1
2
3
4
5
6
7
8
9#include <linux/if.h>
10#include <linux/module.h>
11#include <linux/err.h>
12#include <linux/slab.h>
13#include <linux/list.h>
14#include <linux/if_ether.h>
15#include <linux/ieee80211.h>
16#include <linux/nl80211.h>
17#include <linux/rtnetlink.h>
18#include <linux/netlink.h>
19#include <linux/etherdevice.h>
20#include <net/net_namespace.h>
21#include <net/genetlink.h>
22#include <net/cfg80211.h>
23#include <net/sock.h>
24#include <net/inet_connection_sock.h>
25#include "core.h"
26#include "nl80211.h"
27#include "reg.h"
28#include "rdev-ops.h"
29
30static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
31 struct genl_info *info,
32 struct cfg80211_crypto_settings *settings,
33 int cipher_limit);
34
35static int nl80211_pre_doit(const struct genl_ops *ops, struct sk_buff *skb,
36 struct genl_info *info);
37static void nl80211_post_doit(const struct genl_ops *ops, struct sk_buff *skb,
38 struct genl_info *info);
39
40
41static struct genl_family nl80211_fam = {
42 .id = GENL_ID_GENERATE,
43 .name = NL80211_GENL_NAME,
44 .hdrsize = 0,
45 .version = 1,
46 .maxattr = NL80211_ATTR_MAX,
47 .netnsok = true,
48 .pre_doit = nl80211_pre_doit,
49 .post_doit = nl80211_post_doit,
50};
51
52
53enum nl80211_multicast_groups {
54 NL80211_MCGRP_CONFIG,
55 NL80211_MCGRP_SCAN,
56 NL80211_MCGRP_REGULATORY,
57 NL80211_MCGRP_MLME,
58 NL80211_MCGRP_VENDOR,
59 NL80211_MCGRP_TESTMODE
60};
61
62static const struct genl_multicast_group nl80211_mcgrps[] = {
63 [NL80211_MCGRP_CONFIG] = { .name = NL80211_MULTICAST_GROUP_CONFIG },
64 [NL80211_MCGRP_SCAN] = { .name = NL80211_MULTICAST_GROUP_SCAN },
65 [NL80211_MCGRP_REGULATORY] = { .name = NL80211_MULTICAST_GROUP_REG },
66 [NL80211_MCGRP_MLME] = { .name = NL80211_MULTICAST_GROUP_MLME },
67 [NL80211_MCGRP_VENDOR] = { .name = NL80211_MULTICAST_GROUP_VENDOR },
68#ifdef CONFIG_NL80211_TESTMODE
69 [NL80211_MCGRP_TESTMODE] = { .name = NL80211_MULTICAST_GROUP_TESTMODE }
70#endif
71};
72
73
74static struct wireless_dev *
75__cfg80211_wdev_from_attrs(struct net *netns, struct nlattr **attrs)
76{
77 struct cfg80211_registered_device *rdev;
78 struct wireless_dev *result = NULL;
79 bool have_ifidx = attrs[NL80211_ATTR_IFINDEX];
80 bool have_wdev_id = attrs[NL80211_ATTR_WDEV];
81 u64 wdev_id;
82 int wiphy_idx = -1;
83 int ifidx = -1;
84
85 ASSERT_RTNL();
86
87 if (!have_ifidx && !have_wdev_id)
88 return ERR_PTR(-EINVAL);
89
90 if (have_ifidx)
91 ifidx = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
92 if (have_wdev_id) {
93 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
94 wiphy_idx = wdev_id >> 32;
95 }
96
97 list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
98 struct wireless_dev *wdev;
99
100 if (wiphy_net(&rdev->wiphy) != netns)
101 continue;
102
103 if (have_wdev_id && rdev->wiphy_idx != wiphy_idx)
104 continue;
105
106 list_for_each_entry(wdev, &rdev->wdev_list, list) {
107 if (have_ifidx && wdev->netdev &&
108 wdev->netdev->ifindex == ifidx) {
109 result = wdev;
110 break;
111 }
112 if (have_wdev_id && wdev->identifier == (u32)wdev_id) {
113 result = wdev;
114 break;
115 }
116 }
117
118 if (result)
119 break;
120 }
121
122 if (result)
123 return result;
124 return ERR_PTR(-ENODEV);
125}
126
127static struct cfg80211_registered_device *
128__cfg80211_rdev_from_attrs(struct net *netns, struct nlattr **attrs)
129{
130 struct cfg80211_registered_device *rdev = NULL, *tmp;
131 struct net_device *netdev;
132
133 ASSERT_RTNL();
134
135 if (!attrs[NL80211_ATTR_WIPHY] &&
136 !attrs[NL80211_ATTR_IFINDEX] &&
137 !attrs[NL80211_ATTR_WDEV])
138 return ERR_PTR(-EINVAL);
139
140 if (attrs[NL80211_ATTR_WIPHY])
141 rdev = cfg80211_rdev_by_wiphy_idx(
142 nla_get_u32(attrs[NL80211_ATTR_WIPHY]));
143
144 if (attrs[NL80211_ATTR_WDEV]) {
145 u64 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
146 struct wireless_dev *wdev;
147 bool found = false;
148
149 tmp = cfg80211_rdev_by_wiphy_idx(wdev_id >> 32);
150 if (tmp) {
151
152 list_for_each_entry(wdev, &tmp->wdev_list, list) {
153 if (wdev->identifier != (u32)wdev_id)
154 continue;
155 found = true;
156 break;
157 }
158
159 if (!found)
160 tmp = NULL;
161
162 if (rdev && tmp != rdev)
163 return ERR_PTR(-EINVAL);
164 rdev = tmp;
165 }
166 }
167
168 if (attrs[NL80211_ATTR_IFINDEX]) {
169 int ifindex = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
170 netdev = __dev_get_by_index(netns, ifindex);
171 if (netdev) {
172 if (netdev->ieee80211_ptr)
173 tmp = wiphy_to_rdev(
174 netdev->ieee80211_ptr->wiphy);
175 else
176 tmp = NULL;
177
178
179 if (!tmp)
180 return ERR_PTR(-EINVAL);
181
182
183 if (rdev && tmp != rdev)
184 return ERR_PTR(-EINVAL);
185
186 rdev = tmp;
187 }
188 }
189
190 if (!rdev)
191 return ERR_PTR(-ENODEV);
192
193 if (netns != wiphy_net(&rdev->wiphy))
194 return ERR_PTR(-ENODEV);
195
196 return rdev;
197}
198
199
200
201
202
203
204
205
206static struct cfg80211_registered_device *
207cfg80211_get_dev_from_info(struct net *netns, struct genl_info *info)
208{
209 return __cfg80211_rdev_from_attrs(netns, info->attrs);
210}
211
212
213static const struct nla_policy nl80211_policy[NUM_NL80211_ATTR] = {
214 [NL80211_ATTR_WIPHY] = { .type = NLA_U32 },
215 [NL80211_ATTR_WIPHY_NAME] = { .type = NLA_NUL_STRING,
216 .len = 20-1 },
217 [NL80211_ATTR_WIPHY_TXQ_PARAMS] = { .type = NLA_NESTED },
218
219 [NL80211_ATTR_WIPHY_FREQ] = { .type = NLA_U32 },
220 [NL80211_ATTR_WIPHY_CHANNEL_TYPE] = { .type = NLA_U32 },
221 [NL80211_ATTR_CHANNEL_WIDTH] = { .type = NLA_U32 },
222 [NL80211_ATTR_CENTER_FREQ1] = { .type = NLA_U32 },
223 [NL80211_ATTR_CENTER_FREQ2] = { .type = NLA_U32 },
224
225 [NL80211_ATTR_WIPHY_RETRY_SHORT] = { .type = NLA_U8 },
226 [NL80211_ATTR_WIPHY_RETRY_LONG] = { .type = NLA_U8 },
227 [NL80211_ATTR_WIPHY_FRAG_THRESHOLD] = { .type = NLA_U32 },
228 [NL80211_ATTR_WIPHY_RTS_THRESHOLD] = { .type = NLA_U32 },
229 [NL80211_ATTR_WIPHY_COVERAGE_CLASS] = { .type = NLA_U8 },
230 [NL80211_ATTR_WIPHY_DYN_ACK] = { .type = NLA_FLAG },
231
232 [NL80211_ATTR_IFTYPE] = { .type = NLA_U32 },
233 [NL80211_ATTR_IFINDEX] = { .type = NLA_U32 },
234 [NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 },
235
236 [NL80211_ATTR_MAC] = { .len = ETH_ALEN },
237 [NL80211_ATTR_PREV_BSSID] = { .len = ETH_ALEN },
238
239 [NL80211_ATTR_KEY] = { .type = NLA_NESTED, },
240 [NL80211_ATTR_KEY_DATA] = { .type = NLA_BINARY,
241 .len = WLAN_MAX_KEY_LEN },
242 [NL80211_ATTR_KEY_IDX] = { .type = NLA_U8 },
243 [NL80211_ATTR_KEY_CIPHER] = { .type = NLA_U32 },
244 [NL80211_ATTR_KEY_DEFAULT] = { .type = NLA_FLAG },
245 [NL80211_ATTR_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
246 [NL80211_ATTR_KEY_TYPE] = { .type = NLA_U32 },
247
248 [NL80211_ATTR_BEACON_INTERVAL] = { .type = NLA_U32 },
249 [NL80211_ATTR_DTIM_PERIOD] = { .type = NLA_U32 },
250 [NL80211_ATTR_BEACON_HEAD] = { .type = NLA_BINARY,
251 .len = IEEE80211_MAX_DATA_LEN },
252 [NL80211_ATTR_BEACON_TAIL] = { .type = NLA_BINARY,
253 .len = IEEE80211_MAX_DATA_LEN },
254 [NL80211_ATTR_STA_AID] = { .type = NLA_U16 },
255 [NL80211_ATTR_STA_FLAGS] = { .type = NLA_NESTED },
256 [NL80211_ATTR_STA_LISTEN_INTERVAL] = { .type = NLA_U16 },
257 [NL80211_ATTR_STA_SUPPORTED_RATES] = { .type = NLA_BINARY,
258 .len = NL80211_MAX_SUPP_RATES },
259 [NL80211_ATTR_STA_PLINK_ACTION] = { .type = NLA_U8 },
260 [NL80211_ATTR_STA_VLAN] = { .type = NLA_U32 },
261 [NL80211_ATTR_MNTR_FLAGS] = { },
262 [NL80211_ATTR_MESH_ID] = { .type = NLA_BINARY,
263 .len = IEEE80211_MAX_MESH_ID_LEN },
264 [NL80211_ATTR_MPATH_NEXT_HOP] = { .type = NLA_U32 },
265
266 [NL80211_ATTR_REG_ALPHA2] = { .type = NLA_STRING, .len = 2 },
267 [NL80211_ATTR_REG_RULES] = { .type = NLA_NESTED },
268
269 [NL80211_ATTR_BSS_CTS_PROT] = { .type = NLA_U8 },
270 [NL80211_ATTR_BSS_SHORT_PREAMBLE] = { .type = NLA_U8 },
271 [NL80211_ATTR_BSS_SHORT_SLOT_TIME] = { .type = NLA_U8 },
272 [NL80211_ATTR_BSS_BASIC_RATES] = { .type = NLA_BINARY,
273 .len = NL80211_MAX_SUPP_RATES },
274 [NL80211_ATTR_BSS_HT_OPMODE] = { .type = NLA_U16 },
275
276 [NL80211_ATTR_MESH_CONFIG] = { .type = NLA_NESTED },
277 [NL80211_ATTR_SUPPORT_MESH_AUTH] = { .type = NLA_FLAG },
278
279 [NL80211_ATTR_HT_CAPABILITY] = { .len = NL80211_HT_CAPABILITY_LEN },
280
281 [NL80211_ATTR_MGMT_SUBTYPE] = { .type = NLA_U8 },
282 [NL80211_ATTR_IE] = { .type = NLA_BINARY,
283 .len = IEEE80211_MAX_DATA_LEN },
284 [NL80211_ATTR_SCAN_FREQUENCIES] = { .type = NLA_NESTED },
285 [NL80211_ATTR_SCAN_SSIDS] = { .type = NLA_NESTED },
286
287 [NL80211_ATTR_SSID] = { .type = NLA_BINARY,
288 .len = IEEE80211_MAX_SSID_LEN },
289 [NL80211_ATTR_AUTH_TYPE] = { .type = NLA_U32 },
290 [NL80211_ATTR_REASON_CODE] = { .type = NLA_U16 },
291 [NL80211_ATTR_FREQ_FIXED] = { .type = NLA_FLAG },
292 [NL80211_ATTR_TIMED_OUT] = { .type = NLA_FLAG },
293 [NL80211_ATTR_USE_MFP] = { .type = NLA_U32 },
294 [NL80211_ATTR_STA_FLAGS2] = {
295 .len = sizeof(struct nl80211_sta_flag_update),
296 },
297 [NL80211_ATTR_CONTROL_PORT] = { .type = NLA_FLAG },
298 [NL80211_ATTR_CONTROL_PORT_ETHERTYPE] = { .type = NLA_U16 },
299 [NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT] = { .type = NLA_FLAG },
300 [NL80211_ATTR_PRIVACY] = { .type = NLA_FLAG },
301 [NL80211_ATTR_CIPHER_SUITE_GROUP] = { .type = NLA_U32 },
302 [NL80211_ATTR_WPA_VERSIONS] = { .type = NLA_U32 },
303 [NL80211_ATTR_PID] = { .type = NLA_U32 },
304 [NL80211_ATTR_4ADDR] = { .type = NLA_U8 },
305 [NL80211_ATTR_PMKID] = { .type = NLA_BINARY,
306 .len = WLAN_PMKID_LEN },
307 [NL80211_ATTR_DURATION] = { .type = NLA_U32 },
308 [NL80211_ATTR_COOKIE] = { .type = NLA_U64 },
309 [NL80211_ATTR_TX_RATES] = { .type = NLA_NESTED },
310 [NL80211_ATTR_FRAME] = { .type = NLA_BINARY,
311 .len = IEEE80211_MAX_DATA_LEN },
312 [NL80211_ATTR_FRAME_MATCH] = { .type = NLA_BINARY, },
313 [NL80211_ATTR_PS_STATE] = { .type = NLA_U32 },
314 [NL80211_ATTR_CQM] = { .type = NLA_NESTED, },
315 [NL80211_ATTR_LOCAL_STATE_CHANGE] = { .type = NLA_FLAG },
316 [NL80211_ATTR_AP_ISOLATE] = { .type = NLA_U8 },
317 [NL80211_ATTR_WIPHY_TX_POWER_SETTING] = { .type = NLA_U32 },
318 [NL80211_ATTR_WIPHY_TX_POWER_LEVEL] = { .type = NLA_U32 },
319 [NL80211_ATTR_FRAME_TYPE] = { .type = NLA_U16 },
320 [NL80211_ATTR_WIPHY_ANTENNA_TX] = { .type = NLA_U32 },
321 [NL80211_ATTR_WIPHY_ANTENNA_RX] = { .type = NLA_U32 },
322 [NL80211_ATTR_MCAST_RATE] = { .type = NLA_U32 },
323 [NL80211_ATTR_OFFCHANNEL_TX_OK] = { .type = NLA_FLAG },
324 [NL80211_ATTR_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
325 [NL80211_ATTR_WOWLAN_TRIGGERS] = { .type = NLA_NESTED },
326 [NL80211_ATTR_STA_PLINK_STATE] = { .type = NLA_U8 },
327 [NL80211_ATTR_SCHED_SCAN_INTERVAL] = { .type = NLA_U32 },
328 [NL80211_ATTR_REKEY_DATA] = { .type = NLA_NESTED },
329 [NL80211_ATTR_SCAN_SUPP_RATES] = { .type = NLA_NESTED },
330 [NL80211_ATTR_HIDDEN_SSID] = { .type = NLA_U32 },
331 [NL80211_ATTR_IE_PROBE_RESP] = { .type = NLA_BINARY,
332 .len = IEEE80211_MAX_DATA_LEN },
333 [NL80211_ATTR_IE_ASSOC_RESP] = { .type = NLA_BINARY,
334 .len = IEEE80211_MAX_DATA_LEN },
335 [NL80211_ATTR_ROAM_SUPPORT] = { .type = NLA_FLAG },
336 [NL80211_ATTR_SCHED_SCAN_MATCH] = { .type = NLA_NESTED },
337 [NL80211_ATTR_TX_NO_CCK_RATE] = { .type = NLA_FLAG },
338 [NL80211_ATTR_TDLS_ACTION] = { .type = NLA_U8 },
339 [NL80211_ATTR_TDLS_DIALOG_TOKEN] = { .type = NLA_U8 },
340 [NL80211_ATTR_TDLS_OPERATION] = { .type = NLA_U8 },
341 [NL80211_ATTR_TDLS_SUPPORT] = { .type = NLA_FLAG },
342 [NL80211_ATTR_TDLS_EXTERNAL_SETUP] = { .type = NLA_FLAG },
343 [NL80211_ATTR_TDLS_INITIATOR] = { .type = NLA_FLAG },
344 [NL80211_ATTR_DONT_WAIT_FOR_ACK] = { .type = NLA_FLAG },
345 [NL80211_ATTR_PROBE_RESP] = { .type = NLA_BINARY,
346 .len = IEEE80211_MAX_DATA_LEN },
347 [NL80211_ATTR_DFS_REGION] = { .type = NLA_U8 },
348 [NL80211_ATTR_DISABLE_HT] = { .type = NLA_FLAG },
349 [NL80211_ATTR_HT_CAPABILITY_MASK] = {
350 .len = NL80211_HT_CAPABILITY_LEN
351 },
352 [NL80211_ATTR_NOACK_MAP] = { .type = NLA_U16 },
353 [NL80211_ATTR_INACTIVITY_TIMEOUT] = { .type = NLA_U16 },
354 [NL80211_ATTR_BG_SCAN_PERIOD] = { .type = NLA_U16 },
355 [NL80211_ATTR_WDEV] = { .type = NLA_U64 },
356 [NL80211_ATTR_USER_REG_HINT_TYPE] = { .type = NLA_U32 },
357 [NL80211_ATTR_SAE_DATA] = { .type = NLA_BINARY, },
358 [NL80211_ATTR_VHT_CAPABILITY] = { .len = NL80211_VHT_CAPABILITY_LEN },
359 [NL80211_ATTR_SCAN_FLAGS] = { .type = NLA_U32 },
360 [NL80211_ATTR_P2P_CTWINDOW] = { .type = NLA_U8 },
361 [NL80211_ATTR_P2P_OPPPS] = { .type = NLA_U8 },
362 [NL80211_ATTR_ACL_POLICY] = {. type = NLA_U32 },
363 [NL80211_ATTR_MAC_ADDRS] = { .type = NLA_NESTED },
364 [NL80211_ATTR_STA_CAPABILITY] = { .type = NLA_U16 },
365 [NL80211_ATTR_STA_EXT_CAPABILITY] = { .type = NLA_BINARY, },
366 [NL80211_ATTR_SPLIT_WIPHY_DUMP] = { .type = NLA_FLAG, },
367 [NL80211_ATTR_DISABLE_VHT] = { .type = NLA_FLAG },
368 [NL80211_ATTR_VHT_CAPABILITY_MASK] = {
369 .len = NL80211_VHT_CAPABILITY_LEN,
370 },
371 [NL80211_ATTR_MDID] = { .type = NLA_U16 },
372 [NL80211_ATTR_IE_RIC] = { .type = NLA_BINARY,
373 .len = IEEE80211_MAX_DATA_LEN },
374 [NL80211_ATTR_PEER_AID] = { .type = NLA_U16 },
375 [NL80211_ATTR_CH_SWITCH_COUNT] = { .type = NLA_U32 },
376 [NL80211_ATTR_CH_SWITCH_BLOCK_TX] = { .type = NLA_FLAG },
377 [NL80211_ATTR_CSA_IES] = { .type = NLA_NESTED },
378 [NL80211_ATTR_CSA_C_OFF_BEACON] = { .type = NLA_BINARY },
379 [NL80211_ATTR_CSA_C_OFF_PRESP] = { .type = NLA_BINARY },
380 [NL80211_ATTR_STA_SUPPORTED_CHANNELS] = { .type = NLA_BINARY },
381 [NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES] = { .type = NLA_BINARY },
382 [NL80211_ATTR_HANDLE_DFS] = { .type = NLA_FLAG },
383 [NL80211_ATTR_OPMODE_NOTIF] = { .type = NLA_U8 },
384 [NL80211_ATTR_VENDOR_ID] = { .type = NLA_U32 },
385 [NL80211_ATTR_VENDOR_SUBCMD] = { .type = NLA_U32 },
386 [NL80211_ATTR_VENDOR_DATA] = { .type = NLA_BINARY },
387 [NL80211_ATTR_QOS_MAP] = { .type = NLA_BINARY,
388 .len = IEEE80211_QOS_MAP_LEN_MAX },
389 [NL80211_ATTR_MAC_HINT] = { .len = ETH_ALEN },
390 [NL80211_ATTR_WIPHY_FREQ_HINT] = { .type = NLA_U32 },
391 [NL80211_ATTR_TDLS_PEER_CAPABILITY] = { .type = NLA_U32 },
392 [NL80211_ATTR_SOCKET_OWNER] = { .type = NLA_FLAG },
393 [NL80211_ATTR_CSA_C_OFFSETS_TX] = { .type = NLA_BINARY },
394 [NL80211_ATTR_USE_RRM] = { .type = NLA_FLAG },
395 [NL80211_ATTR_TSID] = { .type = NLA_U8 },
396 [NL80211_ATTR_USER_PRIO] = { .type = NLA_U8 },
397 [NL80211_ATTR_ADMITTED_TIME] = { .type = NLA_U16 },
398 [NL80211_ATTR_SMPS_MODE] = { .type = NLA_U8 },
399 [NL80211_ATTR_MAC_MASK] = { .len = ETH_ALEN },
400 [NL80211_ATTR_WIPHY_SELF_MANAGED_REG] = { .type = NLA_FLAG },
401 [NL80211_ATTR_NETNS_FD] = { .type = NLA_U32 },
402 [NL80211_ATTR_SCHED_SCAN_DELAY] = { .type = NLA_U32 },
403 [NL80211_ATTR_REG_INDOOR] = { .type = NLA_FLAG },
404};
405
406
