1
2
3
4
5
6
7
8
9#include <linux/if.h>
10#include <linux/module.h>
11#include <linux/err.h>
12#include <linux/slab.h>
13#include <linux/list.h>
14#include <linux/if_ether.h>
15#include <linux/ieee80211.h>
16#include <linux/nl80211.h>
17#include <linux/rtnetlink.h>
18#include <linux/netlink.h>
19#include <linux/etherdevice.h>
20#include <net/net_namespace.h>
21#include <net/genetlink.h>
22#include <net/cfg80211.h>
23#include <net/sock.h>
24#include <net/inet_connection_sock.h>
25#include "core.h"
26#include "nl80211.h"
27#include "reg.h"
28#include "rdev-ops.h"
29
30static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
31 struct genl_info *info,
32 struct cfg80211_crypto_settings *settings,
33 int cipher_limit);
34
35
36static struct genl_family nl80211_fam;
37
38
39enum nl80211_multicast_groups {
40 NL80211_MCGRP_CONFIG,
41 NL80211_MCGRP_SCAN,
42 NL80211_MCGRP_REGULATORY,
43 NL80211_MCGRP_MLME,
44 NL80211_MCGRP_VENDOR,
45 NL80211_MCGRP_NAN,
46 NL80211_MCGRP_TESTMODE
47};
48
49static const struct genl_multicast_group nl80211_mcgrps[] = {
50 [NL80211_MCGRP_CONFIG] = { .name = NL80211_MULTICAST_GROUP_CONFIG },
51 [NL80211_MCGRP_SCAN] = { .name = NL80211_MULTICAST_GROUP_SCAN },
52 [NL80211_MCGRP_REGULATORY] = { .name = NL80211_MULTICAST_GROUP_REG },
53 [NL80211_MCGRP_MLME] = { .name = NL80211_MULTICAST_GROUP_MLME },
54 [NL80211_MCGRP_VENDOR] = { .name = NL80211_MULTICAST_GROUP_VENDOR },
55 [NL80211_MCGRP_NAN] = { .name = NL80211_MULTICAST_GROUP_NAN },
56#ifdef CONFIG_NL80211_TESTMODE
57 [NL80211_MCGRP_TESTMODE] = { .name = NL80211_MULTICAST_GROUP_TESTMODE }
58#endif
59};
60
61
62static struct wireless_dev *
63__cfg80211_wdev_from_attrs(struct net *netns, struct nlattr **attrs)
64{
65 struct cfg80211_registered_device *rdev;
66 struct wireless_dev *result = NULL;
67 bool have_ifidx = attrs[NL80211_ATTR_IFINDEX];
68 bool have_wdev_id = attrs[NL80211_ATTR_WDEV];
69 u64 wdev_id;
70 int wiphy_idx = -1;
71 int ifidx = -1;
72
73 ASSERT_RTNL();
74
75 if (!have_ifidx && !have_wdev_id)
76 return ERR_PTR(-EINVAL);
77
78 if (have_ifidx)
79 ifidx = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
80 if (have_wdev_id) {
81 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
82 wiphy_idx = wdev_id >> 32;
83 }
84
85 list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
86 struct wireless_dev *wdev;
87
88 if (wiphy_net(&rdev->wiphy) != netns)
89 continue;
90
91 if (have_wdev_id && rdev->wiphy_idx != wiphy_idx)
92 continue;
93
94 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
95 if (have_ifidx && wdev->netdev &&
96 wdev->netdev->ifindex == ifidx) {
97 result = wdev;
98 break;
99 }
100 if (have_wdev_id && wdev->identifier == (u32)wdev_id) {
101 result = wdev;
102 break;
103 }
104 }
105
106 if (result)
107 break;
108 }
109
110 if (result)
111 return result;
112 return ERR_PTR(-ENODEV);
113}
114
115static struct cfg80211_registered_device *
116__cfg80211_rdev_from_attrs(struct net *netns, struct nlattr **attrs)
117{
118 struct cfg80211_registered_device *rdev = NULL, *tmp;
119 struct net_device *netdev;
120
121 ASSERT_RTNL();
122
123 if (!attrs[NL80211_ATTR_WIPHY] &&
124 !attrs[NL80211_ATTR_IFINDEX] &&
125 !attrs[NL80211_ATTR_WDEV])
126 return ERR_PTR(-EINVAL);
127
128 if (attrs[NL80211_ATTR_WIPHY])
129 rdev = cfg80211_rdev_by_wiphy_idx(
130 nla_get_u32(attrs[NL80211_ATTR_WIPHY]));
131
132 if (attrs[NL80211_ATTR_WDEV]) {
133 u64 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
134 struct wireless_dev *wdev;
135 bool found = false;
136
137 tmp = cfg80211_rdev_by_wiphy_idx(wdev_id >> 32);
138 if (tmp) {
139
140 list_for_each_entry(wdev, &tmp->wiphy.wdev_list, list) {
141 if (wdev->identifier != (u32)wdev_id)
142 continue;
143 found = true;
144 break;
145 }
146
147 if (!found)
148 tmp = NULL;
149
150 if (rdev && tmp != rdev)
151 return ERR_PTR(-EINVAL);
152 rdev = tmp;
153 }
154 }
155
156 if (attrs[NL80211_ATTR_IFINDEX]) {
157 int ifindex = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
158
159 netdev = __dev_get_by_index(netns, ifindex);
160 if (netdev) {
161 if (netdev->ieee80211_ptr)
162 tmp = wiphy_to_rdev(
163 netdev->ieee80211_ptr->wiphy);
164 else
165 tmp = NULL;
166
167
168 if (!tmp)
169 return ERR_PTR(-EINVAL);
170
171
172 if (rdev && tmp != rdev)
173 return ERR_PTR(-EINVAL);
174
175 rdev = tmp;
176 }
177 }
178
179 if (!rdev)
180 return ERR_PTR(-ENODEV);
181
182 if (netns != wiphy_net(&rdev->wiphy))
183 return ERR_PTR(-ENODEV);
184
185 return rdev;
186}
187
188
189
190
191
192
193
194
195static struct cfg80211_registered_device *
196cfg80211_get_dev_from_info(struct net *netns, struct genl_info *info)
197{
198 return __cfg80211_rdev_from_attrs(netns, info->attrs);
199}
200
201
202static const struct nla_policy nl80211_policy[NUM_NL80211_ATTR] = {
203 [NL80211_ATTR_WIPHY] = { .type = NLA_U32 },
204 [NL80211_ATTR_WIPHY_NAME] = { .type = NLA_NUL_STRING,
205 .len = 20-1 },
206 [NL80211_ATTR_WIPHY_TXQ_PARAMS] = { .type = NLA_NESTED },
207
208 [NL80211_ATTR_WIPHY_FREQ] = { .type = NLA_U32 },
209 [NL80211_ATTR_WIPHY_CHANNEL_TYPE] = { .type = NLA_U32 },
210 [NL80211_ATTR_CHANNEL_WIDTH] = { .type = NLA_U32 },
211 [NL80211_ATTR_CENTER_FREQ1] = { .type = NLA_U32 },
212 [NL80211_ATTR_CENTER_FREQ2] = { .type = NLA_U32 },
213
214 [NL80211_ATTR_WIPHY_RETRY_SHORT] = { .type = NLA_U8 },
215 [NL80211_ATTR_WIPHY_RETRY_LONG] = { .type = NLA_U8 },
216 [NL80211_ATTR_WIPHY_FRAG_THRESHOLD] = { .type = NLA_U32 },
217 [NL80211_ATTR_WIPHY_RTS_THRESHOLD] = { .type = NLA_U32 },
218 [NL80211_ATTR_WIPHY_COVERAGE_CLASS] = { .type = NLA_U8 },
219 [NL80211_ATTR_WIPHY_DYN_ACK] = { .type = NLA_FLAG },
220
221 [NL80211_ATTR_IFTYPE] = { .type = NLA_U32 },
222 [NL80211_ATTR_IFINDEX] = { .type = NLA_U32 },
223 [NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 },
224
225 [NL80211_ATTR_MAC] = { .len = ETH_ALEN },
226 [NL80211_ATTR_PREV_BSSID] = { .len = ETH_ALEN },
227
228 [NL80211_ATTR_KEY] = { .type = NLA_NESTED, },
229 [NL80211_ATTR_KEY_DATA] = { .type = NLA_BINARY,
230 .len = WLAN_MAX_KEY_LEN },
231 [NL80211_ATTR_KEY_IDX] = { .type = NLA_U8 },
232 [NL80211_ATTR_KEY_CIPHER] = { .type = NLA_U32 },
233 [NL80211_ATTR_KEY_DEFAULT] = { .type = NLA_FLAG },
234 [NL80211_ATTR_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
235 [NL80211_ATTR_KEY_TYPE] = { .type = NLA_U32 },
236
237 [NL80211_ATTR_BEACON_INTERVAL] = { .type = NLA_U32 },
238 [NL80211_ATTR_DTIM_PERIOD] = { .type = NLA_U32 },
239 [NL80211_ATTR_BEACON_HEAD] = { .type = NLA_BINARY,
240 .len = IEEE80211_MAX_DATA_LEN },
241 [NL80211_ATTR_BEACON_TAIL] = { .type = NLA_BINARY,
242 .len = IEEE80211_MAX_DATA_LEN },
243 [NL80211_ATTR_STA_AID] = { .type = NLA_U16 },
244 [NL80211_ATTR_STA_FLAGS] = { .type = NLA_NESTED },
245 [NL80211_ATTR_STA_LISTEN_INTERVAL] = { .type = NLA_U16 },
246 [NL80211_ATTR_STA_SUPPORTED_RATES] = { .type = NLA_BINARY,
247 .len = NL80211_MAX_SUPP_RATES },
248 [NL80211_ATTR_STA_PLINK_ACTION] = { .type = NLA_U8 },
249 [NL80211_ATTR_STA_VLAN] = { .type = NLA_U32 },
250 [NL80211_ATTR_MNTR_FLAGS] = { },
251 [NL80211_ATTR_MESH_ID] = { .type = NLA_BINARY,
252 .len = IEEE80211_MAX_MESH_ID_LEN },
253 [NL80211_ATTR_MPATH_NEXT_HOP] = { .type = NLA_U32 },
254
255 [NL80211_ATTR_REG_ALPHA2] = { .type = NLA_STRING, .len = 2 },
256 [NL80211_ATTR_REG_RULES] = { .type = NLA_NESTED },
257
258 [NL80211_ATTR_BSS_CTS_PROT] = { .type = NLA_U8 },
259 [NL80211_ATTR_BSS_SHORT_PREAMBLE] = { .type = NLA_U8 },
260 [NL80211_ATTR_BSS_SHORT_SLOT_TIME] = { .type = NLA_U8 },
261 [NL80211_ATTR_BSS_BASIC_RATES] = { .type = NLA_BINARY,
262 .len = NL80211_MAX_SUPP_RATES },
263 [NL80211_ATTR_BSS_HT_OPMODE] = { .type = NLA_U16 },
264
265 [NL80211_ATTR_MESH_CONFIG] = { .type = NLA_NESTED },
266 [NL80211_ATTR_SUPPORT_MESH_AUTH] = { .type = NLA_FLAG },
267
268 [NL80211_ATTR_HT_CAPABILITY] = { .len = NL80211_HT_CAPABILITY_LEN },
269
270 [NL80211_ATTR_MGMT_SUBTYPE] = { .type = NLA_U8 },
271 [NL80211_ATTR_IE] = { .type = NLA_BINARY,
272 .len = IEEE80211_MAX_DATA_LEN },
273 [NL80211_ATTR_SCAN_FREQUENCIES] = { .type = NLA_NESTED },
274 [NL80211_ATTR_SCAN_SSIDS] = { .type = NLA_NESTED },
275
276 [NL80211_ATTR_SSID] = { .type = NLA_BINARY,
277 .len = IEEE80211_MAX_SSID_LEN },
278 [NL80211_ATTR_AUTH_TYPE] = { .type = NLA_U32 },
279 [NL80211_ATTR_REASON_CODE] = { .type = NLA_U16 },
280 [NL80211_ATTR_FREQ_FIXED] = { .type = NLA_FLAG },
281 [NL80211_ATTR_TIMED_OUT] = { .type = NLA_FLAG },
282 [NL80211_ATTR_USE_MFP] = { .type = NLA_U32 },
283 [NL80211_ATTR_STA_FLAGS2] = {
284 .len = sizeof(struct nl80211_sta_flag_update),
285 },
286 [NL80211_ATTR_CONTROL_PORT] = { .type = NLA_FLAG },
287 [NL80211_ATTR_CONTROL_PORT_ETHERTYPE] = { .type = NLA_U16 },
288 [NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT] = { .type = NLA_FLAG },
289 [NL80211_ATTR_PRIVACY] = { .type = NLA_FLAG },
290 [NL80211_ATTR_CIPHER_SUITE_GROUP] = { .type = NLA_U32 },
291 [NL80211_ATTR_WPA_VERSIONS] = { .type = NLA_U32 },
292 [NL80211_ATTR_PID] = { .type = NLA_U32 },
293 [NL80211_ATTR_4ADDR] = { .type = NLA_U8 },
294 [NL80211_ATTR_PMKID] = { .len = WLAN_PMKID_LEN },
295 [NL80211_ATTR_DURATION] = { .type = NLA_U32 },
296 [NL80211_ATTR_COOKIE] = { .type = NLA_U64 },
297 [NL80211_ATTR_TX_RATES] = { .type = NLA_NESTED },
298 [NL80211_ATTR_FRAME] = { .type = NLA_BINARY,
299 .len = IEEE80211_MAX_DATA_LEN },
300 [NL80211_ATTR_FRAME_MATCH] = { .type = NLA_BINARY, },
301 [NL80211_ATTR_PS_STATE] = { .type = NLA_U32 },
302 [NL80211_ATTR_CQM] = { .type = NLA_NESTED, },
303 [NL80211_ATTR_LOCAL_STATE_CHANGE] = { .type = NLA_FLAG },
304 [NL80211_ATTR_AP_ISOLATE] = { .type = NLA_U8 },
305 [NL80211_ATTR_WIPHY_TX_POWER_SETTING] = { .type = NLA_U32 },
306 [NL80211_ATTR_WIPHY_TX_POWER_LEVEL] = { .type = NLA_U32 },
307 [NL80211_ATTR_FRAME_TYPE] = { .type = NLA_U16 },
308 [NL80211_ATTR_WIPHY_ANTENNA_TX] = { .type = NLA_U32 },
309 [NL80211_ATTR_WIPHY_ANTENNA_RX] = { .type = NLA_U32 },
310 [NL80211_ATTR_MCAST_RATE] = { .type = NLA_U32 },
311 [NL80211_ATTR_OFFCHANNEL_TX_OK] = { .type = NLA_FLAG },
312 [NL80211_ATTR_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
313 [NL80211_ATTR_WOWLAN_TRIGGERS] = { .type = NLA_NESTED },
314 [NL80211_ATTR_STA_PLINK_STATE] = { .type = NLA_U8 },
315 [NL80211_ATTR_SCHED_SCAN_INTERVAL] = { .type = NLA_U32 },
316 [NL80211_ATTR_REKEY_DATA] = { .type = NLA_NESTED },
317 [NL80211_ATTR_SCAN_SUPP_RATES] = { .type = NLA_NESTED },
318 [NL80211_ATTR_HIDDEN_SSID] = { .type = NLA_U32 },
319 [NL80211_ATTR_IE_PROBE_RESP] = { .type = NLA_BINARY,
320 .len = IEEE80211_MAX_DATA_LEN },
321 [NL80211_ATTR_IE_ASSOC_RESP] = { .type = NLA_BINARY,
322 .len = IEEE80211_MAX_DATA_LEN },
323 [NL80211_ATTR_ROAM_SUPPORT] = { .type = NLA_FLAG },
324 [NL80211_ATTR_SCHED_SCAN_MATCH] = { .type = NLA_NESTED },
325 [NL80211_ATTR_TX_NO_CCK_RATE] = { .type = NLA_FLAG },
326 [NL80211_ATTR_TDLS_ACTION] = { .type = NLA_U8 },
327 [NL80211_ATTR_TDLS_DIALOG_TOKEN] = { .type = NLA_U8 },
328 [NL80211_ATTR_TDLS_OPERATION] = { .type = NLA_U8 },
329 [NL80211_ATTR_TDLS_SUPPORT] = { .type = NLA_FLAG },
330 [NL80211_ATTR_TDLS_EXTERNAL_SETUP] = { .type = NLA_FLAG },
331 [NL80211_ATTR_TDLS_INITIATOR] = { .type = NLA_FLAG },
332 [NL80211_ATTR_DONT_WAIT_FOR_ACK] = { .type = NLA_FLAG },
333 [NL80211_ATTR_PROBE_RESP] = { .type = NLA_BINARY,
334 .len = IEEE80211_MAX_DATA_LEN },
335 [NL80211_ATTR_DFS_REGION] = { .type = NLA_U8 },
336 [NL80211_ATTR_DISABLE_HT] = { .type = NLA_FLAG },
337 [NL80211_ATTR_HT_CAPABILITY_MASK] = {
338 .len = NL80211_HT_CAPABILITY_LEN
339 },
340 [NL80211_ATTR_NOACK_MAP] = { .type = NLA_U16 },
341 [NL80211_ATTR_INACTIVITY_TIMEOUT] = { .type = NLA_U16 },
342 [NL80211_ATTR_BG_SCAN_PERIOD] = { .type = NLA_U16 },
343 [NL80211_ATTR_WDEV] = { .type = NLA_U64 },
344 [NL80211_ATTR_USER_REG_HINT_TYPE] = { .type = NLA_U32 },
345 [NL80211_ATTR_AUTH_DATA] = { .type = NLA_BINARY, },
346 [NL80211_ATTR_VHT_CAPABILITY] = { .len = NL80211_VHT_CAPABILITY_LEN },
347 [NL80211_ATTR_SCAN_FLAGS] = { .type = NLA_U32 },
348 [NL80211_ATTR_P2P_CTWINDOW] = { .type = NLA_U8 },
349 [NL80211_ATTR_P2P_OPPPS] = { .type = NLA_U8 },
350 [NL80211_ATTR_LOCAL_MESH_POWER_MODE] = {. type = NLA_U32 },
351 [NL80211_ATTR_ACL_POLICY] = {. type = NLA_U32 },
352 [NL80211_ATTR_MAC_ADDRS] = { .type = NLA_NESTED },
353 [NL80211_ATTR_STA_CAPABILITY] = { .type = NLA_U16 },
354 [NL80211_ATTR_STA_EXT_CAPABILITY] = { .type = NLA_BINARY, },
355 [NL80211_ATTR_SPLIT_WIPHY_DUMP] = { .type = NLA_FLAG, },
356 [NL80211_ATTR_DISABLE_VHT] = { .type = NLA_FLAG },
357 [NL80211_ATTR_VHT_CAPABILITY_MASK] = {
358 .len = NL80211_VHT_CAPABILITY_LEN,
359 },
360 [NL80211_ATTR_MDID] = { .type = NLA_U16 },
361 [NL80211_ATTR_IE_RIC] = { .type = NLA_BINARY,
362 .len = IEEE80211_MAX_DATA_LEN },
363 [NL80211_ATTR_PEER_AID] = { .type = NLA_U16 },
364 [NL80211_ATTR_CH_SWITCH_COUNT] = { .type = NLA_U32 },
365 [NL80211_ATTR_CH_SWITCH_BLOCK_TX] = { .type = NLA_FLAG },
366 [NL80211_ATTR_CSA_IES] = { .type = NLA_NESTED },
367 [NL80211_ATTR_CSA_C_OFF_BEACON] = { .type = NLA_BINARY },
368 [NL80211_ATTR_CSA_C_OFF_PRESP] = { .type = NLA_BINARY },
369 [NL80211_ATTR_STA_SUPPORTED_CHANNELS] = { .type = NLA_BINARY },
370 [NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES] = { .type = NLA_BINARY },
371 [NL80211_ATTR_HANDLE_DFS] = { .type = NLA_FLAG },
372 [NL80211_ATTR_OPMODE_NOTIF] = { .type = NLA_U8 },
373 [NL80211_ATTR_VENDOR_ID] = { .type = NLA_U32 },
374 [NL80211_ATTR_VENDOR_SUBCMD] = { .type = NLA_U32 },
375 [NL80211_ATTR_VENDOR_DATA] = { .type = NLA_BINARY },
376 [NL80211_ATTR_QOS_MAP] = { .type = NLA_BINARY,
377 .len = IEEE80211_QOS_MAP_LEN_MAX },
378 [NL80211_ATTR_MAC_HINT] = { .len = ETH_ALEN },
379 [NL80211_ATTR_WIPHY_FREQ_HINT] = { .type = NLA_U32 },
380 [NL80211_ATTR_TDLS_PEER_CAPABILITY] = { .type = NLA_U32 },
381 [NL80211_ATTR_SOCKET_OWNER] = { .type = NLA_FLAG },
382 [NL80211_ATTR_CSA_C_OFFSETS_TX] = { .type = NLA_BINARY },
383 [NL80211_ATTR_USE_RRM] = { .type = NLA_FLAG },
384 [NL80211_ATTR_TSID] = { .type = NLA_U8 },
385 [NL80211_ATTR_USER_PRIO] = { .type = NLA_U8 },
386 [NL80211_ATTR_ADMITTED_TIME] = { .type = NLA_U16 },
387 [NL80211_ATTR_SMPS_MODE] = { .type = NLA_U8 },
388 [NL80211_ATTR_MAC_MASK] = { .len = ETH_ALEN },
389 [NL80211_ATTR_WIPHY_SELF_MANAGED_REG] = { .type = NLA_FLAG },
390 [NL80211_ATTR_NETNS_FD] = { .type = NLA_U32 },
391 [NL80211_ATTR_SCHED_SCAN_DELAY] = { .type = NLA_U32 },
392 [NL80211_ATTR_REG_INDOOR] = { .type = NLA_FLAG },
393 [NL80211_ATTR_PBSS] = { .type = NLA_FLAG },
394 [NL80211_ATTR_BSS_SELECT] = { .type = NLA_NESTED },
395 [NL80211_ATTR_STA_SUPPORT_P2P_PS] = { .type = NLA_U8 },
396 [NL80211_ATTR_MU_MIMO_GROUP_DATA] = {
397 .len = VHT_MUMIMO_GROUPS_DATA_LEN
398 },
399 [NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR] = { .len = ETH_ALEN },
400 [NL80211_ATTR_NAN_MASTER_PREF] = { .type = NLA_U8 },
401 [NL80211_ATTR_BANDS] = { .type = NLA_U32 },
402 [NL80211_ATTR_NAN_FUNC] = { .type = NLA_NESTED },
403 [NL80211_ATTR_FILS_KEK] = { .type = NLA_BINARY,
404 .len = FILS_MAX_KEK_LEN },
405 [NL80211_ATTR_FILS_NONCES] = { .len = 2 * FILS_NONCE_LEN },
406 [NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED] = { .type = NLA_FLAG, },
407 [NL80211_ATTR_BSSID] = { .len = ETH_ALEN },
408 [NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI] = { .type = NLA_S8 },
409 [NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST] = {
410 .len = sizeof(struct nl80211_bss_select_rssi_adjust)
411 },
412 [NL80211_ATTR_TIMEOUT_REASON] = { .type = NLA_U32 },
413 [NL80211_ATTR_FILS_ERP_USERNAME] = { .type = NLA_BINARY,
414 .len = FILS_ERP_MAX_USERNAME_LEN },
415 [NL80211_ATTR_FILS_ERP_REALM] = { .type = NLA_BINARY,
416 .len = FILS_ERP_MAX_REALM_LEN },
417 [NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] = { .type = NLA_U16 },
418 [NL80211_ATTR_FILS_ERP_RRK] = { .type = NLA_BINARY,
419 .len = FILS_ERP_MAX_RRK_LEN },
420 [NL80211_ATTR_FILS_CACHE_ID] = { .len = 2 },
421 [NL80211_ATTR_PMK] = { .type = NLA_BINARY, .len = PMK_MAX_LEN },
422 [NL80211_ATTR_SCHED_SCAN_MULTI] = { .type = NLA_FLAG },
423};
424
425
426static const struct nla_policy nl80211_key_policy[NL80211_KEY_MAX + 1] = {
427 [NL80211_KEY_DATA] = { .type = NLA_BINARY, .len = WLAN_MAX_KEY_LEN },
428 [NL80211_KEY_IDX] = { .type = NLA_U8 },
429 [NL80211_KEY_CIPHER] = { .type = NLA_U32 },
430 [NL80211_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
431 [NL80211_KEY_DEFAULT] = { .type = NLA_FLAG },
432 [NL80211_KEY_DEFAULT_MGMT] = { .type = NLA_FLAG },
433 [NL80211_KEY_TYPE] = { .type = NLA_U32 },
434 [NL80211_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
435};
436
437
438static const struct nla_policy
439nl80211_key_default_policy[NUM_NL80211_KEY_DEFAULT_TYPES] = {
440 [NL80211_KEY_DEFAULT_TYPE_UNICAST] = { .type = NLA_FLAG },
441 [NL80211_KEY_DEFAULT_TYPE_MULTICAST] = { .type = NLA_FLAG },
442};
443
444#ifdef CONFIG_PM
445
446static const struct nla_policy
447nl80211_wowlan_policy[NUM_NL80211_WOWLAN_TRIG] = {
448 [NL80211_WOWLAN_TRIG_ANY] = { .type = NLA_FLAG },
449 [NL80211_WOWLAN_TRIG_DISCONNECT] = { .type = NLA_FLAG },
450 [NL80211_WOWLAN_TRIG_MAGIC_PKT] = { .type = NLA_FLAG },
451 [NL80211_WOWLAN_TRIG_PKT_PATTERN] = { .type = NLA_NESTED },
452 [NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE] = { .type = NLA_FLAG },
453 [NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST] = { .type = NLA_FLAG },
454 [NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE] = { .type = NLA_FLAG },
455 [NL80211_WOWLAN_TRIG_RFKILL_RELEASE] = { .type = NLA_FLAG },
456 [NL80211_WOWLAN_TRIG_TCP_CONNECTION] = { .type = NLA_NESTED },
457 [NL80211_WOWLAN_TRIG_NET_DETECT] = { .type = NLA_NESTED },
458};
459
460static const struct nla_policy
461nl80211_wowlan_tcp_policy[NUM_NL80211_WOWLAN_TCP] = {
462 [NL80211_WOWLAN_TCP_SRC_IPV4] = { .type = NLA_U32 },
463 [NL80211_WOWLAN_TCP_DST_IPV4] = { .type = NLA_U32 },
464 [NL80211_WOWLAN_TCP_DST_MAC] = { .len = ETH_ALEN },
465 [NL80211_WOWLAN_TCP_SRC_PORT] = { .type = NLA_U16 },
466 [NL80211_WOWLAN_TCP_DST_PORT] = { .type = NLA_U16 },
467 [NL80211_WOWLAN_TCP_DATA_PAYLOAD] = { .len = 1 },
468 [NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ] = {
469 .len = sizeof(struct nl80211_wowlan_tcp_data_seq)
470 },
471 [NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN] = {
472 .len = sizeof(struct nl80211_wowlan_tcp_data_token)
473 },
474 [NL80211_WOWLAN_TCP_DATA_INTERVAL] = { .type = NLA_U32 },
475 [NL80211_WOWLAN_TCP_WAKE_PAYLOAD] = { .len = 1 },
476 [NL80211_WOWLAN_TCP_WAKE_MASK] = { .len = 1 },
477};
478#endif
479
480
481static const struct nla_policy
482nl80211_coalesce_policy[NUM_NL80211_ATTR_COALESCE_RULE] = {
483 [NL80211_ATTR_COALESCE_RULE_DELAY] = { .type = NLA_U32 },
484 [NL80211_ATTR_COALESCE_RULE_CONDITION] = { .type = NLA_U32 },
485 [NL80211_ATTR_COALESCE_RULE_PKT_PATTERN] = { .type = NLA_NESTED },
486};
487
488
489static const struct nla_policy
490nl80211_rekey_policy[NUM_NL80211_REKEY_DATA] = {
491 [NL80211_REKEY_DATA_KEK] = { .len = NL80211_KEK_LEN },
492 [NL80211_REKEY_DATA_KCK] = { .len = NL80211_KCK_LEN },
493 [NL80211_REKEY_DATA_REPLAY_CTR] = { .len = NL80211_REPLAY_CTR_LEN },
494};
495
496static const struct nla_policy
497nl80211_match_policy[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1] = {
498 [NL80211_SCHED_SCAN_MATCH_ATTR_SSID] = { .type = NLA_BINARY,
499 .len = IEEE80211_MAX_SSID_LEN },
500 [NL80211_SCHED_SCAN_MATCH_ATTR_BSSID] = { .len = ETH_ALEN },
501 [NL80211_SCHED_SCAN_MATCH_ATTR_RSSI] = { .type = NLA_U32 },
502};
503
504static const struct nla_policy
505nl80211_plan_policy[NL80211_SCHED_SCAN_PLAN_MAX + 1] = {
506 [NL80211_SCHED_SCAN_PLAN_INTERVAL] = { .type = NLA_U32 },
507 [NL80211_SCHED_SCAN_PLAN_ITERATIONS] = { .type = NLA_U32 },
508};
509
510static const struct nla_policy
511nl80211_bss_select_policy[NL80211_BSS_SELECT_ATTR_MAX + 1] = {
512 [NL80211_BSS_SELECT_ATTR_RSSI] = { .type = NLA_FLAG },
513 [NL80211_BSS_SELECT_ATTR_BAND_PREF] = { .type = NLA_U32 },
514 [NL80211_BSS_SELECT_ATTR_RSSI_ADJUST] = {
515 .len = sizeof(struct nl80211_bss_select_rssi_adjust)
516 },
517};
518
519
520static const struct nla_policy
521nl80211_nan_func_policy[NL80211_NAN_FUNC_ATTR_MAX + 1] = {
522 [NL80211_NAN_FUNC_TYPE] = { .type = NLA_U8 },
523 [NL80211_NAN_FUNC_SERVICE_ID] = {
524 .len = NL80211_NAN_FUNC_SERVICE_ID_LEN },
525 [NL80211_NAN_FUNC_PUBLISH_TYPE] = { .type = NLA_U8 },
526 [NL80211_NAN_FUNC_PUBLISH_BCAST] = { .type = NLA_FLAG },
527 [NL80211_NAN_FUNC_SUBSCRIBE_ACTIVE] = { .type = NLA_FLAG },
528 [NL80211_NAN_FUNC_FOLLOW_UP_ID] = { .type = NLA_U8 },
529 [NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID] = { .type = NLA_U8 },
530 [NL80211_NAN_FUNC_FOLLOW_UP_DEST] = { .len = ETH_ALEN },
531 [NL80211_NAN_FUNC_CLOSE_RANGE] = { .type = NLA_FLAG },
532 [NL80211_NAN_FUNC_TTL] = { .type = NLA_U32 },
533 [NL80211_NAN_FUNC_SERVICE_INFO] = { .type = NLA_BINARY,
534 .len = NL80211_NAN_FUNC_SERVICE_SPEC_INFO_MAX_LEN },
535 [NL80211_NAN_FUNC_SRF] = { .type = NLA_NESTED },
536 [NL80211_NAN_FUNC_RX_MATCH_FILTER] = { .type = NLA_NESTED },
537 [NL80211_NAN_FUNC_TX_MATCH_FILTER] = { .type = NLA_NESTED },
538 [NL80211_NAN_FUNC_INSTANCE_ID] = { .type = NLA_U8 },
539 [NL80211_NAN_FUNC_TERM_REASON] = { .type = NLA_U8 },
540};
541
542
543static const struct nla_policy
544nl80211_nan_srf_policy[NL80211_NAN_SRF_ATTR_MAX + 1] = {
545 [NL80211_NAN_SRF_INCLUDE] = { .type = NLA_FLAG },
546 [NL80211_NAN_SRF_BF] = { .type = NLA_BINARY,
547 .len = NL80211_NAN_FUNC_SRF_MAX_LEN },
548 [NL80211_NAN_SRF_BF_IDX] = { .type = NLA_U8 },
549 [NL80211_NAN_SRF_MAC_ADDRS] = { .type = NLA_NESTED },
550};
551
552
553static const struct nla_policy
554nl80211_packet_pattern_policy[MAX_NL80211_PKTPAT + 1] = {
555 [NL80211_PKTPAT_MASK] = { .type = NLA_BINARY, },
556 [NL80211_PKTPAT_PATTERN] = { .type = NLA_BINARY, },
557 [NL80211_PKTPAT_OFFSET] = { .type = NLA_U32 },
558};
559
560static int nl80211_prepare_wdev_dump(struct sk_buff *skb,
561 struct netlink_callback *cb,
562 struct cfg80211_registered_device **rdev,
563 struct wireless_dev **wdev)
564{
565 int err;
566
567 if (!cb->args[0]) {
568 err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
569 genl_family_attrbuf(&nl80211_fam),
570 nl80211_fam.maxattr, nl80211_policy);
571
572 if (err)
573 return err;
574
575 *wdev = __cfg80211_wdev_from_attrs(
576 sock_net(skb->sk),
577 genl_family_attrbuf(&nl80211_fam));
578 if (IS_ERR(*wdev))
579 return PTR_ERR(*wdev);
580 *rdev = wiphy_to_rdev((*wdev)->wiphy);
581
582 cb->args[0] = (*rdev)->wiphy_idx + 1;
583 cb->args[1] = (*wdev)->identifier;
584 } else {
585
586 struct wiphy *wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1);
587 struct wireless_dev *tmp;
588
589 if (!wiphy)
590 return -ENODEV;
591 *rdev = wiphy_to_rdev(wiphy);
592 *wdev = NULL;
593
594 list_for_each_entry(tmp, &(*rdev)->wiphy.wdev_list, list) {
595 if (tmp->identifier == cb->args[1]) {
596 *wdev = tmp;
597 break;
598 }
599 }
600
601 if (!*wdev)
602 return -ENODEV;
603 }
604
605 return 0;
606}
607
608
609static bool is_valid_ie_attr(const struct nlattr *attr)
610{
611 const u8 *pos;
612 int len;
613
614 if (!attr)
615 return true;
616
617 pos = nla_data(attr);
618 len = nla_len(attr);
619
620 while (len) {
621 u8 elemlen;
622
623 if (len < 2)
624 return false;
625 len -= 2;
626
627 elemlen = pos[1];
628 if (elemlen > len)
629 return false;
630
631 len -= elemlen;
632 pos += 2 + elemlen;
633 }
634
635 return true;
636}
637
638
639static inline void *nl80211hdr_put(struct sk_buff *skb, u32 portid, u32 seq,
640 int flags, u8 cmd)
641{
642
643 return genlmsg_put(skb, portid, seq, &nl80211_fam, flags, cmd);
644}
645
646static int nl80211_msg_put_channel(struct sk_buff *msg,
647 struct ieee80211_channel *chan,
648 bool large)
649{
650
651
652
653 if (!large && chan->flags &
654 (IEEE80211_CHAN_NO_10MHZ | IEEE80211_CHAN_NO_20MHZ))
655 return 0;
656
657 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_FREQ,
658 chan->center_freq))
659 goto nla_put_failure;
660
661 if ((chan->flags & IEEE80211_CHAN_DISABLED) &&
662 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_DISABLED))
663 goto nla_put_failure;
664 if (chan->flags & IEEE80211_CHAN_NO_IR) {
665 if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_IR))
666 goto nla_put_failure;
667 if (nla_put_flag(msg, __NL80211_FREQUENCY_ATTR_NO_IBSS))
668 goto nla_put_failure;
669 }
670 if (chan->flags & IEEE80211_CHAN_RADAR) {
671 if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_RADAR))
672 goto nla_put_failure;
673 if (large) {
674 u32 time;
675
676 time = elapsed_jiffies_msecs(chan->dfs_state_entered);
677
678 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_STATE,
679 chan->dfs_state))
680 goto nla_put_failure;
681 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_TIME,
682 time))
683 goto nla_put_failure;
684 if (nla_put_u32(msg,
685 NL80211_FREQUENCY_ATTR_DFS_CAC_TIME,
686 chan->dfs_cac_ms))
687 goto nla_put_failure;
688 }
689 }
690
691 if (large) {
692 if ((chan->flags & IEEE80211_CHAN_NO_HT40MINUS) &&
693 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_MINUS))
694 goto nla_put_failure;
695 if ((chan->flags & IEEE80211_CHAN_NO_HT40PLUS) &&
696 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_PLUS))
697 goto nla_put_failure;
698 if ((chan->flags & IEEE80211_CHAN_NO_80MHZ) &&
699 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_80MHZ))
700 goto nla_put_failure;
701 if ((chan->flags & IEEE80211_CHAN_NO_160MHZ) &&
702 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_160MHZ))
703 goto nla_put_failure;
704 if ((chan->flags & IEEE80211_CHAN_INDOOR_ONLY) &&
705 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_INDOOR_ONLY))
706 goto nla_put_failure;
707 if ((chan->flags & IEEE80211_CHAN_IR_CONCURRENT) &&
708 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_IR_CONCURRENT))
709 goto nla_put_failure;
710 if ((chan->flags & IEEE80211_CHAN_NO_20MHZ) &&
711 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_20MHZ))
712 goto nla_put_failure;
713 if ((chan->flags & IEEE80211_CHAN_NO_10MHZ) &&
714 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_10MHZ))
715 goto nla_put_failure;
716 }
717
718 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_MAX_TX_POWER,
719 DBM_TO_MBM(chan->max_power)))
720 goto nla_put_failure;
721
722 return 0;
723
724 nla_put_failure:
725 return -ENOBUFS;
726}
727
728
729
730struct key_parse {
731 struct key_params p;
732 int idx;
733 int type;
734 bool def, defmgmt;
735 bool def_uni, def_multi;
736};
737
738static int nl80211_parse_key_new(struct nlattr *key, struct key_parse *k)
739{
740 struct nlattr *tb[NL80211_KEY_MAX + 1];
741 int err = nla_parse_nested(tb, NL80211_KEY_MAX, key,
742 nl80211_key_policy);
743 if (err)
744 return err;
745
746 k->def = !!tb[NL80211_KEY_DEFAULT];
747 k->defmgmt = !!tb[NL80211_KEY_DEFAULT_MGMT];
748
749 if (k->def) {
750 k->def_uni = true;
751 k->def_multi = true;
752 }
753 if (k->defmgmt)
754 k->def_multi = true;
755
756 if (tb[NL80211_KEY_IDX])
757 k->idx = nla_get_u8(tb[NL80211_KEY_IDX]);
758
759 if (tb[NL80211_KEY_DATA]) {
760 k->p.key = nla_data(tb[NL80211_KEY_DATA]);
761 k->p.key_len = nla_len(tb[NL80211_KEY_DATA]);
762 }
763
764 if (tb[NL80211_KEY_SEQ]) {
765 k->p.seq = nla_data(tb[NL80211_KEY_SEQ]);
766 k->p.seq_len = nla_len(tb[NL80211_KEY_SEQ]);
767 }
768
769 if (tb[NL80211_KEY_CIPHER])
770 k->p.cipher = nla_get_u32(tb[NL80211_KEY_CIPHER]);
771
772 if (tb[NL80211_KEY_TYPE]) {
773 k->type = nla_get_u32(tb[NL80211_KEY_TYPE]);
774 if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES)
775 return -EINVAL;
776 }
777
778 if (tb[NL80211_KEY_DEFAULT_TYPES]) {
779 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
780
781 err = nla_parse_nested(kdt, NUM_NL80211_KEY_DEFAULT_TYPES - 1,
782 tb[NL80211_KEY_DEFAULT_TYPES],
783 nl80211_key_default_policy);
784 if (err)
785 return err;
786
787 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
788 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
789 }
790
791 return 0;
792}
793
794static int nl80211_parse_key_old(struct genl_info *info, struct key_parse *k)
795{
796 if (info->attrs[NL80211_ATTR_KEY_DATA]) {
797 k->p.key = nla_data(info->attrs[NL80211_ATTR_KEY_DATA]);
798 k->p.key_len = nla_len(info->attrs[NL80211_ATTR_KEY_DATA]);
799 }
800
801 if (info->attrs[NL80211_ATTR_KEY_SEQ]) {
802 k->p.seq = nla_data(info->attrs[NL80211_ATTR_KEY_SEQ]);
803 k->p.seq_len = nla_len(info->attrs[NL80211_ATTR_KEY_SEQ]);
804 }
805
806 if (info->attrs[NL80211_ATTR_KEY_IDX])
807 k->idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
808
809 if (info->attrs[NL80211_ATTR_KEY_CIPHER])
810 k->p.cipher = nla_get_u32(info->attrs[NL80211_ATTR_KEY_CIPHER]);
811
812 k->def = !!info->attrs[NL80211_ATTR_KEY_DEFAULT];
813 k->defmgmt = !!info->attrs[NL80211_ATTR_KEY_DEFAULT_MGMT];
814
815 if (k->def) {
816 k->def_uni = true;
817 k->def_multi = true;
818 }
819 if (k->defmgmt)
820 k->def_multi = true;
821
822 if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
823 k->type = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
824 if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES)
825 return -EINVAL;
826 }
827
828 if (info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES]) {
829 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
830 int err = nla_parse_nested(
831 kdt, NUM_NL80211_KEY_DEFAULT_TYPES - 1,
832 info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES],
833 nl80211_key_default_policy);
834 if (err)
835 return err;
836
837 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
838 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
839 }
840
841 return 0;
842}
843
844static int nl80211_parse_key(struct genl_info *info, struct key_parse *k)
845{
846 int err;
847
848 memset(k, 0, sizeof(*k));
849 k->idx = -1;
850 k->type = -1;
851
852 if (info->attrs[NL80211_ATTR_KEY])
853 err = nl80211_parse_key_new(info->attrs[NL80211_ATTR_KEY], k);
854 else
855 err = nl80211_parse_key_old(info, k);
856
857 if (err)
858 return err;
859
860 if (k->def && k->defmgmt)
861 return -EINVAL;
862
863 if (k->defmgmt) {
864 if (k->def_uni || !k->def_multi)
865 return -EINVAL;
866 }
867
868 if (k->idx != -1) {
869 if (k->defmgmt) {
870 if (k->idx < 4 || k->idx > 5)
871 return -EINVAL;
872 } else if (k->def) {
873 if (k->idx < 0 || k->idx > 3)
874 return -EINVAL;
875 } else {
876 if (k->idx < 0 || k->idx > 5)
877 return -EINVAL;
878 }
879 }
880
881 return 0;
882}
883
884static struct cfg80211_cached_keys *
885nl80211_parse_connkeys(struct cfg80211_registered_device *rdev,
886 struct nlattr *keys, bool *no_ht)
887{
888 struct key_parse parse;
889 struct nlattr *key;
890 struct cfg80211_cached_keys *result;
891 int rem, err, def = 0;
892 bool have_key = false;
893
894 nla_for_each_nested(key, keys, rem) {
895 have_key = true;
896 break;
897 }
898
899 if (!have_key)
900 return NULL;
901
902 result = kzalloc(sizeof(*result), GFP_KERNEL);
903 if (!result)
904 return ERR_PTR(-ENOMEM);
905
906 result->def = -1;
907
908 nla_for_each_nested(key, keys, rem) {
909 memset(&parse, 0, sizeof(parse));
910 parse.idx = -1;
911
912 err = nl80211_parse_key_new(key, &parse);
913 if (err)
914 goto error;
915 err = -EINVAL;
916 if (!parse.p.key)
917 goto error;
918 if (parse.idx < 0 || parse.idx > 3)
919 goto error;
920 if (parse.def) {
921 if (def)
922 goto error;
923 def = 1;
924 result->def = parse.idx;
925 if (!parse.def_uni || !parse.def_multi)
926 goto error;
927 } else if (parse.defmgmt)
928 goto error;
929 err = cfg80211_validate_key_settings(rdev, &parse.p,
930 parse.idx, false, NULL);
931 if (err)
932 goto error;
933 if (parse.p.cipher != WLAN_CIPHER_SUITE_WEP40 &&
934 parse.p.cipher != WLAN_CIPHER_SUITE_WEP104) {
935 err = -EINVAL;
936 goto error;
937 }
938 result->params[parse.idx].cipher = parse.p.cipher;
939 result->params[parse.idx].key_len = parse.p.key_len;
940 result->params[parse.idx].key = result->data[parse.idx];
941 memcpy(result->data[parse.idx], parse.p.key, parse.p.key_len);
942
943
944 if (no_ht)
945 *no_ht = true;
946 }
947
948 if (result->def < 0) {
949 err = -EINVAL;
950 goto error;
951 }
952
953 return result;
954 error:
955 kfree(result);
956 return ERR_PTR(err);
957}
958
959static int nl80211_key_allowed(struct wireless_dev *wdev)
960{
961 ASSERT_WDEV_LOCK(wdev);
962
963 switch (wdev->iftype) {
964 case NL80211_IFTYPE_AP:
965 case NL80211_IFTYPE_AP_VLAN:
966 case NL80211_IFTYPE_P2P_GO:
967 case NL80211_IFTYPE_MESH_POINT:
968 break;
969 case NL80211_IFTYPE_ADHOC:
970 case NL80211_IFTYPE_STATION:
971 case NL80211_IFTYPE_P2P_CLIENT:
972 if (!wdev->current_bss)
973 return -ENOLINK;
974 break;
975 case NL80211_IFTYPE_UNSPECIFIED:
976 case NL80211_IFTYPE_OCB:
977 case NL80211_IFTYPE_MONITOR:
978 case NL80211_IFTYPE_NAN:
979 case NL80211_IFTYPE_P2P_DEVICE:
980 case NL80211_IFTYPE_WDS:
981 case NUM_NL80211_IFTYPES:
982 return -EINVAL;
983 }
984
985 return 0;
986}
987
988static struct ieee80211_channel *nl80211_get_valid_chan(struct wiphy *wiphy,
989 struct nlattr *tb)
990{
991 struct ieee80211_channel *chan;
992
993 if (tb == NULL)
994 return NULL;
995 chan = ieee80211_get_channel(wiphy, nla_get_u32(tb));
996 if (!chan || chan->flags & IEEE80211_CHAN_DISABLED)
997 return NULL;
998 return chan;
999}
1000
1001static int nl80211_put_iftypes(struct sk_buff *msg, u32 attr, u16 ifmodes)
1002{
1003 struct nlattr *nl_modes = nla_nest_start(msg, attr);
1004 int i;
1005
1006 if (!nl_modes)
1007 goto nla_put_failure;
1008
1009 i = 0;
1010 while (ifmodes) {
1011 if ((ifmodes & 1) && nla_put_flag(msg, i))
1012 goto nla_put_failure;
1013 ifmodes >>= 1;
1014 i++;
1015 }
1016
1017 nla_nest_end(msg, nl_modes);
1018 return 0;
1019
1020nla_put_failure:
1021 return -ENOBUFS;
1022}
1023
1024static int nl80211_put_iface_combinations(struct wiphy *wiphy,
1025 struct sk_buff *msg,
1026 bool large)
1027{
1028 struct nlattr *nl_combis;
1029 int i, j;
1030
1031 nl_combis = nla_nest_start(msg,
1032 NL80211_ATTR_INTERFACE_COMBINATIONS);
1033 if (!nl_combis)
1034 goto nla_put_failure;
1035
1036 for (i = 0; i < wiphy->n_iface_combinations; i++) {
1037 const struct ieee80211_iface_combination *c;
1038 struct nlattr *nl_combi, *nl_limits;
1039
1040 c = &wiphy->iface_combinations[i];
1041
1042 nl_combi = nla_nest_start(msg, i + 1);
1043 if (!nl_combi)
1044 goto nla_put_failure;
1045
1046 nl_limits = nla_nest_start(msg, NL80211_IFACE_COMB_LIMITS);
1047 if (!nl_limits)
1048 goto nla_put_failure;
1049
1050 for (j = 0; j < c->n_limits; j++) {
1051 struct nlattr *nl_limit;
1052
1053 nl_limit = nla_nest_start(msg, j + 1);
1054 if (!nl_limit)
1055 goto nla_put_failure;
1056 if (nla_put_u32(msg, NL80211_IFACE_LIMIT_MAX,
1057 c->limits[j].max))
1058 goto nla_put_failure;
1059 if (nl80211_put_iftypes(msg, NL80211_IFACE_LIMIT_TYPES,
1060 c->limits[j].types))
1061 goto nla_put_failure;
1062 nla_nest_end(msg, nl_limit);
1063 }
1064
1065 nla_nest_end(msg, nl_limits);
1066
1067 if (c->beacon_int_infra_match &&
1068 nla_put_flag(msg, NL80211_IFACE_COMB_STA_AP_BI_MATCH))
1069 goto nla_put_failure;
1070 if (nla_put_u32(msg, NL80211_IFACE_COMB_NUM_CHANNELS,
1071 c->num_different_channels) ||
1072 nla_put_u32(msg, NL80211_IFACE_COMB_MAXNUM,
1073 c->max_interfaces))
1074 goto nla_put_failure;
1075 if (large &&
1076 (nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_WIDTHS,
1077 c->radar_detect_widths) ||
1078 nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_REGIONS,
1079 c->radar_detect_regions)))
1080 goto nla_put_failure;
1081 if (c->beacon_int_min_gcd &&
1082 nla_put_u32(msg, NL80211_IFACE_COMB_BI_MIN_GCD,
1083 c->beacon_int_min_gcd))
1084 goto nla_put_failure;
1085
1086 nla_nest_end(msg, nl_combi);
1087 }
1088
1089 nla_nest_end(msg, nl_combis);
1090
1091 return 0;
1092nla_put_failure:
1093 return -ENOBUFS;
1094}
1095
1096#ifdef CONFIG_PM
1097static int nl80211_send_wowlan_tcp_caps(struct cfg80211_registered_device *rdev,
1098 struct sk_buff *msg)
1099{
1100 const struct wiphy_wowlan_tcp_support *tcp = rdev->wiphy.wowlan->tcp;
1101 struct nlattr *nl_tcp;
1102
1103 if (!tcp)
1104 return 0;
1105
1106 nl_tcp = nla_nest_start(msg, NL80211_WOWLAN_TRIG_TCP_CONNECTION);
1107 if (!nl_tcp)
1108 return -ENOBUFS;
1109
1110 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
1111 tcp->data_payload_max))
1112 return -ENOBUFS;
1113
1114 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
1115 tcp->data_payload_max))
1116 return -ENOBUFS;
1117
1118 if (tcp->seq && nla_put_flag(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ))
1119 return -ENOBUFS;
1120
1121 if (tcp->tok && nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
1122 sizeof(*tcp->tok), tcp->tok))
1123 return -ENOBUFS;
1124
1125 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
1126 tcp->data_interval_max))
1127 return -ENOBUFS;
1128
1129 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
1130 tcp->wake_payload_max))
1131 return -ENOBUFS;
1132
1133 nla_nest_end(msg, nl_tcp);
1134 return 0;
1135}
1136
1137static int nl80211_send_wowlan(struct sk_buff *msg,
1138 struct cfg80211_registered_device *rdev,
1139 bool large)
1140{
1141 struct nlattr *nl_wowlan;
1142
1143 if (!rdev->wiphy.wowlan)
1144 return 0;
1145
1146 nl_wowlan = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS_SUPPORTED);
1147 if (!nl_wowlan)
1148 return -ENOBUFS;
1149
1150 if (((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_ANY) &&
1151 nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
1152 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_DISCONNECT) &&
1153 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
1154 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT) &&
1155 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
1156 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_SUPPORTS_GTK_REKEY) &&
1157 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED)) ||
1158 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE) &&
1159 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
1160 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ) &&
1161 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
1162 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE) &&
1163 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
1164 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE) &&
1165 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
1166 return -ENOBUFS;
1167
1168 if (rdev->wiphy.wowlan->n_patterns) {
1169 struct nl80211_pattern_support pat = {
1170 .max_patterns = rdev->wiphy.wowlan->n_patterns,
1171 .min_pattern_len = rdev->wiphy.wowlan->pattern_min_len,
1172 .max_pattern_len = rdev->wiphy.wowlan->pattern_max_len,
1173 .max_pkt_offset = rdev->wiphy.wowlan->max_pkt_offset,
1174 };
1175
1176 if (nla_put(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
1177 sizeof(pat), &pat))
1178 return -ENOBUFS;
1179 }
1180
1181 if ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_NET_DETECT) &&
1182 nla_put_u32(msg, NL80211_WOWLAN_TRIG_NET_DETECT,
1183 rdev->wiphy.wowlan->max_nd_match_sets))
1184 return -ENOBUFS;
1185
1186 if (large && nl80211_send_wowlan_tcp_caps(rdev, msg))
1187 return -ENOBUFS;
1188
1189 nla_nest_end(msg, nl_wowlan);
1190
1191 return 0;
1192}
1193#endif
1194
1195static int nl80211_send_coalesce(struct sk_buff *msg,
1196 struct cfg80211_registered_device *rdev)
1197{
1198 struct nl80211_coalesce_rule_support rule;
1199
1200 if (!rdev->wiphy.coalesce)
1201 return 0;
1202
1203 rule.max_rules = rdev->wiphy.coalesce->n_rules;
1204 rule.max_delay = rdev->wiphy.coalesce->max_delay;
1205 rule.pat.max_patterns = rdev->wiphy.coalesce->n_patterns;
1206 rule.pat.min_pattern_len = rdev->wiphy.coalesce->pattern_min_len;
1207 rule.pat.max_pattern_len = rdev->wiphy.coalesce->pattern_max_len;
1208 rule.pat.max_pkt_offset = rdev->wiphy.coalesce->max_pkt_offset;
1209
1210 if (nla_put(msg, NL80211_ATTR_COALESCE_RULE, sizeof(rule), &rule))
1211 return -ENOBUFS;
1212
1213 return 0;
1214}
1215
1216static int nl80211_send_band_rateinfo(struct sk_buff *msg,
1217 struct ieee80211_supported_band *sband)
1218{
1219 struct nlattr *nl_rates, *nl_rate;
1220 struct ieee80211_rate *rate;
1221 int i;
1222
1223
1224 if (sband->ht_cap.ht_supported &&
1225 (nla_put(msg, NL80211_BAND_ATTR_HT_MCS_SET,
1226 sizeof(sband->ht_cap.mcs),
1227 &sband->ht_cap.mcs) ||
1228 nla_put_u16(msg, NL80211_BAND_ATTR_HT_CAPA,
1229 sband->ht_cap.cap) ||
1230 nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_FACTOR,
1231 sband->ht_cap.ampdu_factor) ||
1232 nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_DENSITY,
1233 sband->ht_cap.ampdu_density)))
1234 return -ENOBUFS;
1235
1236
1237 if (sband->vht_cap.vht_supported &&
1238 (nla_put(msg, NL80211_BAND_ATTR_VHT_MCS_SET,
1239 sizeof(sband->vht_cap.vht_mcs),
1240 &sband->vht_cap.vht_mcs) ||
1241 nla_put_u32(msg, NL80211_BAND_ATTR_VHT_CAPA,
1242 sband->vht_cap.cap)))
1243 return -ENOBUFS;
1244
1245
1246 nl_rates = nla_nest_start(msg, NL80211_BAND_ATTR_RATES);
1247 if (!nl_rates)
1248 return -ENOBUFS;
1249
1250 for (i = 0; i < sband->n_bitrates; i++) {
1251 nl_rate = nla_nest_start(msg, i);
1252 if (!nl_rate)
1253 return -ENOBUFS;
1254
1255 rate = &sband->bitrates[i];
1256 if (nla_put_u32(msg, NL80211_BITRATE_ATTR_RATE,
1257 rate->bitrate))
1258 return -ENOBUFS;
1259 if ((rate->flags & IEEE80211_RATE_SHORT_PREAMBLE) &&
1260 nla_put_flag(msg,
1261 NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE))
1262 return -ENOBUFS;
1263
1264 nla_nest_end(msg, nl_rate);
1265 }
1266
1267 nla_nest_end(msg, nl_rates);
1268
1269 return 0;
1270}
1271
1272static int
1273nl80211_send_mgmt_stypes(struct sk_buff *msg,
1274 const struct ieee80211_txrx_stypes *mgmt_stypes)
1275{
1276 u16 stypes;
1277 struct nlattr *nl_ftypes, *nl_ifs;
1278 enum nl80211_iftype ift;
1279 int i;
1280
1281 if (!mgmt_stypes)
1282 return 0;
1283
1284 nl_ifs = nla_nest_start(msg, NL80211_ATTR_TX_FRAME_TYPES);
1285 if (!nl_ifs)
1286 return -ENOBUFS;
1287
1288 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
1289 nl_ftypes = nla_nest_start(msg, ift);
1290 if (!nl_ftypes)
1291 return -ENOBUFS;
1292 i = 0;
1293 stypes = mgmt_stypes[ift].tx;
1294 while (stypes) {
1295 if ((stypes & 1) &&
1296 nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
1297 (i << 4) | IEEE80211_FTYPE_MGMT))
1298 return -ENOBUFS;
1299 stypes >>= 1;
1300 i++;
1301 }
1302 nla_nest_end(msg, nl_ftypes);
1303 }
1304
1305 nla_nest_end(msg, nl_ifs);
1306
1307 nl_ifs = nla_nest_start(msg, NL80211_ATTR_RX_FRAME_TYPES);
1308 if (!nl_ifs)
1309 return -ENOBUFS;
1310
1311 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
1312 nl_ftypes = nla_nest_start(msg, ift);
1313 if (!nl_ftypes)
1314 return -ENOBUFS;
1315 i = 0;
1316 stypes = mgmt_stypes[ift].rx;
1317 while (stypes) {
1318 if ((stypes & 1) &&
1319 nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
1320 (i << 4) | IEEE80211_FTYPE_MGMT))
1321 return -ENOBUFS;
1322 stypes >>= 1;
1323 i++;
1324 }
1325 nla_nest_end(msg, nl_ftypes);
1326 }
1327 nla_nest_end(msg, nl_ifs);
1328
1329 return 0;
1330}
1331
1332#define CMD(op, n) \
1333 do { \
1334 if (rdev->ops->op) { \
1335 i++; \
1336 if (nla_put_u32(msg, i, NL80211_CMD_ ## n)) \
1337 goto nla_put_failure; \
1338 } \
1339 } while (0)
1340
1341static int nl80211_add_commands_unsplit(struct cfg80211_registered_device *rdev,
1342 struct sk_buff *msg)
1343{
1344 int i = 0;
1345
1346
1347
1348
1349
1350
1351 CMD(add_virtual_intf, NEW_INTERFACE);
1352 CMD(change_virtual_intf, SET_INTERFACE);
1353 CMD(add_key, NEW_KEY);
1354 CMD(start_ap, START_AP);
1355 CMD(add_station, NEW_STATION);
1356 CMD(add_mpath, NEW_MPATH);
1357 CMD(update_mesh_config, SET_MESH_CONFIG);
1358 CMD(change_bss, SET_BSS);
1359 CMD(auth, AUTHENTICATE);
1360 CMD(assoc, ASSOCIATE);
1361 CMD(deauth, DEAUTHENTICATE);
1362 CMD(disassoc, DISASSOCIATE);
1363 CMD(join_ibss, JOIN_IBSS);
1364 CMD(join_mesh, JOIN_MESH);
1365 CMD(set_pmksa, SET_PMKSA);
1366 CMD(del_pmksa, DEL_PMKSA);
1367 CMD(flush_pmksa, FLUSH_PMKSA);
1368 if (rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL)
1369 CMD(remain_on_channel, REMAIN_ON_CHANNEL);
1370 CMD(set_bitrate_mask, SET_TX_BITRATE_MASK);
1371 CMD(mgmt_tx, FRAME);
1372 CMD(mgmt_tx_cancel_wait, FRAME_WAIT_CANCEL);
1373 if (rdev->wiphy.flags & WIPHY_FLAG_NETNS_OK) {
1374 i++;
1375 if (nla_put_u32(msg, i, NL80211_CMD_SET_WIPHY_NETNS))
1376 goto nla_put_failure;
1377 }
1378 if (rdev->ops->set_monitor_channel || rdev->ops->start_ap ||
1379 rdev->ops->join_mesh) {
1380 i++;
1381 if (nla_put_u32(msg, i, NL80211_CMD_SET_CHANNEL))
1382 goto nla_put_failure;
1383 }
1384 CMD(set_wds_peer, SET_WDS_PEER);
1385 if (rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) {
1386 CMD(tdls_mgmt, TDLS_MGMT);
1387 CMD(tdls_oper, TDLS_OPER);
1388 }
1389 if (rdev->wiphy.max_sched_scan_reqs)
1390 CMD(sched_scan_start, START_SCHED_SCAN);
1391 CMD(probe_client, PROBE_CLIENT);
1392 CMD(set_noack_map, SET_NOACK_MAP);
1393 if (rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS) {
1394 i++;
1395 if (nla_put_u32(msg, i, NL80211_CMD_REGISTER_BEACONS))
1396 goto nla_put_failure;
1397 }
1398 CMD(start_p2p_device, START_P2P_DEVICE);
1399 CMD(set_mcast_rate, SET_MCAST_RATE);
1400#ifdef CONFIG_NL80211_TESTMODE
1401 CMD(testmode_cmd, TESTMODE);
1402#endif
1403
1404 if (rdev->ops->connect || rdev->ops->auth) {
1405 i++;
1406 if (nla_put_u32(msg, i, NL80211_CMD_CONNECT))
1407 goto nla_put_failure;
1408 }
1409
1410 if (rdev->ops->disconnect || rdev->ops->deauth) {
1411 i++;
1412 if (nla_put_u32(msg, i, NL80211_CMD_DISCONNECT))
1413 goto nla_put_failure;
1414 }
1415
1416 return i;
1417 nla_put_failure:
1418 return -ENOBUFS;
1419}
1420
1421struct nl80211_dump_wiphy_state {
1422 s64 filter_wiphy;
1423 long start;
1424 long split_start, band_start, chan_start, capa_start;
1425 bool split;
1426};
1427
1428static int nl80211_send_wiphy(struct cfg80211_registered_device *rdev,
1429 enum nl80211_commands cmd,
1430 struct sk_buff *msg, u32 portid, u32 seq,
1431 int flags, struct nl80211_dump_wiphy_state *state)
1432{
1433 void *hdr;
1434 struct nlattr *nl_bands, *nl_band;
1435 struct nlattr *nl_freqs, *nl_freq;
1436 struct nlattr *nl_cmds;
1437 enum nl80211_band band;
1438 struct ieee80211_channel *chan;
1439 int i;
1440 const struct ieee80211_txrx_stypes *mgmt_stypes =
1441 rdev->wiphy.mgmt_stypes;
1442 u32 features;
1443
1444 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
1445 if (!hdr)
1446 return -ENOBUFS;
1447
1448 if (WARN_ON(!state))
1449 return -EINVAL;
1450
1451 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
1452 nla_put_string(msg, NL80211_ATTR_WIPHY_NAME,
1453 wiphy_name(&rdev->wiphy)) ||
1454 nla_put_u32(msg, NL80211_ATTR_GENERATION,
1455 cfg80211_rdev_list_generation))
1456 goto nla_put_failure;
1457
1458 if (cmd != NL80211_CMD_NEW_WIPHY)
1459 goto finish;
1460
1461 switch (state->split_start) {
1462 case 0:
1463 if (nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_SHORT,
1464 rdev->wiphy.retry_short) ||
1465 nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_LONG,
1466 rdev->wiphy.retry_long) ||
1467 nla_put_u32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD,
1468 rdev->wiphy.frag_threshold) ||
1469 nla_put_u32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD,
1470 rdev->wiphy.rts_threshold) ||
1471 nla_put_u8(msg, NL80211_ATTR_WIPHY_COVERAGE_CLASS,
1472 rdev->wiphy.coverage_class) ||
1473 nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCAN_SSIDS,
1474 rdev->wiphy.max_scan_ssids) ||
1475 nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS,
1476 rdev->wiphy.max_sched_scan_ssids) ||
1477 nla_put_u16(msg, NL80211_ATTR_MAX_SCAN_IE_LEN,
1478 rdev->wiphy.max_scan_ie_len) ||
1479 nla_put_u16(msg, NL80211_ATTR_MAX_SCHED_SCAN_IE_LEN,
1480 rdev->wiphy.max_sched_scan_ie_len) ||
1481 nla_put_u8(msg, NL80211_ATTR_MAX_MATCH_SETS,
1482 rdev->wiphy.max_match_sets) ||
1483 nla_put_u32(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_PLANS,
1484 rdev->wiphy.max_sched_scan_plans) ||
1485 nla_put_u32(msg, NL80211_ATTR_MAX_SCAN_PLAN_INTERVAL,
1486 rdev->wiphy.max_sched_scan_plan_interval) ||
1487 nla_put_u32(msg, NL80211_ATTR_MAX_SCAN_PLAN_ITERATIONS,
1488 rdev->wiphy.max_sched_scan_plan_iterations))
1489 goto nla_put_failure;
1490
1491 if ((rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN) &&
1492 nla_put_flag(msg, NL80211_ATTR_SUPPORT_IBSS_RSN))
1493 goto nla_put_failure;
1494 if ((rdev->wiphy.flags & WIPHY_FLAG_MESH_AUTH) &&
1495 nla_put_flag(msg, NL80211_ATTR_SUPPORT_MESH_AUTH))
1496 goto nla_put_failure;
1497 if ((rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) &&
1498 nla_put_flag(msg, NL80211_ATTR_SUPPORT_AP_UAPSD))
1499 goto nla_put_failure;
1500 if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_FW_ROAM) &&
1501 nla_put_flag(msg, NL80211_ATTR_ROAM_SUPPORT))
1502 goto nla_put_failure;
1503 if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) &&
1504 nla_put_flag(msg, NL80211_ATTR_TDLS_SUPPORT))
1505 goto nla_put_failure;
1506 if ((rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP) &&
1507 nla_put_flag(msg, NL80211_ATTR_TDLS_EXTERNAL_SETUP))
1508 goto nla_put_failure;
1509 state->split_start++;
1510 if (state->split)
1511 break;
1512 case 1:
1513 if (nla_put(msg, NL80211_ATTR_CIPHER_SUITES,
1514 sizeof(u32) * rdev->wiphy.n_cipher_suites,
1515 rdev->wiphy.cipher_suites))
1516 goto nla_put_failure;
1517
1518 if (nla_put_u8(msg, NL80211_ATTR_MAX_NUM_PMKIDS,
1519 rdev->wiphy.max_num_pmkids))
1520 goto nla_put_failure;
1521
1522 if ((rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
1523 nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE))
1524 goto nla_put_failure;
1525
1526 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_TX,
1527 rdev->wiphy.available_antennas_tx) ||
1528 nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_RX,
1529 rdev->wiphy.available_antennas_rx))
1530 goto nla_put_failure;
1531
1532 if ((rdev->wiphy.flags & WIPHY_FLAG_AP_PROBE_RESP_OFFLOAD) &&
1533 nla_put_u32(msg, NL80211_ATTR_PROBE_RESP_OFFLOAD,
1534 rdev->wiphy.probe_resp_offload))
1535 goto nla_put_failure;
1536
1537 if ((rdev->wiphy.available_antennas_tx ||
1538 rdev->wiphy.available_antennas_rx) &&
1539 rdev->ops->get_antenna) {
1540 u32 tx_ant = 0, rx_ant = 0;
1541 int res;
1542
1543 res = rdev_get_antenna(rdev, &tx_ant, &rx_ant);
1544 if (!res) {
1545 if (nla_put_u32(msg,
1546 NL80211_ATTR_WIPHY_ANTENNA_TX,
1547 tx_ant) ||
1548 nla_put_u32(msg,
1549 NL80211_ATTR_WIPHY_ANTENNA_RX,
1550 rx_ant))
1551 goto nla_put_failure;
1552 }
1553 }
1554
1555 state->split_start++;
1556 if (state->split)
1557 break;
1558 case 2:
1559 if (nl80211_put_iftypes(msg, NL80211_ATTR_SUPPORTED_IFTYPES,
1560 rdev->wiphy.interface_modes))
1561 goto nla_put_failure;
1562 state->split_start++;
1563 if (state->split)
1564 break;
1565 case 3:
1566 nl_bands = nla_nest_start(msg, NL80211_ATTR_WIPHY_BANDS);
1567 if (!nl_bands)
1568 goto nla_put_failure;
1569
1570 for (band = state->band_start;
1571 band < NUM_NL80211_BANDS; band++) {
1572 struct ieee80211_supported_band *sband;
1573
1574 sband = rdev->wiphy.bands[band];
1575
1576 if (!sband)
1577 continue;
1578
1579 nl_band = nla_nest_start(msg, band);
1580 if (!nl_band)
1581 goto nla_put_failure;
1582
1583 switch (state->chan_start) {
1584 case 0:
1585 if (nl80211_send_band_rateinfo(msg, sband))
1586 goto nla_put_failure;
1587 state->chan_start++;
1588 if (state->split)
1589 break;
1590 default:
1591
1592 nl_freqs = nla_nest_start(
1593 msg, NL80211_BAND_ATTR_FREQS);
1594 if (!nl_freqs)
1595 goto nla_put_failure;
1596
1597 for (i = state->chan_start - 1;
1598 i < sband->n_channels;
1599 i++) {
1600 nl_freq = nla_nest_start(msg, i);
1601 if (!nl_freq)
1602 goto nla_put_failure;
1603
1604 chan = &sband->channels[i];
1605
1606 if (nl80211_msg_put_channel(
1607 msg, chan,
1608 state->split))
1609 goto nla_put_failure;
1610
1611 nla_nest_end(msg, nl_freq);
1612 if (state->split)
1613 break;
1614 }
1615 if (i < sband->n_channels)
1616 state->chan_start = i + 2;
1617 else
1618 state->chan_start = 0;
1619 nla_nest_end(msg, nl_freqs);
1620 }
1621
1622 nla_nest_end(msg, nl_band);
1623
1624 if (state->split) {
1625
1626 if (state->chan_start)
1627 band--;
1628 break;
1629 }
1630 }
1631 nla_nest_end(msg, nl_bands);
1632
1633 if (band < NUM_NL80211_BANDS)
1634 state->band_start = band + 1;
1635 else
1636 state->band_start = 0;
1637
1638
1639 if (state->band_start == 0 && state->chan_start == 0)
1640 state->split_start++;
1641 if (state->split)
1642 break;
1643 case 4:
1644 nl_cmds = nla_nest_start(msg, NL80211_ATTR_SUPPORTED_COMMANDS);
1645 if (!nl_cmds)
1646 goto nla_put_failure;
1647
1648 i = nl80211_add_commands_unsplit(rdev, msg);
1649 if (i < 0)
1650 goto nla_put_failure;
1651 if (state->split) {
1652 CMD(crit_proto_start, CRIT_PROTOCOL_START);
1653 CMD(crit_proto_stop, CRIT_PROTOCOL_STOP);
1654 if (rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH)
1655 CMD(channel_switch, CHANNEL_SWITCH);
1656 CMD(set_qos_map, SET_QOS_MAP);
1657 if (rdev->wiphy.features &
1658 NL80211_FEATURE_SUPPORTS_WMM_ADMISSION)
1659 CMD(add_tx_ts, ADD_TX_TS);
1660 CMD(set_multicast_to_unicast, SET_MULTICAST_TO_UNICAST);
1661 CMD(update_connect_params, UPDATE_CONNECT_PARAMS);
1662 }
1663#undef CMD
1664
1665 nla_nest_end(msg, nl_cmds);
1666 state->split_start++;
1667 if (state->split)
1668 break;
1669 case 5:
1670 if (rdev->ops->remain_on_channel &&
1671 (rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL) &&
1672 nla_put_u32(msg,
1673 NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION,
1674 rdev->wiphy.max_remain_on_channel_duration))
1675 goto nla_put_failure;
1676
1677 if ((rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX) &&
1678 nla_put_flag(msg, NL80211_ATTR_OFFCHANNEL_TX_OK))
1679 goto nla_put_failure;
1680
1681 if (nl80211_send_mgmt_stypes(msg, mgmt_stypes))
1682 goto nla_put_failure;
1683 state->split_start++;
1684 if (state->split)
1685 break;
1686 case 6:
1687#ifdef CONFIG_PM
1688 if (nl80211_send_wowlan(msg, rdev, state->split))
1689 goto nla_put_failure;
1690 state->split_start++;
1691 if (state->split)
1692 break;
1693#else
1694 state->split_start++;
1695#endif
1696 case 7:
1697 if (nl80211_put_iftypes(msg, NL80211_ATTR_SOFTWARE_IFTYPES,
1698 rdev->wiphy.software_iftypes))
1699 goto nla_put_failure;
1700
1701 if (nl80211_put_iface_combinations(&rdev->wiphy, msg,
1702 state->split))
1703 goto nla_put_failure;
1704
1705 state->split_start++;
1706 if (state->split)
1707 break;
1708 case 8:
1709 if ((rdev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME) &&
1710 nla_put_u32(msg, NL80211_ATTR_DEVICE_AP_SME,
1711 rdev->wiphy.ap_sme_capa))
1712 goto nla_put_failure;
1713
1714 features = rdev->wiphy.features;
1715
1716
1717
1718
1719
1720 if (state->split)
1721 features |= NL80211_FEATURE_ADVERTISE_CHAN_LIMITS;
1722 if (nla_put_u32(msg, NL80211_ATTR_FEATURE_FLAGS, features))
1723 goto nla_put_failure;
1724
1725 if (rdev->wiphy.ht_capa_mod_mask &&
1726 nla_put(msg, NL80211_ATTR_HT_CAPABILITY_MASK,
1727 sizeof(*rdev->wiphy.ht_capa_mod_mask),
1728 rdev->wiphy.ht_capa_mod_mask))
1729 goto nla_put_failure;
1730
1731 if (rdev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME &&
1732 rdev->wiphy.max_acl_mac_addrs &&
1733 nla_put_u32(msg, NL80211_ATTR_MAC_ACL_MAX,
1734 rdev->wiphy.max_acl_mac_addrs))
1735 goto nla_put_failure;
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747 state->split_start++;
1748 break;
1749 case 9:
1750 if (rdev->wiphy.extended_capabilities &&
1751 (nla_put(msg, NL80211_ATTR_EXT_CAPA,
1752 rdev->wiphy.extended_capabilities_len,
1753 rdev->wiphy.extended_capabilities) ||
1754 nla_put(msg, NL80211_ATTR_EXT_CAPA_MASK,
1755 rdev->wiphy.extended_capabilities_len,
1756 rdev->wiphy.extended_capabilities_mask)))
1757 goto nla_put_failure;
1758
1759 if (rdev->wiphy.vht_capa_mod_mask &&
1760 nla_put(msg, NL80211_ATTR_VHT_CAPABILITY_MASK,
1761 sizeof(*rdev->wiphy.vht_capa_mod_mask),
1762 rdev->wiphy.vht_capa_mod_mask))
1763 goto nla_put_failure;
1764
1765 state->split_start++;
1766 break;
1767 case 10:
1768 if (nl80211_send_coalesce(msg, rdev))
1769 goto nla_put_failure;
1770
1771 if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ) &&
1772 (nla_put_flag(msg, NL80211_ATTR_SUPPORT_5_MHZ) ||
1773 nla_put_flag(msg, NL80211_ATTR_SUPPORT_10_MHZ)))
1774 goto nla_put_failure;
1775
1776 if (rdev->wiphy.max_ap_assoc_sta &&
1777 nla_put_u32(msg, NL80211_ATTR_MAX_AP_ASSOC_STA,
1778 rdev->wiphy.max_ap_assoc_sta))
1779 goto nla_put_failure;
1780
1781 state->split_start++;
1782 break;
1783 case 11:
1784 if (rdev->wiphy.n_vendor_commands) {
1785 const struct nl80211_vendor_cmd_info *info;
1786 struct nlattr *nested;
1787
1788 nested = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA);
1789 if (!nested)
1790 goto nla_put_failure;
1791
1792 for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) {
1793 info = &rdev->wiphy.vendor_commands[i].info;
1794 if (nla_put(msg, i + 1, sizeof(*info), info))
1795 goto nla_put_failure;
1796 }
1797 nla_nest_end(msg, nested);
1798 }
1799
1800 if (rdev->wiphy.n_vendor_events) {
1801 const struct nl80211_vendor_cmd_info *info;
1802 struct nlattr *nested;
1803
