; des < num_des; des++) {
12119 if (qos_map->dscp_exception[des].up > 7) {
12120 kfree(qos_map);
12121 return -EINVAL;
12122 }
12123 }
12124 pos += des_len;
12125 }
12126 memcpy(qos_map->up, pos, IEEE80211_QOS_MAP_LEN_MIN);
12127 }
12128
12129 wdev_lock(dev->ieee80211_ptr);
12130 ret = nl80211_key_allowed(dev->ieee80211_ptr);
12131 if (!ret)
12132 ret = rdev_set_qos_map(rdev, dev, qos_map);
12133 wdev_unlock(dev->ieee80211_ptr);
12134
12135 kfree(qos_map);
12136 return ret;
12137 }
12138
12139 static int nl80211_add_tx_ts(struct sk_buff *skb, struct genl_info *info)
12140 {
12141 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12142 struct net_device *dev = info->user_ptr[1];
12143 struct wireless_dev *wdev = dev->ieee80211_ptr;
12144 const u8 *peer;
12145 u8 tsid, up;
12146 u16 admitted_time = 0;
12147 int err;
12148
12149 if (!(rdev->wiphy.features & NL80211_FEATURE_SUPPORTS_WMM_ADMISSION))
12150 return -EOPNOTSUPP;
12151
12152 if (!info->attrs[NL80211_ATTR_TSID] || !info->attrs[NL80211_ATTR_MAC] ||
12153 !info->attrs[NL80211_ATTR_USER_PRIO])
12154 return -EINVAL;
12155
12156 tsid = nla_get_u8(info->attrs[NL80211_ATTR_TSID]);
12157 if (tsid >= IEEE80211_NUM_TIDS)
12158 return -EINVAL;
12159
12160 up = nla_get_u8(info->attrs[NL80211_ATTR_USER_PRIO]);
12161 if (up >= IEEE80211_NUM_UPS)
12162 return -EINVAL;
12163
12164 /* WMM uses TIDs 0-7 even for TSPEC */
12165 if (tsid >= IEEE80211_FIRST_TSPEC_TSID) {
12166 /* TODO: handle 802.11 TSPEC/admission control
12167 * need more attributes for that (e.g. BA session requirement);
12168 * change the WMM adminssion test above to allow both then
12169 */
12170 return -EINVAL;
12171 }
12172
12173 peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
12174
12175 if (info->attrs[NL80211_ATTR_ADMITTED_TIME]) {
12176 admitted_time =
12177 nla_get_u16(info->attrs[NL80211_ATTR_ADMITTED_TIME]);
12178 if (!admitted_time)
12179 return -EINVAL;
12180 }
12181
12182 wdev_lock(wdev);
12183 switch (wdev->iftype) {
12184 case NL80211_IFTYPE_STATION:
12185 case NL80211_IFTYPE_P2P_CLIENT:
12186 if (wdev->current_bss)
12187 break;
12188 err = -ENOTCONN;
12189 goto out;
12190 default:
12191 err = -EOPNOTSUPP;
12192 goto out;
12193 }
12194
12195 err = rdev_add_tx_ts(rdev, dev, tsid, peer, up, admitted_time);
12196
12197 out:
12198 wdev_unlock(wdev);
12199 return err;
12200 }
12201
12202 static int nl80211_del_tx_ts(struct sk_buff *skb, struct genl_info *info)
12203 {
12204 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12205 struct net_device *dev = info->user_ptr[1];
12206 struct wireless_dev *wdev = dev->ieee80211_ptr;
12207 const u8 *peer;
12208 u8 tsid;
12209 int err;
12210
12211 if (!info->attrs[NL80211_ATTR_TSID] || !info->attrs[NL80211_ATTR_MAC])
12212 return -EINVAL;
12213
12214 tsid = nla_get_u8(info->attrs[NL80211_ATTR_TSID]);
12215 peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
12216
12217 wdev_lock(wdev);
12218 err = rdev_del_tx_ts(rdev, dev, tsid, peer);
12219 wdev_unlock(wdev);
12220
12221 return err;
12222 }
12223
12224 static int nl80211_tdls_channel_switch(struct sk_buff *skb,
12225 struct genl_info *info)
12226 {
12227 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12228 struct net_device *dev = info->user_ptr[1];
12229 struct wireless_dev *wdev = dev->ieee80211_ptr;
12230 struct cfg80211_chan_def chandef = {};
12231 const u8 *addr;
12232 u8 oper_class;
12233 int err;
12234
12235 if (!rdev->ops->tdls_channel_switch ||
12236 !(rdev->wiphy.features & NL80211_FEATURE_TDLS_CHANNEL_SWITCH))
12237 return -EOPNOTSUPP;
12238
12239 switch (dev->ieee80211_ptr->iftype) {
12240 case NL80211_IFTYPE_STATION:
12241 case NL80211_IFTYPE_P2P_CLIENT:
12242 break;
12243 default:
12244 return -EOPNOTSUPP;
12245 }
12246
12247 if (!info->attrs[NL80211_ATTR_MAC] ||
12248 !info->attrs[NL80211_ATTR_OPER_CLASS])
12249 return -EINVAL;
12250
12251 err = nl80211_parse_chandef(rdev, info, &chandef);
12252 if (err)
12253 return err;
12254
12255 /*
12256 * Don't allow wide channels on the 2.4Ghz band, as per IEEE802.11-2012
12257 * section 10.22.6.2.1. Disallow 5/10Mhz channels as well for now, the
12258 * specification is not defined for them.
12259 */
12260 if (chandef.chan->band == NL80211_BAND_2GHZ &&
12261 chandef.width != NL80211_CHAN_WIDTH_20_NOHT &&
12262 chandef.width != NL80211_CHAN_WIDTH_20)
12263 return -EINVAL;
12264
12265 /* we will be active on the TDLS link */
12266 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &chandef,
12267 wdev->iftype))
12268 return -EINVAL;
12269
12270 /* don't allow switching to DFS channels */
12271 if (cfg80211_chandef_dfs_required(wdev->wiphy, &chandef, wdev->iftype))
12272 return -EINVAL;
12273
12274 addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
12275 oper_class = nla_get_u8(info->attrs[NL80211_ATTR_OPER_CLASS]);
12276
12277 wdev_lock(wdev);
12278 err = rdev_tdls_channel_switch(rdev, dev, addr, oper_class, &chandef);
12279 wdev_unlock(wdev);
12280
12281 return err;
12282 }
12283
12284 static int nl80211_tdls_cancel_channel_switch(struct sk_buff *skb,
12285 struct genl_info *info)
12286 {
12287 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12288 struct net_device *dev = info->user_ptr[1];
12289 struct wireless_dev *wdev = dev->ieee80211_ptr;
12290 const u8 *addr;
12291
12292 if (!rdev->ops->tdls_channel_switch ||
12293 !rdev->ops->tdls_cancel_channel_switch ||
12294 !(rdev->wiphy.features & NL80211_FEATURE_TDLS_CHANNEL_SWITCH))
12295 return -EOPNOTSUPP;
12296
12297 switch (dev->ieee80211_ptr->iftype) {
12298 case NL80211_IFTYPE_STATION:
12299 case NL80211_IFTYPE_P2P_CLIENT:
12300 break;
12301 default:
12302 return -EOPNOTSUPP;
12303 }
12304
12305 if (!info->attrs[NL80211_ATTR_MAC])
12306 return -EINVAL;
12307
12308 addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
12309
12310 wdev_lock(wdev);
12311 rdev_tdls_cancel_channel_switch(rdev, dev, addr);
12312 wdev_unlock(wdev);
12313
12314 return 0;
12315 }
12316
12317 static int nl80211_set_multicast_to_unicast(struct sk_buff *skb,
12318 struct genl_info *info)
12319 {
12320 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12321 struct net_device *dev = info->user_ptr[1];
12322 struct wireless_dev *wdev = dev->ieee80211_ptr;
12323 const struct nlattr *nla;
12324 bool enabled;
12325
12326 if (!rdev->ops->set_multicast_to_unicast)
12327 return -EOPNOTSUPP;
12328
12329 if (wdev->iftype != NL80211_IFTYPE_AP &&
12330 wdev->iftype != NL80211_IFTYPE_P2P_GO)
12331 return -EOPNOTSUPP;
12332
12333 nla = info->attrs[NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED];
12334 enabled = nla_get_flag(nla);
12335
12336 return rdev_set_multicast_to_unicast(rdev, dev, enabled);
12337 }
12338
12339 static int nl80211_set_pmk(struct sk_buff *skb, struct genl_info *info)
12340 {
12341 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12342 struct net_device *dev = info->user_ptr[1];
12343 struct wireless_dev *wdev = dev->ieee80211_ptr;
12344 struct cfg80211_pmk_conf pmk_conf = {};
12345 int ret;
12346
12347 if (wdev->iftype != NL80211_IFTYPE_STATION &&
12348 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
12349 return -EOPNOTSUPP;
12350
12351 if (!wiphy_ext_feature_isset(&rdev->wiphy,
12352 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
12353 return -EOPNOTSUPP;
12354
12355 if (!info->attrs[NL80211_ATTR_MAC] || !info->attrs[NL80211_ATTR_PMK])
12356 return -EINVAL;
12357
12358 wdev_lock(wdev);
12359 if (!wdev->current_bss) {
12360 ret = -ENOTCONN;
12361 goto out;
12362 }
12363
12364 pmk_conf.aa = nla_data(info->attrs[NL80211_ATTR_MAC]);
12365 if (memcmp(pmk_conf.aa, wdev->current_bss->pub.bssid, ETH_ALEN)) {
12366 ret = -EINVAL;
12367 goto out;
12368 }
12369
12370 pmk_conf.pmk = nla_data(info->attrs[NL80211_ATTR_PMK]);
12371 pmk_conf.pmk_len = nla_len(info->attrs[NL80211_ATTR_PMK]);
12372 if (pmk_conf.pmk_len != WLAN_PMK_LEN &&
12373 pmk_conf.pmk_len != WLAN_PMK_LEN_SUITE_B_192) {
12374 ret = -EINVAL;
12375 goto out;
12376 }
12377
12378 if (info->attrs[NL80211_ATTR_PMKR0_NAME]) {
12379 int r0_name_len = nla_len(info->attrs[NL80211_ATTR_PMKR0_NAME]);
12380
12381 if (r0_name_len != WLAN_PMK_NAME_LEN) {
12382 ret = -EINVAL;
12383 goto out;
12384 }
12385
12386 pmk_conf.pmk_r0_name =
12387 nla_data(info->attrs[NL80211_ATTR_PMKR0_NAME]);
12388 }
12389
12390 ret = rdev_set_pmk(rdev, dev, &pmk_conf);
12391 out:
12392 wdev_unlock(wdev);
12393 return ret;
12394 }
12395
12396 static int nl80211_del_pmk(struct sk_buff *skb, struct genl_info *info)
12397 {
12398 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12399 struct net_device *dev = info->user_ptr[1];
12400 struct wireless_dev *wdev = dev->ieee80211_ptr;
12401 const u8 *aa;
12402 int ret;
12403
12404 if (wdev->iftype != NL80211_IFTYPE_STATION &&
12405 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
12406 return -EOPNOTSUPP;
12407
12408 if (!wiphy_ext_feature_isset(&rdev->wiphy,
12409 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
12410 return -EOPNOTSUPP;
12411
12412 if (!info->attrs[NL80211_ATTR_MAC])
12413 return -EINVAL;
12414
12415 wdev_lock(wdev);
12416 aa = nla_data(info->attrs[NL80211_ATTR_MAC]);
12417 ret = rdev_del_pmk(rdev, dev, aa);
12418 wdev_unlock(wdev);
12419
12420 return ret;
12421 }
12422
12423 #ifdef CONFIG_CFG80211_SLSI_SAE
12424 static int nl80211_external_auth(struct sk_buff *skb, struct genl_info *info)
12425 {
12426 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12427 struct net_device *dev = info->user_ptr[1];
12428 struct cfg80211_external_auth_params params;
12429
12430 if (!rdev->ops->external_auth)
12431 return -EOPNOTSUPP;
12432
12433 if (!info->attrs[NL80211_ATTR_SSID])
12434 return -EINVAL;
12435
12436 if (!info->attrs[NL80211_ATTR_BSSID])
12437 return -EINVAL;
12438
12439 if (!info->attrs[NL80211_ATTR_STATUS_CODE])
12440 return -EINVAL;
12441
12442 memset(&params, 0, sizeof(params));
12443
12444 params.ssid.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
12445 if (params.ssid.ssid_len == 0 ||
12446 params.ssid.ssid_len > IEEE80211_MAX_SSID_LEN)
12447 return -EINVAL;
12448 memcpy(params.ssid.ssid, nla_data(info->attrs[NL80211_ATTR_SSID]),
12449 params.ssid.ssid_len);
12450
12451 memcpy(params.bssid, nla_data(info->attrs[NL80211_ATTR_BSSID]),
12452 ETH_ALEN);
12453
12454 params.status = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
12455
12456 return rdev_external_auth(rdev, dev, &params);
12457 }
12458 #endif
12459
12460 #define NL80211_FLAG_NEED_WIPHY 0x01
12461 #define NL80211_FLAG_NEED_NETDEV 0x02
12462 #define NL80211_FLAG_NEED_RTNL 0x04
12463 #define NL80211_FLAG_CHECK_NETDEV_UP 0x08
12464 #define NL80211_FLAG_NEED_NETDEV_UP (NL80211_FLAG_NEED_NETDEV |\
12465 NL80211_FLAG_CHECK_NETDEV_UP)
12466 #define NL80211_FLAG_NEED_WDEV 0x10
12467 /* If a netdev is associated, it must be UP, P2P must be started */
12468 #define NL80211_FLAG_NEED_WDEV_UP (NL80211_FLAG_NEED_WDEV |\
12469 NL80211_FLAG_CHECK_NETDEV_UP)
12470 #define NL80211_FLAG_CLEAR_SKB 0x20
12471
12472 static int nl80211_pre_doit(const struct genl_ops *ops, struct sk_buff *skb,
12473 struct genl_info *info)
12474 {
12475 struct cfg80211_registered_device *rdev;
12476 struct wireless_dev *wdev;
12477 struct net_device *dev;
12478 bool rtnl = ops->internal_flags & NL80211_FLAG_NEED_RTNL;
12479
12480 if (rtnl)
12481 rtnl_lock();
12482
12483 if (ops->internal_flags & NL80211_FLAG_NEED_WIPHY) {
12484 rdev = cfg80211_get_dev_from_info(genl_info_net(info), info);
12485 if (IS_ERR(rdev)) {
12486 if (rtnl)
12487 rtnl_unlock();
12488 return PTR_ERR(rdev);
12489 }
12490 info->user_ptr[0] = rdev;
12491 } else if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV ||
12492 ops->internal_flags & NL80211_FLAG_NEED_WDEV) {
12493 ASSERT_RTNL();
12494
12495 wdev = __cfg80211_wdev_from_attrs(genl_info_net(info),
12496 info->attrs);
12497 if (IS_ERR(wdev)) {
12498 if (rtnl)
12499 rtnl_unlock();
12500 return PTR_ERR(wdev);
12501 }
12502
12503 dev = wdev->netdev;
12504 rdev = wiphy_to_rdev(wdev->wiphy);
12505
12506 if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV) {
12507 if (!dev) {
12508 if (rtnl)
12509 rtnl_unlock();
12510 return -EINVAL;
12511 }
12512
12513 info->user_ptr[1] = dev;
12514 } else {
12515 info->user_ptr[1] = wdev;
12516 }
12517
12518 if (ops->internal_flags & NL80211_FLAG_CHECK_NETDEV_UP &&
12519 !wdev_running(wdev)) {
12520 if (rtnl)
12521 rtnl_unlock();
12522 return -ENETDOWN;
12523 }
12524
12525 if (dev)
12526 dev_hold(dev);
12527
12528 info->user_ptr[0] = rdev;
12529 }
12530
12531 return 0;
12532 }
12533
12534 static void nl80211_post_doit(const struct genl_ops *ops, struct sk_buff *skb,
12535 struct genl_info *info)
12536 {
12537 if (info->user_ptr[1]) {
12538 if (ops->internal_flags & NL80211_FLAG_NEED_WDEV) {
12539 struct wireless_dev *wdev = info->user_ptr[1];
12540
12541 if (wdev->netdev)
12542 dev_put(wdev->netdev);
12543 } else {
12544 dev_put(info->user_ptr[1]);
12545 }
12546 }
12547
12548 if (ops->internal_flags & NL80211_FLAG_NEED_RTNL)
12549 rtnl_unlock();
12550
12551 /* If needed, clear the netlink message payload from the SKB
12552 * as it might contain key data that shouldn't stick around on
12553 * the heap after the SKB is freed. The netlink message header
12554 * is still needed for further processing, so leave it intact.