407static const struct nla_policy nl80211_key_policy[NL80211_KEY_MAX + 1] = {
408 [NL80211_KEY_DATA] = { .type = NLA_BINARY, .len = WLAN_MAX_KEY_LEN },
409 [NL80211_KEY_IDX] = { .type = NLA_U8 },
410 [NL80211_KEY_CIPHER] = { .type = NLA_U32 },
411 [NL80211_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
412 [NL80211_KEY_DEFAULT] = { .type = NLA_FLAG },
413 [NL80211_KEY_DEFAULT_MGMT] = { .type = NLA_FLAG },
414 [NL80211_KEY_TYPE] = { .type = NLA_U32 },
415 [NL80211_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
416};
417
418
419static const struct nla_policy
420nl80211_key_default_policy[NUM_NL80211_KEY_DEFAULT_TYPES] = {
421 [NL80211_KEY_DEFAULT_TYPE_UNICAST] = { .type = NLA_FLAG },
422 [NL80211_KEY_DEFAULT_TYPE_MULTICAST] = { .type = NLA_FLAG },
423};
424
425
426static const struct nla_policy
427nl80211_wowlan_policy[NUM_NL80211_WOWLAN_TRIG] = {
428 [NL80211_WOWLAN_TRIG_ANY] = { .type = NLA_FLAG },
429 [NL80211_WOWLAN_TRIG_DISCONNECT] = { .type = NLA_FLAG },
430 [NL80211_WOWLAN_TRIG_MAGIC_PKT] = { .type = NLA_FLAG },
431 [NL80211_WOWLAN_TRIG_PKT_PATTERN] = { .type = NLA_NESTED },
432 [NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE] = { .type = NLA_FLAG },
433 [NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST] = { .type = NLA_FLAG },
434 [NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE] = { .type = NLA_FLAG },
435 [NL80211_WOWLAN_TRIG_RFKILL_RELEASE] = { .type = NLA_FLAG },
436 [NL80211_WOWLAN_TRIG_TCP_CONNECTION] = { .type = NLA_NESTED },
437 [NL80211_WOWLAN_TRIG_NET_DETECT] = { .type = NLA_NESTED },
438};
439
440static const struct nla_policy
441nl80211_wowlan_tcp_policy[NUM_NL80211_WOWLAN_TCP] = {
442 [NL80211_WOWLAN_TCP_SRC_IPV4] = { .type = NLA_U32 },
443 [NL80211_WOWLAN_TCP_DST_IPV4] = { .type = NLA_U32 },
444 [NL80211_WOWLAN_TCP_DST_MAC] = { .len = ETH_ALEN },
445 [NL80211_WOWLAN_TCP_SRC_PORT] = { .type = NLA_U16 },
446 [NL80211_WOWLAN_TCP_DST_PORT] = { .type = NLA_U16 },
447 [NL80211_WOWLAN_TCP_DATA_PAYLOAD] = { .len = 1 },
448 [NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ] = {
449 .len = sizeof(struct nl80211_wowlan_tcp_data_seq)
450 },
451 [NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN] = {
452 .len = sizeof(struct nl80211_wowlan_tcp_data_token)
453 },
454 [NL80211_WOWLAN_TCP_DATA_INTERVAL] = { .type = NLA_U32 },
455 [NL80211_WOWLAN_TCP_WAKE_PAYLOAD] = { .len = 1 },
456 [NL80211_WOWLAN_TCP_WAKE_MASK] = { .len = 1 },
457};
458
459
460static const struct nla_policy
461nl80211_coalesce_policy[NUM_NL80211_ATTR_COALESCE_RULE] = {
462 [NL80211_ATTR_COALESCE_RULE_DELAY] = { .type = NLA_U32 },
463 [NL80211_ATTR_COALESCE_RULE_CONDITION] = { .type = NLA_U32 },
464 [NL80211_ATTR_COALESCE_RULE_PKT_PATTERN] = { .type = NLA_NESTED },
465};
466
467
468static const struct nla_policy
469nl80211_rekey_policy[NUM_NL80211_REKEY_DATA] = {
470 [NL80211_REKEY_DATA_KEK] = { .len = NL80211_KEK_LEN },
471 [NL80211_REKEY_DATA_KCK] = { .len = NL80211_KCK_LEN },
472 [NL80211_REKEY_DATA_REPLAY_CTR] = { .len = NL80211_REPLAY_CTR_LEN },
473};
474
475static const struct nla_policy
476nl80211_match_policy[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1] = {
477 [NL80211_SCHED_SCAN_MATCH_ATTR_SSID] = { .type = NLA_BINARY,
478 .len = IEEE80211_MAX_SSID_LEN },
479 [NL80211_SCHED_SCAN_MATCH_ATTR_RSSI] = { .type = NLA_U32 },
480};
481
482static const struct nla_policy
483nl80211_plan_policy[NL80211_SCHED_SCAN_PLAN_MAX + 1] = {
484 [NL80211_SCHED_SCAN_PLAN_INTERVAL] = { .type = NLA_U32 },
485 [NL80211_SCHED_SCAN_PLAN_ITERATIONS] = { .type = NLA_U32 },
486};
487
488static int nl80211_prepare_wdev_dump(struct sk_buff *skb,
489 struct netlink_callback *cb,
490 struct cfg80211_registered_device **rdev,
491 struct wireless_dev **wdev)
492{
493 int err;
494
495 rtnl_lock();
496
497 if (!cb->args[0]) {
498 err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
499 nl80211_fam.attrbuf, nl80211_fam.maxattr,
500 nl80211_policy);
501 if (err)
502 goto out_unlock;
503
504 *wdev = __cfg80211_wdev_from_attrs(sock_net(skb->sk),
505 nl80211_fam.attrbuf);
506 if (IS_ERR(*wdev)) {
507 err = PTR_ERR(*wdev);
508 goto out_unlock;
509 }
510 *rdev = wiphy_to_rdev((*wdev)->wiphy);
511
512 cb->args[0] = (*rdev)->wiphy_idx + 1;
513 cb->args[1] = (*wdev)->identifier;
514 } else {
515
516 struct wiphy *wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1);
517 struct wireless_dev *tmp;
518
519 if (!wiphy) {
520 err = -ENODEV;
521 goto out_unlock;
522 }
523 *rdev = wiphy_to_rdev(wiphy);
524 *wdev = NULL;
525
526 list_for_each_entry(tmp, &(*rdev)->wdev_list, list) {
527 if (tmp->identifier == cb->args[1]) {
528 *wdev = tmp;
529 break;
530 }
531 }
532
533 if (!*wdev) {
534 err = -ENODEV;
535 goto out_unlock;
536 }
537 }
538
539 return 0;
540 out_unlock:
541 rtnl_unlock();
542 return err;
543}
544
545static void nl80211_finish_wdev_dump(struct cfg80211_registered_device *rdev)
546{
547 rtnl_unlock();
548}
549
550
551static bool is_valid_ie_attr(const struct nlattr *attr)
552{
553 const u8 *pos;
554 int len;
555
556 if (!attr)
557 return true;
558
559 pos = nla_data(attr);
560 len = nla_len(attr);
561
562 while (len) {
563 u8 elemlen;
564
565 if (len < 2)
566 return false;
567 len -= 2;
568
569 elemlen = pos[1];
570 if (elemlen > len)
571 return false;
572
573 len -= elemlen;
574 pos += 2 + elemlen;
575 }
576
577 return true;
578}
579
580
581static inline void *nl80211hdr_put(struct sk_buff *skb, u32 portid, u32 seq,
582 int flags, u8 cmd)
583{
584
585 return genlmsg_put(skb, portid, seq, &nl80211_fam, flags, cmd);
586}
587
588static int nl80211_msg_put_channel(struct sk_buff *msg,
589 struct ieee80211_channel *chan,
590 bool large)
591{
592
593
594
595 if (!large && chan->flags &
596 (IEEE80211_CHAN_NO_10MHZ | IEEE80211_CHAN_NO_20MHZ))
597 return 0;
598
599 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_FREQ,
600 chan->center_freq))
601 goto nla_put_failure;
602
603 if ((chan->flags & IEEE80211_CHAN_DISABLED) &&
604 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_DISABLED))
605 goto nla_put_failure;
606 if (chan->flags & IEEE80211_CHAN_NO_IR) {
607 if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_IR))
608 goto nla_put_failure;
609 if (nla_put_flag(msg, __NL80211_FREQUENCY_ATTR_NO_IBSS))
610 goto nla_put_failure;
611 }
612 if (chan->flags & IEEE80211_CHAN_RADAR) {
613 if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_RADAR))
614 goto nla_put_failure;
615 if (large) {
616 u32 time;
617
618 time = elapsed_jiffies_msecs(chan->dfs_state_entered);
619
620 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_STATE,
621 chan->dfs_state))
622 goto nla_put_failure;
623 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_TIME,
624 time))
625 goto nla_put_failure;
626 if (nla_put_u32(msg,
627 NL80211_FREQUENCY_ATTR_DFS_CAC_TIME,
628 chan->dfs_cac_ms))
629 goto nla_put_failure;
630 }
631 }
632
633 if (large) {
634 if ((chan->flags & IEEE80211_CHAN_NO_HT40MINUS) &&
635 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_MINUS))
636 goto nla_put_failure;
637 if ((chan->flags & IEEE80211_CHAN_NO_HT40PLUS) &&
638 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_PLUS))
639 goto nla_put_failure;
640 if ((chan->flags & IEEE80211_CHAN_NO_80MHZ) &&
641 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_80MHZ))
642 goto nla_put_failure;
643 if ((chan->flags & IEEE80211_CHAN_NO_160MHZ) &&
644 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_160MHZ))
645 goto nla_put_failure;
646 if ((chan->flags & IEEE80211_CHAN_INDOOR_ONLY) &&
647 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_INDOOR_ONLY))
648 goto nla_put_failure;
649 if ((chan->flags & IEEE80211_CHAN_IR_CONCURRENT) &&
650 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_IR_CONCURRENT))
651 goto nla_put_failure;
652 if ((chan->flags & IEEE80211_CHAN_NO_20MHZ) &&
653 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_20MHZ))
654 goto nla_put_failure;
655 if ((chan->flags & IEEE80211_CHAN_NO_10MHZ) &&
656 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_10MHZ))
657 goto nla_put_failure;
658 }
659
660 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_MAX_TX_POWER,
661 DBM_TO_MBM(chan->max_power)))
662 goto nla_put_failure;
663
664 return 0;
665
666 nla_put_failure:
667 return -ENOBUFS;
668}
669
670
671
672struct key_parse {
673 struct key_params p;
674 int idx;
675 int type;
676 bool def, defmgmt;
677 bool def_uni, def_multi;
678};
679
680static int nl80211_parse_key_new(struct nlattr *key, struct key_parse *k)
681{
682 struct nlattr *tb[NL80211_KEY_MAX + 1];
683 int err = nla_parse_nested(tb, NL80211_KEY_MAX, key,
684 nl80211_key_policy);
685 if (err)
686 return err;
687
688 k->def = !!tb[NL80211_KEY_DEFAULT];
689 k->defmgmt = !!tb[NL80211_KEY_DEFAULT_MGMT];
690
691 if (k->def) {
692 k->def_uni = true;
693 k->def_multi = true;
694 }
695 if (k->defmgmt)
696 k->def_multi = true;
697
698 if (tb[NL80211_KEY_IDX])
699 k->idx = nla_get_u8(tb[NL80211_KEY_IDX]);
700
701 if (tb[NL80211_KEY_DATA]) {
702 k->p.key = nla_data(tb[NL80211_KEY_DATA]);
703 k->p.key_len = nla_len(tb[NL80211_KEY_DATA]);
704 }
705
706 if (tb[NL80211_KEY_SEQ]) {
707 k->p.seq = nla_data(tb[NL80211_KEY_SEQ]);
708 k->p.seq_len = nla_len(tb[NL80211_KEY_SEQ]);
709 }
710
711 if (tb[NL80211_KEY_CIPHER])
712 k->p.cipher = nla_get_u32(tb[NL80211_KEY_CIPHER]);
713
714 if (tb[NL80211_KEY_TYPE]) {
715 k->type = nla_get_u32(tb[NL80211_KEY_TYPE]);
716 if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES)
717 return -EINVAL;
718 }
719
720 if (tb[NL80211_KEY_DEFAULT_TYPES]) {
721 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
722 err = nla_parse_nested(kdt, NUM_NL80211_KEY_DEFAULT_TYPES - 1,
723 tb[NL80211_KEY_DEFAULT_TYPES],
724 nl80211_key_default_policy);
725 if (err)
726 return err;
727
728 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
729 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
730 }
731
732 return 0;
733}
734
735static int nl80211_parse_key_old(struct genl_info *info, struct key_parse *k)
736{
737 if (info->attrs[NL80211_ATTR_KEY_DATA]) {
738 k->p.key = nla_data(info->attrs[NL80211_ATTR_KEY_DATA]);
739 k->p.key_len = nla_len(info->attrs[NL80211_ATTR_KEY_DATA]);
740 }
741
742 if (info->attrs[NL80211_ATTR_KEY_SEQ]) {
743 k->p.seq = nla_data(info->attrs[NL80211_ATTR_KEY_SEQ]);
744 k->p.seq_len = nla_len(info->attrs[NL80211_ATTR_KEY_SEQ]);
745 }
746
747 if (info->attrs[NL80211_ATTR_KEY_IDX])
748 k->idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
749
750 if (info->attrs[NL80211_ATTR_KEY_CIPHER])
751 k->p.cipher = nla_get_u32(info->attrs[NL80211_ATTR_KEY_CIPHER]);
752
753 k->def = !!info->attrs[NL80211_ATTR_KEY_DEFAULT];
754 k->defmgmt = !!info->attrs[NL80211_ATTR_KEY_DEFAULT_MGMT];
755
756 if (k->def) {
757 k->def_uni = true;
758 k->def_multi = true;
759 }
760 if (k->defmgmt)
761 k->def_multi = true;
762
763 if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
764 k->type = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
765 if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES)
766 return -EINVAL;
767 }
768
769 if (info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES]) {
770 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
771 int err = nla_parse_nested(
772 kdt, NUM_NL80211_KEY_DEFAULT_TYPES - 1,
773 info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES],
774 nl80211_key_default_policy);
775 if (err)
776 return err;
777
778 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
779 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
780 }
781
782 return 0;
783}
784
785static int nl80211_parse_key(struct genl_info *info, struct key_parse *k)
786{
787 int err;
788
789 memset(k, 0, sizeof(*k));
790 k->idx = -1;
791 k->type = -1;
792
793 if (info->attrs[NL80211_ATTR_KEY])
794 err = nl80211_parse_key_new(info->attrs[NL80211_ATTR_KEY], k);
795 else
796 err = nl80211_parse_key_old(info, k);
797
798 if (err)
799 return err;
800
801 if (k->def && k->defmgmt)
802 return -EINVAL;
803
804 if (k->defmgmt) {
805 if (k->def_uni || !k->def_multi)
806 return -EINVAL;
807 }
808
809 if (k->idx != -1) {
810 if (k->defmgmt) {
811 if (k->idx < 4 || k->idx > 5)
812 return -EINVAL;
813 } else if (k->def) {
814 if (k->idx < 0 || k->idx > 3)
815 return -EINVAL;
816 } else {
817 if (k->idx < 0 || k->idx > 5)
818 return -EINVAL;
819 }
820 }
821
822 return 0;
823}
824
825static struct cfg80211_cached_keys *
826nl80211_parse_connkeys(struct cfg80211_registered_device *rdev,
827 struct nlattr *keys, bool *no_ht)
828{
829 struct key_parse parse;
830 struct nlattr *key;
831 struct cfg80211_cached_keys *result;
832 int rem, err, def = 0;
833
834 result = kzalloc(sizeof(*result), GFP_KERNEL);
835 if (!result)
836 return ERR_PTR(-ENOMEM);
837
838 result->def = -1;
839 result->defmgmt = -1;
840
841 nla_for_each_nested(key, keys, rem) {
842 memset(&parse, 0, sizeof(parse));
843 parse.idx = -1;
844
845 err = nl80211_parse_key_new(key, &parse);
846 if (err)
847 goto error;
848 err = -EINVAL;
849 if (!parse.p.key)
850 goto error;
851 if (parse.idx < 0 || parse.idx > 4)
852 goto error;
853 if (parse.def) {
854 if (def)
855 goto error;
856 def = 1;
857 result->def = parse.idx;
858 if (!parse.def_uni || !parse.def_multi)
859 goto error;
860 } else if (parse.defmgmt)
861 goto error;
862 err = cfg80211_validate_key_settings(rdev, &parse.p,
863 parse.idx, false, NULL);
864 if (err)
865 goto error;
866 result->params[parse.idx].cipher = parse.p.cipher;
867 result->params[parse.idx].key_len = parse.p.key_len;
868 result->params[parse.idx].key = result->data[parse.idx];
869 memcpy(result->data[parse.idx], parse.p.key, parse.p.key_len);
870
871 if (parse.p.cipher == WLAN_CIPHER_SUITE_WEP40 ||
872 parse.p.cipher == WLAN_CIPHER_SUITE_WEP104) {
873 if (no_ht)
874 *no_ht = true;
875 }
876 }
877
878 return result;
879 error:
880 kfree(result);
881 return ERR_PTR(err);
882}
883
884static int nl80211_key_allowed(struct wireless_dev *wdev)
885{
886 ASSERT_WDEV_LOCK(wdev);
887
888 switch (wdev->iftype) {
889 case NL80211_IFTYPE_AP:
890 case NL80211_IFTYPE_AP_VLAN:
891 case NL80211_IFTYPE_P2P_GO:
892 case NL80211_IFTYPE_MESH_POINT:
893 break;
894 case NL80211_IFTYPE_ADHOC:
895 case NL80211_IFTYPE_STATION:
896 case NL80211_IFTYPE_P2P_CLIENT:
897 if (!wdev->current_bss)
898 return -ENOLINK;
899 break;
900 case NL80211_IFTYPE_UNSPECIFIED:
901 case NL80211_IFTYPE_OCB:
902 case NL80211_IFTYPE_MONITOR:
903 case NL80211_IFTYPE_P2P_DEVICE:
904 case NL80211_IFTYPE_WDS:
905 case NUM_NL80211_IFTYPES:
906 return -EINVAL;
907 }
908
909 return 0;
910}
911
912static struct ieee80211_channel *nl80211_get_valid_chan(struct wiphy *wiphy,
913 struct nlattr *tb)
914{
915 struct ieee80211_channel *chan;
916
917 if (tb == NULL)
918 return NULL;