1804 nested = nla_nest_start(msg,
1805 NL80211_ATTR_VENDOR_EVENTS);
1806 if (!nested)
1807 goto nla_put_failure;
1808
1809 for (i = 0; i < rdev->wiphy.n_vendor_events; i++) {
1810 info = &rdev->wiphy.vendor_events[i];
1811 if (nla_put(msg, i + 1, sizeof(*info), info))
1812 goto nla_put_failure;
1813 }
1814 nla_nest_end(msg, nested);
1815 }
1816 state->split_start++;
1817 break;
1818 case 12:
1819 if (rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH &&
1820 nla_put_u8(msg, NL80211_ATTR_MAX_CSA_COUNTERS,
1821 rdev->wiphy.max_num_csa_counters))
1822 goto nla_put_failure;
1823
1824 if (rdev->wiphy.regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
1825 nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
1826 goto nla_put_failure;
1827
1828 if (rdev->wiphy.max_sched_scan_reqs &&
1829 nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_MAX_REQS,
1830 rdev->wiphy.max_sched_scan_reqs))
1831 goto nla_put_failure;
1832
1833 if (nla_put(msg, NL80211_ATTR_EXT_FEATURES,
1834 sizeof(rdev->wiphy.ext_features),
1835 rdev->wiphy.ext_features))
1836 goto nla_put_failure;
1837
1838 if (rdev->wiphy.bss_select_support) {
1839 struct nlattr *nested;
1840 u32 bss_select_support = rdev->wiphy.bss_select_support;
1841
1842 nested = nla_nest_start(msg, NL80211_ATTR_BSS_SELECT);
1843 if (!nested)
1844 goto nla_put_failure;
1845
1846 i = 0;
1847 while (bss_select_support) {
1848 if ((bss_select_support & 1) &&
1849 nla_put_flag(msg, i))
1850 goto nla_put_failure;
1851 i++;
1852 bss_select_support >>= 1;
1853 }
1854 nla_nest_end(msg, nested);
1855 }
1856
1857 state->split_start++;
1858 break;
1859 case 13:
1860 if (rdev->wiphy.num_iftype_ext_capab &&
1861 rdev->wiphy.iftype_ext_capab) {
1862 struct nlattr *nested_ext_capab, *nested;
1863
1864 nested = nla_nest_start(msg,
1865 NL80211_ATTR_IFTYPE_EXT_CAPA);
1866 if (!nested)
1867 goto nla_put_failure;
1868
1869 for (i = state->capa_start;
1870 i < rdev->wiphy.num_iftype_ext_capab; i++) {
1871 const struct wiphy_iftype_ext_capab *capab;
1872
1873 capab = &rdev->wiphy.iftype_ext_capab[i];
1874
1875 nested_ext_capab = nla_nest_start(msg, i);
1876 if (!nested_ext_capab ||
1877 nla_put_u32(msg, NL80211_ATTR_IFTYPE,
1878 capab->iftype) ||
1879 nla_put(msg, NL80211_ATTR_EXT_CAPA,
1880 capab->extended_capabilities_len,
1881 capab->extended_capabilities) ||
1882 nla_put(msg, NL80211_ATTR_EXT_CAPA_MASK,
1883 capab->extended_capabilities_len,
1884 capab->extended_capabilities_mask))
1885 goto nla_put_failure;
1886
1887 nla_nest_end(msg, nested_ext_capab);
1888 if (state->split)
1889 break;
1890 }
1891 nla_nest_end(msg, nested);
1892 if (i < rdev->wiphy.num_iftype_ext_capab) {
1893 state->capa_start = i + 1;
1894 break;
1895 }
1896 }
1897
1898 if (nla_put_u32(msg, NL80211_ATTR_BANDS,
1899 rdev->wiphy.nan_supported_bands))
1900 goto nla_put_failure;
1901
1902
1903 state->split_start = 0;
1904 break;
1905 }
1906 finish:
1907 genlmsg_end(msg, hdr);
1908 return 0;
1909
1910 nla_put_failure:
1911 genlmsg_cancel(msg, hdr);
1912 return -EMSGSIZE;
1913}
1914
1915static int nl80211_dump_wiphy_parse(struct sk_buff *skb,
1916 struct netlink_callback *cb,
1917 struct nl80211_dump_wiphy_state *state)
1918{
1919 struct nlattr **tb = genl_family_attrbuf(&nl80211_fam);
1920 int ret = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
1921 tb, nl80211_fam.maxattr, nl80211_policy);
1922
1923 if (ret)
1924 return 0;
1925
1926 state->split = tb[NL80211_ATTR_SPLIT_WIPHY_DUMP];
1927 if (tb[NL80211_ATTR_WIPHY])
1928 state->filter_wiphy = nla_get_u32(tb[NL80211_ATTR_WIPHY]);
1929 if (tb[NL80211_ATTR_WDEV])
1930 state->filter_wiphy = nla_get_u64(tb[NL80211_ATTR_WDEV]) >> 32;
1931 if (tb[NL80211_ATTR_IFINDEX]) {
1932 struct net_device *netdev;
1933 struct cfg80211_registered_device *rdev;
1934 int ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]);
1935
1936 netdev = __dev_get_by_index(sock_net(skb->sk), ifidx);
1937 if (!netdev)
1938 return -ENODEV;
1939 if (netdev->ieee80211_ptr) {
1940 rdev = wiphy_to_rdev(
1941 netdev->ieee80211_ptr->wiphy);
1942 state->filter_wiphy = rdev->wiphy_idx;
1943 }
1944 }
1945
1946 return 0;
1947}
1948
1949static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb)
1950{
1951 int idx = 0, ret;
1952 struct nl80211_dump_wiphy_state *state = (void *)cb->args[0];
1953 struct cfg80211_registered_device *rdev;
1954
1955 rtnl_lock();
1956 if (!state) {
1957 state = kzalloc(sizeof(*state), GFP_KERNEL);
1958 if (!state) {
1959 rtnl_unlock();
1960 return -ENOMEM;
1961 }
1962 state->filter_wiphy = -1;
1963 ret = nl80211_dump_wiphy_parse(skb, cb, state);
1964 if (ret) {
1965 kfree(state);
1966 rtnl_unlock();
1967 return ret;
1968 }
1969 cb->args[0] = (long)state;
1970 }
1971
1972 list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
1973 if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
1974 continue;
1975 if (++idx <= state->start)
1976 continue;
1977 if (state->filter_wiphy != -1 &&
1978 state->filter_wiphy != rdev->wiphy_idx)
1979 continue;
1980
1981 do {
1982 ret = nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY,
1983 skb,
1984 NETLINK_CB(cb->skb).portid,
1985 cb->nlh->nlmsg_seq,
1986 NLM_F_MULTI, state);
1987 if (ret < 0) {
1988
1989
1990
1991
1992
1993
1994
1995
1996
1997
1998
1999
2000
2001 if ((ret == -ENOBUFS || ret == -EMSGSIZE) &&
2002 !skb->len && !state->split &&
2003 cb->min_dump_alloc < 4096) {
2004 cb->min_dump_alloc = 4096;
2005 state->split_start = 0;
2006 rtnl_unlock();
2007 return 1;
2008 }
2009 idx--;
2010 break;
2011 }
2012 } while (state->split_start > 0);
2013 break;
2014 }
2015 rtnl_unlock();
2016
2017 state->start = idx;
2018
2019 return skb->len;
2020}
2021
2022static int nl80211_dump_wiphy_done(struct netlink_callback *cb)
2023{
2024 kfree((void *)cb->args[0]);
2025 return 0;
2026}
2027
2028static int nl80211_get_wiphy(struct sk_buff *skb, struct genl_info *info)
2029{
2030 struct sk_buff *msg;
2031 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2032 struct nl80211_dump_wiphy_state state = {};
2033
2034 msg = nlmsg_new(4096, GFP_KERNEL);
2035 if (!msg)
2036 return -ENOMEM;
2037
2038 if (nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY, msg,
2039 info->snd_portid, info->snd_seq, 0,
2040 &state) < 0) {
2041 nlmsg_free(msg);
2042 return -ENOBUFS;
2043 }
2044
2045 return genlmsg_reply(msg, info);
2046}
2047
2048static const struct nla_policy txq_params_policy[NL80211_TXQ_ATTR_MAX + 1] = {
2049 [NL80211_TXQ_ATTR_QUEUE] = { .type = NLA_U8 },
2050 [NL80211_TXQ_ATTR_TXOP] = { .type = NLA_U16 },
2051 [NL80211_TXQ_ATTR_CWMIN] = { .type = NLA_U16 },
2052 [NL80211_TXQ_ATTR_CWMAX] = { .type = NLA_U16 },
2053 [NL80211_TXQ_ATTR_AIFS] = { .type = NLA_U8 },
2054};
2055
2056static int parse_txq_params(struct nlattr *tb[],
2057 struct ieee80211_txq_params *txq_params)
2058{
2059 if (!tb[NL80211_TXQ_ATTR_AC] || !tb[NL80211_TXQ_ATTR_TXOP] ||
2060 !tb[NL80211_TXQ_ATTR_CWMIN] || !tb[NL80211_TXQ_ATTR_CWMAX] ||
2061 !tb[NL80211_TXQ_ATTR_AIFS])
2062 return -EINVAL;
2063
2064 txq_params->ac = nla_get_u8(tb[NL80211_TXQ_ATTR_AC]);
2065 txq_params->txop = nla_get_u16(tb[NL80211_TXQ_ATTR_TXOP]);
2066 txq_params->cwmin = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMIN]);
2067 txq_params->cwmax = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMAX]);
2068 txq_params->aifs = nla_get_u8(tb[NL80211_TXQ_ATTR_AIFS]);
2069
2070 if (txq_params->ac >= NL80211_NUM_ACS)
2071 return -EINVAL;
2072
2073 return 0;
2074}
2075
2076static bool nl80211_can_set_dev_channel(struct wireless_dev *wdev)
2077{
2078
2079
2080
2081
2082
2083
2084
2085
2086
2087
2088
2089
2090
2091
2092
2093 return !wdev ||
2094 wdev->iftype == NL80211_IFTYPE_AP ||
2095 wdev->iftype == NL80211_IFTYPE_MESH_POINT ||
2096 wdev->iftype == NL80211_IFTYPE_MONITOR ||
2097 wdev->iftype == NL80211_IFTYPE_P2P_GO;
2098}
2099
2100static int nl80211_parse_chandef(struct cfg80211_registered_device *rdev,
2101 struct genl_info *info,
2102 struct cfg80211_chan_def *chandef)
2103{
2104 u32 control_freq;
2105
2106 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
2107 return -EINVAL;
2108
2109 control_freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]);
2110
2111 chandef->chan = ieee80211_get_channel(&rdev->wiphy, control_freq);
2112 chandef->width = NL80211_CHAN_WIDTH_20_NOHT;
2113 chandef->center_freq1 = control_freq;
2114 chandef->center_freq2 = 0;
2115
2116
2117 if (!chandef->chan || chandef->chan->flags & IEEE80211_CHAN_DISABLED)
2118 return -EINVAL;
2119
2120 if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
2121 enum nl80211_channel_type chantype;
2122
2123 chantype = nla_get_u32(
2124 info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
2125
2126 switch (chantype) {
2127 case NL80211_CHAN_NO_HT:
2128 case NL80211_CHAN_HT20:
2129 case NL80211_CHAN_HT40PLUS:
2130 case NL80211_CHAN_HT40MINUS:
2131 cfg80211_chandef_create(chandef, chandef->chan,
2132 chantype);
2133 break;
2134 default:
2135 return -EINVAL;
2136 }
2137 } else if (info->attrs[NL80211_ATTR_CHANNEL_WIDTH]) {
2138 chandef->width =
2139 nla_get_u32(info->attrs[NL80211_ATTR_CHANNEL_WIDTH]);
2140 if (info->attrs[NL80211_ATTR_CENTER_FREQ1])
2141 chandef->center_freq1 =
2142 nla_get_u32(
2143 info->attrs[NL80211_ATTR_CENTER_FREQ1]);
2144 if (info->attrs[NL80211_ATTR_CENTER_FREQ2])
2145 chandef->center_freq2 =
2146 nla_get_u32(
2147 info->attrs[NL80211_ATTR_CENTER_FREQ2]);
2148 }
2149
2150 if (!cfg80211_chandef_valid(chandef))
2151 return -EINVAL;
2152
2153 if (!cfg80211_chandef_usable(&rdev->wiphy, chandef,
2154 IEEE80211_CHAN_DISABLED))
2155 return -EINVAL;
2156
2157 if ((chandef->width == NL80211_CHAN_WIDTH_5 ||
2158 chandef->width == NL80211_CHAN_WIDTH_10) &&
2159 !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ))
2160 return -EINVAL;
2161
2162 return 0;
2163}
2164
2165static int __nl80211_set_channel(struct cfg80211_registered_device *rdev,
2166 struct net_device *dev,
2167 struct genl_info *info)
2168{
2169 struct cfg80211_chan_def chandef;
2170 int result;
2171 enum nl80211_iftype iftype = NL80211_IFTYPE_MONITOR;
2172 struct wireless_dev *wdev = NULL;
2173
2174 if (dev)
2175 wdev = dev->ieee80211_ptr;
2176 if (!nl80211_can_set_dev_channel(wdev))
2177 return -EOPNOTSUPP;
2178 if (wdev)
2179 iftype = wdev->iftype;
2180
2181 result = nl80211_parse_chandef(rdev, info, &chandef);
2182 if (result)
2183 return result;
2184
2185 switch (iftype) {
2186 case NL80211_IFTYPE_AP:
2187 case NL80211_IFTYPE_P2P_GO:
2188 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &chandef,
2189 iftype)) {
2190 result = -EINVAL;
2191 break;
2192 }
2193 if (wdev->beacon_interval) {
2194 if (!dev || !rdev->ops->set_ap_chanwidth ||
2195 !(rdev->wiphy.features &
2196 NL80211_FEATURE_AP_MODE_CHAN_WIDTH_CHANGE)) {
2197 result = -EBUSY;
2198 break;
2199 }
2200
2201
2202 if (chandef.chan != wdev->preset_chandef.chan) {
2203 result = -EBUSY;
2204 break;
2205 }
2206 result = rdev_set_ap_chanwidth(rdev, dev, &chandef);
2207 if (result)
2208 break;
2209 }
2210 wdev->preset_chandef = chandef;
2211 result = 0;
2212 break;
2213 case NL80211_IFTYPE_MESH_POINT:
2214 result = cfg80211_set_mesh_channel(rdev, wdev, &chandef);
2215 break;
2216 case NL80211_IFTYPE_MONITOR:
2217 result = cfg80211_set_monitor_channel(rdev, &chandef);
2218 break;
2219 default:
2220 result = -EINVAL;
2221 }
2222
2223 return result;
2224}
2225
2226static int nl80211_set_channel(struct sk_buff *skb, struct genl_info *info)
2227{
2228 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2229 struct net_device *netdev = info->user_ptr[1];
2230
2231 return __nl80211_set_channel(rdev, netdev, info);
2232}
2233
2234static int nl80211_set_wds_peer(struct sk_buff *skb, struct genl_info *info)
2235{
2236 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2237 struct net_device *dev = info->user_ptr[1];
2238 struct wireless_dev *wdev = dev->ieee80211_ptr;
2239 const u8 *bssid;
2240
2241 if (!info->attrs[NL80211_ATTR_MAC])
2242 return -EINVAL;
2243
2244 if (netif_running(dev))
2245 return -EBUSY;
2246
2247 if (!rdev->ops->set_wds_peer)
2248 return -EOPNOTSUPP;
2249
2250 if (wdev->iftype != NL80211_IFTYPE_WDS)
2251 return -EOPNOTSUPP;
2252
2253 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
2254 return rdev_set_wds_peer(rdev, dev, bssid);
2255}
2256
2257static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info)
2258{
2259 struct cfg80211_registered_device *rdev;
2260 struct net_device *netdev = NULL;
2261 struct wireless_dev *wdev;
2262 int result = 0, rem_txq_params = 0;
2263 struct nlattr *nl_txq_params;
2264 u32 changed;
2265 u8 retry_short = 0, retry_long = 0;
2266 u32 frag_threshold = 0, rts_threshold = 0;
2267 u8 coverage_class = 0;
2268
2269 ASSERT_RTNL();
2270
2271
2272
2273
2274
2275
2276
2277
2278
2279
2280
2281 if (info->attrs[NL80211_ATTR_IFINDEX]) {
2282 int ifindex = nla_get_u32(info->attrs[NL80211_ATTR_IFINDEX]);
2283
2284 netdev = __dev_get_by_index(genl_info_net(info), ifindex);
2285 if (netdev && netdev->ieee80211_ptr)
2286 rdev = wiphy_to_rdev(netdev->ieee80211_ptr->wiphy);
2287 else
2288 netdev = NULL;
2289 }
2290
2291 if (!netdev) {
2292 rdev = __cfg80211_rdev_from_attrs(genl_info_net(info),
2293 info->attrs);
2294 if (IS_ERR(rdev))
2295 return PTR_ERR(rdev);
2296 wdev = NULL;
2297 netdev = NULL;
2298 result = 0;
2299 } else
2300 wdev = netdev->ieee80211_ptr;
2301
2302
2303
2304
2305
2306
2307 if (info->attrs[NL80211_ATTR_WIPHY_NAME])
2308 result = cfg80211_dev_rename(
2309 rdev, nla_data(info->attrs[NL80211_ATTR_WIPHY_NAME]));
2310
2311 if (result)
2312 return result;
2313
2314 if (info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS]) {
2315 struct ieee80211_txq_params txq_params;
2316 struct nlattr *tb[NL80211_TXQ_ATTR_MAX + 1];
2317
2318 if (!rdev->ops->set_txq_params)
2319 return -EOPNOTSUPP;
2320
2321 if (!netdev)
2322 return -EINVAL;
2323
2324 if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
2325 netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
2326 return -EINVAL;
2327
2328 if (!netif_running(netdev))
2329 return -ENETDOWN;
2330
2331 nla_for_each_nested(nl_txq_params,
2332 info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS],
2333 rem_txq_params) {
2334 result = nla_parse_nested(tb, NL80211_TXQ_ATTR_MAX,
2335 nl_txq_params,
2336 txq_params_policy);
2337 if (result)
2338 return result;
2339 result = parse_txq_params(tb, &txq_params);
2340 if (result)
2341 return result;
2342
2343 result = rdev_set_txq_params(rdev, netdev,
2344 &txq_params);
2345 if (result)
2346 return result;
2347 }
2348 }
2349
2350 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
2351 result = __nl80211_set_channel(
2352 rdev,
2353 nl80211_can_set_dev_channel(wdev) ? netdev : NULL,
2354 info);
2355 if (result)
2356 return result;
2357 }
2358
2359 if (info->attrs[NL80211_ATTR_WIPHY_TX_POWER_SETTING]) {
2360 struct wireless_dev *txp_wdev = wdev;
2361 enum nl80211_tx_power_setting type;
2362 int idx, mbm = 0;
2363
2364 if (!(rdev->wiphy.features & NL80211_FEATURE_VIF_TXPOWER))
2365 txp_wdev = NULL;
2366
2367 if (!rdev->ops->set_tx_power)
2368 return -EOPNOTSUPP;
2369
2370 idx = NL80211_ATTR_WIPHY_TX_POWER_SETTING;
2371 type = nla_get_u32(info->attrs[idx]);
2372
2373 if (!info->attrs[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] &&
2374 (type != NL80211_TX_POWER_AUTOMATIC))
2375 return -EINVAL;
2376
2377 if (type != NL80211_TX_POWER_AUTOMATIC) {
2378 idx = NL80211_ATTR_WIPHY_TX_POWER_LEVEL;
2379 mbm = nla_get_u32(info->attrs[idx]);
2380 }
2381
2382 result = rdev_set_tx_power(rdev, txp_wdev, type, mbm);
2383 if (result)
2384 return result;
2385 }
2386
2387 if (info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX] &&
2388 info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]) {
2389 u32 tx_ant, rx_ant;
2390
2391 if ((!rdev->wiphy.available_antennas_tx &&
2392 !rdev->wiphy.available_antennas_rx) ||
2393 !rdev->ops->set_antenna)
2394 return -EOPNOTSUPP;
2395
2396 tx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX]);
2397 rx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]);
2398
2399
2400
2401 if ((~tx_ant && (tx_ant & ~rdev->wiphy.available_antennas_tx)) ||
2402 (~rx_ant && (rx_ant & ~rdev->wiphy.available_antennas_rx)))
2403 return -EINVAL;
2404
2405 tx_ant = tx_ant & rdev->wiphy.available_antennas_tx;
2406 rx_ant = rx_ant & rdev->wiphy.available_antennas_rx;
2407
2408 result = rdev_set_antenna(rdev, tx_ant, rx_ant);
2409 if (result)
2410 return result;
2411 }
2412
2413 changed = 0;
2414
2415 if (info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]) {
2416 retry_short = nla_get_u8(
2417 info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]);
2418 if (retry_short == 0)
2419 return -EINVAL;
2420
2421 changed |= WIPHY_PARAM_RETRY_SHORT;
2422 }
2423
2424 if (info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]) {
2425 retry_long = nla_get_u8(
2426 info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]);
2427 if (retry_long == 0)
2428 return -EINVAL;
2429
2430 changed |= WIPHY_PARAM_RETRY_LONG;
2431 }
2432
2433 if (info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]) {
2434 frag_threshold = nla_get_u32(
2435 info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]);
2436 if (frag_threshold < 256)
2437 return -EINVAL;
2438
2439 if (frag_threshold != (u32) -1) {
2440
2441
2442
2443
2444
2445
2446 frag_threshold &= ~0x1;
2447 }
2448 changed |= WIPHY_PARAM_FRAG_THRESHOLD;
2449 }
2450
2451 if (info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]) {
2452 rts_threshold = nla_get_u32(
2453 info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]);
2454 changed |= WIPHY_PARAM_RTS_THRESHOLD;
2455 }
2456
2457 if (info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]) {
2458 if (info->attrs[NL80211_ATTR_WIPHY_DYN_ACK])
2459 return -EINVAL;
2460
2461 coverage_class = nla_get_u8(
2462 info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]);
2463 changed |= WIPHY_PARAM_COVERAGE_CLASS;
2464 }
2465
2466 if (info->attrs[NL80211_ATTR_WIPHY_DYN_ACK]) {
2467 if (!(rdev->wiphy.features & NL80211_FEATURE_ACKTO_ESTIMATION))
2468 return -EOPNOTSUPP;
2469
2470 changed |= WIPHY_PARAM_DYN_ACK;
2471 }
2472
2473 if (changed) {
2474 u8 old_retry_short, old_retry_long;
2475 u32 old_frag_threshold, old_rts_threshold;
2476 u8 old_coverage_class;
2477
2478 if (!rdev->ops->set_wiphy_params)
2479 return -EOPNOTSUPP;
2480
2481 old_retry_short = rdev->wiphy.retry_short;
2482 old_retry_long = rdev->wiphy.retry_long;
2483 old_frag_threshold = rdev->wiphy.frag_threshold;
2484 old_rts_threshold = rdev->wiphy.rts_threshold;
2485 old_coverage_class = rdev->wiphy.coverage_class;
2486
2487 if (changed & WIPHY_PARAM_RETRY_SHORT)
2488 rdev->wiphy.retry_short = retry_short;
2489 if (changed & WIPHY_PARAM_RETRY_LONG)
2490 rdev->wiphy.retry_long = retry_long;
2491 if (changed & WIPHY_PARAM_FRAG_THRESHOLD)
2492 rdev->wiphy.frag_threshold = frag_threshold;
2493 if (changed & WIPHY_PARAM_RTS_THRESHOLD)
2494 rdev->wiphy.rts_threshold = rts_threshold;
2495 if (changed & WIPHY_PARAM_COVERAGE_CLASS)
2496 rdev->wiphy.coverage_class = coverage_class;
2497
2498 result = rdev_set_wiphy_params(rdev, changed);
2499 if (result) {
2500 rdev->wiphy.retry_short = old_retry_short;
2501 rdev->wiphy.retry_long = old_retry_long;
2502 rdev->wiphy.frag_threshold = old_frag_threshold;
2503 rdev->wiphy.rts_threshold = old_rts_threshold;
2504 rdev->wiphy.coverage_class = old_coverage_class;
2505 return result;
2506 }
2507 }
2508 return 0;
2509}
2510
2511static inline u64 wdev_id(struct wireless_dev *wdev)
2512{
2513 return (u64)wdev->identifier |
2514 ((u64)wiphy_to_rdev(wdev->wiphy)->wiphy_idx << 32);
2515}
2516
2517static int nl80211_send_chandef(struct sk_buff *msg,
2518 const struct cfg80211_chan_def *chandef)
2519{
2520 if (WARN_ON(!cfg80211_chandef_valid(chandef)))
2521 return -EINVAL;
2522
2523 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ,
2524 chandef->chan->center_freq))
2525 return -ENOBUFS;
2526 switch (chandef->width) {
2527 case NL80211_CHAN_WIDTH_20_NOHT:
2528 case NL80211_CHAN_WIDTH_20:
2529 case NL80211_CHAN_WIDTH_40:
2530 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
2531 cfg80211_get_chandef_type(chandef)))
2532 return -ENOBUFS;
2533 break;
2534 default:
2535 break;
2536 }
2537 if (nla_put_u32(msg, NL80211_ATTR_CHANNEL_WIDTH, chandef->width))
2538 return -ENOBUFS;
2539 if (nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ1, chandef->center_freq1))
2540 return -ENOBUFS;
2541 if (chandef->center_freq2 &&
2542 nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ2, chandef->center_freq2))
2543 return -ENOBUFS;
2544 return 0;
2545}
2546
2547static int nl80211_send_iface(struct sk_buff *msg, u32 portid, u32 seq, int flags,
2548 struct cfg80211_registered_device *rdev,
2549 struct wireless_dev *wdev, bool removal)
2550{
2551 struct net_device *dev = wdev->netdev;
2552 u8 cmd = NL80211_CMD_NEW_INTERFACE;
2553 void *hdr;
2554
2555 if (removal)
2556 cmd = NL80211_CMD_DEL_INTERFACE;
2557
2558 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
2559 if (!hdr)
2560 return -1;
2561
2562 if (dev &&
2563 (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
2564 nla_put_string(msg, NL80211_ATTR_IFNAME, dev->name)))
2565 goto nla_put_failure;
2566
2567 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
2568 nla_put_u32(msg, NL80211_ATTR_IFTYPE, wdev->iftype) ||
2569 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
2570 NL80211_ATTR_PAD) ||
2571 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, wdev_address(wdev)) ||
2572 nla_put_u32(msg, NL80211_ATTR_GENERATION,
2573 rdev->devlist_generation ^
2574 (cfg80211_rdev_list_generation << 2)))
2575 goto nla_put_failure;
2576
2577 if (rdev->ops->get_channel) {
2578 int ret;
2579 struct cfg80211_chan_def chandef;
2580
2581 ret = rdev_get_channel(rdev, wdev, &chandef);
2582 if (ret == 0) {
2583 if (nl80211_send_chandef(msg, &chandef))
2584 goto nla_put_failure;
2585 }
2586 }
2587
2588 if (rdev->ops->get_tx_power) {
2589 int dbm, ret;
2590
2591 ret = rdev_get_tx_power(rdev, wdev, &dbm);
2592 if (ret == 0 &&
2593 nla_put_u32(msg, NL80211_ATTR_WIPHY_TX_POWER_LEVEL,
2594 DBM_TO_MBM(dbm)))
2595 goto nla_put_failure;
2596 }
2597
2598 if (wdev->ssid_len) {
2599 if (nla_put(msg, NL80211_ATTR_SSID, wdev->ssid_len, wdev->ssid))
2600 goto nla_put_failure;
2601 }
2602
2603 genlmsg_end(msg, hdr);
2604 return 0;
2605
2606 nla_put_failure:
2607 genlmsg_cancel(msg, hdr);
2608 return -EMSGSIZE;
2609}
2610
2611static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *cb)
2612{
2613 int wp_idx = 0;
2614 int if_idx = 0;
2615 int wp_start = cb->args[0];
2616 int if_start = cb->args[1];
2617 int filter_wiphy = -1;
2618 struct cfg80211_registered_device *rdev;
2619 struct wireless_dev *wdev;
2620 int ret;
2621
2622 rtnl_lock();
2623 if (!cb->args[2]) {
2624 struct nl80211_dump_wiphy_state state = {
2625 .filter_wiphy = -1,
2626 };
2627
2628 ret = nl80211_dump_wiphy_parse(skb, cb, &state);
2629 if (ret)
2630 goto out_unlock;
2631
2632 filter_wiphy = state.filter_wiphy;
2633
2634
2635
2636
2637
2638 if (filter_wiphy >= 0)
2639 cb->args[2] = filter_wiphy + 1;
2640 else
2641 cb->args[2] = -1;
2642 } else if (cb->args[2] > 0) {
2643 filter_wiphy = cb->args[2] - 1;
2644 }
2645
2646 list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
2647 if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
2648 continue;
2649 if (wp_idx < wp_start) {
2650 wp_idx++;
2651 continue;
2652 }
2653
2654 if (filter_wiphy >= 0 && filter_wiphy != rdev->wiphy_idx)
2655 continue;
2656
2657 if_idx = 0;
2658
2659 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
2660 if (if_idx < if_start) {
2661 if_idx++;
2662 continue;
2663 }
2664 if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).portid,
2665 cb->nlh->nlmsg_seq, NLM_F_MULTI,
2666 rdev, wdev, false) < 0) {
2667 goto out;
2668 }
2669 if_idx++;
2670 }
2671
2672 wp_idx++;
2673 }
2674 out:
2675 cb->args[0] = wp_idx;
2676 cb->args[1] = if_idx;
2677
2678 ret = skb->len;
2679 out_unlock:
2680 rtnl_unlock();
2681
2682 return ret;
2683}
2684
2685static int nl80211_get_interface(struct sk_buff *skb, struct genl_info *info)
2686{
2687 struct sk_buff *msg;
2688 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2689 struct wireless_dev *wdev = info->user_ptr[1];
2690
2691 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2692 if (!msg)
2693 return -ENOMEM;
2694
2695 if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
2696 rdev, wdev, false) < 0) {
2697 nlmsg_free(msg);
2698 return -ENOBUFS;
2699 }
2700
2701 return genlmsg_reply(msg, info);
2702}
2703
2704static const struct nla_policy mntr_flags_policy[NL80211_MNTR_FLAG_MAX + 1] = {
2705 [NL80211_MNTR_FLAG_FCSFAIL] = { .type = NLA_FLAG },
2706 [NL80211_MNTR_FLAG_PLCPFAIL] = { .type = NLA_FLAG },
2707 [NL80211_MNTR_FLAG_CONTROL] = { .type = NLA_FLAG },
2708 [NL80211_MNTR_FLAG_OTHER_BSS] = { .type = NLA_FLAG },
2709 [NL80211_MNTR_FLAG_COOK_FRAMES] = { .type = NLA_FLAG },
2710 [NL80211_MNTR_FLAG_ACTIVE] = { .type = NLA_FLAG },
2711};
2712
2713static int parse_monitor_flags(struct nlattr *nla, u32 *mntrflags)
2714{
2715 struct nlattr *flags[NL80211_MNTR_FLAG_MAX + 1];
2716 int flag;
2717
2718 *mntrflags = 0;
2719
2720 if (!nla)
2721 return -EINVAL;
2722
2723 if (nla_parse_nested(flags, NL80211_MNTR_FLAG_MAX,
2724 nla, mntr_flags_policy))
2725 return -EINVAL;
2726
2727 for (flag = 1; flag <= NL80211_MNTR_FLAG_MAX; flag++)
2728 if (flags[flag])
2729 *mntrflags |= (1<<flag);
2730
2731 *mntrflags |= MONITOR_FLAG_CHANGED;
2732
2733 return 0;
2734}
2735
2736static int nl80211_parse_mon_options(struct cfg80211_registered_device *rdev,
2737 enum nl80211_iftype type,
2738 struct genl_info *info,
2739 struct vif_params *params)
2740{
2741 bool change = false;
2742 int err;
2743
2744 if (info->attrs[NL80211_ATTR_MNTR_FLAGS]) {
2745 if (type != NL80211_IFTYPE_MONITOR)
2746 return -EINVAL;
2747
2748 err = parse_monitor_flags(info->attrs[NL80211_ATTR_MNTR_FLAGS],
2749 ¶ms->flags);
2750 if (err)
2751 return err;
2752
2753 change = true;
2754 }
2755
2756 if (params->flags & MONITOR_FLAG_ACTIVE &&
2757 !(rdev->wiphy.features & NL80211_FEATURE_ACTIVE_MONITOR))
2758 return -EOPNOTSUPP;
2759
2760 if (info->attrs[NL80211_ATTR_MU_MIMO_GROUP_DATA]) {
2761 const u8 *mumimo_groups;
2762 u32 cap_flag = NL80211_EXT_FEATURE_MU_MIMO_AIR_SNIFFER;
2763
2764 if (type != NL80211_IFTYPE_MONITOR)
2765 return -EINVAL;
2766
2767 if (!wiphy_ext_feature_isset(&rdev->wiphy, cap_flag))
2768 return -EOPNOTSUPP;
2769
2770 mumimo_groups =
2771 nla_data(info->attrs[NL80211_ATTR_MU_MIMO_GROUP_DATA]);
2772
2773
2774 if ((mumimo_groups[0] & BIT(0)) ||
2775 (mumimo_groups[VHT_MUMIMO_GROUPS_DATA_LEN - 1] & BIT(7)))
2776 return -EINVAL;
2777
2778 params->vht_mumimo_groups = mumimo_groups;
2779 change = true;
2780 }
2781
2782 if (info->attrs[NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR]) {
2783 u32 cap_flag = NL80211_EXT_FEATURE_MU_MIMO_AIR_SNIFFER;
2784
2785 if (type != NL80211_IFTYPE_MONITOR)
2786 return -EINVAL;
2787
2788 if (!wiphy_ext_feature_isset(&rdev->wiphy, cap_flag))
2789 return -EOPNOTSUPP;
2790
2791 params->vht_mumimo_follow_addr =
2792 nla_data(info->attrs[NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR]);
2793 change = true;
2794 }
2795
2796 return change ? 1 : 0;
2797}
2798
2799static int nl80211_valid_4addr(struct cfg80211_registered_device *rdev,
2800 struct net_device *netdev, u8 use_4addr,
2801 enum nl80211_iftype iftype)
2802{
2803 if (!use_4addr) {
2804 if (netdev && (netdev->priv_flags & IFF_BRIDGE_PORT))
2805 return -EBUSY;
2806 return 0;
2807 }
2808
2809 switch (iftype) {
2810 case NL80211_IFTYPE_AP_VLAN:
2811 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_AP)
2812 return 0;
2813 break;
2814 case NL80211_IFTYPE_STATION:
2815 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_STATION)
2816 return 0;
2817 break;
2818 default:
2819 break;
2820 }
2821
2822 return -EOPNOTSUPP;
2823}
2824
2825static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info)
2826{
2827 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2828 struct vif_params params;
2829 int err;
2830 enum nl80211_iftype otype, ntype;
2831 struct net_device *dev = info->user_ptr[1];
2832 bool change = false;
2833
2834 memset(¶ms, 0, sizeof(params));
2835
2836 otype = ntype = dev->ieee80211_ptr->iftype;
2837
2838 if (info->attrs[NL80211_ATTR_IFTYPE]) {
2839 ntype = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
2840 if (otype != ntype)
2841 change = true;
2842 if (ntype > NL80211_IFTYPE_MAX)
2843 return -EINVAL;
2844 }
2845
2846 if (info->attrs[NL80211_ATTR_MESH_ID]) {
2847 struct wireless_dev *wdev = dev->ieee80211_ptr;
2848
2849 if (ntype != NL80211_IFTYPE_MESH_POINT)
2850 return -EINVAL;
2851 if (netif_running(dev))
2852 return -EBUSY;
2853
2854 wdev_lock(wdev);
2855 BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
2856 IEEE80211_MAX_MESH_ID_LEN);
2857 wdev->mesh_id_up_len =
2858 nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
2859 memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
2860 wdev->mesh_id_up_len);
2861 wdev_unlock(wdev);
2862 }
2863
2864 if (info->attrs[NL80211_ATTR_4ADDR]) {
2865 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
2866 change = true;
2867 err = nl80211_valid_4addr(rdev, dev, params.use_4addr, ntype);
2868 if (err)
2869 return err;
2870 } else {
2871 params.use_4addr = -1;
2872 }
2873
2874 err = nl80211_parse_mon_options(rdev, ntype, info, ¶ms);
2875 if (err < 0)
2876 return err;
2877 if (err > 0)
2878 change = true;
2879
2880 if (change)
2881 err = cfg80211_change_iface(rdev, dev, ntype, ¶ms);
2882 else
2883 err = 0;
2884
2885 if (!err && params.use_4addr != -1)
2886 dev->ieee80211_ptr->use_4addr = params.use_4addr;
2887
2888 return err;
2889}
2890
2891static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info)
2892{
2893 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2894 struct vif_params params;
2895 struct wireless_dev *wdev;
2896 struct sk_buff *msg;
2897 int err;
2898 enum nl80211_iftype type = NL80211_IFTYPE_UNSPECIFIED;
2899
2900
2901 cfg80211_destroy_ifaces(rdev);
2902
2903 memset(¶ms, 0, sizeof(params));
2904
2905 if (!info->attrs[NL80211_ATTR_IFNAME])
2906 return -EINVAL;
2907
2908 if (info->attrs[NL80211_ATTR_IFTYPE]) {
2909 type = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
2910 if (type > NL80211_IFTYPE_MAX)
2911 return -EINVAL;
2912 }
2913
2914 if (!rdev->ops->add_virtual_intf ||
2915 !(rdev->wiphy.interface_modes & (1 << type)))
2916 return -EOPNOTSUPP;
2917
2918 if ((type == NL80211_IFTYPE_P2P_DEVICE || type == NL80211_IFTYPE_NAN ||
2919 rdev->wiphy.features & NL80211_FEATURE_MAC_ON_CREATE) &&
2920 info->attrs[NL80211_ATTR_MAC]) {
2921 nla_memcpy(params.macaddr, info->attrs[NL80211_ATTR_MAC],
2922 ETH_ALEN);
2923 if (!is_valid_ether_addr(params.macaddr))
2924 return -EADDRNOTAVAIL;
2925 }
2926
2927 if (info->attrs[NL80211_ATTR_4ADDR]) {
2928 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
2929 err = nl80211_valid_4addr(rdev, NULL, params.use_4addr, type);
2930 if (err)
2931 return err;
2932 }
2933
2934 err = nl80211_parse_mon_options(rdev, type, info, ¶ms);
2935 if (err < 0)
2936 return err;
2937
2938 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2939 if (!msg)
2940 return -ENOMEM;
2941
2942 wdev = rdev_add_virtual_intf(rdev,
2943 nla_data(info->attrs[NL80211_ATTR_IFNAME]),
2944 3, type, ¶ms);
2945 if (WARN_ON(!wdev)) {
2946 nlmsg_free(msg);
2947 return -EPROTO;
2948 } else if (IS_ERR(wdev)) {
2949 nlmsg_free(msg);
2950 return PTR_ERR(wdev);
2951 }
2952
2953 if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
2954 wdev->owner_nlportid = info->snd_portid;
2955
2956 switch (type) {
2957 case NL80211_IFTYPE_MESH_POINT:
2958 if (!info->attrs[NL80211_ATTR_MESH_ID])
2959 break;
2960 wdev_lock(wdev);
2961 BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
2962 IEEE80211_MAX_MESH_ID_LEN);
2963 wdev->mesh_id_up_len =
2964 nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
2965 memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
2966 wdev->mesh_id_up_len);
2967 wdev_unlock(wdev);
2968 break;
2969 case NL80211_IFTYPE_NAN:
2970 case NL80211_IFTYPE_P2P_DEVICE:
2971
2972
2973
2974
2975 mutex_init(&wdev->mtx);
2976 INIT_LIST_HEAD(&wdev->event_list);
2977 spin_lock_init(&wdev->event_lock);
2978 INIT_LIST_HEAD(&wdev->mgmt_registrations);
2979 spin_lock_init(&wdev->mgmt_registrations_lock);
2980
2981 wdev->identifier = ++rdev->wdev_id;
2982 list_add_rcu(&wdev->list, &rdev->wiphy.wdev_list);
2983 rdev->devlist_generation++;
2984 break;
2985 default:
2986 break;
2987 }
2988
2989 if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
2990 rdev, wdev, false) < 0) {
2991 nlmsg_free(msg);
2992 return -ENOBUFS;
2993 }
2994
2995
2996
2997
2998
2999
3000
3001 if (!wdev->netdev)
3002 nl80211_notify_iface(rdev, wdev, NL80211_CMD_NEW_INTERFACE);
3003
3004 return genlmsg_reply(msg, info);
3005}
3006
3007static int nl80211_del_interface(struct sk_buff *skb, struct genl_info *info)
3008{
3009 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3010 struct wireless_dev *wdev = info->user_ptr[1];
3011
3012 if (!rdev->ops->del_virtual_intf)
3013 return -EOPNOTSUPP;
3014
3015
3016
3017
3018
3019
3020
3021
3022 if (!wdev->netdev)
3023 info->user_ptr[1] = NULL;
3024
3025 return rdev_del_virtual_intf(rdev, wdev);
3026}
3027
3028static int nl80211_set_noack_map(struct sk_buff *skb, struct genl_info *info)
3029{
3030 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3031 struct net_device *dev = info->user_ptr[1];
3032 u16 noack_map;
3033
3034 if (!info->attrs[NL80211_ATTR_NOACK_MAP])
3035 return -EINVAL;
3036
3037 if (!rdev->ops->set_noack_map)
3038 return -EOPNOTSUPP;
3039
3040 noack_map = nla_get_u16(info->attrs[NL80211_ATTR_NOACK_MAP]);
3041
3042 return rdev_set_noack_map(rdev, dev, noack_map);
3043}
3044
3045struct get_key_cookie {
3046 struct sk_buff *msg;
3047 int error;
3048 int idx;
3049};
3050
3051static void get_key_callback(void *c, struct key_params *params)
3052{
3053 struct nlattr *key;
3054 struct get_key_cookie *cookie = c;
3055
3056 if ((params->key &&
3057 nla_put(cookie->msg, NL80211_ATTR_KEY_DATA,
3058 params->key_len, params->key)) ||
3059 (params->seq &&
3060 nla_put(cookie->msg, NL80211_ATTR_KEY_SEQ,
3061 params->seq_len, params->seq)) ||
3062 (params->cipher &&
3063 nla_put_u32(cookie->msg, NL80211_ATTR_KEY_CIPHER,
3064 params->cipher)))
3065 goto nla_put_failure;
3066
3067 key = nla_nest_start(cookie->msg, NL80211_ATTR_KEY);
3068 if (!key)
3069 goto nla_put_failure;
3070
3071 if ((params->key &&
3072 nla_put(cookie->msg, NL80211_KEY_DATA,
3073 params->key_len, params->key)) ||
3074 (params->seq &&
3075 nla_put(cookie->msg, NL80211_KEY_SEQ,
3076 params->seq_len, params->seq)) ||
3077 (params->cipher &&
3078 nla_put_u32(cookie->msg, NL80211_KEY_CIPHER,
3079 params->cipher)))
3080 goto nla_put_failure;
3081
3082 if (nla_put_u8(cookie->msg, NL80211_ATTR_KEY_IDX, cookie->idx))
3083 goto nla_put_failure;
3084
3085 nla_nest_end(cookie->msg, key);
3086
3087 return;
3088 nla_put_failure:
3089 cookie->error = 1;
3090}
3091
3092static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info)
3093{
3094 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3095 int err;
3096 struct net_device *dev = info->user_ptr[1];
3097 u8 key_idx = 0;
3098 const u8 *mac_addr = NULL;
3099 bool pairwise;
3100 struct get_key_cookie cookie = {
3101 .error = 0,
3102 };
3103 void *hdr;
3104 struct sk_buff *msg;
3105
3106 if (info->attrs[NL80211_ATTR_KEY_IDX])
3107 key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
3108
3109 if (key_idx > 5)
3110 return -EINVAL;
3111
3112 if (info->attrs[NL80211_ATTR_MAC])
3113 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3114
3115 pairwise = !!mac_addr;
3116 if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
3117 u32 kt = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
3118
3119 if (kt >= NUM_NL80211_KEYTYPES)
3120 return -EINVAL;
3121 if (kt != NL80211_KEYTYPE_GROUP &&
3122 kt != NL80211_KEYTYPE_PAIRWISE)
3123 return -EINVAL;
3124 pairwise = kt == NL80211_KEYTYPE_PAIRWISE;
3125 }
3126
3127 if (!rdev->ops->get_key)
3128 return -EOPNOTSUPP;
3129
3130 if (!pairwise && mac_addr && !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
3131 return -ENOENT;
3132
3133 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3134 if (!msg)
3135 return -ENOMEM;
3136
3137 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
3138 NL80211_CMD_NEW_KEY);
3139 if (!hdr)
3140 goto nla_put_failure;
3141
3142 cookie.msg = msg;
3143 cookie.idx = key_idx;
3144
3145 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
3146 nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_idx))
3147 goto nla_put_failure;
3148 if (mac_addr &&
3149 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr))
3150 goto nla_put_failure;
3151
3152 err = rdev_get_key(rdev, dev, key_idx, pairwise, mac_addr, &cookie,
3153 get_key_callback);
3154
3155 if (err)
3156 goto free_msg;
3157
3158 if (cookie.error)
3159 goto nla_put_failure;
3160
3161 genlmsg_end(msg, hdr);
3162 return genlmsg_reply(msg, info);
3163
3164 nla_put_failure:
3165 err = -ENOBUFS;
3166 free_msg:
3167 nlmsg_free(msg);
3168 return err;
3169}
3170
3171static int nl80211_set_key(struct sk_buff *skb, struct genl_info *info)
3172{
3173 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3174 struct key_parse key;
3175 int err;
3176 struct net_device *dev = info->user_ptr[1];
3177
3178 err = nl80211_parse_key(info, &key);
3179 if (err)
3180 return err;
3181
3182 if (key.idx < 0)
3183 return -EINVAL;
3184
3185
3186 if (!key.def && !key.defmgmt)
3187 return -EINVAL;
3188
3189 wdev_lock(dev->ieee80211_ptr);
3190
3191 if (key.def) {
3192 if (!rdev->ops->set_default_key) {
3193 err = -EOPNOTSUPP;
3194 goto out;
3195 }
3196
3197 err = nl80211_key_allowed(dev->ieee80211_ptr);
3198 if (err)
3199 goto out;
3200
3201 err = rdev_set_default_key(rdev, dev, key.idx,
3202 key.def_uni, key.def_multi);
3203
3204 if (err)
3205 goto out;
3206
3207#ifdef CONFIG_CFG80211_WEXT
3208 dev->ieee80211_ptr->wext.default_key = key.idx;
3209#endif
3210 } else {
3211 if (key.def_uni || !key.def_multi) {
3212 err = -EINVAL;
3213 goto out;
3214 }
3215
3216 if (!rdev->ops->set_default_mgmt_key) {
3217 err = -EOPNOTSUPP;
3218 goto out;
3219 }
3220
3221 err = nl80211_key_allowed(dev->ieee80211_ptr);
3222 if (err)
3223 goto out;
3224
3225 err = rdev_set_default_mgmt_key(rdev, dev, key.idx);
3226 if (err)
3227 goto out;
3228
3229#ifdef CONFIG_CFG80211_WEXT
3230 dev->ieee80211_ptr->wext.default_mgmt_key = key.idx;
3231#endif
3232 }
3233
3234 out:
3235 wdev_unlock(dev->ieee80211_ptr);
3236
3237 return err;
3238}
3239
3240static int nl80211_new_key(struct sk_buff *skb, struct genl_info *info)
3241{
3242 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3243 int err;
3244 struct net_device *dev = info->user_ptr[1];
3245 struct key_parse key;
3246 const u8 *mac_addr = NULL;
3247
3248 err = nl80211_parse_key(info, &key);
3249 if (err)
3250 return err;
3251
3252 if (!key.p.key)
3253 return -EINVAL;
3254
3255 if (info->attrs[NL80211_ATTR_MAC])
3256 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3257
3258 if (key.type == -1) {
3259 if (mac_addr)
3260 key.type = NL80211_KEYTYPE_PAIRWISE;
3261 else
3262 key.type = NL80211_KEYTYPE_GROUP;
3263 }
3264
3265
3266 if (key.type != NL80211_KEYTYPE_PAIRWISE &&
3267 key.type != NL80211_KEYTYPE_GROUP)
3268 return -EINVAL;
3269
3270 if (!rdev->ops->add_key)
3271 return -EOPNOTSUPP;
3272
3273 if (cfg80211_validate_key_settings(rdev, &key.p, key.idx,
3274 key.type == NL80211_KEYTYPE_PAIRWISE,
3275 mac_addr))
3276 return -EINVAL;
3277
3278 wdev_lock(dev->ieee80211_ptr);
3279 err = nl80211_key_allowed(dev->ieee80211_ptr);
3280 if (!err)
3281 err = rdev_add_key(rdev, dev, key.idx,
3282 key.type == NL80211_KEYTYPE_PAIRWISE,
3283 mac_addr, &key.p);
3284 wdev_unlock(dev->ieee80211_ptr);
3285
3286 return err;
3287}
3288
3289static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info)
3290{
3291 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3292 int err;
3293 struct net_device *dev = info->user_ptr[1];
3294 u8 *mac_addr = NULL;
3295 struct key_parse key;
3296
3297 err = nl80211_parse_key(info, &key);
3298 if (err)
3299 return err;
3300
3301 if (info->attrs[NL80211_ATTR_MAC])
3302 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3303
3304 if (key.type == -1) {
3305 if (mac_addr)
3306 key.type = NL80211_KEYTYPE_PAIRWISE;
3307 else
3308 key.type = NL80211_KEYTYPE_GROUP;
3309 }
3310
3311
3312 if (key.type != NL80211_KEYTYPE_PAIRWISE &&
3313 key.type != NL80211_KEYTYPE_GROUP)
3314 return -EINVAL;
3315
3316 if (!rdev->ops->del_key)
3317 return -EOPNOTSUPP;
3318
3319 wdev_lock(dev->ieee80211_ptr);
3320 err = nl80211_key_allowed(dev->ieee80211_ptr);
3321
3322 if (key.type == NL80211_KEYTYPE_GROUP && mac_addr &&
3323 !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
3324 err = -ENOENT;
3325
3326 if (!err)
3327 err = rdev_del_key(rdev, dev, key.idx,
3328 key.type == NL80211_KEYTYPE_PAIRWISE,
3329 mac_addr);
3330
3331#ifdef CONFIG_CFG80211_WEXT
3332 if (!err) {
3333 if (key.idx == dev->ieee80211_ptr->wext.default_key)
3334 dev->ieee80211_ptr->wext.default_key = -1;
3335 else if (key.idx == dev->ieee80211_ptr->wext.default_mgmt_key)
3336 dev->ieee80211_ptr->wext.default_mgmt_key = -1;
3337 }
3338#endif
3339 wdev_unlock(dev->ieee80211_ptr);
3340
3341 return err;
3342}
3343
3344
3345static int validate_acl_mac_addrs(struct nlattr *nl_attr)
3346{
3347 struct nlattr *attr;
3348 int n_entries = 0, tmp;
3349
3350 nla_for_each_nested(attr, nl_attr, tmp) {
3351 if (nla_len(attr) != ETH_ALEN)
3352 return -EINVAL;
3353
3354 n_entries++;
3355 }
3356
3357 return n_entries;
3358}
3359
3360
3361
3362
3363
3364
3365static struct cfg80211_acl_data *parse_acl_data(struct wiphy *wiphy,
3366 struct genl_info *info)
3367{
3368 enum nl80211_acl_policy acl_policy;
3369 struct nlattr *attr;
3370 struct cfg80211_acl_data *acl;
3371 int i = 0, n_entries, tmp;
3372
3373 if (!wiphy->max_acl_mac_addrs)
3374 return ERR_PTR(-EOPNOTSUPP);
3375
3376 if (!info->attrs[NL80211_ATTR_ACL_POLICY])
3377 return ERR_PTR(-EINVAL);
3378
3379 acl_policy = nla_get_u32(info->attrs[NL80211_ATTR_ACL_POLICY]);
3380 if (acl_policy != NL80211_ACL_POLICY_ACCEPT_UNLESS_LISTED &&
3381 acl_policy != NL80211_ACL_POLICY_DENY_UNLESS_LISTED)
3382 return ERR_PTR(-EINVAL);
3383
3384 if (!info->attrs[NL80211_ATTR_MAC_ADDRS])
3385 return ERR_PTR(-EINVAL);
3386
3387 n_entries = validate_acl_mac_addrs(info->attrs[NL80211_ATTR_MAC_ADDRS]);
3388 if (n_entries < 0)
3389 return ERR_PTR(n_entries);
3390
3391 if (n_entries > wiphy->max_acl_mac_addrs)
3392 return ERR_PTR(-ENOTSUPP);
3393
3394 acl = kzalloc(sizeof(*acl) + (sizeof(struct mac_address) * n_entries),
3395 GFP_KERNEL);
3396 if (!acl)
3397 return ERR_PTR(-ENOMEM);
3398
3399 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_MAC_ADDRS], tmp) {
3400 memcpy(acl->mac_addrs[i].addr, nla_data(attr), ETH_ALEN);
3401 i++;
3402 }
3403
3404 acl->n_acl_entries = n_entries;
3405 acl->acl_policy = acl_policy;
3406
3407 return acl;
3408}
3409
3410static int nl80211_set_mac_acl(struct sk_buff *skb, struct genl_info *info)
3411{
3412 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3413 struct net_device *dev = info->user_ptr[1];
3414 struct cfg80211_acl_data *acl;
3415 int err;
3416
3417 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
3418 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3419 return -EOPNOTSUPP;
3420
3421 if (!dev->ieee80211_ptr->beacon_interval)
3422 return -EINVAL;
3423
3424 acl = parse_acl_data(&rdev->wiphy, info);
3425 if (IS_ERR(acl))
3426 return PTR_ERR(acl);
3427
3428 err = rdev_set_mac_acl(rdev, dev, acl);
3429
3430 kfree(acl);
3431
3432 return err;
3433}
3434
3435static u32 rateset_to_mask(struct ieee80211_supported_band *sband,
3436 u8 *rates, u8 rates_len)
3437{
3438 u8 i;
3439 u32 mask = 0;
3440
3441 for (i = 0; i < rates_len; i++) {
3442 int rate = (rates[i] & 0x7f) * 5;
3443 int ridx;
3444
3445 for (ridx = 0; ridx < sband->n_bitrates; ridx++) {
3446 struct ieee80211_rate *srate =
3447 &sband->bitrates[ridx];
3448 if (rate == srate->bitrate) {
3449 mask |= 1 << ridx;
3450 break;
3451 }
3452 }
3453 if (ridx == sband->n_bitrates)
3454 return 0;
3455 }
3456
3457 return mask;
3458}
3459
3460static bool ht_rateset_to_mask(struct ieee80211_supported_band *sband,
3461 u8 *rates, u8 rates_len,
3462 u8 mcs[IEEE80211_HT_MCS_MASK_LEN])
3463{
3464 u8 i;
3465
3466 memset(mcs, 0, IEEE80211_HT_MCS_MASK_LEN);
3467
3468 for (i = 0; i < rates_len; i++) {
3469 int ridx, rbit;
3470
3471 ridx = rates[i] / 8;
3472 rbit = BIT(rates[i] % 8);
3473
3474
3475 if ((ridx < 0) || (ridx >= IEEE80211_HT_MCS_MASK_LEN))
3476 return false;
3477
3478
3479 if (sband->ht_cap.mcs.rx_mask[ridx] & rbit)
3480 mcs[ridx] |= rbit;
3481 else
3482 return false;
3483 }
3484
3485 return true;
3486}
3487
3488static u16 vht_mcs_map_to_mcs_mask(u8 vht_mcs_map)
3489{
3490 u16 mcs_mask = 0;
3491
3492 switch (vht_mcs_map) {
3493 case IEEE80211_VHT_MCS_NOT_SUPPORTED:
3494 break;
3495 case IEEE80211_VHT_MCS_SUPPORT_0_7:
3496 mcs_mask = 0x00FF;
3497 break;
3498 case IEEE80211_VHT_MCS_SUPPORT_0_8:
3499 mcs_mask = 0x01FF;
3500 break;
3501 case IEEE80211_VHT_MCS_SUPPORT_0_9:
3502 mcs_mask = 0x03FF;
3503 break;
3504 default:
3505 break;
3506 }
3507
3508 return mcs_mask;
3509}
3510
3511static void vht_build_mcs_mask(u16 vht_mcs_map,
3512 u16 vht_mcs_mask[NL80211_VHT_NSS_MAX])
3513{
3514 u8 nss;
3515
3516 for (nss = 0; nss < NL80211_VHT_NSS_MAX; nss++) {
3517 vht_mcs_mask[nss] = vht_mcs_map_to_mcs_mask(vht_mcs_map & 0x03);
3518 vht_mcs_map >>= 2;
3519 }
3520}
3521
3522static bool vht_set_mcs_mask(struct ieee80211_supported_band *sband,
3523 struct nl80211_txrate_vht *txrate,
3524 u16 mcs[NL80211_VHT_NSS_MAX])
3525{
3526 u16 tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
3527 u16 tx_mcs_mask[NL80211_VHT_NSS_MAX] = {};
3528 u8 i;
3529
3530 if (!sband->vht_cap.vht_supported)
3531 return false;
3532
3533 memset(mcs, 0, sizeof(u16) * NL80211_VHT_NSS_MAX);
3534
3535
3536 vht_build_mcs_mask(tx_mcs_map, tx_mcs_mask);
3537
3538 for (i = 0; i < NL80211_VHT_NSS_MAX; i++) {
3539 if ((tx_mcs_mask[i] & txrate->mcs[i]) == txrate->mcs[i])
3540 mcs[i] = txrate->mcs[i];
3541 else
3542 return false;
3543 }
3544
3545 return true;
3546}
3547
3548static const struct nla_policy nl80211_txattr_policy[NL80211_TXRATE_MAX + 1] = {
3549 [NL80211_TXRATE_LEGACY] = { .type = NLA_BINARY,
3550 .len = NL80211_MAX_SUPP_RATES },
3551 [NL80211_TXRATE_HT] = { .type = NLA_BINARY,
3552 .len = NL80211_MAX_SUPP_HT_RATES },
3553 [NL80211_TXRATE_VHT] = { .len = sizeof(struct nl80211_txrate_vht)},
3554 [NL80211_TXRATE_GI] = { .type = NLA_U8 },
3555};
3556
3557static int nl80211_parse_tx_bitrate_mask(struct genl_info *info,
3558 struct cfg80211_bitrate_mask *mask)
3559{
3560 struct nlattr *tb[NL80211_TXRATE_MAX + 1];
3561 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3562 int rem, i;
3563 struct nlattr *tx_rates;
3564 struct ieee80211_supported_band *sband;
3565 u16 vht_tx_mcs_map;
3566
3567 memset(mask, 0, sizeof(*mask));
3568
3569 for (i = 0; i < NUM_NL80211_BANDS; i++) {
3570 sband = rdev->wiphy.bands[i];
3571
3572 if (!sband)
3573 continue;
3574
3575 mask->control[i].legacy = (1 << sband->n_bitrates) - 1;
3576 memcpy(mask->control[i].ht_mcs,
3577 sband->ht_cap.mcs.rx_mask,
3578 sizeof(mask->control[i].ht_mcs));
3579
3580 if (!sband->vht_cap.vht_supported)
3581 continue;
3582
3583 vht_tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
3584 vht_build_mcs_mask(vht_tx_mcs_map, mask->control[i].vht_mcs);
3585 }
3586
3587
3588 if (!info->attrs[NL80211_ATTR_TX_RATES])
3589 goto out;
3590
3591
3592
3593
3594 BUILD_BUG_ON(NL80211_MAX_SUPP_HT_RATES > IEEE80211_HT_MCS_MASK_LEN * 8);
3595 nla_for_each_nested(tx_rates, info->attrs[NL80211_ATTR_TX_RATES], rem) {
3596 enum nl80211_band band = nla_type(tx_rates);
3597 int err;
3598
3599 if (band < 0 || band >= NUM_NL80211_BANDS)
3600 return -EINVAL;
3601 sband = rdev->wiphy.bands[band];
3602 if (sband == NULL)
3603 return -EINVAL;
3604 err = nla_parse_nested(tb, NL80211_TXRATE_MAX, tx_rates,
3605 nl80211_txattr_policy);
3606 if (err)
3607 return err;
3608 if (tb[NL80211_TXRATE_LEGACY]) {
3609 mask->control[band].legacy = rateset_to_mask(
3610 sband,
3611 nla_data(tb[NL80211_TXRATE_LEGACY]),
3612 nla_len(tb[NL80211_TXRATE_LEGACY]));
3613 if ((mask->control[band].legacy == 0) &&
3614 nla_len(tb[NL80211_TXRATE_LEGACY]))
3615 return -EINVAL;
3616 }
3617 if (tb[NL80211_TXRATE_HT]) {
3618 if (!ht_rateset_to_mask(
3619 sband,
3620 nla_data(tb[NL80211_TXRATE_HT]),
3621 nla_len(tb[NL80211_TXRATE_HT]),
3622 mask->control[band].ht_mcs))
3623 return -EINVAL;
3624 }
3625 if (tb[NL80211_TXRATE_VHT]) {
3626 if (!vht_set_mcs_mask(
3627 sband,
3628 nla_data(tb[NL80211_TXRATE_VHT]),
3629 mask->control[band].vht_mcs))
3630 return -EINVAL;
3631 }
3632 if (tb[NL80211_TXRATE_GI]) {
3633 mask->control[band].gi =
3634 nla_get_u8(tb[NL80211_TXRATE_GI]);
3635 if (mask->control[band].gi > NL80211_TXRATE_FORCE_LGI)
3636 return -EINVAL;
3637 }
3638
3639 if (mask->control[band].legacy == 0) {
3640
3641
3642
3643 if (!(rdev->wiphy.bands[band]->ht_cap.ht_supported ||
3644 rdev->wiphy.bands[band]->vht_cap.vht_supported))
3645 return -EINVAL;
3646
3647 for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++)
3648 if (mask->control[band].ht_mcs[i])
3649 goto out;
3650
3651 for (i = 0; i < NL80211_VHT_NSS_MAX; i++)
3652 if (mask->control[band].vht_mcs[i])
3653 goto out;
3654
3655
3656 return -EINVAL;
3657 }
3658 }
3659
3660out:
3661 return 0;
3662}
3663
3664static int validate_beacon_tx_rate(struct cfg80211_registered_device *rdev,
3665 enum nl80211_band band,
3666 struct cfg80211_bitrate_mask *beacon_rate)
3667{
3668 u32 count_ht, count_vht, i;
3669 u32 rate = beacon_rate->control[band].legacy;
3670
3671
3672 if (hweight32(rate) > 1)
3673 return -EINVAL;
3674
3675 count_ht = 0;
3676 for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++) {
3677 if (hweight8(beacon_rate->control[band].ht_mcs[i]) > 1) {
3678 return -EINVAL;
3679 } else if (beacon_rate->control[band].ht_mcs[i]) {
3680 count_ht++;
3681 if (count_ht > 1)
3682 return -EINVAL;
3683 }
3684 if (count_ht && rate)
3685 return -EINVAL;
3686 }
3687
3688 count_vht = 0;
3689 for (i = 0; i < NL80211_VHT_NSS_MAX; i++) {
3690 if (hweight16(beacon_rate->control[band].vht_mcs[i]) > 1) {
3691 return -EINVAL;
3692 } else if (beacon_rate->control[band].vht_mcs[i]) {
3693 count_vht++;
3694 if (count_vht > 1)
3695 return -EINVAL;
3696 }
3697 if (count_vht && rate)
3698 return -EINVAL;
3699 }
3700
3701 if ((count_ht && count_vht) || (!rate && !count_ht && !count_vht))
3702 return -EINVAL;
3703
3704 if (rate &&
3705 !wiphy_ext_feature_isset(&rdev->wiphy,
3706 NL80211_EXT_FEATURE_BEACON_RATE_LEGACY))
3707 return -EINVAL;
3708 if (count_ht &&
3709 !wiphy_ext_feature_isset(&rdev->wiphy,
3710 NL80211_EXT_FEATURE_BEACON_RATE_HT))
3711 return -EINVAL;
3712 if (count_vht &&
3713 !wiphy_ext_feature_isset(&rdev->wiphy,
3714 NL80211_EXT_FEATURE_BEACON_RATE_VHT))
3715 return -EINVAL;
3716
3717 return 0;
3718}
3719
3720static int nl80211_parse_beacon(struct nlattr *attrs[],
3721 struct cfg80211_beacon_data *bcn)
3722{
3723 bool haveinfo = false;
3724
3725 if (!is_valid_ie_attr(attrs[NL80211_ATTR_BEACON_TAIL]) ||
3726 !is_valid_ie_attr(attrs[NL80211_ATTR_IE]) ||
3727 !is_valid_ie_attr(attrs[NL80211_ATTR_IE_PROBE_RESP]) ||
3728 !is_valid_ie_attr(attrs[NL80211_ATTR_IE_ASSOC_RESP]))
3729 return -EINVAL;
3730
3731 memset(bcn, 0, sizeof(*bcn));
3732
3733 if (attrs[NL80211_ATTR_BEACON_HEAD]) {
3734 bcn->head = nla_data(attrs[NL80211_ATTR_BEACON_HEAD]);
3735 bcn->head_len = nla_len(attrs[NL80211_ATTR_BEACON_HEAD]);
3736 if (!bcn->head_len)
3737 return -EINVAL;
3738 haveinfo = true;
3739 }
3740
3741 if (attrs[NL80211_ATTR_BEACON_TAIL]) {
3742 bcn->tail = nla_data(attrs[NL80211_ATTR_BEACON_TAIL]);
3743 bcn->tail_len = nla_len(attrs[NL80211_ATTR_BEACON_TAIL]);
3744 haveinfo = true;
3745 }
3746
3747 if (!haveinfo)
3748 return -EINVAL;
3749
3750 if (attrs[NL80211_ATTR_IE]) {
3751 bcn->beacon_ies = nla_data(attrs[NL80211_ATTR_IE]);
3752 bcn->beacon_ies_len = nla_len(attrs[NL80211_ATTR_IE]);
3753 }
3754
3755 if (attrs[NL80211_ATTR_IE_PROBE_RESP]) {
3756 bcn->proberesp_ies =
3757 nla_data(attrs[NL80211_ATTR_IE_PROBE_RESP]);
3758 bcn->proberesp_ies_len =
3759 nla_len(attrs[NL80211_ATTR_IE_PROBE_RESP]);
3760 }
3761
3762 if (attrs[NL80211_ATTR_IE_ASSOC_RESP]) {
3763 bcn->assocresp_ies =
3764 nla_data(attrs[NL80211_ATTR_IE_ASSOC_RESP]);
3765 bcn->assocresp_ies_len =
3766 nla_len(attrs[NL80211_ATTR_IE_ASSOC_RESP]);
3767 }
3768
3769 if (attrs[NL80211_ATTR_PROBE_RESP]) {
3770 bcn->probe_resp = nla_data(attrs[NL80211_ATTR_PROBE_RESP]);
3771 bcn->probe_resp_len = nla_len(attrs[NL80211_ATTR_PROBE_RESP]);
3772 }
3773
3774 return 0;
3775}
3776
3777static void nl80211_check_ap_rate_selectors(struct cfg80211_ap_settings *params,
3778 const u8 *rates)
3779{
3780 int i;
3781
3782 if (!rates)
3783 return;
3784
3785 for (i = 0; i < rates[1]; i++) {
3786 if (rates[2 + i] == BSS_MEMBERSHIP_SELECTOR_HT_PHY)
3787 params->ht_required = true;
3788 if (rates[2 + i] == BSS_MEMBERSHIP_SELECTOR_VHT_PHY)
3789 params->vht_required = true;
3790 }
3791}
3792
3793
3794
3795
3796
3797
3798static void nl80211_calculate_ap_params(struct cfg80211_ap_settings *params)
3799{
3800 const struct cfg80211_beacon_data *bcn = ¶ms->beacon;
3801 size_t ies_len = bcn->tail_len;
3802 const u8 *ies = bcn->tail;
3803 const u8 *rates;
3804 const u8 *cap;
3805
3806 rates = cfg80211_find_ie(WLAN_EID_SUPP_RATES, ies, ies_len);
3807 nl80211_check_ap_rate_selectors(params, rates);
3808
3809 rates = cfg80211_find_ie(WLAN_EID_EXT_SUPP_RATES, ies, ies_len);
3810 nl80211_check_ap_rate_selectors(params, rates);
3811
3812 cap = cfg80211_find_ie(WLAN_EID_HT_CAPABILITY, ies, ies_len);
3813 if (cap && cap[1] >= sizeof(*params->ht_cap))
3814 params->ht_cap = (void *)(cap + 2);
3815 cap = cfg80211_find_ie(WLAN_EID_VHT_CAPABILITY, ies, ies_len);
3816 if (cap && cap[1] >= sizeof(*params->vht_cap))
3817 params->vht_cap = (void *)(cap + 2);
3818}
3819
3820static bool nl80211_get_ap_channel(struct cfg80211_registered_device *rdev,
3821 struct cfg80211_ap_settings *params)
3822{
3823 struct wireless_dev *wdev;
3824 bool ret = false;
3825
3826 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
3827 if (wdev->iftype != NL80211_IFTYPE_AP &&
3828 wdev->iftype != NL80211_IFTYPE_P2P_GO)
3829 continue;
3830
3831 if (!wdev->preset_chandef.chan)
3832 continue;
3833
3834 params->chandef = wdev->preset_chandef;
3835 ret = true;
3836 break;
3837 }
3838
3839 return ret;
3840}
3841
3842static bool nl80211_valid_auth_type(struct cfg80211_registered_device *rdev,
3843 enum nl80211_auth_type auth_type,
3844 enum nl80211_commands cmd)
3845{
3846 if (auth_type > NL80211_AUTHTYPE_MAX)
3847 return false;
3848
3849 switch (cmd) {
3850 case NL80211_CMD_AUTHENTICATE:
3851 if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) &&
3852 auth_type == NL80211_AUTHTYPE_SAE)
3853 return false;
3854 if (!wiphy_ext_feature_isset(&rdev->wiphy,
3855 NL80211_EXT_FEATURE_FILS_STA) &&
3856 (auth_type == NL80211_AUTHTYPE_FILS_SK ||
3857 auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
3858 auth_type == NL80211_AUTHTYPE_FILS_PK))
3859 return false;
3860 return true;
3861 case NL80211_CMD_CONNECT:
3862
3863 if (auth_type == NL80211_AUTHTYPE_SAE)
3864 return false;
3865
3866 if (auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
3867 auth_type == NL80211_AUTHTYPE_FILS_PK)
3868 return false;
3869 if (!wiphy_ext_feature_isset(
3870 &rdev->wiphy,
3871 NL80211_EXT_FEATURE_FILS_SK_OFFLOAD) &&
3872 auth_type == NL80211_AUTHTYPE_FILS_SK)
3873 return false;
3874 return true;
3875 case NL80211_CMD_START_AP:
3876
3877 if (auth_type == NL80211_AUTHTYPE_SAE)
3878 return false;
3879
3880 if (auth_type == NL80211_AUTHTYPE_FILS_SK ||
3881 auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
3882 auth_type == NL80211_AUTHTYPE_FILS_PK)
3883 return false;
3884 return true;
3885 default:
3886 return false;
3887 }
3888}
3889
3890static int nl80211_start_ap(struct sk_buff *skb, struct genl_info *info)
3891{
3892 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3893 struct net_device *dev = info->user_ptr[1];
3894 struct wireless_dev *wdev = dev->ieee80211_ptr;
3895 struct cfg80211_ap_settings params;
3896 int err;
3897
3898 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
3899 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3900 return -EOPNOTSUPP;
3901
3902 if (!rdev->ops->start_ap)
3903 return -EOPNOTSUPP;
3904
3905 if (wdev->beacon_interval)
3906 return -EALREADY;
3907
3908 memset(¶ms, 0, sizeof(params));
3909
3910
3911 if (!info->attrs[NL80211_ATTR_BEACON_INTERVAL] ||
3912 !info->attrs[NL80211_ATTR_DTIM_PERIOD] ||
3913 !info->attrs[NL80211_ATTR_BEACON_HEAD])
3914 return -EINVAL;
3915
3916 err = nl80211_parse_beacon(info->attrs, ¶ms.beacon);