12555 */
12556 if (ops->internal_flags & NL80211_FLAG_CLEAR_SKB) {
12557 struct nlmsghdr *nlh = nlmsg_hdr(skb);
12558
12559 memset(nlmsg_data(nlh), 0, nlmsg_len(nlh));
12560 }
12561 }
12562
12563 static const struct genl_ops nl80211_ops[] = {
12564 {
12565 .cmd = NL80211_CMD_GET_WIPHY,
12566 .doit = nl80211_get_wiphy,
12567 .dumpit = nl80211_dump_wiphy,
12568 .done = nl80211_dump_wiphy_done,
12569 .policy = nl80211_policy,
12570 /* can be retrieved by unprivileged users */
12571 .internal_flags = NL80211_FLAG_NEED_WIPHY |
12572 NL80211_FLAG_NEED_RTNL,
12573 },
12574 {
12575 .cmd = NL80211_CMD_SET_WIPHY,
12576 .doit = nl80211_set_wiphy,
12577 .policy = nl80211_policy,
12578 .flags = GENL_UNS_ADMIN_PERM,
12579 .internal_flags = NL80211_FLAG_NEED_RTNL,
12580 },
12581 {
12582 .cmd = NL80211_CMD_GET_INTERFACE,
12583 .doit = nl80211_get_interface,
12584 .dumpit = nl80211_dump_interface,
12585 .policy = nl80211_policy,
12586 /* can be retrieved by unprivileged users */
12587 .internal_flags = NL80211_FLAG_NEED_WDEV |
12588 NL80211_FLAG_NEED_RTNL,
12589 },
12590 {
12591 .cmd = NL80211_CMD_SET_INTERFACE,
12592 .doit = nl80211_set_interface,
12593 .policy = nl80211_policy,
12594 .flags = GENL_UNS_ADMIN_PERM,
12595 .internal_flags = NL80211_FLAG_NEED_NETDEV |
12596 NL80211_FLAG_NEED_RTNL,
12597 },
12598 {
12599 .cmd = NL80211_CMD_NEW_INTERFACE,
12600 .doit = nl80211_new_interface,
12601 .policy = nl80211_policy,
12602 .flags = GENL_UNS_ADMIN_PERM,
12603 .internal_flags = NL80211_FLAG_NEED_WIPHY |
12604 NL80211_FLAG_NEED_RTNL,
12605 },
12606 {
12607 .cmd = NL80211_CMD_DEL_INTERFACE,
12608 .doit = nl80211_del_interface,
12609 .policy = nl80211_policy,
12610 .flags = GENL_UNS_ADMIN_PERM,
12611 .internal_flags = NL80211_FLAG_NEED_WDEV |
12612 NL80211_FLAG_NEED_RTNL,
12613 },
12614 {
12615 .cmd = NL80211_CMD_GET_KEY,
12616 .doit = nl80211_get_key,
12617 .policy = nl80211_policy,
12618 .flags = GENL_UNS_ADMIN_PERM,
12619 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12620 NL80211_FLAG_NEED_RTNL,
12621 },
12622 {
12623 .cmd = NL80211_CMD_SET_KEY,
12624 .doit = nl80211_set_key,
12625 .policy = nl80211_policy,
12626 .flags = GENL_UNS_ADMIN_PERM,
12627 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12628 NL80211_FLAG_NEED_RTNL |
12629 NL80211_FLAG_CLEAR_SKB,
12630 },
12631 {
12632 .cmd = NL80211_CMD_NEW_KEY,
12633 .doit = nl80211_new_key,
12634 .policy = nl80211_policy,
12635 .flags = GENL_UNS_ADMIN_PERM,
12636 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12637 NL80211_FLAG_NEED_RTNL |
12638 NL80211_FLAG_CLEAR_SKB,
12639 },
12640 {
12641 .cmd = NL80211_CMD_DEL_KEY,
12642 .doit = nl80211_del_key,
12643 .policy = nl80211_policy,
12644 .flags = GENL_UNS_ADMIN_PERM,
12645 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12646 NL80211_FLAG_NEED_RTNL,
12647 },
12648 {
12649 .cmd = NL80211_CMD_SET_BEACON,
12650 .policy = nl80211_policy,
12651 .flags = GENL_UNS_ADMIN_PERM,
12652 .doit = nl80211_set_beacon,
12653 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12654 NL80211_FLAG_NEED_RTNL,
12655 },
12656 {
12657 .cmd = NL80211_CMD_START_AP,
12658 .policy = nl80211_policy,
12659 .flags = GENL_UNS_ADMIN_PERM,
12660 .doit = nl80211_start_ap,
12661 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12662 NL80211_FLAG_NEED_RTNL,
12663 },
12664 {
12665 .cmd = NL80211_CMD_STOP_AP,
12666 .policy = nl80211_policy,
12667 .flags = GENL_UNS_ADMIN_PERM,
12668 .doit = nl80211_stop_ap,
12669 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12670 NL80211_FLAG_NEED_RTNL,
12671 },
12672 {
12673 .cmd = NL80211_CMD_GET_STATION,
12674 .doit = nl80211_get_station,
12675 .dumpit = nl80211_dump_station,
12676 .policy = nl80211_policy,
12677 .internal_flags = NL80211_FLAG_NEED_NETDEV |
12678 NL80211_FLAG_NEED_RTNL,
12679 },
12680 {
12681 .cmd = NL80211_CMD_SET_STATION,
12682 .doit = nl80211_set_station,
12683 .policy = nl80211_policy,
12684 .flags = GENL_UNS_ADMIN_PERM,
12685 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12686 NL80211_FLAG_NEED_RTNL,
12687 },
12688 {
12689 .cmd = NL80211_CMD_NEW_STATION,
12690 .doit = nl80211_new_station,
12691 .policy = nl80211_policy,
12692 .flags = GENL_UNS_ADMIN_PERM,
12693 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12694 NL80211_FLAG_NEED_RTNL,
12695 },
12696 {
12697 .cmd = NL80211_CMD_DEL_STATION,
12698 .doit = nl80211_del_station,
12699 .policy = nl80211_policy,
12700 .flags = GENL_UNS_ADMIN_PERM,
12701 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12702 NL80211_FLAG_NEED_RTNL,
12703 },
12704 {
12705 .cmd = NL80211_CMD_GET_MPATH,
12706 .doit = nl80211_get_mpath,
12707 .dumpit = nl80211_dump_mpath,
12708 .policy = nl80211_policy,
12709 .flags = GENL_UNS_ADMIN_PERM,
12710 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12711 NL80211_FLAG_NEED_RTNL,
12712 },
12713 {
12714 .cmd = NL80211_CMD_GET_MPP,
12715 .doit = nl80211_get_mpp,
12716 .dumpit = nl80211_dump_mpp,
12717 .policy = nl80211_policy,
12718 .flags = GENL_UNS_ADMIN_PERM,
12719 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12720 NL80211_FLAG_NEED_RTNL,
12721 },
12722 {
12723 .cmd = NL80211_CMD_SET_MPATH,
12724 .doit = nl80211_set_mpath,
12725 .policy = nl80211_policy,
12726 .flags = GENL_UNS_ADMIN_PERM,
12727 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12728 NL80211_FLAG_NEED_RTNL,
12729 },
12730 {
12731 .cmd = NL80211_CMD_NEW_MPATH,
12732 .doit = nl80211_new_mpath,
12733 .policy = nl80211_policy,
12734 .flags = GENL_UNS_ADMIN_PERM,
12735 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12736 NL80211_FLAG_NEED_RTNL,
12737 },
12738 {
12739 .cmd = NL80211_CMD_DEL_MPATH,
12740 .doit = nl80211_del_mpath,
12741 .policy = nl80211_policy,
12742 .flags = GENL_UNS_ADMIN_PERM,
12743 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12744 NL80211_FLAG_NEED_RTNL,
12745 },
12746 {
12747 .cmd = NL80211_CMD_SET_BSS,
12748 .doit = nl80211_set_bss,
12749 .policy = nl80211_policy,
12750 .flags = GENL_UNS_ADMIN_PERM,
12751 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12752 NL80211_FLAG_NEED_RTNL,
12753 },
12754 {
12755 .cmd = NL80211_CMD_GET_REG,
12756 .doit = nl80211_get_reg_do,
12757 .dumpit = nl80211_get_reg_dump,
12758 .policy = nl80211_policy,
12759 .internal_flags = NL80211_FLAG_NEED_RTNL,
12760 /* can be retrieved by unprivileged users */
12761 },
12762 #ifdef CONFIG_CFG80211_CRDA_SUPPORT
12763 {
12764 .cmd = NL80211_CMD_SET_REG,
12765 .doit = nl80211_set_reg,
12766 .policy = nl80211_policy,
12767 .flags = GENL_ADMIN_PERM,
12768 .internal_flags = NL80211_FLAG_NEED_RTNL,
12769 },
12770 #endif
12771 {
12772 .cmd = NL80211_CMD_REQ_SET_REG,
12773 .doit = nl80211_req_set_reg,
12774 .policy = nl80211_policy,
12775 .flags = GENL_ADMIN_PERM,
12776 },
12777 {
12778 .cmd = NL80211_CMD_GET_MESH_CONFIG,
12779 .doit = nl80211_get_mesh_config,
12780 .policy = nl80211_policy,
12781 /* can be retrieved by unprivileged users */
12782 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12783 NL80211_FLAG_NEED_RTNL,
12784 },
12785 {
12786 .cmd = NL80211_CMD_SET_MESH_CONFIG,
12787 .doit = nl80211_update_mesh_config,
12788 .policy = nl80211_policy,
12789 .flags = GENL_UNS_ADMIN_PERM,
12790 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12791 NL80211_FLAG_NEED_RTNL,
12792 },
12793 {
12794 .cmd = NL80211_CMD_TRIGGER_SCAN,
12795 .doit = nl80211_trigger_scan,
12796 .policy = nl80211_policy,
12797 .flags = GENL_UNS_ADMIN_PERM,
12798 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
12799 NL80211_FLAG_NEED_RTNL,
12800 },
12801 {
12802 .cmd = NL80211_CMD_ABORT_SCAN,
12803 .doit = nl80211_abort_scan,
12804 .policy = nl80211_policy,
12805 .flags = GENL_UNS_ADMIN_PERM,
12806 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
12807 NL80211_FLAG_NEED_RTNL,
12808 },
12809 {
12810 .cmd = NL80211_CMD_GET_SCAN,
12811 .policy = nl80211_policy,
12812 .dumpit = nl80211_dump_scan,
12813 },
12814 {
12815 .cmd = NL80211_CMD_START_SCHED_SCAN,
12816 .doit = nl80211_start_sched_scan,
12817 .policy = nl80211_policy,
12818 .flags = GENL_UNS_ADMIN_PERM,
12819 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12820 NL80211_FLAG_NEED_RTNL,
12821 },
12822 {
12823 .cmd = NL80211_CMD_STOP_SCHED_SCAN,
12824 .doit = nl80211_stop_sched_scan,
12825 .policy = nl80211_policy,
12826 .flags = GENL_UNS_ADMIN_PERM,
12827 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12828 NL80211_FLAG_NEED_RTNL,
12829 },
12830 {
12831 .cmd = NL80211_CMD_AUTHENTICATE,
12832 .doit = nl80211_authenticate,
12833 .policy = nl80211_policy,
12834 .flags = GENL_UNS_ADMIN_PERM,
12835 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12836 NL80211_FLAG_NEED_RTNL |
12837 NL80211_FLAG_CLEAR_SKB,
12838 },
12839 {
12840 .cmd = NL80211_CMD_ASSOCIATE,
12841 .doit = nl80211_associate,
12842 .policy = nl80211_policy,
12843 .flags = GENL_UNS_ADMIN_PERM,
12844 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12845 NL80211_FLAG_NEED_RTNL,
12846 },
12847 {
12848 .cmd = NL80211_CMD_DEAUTHENTICATE,
12849 .doit = nl80211_deauthenticate,
12850 .policy = nl80211_policy,
12851 .flags = GENL_UNS_ADMIN_PERM,
12852 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12853 NL80211_FLAG_NEED_RTNL,
12854 },
12855 {
12856 .cmd = NL80211_CMD_DISASSOCIATE,
12857 .doit = nl80211_disassociate,
12858 .policy = nl80211_policy,
12859 .flags = GENL_UNS_ADMIN_PERM,
12860 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12861 NL80211_FLAG_NEED_RTNL,
12862 },
12863 {
12864 .cmd = NL80211_CMD_JOIN_IBSS,
12865 .doit = nl80211_join_ibss,
12866 .policy = nl80211_policy,
12867 .flags = GENL_UNS_ADMIN_PERM,
12868 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12869 NL80211_FLAG_NEED_RTNL,
12870 },
12871 {
12872 .cmd = NL80211_CMD_LEAVE_IBSS,
12873 .doit = nl80211_leave_ibss,
12874 .policy = nl80211_policy,
12875 .flags = GENL_UNS_ADMIN_PERM,
12876 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12877 NL80211_FLAG_NEED_RTNL,
12878 },
12879 #ifdef CONFIG_NL80211_TESTMODE
12880 {
12881 .cmd = NL80211_CMD_TESTMODE,
12882 .doit = nl80211_testmode_do,
12883 .dumpit = nl80211_testmode_dump,
12884 .policy = nl80211_policy,
12885 .flags = GENL_UNS_ADMIN_PERM,
12886 .internal_flags = NL80211_FLAG_NEED_WIPHY |
12887 NL80211_FLAG_NEED_RTNL,
12888 },
12889 #endif
12890 {
12891 .cmd = NL80211_CMD_CONNECT,
12892 .doit = nl80211_connect,
12893 .policy = nl80211_policy,
12894 .flags = GENL_UNS_ADMIN_PERM,
12895 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12896 NL80211_FLAG_NEED_RTNL,
12897 },
12898 {
12899 .cmd = NL80211_CMD_UPDATE_CONNECT_PARAMS,
12900 .doit = nl80211_update_connect_params,
12901 .policy = nl80211_policy,
12902 .flags = GENL_ADMIN_PERM,
12903 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12904 NL80211_FLAG_NEED_RTNL,
12905 },
12906 {
12907 .cmd = NL80211_CMD_DISCONNECT,
12908 .doit = nl80211_disconnect,
12909 .policy = nl80211_policy,
12910 .flags = GENL_UNS_ADMIN_PERM,
12911 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12912 NL80211_FLAG_NEED_RTNL,
12913 },
12914 {
12915 .cmd = NL80211_CMD_SET_WIPHY_NETNS,
12916 .doit = nl80211_wiphy_netns,
12917 .policy = nl80211_policy,