919 chan = ieee80211_get_channel(wiphy, nla_get_u32(tb));
920 if (!chan || chan->flags & IEEE80211_CHAN_DISABLED)
921 return NULL;
922 return chan;
923}
924
925static int nl80211_put_iftypes(struct sk_buff *msg, u32 attr, u16 ifmodes)
926{
927 struct nlattr *nl_modes = nla_nest_start(msg, attr);
928 int i;
929
930 if (!nl_modes)
931 goto nla_put_failure;
932
933 i = 0;
934 while (ifmodes) {
935 if ((ifmodes & 1) && nla_put_flag(msg, i))
936 goto nla_put_failure;
937 ifmodes >>= 1;
938 i++;
939 }
940
941 nla_nest_end(msg, nl_modes);
942 return 0;
943
944nla_put_failure:
945 return -ENOBUFS;
946}
947
948static int nl80211_put_iface_combinations(struct wiphy *wiphy,
949 struct sk_buff *msg,
950 bool large)
951{
952 struct nlattr *nl_combis;
953 int i, j;
954
955 nl_combis = nla_nest_start(msg,
956 NL80211_ATTR_INTERFACE_COMBINATIONS);
957 if (!nl_combis)
958 goto nla_put_failure;
959
960 for (i = 0; i < wiphy->n_iface_combinations; i++) {
961 const struct ieee80211_iface_combination *c;
962 struct nlattr *nl_combi, *nl_limits;
963
964 c = &wiphy->iface_combinations[i];
965
966 nl_combi = nla_nest_start(msg, i + 1);
967 if (!nl_combi)
968 goto nla_put_failure;
969
970 nl_limits = nla_nest_start(msg, NL80211_IFACE_COMB_LIMITS);
971 if (!nl_limits)
972 goto nla_put_failure;
973
974 for (j = 0; j < c->n_limits; j++) {
975 struct nlattr *nl_limit;
976
977 nl_limit = nla_nest_start(msg, j + 1);
978 if (!nl_limit)
979 goto nla_put_failure;
980 if (nla_put_u32(msg, NL80211_IFACE_LIMIT_MAX,
981 c->limits[j].max))
982 goto nla_put_failure;
983 if (nl80211_put_iftypes(msg, NL80211_IFACE_LIMIT_TYPES,
984 c->limits[j].types))
985 goto nla_put_failure;
986 nla_nest_end(msg, nl_limit);
987 }
988
989 nla_nest_end(msg, nl_limits);
990
991 if (c->beacon_int_infra_match &&
992 nla_put_flag(msg, NL80211_IFACE_COMB_STA_AP_BI_MATCH))
993 goto nla_put_failure;
994 if (nla_put_u32(msg, NL80211_IFACE_COMB_NUM_CHANNELS,
995 c->num_different_channels) ||
996 nla_put_u32(msg, NL80211_IFACE_COMB_MAXNUM,
997 c->max_interfaces))
998 goto nla_put_failure;
999 if (large &&
1000 (nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_WIDTHS,
1001 c->radar_detect_widths) ||
1002 nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_REGIONS,
1003 c->radar_detect_regions)))
1004 goto nla_put_failure;
1005
1006 nla_nest_end(msg, nl_combi);
1007 }
1008
1009 nla_nest_end(msg, nl_combis);
1010
1011 return 0;
1012nla_put_failure:
1013 return -ENOBUFS;
1014}
1015
1016#ifdef CONFIG_PM
1017static int nl80211_send_wowlan_tcp_caps(struct cfg80211_registered_device *rdev,
1018 struct sk_buff *msg)
1019{
1020 const struct wiphy_wowlan_tcp_support *tcp = rdev->wiphy.wowlan->tcp;
1021 struct nlattr *nl_tcp;
1022
1023 if (!tcp)
1024 return 0;
1025
1026 nl_tcp = nla_nest_start(msg, NL80211_WOWLAN_TRIG_TCP_CONNECTION);
1027 if (!nl_tcp)
1028 return -ENOBUFS;
1029
1030 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
1031 tcp->data_payload_max))
1032 return -ENOBUFS;
1033
1034 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
1035 tcp->data_payload_max))
1036 return -ENOBUFS;
1037
1038 if (tcp->seq && nla_put_flag(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ))
1039 return -ENOBUFS;
1040
1041 if (tcp->tok && nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
1042 sizeof(*tcp->tok), tcp->tok))
1043 return -ENOBUFS;
1044
1045 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
1046 tcp->data_interval_max))
1047 return -ENOBUFS;
1048
1049 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
1050 tcp->wake_payload_max))
1051 return -ENOBUFS;
1052
1053 nla_nest_end(msg, nl_tcp);
1054 return 0;
1055}
1056
1057static int nl80211_send_wowlan(struct sk_buff *msg,
1058 struct cfg80211_registered_device *rdev,
1059 bool large)
1060{
1061 struct nlattr *nl_wowlan;
1062
1063 if (!rdev->wiphy.wowlan)
1064 return 0;
1065
1066 nl_wowlan = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS_SUPPORTED);
1067 if (!nl_wowlan)
1068 return -ENOBUFS;
1069
1070 if (((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_ANY) &&
1071 nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
1072 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_DISCONNECT) &&
1073 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
1074 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT) &&
1075 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
1076 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_SUPPORTS_GTK_REKEY) &&
1077 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED)) ||
1078 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE) &&
1079 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
1080 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ) &&
1081 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
1082 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE) &&
1083 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
1084 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE) &&
1085 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
1086 return -ENOBUFS;
1087
1088 if (rdev->wiphy.wowlan->n_patterns) {
1089 struct nl80211_pattern_support pat = {
1090 .max_patterns = rdev->wiphy.wowlan->n_patterns,
1091 .min_pattern_len = rdev->wiphy.wowlan->pattern_min_len,
1092 .max_pattern_len = rdev->wiphy.wowlan->pattern_max_len,
1093 .max_pkt_offset = rdev->wiphy.wowlan->max_pkt_offset,
1094 };
1095
1096 if (nla_put(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
1097 sizeof(pat), &pat))
1098 return -ENOBUFS;
1099 }
1100
1101 if ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_NET_DETECT) &&
1102 nla_put_u32(msg, NL80211_WOWLAN_TRIG_NET_DETECT,
1103 rdev->wiphy.wowlan->max_nd_match_sets))
1104 return -ENOBUFS;
1105
1106 if (large && nl80211_send_wowlan_tcp_caps(rdev, msg))
1107 return -ENOBUFS;
1108
1109 nla_nest_end(msg, nl_wowlan);
1110
1111 return 0;
1112}
1113#endif
1114
1115static int nl80211_send_coalesce(struct sk_buff *msg,
1116 struct cfg80211_registered_device *rdev)
1117{
1118 struct nl80211_coalesce_rule_support rule;
1119
1120 if (!rdev->wiphy.coalesce)
1121 return 0;
1122
1123 rule.max_rules = rdev->wiphy.coalesce->n_rules;
1124 rule.max_delay = rdev->wiphy.coalesce->max_delay;
1125 rule.pat.max_patterns = rdev->wiphy.coalesce->n_patterns;
1126 rule.pat.min_pattern_len = rdev->wiphy.coalesce->pattern_min_len;
1127 rule.pat.max_pattern_len = rdev->wiphy.coalesce->pattern_max_len;
1128 rule.pat.max_pkt_offset = rdev->wiphy.coalesce->max_pkt_offset;
1129
1130 if (nla_put(msg, NL80211_ATTR_COALESCE_RULE, sizeof(rule), &rule))
1131 return -ENOBUFS;
1132
1133 return 0;
1134}
1135
1136static int nl80211_send_band_rateinfo(struct sk_buff *msg,
1137 struct ieee80211_supported_band *sband)
1138{
1139 struct nlattr *nl_rates, *nl_rate;
1140 struct ieee80211_rate *rate;
1141 int i;
1142
1143
1144 if (sband->ht_cap.ht_supported &&
1145 (nla_put(msg, NL80211_BAND_ATTR_HT_MCS_SET,
1146 sizeof(sband->ht_cap.mcs),
1147 &sband->ht_cap.mcs) ||
1148 nla_put_u16(msg, NL80211_BAND_ATTR_HT_CAPA,
1149 sband->ht_cap.cap) ||
1150 nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_FACTOR,
1151 sband->ht_cap.ampdu_factor) ||
1152 nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_DENSITY,
1153 sband->ht_cap.ampdu_density)))
1154 return -ENOBUFS;
1155
1156
1157 if (sband->vht_cap.vht_supported &&
1158 (nla_put(msg, NL80211_BAND_ATTR_VHT_MCS_SET,
1159 sizeof(sband->vht_cap.vht_mcs),
1160 &sband->vht_cap.vht_mcs) ||
1161 nla_put_u32(msg, NL80211_BAND_ATTR_VHT_CAPA,
1162 sband->vht_cap.cap)))
1163 return -ENOBUFS;
1164
1165
1166 nl_rates = nla_nest_start(msg, NL80211_BAND_ATTR_RATES);
1167 if (!nl_rates)
1168 return -ENOBUFS;
1169
1170 for (i = 0; i < sband->n_bitrates; i++) {
1171 nl_rate = nla_nest_start(msg, i);
1172 if (!nl_rate)
1173 return -ENOBUFS;
1174
1175 rate = &sband->bitrates[i];
1176 if (nla_put_u32(msg, NL80211_BITRATE_ATTR_RATE,
1177 rate->bitrate))
1178 return -ENOBUFS;
1179 if ((rate->flags & IEEE80211_RATE_SHORT_PREAMBLE) &&
1180 nla_put_flag(msg,
1181 NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE))
1182 return -ENOBUFS;
1183
1184 nla_nest_end(msg, nl_rate);
1185 }
1186
1187 nla_nest_end(msg, nl_rates);
1188
1189 return 0;
1190}
1191
1192static int
1193nl80211_send_mgmt_stypes(struct sk_buff *msg,
1194 const struct ieee80211_txrx_stypes *mgmt_stypes)
1195{
1196 u16 stypes;
1197 struct nlattr *nl_ftypes, *nl_ifs;
1198 enum nl80211_iftype ift;
1199 int i;
1200
1201 if (!mgmt_stypes)
1202 return 0;
1203
1204 nl_ifs = nla_nest_start(msg, NL80211_ATTR_TX_FRAME_TYPES);
1205 if (!nl_ifs)
1206 return -ENOBUFS;
1207
1208 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
1209 nl_ftypes = nla_nest_start(msg, ift);
1210 if (!nl_ftypes)
1211 return -ENOBUFS;
1212 i = 0;
1213 stypes = mgmt_stypes[ift].tx;
1214 while (stypes) {
1215 if ((stypes & 1) &&
1216 nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
1217 (i << 4) | IEEE80211_FTYPE_MGMT))
1218 return -ENOBUFS;
1219 stypes >>= 1;
1220 i++;
1221 }
1222 nla_nest_end(msg, nl_ftypes);
1223 }
1224
1225 nla_nest_end(msg, nl_ifs);
1226
1227 nl_ifs = nla_nest_start(msg, NL80211_ATTR_RX_FRAME_TYPES);
1228 if (!nl_ifs)
1229 return -ENOBUFS;
1230
1231 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
1232 nl_ftypes = nla_nest_start(msg, ift);
1233 if (!nl_ftypes)
1234 return -ENOBUFS;
1235 i = 0;
1236 stypes = mgmt_stypes[ift].rx;
1237 while (stypes) {
1238 if ((stypes & 1) &&
1239 nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
1240 (i << 4) | IEEE80211_FTYPE_MGMT))
1241 return -ENOBUFS;
1242 stypes >>= 1;
1243 i++;
1244 }
1245 nla_nest_end(msg, nl_ftypes);
1246 }
1247 nla_nest_end(msg, nl_ifs);
1248
1249 return 0;
1250}
1251
1252struct nl80211_dump_wiphy_state {
1253 s64 filter_wiphy;
1254 long start;
1255 long split_start, band_start, chan_start;
1256 bool split;
1257};
1258
1259static int nl80211_send_wiphy(struct cfg80211_registered_device *rdev,
1260 enum nl80211_commands cmd,
1261 struct sk_buff *msg, u32 portid, u32 seq,
1262 int flags, struct nl80211_dump_wiphy_state *state)
1263{
1264 void *hdr;
1265 struct nlattr *nl_bands, *nl_band;
1266 struct nlattr *nl_freqs, *nl_freq;
1267 struct nlattr *nl_cmds;
1268 enum ieee80211_band band;
1269 struct ieee80211_channel *chan;
1270 int i;
1271 const struct ieee80211_txrx_stypes *mgmt_stypes =
1272 rdev->wiphy.mgmt_stypes;
1273 u32 features;
1274
1275 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
1276 if (!hdr)
1277 return -ENOBUFS;
1278
1279 if (WARN_ON(!state))
1280 return -EINVAL;
1281
1282 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
1283 nla_put_string(msg, NL80211_ATTR_WIPHY_NAME,
1284 wiphy_name(&rdev->wiphy)) ||
1285 nla_put_u32(msg, NL80211_ATTR_GENERATION,
1286 cfg80211_rdev_list_generation))
1287 goto nla_put_failure;
1288
1289 if (cmd != NL80211_CMD_NEW_WIPHY)
1290 goto finish;
1291
1292 switch (state->split_start) {
1293 case 0:
1294 if (nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_SHORT,
1295 rdev->wiphy.retry_short) ||
1296 nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_LONG,
1297 rdev->wiphy.retry_long) ||
1298 nla_put_u32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD,
1299 rdev->wiphy.frag_threshold) ||
1300 nla_put_u32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD,
1301 rdev->wiphy.rts_threshold) ||
1302 nla_put_u8(msg, NL80211_ATTR_WIPHY_COVERAGE_CLASS,
1303 rdev->wiphy.coverage_class) ||
1304 nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCAN_SSIDS,
1305 rdev->wiphy.max_scan_ssids) ||
1306 nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS,
1307 rdev->wiphy.max_sched_scan_ssids) ||
1308 nla_put_u16(msg, NL80211_ATTR_MAX_SCAN_IE_LEN,
1309 rdev->wiphy.max_scan_ie_len) ||
1310 nla_put_u16(msg, NL80211_ATTR_MAX_SCHED_SCAN_IE_LEN,
1311 rdev->wiphy.max_sched_scan_ie_len) ||
1312 nla_put_u8(msg, NL80211_ATTR_MAX_MATCH_SETS,
1313 rdev->wiphy.max_match_sets) ||
1314 nla_put_u32(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_PLANS,
1315 rdev->wiphy.max_sched_scan_plans) ||
1316 nla_put_u32(msg, NL80211_ATTR_MAX_SCAN_PLAN_INTERVAL,
1317 rdev->wiphy.max_sched_scan_plan_interval) ||
1318 nla_put_u32(msg, NL80211_ATTR_MAX_SCAN_PLAN_ITERATIONS,
1319 rdev->wiphy.max_sched_scan_plan_iterations))
1320 goto nla_put_failure;
1321
1322 if ((rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN) &&
1323 nla_put_flag(msg, NL80211_ATTR_SUPPORT_IBSS_RSN))
1324 goto nla_put_failure;
1325 if ((rdev->wiphy.flags & WIPHY_FLAG_MESH_AUTH) &&
1326 nla_put_flag(msg, NL80211_ATTR_SUPPORT_MESH_AUTH))
1327 goto nla_put_failure;
1328 if ((rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) &&
1329 nla_put_flag(msg, NL80211_ATTR_SUPPORT_AP_UAPSD))
1330 goto nla_put_failure;
1331 if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_FW_ROAM) &&
1332 nla_put_flag(msg, NL80211_ATTR_ROAM_SUPPORT))
1333 goto nla_put_failure;
1334 if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) &&
1335 nla_put_flag(msg, NL80211_ATTR_TDLS_SUPPORT))
1336 goto nla_put_failure;
1337 if ((rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP) &&
1338 nla_put_flag(msg, NL80211_ATTR_TDLS_EXTERNAL_SETUP))
1339 goto nla_put_failure;
1340 state->split_start++;
1341 if (state->split)
1342 break;
1343 case 1:
1344 if (nla_put(msg, NL80211_ATTR_CIPHER_SUITES,
1345 sizeof(u32) * rdev->wiphy.n_cipher_suites,
1346 rdev->wiphy.cipher_suites))
1347 goto nla_put_failure;
1348
1349 if (nla_put_u8(msg, NL80211_ATTR_MAX_NUM_PMKIDS,
1350 rdev->wiphy.max_num_pmkids))
1351 goto nla_put_failure;
1352
1353 if ((rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
1354 nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE))
1355 goto nla_put_failure;
1356
1357 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_TX,
1358 rdev->wiphy.available_antennas_tx) ||
1359 nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_RX,
1360 rdev->wiphy.available_antennas_rx))
1361 goto nla_put_failure;
1362
1363 if ((rdev->wiphy.flags & WIPHY_FLAG_AP_PROBE_RESP_OFFLOAD) &&
1364 nla_put_u32(msg, NL80211_ATTR_PROBE_RESP_OFFLOAD,
1365 rdev->wiphy.probe_resp_offload))
1366 goto nla_put_failure;
1367
1368 if ((rdev->wiphy.available_antennas_tx ||
1369 rdev->wiphy.available_antennas_rx) &&
1370 rdev->ops->get_antenna) {
1371 u32 tx_ant = 0, rx_ant = 0;
1372 int res;
1373 res = rdev_get_antenna(rdev, &tx_ant, &rx_ant);
1374 if (!res) {
1375 if (nla_put_u32(msg,
1376 NL80211_ATTR_WIPHY_ANTENNA_TX,
1377 tx_ant) ||
1378 nla_put_u32(msg,
1379 NL80211_ATTR_WIPHY_ANTENNA_RX,
1380 rx_ant))
1381 goto nla_put_failure;
1382 }
1383 }
1384
1385 state->split_start++;
1386 if (state->split)
1387 break;
1388 case 2:
1389 if (nl80211_put_iftypes(msg, NL80211_ATTR_SUPPORTED_IFTYPES,
1390 rdev->wiphy.interface_modes))