3917 if (err)
3918 return err;
3919
3920 params.beacon_interval =
3921 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
3922 params.dtim_period =
3923 nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
3924
3925 err = cfg80211_validate_beacon_int(rdev, dev->ieee80211_ptr->iftype,
3926 params.beacon_interval);
3927 if (err)
3928 return err;
3929
3930
3931
3932
3933
3934
3935
3936
3937 if (info->attrs[NL80211_ATTR_SSID]) {
3938 params.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
3939 params.ssid_len =
3940 nla_len(info->attrs[NL80211_ATTR_SSID]);
3941 if (params.ssid_len == 0 ||
3942 params.ssid_len > IEEE80211_MAX_SSID_LEN)
3943 return -EINVAL;
3944 }
3945
3946 if (info->attrs[NL80211_ATTR_HIDDEN_SSID]) {
3947 params.hidden_ssid = nla_get_u32(
3948 info->attrs[NL80211_ATTR_HIDDEN_SSID]);
3949 if (params.hidden_ssid != NL80211_HIDDEN_SSID_NOT_IN_USE &&
3950 params.hidden_ssid != NL80211_HIDDEN_SSID_ZERO_LEN &&
3951 params.hidden_ssid != NL80211_HIDDEN_SSID_ZERO_CONTENTS)
3952 return -EINVAL;
3953 }
3954
3955 params.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
3956
3957 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
3958 params.auth_type = nla_get_u32(
3959 info->attrs[NL80211_ATTR_AUTH_TYPE]);
3960 if (!nl80211_valid_auth_type(rdev, params.auth_type,
3961 NL80211_CMD_START_AP))
3962 return -EINVAL;
3963 } else
3964 params.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
3965
3966 err = nl80211_crypto_settings(rdev, info, ¶ms.crypto,
3967 NL80211_MAX_NR_CIPHER_SUITES);
3968 if (err)
3969 return err;
3970
3971 if (info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]) {
3972 if (!(rdev->wiphy.features & NL80211_FEATURE_INACTIVITY_TIMER))
3973 return -EOPNOTSUPP;
3974 params.inactivity_timeout = nla_get_u16(
3975 info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]);
3976 }
3977
3978 if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
3979 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3980 return -EINVAL;
3981 params.p2p_ctwindow =
3982 nla_get_u8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
3983 if (params.p2p_ctwindow > 127)
3984 return -EINVAL;
3985 if (params.p2p_ctwindow != 0 &&
3986 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN))
3987 return -EINVAL;
3988 }
3989
3990 if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
3991 u8 tmp;
3992
3993 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3994 return -EINVAL;
3995 tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
3996 if (tmp > 1)
3997 return -EINVAL;
3998 params.p2p_opp_ps = tmp;
3999 if (params.p2p_opp_ps != 0 &&
4000 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS))
4001 return -EINVAL;
4002 }
4003
4004 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
4005 err = nl80211_parse_chandef(rdev, info, ¶ms.chandef);
4006 if (err)
4007 return err;
4008 } else if (wdev->preset_chandef.chan) {
4009 params.chandef = wdev->preset_chandef;
4010 } else if (!nl80211_get_ap_channel(rdev, ¶ms))
4011 return -EINVAL;
4012
4013 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, ¶ms.chandef,
4014 wdev->iftype))
4015 return -EINVAL;
4016
4017 if (info->attrs[NL80211_ATTR_TX_RATES]) {
4018 err = nl80211_parse_tx_bitrate_mask(info, ¶ms.beacon_rate);
4019 if (err)
4020 return err;
4021
4022 err = validate_beacon_tx_rate(rdev, params.chandef.chan->band,
4023 ¶ms.beacon_rate);
4024 if (err)
4025 return err;
4026 }
4027
4028 if (info->attrs[NL80211_ATTR_SMPS_MODE]) {
4029 params.smps_mode =
4030 nla_get_u8(info->attrs[NL80211_ATTR_SMPS_MODE]);
4031 switch (params.smps_mode) {
4032 case NL80211_SMPS_OFF:
4033 break;
4034 case NL80211_SMPS_STATIC:
4035 if (!(rdev->wiphy.features &
4036 NL80211_FEATURE_STATIC_SMPS))
4037 return -EINVAL;
4038 break;
4039 case NL80211_SMPS_DYNAMIC:
4040 if (!(rdev->wiphy.features &
4041 NL80211_FEATURE_DYNAMIC_SMPS))
4042 return -EINVAL;
4043 break;
4044 default:
4045 return -EINVAL;
4046 }
4047 } else {
4048 params.smps_mode = NL80211_SMPS_OFF;
4049 }
4050
4051 params.pbss = nla_get_flag(info->attrs[NL80211_ATTR_PBSS]);
4052 if (params.pbss && !rdev->wiphy.bands[NL80211_BAND_60GHZ])
4053 return -EOPNOTSUPP;
4054
4055 if (info->attrs[NL80211_ATTR_ACL_POLICY]) {
4056 params.acl = parse_acl_data(&rdev->wiphy, info);
4057 if (IS_ERR(params.acl))
4058 return PTR_ERR(params.acl);
4059 }
4060
4061 nl80211_calculate_ap_params(¶ms);
4062
4063 wdev_lock(wdev);
4064 err = rdev_start_ap(rdev, dev, ¶ms);
4065 if (!err) {
4066 wdev->preset_chandef = params.chandef;
4067 wdev->beacon_interval = params.beacon_interval;
4068 wdev->chandef = params.chandef;
4069 wdev->ssid_len = params.ssid_len;
4070 memcpy(wdev->ssid, params.ssid, wdev->ssid_len);
4071 }
4072 wdev_unlock(wdev);
4073
4074 kfree(params.acl);
4075
4076 return err;
4077}
4078
4079static int nl80211_set_beacon(struct sk_buff *skb, struct genl_info *info)
4080{
4081 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4082 struct net_device *dev = info->user_ptr[1];
4083 struct wireless_dev *wdev = dev->ieee80211_ptr;
4084 struct cfg80211_beacon_data params;
4085 int err;
4086
4087 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
4088 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4089 return -EOPNOTSUPP;
4090
4091 if (!rdev->ops->change_beacon)
4092 return -EOPNOTSUPP;
4093
4094 if (!wdev->beacon_interval)
4095 return -EINVAL;
4096
4097 err = nl80211_parse_beacon(info->attrs, ¶ms);
4098 if (err)
4099 return err;
4100
4101 wdev_lock(wdev);
4102 err = rdev_change_beacon(rdev, dev, ¶ms);
4103 wdev_unlock(wdev);
4104
4105 return err;
4106}
4107
4108static int nl80211_stop_ap(struct sk_buff *skb, struct genl_info *info)
4109{
4110 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4111 struct net_device *dev = info->user_ptr[1];
4112
4113 return cfg80211_stop_ap(rdev, dev, false);
4114}
4115
4116static const struct nla_policy sta_flags_policy[NL80211_STA_FLAG_MAX + 1] = {
4117 [NL80211_STA_FLAG_AUTHORIZED] = { .type = NLA_FLAG },
4118 [NL80211_STA_FLAG_SHORT_PREAMBLE] = { .type = NLA_FLAG },
4119 [NL80211_STA_FLAG_WME] = { .type = NLA_FLAG },
4120 [NL80211_STA_FLAG_MFP] = { .type = NLA_FLAG },
4121 [NL80211_STA_FLAG_AUTHENTICATED] = { .type = NLA_FLAG },
4122 [NL80211_STA_FLAG_TDLS_PEER] = { .type = NLA_FLAG },
4123};
4124
4125static int parse_station_flags(struct genl_info *info,
4126 enum nl80211_iftype iftype,
4127 struct station_parameters *params)
4128{
4129 struct nlattr *flags[NL80211_STA_FLAG_MAX + 1];
4130 struct nlattr *nla;
4131 int flag;
4132
4133
4134
4135
4136
4137 nla = info->attrs[NL80211_ATTR_STA_FLAGS2];
4138 if (nla) {
4139 struct nl80211_sta_flag_update *sta_flags;
4140
4141 sta_flags = nla_data(nla);
4142 params->sta_flags_mask = sta_flags->mask;
4143 params->sta_flags_set = sta_flags->set;
4144 params->sta_flags_set &= params->sta_flags_mask;
4145 if ((params->sta_flags_mask |
4146 params->sta_flags_set) & BIT(__NL80211_STA_FLAG_INVALID))
4147 return -EINVAL;
4148 return 0;
4149 }
4150
4151
4152
4153 nla = info->attrs[NL80211_ATTR_STA_FLAGS];
4154 if (!nla)
4155 return 0;
4156
4157 if (nla_parse_nested(flags, NL80211_STA_FLAG_MAX,
4158 nla, sta_flags_policy))
4159 return -EINVAL;
4160
4161
4162
4163
4164
4165
4166
4167 switch (iftype) {
4168 case NL80211_IFTYPE_AP:
4169 case NL80211_IFTYPE_AP_VLAN:
4170 case NL80211_IFTYPE_P2P_GO:
4171 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
4172 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
4173 BIT(NL80211_STA_FLAG_WME) |
4174 BIT(NL80211_STA_FLAG_MFP);
4175 break;
4176 case NL80211_IFTYPE_P2P_CLIENT:
4177 case NL80211_IFTYPE_STATION:
4178 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
4179 BIT(NL80211_STA_FLAG_TDLS_PEER);
4180 break;
4181 case NL80211_IFTYPE_MESH_POINT:
4182 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHENTICATED) |
4183 BIT(NL80211_STA_FLAG_MFP) |
4184 BIT(NL80211_STA_FLAG_AUTHORIZED);
4185 default:
4186 return -EINVAL;
4187 }
4188
4189 for (flag = 1; flag <= NL80211_STA_FLAG_MAX; flag++) {
4190 if (flags[flag]) {
4191 params->sta_flags_set |= (1<<flag);
4192
4193
4194 if (flag > NL80211_STA_FLAG_MAX_OLD_API)
4195 return -EINVAL;
4196 }
4197 }
4198
4199 return 0;
4200}
4201
4202static bool nl80211_put_sta_rate(struct sk_buff *msg, struct rate_info *info,
4203 int attr)
4204{
4205 struct nlattr *rate;
4206 u32 bitrate;
4207 u16 bitrate_compat;
4208 enum nl80211_rate_info rate_flg;
4209
4210 rate = nla_nest_start(msg, attr);
4211 if (!rate)
4212 return false;
4213
4214
4215 bitrate = cfg80211_calculate_bitrate(info);
4216
4217 bitrate_compat = bitrate < (1UL << 16) ? bitrate : 0;
4218 if (bitrate > 0 &&
4219 nla_put_u32(msg, NL80211_RATE_INFO_BITRATE32, bitrate))
4220 return false;
4221 if (bitrate_compat > 0 &&
4222 nla_put_u16(msg, NL80211_RATE_INFO_BITRATE, bitrate_compat))
4223 return false;
4224
4225 switch (info->bw) {
4226 case RATE_INFO_BW_5:
4227 rate_flg = NL80211_RATE_INFO_5_MHZ_WIDTH;
4228 break;
4229 case RATE_INFO_BW_10:
4230 rate_flg = NL80211_RATE_INFO_10_MHZ_WIDTH;
4231 break;
4232 default:
4233 WARN_ON(1);
4234
4235 case RATE_INFO_BW_20:
4236 rate_flg = 0;
4237 break;
4238 case RATE_INFO_BW_40:
4239 rate_flg = NL80211_RATE_INFO_40_MHZ_WIDTH;
4240 break;
4241 case RATE_INFO_BW_80:
4242 rate_flg = NL80211_RATE_INFO_80_MHZ_WIDTH;
4243 break;
4244 case RATE_INFO_BW_160:
4245 rate_flg = NL80211_RATE_INFO_160_MHZ_WIDTH;
4246 break;
4247 }
4248
4249 if (rate_flg && nla_put_flag(msg, rate_flg))
4250 return false;
4251
4252 if (info->flags & RATE_INFO_FLAGS_MCS) {
4253 if (nla_put_u8(msg, NL80211_RATE_INFO_MCS, info->mcs))
4254 return false;
4255 if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
4256 nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
4257 return false;
4258 } else if (info->flags & RATE_INFO_FLAGS_VHT_MCS) {
4259 if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_MCS, info->mcs))
4260 return false;
4261 if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_NSS, info->nss))
4262 return false;
4263 if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
4264 nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
4265 return false;
4266 }
4267
4268 nla_nest_end(msg, rate);
4269 return true;
4270}
4271
4272static bool nl80211_put_signal(struct sk_buff *msg, u8 mask, s8 *signal,
4273 int id)
4274{
4275 void *attr;
4276 int i = 0;
4277
4278 if (!mask)
4279 return true;
4280
4281 attr = nla_nest_start(msg, id);
4282 if (!attr)
4283 return false;
4284
4285 for (i = 0; i < IEEE80211_MAX_CHAINS; i++) {
4286 if (!(mask & BIT(i)))
4287 continue;
4288
4289 if (nla_put_u8(msg, i, signal[i]))
4290 return false;
4291 }
4292
4293 nla_nest_end(msg, attr);
4294
4295 return true;
4296}
4297
4298static int nl80211_send_station(struct sk_buff *msg, u32 cmd, u32 portid,
4299 u32 seq, int flags,
4300 struct cfg80211_registered_device *rdev,
4301 struct net_device *dev,
4302 const u8 *mac_addr, struct station_info *sinfo)
4303{
4304 void *hdr;
4305 struct nlattr *sinfoattr, *bss_param;
4306
4307 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
4308 if (!hdr)
4309 return -1;
4310
4311 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
4312 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
4313 nla_put_u32(msg, NL80211_ATTR_GENERATION, sinfo->generation))
4314 goto nla_put_failure;
4315
4316 sinfoattr = nla_nest_start(msg, NL80211_ATTR_STA_INFO);
4317 if (!sinfoattr)
4318 goto nla_put_failure;
4319
4320#define PUT_SINFO(attr, memb, type) do { \
4321 BUILD_BUG_ON(sizeof(type) == sizeof(u64)); \
4322 if (sinfo->filled & (1ULL << NL80211_STA_INFO_ ## attr) && \
4323 nla_put_ ## type(msg, NL80211_STA_INFO_ ## attr, \
4324 sinfo->memb)) \
4325 goto nla_put_failure; \
4326 } while (0)
4327#define PUT_SINFO_U64(attr, memb) do { \
4328 if (sinfo->filled & (1ULL << NL80211_STA_INFO_ ## attr) && \
4329 nla_put_u64_64bit(msg, NL80211_STA_INFO_ ## attr, \
4330 sinfo->memb, NL80211_STA_INFO_PAD)) \
4331 goto nla_put_failure; \
4332 } while (0)
4333
4334 PUT_SINFO(CONNECTED_TIME, connected_time, u32);
4335 PUT_SINFO(INACTIVE_TIME, inactive_time, u32);
4336
4337 if (sinfo->filled & (BIT(NL80211_STA_INFO_RX_BYTES) |
4338 BIT(NL80211_STA_INFO_RX_BYTES64)) &&
4339 nla_put_u32(msg, NL80211_STA_INFO_RX_BYTES,
4340 (u32)sinfo->rx_bytes))
4341 goto nla_put_failure;
4342
4343 if (sinfo->filled & (BIT(NL80211_STA_INFO_TX_BYTES) |
4344 BIT(NL80211_STA_INFO_TX_BYTES64)) &&
4345 nla_put_u32(msg, NL80211_STA_INFO_TX_BYTES,
4346 (u32)sinfo->tx_bytes))
4347 goto nla_put_failure;
4348
4349 PUT_SINFO_U64(RX_BYTES64, rx_bytes);
4350 PUT_SINFO_U64(TX_BYTES64, tx_bytes);
4351 PUT_SINFO(LLID, llid, u16);
4352 PUT_SINFO(PLID, plid, u16);
4353 PUT_SINFO(PLINK_STATE, plink_state, u8);
4354 PUT_SINFO_U64(RX_DURATION, rx_duration);
4355
4356 switch (rdev->wiphy.signal_type) {
4357 case CFG80211_SIGNAL_TYPE_MBM:
4358 PUT_SINFO(SIGNAL, signal, u8);
4359 PUT_SINFO(SIGNAL_AVG, signal_avg, u8);
4360 break;
4361 default:
4362 break;
4363 }
4364 if (sinfo->filled & BIT(NL80211_STA_INFO_CHAIN_SIGNAL)) {
4365 if (!nl80211_put_signal(msg, sinfo->chains,
4366 sinfo->chain_signal,
4367 NL80211_STA_INFO_CHAIN_SIGNAL))
4368 goto nla_put_failure;
4369 }
4370 if (sinfo->filled & BIT(NL80211_STA_INFO_CHAIN_SIGNAL_AVG)) {
4371 if (!nl80211_put_signal(msg, sinfo->chains,
4372 sinfo->chain_signal_avg,
4373 NL80211_STA_INFO_CHAIN_SIGNAL_AVG))
4374 goto nla_put_failure;
4375 }
4376 if (sinfo->filled & BIT(NL80211_STA_INFO_TX_BITRATE)) {
4377 if (!nl80211_put_sta_rate(msg, &sinfo->txrate,
4378 NL80211_STA_INFO_TX_BITRATE))
4379 goto nla_put_failure;
4380 }
4381 if (sinfo->filled & BIT(NL80211_STA_INFO_RX_BITRATE)) {
4382 if (!nl80211_put_sta_rate(msg, &sinfo->rxrate,
4383 NL80211_STA_INFO_RX_BITRATE))
4384 goto nla_put_failure;
4385 }
4386
4387 PUT_SINFO(RX_PACKETS, rx_packets, u32);
4388 PUT_SINFO(TX_PACKETS, tx_packets, u32);
4389 PUT_SINFO(TX_RETRIES, tx_retries, u32);
4390 PUT_SINFO(TX_FAILED, tx_failed, u32);
4391 PUT_SINFO(EXPECTED_THROUGHPUT, expected_throughput, u32);
4392 PUT_SINFO(BEACON_LOSS, beacon_loss_count, u32);
4393 PUT_SINFO(LOCAL_PM, local_pm, u32);
4394 PUT_SINFO(PEER_PM, peer_pm, u32);
4395 PUT_SINFO(NONPEER_PM, nonpeer_pm, u32);
4396
4397 if (sinfo->filled & BIT(NL80211_STA_INFO_BSS_PARAM)) {
4398 bss_param = nla_nest_start(msg, NL80211_STA_INFO_BSS_PARAM);
4399 if (!bss_param)
4400 goto nla_put_failure;
4401
4402 if (((sinfo->bss_param.flags & BSS_PARAM_FLAGS_CTS_PROT) &&
4403 nla_put_flag(msg, NL80211_STA_BSS_PARAM_CTS_PROT)) ||
4404 ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_PREAMBLE) &&
4405 nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_PREAMBLE)) ||
4406 ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_SLOT_TIME) &&
4407 nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_SLOT_TIME)) ||
4408 nla_put_u8(msg, NL80211_STA_BSS_PARAM_DTIM_PERIOD,
4409 sinfo->bss_param.dtim_period) ||
4410 nla_put_u16(msg, NL80211_STA_BSS_PARAM_BEACON_INTERVAL,
4411 sinfo->bss_param.beacon_interval))
4412 goto nla_put_failure;
4413
4414 nla_nest_end(msg, bss_param);
4415 }
4416 if ((sinfo->filled & BIT(NL80211_STA_INFO_STA_FLAGS)) &&
4417 nla_put(msg, NL80211_STA_INFO_STA_FLAGS,
4418 sizeof(struct nl80211_sta_flag_update),
4419 &sinfo->sta_flags))
4420 goto nla_put_failure;
4421
4422 PUT_SINFO_U64(T_OFFSET, t_offset);
4423 PUT_SINFO_U64(RX_DROP_MISC, rx_dropped_misc);
4424 PUT_SINFO_U64(BEACON_RX, rx_beacon);
4425 PUT_SINFO(BEACON_SIGNAL_AVG, rx_beacon_signal_avg, u8);
4426
4427#undef PUT_SINFO
4428#undef PUT_SINFO_U64
4429
4430 if (sinfo->filled & BIT(NL80211_STA_INFO_TID_STATS)) {
4431 struct nlattr *tidsattr;
4432 int tid;
4433
4434 tidsattr = nla_nest_start(msg, NL80211_STA_INFO_TID_STATS);
4435 if (!tidsattr)
4436 goto nla_put_failure;
4437
4438 for (tid = 0; tid < IEEE80211_NUM_TIDS + 1; tid++) {
4439 struct cfg80211_tid_stats *tidstats;
4440 struct nlattr *tidattr;
4441
4442 tidstats = &sinfo->pertid[tid];
4443
4444 if (!tidstats->filled)
4445 continue;
4446
4447 tidattr = nla_nest_start(msg, tid + 1);
4448 if (!tidattr)
4449 goto nla_put_failure;
4450
4451#define PUT_TIDVAL_U64(attr, memb) do { \
4452 if (tidstats->filled & BIT(NL80211_TID_STATS_ ## attr) && \
4453 nla_put_u64_64bit(msg, NL80211_TID_STATS_ ## attr, \
4454 tidstats->memb, NL80211_TID_STATS_PAD)) \
4455 goto nla_put_failure; \
4456 } while (0)
4457
4458 PUT_TIDVAL_U64(RX_MSDU, rx_msdu);
4459 PUT_TIDVAL_U64(TX_MSDU, tx_msdu);
4460 PUT_TIDVAL_U64(TX_MSDU_RETRIES, tx_msdu_retries);
4461 PUT_TIDVAL_U64(TX_MSDU_FAILED, tx_msdu_failed);
4462
4463#undef PUT_TIDVAL_U64
4464 nla_nest_end(msg, tidattr);
4465 }
4466
4467 nla_nest_end(msg, tidsattr);
4468 }
4469
4470 nla_nest_end(msg, sinfoattr);
4471
4472 if (sinfo->assoc_req_ies_len &&
4473 nla_put(msg, NL80211_ATTR_IE, sinfo->assoc_req_ies_len,
4474 sinfo->assoc_req_ies))
4475 goto nla_put_failure;
4476
4477 genlmsg_end(msg, hdr);
4478 return 0;
4479
4480 nla_put_failure:
4481 genlmsg_cancel(msg, hdr);
4482 return -EMSGSIZE;
4483}
4484
4485static int nl80211_dump_station(struct sk_buff *skb,
4486 struct netlink_callback *cb)
4487{
4488 struct station_info sinfo;
4489 struct cfg80211_registered_device *rdev;
4490 struct wireless_dev *wdev;
4491 u8 mac_addr[ETH_ALEN];
4492 int sta_idx = cb->args[2];
4493 int err;
4494
4495 rtnl_lock();
4496 err = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev);
4497 if (err)
4498 goto out_err;
4499
4500 if (!wdev->netdev) {
4501 err = -EINVAL;
4502 goto out_err;
4503 }
4504
4505 if (!rdev->ops->dump_station) {
4506 err = -EOPNOTSUPP;
4507 goto out_err;
4508 }
4509
4510 while (1) {
4511 memset(&sinfo, 0, sizeof(sinfo));
4512 err = rdev_dump_station(rdev, wdev->netdev, sta_idx,
4513 mac_addr, &sinfo);
4514 if (err == -ENOENT)
4515 break;
4516 if (err)
4517 goto out_err;
4518
4519 if (nl80211_send_station(skb, NL80211_CMD_NEW_STATION,
4520 NETLINK_CB(cb->skb).portid,
4521 cb->nlh->nlmsg_seq, NLM_F_MULTI,
4522 rdev, wdev->netdev, mac_addr,
4523 &sinfo) < 0)
4524 goto out;
4525
4526 sta_idx++;
4527 }
4528
4529 out:
4530 cb->args[2] = sta_idx;
4531 err = skb->len;
4532 out_err:
4533 rtnl_unlock();
4534
4535 return err;
4536}
4537
4538static int nl80211_get_station(struct sk_buff *skb, struct genl_info *info)
4539{
4540 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4541 struct net_device *dev = info->user_ptr[1];
4542 struct station_info sinfo;
4543 struct sk_buff *msg;
4544 u8 *mac_addr = NULL;
4545 int err;
4546
4547 memset(&sinfo, 0, sizeof(sinfo));
4548
4549 if (!info->attrs[NL80211_ATTR_MAC])
4550 return -EINVAL;
4551
4552 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4553
4554 if (!rdev->ops->get_station)
4555 return -EOPNOTSUPP;
4556
4557 err = rdev_get_station(rdev, dev, mac_addr, &sinfo);
4558 if (err)
4559 return err;
4560
4561 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4562 if (!msg)
4563 return -ENOMEM;
4564
4565 if (nl80211_send_station(msg, NL80211_CMD_NEW_STATION,
4566 info->snd_portid, info->snd_seq, 0,
4567 rdev, dev, mac_addr, &sinfo) < 0) {
4568 nlmsg_free(msg);
4569 return -ENOBUFS;
4570 }
4571
4572 return genlmsg_reply(msg, info);
4573}
4574
4575int cfg80211_check_station_change(struct wiphy *wiphy,
4576 struct station_parameters *params,
4577 enum cfg80211_station_type statype)
4578{
4579 if (params->listen_interval != -1 &&
4580 statype != CFG80211_STA_AP_CLIENT_UNASSOC)
4581 return -EINVAL;
4582
4583 if (params->support_p2p_ps != -1 &&
4584 statype != CFG80211_STA_AP_CLIENT_UNASSOC)
4585 return -EINVAL;
4586
4587 if (params->aid &&
4588 !(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) &&
4589 statype != CFG80211_STA_AP_CLIENT_UNASSOC)
4590 return -EINVAL;
4591
4592
4593 BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 7);
4594
4595 switch (statype) {
4596 case CFG80211_STA_MESH_PEER_KERNEL:
4597 case CFG80211_STA_MESH_PEER_USER:
4598
4599
4600
4601
4602
4603 if (params->sta_flags_mask &
4604 ~(BIT(NL80211_STA_FLAG_AUTHENTICATED) |
4605 BIT(NL80211_STA_FLAG_MFP) |
4606 BIT(NL80211_STA_FLAG_AUTHORIZED)))
4607 return -EINVAL;
4608 break;
4609 case CFG80211_STA_TDLS_PEER_SETUP:
4610 case CFG80211_STA_TDLS_PEER_ACTIVE:
4611 if (!(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
4612 return -EINVAL;
4613
4614 params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
4615 break;
4616 default:
4617
4618 if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION)
4619 return -EINVAL;
4620 if (params->local_pm)
4621 return -EINVAL;
4622 if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE)
4623 return -EINVAL;
4624 }
4625
4626 if (statype != CFG80211_STA_TDLS_PEER_SETUP &&
4627 statype != CFG80211_STA_TDLS_PEER_ACTIVE) {
4628
4629 if (params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))
4630 return -EINVAL;
4631
4632
4633
4634
4635
4636 params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
4637 }
4638
4639 if (statype != CFG80211_STA_TDLS_PEER_SETUP &&
4640 statype != CFG80211_STA_AP_CLIENT_UNASSOC) {
4641
4642 if (params->sta_modify_mask & STATION_PARAM_APPLY_UAPSD)
4643 return -EINVAL;
4644 if (params->sta_modify_mask & STATION_PARAM_APPLY_CAPABILITY)
4645 return -EINVAL;
4646 if (params->supported_rates)
4647 return -EINVAL;
4648 if (params->ext_capab || params->ht_capa || params->vht_capa)
4649 return -EINVAL;
4650 }
4651
4652 if (statype != CFG80211_STA_AP_CLIENT &&
4653 statype != CFG80211_STA_AP_CLIENT_UNASSOC) {
4654 if (params->vlan)
4655 return -EINVAL;
4656 }
4657
4658 switch (statype) {
4659 case CFG80211_STA_AP_MLME_CLIENT:
4660
4661 if (!(params->sta_flags_mask & BIT(NL80211_STA_FLAG_AUTHORIZED)))
4662 return -EOPNOTSUPP;
4663 break;
4664 case CFG80211_STA_AP_CLIENT:
4665 case CFG80211_STA_AP_CLIENT_UNASSOC:
4666
4667 if (params->sta_flags_mask &
4668 ~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
4669 BIT(NL80211_STA_FLAG_AUTHENTICATED) |
4670 BIT(NL80211_STA_FLAG_ASSOCIATED) |
4671 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
4672 BIT(NL80211_STA_FLAG_WME) |
4673 BIT(NL80211_STA_FLAG_MFP)))
4674 return -EINVAL;
4675
4676
4677 if (!(wiphy->features & NL80211_FEATURE_FULL_AP_CLIENT_STATE) &&
4678 params->sta_flags_mask &
4679 (BIT(NL80211_STA_FLAG_AUTHENTICATED) |
4680 BIT(NL80211_STA_FLAG_ASSOCIATED)))
4681 return -EINVAL;
4682 break;
4683 case CFG80211_STA_IBSS:
4684 case CFG80211_STA_AP_STA:
4685
4686 if (params->sta_flags_mask & ~BIT(NL80211_STA_FLAG_AUTHORIZED))
4687 return -EINVAL;
4688 break;
4689 case CFG80211_STA_TDLS_PEER_SETUP:
4690
4691 if (params->sta_flags_mask & ~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
4692 BIT(NL80211_STA_FLAG_WME)))
4693 return -EINVAL;
4694
4695 if (params->sta_flags_set & BIT(NL80211_STA_FLAG_AUTHORIZED) &&
4696 !params->supported_rates)
4697 return -EINVAL;
4698 break;
4699 case CFG80211_STA_TDLS_PEER_ACTIVE:
4700
4701 return -EINVAL;
4702 case CFG80211_STA_MESH_PEER_KERNEL:
4703 if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE)
4704 return -EINVAL;
4705 break;
4706 case CFG80211_STA_MESH_PEER_USER:
4707 if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION &&
4708 params->plink_action != NL80211_PLINK_ACTION_BLOCK)
4709 return -EINVAL;
4710 break;
4711 }
4712
4713
4714
4715
4716
4717
4718 if (statype != CFG80211_STA_AP_CLIENT_UNASSOC &&
4719 statype != CFG80211_STA_TDLS_PEER_SETUP)
4720 params->opmode_notif_used = false;
4721
4722 return 0;
4723}
4724EXPORT_SYMBOL(cfg80211_check_station_change);
4725
4726
4727
4728
4729static struct net_device *get_vlan(struct genl_info *info,
4730 struct cfg80211_registered_device *rdev)
4731{
4732 struct nlattr *vlanattr = info->attrs[NL80211_ATTR_STA_VLAN];
4733 struct net_device *v;
4734 int ret;
4735
4736 if (!vlanattr)
4737 return NULL;
4738
4739 v = dev_get_by_index(genl_info_net(info), nla_get_u32(vlanattr));
4740 if (!v)
4741 return ERR_PTR(-ENODEV);
4742
4743 if (!v->ieee80211_ptr || v->ieee80211_ptr->wiphy != &rdev->wiphy) {
4744 ret = -EINVAL;
4745 goto error;
4746 }
4747
4748 if (v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
4749 v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
4750 v->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) {
4751 ret = -EINVAL;
4752 goto error;
4753 }
4754
4755 if (!netif_running(v)) {
4756 ret = -ENETDOWN;
4757 goto error;
4758 }
4759
4760 return v;
4761 error:
4762 dev_put(v);
4763 return ERR_PTR(ret);
4764}
4765
4766static const struct nla_policy
4767nl80211_sta_wme_policy[NL80211_STA_WME_MAX + 1] = {
4768 [NL80211_STA_WME_UAPSD_QUEUES] = { .type = NLA_U8 },
4769 [NL80211_STA_WME_MAX_SP] = { .type = NLA_U8 },
4770};
4771
4772static int nl80211_parse_sta_wme(struct genl_info *info,
4773 struct station_parameters *params)
4774{
4775 struct nlattr *tb[NL80211_STA_WME_MAX + 1];
4776 struct nlattr *nla;
4777 int err;
4778
4779
4780 if (!info->attrs[NL80211_ATTR_STA_WME])
4781 return 0;
4782
4783 nla = info->attrs[NL80211_ATTR_STA_WME];
4784 err = nla_parse_nested(tb, NL80211_STA_WME_MAX, nla,
4785 nl80211_sta_wme_policy);
4786 if (err)
4787 return err;
4788
4789 if (tb[NL80211_STA_WME_UAPSD_QUEUES])
4790 params->uapsd_queues = nla_get_u8(
4791 tb[NL80211_STA_WME_UAPSD_QUEUES]);
4792 if (params->uapsd_queues & ~IEEE80211_WMM_IE_STA_QOSINFO_AC_MASK)
4793 return -EINVAL;
4794
4795 if (tb[NL80211_STA_WME_MAX_SP])
4796 params->max_sp = nla_get_u8(tb[NL80211_STA_WME_MAX_SP]);
4797
4798 if (params->max_sp & ~IEEE80211_WMM_IE_STA_QOSINFO_SP_MASK)
4799 return -EINVAL;
4800
4801 params->sta_modify_mask |= STATION_PARAM_APPLY_UAPSD;
4802
4803 return 0;
4804}
4805
4806static int nl80211_parse_sta_channel_info(struct genl_info *info,
4807 struct station_parameters *params)
4808{
4809 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]) {
4810 params->supported_channels =
4811 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]);
4812 params->supported_channels_len =
4813 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]);
4814
4815
4816
4817
4818
4819 if (params->supported_channels_len < 2)
4820 return -EINVAL;
4821 if (params->supported_channels_len % 2)
4822 return -EINVAL;
4823 }
4824
4825 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]) {
4826 params->supported_oper_classes =
4827 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]);
4828 params->supported_oper_classes_len =
4829 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]);
4830
4831
4832
4833
4834 if (params->supported_oper_classes_len < 2 ||
4835 params->supported_oper_classes_len > 253)
4836 return -EINVAL;
4837 }
4838 return 0;
4839}
4840
4841static int nl80211_set_station_tdls(struct genl_info *info,
4842 struct station_parameters *params)
4843{
4844 int err;
4845
4846 if (info->attrs[NL80211_ATTR_PEER_AID])
4847 params->aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
4848 if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
4849 params->ht_capa =
4850 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
4851 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
4852 params->vht_capa =
4853 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
4854
4855 err = nl80211_parse_sta_channel_info(info, params);
4856 if (err)
4857 return err;
4858
4859 return nl80211_parse_sta_wme(info, params);
4860}
4861
4862static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info)
4863{
4864 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4865 struct net_device *dev = info->user_ptr[1];
4866 struct station_parameters params;
4867 u8 *mac_addr;
4868 int err;
4869
4870 memset(¶ms, 0, sizeof(params));
4871
4872 if (!rdev->ops->change_station)
4873 return -EOPNOTSUPP;
4874
4875
4876
4877
4878
4879
4880 if (info->attrs[NL80211_ATTR_STA_AID])
4881 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
4882
4883 if (info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
4884 params.listen_interval =
4885 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
4886 else
4887 params.listen_interval = -1;
4888
4889 if (info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]) {
4890 u8 tmp;
4891
4892 tmp = nla_get_u8(info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]);
4893 if (tmp >= NUM_NL80211_P2P_PS_STATUS)
4894 return -EINVAL;
4895
4896 params.support_p2p_ps = tmp;
4897 } else {
4898 params.support_p2p_ps = -1;
4899 }
4900
4901 if (!info->attrs[NL80211_ATTR_MAC])
4902 return -EINVAL;
4903
4904 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4905
4906 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) {
4907 params.supported_rates =
4908 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
4909 params.supported_rates_len =
4910 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
4911 }
4912
4913 if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
4914 params.capability =
4915 nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]);
4916 params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY;
4917 }
4918
4919 if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) {
4920 params.ext_capab =
4921 nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
4922 params.ext_capab_len =
4923 nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
4924 }
4925
4926 if (parse_station_flags(info, dev->ieee80211_ptr->iftype, ¶ms))
4927 return -EINVAL;
4928
4929 if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION]) {
4930 params.plink_action =
4931 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
4932 if (params.plink_action >= NUM_NL80211_PLINK_ACTIONS)
4933 return -EINVAL;
4934 }
4935
4936 if (info->attrs[NL80211_ATTR_STA_PLINK_STATE]) {
4937 params.plink_state =
4938 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_STATE]);
4939 if (params.plink_state >= NUM_NL80211_PLINK_STATES)
4940 return -EINVAL;
4941 if (info->attrs[NL80211_ATTR_MESH_PEER_AID]) {
4942 params.peer_aid = nla_get_u16(
4943 info->attrs[NL80211_ATTR_MESH_PEER_AID]);
4944 if (params.peer_aid > IEEE80211_MAX_AID)
4945 return -EINVAL;
4946 }
4947 params.sta_modify_mask |= STATION_PARAM_APPLY_PLINK_STATE;
4948 }
4949
4950 if (info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE]) {
4951 enum nl80211_mesh_power_mode pm = nla_get_u32(
4952 info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE]);
4953
4954 if (pm <= NL80211_MESH_POWER_UNKNOWN ||
4955 pm > NL80211_MESH_POWER_MAX)
4956 return -EINVAL;
4957
4958 params.local_pm = pm;
4959 }
4960
4961 if (info->attrs[NL80211_ATTR_OPMODE_NOTIF]) {
4962 params.opmode_notif_used = true;
4963 params.opmode_notif =
4964 nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]);
4965 }
4966
4967
4968 err = nl80211_set_station_tdls(info, ¶ms);
4969 if (err)
4970 return err;
4971
4972 params.vlan = get_vlan(info, rdev);
4973 if (IS_ERR(params.vlan))
4974 return PTR_ERR(params.vlan);
4975
4976 switch (dev->ieee80211_ptr->iftype) {
4977 case NL80211_IFTYPE_AP:
4978 case NL80211_IFTYPE_AP_VLAN:
4979 case NL80211_IFTYPE_P2P_GO:
4980 case NL80211_IFTYPE_P2P_CLIENT:
4981 case NL80211_IFTYPE_STATION:
4982 case NL80211_IFTYPE_ADHOC:
4983 case NL80211_IFTYPE_MESH_POINT:
4984 break;
4985 default:
4986 err = -EOPNOTSUPP;
4987 goto out_put_vlan;
4988 }
4989
4990
4991 err = rdev_change_station(rdev, dev, mac_addr, ¶ms);
4992
4993 out_put_vlan:
4994 if (params.vlan)
4995 dev_put(params.vlan);
4996
4997 return err;
4998}
4999
5000static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info)
5001{
5002 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5003 int err;
5004 struct net_device *dev = info->user_ptr[1];
5005 struct station_parameters params;
5006 u8 *mac_addr = NULL;
5007 u32 auth_assoc = BIT(NL80211_STA_FLAG_AUTHENTICATED) |
5008 BIT(NL80211_STA_FLAG_ASSOCIATED);
5009
5010 memset(¶ms, 0, sizeof(params));
5011
5012 if (!rdev->ops->add_station)
5013 return -EOPNOTSUPP;
5014
5015 if (!info->attrs[NL80211_ATTR_MAC])
5016 return -EINVAL;
5017
5018 if (!info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
5019 return -EINVAL;
5020
5021 if (!info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES])
5022 return -EINVAL;
5023
5024 if (!info->attrs[NL80211_ATTR_STA_AID] &&
5025 !info->attrs[NL80211_ATTR_PEER_AID])
5026 return -EINVAL;
5027
5028 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
5029 params.supported_rates =
5030 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
5031 params.supported_rates_len =
5032 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
5033 params.listen_interval =
5034 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
5035
5036 if (info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]) {
5037 u8 tmp;
5038
5039 tmp = nla_get_u8(info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]);
5040 if (tmp >= NUM_NL80211_P2P_PS_STATUS)
5041 return -EINVAL;
5042
5043 params.support_p2p_ps = tmp;
5044 } else {
5045
5046
5047
5048
5049 params.support_p2p_ps =
5050 dev->ieee80211_ptr->iftype == NL80211_IFTYPE_P2P_GO;
5051 }
5052
5053 if (info->attrs[NL80211_ATTR_PEER_AID])
5054 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
5055 else
5056 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
5057 if (!params.aid || params.aid > IEEE80211_MAX_AID)
5058 return -EINVAL;
5059
5060 if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
5061 params.capability =
5062 nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]);
5063 params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY;
5064 }
5065
5066 if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) {
5067 params.ext_capab =
5068 nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
5069 params.ext_capab_len =
5070 nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
5071 }
5072
5073 if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
5074 params.ht_capa =
5075 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
5076
5077 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
5078 params.vht_capa =
5079 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
5080
5081 if (info->attrs[NL80211_ATTR_OPMODE_NOTIF]) {
5082 params.opmode_notif_used = true;
5083 params.opmode_notif =
5084 nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]);
5085 }
5086
5087 if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION]) {
5088 params.plink_action =
5089 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
5090 if (params.plink_action >= NUM_NL80211_PLINK_ACTIONS)
5091 return -EINVAL;
5092 }
5093
5094 err = nl80211_parse_sta_channel_info(info, ¶ms);
5095 if (err)
5096 return err;
5097
5098 err = nl80211_parse_sta_wme(info, ¶ms);
5099 if (err)
5100 return err;
5101
5102 if (parse_station_flags(info, dev->ieee80211_ptr->iftype, ¶ms))
5103 return -EINVAL;
5104
5105
5106
5107
5108
5109
5110 if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_WME))) {
5111 params.ht_capa = NULL;
5112 params.vht_capa = NULL;
5113 }
5114
5115
5116 BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 7);
5117
5118 switch (dev->ieee80211_ptr->iftype) {
5119 case NL80211_IFTYPE_AP:
5120 case NL80211_IFTYPE_AP_VLAN:
5121 case NL80211_IFTYPE_P2P_GO:
5122
5123 if (!(rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) ||
5124 !(params.sta_flags_set & BIT(NL80211_STA_FLAG_WME)))
5125 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
5126
5127
5128 if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) ||
5129 info->attrs[NL80211_ATTR_PEER_AID])
5130 return -EINVAL;
5131
5132 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
5133
5134
5135 if (!(rdev->wiphy.features &
5136 NL80211_FEATURE_FULL_AP_CLIENT_STATE) &&
5137 params.sta_flags_mask & auth_assoc)
5138 return -EINVAL;
5139
5140
5141
5142
5143
5144
5145
5146
5147
5148
5149
5150 if (!(params.sta_flags_mask & auth_assoc)) {
5151 params.sta_flags_mask |= auth_assoc;
5152 params.sta_flags_set |= auth_assoc;
5153 }
5154
5155
5156 params.vlan = get_vlan(info, rdev);
5157 if (IS_ERR(params.vlan))
5158 return PTR_ERR(params.vlan);
5159 break;
5160 case NL80211_IFTYPE_MESH_POINT:
5161
5162 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
5163
5164
5165 if (params.sta_flags_mask & BIT(NL80211_STA_FLAG_ASSOCIATED))
5166 return -EINVAL;
5167
5168 if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) ||
5169 info->attrs[NL80211_ATTR_PEER_AID])
5170 return -EINVAL;
5171 break;
5172 case NL80211_IFTYPE_STATION:
5173 case NL80211_IFTYPE_P2P_CLIENT:
5174
5175 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
5176
5177
5178 if (params.sta_flags_mask &
5179 (BIT(NL80211_STA_FLAG_ASSOCIATED) |
5180 BIT(NL80211_STA_FLAG_AUTHENTICATED)))
5181 return -EINVAL;
5182
5183 if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
5184 return -EINVAL;
5185
5186 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS))
5187 return -EOPNOTSUPP;
5188
5189 if (!(rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP))
5190 return -EOPNOTSUPP;
5191
5192
5193
5194
5195 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_AUTHORIZED);
5196 break;
5197 default:
5198 return -EOPNOTSUPP;
5199 }
5200
5201
5202
5203 err = rdev_add_station(rdev, dev, mac_addr, ¶ms);
5204
5205 if (params.vlan)
5206 dev_put(params.vlan);
5207 return err;
5208}
5209
5210static int nl80211_del_station(struct sk_buff *skb, struct genl_info *info)
5211{
5212 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5213 struct net_device *dev = info->user_ptr[1];
5214 struct station_del_parameters params;
5215
5216 memset(¶ms, 0, sizeof(params));
5217
5218 if (info->attrs[NL80211_ATTR_MAC])
5219 params.mac = nla_data(info->attrs[NL80211_ATTR_MAC]);
5220
5221 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
5222 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
5223 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
5224 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
5225 return -EINVAL;
5226
5227 if (!rdev->ops->del_station)
5228 return -EOPNOTSUPP;
5229
5230 if (info->attrs[NL80211_ATTR_MGMT_SUBTYPE]) {
5231 params.subtype =
5232 nla_get_u8(info->attrs[NL80211_ATTR_MGMT_SUBTYPE]);
5233 if (params.subtype != IEEE80211_STYPE_DISASSOC >> 4 &&
5234 params.subtype != IEEE80211_STYPE_DEAUTH >> 4)
5235 return -EINVAL;
5236 } else {
5237
5238 params.subtype = IEEE80211_STYPE_DEAUTH >> 4;
5239 }
5240
5241 if (info->attrs[NL80211_ATTR_REASON_CODE]) {
5242 params.reason_code =
5243 nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
5244 if (params.reason_code == 0)
5245 return -EINVAL;
5246 } else {
5247
5248 params.reason_code = WLAN_REASON_PREV_AUTH_NOT_VALID;
5249 }
5250
5251 return rdev_del_station(rdev, dev, ¶ms);
5252}
5253
5254static int nl80211_send_mpath(struct sk_buff *msg, u32 portid, u32 seq,
5255 int flags, struct net_device *dev,
5256 u8 *dst, u8 *next_hop,
5257 struct mpath_info *pinfo)
5258{
5259 void *hdr;
5260 struct nlattr *pinfoattr;
5261
5262 hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_MPATH);
5263 if (!hdr)
5264 return -1;
5265
5266 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
5267 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, dst) ||
5268 nla_put(msg, NL80211_ATTR_MPATH_NEXT_HOP, ETH_ALEN, next_hop) ||
5269 nla_put_u32(msg, NL80211_ATTR_GENERATION, pinfo->generation))
5270 goto nla_put_failure;
5271
5272 pinfoattr = nla_nest_start(msg, NL80211_ATTR_MPATH_INFO);
5273 if (!pinfoattr)
5274 goto nla_put_failure;
5275 if ((pinfo->filled & MPATH_INFO_FRAME_QLEN) &&
5276 nla_put_u32(msg, NL80211_MPATH_INFO_FRAME_QLEN,
5277 pinfo->frame_qlen))
5278 goto nla_put_failure;
5279 if (((pinfo->filled & MPATH_INFO_SN) &&
5280 nla_put_u32(msg, NL80211_MPATH_INFO_SN, pinfo->sn)) ||
5281 ((pinfo->filled & MPATH_INFO_METRIC) &&
5282 nla_put_u32(msg, NL80211_MPATH_INFO_METRIC,
5283 pinfo->metric)) ||
5284 ((pinfo->filled & MPATH_INFO_EXPTIME) &&
5285 nla_put_u32(msg, NL80211_MPATH_INFO_EXPTIME,
5286 pinfo->exptime)) ||
5287 ((pinfo->filled & MPATH_INFO_FLAGS) &&
5288 nla_put_u8(msg, NL80211_MPATH_INFO_FLAGS,
5289 pinfo->flags)) ||
5290 ((pinfo->filled & MPATH_INFO_DISCOVERY_TIMEOUT) &&
5291 nla_put_u32(msg, NL80211_MPATH_INFO_DISCOVERY_TIMEOUT,
5292 pinfo->discovery_timeout)) ||
5293 ((pinfo->filled & MPATH_INFO_DISCOVERY_RETRIES) &&
5294 nla_put_u8(msg, NL80211_MPATH_INFO_DISCOVERY_RETRIES,
5295 pinfo->discovery_retries)))
5296 goto nla_put_failure;
5297
5298 nla_nest_end(msg, pinfoattr);
5299
5300 genlmsg_end(msg, hdr);
5301 return 0;
5302
5303 nla_put_failure:
5304 genlmsg_cancel(msg, hdr);
5305 return -EMSGSIZE;
5306}
5307
5308static int nl80211_dump_mpath(struct sk_buff *skb,
5309 struct netlink_callback *cb)
5310{
5311 struct mpath_info pinfo;
5312 struct cfg80211_registered_device *rdev;
5313 struct wireless_dev *wdev;
5314 u8 dst[ETH_ALEN];
5315 u8 next_hop[ETH_ALEN];
5316 int path_idx = cb->args[2];
5317 int err;
5318
5319 rtnl_lock();
5320 err = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev);
5321 if (err)
5322 goto out_err;
5323
5324 if (!rdev->ops->dump_mpath) {
5325 err = -EOPNOTSUPP;
5326 goto out_err;
5327 }
5328
5329 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) {
5330 err = -EOPNOTSUPP;
5331 goto out_err;
5332 }
5333
5334 while (1) {
5335 err = rdev_dump_mpath(rdev, wdev->netdev, path_idx, dst,
5336 next_hop, &pinfo);
5337 if (err == -ENOENT)
5338 break;
5339 if (err)
5340 goto out_err;
5341
5342 if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid,
5343 cb->nlh->nlmsg_seq, NLM_F_MULTI,
5344 wdev->netdev, dst, next_hop,
5345 &pinfo) < 0)
5346 goto out;
5347
5348 path_idx++;
5349 }
5350
5351 out:
5352 cb->args[2] = path_idx;
5353 err = skb->len;
5354 out_err:
5355 rtnl_unlock();
5356 return err;
5357}
5358
5359static int nl80211_get_mpath(struct sk_buff *skb, struct genl_info *info)
5360{
5361 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5362 int err;
5363 struct net_device *dev = info->user_ptr[1];
5364 struct mpath_info pinfo;
5365 struct sk_buff *msg;
5366 u8 *dst = NULL;
5367 u8 next_hop[ETH_ALEN];
5368
5369 memset(&pinfo, 0, sizeof(pinfo));
5370
5371 if (!info->attrs[NL80211_ATTR_MAC])
5372 return -EINVAL;
5373
5374 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
5375
5376 if (!rdev->ops->get_mpath)
5377 return -EOPNOTSUPP;
5378
5379 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
5380 return -EOPNOTSUPP;
5381
5382 err = rdev_get_mpath(rdev, dev, dst, next_hop, &pinfo);
5383 if (err)
5384 return err;
5385
5386 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5387 if (!msg)
5388 return -ENOMEM;
5389
5390 if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0,
5391 dev, dst, next_hop, &pinfo) < 0) {
5392 nlmsg_free(msg);
5393 return -ENOBUFS;
5394 }
5395
5396 return genlmsg_reply(msg, info);
5397}
5398
5399static int nl80211_set_mpath(struct sk_buff *skb, struct genl_info *info)
5400{
5401 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5402 struct net_device *dev = info->user_ptr[1];
5403 u8 *dst = NULL;
5404 u8 *next_hop = NULL;
5405
5406 if (!info->attrs[NL80211_ATTR_MAC])
5407 return -EINVAL;
5408
5409 if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
5410 return -EINVAL;
5411
5412 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
5413 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
5414
5415 if (!rdev->ops->change_mpath)
5416 return -EOPNOTSUPP;
5417
5418 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
5419 return -EOPNOTSUPP;
5420
5421 return rdev_change_mpath(rdev, dev, dst, next_hop);
5422}
5423
5424static int nl80211_new_mpath(struct sk_buff *skb, struct genl_info *info)
5425{
5426 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5427 struct net_device *dev = info->user_ptr[1];
5428 u8 *dst = NULL;
5429 u8 *next_hop = NULL;
5430
5431 if (!info->attrs[NL80211_ATTR_MAC])
5432 return -EINVAL;
5433
5434 if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
5435 return -EINVAL;
5436
5437 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
5438 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
5439
5440 if (!rdev->ops->add_mpath)
5441 return -EOPNOTSUPP;
5442
5443 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
5444 return -EOPNOTSUPP;
5445
5446 return rdev_add_mpath(rdev, dev, dst, next_hop);
5447}
5448
5449static int nl80211_del_mpath(struct sk_buff *skb, struct genl_info *info)
5450{
5451 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5452 struct net_device *dev = info->user_ptr[1];
5453 u8 *dst = NULL;
5454
5455 if (info->attrs[NL80211_ATTR_MAC])
5456 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
5457
5458 if (!rdev->ops->del_mpath)
5459 return -EOPNOTSUPP;
5460
5461 return rdev_del_mpath(rdev, dev, dst);
5462}
5463
5464static int nl80211_get_mpp(struct sk_buff *skb, struct genl_info *info)
5465{
5466 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5467 int err;
5468 struct net_device *dev = info->user_ptr[1];
5469 struct mpath_info pinfo;
5470 struct sk_buff *msg;
5471 u8 *dst = NULL;
5472 u8 mpp[ETH_ALEN];
5473
5474 memset(&pinfo, 0, sizeof(pinfo));
5475
5476 if (!info->attrs[NL80211_ATTR_MAC])
5477 return -EINVAL;
5478
5479 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
5480
5481 if (!rdev->ops->get_mpp)
5482 return -EOPNOTSUPP;
5483
5484 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
5485 return -EOPNOTSUPP;
5486
5487 err = rdev_get_mpp(rdev, dev, dst, mpp, &pinfo);
5488 if (err)
5489 return err;
5490
5491 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5492 if (!msg)
5493 return -ENOMEM;
5494
5495 if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0,
5496 dev, dst, mpp, &pinfo) < 0) {
5497 nlmsg_free(msg);
5498 return -ENOBUFS;
5499 }
5500
5501 return genlmsg_reply(msg, info);
5502}
5503
5504static int nl80211_dump_mpp(struct sk_buff *skb,
5505 struct netlink_callback *cb)
5506{
5507 struct mpath_info pinfo;
5508 struct cfg80211_registered_device *rdev;
5509 struct wireless_dev *wdev;
5510 u8 dst[ETH_ALEN];
5511 u8 mpp[ETH_ALEN];
5512 int path_idx = cb->args[2];
5513 int err;
5514
5515 rtnl_lock();
5516 err = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev);
5517 if (err)
5518 goto out_err;
5519
5520 if (!rdev->ops->dump_mpp) {
5521 err = -EOPNOTSUPP;
5522 goto out_err;
5523 }
5524
5525 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) {
5526 err = -EOPNOTSUPP;
5527 goto out_err;
5528 }
5529
5530 while (1) {
5531 err = rdev_dump_mpp(rdev, wdev->netdev, path_idx, dst,
5532 mpp, &pinfo);
5533 if (err == -ENOENT)
5534 break;
5535 if (err)
5536 goto out_err;
5537
5538 if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid,
5539 cb->nlh->nlmsg_seq, NLM_F_MULTI,
5540 wdev->netdev, dst, mpp,
5541 &pinfo) < 0)
5542 goto out;
5543
5544 path_idx++;
5545 }
5546
5547 out:
5548 cb->args[2] = path_idx;
5549 err = skb->len;
5550 out_err:
5551 rtnl_unlock();
5552 return err;
5553}
5554
5555static int nl80211_set_bss(struct sk_buff *skb, struct genl_info *info)
5556{
5557 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5558 struct net_device *dev = info->user_ptr[1];
5559 struct wireless_dev *wdev = dev->ieee80211_ptr;
5560 struct bss_parameters params;
5561 int err;
5562
5563 memset(¶ms, 0, sizeof(params));
5564
5565 params.use_cts_prot = -1;
5566 params.use_short_preamble = -1;
5567 params.use_short_slot_time = -1;
5568 params.ap_isolate = -1;
5569 params.ht_opmode = -1;
5570 params.p2p_ctwindow = -1;
5571 params.p2p_opp_ps = -1;
5572
5573 if (info->attrs[NL80211_ATTR_BSS_CTS_PROT])
5574 params.use_cts_prot =
5575 nla_get_u8(info->attrs[NL80211_ATTR_BSS_CTS_PROT]);
5576 if (info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE])
5577 params.use_short_preamble =
5578 nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]);
5579 if (info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME])
5580 params.use_short_slot_time =
5581 nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]);
5582 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
5583 params.basic_rates =
5584 nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
5585 params.basic_rates_len =
5586 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
5587 }
5588 if (info->attrs[NL80211_ATTR_AP_ISOLATE])
5589 params.ap_isolate = !!nla_get_u8(info->attrs[NL80211_ATTR_AP_ISOLATE]);
5590 if (info->attrs[NL80211_ATTR_BSS_HT_OPMODE])
5591 params.ht_opmode =
5592 nla_get_u16(info->attrs[NL80211_ATTR_BSS_HT_OPMODE]);
5593
5594 if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
5595 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
5596 return -EINVAL;
5597 params.p2p_ctwindow =
5598 nla_get_s8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
5599 if (params.p2p_ctwindow < 0)
5600 return -EINVAL;
5601 if (params.p2p_ctwindow != 0 &&
5602 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN))
5603 return -EINVAL;
5604 }
5605
5606 if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
5607 u8 tmp;
5608
5609 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
5610 return -EINVAL;
5611 tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
5612 if (tmp > 1)
5613 return -EINVAL;
5614 params.p2p_opp_ps = tmp;
5615 if (params.p2p_opp_ps &&
5616 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS))
5617 return -EINVAL;
5618 }
5619
5620 if (!rdev->ops->change_bss)
5621 return -EOPNOTSUPP;
5622
5623 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
5624 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
5625 return -EOPNOTSUPP;
5626
5627 wdev_lock(wdev);
5628 err = rdev_change_bss(rdev, dev, ¶ms);
5629 wdev_unlock(wdev);
5630
5631 return err;
5632}
5633
5634static int nl80211_req_set_reg(struct sk_buff *skb, struct genl_info *info)
5635{
5636 char *data = NULL;
5637 bool is_indoor;
5638 enum nl80211_user_reg_hint_type user_reg_hint_type;
5639 u32 owner_nlportid;
5640
5641
5642
5643
5644
5645
5646
5647 if (unlikely(!rcu_access_pointer(cfg80211_regdomain)))
5648 return -EINPROGRESS;
5649
5650 if (info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE])
5651 user_reg_hint_type =
5652 nla_get_u32(info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE]);
5653 else
5654 user_reg_hint_type = NL80211_USER_REG_HINT_USER;
5655
5656 switch (user_reg_hint_type) {
5657 case NL80211_USER_REG_HINT_USER:
5658 case NL80211_USER_REG_HINT_CELL_BASE:
5659 if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
5660 return -EINVAL;
5661
5662 data = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
5663 return regulatory_hint_user(data, user_reg_hint_type);
5664 case NL80211_USER_REG_HINT_INDOOR:
5665 if (info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
5666 owner_nlportid = info->snd_portid;
5667 is_indoor = !!info->attrs[NL80211_ATTR_REG_INDOOR];
5668 } else {
5669 owner_nlportid = 0;
5670 is_indoor = true;
5671 }
5672
5673 return regulatory_hint_indoor(is_indoor, owner_nlportid);
5674 default:
5675 return -EINVAL;
5676 }
5677}
5678
5679static int nl80211_get_mesh_config(struct sk_buff *skb,
5680 struct genl_info *info)
5681{
5682 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5683 struct net_device *dev = info->user_ptr[1];
5684 struct wireless_dev *wdev = dev->ieee80211_ptr;
5685 struct mesh_config cur_params;
5686 int err = 0;
5687 void *hdr;
5688 struct nlattr *pinfoattr;
5689 struct sk_buff *msg;
5690
5691 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
5692 return -EOPNOTSUPP;
5693
5694 if (!rdev->ops->get_mesh_config)
5695 return -EOPNOTSUPP;
5696
5697 wdev_lock(wdev);
5698
5699 if (!wdev->mesh_id_len)
5700 memcpy(&cur_params, &default_mesh_config, sizeof(cur_params));
5701 else
5702 err = rdev_get_mesh_config(rdev, dev, &cur_params);
5703 wdev_unlock(wdev);
5704
5705 if (err)
5706 return err;
5707
5708
5709 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5710 if (!msg)
5711 return -ENOMEM;
5712 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
5713 NL80211_CMD_GET_MESH_CONFIG);
5714 if (!hdr)
5715 goto out;
5716 pinfoattr = nla_nest_start(msg, NL80211_ATTR_MESH_CONFIG);
5717 if (!pinfoattr)
5718 goto nla_put_failure;
5719 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
5720 nla_put_u16(msg, NL80211_MESHCONF_RETRY_TIMEOUT,
5721 cur_params.dot11MeshRetryTimeout) ||
5722 nla_put_u16(msg, NL80211_MESHCONF_CONFIRM_TIMEOUT,
5723 cur_params.dot11MeshConfirmTimeout) ||
5724 nla_put_u16(msg, NL80211_MESHCONF_HOLDING_TIMEOUT,
5725 cur_params.dot11MeshHoldingTimeout) ||
5726 nla_put_u16(msg, NL80211_MESHCONF_MAX_PEER_LINKS,
5727 cur_params.dot11MeshMaxPeerLinks) ||
5728 nla_put_u8(msg, NL80211_MESHCONF_MAX_RETRIES,
5729 cur_params.dot11MeshMaxRetries) ||
5730 nla_put_u8(msg, NL80211_MESHCONF_TTL,
5731 cur_params.dot11MeshTTL) ||
5732 nla_put_u8(msg, NL80211_MESHCONF_ELEMENT_TTL,
5733 cur_params.element_ttl) ||
5734 nla_put_u8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
5735 cur_params.auto_open_plinks) ||
5736 nla_put_u32(msg, NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
5737 cur_params.dot11MeshNbrOffsetMaxNeighbor) ||
5738 nla_put_u8(msg, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
5739 cur_params.dot11MeshHWMPmaxPREQretries) ||
5740 nla_put_u32(msg, NL80211_MESHCONF_PATH_REFRESH_TIME,
5741 cur_params.path_refresh_time) ||
5742 nla_put_u16(msg, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
5743 cur_params.min_discovery_timeout) ||
5744 nla_put_u32(msg, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
5745 cur_params.dot11MeshHWMPactivePathTimeout) ||
5746 nla_put_u16(msg, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
5747 cur_params.dot11MeshHWMPpreqMinInterval) ||
5748 nla_put_u16(msg, NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
5749 cur_params.dot11MeshHWMPperrMinInterval) ||
5750 nla_put_u16(msg, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
5751 cur_params.dot11MeshHWMPnetDiameterTraversalTime) ||
5752 nla_put_u8(msg, NL80211_MESHCONF_HWMP_ROOTMODE,
5753 cur_params.dot11MeshHWMPRootMode) ||
5754 nla_put_u16(msg, NL80211_MESHCONF_HWMP_RANN_INTERVAL,
5755 cur_params.dot11MeshHWMPRannInterval) ||
5756 nla_put_u8(msg, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
5757 cur_params.dot11MeshGateAnnouncementProtocol) ||
5758 nla_put_u8(msg, NL80211_MESHCONF_FORWARDING,
5759 cur_params.dot11MeshForwarding) ||
5760 nla_put_s32(msg, NL80211_MESHCONF_RSSI_THRESHOLD,
5761 cur_params.rssi_threshold) ||
5762 nla_put_u32(msg, NL80211_MESHCONF_HT_OPMODE,
5763 cur_params.ht_opmode) ||
5764 nla_put_u32(msg, NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
5765 cur_params.dot11MeshHWMPactivePathToRootTimeout) ||
5766 nla_put_u16(msg, NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
5767 cur_params.dot11MeshHWMProotInterval) ||
5768 nla_put_u16(msg, NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
5769 cur_params.dot11MeshHWMPconfirmationInterval) ||
5770 nla_put_u32(msg, NL80211_MESHCONF_POWER_MODE,
5771 cur_params.power_mode) ||
5772 nla_put_u16(msg, NL80211_MESHCONF_AWAKE_WINDOW,
5773 cur_params.dot11MeshAwakeWindowDuration) ||
5774 nla_put_u32(msg, NL80211_MESHCONF_PLINK_TIMEOUT,
5775 cur_params.plink_timeout))
5776 goto nla_put_failure;
5777 nla_nest_end(msg, pinfoattr);
5778 genlmsg_end(msg, hdr);
5779 return genlmsg_reply(msg, info);
5780
5781 nla_put_failure:
5782 genlmsg_cancel(msg, hdr);
5783 out:
5784 nlmsg_free(msg);
5785 return -ENOBUFS;
5786}
5787
5788static const struct nla_policy nl80211_meshconf_params_policy[NL80211_MESHCONF_ATTR_MAX+1] = {
5789 [NL80211_MESHCONF_RETRY_TIMEOUT] = { .type = NLA_U16 },
5790 [NL80211_MESHCONF_CONFIRM_TIMEOUT] = { .type = NLA_U16 },
5791 [NL80211_MESHCONF_HOLDING_TIMEOUT] = { .type = NLA_U16 },
5792 [NL80211_MESHCONF_MAX_PEER_LINKS] = { .type = NLA_U16 },
5793 [NL80211_MESHCONF_MAX_RETRIES] = { .type = NLA_U8 },
5794 [NL80211_MESHCONF_TTL] = { .type = NLA_U8 },
5795 [NL80211_MESHCONF_ELEMENT_TTL] = { .type = NLA_U8 },
5796 [NL80211_MESHCONF_AUTO_OPEN_PLINKS] = { .type = NLA_U8 },
5797 [NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR] = { .type = NLA_U32 },
5798 [NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES] = { .type = NLA_U8 },
5799 [NL80211_MESHCONF_PATH_REFRESH_TIME] = { .type = NLA_U32 },
5800 [NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT] = { .type = NLA_U16 },
5801 [NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT] = { .type = NLA_U32 },
5802 [NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL] = { .type = NLA_U16 },
5803 [NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL] = { .type = NLA_U16 },
5804 [NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME] = { .type = NLA_U16 },
5805 [NL80211_MESHCONF_HWMP_ROOTMODE] = { .type = NLA_U8 },
5806 [NL80211_MESHCONF_HWMP_RANN_INTERVAL] = { .type = NLA_U16 },
5807 [NL80211_MESHCONF_GATE_ANNOUNCEMENTS] = { .type = NLA_U8 },
5808 [NL80211_MESHCONF_FORWARDING] = { .type = NLA_U8 },
5809 [NL80211_MESHCONF_RSSI_THRESHOLD] = { .type = NLA_U32 },
5810 [NL80211_MESHCONF_HT_OPMODE] = { .type = NLA_U16 },
5811 [NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT] = { .type = NLA_U32 },
5812 [NL80211_MESHCONF_HWMP_ROOT_INTERVAL] = { .type = NLA_U16 },
5813 [NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL] = { .type = NLA_U16 },
5814 [NL80211_MESHCONF_POWER_MODE] = { .type = NLA_U32 },
5815 [NL80211_MESHCONF_AWAKE_WINDOW] = { .type = NLA_U16 },
5816 [NL80211_MESHCONF_PLINK_TIMEOUT] = { .type = NLA_U32 },