12918 .flags = GENL_UNS_ADMIN_PERM,
12919 .internal_flags = NL80211_FLAG_NEED_WIPHY |
12920 NL80211_FLAG_NEED_RTNL,
12921 },
12922 {
12923 .cmd = NL80211_CMD_GET_SURVEY,
12924 .policy = nl80211_policy,
12925 .dumpit = nl80211_dump_survey,
12926 },
12927 {
12928 .cmd = NL80211_CMD_SET_PMKSA,
12929 .doit = nl80211_setdel_pmksa,
12930 .policy = nl80211_policy,
12931 .flags = GENL_UNS_ADMIN_PERM,
12932 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12933 NL80211_FLAG_NEED_RTNL,
12934 },
12935 {
12936 .cmd = NL80211_CMD_DEL_PMKSA,
12937 .doit = nl80211_setdel_pmksa,
12938 .policy = nl80211_policy,
12939 .flags = GENL_UNS_ADMIN_PERM,
12940 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12941 NL80211_FLAG_NEED_RTNL,
12942 },
12943 {
12944 .cmd = NL80211_CMD_FLUSH_PMKSA,
12945 .doit = nl80211_flush_pmksa,
12946 .policy = nl80211_policy,
12947 .flags = GENL_UNS_ADMIN_PERM,
12948 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12949 NL80211_FLAG_NEED_RTNL,
12950 },
12951 {
12952 .cmd = NL80211_CMD_REMAIN_ON_CHANNEL,
12953 .doit = nl80211_remain_on_channel,
12954 .policy = nl80211_policy,
12955 .flags = GENL_UNS_ADMIN_PERM,
12956 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
12957 NL80211_FLAG_NEED_RTNL,
12958 },
12959 {
12960 .cmd = NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
12961 .doit = nl80211_cancel_remain_on_channel,
12962 .policy = nl80211_policy,
12963 .flags = GENL_UNS_ADMIN_PERM,
12964 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
12965 NL80211_FLAG_NEED_RTNL,
12966 },
12967 {
12968 .cmd = NL80211_CMD_SET_TX_BITRATE_MASK,
12969 .doit = nl80211_set_tx_bitrate_mask,
12970 .policy = nl80211_policy,
12971 .flags = GENL_UNS_ADMIN_PERM,
12972 .internal_flags = NL80211_FLAG_NEED_NETDEV |
12973 NL80211_FLAG_NEED_RTNL,
12974 },
12975 {
12976 .cmd = NL80211_CMD_REGISTER_FRAME,
12977 .doit = nl80211_register_mgmt,
12978 .policy = nl80211_policy,
12979 .flags = GENL_UNS_ADMIN_PERM,
12980 .internal_flags = NL80211_FLAG_NEED_WDEV |
12981 NL80211_FLAG_NEED_RTNL,
12982 },
12983 {
12984 .cmd = NL80211_CMD_FRAME,
12985 .doit = nl80211_tx_mgmt,
12986 .policy = nl80211_policy,
12987 .flags = GENL_UNS_ADMIN_PERM,
12988 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
12989 NL80211_FLAG_NEED_RTNL,
12990 },
12991 {
12992 .cmd = NL80211_CMD_FRAME_WAIT_CANCEL,
12993 .doit = nl80211_tx_mgmt_cancel_wait,
12994 .policy = nl80211_policy,
12995 .flags = GENL_UNS_ADMIN_PERM,
12996 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
12997 NL80211_FLAG_NEED_RTNL,
12998 },
12999 {
13000 .cmd = NL80211_CMD_SET_POWER_SAVE,
13001 .doit = nl80211_set_power_save,
13002 .policy = nl80211_policy,
13003 .flags = GENL_UNS_ADMIN_PERM,
13004 .internal_flags = NL80211_FLAG_NEED_NETDEV |
13005 NL80211_FLAG_NEED_RTNL,
13006 },
13007 {
13008 .cmd = NL80211_CMD_GET_POWER_SAVE,
13009 .doit = nl80211_get_power_save,
13010 .policy = nl80211_policy,
13011 /* can be retrieved by unprivileged users */
13012 .internal_flags = NL80211_FLAG_NEED_NETDEV |
13013 NL80211_FLAG_NEED_RTNL,
13014 },
13015 {
13016 .cmd = NL80211_CMD_SET_CQM,
13017 .doit = nl80211_set_cqm,
13018 .policy = nl80211_policy,
13019 .flags = GENL_UNS_ADMIN_PERM,
13020 .internal_flags = NL80211_FLAG_NEED_NETDEV |
13021 NL80211_FLAG_NEED_RTNL,
13022 },
13023 {
13024 .cmd = NL80211_CMD_SET_CHANNEL,
13025 .doit = nl80211_set_channel,
13026 .policy = nl80211_policy,
13027 .flags = GENL_UNS_ADMIN_PERM,
13028 .internal_flags = NL80211_FLAG_NEED_NETDEV |
13029 NL80211_FLAG_NEED_RTNL,
13030 },
13031 {
13032 .cmd = NL80211_CMD_SET_WDS_PEER,
13033 .doit = nl80211_set_wds_peer,
13034 .policy = nl80211_policy,
13035 .flags = GENL_UNS_ADMIN_PERM,
13036 .internal_flags = NL80211_FLAG_NEED_NETDEV |
13037 NL80211_FLAG_NEED_RTNL,
13038 },
13039 {
13040 .cmd = NL80211_CMD_JOIN_MESH,
13041 .doit = nl80211_join_mesh,
13042 .policy = nl80211_policy,
13043 .flags = GENL_UNS_ADMIN_PERM,
13044 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13045 NL80211_FLAG_NEED_RTNL,
13046 },
13047 {
13048 .cmd = NL80211_CMD_LEAVE_MESH,
13049 .doit = nl80211_leave_mesh,
13050 .policy = nl80211_policy,
13051 .flags = GENL_UNS_ADMIN_PERM,
13052 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13053 NL80211_FLAG_NEED_RTNL,
13054 },
13055 {
13056 .cmd = NL80211_CMD_JOIN_OCB,
13057 .doit = nl80211_join_ocb,
13058 .policy = nl80211_policy,
13059 .flags = GENL_UNS_ADMIN_PERM,
13060 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13061 NL80211_FLAG_NEED_RTNL,
13062 },
13063 {
13064 .cmd = NL80211_CMD_LEAVE_OCB,
13065 .doit = nl80211_leave_ocb,
13066 .policy = nl80211_policy,
13067 .flags = GENL_UNS_ADMIN_PERM,
13068 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13069 NL80211_FLAG_NEED_RTNL,
13070 },
13071 #ifdef CONFIG_PM
13072 {
13073 .cmd = NL80211_CMD_GET_WOWLAN,
13074 .doit = nl80211_get_wowlan,
13075 .policy = nl80211_policy,
13076 /* can be retrieved by unprivileged users */
13077 .internal_flags = NL80211_FLAG_NEED_WIPHY |
13078 NL80211_FLAG_NEED_RTNL,
13079 },
13080 {
13081 .cmd = NL80211_CMD_SET_WOWLAN,
13082 .doit = nl80211_set_wowlan,
13083 .policy = nl80211_policy,
13084 .flags = GENL_UNS_ADMIN_PERM,
13085 .internal_flags = NL80211_FLAG_NEED_WIPHY |
13086 NL80211_FLAG_NEED_RTNL,
13087 },
13088 #endif
13089 {
13090 .cmd = NL80211_CMD_SET_REKEY_OFFLOAD,
13091 .doit = nl80211_set_rekey_data,
13092 .policy = nl80211_policy,
13093 .flags = GENL_UNS_ADMIN_PERM,
13094 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13095 NL80211_FLAG_NEED_RTNL |
13096 NL80211_FLAG_CLEAR_SKB,
13097 },
13098 {
13099 .cmd = NL80211_CMD_TDLS_MGMT,
13100 .doit = nl80211_tdls_mgmt,
13101 .policy = nl80211_policy,
13102 .flags = GENL_UNS_ADMIN_PERM,
13103 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13104 NL80211_FLAG_NEED_RTNL,
13105 },
13106 {
13107 .cmd = NL80211_CMD_TDLS_OPER,
13108 .doit = nl80211_tdls_oper,
13109 .policy = nl80211_policy,
13110 .flags = GENL_UNS_ADMIN_PERM,
13111 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13112 NL80211_FLAG_NEED_RTNL,
13113 },
13114 {
13115 .cmd = NL80211_CMD_UNEXPECTED_FRAME,
13116 .doit = nl80211_register_unexpected_frame,
13117 .policy = nl80211_policy,
13118 .flags = GENL_UNS_ADMIN_PERM,
13119 .internal_flags = NL80211_FLAG_NEED_NETDEV |
13120 NL80211_FLAG_NEED_RTNL,
13121 },
13122 {
13123 .cmd = NL80211_CMD_PROBE_CLIENT,
13124 .doit = nl80211_probe_client,
13125 .policy = nl80211_policy,
13126 .flags = GENL_UNS_ADMIN_PERM,
13127 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13128 NL80211_FLAG_NEED_RTNL,
13129 },
13130 {
13131 .cmd = NL80211_CMD_REGISTER_BEACONS,
13132 .doit = nl80211_register_beacons,
13133 .policy = nl80211_policy,
13134 .flags = GENL_UNS_ADMIN_PERM,
13135 .internal_flags = NL80211_FLAG_NEED_WIPHY |
13136 NL80211_FLAG_NEED_RTNL,
13137 },
13138 {
13139 .cmd = NL80211_CMD_SET_NOACK_MAP,
13140 .doit = nl80211_set_noack_map,
13141 .policy = nl80211_policy,
13142 .flags = GENL_UNS_ADMIN_PERM,
13143 .internal_flags = NL80211_FLAG_NEED_NETDEV |
13144 NL80211_FLAG_NEED_RTNL,
13145 },
13146 {
13147 .cmd = NL80211_CMD_START_P2P_DEVICE,
13148 .doit = nl80211_start_p2p_device,
13149 .policy = nl80211_policy,
13150 .flags = GENL_UNS_ADMIN_PERM,
13151 .internal_flags = NL80211_FLAG_NEED_WDEV |
13152 NL80211_FLAG_NEED_RTNL,
13153 },
13154 {
13155 .cmd = NL80211_CMD_STOP_P2P_DEVICE,
13156 .doit = nl80211_stop_p2p_device,
13157 .policy = nl80211_policy,
13158 .flags = GENL_UNS_ADMIN_PERM,
13159 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
13160 NL80211_FLAG_NEED_RTNL,
13161 },
13162 {
13163 .cmd = NL80211_CMD_START_NAN,
13164 .doit = nl80211_start_nan,
13165 .policy = nl80211_policy,
13166 .flags = GENL_ADMIN_PERM,
13167 .internal_flags = NL80211_FLAG_NEED_WDEV |
13168 NL80211_FLAG_NEED_RTNL,
13169 },
13170 {
13171 .cmd = NL80211_CMD_STOP_NAN,
13172 .doit = nl80211_stop_nan,
13173 .policy = nl80211_policy,
13174 .flags = GENL_ADMIN_PERM,
13175 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
13176 NL80211_FLAG_NEED_RTNL,
13177 },
13178 {
13179 .cmd = NL80211_CMD_ADD_NAN_FUNCTION,
13180 .doit = nl80211_nan_add_func,
13181 .policy = nl80211_policy,
13182 .flags = GENL_ADMIN_PERM,
13183 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
13184 NL80211_FLAG_NEED_RTNL,
13185 },
13186 {
13187 .cmd = NL80211_CMD_DEL_NAN_FUNCTION,
13188 .doit = nl80211_nan_del_func,
13189 .policy = nl80211_policy,
13190 .flags = GENL_ADMIN_PERM,
13191 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
13192 NL80211_FLAG_NEED_RTNL,
13193 },
13194 {
13195 .cmd = NL80211_CMD_CHANGE_NAN_CONFIG,
13196 .doit = nl80211_nan_change_config,
13197 .policy = nl80211_policy,
13198 .flags = GENL_ADMIN_PERM,
13199 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
13200 NL80211_FLAG_NEED_RTNL,
13201 },
13202 {
13203 .cmd = NL80211_CMD_SET_MCAST_RATE,
13204 .doit = nl80211_set_mcast_rate,
13205 .policy = nl80211_policy,
13206 .flags = GENL_UNS_ADMIN_PERM,
13207 .internal_flags = NL80211_FLAG_NEED_NETDEV |
13208 NL80211_FLAG_NEED_RTNL,
13209 },
13210 {
13211 .cmd = NL80211_CMD_SET_MAC_ACL,
13212 .doit = nl80211_set_mac_acl,
13213 .policy = nl80211_policy,
13214 .flags = GENL_UNS_ADMIN_PERM,
13215 .internal_flags = NL80211_FLAG_NEED_NETDEV |
13216 NL80211_FLAG_NEED_RTNL,
13217 },
13218 {
13219 .cmd = NL80211_CMD_RADAR_DETECT,
13220 .doit = nl80211_start_radar_detection,
13221 .policy = nl80211_policy,
13222 .flags = GENL_UNS_ADMIN_PERM,
13223 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13224 NL80211_FLAG_NEED_RTNL,
13225 },
13226 {
13227 .cmd = NL80211_CMD_GET_PROTOCOL_FEATURES,
13228 .doit = nl80211_get_protocol_features,
13229 .policy = nl80211_policy,
13230 },
13231 {
13232 .cmd = NL80211_CMD_UPDATE_FT_IES,
13233 .doit = nl80211_update_ft_ies,
13234 .policy = nl80211_policy,
13235 .flags = GENL_UNS_ADMIN_PERM,
13236 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13237 NL80211_FLAG_NEED_RTNL,
13238 },
13239 {
13240 .cmd = NL80211_CMD_CRIT_PROTOCOL_START,
13241 .doit = nl80211_crit_protocol_start,
13242 .policy = nl80211_policy,
13243 .flags = GENL_UNS_ADMIN_PERM,
13244 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
13245 NL80211_FLAG_NEED_RTNL,
13246 },
13247 {
13248 .cmd = NL80211_CMD_CRIT_PROTOCOL_STOP,
13249 .doit = nl80211_crit_protocol_stop,
13250 .policy = nl80211_policy,
13251 .flags = GENL_UNS_ADMIN_PERM,
13252 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
13253 NL80211_FLAG_NEED_RTNL,
13254 },
13255 {
13256 .cmd = NL80211_CMD_GET_COALESCE,
13257 .doit = nl80211_get_coalesce,
13258 .policy = nl80211_policy,
13259 .internal_flags = NL80211_FLAG_NEED_WIPHY |
13260 NL80211_FLAG_NEED_RTNL,
13261 },
13262 {
13263 .cmd = NL80211_CMD_SET_COALESCE,
13264 .doit = nl80211_set_coalesce,
13265 .policy = nl80211_policy,
13266 .flags = GENL_UNS_ADMIN_PERM,
13267 .internal_flags = NL80211_FLAG_NEED_WIPHY |
13268 NL80211_FLAG_NEED_RTNL,
13269 },
13270 {
13271 .cmd = NL80211_CMD_CHANNEL_SWITCH,
13272 .doit = nl80211_channel_switch,
13273 .policy = nl80211_policy,
13274 .flags = GENL_UNS_ADMIN_PERM,
13275 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13276 NL80211_FLAG_NEED_RTNL,