1391 goto nla_put_failure;
1392 state->split_start++;
1393 if (state->split)
1394 break;
1395 case 3:
1396 nl_bands = nla_nest_start(msg, NL80211_ATTR_WIPHY_BANDS);
1397 if (!nl_bands)
1398 goto nla_put_failure;
1399
1400 for (band = state->band_start;
1401 band < IEEE80211_NUM_BANDS; band++) {
1402 struct ieee80211_supported_band *sband;
1403
1404 sband = rdev->wiphy.bands[band];
1405
1406 if (!sband)
1407 continue;
1408
1409 nl_band = nla_nest_start(msg, band);
1410 if (!nl_band)
1411 goto nla_put_failure;
1412
1413 switch (state->chan_start) {
1414 case 0:
1415 if (nl80211_send_band_rateinfo(msg, sband))
1416 goto nla_put_failure;
1417 state->chan_start++;
1418 if (state->split)
1419 break;
1420 default:
1421
1422 nl_freqs = nla_nest_start(
1423 msg, NL80211_BAND_ATTR_FREQS);
1424 if (!nl_freqs)
1425 goto nla_put_failure;
1426
1427 for (i = state->chan_start - 1;
1428 i < sband->n_channels;
1429 i++) {
1430 nl_freq = nla_nest_start(msg, i);
1431 if (!nl_freq)
1432 goto nla_put_failure;
1433
1434 chan = &sband->channels[i];
1435
1436 if (nl80211_msg_put_channel(
1437 msg, chan,
1438 state->split))
1439 goto nla_put_failure;
1440
1441 nla_nest_end(msg, nl_freq);
1442 if (state->split)
1443 break;
1444 }
1445 if (i < sband->n_channels)
1446 state->chan_start = i + 2;
1447 else
1448 state->chan_start = 0;
1449 nla_nest_end(msg, nl_freqs);
1450 }
1451
1452 nla_nest_end(msg, nl_band);
1453
1454 if (state->split) {
1455
1456 if (state->chan_start)
1457 band--;
1458 break;
1459 }
1460 }
1461 nla_nest_end(msg, nl_bands);
1462
1463 if (band < IEEE80211_NUM_BANDS)
1464 state->band_start = band + 1;
1465 else
1466 state->band_start = 0;
1467
1468
1469 if (state->band_start == 0 && state->chan_start == 0)
1470 state->split_start++;
1471 if (state->split)
1472 break;
1473 case 4:
1474 nl_cmds = nla_nest_start(msg, NL80211_ATTR_SUPPORTED_COMMANDS);
1475 if (!nl_cmds)
1476 goto nla_put_failure;
1477
1478 i = 0;
1479#define CMD(op, n) \
1480 do { \
1481 if (rdev->ops->op) { \
1482 i++; \
1483 if (nla_put_u32(msg, i, NL80211_CMD_ ## n)) \
1484 goto nla_put_failure; \
1485 } \
1486 } while (0)
1487
1488 CMD(add_virtual_intf, NEW_INTERFACE);
1489 CMD(change_virtual_intf, SET_INTERFACE);
1490 CMD(add_key, NEW_KEY);
1491 CMD(start_ap, START_AP);
1492 CMD(add_station, NEW_STATION);
1493 CMD(add_mpath, NEW_MPATH);
1494 CMD(update_mesh_config, SET_MESH_CONFIG);
1495 CMD(change_bss, SET_BSS);
1496 CMD(auth, AUTHENTICATE);
1497 CMD(assoc, ASSOCIATE);
1498 CMD(deauth, DEAUTHENTICATE);
1499 CMD(disassoc, DISASSOCIATE);
1500 CMD(join_ibss, JOIN_IBSS);
1501 CMD(join_mesh, JOIN_MESH);
1502 CMD(set_pmksa, SET_PMKSA);
1503 CMD(del_pmksa, DEL_PMKSA);
1504 CMD(flush_pmksa, FLUSH_PMKSA);
1505 if (rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL)
1506 CMD(remain_on_channel, REMAIN_ON_CHANNEL);
1507 CMD(set_bitrate_mask, SET_TX_BITRATE_MASK);
1508 CMD(mgmt_tx, FRAME);
1509 CMD(mgmt_tx_cancel_wait, FRAME_WAIT_CANCEL);
1510 if (rdev->wiphy.flags & WIPHY_FLAG_NETNS_OK) {
1511 i++;
1512 if (nla_put_u32(msg, i, NL80211_CMD_SET_WIPHY_NETNS))
1513 goto nla_put_failure;
1514 }
1515 if (rdev->ops->set_monitor_channel || rdev->ops->start_ap ||
1516 rdev->ops->join_mesh) {
1517 i++;
1518 if (nla_put_u32(msg, i, NL80211_CMD_SET_CHANNEL))
1519 goto nla_put_failure;
1520 }
1521 CMD(set_wds_peer, SET_WDS_PEER);
1522 if (rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) {
1523 CMD(tdls_mgmt, TDLS_MGMT);
1524 CMD(tdls_oper, TDLS_OPER);
1525 }
1526 if (rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN)
1527 CMD(sched_scan_start, START_SCHED_SCAN);
1528 CMD(probe_client, PROBE_CLIENT);
1529 CMD(set_noack_map, SET_NOACK_MAP);
1530 if (rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS) {
1531 i++;
1532 if (nla_put_u32(msg, i, NL80211_CMD_REGISTER_BEACONS))
1533 goto nla_put_failure;
1534 }
1535 CMD(start_p2p_device, START_P2P_DEVICE);
1536 CMD(set_mcast_rate, SET_MCAST_RATE);
1537#ifdef CONFIG_NL80211_TESTMODE
1538 CMD(testmode_cmd, TESTMODE);
1539#endif
1540 if (state->split) {
1541 CMD(crit_proto_start, CRIT_PROTOCOL_START);
1542 CMD(crit_proto_stop, CRIT_PROTOCOL_STOP);
1543 if (rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH)
1544 CMD(channel_switch, CHANNEL_SWITCH);
1545 CMD(set_qos_map, SET_QOS_MAP);
1546 if (rdev->wiphy.features &
1547 NL80211_FEATURE_SUPPORTS_WMM_ADMISSION)
1548 CMD(add_tx_ts, ADD_TX_TS);
1549 }
1550
1551#undef CMD
1552
1553 if (rdev->ops->connect || rdev->ops->auth) {
1554 i++;
1555 if (nla_put_u32(msg, i, NL80211_CMD_CONNECT))
1556 goto nla_put_failure;
1557 }
1558
1559 if (rdev->ops->disconnect || rdev->ops->deauth) {
1560 i++;
1561 if (nla_put_u32(msg, i, NL80211_CMD_DISCONNECT))
1562 goto nla_put_failure;
1563 }
1564
1565 nla_nest_end(msg, nl_cmds);
1566 state->split_start++;
1567 if (state->split)
1568 break;
1569 case 5:
1570 if (rdev->ops->remain_on_channel &&
1571 (rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL) &&
1572 nla_put_u32(msg,
1573 NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION,
1574 rdev->wiphy.max_remain_on_channel_duration))
1575 goto nla_put_failure;
1576
1577 if ((rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX) &&
1578 nla_put_flag(msg, NL80211_ATTR_OFFCHANNEL_TX_OK))
1579 goto nla_put_failure;
1580
1581 if (nl80211_send_mgmt_stypes(msg, mgmt_stypes))
1582 goto nla_put_failure;
1583 state->split_start++;
1584 if (state->split)
1585 break;
1586 case 6:
1587#ifdef CONFIG_PM
1588 if (nl80211_send_wowlan(msg, rdev, state->split))
1589 goto nla_put_failure;
1590 state->split_start++;
1591 if (state->split)
1592 break;
1593#else
1594 state->split_start++;
1595#endif
1596 case 7:
1597 if (nl80211_put_iftypes(msg, NL80211_ATTR_SOFTWARE_IFTYPES,
1598 rdev->wiphy.software_iftypes))
1599 goto nla_put_failure;
1600
1601 if (nl80211_put_iface_combinations(&rdev->wiphy, msg,
1602 state->split))
1603 goto nla_put_failure;
1604
1605 state->split_start++;
1606 if (state->split)
1607 break;
1608 case 8:
1609 if ((rdev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME) &&
1610 nla_put_u32(msg, NL80211_ATTR_DEVICE_AP_SME,
1611 rdev->wiphy.ap_sme_capa))
1612 goto nla_put_failure;
1613
1614 features = rdev->wiphy.features;
1615
1616
1617
1618
1619
1620 if (state->split)
1621 features |= NL80211_FEATURE_ADVERTISE_CHAN_LIMITS;
1622 if (nla_put_u32(msg, NL80211_ATTR_FEATURE_FLAGS, features))
1623 goto nla_put_failure;
1624
1625 if (rdev->wiphy.ht_capa_mod_mask &&
1626 nla_put(msg, NL80211_ATTR_HT_CAPABILITY_MASK,
1627 sizeof(*rdev->wiphy.ht_capa_mod_mask),
1628 rdev->wiphy.ht_capa_mod_mask))
1629 goto nla_put_failure;
1630
1631 if (rdev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME &&
1632 rdev->wiphy.max_acl_mac_addrs &&
1633 nla_put_u32(msg, NL80211_ATTR_MAC_ACL_MAX,
1634 rdev->wiphy.max_acl_mac_addrs))
1635 goto nla_put_failure;
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647 state->split_start++;
1648 break;
1649 case 9:
1650 if (rdev->wiphy.extended_capabilities &&
1651 (nla_put(msg, NL80211_ATTR_EXT_CAPA,
1652 rdev->wiphy.extended_capabilities_len,
1653 rdev->wiphy.extended_capabilities) ||
1654 nla_put(msg, NL80211_ATTR_EXT_CAPA_MASK,
1655 rdev->wiphy.extended_capabilities_len,
1656 rdev->wiphy.extended_capabilities_mask)))
1657 goto nla_put_failure;
1658
1659 if (rdev->wiphy.vht_capa_mod_mask &&
1660 nla_put(msg, NL80211_ATTR_VHT_CAPABILITY_MASK,
1661 sizeof(*rdev->wiphy.vht_capa_mod_mask),
1662 rdev->wiphy.vht_capa_mod_mask))
1663 goto nla_put_failure;
1664
1665 state->split_start++;
1666 break;
1667 case 10:
1668 if (nl80211_send_coalesce(msg, rdev))
1669 goto nla_put_failure;
1670
1671 if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ) &&
1672 (nla_put_flag(msg, NL80211_ATTR_SUPPORT_5_MHZ) ||
1673 nla_put_flag(msg, NL80211_ATTR_SUPPORT_10_MHZ)))
1674 goto nla_put_failure;
1675
1676 if (rdev->wiphy.max_ap_assoc_sta &&
1677 nla_put_u32(msg, NL80211_ATTR_MAX_AP_ASSOC_STA,
1678 rdev->wiphy.max_ap_assoc_sta))
1679 goto nla_put_failure;
1680
1681 state->split_start++;
1682 break;
1683 case 11:
1684 if (rdev->wiphy.n_vendor_commands) {
1685 const struct nl80211_vendor_cmd_info *info;
1686 struct nlattr *nested;
1687
1688 nested = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA);
1689 if (!nested)
1690 goto nla_put_failure;
1691
1692 for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) {
1693 info = &rdev->wiphy.vendor_commands[i].info;
1694 if (nla_put(msg, i + 1, sizeof(*info), info))
1695 goto nla_put_failure;
1696 }
1697 nla_nest_end(msg, nested);
1698 }
1699
1700 if (rdev->wiphy.n_vendor_events) {
1701 const struct nl80211_vendor_cmd_info *info;
1702 struct nlattr *nested;
1703
1704 nested = nla_nest_start(msg,
1705 NL80211_ATTR_VENDOR_EVENTS);
1706 if (!nested)
1707 goto nla_put_failure;
1708
1709 for (i = 0; i < rdev->wiphy.n_vendor_events; i++) {
1710 info = &rdev->wiphy.vendor_events[i];
1711 if (nla_put(msg, i + 1, sizeof(*info), info))
1712 goto nla_put_failure;
1713 }
1714 nla_nest_end(msg, nested);
1715 }
1716 state->split_start++;
1717 break;
1718 case 12:
1719 if (rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH &&
1720 nla_put_u8(msg, NL80211_ATTR_MAX_CSA_COUNTERS,
1721 rdev->wiphy.max_num_csa_counters))
1722 goto nla_put_failure;
1723
1724 if (rdev->wiphy.regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
1725 nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
1726 goto nla_put_failure;
1727
1728 if (nla_put(msg, NL80211_ATTR_EXT_FEATURES,
1729 sizeof(rdev->wiphy.ext_features),
1730 rdev->wiphy.ext_features))
1731 goto nla_put_failure;
1732
1733
1734 state->split_start = 0;
1735 break;
1736 }
1737 finish:
1738 genlmsg_end(msg, hdr);
1739 return 0;
1740
1741 nla_put_failure:
1742 genlmsg_cancel(msg, hdr);
1743 return -EMSGSIZE;
1744}
1745
1746static int nl80211_dump_wiphy_parse(struct sk_buff *skb,
1747 struct netlink_callback *cb,
1748 struct nl80211_dump_wiphy_state *state)
1749{
1750 struct nlattr **tb = nl80211_fam.attrbuf;
1751 int ret = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
1752 tb, nl80211_fam.maxattr, nl80211_policy);
1753
1754 if (ret)
1755 return 0;
1756
1757 state->split = tb[NL80211_ATTR_SPLIT_WIPHY_DUMP];
1758 if (tb[NL80211_ATTR_WIPHY])
1759 state->filter_wiphy = nla_get_u32(tb[NL80211_ATTR_WIPHY]);
1760 if (tb[NL80211_ATTR_WDEV])
1761 state->filter_wiphy = nla_get_u64(tb[NL80211_ATTR_WDEV]) >> 32;
1762 if (tb[NL80211_ATTR_IFINDEX]) {
1763 struct net_device *netdev;
1764 struct cfg80211_registered_device *rdev;
1765 int ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]);
1766
1767 netdev = __dev_get_by_index(sock_net(skb->sk), ifidx);
1768 if (!netdev)
1769 return -ENODEV;
1770 if (netdev->ieee80211_ptr) {
1771 rdev = wiphy_to_rdev(
1772 netdev->ieee80211_ptr->wiphy);
1773 state->filter_wiphy = rdev->wiphy_idx;
1774 }
1775 }
1776
1777 return 0;
1778}
1779
1780static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb)
1781{
1782 int idx = 0, ret;
1783 struct nl80211_dump_wiphy_state *state = (void *)cb->args[0];
1784 struct cfg80211_registered_device *rdev;
1785
1786 rtnl_lock();
1787 if (!state) {
1788 state = kzalloc(sizeof(*state), GFP_KERNEL);
1789 if (!state) {
1790 rtnl_unlock();
1791 return -ENOMEM;
1792 }
1793 state->filter_wiphy = -1;
1794 ret = nl80211_dump_wiphy_parse(skb, cb, state);
1795 if (ret) {
1796 kfree(state);
1797 rtnl_unlock();
1798 return ret;
1799 }
1800 cb->args[0] = (long)state;
1801 }
1802
1803 list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
1804 if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
1805 continue;
1806 if (++idx <= state->start)
1807 continue;
1808 if (state->filter_wiphy != -1 &&
1809 state->filter_wiphy != rdev->wiphy_idx)
1810 continue;
1811
1812 do {
1813 ret = nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY,
1814 skb,
1815 NETLINK_CB(cb->skb).portid,
1816 cb->nlh->nlmsg_seq,
1817 NLM_F_MULTI, state);
1818 if (ret < 0) {
1819
1820
1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832 if ((ret == -ENOBUFS || ret == -EMSGSIZE) &&
1833 !skb->len && !state->split &&
1834 cb->min_dump_alloc < 4096) {
1835 cb->min_dump_alloc = 4096;
1836 state->split_start = 0;
1837 rtnl_unlock();
1838 return 1;
1839 }
1840 idx--;
1841 break;
1842 }
1843 } while (state->split_start > 0);
1844 break;
1845 }
1846 rtnl_unlock();
1847
1848 state->start = idx;
1849
1850 return skb->len;
1851}
1852
1853static int nl80211_dump_wiphy_done(struct netlink_callback *cb)
1854{
1855 kfree((void *)cb->args[0]);
1856 return 0;
1857}
1858
1859static int nl80211_get_wiphy(struct sk_buff *skb, struct genl_info *info)
1860{
1861 struct sk_buff *msg;
1862 struct cfg80211_registered_device *rdev = info->user_ptr[0];
1863 struct nl80211_dump_wiphy_state state = {};
1864
1865 msg = nlmsg_new(4096, GFP_KERNEL);
1866 if (!msg)
1867 return -ENOMEM;
1868
1869 if (nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY, msg,
1870 info->snd_portid, info->snd_seq, 0,
1871 &state) < 0) {
1872 nlmsg_free(msg);
1873 return -ENOBUFS;
1874 }
1875
1876 return genlmsg_reply(msg, info);
1877}
1878
1879static const struct nla_policy txq_params_policy[NL80211_TXQ_ATTR_MAX + 1] = {
1880 [NL80211_TXQ_ATTR_QUEUE] = { .type = NLA_U8 },
1881 [NL80211_TXQ_ATTR_TXOP] = { .type = NLA_U16 },
1882 [NL80211_TXQ_ATTR_CWMIN] = { .type = NLA_U16 },
1883 [NL80211_TXQ_ATTR_CWMAX] = { .type = NLA_U16 },
1884 [NL80211_TXQ_ATTR_AIFS] = { .type = NLA_U8 },
1885};
1886
1887static int parse_txq_params(struct nlattr *tb[],
1888 struct ieee80211_txq_params *txq_params)
1889{
1890 if (!tb[NL80211_TXQ_ATTR_AC] || !tb[NL80211_TXQ_ATTR_TXOP] ||
1891 !tb[NL80211_TXQ_ATTR_CWMIN] || !tb[NL80211_TXQ_ATTR_CWMAX] ||
1892 !tb[NL80211_TXQ_ATTR_AIFS])
1893 return -EINVAL;
1894
1895 txq_params->ac = nla_get_u8(tb[NL80211_TXQ_ATTR_AC]);
1896 txq_params->txop = nla_get_u16(tb[NL80211_TXQ_ATTR_TXOP]);
1897 txq_params->cwmin = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMIN]);
1898 txq_params->cwmax = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMAX]);
1899 txq_params->aifs = nla_get_u8(tb[NL80211_TXQ_ATTR_AIFS]);
1900
1901 if (txq_params->ac >= NL80211_NUM_ACS)
1902 return -EINVAL;
1903
1904 return 0;
1905}
1906
1907static bool nl80211_can_set_dev_channel(struct wireless_dev *wdev)
1908{
1909
1910
1911
1912
1913
1914
1915
1916
1917
1918
1919
1920
1921
1922
1923
1924 return !wdev ||
1925 wdev->iftype == NL80211_IFTYPE_AP ||
1926 wdev->iftype == NL80211_IFTYPE_MESH_POINT ||
1927 wdev->iftype == NL80211_IFTYPE_MONITOR ||
1928 wdev->iftype == NL80211_IFTYPE_P2P_GO;
1929}
1930
1931static int nl80211_parse_chandef(struct cfg80211_registered_device *rdev,
1932 struct genl_info *info,
1933 struct cfg80211_chan_def *chandef)
1934{
1935 u32 control_freq;
1936