5817};
5818
5819static const struct nla_policy
5820 nl80211_mesh_setup_params_policy[NL80211_MESH_SETUP_ATTR_MAX+1] = {
5821 [NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC] = { .type = NLA_U8 },
5822 [NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL] = { .type = NLA_U8 },
5823 [NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC] = { .type = NLA_U8 },
5824 [NL80211_MESH_SETUP_USERSPACE_AUTH] = { .type = NLA_FLAG },
5825 [NL80211_MESH_SETUP_AUTH_PROTOCOL] = { .type = NLA_U8 },
5826 [NL80211_MESH_SETUP_USERSPACE_MPM] = { .type = NLA_FLAG },
5827 [NL80211_MESH_SETUP_IE] = { .type = NLA_BINARY,
5828 .len = IEEE80211_MAX_DATA_LEN },
5829 [NL80211_MESH_SETUP_USERSPACE_AMPE] = { .type = NLA_FLAG },
5830};
5831
5832static int nl80211_check_bool(const struct nlattr *nla, u8 min, u8 max, bool *out)
5833{
5834 u8 val = nla_get_u8(nla);
5835 if (val < min || val > max)
5836 return -EINVAL;
5837 *out = val;
5838 return 0;
5839}
5840
5841static int nl80211_check_u8(const struct nlattr *nla, u8 min, u8 max, u8 *out)
5842{
5843 u8 val = nla_get_u8(nla);
5844 if (val < min || val > max)
5845 return -EINVAL;
5846 *out = val;
5847 return 0;
5848}
5849
5850static int nl80211_check_u16(const struct nlattr *nla, u16 min, u16 max, u16 *out)
5851{
5852 u16 val = nla_get_u16(nla);
5853 if (val < min || val > max)
5854 return -EINVAL;
5855 *out = val;
5856 return 0;
5857}
5858
5859static int nl80211_check_u32(const struct nlattr *nla, u32 min, u32 max, u32 *out)
5860{
5861 u32 val = nla_get_u32(nla);
5862 if (val < min || val > max)
5863 return -EINVAL;
5864 *out = val;
5865 return 0;
5866}
5867
5868static int nl80211_check_s32(const struct nlattr *nla, s32 min, s32 max, s32 *out)
5869{
5870 s32 val = nla_get_s32(nla);
5871 if (val < min || val > max)
5872 return -EINVAL;
5873 *out = val;
5874 return 0;
5875}
5876
5877static int nl80211_check_power_mode(const struct nlattr *nla,
5878 enum nl80211_mesh_power_mode min,
5879 enum nl80211_mesh_power_mode max,
5880 enum nl80211_mesh_power_mode *out)
5881{
5882 u32 val = nla_get_u32(nla);
5883 if (val < min || val > max)
5884 return -EINVAL;
5885 *out = val;
5886 return 0;
5887}
5888
5889static int nl80211_parse_mesh_config(struct genl_info *info,
5890 struct mesh_config *cfg,
5891 u32 *mask_out)
5892{
5893 struct nlattr *tb[NL80211_MESHCONF_ATTR_MAX + 1];
5894 u32 mask = 0;
5895 u16 ht_opmode;
5896
5897#define FILL_IN_MESH_PARAM_IF_SET(tb, cfg, param, min, max, mask, attr, fn) \
5898do { \
5899 if (tb[attr]) { \
5900 if (fn(tb[attr], min, max, &cfg->param)) \
5901 return -EINVAL; \
5902 mask |= (1 << (attr - 1)); \
5903 } \
5904} while (0)
5905
5906 if (!info->attrs[NL80211_ATTR_MESH_CONFIG])
5907 return -EINVAL;
5908 if (nla_parse_nested(tb, NL80211_MESHCONF_ATTR_MAX,
5909 info->attrs[NL80211_ATTR_MESH_CONFIG],
5910 nl80211_meshconf_params_policy))
5911 return -EINVAL;
5912
5913
5914
5915 BUILD_BUG_ON(NL80211_MESHCONF_ATTR_MAX > 32);
5916
5917
5918 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshRetryTimeout, 1, 255,
5919 mask, NL80211_MESHCONF_RETRY_TIMEOUT,
5920 nl80211_check_u16);
5921 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConfirmTimeout, 1, 255,
5922 mask, NL80211_MESHCONF_CONFIRM_TIMEOUT,
5923 nl80211_check_u16);
5924 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHoldingTimeout, 1, 255,
5925 mask, NL80211_MESHCONF_HOLDING_TIMEOUT,
5926 nl80211_check_u16);
5927 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxPeerLinks, 0, 255,
5928 mask, NL80211_MESHCONF_MAX_PEER_LINKS,
5929 nl80211_check_u16);
5930 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxRetries, 0, 16,
5931 mask, NL80211_MESHCONF_MAX_RETRIES,
5932 nl80211_check_u8);
5933 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshTTL, 1, 255,
5934 mask, NL80211_MESHCONF_TTL, nl80211_check_u8);
5935 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, element_ttl, 1, 255,
5936 mask, NL80211_MESHCONF_ELEMENT_TTL,
5937 nl80211_check_u8);
5938 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, auto_open_plinks, 0, 1,
5939 mask, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
5940 nl80211_check_bool);
5941 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshNbrOffsetMaxNeighbor,
5942 1, 255, mask,
5943 NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
5944 nl80211_check_u32);
5945 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPmaxPREQretries, 0, 255,
5946 mask, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
5947 nl80211_check_u8);
5948 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, path_refresh_time, 1, 65535,
5949 mask, NL80211_MESHCONF_PATH_REFRESH_TIME,
5950 nl80211_check_u32);
5951 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, min_discovery_timeout, 1, 65535,
5952 mask, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
5953 nl80211_check_u16);
5954 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathTimeout,
5955 1, 65535, mask,
5956 NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
5957 nl80211_check_u32);
5958 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPpreqMinInterval,
5959 1, 65535, mask,
5960 NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
5961 nl80211_check_u16);
5962 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPperrMinInterval,
5963 1, 65535, mask,
5964 NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
5965 nl80211_check_u16);
5966 FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
5967 dot11MeshHWMPnetDiameterTraversalTime,
5968 1, 65535, mask,
5969 NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
5970 nl80211_check_u16);
5971 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRootMode, 0, 4,
5972 mask, NL80211_MESHCONF_HWMP_ROOTMODE,
5973 nl80211_check_u8);
5974 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRannInterval, 1, 65535,
5975 mask, NL80211_MESHCONF_HWMP_RANN_INTERVAL,
5976 nl80211_check_u16);
5977 FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
5978 dot11MeshGateAnnouncementProtocol, 0, 1,
5979 mask, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
5980 nl80211_check_bool);
5981 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshForwarding, 0, 1,
5982 mask, NL80211_MESHCONF_FORWARDING,
5983 nl80211_check_bool);
5984 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, rssi_threshold, -255, 0,
5985 mask, NL80211_MESHCONF_RSSI_THRESHOLD,
5986 nl80211_check_s32);
5987
5988
5989
5990
5991 if (tb[NL80211_MESHCONF_HT_OPMODE]) {
5992 ht_opmode = nla_get_u16(tb[NL80211_MESHCONF_HT_OPMODE]);
5993
5994 if (ht_opmode & ~(IEEE80211_HT_OP_MODE_PROTECTION |
5995 IEEE80211_HT_OP_MODE_NON_GF_STA_PRSNT |
5996 IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT))
5997 return -EINVAL;
5998
5999 if ((ht_opmode & IEEE80211_HT_OP_MODE_NON_GF_STA_PRSNT) &&
6000 (ht_opmode & IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT))
6001 return -EINVAL;
6002
6003 switch (ht_opmode & IEEE80211_HT_OP_MODE_PROTECTION) {
6004 case IEEE80211_HT_OP_MODE_PROTECTION_NONE:
6005 case IEEE80211_HT_OP_MODE_PROTECTION_20MHZ:
6006 if (ht_opmode & IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT)
6007 return -EINVAL;
6008 break;
6009 case IEEE80211_HT_OP_MODE_PROTECTION_NONMEMBER:
6010 case IEEE80211_HT_OP_MODE_PROTECTION_NONHT_MIXED:
6011 if (!(ht_opmode & IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT))
6012 return -EINVAL;
6013 break;
6014 }
6015 cfg->ht_opmode = ht_opmode;
6016 mask |= (1 << (NL80211_MESHCONF_HT_OPMODE - 1));
6017 }
6018 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathToRootTimeout,
6019 1, 65535, mask,
6020 NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
6021 nl80211_check_u32);
6022 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMProotInterval, 1, 65535,
6023 mask, NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
6024 nl80211_check_u16);
6025 FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
6026 dot11MeshHWMPconfirmationInterval,
6027 1, 65535, mask,
6028 NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
6029 nl80211_check_u16);
6030 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, power_mode,
6031 NL80211_MESH_POWER_ACTIVE,
6032 NL80211_MESH_POWER_MAX,
6033 mask, NL80211_MESHCONF_POWER_MODE,
6034 nl80211_check_power_mode);
6035 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshAwakeWindowDuration,
6036 0, 65535, mask,
6037 NL80211_MESHCONF_AWAKE_WINDOW, nl80211_check_u16);
6038 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, plink_timeout, 0, 0xffffffff,
6039 mask, NL80211_MESHCONF_PLINK_TIMEOUT,
6040 nl80211_check_u32);
6041 if (mask_out)
6042 *mask_out = mask;
6043
6044 return 0;
6045
6046#undef FILL_IN_MESH_PARAM_IF_SET
6047}
6048
6049static int nl80211_parse_mesh_setup(struct genl_info *info,
6050 struct mesh_setup *setup)
6051{
6052 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6053 struct nlattr *tb[NL80211_MESH_SETUP_ATTR_MAX + 1];
6054
6055 if (!info->attrs[NL80211_ATTR_MESH_SETUP])
6056 return -EINVAL;
6057 if (nla_parse_nested(tb, NL80211_MESH_SETUP_ATTR_MAX,
6058 info->attrs[NL80211_ATTR_MESH_SETUP],
6059 nl80211_mesh_setup_params_policy))
6060 return -EINVAL;
6061
6062 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])
6063 setup->sync_method =
6064 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])) ?
6065 IEEE80211_SYNC_METHOD_VENDOR :
6066 IEEE80211_SYNC_METHOD_NEIGHBOR_OFFSET;
6067
6068 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])
6069 setup->path_sel_proto =
6070 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])) ?
6071 IEEE80211_PATH_PROTOCOL_VENDOR :
6072 IEEE80211_PATH_PROTOCOL_HWMP;
6073
6074 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])
6075 setup->path_metric =
6076 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])) ?
6077 IEEE80211_PATH_METRIC_VENDOR :
6078 IEEE80211_PATH_METRIC_AIRTIME;
6079
6080 if (tb[NL80211_MESH_SETUP_IE]) {
6081 struct nlattr *ieattr =
6082 tb[NL80211_MESH_SETUP_IE];
6083 if (!is_valid_ie_attr(ieattr))
6084 return -EINVAL;
6085 setup->ie = nla_data(ieattr);
6086 setup->ie_len = nla_len(ieattr);
6087 }
6088 if (tb[NL80211_MESH_SETUP_USERSPACE_MPM] &&
6089 !(rdev->wiphy.features & NL80211_FEATURE_USERSPACE_MPM))
6090 return -EINVAL;
6091 setup->user_mpm = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_MPM]);
6092 setup->is_authenticated = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AUTH]);
6093 setup->is_secure = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AMPE]);
6094 if (setup->is_secure)
6095 setup->user_mpm = true;
6096
6097 if (tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]) {
6098 if (!setup->user_mpm)
6099 return -EINVAL;
6100 setup->auth_id =
6101 nla_get_u8(tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]);
6102 }
6103
6104 return 0;
6105}
6106
6107static int nl80211_update_mesh_config(struct sk_buff *skb,
6108 struct genl_info *info)
6109{
6110 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6111 struct net_device *dev = info->user_ptr[1];
6112 struct wireless_dev *wdev = dev->ieee80211_ptr;
6113 struct mesh_config cfg;
6114 u32 mask;
6115 int err;
6116
6117 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
6118 return -EOPNOTSUPP;
6119
6120 if (!rdev->ops->update_mesh_config)
6121 return -EOPNOTSUPP;
6122
6123 err = nl80211_parse_mesh_config(info, &cfg, &mask);
6124 if (err)
6125 return err;
6126
6127 wdev_lock(wdev);
6128 if (!wdev->mesh_id_len)
6129 err = -ENOLINK;
6130
6131 if (!err)
6132 err = rdev_update_mesh_config(rdev, dev, mask, &cfg);
6133
6134 wdev_unlock(wdev);
6135
6136 return err;
6137}
6138
6139static int nl80211_put_regdom(const struct ieee80211_regdomain *regdom,
6140 struct sk_buff *msg)
6141{
6142 struct nlattr *nl_reg_rules;
6143 unsigned int i;
6144
6145 if (nla_put_string(msg, NL80211_ATTR_REG_ALPHA2, regdom->alpha2) ||
6146 (regdom->dfs_region &&
6147 nla_put_u8(msg, NL80211_ATTR_DFS_REGION, regdom->dfs_region)))
6148 goto nla_put_failure;
6149
6150 nl_reg_rules = nla_nest_start(msg, NL80211_ATTR_REG_RULES);
6151 if (!nl_reg_rules)
6152 goto nla_put_failure;
6153
6154 for (i = 0; i < regdom->n_reg_rules; i++) {
6155 struct nlattr *nl_reg_rule;
6156 const struct ieee80211_reg_rule *reg_rule;
6157 const struct ieee80211_freq_range *freq_range;
6158 const struct ieee80211_power_rule *power_rule;
6159 unsigned int max_bandwidth_khz;
6160
6161 reg_rule = ®dom->reg_rules[i];
6162 freq_range = ®_rule->freq_range;
6163 power_rule = ®_rule->power_rule;
6164
6165 nl_reg_rule = nla_nest_start(msg, i);
6166 if (!nl_reg_rule)
6167 goto nla_put_failure;
6168
6169 max_bandwidth_khz = freq_range->max_bandwidth_khz;
6170 if (!max_bandwidth_khz)
6171 max_bandwidth_khz = reg_get_max_bandwidth(regdom,
6172 reg_rule);
6173
6174 if (nla_put_u32(msg, NL80211_ATTR_REG_RULE_FLAGS,
6175 reg_rule->flags) ||
6176 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_START,
6177 freq_range->start_freq_khz) ||
6178 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_END,
6179 freq_range->end_freq_khz) ||
6180 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_MAX_BW,
6181 max_bandwidth_khz) ||
6182 nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN,
6183 power_rule->max_antenna_gain) ||
6184 nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_EIRP,
6185 power_rule->max_eirp) ||
6186 nla_put_u32(msg, NL80211_ATTR_DFS_CAC_TIME,
6187 reg_rule->dfs_cac_ms))
6188 goto nla_put_failure;
6189
6190 nla_nest_end(msg, nl_reg_rule);
6191 }
6192
6193 nla_nest_end(msg, nl_reg_rules);
6194 return 0;
6195
6196nla_put_failure:
6197 return -EMSGSIZE;
6198}
6199
6200static int nl80211_get_reg_do(struct sk_buff *skb, struct genl_info *info)
6201{
6202 const struct ieee80211_regdomain *regdom = NULL;
6203 struct cfg80211_registered_device *rdev;
6204 struct wiphy *wiphy = NULL;
6205 struct sk_buff *msg;
6206 void *hdr;
6207
6208 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
6209 if (!msg)
6210 return -ENOBUFS;
6211
6212 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
6213 NL80211_CMD_GET_REG);
6214 if (!hdr)
6215 goto put_failure;
6216
6217 if (info->attrs[NL80211_ATTR_WIPHY]) {
6218 bool self_managed;
6219
6220 rdev = cfg80211_get_dev_from_info(genl_info_net(info), info);
6221 if (IS_ERR(rdev)) {
6222 nlmsg_free(msg);
6223 return PTR_ERR(rdev);
6224 }
6225
6226 wiphy = &rdev->wiphy;
6227 self_managed = wiphy->regulatory_flags &
6228 REGULATORY_WIPHY_SELF_MANAGED;
6229 regdom = get_wiphy_regdom(wiphy);
6230
6231
6232 if (WARN_ON(!regdom && self_managed)) {
6233 nlmsg_free(msg);
6234 return -EINVAL;
6235 }
6236
6237 if (regdom &&
6238 nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
6239 goto nla_put_failure;
6240 }
6241
6242 if (!wiphy && reg_last_request_cell_base() &&
6243 nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE,
6244 NL80211_USER_REG_HINT_CELL_BASE))
6245 goto nla_put_failure;
6246
6247 rcu_read_lock();
6248
6249 if (!regdom)
6250 regdom = rcu_dereference(cfg80211_regdomain);
6251
6252 if (nl80211_put_regdom(regdom, msg))
6253 goto nla_put_failure_rcu;
6254
6255 rcu_read_unlock();
6256
6257 genlmsg_end(msg, hdr);
6258 return genlmsg_reply(msg, info);
6259
6260nla_put_failure_rcu:
6261 rcu_read_unlock();
6262nla_put_failure:
6263 genlmsg_cancel(msg, hdr);
6264put_failure:
6265 nlmsg_free(msg);
6266 return -EMSGSIZE;
6267}
6268
6269static int nl80211_send_regdom(struct sk_buff *msg, struct netlink_callback *cb,
6270 u32 seq, int flags, struct wiphy *wiphy,
6271 const struct ieee80211_regdomain *regdom)
6272{
6273 void *hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags,
6274 NL80211_CMD_GET_REG);
6275
6276 if (!hdr)
6277 return -1;
6278
6279 genl_dump_check_consistent(cb, hdr, &nl80211_fam);
6280
6281 if (nl80211_put_regdom(regdom, msg))
6282 goto nla_put_failure;
6283
6284 if (!wiphy && reg_last_request_cell_base() &&
6285 nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE,
6286 NL80211_USER_REG_HINT_CELL_BASE))
6287 goto nla_put_failure;
6288
6289 if (wiphy &&
6290 nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
6291 goto nla_put_failure;
6292
6293 if (wiphy && wiphy->regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
6294 nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
6295 goto nla_put_failure;
6296
6297 genlmsg_end(msg, hdr);
6298 return 0;
6299
6300nla_put_failure:
6301 genlmsg_cancel(msg, hdr);
6302 return -EMSGSIZE;
6303}
6304
6305static int nl80211_get_reg_dump(struct sk_buff *skb,
6306 struct netlink_callback *cb)
6307{
6308 const struct ieee80211_regdomain *regdom = NULL;
6309 struct cfg80211_registered_device *rdev;
6310 int err, reg_idx, start = cb->args[2];
6311
6312 rtnl_lock();
6313
6314 if (cfg80211_regdomain && start == 0) {
6315 err = nl80211_send_regdom(skb, cb, cb->nlh->nlmsg_seq,
6316 NLM_F_MULTI, NULL,
6317 rtnl_dereference(cfg80211_regdomain));
6318 if (err < 0)
6319 goto out_err;
6320 }
6321
6322
6323 reg_idx = 1;
6324 list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
6325 regdom = get_wiphy_regdom(&rdev->wiphy);
6326 if (!regdom)
6327 continue;
6328
6329 if (++reg_idx <= start)
6330 continue;
6331
6332 err = nl80211_send_regdom(skb, cb, cb->nlh->nlmsg_seq,
6333 NLM_F_MULTI, &rdev->wiphy, regdom);
6334 if (err < 0) {
6335 reg_idx--;
6336 break;
6337 }
6338 }
6339
6340 cb->args[2] = reg_idx;
6341 err = skb->len;
6342out_err:
6343 rtnl_unlock();
6344 return err;
6345}
6346
6347#ifdef CONFIG_CFG80211_CRDA_SUPPORT
6348static const struct nla_policy reg_rule_policy[NL80211_REG_RULE_ATTR_MAX + 1] = {
6349 [NL80211_ATTR_REG_RULE_FLAGS] = { .type = NLA_U32 },
6350 [NL80211_ATTR_FREQ_RANGE_START] = { .type = NLA_U32 },
6351 [NL80211_ATTR_FREQ_RANGE_END] = { .type = NLA_U32 },
6352 [NL80211_ATTR_FREQ_RANGE_MAX_BW] = { .type = NLA_U32 },
6353 [NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN] = { .type = NLA_U32 },
6354 [NL80211_ATTR_POWER_RULE_MAX_EIRP] = { .type = NLA_U32 },
6355 [NL80211_ATTR_DFS_CAC_TIME] = { .type = NLA_U32 },
6356};
6357
6358static int parse_reg_rule(struct nlattr *tb[],
6359 struct ieee80211_reg_rule *reg_rule)
6360{
6361 struct ieee80211_freq_range *freq_range = ®_rule->freq_range;
6362 struct ieee80211_power_rule *power_rule = ®_rule->power_rule;
6363
6364 if (!tb[NL80211_ATTR_REG_RULE_FLAGS])
6365 return -EINVAL;
6366 if (!tb[NL80211_ATTR_FREQ_RANGE_START])
6367 return -EINVAL;
6368 if (!tb[NL80211_ATTR_FREQ_RANGE_END])
6369 return -EINVAL;
6370 if (!tb[NL80211_ATTR_FREQ_RANGE_MAX_BW])
6371 return -EINVAL;
6372 if (!tb[NL80211_ATTR_POWER_RULE_MAX_EIRP])
6373 return -EINVAL;
6374
6375 reg_rule->flags = nla_get_u32(tb[NL80211_ATTR_REG_RULE_FLAGS]);
6376
6377 freq_range->start_freq_khz =
6378 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]);
6379 freq_range->end_freq_khz =
6380 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]);
6381 freq_range->max_bandwidth_khz =
6382 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]);
6383
6384 power_rule->max_eirp =
6385 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]);
6386
6387 if (tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN])
6388 power_rule->max_antenna_gain =
6389 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]);
6390
6391 if (tb[NL80211_ATTR_DFS_CAC_TIME])
6392 reg_rule->dfs_cac_ms =
6393 nla_get_u32(tb[NL80211_ATTR_DFS_CAC_TIME]);
6394
6395 return 0;
6396}
6397
6398static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info)
6399{
6400 struct nlattr *tb[NL80211_REG_RULE_ATTR_MAX + 1];
6401 struct nlattr *nl_reg_rule;
6402 char *alpha2;
6403 int rem_reg_rules, r;
6404 u32 num_rules = 0, rule_idx = 0, size_of_regd;
6405 enum nl80211_dfs_regions dfs_region = NL80211_DFS_UNSET;
6406 struct ieee80211_regdomain *rd;
6407
6408 if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
6409 return -EINVAL;
6410
6411 if (!info->attrs[NL80211_ATTR_REG_RULES])
6412 return -EINVAL;
6413
6414 alpha2 = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
6415
6416 if (info->attrs[NL80211_ATTR_DFS_REGION])
6417 dfs_region = nla_get_u8(info->attrs[NL80211_ATTR_DFS_REGION]);
6418
6419 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
6420 rem_reg_rules) {
6421 num_rules++;
6422 if (num_rules > NL80211_MAX_SUPP_REG_RULES)
6423 return -EINVAL;
6424 }
6425
6426 if (!reg_is_valid_request(alpha2))
6427 return -EINVAL;
6428
6429 size_of_regd = sizeof(struct ieee80211_regdomain) +
6430 num_rules * sizeof(struct ieee80211_reg_rule);
6431
6432 rd = kzalloc(size_of_regd, GFP_KERNEL);
6433 if (!rd)
6434 return -ENOMEM;
6435
6436 rd->n_reg_rules = num_rules;
6437 rd->alpha2[0] = alpha2[0];
6438 rd->alpha2[1] = alpha2[1];
6439
6440
6441
6442
6443
6444 if (reg_supported_dfs_region(dfs_region))
6445 rd->dfs_region = dfs_region;
6446
6447 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
6448 rem_reg_rules) {
6449 r = nla_parse_nested(tb, NL80211_REG_RULE_ATTR_MAX,
6450 nl_reg_rule, reg_rule_policy);
6451 if (r)
6452 goto bad_reg;
6453 r = parse_reg_rule(tb, &rd->reg_rules[rule_idx]);
6454 if (r)
6455 goto bad_reg;
6456
6457 rule_idx++;
6458
6459 if (rule_idx > NL80211_MAX_SUPP_REG_RULES) {
6460 r = -EINVAL;
6461 goto bad_reg;
6462 }
6463 }
6464
6465
6466 return set_regdom(rd, REGD_SOURCE_CRDA);
6467 bad_reg:
6468 kfree(rd);
6469 return r;
6470}
6471#endif
6472
6473static int validate_scan_freqs(struct nlattr *freqs)
6474{
6475 struct nlattr *attr1, *attr2;
6476 int n_channels = 0, tmp1, tmp2;
6477
6478 nla_for_each_nested(attr1, freqs, tmp1)
6479 if (nla_len(attr1) != sizeof(u32))
6480 return 0;
6481
6482 nla_for_each_nested(attr1, freqs, tmp1) {
6483 n_channels++;
6484
6485
6486
6487
6488
6489
6490
6491
6492
6493 nla_for_each_nested(attr2, freqs, tmp2)
6494 if (attr1 != attr2 &&
6495 nla_get_u32(attr1) == nla_get_u32(attr2))
6496 return 0;
6497 }
6498
6499 return n_channels;
6500}
6501
6502static bool is_band_valid(struct wiphy *wiphy, enum nl80211_band b)
6503{
6504 return b < NUM_NL80211_BANDS && wiphy->bands[b];
6505}
6506
6507static int parse_bss_select(struct nlattr *nla, struct wiphy *wiphy,
6508 struct cfg80211_bss_selection *bss_select)
6509{
6510 struct nlattr *attr[NL80211_BSS_SELECT_ATTR_MAX + 1];
6511 struct nlattr *nest;
6512 int err;
6513 bool found = false;
6514 int i;
6515
6516
6517 nest = nla_data(nla);
6518 if (!nla_ok(nest, nla_len(nest)))
6519 return -EINVAL;
6520
6521 err = nla_parse_nested(attr, NL80211_BSS_SELECT_ATTR_MAX, nest,
6522 nl80211_bss_select_policy);
6523 if (err)
6524 return err;
6525
6526
6527 for (i = 0; i <= NL80211_BSS_SELECT_ATTR_MAX; i++) {
6528 if (attr[i]) {
6529 if (found)
6530 return -EINVAL;
6531 found = true;
6532 }
6533 }
6534
6535 bss_select->behaviour = __NL80211_BSS_SELECT_ATTR_INVALID;
6536
6537 if (attr[NL80211_BSS_SELECT_ATTR_RSSI])
6538 bss_select->behaviour = NL80211_BSS_SELECT_ATTR_RSSI;
6539
6540 if (attr[NL80211_BSS_SELECT_ATTR_BAND_PREF]) {
6541 bss_select->behaviour = NL80211_BSS_SELECT_ATTR_BAND_PREF;
6542 bss_select->param.band_pref =
6543 nla_get_u32(attr[NL80211_BSS_SELECT_ATTR_BAND_PREF]);
6544 if (!is_band_valid(wiphy, bss_select->param.band_pref))
6545 return -EINVAL;
6546 }
6547
6548 if (attr[NL80211_BSS_SELECT_ATTR_RSSI_ADJUST]) {
6549 struct nl80211_bss_select_rssi_adjust *adj_param;
6550
6551 adj_param = nla_data(attr[NL80211_BSS_SELECT_ATTR_RSSI_ADJUST]);
6552 bss_select->behaviour = NL80211_BSS_SELECT_ATTR_RSSI_ADJUST;
6553 bss_select->param.adjust.band = adj_param->band;
6554 bss_select->param.adjust.delta = adj_param->delta;
6555 if (!is_band_valid(wiphy, bss_select->param.adjust.band))
6556 return -EINVAL;
6557 }
6558
6559
6560 if (bss_select->behaviour == __NL80211_BSS_SELECT_ATTR_INVALID)
6561 return -EINVAL;
6562
6563 if (!(wiphy->bss_select_support & BIT(bss_select->behaviour)))
6564 return -EINVAL;
6565
6566 return 0;
6567}
6568
6569static int nl80211_parse_random_mac(struct nlattr **attrs,
6570 u8 *mac_addr, u8 *mac_addr_mask)
6571{
6572 int i;
6573
6574 if (!attrs[NL80211_ATTR_MAC] && !attrs[NL80211_ATTR_MAC_MASK]) {
6575 eth_zero_addr(mac_addr);
6576 eth_zero_addr(mac_addr_mask);
6577 mac_addr[0] = 0x2;
6578 mac_addr_mask[0] = 0x3;
6579
6580 return 0;
6581 }
6582
6583
6584 if (!attrs[NL80211_ATTR_MAC] || !attrs[NL80211_ATTR_MAC_MASK])
6585 return -EINVAL;
6586
6587 memcpy(mac_addr, nla_data(attrs[NL80211_ATTR_MAC]), ETH_ALEN);
6588 memcpy(mac_addr_mask, nla_data(attrs[NL80211_ATTR_MAC_MASK]), ETH_ALEN);
6589
6590
6591 if (!is_multicast_ether_addr(mac_addr_mask) ||
6592 is_multicast_ether_addr(mac_addr))
6593 return -EINVAL;
6594
6595
6596
6597
6598
6599
6600 for (i = 0; i < ETH_ALEN; i++)
6601 mac_addr[i] &= mac_addr_mask[i];
6602
6603 return 0;
6604}
6605
6606static bool cfg80211_off_channel_oper_allowed(struct wireless_dev *wdev)
6607{
6608 ASSERT_WDEV_LOCK(wdev);
6609
6610 if (!cfg80211_beaconing_iface_active(wdev))
6611 return true;
6612
6613 if (!(wdev->chandef.chan->flags & IEEE80211_CHAN_RADAR))
6614 return true;
6615
6616 return regulatory_pre_cac_allowed(wdev->wiphy);
6617}
6618
6619static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info)
6620{
6621 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6622 struct wireless_dev *wdev = info->user_ptr[1];
6623 struct cfg80211_scan_request *request;
6624 struct nlattr *attr;
6625 struct wiphy *wiphy;
6626 int err, tmp, n_ssids = 0, n_channels, i;
6627 size_t ie_len;
6628
6629 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
6630 return -EINVAL;
6631
6632 wiphy = &rdev->wiphy;
6633
6634 if (wdev->iftype == NL80211_IFTYPE_NAN)
6635 return -EOPNOTSUPP;
6636
6637 if (!rdev->ops->scan)
6638 return -EOPNOTSUPP;
6639
6640 if (rdev->scan_req || rdev->scan_msg) {
6641 err = -EBUSY;
6642 goto unlock;
6643 }
6644
6645 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
6646 n_channels = validate_scan_freqs(
6647 info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
6648 if (!n_channels) {
6649 err = -EINVAL;
6650 goto unlock;
6651 }
6652 } else {
6653 n_channels = ieee80211_get_num_supported_channels(wiphy);
6654 }
6655
6656 if (info->attrs[NL80211_ATTR_SCAN_SSIDS])
6657 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp)
6658 n_ssids++;
6659
6660 if (n_ssids > wiphy->max_scan_ssids) {
6661 err = -EINVAL;
6662 goto unlock;
6663 }
6664
6665 if (info->attrs[NL80211_ATTR_IE])
6666 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
6667 else
6668 ie_len = 0;
6669
6670 if (ie_len > wiphy->max_scan_ie_len) {
6671 err = -EINVAL;
6672 goto unlock;
6673 }
6674
6675 request = kzalloc(sizeof(*request)
6676 + sizeof(*request->ssids) * n_ssids
6677 + sizeof(*request->channels) * n_channels
6678 + ie_len, GFP_KERNEL);
6679 if (!request) {
6680 err = -ENOMEM;
6681 goto unlock;
6682 }
6683
6684 if (n_ssids)
6685 request->ssids = (void *)&request->channels[n_channels];
6686 request->n_ssids = n_ssids;
6687 if (ie_len) {
6688 if (n_ssids)
6689 request->ie = (void *)(request->ssids + n_ssids);
6690 else
6691 request->ie = (void *)(request->channels + n_channels);
6692 }
6693
6694 i = 0;
6695 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
6696
6697 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_FREQUENCIES], tmp) {
6698 struct ieee80211_channel *chan;
6699
6700 chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
6701
6702 if (!chan) {
6703 err = -EINVAL;
6704 goto out_free;
6705 }
6706
6707
6708 if (chan->flags & IEEE80211_CHAN_DISABLED)
6709 continue;
6710
6711 request->channels[i] = chan;
6712 i++;
6713 }
6714 } else {
6715 enum nl80211_band band;
6716
6717
6718 for (band = 0; band < NUM_NL80211_BANDS; band++) {
6719 int j;
6720
6721 if (!wiphy->bands[band])
6722 continue;
6723 for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
6724 struct ieee80211_channel *chan;
6725
6726 chan = &wiphy->bands[band]->channels[j];
6727
6728 if (chan->flags & IEEE80211_CHAN_DISABLED)
6729 continue;
6730
6731 request->channels[i] = chan;
6732 i++;
6733 }
6734 }
6735 }
6736
6737 if (!i) {
6738 err = -EINVAL;
6739 goto out_free;
6740 }
6741
6742 request->n_channels = i;
6743
6744 wdev_lock(wdev);
6745 if (!cfg80211_off_channel_oper_allowed(wdev)) {
6746 struct ieee80211_channel *chan;
6747
6748 if (request->n_channels != 1) {
6749 wdev_unlock(wdev);
6750 err = -EBUSY;
6751 goto out_free;
6752 }
6753
6754 chan = request->channels[0];
6755 if (chan->center_freq != wdev->chandef.chan->center_freq) {
6756 wdev_unlock(wdev);
6757 err = -EBUSY;
6758 goto out_free;
6759 }
6760 }
6761 wdev_unlock(wdev);
6762
6763 i = 0;
6764 if (n_ssids) {
6765 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) {
6766 if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
6767 err = -EINVAL;
6768 goto out_free;
6769 }
6770 request->ssids[i].ssid_len = nla_len(attr);
6771 memcpy(request->ssids[i].ssid, nla_data(attr), nla_len(attr));
6772 i++;
6773 }
6774 }
6775
6776 if (info->attrs[NL80211_ATTR_IE]) {
6777 request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
6778 memcpy((void *)request->ie,
6779 nla_data(info->attrs[NL80211_ATTR_IE]),
6780 request->ie_len);
6781 }
6782
6783 for (i = 0; i < NUM_NL80211_BANDS; i++)
6784 if (wiphy->bands[i])
6785 request->rates[i] =
6786 (1 << wiphy->bands[i]->n_bitrates) - 1;
6787
6788 if (info->attrs[NL80211_ATTR_SCAN_SUPP_RATES]) {
6789 nla_for_each_nested(attr,
6790 info->attrs[NL80211_ATTR_SCAN_SUPP_RATES],
6791 tmp) {
6792 enum nl80211_band band = nla_type(attr);
6793
6794 if (band < 0 || band >= NUM_NL80211_BANDS) {
6795 err = -EINVAL;
6796 goto out_free;
6797 }
6798
6799 if (!wiphy->bands[band])
6800 continue;
6801
6802 err = ieee80211_get_ratemask(wiphy->bands[band],
6803 nla_data(attr),
6804 nla_len(attr),
6805 &request->rates[band]);
6806 if (err)
6807 goto out_free;
6808 }
6809 }
6810
6811 if (info->attrs[NL80211_ATTR_MEASUREMENT_DURATION]) {
6812 if (!wiphy_ext_feature_isset(wiphy,
6813 NL80211_EXT_FEATURE_SET_SCAN_DWELL)) {
6814 err = -EOPNOTSUPP;
6815 goto out_free;
6816 }
6817
6818 request->duration =
6819 nla_get_u16(info->attrs[NL80211_ATTR_MEASUREMENT_DURATION]);
6820 request->duration_mandatory =
6821 nla_get_flag(info->attrs[NL80211_ATTR_MEASUREMENT_DURATION_MANDATORY]);
6822 }
6823
6824 if (info->attrs[NL80211_ATTR_SCAN_FLAGS]) {
6825 request->flags = nla_get_u32(
6826 info->attrs[NL80211_ATTR_SCAN_FLAGS]);
6827 if ((request->flags & NL80211_SCAN_FLAG_LOW_PRIORITY) &&
6828 !(wiphy->features & NL80211_FEATURE_LOW_PRIORITY_SCAN)) {
6829 err = -EOPNOTSUPP;
6830 goto out_free;
6831 }
6832
6833 if (request->flags & NL80211_SCAN_FLAG_RANDOM_ADDR) {
6834 if (!(wiphy->features &
6835 NL80211_FEATURE_SCAN_RANDOM_MAC_ADDR)) {
6836 err = -EOPNOTSUPP;
6837 goto out_free;
6838 }
6839
6840 if (wdev->current_bss) {
6841 err = -EOPNOTSUPP;
6842 goto out_free;
6843 }
6844
6845 err = nl80211_parse_random_mac(info->attrs,
6846 request->mac_addr,
6847 request->mac_addr_mask);
6848 if (err)
6849 goto out_free;
6850 }
6851 }
6852
6853 request->no_cck =
6854 nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
6855
6856
6857
6858
6859
6860
6861
6862
6863
6864
6865 if (info->attrs[NL80211_ATTR_BSSID])
6866 memcpy(request->bssid,
6867 nla_data(info->attrs[NL80211_ATTR_BSSID]), ETH_ALEN);
6868 else if (!(request->flags & NL80211_SCAN_FLAG_RANDOM_ADDR) &&
6869 info->attrs[NL80211_ATTR_MAC])
6870 memcpy(request->bssid, nla_data(info->attrs[NL80211_ATTR_MAC]),
6871 ETH_ALEN);
6872 else
6873 eth_broadcast_addr(request->bssid);
6874
6875 request->wdev = wdev;
6876 request->wiphy = &rdev->wiphy;
6877 request->scan_start = jiffies;
6878
6879 rdev->scan_req = request;
6880 err = rdev_scan(rdev, request);
6881
6882 if (!err) {
6883 nl80211_send_scan_start(rdev, wdev);
6884 if (wdev->netdev)
6885 dev_hold(wdev->netdev);
6886 } else {
6887 out_free:
6888 rdev->scan_req = NULL;
6889 kfree(request);
6890 }
6891
6892 unlock:
6893 return err;
6894}
6895
6896static int nl80211_abort_scan(struct sk_buff *skb, struct genl_info *info)
6897{
6898 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6899 struct wireless_dev *wdev = info->user_ptr[1];
6900
6901 if (!rdev->ops->abort_scan)
6902 return -EOPNOTSUPP;
6903
6904 if (rdev->scan_msg)
6905 return 0;
6906
6907 if (!rdev->scan_req)
6908 return -ENOENT;
6909
6910 rdev_abort_scan(rdev, wdev);
6911 return 0;
6912}
6913
6914static int
6915nl80211_parse_sched_scan_plans(struct wiphy *wiphy, int n_plans,
6916 struct cfg80211_sched_scan_request *request,
6917 struct nlattr **attrs)
6918{
6919 int tmp, err, i = 0;
6920 struct nlattr *attr;
6921
6922 if (!attrs[NL80211_ATTR_SCHED_SCAN_PLANS]) {
6923 u32 interval;
6924
6925
6926
6927
6928
6929
6930
6931 interval = nla_get_u32(attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]);
6932 if (!interval)
6933 return -EINVAL;
6934
6935 request->scan_plans[0].interval =
6936 DIV_ROUND_UP(interval, MSEC_PER_SEC);
6937 if (!request->scan_plans[0].interval)
6938 return -EINVAL;
6939
6940 if (request->scan_plans[0].interval >
6941 wiphy->max_sched_scan_plan_interval)
6942 request->scan_plans[0].interval =
6943 wiphy->max_sched_scan_plan_interval;
6944
6945 return 0;
6946 }
6947
6948 nla_for_each_nested(attr, attrs[NL80211_ATTR_SCHED_SCAN_PLANS], tmp) {
6949 struct nlattr *plan[NL80211_SCHED_SCAN_PLAN_MAX + 1];
6950
6951 if (WARN_ON(i >= n_plans))
6952 return -EINVAL;
6953
6954 err = nla_parse_nested(plan, NL80211_SCHED_SCAN_PLAN_MAX,
6955 attr, nl80211_plan_policy);
6956 if (err)
6957 return err;
6958
6959 if (!plan[NL80211_SCHED_SCAN_PLAN_INTERVAL])
6960 return -EINVAL;
6961
6962 request->scan_plans[i].interval =
6963 nla_get_u32(plan[NL80211_SCHED_SCAN_PLAN_INTERVAL]);
6964 if (!request->scan_plans[i].interval ||
6965 request->scan_plans[i].interval >
6966 wiphy->max_sched_scan_plan_interval)
6967 return -EINVAL;
6968
6969 if (plan[NL80211_SCHED_SCAN_PLAN_ITERATIONS]) {
6970 request->scan_plans[i].iterations =
6971 nla_get_u32(plan[NL80211_SCHED_SCAN_PLAN_ITERATIONS]);
6972 if (!request->scan_plans[i].iterations ||
6973 (request->scan_plans[i].iterations >
6974 wiphy->max_sched_scan_plan_iterations))
6975 return -EINVAL;
6976 } else if (i < n_plans - 1) {
6977
6978
6979
6980
6981 return -EINVAL;
6982 }
6983
6984 i++;
6985 }
6986
6987
6988
6989
6990
6991 if (request->scan_plans[n_plans - 1].iterations)
6992 return -EINVAL;
6993
6994 return 0;
6995}
6996
6997static struct cfg80211_sched_scan_request *
6998nl80211_parse_sched_scan(struct wiphy *wiphy, struct wireless_dev *wdev,
6999 struct nlattr **attrs, int max_match_sets)
7000{
7001 struct cfg80211_sched_scan_request *request;
7002 struct nlattr *attr;
7003 int err, tmp, n_ssids = 0, n_match_sets = 0, n_channels, i, n_plans = 0;
7004 enum nl80211_band band;
7005 size_t ie_len;
7006 struct nlattr *tb[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1];
7007 s32 default_match_rssi = NL80211_SCAN_RSSI_THOLD_OFF;
7008
7009 if (!is_valid_ie_attr(attrs[NL80211_ATTR_IE]))
7010 return ERR_PTR(-EINVAL);
7011
7012 if (attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
7013 n_channels = validate_scan_freqs(
7014 attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
7015 if (!n_channels)
7016 return ERR_PTR(-EINVAL);
7017 } else {
7018 n_channels = ieee80211_get_num_supported_channels(wiphy);
7019 }
7020
7021 if (attrs[NL80211_ATTR_SCAN_SSIDS])
7022 nla_for_each_nested(attr, attrs[NL80211_ATTR_SCAN_SSIDS],
7023 tmp)
7024 n_ssids++;
7025
7026 if (n_ssids > wiphy->max_sched_scan_ssids)
7027 return ERR_PTR(-EINVAL);
7028
7029
7030
7031
7032
7033
7034
7035
7036
7037
7038 if (attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
7039 nla_for_each_nested(attr,
7040 attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
7041 tmp) {
7042 struct nlattr *rssi;
7043
7044 err = nla_parse_nested(tb,
7045 NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
7046 attr, nl80211_match_policy);
7047 if (err)
7048 return ERR_PTR(err);
7049
7050
7051 if (tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID] &&
7052 tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID])
7053 return ERR_PTR(-EINVAL);
7054
7055
7056 if (tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID] ||
7057 tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID]) {
7058 n_match_sets++;
7059 continue;
7060 }
7061 rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
7062 if (rssi)
7063 default_match_rssi = nla_get_s32(rssi);
7064 }
7065 }
7066
7067
7068 if (!n_match_sets && default_match_rssi != NL80211_SCAN_RSSI_THOLD_OFF)
7069 n_match_sets = 1;
7070
7071 if (n_match_sets > max_match_sets)
7072 return ERR_PTR(-EINVAL);
7073
7074 if (attrs[NL80211_ATTR_IE])
7075 ie_len = nla_len(attrs[NL80211_ATTR_IE]);
7076 else
7077 ie_len = 0;
7078
7079 if (ie_len > wiphy->max_sched_scan_ie_len)
7080 return ERR_PTR(-EINVAL);
7081
7082 if (attrs[NL80211_ATTR_SCHED_SCAN_PLANS]) {
7083
7084
7085
7086
7087 if (attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
7088 return ERR_PTR(-EINVAL);
7089
7090 nla_for_each_nested(attr,
7091 attrs[NL80211_ATTR_SCHED_SCAN_PLANS], tmp)
7092 n_plans++;
7093 } else {
7094
7095
7096
7097
7098
7099
7100 if (!attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
7101 return ERR_PTR(-EINVAL);
7102
7103 n_plans = 1;
7104 }
7105
7106 if (!n_plans || n_plans > wiphy->max_sched_scan_plans)
7107 return ERR_PTR(-EINVAL);
7108
7109 if (!wiphy_ext_feature_isset(
7110 wiphy, NL80211_EXT_FEATURE_SCHED_SCAN_RELATIVE_RSSI) &&
7111 (attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI] ||
7112 attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]))
7113 return ERR_PTR(-EINVAL);
7114
7115 request = kzalloc(sizeof(*request)
7116 + sizeof(*request->ssids) * n_ssids
7117 + sizeof(*request->match_sets) * n_match_sets
7118 + sizeof(*request->scan_plans) * n_plans
7119 + sizeof(*request->channels) * n_channels
7120 + ie_len, GFP_KERNEL);
7121 if (!request)
7122 return ERR_PTR(-ENOMEM);
7123
7124 if (n_ssids)
7125 request->ssids = (void *)&request->channels[n_channels];
7126 request->n_ssids = n_ssids;
7127 if (ie_len) {
7128 if (n_ssids)
7129 request->ie = (void *)(request->ssids + n_ssids);
7130 else
7131 request->ie = (void *)(request->channels + n_channels);
7132 }
7133
7134 if (n_match_sets) {
7135 if (request->ie)
7136 request->match_sets = (void *)(request->ie + ie_len);
7137 else if (n_ssids)
7138 request->match_sets =
7139 (void *)(request->ssids + n_ssids);
7140 else
7141 request->match_sets =
7142 (void *)(request->channels + n_channels);
7143 }
7144 request->n_match_sets = n_match_sets;
7145
7146 if (n_match_sets)
7147 request->scan_plans = (void *)(request->match_sets +
7148 n_match_sets);
7149 else if (request->ie)
7150 request->scan_plans = (void *)(request->ie + ie_len);
7151 else if (n_ssids)
7152 request->scan_plans = (void *)(request->ssids + n_ssids);
7153 else
7154 request->scan_plans = (void *)(request->channels + n_channels);
7155
7156 request->n_scan_plans = n_plans;
7157
7158 i = 0;
7159 if (attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
7160
7161 nla_for_each_nested(attr,
7162 attrs[NL80211_ATTR_SCAN_FREQUENCIES],
7163 tmp) {
7164 struct ieee80211_channel *chan;
7165
7166 chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
7167
7168 if (!chan) {
7169 err = -EINVAL;
7170 goto out_free;
7171 }
7172
7173
7174 if (chan->flags & IEEE80211_CHAN_DISABLED)
7175 continue;
7176
7177 request->channels[i] = chan;
7178 i++;
7179 }
7180 } else {
7181
7182 for (band = 0; band < NUM_NL80211_BANDS; band++) {
7183 int j;
7184
7185 if (!wiphy->bands[band])
7186 continue;
7187 for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
7188 struct ieee80211_channel *chan;
7189
7190 chan = &wiphy->bands[band]->channels[j];
7191
7192 if (chan->flags & IEEE80211_CHAN_DISABLED)
7193 continue;
7194
7195 request->channels[i] = chan;
7196 i++;
7197 }
7198 }
7199 }
7200
7201 if (!i) {
7202 err = -EINVAL;
7203 goto out_free;
7204 }
7205
7206 request->n_channels = i;
7207
7208 i = 0;
7209 if (n_ssids) {
7210 nla_for_each_nested(attr, attrs[NL80211_ATTR_SCAN_SSIDS],
7211 tmp) {
7212 if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
7213 err = -EINVAL;
7214 goto out_free;
7215 }
7216 request->ssids[i].ssid_len = nla_len(attr);
7217 memcpy(request->ssids[i].ssid, nla_data(attr),
7218 nla_len(attr));
7219 i++;
7220 }
7221 }
7222
7223 i = 0;
7224 if (attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
7225 nla_for_each_nested(attr,
7226 attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
7227 tmp) {
7228 struct nlattr *ssid, *bssid, *rssi;
7229
7230 err = nla_parse_nested(tb,
7231 NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
7232 attr, nl80211_match_policy);
7233 if (err)
7234 goto out_free;
7235 ssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID];
7236 bssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID];
7237 if (ssid || bssid) {
7238 if (WARN_ON(i >= n_match_sets)) {
7239
7240
7241
7242
7243 err = -EINVAL;
7244 goto out_free;
7245 }
7246
7247 if (ssid) {
7248 if (nla_len(ssid) > IEEE80211_MAX_SSID_LEN) {
7249 err = -EINVAL;
7250 goto out_free;
7251 }
7252 memcpy(request->match_sets[i].ssid.ssid,
7253 nla_data(ssid), nla_len(ssid));
7254 request->match_sets[i].ssid.ssid_len =
7255 nla_len(ssid);
7256 }
7257 if (bssid) {
7258 if (nla_len(bssid) != ETH_ALEN) {
7259 err = -EINVAL;
7260 goto out_free;
7261 }
7262 memcpy(request->match_sets[i].bssid,
7263 nla_data(bssid), ETH_ALEN);
7264 }
7265
7266
7267 request->match_sets[i].rssi_thold =
7268 default_match_rssi;
7269 rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
7270 if (rssi)
7271 request->match_sets[i].rssi_thold =
7272 nla_get_s32(rssi);
7273 }
7274 i++;
7275 }
7276
7277
7278 if (i == 0 && n_match_sets)
7279 request->match_sets[0].rssi_thold = default_match_rssi;
7280
7281 request->min_rssi_thold = INT_MAX;
7282 for (i = 0; i < n_match_sets; i++)
7283 request->min_rssi_thold =
7284 min(request->match_sets[i].rssi_thold,
7285 request->min_rssi_thold);
7286 } else {
7287 request->min_rssi_thold = NL80211_SCAN_RSSI_THOLD_OFF;
7288 }
7289
7290 if (ie_len) {
7291 request->ie_len = ie_len;
7292 memcpy((void *)request->ie,
7293 nla_data(attrs[NL80211_ATTR_IE]),
7294 request->ie_len);
7295 }
7296
7297 if (attrs[NL80211_ATTR_SCAN_FLAGS]) {
7298 request->flags = nla_get_u32(
7299 attrs[NL80211_ATTR_SCAN_FLAGS]);
7300 if ((request->flags & NL80211_SCAN_FLAG_LOW_PRIORITY) &&
7301 !(wiphy->features & NL80211_FEATURE_LOW_PRIORITY_SCAN)) {
7302 err = -EOPNOTSUPP;
7303 goto out_free;
7304 }
7305
7306 if (request->flags & NL80211_SCAN_FLAG_RANDOM_ADDR) {
7307 u32 flg = NL80211_FEATURE_SCHED_SCAN_RANDOM_MAC_ADDR;
7308
7309 if (!wdev)
7310 flg = NL80211_FEATURE_ND_RANDOM_MAC_ADDR;
7311
7312 if (!(wiphy->features & flg)) {
7313 err = -EOPNOTSUPP;
7314 goto out_free;
7315 }
7316
7317 if (wdev && wdev->current_bss) {
7318 err = -EOPNOTSUPP;
7319 goto out_free;
7320 }
7321
7322 err = nl80211_parse_random_mac(attrs, request->mac_addr,
7323 request->mac_addr_mask);
7324 if (err)
7325 goto out_free;
7326 }
7327 }
7328
7329 if (attrs[NL80211_ATTR_SCHED_SCAN_DELAY])
7330 request->delay =
7331 nla_get_u32(attrs[NL80211_ATTR_SCHED_SCAN_DELAY]);
7332
7333 if (attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI]) {
7334 request->relative_rssi = nla_get_s8(
7335 attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI]);
7336 request->relative_rssi_set = true;
7337 }
7338
7339 if (request->relative_rssi_set &&
7340 attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]) {
7341 struct nl80211_bss_select_rssi_adjust *rssi_adjust;
7342
7343 rssi_adjust = nla_data(
7344 attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]);
7345 request->rssi_adjust.band = rssi_adjust->band;
7346 request->rssi_adjust.delta = rssi_adjust->delta;
7347 if (!is_band_valid(wiphy, request->rssi_adjust.band)) {
7348 err = -EINVAL;
7349 goto out_free;
7350 }
7351 }
7352
7353 err = nl80211_parse_sched_scan_plans(wiphy, n_plans, request, attrs);
7354 if (err)
7355 goto out_free;
7356
7357 request->scan_start = jiffies;
7358
7359 return request;
7360
7361out_free:
7362 kfree(request);
7363 return ERR_PTR(err);
7364}
7365
7366static int nl80211_start_sched_scan(struct sk_buff *skb,
7367 struct genl_info *info)
7368{
7369 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7370 struct net_device *dev = info->user_ptr[1];
7371 struct wireless_dev *wdev = dev->ieee80211_ptr;
7372 struct cfg80211_sched_scan_request *sched_scan_req;
7373 bool want_multi;
7374 int err;
7375
7376 if (!rdev->wiphy.max_sched_scan_reqs || !rdev->ops->sched_scan_start)
7377 return -EOPNOTSUPP;
7378
7379 want_multi = info->attrs[NL80211_ATTR_SCHED_SCAN_MULTI];
7380 err = cfg80211_sched_scan_req_possible(rdev, want_multi);
7381 if (err)
7382 return err;
7383
7384 sched_scan_req = nl80211_parse_sched_scan(&rdev->wiphy, wdev,
7385 info->attrs,
7386 rdev->wiphy.max_match_sets);
7387
7388 err = PTR_ERR_OR_ZERO(sched_scan_req);
7389 if (err)
7390 goto out_err;
7391
7392
7393
7394
7395 if (want_multi && rdev->wiphy.max_sched_scan_reqs > 1) {
7396 while (!sched_scan_req->reqid)
7397 sched_scan_req->reqid = rdev->wiphy.cookie_counter++;
7398 }
7399
7400 err = rdev_sched_scan_start(rdev, dev, sched_scan_req);
7401 if (err)
7402 goto out_free;
7403
7404 sched_scan_req->dev = dev;
7405 sched_scan_req->wiphy = &rdev->wiphy;
7406
7407 if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
7408 sched_scan_req->owner_nlportid = info->snd_portid;
7409
7410 cfg80211_add_sched_scan_req(rdev, sched_scan_req);
7411
7412 nl80211_send_sched_scan(sched_scan_req, NL80211_CMD_START_SCHED_SCAN);
7413 return 0;
7414
7415out_free:
7416 kfree(sched_scan_req);
7417out_err:
7418 return err;
7419}
7420
7421static int nl80211_stop_sched_scan(struct sk_buff *skb,
7422 struct genl_info *info)
7423{
7424 struct cfg80211_sched_scan_request *req;
7425 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7426 u64 cookie;
7427
7428 if (!rdev->wiphy.max_sched_scan_reqs || !rdev->ops->sched_scan_stop)
7429 return -EOPNOTSUPP;
7430
7431 if (info->attrs[NL80211_ATTR_COOKIE]) {
7432 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
7433 return __cfg80211_stop_sched_scan(rdev, cookie, false);
7434 }
7435
7436 req = list_first_or_null_rcu(&rdev->sched_scan_req_list,
7437 struct cfg80211_sched_scan_request,
7438 list);
7439 if (!req || req->reqid ||
7440 (req->owner_nlportid &&
7441 req->owner_nlportid != info->snd_portid))
7442 return -ENOENT;
7443
7444 return cfg80211_stop_sched_scan_req(rdev, req, false);
7445}
7446
7447static int nl80211_start_radar_detection(struct sk_buff *skb,
7448 struct genl_info *info)
7449{
7450 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7451 struct net_device *dev = info->user_ptr[1];
7452 struct wireless_dev *wdev = dev->ieee80211_ptr;
7453 struct cfg80211_chan_def chandef;
7454 enum nl80211_dfs_regions dfs_region;
7455 unsigned int cac_time_ms;
7456 int err;
7457
7458 dfs_region = reg_get_dfs_region(wdev->wiphy);
7459 if (dfs_region == NL80211_DFS_UNSET)
7460 return -EINVAL;
7461
7462 err = nl80211_parse_chandef(rdev, info, &chandef);
7463 if (err)
7464 return err;
7465
7466 if (netif_carrier_ok(dev))
7467 return -EBUSY;
7468
7469 if (wdev->cac_started)
7470 return -EBUSY;
7471
7472 err = cfg80211_chandef_dfs_required(wdev->wiphy, &chandef,
7473 wdev->iftype);
7474 if (err < 0)
7475 return err;
7476
7477 if (err == 0)
7478 return -EINVAL;
7479
7480 if (!cfg80211_chandef_dfs_usable(wdev->wiphy, &chandef))
7481 return -EINVAL;
7482
7483 if (!rdev->ops->start_radar_detection)
7484 return -EOPNOTSUPP;
7485
7486 cac_time_ms = cfg80211_chandef_dfs_cac_time(&rdev->wiphy, &chandef);
7487 if (WARN_ON(!cac_time_ms))
7488 cac_time_ms = IEEE80211_DFS_MIN_CAC_TIME_MS;
7489
7490 err = rdev_start_radar_detection(rdev, dev, &chandef, cac_time_ms);
7491 if (!err) {
7492 wdev->chandef = chandef;
7493 wdev->cac_started = true;
7494 wdev->cac_start_time = jiffies;
7495 wdev->cac_time_ms = cac_time_ms;
7496 }
7497 return err;
7498}
7499
7500static int nl80211_channel_switch(struct sk_buff *skb, struct genl_info *info)
7501{
7502 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7503 struct net_device *dev = info->user_ptr[1];
7504 struct wireless_dev *wdev = dev->ieee80211_ptr;
7505 struct cfg80211_csa_settings params;
7506
7507
7508
7509 static struct nlattr *csa_attrs[NL80211_ATTR_MAX+1];
7510 int err;
7511 bool need_new_beacon = false;
7512 bool need_handle_dfs_flag = true;
7513 int len, i;
7514 u32 cs_count;
7515
7516 if (!rdev->ops->channel_switch ||
7517 !(rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH))
7518 return -EOPNOTSUPP;
7519
7520 switch (dev->ieee80211_ptr->iftype) {
7521 case NL80211_IFTYPE_AP:
7522 case NL80211_IFTYPE_P2P_GO:
7523 need_new_beacon = true;
7524
7525
7526
7527
7528
7529 need_handle_dfs_flag = false;
7530
7531
7532 if (!wdev->beacon_interval)
7533 return -ENOTCONN;
7534 break;
7535 case NL80211_IFTYPE_ADHOC:
7536 if (!wdev->ssid_len)
7537 return -ENOTCONN;
7538 break;
7539 case NL80211_IFTYPE_MESH_POINT:
7540 if (!wdev->mesh_id_len)
7541 return -ENOTCONN;
7542 break;
7543 default:
7544 return -EOPNOTSUPP;
7545 }
7546
7547 memset(¶ms, 0, sizeof(params));
7548
7549 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
7550 !info->attrs[NL80211_ATTR_CH_SWITCH_COUNT])
7551 return -EINVAL;
7552
7553
7554 if (need_new_beacon && !info->attrs[NL80211_ATTR_CSA_IES])
7555 return -EINVAL;
7556
7557
7558
7559
7560 cs_count = nla_get_u32(info->attrs[NL80211_ATTR_CH_SWITCH_COUNT]);
7561 if (cs_count > 255)
7562 return -EINVAL;
7563
7564 params.count = cs_count;
7565
7566 if (!need_new_beacon)
7567 goto skip_beacons;
7568
7569 err = nl80211_parse_beacon(info->attrs, ¶ms.beacon_after);
7570 if (err)
7571 return err;
7572
7573 err = nla_parse_nested(csa_attrs, NL80211_ATTR_MAX,
7574 info->attrs[NL80211_ATTR_CSA_IES],
7575 nl80211_policy);
7576 if (err)
7577 return err;
7578
7579 err = nl80211_parse_beacon(csa_attrs, ¶ms.beacon_csa);
7580 if (err)
7581 return err;
7582
7583 if (!csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON])
7584 return -EINVAL;
7585
7586 len = nla_len(csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON]);
7587 if (!len || (len % sizeof(u16)))
7588 return -EINVAL;
7589
7590 params.n_counter_offsets_beacon = len / sizeof(u16);
7591 if (rdev->wiphy.max_num_csa_counters &&
7592 (params.n_counter_offsets_beacon >
7593 rdev->wiphy.max_num_csa_counters))
7594 return -EINVAL;
7595
7596 params.counter_offsets_beacon =
7597 nla_data(csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON]);
7598
7599
7600 for (i = 0; i < params.n_counter_offsets_beacon; i++) {
7601 u16 offset = params.counter_offsets_beacon[i];
7602
7603 if (offset >= params.beacon_csa.tail_len)
7604 return -EINVAL;
7605
7606 if (params.beacon_csa.tail[offset] != params.count)
7607 return -EINVAL;
7608 }
7609
7610 if (csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]) {
7611 len = nla_len(csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]);
7612 if (!len || (len % sizeof(u16)))
7613 return -EINVAL;
7614
7615 params.n_counter_offsets_presp = len / sizeof(u16);
7616 if (rdev->wiphy.max_num_csa_counters &&
7617 (params.n_counter_offsets_presp >
7618 rdev->wiphy.max_num_csa_counters))
7619 return -EINVAL;
7620
7621 params.counter_offsets_presp =
7622 nla_data(csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]);
7623
7624
7625 for (i = 0; i < params.n_counter_offsets_presp; i++) {
7626 u16 offset = params.counter_offsets_presp[i];
7627
7628 if (offset >= params.beacon_csa.probe_resp_len)
7629 return -EINVAL;
7630
7631 if (params.beacon_csa.probe_resp[offset] !=
7632 params.count)
7633 return -EINVAL;
7634 }
7635 }
7636
7637skip_beacons:
7638 err = nl80211_parse_chandef(rdev, info, ¶ms.chandef);
7639 if (err)
7640 return err;
7641
7642 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, ¶ms.chandef,
7643 wdev->iftype))
7644 return -EINVAL;
7645
7646 err = cfg80211_chandef_dfs_required(wdev->wiphy,
7647 ¶ms.chandef,
7648 wdev->iftype);
7649 if (err < 0)
7650 return err;
7651
7652 if (err > 0) {
7653 params.radar_required = true;
7654 if (need_handle_dfs_flag &&
7655 !nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS])) {
7656 return -EINVAL;
7657 }
7658 }
7659
7660 if (info->attrs[NL80211_ATTR_CH_SWITCH_BLOCK_TX])
7661 params.block_tx = true;
7662
7663 wdev_lock(wdev);
7664 err = rdev_channel_switch(rdev, dev, ¶ms);
7665 wdev_unlock(wdev);
7666
7667 return err;
7668}
7669
7670static int nl80211_send_bss(struct sk_buff *msg, struct netlink_callback *cb,
7671 u32 seq, int flags,
7672 struct cfg80211_registered_device *rdev,
7673 struct wireless_dev *wdev,
7674 struct cfg80211_internal_bss *intbss)
7675{
7676 struct cfg80211_bss *res = &intbss->pub;
7677 const struct cfg80211_bss_ies *ies;
7678 void *hdr;
7679 struct nlattr *bss;
7680
7681 ASSERT_WDEV_LOCK(wdev);
7682
7683 hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags,
7684 NL80211_CMD_NEW_SCAN_RESULTS);
7685 if (!hdr)
7686 return -1;
7687
7688 genl_dump_check_consistent(cb, hdr, &nl80211_fam);
7689
7690 if (nla_put_u32(msg, NL80211_ATTR_GENERATION, rdev->bss_generation))
7691 goto nla_put_failure;
7692 if (wdev->netdev &&
7693 nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex))
7694 goto nla_put_failure;
7695 if (nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
7696 NL80211_ATTR_PAD))
7697 goto nla_put_failure;
7698
7699 bss = nla_nest_start(msg, NL80211_ATTR_BSS);
7700 if (!bss)
7701 goto nla_put_failure;
7702 if ((!is_zero_ether_addr(res->bssid) &&
7703 nla_put(msg, NL80211_BSS_BSSID, ETH_ALEN, res->bssid)))
7704 goto nla_put_failure;
7705
7706 rcu_read_lock();
7707
7708 if (rcu_access_pointer(res->proberesp_ies) &&
7709 nla_put_flag(msg, NL80211_BSS_PRESP_DATA))
7710 goto fail_unlock_rcu;
7711
7712
7713
7714
7715 ies = rcu_dereference(res->ies);
7716 if (ies) {
7717 if (nla_put_u64_64bit(msg, NL80211_BSS_TSF, ies->tsf,
7718 NL80211_BSS_PAD))
7719 goto fail_unlock_rcu;
7720 if (ies->len && nla_put(msg, NL80211_BSS_INFORMATION_ELEMENTS,
7721 ies->len, ies->data))
7722 goto fail_unlock_rcu;
7723 }
7724
7725
7726 ies = rcu_dereference(res->beacon_ies);
7727 if (ies && ies->from_beacon) {
7728 if (nla_put_u64_64bit(msg, NL80211_BSS_BEACON_TSF, ies->tsf,
7729 NL80211_BSS_PAD))
7730 goto fail_unlock_rcu;
7731 if (ies->len && nla_put(msg, NL80211_BSS_BEACON_IES,
7732 ies->len, ies->data))
7733 goto fail_unlock_rcu;
7734 }
7735 rcu_read_unlock();
7736
7737 if (res->beacon_interval &&
7738 nla_put_u16(msg, NL80211_BSS_BEACON_INTERVAL, res->beacon_interval))
7739 goto nla_put_failure;
7740 if (nla_put_u16(msg, NL80211_BSS_CAPABILITY, res->capability) ||
7741 nla_put_u32(msg, NL80211_BSS_FREQUENCY, res->channel->center_freq) ||
7742 nla_put_u32(msg, NL80211_BSS_CHAN_WIDTH, res->scan_width) ||
7743 nla_put_u32(msg, NL80211_BSS_SEEN_MS_AGO,
7744 jiffies_to_msecs(jiffies - intbss->ts)))
7745 goto nla_put_failure;
7746
7747 if (intbss->parent_tsf &&
7748 (nla_put_u64_64bit(msg, NL80211_BSS_PARENT_TSF,
7749 intbss->parent_tsf, NL80211_BSS_PAD) ||
7750 nla_put(msg, NL80211_BSS_PARENT_BSSID, ETH_ALEN,
7751 intbss->parent_bssid)))
7752 goto nla_put_failure;
7753
7754 if (intbss->ts_boottime &&
7755 nla_put_u64_64bit(msg, NL80211_BSS_LAST_SEEN_BOOTTIME,
7756 intbss->ts_boottime, NL80211_BSS_PAD))
7757 goto nla_put_failure;
7758
7759 switch (rdev->wiphy.signal_type) {
7760 case CFG80211_SIGNAL_TYPE_MBM:
7761 if (nla_put_u32(msg, NL80211_BSS_SIGNAL_MBM, res->signal))
7762 goto nla_put_failure;
7763 break;
7764 case CFG80211_SIGNAL_TYPE_UNSPEC:
7765 if (nla_put_u8(msg, NL80211_BSS_SIGNAL_UNSPEC, res->signal))
7766 goto nla_put_failure;
7767 break;
7768 default:
7769 break;
7770 }
7771
7772 switch (wdev->iftype) {
7773 case NL80211_IFTYPE_P2P_CLIENT:
7774 case NL80211_IFTYPE_STATION:
7775 if (intbss == wdev->current_bss &&
7776 nla_put_u32(msg, NL80211_BSS_STATUS,
7777 NL80211_BSS_STATUS_ASSOCIATED))
7778 goto nla_put_failure;
7779 break;
7780 case NL80211_IFTYPE_ADHOC:
7781 if (intbss == wdev->current_bss &&
7782 nla_put_u32(msg, NL80211_BSS_STATUS,
7783 NL80211_BSS_STATUS_IBSS_JOINED))
7784 goto nla_put_failure;
7785 break;
7786 default:
7787 break;
7788 }
7789
7790 nla_nest_end(msg, bss);
7791
7792 genlmsg_end(msg, hdr);
7793 return 0;
7794
7795 fail_unlock_rcu:
7796 rcu_read_unlock();
7797 nla_put_failure:
7798 genlmsg_cancel(msg, hdr);
7799 return -EMSGSIZE;
7800}
7801
7802static int nl80211_dump_scan(struct sk_buff *skb, struct netlink_callback *cb)
7803{
7804 struct cfg80211_registered_device *rdev;
7805 struct cfg80211_internal_bss *scan;
7806 struct wireless_dev *wdev;
7807 int start = cb->args[2], idx = 0;
7808 int err;
7809
7810 rtnl_lock();
7811 err = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev);
7812 if (err) {
7813 rtnl_unlock();
7814 return err;
7815 }
7816
7817 wdev_lock(wdev);
7818 spin_lock_bh(&rdev->bss_lock);
7819 cfg80211_bss_expire(rdev);
7820
7821 cb->seq = rdev->bss_generation;
7822
7823 list_for_each_entry(scan, &rdev->bss_list, list) {
7824 if (++idx <= start)
7825 continue;
7826 if (nl80211_send_bss(skb, cb,
7827 cb->nlh->nlmsg_seq, NLM_F_MULTI,
7828 rdev, wdev, scan) < 0) {
7829 idx--;
7830 break;
7831 }
7832 }
7833