13277 },
13278 {
13279 .cmd = NL80211_CMD_VENDOR,
13280 .doit = nl80211_vendor_cmd,
13281 .dumpit = nl80211_vendor_cmd_dump,
13282 .policy = nl80211_policy,
13283 .flags = GENL_UNS_ADMIN_PERM,
13284 .internal_flags = NL80211_FLAG_NEED_WIPHY |
13285 NL80211_FLAG_NEED_RTNL,
13286 },
13287 {
13288 .cmd = NL80211_CMD_SET_QOS_MAP,
13289 .doit = nl80211_set_qos_map,
13290 .policy = nl80211_policy,
13291 .flags = GENL_UNS_ADMIN_PERM,
13292 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13293 NL80211_FLAG_NEED_RTNL,
13294 },
13295 {
13296 .cmd = NL80211_CMD_ADD_TX_TS,
13297 .doit = nl80211_add_tx_ts,
13298 .policy = nl80211_policy,
13299 .flags = GENL_UNS_ADMIN_PERM,
13300 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13301 NL80211_FLAG_NEED_RTNL,
13302 },
13303 {
13304 .cmd = NL80211_CMD_DEL_TX_TS,
13305 .doit = nl80211_del_tx_ts,
13306 .policy = nl80211_policy,
13307 .flags = GENL_UNS_ADMIN_PERM,
13308 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13309 NL80211_FLAG_NEED_RTNL,
13310 },
13311 {
13312 .cmd = NL80211_CMD_TDLS_CHANNEL_SWITCH,
13313 .doit = nl80211_tdls_channel_switch,
13314 .policy = nl80211_policy,
13315 .flags = GENL_UNS_ADMIN_PERM,
13316 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13317 NL80211_FLAG_NEED_RTNL,
13318 },
13319 {
13320 .cmd = NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH,
13321 .doit = nl80211_tdls_cancel_channel_switch,
13322 .policy = nl80211_policy,
13323 .flags = GENL_UNS_ADMIN_PERM,
13324 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13325 NL80211_FLAG_NEED_RTNL,
13326 },
13327 {
13328 .cmd = NL80211_CMD_SET_MULTICAST_TO_UNICAST,
13329 .doit = nl80211_set_multicast_to_unicast,
13330 .policy = nl80211_policy,
13331 .flags = GENL_UNS_ADMIN_PERM,
13332 .internal_flags = NL80211_FLAG_NEED_NETDEV |
13333 NL80211_FLAG_NEED_RTNL,
13334 },
13335 {
13336 .cmd = NL80211_CMD_SET_PMK,
13337 .doit = nl80211_set_pmk,
13338 .policy = nl80211_policy,
13339 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13340 NL80211_FLAG_NEED_RTNL,
13341 },
13342 {
13343 .cmd = NL80211_CMD_DEL_PMK,
13344 .doit = nl80211_del_pmk,
13345 .policy = nl80211_policy,
13346 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13347 NL80211_FLAG_NEED_RTNL,
13348 },
13349 #ifdef CONFIG_CFG80211_SLSI_SAE
13350 {
13351 .cmd = NL80211_CMD_EXTERNAL_AUTH,
13352 .doit = nl80211_external_auth,
13353 .policy = nl80211_policy,
13354 .flags = GENL_ADMIN_PERM,
13355 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13356 NL80211_FLAG_NEED_RTNL,
13357 },
13358 #endif
13359
13360 };
13361
13362 static struct genl_family nl80211_fam __ro_after_init = {
13363 .name = NL80211_GENL_NAME, /* have users key off the name instead */
13364 .hdrsize = 0, /* no private header */
13365 .version = 1, /* no particular meaning now */
13366 .maxattr = NL80211_ATTR_MAX,
13367 .netnsok = true,
13368 .pre_doit = nl80211_pre_doit,
13369 .post_doit = nl80211_post_doit,
13370 .module = THIS_MODULE,
13371 .ops = nl80211_ops,
13372 .n_ops = ARRAY_SIZE(nl80211_ops),
13373 .mcgrps = nl80211_mcgrps,
13374 .n_mcgrps = ARRAY_SIZE(nl80211_mcgrps),
13375 };
13376
13377 /* notification functions */
13378
13379 void nl80211_notify_wiphy(struct cfg80211_registered_device *rdev,
13380 enum nl80211_commands cmd)
13381 {
13382 struct sk_buff *msg;
13383 struct nl80211_dump_wiphy_state state = {};
13384
13385 WARN_ON(cmd != NL80211_CMD_NEW_WIPHY &&
13386 cmd != NL80211_CMD_DEL_WIPHY);
13387
13388 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
13389 if (!msg)
13390 return;
13391
13392 if (nl80211_send_wiphy(rdev, cmd, msg, 0, 0, 0, &state) < 0) {
13393 nlmsg_free(msg);
13394 return;
13395 }
13396
13397 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
13398 NL80211_MCGRP_CONFIG, GFP_KERNEL);
13399 }
13400
13401 void nl80211_notify_iface(struct cfg80211_registered_device *rdev,
13402 struct wireless_dev *wdev,
13403 enum nl80211_commands cmd)
13404 {
13405 struct sk_buff *msg;
13406
13407 WARN_ON(cmd != NL80211_CMD_NEW_INTERFACE &&
13408 cmd != NL80211_CMD_DEL_INTERFACE);
13409
13410 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
13411 if (!msg)
13412 return;
13413
13414 if (nl80211_send_iface(msg, 0, 0, 0, rdev, wdev,
13415 cmd == NL80211_CMD_DEL_INTERFACE) < 0) {
13416 nlmsg_free(msg);
13417 return;
13418 }
13419
13420 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
13421 NL80211_MCGRP_CONFIG, GFP_KERNEL);
13422 }
13423
13424 static int nl80211_add_scan_req(struct sk_buff *msg,
13425 struct cfg80211_registered_device *rdev)
13426 {
13427 struct cfg80211_scan_request *req = rdev->scan_req;
13428 struct nlattr *nest;
13429 int i;
13430
13431 if (WARN_ON(!req))
13432 return 0;
13433
13434 nest = nla_nest_start(msg, NL80211_ATTR_SCAN_SSIDS);
13435 if (!nest)
13436 goto nla_put_failure;
13437 for (i = 0; i < req->n_ssids; i++) {
13438 if (nla_put(msg, i, req->ssids[i].ssid_len, req->ssids[i].ssid))
13439 goto nla_put_failure;
13440 }
13441 nla_nest_end(msg, nest);
13442
13443 nest = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQUENCIES);
13444 if (!nest)
13445 goto nla_put_failure;
13446 for (i = 0; i < req->n_channels; i++) {
13447 if (nla_put_u32(msg, i, req->channels[i]->center_freq))
13448 goto nla_put_failure;
13449 }
13450 nla_nest_end(msg, nest);
13451
13452 if (req->ie &&
13453 nla_put(msg, NL80211_ATTR_IE, req->ie_len, req->ie))
13454 goto nla_put_failure;
13455
13456 if (req->flags &&
13457 nla_put_u32(msg, NL80211_ATTR_SCAN_FLAGS, req->flags))
13458 goto nla_put_failure;
13459
13460 if (req->info.scan_start_tsf &&
13461 (nla_put_u64_64bit(msg, NL80211_ATTR_SCAN_START_TIME_TSF,
13462 req->info.scan_start_tsf, NL80211_BSS_PAD) ||
13463 nla_put(msg, NL80211_ATTR_SCAN_START_TIME_TSF_BSSID, ETH_ALEN,
13464 req->info.tsf_bssid)))
13465 goto nla_put_failure;
13466
13467 return 0;
13468 nla_put_failure:
13469 return -ENOBUFS;
13470 }
13471
13472 static int nl80211_prep_scan_msg(struct sk_buff *msg,
13473 struct cfg80211_registered_device *rdev,
13474 struct wireless_dev *wdev,
13475 u32 portid, u32 seq, int flags,
13476 u32 cmd)
13477 {
13478 void *hdr;
13479
13480 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
13481 if (!hdr)
13482 return -1;
13483
13484 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
13485 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
13486 wdev->netdev->ifindex)) ||
13487 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
13488 NL80211_ATTR_PAD))
13489 goto nla_put_failure;
13490
13491 /* ignore errors and send incomplete event anyway */
13492 nl80211_add_scan_req(msg, rdev);
13493
13494 genlmsg_end(msg, hdr);
13495 return 0;
13496
13497 nla_put_failure:
13498 genlmsg_cancel(msg, hdr);
13499 return -EMSGSIZE;
13500 }
13501
13502 static int
13503 nl80211_prep_sched_scan_msg(struct sk_buff *msg,
13504 struct cfg80211_sched_scan_request *req, u32 cmd)
13505 {
13506 void *hdr;
13507
13508 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
13509 if (!hdr)
13510 return -1;
13511
13512 if (nla_put_u32(msg, NL80211_ATTR_WIPHY,
13513 wiphy_to_rdev(req->wiphy)->wiphy_idx) ||
13514 nla_put_u32(msg, NL80211_ATTR_IFINDEX, req->dev->ifindex) ||
13515 nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, req->reqid,
13516 NL80211_ATTR_PAD))
13517 goto nla_put_failure;
13518
13519 genlmsg_end(msg, hdr);
13520 return 0;
13521
13522 nla_put_failure:
13523 genlmsg_cancel(msg, hdr);
13524 return -EMSGSIZE;
13525 }
13526
13527 void nl80211_send_scan_start(struct cfg80211_registered_device *rdev,
13528 struct wireless_dev *wdev)
13529 {
13530 struct sk_buff *msg;
13531
13532 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
13533 if (!msg)
13534 return;
13535
13536 if (nl80211_prep_scan_msg(msg, rdev, wdev, 0, 0, 0,
13537 NL80211_CMD_TRIGGER_SCAN) < 0) {
13538 nlmsg_free(msg);
13539 return;
13540 }
13541
13542 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
13543 NL80211_MCGRP_SCAN, GFP_KERNEL);
13544 }
13545
13546 struct sk_buff *nl80211_build_scan_msg(struct cfg80211_registered_device *rdev,
13547 struct wireless_dev *wdev, bool aborted)
13548 {
13549 struct sk_buff *msg;
13550
13551 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
13552 if (!msg)
13553 return NULL;
13554
13555 if (nl80211_prep_scan_msg(msg, rdev, wdev, 0, 0, 0,
13556 aborted ? NL80211_CMD_SCAN_ABORTED :
13557 NL80211_CMD_NEW_SCAN_RESULTS) < 0) {
13558 nlmsg_free(msg);
13559 return NULL;
13560 }
13561
13562 return msg;
13563 }
13564
13565 /* send message created by nl80211_build_scan_msg() */
13566 void nl80211_send_scan_msg(struct cfg80211_registered_device *rdev,
13567 struct sk_buff *msg)
13568 {
13569 if (!msg)
13570 return;
13571
13572 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
13573 NL80211_MCGRP_SCAN, GFP_KERNEL);
13574 }
13575
13576 void nl80211_send_sched_scan(struct cfg80211_sched_scan_request *req, u32 cmd)
13577 {
13578 struct sk_buff *msg;
13579
13580 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
13581 if (!msg)
13582 return;
13583
13584 if (nl80211_prep_sched_scan_msg(msg, req, cmd) < 0) {
13585 nlmsg_free(msg);
13586 return;
13587 }
13588
13589 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(req->wiphy), msg, 0,
13590 NL80211_MCGRP_SCAN, GFP_KERNEL);
13591 }
13592
13593 static bool nl80211_reg_change_event_fill(struct sk_buff *msg,
13594 struct regulatory_request *request)
13595 {
13596 /* Userspace can always count this one always being set */
13597 if (nla_put_u8(msg, NL80211_ATTR_REG_INITIATOR, request->initiator))
13598 goto nla_put_failure;
13599
13600 if (request->alpha2[0] == '0' && request->alpha2[1] == '0') {
13601 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
13602 NL80211_REGDOM_TYPE_WORLD))
13603 goto nla_put_failure;
13604 } else if (request->alpha2[0] == '9' && request->alpha2[1] == '9') {
13605 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
13606 NL80211_REGDOM_TYPE_CUSTOM_WORLD))
13607 goto nla_put_failure;
13608 } else if ((request->alpha2[0] == '9' && request->alpha2[1] == '8') ||
13609 request->intersect) {
13610 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
13611 NL80211_REGDOM_TYPE_INTERSECTION))
13612 goto nla_put_failure;
13613 } else {
13614 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
13615 NL80211_REGDOM_TYPE_COUNTRY) ||
13616 nla_put_string(msg, NL80211_ATTR_REG_ALPHA2,
13617 request->alpha2))
13618 goto nla_put_failure;
13619 }
13620
13621 if (request->wiphy_idx != WIPHY_IDX_INVALID) {
13622 struct wiphy *wiphy = wiphy_idx_to_wiphy(request->wiphy_idx);
13623
13624 if (wiphy &&
13625 nla_put_u32(msg, NL80211_ATTR_WIPHY, request->wiphy_idx))
13626 goto nla_put_failure;
13627
13628 if (wiphy &&
13629 wiphy->regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
13630 nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
13631 goto nla_put_failure;
13632 }
13633
13634 return true;
13635
13636 nla_put_failure:
13637 return false;
13638 }
13639
13640 /*
13641 * This can happen on global regulatory changes or device specific settings
13642 * based on custom regulatory domains.