1937 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
1938 return -EINVAL;
1939
1940 control_freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]);
1941
1942 chandef->chan = ieee80211_get_channel(&rdev->wiphy, control_freq);
1943 chandef->width = NL80211_CHAN_WIDTH_20_NOHT;
1944 chandef->center_freq1 = control_freq;
1945 chandef->center_freq2 = 0;
1946
1947
1948 if (!chandef->chan || chandef->chan->flags & IEEE80211_CHAN_DISABLED)
1949 return -EINVAL;
1950
1951 if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
1952 enum nl80211_channel_type chantype;
1953
1954 chantype = nla_get_u32(
1955 info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
1956
1957 switch (chantype) {
1958 case NL80211_CHAN_NO_HT:
1959 case NL80211_CHAN_HT20:
1960 case NL80211_CHAN_HT40PLUS:
1961 case NL80211_CHAN_HT40MINUS:
1962 cfg80211_chandef_create(chandef, chandef->chan,
1963 chantype);
1964 break;
1965 default:
1966 return -EINVAL;
1967 }
1968 } else if (info->attrs[NL80211_ATTR_CHANNEL_WIDTH]) {
1969 chandef->width =
1970 nla_get_u32(info->attrs[NL80211_ATTR_CHANNEL_WIDTH]);
1971 if (info->attrs[NL80211_ATTR_CENTER_FREQ1])
1972 chandef->center_freq1 =
1973 nla_get_u32(
1974 info->attrs[NL80211_ATTR_CENTER_FREQ1]);
1975 if (info->attrs[NL80211_ATTR_CENTER_FREQ2])
1976 chandef->center_freq2 =
1977 nla_get_u32(
1978 info->attrs[NL80211_ATTR_CENTER_FREQ2]);
1979 }
1980
1981 if (!cfg80211_chandef_valid(chandef))
1982 return -EINVAL;
1983
1984 if (!cfg80211_chandef_usable(&rdev->wiphy, chandef,
1985 IEEE80211_CHAN_DISABLED))
1986 return -EINVAL;
1987
1988 if ((chandef->width == NL80211_CHAN_WIDTH_5 ||
1989 chandef->width == NL80211_CHAN_WIDTH_10) &&
1990 !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ))
1991 return -EINVAL;
1992
1993 return 0;
1994}
1995
1996static int __nl80211_set_channel(struct cfg80211_registered_device *rdev,
1997 struct net_device *dev,
1998 struct genl_info *info)
1999{
2000 struct cfg80211_chan_def chandef;
2001 int result;
2002 enum nl80211_iftype iftype = NL80211_IFTYPE_MONITOR;
2003 struct wireless_dev *wdev = NULL;
2004
2005 if (dev)
2006 wdev = dev->ieee80211_ptr;
2007 if (!nl80211_can_set_dev_channel(wdev))
2008 return -EOPNOTSUPP;
2009 if (wdev)
2010 iftype = wdev->iftype;
2011
2012 result = nl80211_parse_chandef(rdev, info, &chandef);
2013 if (result)
2014 return result;
2015
2016 switch (iftype) {
2017 case NL80211_IFTYPE_AP:
2018 case NL80211_IFTYPE_P2P_GO:
2019 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &chandef,
2020 iftype)) {
2021 result = -EINVAL;
2022 break;
2023 }
2024 if (wdev->beacon_interval) {
2025 if (!dev || !rdev->ops->set_ap_chanwidth ||
2026 !(rdev->wiphy.features &
2027 NL80211_FEATURE_AP_MODE_CHAN_WIDTH_CHANGE)) {
2028 result = -EBUSY;
2029 break;
2030 }
2031
2032
2033 if (chandef.chan != wdev->preset_chandef.chan) {
2034 result = -EBUSY;
2035 break;
2036 }
2037 result = rdev_set_ap_chanwidth(rdev, dev, &chandef);
2038 if (result)
2039 break;
2040 }
2041 wdev->preset_chandef = chandef;
2042 result = 0;
2043 break;
2044 case NL80211_IFTYPE_MESH_POINT:
2045 result = cfg80211_set_mesh_channel(rdev, wdev, &chandef);
2046 break;
2047 case NL80211_IFTYPE_MONITOR:
2048 result = cfg80211_set_monitor_channel(rdev, &chandef);
2049 break;
2050 default:
2051 result = -EINVAL;
2052 }
2053
2054 return result;
2055}
2056
2057static int nl80211_set_channel(struct sk_buff *skb, struct genl_info *info)
2058{
2059 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2060 struct net_device *netdev = info->user_ptr[1];
2061
2062 return __nl80211_set_channel(rdev, netdev, info);
2063}
2064
2065static int nl80211_set_wds_peer(struct sk_buff *skb, struct genl_info *info)
2066{
2067 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2068 struct net_device *dev = info->user_ptr[1];
2069 struct wireless_dev *wdev = dev->ieee80211_ptr;
2070 const u8 *bssid;
2071
2072 if (!info->attrs[NL80211_ATTR_MAC])
2073 return -EINVAL;
2074
2075 if (netif_running(dev))
2076 return -EBUSY;
2077
2078 if (!rdev->ops->set_wds_peer)
2079 return -EOPNOTSUPP;
2080
2081 if (wdev->iftype != NL80211_IFTYPE_WDS)
2082 return -EOPNOTSUPP;
2083
2084 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
2085 return rdev_set_wds_peer(rdev, dev, bssid);
2086}
2087
2088
2089static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info)
2090{
2091 struct cfg80211_registered_device *rdev;
2092 struct net_device *netdev = NULL;
2093 struct wireless_dev *wdev;
2094 int result = 0, rem_txq_params = 0;
2095 struct nlattr *nl_txq_params;
2096 u32 changed;
2097 u8 retry_short = 0, retry_long = 0;
2098 u32 frag_threshold = 0, rts_threshold = 0;
2099 u8 coverage_class = 0;
2100
2101 ASSERT_RTNL();
2102
2103
2104
2105
2106
2107
2108
2109
2110
2111
2112
2113 if (info->attrs[NL80211_ATTR_IFINDEX]) {
2114 int ifindex = nla_get_u32(info->attrs[NL80211_ATTR_IFINDEX]);
2115
2116 netdev = __dev_get_by_index(genl_info_net(info), ifindex);
2117 if (netdev && netdev->ieee80211_ptr)
2118 rdev = wiphy_to_rdev(netdev->ieee80211_ptr->wiphy);
2119 else
2120 netdev = NULL;
2121 }
2122
2123 if (!netdev) {
2124 rdev = __cfg80211_rdev_from_attrs(genl_info_net(info),
2125 info->attrs);
2126 if (IS_ERR(rdev))
2127 return PTR_ERR(rdev);
2128 wdev = NULL;
2129 netdev = NULL;
2130 result = 0;
2131 } else
2132 wdev = netdev->ieee80211_ptr;
2133
2134
2135
2136
2137
2138
2139 if (info->attrs[NL80211_ATTR_WIPHY_NAME])
2140 result = cfg80211_dev_rename(
2141 rdev, nla_data(info->attrs[NL80211_ATTR_WIPHY_NAME]));
2142
2143 if (result)
2144 return result;
2145
2146 if (info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS]) {
2147 struct ieee80211_txq_params txq_params;
2148 struct nlattr *tb[NL80211_TXQ_ATTR_MAX + 1];
2149
2150 if (!rdev->ops->set_txq_params)
2151 return -EOPNOTSUPP;
2152
2153 if (!netdev)
2154 return -EINVAL;
2155
2156 if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
2157 netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
2158 return -EINVAL;
2159
2160 if (!netif_running(netdev))
2161 return -ENETDOWN;
2162
2163 nla_for_each_nested(nl_txq_params,
2164 info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS],
2165 rem_txq_params) {
2166 result = nla_parse(tb, NL80211_TXQ_ATTR_MAX,
2167 nla_data(nl_txq_params),
2168 nla_len(nl_txq_params),
2169 txq_params_policy);
2170 if (result)
2171 return result;
2172 result = parse_txq_params(tb, &txq_params);
2173 if (result)
2174 return result;
2175
2176 result = rdev_set_txq_params(rdev, netdev,
2177 &txq_params);
2178 if (result)
2179 return result;
2180 }
2181 }
2182
2183 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
2184 result = __nl80211_set_channel(
2185 rdev,
2186 nl80211_can_set_dev_channel(wdev) ? netdev : NULL,
2187 info);
2188 if (result)
2189 return result;
2190 }
2191
2192 if (info->attrs[NL80211_ATTR_WIPHY_TX_POWER_SETTING]) {
2193 struct wireless_dev *txp_wdev = wdev;
2194 enum nl80211_tx_power_setting type;
2195 int idx, mbm = 0;
2196
2197 if (!(rdev->wiphy.features & NL80211_FEATURE_VIF_TXPOWER))
2198 txp_wdev = NULL;
2199
2200 if (!rdev->ops->set_tx_power)
2201 return -EOPNOTSUPP;
2202
2203 idx = NL80211_ATTR_WIPHY_TX_POWER_SETTING;
2204 type = nla_get_u32(info->attrs[idx]);
2205
2206 if (!info->attrs[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] &&
2207 (type != NL80211_TX_POWER_AUTOMATIC))
2208 return -EINVAL;
2209
2210 if (type != NL80211_TX_POWER_AUTOMATIC) {
2211 idx = NL80211_ATTR_WIPHY_TX_POWER_LEVEL;
2212 mbm = nla_get_u32(info->attrs[idx]);
2213 }
2214
2215 result = rdev_set_tx_power(rdev, txp_wdev, type, mbm);
2216 if (result)
2217 return result;
2218 }
2219
2220 if (info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX] &&
2221 info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]) {
2222 u32 tx_ant, rx_ant;
2223 if ((!rdev->wiphy.available_antennas_tx &&
2224 !rdev->wiphy.available_antennas_rx) ||
2225 !rdev->ops->set_antenna)
2226 return -EOPNOTSUPP;
2227
2228 tx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX]);
2229 rx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]);
2230
2231
2232
2233 if ((~tx_ant && (tx_ant & ~rdev->wiphy.available_antennas_tx)) ||
2234 (~rx_ant && (rx_ant & ~rdev->wiphy.available_antennas_rx)))
2235 return -EINVAL;
2236
2237 tx_ant = tx_ant & rdev->wiphy.available_antennas_tx;
2238 rx_ant = rx_ant & rdev->wiphy.available_antennas_rx;
2239
2240 result = rdev_set_antenna(rdev, tx_ant, rx_ant);
2241 if (result)
2242 return result;
2243 }
2244
2245 changed = 0;
2246
2247 if (info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]) {
2248 retry_short = nla_get_u8(
2249 info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]);
2250 if (retry_short == 0)
2251 return -EINVAL;
2252
2253 changed |= WIPHY_PARAM_RETRY_SHORT;
2254 }
2255
2256 if (info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]) {
2257 retry_long = nla_get_u8(
2258 info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]);
2259 if (retry_long == 0)
2260 return -EINVAL;
2261
2262 changed |= WIPHY_PARAM_RETRY_LONG;
2263 }
2264
2265 if (info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]) {
2266 frag_threshold = nla_get_u32(
2267 info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]);
2268 if (frag_threshold < 256)
2269 return -EINVAL;
2270
2271 if (frag_threshold != (u32) -1) {
2272
2273
2274
2275
2276
2277
2278 frag_threshold &= ~0x1;
2279 }
2280 changed |= WIPHY_PARAM_FRAG_THRESHOLD;
2281 }
2282
2283 if (info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]) {
2284 rts_threshold = nla_get_u32(
2285 info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]);
2286 changed |= WIPHY_PARAM_RTS_THRESHOLD;
2287 }
2288
2289 if (info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]) {
2290 if (info->attrs[NL80211_ATTR_WIPHY_DYN_ACK])
2291 return -EINVAL;
2292
2293 coverage_class = nla_get_u8(
2294 info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]);
2295 changed |= WIPHY_PARAM_COVERAGE_CLASS;
2296 }
2297
2298 if (info->attrs[NL80211_ATTR_WIPHY_DYN_ACK]) {
2299 if (!(rdev->wiphy.features & NL80211_FEATURE_ACKTO_ESTIMATION))
2300 return -EOPNOTSUPP;
2301
2302 changed |= WIPHY_PARAM_DYN_ACK;
2303 }
2304
2305 if (changed) {
2306 u8 old_retry_short, old_retry_long;
2307 u32 old_frag_threshold, old_rts_threshold;
2308 u8 old_coverage_class;
2309
2310 if (!rdev->ops->set_wiphy_params)
2311 return -EOPNOTSUPP;
2312
2313 old_retry_short = rdev->wiphy.retry_short;
2314 old_retry_long = rdev->wiphy.retry_long;
2315 old_frag_threshold = rdev->wiphy.frag_threshold;
2316 old_rts_threshold = rdev->wiphy.rts_threshold;
2317 old_coverage_class = rdev->wiphy.coverage_class;
2318
2319 if (changed & WIPHY_PARAM_RETRY_SHORT)
2320 rdev->wiphy.retry_short = retry_short;
2321 if (changed & WIPHY_PARAM_RETRY_LONG)
2322 rdev->wiphy.retry_long = retry_long;
2323 if (changed & WIPHY_PARAM_FRAG_THRESHOLD)
2324 rdev->wiphy.frag_threshold = frag_threshold;
2325 if (changed & WIPHY_PARAM_RTS_THRESHOLD)
2326 rdev->wiphy.rts_threshold = rts_threshold;
2327 if (changed & WIPHY_PARAM_COVERAGE_CLASS)
2328 rdev->wiphy.coverage_class = coverage_class;
2329
2330 result = rdev_set_wiphy_params(rdev, changed);
2331 if (result) {
2332 rdev->wiphy.retry_short = old_retry_short;
2333 rdev->wiphy.retry_long = old_retry_long;
2334 rdev->wiphy.frag_threshold = old_frag_threshold;
2335 rdev->wiphy.rts_threshold = old_rts_threshold;
2336 rdev->wiphy.coverage_class = old_coverage_class;
2337 return result;
2338 }
2339 }
2340 return 0;
2341}
2342
2343static inline u64 wdev_id(struct wireless_dev *wdev)
2344{
2345 return (u64)wdev->identifier |
2346 ((u64)wiphy_to_rdev(wdev->wiphy)->wiphy_idx << 32);
2347}
2348
2349static int nl80211_send_chandef(struct sk_buff *msg,
2350 const struct cfg80211_chan_def *chandef)
2351{
2352 if (WARN_ON(!cfg80211_chandef_valid(chandef)))
2353 return -EINVAL;
2354
2355 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ,
2356 chandef->chan->center_freq))
2357 return -ENOBUFS;
2358 switch (chandef->width) {
2359 case NL80211_CHAN_WIDTH_20_NOHT:
2360 case NL80211_CHAN_WIDTH_20:
2361 case NL80211_CHAN_WIDTH_40:
2362 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
2363 cfg80211_get_chandef_type(chandef)))
2364 return -ENOBUFS;
2365 break;
2366 default:
2367 break;
2368 }
2369 if (nla_put_u32(msg, NL80211_ATTR_CHANNEL_WIDTH, chandef->width))
2370 return -ENOBUFS;
2371 if (nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ1, chandef->center_freq1))
2372 return -ENOBUFS;
2373 if (chandef->center_freq2 &&
2374 nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ2, chandef->center_freq2))
2375 return -ENOBUFS;
2376 return 0;
2377}
2378
2379static int nl80211_send_iface(struct sk_buff *msg, u32 portid, u32 seq, int flags,
2380 struct cfg80211_registered_device *rdev,
2381 struct wireless_dev *wdev, bool removal)
2382{
2383 struct net_device *dev = wdev->netdev;
2384 u8 cmd = NL80211_CMD_NEW_INTERFACE;
2385 void *hdr;
2386
2387 if (removal)
2388 cmd = NL80211_CMD_DEL_INTERFACE;
2389
2390 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
2391 if (!hdr)
2392 return -1;
2393
2394 if (dev &&
2395 (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
2396 nla_put_string(msg, NL80211_ATTR_IFNAME, dev->name)))
2397 goto nla_put_failure;
2398
2399 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
2400 nla_put_u32(msg, NL80211_ATTR_IFTYPE, wdev->iftype) ||
2401 nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)) ||
2402 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, wdev_address(wdev)) ||
2403 nla_put_u32(msg, NL80211_ATTR_GENERATION,
2404 rdev->devlist_generation ^
2405 (cfg80211_rdev_list_generation << 2)))
2406 goto nla_put_failure;
2407
2408 if (rdev->ops->get_channel) {
2409 int ret;
2410 struct cfg80211_chan_def chandef;
2411
2412 ret = rdev_get_channel(rdev, wdev, &chandef);
2413 if (ret == 0) {
2414 if (nl80211_send_chandef(msg, &chandef))
2415 goto nla_put_failure;
2416 }
2417 }
2418
2419 if (rdev->ops->get_tx_power) {
2420 int dbm, ret;
2421
2422 ret = rdev_get_tx_power(rdev, wdev, &dbm);
2423 if (ret == 0 &&
2424 nla_put_u32(msg, NL80211_ATTR_WIPHY_TX_POWER_LEVEL,
2425 DBM_TO_MBM(dbm)))
2426 goto nla_put_failure;
2427 }
2428
2429 if (wdev->ssid_len) {
2430 if (nla_put(msg, NL80211_ATTR_SSID, wdev->ssid_len, wdev->ssid))
2431 goto nla_put_failure;
2432 }
2433
2434 genlmsg_end(msg, hdr);
2435 return 0;
2436
2437 nla_put_failure:
2438 genlmsg_cancel(msg, hdr);
2439 return -EMSGSIZE;
2440}
2441
2442static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *cb)
2443{
2444 int wp_idx = 0;
2445 int if_idx = 0;
2446 int wp_start = cb->args[0];
2447 int if_start = cb->args[1];
2448 struct cfg80211_registered_device *rdev;
2449 struct wireless_dev *wdev;
2450