7834 spin_unlock_bh(&rdev->bss_lock);
7835 wdev_unlock(wdev);
7836
7837 cb->args[2] = idx;
7838 rtnl_unlock();
7839
7840 return skb->len;
7841}
7842
7843static int nl80211_send_survey(struct sk_buff *msg, u32 portid, u32 seq,
7844 int flags, struct net_device *dev,
7845 bool allow_radio_stats,
7846 struct survey_info *survey)
7847{
7848 void *hdr;
7849 struct nlattr *infoattr;
7850
7851
7852 if (!survey->channel && !allow_radio_stats)
7853 return 0;
7854
7855 hdr = nl80211hdr_put(msg, portid, seq, flags,
7856 NL80211_CMD_NEW_SURVEY_RESULTS);
7857 if (!hdr)
7858 return -ENOMEM;
7859
7860 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
7861 goto nla_put_failure;
7862
7863 infoattr = nla_nest_start(msg, NL80211_ATTR_SURVEY_INFO);
7864 if (!infoattr)
7865 goto nla_put_failure;
7866
7867 if (survey->channel &&
7868 nla_put_u32(msg, NL80211_SURVEY_INFO_FREQUENCY,
7869 survey->channel->center_freq))
7870 goto nla_put_failure;
7871
7872 if ((survey->filled & SURVEY_INFO_NOISE_DBM) &&
7873 nla_put_u8(msg, NL80211_SURVEY_INFO_NOISE, survey->noise))
7874 goto nla_put_failure;
7875 if ((survey->filled & SURVEY_INFO_IN_USE) &&
7876 nla_put_flag(msg, NL80211_SURVEY_INFO_IN_USE))
7877 goto nla_put_failure;
7878 if ((survey->filled & SURVEY_INFO_TIME) &&
7879 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME,
7880 survey->time, NL80211_SURVEY_INFO_PAD))
7881 goto nla_put_failure;
7882 if ((survey->filled & SURVEY_INFO_TIME_BUSY) &&
7883 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_BUSY,
7884 survey->time_busy, NL80211_SURVEY_INFO_PAD))
7885 goto nla_put_failure;
7886 if ((survey->filled & SURVEY_INFO_TIME_EXT_BUSY) &&
7887 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_EXT_BUSY,
7888 survey->time_ext_busy, NL80211_SURVEY_INFO_PAD))
7889 goto nla_put_failure;
7890 if ((survey->filled & SURVEY_INFO_TIME_RX) &&
7891 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_RX,
7892 survey->time_rx, NL80211_SURVEY_INFO_PAD))
7893 goto nla_put_failure;
7894 if ((survey->filled & SURVEY_INFO_TIME_TX) &&
7895 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_TX,
7896 survey->time_tx, NL80211_SURVEY_INFO_PAD))
7897 goto nla_put_failure;
7898 if ((survey->filled & SURVEY_INFO_TIME_SCAN) &&
7899 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_SCAN,
7900 survey->time_scan, NL80211_SURVEY_INFO_PAD))
7901 goto nla_put_failure;
7902
7903 nla_nest_end(msg, infoattr);
7904
7905 genlmsg_end(msg, hdr);
7906 return 0;
7907
7908 nla_put_failure:
7909 genlmsg_cancel(msg, hdr);
7910 return -EMSGSIZE;
7911}
7912
7913static int nl80211_dump_survey(struct sk_buff *skb, struct netlink_callback *cb)
7914{
7915 struct nlattr **attrbuf = genl_family_attrbuf(&nl80211_fam);
7916 struct survey_info survey;
7917 struct cfg80211_registered_device *rdev;
7918 struct wireless_dev *wdev;
7919 int survey_idx = cb->args[2];
7920 int res;
7921 bool radio_stats;
7922
7923 rtnl_lock();
7924 res = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev);
7925 if (res)
7926 goto out_err;
7927
7928
7929 radio_stats = attrbuf[NL80211_ATTR_SURVEY_RADIO_STATS];
7930
7931 if (!wdev->netdev) {
7932 res = -EINVAL;
7933 goto out_err;
7934 }
7935
7936 if (!rdev->ops->dump_survey) {
7937 res = -EOPNOTSUPP;
7938 goto out_err;
7939 }
7940
7941 while (1) {
7942 res = rdev_dump_survey(rdev, wdev->netdev, survey_idx, &survey);
7943 if (res == -ENOENT)
7944 break;
7945 if (res)
7946 goto out_err;
7947
7948
7949 if (survey.channel &&
7950 survey.channel->flags & IEEE80211_CHAN_DISABLED) {
7951 survey_idx++;
7952 continue;
7953 }
7954
7955 if (nl80211_send_survey(skb,
7956 NETLINK_CB(cb->skb).portid,
7957 cb->nlh->nlmsg_seq, NLM_F_MULTI,
7958 wdev->netdev, radio_stats, &survey) < 0)
7959 goto out;
7960 survey_idx++;
7961 }
7962
7963 out:
7964 cb->args[2] = survey_idx;
7965 res = skb->len;
7966 out_err:
7967 rtnl_unlock();
7968 return res;
7969}
7970
7971static bool nl80211_valid_wpa_versions(u32 wpa_versions)
7972{
7973 return !(wpa_versions & ~(NL80211_WPA_VERSION_1 |
7974 NL80211_WPA_VERSION_2));
7975}
7976
7977static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info)
7978{
7979 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7980 struct net_device *dev = info->user_ptr[1];
7981 struct ieee80211_channel *chan;
7982 const u8 *bssid, *ssid, *ie = NULL, *auth_data = NULL;
7983 int err, ssid_len, ie_len = 0, auth_data_len = 0;
7984 enum nl80211_auth_type auth_type;
7985 struct key_parse key;
7986 bool local_state_change;
7987
7988 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
7989 return -EINVAL;
7990
7991 if (!info->attrs[NL80211_ATTR_MAC])
7992 return -EINVAL;
7993
7994 if (!info->attrs[NL80211_ATTR_AUTH_TYPE])
7995 return -EINVAL;
7996
7997 if (!info->attrs[NL80211_ATTR_SSID])
7998 return -EINVAL;
7999
8000 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
8001 return -EINVAL;
8002
8003 err = nl80211_parse_key(info, &key);
8004 if (err)
8005 return err;
8006
8007 if (key.idx >= 0) {
8008 if (key.type != -1 && key.type != NL80211_KEYTYPE_GROUP)
8009 return -EINVAL;
8010 if (!key.p.key || !key.p.key_len)
8011 return -EINVAL;
8012 if ((key.p.cipher != WLAN_CIPHER_SUITE_WEP40 ||
8013 key.p.key_len != WLAN_KEY_LEN_WEP40) &&
8014 (key.p.cipher != WLAN_CIPHER_SUITE_WEP104 ||
8015 key.p.key_len != WLAN_KEY_LEN_WEP104))
8016 return -EINVAL;
8017 if (key.idx > 3)
8018 return -EINVAL;
8019 } else {
8020 key.p.key_len = 0;
8021 key.p.key = NULL;
8022 }
8023
8024 if (key.idx >= 0) {
8025 int i;
8026 bool ok = false;
8027
8028 for (i = 0; i < rdev->wiphy.n_cipher_suites; i++) {
8029 if (key.p.cipher == rdev->wiphy.cipher_suites[i]) {
8030 ok = true;
8031 break;
8032 }
8033 }
8034 if (!ok)
8035 return -EINVAL;
8036 }
8037
8038 if (!rdev->ops->auth)
8039 return -EOPNOTSUPP;
8040
8041 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
8042 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
8043 return -EOPNOTSUPP;
8044
8045 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
8046 chan = nl80211_get_valid_chan(&rdev->wiphy,
8047 info->attrs[NL80211_ATTR_WIPHY_FREQ]);
8048 if (!chan)
8049 return -EINVAL;
8050
8051 ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
8052 ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
8053
8054 if (info->attrs[NL80211_ATTR_IE]) {
8055 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
8056 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
8057 }
8058
8059 auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
8060 if (!nl80211_valid_auth_type(rdev, auth_type, NL80211_CMD_AUTHENTICATE))
8061 return -EINVAL;
8062
8063 if ((auth_type == NL80211_AUTHTYPE_SAE ||
8064 auth_type == NL80211_AUTHTYPE_FILS_SK ||
8065 auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
8066 auth_type == NL80211_AUTHTYPE_FILS_PK) &&
8067 !info->attrs[NL80211_ATTR_AUTH_DATA])
8068 return -EINVAL;
8069
8070 if (info->attrs[NL80211_ATTR_AUTH_DATA]) {
8071 if (auth_type != NL80211_AUTHTYPE_SAE &&
8072 auth_type != NL80211_AUTHTYPE_FILS_SK &&
8073 auth_type != NL80211_AUTHTYPE_FILS_SK_PFS &&
8074 auth_type != NL80211_AUTHTYPE_FILS_PK)
8075 return -EINVAL;
8076 auth_data = nla_data(info->attrs[NL80211_ATTR_AUTH_DATA]);
8077 auth_data_len = nla_len(info->attrs[NL80211_ATTR_AUTH_DATA]);
8078
8079 if (auth_data_len < 4)
8080 return -EINVAL;
8081 }
8082
8083 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
8084
8085
8086
8087
8088
8089 if (local_state_change)
8090 return 0;
8091
8092 wdev_lock(dev->ieee80211_ptr);
8093 err = cfg80211_mlme_auth(rdev, dev, chan, auth_type, bssid,
8094 ssid, ssid_len, ie, ie_len,
8095 key.p.key, key.p.key_len, key.idx,
8096 auth_data, auth_data_len);
8097 wdev_unlock(dev->ieee80211_ptr);
8098 return err;
8099}
8100
8101static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
8102 struct genl_info *info,
8103 struct cfg80211_crypto_settings *settings,
8104 int cipher_limit)
8105{
8106 memset(settings, 0, sizeof(*settings));
8107
8108 settings->control_port = info->attrs[NL80211_ATTR_CONTROL_PORT];
8109
8110 if (info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) {
8111 u16 proto;
8112
8113 proto = nla_get_u16(
8114 info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]);
8115 settings->control_port_ethertype = cpu_to_be16(proto);
8116 if (!(rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
8117 proto != ETH_P_PAE)
8118 return -EINVAL;
8119 if (info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT])
8120 settings->control_port_no_encrypt = true;
8121 } else
8122 settings->control_port_ethertype = cpu_to_be16(ETH_P_PAE);
8123
8124 if (info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]) {
8125 void *data;
8126 int len, i;
8127
8128 data = nla_data(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
8129 len = nla_len(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
8130 settings->n_ciphers_pairwise = len / sizeof(u32);
8131
8132 if (len % sizeof(u32))
8133 return -EINVAL;
8134
8135 if (settings->n_ciphers_pairwise > cipher_limit)
8136 return -EINVAL;
8137
8138 memcpy(settings->ciphers_pairwise, data, len);
8139
8140 for (i = 0; i < settings->n_ciphers_pairwise; i++)
8141 if (!cfg80211_supported_cipher_suite(
8142 &rdev->wiphy,
8143 settings->ciphers_pairwise[i]))
8144 return -EINVAL;
8145 }
8146
8147 if (info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]) {
8148 settings->cipher_group =
8149 nla_get_u32(info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]);
8150 if (!cfg80211_supported_cipher_suite(&rdev->wiphy,
8151 settings->cipher_group))
8152 return -EINVAL;
8153 }
8154
8155 if (info->attrs[NL80211_ATTR_WPA_VERSIONS]) {
8156 settings->wpa_versions =
8157 nla_get_u32(info->attrs[NL80211_ATTR_WPA_VERSIONS]);
8158 if (!nl80211_valid_wpa_versions(settings->wpa_versions))
8159 return -EINVAL;
8160 }
8161
8162 if (info->attrs[NL80211_ATTR_AKM_SUITES]) {
8163 void *data;
8164 int len;
8165
8166 data = nla_data(info->attrs[NL80211_ATTR_AKM_SUITES]);
8167 len = nla_len(info->attrs[NL80211_ATTR_AKM_SUITES]);
8168 settings->n_akm_suites = len / sizeof(u32);
8169
8170 if (len % sizeof(u32))
8171 return -EINVAL;
8172
8173 if (settings->n_akm_suites > NL80211_MAX_NR_AKM_SUITES)
8174 return -EINVAL;
8175
8176 memcpy(settings->akm_suites, data, len);
8177 }
8178
8179 if (info->attrs[NL80211_ATTR_PMK]) {
8180 if (nla_len(info->attrs[NL80211_ATTR_PMK]) != WLAN_PMK_LEN)
8181 return -EINVAL;
8182 if (!wiphy_ext_feature_isset(&rdev->wiphy,
8183 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_PSK))
8184 return -EINVAL;
8185 settings->psk = nla_data(info->attrs[NL80211_ATTR_PMK]);
8186 }
8187
8188 return 0;
8189}
8190
8191static int nl80211_associate(struct sk_buff *skb, struct genl_info *info)
8192{
8193 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8194 struct net_device *dev = info->user_ptr[1];
8195 struct ieee80211_channel *chan;
8196 struct cfg80211_assoc_request req = {};
8197 const u8 *bssid, *ssid;
8198 int err, ssid_len = 0;
8199
8200 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
8201 return -EINVAL;
8202
8203 if (!info->attrs[NL80211_ATTR_MAC] ||
8204 !info->attrs[NL80211_ATTR_SSID] ||
8205 !info->attrs[NL80211_ATTR_WIPHY_FREQ])
8206 return -EINVAL;
8207
8208 if (!rdev->ops->assoc)
8209 return -EOPNOTSUPP;
8210
8211 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
8212 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
8213 return -EOPNOTSUPP;
8214
8215 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
8216
8217 chan = nl80211_get_valid_chan(&rdev->wiphy,
8218 info->attrs[NL80211_ATTR_WIPHY_FREQ]);
8219 if (!chan)
8220 return -EINVAL;
8221
8222 ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
8223 ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
8224
8225 if (info->attrs[NL80211_ATTR_IE]) {
8226 req.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
8227 req.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
8228 }
8229
8230 if (info->attrs[NL80211_ATTR_USE_MFP]) {
8231 enum nl80211_mfp mfp =
8232 nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
8233 if (mfp == NL80211_MFP_REQUIRED)
8234 req.use_mfp = true;
8235 else if (mfp != NL80211_MFP_NO)
8236 return -EINVAL;
8237 }
8238
8239 if (info->attrs[NL80211_ATTR_PREV_BSSID])
8240 req.prev_bssid = nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]);
8241
8242 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
8243 req.flags |= ASSOC_REQ_DISABLE_HT;
8244
8245 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
8246 memcpy(&req.ht_capa_mask,
8247 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
8248 sizeof(req.ht_capa_mask));
8249
8250 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
8251 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
8252 return -EINVAL;
8253 memcpy(&req.ht_capa,
8254 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
8255 sizeof(req.ht_capa));
8256 }
8257
8258 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT]))
8259 req.flags |= ASSOC_REQ_DISABLE_VHT;
8260
8261 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
8262 memcpy(&req.vht_capa_mask,
8263 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]),
8264 sizeof(req.vht_capa_mask));
8265
8266 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {
8267 if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
8268 return -EINVAL;
8269 memcpy(&req.vht_capa,
8270 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]),
8271 sizeof(req.vht_capa));
8272 }
8273
8274 if (nla_get_flag(info->attrs[NL80211_ATTR_USE_RRM])) {
8275 if (!((rdev->wiphy.features &
8276 NL80211_FEATURE_DS_PARAM_SET_IE_IN_PROBES) &&
8277 (rdev->wiphy.features & NL80211_FEATURE_QUIET)) &&
8278 !wiphy_ext_feature_isset(&rdev->wiphy,
8279 NL80211_EXT_FEATURE_RRM))
8280 return -EINVAL;
8281 req.flags |= ASSOC_REQ_USE_RRM;
8282 }
8283
8284 if (info->attrs[NL80211_ATTR_FILS_KEK]) {
8285 req.fils_kek = nla_data(info->attrs[NL80211_ATTR_FILS_KEK]);
8286 req.fils_kek_len = nla_len(info->attrs[NL80211_ATTR_FILS_KEK]);
8287 if (!info->attrs[NL80211_ATTR_FILS_NONCES])
8288 return -EINVAL;
8289 req.fils_nonces =
8290 nla_data(info->attrs[NL80211_ATTR_FILS_NONCES]);
8291 }
8292
8293 err = nl80211_crypto_settings(rdev, info, &req.crypto, 1);
8294 if (!err) {
8295 wdev_lock(dev->ieee80211_ptr);
8296
8297 err = cfg80211_mlme_assoc(rdev, dev, chan, bssid,
8298 ssid, ssid_len, &req);
8299
8300 if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
8301 dev->ieee80211_ptr->conn_owner_nlportid =
8302 info->snd_portid;
8303 memcpy(dev->ieee80211_ptr->disconnect_bssid,
8304 bssid, ETH_ALEN);
8305 }
8306
8307 wdev_unlock(dev->ieee80211_ptr);
8308 }
8309
8310 return err;
8311}
8312
8313static int nl80211_deauthenticate(struct sk_buff *skb, struct genl_info *info)
8314{
8315 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8316 struct net_device *dev = info->user_ptr[1];
8317 const u8 *ie = NULL, *bssid;
8318 int ie_len = 0, err;
8319 u16 reason_code;
8320 bool local_state_change;
8321
8322 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
8323 return -EINVAL;
8324
8325 if (!info->attrs[NL80211_ATTR_MAC])
8326 return -EINVAL;
8327
8328 if (!info->attrs[NL80211_ATTR_REASON_CODE])
8329 return -EINVAL;
8330
8331 if (!rdev->ops->deauth)
8332 return -EOPNOTSUPP;
8333
8334 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
8335 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
8336 return -EOPNOTSUPP;
8337
8338 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
8339
8340 reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
8341 if (reason_code == 0) {
8342
8343 return -EINVAL;
8344 }
8345
8346 if (info->attrs[NL80211_ATTR_IE]) {
8347 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
8348 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
8349 }
8350
8351 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
8352
8353 wdev_lock(dev->ieee80211_ptr);
8354 err = cfg80211_mlme_deauth(rdev, dev, bssid, ie, ie_len, reason_code,
8355 local_state_change);
8356 wdev_unlock(dev->ieee80211_ptr);
8357 return err;
8358}
8359
8360static int nl80211_disassociate(struct sk_buff *skb, struct genl_info *info)
8361{
8362 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8363 struct net_device *dev = info->user_ptr[1];
8364 const u8 *ie = NULL, *bssid;
8365 int ie_len = 0, err;
8366 u16 reason_code;
8367 bool local_state_change;
8368
8369 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
8370 return -EINVAL;
8371
8372 if (!info->attrs[NL80211_ATTR_MAC])
8373 return -EINVAL;
8374
8375 if (!info->attrs[NL80211_ATTR_REASON_CODE])
8376 return -EINVAL;
8377
8378 if (!rdev->ops->disassoc)
8379 return -EOPNOTSUPP;
8380
8381 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
8382 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
8383 return -EOPNOTSUPP;
8384
8385 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
8386
8387 reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
8388 if (reason_code == 0) {
8389
8390 return -EINVAL;
8391 }
8392
8393 if (info->attrs[NL80211_ATTR_IE]) {
8394 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
8395 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
8396 }
8397
8398 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
8399
8400 wdev_lock(dev->ieee80211_ptr);
8401 err = cfg80211_mlme_disassoc(rdev, dev, bssid, ie, ie_len, reason_code,
8402 local_state_change);
8403 wdev_unlock(dev->ieee80211_ptr);
8404 return err;
8405}
8406
8407static bool
8408nl80211_parse_mcast_rate(struct cfg80211_registered_device *rdev,
8409 int mcast_rate[NUM_NL80211_BANDS],
8410 int rateval)
8411{
8412 struct wiphy *wiphy = &rdev->wiphy;
8413 bool found = false;
8414 int band, i;
8415
8416 for (band = 0; band < NUM_NL80211_BANDS; band++) {
8417 struct ieee80211_supported_band *sband;
8418
8419 sband = wiphy->bands[band];
8420 if (!sband)
8421 continue;
8422
8423 for (i = 0; i < sband->n_bitrates; i++) {
8424 if (sband->bitrates[i].bitrate == rateval) {
8425 mcast_rate[band] = i + 1;
8426 found = true;
8427 break;
8428 }
8429 }
8430 }
8431
8432 return found;
8433}
8434
8435static int nl80211_join_ibss(struct sk_buff *skb, struct genl_info *info)
8436{
8437 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8438 struct net_device *dev = info->user_ptr[1];
8439 struct cfg80211_ibss_params ibss;
8440 struct wiphy *wiphy;
8441 struct cfg80211_cached_keys *connkeys = NULL;
8442 int err;
8443
8444 memset(&ibss, 0, sizeof(ibss));
8445
8446 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
8447 return -EINVAL;
8448
8449 if (!info->attrs[NL80211_ATTR_SSID] ||
8450 !nla_len(info->attrs[NL80211_ATTR_SSID]))
8451 return -EINVAL;
8452
8453 ibss.beacon_interval = 100;
8454
8455 if (info->attrs[NL80211_ATTR_BEACON_INTERVAL])
8456 ibss.beacon_interval =
8457 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
8458
8459 err = cfg80211_validate_beacon_int(rdev, NL80211_IFTYPE_ADHOC,
8460 ibss.beacon_interval);
8461 if (err)
8462 return err;
8463
8464 if (!rdev->ops->join_ibss)
8465 return -EOPNOTSUPP;
8466
8467 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
8468 return -EOPNOTSUPP;
8469
8470 wiphy = &rdev->wiphy;
8471
8472 if (info->attrs[NL80211_ATTR_MAC]) {
8473 ibss.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
8474
8475 if (!is_valid_ether_addr(ibss.bssid))
8476 return -EINVAL;
8477 }
8478 ibss.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
8479 ibss.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
8480
8481 if (info->attrs[NL80211_ATTR_IE]) {
8482 ibss.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
8483 ibss.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
8484 }
8485
8486 err = nl80211_parse_chandef(rdev, info, &ibss.chandef);
8487 if (err)
8488 return err;
8489
8490 if (!cfg80211_reg_can_beacon(&rdev->wiphy, &ibss.chandef,
8491 NL80211_IFTYPE_ADHOC))
8492 return -EINVAL;
8493
8494 switch (ibss.chandef.width) {
8495 case NL80211_CHAN_WIDTH_5:
8496 case NL80211_CHAN_WIDTH_10:
8497 case NL80211_CHAN_WIDTH_20_NOHT:
8498 break;
8499 case NL80211_CHAN_WIDTH_20:
8500 case NL80211_CHAN_WIDTH_40:
8501 if (!(rdev->wiphy.features & NL80211_FEATURE_HT_IBSS))
8502 return -EINVAL;
8503 break;
8504 case NL80211_CHAN_WIDTH_80:
8505 case NL80211_CHAN_WIDTH_80P80:
8506 case NL80211_CHAN_WIDTH_160:
8507 if (!(rdev->wiphy.features & NL80211_FEATURE_HT_IBSS))
8508 return -EINVAL;
8509 if (!wiphy_ext_feature_isset(&rdev->wiphy,
8510 NL80211_EXT_FEATURE_VHT_IBSS))
8511 return -EINVAL;
8512 break;
8513 default:
8514 return -EINVAL;
8515 }
8516
8517 ibss.channel_fixed = !!info->attrs[NL80211_ATTR_FREQ_FIXED];
8518 ibss.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
8519
8520 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
8521 u8 *rates =
8522 nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
8523 int n_rates =
8524 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
8525 struct ieee80211_supported_band *sband =
8526 wiphy->bands[ibss.chandef.chan->band];
8527
8528 err = ieee80211_get_ratemask(sband, rates, n_rates,
8529 &ibss.basic_rates);
8530 if (err)
8531 return err;
8532 }
8533
8534 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
8535 memcpy(&ibss.ht_capa_mask,
8536 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
8537 sizeof(ibss.ht_capa_mask));
8538
8539 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
8540 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
8541 return -EINVAL;
8542 memcpy(&ibss.ht_capa,
8543 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
8544 sizeof(ibss.ht_capa));
8545 }
8546
8547 if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
8548 !nl80211_parse_mcast_rate(rdev, ibss.mcast_rate,
8549 nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
8550 return -EINVAL;
8551
8552 if (ibss.privacy && info->attrs[NL80211_ATTR_KEYS]) {
8553 bool no_ht = false;
8554
8555 connkeys = nl80211_parse_connkeys(rdev,
8556 info->attrs[NL80211_ATTR_KEYS],
8557 &no_ht);
8558 if (IS_ERR(connkeys))
8559 return PTR_ERR(connkeys);
8560
8561 if ((ibss.chandef.width != NL80211_CHAN_WIDTH_20_NOHT) &&
8562 no_ht) {
8563 kzfree(connkeys);
8564 return -EINVAL;
8565 }
8566 }
8567
8568 ibss.control_port =
8569 nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT]);
8570
8571 ibss.userspace_handles_dfs =
8572 nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS]);
8573
8574 err = cfg80211_join_ibss(rdev, dev, &ibss, connkeys);
8575 if (err)
8576 kzfree(connkeys);
8577 return err;
8578}
8579
8580static int nl80211_leave_ibss(struct sk_buff *skb, struct genl_info *info)
8581{
8582 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8583 struct net_device *dev = info->user_ptr[1];
8584
8585 if (!rdev->ops->leave_ibss)
8586 return -EOPNOTSUPP;
8587
8588 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
8589 return -EOPNOTSUPP;
8590
8591 return cfg80211_leave_ibss(rdev, dev, false);
8592}
8593
8594static int nl80211_set_mcast_rate(struct sk_buff *skb, struct genl_info *info)
8595{
8596 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8597 struct net_device *dev = info->user_ptr[1];
8598 int mcast_rate[NUM_NL80211_BANDS];
8599 u32 nla_rate;
8600 int err;
8601
8602 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC &&
8603 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
8604 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_OCB)
8605 return -EOPNOTSUPP;
8606
8607 if (!rdev->ops->set_mcast_rate)
8608 return -EOPNOTSUPP;
8609
8610 memset(mcast_rate, 0, sizeof(mcast_rate));
8611
8612 if (!info->attrs[NL80211_ATTR_MCAST_RATE])
8613 return -EINVAL;
8614
8615 nla_rate = nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE]);
8616 if (!nl80211_parse_mcast_rate(rdev, mcast_rate, nla_rate))
8617 return -EINVAL;
8618
8619 err = rdev_set_mcast_rate(rdev, dev, mcast_rate);
8620
8621 return err;
8622}
8623
8624static struct sk_buff *
8625__cfg80211_alloc_vendor_skb(struct cfg80211_registered_device *rdev,
8626 struct wireless_dev *wdev, int approxlen,
8627 u32 portid, u32 seq, enum nl80211_commands cmd,
8628 enum nl80211_attrs attr,
8629 const struct nl80211_vendor_cmd_info *info,
8630 gfp_t gfp)
8631{
8632 struct sk_buff *skb;
8633 void *hdr;
8634 struct nlattr *data;
8635
8636 skb = nlmsg_new(approxlen + 100, gfp);
8637 if (!skb)
8638 return NULL;
8639
8640 hdr = nl80211hdr_put(skb, portid, seq, 0, cmd);
8641 if (!hdr) {
8642 kfree_skb(skb);
8643 return NULL;
8644 }
8645
8646 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
8647 goto nla_put_failure;
8648
8649 if (info) {
8650 if (nla_put_u32(skb, NL80211_ATTR_VENDOR_ID,
8651 info->vendor_id))
8652 goto nla_put_failure;
8653 if (nla_put_u32(skb, NL80211_ATTR_VENDOR_SUBCMD,
8654 info->subcmd))
8655 goto nla_put_failure;
8656 }
8657
8658 if (wdev) {
8659 if (nla_put_u64_64bit(skb, NL80211_ATTR_WDEV,
8660 wdev_id(wdev), NL80211_ATTR_PAD))
8661 goto nla_put_failure;
8662 if (wdev->netdev &&
8663 nla_put_u32(skb, NL80211_ATTR_IFINDEX,
8664 wdev->netdev->ifindex))
8665 goto nla_put_failure;
8666 }
8667
8668 data = nla_nest_start(skb, attr);
8669 if (!data)
8670 goto nla_put_failure;
8671
8672 ((void **)skb->cb)[0] = rdev;
8673 ((void **)skb->cb)[1] = hdr;
8674 ((void **)skb->cb)[2] = data;
8675
8676 return skb;
8677
8678 nla_put_failure:
8679 kfree_skb(skb);
8680 return NULL;
8681}
8682
8683struct sk_buff *__cfg80211_alloc_event_skb(struct wiphy *wiphy,
8684 struct wireless_dev *wdev,
8685 enum nl80211_commands cmd,
8686 enum nl80211_attrs attr,
8687 int vendor_event_idx,
8688 int approxlen, gfp_t gfp)
8689{
8690 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
8691 const struct nl80211_vendor_cmd_info *info;
8692
8693 switch (cmd) {
8694 case NL80211_CMD_TESTMODE:
8695 if (WARN_ON(vendor_event_idx != -1))
8696 return NULL;
8697 info = NULL;
8698 break;
8699 case NL80211_CMD_VENDOR:
8700 if (WARN_ON(vendor_event_idx < 0 ||
8701 vendor_event_idx >= wiphy->n_vendor_events))
8702 return NULL;
8703 info = &wiphy->vendor_events[vendor_event_idx];
8704 break;
8705 default:
8706 WARN_ON(1);
8707 return NULL;
8708 }
8709
8710 return __cfg80211_alloc_vendor_skb(rdev, wdev, approxlen, 0, 0,
8711 cmd, attr, info, gfp);
8712}
8713EXPORT_SYMBOL(__cfg80211_alloc_event_skb);
8714
8715void __cfg80211_send_event_skb(struct sk_buff *skb, gfp_t gfp)
8716{
8717 struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
8718 void *hdr = ((void **)skb->cb)[1];
8719 struct nlattr *data = ((void **)skb->cb)[2];
8720 enum nl80211_multicast_groups mcgrp = NL80211_MCGRP_TESTMODE;
8721
8722
8723 memset(skb->cb, 0, sizeof(skb->cb));
8724
8725 nla_nest_end(skb, data);
8726 genlmsg_end(skb, hdr);
8727
8728 if (data->nla_type == NL80211_ATTR_VENDOR_DATA)
8729 mcgrp = NL80211_MCGRP_VENDOR;
8730
8731 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), skb, 0,
8732 mcgrp, gfp);
8733}
8734EXPORT_SYMBOL(__cfg80211_send_event_skb);
8735
8736#ifdef CONFIG_NL80211_TESTMODE
8737static int nl80211_testmode_do(struct sk_buff *skb, struct genl_info *info)
8738{
8739 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8740 struct wireless_dev *wdev =
8741 __cfg80211_wdev_from_attrs(genl_info_net(info), info->attrs);
8742 int err;
8743
8744 if (!rdev->ops->testmode_cmd)
8745 return -EOPNOTSUPP;
8746
8747 if (IS_ERR(wdev)) {
8748 err = PTR_ERR(wdev);
8749 if (err != -EINVAL)
8750 return err;
8751 wdev = NULL;
8752 } else if (wdev->wiphy != &rdev->wiphy) {
8753 return -EINVAL;
8754 }
8755
8756 if (!info->attrs[NL80211_ATTR_TESTDATA])
8757 return -EINVAL;
8758
8759 rdev->cur_cmd_info = info;
8760 err = rdev_testmode_cmd(rdev, wdev,
8761 nla_data(info->attrs[NL80211_ATTR_TESTDATA]),
8762 nla_len(info->attrs[NL80211_ATTR_TESTDATA]));
8763 rdev->cur_cmd_info = NULL;
8764
8765 return err;
8766}
8767
8768static int nl80211_testmode_dump(struct sk_buff *skb,
8769 struct netlink_callback *cb)
8770{
8771 struct cfg80211_registered_device *rdev;
8772 int err;
8773 long phy_idx;
8774 void *data = NULL;
8775 int data_len = 0;
8776
8777 rtnl_lock();
8778
8779 if (cb->args[0]) {
8780
8781
8782
8783
8784 phy_idx = cb->args[0] - 1;
8785
8786 rdev = cfg80211_rdev_by_wiphy_idx(phy_idx);
8787 if (!rdev) {
8788 err = -ENOENT;
8789 goto out_err;
8790 }
8791 } else {
8792 struct nlattr **attrbuf = genl_family_attrbuf(&nl80211_fam);
8793
8794 err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
8795 attrbuf, nl80211_fam.maxattr, nl80211_policy);
8796 if (err)
8797 goto out_err;
8798
8799 rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk), attrbuf);
8800 if (IS_ERR(rdev)) {
8801 err = PTR_ERR(rdev);
8802 goto out_err;
8803 }
8804 phy_idx = rdev->wiphy_idx;
8805
8806 if (attrbuf[NL80211_ATTR_TESTDATA])
8807 cb->args[1] = (long)attrbuf[NL80211_ATTR_TESTDATA];
8808 }
8809
8810 if (cb->args[1]) {
8811 data = nla_data((void *)cb->args[1]);
8812 data_len = nla_len((void *)cb->args[1]);
8813 }
8814
8815 if (!rdev->ops->testmode_dump) {
8816 err = -EOPNOTSUPP;
8817 goto out_err;
8818 }
8819
8820 while (1) {
8821 void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid,
8822 cb->nlh->nlmsg_seq, NLM_F_MULTI,
8823 NL80211_CMD_TESTMODE);
8824 struct nlattr *tmdata;
8825
8826 if (!hdr)
8827 break;
8828
8829 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, phy_idx)) {
8830 genlmsg_cancel(skb, hdr);
8831 break;
8832 }
8833
8834 tmdata = nla_nest_start(skb, NL80211_ATTR_TESTDATA);
8835 if (!tmdata) {
8836 genlmsg_cancel(skb, hdr);
8837 break;
8838 }
8839 err = rdev_testmode_dump(rdev, skb, cb, data, data_len);
8840 nla_nest_end(skb, tmdata);
8841
8842 if (err == -ENOBUFS || err == -ENOENT) {
8843 genlmsg_cancel(skb, hdr);
8844 break;
8845 } else if (err) {
8846 genlmsg_cancel(skb, hdr);
8847 goto out_err;
8848 }
8849
8850 genlmsg_end(skb, hdr);
8851 }
8852
8853 err = skb->len;
8854
8855 cb->args[0] = phy_idx + 1;
8856 out_err:
8857 rtnl_unlock();
8858 return err;
8859}
8860#endif
8861
8862static int nl80211_connect(struct sk_buff *skb, struct genl_info *info)
8863{
8864 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8865 struct net_device *dev = info->user_ptr[1];
8866 struct cfg80211_connect_params connect;
8867 struct wiphy *wiphy;
8868 struct cfg80211_cached_keys *connkeys = NULL;
8869 int err;
8870
8871 memset(&connect, 0, sizeof(connect));
8872
8873 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
8874 return -EINVAL;
8875
8876 if (!info->attrs[NL80211_ATTR_SSID] ||
8877 !nla_len(info->attrs[NL80211_ATTR_SSID]))
8878 return -EINVAL;
8879
8880 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
8881 connect.auth_type =
8882 nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
8883 if (!nl80211_valid_auth_type(rdev, connect.auth_type,
8884 NL80211_CMD_CONNECT))
8885 return -EINVAL;
8886 } else
8887 connect.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
8888
8889 connect.privacy = info->attrs[NL80211_ATTR_PRIVACY];
8890
8891 if (info->attrs[NL80211_ATTR_WANT_1X_4WAY_HS] &&
8892 !wiphy_ext_feature_isset(&rdev->wiphy,
8893 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
8894 return -EINVAL;
8895 connect.want_1x = info->attrs[NL80211_ATTR_WANT_1X_4WAY_HS];
8896
8897 err = nl80211_crypto_settings(rdev, info, &connect.crypto,
8898 NL80211_MAX_NR_CIPHER_SUITES);
8899 if (err)
8900 return err;
8901
8902 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
8903 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
8904 return -EOPNOTSUPP;
8905
8906 wiphy = &rdev->wiphy;
8907
8908 connect.bg_scan_period = -1;
8909 if (info->attrs[NL80211_ATTR_BG_SCAN_PERIOD] &&
8910 (wiphy->flags & WIPHY_FLAG_SUPPORTS_FW_ROAM)) {
8911 connect.bg_scan_period =
8912 nla_get_u16(info->attrs[NL80211_ATTR_BG_SCAN_PERIOD]);
8913 }
8914
8915 if (info->attrs[NL80211_ATTR_MAC])
8916 connect.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
8917 else if (info->attrs[NL80211_ATTR_MAC_HINT])
8918 connect.bssid_hint =
8919 nla_data(info->attrs[NL80211_ATTR_MAC_HINT]);
8920 connect.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
8921 connect.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
8922
8923 if (info->attrs[NL80211_ATTR_IE]) {
8924 connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
8925 connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
8926 }
8927
8928 if (info->attrs[NL80211_ATTR_USE_MFP]) {
8929 connect.mfp = nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
8930 if (connect.mfp != NL80211_MFP_REQUIRED &&
8931 connect.mfp != NL80211_MFP_NO)
8932 return -EINVAL;
8933 } else {
8934 connect.mfp = NL80211_MFP_NO;
8935 }
8936
8937 if (info->attrs[NL80211_ATTR_PREV_BSSID])
8938 connect.prev_bssid =
8939 nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]);
8940
8941 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
8942 connect.channel = nl80211_get_valid_chan(
8943 wiphy, info->attrs[NL80211_ATTR_WIPHY_FREQ]);
8944 if (!connect.channel)
8945 return -EINVAL;
8946 } else if (info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]) {
8947 connect.channel_hint = nl80211_get_valid_chan(
8948 wiphy, info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]);
8949 if (!connect.channel_hint)
8950 return -EINVAL;
8951 }
8952
8953 if (connect.privacy && info->attrs[NL80211_ATTR_KEYS]) {
8954 connkeys = nl80211_parse_connkeys(rdev,
8955 info->attrs[NL80211_ATTR_KEYS], NULL);
8956 if (IS_ERR(connkeys))
8957 return PTR_ERR(connkeys);
8958 }
8959
8960 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
8961 connect.flags |= ASSOC_REQ_DISABLE_HT;
8962
8963 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
8964 memcpy(&connect.ht_capa_mask,
8965 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
8966 sizeof(connect.ht_capa_mask));
8967
8968 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
8969 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) {
8970 kzfree(connkeys);
8971 return -EINVAL;
8972 }
8973 memcpy(&connect.ht_capa,
8974 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
8975 sizeof(connect.ht_capa));
8976 }
8977
8978 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT]))
8979 connect.flags |= ASSOC_REQ_DISABLE_VHT;
8980
8981 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
8982 memcpy(&connect.vht_capa_mask,
8983 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]),
8984 sizeof(connect.vht_capa_mask));
8985
8986 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {
8987 if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]) {
8988 kzfree(connkeys);
8989 return -EINVAL;
8990 }
8991 memcpy(&connect.vht_capa,
8992 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]),
8993 sizeof(connect.vht_capa));
8994 }
8995
8996 if (nla_get_flag(info->attrs[NL80211_ATTR_USE_RRM])) {
8997 if (!((rdev->wiphy.features &
8998 NL80211_FEATURE_DS_PARAM_SET_IE_IN_PROBES) &&
8999 (rdev->wiphy.features & NL80211_FEATURE_QUIET)) &&
9000 !wiphy_ext_feature_isset(&rdev->wiphy,
9001 NL80211_EXT_FEATURE_RRM)) {
9002 kzfree(connkeys);
9003 return -EINVAL;
9004 }
9005 connect.flags |= ASSOC_REQ_USE_RRM;
9006 }
9007
9008 connect.pbss = nla_get_flag(info->attrs[NL80211_ATTR_PBSS]);
9009 if (connect.pbss && !rdev->wiphy.bands[NL80211_BAND_60GHZ]) {
9010 kzfree(connkeys);
9011 return -EOPNOTSUPP;
9012 }
9013
9014 if (info->attrs[NL80211_ATTR_BSS_SELECT]) {
9015
9016 if (connect.bssid) {
9017 kzfree(connkeys);
9018 return -EINVAL;
9019 }
9020
9021 err = parse_bss_select(info->attrs[NL80211_ATTR_BSS_SELECT],
9022 wiphy, &connect.bss_select);
9023 if (err) {
9024 kzfree(connkeys);
9025 return err;
9026 }
9027 }
9028
9029 if (wiphy_ext_feature_isset(&rdev->wiphy,
9030 NL80211_EXT_FEATURE_FILS_SK_OFFLOAD) &&
9031 info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] &&
9032 info->attrs[NL80211_ATTR_FILS_ERP_REALM] &&
9033 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] &&
9034 info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
9035 connect.fils_erp_username =
9036 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
9037 connect.fils_erp_username_len =
9038 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
9039 connect.fils_erp_realm =
9040 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
9041 connect.fils_erp_realm_len =
9042 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
9043 connect.fils_erp_next_seq_num =
9044 nla_get_u16(
9045 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM]);
9046 connect.fils_erp_rrk =
9047 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
9048 connect.fils_erp_rrk_len =
9049 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
9050 } else if (info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] ||
9051 info->attrs[NL80211_ATTR_FILS_ERP_REALM] ||
9052 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] ||
9053 info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
9054 kzfree(connkeys);
9055 return -EINVAL;
9056 }
9057
9058 wdev_lock(dev->ieee80211_ptr);
9059
9060 err = cfg80211_connect(rdev, dev, &connect, connkeys,
9061 connect.prev_bssid);
9062 if (err)
9063 kzfree(connkeys);
9064
9065 if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
9066 dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid;
9067 if (connect.bssid)
9068 memcpy(dev->ieee80211_ptr->disconnect_bssid,
9069 connect.bssid, ETH_ALEN);
9070 else
9071 memset(dev->ieee80211_ptr->disconnect_bssid,
9072 0, ETH_ALEN);
9073 }
9074
9075 wdev_unlock(dev->ieee80211_ptr);
9076
9077 return err;
9078}
9079
9080static int nl80211_update_connect_params(struct sk_buff *skb,
9081 struct genl_info *info)
9082{
9083 struct cfg80211_connect_params connect = {};
9084 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9085 struct net_device *dev = info->user_ptr[1];
9086 struct wireless_dev *wdev = dev->ieee80211_ptr;
9087 u32 changed = 0;
9088 int ret;
9089
9090 if (!rdev->ops->update_connect_params)
9091 return -EOPNOTSUPP;
9092
9093 if (info->attrs[NL80211_ATTR_IE]) {
9094 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
9095 return -EINVAL;
9096 connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
9097 connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
9098 changed |= UPDATE_ASSOC_IES;
9099 }
9100
9101 wdev_lock(dev->ieee80211_ptr);
9102 if (!wdev->current_bss)
9103 ret = -ENOLINK;
9104 else
9105 ret = rdev_update_connect_params(rdev, dev, &connect, changed);
9106 wdev_unlock(dev->ieee80211_ptr);
9107
9108 return ret;
9109}
9110
9111static int nl80211_disconnect(struct sk_buff *skb, struct genl_info *info)
9112{
9113 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9114 struct net_device *dev = info->user_ptr[1];
9115 u16 reason;
9116 int ret;
9117
9118 if (!info->attrs[NL80211_ATTR_REASON_CODE])
9119 reason = WLAN_REASON_DEAUTH_LEAVING;
9120 else
9121 reason = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
9122
9123 if (reason == 0)
9124 return -EINVAL;
9125
9126 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
9127 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
9128 return -EOPNOTSUPP;
9129
9130 wdev_lock(dev->ieee80211_ptr);
9131 ret = cfg80211_disconnect(rdev, dev, reason, true);
9132 wdev_unlock(dev->ieee80211_ptr);
9133 return ret;
9134}
9135
9136static int nl80211_wiphy_netns(struct sk_buff *skb, struct genl_info *info)
9137{
9138 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9139 struct net *net;
9140 int err;
9141
9142 if (info->attrs[NL80211_ATTR_PID]) {
9143 u32 pid = nla_get_u32(info->attrs[NL80211_ATTR_PID]);
9144
9145 net = get_net_ns_by_pid(pid);
9146 } else if (info->attrs[NL80211_ATTR_NETNS_FD]) {
9147 u32 fd = nla_get_u32(info->attrs[NL80211_ATTR_NETNS_FD]);
9148
9149 net = get_net_ns_by_fd(fd);
9150 } else {
9151 return -EINVAL;
9152 }
9153
9154 if (IS_ERR(net))
9155 return PTR_ERR(net);
9156
9157 err = 0;
9158
9159
9160 if (!net_eq(wiphy_net(&rdev->wiphy), net))
9161 err = cfg80211_switch_netns(rdev, net);
9162
9163 put_net(net);
9164 return err;
9165}
9166
9167static int nl80211_setdel_pmksa(struct sk_buff *skb, struct genl_info *info)
9168{
9169 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9170 int (*rdev_ops)(struct wiphy *wiphy, struct net_device *dev,
9171 struct cfg80211_pmksa *pmksa) = NULL;
9172 struct net_device *dev = info->user_ptr[1];
9173 struct cfg80211_pmksa pmksa;
9174
9175 memset(&pmksa, 0, sizeof(struct cfg80211_pmksa));
9176
9177 if (!info->attrs[NL80211_ATTR_PMKID])
9178 return -EINVAL;
9179
9180 pmksa.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]);
9181
9182 if (info->attrs[NL80211_ATTR_MAC]) {
9183 pmksa.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
9184 } else if (info->attrs[NL80211_ATTR_SSID] &&
9185 info->attrs[NL80211_ATTR_FILS_CACHE_ID] &&
9186 (info->genlhdr->cmd == NL80211_CMD_DEL_PMKSA ||
9187 info->attrs[NL80211_ATTR_PMK])) {
9188 pmksa.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
9189 pmksa.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
9190 pmksa.cache_id =
9191 nla_data(info->attrs[NL80211_ATTR_FILS_CACHE_ID]);
9192 } else {
9193 return -EINVAL;
9194 }
9195 if (info->attrs[NL80211_ATTR_PMK]) {
9196 pmksa.pmk = nla_data(info->attrs[NL80211_ATTR_PMK]);
9197 pmksa.pmk_len = nla_len(info->attrs[NL80211_ATTR_PMK]);
9198 }
9199
9200 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
9201 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
9202 return -EOPNOTSUPP;
9203
9204 switch (info->genlhdr->cmd) {
9205 case NL80211_CMD_SET_PMKSA:
9206 rdev_ops = rdev->ops->set_pmksa;
9207 break;
9208 case NL80211_CMD_DEL_PMKSA:
9209 rdev_ops = rdev->ops->del_pmksa;
9210 break;
9211 default:
9212 WARN_ON(1);
9213 break;
9214 }
9215
9216 if (!rdev_ops)
9217 return -EOPNOTSUPP;
9218
9219 return rdev_ops(&rdev->wiphy, dev, &pmksa);
9220}
9221
9222static int nl80211_flush_pmksa(struct sk_buff *skb, struct genl_info *info)
9223{
9224 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9225 struct net_device *dev = info->user_ptr[1];
9226
9227 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
9228 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
9229 return -EOPNOTSUPP;
9230
9231 if (!rdev->ops->flush_pmksa)
9232 return -EOPNOTSUPP;
9233
9234 return rdev_flush_pmksa(rdev, dev);
9235}
9236
9237static int nl80211_tdls_mgmt(struct sk_buff *skb, struct genl_info *info)
9238{
9239 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9240 struct net_device *dev = info->user_ptr[1];
9241 u8 action_code, dialog_token;
9242 u32 peer_capability = 0;
9243 u16 status_code;
9244 u8 *peer;
9245 bool initiator;
9246
9247 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
9248 !rdev->ops->tdls_mgmt)
9249 return -EOPNOTSUPP;
9250
9251 if (!info->attrs[NL80211_ATTR_TDLS_ACTION] ||
9252 !info->attrs[NL80211_ATTR_STATUS_CODE] ||
9253 !info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN] ||
9254 !info->attrs[NL80211_ATTR_IE] ||
9255 !info->attrs[NL80211_ATTR_MAC])
9256 return -EINVAL;
9257
9258 peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
9259 action_code = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_ACTION]);
9260 status_code = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
9261 dialog_token = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN]);
9262 initiator = nla_get_flag(info->attrs[NL80211_ATTR_TDLS_INITIATOR]);
9263 if (info->attrs[NL80211_ATTR_TDLS_PEER_CAPABILITY])
9264 peer_capability =
9265 nla_get_u32(info->attrs[NL80211_ATTR_TDLS_PEER_CAPABILITY]);
9266
9267 return rdev_tdls_mgmt(rdev, dev, peer, action_code,
9268 dialog_token, status_code, peer_capability,
9269 initiator,
9270 nla_data(info->attrs[NL80211_ATTR_IE]),
9271 nla_len(info->attrs[NL80211_ATTR_IE]));
9272}
9273
9274static int nl80211_tdls_oper(struct sk_buff *skb, struct genl_info *info)
9275{
9276 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9277 struct net_device *dev = info->user_ptr[1];
9278 enum nl80211_tdls_operation operation;
9279 u8 *peer;
9280
9281 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
9282 !rdev->ops->tdls_oper)
9283 return -EOPNOTSUPP;
9284
9285 if (!info->attrs[NL80211_ATTR_TDLS_OPERATION] ||
9286 !info->attrs[NL80211_ATTR_MAC])
9287 return -EINVAL;
9288
9289 operation = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_OPERATION]);
9290 peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
9291
9292 return rdev_tdls_oper(rdev, dev, peer, operation);
9293}
9294
9295static int nl80211_remain_on_channel(struct sk_buff *skb,
9296 struct genl_info *info)
9297{
9298 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9299 struct wireless_dev *wdev = info->user_ptr[1];
9300 struct cfg80211_chan_def chandef;
9301 const struct cfg80211_chan_def *compat_chandef;
9302 struct sk_buff *msg;
9303 void *hdr;
9304 u64 cookie;
9305 u32 duration;
9306 int err;
9307
9308 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
9309 !info->attrs[NL80211_ATTR_DURATION])
9310 return -EINVAL;
9311
9312 duration = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
9313
9314 if (!rdev->ops->remain_on_channel ||
9315 !(rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL))
9316 return -EOPNOTSUPP;
9317
9318
9319
9320
9321
9322 if (duration < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
9323 duration > rdev->wiphy.max_remain_on_channel_duration)
9324 return -EINVAL;
9325
9326 err = nl80211_parse_chandef(rdev, info, &chandef);
9327 if (err)
9328 return err;
9329
9330 wdev_lock(wdev);
9331 if (!cfg80211_off_channel_oper_allowed(wdev) &&
9332 !cfg80211_chandef_identical(&wdev->chandef, &chandef)) {
9333 compat_chandef = cfg80211_chandef_compatible(&wdev->chandef,
9334 &chandef);
9335 if (compat_chandef != &chandef) {
9336 wdev_unlock(wdev);
9337 return -EBUSY;
9338 }
9339 }
9340 wdev_unlock(wdev);
9341
9342 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
9343 if (!msg)
9344 return -ENOMEM;
9345
9346 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
9347 NL80211_CMD_REMAIN_ON_CHANNEL);
9348 if (!hdr) {
9349 err = -ENOBUFS;
9350 goto free_msg;
9351 }
9352
9353 err = rdev_remain_on_channel(rdev, wdev, chandef.chan,
9354 duration, &cookie);
9355
9356 if (err)
9357 goto free_msg;
9358
9359 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
9360 NL80211_ATTR_PAD))
9361 goto nla_put_failure;
9362
9363 genlmsg_end(msg, hdr);
9364
9365 return genlmsg_reply(msg, info);
9366
9367 nla_put_failure:
9368 err = -ENOBUFS;
9369 free_msg:
9370 nlmsg_free(msg);
9371 return err;
9372}
9373
9374static int nl80211_cancel_remain_on_channel(struct sk_buff *skb,
9375 struct genl_info *info)
9376{
9377 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9378 struct wireless_dev *wdev = info->user_ptr[1];
9379 u64 cookie;
9380
9381 if (!info->attrs[NL80211_ATTR_COOKIE])
9382 return -EINVAL;
9383
9384 if (!rdev->ops->cancel_remain_on_channel)
9385 return -EOPNOTSUPP;
9386
9387 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
9388
9389 return rdev_cancel_remain_on_channel(rdev, wdev, cookie);
9390}
9391
9392static int nl80211_set_tx_bitrate_mask(struct sk_buff *skb,
9393 struct genl_info *info)
9394{
9395 struct cfg80211_bitrate_mask mask;
9396 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9397 struct net_device *dev = info->user_ptr[1];
9398 int err;
9399
9400 if (!rdev->ops->set_bitrate_mask)
9401 return -EOPNOTSUPP;
9402
9403 err = nl80211_parse_tx_bitrate_mask(info, &mask);
9404 if (err)
9405 return err;
9406
9407 return rdev_set_bitrate_mask(rdev, dev, NULL, &mask);
9408}
9409
9410static int nl80211_register_mgmt(struct sk_buff *skb, struct genl_info *info)
9411{
9412 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9413 struct wireless_dev *wdev = info->user_ptr[1];
9414 u16 frame_type = IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_ACTION;
9415
9416 if (!info->attrs[NL80211_ATTR_FRAME_MATCH])
9417 return -EINVAL;
9418
9419 if (info->attrs[NL80211_ATTR_FRAME_TYPE])
9420 frame_type = nla_get_u16(info->attrs[NL80211_ATTR_FRAME_TYPE]);
9421
9422 switch (wdev->iftype) {
9423 case NL80211_IFTYPE_STATION:
9424 case NL80211_IFTYPE_ADHOC:
9425 case NL80211_IFTYPE_P2P_CLIENT:
9426 case NL80211_IFTYPE_AP:
9427 case NL80211_IFTYPE_AP_VLAN:
9428 case NL80211_IFTYPE_MESH_POINT:
9429 case NL80211_IFTYPE_P2P_GO:
9430 case NL80211_IFTYPE_P2P_DEVICE:
9431 break;
9432 case NL80211_IFTYPE_NAN:
9433 default:
9434 return -EOPNOTSUPP;
9435 }
9436
9437
9438 if (!rdev->ops->mgmt_tx)
9439 return -EOPNOTSUPP;
9440
9441 return cfg80211_mlme_register_mgmt(wdev, info->snd_portid, frame_type,
9442 nla_data(info->attrs[NL80211_ATTR_FRAME_MATCH]),
9443 nla_len(info->attrs[NL80211_ATTR_FRAME_MATCH]));
9444}
9445
9446static int nl80211_tx_mgmt(struct sk_buff *skb, struct genl_info *info)
9447{
9448 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9449 struct wireless_dev *wdev = info->user_ptr[1];
9450 struct cfg80211_chan_def chandef;
9451 int err;
9452 void *hdr = NULL;
9453 u64 cookie;
9454 struct sk_buff *msg = NULL;
9455 struct cfg80211_mgmt_tx_params params = {
9456 .dont_wait_for_ack =
9457 info->attrs[NL80211_ATTR_DONT_WAIT_FOR_ACK],
9458 };
9459
9460 if (!info->attrs[NL80211_ATTR_FRAME])
9461 return -EINVAL;
9462
9463 if (!rdev->ops->mgmt_tx)
9464 return -EOPNOTSUPP;
9465
9466 switch (wdev->iftype) {
9467 case NL80211_IFTYPE_P2P_DEVICE:
9468 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
9469 return -EINVAL;
9470 case NL80211_IFTYPE_STATION:
9471 case NL80211_IFTYPE_ADHOC:
9472 case NL80211_IFTYPE_P2P_CLIENT:
9473 case NL80211_IFTYPE_AP:
9474 case NL80211_IFTYPE_AP_VLAN:
9475 case NL80211_IFTYPE_MESH_POINT:
9476 case NL80211_IFTYPE_P2P_GO:
9477 break;
9478 case NL80211_IFTYPE_NAN:
9479 default:
9480 return -EOPNOTSUPP;
9481 }
9482
9483 if (info->attrs[NL80211_ATTR_DURATION]) {
9484 if (!(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
9485 return -EINVAL;
9486 params.wait = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
9487
9488
9489
9490
9491
9492 if (params.wait < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
9493 params.wait > rdev->wiphy.max_remain_on_channel_duration)
9494 return -EINVAL;
9495 }
9496
9497 params.offchan = info->attrs[NL80211_ATTR_OFFCHANNEL_TX_OK];
9498
9499 if (params.offchan && !(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
9500 return -EINVAL;
9501
9502 params.no_cck = nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
9503
9504
9505
9506
9507 chandef.chan = NULL;
9508 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
9509 err = nl80211_parse_chandef(rdev, info, &chandef);
9510 if (err)
9511 return err;
9512 }
9513
9514 if (!chandef.chan && params.offchan)
9515 return -EINVAL;
9516
9517 wdev_lock(wdev);
9518 if (params.offchan && !cfg80211_off_channel_oper_allowed(wdev)) {
9519 wdev_unlock(wdev);
9520 return -EBUSY;
9521 }
9522 wdev_unlock(wdev);
9523
9524 params.buf = nla_data(info->attrs[NL80211_ATTR_FRAME]);
9525 params.len = nla_len(info->attrs[NL80211_ATTR_FRAME]);
9526
9527 if (info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]) {
9528 int len = nla_len(info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]);
9529 int i;
9530
9531 if (len % sizeof(u16))
9532 return -EINVAL;
9533
9534 params.n_csa_offsets = len / sizeof(u16);
9535 params.csa_offsets =
9536 nla_data(info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]);
9537
9538
9539 for (i = 0; i < params.n_csa_offsets; i++) {
9540 if (params.csa_offsets[i] >= params.len)
9541 return -EINVAL;
9542 }
9543 }
9544
9545 if (!params.dont_wait_for_ack) {
9546 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
9547 if (!msg)
9548 return -ENOMEM;
9549
9550 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
9551 NL80211_CMD_FRAME);
9552 if (!hdr) {
9553 err = -ENOBUFS;
9554 goto free_msg;
9555 }
9556 }
9557
9558 params.chan = chandef.chan;
9559 err = cfg80211_mlme_mgmt_tx(rdev, wdev, ¶ms, &cookie);
9560 if (err)
9561 goto free_msg;
9562
9563 if (msg) {
9564 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
9565 NL80211_ATTR_PAD))
9566 goto nla_put_failure;
9567
9568 genlmsg_end(msg, hdr);
9569 return genlmsg_reply(msg, info);
9570 }
9571
9572 return 0;
9573
9574 nla_put_failure:
9575 err = -ENOBUFS;
9576 free_msg:
9577 nlmsg_free(msg);
9578 return err;
9579}
9580
9581static int nl80211_tx_mgmt_cancel_wait(struct sk_buff *skb, struct genl_info *info)
9582{
9583 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9584 struct wireless_dev *wdev = info->user_ptr[1];
9585 u64 cookie;
9586
9587 if (!info->attrs[NL80211_ATTR_COOKIE])
9588 return -EINVAL;
9589
9590 if (!rdev->ops->mgmt_tx_cancel_wait)
9591 return -EOPNOTSUPP;
9592
9593 switch (wdev->iftype) {
9594 case NL80211_IFTYPE_STATION:
9595 case NL80211_IFTYPE_ADHOC:
9596 case NL80211_IFTYPE_P2P_CLIENT:
9597 case NL80211_IFTYPE_AP:
9598 case NL80211_IFTYPE_AP_VLAN:
9599 case NL80211_IFTYPE_P2P_GO:
9600 case NL80211_IFTYPE_P2P_DEVICE:
9601 break;
9602 case NL80211_IFTYPE_NAN:
9603 default:
9604 return -EOPNOTSUPP;
9605 }
9606
9607 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
9608
9609 return rdev_mgmt_tx_cancel_wait(rdev, wdev, cookie);
9610}
9611
9612static int nl80211_set_power_save(struct sk_buff *skb, struct genl_info *info)
9613{
9614 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9615 struct wireless_dev *wdev;
9616 struct net_device *dev = info->user_ptr[1];
9617 u8 ps_state;
9618 bool state;
9619 int err;
9620
9621 if (!info->attrs[NL80211_ATTR_PS_STATE])
9622 return -EINVAL;
9623
9624 ps_state = nla_get_u32(info->attrs[NL80211_ATTR_PS_STATE]);
9625
9626 if (ps_state != NL80211_PS_DISABLED && ps_state != NL80211_PS_ENABLED)
9627 return -EINVAL;
9628
9629 wdev = dev->ieee80211_ptr;
9630
9631 if (!rdev->ops->set_power_mgmt)
9632 return -EOPNOTSUPP;
9633
9634 state = (ps_state == NL80211_PS_ENABLED) ? true : false;
9635
9636 if (state == wdev->ps)
9637 return 0;
9638
9639 err = rdev_set_power_mgmt(rdev, dev, state, wdev->ps_timeout);
9640 if (!err)
9641 wdev->ps = state;
9642 return err;
9643}
9644
9645static int nl80211_get_power_save(struct sk_buff *skb, struct genl_info *info)
9646{
9647 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9648 enum nl80211_ps_state ps_state;
9649 struct wireless_dev *wdev;
9650 struct net_device *dev = info->user_ptr[1];
9651 struct sk_buff *msg;
9652 void *hdr;
9653 int err;
9654
9655 wdev = dev->ieee80211_ptr;
9656
9657 if (!rdev->ops->set_power_mgmt)
9658 return -EOPNOTSUPP;
9659
9660 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
9661 if (!msg)
9662 return -ENOMEM;
9663
9664 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
9665 NL80211_CMD_GET_POWER_SAVE);
9666 if (!hdr) {
9667 err = -ENOBUFS;
9668 goto free_msg;
9669 }
9670
9671 if (wdev->ps)
9672 ps_state = NL80211_PS_ENABLED;
9673 else
9674 ps_state = NL80211_PS_DISABLED;
9675
9676 if (nla_put_u32(msg, NL80211_ATTR_PS_STATE, ps_state))
9677 goto nla_put_failure;
9678
9679 genlmsg_end(msg, hdr);
9680 return genlmsg_reply(msg, info);
9681
9682 nla_put_failure:
9683 err = -ENOBUFS;
9684 free_msg:
9685 nlmsg_free(msg);
9686 return err;
9687}
9688
9689static const struct nla_policy
9690nl80211_attr_cqm_policy[NL80211_ATTR_CQM_MAX + 1] = {
9691 [NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_BINARY },
9692 [NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U32 },
9693 [NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 },
9694 [NL80211_ATTR_CQM_TXE_RATE] = { .type = NLA_U32 },
9695 [NL80211_ATTR_CQM_TXE_PKTS] = { .type = NLA_U32 },
9696 [NL80211_ATTR_CQM_TXE_INTVL] = { .type = NLA_U32 },
9697 [NL80211_ATTR_CQM_RSSI_LEVEL] = { .type = NLA_S32 },
9698};
9699
9700static int nl80211_set_cqm_txe(struct genl_info *info,
9701 u32 rate, u32 pkts, u32 intvl)
9702{
9703 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9704 struct net_device *dev = info->user_ptr[1];
9705 struct wireless_dev *wdev = dev->ieee80211_ptr;
9706
9707 if (rate > 100 || intvl > NL80211_CQM_TXE_MAX_INTVL)
9708 return -EINVAL;
9709
9710 if (!rdev->ops->set_cqm_txe_config)
9711 return -EOPNOTSUPP;
9712
9713 if (wdev->iftype != NL80211_IFTYPE_STATION &&
9714 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
9715 return -EOPNOTSUPP;
9716
9717 return rdev_set_cqm_txe_config(rdev, dev, rate, pkts, intvl);
9718}
9719
9720static int cfg80211_cqm_rssi_update(struct cfg80211_registered_device *rdev,
9721 struct net_device *dev)
9722{
9723 struct wireless_dev *wdev = dev->ieee80211_ptr;
9724 s32 last, low, high;
9725 u32 hyst;
9726 int i, n;
9727 int err;
9728
9729
9730 if (!wdev->cqm_config)
9731 return rdev_set_cqm_rssi_range_config(rdev, dev, 0, 0);
9732
9733
9734
9735
9736
9737
9738
9739 if (!wdev->cqm_config->last_rssi_event_value && wdev->current_bss &&
9740 rdev->ops->get_station) {
9741 struct station_info sinfo;
9742 u8 *mac_addr;
9743
9744 mac_addr = wdev->current_bss->pub.bssid;
9745
9746 err = rdev_get_station(rdev, dev, mac_addr, &sinfo);
9747 if (err)
9748 return err;
9749
9750 if (sinfo.filled & BIT(NL80211_STA_INFO_BEACON_SIGNAL_AVG))
9751 wdev->cqm_config->last_rssi_event_value =
9752 (s8) sinfo.rx_beacon_signal_avg;
9753 }
9754
9755 last = wdev->cqm_config->last_rssi_event_value;
9756 hyst = wdev->cqm_config->rssi_hyst;
9757 n = wdev->cqm_config->n_rssi_thresholds;
9758
9759 for (i = 0; i < n; i++)
9760 if (last < wdev->cqm_config->rssi_thresholds[i])
9761 break;
9762
9763 low = i > 0 ?