13643 */
13644 void nl80211_common_reg_change_event(enum nl80211_commands cmd_id,
13645 struct regulatory_request *request)
13646 {
13647 struct sk_buff *msg;
13648 void *hdr;
13649
13650 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
13651 if (!msg)
13652 return;
13653
13654 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd_id);
13655 if (!hdr) {
13656 nlmsg_free(msg);
13657 return;
13658 }
13659
13660 if (nl80211_reg_change_event_fill(msg, request) == false)
13661 goto nla_put_failure;
13662
13663 genlmsg_end(msg, hdr);
13664
13665 rcu_read_lock();
13666 genlmsg_multicast_allns(&nl80211_fam, msg, 0,
13667 NL80211_MCGRP_REGULATORY, GFP_ATOMIC);
13668 rcu_read_unlock();
13669
13670 return;
13671
13672 nla_put_failure:
13673 genlmsg_cancel(msg, hdr);
13674 nlmsg_free(msg);
13675 }
13676
13677 static void nl80211_send_mlme_event(struct cfg80211_registered_device *rdev,
13678 struct net_device *netdev,
13679 const u8 *buf, size_t len,
13680 enum nl80211_commands cmd, gfp_t gfp,
13681 int uapsd_queues)
13682 {
13683 struct sk_buff *msg;
13684 void *hdr;
13685 msg = nlmsg_new(100 + len, gfp);
13686 if (!msg)
13687 return;
13688
13689 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
13690 if (!hdr) {
13691 nlmsg_free(msg);
13692 return;
13693 }
13694
13695 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
13696 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
13697 nla_put(msg, NL80211_ATTR_FRAME, len, buf))
13698 goto nla_put_failure;
13699
13700 if (uapsd_queues >= 0) {
13701 struct nlattr *nla_wmm =
13702 nla_nest_start(msg, NL80211_ATTR_STA_WME);
13703 if (!nla_wmm)
13704 goto nla_put_failure;
13705
13706 if (nla_put_u8(msg, NL80211_STA_WME_UAPSD_QUEUES,
13707 uapsd_queues))
13708 goto nla_put_failure;
13709
13710 nla_nest_end(msg, nla_wmm);
13711 }
13712
13713 genlmsg_end(msg, hdr);
13714
13715 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
13716 NL80211_MCGRP_MLME, gfp);
13717 return;
13718
13719 nla_put_failure:
13720 genlmsg_cancel(msg, hdr);
13721 nlmsg_free(msg);
13722 }
13723
13724 void nl80211_send_rx_auth(struct cfg80211_registered_device *rdev,
13725 struct net_device *netdev, const u8 *buf,
13726 size_t len, gfp_t gfp)
13727 {
13728 nl80211_send_mlme_event(rdev, netdev, buf, len,
13729 NL80211_CMD_AUTHENTICATE, gfp, -1);
13730 }
13731
13732 void nl80211_send_rx_assoc(struct cfg80211_registered_device *rdev,
13733 struct net_device *netdev, const u8 *buf,
13734 size_t len, gfp_t gfp, int uapsd_queues)
13735 {
13736 nl80211_send_mlme_event(rdev, netdev, buf, len,
13737 NL80211_CMD_ASSOCIATE, gfp, uapsd_queues);
13738 }
13739
13740 void nl80211_send_deauth(struct cfg80211_registered_device *rdev,
13741 struct net_device *netdev, const u8 *buf,
13742 size_t len, gfp_t gfp)
13743 {
13744 nl80211_send_mlme_event(rdev, netdev, buf, len,
13745 NL80211_CMD_DEAUTHENTICATE, gfp, -1);
13746 }
13747
13748 void nl80211_send_disassoc(struct cfg80211_registered_device *rdev,
13749 struct net_device *netdev, const u8 *buf,
13750 size_t len, gfp_t gfp)
13751 {
13752 nl80211_send_mlme_event(rdev, netdev, buf, len,
13753 NL80211_CMD_DISASSOCIATE, gfp, -1);
13754 }
13755
13756 void cfg80211_rx_unprot_mlme_mgmt(struct net_device *dev, const u8 *buf,
13757 size_t len)
13758 {
13759 struct wireless_dev *wdev = dev->ieee80211_ptr;
13760 struct wiphy *wiphy = wdev->wiphy;
13761 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
13762 const struct ieee80211_mgmt *mgmt = (void *)buf;
13763 u32 cmd;
13764
13765 if (WARN_ON(len < 2))
13766 return;
13767
13768 if (ieee80211_is_deauth(mgmt->frame_control))
13769 cmd = NL80211_CMD_UNPROT_DEAUTHENTICATE;
13770 else
13771 cmd = NL80211_CMD_UNPROT_DISASSOCIATE;
13772
13773 trace_cfg80211_rx_unprot_mlme_mgmt(dev, buf, len);
13774 nl80211_send_mlme_event(rdev, dev, buf, len, cmd, GFP_ATOMIC, -1);
13775 }
13776 EXPORT_SYMBOL(cfg80211_rx_unprot_mlme_mgmt);
13777
13778 static void nl80211_send_mlme_timeout(struct cfg80211_registered_device *rdev,
13779 struct net_device *netdev, int cmd,
13780 const u8 *addr, gfp_t gfp)
13781 {
13782 struct sk_buff *msg;
13783 void *hdr;
13784
13785 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
13786 if (!msg)
13787 return;
13788
13789 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
13790 if (!hdr) {
13791 nlmsg_free(msg);
13792 return;
13793 }
13794
13795 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
13796 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
13797 nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) ||
13798 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
13799 goto nla_put_failure;
13800
13801 genlmsg_end(msg, hdr);
13802
13803 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
13804 NL80211_MCGRP_MLME, gfp);
13805 return;
13806
13807 nla_put_failure:
13808 genlmsg_cancel(msg, hdr);
13809 nlmsg_free(msg);
13810 }
13811
13812 void nl80211_send_auth_timeout(struct cfg80211_registered_device *rdev,
13813 struct net_device *netdev, const u8 *addr,
13814 gfp_t gfp)
13815 {
13816 nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_AUTHENTICATE,
13817 addr, gfp);
13818 }
13819
13820 void nl80211_send_assoc_timeout(struct cfg80211_registered_device *rdev,
13821 struct net_device *netdev, const u8 *addr,
13822 gfp_t gfp)
13823 {
13824 nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_ASSOCIATE,
13825 addr, gfp);
13826 }
13827
13828 void nl80211_send_connect_result(struct cfg80211_registered_device *rdev,
13829 struct net_device *netdev,
13830 struct cfg80211_connect_resp_params *cr,
13831 gfp_t gfp)
13832 {
13833 struct sk_buff *msg;
13834 void *hdr;
13835
13836 msg = nlmsg_new(100 + cr->req_ie_len + cr->resp_ie_len +
13837 cr->fils_kek_len + cr->pmk_len +
13838 (cr->pmkid ? WLAN_PMKID_LEN : 0), gfp);
13839 if (!msg)
13840 return;
13841
13842 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONNECT);
13843 if (!hdr) {
13844 nlmsg_free(msg);
13845 return;
13846 }
13847
13848 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
13849 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
13850 (cr->bssid &&
13851 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, cr->bssid)) ||
13852 nla_put_u16(msg, NL80211_ATTR_STATUS_CODE,
13853 cr->status < 0 ? WLAN_STATUS_UNSPECIFIED_FAILURE :
13854 cr->status) ||
13855 (cr->status < 0 &&
13856 (nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) ||
13857 nla_put_u32(msg, NL80211_ATTR_TIMEOUT_REASON,
13858 cr->timeout_reason))) ||
13859 (cr->req_ie &&
13860 nla_put(msg, NL80211_ATTR_REQ_IE, cr->req_ie_len, cr->req_ie)) ||
13861 (cr->resp_ie &&
13862 nla_put(msg, NL80211_ATTR_RESP_IE, cr->resp_ie_len,
13863 cr->resp_ie)) ||
13864 (cr->update_erp_next_seq_num &&
13865 nla_put_u16(msg, NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM,
13866 cr->fils_erp_next_seq_num)) ||
13867 (cr->status == WLAN_STATUS_SUCCESS &&
13868 ((cr->fils_kek &&
13869 nla_put(msg, NL80211_ATTR_FILS_KEK, cr->fils_kek_len,
13870 cr->fils_kek)) ||
13871 (cr->pmk &&
13872 nla_put(msg, NL80211_ATTR_PMK, cr->pmk_len, cr->pmk)) ||
13873 (cr->pmkid &&
13874 nla_put(msg, NL80211_ATTR_PMKID, WLAN_PMKID_LEN, cr->pmkid)))))
13875 goto nla_put_failure;
13876
13877 genlmsg_end(msg, hdr);
13878
13879 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
13880 NL80211_MCGRP_MLME, gfp);
13881 return;
13882
13883 nla_put_failure:
13884 genlmsg_cancel(msg, hdr);
13885 nlmsg_free(msg);
13886 }
13887
13888 void nl80211_send_roamed(struct cfg80211_registered_device *rdev,
13889 struct net_device *netdev,
13890 struct cfg80211_roam_info *info, gfp_t gfp)
13891 {
13892 struct sk_buff *msg;
13893 void *hdr;
13894 const u8 *bssid = info->bss ? info->bss->bssid : info->bssid;
13895
13896 msg = nlmsg_new(100 + info->req_ie_len + info->resp_ie_len, gfp);
13897 if (!msg)
13898 return;
13899
13900 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ROAM);
13901 if (!hdr) {
13902 nlmsg_free(msg);
13903 return;
13904 }
13905
13906 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
13907 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
13908 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid) ||
13909 (info->req_ie &&
13910 nla_put(msg, NL80211_ATTR_REQ_IE, info->req_ie_len,
13911 info->req_ie)) ||
13912 (info->resp_ie &&
13913 nla_put(msg, NL80211_ATTR_RESP_IE, info->resp_ie_len,
13914 info->resp_ie)) ||
13915 (info->authorized &&
13916 nla_put_flag(msg, NL80211_ATTR_PORT_AUTHORIZED)))
13917 goto nla_put_failure;
13918
13919 genlmsg_end(msg, hdr);
13920
13921 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
13922 NL80211_MCGRP_MLME, gfp);
13923 return;
13924
13925 nla_put_failure:
13926 genlmsg_cancel(msg, hdr);
13927 nlmsg_free(msg);
13928 }
13929
13930 void nl80211_send_disconnected(struct cfg80211_registered_device *rdev,
13931 struct net_device *netdev, u16 reason,
13932 const u8 *ie, size_t ie_len, bool from_ap)
13933 {
13934 struct sk_buff *msg;
13935 void *hdr;
13936
13937 msg = nlmsg_new(100 + ie_len, GFP_KERNEL);
13938 if (!msg)
13939 return;
13940
13941 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DISCONNECT);
13942 if (!hdr) {
13943 nlmsg_free(msg);
13944 return;
13945 }
13946
13947 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
13948 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
13949 (from_ap && reason &&
13950 nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason)) ||
13951 (from_ap &&
13952 nla_put_flag(msg, NL80211_ATTR_DISCONNECTED_BY_AP)) ||
13953 (ie && nla_put(msg, NL80211_ATTR_IE, ie_len, ie)))
13954 goto nla_put_failure;
13955
13956 genlmsg_end(msg, hdr);
13957
13958 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
13959 NL80211_MCGRP_MLME, GFP_KERNEL);
13960 return;
13961
13962 nla_put_failure:
13963 genlmsg_cancel(msg, hdr);
13964 nlmsg_free(msg);
13965 }
13966
13967 void nl80211_send_ibss_bssid(struct cfg80211_registered_device *rdev,
13968 struct net_device *netdev, const u8 *bssid,
13969 gfp_t gfp)
13970 {
13971 struct sk_buff *msg;
13972 void *hdr;
13973
13974 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
13975 if (!msg)
13976 return;
13977
13978 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_JOIN_IBSS);
13979 if (!hdr) {
13980 nlmsg_free(msg);
13981 return;
13982 }
13983
13984 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
13985 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
13986 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
13987 goto nla_put_failure;
13988
13989 genlmsg_end(msg, hdr);
13990
13991 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
13992 NL80211_MCGRP_MLME, gfp);
13993 return;
13994
13995 nla_put_failure:
13996 genlmsg_cancel(msg, hdr);
13997 nlmsg_free(msg);
13998 }
13999
14000 void cfg80211_notify_new_peer_candidate(struct net_device *dev, const u8 *addr,
14001 const u8* ie, u8 ie_len, gfp_t gfp)
14002 {
14003 struct wireless_dev *wdev = dev->ieee80211_ptr;
14004 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
14005 struct sk_buff *msg;
14006 void *hdr;
14007
14008 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_MESH_POINT))
14009 return;
14010
14011 trace_cfg80211_notify_new_peer_candidate(dev, addr);
14012
14013 msg = nlmsg_new(100 + ie_len, gfp);
14014 if (!msg)
14015 return;
14016
14017 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NEW_PEER_CANDIDATE);
14018 if (!hdr) {
14019 nlmsg_free(msg);
14020 return;
14021 }
14022
14023 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14024 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
14025 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
14026 (ie_len && ie &&
14027 nla_put(msg, NL80211_ATTR_IE, ie_len , ie)))
14028 goto nla_put_failure;
14029
14030 genlmsg_end(msg, hdr);
14031
14032 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14033 NL80211_MCGRP_MLME, gfp);
14034 return;
14035
14036 nla_put_failure:
14037 genlmsg_cancel(msg, hdr);
14038 nlmsg_free(msg);
14039 }
14040 EXPORT_SYMBOL(cfg80211_notify_new_peer_candidate);
14041
14042 void nl80211_michael_mic_failure(struct cfg80211_registered_device *rdev,
14043 struct net_device *netdev, const u8 *addr,
14044 enum nl80211_key_type key_type, int key_id,
14045 const u8 *tsc, gfp_t gfp)
14046 {
14047 struct sk_buff *msg;
14048 void *hdr;
14049
14050 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
14051 if (!msg)
14052 return;
14053
14054 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_MICHAEL_MIC_FAILURE);
14055 if (!hdr) {
14056 nlmsg_free(msg);
14057 return;
14058 }
14059
14060 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14061 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
14062 (addr && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) ||
14063 nla_put_u32(msg, NL80211_ATTR_KEY_TYPE, key_type) ||
14064 (key_id != -1 &&
14065 nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_id)) ||
14066 (tsc && nla_put(msg, NL80211_ATTR_KEY_SEQ, 6, tsc)))
14067 goto nla_put_failure;
14068
14069 genlmsg_end(msg, hdr);
14070
14071 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14072 NL80211_MCGRP_MLME, gfp);
14073 return;
14074
14075 nla_put_failure:
14076 genlmsg_cancel(msg, hdr);
14077 nlmsg_free(msg);
14078 }
14079
14080 void nl80211_send_beacon_hint_event(struct wiphy *wiphy,
14081 struct ieee80211_channel *channel_before,
14082 struct ieee80211_channel *channel_after)
14083 {
14084 struct sk_buff *msg;
14085 void *hdr;
14086 struct nlattr *nl_freq;
14087