2451 rtnl_lock();
2452 list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
2453 if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
2454 continue;
2455 if (wp_idx < wp_start) {
2456 wp_idx++;
2457 continue;
2458 }
2459 if_idx = 0;
2460
2461 list_for_each_entry(wdev, &rdev->wdev_list, list) {
2462 if (if_idx < if_start) {
2463 if_idx++;
2464 continue;
2465 }
2466 if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).portid,
2467 cb->nlh->nlmsg_seq, NLM_F_MULTI,
2468 rdev, wdev, false) < 0) {
2469 goto out;
2470 }
2471 if_idx++;
2472 }
2473
2474 wp_idx++;
2475 }
2476 out:
2477 rtnl_unlock();
2478
2479 cb->args[0] = wp_idx;
2480 cb->args[1] = if_idx;
2481
2482 return skb->len;
2483}
2484
2485static int nl80211_get_interface(struct sk_buff *skb, struct genl_info *info)
2486{
2487 struct sk_buff *msg;
2488 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2489 struct wireless_dev *wdev = info->user_ptr[1];
2490
2491 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2492 if (!msg)
2493 return -ENOMEM;
2494
2495 if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
2496 rdev, wdev, false) < 0) {
2497 nlmsg_free(msg);
2498 return -ENOBUFS;
2499 }
2500
2501 return genlmsg_reply(msg, info);
2502}
2503
2504static const struct nla_policy mntr_flags_policy[NL80211_MNTR_FLAG_MAX + 1] = {
2505 [NL80211_MNTR_FLAG_FCSFAIL] = { .type = NLA_FLAG },
2506 [NL80211_MNTR_FLAG_PLCPFAIL] = { .type = NLA_FLAG },
2507 [NL80211_MNTR_FLAG_CONTROL] = { .type = NLA_FLAG },
2508 [NL80211_MNTR_FLAG_OTHER_BSS] = { .type = NLA_FLAG },
2509 [NL80211_MNTR_FLAG_COOK_FRAMES] = { .type = NLA_FLAG },
2510 [NL80211_MNTR_FLAG_ACTIVE] = { .type = NLA_FLAG },
2511};
2512
2513static int parse_monitor_flags(struct nlattr *nla, u32 *mntrflags)
2514{
2515 struct nlattr *flags[NL80211_MNTR_FLAG_MAX + 1];
2516 int flag;
2517
2518 *mntrflags = 0;
2519
2520 if (!nla)
2521 return -EINVAL;
2522
2523 if (nla_parse_nested(flags, NL80211_MNTR_FLAG_MAX,
2524 nla, mntr_flags_policy))
2525 return -EINVAL;
2526
2527 for (flag = 1; flag <= NL80211_MNTR_FLAG_MAX; flag++)
2528 if (flags[flag])
2529 *mntrflags |= (1<<flag);
2530
2531 return 0;
2532}
2533
2534static int nl80211_valid_4addr(struct cfg80211_registered_device *rdev,
2535 struct net_device *netdev, u8 use_4addr,
2536 enum nl80211_iftype iftype)
2537{
2538 if (!use_4addr) {
2539 if (netdev && (netdev->priv_flags & IFF_BRIDGE_PORT))
2540 return -EBUSY;
2541 return 0;
2542 }
2543
2544 switch (iftype) {
2545 case NL80211_IFTYPE_AP_VLAN:
2546 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_AP)
2547 return 0;
2548 break;
2549 case NL80211_IFTYPE_STATION:
2550 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_STATION)
2551 return 0;
2552 break;
2553 default:
2554 break;
2555 }
2556
2557 return -EOPNOTSUPP;
2558}
2559
2560static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info)
2561{
2562 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2563 struct vif_params params;
2564 int err;
2565 enum nl80211_iftype otype, ntype;
2566 struct net_device *dev = info->user_ptr[1];
2567 u32 _flags, *flags = NULL;
2568 bool change = false;
2569
2570 memset(¶ms, 0, sizeof(params));
2571
2572 otype = ntype = dev->ieee80211_ptr->iftype;
2573
2574 if (info->attrs[NL80211_ATTR_IFTYPE]) {
2575 ntype = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
2576 if (otype != ntype)
2577 change = true;
2578 if (ntype > NL80211_IFTYPE_MAX)
2579 return -EINVAL;
2580 }
2581
2582 if (info->attrs[NL80211_ATTR_MESH_ID]) {
2583 struct wireless_dev *wdev = dev->ieee80211_ptr;
2584
2585 if (ntype != NL80211_IFTYPE_MESH_POINT)
2586 return -EINVAL;
2587 if (netif_running(dev))
2588 return -EBUSY;
2589
2590 wdev_lock(wdev);
2591 BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
2592 IEEE80211_MAX_MESH_ID_LEN);
2593 wdev->mesh_id_up_len =
2594 nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
2595 memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
2596 wdev->mesh_id_up_len);
2597 wdev_unlock(wdev);
2598 }
2599
2600 if (info->attrs[NL80211_ATTR_4ADDR]) {
2601 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
2602 change = true;
2603 err = nl80211_valid_4addr(rdev, dev, params.use_4addr, ntype);
2604 if (err)
2605 return err;
2606 } else {
2607 params.use_4addr = -1;
2608 }
2609
2610 if (info->attrs[NL80211_ATTR_MNTR_FLAGS]) {
2611 if (ntype != NL80211_IFTYPE_MONITOR)
2612 return -EINVAL;
2613 err = parse_monitor_flags(info->attrs[NL80211_ATTR_MNTR_FLAGS],
2614 &_flags);
2615 if (err)
2616 return err;
2617
2618 flags = &_flags;
2619 change = true;
2620 }
2621
2622 if (flags && (*flags & MONITOR_FLAG_ACTIVE) &&
2623 !(rdev->wiphy.features & NL80211_FEATURE_ACTIVE_MONITOR))
2624 return -EOPNOTSUPP;
2625
2626 if (change)
2627 err = cfg80211_change_iface(rdev, dev, ntype, flags, ¶ms);
2628 else
2629 err = 0;
2630
2631 if (!err && params.use_4addr != -1)
2632 dev->ieee80211_ptr->use_4addr = params.use_4addr;
2633
2634 return err;
2635}
2636
2637static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info)
2638{
2639 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2640 struct vif_params params;
2641 struct wireless_dev *wdev;
2642 struct sk_buff *msg, *event;
2643 int err;
2644 enum nl80211_iftype type = NL80211_IFTYPE_UNSPECIFIED;
2645 u32 flags;
2646
2647
2648 cfg80211_destroy_ifaces(rdev);
2649
2650 memset(¶ms, 0, sizeof(params));
2651
2652 if (!info->attrs[NL80211_ATTR_IFNAME])
2653 return -EINVAL;
2654
2655 if (info->attrs[NL80211_ATTR_IFTYPE]) {
2656 type = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
2657 if (type > NL80211_IFTYPE_MAX)
2658 return -EINVAL;
2659 }
2660
2661 if (!rdev->ops->add_virtual_intf ||
2662 !(rdev->wiphy.interface_modes & (1 << type)))
2663 return -EOPNOTSUPP;
2664
2665 if ((type == NL80211_IFTYPE_P2P_DEVICE ||
2666 rdev->wiphy.features & NL80211_FEATURE_MAC_ON_CREATE) &&
2667 info->attrs[NL80211_ATTR_MAC]) {
2668 nla_memcpy(params.macaddr, info->attrs[NL80211_ATTR_MAC],
2669 ETH_ALEN);
2670 if (!is_valid_ether_addr(params.macaddr))
2671 return -EADDRNOTAVAIL;
2672 }
2673
2674 if (info->attrs[NL80211_ATTR_4ADDR]) {
2675 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
2676 err = nl80211_valid_4addr(rdev, NULL, params.use_4addr, type);
2677 if (err)
2678 return err;
2679 }
2680
2681 err = parse_monitor_flags(type == NL80211_IFTYPE_MONITOR ?
2682 info->attrs[NL80211_ATTR_MNTR_FLAGS] : NULL,
2683 &flags);
2684
2685 if (!err && (flags & MONITOR_FLAG_ACTIVE) &&
2686 !(rdev->wiphy.features & NL80211_FEATURE_ACTIVE_MONITOR))
2687 return -EOPNOTSUPP;
2688
2689 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2690 if (!msg)
2691 return -ENOMEM;
2692
2693 wdev = rdev_add_virtual_intf(rdev,
2694 nla_data(info->attrs[NL80211_ATTR_IFNAME]),
2695 NET_NAME_USER, type, err ? NULL : &flags,
2696 ¶ms);
2697 if (WARN_ON(!wdev)) {
2698 nlmsg_free(msg);
2699 return -EPROTO;
2700 } else if (IS_ERR(wdev)) {
2701 nlmsg_free(msg);
2702 return PTR_ERR(wdev);
2703 }
2704
2705 if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
2706 wdev->owner_nlportid = info->snd_portid;
2707
2708 switch (type) {
2709 case NL80211_IFTYPE_MESH_POINT:
2710 if (!info->attrs[NL80211_ATTR_MESH_ID])
2711 break;
2712 wdev_lock(wdev);
2713 BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
2714 IEEE80211_MAX_MESH_ID_LEN);
2715 wdev->mesh_id_up_len =
2716 nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
2717 memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
2718 wdev->mesh_id_up_len);
2719 wdev_unlock(wdev);
2720 break;
2721 case NL80211_IFTYPE_P2P_DEVICE:
2722
2723
2724
2725
2726 mutex_init(&wdev->mtx);
2727 INIT_LIST_HEAD(&wdev->event_list);
2728 spin_lock_init(&wdev->event_lock);
2729 INIT_LIST_HEAD(&wdev->mgmt_registrations);
2730 spin_lock_init(&wdev->mgmt_registrations_lock);
2731
2732 wdev->identifier = ++rdev->wdev_id;
2733 list_add_rcu(&wdev->list, &rdev->wdev_list);
2734 rdev->devlist_generation++;
2735 break;
2736 default:
2737 break;
2738 }
2739
2740 if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
2741 rdev, wdev, false) < 0) {
2742 nlmsg_free(msg);
2743 return -ENOBUFS;
2744 }
2745
2746 event = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2747 if (event) {
2748 if (nl80211_send_iface(event, 0, 0, 0,
2749 rdev, wdev, false) < 0) {
2750 nlmsg_free(event);
2751 goto out;
2752 }
2753
2754 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
2755 event, 0, NL80211_MCGRP_CONFIG,
2756 GFP_KERNEL);
2757 }
2758
2759out:
2760 return genlmsg_reply(msg, info);
2761}
2762
2763static int nl80211_del_interface(struct sk_buff *skb, struct genl_info *info)
2764{
2765 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2766 struct wireless_dev *wdev = info->user_ptr[1];
2767 struct sk_buff *msg;
2768 int status;
2769
2770 if (!rdev->ops->del_virtual_intf)
2771 return -EOPNOTSUPP;
2772
2773 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2774 if (msg && nl80211_send_iface(msg, 0, 0, 0, rdev, wdev, true) < 0) {
2775 nlmsg_free(msg);
2776 msg = NULL;
2777 }
2778
2779
2780
2781
2782
2783
2784
2785
2786 if (!wdev->netdev)
2787 info->user_ptr[1] = NULL;
2788
2789 status = rdev_del_virtual_intf(rdev, wdev);
2790 if (status >= 0 && msg)
2791 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
2792 msg, 0, NL80211_MCGRP_CONFIG,
2793 GFP_KERNEL);
2794 else
2795 nlmsg_free(msg);
2796
2797 return status;
2798}
2799
2800static int nl80211_set_noack_map(struct sk_buff *skb, struct genl_info *info)
2801{
2802 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2803 struct net_device *dev = info->user_ptr[1];
2804 u16 noack_map;
2805
2806 if (!info->attrs[NL80211_ATTR_NOACK_MAP])
2807 return -EINVAL;
2808
2809 if (!rdev->ops->set_noack_map)
2810 return -EOPNOTSUPP;
2811
2812 noack_map = nla_get_u16(info->attrs[NL80211_ATTR_NOACK_MAP]);
2813
2814 return rdev_set_noack_map(rdev, dev, noack_map);
2815}
2816
2817struct get_key_cookie {
2818 struct sk_buff *msg;
2819 int error;
2820 int idx;
2821};
2822
2823static void get_key_callback(void *c, struct key_params *params)
2824{
2825 struct nlattr *key;
2826 struct get_key_cookie *cookie = c;
2827
2828 if ((params->key &&
2829 nla_put(cookie->msg, NL80211_ATTR_KEY_DATA,
2830 params->key_len, params->key)) ||
2831 (params->seq &&
2832 nla_put(cookie->msg, NL80211_ATTR_KEY_SEQ,
2833 params->seq_len, params->seq)) ||
2834 (params->cipher &&
2835 nla_put_u32(cookie->msg, NL80211_ATTR_KEY_CIPHER,
2836 params->cipher)))
2837 goto nla_put_failure;
2838
2839 key = nla_nest_start(cookie->msg, NL80211_ATTR_KEY);
2840 if (!key)
2841 goto nla_put_failure;
2842
2843 if ((params->key &&
2844 nla_put(cookie->msg, NL80211_KEY_DATA,
2845 params->key_len, params->key)) ||
2846 (params->seq &&
2847 nla_put(cookie->msg, NL80211_KEY_SEQ,
2848 params->seq_len, params->seq)) ||
2849 (params->cipher &&
2850 nla_put_u32(cookie->msg, NL80211_KEY_CIPHER,
2851 params->cipher)))
2852 goto nla_put_failure;
2853
2854 if (nla_put_u8(cookie->msg, NL80211_ATTR_KEY_IDX, cookie->idx))
2855 goto nla_put_failure;
2856
2857 nla_nest_end(cookie->msg, key);
2858
2859 return;
2860 nla_put_failure:
2861 cookie->error = 1;
2862}
2863
2864static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info)
2865{
2866 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2867 int err;
2868 struct net_device *dev = info->user_ptr[1];
2869 u8 key_idx = 0;
2870 const u8 *mac_addr = NULL;
2871 bool pairwise;
2872 struct get_key_cookie cookie = {
2873 .error = 0,
2874 };
2875 void *hdr;
2876 struct sk_buff *msg;
2877
2878 if (info->attrs[NL80211_ATTR_KEY_IDX])
2879 key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
2880
2881 if (key_idx > 5)
2882 return -EINVAL;
2883
2884 if (info->attrs[NL80211_ATTR_MAC])
2885 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2886
2887 pairwise = !!mac_addr;
2888 if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
2889 u32 kt = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
2890 if (kt >= NUM_NL80211_KEYTYPES)
2891 return -EINVAL;
2892 if (kt != NL80211_KEYTYPE_GROUP &&
2893 kt != NL80211_KEYTYPE_PAIRWISE)
2894 return -EINVAL;
2895 pairwise = kt == NL80211_KEYTYPE_PAIRWISE;
2896 }
2897
2898 if (!rdev->ops->get_key)
2899 return -EOPNOTSUPP;
2900
2901 if (!pairwise && mac_addr && !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
2902 return -ENOENT;
2903
2904 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2905 if (!msg)
2906 return -ENOMEM;
2907
2908 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
2909 NL80211_CMD_NEW_KEY);
2910 if (!hdr)
2911 goto nla_put_failure;
2912
2913 cookie.msg = msg;
2914 cookie.idx = key_idx;
2915
2916 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
2917 nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_idx))
2918 goto nla_put_failure;
2919 if (mac_addr &&
2920 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr))
2921 goto nla_put_failure;
2922
2923 err = rdev_get_key(rdev, dev, key_idx, pairwise, mac_addr, &cookie,
2924 get_key_callback);
2925
2926 if (err)
2927 goto free_msg;
2928
2929 if (cookie.error)
2930 goto nla_put_failure;
2931
2932 genlmsg_end(msg, hdr);
2933 return genlmsg_reply(msg, info);
2934
2935 nla_put_failure:
2936 err = -ENOBUFS;
2937 free_msg:
2938 nlmsg_free(msg);
2939 return err;
2940}
2941
2942static int nl80211_set_key(struct sk_buff *skb, struct genl_info *info)
2943{
2944 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2945 struct key_parse key;
2946 int err;
2947 struct net_device *dev = info->user_ptr[1];
2948
2949 err = nl80211_parse_key(info, &key);
2950 if (err)
2951 return err;
2952
2953 if (key.idx < 0)
2954 return -EINVAL;
2955
2956
2957 if (!key.def && !key.defmgmt)
2958 return -EINVAL;
2959
2960 wdev_lock(dev->ieee80211_ptr);
2961
2962 if (key.def) {
2963 if (!rdev->ops->set_default_key) {
2964 err = -EOPNOTSUPP;
2965 goto out;
2966 }
2967
2968 err = nl80211_key_allowed(dev->ieee80211_ptr);
2969 if (err)
2970 goto out;
2971
2972 err = rdev_set_default_key(rdev, dev, key.idx,
2973 key.def_uni, key.def_multi);
2974
2975 if (err)
2976 goto out;
2977
2978#ifdef CONFIG_CFG80211_WEXT
2979 dev->ieee80211_ptr->wext.default_key = key.idx;
2980#endif
2981 } else {
2982 if (key.def_uni || !key.def_multi) {
2983 err = -EINVAL;
2984 goto out;
2985 }
2986
2987 if (!rdev->ops->set_default_mgmt_key) {
2988 err = -EOPNOTSUPP;
2989 goto out;
2990 }
2991
2992 err = nl80211_key_allowed(dev->ieee80211_ptr);
2993 if (err)
2994 goto out;
2995
2996 err = rdev_set_default_mgmt_key(rdev, dev, key.idx);
2997 if (err)
2998 goto out;
2999
3000#ifdef CONFIG_CFG80211_WEXT
3001 dev->ieee80211_ptr->wext.default_mgmt_key = key.idx;
3002#endif
3003 }
3004
3005 out:
3006 wdev_unlock(dev->ieee80211_ptr);
3007
3008 return err;
3009}
3010