9764 (wdev->cqm_config->rssi_thresholds[i - 1] - hyst) : S32_MIN;
9765 high = i < n ?
9766 (wdev->cqm_config->rssi_thresholds[i] + hyst - 1) : S32_MAX;
9767
9768 return rdev_set_cqm_rssi_range_config(rdev, dev, low, high);
9769}
9770
9771static int nl80211_set_cqm_rssi(struct genl_info *info,
9772 const s32 *thresholds, int n_thresholds,
9773 u32 hysteresis)
9774{
9775 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9776 struct net_device *dev = info->user_ptr[1];
9777 struct wireless_dev *wdev = dev->ieee80211_ptr;
9778 int i, err;
9779 s32 prev = S32_MIN;
9780
9781
9782 for (i = 0; i < n_thresholds; i++) {
9783 if (thresholds[i] > 0 || thresholds[i] <= prev)
9784 return -EINVAL;
9785
9786 prev = thresholds[i];
9787 }
9788
9789 if (wdev->iftype != NL80211_IFTYPE_STATION &&
9790 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
9791 return -EOPNOTSUPP;
9792
9793 wdev_lock(wdev);
9794 cfg80211_cqm_config_free(wdev);
9795 wdev_unlock(wdev);
9796
9797 if (n_thresholds <= 1 && rdev->ops->set_cqm_rssi_config) {
9798 if (n_thresholds == 0 || thresholds[0] == 0)
9799 return rdev_set_cqm_rssi_config(rdev, dev, 0, 0);
9800
9801 return rdev_set_cqm_rssi_config(rdev, dev,
9802 thresholds[0], hysteresis);
9803 }
9804
9805 if (!wiphy_ext_feature_isset(&rdev->wiphy,
9806 NL80211_EXT_FEATURE_CQM_RSSI_LIST))
9807 return -EOPNOTSUPP;
9808
9809 if (n_thresholds == 1 && thresholds[0] == 0)
9810 n_thresholds = 0;
9811
9812 wdev_lock(wdev);
9813 if (n_thresholds) {
9814 struct cfg80211_cqm_config *cqm_config;
9815
9816 cqm_config = kzalloc(sizeof(struct cfg80211_cqm_config) +
9817 n_thresholds * sizeof(s32), GFP_KERNEL);
9818 if (!cqm_config) {
9819 err = -ENOMEM;
9820 goto unlock;
9821 }
9822
9823 cqm_config->rssi_hyst = hysteresis;
9824 cqm_config->n_rssi_thresholds = n_thresholds;
9825 memcpy(cqm_config->rssi_thresholds, thresholds,
9826 n_thresholds * sizeof(s32));
9827
9828 wdev->cqm_config = cqm_config;
9829 }
9830
9831 err = cfg80211_cqm_rssi_update(rdev, dev);
9832
9833unlock:
9834 wdev_unlock(wdev);
9835
9836 return err;
9837}
9838
9839static int nl80211_set_cqm(struct sk_buff *skb, struct genl_info *info)
9840{
9841 struct nlattr *attrs[NL80211_ATTR_CQM_MAX + 1];
9842 struct nlattr *cqm;
9843 int err;
9844
9845 cqm = info->attrs[NL80211_ATTR_CQM];
9846 if (!cqm)
9847 return -EINVAL;
9848
9849 err = nla_parse_nested(attrs, NL80211_ATTR_CQM_MAX, cqm,
9850 nl80211_attr_cqm_policy);
9851 if (err)
9852 return err;
9853
9854 if (attrs[NL80211_ATTR_CQM_RSSI_THOLD] &&
9855 attrs[NL80211_ATTR_CQM_RSSI_HYST]) {
9856 const s32 *thresholds =
9857 nla_data(attrs[NL80211_ATTR_CQM_RSSI_THOLD]);
9858 int len = nla_len(attrs[NL80211_ATTR_CQM_RSSI_THOLD]);
9859 u32 hysteresis = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_HYST]);
9860
9861 if (len % 4)
9862 return -EINVAL;
9863
9864 return nl80211_set_cqm_rssi(info, thresholds, len / 4,
9865 hysteresis);
9866 }
9867
9868 if (attrs[NL80211_ATTR_CQM_TXE_RATE] &&
9869 attrs[NL80211_ATTR_CQM_TXE_PKTS] &&
9870 attrs[NL80211_ATTR_CQM_TXE_INTVL]) {
9871 u32 rate = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_RATE]);
9872 u32 pkts = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_PKTS]);
9873 u32 intvl = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_INTVL]);
9874
9875 return nl80211_set_cqm_txe(info, rate, pkts, intvl);
9876 }
9877
9878 return -EINVAL;
9879}
9880
9881static int nl80211_join_ocb(struct sk_buff *skb, struct genl_info *info)
9882{
9883 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9884 struct net_device *dev = info->user_ptr[1];
9885 struct ocb_setup setup = {};
9886 int err;
9887
9888 err = nl80211_parse_chandef(rdev, info, &setup.chandef);
9889 if (err)
9890 return err;
9891
9892 return cfg80211_join_ocb(rdev, dev, &setup);
9893}
9894
9895static int nl80211_leave_ocb(struct sk_buff *skb, struct genl_info *info)
9896{
9897 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9898 struct net_device *dev = info->user_ptr[1];
9899
9900 return cfg80211_leave_ocb(rdev, dev);
9901}
9902
9903static int nl80211_join_mesh(struct sk_buff *skb, struct genl_info *info)
9904{
9905 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9906 struct net_device *dev = info->user_ptr[1];
9907 struct mesh_config cfg;
9908 struct mesh_setup setup;
9909 int err;
9910
9911
9912 memcpy(&cfg, &default_mesh_config, sizeof(cfg));
9913 memcpy(&setup, &default_mesh_setup, sizeof(setup));
9914
9915 if (info->attrs[NL80211_ATTR_MESH_CONFIG]) {
9916
9917 err = nl80211_parse_mesh_config(info, &cfg, NULL);
9918 if (err)
9919 return err;
9920 }
9921
9922 if (!info->attrs[NL80211_ATTR_MESH_ID] ||
9923 !nla_len(info->attrs[NL80211_ATTR_MESH_ID]))
9924 return -EINVAL;
9925
9926 setup.mesh_id = nla_data(info->attrs[NL80211_ATTR_MESH_ID]);
9927 setup.mesh_id_len = nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
9928
9929 if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
9930 !nl80211_parse_mcast_rate(rdev, setup.mcast_rate,
9931 nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
9932 return -EINVAL;
9933
9934 if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) {
9935 setup.beacon_interval =
9936 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
9937
9938 err = cfg80211_validate_beacon_int(rdev,
9939 NL80211_IFTYPE_MESH_POINT,
9940 setup.beacon_interval);
9941 if (err)
9942 return err;
9943 }
9944
9945 if (info->attrs[NL80211_ATTR_DTIM_PERIOD]) {
9946 setup.dtim_period =
9947 nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
9948 if (setup.dtim_period < 1 || setup.dtim_period > 100)
9949 return -EINVAL;
9950 }
9951
9952 if (info->attrs[NL80211_ATTR_MESH_SETUP]) {
9953
9954 err = nl80211_parse_mesh_setup(info, &setup);
9955 if (err)
9956 return err;
9957 }
9958
9959 if (setup.user_mpm)
9960 cfg.auto_open_plinks = false;
9961
9962 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
9963 err = nl80211_parse_chandef(rdev, info, &setup.chandef);
9964 if (err)
9965 return err;
9966 } else {
9967
9968 setup.chandef.chan = NULL;
9969 }
9970
9971 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
9972 u8 *rates = nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
9973 int n_rates =
9974 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
9975 struct ieee80211_supported_band *sband;
9976
9977 if (!setup.chandef.chan)
9978 return -EINVAL;
9979
9980 sband = rdev->wiphy.bands[setup.chandef.chan->band];
9981
9982 err = ieee80211_get_ratemask(sband, rates, n_rates,
9983 &setup.basic_rates);
9984 if (err)
9985 return err;
9986 }
9987
9988 if (info->attrs[NL80211_ATTR_TX_RATES]) {
9989 err = nl80211_parse_tx_bitrate_mask(info, &setup.beacon_rate);
9990 if (err)
9991 return err;
9992
9993 if (!setup.chandef.chan)
9994 return -EINVAL;
9995
9996 err = validate_beacon_tx_rate(rdev, setup.chandef.chan->band,
9997 &setup.beacon_rate);
9998 if (err)
9999 return err;
10000 }
10001
10002 setup.userspace_handles_dfs =
10003 nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS]);
10004
10005 return cfg80211_join_mesh(rdev, dev, &setup, &cfg);
10006}
10007
10008static int nl80211_leave_mesh(struct sk_buff *skb, struct genl_info *info)
10009{
10010 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10011 struct net_device *dev = info->user_ptr[1];
10012
10013 return cfg80211_leave_mesh(rdev, dev);
10014}
10015
10016#ifdef CONFIG_PM
10017static int nl80211_send_wowlan_patterns(struct sk_buff *msg,
10018 struct cfg80211_registered_device *rdev)
10019{
10020 struct cfg80211_wowlan *wowlan = rdev->wiphy.wowlan_config;
10021 struct nlattr *nl_pats, *nl_pat;
10022 int i, pat_len;
10023
10024 if (!wowlan->n_patterns)
10025 return 0;
10026
10027 nl_pats = nla_nest_start(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN);
10028 if (!nl_pats)
10029 return -ENOBUFS;
10030
10031 for (i = 0; i < wowlan->n_patterns; i++) {
10032 nl_pat = nla_nest_start(msg, i + 1);
10033 if (!nl_pat)
10034 return -ENOBUFS;
10035 pat_len = wowlan->patterns[i].pattern_len;
10036 if (nla_put(msg, NL80211_PKTPAT_MASK, DIV_ROUND_UP(pat_len, 8),
10037 wowlan->patterns[i].mask) ||
10038 nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len,
10039 wowlan->patterns[i].pattern) ||
10040 nla_put_u32(msg, NL80211_PKTPAT_OFFSET,
10041 wowlan->patterns[i].pkt_offset))
10042 return -ENOBUFS;
10043 nla_nest_end(msg, nl_pat);
10044 }
10045 nla_nest_end(msg, nl_pats);
10046
10047 return 0;
10048}
10049
10050static int nl80211_send_wowlan_tcp(struct sk_buff *msg,
10051 struct cfg80211_wowlan_tcp *tcp)
10052{
10053 struct nlattr *nl_tcp;
10054
10055 if (!tcp)
10056 return 0;
10057
10058 nl_tcp = nla_nest_start(msg, NL80211_WOWLAN_TRIG_TCP_CONNECTION);
10059 if (!nl_tcp)
10060 return -ENOBUFS;
10061
10062 if (nla_put_in_addr(msg, NL80211_WOWLAN_TCP_SRC_IPV4, tcp->src) ||
10063 nla_put_in_addr(msg, NL80211_WOWLAN_TCP_DST_IPV4, tcp->dst) ||
10064 nla_put(msg, NL80211_WOWLAN_TCP_DST_MAC, ETH_ALEN, tcp->dst_mac) ||
10065 nla_put_u16(msg, NL80211_WOWLAN_TCP_SRC_PORT, tcp->src_port) ||
10066 nla_put_u16(msg, NL80211_WOWLAN_TCP_DST_PORT, tcp->dst_port) ||
10067 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
10068 tcp->payload_len, tcp->payload) ||
10069 nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
10070 tcp->data_interval) ||
10071 nla_put(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
10072 tcp->wake_len, tcp->wake_data) ||
10073 nla_put(msg, NL80211_WOWLAN_TCP_WAKE_MASK,
10074 DIV_ROUND_UP(tcp->wake_len, 8), tcp->wake_mask))
10075 return -ENOBUFS;
10076
10077 if (tcp->payload_seq.len &&
10078 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ,
10079 sizeof(tcp->payload_seq), &tcp->payload_seq))
10080 return -ENOBUFS;
10081
10082 if (tcp->payload_tok.len &&
10083 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
10084 sizeof(tcp->payload_tok) + tcp->tokens_size,
10085 &tcp->payload_tok))
10086 return -ENOBUFS;
10087
10088 nla_nest_end(msg, nl_tcp);
10089
10090 return 0;
10091}
10092
10093static int nl80211_send_wowlan_nd(struct sk_buff *msg,
10094 struct cfg80211_sched_scan_request *req)
10095{
10096 struct nlattr *nd, *freqs, *matches, *match, *scan_plans, *scan_plan;
10097 int i;
10098
10099 if (!req)
10100 return 0;
10101
10102 nd = nla_nest_start(msg, NL80211_WOWLAN_TRIG_NET_DETECT);
10103 if (!nd)
10104 return -ENOBUFS;
10105
10106 if (req->n_scan_plans == 1 &&
10107 nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_INTERVAL,
10108 req->scan_plans[0].interval * 1000))
10109 return -ENOBUFS;
10110
10111 if (nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_DELAY, req->delay))
10112 return -ENOBUFS;
10113
10114 if (req->relative_rssi_set) {
10115 struct nl80211_bss_select_rssi_adjust rssi_adjust;
10116
10117 if (nla_put_s8(msg, NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI,
10118 req->relative_rssi))
10119 return -ENOBUFS;
10120
10121 rssi_adjust.band = req->rssi_adjust.band;
10122 rssi_adjust.delta = req->rssi_adjust.delta;
10123 if (nla_put(msg, NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST,
10124 sizeof(rssi_adjust), &rssi_adjust))
10125 return -ENOBUFS;
10126 }
10127
10128 freqs = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQUENCIES);
10129 if (!freqs)
10130 return -ENOBUFS;
10131
10132 for (i = 0; i < req->n_channels; i++) {
10133 if (nla_put_u32(msg, i, req->channels[i]->center_freq))
10134 return -ENOBUFS;
10135 }
10136
10137 nla_nest_end(msg, freqs);
10138
10139 if (req->n_match_sets) {
10140 matches = nla_nest_start(msg, NL80211_ATTR_SCHED_SCAN_MATCH);
10141 if (!matches)
10142 return -ENOBUFS;
10143
10144 for (i = 0; i < req->n_match_sets; i++) {
10145 match = nla_nest_start(msg, i);
10146 if (!match)
10147 return -ENOBUFS;
10148
10149 if (nla_put(msg, NL80211_SCHED_SCAN_MATCH_ATTR_SSID,
10150 req->match_sets[i].ssid.ssid_len,
10151 req->match_sets[i].ssid.ssid))
10152 return -ENOBUFS;
10153 nla_nest_end(msg, match);
10154 }
10155 nla_nest_end(msg, matches);
10156 }
10157
10158 scan_plans = nla_nest_start(msg, NL80211_ATTR_SCHED_SCAN_PLANS);
10159 if (!scan_plans)
10160 return -ENOBUFS;
10161
10162 for (i = 0; i < req->n_scan_plans; i++) {
10163 scan_plan = nla_nest_start(msg, i + 1);
10164 if (!scan_plan)
10165 return -ENOBUFS;
10166
10167 if (!scan_plan ||
10168 nla_put_u32(msg, NL80211_SCHED_SCAN_PLAN_INTERVAL,
10169 req->scan_plans[i].interval) ||
10170 (req->scan_plans[i].iterations &&
10171 nla_put_u32(msg, NL80211_SCHED_SCAN_PLAN_ITERATIONS,
10172 req->scan_plans[i].iterations)))
10173 return -ENOBUFS;
10174 nla_nest_end(msg, scan_plan);
10175 }
10176 nla_nest_end(msg, scan_plans);
10177
10178 nla_nest_end(msg, nd);
10179
10180 return 0;
10181}
10182
10183static int nl80211_get_wowlan(struct sk_buff *skb, struct genl_info *info)
10184{
10185 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10186 struct sk_buff *msg;
10187 void *hdr;
10188 u32 size = NLMSG_DEFAULT_SIZE;
10189
10190 if (!rdev->wiphy.wowlan)
10191 return -EOPNOTSUPP;
10192
10193 if (rdev->wiphy.wowlan_config && rdev->wiphy.wowlan_config->tcp) {
10194
10195 size += rdev->wiphy.wowlan_config->tcp->tokens_size +
10196 rdev->wiphy.wowlan_config->tcp->payload_len +
10197 rdev->wiphy.wowlan_config->tcp->wake_len +
10198 rdev->wiphy.wowlan_config->tcp->wake_len / 8;
10199 }
10200
10201 msg = nlmsg_new(size, GFP_KERNEL);
10202 if (!msg)
10203 return -ENOMEM;
10204
10205 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
10206 NL80211_CMD_GET_WOWLAN);
10207 if (!hdr)
10208 goto nla_put_failure;
10209
10210 if (rdev->wiphy.wowlan_config) {
10211 struct nlattr *nl_wowlan;
10212
10213 nl_wowlan = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS);
10214 if (!nl_wowlan)
10215 goto nla_put_failure;
10216
10217 if ((rdev->wiphy.wowlan_config->any &&
10218 nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
10219 (rdev->wiphy.wowlan_config->disconnect &&
10220 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
10221 (rdev->wiphy.wowlan_config->magic_pkt &&
10222 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
10223 (rdev->wiphy.wowlan_config->gtk_rekey_failure &&
10224 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
10225 (rdev->wiphy.wowlan_config->eap_identity_req &&
10226 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
10227 (rdev->wiphy.wowlan_config->four_way_handshake &&
10228 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
10229 (rdev->wiphy.wowlan_config->rfkill_release &&
10230 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
10231 goto nla_put_failure;
10232
10233 if (nl80211_send_wowlan_patterns(msg, rdev))
10234 goto nla_put_failure;
10235
10236 if (nl80211_send_wowlan_tcp(msg,
10237 rdev->wiphy.wowlan_config->tcp))
10238 goto nla_put_failure;
10239
10240 if (nl80211_send_wowlan_nd(
10241 msg,
10242 rdev->wiphy.wowlan_config->nd_config))
10243 goto nla_put_failure;
10244
10245 nla_nest_end(msg, nl_wowlan);
10246 }
10247
10248 genlmsg_end(msg, hdr);
10249 return genlmsg_reply(msg, info);
10250
10251nla_put_failure:
10252 nlmsg_free(msg);
10253 return -ENOBUFS;
10254}
10255
10256static int nl80211_parse_wowlan_tcp(struct cfg80211_registered_device *rdev,
10257 struct nlattr *attr,
10258 struct cfg80211_wowlan *trig)
10259{
10260 struct nlattr *tb[NUM_NL80211_WOWLAN_TCP];
10261 struct cfg80211_wowlan_tcp *cfg;
10262 struct nl80211_wowlan_tcp_data_token *tok = NULL;
10263 struct nl80211_wowlan_tcp_data_seq *seq = NULL;
10264 u32 size;
10265 u32 data_size, wake_size, tokens_size = 0, wake_mask_size;
10266 int err, port;
10267
10268 if (!rdev->wiphy.wowlan->tcp)
10269 return -EINVAL;
10270
10271 err = nla_parse_nested(tb, MAX_NL80211_WOWLAN_TCP, attr,
10272 nl80211_wowlan_tcp_policy);
10273 if (err)
10274 return err;
10275
10276 if (!tb[NL80211_WOWLAN_TCP_SRC_IPV4] ||
10277 !tb[NL80211_WOWLAN_TCP_DST_IPV4] ||
10278 !tb[NL80211_WOWLAN_TCP_DST_MAC] ||
10279 !tb[NL80211_WOWLAN_TCP_DST_PORT] ||
10280 !tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD] ||
10281 !tb[NL80211_WOWLAN_TCP_DATA_INTERVAL] ||
10282 !tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD] ||
10283 !tb[NL80211_WOWLAN_TCP_WAKE_MASK])
10284 return -EINVAL;
10285
10286 data_size = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]);
10287 if (data_size > rdev->wiphy.wowlan->tcp->data_payload_max)
10288 return -EINVAL;
10289
10290 if (nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) >
10291 rdev->wiphy.wowlan->tcp->data_interval_max ||
10292 nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) == 0)
10293 return -EINVAL;
10294
10295 wake_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]);
10296 if (wake_size > rdev->wiphy.wowlan->tcp->wake_payload_max)
10297 return -EINVAL;
10298
10299 wake_mask_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_MASK]);
10300 if (wake_mask_size != DIV_ROUND_UP(wake_size, 8))
10301 return -EINVAL;
10302
10303 if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]) {
10304 u32 tokln = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]);
10305
10306 tok = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]);
10307 tokens_size = tokln - sizeof(*tok);
10308
10309 if (!tok->len || tokens_size % tok->len)
10310 return -EINVAL;
10311 if (!rdev->wiphy.wowlan->tcp->tok)
10312 return -EINVAL;
10313 if (tok->len > rdev->wiphy.wowlan->tcp->tok->max_len)
10314 return -EINVAL;
10315 if (tok->len < rdev->wiphy.wowlan->tcp->tok->min_len)
10316 return -EINVAL;
10317 if (tokens_size > rdev->wiphy.wowlan->tcp->tok->bufsize)
10318 return -EINVAL;
10319 if (tok->offset + tok->len > data_size)
10320 return -EINVAL;
10321 }
10322
10323 if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]) {
10324 seq = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]);
10325 if (!rdev->wiphy.wowlan->tcp->seq)
10326 return -EINVAL;
10327 if (seq->len == 0 || seq->len > 4)
10328 return -EINVAL;
10329 if (seq->len + seq->offset > data_size)
10330 return -EINVAL;
10331 }
10332
10333 size = sizeof(*cfg);
10334 size += data_size;
10335 size += wake_size + wake_mask_size;
10336 size += tokens_size;
10337
10338 cfg = kzalloc(size, GFP_KERNEL);
10339 if (!cfg)
10340 return -ENOMEM;
10341 cfg->src = nla_get_in_addr(tb[NL80211_WOWLAN_TCP_SRC_IPV4]);
10342 cfg->dst = nla_get_in_addr(tb[NL80211_WOWLAN_TCP_DST_IPV4]);
10343 memcpy(cfg->dst_mac, nla_data(tb[NL80211_WOWLAN_TCP_DST_MAC]),
10344 ETH_ALEN);
10345 if (tb[NL80211_WOWLAN_TCP_SRC_PORT])
10346 port = nla_get_u16(tb[NL80211_WOWLAN_TCP_SRC_PORT]);
10347 else
10348 port = 0;
10349#ifdef CONFIG_INET
10350
10351 err = __sock_create(wiphy_net(&rdev->wiphy), PF_INET, SOCK_STREAM,
10352 IPPROTO_TCP, &cfg->sock, 1);
10353 if (err) {
10354 kfree(cfg);
10355 return err;
10356 }
10357 if (inet_csk_get_port(cfg->sock->sk, port)) {
10358 sock_release(cfg->sock);
10359 kfree(cfg);
10360 return -EADDRINUSE;
10361 }
10362 cfg->src_port = inet_sk(cfg->sock->sk)->inet_num;
10363#else
10364 if (!port) {
10365 kfree(cfg);
10366 return -EINVAL;
10367 }
10368 cfg->src_port = port;
10369#endif
10370
10371 cfg->dst_port = nla_get_u16(tb[NL80211_WOWLAN_TCP_DST_PORT]);
10372 cfg->payload_len = data_size;
10373 cfg->payload = (u8 *)cfg + sizeof(*cfg) + tokens_size;
10374 memcpy((void *)cfg->payload,
10375 nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]),
10376 data_size);
10377 if (seq)
10378 cfg->payload_seq = *seq;
10379 cfg->data_interval = nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]);
10380 cfg->wake_len = wake_size;
10381 cfg->wake_data = (u8 *)cfg + sizeof(*cfg) + tokens_size + data_size;
10382 memcpy((void *)cfg->wake_data,
10383 nla_data(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]),
10384 wake_size);
10385 cfg->wake_mask = (u8 *)cfg + sizeof(*cfg) + tokens_size +
10386 data_size + wake_size;
10387 memcpy((void *)cfg->wake_mask,
10388 nla_data(tb[NL80211_WOWLAN_TCP_WAKE_MASK]),
10389 wake_mask_size);
10390 if (tok) {
10391 cfg->tokens_size = tokens_size;
10392 memcpy(&cfg->payload_tok, tok, sizeof(*tok) + tokens_size);
10393 }
10394
10395 trig->tcp = cfg;
10396
10397 return 0;
10398}
10399
10400static int nl80211_parse_wowlan_nd(struct cfg80211_registered_device *rdev,
10401 const struct wiphy_wowlan_support *wowlan,
10402 struct nlattr *attr,
10403 struct cfg80211_wowlan *trig)
10404{
10405 struct nlattr **tb;
10406 int err;
10407
10408 tb = kzalloc(NUM_NL80211_ATTR * sizeof(*tb), GFP_KERNEL);
10409 if (!tb)
10410 return -ENOMEM;
10411
10412 if (!(wowlan->flags & WIPHY_WOWLAN_NET_DETECT)) {
10413 err = -EOPNOTSUPP;
10414 goto out;
10415 }
10416
10417 err = nla_parse_nested(tb, NL80211_ATTR_MAX, attr, nl80211_policy);
10418 if (err)
10419 goto out;
10420
10421 trig->nd_config = nl80211_parse_sched_scan(&rdev->wiphy, NULL, tb,
10422 wowlan->max_nd_match_sets);
10423 err = PTR_ERR_OR_ZERO(trig->nd_config);
10424 if (err)
10425 trig->nd_config = NULL;
10426
10427out:
10428 kfree(tb);
10429 return err;
10430}
10431
10432static int nl80211_set_wowlan(struct sk_buff *skb, struct genl_info *info)
10433{
10434 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10435 struct nlattr *tb[NUM_NL80211_WOWLAN_TRIG];
10436 struct cfg80211_wowlan new_triggers = {};
10437 struct cfg80211_wowlan *ntrig;
10438 const struct wiphy_wowlan_support *wowlan = rdev->wiphy.wowlan;
10439 int err, i;
10440 bool prev_enabled = rdev->wiphy.wowlan_config;
10441 bool regular = false;
10442
10443 if (!wowlan)
10444 return -EOPNOTSUPP;
10445
10446 if (!info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]) {
10447 cfg80211_rdev_free_wowlan(rdev);
10448 rdev->wiphy.wowlan_config = NULL;
10449 goto set_wakeup;
10450 }
10451
10452 err = nla_parse_nested(tb, MAX_NL80211_WOWLAN_TRIG,
10453 info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS],
10454 nl80211_wowlan_policy);
10455 if (err)
10456 return err;
10457
10458 if (tb[NL80211_WOWLAN_TRIG_ANY]) {
10459 if (!(wowlan->flags & WIPHY_WOWLAN_ANY))
10460 return -EINVAL;
10461 new_triggers.any = true;
10462 }
10463
10464 if (tb[NL80211_WOWLAN_TRIG_DISCONNECT]) {
10465 if (!(wowlan->flags & WIPHY_WOWLAN_DISCONNECT))
10466 return -EINVAL;
10467 new_triggers.disconnect = true;
10468 regular = true;
10469 }
10470
10471 if (tb[NL80211_WOWLAN_TRIG_MAGIC_PKT]) {
10472 if (!(wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT))
10473 return -EINVAL;
10474 new_triggers.magic_pkt = true;
10475 regular = true;
10476 }
10477
10478 if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED])
10479 return -EINVAL;
10480
10481 if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE]) {
10482 if (!(wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE))
10483 return -EINVAL;
10484 new_triggers.gtk_rekey_failure = true;
10485 regular = true;
10486 }
10487
10488 if (tb[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST]) {
10489 if (!(wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ))
10490 return -EINVAL;
10491 new_triggers.eap_identity_req = true;
10492 regular = true;
10493 }
10494
10495 if (tb[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE]) {
10496 if (!(wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE))
10497 return -EINVAL;
10498 new_triggers.four_way_handshake = true;
10499 regular = true;
10500 }
10501
10502 if (tb[NL80211_WOWLAN_TRIG_RFKILL_RELEASE]) {
10503 if (!(wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE))
10504 return -EINVAL;
10505 new_triggers.rfkill_release = true;
10506 regular = true;
10507 }
10508
10509 if (tb[NL80211_WOWLAN_TRIG_PKT_PATTERN]) {
10510 struct nlattr *pat;
10511 int n_patterns = 0;
10512 int rem, pat_len, mask_len, pkt_offset;
10513 struct nlattr *pat_tb[NUM_NL80211_PKTPAT];
10514
10515 regular = true;
10516
10517 nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
10518 rem)
10519 n_patterns++;
10520 if (n_patterns > wowlan->n_patterns)
10521 return -EINVAL;
10522
10523 new_triggers.patterns = kcalloc(n_patterns,
10524 sizeof(new_triggers.patterns[0]),
10525 GFP_KERNEL);
10526 if (!new_triggers.patterns)
10527 return -ENOMEM;
10528
10529 new_triggers.n_patterns = n_patterns;
10530 i = 0;
10531
10532 nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
10533 rem) {
10534 u8 *mask_pat;
10535
10536 nla_parse_nested(pat_tb, MAX_NL80211_PKTPAT, pat,
10537 nl80211_packet_pattern_policy);
10538 err = -EINVAL;
10539 if (!pat_tb[NL80211_PKTPAT_MASK] ||
10540 !pat_tb[NL80211_PKTPAT_PATTERN])
10541 goto error;
10542 pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]);
10543 mask_len = DIV_ROUND_UP(pat_len, 8);
10544 if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len)
10545 goto error;
10546 if (pat_len > wowlan->pattern_max_len ||
10547 pat_len < wowlan->pattern_min_len)
10548 goto error;
10549
10550 if (!pat_tb[NL80211_PKTPAT_OFFSET])
10551 pkt_offset = 0;
10552 else
10553 pkt_offset = nla_get_u32(
10554 pat_tb[NL80211_PKTPAT_OFFSET]);
10555 if (pkt_offset > wowlan->max_pkt_offset)
10556 goto error;
10557 new_triggers.patterns[i].pkt_offset = pkt_offset;
10558
10559 mask_pat = kmalloc(mask_len + pat_len, GFP_KERNEL);
10560 if (!mask_pat) {
10561 err = -ENOMEM;
10562 goto error;
10563 }
10564 new_triggers.patterns[i].mask = mask_pat;
10565 memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_MASK]),
10566 mask_len);
10567 mask_pat += mask_len;
10568 new_triggers.patterns[i].pattern = mask_pat;
10569 new_triggers.patterns[i].pattern_len = pat_len;
10570 memcpy(mask_pat,
10571 nla_data(pat_tb[NL80211_PKTPAT_PATTERN]),
10572 pat_len);
10573 i++;
10574 }
10575 }
10576
10577 if (tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION]) {
10578 regular = true;
10579 err = nl80211_parse_wowlan_tcp(
10580 rdev, tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION],
10581 &new_triggers);
10582 if (err)
10583 goto error;
10584 }
10585
10586 if (tb[NL80211_WOWLAN_TRIG_NET_DETECT]) {
10587 regular = true;
10588 err = nl80211_parse_wowlan_nd(
10589 rdev, wowlan, tb[NL80211_WOWLAN_TRIG_NET_DETECT],
10590 &new_triggers);
10591 if (err)
10592 goto error;
10593 }
10594
10595
10596
10597
10598
10599
10600
10601 if (new_triggers.any && regular) {
10602 err = -EINVAL;
10603 goto error;
10604 }
10605
10606 ntrig = kmemdup(&new_triggers, sizeof(new_triggers), GFP_KERNEL);
10607 if (!ntrig) {
10608 err = -ENOMEM;
10609 goto error;
10610 }
10611 cfg80211_rdev_free_wowlan(rdev);
10612 rdev->wiphy.wowlan_config = ntrig;
10613
10614 set_wakeup:
10615 if (rdev->ops->set_wakeup &&
10616 prev_enabled != !!rdev->wiphy.wowlan_config)
10617 rdev_set_wakeup(rdev, rdev->wiphy.wowlan_config);
10618
10619 return 0;
10620 error:
10621 for (i = 0; i < new_triggers.n_patterns; i++)
10622 kfree(new_triggers.patterns[i].mask);
10623 kfree(new_triggers.patterns);
10624 if (new_triggers.tcp && new_triggers.tcp->sock)
10625 sock_release(new_triggers.tcp->sock);
10626 kfree(new_triggers.tcp);
10627 kfree(new_triggers.nd_config);
10628 return err;
10629}
10630#endif
10631
10632static int nl80211_send_coalesce_rules(struct sk_buff *msg,
10633 struct cfg80211_registered_device *rdev)
10634{
10635 struct nlattr *nl_pats, *nl_pat, *nl_rule, *nl_rules;
10636 int i, j, pat_len;
10637 struct cfg80211_coalesce_rules *rule;
10638
10639 if (!rdev->coalesce->n_rules)
10640 return 0;
10641
10642 nl_rules = nla_nest_start(msg, NL80211_ATTR_COALESCE_RULE);
10643 if (!nl_rules)
10644 return -ENOBUFS;
10645
10646 for (i = 0; i < rdev->coalesce->n_rules; i++) {
10647 nl_rule = nla_nest_start(msg, i + 1);
10648 if (!nl_rule)
10649 return -ENOBUFS;
10650
10651 rule = &rdev->coalesce->rules[i];
10652 if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_DELAY,
10653 rule->delay))
10654 return -ENOBUFS;
10655
10656 if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_CONDITION,
10657 rule->condition))
10658 return -ENOBUFS;
10659
10660 nl_pats = nla_nest_start(msg,
10661 NL80211_ATTR_COALESCE_RULE_PKT_PATTERN);
10662 if (!nl_pats)
10663 return -ENOBUFS;
10664
10665 for (j = 0; j < rule->n_patterns; j++) {
10666 nl_pat = nla_nest_start(msg, j + 1);
10667 if (!nl_pat)
10668 return -ENOBUFS;
10669 pat_len = rule->patterns[j].pattern_len;
10670 if (nla_put(msg, NL80211_PKTPAT_MASK,
10671 DIV_ROUND_UP(pat_len, 8),
10672 rule->patterns[j].mask) ||
10673 nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len,
10674 rule->patterns[j].pattern) ||
10675 nla_put_u32(msg, NL80211_PKTPAT_OFFSET,
10676 rule->patterns[j].pkt_offset))
10677 return -ENOBUFS;
10678 nla_nest_end(msg, nl_pat);
10679 }
10680 nla_nest_end(msg, nl_pats);
10681 nla_nest_end(msg, nl_rule);
10682 }
10683 nla_nest_end(msg, nl_rules);
10684
10685 return 0;
10686}
10687
10688static int nl80211_get_coalesce(struct sk_buff *skb, struct genl_info *info)
10689{
10690 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10691 struct sk_buff *msg;
10692 void *hdr;
10693
10694 if (!rdev->wiphy.coalesce)
10695 return -EOPNOTSUPP;
10696
10697 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
10698 if (!msg)
10699 return -ENOMEM;
10700
10701 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
10702 NL80211_CMD_GET_COALESCE);
10703 if (!hdr)
10704 goto nla_put_failure;
10705
10706 if (rdev->coalesce && nl80211_send_coalesce_rules(msg, rdev))
10707 goto nla_put_failure;
10708
10709 genlmsg_end(msg, hdr);
10710 return genlmsg_reply(msg, info);
10711
10712nla_put_failure:
10713 nlmsg_free(msg);
10714 return -ENOBUFS;
10715}
10716
10717void cfg80211_rdev_free_coalesce(struct cfg80211_registered_device *rdev)
10718{
10719 struct cfg80211_coalesce *coalesce = rdev->coalesce;
10720 int i, j;
10721 struct cfg80211_coalesce_rules *rule;
10722
10723 if (!coalesce)
10724 return;
10725
10726 for (i = 0; i < coalesce->n_rules; i++) {
10727 rule = &coalesce->rules[i];
10728 for (j = 0; j < rule->n_patterns; j++)
10729 kfree(rule->patterns[j].mask);
10730 kfree(rule->patterns);
10731 }
10732 kfree(coalesce->rules);
10733 kfree(coalesce);
10734 rdev->coalesce = NULL;
10735}
10736
10737static int nl80211_parse_coalesce_rule(struct cfg80211_registered_device *rdev,
10738 struct nlattr *rule,
10739 struct cfg80211_coalesce_rules *new_rule)
10740{
10741 int err, i;
10742 const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce;
10743 struct nlattr *tb[NUM_NL80211_ATTR_COALESCE_RULE], *pat;
10744 int rem, pat_len, mask_len, pkt_offset, n_patterns = 0;
10745 struct nlattr *pat_tb[NUM_NL80211_PKTPAT];
10746
10747 err = nla_parse_nested(tb, NL80211_ATTR_COALESCE_RULE_MAX, rule,
10748 nl80211_coalesce_policy);
10749 if (err)
10750 return err;
10751
10752 if (tb[NL80211_ATTR_COALESCE_RULE_DELAY])
10753 new_rule->delay =
10754 nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_DELAY]);
10755 if (new_rule->delay > coalesce->max_delay)
10756 return -EINVAL;
10757
10758 if (tb[NL80211_ATTR_COALESCE_RULE_CONDITION])
10759 new_rule->condition =
10760 nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_CONDITION]);
10761 if (new_rule->condition != NL80211_COALESCE_CONDITION_MATCH &&
10762 new_rule->condition != NL80211_COALESCE_CONDITION_NO_MATCH)
10763 return -EINVAL;
10764
10765 if (!tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN])
10766 return -EINVAL;
10767
10768 nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN],
10769 rem)
10770 n_patterns++;
10771 if (n_patterns > coalesce->n_patterns)
10772 return -EINVAL;
10773
10774 new_rule->patterns = kcalloc(n_patterns, sizeof(new_rule->patterns[0]),
10775 GFP_KERNEL);
10776 if (!new_rule->patterns)
10777 return -ENOMEM;
10778
10779 new_rule->n_patterns = n_patterns;
10780 i = 0;
10781
10782 nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN],
10783 rem) {
10784 u8 *mask_pat;
10785
10786 nla_parse_nested(pat_tb, MAX_NL80211_PKTPAT, pat,
10787 nl80211_packet_pattern_policy);
10788 if (!pat_tb[NL80211_PKTPAT_MASK] ||
10789 !pat_tb[NL80211_PKTPAT_PATTERN])
10790 return -EINVAL;
10791 pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]);
10792 mask_len = DIV_ROUND_UP(pat_len, 8);
10793 if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len)
10794 return -EINVAL;
10795 if (pat_len > coalesce->pattern_max_len ||
10796 pat_len < coalesce->pattern_min_len)
10797 return -EINVAL;
10798
10799 if (!pat_tb[NL80211_PKTPAT_OFFSET])
10800 pkt_offset = 0;
10801 else
10802 pkt_offset = nla_get_u32(pat_tb[NL80211_PKTPAT_OFFSET]);
10803 if (pkt_offset > coalesce->max_pkt_offset)
10804 return -EINVAL;
10805 new_rule->patterns[i].pkt_offset = pkt_offset;
10806
10807 mask_pat = kmalloc(mask_len + pat_len, GFP_KERNEL);
10808 if (!mask_pat)
10809 return -ENOMEM;
10810
10811 new_rule->patterns[i].mask = mask_pat;
10812 memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_MASK]),
10813 mask_len);
10814
10815 mask_pat += mask_len;
10816 new_rule->patterns[i].pattern = mask_pat;
10817 new_rule->patterns[i].pattern_len = pat_len;
10818 memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_PATTERN]),
10819 pat_len);
10820 i++;
10821 }
10822
10823 return 0;
10824}
10825
10826static int nl80211_set_coalesce(struct sk_buff *skb, struct genl_info *info)
10827{
10828 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10829 const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce;
10830 struct cfg80211_coalesce new_coalesce = {};
10831 struct cfg80211_coalesce *n_coalesce;
10832 int err, rem_rule, n_rules = 0, i, j;
10833 struct nlattr *rule;
10834 struct cfg80211_coalesce_rules *tmp_rule;
10835
10836 if (!rdev->wiphy.coalesce || !rdev->ops->set_coalesce)
10837 return -EOPNOTSUPP;
10838
10839 if (!info->attrs[NL80211_ATTR_COALESCE_RULE]) {
10840 cfg80211_rdev_free_coalesce(rdev);
10841 rdev_set_coalesce(rdev, NULL);
10842 return 0;
10843 }
10844
10845 nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE],
10846 rem_rule)
10847 n_rules++;
10848 if (n_rules > coalesce->n_rules)
10849 return -EINVAL;
10850
10851 new_coalesce.rules = kcalloc(n_rules, sizeof(new_coalesce.rules[0]),
10852 GFP_KERNEL);
10853 if (!new_coalesce.rules)
10854 return -ENOMEM;
10855
10856 new_coalesce.n_rules = n_rules;
10857 i = 0;
10858
10859 nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE],
10860 rem_rule) {
10861 err = nl80211_parse_coalesce_rule(rdev, rule,
10862 &new_coalesce.rules[i]);
10863 if (err)
10864 goto error;
10865
10866 i++;
10867 }
10868
10869 err = rdev_set_coalesce(rdev, &new_coalesce);
10870 if (err)
10871 goto error;
10872
10873 n_coalesce = kmemdup(&new_coalesce, sizeof(new_coalesce), GFP_KERNEL);
10874 if (!n_coalesce) {
10875 err = -ENOMEM;
10876 goto error;
10877 }
10878 cfg80211_rdev_free_coalesce(rdev);
10879 rdev->coalesce = n_coalesce;
10880
10881 return 0;
10882error:
10883 for (i = 0; i < new_coalesce.n_rules; i++) {
10884 tmp_rule = &new_coalesce.rules[i];
10885 for (j = 0; j < tmp_rule->n_patterns; j++)
10886 kfree(tmp_rule->patterns[j].mask);
10887 kfree(tmp_rule->patterns);
10888 }
10889 kfree(new_coalesce.rules);
10890
10891 return err;
10892}
10893
10894static int nl80211_set_rekey_data(struct sk_buff *skb, struct genl_info *info)
10895{
10896 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10897 struct net_device *dev = info->user_ptr[1];
10898 struct wireless_dev *wdev = dev->ieee80211_ptr;
10899 struct nlattr *tb[NUM_NL80211_REKEY_DATA];
10900 struct cfg80211_gtk_rekey_data rekey_data;
10901 int err;
10902
10903 if (!info->attrs[NL80211_ATTR_REKEY_DATA])
10904 return -EINVAL;
10905
10906 err = nla_parse_nested(tb, MAX_NL80211_REKEY_DATA,
10907 info->attrs[NL80211_ATTR_REKEY_DATA],
10908 nl80211_rekey_policy);
10909 if (err)
10910 return err;
10911
10912 if (!tb[NL80211_REKEY_DATA_REPLAY_CTR] || !tb[NL80211_REKEY_DATA_KEK] ||
10913 !tb[NL80211_REKEY_DATA_KCK])
10914 return -EINVAL;
10915 if (nla_len(tb[NL80211_REKEY_DATA_REPLAY_CTR]) != NL80211_REPLAY_CTR_LEN)
10916 return -ERANGE;
10917 if (nla_len(tb[NL80211_REKEY_DATA_KEK]) != NL80211_KEK_LEN)
10918 return -ERANGE;
10919 if (nla_len(tb[NL80211_REKEY_DATA_KCK]) != NL80211_KCK_LEN)
10920 return -ERANGE;
10921
10922 rekey_data.kek = nla_data(tb[NL80211_REKEY_DATA_KEK]);
10923 rekey_data.kck = nla_data(tb[NL80211_REKEY_DATA_KCK]);
10924 rekey_data.replay_ctr = nla_data(tb[NL80211_REKEY_DATA_REPLAY_CTR]);
10925
10926 wdev_lock(wdev);
10927 if (!wdev->current_bss) {
10928 err = -ENOTCONN;
10929 goto out;
10930 }
10931
10932 if (!rdev->ops->set_rekey_data) {
10933 err = -EOPNOTSUPP;
10934 goto out;
10935 }
10936
10937 err = rdev_set_rekey_data(rdev, dev, &rekey_data);
10938 out:
10939 wdev_unlock(wdev);
10940 return err;
10941}
10942
10943static int nl80211_register_unexpected_frame(struct sk_buff *skb,
10944 struct genl_info *info)
10945{
10946 struct net_device *dev = info->user_ptr[1];
10947 struct wireless_dev *wdev = dev->ieee80211_ptr;
10948
10949 if (wdev->iftype != NL80211_IFTYPE_AP &&
10950 wdev->iftype != NL80211_IFTYPE_P2P_GO)
10951 return -EINVAL;
10952
10953 if (wdev->ap_unexpected_nlportid)
10954 return -EBUSY;
10955
10956 wdev->ap_unexpected_nlportid = info->snd_portid;
10957 return 0;
10958}
10959
10960static int nl80211_probe_client(struct sk_buff *skb,
10961 struct genl_info *info)
10962{
10963 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10964 struct net_device *dev = info->user_ptr[1];
10965 struct wireless_dev *wdev = dev->ieee80211_ptr;
10966 struct sk_buff *msg;
10967 void *hdr;
10968 const u8 *addr;
10969 u64 cookie;
10970 int err;
10971
10972 if (wdev->iftype != NL80211_IFTYPE_AP &&
10973 wdev->iftype != NL80211_IFTYPE_P2P_GO)
10974 return -EOPNOTSUPP;
10975
10976 if (!info->attrs[NL80211_ATTR_MAC])
10977 return -EINVAL;
10978
10979 if (!rdev->ops->probe_client)
10980 return -EOPNOTSUPP;
10981
10982 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
10983 if (!msg)
10984 return -ENOMEM;
10985
10986 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
10987 NL80211_CMD_PROBE_CLIENT);
10988 if (!hdr) {
10989 err = -ENOBUFS;
10990 goto free_msg;
10991 }
10992
10993 addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
10994
10995 err = rdev_probe_client(rdev, dev, addr, &cookie);
10996 if (err)
10997 goto free_msg;
10998
10999 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
11000 NL80211_ATTR_PAD))
11001 goto nla_put_failure;
11002
11003 genlmsg_end(msg, hdr);
11004
11005 return genlmsg_reply(msg, info);
11006
11007 nla_put_failure:
11008 err = -ENOBUFS;
11009 free_msg:
11010 nlmsg_free(msg);
11011 return err;
11012}
11013
11014static int nl80211_register_beacons(struct sk_buff *skb, struct genl_info *info)
11015{
11016 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11017 struct cfg80211_beacon_registration *reg, *nreg;
11018 int rv;
11019
11020 if (!(rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS))
11021 return -EOPNOTSUPP;
11022
11023 nreg = kzalloc(sizeof(*nreg), GFP_KERNEL);
11024 if (!nreg)
11025 return -ENOMEM;
11026
11027
11028 spin_lock_bh(&rdev->beacon_registrations_lock);
11029 list_for_each_entry(reg, &rdev->beacon_registrations, list) {
11030 if (reg->nlportid == info->snd_portid) {
11031 rv = -EALREADY;
11032 goto out_err;
11033 }
11034 }
11035
11036 nreg->nlportid = info->snd_portid;
11037 list_add(&nreg->list, &rdev->beacon_registrations);
11038
11039 spin_unlock_bh(&rdev->beacon_registrations_lock);
11040
11041 return 0;
11042out_err:
11043 spin_unlock_bh(&rdev->beacon_registrations_lock);
11044 kfree(nreg);
11045 return rv;
11046}
11047
11048static int nl80211_start_p2p_device(struct sk_buff *skb, struct genl_info *info)
11049{
11050 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11051 struct wireless_dev *wdev = info->user_ptr[1];
11052 int err;
11053
11054 if (!rdev->ops->start_p2p_device)
11055 return -EOPNOTSUPP;
11056
11057 if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
11058 return -EOPNOTSUPP;
11059
11060 if (wdev_running(wdev))
11061 return 0;
11062
11063 if (rfkill_blocked(rdev->rfkill))
11064 return -ERFKILL;
11065
11066 err = rdev_start_p2p_device(rdev, wdev);
11067 if (err)
11068 return err;
11069
11070 wdev->is_running = true;
11071 rdev->opencount++;
11072
11073 return 0;
11074}
11075
11076static int nl80211_stop_p2p_device(struct sk_buff *skb, struct genl_info *info)
11077{
11078 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11079 struct wireless_dev *wdev = info->user_ptr[1];
11080
11081 if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
11082 return -EOPNOTSUPP;
11083
11084 if (!rdev->ops->stop_p2p_device)
11085 return -EOPNOTSUPP;
11086
11087 cfg80211_stop_p2p_device(rdev, wdev);
11088
11089 return 0;
11090}
11091
11092static int nl80211_start_nan(struct sk_buff *skb, struct genl_info *info)
11093{
11094 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11095 struct wireless_dev *wdev = info->user_ptr[1];
11096 struct cfg80211_nan_conf conf = {};
11097 int err;
11098
11099 if (wdev->iftype != NL80211_IFTYPE_NAN)
11100 return -EOPNOTSUPP;
11101
11102 if (wdev_running(wdev))
11103 return -EEXIST;
11104
11105 if (rfkill_blocked(rdev->rfkill))
11106 return -ERFKILL;
11107
11108 if (!info->attrs[NL80211_ATTR_NAN_MASTER_PREF])
11109 return -EINVAL;
11110
11111 conf.master_pref =
11112 nla_get_u8(info->attrs[NL80211_ATTR_NAN_MASTER_PREF]);
11113 if (!conf.master_pref)
11114 return -EINVAL;
11115
11116 if (info->attrs[NL80211_ATTR_BANDS]) {
11117 u32 bands = nla_get_u32(info->attrs[NL80211_ATTR_BANDS]);
11118
11119 if (bands & ~(u32)wdev->wiphy->nan_supported_bands)
11120 return -EOPNOTSUPP;
11121
11122 if (bands && !(bands & BIT(NL80211_BAND_2GHZ)))
11123 return -EINVAL;
11124
11125 conf.bands = bands;
11126 }
11127
11128 err = rdev_start_nan(rdev, wdev, &conf);
11129 if (err)
11130 return err;
11131
11132 wdev->is_running = true;
11133 rdev->opencount++;
11134
11135 return 0;
11136}
11137
11138static int nl80211_stop_nan(struct sk_buff *skb, struct genl_info *info)
11139{
11140 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11141 struct wireless_dev *wdev = info->user_ptr[1];
11142
11143 if (wdev->iftype != NL80211_IFTYPE_NAN)
11144 return -EOPNOTSUPP;
11145
11146 cfg80211_stop_nan(rdev, wdev);
11147
11148 return 0;
11149}
11150
11151static int validate_nan_filter(struct nlattr *filter_attr)
11152{
11153 struct nlattr *attr;
11154 int len = 0, n_entries = 0, rem;
11155
11156 nla_for_each_nested(attr, filter_attr, rem) {
11157 len += nla_len(attr);
11158 n_entries++;
11159 }
11160
11161 if (len >= U8_MAX)
11162 return -EINVAL;
11163
11164 return n_entries;
11165}
11166
11167static int handle_nan_filter(struct nlattr *attr_filter,
11168 struct cfg80211_nan_func *func,
11169 bool tx)
11170{
11171 struct nlattr *attr;
11172 int n_entries, rem, i;
11173 struct cfg80211_nan_func_filter *filter;
11174
11175 n_entries = validate_nan_filter(attr_filter);
11176 if (n_entries < 0)
11177 return n_entries;
11178
11179 BUILD_BUG_ON(sizeof(*func->rx_filters) != sizeof(*func->tx_filters));
11180
11181 filter = kcalloc(n_entries, sizeof(*func->rx_filters), GFP_KERNEL);
11182 if (!filter)
11183 return -ENOMEM;
11184
11185 i = 0;
11186 nla_for_each_nested(attr, attr_filter, rem) {
11187 filter[i].filter = nla_memdup(attr, GFP_KERNEL);
11188 filter[i].len = nla_len(attr);
11189 i++;
11190 }
11191 if (tx) {
11192 func->num_tx_filters = n_entries;
11193 func->tx_filters = filter;
11194 } else {
11195 func->num_rx_filters = n_entries;
11196 func->rx_filters = filter;
11197 }
11198
11199 return 0;
11200}
11201
11202static int nl80211_nan_add_func(struct sk_buff *skb,
11203 struct genl_info *info)
11204{
11205 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11206 struct wireless_dev *wdev = info->user_ptr[1];
11207 struct nlattr *tb[NUM_NL80211_NAN_FUNC_ATTR], *func_attr;
11208 struct cfg80211_nan_func *func;
11209 struct sk_buff *msg = NULL;
11210 void *hdr = NULL;
11211 int err = 0;
11212
11213 if (wdev->iftype != NL80211_IFTYPE_NAN)
11214 return -EOPNOTSUPP;
11215
11216 if (!wdev_running(wdev))
11217 return -ENOTCONN;
11218
11219 if (!info->attrs[NL80211_ATTR_NAN_FUNC])
11220 return -EINVAL;
11221
11222 err = nla_parse_nested(tb, NL80211_NAN_FUNC_ATTR_MAX,
11223 info->attrs[NL80211_ATTR_NAN_FUNC],
11224 nl80211_nan_func_policy);
11225 if (err)
11226 return err;
11227
11228 func = kzalloc(sizeof(*func), GFP_KERNEL);
11229 if (!func)
11230 return -ENOMEM;
11231
11232 func->cookie = wdev->wiphy->cookie_counter++;
11233
11234 if (!tb[NL80211_NAN_FUNC_TYPE] ||
11235 nla_get_u8(tb[NL80211_NAN_FUNC_TYPE]) > NL80211_NAN_FUNC_MAX_TYPE) {
11236 err = -EINVAL;
11237 goto out;
11238 }
11239
11240
11241 func->type = nla_get_u8(tb[NL80211_NAN_FUNC_TYPE]);
11242
11243 if (!tb[NL80211_NAN_FUNC_SERVICE_ID]) {
11244 err = -EINVAL;
11245 goto out;
11246 }
11247
11248 memcpy(func->service_id, nla_data(tb[NL80211_NAN_FUNC_SERVICE_ID]),
11249 sizeof(func->service_id));
11250
11251 func->close_range =
11252 nla_get_flag(tb[NL80211_NAN_FUNC_CLOSE_RANGE]);
11253
11254 if (tb[NL80211_NAN_FUNC_SERVICE_INFO]) {
11255 func->serv_spec_info_len =
11256 nla_len(tb[NL80211_NAN_FUNC_SERVICE_INFO]);
11257 func->serv_spec_info =
11258 kmemdup(nla_data(tb[NL80211_NAN_FUNC_SERVICE_INFO]),
11259 func->serv_spec_info_len,
11260 GFP_KERNEL);
11261 if (!func->serv_spec_info) {
11262 err = -ENOMEM;
11263 goto out;
11264 }
11265 }
11266
11267 if (tb[NL80211_NAN_FUNC_TTL])
11268 func->ttl = nla_get_u32(tb[NL80211_NAN_FUNC_TTL]);
11269
11270 switch (func->type) {
11271 case NL80211_NAN_FUNC_PUBLISH:
11272 if (!tb[NL80211_NAN_FUNC_PUBLISH_TYPE]) {
11273 err = -EINVAL;
11274 goto out;
11275 }
11276
11277 func->publish_type =
11278 nla_get_u8(tb[NL80211_NAN_FUNC_PUBLISH_TYPE]);
11279 func->publish_bcast =
11280 nla_get_flag(tb[NL80211_NAN_FUNC_PUBLISH_BCAST]);
11281
11282 if ((!(func->publish_type & NL80211_NAN_SOLICITED_PUBLISH)) &&
11283 func->publish_bcast) {
11284 err = -EINVAL;
11285 goto out;
11286 }
11287 break;
11288 case NL80211_NAN_FUNC_SUBSCRIBE:
11289 func->subscribe_active =
11290 nla_get_flag(tb[NL80211_NAN_FUNC_SUBSCRIBE_ACTIVE]);
11291 break;
11292 case NL80211_NAN_FUNC_FOLLOW_UP:
11293 if (!tb[NL80211_NAN_FUNC_FOLLOW_UP_ID] ||
11294 !tb[NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID]) {
11295 err = -EINVAL;
11296 goto out;
11297 }
11298
11299 func->followup_id =
11300 nla_get_u8(tb[NL80211_NAN_FUNC_FOLLOW_UP_ID]);
11301 func->followup_reqid =
11302 nla_get_u8(tb[NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID]);
11303 memcpy(func->followup_dest.addr,
11304 nla_data(tb[NL80211_NAN_FUNC_FOLLOW_UP_DEST]),
11305 sizeof(func->followup_dest.addr));
11306 if (func->ttl) {
11307 err = -EINVAL;
11308 goto out;
11309 }
11310 break;
11311 default:
11312 err = -EINVAL;
11313 goto out;
11314 }
11315
11316 if (tb[NL80211_NAN_FUNC_SRF]) {
11317 struct nlattr *srf_tb[NUM_NL80211_NAN_SRF_ATTR];
11318
11319 err = nla_parse_nested(srf_tb, NL80211_NAN_SRF_ATTR_MAX,
11320 tb[NL80211_NAN_FUNC_SRF],
11321 nl80211_nan_srf_policy);
11322 if (err)
11323 goto out;
11324
11325 func->srf_include =
11326 nla_get_flag(srf_tb[NL80211_NAN_SRF_INCLUDE]);
11327
11328 if (srf_tb[NL80211_NAN_SRF_BF]) {
11329 if (srf_tb[NL80211_NAN_SRF_MAC_ADDRS] ||
11330 !srf_tb[NL80211_NAN_SRF_BF_IDX]) {
11331 err = -EINVAL;
11332 goto out;
11333 }
11334
11335 func->srf_bf_len =
11336 nla_len(srf_tb[NL80211_NAN_SRF_BF]);
11337 func->srf_bf =
11338 kmemdup(nla_data(srf_tb[NL80211_NAN_SRF_BF]),
11339 func->srf_bf_len, GFP_KERNEL);
11340 if (!func->srf_bf) {
11341 err = -ENOMEM;
11342 goto out;
11343 }
11344
11345 func->srf_bf_idx =
11346 nla_get_u8(srf_tb[NL80211_NAN_SRF_BF_IDX]);
11347 } else {
11348 struct nlattr *attr, *mac_attr =
11349 srf_tb[NL80211_NAN_SRF_MAC_ADDRS];
11350 int n_entries, rem, i = 0;
11351
11352 if (!mac_attr) {
11353 err = -EINVAL;
11354 goto out;
11355 }
11356
11357 n_entries = validate_acl_mac_addrs(mac_attr);
11358 if (n_entries <= 0) {
11359 err = -EINVAL;
11360 goto out;
11361 }
11362
11363 func->srf_num_macs = n_entries;
11364 func->srf_macs =
11365 kzalloc(sizeof(*func->srf_macs) * n_entries,
11366 GFP_KERNEL);
11367 if (!func->srf_macs) {
11368 err = -ENOMEM;
11369 goto out;
11370 }
11371
11372 nla_for_each_nested(attr, mac_attr, rem)
11373 memcpy(func->srf_macs[i++].addr, nla_data(attr),
11374 sizeof(*func->srf_macs));
11375 }
11376 }
11377
11378 if (tb[NL80211_NAN_FUNC_TX_MATCH_FILTER]) {
11379 err = handle_nan_filter(tb[NL80211_NAN_FUNC_TX_MATCH_FILTER],
11380 func, true);
11381 if (err)
11382 goto out;
11383 }
11384
11385 if (tb[NL80211_NAN_FUNC_RX_MATCH_FILTER]) {
11386 err = handle_nan_filter(tb[NL80211_NAN_FUNC_RX_MATCH_FILTER],
11387 func, false);
11388 if (err)
11389 goto out;
11390 }
11391
11392 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
11393 if (!msg) {
11394 err = -ENOMEM;
11395 goto out;
11396 }
11397
11398 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
11399 NL80211_CMD_ADD_NAN_FUNCTION);
11400
11401 if (WARN_ON(!hdr)) {
11402 err = -ENOMEM;
11403 goto out;
11404 }
11405
11406 err = rdev_add_nan_func(rdev, wdev, func);
11407out:
11408 if (err < 0) {
11409 cfg80211_free_nan_func(func);
11410 nlmsg_free(msg);
11411 return err;
11412 }
11413
11414
11415 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, func->cookie,
11416 NL80211_ATTR_PAD))
11417 goto nla_put_failure;
11418
11419 func_attr = nla_nest_start(msg, NL80211_ATTR_NAN_FUNC);
11420 if (!func_attr)
11421 goto nla_put_failure;
11422
11423 if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID,
11424 func->instance_id))
11425 goto nla_put_failure;
11426
11427 nla_nest_end(msg, func_attr);
11428
11429 genlmsg_end(msg, hdr);
11430 return genlmsg_reply(msg, info);
11431
11432nla_put_failure:
11433 nlmsg_free(msg);
11434 return -ENOBUFS;
11435}
11436
11437static int nl80211_nan_del_func(struct sk_buff *skb,
11438 struct genl_info *info)
11439{
11440 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11441 struct wireless_dev *wdev = info->user_ptr[1];
11442 u64 cookie;
11443
11444 if (wdev->iftype != NL80211_IFTYPE_NAN)
11445 return -EOPNOTSUPP;
11446
11447 if (!wdev_running(wdev))
11448 return -ENOTCONN;
11449
11450 if (!info->attrs[NL80211_ATTR_COOKIE])
11451 return -EINVAL;
11452
11453 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
11454
11455 rdev_del_nan_func(rdev, wdev, cookie);
11456
11457 return 0;
11458}
11459
11460static int nl80211_nan_change_config(struct sk_buff *skb,
11461 struct genl_info *info)
11462{
11463 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11464 struct wireless_dev *wdev = info->user_ptr[1];
11465 struct cfg80211_nan_conf conf = {};
11466 u32 changed = 0;
11467
11468 if (wdev->iftype != NL80211_IFTYPE_NAN)
11469 return -EOPNOTSUPP;
11470
11471 if (!wdev_running(wdev))
11472 return -ENOTCONN;
11473
11474 if (info->attrs[NL80211_ATTR_NAN_MASTER_PREF]) {
11475 conf.master_pref =
11476 nla_get_u8(info->attrs[NL80211_ATTR_NAN_MASTER_PREF]);
11477 if (conf.master_pref <= 1 || conf.master_pref == 255)
11478 return -EINVAL;
11479
11480 changed |= CFG80211_NAN_CONF_CHANGED_PREF;
11481 }
11482
11483 if (info->attrs[NL80211_ATTR_BANDS]) {
11484 u32 bands = nla_get_u32(info->attrs[NL80211_ATTR_BANDS]);
11485
11486 if (bands & ~(u32)wdev->wiphy->nan_supported_bands)
11487 return -EOPNOTSUPP;
11488
11489 if (bands && !(bands & BIT(NL80211_BAND_2GHZ)))
11490 return -EINVAL;
11491
11492 conf.bands = bands;
11493 changed |= CFG80211_NAN_CONF_CHANGED_BANDS;
11494 }
11495
11496 if (!changed)
11497 return -EINVAL;
11498
11499 return rdev_nan_change_conf(rdev, wdev, &conf, changed);
11500}
11501
11502void cfg80211_nan_match(struct wireless_dev *wdev,
11503 struct cfg80211_nan_match_params *match, gfp_t gfp)
11504{
11505 struct wiphy *wiphy = wdev->wiphy;
11506 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
11507 struct nlattr *match_attr, *local_func_attr, *peer_func_attr;
11508 struct sk_buff *msg;
11509 void *hdr;
11510
11511 if (WARN_ON(!match->inst_id || !match->peer_inst_id || !match->addr))
11512 return;
11513
11514 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11515 if (!msg)
11516 return;
11517
11518 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NAN_MATCH);
11519 if (!hdr) {
11520 nlmsg_free(msg);
11521 return;
11522 }
11523
11524 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11525 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
11526 wdev->netdev->ifindex)) ||
11527 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
11528 NL80211_ATTR_PAD))
11529 goto nla_put_failure;
11530
11531 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, match->cookie,
11532 NL80211_ATTR_PAD) ||
11533 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, match->addr))
11534 goto nla_put_failure;
11535
11536 match_attr = nla_nest_start(msg, NL80211_ATTR_NAN_MATCH);
11537 if (!match_attr)
11538 goto nla_put_failure;
11539
11540 local_func_attr = nla_nest_start(msg, NL80211_NAN_MATCH_FUNC_LOCAL);
11541 if (!local_func_attr)
11542 goto nla_put_failure;
11543
11544 if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, match->inst_id))
11545 goto nla_put_failure;
11546
11547 nla_nest_end(msg, local_func_attr);
11548
11549 peer_func_attr = nla_nest_start(msg, NL80211_NAN_MATCH_FUNC_PEER);
11550 if (!peer_func_attr)
11551 goto nla_put_failure;
11552
11553 if (nla_put_u8(msg, NL80211_NAN_FUNC_TYPE, match->type) ||
11554 nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, match->peer_inst_id))
11555 goto nla_put_failure;
11556
11557 if (match->info && match->info_len &&
11558 nla_put(msg, NL80211_NAN_FUNC_SERVICE_INFO, match->info_len,
11559 match->info))
11560 goto nla_put_failure;
11561
11562 nla_nest_end(msg, peer_func_attr);
11563 nla_nest_end(msg, match_attr);
11564 genlmsg_end(msg, hdr);
11565
11566 if (!wdev->owner_nlportid)
11567 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
11568 msg, 0, NL80211_MCGRP_NAN, gfp);
11569 else
11570 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg,
11571 wdev->owner_nlportid);
11572
11573 return;
11574
11575nla_put_failure:
11576 nlmsg_free(msg);
11577}
11578EXPORT_SYMBOL(cfg80211_nan_match);
11579
11580void cfg80211_nan_func_terminated(struct wireless_dev *wdev,
11581 u8 inst_id,
11582 enum nl80211_nan_func_term_reason reason,