14088 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC);
14089 if (!msg)
14090 return;
14091
14092 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_BEACON_HINT);
14093 if (!hdr) {
14094 nlmsg_free(msg);
14095 return;
14096 }
14097
14098 /*
14099 * Since we are applying the beacon hint to a wiphy we know its
14100 * wiphy_idx is valid
14101 */
14102 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
14103 goto nla_put_failure;
14104
14105 /* Before */
14106 nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_BEFORE);
14107 if (!nl_freq)
14108 goto nla_put_failure;
14109 if (nl80211_msg_put_channel(msg, channel_before, false))
14110 goto nla_put_failure;
14111 nla_nest_end(msg, nl_freq);
14112
14113 /* After */
14114 nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_AFTER);
14115 if (!nl_freq)
14116 goto nla_put_failure;
14117 if (nl80211_msg_put_channel(msg, channel_after, false))
14118 goto nla_put_failure;
14119 nla_nest_end(msg, nl_freq);
14120
14121 genlmsg_end(msg, hdr);
14122
14123 rcu_read_lock();
14124 genlmsg_multicast_allns(&nl80211_fam, msg, 0,
14125 NL80211_MCGRP_REGULATORY, GFP_ATOMIC);
14126 rcu_read_unlock();
14127
14128 return;
14129
14130 nla_put_failure:
14131 genlmsg_cancel(msg, hdr);
14132 nlmsg_free(msg);
14133 }
14134
14135 static void nl80211_send_remain_on_chan_event(
14136 int cmd, struct cfg80211_registered_device *rdev,
14137 struct wireless_dev *wdev, u64 cookie,
14138 struct ieee80211_channel *chan,
14139 unsigned int duration, gfp_t gfp)
14140 {
14141 struct sk_buff *msg;
14142 void *hdr;
14143
14144 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
14145 if (!msg)
14146 return;
14147
14148 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
14149 if (!hdr) {
14150 nlmsg_free(msg);
14151 return;
14152 }
14153
14154 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14155 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
14156 wdev->netdev->ifindex)) ||
14157 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
14158 NL80211_ATTR_PAD) ||
14159 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, chan->center_freq) ||
14160 nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
14161 NL80211_CHAN_NO_HT) ||
14162 nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
14163 NL80211_ATTR_PAD))
14164 goto nla_put_failure;
14165
14166 if (cmd == NL80211_CMD_REMAIN_ON_CHANNEL &&
14167 nla_put_u32(msg, NL80211_ATTR_DURATION, duration))
14168 goto nla_put_failure;
14169
14170 genlmsg_end(msg, hdr);
14171
14172 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14173 NL80211_MCGRP_MLME, gfp);
14174 return;
14175
14176 nla_put_failure:
14177 genlmsg_cancel(msg, hdr);
14178 nlmsg_free(msg);
14179 }
14180
14181 void cfg80211_ready_on_channel(struct wireless_dev *wdev, u64 cookie,
14182 struct ieee80211_channel *chan,
14183 unsigned int duration, gfp_t gfp)
14184 {
14185 struct wiphy *wiphy = wdev->wiphy;
14186 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
14187
14188 trace_cfg80211_ready_on_channel(wdev, cookie, chan, duration);
14189 nl80211_send_remain_on_chan_event(NL80211_CMD_REMAIN_ON_CHANNEL,
14190 rdev, wdev, cookie, chan,
14191 duration, gfp);
14192 }
14193 EXPORT_SYMBOL(cfg80211_ready_on_channel);
14194
14195 void cfg80211_remain_on_channel_expired(struct wireless_dev *wdev, u64 cookie,
14196 struct ieee80211_channel *chan,
14197 gfp_t gfp)
14198 {
14199 struct wiphy *wiphy = wdev->wiphy;
14200 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
14201
14202 trace_cfg80211_ready_on_channel_expired(wdev, cookie, chan);
14203 nl80211_send_remain_on_chan_event(NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
14204 rdev, wdev, cookie, chan, 0, gfp);
14205 }
14206 EXPORT_SYMBOL(cfg80211_remain_on_channel_expired);
14207
14208 void cfg80211_new_sta(struct net_device *dev, const u8 *mac_addr,
14209 struct station_info *sinfo, gfp_t gfp)
14210 {
14211 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
14212 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
14213 struct sk_buff *msg;
14214
14215 trace_cfg80211_new_sta(dev, mac_addr, sinfo);
14216
14217 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
14218 if (!msg)
14219 return;
14220
14221 if (nl80211_send_station(msg, NL80211_CMD_NEW_STATION, 0, 0, 0,
14222 rdev, dev, mac_addr, sinfo) < 0) {
14223 nlmsg_free(msg);
14224 return;
14225 }
14226
14227 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14228 NL80211_MCGRP_MLME, gfp);
14229 }
14230 EXPORT_SYMBOL(cfg80211_new_sta);
14231
14232 void cfg80211_del_sta_sinfo(struct net_device *dev, const u8 *mac_addr,
14233 struct station_info *sinfo, gfp_t gfp)
14234 {
14235 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
14236 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
14237 struct sk_buff *msg;
14238 struct station_info empty_sinfo = {};
14239
14240 if (!sinfo)
14241 sinfo = &empty_sinfo;
14242
14243 trace_cfg80211_del_sta(dev, mac_addr);
14244
14245 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
14246 if (!msg)
14247 return;
14248
14249 if (nl80211_send_station(msg, NL80211_CMD_DEL_STATION, 0, 0, 0,
14250 rdev, dev, mac_addr, sinfo) < 0) {
14251 nlmsg_free(msg);
14252 return;
14253 }
14254
14255 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14256 NL80211_MCGRP_MLME, gfp);
14257 }
14258 EXPORT_SYMBOL(cfg80211_del_sta_sinfo);
14259
14260 void cfg80211_conn_failed(struct net_device *dev, const u8 *mac_addr,
14261 enum nl80211_connect_failed_reason reason,
14262 gfp_t gfp)
14263 {
14264 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
14265 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
14266 struct sk_buff *msg;
14267 void *hdr;
14268
14269 msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
14270 if (!msg)
14271 return;
14272
14273 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONN_FAILED);
14274 if (!hdr) {
14275 nlmsg_free(msg);
14276 return;
14277 }
14278
14279 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
14280 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
14281 nla_put_u32(msg, NL80211_ATTR_CONN_FAILED_REASON, reason))
14282 goto nla_put_failure;
14283
14284 genlmsg_end(msg, hdr);
14285
14286 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14287 NL80211_MCGRP_MLME, gfp);
14288 return;
14289
14290 nla_put_failure:
14291 genlmsg_cancel(msg, hdr);
14292 nlmsg_free(msg);
14293 }
14294 EXPORT_SYMBOL(cfg80211_conn_failed);
14295
14296 static bool __nl80211_unexpected_frame(struct net_device *dev, u8 cmd,
14297 const u8 *addr, gfp_t gfp)
14298 {
14299 struct wireless_dev *wdev = dev->ieee80211_ptr;
14300 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
14301 struct sk_buff *msg;
14302 void *hdr;
14303 u32 nlportid = ACCESS_ONCE(wdev->ap_unexpected_nlportid);
14304
14305 if (!nlportid)
14306 return false;
14307
14308 msg = nlmsg_new(100, gfp);
14309 if (!msg)
14310 return true;
14311
14312 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
14313 if (!hdr) {
14314 nlmsg_free(msg);
14315 return true;
14316 }
14317
14318 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14319 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
14320 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
14321 goto nla_put_failure;
14322
14323 genlmsg_end(msg, hdr);
14324 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
14325 return true;
14326
14327 nla_put_failure:
14328 genlmsg_cancel(msg, hdr);
14329 nlmsg_free(msg);
14330 return true;
14331 }
14332
14333 bool cfg80211_rx_spurious_frame(struct net_device *dev,
14334 const u8 *addr, gfp_t gfp)
14335 {
14336 struct wireless_dev *wdev = dev->ieee80211_ptr;
14337 bool ret;
14338
14339 trace_cfg80211_rx_spurious_frame(dev, addr);
14340
14341 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
14342 wdev->iftype != NL80211_IFTYPE_P2P_GO)) {
14343 trace_cfg80211_return_bool(false);
14344 return false;
14345 }
14346 ret = __nl80211_unexpected_frame(dev, NL80211_CMD_UNEXPECTED_FRAME,
14347 addr, gfp);
14348 trace_cfg80211_return_bool(ret);
14349 return ret;
14350 }
14351 EXPORT_SYMBOL(cfg80211_rx_spurious_frame);
14352
14353 bool cfg80211_rx_unexpected_4addr_frame(struct net_device *dev,
14354 const u8 *addr, gfp_t gfp)
14355 {
14356 struct wireless_dev *wdev = dev->ieee80211_ptr;
14357 bool ret;
14358
14359 trace_cfg80211_rx_unexpected_4addr_frame(dev, addr);
14360
14361 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
14362 wdev->iftype != NL80211_IFTYPE_P2P_GO &&
14363 wdev->iftype != NL80211_IFTYPE_AP_VLAN)) {
14364 trace_cfg80211_return_bool(false);
14365 return false;
14366 }
14367 ret = __nl80211_unexpected_frame(dev,
14368 NL80211_CMD_UNEXPECTED_4ADDR_FRAME,
14369 addr, gfp);
14370 trace_cfg80211_return_bool(ret);
14371 return ret;
14372 }
14373 EXPORT_SYMBOL(cfg80211_rx_unexpected_4addr_frame);
14374
14375 int nl80211_send_mgmt(struct cfg80211_registered_device *rdev,
14376 struct wireless_dev *wdev, u32 nlportid,
14377 int freq, int sig_dbm,
14378 const u8 *buf, size_t len, u32 flags, gfp_t gfp)
14379 {
14380 struct net_device *netdev = wdev->netdev;
14381 struct sk_buff *msg;
14382 void *hdr;
14383
14384 msg = nlmsg_new(100 + len, gfp);
14385 if (!msg)
14386 return -ENOMEM;
14387
14388 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
14389 if (!hdr) {
14390 nlmsg_free(msg);
14391 return -ENOMEM;
14392 }
14393
14394 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14395 (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
14396 netdev->ifindex)) ||
14397 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
14398 NL80211_ATTR_PAD) ||
14399 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq) ||
14400 (sig_dbm &&
14401 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) ||
14402 nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
14403 (flags &&
14404 nla_put_u32(msg, NL80211_ATTR_RXMGMT_FLAGS, flags)))
14405 goto nla_put_failure;
14406
14407 genlmsg_end(msg, hdr);
14408
14409 return genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
14410
14411 nla_put_failure:
14412 genlmsg_cancel(msg, hdr);
14413 nlmsg_free(msg);
14414 return -ENOBUFS;
14415 }
14416
14417 void cfg80211_mgmt_tx_status(struct wireless_dev *wdev, u64 cookie,
14418 const u8 *buf, size_t len, bool ack, gfp_t gfp)
14419 {
14420 struct wiphy *wiphy = wdev->wiphy;
14421 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
14422 struct net_device *netdev = wdev->netdev;
14423 struct sk_buff *msg;
14424 void *hdr;
14425
14426 trace_cfg80211_mgmt_tx_status(wdev, cookie, ack);
14427
14428 msg = nlmsg_new(100 + len, gfp);
14429 if (!msg)
14430 return;
14431
14432 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME_TX_STATUS);
14433 if (!hdr) {
14434 nlmsg_free(msg);
14435 return;
14436 }
14437
14438 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14439 (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
14440 netdev->ifindex)) ||
14441 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
14442 NL80211_ATTR_PAD) ||
14443 nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
14444 nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
14445 NL80211_ATTR_PAD) ||
14446 (ack && nla_put_flag(msg, NL80211_ATTR_ACK)))
14447 goto nla_put_failure;
14448
14449 genlmsg_end(msg, hdr);
14450
14451 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14452 NL80211_MCGRP_MLME, gfp);
14453 return;
14454
14455 nla_put_failure:
14456 genlmsg_cancel(msg, hdr);
14457 nlmsg_free(msg);
14458 }
14459 EXPORT_SYMBOL(cfg80211_mgmt_tx_status);
14460
14461 static struct sk_buff *cfg80211_prepare_cqm(struct net_device *dev,
14462 const char *mac, gfp_t gfp)
14463 {
14464 struct wireless_dev *wdev = dev->ieee80211_ptr;
14465 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
14466 struct sk_buff *msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
14467 void **cb;
14468
14469 if (!msg)
14470 return NULL;
14471
14472 cb = (void **)msg->cb;
14473
14474 cb[0] = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM);
14475 if (!cb[0]) {
14476 nlmsg_free(msg);
14477 return NULL;
14478 }
14479
14480 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14481 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
14482 goto nla_put_failure;
14483
14484 if (mac && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac))
14485 goto nla_put_failure;
14486
14487 cb[1] = nla_nest_start(msg, NL80211_ATTR_CQM);
14488 if (!cb[1])
14489 goto nla_put_failure;
14490
14491 cb[2] = rdev;
14492
14493 return msg;
14494 nla_put_failure:
14495 nlmsg_free(msg);
14496 return NULL;
14497 }
14498
14499 static void cfg80211_send_cqm(struct sk_buff *msg, gfp_t gfp)
14500 {
14501 void **cb = (void **)msg->cb;
14502 struct cfg80211_registered_device *rdev = cb[2];
14503
14504 nla_nest_end(msg, cb[1]);
14505 genlmsg_end(msg, cb[0]);
14506
14507 memset(msg->cb, 0, sizeof(msg->cb));
14508
14509 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14510 NL80211_MCGRP_MLME, gfp);
14511 }
14512
14513 void cfg80211_cqm_rssi_notify(struct net_device *dev,
14514 enum nl80211_cqm_rssi_threshold_event rssi_event,
14515 s32 rssi_level, gfp_t gfp)
14516 {
14517 struct sk_buff *msg;
14518 struct wireless_dev *wdev = dev->ieee80211_ptr;
14519 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
14520
14521 trace_cfg80211_cqm_rssi_notify(dev, rssi_event, rssi_level);
14522
14523 if (WARN_ON(rssi_event != NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW &&