3011static int nl80211_new_key(struct sk_buff *skb, struct genl_info *info)
3012{
3013 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3014 int err;
3015 struct net_device *dev = info->user_ptr[1];
3016 struct key_parse key;
3017 const u8 *mac_addr = NULL;
3018
3019 err = nl80211_parse_key(info, &key);
3020 if (err)
3021 return err;
3022
3023 if (!key.p.key)
3024 return -EINVAL;
3025
3026 if (info->attrs[NL80211_ATTR_MAC])
3027 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3028
3029 if (key.type == -1) {
3030 if (mac_addr)
3031 key.type = NL80211_KEYTYPE_PAIRWISE;
3032 else
3033 key.type = NL80211_KEYTYPE_GROUP;
3034 }
3035
3036
3037 if (key.type != NL80211_KEYTYPE_PAIRWISE &&
3038 key.type != NL80211_KEYTYPE_GROUP)
3039 return -EINVAL;
3040
3041 if (!rdev->ops->add_key)
3042 return -EOPNOTSUPP;
3043
3044 if (cfg80211_validate_key_settings(rdev, &key.p, key.idx,
3045 key.type == NL80211_KEYTYPE_PAIRWISE,
3046 mac_addr))
3047 return -EINVAL;
3048
3049 wdev_lock(dev->ieee80211_ptr);
3050 err = nl80211_key_allowed(dev->ieee80211_ptr);
3051 if (!err)
3052 err = rdev_add_key(rdev, dev, key.idx,
3053 key.type == NL80211_KEYTYPE_PAIRWISE,
3054 mac_addr, &key.p);
3055 wdev_unlock(dev->ieee80211_ptr);
3056
3057 return err;
3058}
3059
3060static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info)
3061{
3062 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3063 int err;
3064 struct net_device *dev = info->user_ptr[1];
3065 u8 *mac_addr = NULL;
3066 struct key_parse key;
3067
3068 err = nl80211_parse_key(info, &key);
3069 if (err)
3070 return err;
3071
3072 if (info->attrs[NL80211_ATTR_MAC])
3073 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3074
3075 if (key.type == -1) {
3076 if (mac_addr)
3077 key.type = NL80211_KEYTYPE_PAIRWISE;
3078 else
3079 key.type = NL80211_KEYTYPE_GROUP;
3080 }
3081
3082
3083 if (key.type != NL80211_KEYTYPE_PAIRWISE &&
3084 key.type != NL80211_KEYTYPE_GROUP)
3085 return -EINVAL;
3086
3087 if (!rdev->ops->del_key)
3088 return -EOPNOTSUPP;
3089
3090 wdev_lock(dev->ieee80211_ptr);
3091 err = nl80211_key_allowed(dev->ieee80211_ptr);
3092
3093 if (key.type == NL80211_KEYTYPE_GROUP && mac_addr &&
3094 !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
3095 err = -ENOENT;
3096
3097 if (!err)
3098 err = rdev_del_key(rdev, dev, key.idx,
3099 key.type == NL80211_KEYTYPE_PAIRWISE,
3100 mac_addr);
3101
3102#ifdef CONFIG_CFG80211_WEXT
3103 if (!err) {
3104 if (key.idx == dev->ieee80211_ptr->wext.default_key)
3105 dev->ieee80211_ptr->wext.default_key = -1;
3106 else if (key.idx == dev->ieee80211_ptr->wext.default_mgmt_key)
3107 dev->ieee80211_ptr->wext.default_mgmt_key = -1;
3108 }
3109#endif
3110 wdev_unlock(dev->ieee80211_ptr);
3111
3112 return err;
3113}
3114
3115
3116static int validate_acl_mac_addrs(struct nlattr *nl_attr)
3117{
3118 struct nlattr *attr;
3119 int n_entries = 0, tmp;
3120
3121 nla_for_each_nested(attr, nl_attr, tmp) {
3122 if (nla_len(attr) != ETH_ALEN)
3123 return -EINVAL;
3124
3125 n_entries++;
3126 }
3127
3128 return n_entries;
3129}
3130
3131
3132
3133
3134
3135
3136static struct cfg80211_acl_data *parse_acl_data(struct wiphy *wiphy,
3137 struct genl_info *info)
3138{
3139 enum nl80211_acl_policy acl_policy;
3140 struct nlattr *attr;
3141 struct cfg80211_acl_data *acl;
3142 int i = 0, n_entries, tmp;
3143
3144 if (!wiphy->max_acl_mac_addrs)
3145 return ERR_PTR(-EOPNOTSUPP);
3146
3147 if (!info->attrs[NL80211_ATTR_ACL_POLICY])
3148 return ERR_PTR(-EINVAL);
3149
3150 acl_policy = nla_get_u32(info->attrs[NL80211_ATTR_ACL_POLICY]);
3151 if (acl_policy != NL80211_ACL_POLICY_ACCEPT_UNLESS_LISTED &&
3152 acl_policy != NL80211_ACL_POLICY_DENY_UNLESS_LISTED)
3153 return ERR_PTR(-EINVAL);
3154
3155 if (!info->attrs[NL80211_ATTR_MAC_ADDRS])
3156 return ERR_PTR(-EINVAL);
3157
3158 n_entries = validate_acl_mac_addrs(info->attrs[NL80211_ATTR_MAC_ADDRS]);
3159 if (n_entries < 0)
3160 return ERR_PTR(n_entries);
3161
3162 if (n_entries > wiphy->max_acl_mac_addrs)
3163 return ERR_PTR(-ENOTSUPP);
3164
3165 acl = kzalloc(sizeof(*acl) + (sizeof(struct mac_address) * n_entries),
3166 GFP_KERNEL);
3167 if (!acl)
3168 return ERR_PTR(-ENOMEM);
3169
3170 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_MAC_ADDRS], tmp) {
3171 memcpy(acl->mac_addrs[i].addr, nla_data(attr), ETH_ALEN);
3172 i++;
3173 }
3174
3175 acl->n_acl_entries = n_entries;
3176 acl->acl_policy = acl_policy;
3177
3178 return acl;
3179}
3180
3181static int nl80211_set_mac_acl(struct sk_buff *skb, struct genl_info *info)
3182{
3183 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3184 struct net_device *dev = info->user_ptr[1];
3185 struct cfg80211_acl_data *acl;
3186 int err;
3187
3188 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
3189 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3190 return -EOPNOTSUPP;
3191
3192 if (!dev->ieee80211_ptr->beacon_interval)
3193 return -EINVAL;
3194
3195 acl = parse_acl_data(&rdev->wiphy, info);
3196 if (IS_ERR(acl))
3197 return PTR_ERR(acl);
3198
3199 err = rdev_set_mac_acl(rdev, dev, acl);
3200
3201 kfree(acl);
3202
3203 return err;
3204}
3205
3206static int nl80211_parse_beacon(struct nlattr *attrs[],
3207 struct cfg80211_beacon_data *bcn)
3208{
3209 bool haveinfo = false;
3210
3211 if (!is_valid_ie_attr(attrs[NL80211_ATTR_BEACON_TAIL]) ||
3212 !is_valid_ie_attr(attrs[NL80211_ATTR_IE]) ||
3213 !is_valid_ie_attr(attrs[NL80211_ATTR_IE_PROBE_RESP]) ||
3214 !is_valid_ie_attr(attrs[NL80211_ATTR_IE_ASSOC_RESP]))
3215 return -EINVAL;
3216
3217 memset(bcn, 0, sizeof(*bcn));
3218
3219 if (attrs[NL80211_ATTR_BEACON_HEAD]) {
3220 bcn->head = nla_data(attrs[NL80211_ATTR_BEACON_HEAD]);
3221 bcn->head_len = nla_len(attrs[NL80211_ATTR_BEACON_HEAD]);
3222 if (!bcn->head_len)
3223 return -EINVAL;
3224 haveinfo = true;
3225 }
3226
3227 if (attrs[NL80211_ATTR_BEACON_TAIL]) {
3228 bcn->tail = nla_data(attrs[NL80211_ATTR_BEACON_TAIL]);
3229 bcn->tail_len = nla_len(attrs[NL80211_ATTR_BEACON_TAIL]);
3230 haveinfo = true;
3231 }
3232
3233 if (!haveinfo)
3234 return -EINVAL;
3235
3236 if (attrs[NL80211_ATTR_IE]) {
3237 bcn->beacon_ies = nla_data(attrs[NL80211_ATTR_IE]);
3238 bcn->beacon_ies_len = nla_len(attrs[NL80211_ATTR_IE]);
3239 }
3240
3241 if (attrs[NL80211_ATTR_IE_PROBE_RESP]) {
3242 bcn->proberesp_ies =
3243 nla_data(attrs[NL80211_ATTR_IE_PROBE_RESP]);
3244 bcn->proberesp_ies_len =
3245 nla_len(attrs[NL80211_ATTR_IE_PROBE_RESP]);
3246 }
3247
3248 if (attrs[NL80211_ATTR_IE_ASSOC_RESP]) {
3249 bcn->assocresp_ies =
3250 nla_data(attrs[NL80211_ATTR_IE_ASSOC_RESP]);
3251 bcn->assocresp_ies_len =
3252 nla_len(attrs[NL80211_ATTR_IE_ASSOC_RESP]);
3253 }
3254
3255 if (attrs[NL80211_ATTR_PROBE_RESP]) {
3256 bcn->probe_resp = nla_data(attrs[NL80211_ATTR_PROBE_RESP]);
3257 bcn->probe_resp_len = nla_len(attrs[NL80211_ATTR_PROBE_RESP]);
3258 }
3259
3260 return 0;
3261}
3262
3263static bool nl80211_get_ap_channel(struct cfg80211_registered_device *rdev,
3264 struct cfg80211_ap_settings *params)
3265{
3266 struct wireless_dev *wdev;
3267 bool ret = false;
3268
3269 list_for_each_entry(wdev, &rdev->wdev_list, list) {
3270 if (wdev->iftype != NL80211_IFTYPE_AP &&
3271 wdev->iftype != NL80211_IFTYPE_P2P_GO)
3272 continue;
3273
3274 if (!wdev->preset_chandef.chan)
3275 continue;
3276
3277 params->chandef = wdev->preset_chandef;
3278 ret = true;
3279 break;
3280 }
3281
3282 return ret;
3283}
3284
3285static bool nl80211_valid_auth_type(struct cfg80211_registered_device *rdev,
3286 enum nl80211_auth_type auth_type,
3287 enum nl80211_commands cmd)
3288{
3289 if (auth_type > NL80211_AUTHTYPE_MAX)
3290 return false;
3291
3292 switch (cmd) {
3293 case NL80211_CMD_AUTHENTICATE:
3294 if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) &&
3295 auth_type == NL80211_AUTHTYPE_SAE)
3296 return false;
3297 return true;
3298 case NL80211_CMD_CONNECT:
3299 case NL80211_CMD_START_AP:
3300
3301 if (auth_type == NL80211_AUTHTYPE_SAE)
3302 return false;
3303 return true;
3304 default:
3305 return false;
3306 }
3307}
3308
3309static int nl80211_start_ap(struct sk_buff *skb, struct genl_info *info)
3310{
3311 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3312 struct net_device *dev = info->user_ptr[1];
3313 struct wireless_dev *wdev = dev->ieee80211_ptr;
3314 struct cfg80211_ap_settings params;
3315 int err;
3316
3317 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
3318 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3319 return -EOPNOTSUPP;
3320
3321 if (!rdev->ops->start_ap)
3322 return -EOPNOTSUPP;
3323
3324 if (wdev->beacon_interval)
3325 return -EALREADY;
3326
3327 memset(¶ms, 0, sizeof(params));
3328
3329
3330 if (!info->attrs[NL80211_ATTR_BEACON_INTERVAL] ||
3331 !info->attrs[NL80211_ATTR_DTIM_PERIOD] ||
3332 !info->attrs[NL80211_ATTR_BEACON_HEAD])
3333 return -EINVAL;
3334
3335 err = nl80211_parse_beacon(info->attrs, ¶ms.beacon);
3336 if (err)
3337 return err;
3338
3339 params.beacon_interval =
3340 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
3341 params.dtim_period =
3342 nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
3343
3344 err = cfg80211_validate_beacon_int(rdev, params.beacon_interval);
3345 if (err)
3346 return err;
3347
3348
3349
3350
3351
3352
3353
3354
3355 if (info->attrs[NL80211_ATTR_SSID]) {
3356 params.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
3357 params.ssid_len =
3358 nla_len(info->attrs[NL80211_ATTR_SSID]);
3359 if (params.ssid_len == 0 ||
3360 params.ssid_len > IEEE80211_MAX_SSID_LEN)
3361 return -EINVAL;
3362 }
3363
3364 if (info->attrs[NL80211_ATTR_HIDDEN_SSID]) {
3365 params.hidden_ssid = nla_get_u32(
3366 info->attrs[NL80211_ATTR_HIDDEN_SSID]);
3367 if (params.hidden_ssid != NL80211_HIDDEN_SSID_NOT_IN_USE &&
3368 params.hidden_ssid != NL80211_HIDDEN_SSID_ZERO_LEN &&
3369 params.hidden_ssid != NL80211_HIDDEN_SSID_ZERO_CONTENTS)
3370 return -EINVAL;
3371 }
3372
3373 params.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
3374
3375 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
3376 params.auth_type = nla_get_u32(
3377 info->attrs[NL80211_ATTR_AUTH_TYPE]);
3378 if (!nl80211_valid_auth_type(rdev, params.auth_type,
3379 NL80211_CMD_START_AP))
3380 return -EINVAL;
3381 } else
3382 params.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
3383
3384 err = nl80211_crypto_settings(rdev, info, ¶ms.crypto,
3385 NL80211_MAX_NR_CIPHER_SUITES);
3386 if (err)
3387 return err;
3388
3389 if (info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]) {
3390 if (!(rdev->wiphy.features & NL80211_FEATURE_INACTIVITY_TIMER))
3391 return -EOPNOTSUPP;
3392 params.inactivity_timeout = nla_get_u16(
3393 info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]);
3394 }
3395
3396 if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
3397 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3398 return -EINVAL;
3399 params.p2p_ctwindow =
3400 nla_get_u8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
3401 if (params.p2p_ctwindow > 127)
3402 return -EINVAL;
3403 if (params.p2p_ctwindow != 0 &&
3404 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN))
3405 return -EINVAL;
3406 }
3407
3408 if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
3409 u8 tmp;
3410
3411 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3412 return -EINVAL;
3413 tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
3414 if (tmp > 1)
3415 return -EINVAL;
3416 params.p2p_opp_ps = tmp;
3417 if (params.p2p_opp_ps != 0 &&
3418 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS))
3419 return -EINVAL;
3420 }
3421
3422 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
3423 err = nl80211_parse_chandef(rdev, info, ¶ms.chandef);
3424 if (err)
3425 return err;
3426 } else if (wdev->preset_chandef.chan) {
3427 params.chandef = wdev->preset_chandef;
3428 } else if (!nl80211_get_ap_channel(rdev, ¶ms))
3429 return -EINVAL;
3430
3431 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, ¶ms.chandef,
3432 wdev->iftype))
3433 return -EINVAL;
3434
3435 if (info->attrs[NL80211_ATTR_SMPS_MODE]) {
3436 params.smps_mode =
3437 nla_get_u8(info->attrs[NL80211_ATTR_SMPS_MODE]);
3438 switch (params.smps_mode) {
3439 case NL80211_SMPS_OFF:
3440 break;
3441 case NL80211_SMPS_STATIC:
3442 if (!(rdev->wiphy.features &
3443 NL80211_FEATURE_STATIC_SMPS))
3444 return -EINVAL;
3445 break;
3446 case NL80211_SMPS_DYNAMIC:
3447 if (!(rdev->wiphy.features &
3448 NL80211_FEATURE_DYNAMIC_SMPS))
3449 return -EINVAL;
3450 break;
3451 default:
3452 return -EINVAL;
3453 }
3454 } else {
3455 params.smps_mode = NL80211_SMPS_OFF;
3456 }
3457
3458 if (info->attrs[NL80211_ATTR_ACL_POLICY]) {
3459 params.acl = parse_acl_data(&rdev->wiphy, info);
3460 if (IS_ERR(params.acl))
3461 return PTR_ERR(params.acl);
3462 }
3463
3464 wdev_lock(wdev);
3465 err = rdev_start_ap(rdev, dev, ¶ms);
3466 if (!err) {
3467 wdev->preset_chandef = params.chandef;
3468 wdev->beacon_interval = params.beacon_interval;
3469 wdev->chandef = params.chandef;
3470 wdev->ssid_len = params.ssid_len;
3471 memcpy(wdev->ssid, params.ssid, wdev->ssid_len);
3472 }
3473 wdev_unlock(wdev);
3474
3475 kfree(params.acl);
3476
3477 return err;
3478}
3479
3480static int nl80211_set_beacon(struct sk_buff *skb, struct genl_info *info)
3481{
3482 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3483 struct net_device *dev = info->user_ptr[1];
3484 struct wireless_dev *wdev = dev->ieee80211_ptr;
3485 struct cfg80211_beacon_data params;
3486 int err;
3487
3488 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
3489 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3490 return -EOPNOTSUPP;
3491
3492 if (!rdev->ops->change_beacon)
3493 return -EOPNOTSUPP;
3494
3495 if (!wdev->beacon_interval)
3496 return -EINVAL;
3497
3498 err = nl80211_parse_beacon(info->attrs, ¶ms);
3499 if (err)
3500 return err;
3501
3502 wdev_lock(wdev);
3503 err = rdev_change_beacon(rdev, dev, ¶ms);
3504 wdev_unlock(wdev);
3505
3506 return err;
3507}
3508
3509static int nl80211_stop_ap(struct sk_buff *skb, struct genl_info *info)
3510{
3511 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3512 struct net_device *dev = info->user_ptr[1];
3513
3514 return cfg80211_stop_ap(rdev, dev, false);
3515}
3516
3517static const struct nla_policy sta_flags_policy[NL80211_STA_FLAG_MAX + 1] = {
3518 [NL80211_STA_FLAG_AUTHORIZED] = { .type = NLA_FLAG },
3519 [NL80211_STA_FLAG_SHORT_PREAMBLE] = { .type = NLA_FLAG },
3520 [NL80211_STA_FLAG_WME] = { .type = NLA_FLAG },
3521 [NL80211_STA_FLAG_MFP] = { .type = NLA_FLAG },
3522 [NL80211_STA_FLAG_AUTHENTICATED] = { .type = NLA_FLAG },
3523 [NL80211_STA_FLAG_TDLS_PEER] = { .type = NLA_FLAG },
3524};
3525
3526static int parse_station_flags(struct genl_info *info,
3527 enum nl80211_iftype iftype,