11583 u64 cookie, gfp_t gfp)
11584{
11585 struct wiphy *wiphy = wdev->wiphy;
11586 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
11587 struct sk_buff *msg;
11588 struct nlattr *func_attr;
11589 void *hdr;
11590
11591 if (WARN_ON(!inst_id))
11592 return;
11593
11594 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11595 if (!msg)
11596 return;
11597
11598 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DEL_NAN_FUNCTION);
11599 if (!hdr) {
11600 nlmsg_free(msg);
11601 return;
11602 }
11603
11604 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11605 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
11606 wdev->netdev->ifindex)) ||
11607 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
11608 NL80211_ATTR_PAD))
11609 goto nla_put_failure;
11610
11611 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
11612 NL80211_ATTR_PAD))
11613 goto nla_put_failure;
11614
11615 func_attr = nla_nest_start(msg, NL80211_ATTR_NAN_FUNC);
11616 if (!func_attr)
11617 goto nla_put_failure;
11618
11619 if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, inst_id) ||
11620 nla_put_u8(msg, NL80211_NAN_FUNC_TERM_REASON, reason))
11621 goto nla_put_failure;
11622
11623 nla_nest_end(msg, func_attr);
11624 genlmsg_end(msg, hdr);
11625
11626 if (!wdev->owner_nlportid)
11627 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
11628 msg, 0, NL80211_MCGRP_NAN, gfp);
11629 else
11630 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg,
11631 wdev->owner_nlportid);
11632
11633 return;
11634
11635nla_put_failure:
11636 nlmsg_free(msg);
11637}
11638EXPORT_SYMBOL(cfg80211_nan_func_terminated);
11639
11640static int nl80211_get_protocol_features(struct sk_buff *skb,
11641 struct genl_info *info)
11642{
11643 void *hdr;
11644 struct sk_buff *msg;
11645
11646 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
11647 if (!msg)
11648 return -ENOMEM;
11649
11650 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
11651 NL80211_CMD_GET_PROTOCOL_FEATURES);
11652 if (!hdr)
11653 goto nla_put_failure;
11654
11655 if (nla_put_u32(msg, NL80211_ATTR_PROTOCOL_FEATURES,
11656 NL80211_PROTOCOL_FEATURE_SPLIT_WIPHY_DUMP))
11657 goto nla_put_failure;
11658
11659 genlmsg_end(msg, hdr);
11660 return genlmsg_reply(msg, info);
11661
11662 nla_put_failure:
11663 kfree_skb(msg);
11664 return -ENOBUFS;
11665}
11666
11667static int nl80211_update_ft_ies(struct sk_buff *skb, struct genl_info *info)
11668{
11669 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11670 struct cfg80211_update_ft_ies_params ft_params;
11671 struct net_device *dev = info->user_ptr[1];
11672
11673 if (!rdev->ops->update_ft_ies)
11674 return -EOPNOTSUPP;
11675
11676 if (!info->attrs[NL80211_ATTR_MDID] ||
11677 !is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
11678 return -EINVAL;
11679
11680 memset(&ft_params, 0, sizeof(ft_params));
11681 ft_params.md = nla_get_u16(info->attrs[NL80211_ATTR_MDID]);
11682 ft_params.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
11683 ft_params.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
11684
11685 return rdev_update_ft_ies(rdev, dev, &ft_params);
11686}
11687
11688static int nl80211_crit_protocol_start(struct sk_buff *skb,
11689 struct genl_info *info)
11690{
11691 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11692 struct wireless_dev *wdev = info->user_ptr[1];
11693 enum nl80211_crit_proto_id proto = NL80211_CRIT_PROTO_UNSPEC;
11694 u16 duration;
11695 int ret;
11696
11697 if (!rdev->ops->crit_proto_start)
11698 return -EOPNOTSUPP;
11699
11700 if (WARN_ON(!rdev->ops->crit_proto_stop))
11701 return -EINVAL;
11702
11703 if (rdev->crit_proto_nlportid)
11704 return -EBUSY;
11705
11706
11707 if (info->attrs[NL80211_ATTR_CRIT_PROT_ID])
11708 proto = nla_get_u16(info->attrs[NL80211_ATTR_CRIT_PROT_ID]);
11709
11710 if (proto >= NUM_NL80211_CRIT_PROTO)
11711 return -EINVAL;
11712
11713
11714 if (!info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION])
11715 return -EINVAL;
11716
11717 duration =
11718 nla_get_u16(info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION]);
11719
11720 if (duration > NL80211_CRIT_PROTO_MAX_DURATION)
11721 return -ERANGE;
11722
11723 ret = rdev_crit_proto_start(rdev, wdev, proto, duration);
11724 if (!ret)
11725 rdev->crit_proto_nlportid = info->snd_portid;
11726
11727 return ret;
11728}
11729
11730static int nl80211_crit_protocol_stop(struct sk_buff *skb,
11731 struct genl_info *info)
11732{
11733 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11734 struct wireless_dev *wdev = info->user_ptr[1];
11735
11736 if (!rdev->ops->crit_proto_stop)
11737 return -EOPNOTSUPP;
11738
11739 if (rdev->crit_proto_nlportid) {
11740 rdev->crit_proto_nlportid = 0;
11741 rdev_crit_proto_stop(rdev, wdev);
11742 }
11743 return 0;
11744}
11745
11746static int nl80211_vendor_cmd(struct sk_buff *skb, struct genl_info *info)
11747{
11748 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11749 struct wireless_dev *wdev =
11750 __cfg80211_wdev_from_attrs(genl_info_net(info), info->attrs);
11751 int i, err;
11752 u32 vid, subcmd;
11753
11754 if (!rdev->wiphy.vendor_commands)
11755 return -EOPNOTSUPP;
11756
11757 if (IS_ERR(wdev)) {
11758 err = PTR_ERR(wdev);
11759 if (err != -EINVAL)
11760 return err;
11761 wdev = NULL;
11762 } else if (wdev->wiphy != &rdev->wiphy) {
11763 return -EINVAL;
11764 }
11765
11766 if (!info->attrs[NL80211_ATTR_VENDOR_ID] ||
11767 !info->attrs[NL80211_ATTR_VENDOR_SUBCMD])
11768 return -EINVAL;
11769
11770 vid = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_ID]);
11771 subcmd = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_SUBCMD]);
11772 for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) {
11773 const struct wiphy_vendor_command *vcmd;
11774 void *data = NULL;
11775 int len = 0;
11776
11777 vcmd = &rdev->wiphy.vendor_commands[i];
11778
11779 if (vcmd->info.vendor_id != vid || vcmd->info.subcmd != subcmd)
11780 continue;
11781
11782 if (vcmd->flags & (WIPHY_VENDOR_CMD_NEED_WDEV |
11783 WIPHY_VENDOR_CMD_NEED_NETDEV)) {
11784 if (!wdev)
11785 return -EINVAL;
11786 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_NETDEV &&
11787 !wdev->netdev)
11788 return -EINVAL;
11789
11790 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_RUNNING) {
11791 if (!wdev_running(wdev))
11792 return -ENETDOWN;
11793 }
11794
11795 if (!vcmd->doit)
11796 return -EOPNOTSUPP;
11797 } else {
11798 wdev = NULL;
11799 }
11800
11801 if (info->attrs[NL80211_ATTR_VENDOR_DATA]) {
11802 data = nla_data(info->attrs[NL80211_ATTR_VENDOR_DATA]);
11803 len = nla_len(info->attrs[NL80211_ATTR_VENDOR_DATA]);
11804 }
11805
11806 rdev->cur_cmd_info = info;
11807 err = rdev->wiphy.vendor_commands[i].doit(&rdev->wiphy, wdev,
11808 data, len);
11809 rdev->cur_cmd_info = NULL;
11810 return err;
11811 }
11812
11813 return -EOPNOTSUPP;
11814}
11815
11816static int nl80211_prepare_vendor_dump(struct sk_buff *skb,
11817 struct netlink_callback *cb,
11818 struct cfg80211_registered_device **rdev,
11819 struct wireless_dev **wdev)
11820{
11821 struct nlattr **attrbuf = genl_family_attrbuf(&nl80211_fam);
11822 u32 vid, subcmd;
11823 unsigned int i;
11824 int vcmd_idx = -1;
11825 int err;
11826 void *data = NULL;
11827 unsigned int data_len = 0;
11828
11829 if (cb->args[0]) {
11830
11831 struct wiphy *wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1);
11832 struct wireless_dev *tmp;
11833
11834 if (!wiphy)
11835 return -ENODEV;
11836 *rdev = wiphy_to_rdev(wiphy);
11837 *wdev = NULL;
11838
11839 if (cb->args[1]) {
11840 list_for_each_entry(tmp, &wiphy->wdev_list, list) {
11841 if (tmp->identifier == cb->args[1] - 1) {
11842 *wdev = tmp;
11843 break;
11844 }
11845 }
11846 }
11847
11848
11849 return 0;
11850 }
11851
11852 err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
11853 attrbuf, nl80211_fam.maxattr, nl80211_policy);
11854 if (err)
11855 return err;
11856
11857 if (!attrbuf[NL80211_ATTR_VENDOR_ID] ||
11858 !attrbuf[NL80211_ATTR_VENDOR_SUBCMD])
11859 return -EINVAL;
11860
11861 *wdev = __cfg80211_wdev_from_attrs(sock_net(skb->sk), attrbuf);
11862 if (IS_ERR(*wdev))
11863 *wdev = NULL;
11864
11865 *rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk), attrbuf);
11866 if (IS_ERR(*rdev))
11867 return PTR_ERR(*rdev);
11868
11869 vid = nla_get_u32(attrbuf[NL80211_ATTR_VENDOR_ID]);
11870 subcmd = nla_get_u32(attrbuf[NL80211_ATTR_VENDOR_SUBCMD]);
11871
11872 for (i = 0; i < (*rdev)->wiphy.n_vendor_commands; i++) {
11873 const struct wiphy_vendor_command *vcmd;
11874
11875 vcmd = &(*rdev)->wiphy.vendor_commands[i];
11876
11877 if (vcmd->info.vendor_id != vid || vcmd->info.subcmd != subcmd)
11878 continue;
11879
11880 if (!vcmd->dumpit)
11881 return -EOPNOTSUPP;
11882
11883 vcmd_idx = i;
11884 break;
11885 }
11886
11887 if (vcmd_idx < 0)
11888 return -EOPNOTSUPP;
11889
11890 if (attrbuf[NL80211_ATTR_VENDOR_DATA]) {
11891 data = nla_data(attrbuf[NL80211_ATTR_VENDOR_DATA]);
11892 data_len = nla_len(attrbuf[NL80211_ATTR_VENDOR_DATA]);
11893 }
11894
11895
11896 cb->args[0] = (*rdev)->wiphy_idx + 1;
11897
11898 cb->args[1] = *wdev ? (*wdev)->identifier + 1 : 0;
11899 cb->args[2] = vcmd_idx;
11900 cb->args[3] = (unsigned long)data;
11901 cb->args[4] = data_len;
11902
11903
11904 return 0;
11905}
11906
11907static int nl80211_vendor_cmd_dump(struct sk_buff *skb,
11908 struct netlink_callback *cb)
11909{
11910 struct cfg80211_registered_device *rdev;
11911 struct wireless_dev *wdev;
11912 unsigned int vcmd_idx;
11913 const struct wiphy_vendor_command *vcmd;
11914 void *data;
11915 int data_len;
11916 int err;
11917 struct nlattr *vendor_data;
11918
11919 rtnl_lock();
11920 err = nl80211_prepare_vendor_dump(skb, cb, &rdev, &wdev);
11921 if (err)
11922 goto out;
11923
11924 vcmd_idx = cb->args[2];
11925 data = (void *)cb->args[3];
11926 data_len = cb->args[4];
11927 vcmd = &rdev->wiphy.vendor_commands[vcmd_idx];
11928
11929 if (vcmd->flags & (WIPHY_VENDOR_CMD_NEED_WDEV |
11930 WIPHY_VENDOR_CMD_NEED_NETDEV)) {
11931 if (!wdev) {
11932 err = -EINVAL;
11933 goto out;
11934 }
11935 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_NETDEV &&
11936 !wdev->netdev) {
11937 err = -EINVAL;
11938 goto out;
11939 }
11940
11941 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_RUNNING) {
11942 if (!wdev_running(wdev)) {
11943 err = -ENETDOWN;
11944 goto out;
11945 }
11946 }
11947 }
11948
11949 while (1) {
11950 void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid,
11951 cb->nlh->nlmsg_seq, NLM_F_MULTI,
11952 NL80211_CMD_VENDOR);
11953 if (!hdr)
11954 break;
11955
11956 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11957 (wdev && nla_put_u64_64bit(skb, NL80211_ATTR_WDEV,
11958 wdev_id(wdev),
11959 NL80211_ATTR_PAD))) {
11960 genlmsg_cancel(skb, hdr);
11961 break;
11962 }
11963
11964 vendor_data = nla_nest_start(skb, NL80211_ATTR_VENDOR_DATA);
11965 if (!vendor_data) {
11966 genlmsg_cancel(skb, hdr);
11967 break;
11968 }
11969
11970 err = vcmd->dumpit(&rdev->wiphy, wdev, skb, data, data_len,
11971 (unsigned long *)&cb->args[5]);
11972 nla_nest_end(skb, vendor_data);
11973
11974 if (err == -ENOBUFS || err == -ENOENT) {
11975 genlmsg_cancel(skb, hdr);
11976 break;
11977 } else if (err) {
11978 genlmsg_cancel(skb, hdr);
11979 goto out;
11980 }
11981
11982 genlmsg_end(skb, hdr);
11983 }
11984
11985 err = skb->len;
11986 out:
11987 rtnl_unlock();
11988 return err;
11989}
11990
11991struct sk_buff *__cfg80211_alloc_reply_skb(struct wiphy *wiphy,
11992 enum nl80211_commands cmd,
11993 enum nl80211_attrs attr,
11994 int approxlen)
11995{
11996 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
11997
11998 if (WARN_ON(!rdev->cur_cmd_info))
11999 return NULL;
12000
12001 return __cfg80211_alloc_vendor_skb(rdev, NULL, approxlen,
12002 rdev->cur_cmd_info->snd_portid,
12003 rdev->cur_cmd_info->snd_seq,
12004 cmd, attr, NULL, GFP_KERNEL);
12005}
12006EXPORT_SYMBOL(__cfg80211_alloc_reply_skb);
12007
12008int cfg80211_vendor_cmd_reply(struct sk_buff *skb)
12009{
12010 struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
12011 void *hdr = ((void **)skb->cb)[1];
12012 struct nlattr *data = ((void **)skb->cb)[2];
12013
12014
12015 memset(skb->cb, 0, sizeof(skb->cb));
12016
12017 if (WARN_ON(!rdev->cur_cmd_info)) {
12018 kfree_skb(skb);
12019 return -EINVAL;
12020 }
12021
12022 nla_nest_end(skb, data);
12023 genlmsg_end(skb, hdr);
12024 return genlmsg_reply(skb, rdev->cur_cmd_info);
12025}
12026EXPORT_SYMBOL_GPL(cfg80211_vendor_cmd_reply);
12027
12028static int nl80211_set_qos_map(struct sk_buff *skb,
12029 struct genl_info *info)
12030{
12031 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12032 struct cfg80211_qos_map *qos_map = NULL;
12033 struct net_device *dev = info->user_ptr[1];
12034 u8 *pos, len, num_des, des_len, des;
12035 int ret;
12036
12037 if (!rdev->ops->set_qos_map)
12038 return -EOPNOTSUPP;
12039
12040 if (info->attrs[NL80211_ATTR_QOS_MAP]) {
12041 pos = nla_data(info->attrs[NL80211_ATTR_QOS_MAP]);
12042 len = nla_len(info->attrs[NL80211_ATTR_QOS_MAP]);
12043
12044 if (len % 2 || len < IEEE80211_QOS_MAP_LEN_MIN ||
12045 len > IEEE80211_QOS_MAP_LEN_MAX)
12046 return -EINVAL;
12047
12048 qos_map = kzalloc(sizeof(struct cfg80211_qos_map), GFP_KERNEL);
12049 if (!qos_map)
12050 return -ENOMEM;
12051
12052 num_des = (len - IEEE80211_QOS_MAP_LEN_MIN) >> 1;
12053 if (num_des) {
12054 des_len = num_des *
12055 sizeof(struct cfg80211_dscp_exception);
12056 memcpy(qos_map->dscp_exception, pos, des_len);
12057 qos_map->num_des = num_des;
12058 for (des = 0; des < num_des; des++) {
12059 if (qos_map->dscp_exception[des].up > 7) {
12060 kfree(qos_map);
12061 return -EINVAL;
12062 }
12063 }
12064 pos += des_len;
12065 }
12066 memcpy(qos_map->up, pos, IEEE80211_QOS_MAP_LEN_MIN);
12067 }
12068
12069 wdev_lock(dev->ieee80211_ptr);
12070 ret = nl80211_key_allowed(dev->ieee80211_ptr);
12071 if (!ret)
12072 ret = rdev_set_qos_map(rdev, dev, qos_map);
12073 wdev_unlock(dev->ieee80211_ptr);
12074
12075 kfree(qos_map);
12076 return ret;
12077}
12078
12079static int nl80211_add_tx_ts(struct sk_buff *skb, struct genl_info *info)
12080{
12081 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12082 struct net_device *dev = info->user_ptr[1];
12083 struct wireless_dev *wdev = dev->ieee80211_ptr;
12084 const u8 *peer;
12085 u8 tsid, up;
12086 u16 admitted_time = 0;
12087 int err;
12088
12089 if (!(rdev->wiphy.features & NL80211_FEATURE_SUPPORTS_WMM_ADMISSION))
12090 return -EOPNOTSUPP;
12091
12092 if (!info->attrs[NL80211_ATTR_TSID] || !info->attrs[NL80211_ATTR_MAC] ||
12093 !info->attrs[NL80211_ATTR_USER_PRIO])
12094 return -EINVAL;
12095
12096 tsid = nla_get_u8(info->attrs[NL80211_ATTR_TSID]);
12097 if (tsid >= IEEE80211_NUM_TIDS)
12098 return -EINVAL;
12099
12100 up = nla_get_u8(info->attrs[NL80211_ATTR_USER_PRIO]);
12101 if (up >= IEEE80211_NUM_UPS)
12102 return -EINVAL;
12103
12104
12105 if (tsid >= IEEE80211_FIRST_TSPEC_TSID) {
12106
12107
12108
12109
12110 return -EINVAL;
12111 }
12112
12113 peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
12114
12115 if (info->attrs[NL80211_ATTR_ADMITTED_TIME]) {
12116 admitted_time =
12117 nla_get_u16(info->attrs[NL80211_ATTR_ADMITTED_TIME]);
12118 if (!admitted_time)
12119 return -EINVAL;
12120 }
12121
12122 wdev_lock(wdev);
12123 switch (wdev->iftype) {
12124 case NL80211_IFTYPE_STATION:
12125 case NL80211_IFTYPE_P2P_CLIENT:
12126 if (wdev->current_bss)
12127 break;
12128 err = -ENOTCONN;
12129 goto out;
12130 default:
12131 err = -EOPNOTSUPP;
12132 goto out;
12133 }
12134
12135 err = rdev_add_tx_ts(rdev, dev, tsid, peer, up, admitted_time);
12136
12137 out:
12138 wdev_unlock(wdev);
12139 return err;
12140}
12141
12142static int nl80211_del_tx_ts(struct sk_buff *skb, struct genl_info *info)
12143{
12144 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12145 struct net_device *dev = info->user_ptr[1];
12146 struct wireless_dev *wdev = dev->ieee80211_ptr;
12147 const u8 *peer;
12148 u8 tsid;
12149 int err;
12150
12151 if (!info->attrs[NL80211_ATTR_TSID] || !info->attrs[NL80211_ATTR_MAC])
12152 return -EINVAL;
12153
12154 tsid = nla_get_u8(info->attrs[NL80211_ATTR_TSID]);
12155 peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
12156
12157 wdev_lock(wdev);
12158 err = rdev_del_tx_ts(rdev, dev, tsid, peer);
12159 wdev_unlock(wdev);
12160
12161 return err;
12162}
12163
12164static int nl80211_tdls_channel_switch(struct sk_buff *skb,
12165 struct genl_info *info)
12166{
12167 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12168 struct net_device *dev = info->user_ptr[1];
12169 struct wireless_dev *wdev = dev->ieee80211_ptr;
12170 struct cfg80211_chan_def chandef = {};
12171 const u8 *addr;
12172 u8 oper_class;
12173 int err;
12174
12175 if (!rdev->ops->tdls_channel_switch ||
12176 !(rdev->wiphy.features & NL80211_FEATURE_TDLS_CHANNEL_SWITCH))
12177 return -EOPNOTSUPP;
12178
12179 switch (dev->ieee80211_ptr->iftype) {
12180 case NL80211_IFTYPE_STATION:
12181 case NL80211_IFTYPE_P2P_CLIENT:
12182 break;
12183 default:
12184 return -EOPNOTSUPP;
12185 }
12186
12187 if (!info->attrs[NL80211_ATTR_MAC] ||
12188 !info->attrs[NL80211_ATTR_OPER_CLASS])
12189 return -EINVAL;
12190
12191 err = nl80211_parse_chandef(rdev, info, &chandef);
12192 if (err)
12193 return err;
12194
12195
12196
12197
12198
12199
12200 if (chandef.chan->band == NL80211_BAND_2GHZ &&
12201 chandef.width != NL80211_CHAN_WIDTH_20_NOHT &&
12202 chandef.width != NL80211_CHAN_WIDTH_20)
12203 return -EINVAL;
12204
12205
12206 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &chandef,
12207 wdev->iftype))
12208 return -EINVAL;
12209
12210
12211 if (cfg80211_chandef_dfs_required(wdev->wiphy, &chandef, wdev->iftype))
12212 return -EINVAL;
12213
12214 addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
12215 oper_class = nla_get_u8(info->attrs[NL80211_ATTR_OPER_CLASS]);
12216
12217 wdev_lock(wdev);
12218 err = rdev_tdls_channel_switch(rdev, dev, addr, oper_class, &chandef);
12219 wdev_unlock(wdev);
12220
12221 return err;
12222}
12223
12224static int nl80211_tdls_cancel_channel_switch(struct sk_buff *skb,
12225 struct genl_info *info)
12226{
12227 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12228 struct net_device *dev = info->user_ptr[1];
12229 struct wireless_dev *wdev = dev->ieee80211_ptr;
12230 const u8 *addr;
12231
12232 if (!rdev->ops->tdls_channel_switch ||
12233 !rdev->ops->tdls_cancel_channel_switch ||
12234 !(rdev->wiphy.features & NL80211_FEATURE_TDLS_CHANNEL_SWITCH))
12235 return -EOPNOTSUPP;
12236
12237 switch (dev->ieee80211_ptr->iftype) {
12238 case NL80211_IFTYPE_STATION:
12239 case NL80211_IFTYPE_P2P_CLIENT:
12240 break;
12241 default:
12242 return -EOPNOTSUPP;
12243 }
12244
12245 if (!info->attrs[NL80211_ATTR_MAC])
12246 return -EINVAL;
12247
12248 addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
12249
12250 wdev_lock(wdev);
12251 rdev_tdls_cancel_channel_switch(rdev, dev, addr);
12252 wdev_unlock(wdev);
12253
12254 return 0;
12255}
12256
12257static int nl80211_set_multicast_to_unicast(struct sk_buff *skb,
12258 struct genl_info *info)
12259{
12260 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12261 struct net_device *dev = info->user_ptr[1];
12262 struct wireless_dev *wdev = dev->ieee80211_ptr;
12263 const struct nlattr *nla;
12264 bool enabled;
12265
12266 if (!rdev->ops->set_multicast_to_unicast)
12267 return -EOPNOTSUPP;
12268
12269 if (wdev->iftype != NL80211_IFTYPE_AP &&
12270 wdev->iftype != NL80211_IFTYPE_P2P_GO)
12271 return -EOPNOTSUPP;
12272
12273 nla = info->attrs[NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED];
12274 enabled = nla_get_flag(nla);
12275
12276 return rdev_set_multicast_to_unicast(rdev, dev, enabled);
12277}
12278
12279static int nl80211_set_pmk(struct sk_buff *skb, struct genl_info *info)
12280{
12281 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12282 struct net_device *dev = info->user_ptr[1];
12283 struct wireless_dev *wdev = dev->ieee80211_ptr;
12284 struct cfg80211_pmk_conf pmk_conf = {};
12285 int ret;
12286
12287 if (wdev->iftype != NL80211_IFTYPE_STATION &&
12288 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
12289 return -EOPNOTSUPP;
12290
12291 if (!wiphy_ext_feature_isset(&rdev->wiphy,
12292 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
12293 return -EOPNOTSUPP;
12294
12295 if (!info->attrs[NL80211_ATTR_MAC] || !info->attrs[NL80211_ATTR_PMK])
12296 return -EINVAL;
12297
12298 wdev_lock(wdev);
12299 if (!wdev->current_bss) {
12300 ret = -ENOTCONN;
12301 goto out;
12302 }
12303
12304 pmk_conf.aa = nla_data(info->attrs[NL80211_ATTR_MAC]);
12305 if (memcmp(pmk_conf.aa, wdev->current_bss->pub.bssid, ETH_ALEN)) {
12306 ret = -EINVAL;
12307 goto out;
12308 }
12309
12310 pmk_conf.pmk = nla_data(info->attrs[NL80211_ATTR_PMK]);
12311 pmk_conf.pmk_len = nla_len(info->attrs[NL80211_ATTR_PMK]);
12312 if (pmk_conf.pmk_len != WLAN_PMK_LEN &&
12313 pmk_conf.pmk_len != WLAN_PMK_LEN_SUITE_B_192) {
12314 ret = -EINVAL;
12315 goto out;
12316 }
12317
12318 if (info->attrs[NL80211_ATTR_PMKR0_NAME]) {
12319 int r0_name_len = nla_len(info->attrs[NL80211_ATTR_PMKR0_NAME]);
12320
12321 if (r0_name_len != WLAN_PMK_NAME_LEN) {
12322 ret = -EINVAL;
12323 goto out;
12324 }
12325
12326 pmk_conf.pmk_r0_name =
12327 nla_data(info->attrs[NL80211_ATTR_PMKR0_NAME]);
12328 }
12329
12330 ret = rdev_set_pmk(rdev, dev, &pmk_conf);
12331out:
12332 wdev_unlock(wdev);
12333 return ret;
12334}
12335
12336static int nl80211_del_pmk(struct sk_buff *skb, struct genl_info *info)
12337{
12338 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12339 struct net_device *dev = info->user_ptr[1];
12340 struct wireless_dev *wdev = dev->ieee80211_ptr;
12341 const u8 *aa;
12342 int ret;
12343
12344 if (wdev->iftype != NL80211_IFTYPE_STATION &&
12345 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
12346 return -EOPNOTSUPP;
12347
12348 if (!wiphy_ext_feature_isset(&rdev->wiphy,
12349 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
12350 return -EOPNOTSUPP;
12351
12352 if (!info->attrs[NL80211_ATTR_MAC])
12353 return -EINVAL;
12354
12355 wdev_lock(wdev);
12356 aa = nla_data(info->attrs[NL80211_ATTR_MAC]);
12357 ret = rdev_del_pmk(rdev, dev, aa);
12358 wdev_unlock(wdev);
12359
12360 return ret;
12361}
12362
12363#define NL80211_FLAG_NEED_WIPHY 0x01
12364#define NL80211_FLAG_NEED_NETDEV 0x02
12365#define NL80211_FLAG_NEED_RTNL 0x04
12366#define NL80211_FLAG_CHECK_NETDEV_UP 0x08
12367#define NL80211_FLAG_NEED_NETDEV_UP (NL80211_FLAG_NEED_NETDEV |\
12368 NL80211_FLAG_CHECK_NETDEV_UP)
12369#define NL80211_FLAG_NEED_WDEV 0x10
12370
12371#define NL80211_FLAG_NEED_WDEV_UP (NL80211_FLAG_NEED_WDEV |\
12372 NL80211_FLAG_CHECK_NETDEV_UP)
12373#define NL80211_FLAG_CLEAR_SKB 0x20
12374
12375static int nl80211_pre_doit(const struct genl_ops *ops, struct sk_buff *skb,
12376 struct genl_info *info)
12377{
12378 struct cfg80211_registered_device *rdev;
12379 struct wireless_dev *wdev;
12380 struct net_device *dev;
12381 bool rtnl = ops->internal_flags & NL80211_FLAG_NEED_RTNL;
12382
12383 if (rtnl)
12384 rtnl_lock();
12385
12386 if (ops->internal_flags & NL80211_FLAG_NEED_WIPHY) {
12387 rdev = cfg80211_get_dev_from_info(genl_info_net(info), info);
12388 if (IS_ERR(rdev)) {
12389 if (rtnl)
12390 rtnl_unlock();
12391 return PTR_ERR(rdev);
12392 }
12393 info->user_ptr[0] = rdev;
12394 } else if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV ||
12395 ops->internal_flags & NL80211_FLAG_NEED_WDEV) {
12396 ASSERT_RTNL();
12397
12398 wdev = __cfg80211_wdev_from_attrs(genl_info_net(info),
12399 info->attrs);
12400 if (IS_ERR(wdev)) {
12401 if (rtnl)
12402 rtnl_unlock();
12403 return PTR_ERR(wdev);
12404 }
12405
12406 dev = wdev->netdev;
12407 rdev = wiphy_to_rdev(wdev->wiphy);
12408
12409 if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV) {
12410 if (!dev) {
12411 if (rtnl)
12412 rtnl_unlock();
12413 return -EINVAL;
12414 }
12415
12416 info->user_ptr[1] = dev;
12417 } else {
12418 info->user_ptr[1] = wdev;
12419 }
12420
12421 if (ops->internal_flags & NL80211_FLAG_CHECK_NETDEV_UP &&
12422 !wdev_running(wdev)) {
12423 if (rtnl)
12424 rtnl_unlock();
12425 return -ENETDOWN;
12426 }
12427
12428 if (dev)
12429 dev_hold(dev);
12430
12431 info->user_ptr[0] = rdev;
12432 }
12433
12434 return 0;
12435}
12436
12437static void nl80211_post_doit(const struct genl_ops *ops, struct sk_buff *skb,
12438 struct genl_info *info)
12439{
12440 if (info->user_ptr[1]) {
12441 if (ops->internal_flags & NL80211_FLAG_NEED_WDEV) {
12442 struct wireless_dev *wdev = info->user_ptr[1];
12443
12444 if (wdev->netdev)
12445 dev_put(wdev->netdev);
12446 } else {
12447 dev_put(info->user_ptr[1]);
12448 }
12449 }
12450
12451 if (ops->internal_flags & NL80211_FLAG_NEED_RTNL)
12452 rtnl_unlock();
12453
12454
12455
12456
12457
12458
12459 if (ops->internal_flags & NL80211_FLAG_CLEAR_SKB) {
12460 struct nlmsghdr *nlh = nlmsg_hdr(skb);
12461
12462 memset(nlmsg_data(nlh), 0, nlmsg_len(nlh));
12463 }
12464}
12465
12466static const struct genl_ops nl80211_ops[] = {
12467 {
12468 .cmd = NL80211_CMD_GET_WIPHY,
12469 .doit = nl80211_get_wiphy,
12470 .dumpit = nl80211_dump_wiphy,
12471 .done = nl80211_dump_wiphy_done,
12472 .policy = nl80211_policy,
12473
12474 .internal_flags = NL80211_FLAG_NEED_WIPHY |
12475 NL80211_FLAG_NEED_RTNL,
12476 },
12477 {
12478 .cmd = NL80211_CMD_SET_WIPHY,
12479 .doit = nl80211_set_wiphy,
12480 .policy = nl80211_policy,
12481 .flags = GENL_UNS_ADMIN_PERM,
12482 .internal_flags = NL80211_FLAG_NEED_RTNL,
12483 },
12484 {
12485 .cmd = NL80211_CMD_GET_INTERFACE,
12486 .doit = nl80211_get_interface,
12487 .dumpit = nl80211_dump_interface,
12488 .policy = nl80211_policy,
12489
12490 .internal_flags = NL80211_FLAG_NEED_WDEV |
12491 NL80211_FLAG_NEED_RTNL,
12492 },
12493 {
12494 .cmd = NL80211_CMD_SET_INTERFACE,
12495 .doit = nl80211_set_interface,
12496 .policy = nl80211_policy,
12497 .flags = GENL_UNS_ADMIN_PERM,
12498 .internal_flags = NL80211_FLAG_NEED_NETDEV |
12499 NL80211_FLAG_NEED_RTNL,
12500 },
12501 {
12502 .cmd = NL80211_CMD_NEW_INTERFACE,
12503 .doit = nl80211_new_interface,
12504 .policy = nl80211_policy,
12505 .flags = GENL_UNS_ADMIN_PERM,
12506 .internal_flags = NL80211_FLAG_NEED_WIPHY |
12507 NL80211_FLAG_NEED_RTNL,
12508 },
12509 {
12510 .cmd = NL80211_CMD_DEL_INTERFACE,
12511 .doit = nl80211_del_interface,
12512 .policy = nl80211_policy,
12513 .flags = GENL_UNS_ADMIN_PERM,
12514 .internal_flags = NL80211_FLAG_NEED_WDEV |
12515 NL80211_FLAG_NEED_RTNL,
12516 },
12517 {
12518 .cmd = NL80211_CMD_GET_KEY,
12519 .doit = nl80211_get_key,
12520 .policy = nl80211_policy,
12521 .flags = GENL_UNS_ADMIN_PERM,
12522 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12523 NL80211_FLAG_NEED_RTNL,
12524 },
12525 {
12526 .cmd = NL80211_CMD_SET_KEY,
12527 .doit = nl80211_set_key,
12528 .policy = nl80211_policy,
12529 .flags = GENL_UNS_ADMIN_PERM,
12530 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12531 NL80211_FLAG_NEED_RTNL |
12532 NL80211_FLAG_CLEAR_SKB,
12533 },
12534 {
12535 .cmd = NL80211_CMD_NEW_KEY,
12536 .doit = nl80211_new_key,
12537 .policy = nl80211_policy,
12538 .flags = GENL_UNS_ADMIN_PERM,
12539 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12540 NL80211_FLAG_NEED_RTNL |
12541 NL80211_FLAG_CLEAR_SKB,
12542 },
12543 {
12544 .cmd = NL80211_CMD_DEL_KEY,
12545 .doit = nl80211_del_key,
12546 .policy = nl80211_policy,
12547 .flags = GENL_UNS_ADMIN_PERM,
12548 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12549 NL80211_FLAG_NEED_RTNL,
12550 },
12551 {
12552 .cmd = NL80211_CMD_SET_BEACON,
12553 .policy = nl80211_policy,
12554 .flags = GENL_UNS_ADMIN_PERM,
12555 .doit = nl80211_set_beacon,
12556 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12557 NL80211_FLAG_NEED_RTNL,
12558 },
12559 {
12560 .cmd = NL80211_CMD_START_AP,
12561 .policy = nl80211_policy,
12562 .flags = GENL_UNS_ADMIN_PERM,
12563 .doit = nl80211_start_ap,
12564 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12565 NL80211_FLAG_NEED_RTNL,
12566 },
12567 {
12568 .cmd = NL80211_CMD_STOP_AP,
12569 .policy = nl80211_policy,
12570 .flags = GENL_UNS_ADMIN_PERM,
12571 .doit = nl80211_stop_ap,
12572 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12573 NL80211_FLAG_NEED_RTNL,
12574 },
12575 {
12576 .cmd = NL80211_CMD_GET_STATION,
12577 .doit = nl80211_get_station,
12578 .dumpit = nl80211_dump_station,
12579 .policy = nl80211_policy,
12580 .internal_flags = NL80211_FLAG_NEED_NETDEV |
12581 NL80211_FLAG_NEED_RTNL,
12582 },
12583 {
12584 .cmd = NL80211_CMD_SET_STATION,
12585 .doit = nl80211_set_station,
12586 .policy = nl80211_policy,
12587 .flags = GENL_UNS_ADMIN_PERM,
12588 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12589 NL80211_FLAG_NEED_RTNL,
12590 },
12591 {
12592 .cmd = NL80211_CMD_NEW_STATION,
12593 .doit = nl80211_new_station,
12594 .policy = nl80211_policy,
12595 .flags = GENL_UNS_ADMIN_PERM,
12596 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12597 NL80211_FLAG_NEED_RTNL,
12598 },
12599 {
12600 .cmd = NL80211_CMD_DEL_STATION,
12601 .doit = nl80211_del_station,
12602 .policy = nl80211_policy,
12603 .flags = GENL_UNS_ADMIN_PERM,
12604 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12605 NL80211_FLAG_NEED_RTNL,
12606 },
12607 {
12608 .cmd = NL80211_CMD_GET_MPATH,
12609 .doit = nl80211_get_mpath,
12610 .dumpit = nl80211_dump_mpath,
12611 .policy = nl80211_policy,
12612 .flags = GENL_UNS_ADMIN_PERM,
12613 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12614 NL80211_FLAG_NEED_RTNL,
12615 },
12616 {
12617 .cmd = NL80211_CMD_GET_MPP,
12618 .doit = nl80211_get_mpp,
12619 .dumpit = nl80211_dump_mpp,
12620 .policy = nl80211_policy,
12621 .flags = GENL_UNS_ADMIN_PERM,
12622 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12623 NL80211_FLAG_NEED_RTNL,
12624 },
12625 {
12626 .cmd = NL80211_CMD_SET_MPATH,
12627 .doit = nl80211_set_mpath,
12628 .policy = nl80211_policy,
12629 .flags = GENL_UNS_ADMIN_PERM,
12630 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12631 NL80211_FLAG_NEED_RTNL,
12632 },
12633 {
12634 .cmd = NL80211_CMD_NEW_MPATH,
12635 .doit = nl80211_new_mpath,
12636 .policy = nl80211_policy,
12637 .flags = GENL_UNS_ADMIN_PERM,
12638 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12639 NL80211_FLAG_NEED_RTNL,
12640 },
12641 {
12642 .cmd = NL80211_CMD_DEL_MPATH,
12643 .doit = nl80211_del_mpath,
12644 .policy = nl80211_policy,
12645 .flags = GENL_UNS_ADMIN_PERM,
12646 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12647 NL80211_FLAG_NEED_RTNL,
12648 },
12649 {
12650 .cmd = NL80211_CMD_SET_BSS,
12651 .doit = nl80211_set_bss,
12652 .policy = nl80211_policy,
12653 .flags = GENL_UNS_ADMIN_PERM,
12654 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12655 NL80211_FLAG_NEED_RTNL,
12656 },
12657 {
12658 .cmd = NL80211_CMD_GET_REG,
12659 .doit = nl80211_get_reg_do,
12660 .dumpit = nl80211_get_reg_dump,
12661 .policy = nl80211_policy,
12662 .internal_flags = NL80211_FLAG_NEED_RTNL,
12663
12664 },
12665#ifdef CONFIG_CFG80211_CRDA_SUPPORT
12666 {
12667 .cmd = NL80211_CMD_SET_REG,
12668 .doit = nl80211_set_reg,
12669 .policy = nl80211_policy,
12670 .flags = GENL_ADMIN_PERM,
12671 .internal_flags = NL80211_FLAG_NEED_RTNL,
12672 },
12673#endif
12674 {
12675 .cmd = NL80211_CMD_REQ_SET_REG,
12676 .doit = nl80211_req_set_reg,
12677 .policy = nl80211_policy,
12678 .flags = GENL_ADMIN_PERM,
12679 },
12680 {
12681 .cmd = NL80211_CMD_GET_MESH_CONFIG,
12682 .doit = nl80211_get_mesh_config,
12683 .policy = nl80211_policy,
12684
12685 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12686 NL80211_FLAG_NEED_RTNL,
12687 },
12688 {
12689 .cmd = NL80211_CMD_SET_MESH_CONFIG,
12690 .doit = nl80211_update_mesh_config,
12691 .policy = nl80211_policy,
12692 .flags = GENL_UNS_ADMIN_PERM,
12693 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12694 NL80211_FLAG_NEED_RTNL,
12695 },
12696 {
12697 .cmd = NL80211_CMD_TRIGGER_SCAN,
12698 .doit = nl80211_trigger_scan,
12699 .policy = nl80211_policy,
12700 .flags = GENL_UNS_ADMIN_PERM,
12701 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
12702 NL80211_FLAG_NEED_RTNL,
12703 },
12704 {
12705 .cmd = NL80211_CMD_ABORT_SCAN,
12706 .doit = nl80211_abort_scan,
12707 .policy = nl80211_policy,
12708 .flags = GENL_UNS_ADMIN_PERM,
12709 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
12710 NL80211_FLAG_NEED_RTNL,
12711 },
12712 {
12713 .cmd = NL80211_CMD_GET_SCAN,
12714 .policy = nl80211_policy,
12715 .dumpit = nl80211_dump_scan,
12716 },
12717 {
12718 .cmd = NL80211_CMD_START_SCHED_SCAN,
12719 .doit = nl80211_start_sched_scan,
12720 .policy = nl80211_policy,
12721 .flags = GENL_UNS_ADMIN_PERM,
12722 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12723 NL80211_FLAG_NEED_RTNL,
12724 },
12725 {
12726 .cmd = NL80211_CMD_STOP_SCHED_SCAN,
12727 .doit = nl80211_stop_sched_scan,
12728 .policy = nl80211_policy,
12729 .flags = GENL_UNS_ADMIN_PERM,
12730 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12731 NL80211_FLAG_NEED_RTNL,
12732 },
12733 {
12734 .cmd = NL80211_CMD_AUTHENTICATE,
12735 .doit = nl80211_authenticate,
12736 .policy = nl80211_policy,
12737 .flags = GENL_UNS_ADMIN_PERM,
12738 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12739 NL80211_FLAG_NEED_RTNL |
12740 NL80211_FLAG_CLEAR_SKB,
12741 },
12742 {
12743 .cmd = NL80211_CMD_ASSOCIATE,
12744 .doit = nl80211_associate,
12745 .policy = nl80211_policy,
12746 .flags = GENL_UNS_ADMIN_PERM,
12747 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12748 NL80211_FLAG_NEED_RTNL,
12749 },
12750 {
12751 .cmd = NL80211_CMD_DEAUTHENTICATE,
12752 .doit = nl80211_deauthenticate,
12753 .policy = nl80211_policy,
12754 .flags = GENL_UNS_ADMIN_PERM,
12755 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12756 NL80211_FLAG_NEED_RTNL,
12757 },
12758 {
12759 .cmd = NL80211_CMD_DISASSOCIATE,
12760 .doit = nl80211_disassociate,
12761 .policy = nl80211_policy,
12762 .flags = GENL_UNS_ADMIN_PERM,
12763 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12764 NL80211_FLAG_NEED_RTNL,
12765 },
12766 {
12767 .cmd = NL80211_CMD_JOIN_IBSS,
12768 .doit = nl80211_join_ibss,
12769 .policy = nl80211_policy,
12770 .flags = GENL_UNS_ADMIN_PERM,
12771 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12772 NL80211_FLAG_NEED_RTNL,
12773 },
12774 {
12775 .cmd = NL80211_CMD_LEAVE_IBSS,
12776 .doit = nl80211_leave_ibss,
12777 .policy = nl80211_policy,
12778 .flags = GENL_UNS_ADMIN_PERM,
12779 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12780 NL80211_FLAG_NEED_RTNL,
12781 },
12782#ifdef CONFIG_NL80211_TESTMODE
12783 {
12784 .cmd = NL80211_CMD_TESTMODE,
12785 .doit = nl80211_testmode_do,
12786 .dumpit = nl80211_testmode_dump,
12787 .policy = nl80211_policy,
12788 .flags = GENL_UNS_ADMIN_PERM,
12789 .internal_flags = NL80211_FLAG_NEED_WIPHY |
12790 NL80211_FLAG_NEED_RTNL,
12791 },
12792#endif
12793 {
12794 .cmd = NL80211_CMD_CONNECT,
12795 .doit = nl80211_connect,
12796 .policy = nl80211_policy,
12797 .flags = GENL_UNS_ADMIN_PERM,
12798 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12799 NL80211_FLAG_NEED_RTNL,
12800 },
12801 {
12802 .cmd = NL80211_CMD_UPDATE_CONNECT_PARAMS,
12803 .doit = nl80211_update_connect_params,
12804 .policy = nl80211_policy,
12805 .flags = GENL_ADMIN_PERM,
12806 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12807 NL80211_FLAG_NEED_RTNL,
12808 },
12809 {
12810 .cmd = NL80211_CMD_DISCONNECT,
12811 .doit = nl80211_disconnect,
12812 .policy = nl80211_policy,
12813 .flags = GENL_UNS_ADMIN_PERM,
12814 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12815 NL80211_FLAG_NEED_RTNL,
12816 },
12817 {
12818 .cmd = NL80211_CMD_SET_WIPHY_NETNS,
12819 .doit = nl80211_wiphy_netns,
12820 .policy = nl80211_policy,
12821 .flags = GENL_UNS_ADMIN_PERM,
12822 .internal_flags = NL80211_FLAG_NEED_WIPHY |
12823 NL80211_FLAG_NEED_RTNL,
12824 },
12825 {
12826 .cmd = NL80211_CMD_GET_SURVEY,
12827 .policy = nl80211_policy,
12828 .dumpit = nl80211_dump_survey,
12829 },
12830 {
12831 .cmd = NL80211_CMD_SET_PMKSA,
12832 .doit = nl80211_setdel_pmksa,
12833 .policy = nl80211_policy,
12834 .flags = GENL_UNS_ADMIN_PERM,
12835 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12836 NL80211_FLAG_NEED_RTNL,
12837 },
12838 {
12839 .cmd = NL80211_CMD_DEL_PMKSA,
12840 .doit = nl80211_setdel_pmksa,
12841 .policy = nl80211_policy,
12842 .flags = GENL_UNS_ADMIN_PERM,
12843 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12844 NL80211_FLAG_NEED_RTNL,
12845 },
12846 {
12847 .cmd = NL80211_CMD_FLUSH_PMKSA,
12848 .doit = nl80211_flush_pmksa,
12849 .policy = nl80211_policy,
12850 .flags = GENL_UNS_ADMIN_PERM,
12851 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12852 NL80211_FLAG_NEED_RTNL,
12853 },
12854 {
12855 .cmd = NL80211_CMD_REMAIN_ON_CHANNEL,
12856 .doit = nl80211_remain_on_channel,
12857 .policy = nl80211_policy,
12858 .flags = GENL_UNS_ADMIN_PERM,
12859 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
12860 NL80211_FLAG_NEED_RTNL,
12861 },
12862 {
12863 .cmd = NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
12864 .doit = nl80211_cancel_remain_on_channel,
12865 .policy = nl80211_policy,
12866 .flags = GENL_UNS_ADMIN_PERM,
12867 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
12868 NL80211_FLAG_NEED_RTNL,
12869 },
12870 {
12871 .cmd = NL80211_CMD_SET_TX_BITRATE_MASK,
12872 .doit = nl80211_set_tx_bitrate_mask,
12873 .policy = nl80211_policy,
12874 .flags = GENL_UNS_ADMIN_PERM,
12875 .internal_flags = NL80211_FLAG_NEED_NETDEV |
12876 NL80211_FLAG_NEED_RTNL,
12877 },
12878 {
12879 .cmd = NL80211_CMD_REGISTER_FRAME,
12880 .doit = nl80211_register_mgmt,
12881 .policy = nl80211_policy,
12882 .flags = GENL_UNS_ADMIN_PERM,
12883 .internal_flags = NL80211_FLAG_NEED_WDEV |
12884 NL80211_FLAG_NEED_RTNL,
12885 },
12886 {
12887 .cmd = NL80211_CMD_FRAME,
12888 .doit = nl80211_tx_mgmt,
12889 .policy = nl80211_policy,
12890 .flags = GENL_UNS_ADMIN_PERM,
12891 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
12892 NL80211_FLAG_NEED_RTNL,
12893 },
12894 {
12895 .cmd = NL80211_CMD_FRAME_WAIT_CANCEL,
12896 .doit = nl80211_tx_mgmt_cancel_wait,
12897 .policy = nl80211_policy,
12898 .flags = GENL_UNS_ADMIN_PERM,
12899 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
12900 NL80211_FLAG_NEED_RTNL,
12901 },
12902 {
12903 .cmd = NL80211_CMD_SET_POWER_SAVE,
12904 .doit = nl80211_set_power_save,
12905 .policy = nl80211_policy,
12906 .flags = GENL_UNS_ADMIN_PERM,
12907 .internal_flags = NL80211_FLAG_NEED_NETDEV |
12908 NL80211_FLAG_NEED_RTNL,
12909 },
12910 {
12911 .cmd = NL80211_CMD_GET_POWER_SAVE,
12912 .doit = nl80211_get_power_save,
12913 .policy = nl80211_policy,
12914
12915 .internal_flags = NL80211_FLAG_NEED_NETDEV |
12916 NL80211_FLAG_NEED_RTNL,
12917 },
12918 {
12919 .cmd = NL80211_CMD_SET_CQM,
12920 .doit = nl80211_set_cqm,
12921 .policy = nl80211_policy,
12922 .flags = GENL_UNS_ADMIN_PERM,
12923 .internal_flags = NL80211_FLAG_NEED_NETDEV |
12924 NL80211_FLAG_NEED_RTNL,
12925 },
12926 {
12927 .cmd = NL80211_CMD_SET_CHANNEL,
12928 .doit = nl80211_set_channel,
12929 .policy = nl80211_policy,
12930 .flags = GENL_UNS_ADMIN_PERM,
12931 .internal_flags = NL80211_FLAG_NEED_NETDEV |
12932 NL80211_FLAG_NEED_RTNL,
12933 },
12934 {
12935 .cmd = NL80211_CMD_SET_WDS_PEER,
12936 .doit = nl80211_set_wds_peer,
12937 .policy = nl80211_policy,
12938 .flags = GENL_UNS_ADMIN_PERM,
12939 .internal_flags = NL80211_FLAG_NEED_NETDEV |
12940 NL80211_FLAG_NEED_RTNL,
12941 },
12942 {
12943 .cmd = NL80211_CMD_JOIN_MESH,
12944 .doit = nl80211_join_mesh,
12945 .policy = nl80211_policy,
12946 .flags = GENL_UNS_ADMIN_PERM,
12947 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12948 NL80211_FLAG_NEED_RTNL,
12949 },
12950 {
12951 .cmd = NL80211_CMD_LEAVE_MESH,
12952 .doit = nl80211_leave_mesh,
12953 .policy = nl80211_policy,
12954 .flags = GENL_UNS_ADMIN_PERM,
12955 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12956 NL80211_FLAG_NEED_RTNL,
12957 },
12958 {
12959 .cmd = NL80211_CMD_JOIN_OCB,
12960 .doit = nl80211_join_ocb,
12961 .policy = nl80211_policy,
12962 .flags = GENL_UNS_ADMIN_PERM,
12963 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12964 NL80211_FLAG_NEED_RTNL,
12965 },
12966 {
12967 .cmd = NL80211_CMD_LEAVE_OCB,
12968 .doit = nl80211_leave_ocb,
12969 .policy = nl80211_policy,
12970 .flags = GENL_UNS_ADMIN_PERM,
12971 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12972 NL80211_FLAG_NEED_RTNL,
12973 },
12974#ifdef CONFIG_PM
12975 {
12976 .cmd = NL80211_CMD_GET_WOWLAN,
12977 .doit = nl80211_get_wowlan,
12978 .policy = nl80211_policy,
12979
12980 .internal_flags = NL80211_FLAG_NEED_WIPHY |
12981 NL80211_FLAG_NEED_RTNL,
12982 },
12983 {
12984 .cmd = NL80211_CMD_SET_WOWLAN,
12985 .doit = nl80211_set_wowlan,
12986 .policy = nl80211_policy,
12987 .flags = GENL_UNS_ADMIN_PERM,
12988 .internal_flags = NL80211_FLAG_NEED_WIPHY |
12989 NL80211_FLAG_NEED_RTNL,
12990 },
12991#endif
12992 {
12993 .cmd = NL80211_CMD_SET_REKEY_OFFLOAD,
12994 .doit = nl80211_set_rekey_data,
12995 .policy = nl80211_policy,
12996 .flags = GENL_UNS_ADMIN_PERM,
12997 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
12998 NL80211_FLAG_NEED_RTNL |
12999 NL80211_FLAG_CLEAR_SKB,
13000 },
13001 {
13002 .cmd = NL80211_CMD_TDLS_MGMT,
13003 .doit = nl80211_tdls_mgmt,
13004 .policy = nl80211_policy,
13005 .flags = GENL_UNS_ADMIN_PERM,
13006 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13007 NL80211_FLAG_NEED_RTNL,
13008 },
13009 {
13010 .cmd = NL80211_CMD_TDLS_OPER,
13011 .doit = nl80211_tdls_oper,
13012 .policy = nl80211_policy,
13013 .flags = GENL_UNS_ADMIN_PERM,
13014 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13015 NL80211_FLAG_NEED_RTNL,
13016 },
13017 {
13018 .cmd = NL80211_CMD_UNEXPECTED_FRAME,
13019 .doit = nl80211_register_unexpected_frame,
13020 .policy = nl80211_policy,
13021 .flags = GENL_UNS_ADMIN_PERM,
13022 .internal_flags = NL80211_FLAG_NEED_NETDEV |
13023 NL80211_FLAG_NEED_RTNL,
13024 },
13025 {
13026 .cmd = NL80211_CMD_PROBE_CLIENT,
13027 .doit = nl80211_probe_client,
13028 .policy = nl80211_policy,
13029 .flags = GENL_UNS_ADMIN_PERM,
13030 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13031 NL80211_FLAG_NEED_RTNL,
13032 },
13033 {
13034 .cmd = NL80211_CMD_REGISTER_BEACONS,
13035 .doit = nl80211_register_beacons,
13036 .policy = nl80211_policy,
13037 .flags = GENL_UNS_ADMIN_PERM,
13038 .internal_flags = NL80211_FLAG_NEED_WIPHY |
13039 NL80211_FLAG_NEED_RTNL,
13040 },
13041 {
13042 .cmd = NL80211_CMD_SET_NOACK_MAP,
13043 .doit = nl80211_set_noack_map,
13044 .policy = nl80211_policy,
13045 .flags = GENL_UNS_ADMIN_PERM,
13046 .internal_flags = NL80211_FLAG_NEED_NETDEV |
13047 NL80211_FLAG_NEED_RTNL,
13048 },
13049 {
13050 .cmd = NL80211_CMD_START_P2P_DEVICE,
13051 .doit = nl80211_start_p2p_device,
13052 .policy = nl80211_policy,
13053 .flags = GENL_UNS_ADMIN_PERM,
13054 .internal_flags = NL80211_FLAG_NEED_WDEV |
13055 NL80211_FLAG_NEED_RTNL,
13056 },
13057 {
13058 .cmd = NL80211_CMD_STOP_P2P_DEVICE,
13059 .doit = nl80211_stop_p2p_device,
13060 .policy = nl80211_policy,
13061 .flags = GENL_UNS_ADMIN_PERM,
13062 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
13063 NL80211_FLAG_NEED_RTNL,
13064 },
13065 {
13066 .cmd = NL80211_CMD_START_NAN,
13067 .doit = nl80211_start_nan,
13068 .policy = nl80211_policy,
13069 .flags = GENL_ADMIN_PERM,
13070 .internal_flags = NL80211_FLAG_NEED_WDEV |
13071 NL80211_FLAG_NEED_RTNL,
13072 },
13073 {
13074 .cmd = NL80211_CMD_STOP_NAN,
13075 .doit = nl80211_stop_nan,
13076 .policy = nl80211_policy,
13077 .flags = GENL_ADMIN_PERM,
13078 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
13079 NL80211_FLAG_NEED_RTNL,
13080 },
13081 {
13082 .cmd = NL80211_CMD_ADD_NAN_FUNCTION,
13083 .doit = nl80211_nan_add_func,
13084 .policy = nl80211_policy,
13085 .flags = GENL_ADMIN_PERM,
13086 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
13087 NL80211_FLAG_NEED_RTNL,
13088 },
13089 {
13090 .cmd = NL80211_CMD_DEL_NAN_FUNCTION,
13091 .doit = nl80211_nan_del_func,
13092 .policy = nl80211_policy,
13093 .flags = GENL_ADMIN_PERM,
13094 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
13095 NL80211_FLAG_NEED_RTNL,
13096 },
13097 {
13098 .cmd = NL80211_CMD_CHANGE_NAN_CONFIG,
13099 .doit = nl80211_nan_change_config,
13100 .policy = nl80211_policy,
13101 .flags = GENL_ADMIN_PERM,
13102 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
13103 NL80211_FLAG_NEED_RTNL,
13104 },
13105 {
13106 .cmd = NL80211_CMD_SET_MCAST_RATE,
13107 .doit = nl80211_set_mcast_rate,
13108 .policy = nl80211_policy,
13109 .flags = GENL_UNS_ADMIN_PERM,
13110 .internal_flags = NL80211_FLAG_NEED_NETDEV |
13111 NL80211_FLAG_NEED_RTNL,
13112 },
13113 {
13114 .cmd = NL80211_CMD_SET_MAC_ACL,
13115 .doit = nl80211_set_mac_acl,
13116 .policy = nl80211_policy,
13117 .flags = GENL_UNS_ADMIN_PERM,
13118 .internal_flags = NL80211_FLAG_NEED_NETDEV |
13119 NL80211_FLAG_NEED_RTNL,
13120 },
13121 {
13122 .cmd = NL80211_CMD_RADAR_DETECT,
13123 .doit = nl80211_start_radar_detection,
13124 .policy = nl80211_policy,
13125 .flags = GENL_UNS_ADMIN_PERM,
13126 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13127 NL80211_FLAG_NEED_RTNL,
13128 },
13129 {
13130 .cmd = NL80211_CMD_GET_PROTOCOL_FEATURES,
13131 .doit = nl80211_get_protocol_features,
13132 .policy = nl80211_policy,
13133 },
13134 {
13135 .cmd = NL80211_CMD_UPDATE_FT_IES,
13136 .doit = nl80211_update_ft_ies,
13137 .policy = nl80211_policy,
13138 .flags = GENL_UNS_ADMIN_PERM,
13139 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13140 NL80211_FLAG_NEED_RTNL,
13141 },
13142 {
13143 .cmd = NL80211_CMD_CRIT_PROTOCOL_START,
13144 .doit = nl80211_crit_protocol_start,
13145 .policy = nl80211_policy,
13146 .flags = GENL_UNS_ADMIN_PERM,
13147 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
13148 NL80211_FLAG_NEED_RTNL,
13149 },
13150 {
13151 .cmd = NL80211_CMD_CRIT_PROTOCOL_STOP,
13152 .doit = nl80211_crit_protocol_stop,
13153 .policy = nl80211_policy,
13154 .flags = GENL_UNS_ADMIN_PERM,
13155 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
13156 NL80211_FLAG_NEED_RTNL,
13157 },
13158 {
13159 .cmd = NL80211_CMD_GET_COALESCE,
13160 .doit = nl80211_get_coalesce,
13161 .policy = nl80211_policy,
13162 .internal_flags = NL80211_FLAG_NEED_WIPHY |
13163 NL80211_FLAG_NEED_RTNL,
13164 },
13165 {
13166 .cmd = NL80211_CMD_SET_COALESCE,
13167 .doit = nl80211_set_coalesce,
13168 .policy = nl80211_policy,
13169 .flags = GENL_UNS_ADMIN_PERM,
13170 .internal_flags = NL80211_FLAG_NEED_WIPHY |
13171 NL80211_FLAG_NEED_RTNL,
13172 },
13173 {
13174 .cmd = NL80211_CMD_CHANNEL_SWITCH,
13175 .doit = nl80211_channel_switch,
13176 .policy = nl80211_policy,
13177 .flags = GENL_UNS_ADMIN_PERM,
13178 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13179 NL80211_FLAG_NEED_RTNL,
13180 },
13181 {
13182 .cmd = NL80211_CMD_VENDOR,
13183 .doit = nl80211_vendor_cmd,
13184 .dumpit = nl80211_vendor_cmd_dump,
13185 .policy = nl80211_policy,
13186 .flags = GENL_UNS_ADMIN_PERM,
13187 .internal_flags = NL80211_FLAG_NEED_WIPHY |
13188 NL80211_FLAG_NEED_RTNL,
13189 },
13190 {
13191 .cmd = NL80211_CMD_SET_QOS_MAP,
13192 .doit = nl80211_set_qos_map,
13193 .policy = nl80211_policy,
13194 .flags = GENL_UNS_ADMIN_PERM,
13195 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13196 NL80211_FLAG_NEED_RTNL,
13197 },
13198 {
13199 .cmd = NL80211_CMD_ADD_TX_TS,
13200 .doit = nl80211_add_tx_ts,
13201 .policy = nl80211_policy,
13202 .flags = GENL_UNS_ADMIN_PERM,
13203 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13204 NL80211_FLAG_NEED_RTNL,
13205 },
13206 {
13207 .cmd = NL80211_CMD_DEL_TX_TS,
13208 .doit = nl80211_del_tx_ts,
13209 .policy = nl80211_policy,
13210 .flags = GENL_UNS_ADMIN_PERM,
13211 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13212 NL80211_FLAG_NEED_RTNL,
13213 },
13214 {
13215 .cmd = NL80211_CMD_TDLS_CHANNEL_SWITCH,
13216 .doit = nl80211_tdls_channel_switch,
13217 .policy = nl80211_policy,
13218 .flags = GENL_UNS_ADMIN_PERM,
13219 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13220 NL80211_FLAG_NEED_RTNL,
13221 },
13222 {
13223 .cmd = NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH,
13224 .doit = nl80211_tdls_cancel_channel_switch,
13225 .policy = nl80211_policy,
13226 .flags = GENL_UNS_ADMIN_PERM,
13227 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13228 NL80211_FLAG_NEED_RTNL,
13229 },
13230 {
13231 .cmd = NL80211_CMD_SET_MULTICAST_TO_UNICAST,
13232 .doit = nl80211_set_multicast_to_unicast,
13233 .policy = nl80211_policy,
13234 .flags = GENL_UNS_ADMIN_PERM,
13235 .internal_flags = NL80211_FLAG_NEED_NETDEV |
13236 NL80211_FLAG_NEED_RTNL,
13237 },
13238 {
13239 .cmd = NL80211_CMD_SET_PMK,
13240 .doit = nl80211_set_pmk,
13241 .policy = nl80211_policy,
13242 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13243 NL80211_FLAG_NEED_RTNL,
13244 },
13245 {
13246 .cmd = NL80211_CMD_DEL_PMK,
13247 .doit = nl80211_del_pmk,
13248 .policy = nl80211_policy,
13249 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13250 NL80211_FLAG_NEED_RTNL,
13251 },
13252
13253};
13254
13255static struct genl_family nl80211_fam = {
13256 .name = NL80211_GENL_NAME,
13257 .hdrsize = 0,
13258 .version = 1,
13259 .maxattr = NL80211_ATTR_MAX,
13260 .netnsok = true,
13261 .pre_doit = nl80211_pre_doit,
13262 .post_doit = nl80211_post_doit,
13263 .module = THIS_MODULE,
13264 .ops = nl80211_ops,
13265 .n_ops = ARRAY_SIZE(nl80211_ops),
13266 .mcgrps = nl80211_mcgrps,
13267 .n_mcgrps = ARRAY_SIZE(nl80211_mcgrps),
13268};
13269
13270
13271
13272void nl80211_notify_wiphy(struct cfg80211_registered_device *rdev,
13273 enum nl80211_commands cmd)
13274{
13275 struct sk_buff *msg;
13276 struct nl80211_dump_wiphy_state state = {};
13277
13278 WARN_ON(cmd != NL80211_CMD_NEW_WIPHY &&
13279 cmd != NL80211_CMD_DEL_WIPHY);
13280
13281 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
13282 if (!msg)
13283 return;
13284
13285 if (nl80211_send_wiphy(rdev, cmd, msg, 0, 0, 0, &state) < 0) {
13286 nlmsg_free(msg);
13287 return;
13288 }
13289
13290 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
13291 NL80211_MCGRP_CONFIG, GFP_KERNEL);
13292}
13293
13294void nl80211_notify_iface(struct cfg80211_registered_device *rdev,
13295 struct wireless_dev *wdev,
13296 enum nl80211_commands cmd)
13297{
13298 struct sk_buff *msg;
13299
13300 WARN_ON(cmd != NL80211_CMD_NEW_INTERFACE &&
13301 cmd != NL80211_CMD_DEL_INTERFACE);
13302
13303 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
13304 if (!msg)
13305 return;
13306
13307 if (nl80211_send_iface(msg, 0, 0, 0, rdev, wdev,
13308 cmd == NL80211_CMD_DEL_INTERFACE) < 0) {
13309 nlmsg_free(msg);
13310 return;
13311 }
13312
13313 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
13314 NL80211_MCGRP_CONFIG, GFP_KERNEL);
13315}
13316
13317static int nl80211_add_scan_req(struct sk_buff *msg,
13318 struct cfg80211_registered_device *rdev)
13319{
13320 struct cfg80211_scan_request *req = rdev->scan_req;
13321 struct nlattr *nest;
13322 int i;
13323
13324 if (WARN_ON(!req))
13325 return 0;
13326
13327 nest = nla_nest_start(msg, NL80211_ATTR_SCAN_SSIDS);
13328 if (!nest)
13329 goto nla_put_failure;
13330 for (i = 0; i < req->n_ssids; i++) {
13331 if (nla_put(msg, i, req->ssids[i].ssid_len, req->ssids[i].ssid))
13332 goto nla_put_failure;
13333 }
13334 nla_nest_end(msg, nest);
13335
13336 nest = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQUENCIES);
13337 if (!nest)
13338 goto nla_put_failure;
13339 for (i = 0; i < req->n_channels; i++) {
13340 if (nla_put_u32(msg, i, req->channels[i]->center_freq))
13341 goto nla_put_failure;
13342 }
13343 nla_nest_end(msg, nest);
13344
13345 if (req->ie &&
13346 nla_put(msg, NL80211_ATTR_IE, req->ie_len, req->ie))
13347 goto nla_put_failure;
13348
13349 if (req->flags &&
13350 nla_put_u32(msg, NL80211_ATTR_SCAN_FLAGS, req->flags))
13351 goto nla_put_failure;
13352
13353 if (req->info.scan_start_tsf &&
13354 (nla_put_u64_64bit(msg, NL80211_ATTR_SCAN_START_TIME_TSF,
13355 req->info.scan_start_tsf, NL80211_BSS_PAD) ||
13356 nla_put(msg, NL80211_ATTR_SCAN_START_TIME_TSF_BSSID, ETH_ALEN,
13357 req->info.tsf_bssid)))
13358 goto nla_put_failure;
13359
13360 return 0;
13361 nla_put_failure:
13362 return -ENOBUFS;
13363}
13364
13365static int nl80211_prep_scan_msg(struct sk_buff *msg,
13366 struct cfg80211_registered_device *rdev,
13367 struct wireless_dev *wdev,
13368 u32 portid, u32 seq, int flags,
13369 u32 cmd)
13370{
13371 void *hdr;
13372
13373 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
13374 if (!hdr)
13375 return -1;
13376
13377 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
13378 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
13379 wdev->netdev->ifindex)) ||
13380 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
13381 NL80211_ATTR_PAD))
13382 goto nla_put_failure;
13383
13384
13385 nl80211_add_scan_req(msg, rdev);
13386
13387 genlmsg_end(msg, hdr);
13388 return 0;
13389
13390 nla_put_failure:
13391 genlmsg_cancel(msg, hdr);
13392 return -EMSGSIZE;
13393}
13394
13395static int
13396nl80211_prep_sched_scan_msg(struct sk_buff *msg,
13397 struct cfg80211_sched_scan_request *req, u32 cmd)
13398{
13399 void *hdr;
13400
13401 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
13402 if (!hdr)
13403 return -1;
13404
13405 if (nla_put_u32(msg, NL80211_ATTR_WIPHY,
13406 wiphy_to_rdev(req->wiphy)->wiphy_idx) ||
13407 nla_put_u32(msg, NL80211_ATTR_IFINDEX, req->dev->ifindex) ||
13408 nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, req->reqid,
13409 NL80211_ATTR_PAD))
13410 goto nla_put_failure;
13411
13412 genlmsg_end(msg, hdr);
13413 return 0;
13414
13415 nla_put_failure:
13416 genlmsg_cancel(msg, hdr);
13417 return -EMSGSIZE;
13418}
13419
13420void nl80211_send_scan_start(struct cfg80211_registered_device *rdev,
13421 struct wireless_dev *wdev)
13422{
13423 struct sk_buff *msg;
13424
13425 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
13426 if (!msg)
13427 return;
13428