14524 rssi_event != NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH))
14525 return;
14526
14527 if (wdev->cqm_config) {
14528 wdev->cqm_config->last_rssi_event_value = rssi_level;
14529
14530 cfg80211_cqm_rssi_update(rdev, dev);
14531
14532 if (rssi_level == 0)
14533 rssi_level = wdev->cqm_config->last_rssi_event_value;
14534 }
14535
14536 msg = cfg80211_prepare_cqm(dev, NULL, gfp);
14537 if (!msg)
14538 return;
14539
14540 if (nla_put_u32(msg, NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT,
14541 rssi_event))
14542 goto nla_put_failure;
14543
14544 if (rssi_level && nla_put_s32(msg, NL80211_ATTR_CQM_RSSI_LEVEL,
14545 rssi_level))
14546 goto nla_put_failure;
14547
14548 cfg80211_send_cqm(msg, gfp);
14549
14550 return;
14551
14552 nla_put_failure:
14553 nlmsg_free(msg);
14554 }
14555 EXPORT_SYMBOL(cfg80211_cqm_rssi_notify);
14556
14557 void cfg80211_cqm_txe_notify(struct net_device *dev,
14558 const u8 *peer, u32 num_packets,
14559 u32 rate, u32 intvl, gfp_t gfp)
14560 {
14561 struct sk_buff *msg;
14562
14563 msg = cfg80211_prepare_cqm(dev, peer, gfp);
14564 if (!msg)
14565 return;
14566
14567 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_PKTS, num_packets))
14568 goto nla_put_failure;
14569
14570 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_RATE, rate))
14571 goto nla_put_failure;
14572
14573 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_INTVL, intvl))
14574 goto nla_put_failure;
14575
14576 cfg80211_send_cqm(msg, gfp);
14577 return;
14578
14579 nla_put_failure:
14580 nlmsg_free(msg);
14581 }
14582 EXPORT_SYMBOL(cfg80211_cqm_txe_notify);
14583
14584 void cfg80211_cqm_pktloss_notify(struct net_device *dev,
14585 const u8 *peer, u32 num_packets, gfp_t gfp)
14586 {
14587 struct sk_buff *msg;
14588
14589 trace_cfg80211_cqm_pktloss_notify(dev, peer, num_packets);
14590
14591 msg = cfg80211_prepare_cqm(dev, peer, gfp);
14592 if (!msg)
14593 return;
14594
14595 if (nla_put_u32(msg, NL80211_ATTR_CQM_PKT_LOSS_EVENT, num_packets))
14596 goto nla_put_failure;
14597
14598 cfg80211_send_cqm(msg, gfp);
14599 return;
14600
14601 nla_put_failure:
14602 nlmsg_free(msg);
14603 }
14604 EXPORT_SYMBOL(cfg80211_cqm_pktloss_notify);
14605
14606 void cfg80211_cqm_beacon_loss_notify(struct net_device *dev, gfp_t gfp)
14607 {
14608 struct sk_buff *msg;
14609
14610 msg = cfg80211_prepare_cqm(dev, NULL, gfp);
14611 if (!msg)
14612 return;
14613
14614 if (nla_put_flag(msg, NL80211_ATTR_CQM_BEACON_LOSS_EVENT))
14615 goto nla_put_failure;
14616
14617 cfg80211_send_cqm(msg, gfp);
14618 return;
14619
14620 nla_put_failure:
14621 nlmsg_free(msg);
14622 }
14623 EXPORT_SYMBOL(cfg80211_cqm_beacon_loss_notify);
14624
14625 static void nl80211_gtk_rekey_notify(struct cfg80211_registered_device *rdev,
14626 struct net_device *netdev, const u8 *bssid,
14627 const u8 *replay_ctr, gfp_t gfp)
14628 {
14629 struct sk_buff *msg;
14630 struct nlattr *rekey_attr;
14631 void *hdr;
14632
14633 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
14634 if (!msg)
14635 return;
14636
14637 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_REKEY_OFFLOAD);
14638 if (!hdr) {
14639 nlmsg_free(msg);
14640 return;
14641 }
14642
14643 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14644 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
14645 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
14646 goto nla_put_failure;
14647
14648 rekey_attr = nla_nest_start(msg, NL80211_ATTR_REKEY_DATA);
14649 if (!rekey_attr)
14650 goto nla_put_failure;
14651
14652 if (nla_put(msg, NL80211_REKEY_DATA_REPLAY_CTR,
14653 NL80211_REPLAY_CTR_LEN, replay_ctr))
14654 goto nla_put_failure;
14655
14656 nla_nest_end(msg, rekey_attr);
14657
14658 genlmsg_end(msg, hdr);
14659
14660 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14661 NL80211_MCGRP_MLME, gfp);
14662 return;
14663
14664 nla_put_failure:
14665 genlmsg_cancel(msg, hdr);
14666 nlmsg_free(msg);
14667 }
14668
14669 void cfg80211_gtk_rekey_notify(struct net_device *dev, const u8 *bssid,
14670 const u8 *replay_ctr, gfp_t gfp)
14671 {
14672 struct wireless_dev *wdev = dev->ieee80211_ptr;
14673 struct wiphy *wiphy = wdev->wiphy;
14674 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
14675
14676 trace_cfg80211_gtk_rekey_notify(dev, bssid);
14677 nl80211_gtk_rekey_notify(rdev, dev, bssid, replay_ctr, gfp);
14678 }
14679 EXPORT_SYMBOL(cfg80211_gtk_rekey_notify);
14680
14681 static void
14682 nl80211_pmksa_candidate_notify(struct cfg80211_registered_device *rdev,
14683 struct net_device *netdev, int index,
14684 const u8 *bssid, bool preauth, gfp_t gfp)
14685 {
14686 struct sk_buff *msg;
14687 struct nlattr *attr;
14688 void *hdr;
14689
14690 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
14691 if (!msg)
14692 return;
14693
14694 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PMKSA_CANDIDATE);
14695 if (!hdr) {
14696 nlmsg_free(msg);
14697 return;
14698 }
14699
14700 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14701 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
14702 goto nla_put_failure;
14703
14704 attr = nla_nest_start(msg, NL80211_ATTR_PMKSA_CANDIDATE);
14705 if (!attr)
14706 goto nla_put_failure;
14707
14708 if (nla_put_u32(msg, NL80211_PMKSA_CANDIDATE_INDEX, index) ||
14709 nla_put(msg, NL80211_PMKSA_CANDIDATE_BSSID, ETH_ALEN, bssid) ||
14710 (preauth &&
14711 nla_put_flag(msg, NL80211_PMKSA_CANDIDATE_PREAUTH)))
14712 goto nla_put_failure;
14713
14714 nla_nest_end(msg, attr);
14715
14716 genlmsg_end(msg, hdr);
14717
14718 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14719 NL80211_MCGRP_MLME, gfp);
14720 return;
14721
14722 nla_put_failure:
14723 genlmsg_cancel(msg, hdr);
14724 nlmsg_free(msg);
14725 }
14726
14727 void cfg80211_pmksa_candidate_notify(struct net_device *dev, int index,
14728 const u8 *bssid, bool preauth, gfp_t gfp)
14729 {
14730 struct wireless_dev *wdev = dev->ieee80211_ptr;
14731 struct wiphy *wiphy = wdev->wiphy;
14732 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
14733
14734 trace_cfg80211_pmksa_candidate_notify(dev, index, bssid, preauth);
14735 nl80211_pmksa_candidate_notify(rdev, dev, index, bssid, preauth, gfp);
14736 }
14737 EXPORT_SYMBOL(cfg80211_pmksa_candidate_notify);
14738
14739 static void nl80211_ch_switch_notify(struct cfg80211_registered_device *rdev,
14740 struct net_device *netdev,
14741 struct cfg80211_chan_def *chandef,
14742 gfp_t gfp,
14743 enum nl80211_commands notif,
14744 u8 count)
14745 {
14746 struct sk_buff *msg;
14747 void *hdr;
14748
14749 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
14750 if (!msg)
14751 return;
14752
14753 hdr = nl80211hdr_put(msg, 0, 0, 0, notif);
14754 if (!hdr) {
14755 nlmsg_free(msg);
14756 return;
14757 }
14758
14759 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
14760 goto nla_put_failure;
14761
14762 if (nl80211_send_chandef(msg, chandef))
14763 goto nla_put_failure;
14764
14765 if ((notif == NL80211_CMD_CH_SWITCH_STARTED_NOTIFY) &&
14766 (nla_put_u32(msg, NL80211_ATTR_CH_SWITCH_COUNT, count)))
14767 goto nla_put_failure;
14768
14769 genlmsg_end(msg, hdr);
14770
14771 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14772 NL80211_MCGRP_MLME, gfp);
14773 return;
14774
14775 nla_put_failure:
14776 genlmsg_cancel(msg, hdr);
14777 nlmsg_free(msg);
14778 }
14779
14780 void cfg80211_ch_switch_notify(struct net_device *dev,
14781 struct cfg80211_chan_def *chandef)
14782 {
14783 struct wireless_dev *wdev = dev->ieee80211_ptr;
14784 struct wiphy *wiphy = wdev->wiphy;
14785 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
14786
14787 ASSERT_WDEV_LOCK(wdev);
14788
14789 trace_cfg80211_ch_switch_notify(dev, chandef);
14790
14791 wdev->chandef = *chandef;
14792 wdev->preset_chandef = *chandef;
14793 nl80211_ch_switch_notify(rdev, dev, chandef, GFP_KERNEL,
14794 NL80211_CMD_CH_SWITCH_NOTIFY, 0);
14795 }
14796 EXPORT_SYMBOL(cfg80211_ch_switch_notify);
14797
14798 void cfg80211_ch_switch_started_notify(struct net_device *dev,
14799 struct cfg80211_chan_def *chandef,
14800 u8 count)
14801 {
14802 struct wireless_dev *wdev = dev->ieee80211_ptr;
14803 struct wiphy *wiphy = wdev->wiphy;
14804 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
14805
14806 trace_cfg80211_ch_switch_started_notify(dev, chandef);
14807
14808 nl80211_ch_switch_notify(rdev, dev, chandef, GFP_KERNEL,
14809 NL80211_CMD_CH_SWITCH_STARTED_NOTIFY, count);
14810 }
14811 EXPORT_SYMBOL(cfg80211_ch_switch_started_notify);
14812
14813 void
14814 nl80211_radar_notify(struct cfg80211_registered_device *rdev,
14815 const struct cfg80211_chan_def *chandef,
14816 enum nl80211_radar_event event,
14817 struct net_device *netdev, gfp_t gfp)
14818 {
14819 struct sk_buff *msg;
14820 void *hdr;
14821
14822 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
14823 if (!msg)
14824 return;
14825
14826 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_RADAR_DETECT);
14827 if (!hdr) {
14828 nlmsg_free(msg);
14829 return;
14830 }
14831
14832 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
14833 goto nla_put_failure;
14834
14835 /* NOP and radar events don't need a netdev parameter */
14836 if (netdev) {
14837 struct wireless_dev *wdev = netdev->ieee80211_ptr;
14838
14839 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
14840 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
14841 NL80211_ATTR_PAD))
14842 goto nla_put_failure;
14843 }
14844
14845 if (nla_put_u32(msg, NL80211_ATTR_RADAR_EVENT, event))
14846 goto nla_put_failure;
14847
14848 if (nl80211_send_chandef(msg, chandef))
14849 goto nla_put_failure;
14850
14851 genlmsg_end(msg, hdr);
14852
14853 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14854 NL80211_MCGRP_MLME, gfp);
14855 return;
14856
14857 nla_put_failure:
14858 genlmsg_cancel(msg, hdr);
14859 nlmsg_free(msg);
14860 }
14861
14862 void cfg80211_probe_status(struct net_device *dev, const u8 *addr,
14863 u64 cookie, bool acked, gfp_t gfp)
14864 {
14865 struct wireless_dev *wdev = dev->ieee80211_ptr;
14866 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
14867 struct sk_buff *msg;
14868 void *hdr;
14869
14870 trace_cfg80211_probe_status(dev, addr, cookie, acked);
14871
14872 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
14873
14874 if (!msg)
14875 return;
14876
14877 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PROBE_CLIENT);
14878 if (!hdr) {
14879 nlmsg_free(msg);
14880 return;
14881 }
14882
14883 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14884 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
14885 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
14886 nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
14887 NL80211_ATTR_PAD) ||
14888 (acked && nla_put_flag(msg, NL80211_ATTR_ACK)))
14889 goto nla_put_failure;
14890
14891 genlmsg_end(msg, hdr);
14892
14893 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14894 NL80211_MCGRP_MLME, gfp);
14895 return;
14896
14897 nla_put_failure:
14898 genlmsg_cancel(msg, hdr);
14899 nlmsg_free(msg);
14900 }
14901 EXPORT_SYMBOL(cfg80211_probe_status);
14902
14903 void cfg80211_report_obss_beacon(struct wiphy *wiphy,
14904 const u8 *frame, size_t len,
14905 int freq, int sig_dbm)
14906 {
14907 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
14908 struct sk_buff *msg;
14909 void *hdr;
14910 struct cfg80211_beacon_registration *reg;
14911
14912 trace_cfg80211_report_obss_beacon(wiphy, frame, len, freq, sig_dbm);
14913
14914 spin_lock_bh(&rdev->beacon_registrations_lock);
14915 list_for_each_entry(reg, &rdev->beacon_registrations, list) {
14916 msg = nlmsg_new(len + 100, GFP_ATOMIC);
14917 if (!msg) {
14918 spin_unlock_bh(&rdev->beacon_registrations_lock);
14919 return;
14920 }
14921
14922 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
14923 if (!hdr)
14924 goto nla_put_failure;
14925
14926 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14927 (freq &&
14928 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq)) ||
14929 (sig_dbm &&
14930 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) ||
14931 nla_put(msg, NL80211_ATTR_FRAME, len, frame))
14932 goto nla_put_failure;
14933
14934 genlmsg_end(msg, hdr);
14935
14936 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, reg->nlportid);
14937 }
14938 spin_unlock_bh(&rdev->beacon_registrations_lock);
14939 return;
14940
14941 nla_put_failure:
14942 spin_unlock_bh(&rdev->beacon_registrations_lock);
14943 if (hdr)
14944 genlmsg_cancel(msg, hdr);
14945 nlmsg_free(msg);
14946 }
14947 EXPORT_SYMBOL(cfg80211_report_obss_beacon);
14948
14949 #ifdef CONFIG_PM
14950 static int cfg80211_net_detect_results(struct sk_buff *msg,
14951 struct cfg80211_wowlan_wakeup *wakeup)
14952 {
14953 struct cfg80211_wowlan_nd_info *nd = wakeup->net_detect;
14954 struct nlattr *nl_results, *nl_match, *nl_freqs;
14955 int i, j;
14956
14957 nl_results = nla_nest_start(
14958 msg, NL80211_WOWLAN_TRIG_NET_DETECT_RESULTS);
14959 if (!nl_results)
14960 return -EMSGSIZE;
14961
14962 for (i = 0; i < nd->n_matches; i++) {
14963 struct cfg80211_wowlan_nd_match *match = nd->matches[i];
14964
14965 nl_match = nla_nest_start(msg, i);
14966 if (!nl_match)
14967 break;
14968
14969 /* The SSID attribute is optional in nl80211, but for
14970 * simplicity reasons it's always present in the
14971 * cfg80211 structure. If a driver can't pass the
14972 * SSID, that needs to be changed. A zero length SSID
14973 * is still a valid SSID (wildcard), so it cannot be
14974 * used for this purpose.