13429 if (nl80211_prep_scan_msg(msg, rdev, wdev, 0, 0, 0,
13430 NL80211_CMD_TRIGGER_SCAN) < 0) {
13431 nlmsg_free(msg);
13432 return;
13433 }
13434
13435 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
13436 NL80211_MCGRP_SCAN, GFP_KERNEL);
13437}
13438
13439struct sk_buff *nl80211_build_scan_msg(struct cfg80211_registered_device *rdev,
13440 struct wireless_dev *wdev, bool aborted)
13441{
13442 struct sk_buff *msg;
13443
13444 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
13445 if (!msg)
13446 return NULL;
13447
13448 if (nl80211_prep_scan_msg(msg, rdev, wdev, 0, 0, 0,
13449 aborted ? NL80211_CMD_SCAN_ABORTED :
13450 NL80211_CMD_NEW_SCAN_RESULTS) < 0) {
13451 nlmsg_free(msg);
13452 return NULL;
13453 }
13454
13455 return msg;
13456}
13457
13458
13459void nl80211_send_scan_msg(struct cfg80211_registered_device *rdev,
13460 struct sk_buff *msg)
13461{
13462 if (!msg)
13463 return;
13464
13465 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
13466 NL80211_MCGRP_SCAN, GFP_KERNEL);
13467}
13468
13469void nl80211_send_sched_scan(struct cfg80211_sched_scan_request *req, u32 cmd)
13470{
13471 struct sk_buff *msg;
13472
13473 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
13474 if (!msg)
13475 return;
13476
13477 if (nl80211_prep_sched_scan_msg(msg, req, cmd) < 0) {
13478 nlmsg_free(msg);
13479 return;
13480 }
13481
13482 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(req->wiphy), msg, 0,
13483 NL80211_MCGRP_SCAN, GFP_KERNEL);
13484}
13485
13486static bool nl80211_reg_change_event_fill(struct sk_buff *msg,
13487 struct regulatory_request *request)
13488{
13489
13490 if (nla_put_u8(msg, NL80211_ATTR_REG_INITIATOR, request->initiator))
13491 goto nla_put_failure;
13492
13493 if (request->alpha2[0] == '0' && request->alpha2[1] == '0') {
13494 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
13495 NL80211_REGDOM_TYPE_WORLD))
13496 goto nla_put_failure;
13497 } else if (request->alpha2[0] == '9' && request->alpha2[1] == '9') {
13498 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
13499 NL80211_REGDOM_TYPE_CUSTOM_WORLD))
13500 goto nla_put_failure;
13501 } else if ((request->alpha2[0] == '9' && request->alpha2[1] == '8') ||
13502 request->intersect) {
13503 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
13504 NL80211_REGDOM_TYPE_INTERSECTION))
13505 goto nla_put_failure;
13506 } else {
13507 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
13508 NL80211_REGDOM_TYPE_COUNTRY) ||
13509 nla_put_string(msg, NL80211_ATTR_REG_ALPHA2,
13510 request->alpha2))
13511 goto nla_put_failure;
13512 }
13513
13514 if (request->wiphy_idx != WIPHY_IDX_INVALID) {
13515 struct wiphy *wiphy = wiphy_idx_to_wiphy(request->wiphy_idx);
13516
13517 if (wiphy &&
13518 nla_put_u32(msg, NL80211_ATTR_WIPHY, request->wiphy_idx))
13519 goto nla_put_failure;
13520
13521 if (wiphy &&
13522 wiphy->regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
13523 nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
13524 goto nla_put_failure;
13525 }
13526
13527 return true;
13528
13529nla_put_failure:
13530 return false;
13531}
13532
13533
13534
13535
13536
13537void nl80211_common_reg_change_event(enum nl80211_commands cmd_id,
13538 struct regulatory_request *request)
13539{
13540 struct sk_buff *msg;
13541 void *hdr;
13542
13543 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
13544 if (!msg)
13545 return;
13546
13547 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd_id);
13548 if (!hdr) {
13549 nlmsg_free(msg);
13550 return;
13551 }
13552
13553 if (nl80211_reg_change_event_fill(msg, request) == false)
13554 goto nla_put_failure;
13555
13556 genlmsg_end(msg, hdr);
13557
13558 rcu_read_lock();
13559 genlmsg_multicast_allns(&nl80211_fam, msg, 0,
13560 NL80211_MCGRP_REGULATORY, GFP_ATOMIC);
13561 rcu_read_unlock();
13562
13563 return;
13564
13565nla_put_failure:
13566 genlmsg_cancel(msg, hdr);
13567 nlmsg_free(msg);
13568}
13569
13570static void nl80211_send_mlme_event(struct cfg80211_registered_device *rdev,
13571 struct net_device *netdev,
13572 const u8 *buf, size_t len,
13573 enum nl80211_commands cmd, gfp_t gfp,
13574 int uapsd_queues)
13575{
13576 struct sk_buff *msg;
13577 void *hdr;
13578
13579 msg = nlmsg_new(100 + len, gfp);
13580 if (!msg)
13581 return;
13582
13583 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
13584 if (!hdr) {
13585 nlmsg_free(msg);
13586 return;
13587 }
13588
13589 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
13590 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
13591 nla_put(msg, NL80211_ATTR_FRAME, len, buf))
13592 goto nla_put_failure;
13593
13594 if (uapsd_queues >= 0) {
13595 struct nlattr *nla_wmm =
13596 nla_nest_start(msg, NL80211_ATTR_STA_WME);
13597 if (!nla_wmm)
13598 goto nla_put_failure;
13599
13600 if (nla_put_u8(msg, NL80211_STA_WME_UAPSD_QUEUES,
13601 uapsd_queues))
13602 goto nla_put_failure;
13603
13604 nla_nest_end(msg, nla_wmm);
13605 }
13606
13607 genlmsg_end(msg, hdr);
13608
13609 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
13610 NL80211_MCGRP_MLME, gfp);
13611 return;
13612
13613 nla_put_failure:
13614 genlmsg_cancel(msg, hdr);
13615 nlmsg_free(msg);
13616}
13617
13618void nl80211_send_rx_auth(struct cfg80211_registered_device *rdev,
13619 struct net_device *netdev, const u8 *buf,
13620 size_t len, gfp_t gfp)
13621{
13622 nl80211_send_mlme_event(rdev, netdev, buf, len,
13623 NL80211_CMD_AUTHENTICATE, gfp, -1);
13624}
13625
13626void nl80211_send_rx_assoc(struct cfg80211_registered_device *rdev,
13627 struct net_device *netdev, const u8 *buf,
13628 size_t len, gfp_t gfp, int uapsd_queues)
13629{
13630 nl80211_send_mlme_event(rdev, netdev, buf, len,
13631 NL80211_CMD_ASSOCIATE, gfp, uapsd_queues);
13632}
13633
13634void nl80211_send_deauth(struct cfg80211_registered_device *rdev,
13635 struct net_device *netdev, const u8 *buf,
13636 size_t len, gfp_t gfp)
13637{
13638 nl80211_send_mlme_event(rdev, netdev, buf, len,
13639 NL80211_CMD_DEAUTHENTICATE, gfp, -1);
13640}
13641
13642void nl80211_send_disassoc(struct cfg80211_registered_device *rdev,
13643 struct net_device *netdev, const u8 *buf,
13644 size_t len, gfp_t gfp)
13645{
13646 nl80211_send_mlme_event(rdev, netdev, buf, len,
13647 NL80211_CMD_DISASSOCIATE, gfp, -1);
13648}
13649
13650void cfg80211_rx_unprot_mlme_mgmt(struct net_device *dev, const u8 *buf,
13651 size_t len)
13652{
13653 struct wireless_dev *wdev = dev->ieee80211_ptr;
13654 struct wiphy *wiphy = wdev->wiphy;
13655 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
13656 const struct ieee80211_mgmt *mgmt = (void *)buf;
13657 u32 cmd;
13658
13659 if (WARN_ON(len < 2))
13660 return;
13661
13662 if (ieee80211_is_deauth(mgmt->frame_control))
13663 cmd = NL80211_CMD_UNPROT_DEAUTHENTICATE;
13664 else
13665 cmd = NL80211_CMD_UNPROT_DISASSOCIATE;
13666
13667 trace_cfg80211_rx_unprot_mlme_mgmt(dev, buf, len);
13668 nl80211_send_mlme_event(rdev, dev, buf, len, cmd, GFP_ATOMIC, -1);
13669}
13670EXPORT_SYMBOL(cfg80211_rx_unprot_mlme_mgmt);
13671
13672static void nl80211_send_mlme_timeout(struct cfg80211_registered_device *rdev,
13673 struct net_device *netdev, int cmd,
13674 const u8 *addr, gfp_t gfp)
13675{
13676 struct sk_buff *msg;
13677 void *hdr;
13678
13679 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
13680 if (!msg)
13681 return;
13682
13683 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
13684 if (!hdr) {
13685 nlmsg_free(msg);
13686 return;
13687 }
13688
13689 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
13690 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
13691 nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) ||
13692 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
13693 goto nla_put_failure;
13694
13695 genlmsg_end(msg, hdr);
13696
13697 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
13698 NL80211_MCGRP_MLME, gfp);
13699 return;
13700
13701 nla_put_failure:
13702 genlmsg_cancel(msg, hdr);
13703 nlmsg_free(msg);
13704}
13705
13706void nl80211_send_auth_timeout(struct cfg80211_registered_device *rdev,
13707 struct net_device *netdev, const u8 *addr,
13708 gfp_t gfp)
13709{
13710 nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_AUTHENTICATE,
13711 addr, gfp);
13712}
13713
13714void nl80211_send_assoc_timeout(struct cfg80211_registered_device *rdev,
13715 struct net_device *netdev, const u8 *addr,
13716 gfp_t gfp)
13717{
13718 nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_ASSOCIATE,
13719 addr, gfp);
13720}
13721
13722void nl80211_send_connect_result(struct cfg80211_registered_device *rdev,
13723 struct net_device *netdev,
13724 struct cfg80211_connect_resp_params *cr,
13725 gfp_t gfp)
13726{
13727 struct sk_buff *msg;
13728 void *hdr;
13729
13730 msg = nlmsg_new(100 + cr->req_ie_len + cr->resp_ie_len +
13731 cr->fils_kek_len + cr->pmk_len +
13732 (cr->pmkid ? WLAN_PMKID_LEN : 0), gfp);
13733 if (!msg)
13734 return;
13735
13736 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONNECT);
13737 if (!hdr) {
13738 nlmsg_free(msg);
13739 return;
13740 }
13741
13742 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
13743 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
13744 (cr->bssid &&
13745 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, cr->bssid)) ||
13746 nla_put_u16(msg, NL80211_ATTR_STATUS_CODE,
13747 cr->status < 0 ? WLAN_STATUS_UNSPECIFIED_FAILURE :
13748 cr->status) ||
13749 (cr->status < 0 &&
13750 (nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) ||
13751 nla_put_u32(msg, NL80211_ATTR_TIMEOUT_REASON,
13752 cr->timeout_reason))) ||
13753 (cr->req_ie &&
13754 nla_put(msg, NL80211_ATTR_REQ_IE, cr->req_ie_len, cr->req_ie)) ||
13755 (cr->resp_ie &&
13756 nla_put(msg, NL80211_ATTR_RESP_IE, cr->resp_ie_len,
13757 cr->resp_ie)) ||
13758 (cr->update_erp_next_seq_num &&
13759 nla_put_u16(msg, NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM,
13760 cr->fils_erp_next_seq_num)) ||
13761 (cr->status == WLAN_STATUS_SUCCESS &&
13762 ((cr->fils_kek &&
13763 nla_put(msg, NL80211_ATTR_FILS_KEK, cr->fils_kek_len,
13764 cr->fils_kek)) ||
13765 (cr->pmk &&
13766 nla_put(msg, NL80211_ATTR_PMK, cr->pmk_len, cr->pmk)) ||
13767 (cr->pmkid &&
13768 nla_put(msg, NL80211_ATTR_PMKID, WLAN_PMKID_LEN, cr->pmkid)))))
13769 goto nla_put_failure;
13770
13771 genlmsg_end(msg, hdr);
13772
13773 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
13774 NL80211_MCGRP_MLME, gfp);
13775 return;
13776
13777 nla_put_failure:
13778 genlmsg_cancel(msg, hdr);
13779 nlmsg_free(msg);
13780}
13781
13782void nl80211_send_roamed(struct cfg80211_registered_device *rdev,
13783 struct net_device *netdev,
13784 struct cfg80211_roam_info *info, gfp_t gfp)
13785{
13786 struct sk_buff *msg;
13787 void *hdr;
13788 const u8 *bssid = info->bss ? info->bss->bssid : info->bssid;
13789
13790 msg = nlmsg_new(100 + info->req_ie_len + info->resp_ie_len, gfp);
13791 if (!msg)
13792 return;
13793
13794 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ROAM);
13795 if (!hdr) {
13796 nlmsg_free(msg);
13797 return;
13798 }
13799
13800 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
13801 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
13802 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid) ||
13803 (info->req_ie &&
13804 nla_put(msg, NL80211_ATTR_REQ_IE, info->req_ie_len,
13805 info->req_ie)) ||
13806 (info->resp_ie &&
13807 nla_put(msg, NL80211_ATTR_RESP_IE, info->resp_ie_len,
13808 info->resp_ie)) ||
13809 (info->authorized &&
13810 nla_put_flag(msg, NL80211_ATTR_PORT_AUTHORIZED)))
13811 goto nla_put_failure;
13812
13813 genlmsg_end(msg, hdr);
13814
13815 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
13816 NL80211_MCGRP_MLME, gfp);
13817 return;
13818
13819 nla_put_failure:
13820 genlmsg_cancel(msg, hdr);
13821 nlmsg_free(msg);
13822}
13823
13824void nl80211_send_disconnected(struct cfg80211_registered_device *rdev,
13825 struct net_device *netdev, u16 reason,
13826 const u8 *ie, size_t ie_len, bool from_ap)
13827{
13828 struct sk_buff *msg;
13829 void *hdr;
13830
13831 msg = nlmsg_new(100 + ie_len, GFP_KERNEL);
13832 if (!msg)
13833 return;
13834
13835 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DISCONNECT);
13836 if (!hdr) {
13837 nlmsg_free(msg);
13838 return;
13839 }
13840
13841 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
13842 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
13843 (from_ap && reason &&
13844 nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason)) ||
13845 (from_ap &&
13846 nla_put_flag(msg, NL80211_ATTR_DISCONNECTED_BY_AP)) ||
13847 (ie && nla_put(msg, NL80211_ATTR_IE, ie_len, ie)))
13848 goto nla_put_failure;
13849
13850 genlmsg_end(msg, hdr);
13851
13852 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
13853 NL80211_MCGRP_MLME, GFP_KERNEL);
13854 return;
13855
13856 nla_put_failure:
13857 genlmsg_cancel(msg, hdr);
13858 nlmsg_free(msg);
13859}
13860
13861void nl80211_send_ibss_bssid(struct cfg80211_registered_device *rdev,
13862 struct net_device *netdev, const u8 *bssid,
13863 gfp_t gfp)
13864{
13865 struct sk_buff *msg;
13866 void *hdr;
13867
13868 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
13869 if (!msg)
13870 return;
13871
13872 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_JOIN_IBSS);
13873 if (!hdr) {
13874 nlmsg_free(msg);
13875 return;
13876 }
13877
13878 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
13879 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
13880 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
13881 goto nla_put_failure;
13882
13883 genlmsg_end(msg, hdr);
13884
13885 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
13886 NL80211_MCGRP_MLME, gfp);
13887 return;
13888
13889 nla_put_failure:
13890 genlmsg_cancel(msg, hdr);
13891 nlmsg_free(msg);
13892}
13893
13894void cfg80211_notify_new_peer_candidate(struct net_device *dev, const u8 *addr,
13895 const u8* ie, u8 ie_len, gfp_t gfp)
13896{
13897 struct wireless_dev *wdev = dev->ieee80211_ptr;
13898 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
13899 struct sk_buff *msg;
13900 void *hdr;
13901
13902 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_MESH_POINT))
13903 return;
13904
13905 trace_cfg80211_notify_new_peer_candidate(dev, addr);
13906
13907 msg = nlmsg_new(100 + ie_len, gfp);
13908 if (!msg)
13909 return;
13910
13911 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NEW_PEER_CANDIDATE);
13912 if (!hdr) {
13913 nlmsg_free(msg);
13914 return;
13915 }
13916
13917 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
13918 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
13919 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
13920 (ie_len && ie &&
13921 nla_put(msg, NL80211_ATTR_IE, ie_len , ie)))
13922 goto nla_put_failure;
13923
13924 genlmsg_end(msg, hdr);
13925
13926 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
13927 NL80211_MCGRP_MLME, gfp);
13928 return;
13929
13930 nla_put_failure:
13931 genlmsg_cancel(msg, hdr);
13932 nlmsg_free(msg);
13933}
13934EXPORT_SYMBOL(cfg80211_notify_new_peer_candidate);
13935
13936void nl80211_michael_mic_failure(struct cfg80211_registered_device *rdev,
13937 struct net_device *netdev, const u8 *addr,
13938 enum nl80211_key_type key_type, int key_id,
13939 const u8 *tsc, gfp_t gfp)
13940{
13941 struct sk_buff *msg;
13942 void *hdr;
13943
13944 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
13945 if (!msg)
13946 return;
13947
13948 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_MICHAEL_MIC_FAILURE);
13949 if (!hdr) {
13950 nlmsg_free(msg);
13951 return;
13952 }
13953
13954 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
13955 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
13956 (addr && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) ||
13957 nla_put_u32(msg, NL80211_ATTR_KEY_TYPE, key_type) ||
13958 (key_id != -1 &&
13959 nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_id)) ||
13960 (tsc && nla_put(msg, NL80211_ATTR_KEY_SEQ, 6, tsc)))
13961 goto nla_put_failure;
13962
13963 genlmsg_end(msg, hdr);
13964
13965 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
13966 NL80211_MCGRP_MLME, gfp);
13967 return;
13968
13969 nla_put_failure:
13970 genlmsg_cancel(msg, hdr);
13971 nlmsg_free(msg);
13972}
13973
13974void nl80211_send_beacon_hint_event(struct wiphy *wiphy,
13975 struct ieee80211_channel *channel_before,
13976 struct ieee80211_channel *channel_after)
13977{
13978 struct sk_buff *msg;
13979 void *hdr;
13980 struct nlattr *nl_freq;
13981
13982 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC);
13983 if (!msg)
13984 return;
13985
13986 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_BEACON_HINT);
13987 if (!hdr) {
13988 nlmsg_free(msg);
13989 return;
13990 }
13991
13992
13993
13994
13995
13996 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
13997 goto nla_put_failure;
13998
13999
14000 nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_BEFORE);
14001 if (!nl_freq)
14002 goto nla_put_failure;
14003 if (nl80211_msg_put_channel(msg, channel_before, false))
14004 goto nla_put_failure;
14005 nla_nest_end(msg, nl_freq);
14006
14007
14008 nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_AFTER);
14009 if (!nl_freq)
14010 goto nla_put_failure;
14011 if (nl80211_msg_put_channel(msg, channel_after, false))
14012 goto nla_put_failure;
14013 nla_nest_end(msg, nl_freq);
14014
14015 genlmsg_end(msg, hdr);
14016
14017 rcu_read_lock();
14018 genlmsg_multicast_allns(&nl80211_fam, msg, 0,
14019 NL80211_MCGRP_REGULATORY, GFP_ATOMIC);
14020 rcu_read_unlock();
14021
14022 return;
14023
14024nla_put_failure:
14025 genlmsg_cancel(msg, hdr);
14026 nlmsg_free(msg);
14027}
14028
14029static void nl80211_send_remain_on_chan_event(
14030 int cmd, struct cfg80211_registered_device *rdev,
14031 struct wireless_dev *wdev, u64 cookie,
14032 struct ieee80211_channel *chan,
14033 unsigned int duration, gfp_t gfp)
14034{
14035 struct sk_buff *msg;
14036 void *hdr;
14037
14038 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
14039 if (!msg)
14040 return;
14041
14042 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
14043 if (!hdr) {
14044 nlmsg_free(msg);
14045 return;
14046 }
14047
14048 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14049 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
14050 wdev->netdev->ifindex)) ||
14051 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
14052 NL80211_ATTR_PAD) ||
14053 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, chan->center_freq) ||
14054 nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
14055 NL80211_CHAN_NO_HT) ||
14056 nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
14057 NL80211_ATTR_PAD))
14058 goto nla_put_failure;
14059
14060 if (cmd == NL80211_CMD_REMAIN_ON_CHANNEL &&
14061 nla_put_u32(msg, NL80211_ATTR_DURATION, duration))
14062 goto nla_put_failure;
14063
14064 genlmsg_end(msg, hdr);
14065
14066 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14067 NL80211_MCGRP_MLME, gfp);
14068 return;
14069
14070 nla_put_failure:
14071 genlmsg_cancel(msg, hdr);
14072 nlmsg_free(msg);
14073}
14074
14075void cfg80211_ready_on_channel(struct wireless_dev *wdev, u64 cookie,
14076 struct ieee80211_channel *chan,
14077 unsigned int duration, gfp_t gfp)
14078{
14079 struct wiphy *wiphy = wdev->wiphy;
14080 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
14081
14082 trace_cfg80211_ready_on_channel(wdev, cookie, chan, duration);
14083 nl80211_send_remain_on_chan_event(NL80211_CMD_REMAIN_ON_CHANNEL,
14084 rdev, wdev, cookie, chan,
14085 duration, gfp);
14086}
14087EXPORT_SYMBOL(cfg80211_ready_on_channel);
14088
14089void cfg80211_remain_on_channel_expired(struct wireless_dev *wdev, u64 cookie,
14090 struct ieee80211_channel *chan,
14091 gfp_t gfp)
14092{
14093 struct wiphy *wiphy = wdev->wiphy;
14094 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
14095
14096 trace_cfg80211_ready_on_channel_expired(wdev, cookie, chan);
14097 nl80211_send_remain_on_chan_event(NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
14098 rdev, wdev, cookie, chan, 0, gfp);
14099}
14100EXPORT_SYMBOL(cfg80211_remain_on_channel_expired);
14101
14102void cfg80211_new_sta(struct net_device *dev, const u8 *mac_addr,
14103 struct station_info *sinfo, gfp_t gfp)
14104{
14105 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
14106 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
14107 struct sk_buff *msg;
14108
14109 trace_cfg80211_new_sta(dev, mac_addr, sinfo);
14110
14111 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
14112 if (!msg)
14113 return;
14114
14115 if (nl80211_send_station(msg, NL80211_CMD_NEW_STATION, 0, 0, 0,
14116 rdev, dev, mac_addr, sinfo) < 0) {
14117 nlmsg_free(msg);
14118 return;
14119 }
14120
14121 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14122 NL80211_MCGRP_MLME, gfp);
14123}
14124EXPORT_SYMBOL(cfg80211_new_sta);
14125
14126void cfg80211_del_sta_sinfo(struct net_device *dev, const u8 *mac_addr,
14127 struct station_info *sinfo, gfp_t gfp)
14128{
14129 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
14130 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
14131 struct sk_buff *msg;
14132 struct station_info empty_sinfo = {};
14133
14134 if (!sinfo)
14135 sinfo = &empty_sinfo;
14136
14137 trace_cfg80211_del_sta(dev, mac_addr);
14138
14139 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
14140 if (!msg)
14141 return;
14142
14143 if (nl80211_send_station(msg, NL80211_CMD_DEL_STATION, 0, 0, 0,
14144 rdev, dev, mac_addr, sinfo) < 0) {
14145 nlmsg_free(msg);
14146 return;
14147 }
14148
14149 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14150 NL80211_MCGRP_MLME, gfp);
14151}
14152EXPORT_SYMBOL(cfg80211_del_sta_sinfo);
14153
14154void cfg80211_conn_failed(struct net_device *dev, const u8 *mac_addr,
14155 enum nl80211_connect_failed_reason reason,
14156 gfp_t gfp)
14157{
14158 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
14159 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
14160 struct sk_buff *msg;
14161 void *hdr;
14162
14163 msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
14164 if (!msg)
14165 return;
14166
14167 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONN_FAILED);
14168 if (!hdr) {
14169 nlmsg_free(msg);
14170 return;
14171 }
14172
14173 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
14174 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
14175 nla_put_u32(msg, NL80211_ATTR_CONN_FAILED_REASON, reason))
14176 goto nla_put_failure;
14177
14178 genlmsg_end(msg, hdr);
14179
14180 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14181 NL80211_MCGRP_MLME, gfp);
14182 return;
14183
14184 nla_put_failure:
14185 genlmsg_cancel(msg, hdr);
14186 nlmsg_free(msg);
14187}
14188EXPORT_SYMBOL(cfg80211_conn_failed);
14189
14190static bool __nl80211_unexpected_frame(struct net_device *dev, u8 cmd,
14191 const u8 *addr, gfp_t gfp)
14192{
14193 struct wireless_dev *wdev = dev->ieee80211_ptr;
14194 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
14195 struct sk_buff *msg;
14196 void *hdr;
14197 u32 nlportid = ACCESS_ONCE(wdev->ap_unexpected_nlportid);
14198
14199 if (!nlportid)
14200 return false;
14201
14202 msg = nlmsg_new(100, gfp);
14203 if (!msg)
14204 return true;
14205
14206 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
14207 if (!hdr) {
14208 nlmsg_free(msg);
14209 return true;
14210 }
14211
14212 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14213 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
14214 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
14215 goto nla_put_failure;
14216
14217 genlmsg_end(msg, hdr);
14218 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
14219 return true;
14220
14221 nla_put_failure:
14222 genlmsg_cancel(msg, hdr);
14223 nlmsg_free(msg);
14224 return true;
14225}
14226
14227bool cfg80211_rx_spurious_frame(struct net_device *dev,
14228 const u8 *addr, gfp_t gfp)
14229{
14230 struct wireless_dev *wdev = dev->ieee80211_ptr;
14231 bool ret;
14232
14233 trace_cfg80211_rx_spurious_frame(dev, addr);
14234
14235 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
14236 wdev->iftype != NL80211_IFTYPE_P2P_GO)) {
14237 trace_cfg80211_return_bool(false);
14238 return false;
14239 }
14240 ret = __nl80211_unexpected_frame(dev, NL80211_CMD_UNEXPECTED_FRAME,
14241 addr, gfp);
14242 trace_cfg80211_return_bool(ret);
14243 return ret;
14244}
14245EXPORT_SYMBOL(cfg80211_rx_spurious_frame);
14246
14247bool cfg80211_rx_unexpected_4addr_frame(struct net_device *dev,
14248 const u8 *addr, gfp_t gfp)
14249{
14250 struct wireless_dev *wdev = dev->ieee80211_ptr;
14251 bool ret;
14252
14253 trace_cfg80211_rx_unexpected_4addr_frame(dev, addr);
14254
14255 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
14256 wdev->iftype != NL80211_IFTYPE_P2P_GO &&
14257 wdev->iftype != NL80211_IFTYPE_AP_VLAN)) {
14258 trace_cfg80211_return_bool(false);
14259 return false;
14260 }
14261 ret = __nl80211_unexpected_frame(dev,
14262 NL80211_CMD_UNEXPECTED_4ADDR_FRAME,
14263 addr, gfp);
14264 trace_cfg80211_return_bool(ret);
14265 return ret;
14266}
14267EXPORT_SYMBOL(cfg80211_rx_unexpected_4addr_frame);
14268
14269int nl80211_send_mgmt(struct cfg80211_registered_device *rdev,
14270 struct wireless_dev *wdev, u32 nlportid,
14271 int freq, int sig_dbm,
14272 const u8 *buf, size_t len, u32 flags, gfp_t gfp)
14273{
14274 struct net_device *netdev = wdev->netdev;
14275 struct sk_buff *msg;
14276 void *hdr;
14277
14278 msg = nlmsg_new(100 + len, gfp);
14279 if (!msg)
14280 return -ENOMEM;
14281
14282 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
14283 if (!hdr) {
14284 nlmsg_free(msg);
14285 return -ENOMEM;
14286 }
14287
14288 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14289 (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
14290 netdev->ifindex)) ||
14291 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
14292 NL80211_ATTR_PAD) ||
14293 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq) ||
14294 (sig_dbm &&
14295 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) ||
14296 nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
14297 (flags &&
14298 nla_put_u32(msg, NL80211_ATTR_RXMGMT_FLAGS, flags)))
14299 goto nla_put_failure;
14300
14301 genlmsg_end(msg, hdr);
14302
14303 return genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
14304
14305 nla_put_failure:
14306 genlmsg_cancel(msg, hdr);
14307 nlmsg_free(msg);
14308 return -ENOBUFS;
14309}
14310
14311void cfg80211_mgmt_tx_status(struct wireless_dev *wdev, u64 cookie,
14312 const u8 *buf, size_t len, bool ack, gfp_t gfp)
14313{
14314 struct wiphy *wiphy = wdev->wiphy;
14315 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
14316 struct net_device *netdev = wdev->netdev;
14317 struct sk_buff *msg;
14318 void *hdr;
14319
14320 trace_cfg80211_mgmt_tx_status(wdev, cookie, ack);
14321
14322 msg = nlmsg_new(100 + len, gfp);
14323 if (!msg)
14324 return;
14325
14326 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME_TX_STATUS);
14327 if (!hdr) {
14328 nlmsg_free(msg);
14329 return;
14330 }
14331
14332 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14333 (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
14334 netdev->ifindex)) ||
14335 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
14336 NL80211_ATTR_PAD) ||
14337 nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
14338 nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
14339 NL80211_ATTR_PAD) ||
14340 (ack && nla_put_flag(msg, NL80211_ATTR_ACK)))
14341 goto nla_put_failure;
14342
14343 genlmsg_end(msg, hdr);
14344
14345 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14346 NL80211_MCGRP_MLME, gfp);
14347 return;
14348
14349 nla_put_failure:
14350 genlmsg_cancel(msg, hdr);
14351 nlmsg_free(msg);
14352}
14353EXPORT_SYMBOL(cfg80211_mgmt_tx_status);
14354
14355static struct sk_buff *cfg80211_prepare_cqm(struct net_device *dev,
14356 const char *mac, gfp_t gfp)
14357{
14358 struct wireless_dev *wdev = dev->ieee80211_ptr;
14359 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
14360 struct sk_buff *msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
14361 void **cb;
14362
14363 if (!msg)
14364 return NULL;
14365
14366 cb = (void **)msg->cb;
14367
14368 cb[0] = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM);
14369 if (!cb[0]) {
14370 nlmsg_free(msg);
14371 return NULL;
14372 }
14373
14374 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14375 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
14376 goto nla_put_failure;
14377
14378 if (mac && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac))
14379 goto nla_put_failure;
14380
14381 cb[1] = nla_nest_start(msg, NL80211_ATTR_CQM);
14382 if (!cb[1])
14383 goto nla_put_failure;
14384
14385 cb[2] = rdev;
14386
14387 return msg;
14388 nla_put_failure:
14389 nlmsg_free(msg);
14390 return NULL;
14391}
14392
14393static void cfg80211_send_cqm(struct sk_buff *msg, gfp_t gfp)
14394{
14395 void **cb = (void **)msg->cb;
14396 struct cfg80211_registered_device *rdev = cb[2];
14397
14398 nla_nest_end(msg, cb[1]);
14399 genlmsg_end(msg, cb[0]);
14400
14401 memset(msg->cb, 0, sizeof(msg->cb));
14402
14403 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14404 NL80211_MCGRP_MLME, gfp);
14405}
14406
14407void cfg80211_cqm_rssi_notify(struct net_device *dev,
14408 enum nl80211_cqm_rssi_threshold_event rssi_event,
14409 s32 rssi_level, gfp_t gfp)
14410{
14411 struct sk_buff *msg;
14412 struct wireless_dev *wdev = dev->ieee80211_ptr;
14413 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
14414
14415 trace_cfg80211_cqm_rssi_notify(dev, rssi_event, rssi_level);
14416
14417 if (WARN_ON(rssi_event != NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW &&
14418 rssi_event != NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH))
14419 return;
14420
14421 if (wdev->cqm_config) {
14422 wdev->cqm_config->last_rssi_event_value = rssi_level;
14423
14424 cfg80211_cqm_rssi_update(rdev, dev);
14425
14426 if (rssi_level == 0)
14427 rssi_level = wdev->cqm_config->last_rssi_event_value;
14428 }
14429
14430 msg = cfg80211_prepare_cqm(dev, NULL, gfp);
14431 if (!msg)
14432 return;
14433
14434 if (nla_put_u32(msg, NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT,
14435 rssi_event))
14436 goto nla_put_failure;
14437
14438 if (rssi_level && nla_put_s32(msg, NL80211_ATTR_CQM_RSSI_LEVEL,
14439 rssi_level))
14440 goto nla_put_failure;
14441
14442 cfg80211_send_cqm(msg, gfp);
14443
14444 return;
14445
14446 nla_put_failure:
14447 nlmsg_free(msg);
14448}
14449EXPORT_SYMBOL(cfg80211_cqm_rssi_notify);
14450
14451void cfg80211_cqm_txe_notify(struct net_device *dev,
14452 const u8 *peer, u32 num_packets,
14453 u32 rate, u32 intvl, gfp_t gfp)
14454{
14455 struct sk_buff *msg;
14456
14457 msg = cfg80211_prepare_cqm(dev, peer, gfp);
14458 if (!msg)
14459 return;
14460
14461 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_PKTS, num_packets))
14462 goto nla_put_failure;
14463
14464 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_RATE, rate))
14465 goto nla_put_failure;
14466
14467 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_INTVL, intvl))
14468 goto nla_put_failure;
14469
14470 cfg80211_send_cqm(msg, gfp);
14471 return;
14472
14473 nla_put_failure:
14474 nlmsg_free(msg);
14475}
14476EXPORT_SYMBOL(cfg80211_cqm_txe_notify);
14477
14478void cfg80211_cqm_pktloss_notify(struct net_device *dev,
14479 const u8 *peer, u32 num_packets, gfp_t gfp)
14480{
14481 struct sk_buff *msg;
14482
14483 trace_cfg80211_cqm_pktloss_notify(dev, peer, num_packets);
14484
14485 msg = cfg80211_prepare_cqm(dev, peer, gfp);
14486 if (!msg)
14487 return;
14488
14489 if (nla_put_u32(msg, NL80211_ATTR_CQM_PKT_LOSS_EVENT, num_packets))
14490 goto nla_put_failure;
14491
14492 cfg80211_send_cqm(msg, gfp);
14493 return;
14494
14495 nla_put_failure:
14496 nlmsg_free(msg);
14497}
14498EXPORT_SYMBOL(cfg80211_cqm_pktloss_notify);
14499
14500void cfg80211_cqm_beacon_loss_notify(struct net_device *dev, gfp_t gfp)
14501{
14502 struct sk_buff *msg;
14503
14504 msg = cfg80211_prepare_cqm(dev, NULL, gfp);
14505 if (!msg)
14506 return;
14507
14508 if (nla_put_flag(msg, NL80211_ATTR_CQM_BEACON_LOSS_EVENT))
14509 goto nla_put_failure;
14510
14511 cfg80211_send_cqm(msg, gfp);
14512 return;
14513
14514 nla_put_failure:
14515 nlmsg_free(msg);
14516}
14517EXPORT_SYMBOL(cfg80211_cqm_beacon_loss_notify);
14518
14519static void nl80211_gtk_rekey_notify(struct cfg80211_registered_device *rdev,
14520 struct net_device *netdev, const u8 *bssid,
14521 const u8 *replay_ctr, gfp_t gfp)
14522{
14523 struct sk_buff *msg;
14524 struct nlattr *rekey_attr;
14525 void *hdr;
14526
14527 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
14528 if (!msg)
14529 return;
14530
14531 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_REKEY_OFFLOAD);
14532 if (!hdr) {
14533 nlmsg_free(msg);
14534 return;
14535 }
14536
14537 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14538 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
14539 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
14540 goto nla_put_failure;
14541
14542 rekey_attr = nla_nest_start(msg, NL80211_ATTR_REKEY_DATA);
14543 if (!rekey_attr)
14544 goto nla_put_failure;
14545
14546 if (nla_put(msg, NL80211_REKEY_DATA_REPLAY_CTR,
14547 NL80211_REPLAY_CTR_LEN, replay_ctr))
14548 goto nla_put_failure;
14549
14550 nla_nest_end(msg, rekey_attr);
14551
14552 genlmsg_end(msg, hdr);
14553
14554 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14555 NL80211_MCGRP_MLME, gfp);
14556 return;
14557
14558 nla_put_failure:
14559 genlmsg_cancel(msg, hdr);
14560 nlmsg_free(msg);
14561}
14562
14563void cfg80211_gtk_rekey_notify(struct net_device *dev, const u8 *bssid,
14564 const u8 *replay_ctr, gfp_t gfp)
14565{
14566 struct wireless_dev *wdev = dev->ieee80211_ptr;
14567 struct wiphy *wiphy = wdev->wiphy;
14568 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
14569
14570 trace_cfg80211_gtk_rekey_notify(dev, bssid);
14571 nl80211_gtk_rekey_notify(rdev, dev, bssid, replay_ctr, gfp);
14572}
14573EXPORT_SYMBOL(cfg80211_gtk_rekey_notify);
14574
14575static void
14576nl80211_pmksa_candidate_notify(struct cfg80211_registered_device *rdev,
14577 struct net_device *netdev, int index,
14578 const u8 *bssid, bool preauth, gfp_t gfp)
14579{
14580 struct sk_buff *msg;
14581 struct nlattr *attr;
14582 void *hdr;
14583
14584 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
14585 if (!msg)
14586 return;
14587
14588 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PMKSA_CANDIDATE);
14589 if (!hdr) {
14590 nlmsg_free(msg);
14591 return;
14592 }
14593
14594 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14595 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
14596 goto nla_put_failure;
14597
14598 attr = nla_nest_start(msg, NL80211_ATTR_PMKSA_CANDIDATE);
14599 if (!attr)
14600 goto nla_put_failure;
14601
14602 if (nla_put_u32(msg, NL80211_PMKSA_CANDIDATE_INDEX, index) ||
14603 nla_put(msg, NL80211_PMKSA_CANDIDATE_BSSID, ETH_ALEN, bssid) ||
14604 (preauth &&
14605 nla_put_flag(msg, NL80211_PMKSA_CANDIDATE_PREAUTH)))
14606 goto nla_put_failure;
14607
14608 nla_nest_end(msg, attr);
14609
14610 genlmsg_end(msg, hdr);
14611
14612 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14613 NL80211_MCGRP_MLME, gfp);
14614 return;
14615
14616 nla_put_failure:
14617 genlmsg_cancel(msg, hdr);
14618 nlmsg_free(msg);
14619}
14620
14621void cfg80211_pmksa_candidate_notify(struct net_device *dev, int index,
14622 const u8 *bssid, bool preauth, gfp_t gfp)
14623{
14624 struct wireless_dev *wdev = dev->ieee80211_ptr;
14625 struct wiphy *wiphy = wdev->wiphy;
14626 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
14627
14628 trace_cfg80211_pmksa_candidate_notify(dev, index, bssid, preauth);
14629 nl80211_pmksa_candidate_notify(rdev, dev, index, bssid, preauth, gfp);
14630}
14631EXPORT_SYMBOL(cfg80211_pmksa_candidate_notify);
14632
14633static void nl80211_ch_switch_notify(struct cfg80211_registered_device *rdev,
14634 struct net_device *netdev,
14635 struct cfg80211_chan_def *chandef,
14636 gfp_t gfp,
14637 enum nl80211_commands notif,
14638 u8 count)
14639{
14640 struct sk_buff *msg;
14641 void *hdr;
14642
14643 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
14644 if (!msg)
14645 return;
14646
14647 hdr = nl80211hdr_put(msg, 0, 0, 0, notif);
14648 if (!hdr) {
14649 nlmsg_free(msg);
14650 return;
14651 }
14652
14653 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
14654 goto nla_put_failure;
14655
14656 if (nl80211_send_chandef(msg, chandef))
14657 goto nla_put_failure;
14658
14659 if ((notif == NL80211_CMD_CH_SWITCH_STARTED_NOTIFY) &&
14660 (nla_put_u32(msg, NL80211_ATTR_CH_SWITCH_COUNT, count)))
14661 goto nla_put_failure;
14662
14663 genlmsg_end(msg, hdr);
14664
14665 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14666 NL80211_MCGRP_MLME, gfp);
14667 return;
14668
14669 nla_put_failure:
14670 genlmsg_cancel(msg, hdr);
14671 nlmsg_free(msg);
14672}
14673
14674void cfg80211_ch_switch_notify(struct net_device *dev,
14675 struct cfg80211_chan_def *chandef)
14676{
14677 struct wireless_dev *wdev = dev->ieee80211_ptr;
14678 struct wiphy *wiphy = wdev->wiphy;
14679 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
14680
14681 ASSERT_WDEV_LOCK(wdev);
14682
14683 trace_cfg80211_ch_switch_notify(dev, chandef);
14684
14685 wdev->chandef = *chandef;
14686 wdev->preset_chandef = *chandef;
14687 nl80211_ch_switch_notify(rdev, dev, chandef, GFP_KERNEL,
14688 NL80211_CMD_CH_SWITCH_NOTIFY, 0);
14689}
14690EXPORT_SYMBOL(cfg80211_ch_switch_notify);
14691
14692void cfg80211_ch_switch_started_notify(struct net_device *dev,
14693 struct cfg80211_chan_def *chandef,
14694 u8 count)
14695{
14696 struct wireless_dev *wdev = dev->ieee80211_ptr;
14697 struct wiphy *wiphy = wdev->wiphy;
14698 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
14699
14700 trace_cfg80211_ch_switch_started_notify(dev, chandef);
14701
14702 nl80211_ch_switch_notify(rdev, dev, chandef, GFP_KERNEL,
14703 NL80211_CMD_CH_SWITCH_STARTED_NOTIFY, count);
14704}
14705EXPORT_SYMBOL(cfg80211_ch_switch_started_notify);
14706
14707void
14708nl80211_radar_notify(struct cfg80211_registered_device *rdev,
14709 const struct cfg80211_chan_def *chandef,
14710 enum nl80211_radar_event event,
14711 struct net_device *netdev, gfp_t gfp)
14712{
14713 struct sk_buff *msg;
14714 void *hdr;
14715
14716 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
14717 if (!msg)
14718 return;
14719
14720 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_RADAR_DETECT);
14721 if (!hdr) {
14722 nlmsg_free(msg);
14723 return;
14724 }
14725
14726 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
14727 goto nla_put_failure;
14728
14729
14730 if (netdev) {
14731 struct wireless_dev *wdev = netdev->ieee80211_ptr;
14732
14733 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
14734 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
14735 NL80211_ATTR_PAD))
14736 goto nla_put_failure;
14737 }
14738
14739 if (nla_put_u32(msg, NL80211_ATTR_RADAR_EVENT, event))
14740 goto nla_put_failure;
14741
14742 if (nl80211_send_chandef(msg, chandef))
14743 goto nla_put_failure;
14744
14745 genlmsg_end(msg, hdr);
14746
14747 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14748 NL80211_MCGRP_MLME, gfp);
14749 return;
14750
14751 nla_put_failure:
14752 genlmsg_cancel(msg, hdr);
14753 nlmsg_free(msg);
14754}
14755
14756void cfg80211_probe_status(struct net_device *dev, const u8 *addr,
14757 u64 cookie, bool acked, gfp_t gfp)
14758{
14759 struct wireless_dev *wdev = dev->ieee80211_ptr;
14760 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
14761 struct sk_buff *msg;
14762 void *hdr;
14763
14764 trace_cfg80211_probe_status(dev, addr, cookie, acked);
14765
14766 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
14767
14768 if (!msg)
14769 return;
14770
14771 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PROBE_CLIENT);
14772 if (!hdr) {
14773 nlmsg_free(msg);
14774 return;
14775 }
14776
14777 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14778 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
14779 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
14780 nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
14781 NL80211_ATTR_PAD) ||
14782 (acked && nla_put_flag(msg, NL80211_ATTR_ACK)))
14783 goto nla_put_failure;
14784
14785 genlmsg_end(msg, hdr);
14786
14787 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14788 NL80211_MCGRP_MLME, gfp);
14789 return;
14790
14791 nla_put_failure:
14792 genlmsg_cancel(msg, hdr);
14793 nlmsg_free(msg);
14794}
14795EXPORT_SYMBOL(cfg80211_probe_status);
14796
14797void cfg80211_report_obss_beacon(struct wiphy *wiphy,
14798 const u8 *frame, size_t len,
14799 int freq, int sig_dbm)
14800{
14801 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
14802 struct sk_buff *msg;
14803 void *hdr;
14804 struct cfg80211_beacon_registration *reg;
14805
14806 trace_cfg80211_report_obss_beacon(wiphy, frame, len, freq, sig_dbm);
14807
14808 spin_lock_bh(&rdev->beacon_registrations_lock);
14809 list_for_each_entry(reg, &rdev->beacon_registrations, list) {
14810 msg = nlmsg_new(len + 100, GFP_ATOMIC);
14811 if (!msg) {
14812 spin_unlock_bh(&rdev->beacon_registrations_lock);
14813 return;
14814 }
14815
14816 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
14817 if (!hdr)
14818 goto nla_put_failure;
14819
14820 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14821 (freq &&
14822 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq)) ||
14823 (sig_dbm &&
14824 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) ||
14825 nla_put(msg, NL80211_ATTR_FRAME, len, frame))
14826 goto nla_put_failure;
14827
14828 genlmsg_end(msg, hdr);
14829
14830 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, reg->nlportid);
14831 }
14832 spin_unlock_bh(&rdev->beacon_registrations_lock);
14833 return;
14834
14835 nla_put_failure:
14836 spin_unlock_bh(&rdev->beacon_registrations_lock);
14837 if (hdr)
14838 genlmsg_cancel(msg, hdr);
14839 nlmsg_free(msg);
14840}
14841EXPORT_SYMBOL(cfg80211_report_obss_beacon);
14842
14843#ifdef CONFIG_PM
14844static int cfg80211_net_detect_results(struct sk_buff *msg,
14845 struct cfg80211_wowlan_wakeup *wakeup)
14846{
14847 struct cfg80211_wowlan_nd_info *nd = wakeup->net_detect;
14848 struct nlattr *nl_results, *nl_match, *nl_freqs;
14849 int i, j;
14850
14851 nl_results = nla_nest_start(
14852 msg, NL80211_WOWLAN_TRIG_NET_DETECT_RESULTS);
14853 if (!nl_results)
14854 return -EMSGSIZE;
14855
14856 for (i = 0; i < nd->n_matches; i++) {
14857 struct cfg80211_wowlan_nd_match *match = nd->matches[i];
14858
14859 nl_match = nla_nest_start(msg, i);
14860 if (!nl_match)
14861 break;
14862
14863
14864
14865
14866
14867
14868
14869
14870 if (nla_put(msg, NL80211_ATTR_SSID, match->ssid.ssid_len,
14871 match->ssid.ssid)) {
14872 nla_nest_cancel(msg, nl_match);
14873 goto out;
14874 }
14875
14876 if (match->n_channels) {
14877 nl_freqs = nla_nest_start(
14878 msg, NL80211_ATTR_SCAN_FREQUENCIES);
14879 if (!nl_freqs) {
14880 nla_nest_cancel(msg, nl_match);
14881 goto out;
14882 }
14883
14884 for (j = 0; j < match->n_channels; j++) {
14885 if (nla_put_u32(msg, j, match->channels[j])) {
14886 nla_nest_cancel(msg, nl_freqs);
14887 nla_nest_cancel(msg, nl_match);
14888 goto out;
14889 }
14890 }
14891
14892 nla_nest_end(msg, nl_freqs);
14893 }
14894
14895 nla_nest_end(msg, nl_match);
14896 }
14897
14898out:
14899 nla_nest_end(msg, nl_results);
14900 return 0;
14901}
14902
14903void cfg80211_report_wowlan_wakeup(struct wireless_dev *wdev,
14904 struct cfg80211_wowlan_wakeup *wakeup,
14905 gfp_t gfp)
14906{
14907 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
14908 struct sk_buff *msg;
14909 void *hdr;
14910 int size = 200;
14911
14912 trace_cfg80211_report_wowlan_wakeup(wdev->wiphy, wdev, wakeup);
14913
14914 if (wakeup)
14915 size += wakeup->packet_present_len;
14916
14917 msg = nlmsg_new(size, gfp);
14918 if (!msg)
14919 return;
14920
14921 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_WOWLAN);
14922 if (!hdr)
14923 goto free_msg;
14924
14925 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14926 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
14927 NL80211_ATTR_PAD))
14928 goto free_msg;
14929
14930 if (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
14931 wdev->netdev->ifindex))
14932 goto free_msg;
14933
14934 if (wakeup) {
14935 struct nlattr *reasons;
14936
14937 reasons = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS);
14938 if (!reasons)
14939 goto free_msg;
14940
14941 if (wakeup->disconnect &&
14942 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT))
14943 goto free_msg;
14944 if (wakeup->magic_pkt &&
14945 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT))
14946 goto free_msg;
14947 if (wakeup->gtk_rekey_failure &&
14948 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE))
14949 goto free_msg;
14950 if (wakeup->eap_identity_req &&
14951 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST))
14952 goto free_msg;
14953 if (wakeup->four_way_handshake &&
14954 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE))
14955 goto free_msg;
14956 if (wakeup->rfkill_release &&
14957 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE))
14958 goto free_msg;
14959
14960 if (wakeup->pattern_idx >= 0 &&
14961 nla_put_u32(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
14962 wakeup->pattern_idx))
14963 goto free_msg;
14964
14965 if (wakeup->tcp_match &&
14966 nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_MATCH))
14967 goto free_msg;
14968
14969 if (wakeup->tcp_connlost &&
14970 nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_CONNLOST))
14971 goto free_msg;
14972
14973 if (wakeup->tcp_nomoretokens &&
14974 nla_put_flag(msg,
14975 NL80211_WOWLAN_TRIG_WAKEUP_TCP_NOMORETOKENS))
14976 goto free_msg;
14977
14978 if (wakeup->packet) {
14979 u32 pkt_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211;
14980 u32 len_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211_LEN;
14981
14982 if (!wakeup->packet_80211) {
14983 pkt_attr =
14984 NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023;
14985 len_attr =
14986 NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023_LEN;
14987 }
14988
14989 if (wakeup->packet_len &&
14990 nla_put_u32(msg, len_attr, wakeup->packet_len))
14991 goto free_msg;
14992
14993 if (nla_put(msg, pkt_attr, wakeup->packet_present_len,
14994 wakeup->packet))
14995 goto free_msg;
14996 }
14997
14998 if (wakeup->net_detect &&
14999 cfg80211_net_detect_results(msg, wakeup))
15000 goto free_msg;
15001
15002 nla_nest_end(msg, reasons);
15003 }
15004
15005 genlmsg_end(msg, hdr);
15006
15007 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15008 NL80211_MCGRP_MLME, gfp);
15009 return;
15010
15011 free_msg:
15012 nlmsg_free(msg);
15013}
15014EXPORT_SYMBOL(cfg80211_report_wowlan_wakeup);
15015#endif
15016
15017void cfg80211_tdls_oper_request(struct net_device *dev, const u8 *peer,
15018 enum nl80211_tdls_operation oper,
15019 u16 reason_code, gfp_t gfp)
15020{
15021 struct wireless_dev *wdev = dev->ieee80211_ptr;
15022 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
15023 struct sk_buff *msg;
15024 void *hdr;
15025
15026 trace_cfg80211_tdls_oper_request(wdev->wiphy, dev, peer, oper,
15027 reason_code);
15028
15029 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
15030 if (!msg)
15031 return;
15032
15033 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_TDLS_OPER);
15034 if (!hdr) {
15035 nlmsg_free(msg);
15036 return;
15037 }
15038
15039 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15040 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
15041 nla_put_u8(msg, NL80211_ATTR_TDLS_OPERATION, oper) ||
15042 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer) ||
15043 (reason_code > 0 &&
15044 nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason_code)))
15045 goto nla_put_failure;
15046
15047 genlmsg_end(msg, hdr);
15048
15049 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15050 NL80211_MCGRP_MLME, gfp);
15051 return;
15052
15053 nla_put_failure:
15054 genlmsg_cancel(msg, hdr);
15055 nlmsg_free(msg);
15056}
15057EXPORT_SYMBOL(cfg80211_tdls_oper_request);
15058
15059static int nl80211_netlink_notify(struct notifier_block * nb,
15060 unsigned long state,
15061 void *_notify)
15062{
15063 struct netlink_notify *notify = _notify;
15064 struct cfg80211_registered_device *rdev;
15065 struct wireless_dev *wdev;
15066 struct cfg80211_beacon_registration *reg, *tmp;
15067
15068 if (state != NETLINK_URELEASE || notify->protocol != NETLINK_GENERIC)
15069 return NOTIFY_DONE;
15070
15071 rcu_read_lock();
15072
15073 list_for_each_entry_rcu(rdev, &cfg80211_rdev_list, list) {
15074 struct cfg80211_sched_scan_request *sched_scan_req;
15075
15076 list_for_each_entry_rcu(sched_scan_req,
15077 &rdev->sched_scan_req_list,
15078 list) {
15079 if (sched_scan_req->owner_nlportid == notify->portid) {
15080 sched_scan_req->nl_owner_dead = true;
15081 schedule_work(&rdev->sched_scan_stop_wk);
15082 }
15083 }
15084
15085 list_for_each_entry_rcu(wdev, &rdev->wiphy.wdev_list, list) {
15086 cfg80211_mlme_unregister_socket(wdev, notify->portid);
15087
15088 if (wdev->owner_nlportid == notify->portid) {
15089 wdev->nl_owner_dead = true;
15090 schedule_work(&rdev->destroy_work);
15091 } else if (wdev->conn_owner_nlportid == notify->portid) {
15092 schedule_work(&wdev->disconnect_wk);
15093 }
15094 }
15095
15096 spin_lock_bh(&rdev->beacon_registrations_lock);
15097 list_for_each_entry_safe(reg, tmp, &rdev->beacon_registrations,
15098 list) {
15099 if (reg->nlportid == notify->portid) {
15100 list_del(®->list);
15101 kfree(reg);
15102 break;
15103 }
15104 }
15105 spin_unlock_bh(&rdev->beacon_registrations_lock);
15106 }
15107
15108 rcu_read_unlock();
15109
15110
15111
15112
15113
15114 regulatory_netlink_notify(notify->portid);
15115 return NOTIFY_OK;
15116}
15117
15118static struct notifier_block nl80211_netlink_notifier = {
15119 .notifier_call = nl80211_netlink_notify,
15120};
15121
15122void cfg80211_ft_event(struct net_device *netdev,
15123 struct cfg80211_ft_event_params *ft_event)
15124{
15125 struct wiphy *wiphy = netdev->ieee80211_ptr->wiphy;
15126 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15127 struct sk_buff *msg;
15128 void *hdr;
15129
15130 trace_cfg80211_ft_event(wiphy, netdev, ft_event);
15131
15132 if (!ft_event->target_ap)
15133 return;
15134
15135 msg = nlmsg_new(100 + ft_event->ric_ies_len, GFP_KERNEL);
15136 if (!msg)
15137 return;
15138
15139 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FT_EVENT);
15140 if (!hdr)
15141 goto out;
15142
15143 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15144 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
15145 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, ft_event->target_ap))
15146 goto out;
15147
15148 if (ft_event->ies &&
15149 nla_put(msg, NL80211_ATTR_IE, ft_event->ies_len, ft_event->ies))
15150 goto out;
15151 if (ft_event->ric_ies &&
15152 nla_put(msg, NL80211_ATTR_IE_RIC, ft_event->ric_ies_len,
15153 ft_event->ric_ies))
15154 goto out;
15155
15156 genlmsg_end(msg, hdr);
15157
15158 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15159 NL80211_MCGRP_MLME, GFP_KERNEL);
15160 return;
15161 out:
15162 nlmsg_free(msg);
15163}
15164EXPORT_SYMBOL(cfg80211_ft_event);
15165
15166void cfg80211_crit_proto_stopped(struct wireless_dev *wdev, gfp_t gfp)
15167{
15168 struct cfg80211_registered_device *rdev;
15169 struct sk_buff *msg;
15170 void *hdr;
15171 u32 nlportid;
15172
15173 rdev = wiphy_to_rdev(wdev->wiphy);
15174 if (!rdev->crit_proto_nlportid)
15175 return;
15176
15177 nlportid = rdev->crit_proto_nlportid;
15178 rdev->crit_proto_nlportid = 0;
15179
15180 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
15181 if (!msg)
15182 return;
15183
15184 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CRIT_PROTOCOL_STOP);
15185 if (!hdr)
15186 goto nla_put_failure;
15187
15188 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15189 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
15190 NL80211_ATTR_PAD))
15191 goto nla_put_failure;
15192
15193 genlmsg_end(msg, hdr);
15194
15195 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
15196 return;
15197
15198 nla_put_failure:
15199 if (hdr)
15200 genlmsg_cancel(msg, hdr);
15201 nlmsg_free(msg);
15202}
15203EXPORT_SYMBOL(cfg80211_crit_proto_stopped);
15204
15205void nl80211_send_ap_stopped(struct wireless_dev *wdev)
15206{
15207 struct wiphy *wiphy = wdev->wiphy;
15208 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15209 struct sk_buff *msg;
15210 void *hdr;
15211
15212 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
15213 if (!msg)
15214 return;
15215
15216 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_STOP_AP);
15217 if (!hdr)
15218 goto out;
15219
15220 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15221 nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex) ||
15222 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
15223 NL80211_ATTR_PAD))
15224 goto out;
15225
15226 genlmsg_end(msg, hdr);
15227
15228 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(wiphy), msg, 0,
15229 NL80211_MCGRP_MLME, GFP_KERNEL);
15230 return;
15231 out:
15232 nlmsg_free(msg);
15233}
15234
15235
15236
15237int nl80211_init(void)
15238{
15239 int err;
15240
15241 err = genl_register_family(&nl80211_fam);
15242 if (err)
15243 return err;
15244
15245 err = netlink_register_notifier(&nl80211_netlink_notifier);
15246 if (err)
15247 goto err_out;
15248
15249 return 0;
15250 err_out:
15251 genl_unregister_family(&nl80211_fam);
15252 return err;
15253}
15254
15255void nl80211_exit(void)
15256{
15257 netlink_unregister_notifier(&nl80211_netlink_notifier);
15258 genl_unregister_family(&nl80211_fam);
15259}
15260