14975 */
14976 if (nla_put(msg, NL80211_ATTR_SSID, match->ssid.ssid_len,
14977 match->ssid.ssid)) {
14978 nla_nest_cancel(msg, nl_match);
14979 goto out;
14980 }
14981
14982 if (match->n_channels) {
14983 nl_freqs = nla_nest_start(
14984 msg, NL80211_ATTR_SCAN_FREQUENCIES);
14985 if (!nl_freqs) {
14986 nla_nest_cancel(msg, nl_match);
14987 goto out;
14988 }
14989
14990 for (j = 0; j < match->n_channels; j++) {
14991 if (nla_put_u32(msg, j, match->channels[j])) {
14992 nla_nest_cancel(msg, nl_freqs);
14993 nla_nest_cancel(msg, nl_match);
14994 goto out;
14995 }
14996 }
14997
14998 nla_nest_end(msg, nl_freqs);
14999 }
15000
15001 nla_nest_end(msg, nl_match);
15002 }
15003
15004 out:
15005 nla_nest_end(msg, nl_results);
15006 return 0;
15007 }
15008
15009 void cfg80211_report_wowlan_wakeup(struct wireless_dev *wdev,
15010 struct cfg80211_wowlan_wakeup *wakeup,
15011 gfp_t gfp)
15012 {
15013 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
15014 struct sk_buff *msg;
15015 void *hdr;
15016 int size = 200;
15017
15018 trace_cfg80211_report_wowlan_wakeup(wdev->wiphy, wdev, wakeup);
15019
15020 if (wakeup)
15021 size += wakeup->packet_present_len;
15022
15023 msg = nlmsg_new(size, gfp);
15024 if (!msg)
15025 return;
15026
15027 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_WOWLAN);
15028 if (!hdr)
15029 goto free_msg;
15030
15031 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15032 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
15033 NL80211_ATTR_PAD))
15034 goto free_msg;
15035
15036 if (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
15037 wdev->netdev->ifindex))
15038 goto free_msg;
15039
15040 if (wakeup) {
15041 struct nlattr *reasons;
15042
15043 reasons = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS);
15044 if (!reasons)
15045 goto free_msg;
15046
15047 if (wakeup->disconnect &&
15048 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT))
15049 goto free_msg;
15050 if (wakeup->magic_pkt &&
15051 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT))
15052 goto free_msg;
15053 if (wakeup->gtk_rekey_failure &&
15054 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE))
15055 goto free_msg;
15056 if (wakeup->eap_identity_req &&
15057 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST))
15058 goto free_msg;
15059 if (wakeup->four_way_handshake &&
15060 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE))
15061 goto free_msg;
15062 if (wakeup->rfkill_release &&
15063 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE))
15064 goto free_msg;
15065
15066 if (wakeup->pattern_idx >= 0 &&
15067 nla_put_u32(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
15068 wakeup->pattern_idx))
15069 goto free_msg;
15070
15071 if (wakeup->tcp_match &&
15072 nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_MATCH))
15073 goto free_msg;
15074
15075 if (wakeup->tcp_connlost &&
15076 nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_CONNLOST))
15077 goto free_msg;
15078
15079 if (wakeup->tcp_nomoretokens &&
15080 nla_put_flag(msg,
15081 NL80211_WOWLAN_TRIG_WAKEUP_TCP_NOMORETOKENS))
15082 goto free_msg;
15083
15084 if (wakeup->packet) {
15085 u32 pkt_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211;
15086 u32 len_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211_LEN;
15087
15088 if (!wakeup->packet_80211) {
15089 pkt_attr =
15090 NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023;
15091 len_attr =
15092 NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023_LEN;
15093 }
15094
15095 if (wakeup->packet_len &&
15096 nla_put_u32(msg, len_attr, wakeup->packet_len))
15097 goto free_msg;
15098
15099 if (nla_put(msg, pkt_attr, wakeup->packet_present_len,
15100 wakeup->packet))
15101 goto free_msg;
15102 }
15103
15104 if (wakeup->net_detect &&
15105 cfg80211_net_detect_results(msg, wakeup))
15106 goto free_msg;
15107
15108 nla_nest_end(msg, reasons);
15109 }
15110
15111 genlmsg_end(msg, hdr);
15112
15113 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15114 NL80211_MCGRP_MLME, gfp);
15115 return;
15116
15117 free_msg:
15118 nlmsg_free(msg);
15119 }
15120 EXPORT_SYMBOL(cfg80211_report_wowlan_wakeup);
15121 #endif
15122
15123 void cfg80211_tdls_oper_request(struct net_device *dev, const u8 *peer,
15124 enum nl80211_tdls_operation oper,
15125 u16 reason_code, gfp_t gfp)
15126 {
15127 struct wireless_dev *wdev = dev->ieee80211_ptr;
15128 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
15129 struct sk_buff *msg;
15130 void *hdr;
15131
15132 trace_cfg80211_tdls_oper_request(wdev->wiphy, dev, peer, oper,
15133 reason_code);
15134
15135 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
15136 if (!msg)
15137 return;
15138
15139 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_TDLS_OPER);
15140 if (!hdr) {
15141 nlmsg_free(msg);
15142 return;
15143 }
15144
15145 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15146 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
15147 nla_put_u8(msg, NL80211_ATTR_TDLS_OPERATION, oper) ||
15148 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer) ||
15149 (reason_code > 0 &&
15150 nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason_code)))
15151 goto nla_put_failure;
15152
15153 genlmsg_end(msg, hdr);
15154
15155 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15156 NL80211_MCGRP_MLME, gfp);
15157 return;
15158
15159 nla_put_failure:
15160 genlmsg_cancel(msg, hdr);
15161 nlmsg_free(msg);
15162 }
15163 EXPORT_SYMBOL(cfg80211_tdls_oper_request);
15164
15165 static int nl80211_netlink_notify(struct notifier_block * nb,
15166 unsigned long state,
15167 void *_notify)
15168 {
15169 struct netlink_notify *notify = _notify;
15170 struct cfg80211_registered_device *rdev;
15171 struct wireless_dev *wdev;
15172 struct cfg80211_beacon_registration *reg, *tmp;
15173
15174 if (state != NETLINK_URELEASE || notify->protocol != NETLINK_GENERIC)
15175 return NOTIFY_DONE;
15176
15177 rcu_read_lock();
15178
15179 list_for_each_entry_rcu(rdev, &cfg80211_rdev_list, list) {
15180 struct cfg80211_sched_scan_request *sched_scan_req;
15181
15182 list_for_each_entry_rcu(sched_scan_req,
15183 &rdev->sched_scan_req_list,
15184 list) {
15185 if (sched_scan_req->owner_nlportid == notify->portid) {
15186 sched_scan_req->nl_owner_dead = true;
15187 schedule_work(&rdev->sched_scan_stop_wk);
15188 }
15189 }
15190
15191 list_for_each_entry_rcu(wdev, &rdev->wiphy.wdev_list, list) {
15192 cfg80211_mlme_unregister_socket(wdev, notify->portid);
15193
15194 if (wdev->owner_nlportid == notify->portid) {
15195 wdev->nl_owner_dead = true;
15196 schedule_work(&rdev->destroy_work);
15197 } else if (wdev->conn_owner_nlportid == notify->portid) {
15198 schedule_work(&wdev->disconnect_wk);
15199 }
15200 }
15201
15202 spin_lock_bh(&rdev->beacon_registrations_lock);
15203 list_for_each_entry_safe(reg, tmp, &rdev->beacon_registrations,
15204 list) {
15205 if (reg->nlportid == notify->portid) {
15206 list_del(&reg->list);
15207 kfree(reg);
15208 break;
15209 }
15210 }
15211 spin_unlock_bh(&rdev->beacon_registrations_lock);
15212 }
15213
15214 rcu_read_unlock();
15215
15216 /*
15217 * It is possible that the user space process that is controlling the
15218 * indoor setting disappeared, so notify the regulatory core.
15219 */
15220 regulatory_netlink_notify(notify->portid);
15221 return NOTIFY_OK;
15222 }
15223
15224 static struct notifier_block nl80211_netlink_notifier = {
15225 .notifier_call = nl80211_netlink_notify,
15226 };
15227
15228 void cfg80211_ft_event(struct net_device *netdev,
15229 struct cfg80211_ft_event_params *ft_event)
15230 {
15231 struct wiphy *wiphy = netdev->ieee80211_ptr->wiphy;
15232 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15233 struct sk_buff *msg;
15234 void *hdr;
15235
15236 trace_cfg80211_ft_event(wiphy, netdev, ft_event);
15237
15238 if (!ft_event->target_ap)
15239 return;
15240
15241 msg = nlmsg_new(100 + ft_event->ric_ies_len, GFP_KERNEL);
15242 if (!msg)
15243 return;
15244
15245 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FT_EVENT);
15246 if (!hdr)
15247 goto out;
15248
15249 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15250 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
15251 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, ft_event->target_ap))
15252 goto out;
15253
15254 if (ft_event->ies &&
15255 nla_put(msg, NL80211_ATTR_IE, ft_event->ies_len, ft_event->ies))
15256 goto out;
15257 if (ft_event->ric_ies &&
15258 nla_put(msg, NL80211_ATTR_IE_RIC, ft_event->ric_ies_len,
15259 ft_event->ric_ies))
15260 goto out;
15261
15262 genlmsg_end(msg, hdr);
15263
15264 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15265 NL80211_MCGRP_MLME, GFP_KERNEL);
15266 return;
15267 out:
15268 nlmsg_free(msg);
15269 }
15270 EXPORT_SYMBOL(cfg80211_ft_event);
15271
15272 void cfg80211_crit_proto_stopped(struct wireless_dev *wdev, gfp_t gfp)
15273 {
15274 struct cfg80211_registered_device *rdev;
15275 struct sk_buff *msg;
15276 void *hdr;
15277 u32 nlportid;
15278
15279 rdev = wiphy_to_rdev(wdev->wiphy);
15280 if (!rdev->crit_proto_nlportid)
15281 return;
15282
15283 nlportid = rdev->crit_proto_nlportid;
15284 rdev->crit_proto_nlportid = 0;
15285
15286 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
15287 if (!msg)
15288 return;
15289
15290 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CRIT_PROTOCOL_STOP);
15291 if (!hdr)
15292 goto nla_put_failure;
15293
15294 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15295 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
15296 NL80211_ATTR_PAD))
15297 goto nla_put_failure;
15298
15299 genlmsg_end(msg, hdr);
15300
15301 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
15302 return;
15303
15304 nla_put_failure:
15305 if (hdr)
15306 genlmsg_cancel(msg, hdr);
15307 nlmsg_free(msg);
15308 }
15309 EXPORT_SYMBOL(cfg80211_crit_proto_stopped);
15310
15311 void nl80211_send_ap_stopped(struct wireless_dev *wdev)
15312 {
15313 struct wiphy *wiphy = wdev->wiphy;
15314 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15315 struct sk_buff *msg;
15316 void *hdr;
15317
15318 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
15319 if (!msg)
15320 return;
15321
15322 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_STOP_AP);
15323 if (!hdr)
15324 goto out;
15325
15326 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15327 nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex) ||
15328 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
15329 NL80211_ATTR_PAD))
15330 goto out;
15331
15332 genlmsg_end(msg, hdr);
15333
15334 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(wiphy), msg, 0,
15335 NL80211_MCGRP_MLME, GFP_KERNEL);
15336 return;
15337 out:
15338 nlmsg_free(msg);
15339 }
15340
15341 #ifdef CONFIG_CFG80211_SLSI_SAE
15342 int cfg80211_external_auth_request(struct net_device *dev,
15343 struct cfg80211_external_auth_params *params,
15344 gfp_t gfp)
15345 {
15346 struct wireless_dev *wdev = dev->ieee80211_ptr;
15347 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
15348 struct sk_buff *msg;
15349 void *hdr;
15350
15351 if (!wdev->conn_owner_nlportid)
15352 return -EINVAL;
15353
15354 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
15355 if (!msg)
15356 return -ENOMEM;
15357
15358 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_EXTERNAL_AUTH);
15359 if (!hdr)
15360 goto nla_put_failure;
15361
15362 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15363 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
15364 nla_put_u32(msg, NL80211_ATTR_AKM_SUITES, params->key_mgmt_suite) ||
15365 nla_put_u32(msg, NL80211_ATTR_EXTERNAL_AUTH_ACTION,
15366 params->action) ||
15367 nla_put(msg, NL80211_ATTR_BSSID, ETH_ALEN, params->bssid) ||
15368 nla_put(msg, NL80211_ATTR_SSID, params->ssid.ssid_len,
15369 params->ssid.ssid))
15370 goto nla_put_failure;
15371
15372 genlmsg_end(msg, hdr);
15373 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg,
15374 wdev->conn_owner_nlportid);
15375 return 0;
15376
15377 nla_put_failure:
15378 nlmsg_free(msg);
15379 return -ENOBUFS;
15380 }
15381 EXPORT_SYMBOL(cfg80211_external_auth_request);
15382 #endif
15383 /* initialisation/exit functions */
15384
15385 int __init nl80211_init(void)
15386 {
15387 int err;
15388
15389 err = genl_register_family(&nl80211_fam);
15390 if (err)
15391 return err;
15392
15393 err = netlink_register_notifier(&nl80211_netlink_notifier);
15394 if (err)
15395 goto err_out;
15396
15397 return 0;
15398 err_out:
15399 genl_unregister_family(&nl80211_fam);
15400 return err;
15401 }
15402
15403 void nl80211_exit(void)
15404 {
15405 netlink_unregister_notifier(&nl80211_netlink_notifier);
15406 genl_unregister_family(&nl80211_fam);
15407 }