3528 struct station_parameters *params)
3529{
3530 struct nlattr *flags[NL80211_STA_FLAG_MAX + 1];
3531 struct nlattr *nla;
3532 int flag;
3533
3534
3535
3536
3537
3538 nla = info->attrs[NL80211_ATTR_STA_FLAGS2];
3539 if (nla) {
3540 struct nl80211_sta_flag_update *sta_flags;
3541
3542 sta_flags = nla_data(nla);
3543 params->sta_flags_mask = sta_flags->mask;
3544 params->sta_flags_set = sta_flags->set;
3545 params->sta_flags_set &= params->sta_flags_mask;
3546 if ((params->sta_flags_mask |
3547 params->sta_flags_set) & BIT(__NL80211_STA_FLAG_INVALID))
3548 return -EINVAL;
3549 return 0;
3550 }
3551
3552
3553
3554 nla = info->attrs[NL80211_ATTR_STA_FLAGS];
3555 if (!nla)
3556 return 0;
3557
3558 if (nla_parse_nested(flags, NL80211_STA_FLAG_MAX,
3559 nla, sta_flags_policy))
3560 return -EINVAL;
3561
3562
3563
3564
3565
3566
3567
3568 switch (iftype) {
3569 case NL80211_IFTYPE_AP:
3570 case NL80211_IFTYPE_AP_VLAN:
3571 case NL80211_IFTYPE_P2P_GO:
3572 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
3573 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
3574 BIT(NL80211_STA_FLAG_WME) |
3575 BIT(NL80211_STA_FLAG_MFP);
3576 break;
3577 case NL80211_IFTYPE_P2P_CLIENT:
3578 case NL80211_IFTYPE_STATION:
3579 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
3580 BIT(NL80211_STA_FLAG_TDLS_PEER);
3581 break;
3582 case NL80211_IFTYPE_MESH_POINT:
3583 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHENTICATED) |
3584 BIT(NL80211_STA_FLAG_MFP) |
3585 BIT(NL80211_STA_FLAG_AUTHORIZED);
3586 default:
3587 return -EINVAL;
3588 }
3589
3590 for (flag = 1; flag <= NL80211_STA_FLAG_MAX; flag++) {
3591 if (flags[flag]) {
3592 params->sta_flags_set |= (1<<flag);
3593
3594
3595 if (flag > NL80211_STA_FLAG_MAX_OLD_API)
3596 return -EINVAL;
3597 }
3598 }
3599
3600 return 0;
3601}
3602
3603static bool nl80211_put_sta_rate(struct sk_buff *msg, struct rate_info *info,
3604 int attr)
3605{
3606 struct nlattr *rate;
3607 u32 bitrate;
3608 u16 bitrate_compat;
3609 enum nl80211_attrs rate_flg;
3610
3611 rate = nla_nest_start(msg, attr);
3612 if (!rate)
3613 return false;
3614
3615
3616 bitrate = cfg80211_calculate_bitrate(info);
3617
3618 bitrate_compat = bitrate < (1UL << 16) ? bitrate : 0;
3619 if (bitrate > 0 &&
3620 nla_put_u32(msg, NL80211_RATE_INFO_BITRATE32, bitrate))
3621 return false;
3622 if (bitrate_compat > 0 &&
3623 nla_put_u16(msg, NL80211_RATE_INFO_BITRATE, bitrate_compat))
3624 return false;
3625
3626 switch (info->bw) {
3627 case RATE_INFO_BW_5:
3628 rate_flg = NL80211_RATE_INFO_5_MHZ_WIDTH;
3629 break;
3630 case RATE_INFO_BW_10:
3631 rate_flg = NL80211_RATE_INFO_10_MHZ_WIDTH;
3632 break;
3633 default:
3634 WARN_ON(1);
3635
3636 case RATE_INFO_BW_20:
3637 rate_flg = 0;
3638 break;
3639 case RATE_INFO_BW_40:
3640 rate_flg = NL80211_RATE_INFO_40_MHZ_WIDTH;
3641 break;
3642 case RATE_INFO_BW_80:
3643 rate_flg = NL80211_RATE_INFO_80_MHZ_WIDTH;
3644 break;
3645 case RATE_INFO_BW_160:
3646 rate_flg = NL80211_RATE_INFO_160_MHZ_WIDTH;
3647 break;
3648 }
3649
3650 if (rate_flg && nla_put_flag(msg, rate_flg))
3651 return false;
3652
3653 if (info->flags & RATE_INFO_FLAGS_MCS) {
3654 if (nla_put_u8(msg, NL80211_RATE_INFO_MCS, info->mcs))
3655 return false;
3656 if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
3657 nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
3658 return false;
3659 } else if (info->flags & RATE_INFO_FLAGS_VHT_MCS) {
3660 if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_MCS, info->mcs))
3661 return false;
3662 if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_NSS, info->nss))
3663 return false;
3664 if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
3665 nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
3666 return false;
3667 }
3668
3669 nla_nest_end(msg, rate);
3670 return true;
3671}
3672
3673static bool nl80211_put_signal(struct sk_buff *msg, u8 mask, s8 *signal,
3674 int id)
3675{
3676 void *attr;
3677 int i = 0;
3678
3679 if (!mask)
3680 return true;
3681
3682 attr = nla_nest_start(msg, id);
3683 if (!attr)
3684 return false;
3685
3686 for (i = 0; i < IEEE80211_MAX_CHAINS; i++) {
3687 if (!(mask & BIT(i)))
3688 continue;
3689
3690 if (nla_put_u8(msg, i, signal[i]))
3691 return false;
3692 }
3693
3694 nla_nest_end(msg, attr);
3695
3696 return true;
3697}
3698
3699static int nl80211_send_station(struct sk_buff *msg, u32 cmd, u32 portid,
3700 u32 seq, int flags,
3701 struct cfg80211_registered_device *rdev,
3702 struct net_device *dev,
3703 const u8 *mac_addr, struct station_info *sinfo)
3704{
3705 void *hdr;
3706 struct nlattr *sinfoattr, *bss_param;
3707
3708 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
3709 if (!hdr)
3710 return -1;
3711
3712 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
3713 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
3714 nla_put_u32(msg, NL80211_ATTR_GENERATION, sinfo->generation))
3715 goto nla_put_failure;
3716
3717 sinfoattr = nla_nest_start(msg, NL80211_ATTR_STA_INFO);
3718 if (!sinfoattr)
3719 goto nla_put_failure;
3720
3721#define PUT_SINFO(attr, memb, type) do { \
3722 if (sinfo->filled & BIT(NL80211_STA_INFO_ ## attr) && \
3723 nla_put_ ## type(msg, NL80211_STA_INFO_ ## attr, \
3724 sinfo->memb)) \
3725 goto nla_put_failure; \
3726 } while (0)
3727
3728 PUT_SINFO(CONNECTED_TIME, connected_time, u32);
3729 PUT_SINFO(INACTIVE_TIME, inactive_time, u32);
3730
3731 if (sinfo->filled & (BIT(NL80211_STA_INFO_RX_BYTES) |
3732 BIT(NL80211_STA_INFO_RX_BYTES64)) &&
3733 nla_put_u32(msg, NL80211_STA_INFO_RX_BYTES,
3734 (u32)sinfo->rx_bytes))
3735 goto nla_put_failure;
3736
3737 if (sinfo->filled & (BIT(NL80211_STA_INFO_TX_BYTES) |
3738 BIT(NL80211_STA_INFO_TX_BYTES64)) &&
3739 nla_put_u32(msg, NL80211_STA_INFO_TX_BYTES,
3740 (u32)sinfo->tx_bytes))
3741 goto nla_put_failure;
3742
3743 PUT_SINFO(RX_BYTES64, rx_bytes, u64);
3744 PUT_SINFO(TX_BYTES64, tx_bytes, u64);
3745 PUT_SINFO(LLID, llid, u16);
3746 PUT_SINFO(PLID, plid, u16);
3747 PUT_SINFO(PLINK_STATE, plink_state, u8);
3748
3749 switch (rdev->wiphy.signal_type) {
3750 case CFG80211_SIGNAL_TYPE_MBM:
3751 PUT_SINFO(SIGNAL, signal, u8);
3752 PUT_SINFO(SIGNAL_AVG, signal_avg, u8);
3753 break;
3754 default:
3755 break;
3756 }
3757 if (sinfo->filled & BIT(NL80211_STA_INFO_CHAIN_SIGNAL)) {
3758 if (!nl80211_put_signal(msg, sinfo->chains,
3759 sinfo->chain_signal,
3760 NL80211_STA_INFO_CHAIN_SIGNAL))
3761 goto nla_put_failure;
3762 }
3763 if (sinfo->filled & BIT(NL80211_STA_INFO_CHAIN_SIGNAL_AVG)) {
3764 if (!nl80211_put_signal(msg, sinfo->chains,
3765 sinfo->chain_signal_avg,
3766 NL80211_STA_INFO_CHAIN_SIGNAL_AVG))
3767 goto nla_put_failure;
3768 }
3769 if (sinfo->filled & BIT(NL80211_STA_INFO_TX_BITRATE)) {
3770 if (!nl80211_put_sta_rate(msg, &sinfo->txrate,
3771 NL80211_STA_INFO_TX_BITRATE))
3772 goto nla_put_failure;
3773 }
3774 if (sinfo->filled & BIT(NL80211_STA_INFO_RX_BITRATE)) {
3775 if (!nl80211_put_sta_rate(msg, &sinfo->rxrate,
3776 NL80211_STA_INFO_RX_BITRATE))
3777 goto nla_put_failure;
3778 }
3779
3780 PUT_SINFO(RX_PACKETS, rx_packets, u32);
3781 PUT_SINFO(TX_PACKETS, tx_packets, u32);
3782 PUT_SINFO(TX_RETRIES, tx_retries, u32);
3783 PUT_SINFO(TX_FAILED, tx_failed, u32);
3784 PUT_SINFO(EXPECTED_THROUGHPUT, expected_throughput, u32);
3785 PUT_SINFO(BEACON_LOSS, beacon_loss_count, u32);
3786 PUT_SINFO(LOCAL_PM, local_pm, u32);
3787 PUT_SINFO(PEER_PM, peer_pm, u32);
3788 PUT_SINFO(NONPEER_PM, nonpeer_pm, u32);
3789
3790 if (sinfo->filled & BIT(NL80211_STA_INFO_BSS_PARAM)) {
3791 bss_param = nla_nest_start(msg, NL80211_STA_INFO_BSS_PARAM);
3792 if (!bss_param)
3793 goto nla_put_failure;
3794
3795 if (((sinfo->bss_param.flags & BSS_PARAM_FLAGS_CTS_PROT) &&
3796 nla_put_flag(msg, NL80211_STA_BSS_PARAM_CTS_PROT)) ||
3797 ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_PREAMBLE) &&
3798 nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_PREAMBLE)) ||
3799 ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_SLOT_TIME) &&
3800 nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_SLOT_TIME)) ||
3801 nla_put_u8(msg, NL80211_STA_BSS_PARAM_DTIM_PERIOD,
3802 sinfo->bss_param.dtim_period) ||
3803 nla_put_u16(msg, NL80211_STA_BSS_PARAM_BEACON_INTERVAL,
3804 sinfo->bss_param.beacon_interval))
3805 goto nla_put_failure;
3806
3807 nla_nest_end(msg, bss_param);
3808 }
3809 if ((sinfo->filled & BIT(NL80211_STA_INFO_STA_FLAGS)) &&
3810 nla_put(msg, NL80211_STA_INFO_STA_FLAGS,
3811 sizeof(struct nl80211_sta_flag_update),
3812 &sinfo->sta_flags))
3813 goto nla_put_failure;
3814
3815 PUT_SINFO(T_OFFSET, t_offset, u64);
3816 PUT_SINFO(RX_DROP_MISC, rx_dropped_misc, u64);
3817 PUT_SINFO(BEACON_RX, rx_beacon, u64);
3818 PUT_SINFO(BEACON_SIGNAL_AVG, rx_beacon_signal_avg, u8);
3819
3820#undef PUT_SINFO
3821
3822 if (sinfo->filled & BIT(NL80211_STA_INFO_TID_STATS)) {
3823 struct nlattr *tidsattr;
3824 int tid;
3825
3826 tidsattr = nla_nest_start(msg, NL80211_STA_INFO_TID_STATS);
3827 if (!tidsattr)
3828 goto nla_put_failure;
3829
3830 for (tid = 0; tid < IEEE80211_NUM_TIDS + 1; tid++) {
3831 struct cfg80211_tid_stats *tidstats;
3832 struct nlattr *tidattr;
3833
3834 tidstats = &sinfo->pertid[tid];
3835
3836 if (!tidstats->filled)
3837 continue;
3838
3839 tidattr = nla_nest_start(msg, tid + 1);
3840 if (!tidattr)
3841 goto nla_put_failure;
3842
3843#define PUT_TIDVAL(attr, memb, type) do { \
3844 if (tidstats->filled & BIT(NL80211_TID_STATS_ ## attr) && \
3845 nla_put_ ## type(msg, NL80211_TID_STATS_ ## attr, \
3846 tidstats->memb)) \
3847 goto nla_put_failure; \
3848 } while (0)
3849
3850 PUT_TIDVAL(RX_MSDU, rx_msdu, u64);
3851 PUT_TIDVAL(TX_MSDU, tx_msdu, u64);
3852 PUT_TIDVAL(TX_MSDU_RETRIES, tx_msdu_retries, u64);
3853 PUT_TIDVAL(TX_MSDU_FAILED, tx_msdu_failed, u64);
3854
3855#undef PUT_TIDVAL
3856 nla_nest_end(msg, tidattr);
3857 }
3858
3859 nla_nest_end(msg, tidsattr);
3860 }
3861
3862 nla_nest_end(msg, sinfoattr);
3863
3864 if (sinfo->assoc_req_ies_len &&
3865 nla_put(msg, NL80211_ATTR_IE, sinfo->assoc_req_ies_len,
3866 sinfo->assoc_req_ies))
3867 goto nla_put_failure;
3868
3869 genlmsg_end(msg, hdr);
3870 return 0;
3871
3872 nla_put_failure:
3873 genlmsg_cancel(msg, hdr);
3874 return -EMSGSIZE;
3875}
3876
3877static int nl80211_dump_station(struct sk_buff *skb,
3878 struct netlink_callback *cb)
3879{
3880 struct station_info sinfo;
3881 struct cfg80211_registered_device *rdev;
3882 struct wireless_dev *wdev;
3883 u8 mac_addr[ETH_ALEN];
3884 int sta_idx = cb->args[2];
3885 int err;
3886
3887 err = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev);
3888 if (err)
3889 return err;
3890
3891 if (!wdev->netdev) {
3892 err = -EINVAL;
3893 goto out_err;
3894 }
3895
3896 if (!rdev->ops->dump_station) {
3897 err = -EOPNOTSUPP;
3898 goto out_err;
3899 }
3900
3901 while (1) {
3902 memset(&sinfo, 0, sizeof(sinfo));
3903 err = rdev_dump_station(rdev, wdev->netdev, sta_idx,
3904 mac_addr, &sinfo);
3905 if (err == -ENOENT)
3906 break;
3907 if (err)
3908 goto out_err;
3909
3910 if (nl80211_send_station(skb, NL80211_CMD_NEW_STATION,
3911 NETLINK_CB(cb->skb).portid,
3912 cb->nlh->nlmsg_seq, NLM_F_MULTI,
3913 rdev, wdev->netdev, mac_addr,
3914 &sinfo) < 0)
3915 goto out;
3916
3917 sta_idx++;
3918 }
3919
3920
3921 out:
3922 cb->args[2] = sta_idx;
3923 err = skb->len;
3924 out_err:
3925 nl80211_finish_wdev_dump(rdev);
3926
3927 return err;
3928}
3929
3930static int nl80211_get_station(struct sk_buff *skb, struct genl_info *info)
3931{
3932 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3933 struct net_device *dev = info->user_ptr[1];
3934 struct station_info sinfo;
3935 struct sk_buff *msg;
3936 u8 *mac_addr = NULL;
3937 int err;
3938
3939 memset(&sinfo, 0, sizeof(sinfo));
3940
3941 if (!info->attrs[NL80211_ATTR_MAC])
3942 return -EINVAL;
3943
3944 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3945
3946 if (!rdev->ops->get_station)
3947 return -EOPNOTSUPP;
3948
3949 err = rdev_get_station(rdev, dev, mac_addr, &sinfo);
3950 if (err)
3951 return err;
3952
3953 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3954 if (!msg)
3955 return -ENOMEM;
3956
3957 if (nl80211_send_station(msg, NL80211_CMD_NEW_STATION,
3958 info->snd_portid, info->snd_seq, 0,
3959 rdev, dev, mac_addr, &sinfo) < 0) {
3960 nlmsg_free(msg);
3961 return -ENOBUFS;
3962 }
3963
3964 return genlmsg_reply(msg, info);
3965}
3966
3967int cfg80211_check_station_change(struct wiphy *wiphy,
3968 struct station_parameters *params,
3969 enum cfg80211_station_type statype)
3970{
3971 if (params->listen_interval != -1 &&
3972 statype != CFG80211_STA_AP_CLIENT_UNASSOC)
3973 return -EINVAL;
3974
3975 if (params->aid &&
3976 !(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) &&
3977 statype != CFG80211_STA_AP_CLIENT_UNASSOC)
3978 return -EINVAL;
3979
3980
3981 BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 7);
3982
3983 switch (statype) {
3984 case CFG80211_STA_MESH_PEER_KERNEL:
3985 case CFG80211_STA_MESH_PEER_USER:
3986
3987
3988
3989
3990
3991 if (params->sta_flags_mask &
3992 ~(BIT(NL80211_STA_FLAG_AUTHENTICATED) |
3993 BIT(NL80211_STA_FLAG_MFP) |
3994 BIT(NL80211_STA_FLAG_AUTHORIZED)))
3995 return -EINVAL;
3996 break;
3997 case CFG80211_STA_TDLS_PEER_SETUP:
3998 case CFG80211_STA_TDLS_PEER_ACTIVE:
3999 if (!(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
4000 return -EINVAL;
4001
4002 params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
4003 break;
4004 default:
4005
4006 if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION)
4007 return -EINVAL;
4008 if (params->local_pm)
4009 return -EINVAL;
4010 if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE)
4011 return -EINVAL;
4012 }
4013
4014 if (statype != CFG80211_STA_TDLS_PEER_SETUP &&
4015 statype != CFG80211_STA_TDLS_PEER_ACTIVE) {
4016
4017 if (params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))
4018 return -EINVAL;
4019
4020
4021
4022
4023
4024 params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
4025 }
4026
4027 if (statype != CFG80211_STA_TDLS_PEER_SETUP &&
4028 statype != CFG80211_STA_AP_CLIENT_UNASSOC) {
4029
4030 if (params->sta_modify_mask & STATION_PARAM_APPLY_UAPSD)
4031 return -EINVAL;
4032 if (params->sta_modify_mask & STATION_PARAM_APPLY_CAPABILITY)
4033 return -EINVAL;
4034 if (params->supported_rates)
4035 return -EINVAL;
4036 if (params->ext_capab || params->ht_capa || params->vht_capa)
4037 return -EINVAL;
4038 }
4039
4040 if (statype != CFG80211_STA_AP_CLIENT &&
4041 statype != CFG80211_STA_AP_CLIENT_UNASSOC) {
4042 if (params->vlan)
4043 return -EINVAL;
4044 }
4045
4046 switch (statype) {
4047 case CFG80211_STA_AP_MLME_CLIENT:
4048
4049 if (!(params->sta_flags_mask & BIT(NL80211_STA_FLAG_AUTHORIZED)))
4050 return -EOPNOTSUPP;
4051 break;
4052 case CFG80211_STA_AP_CLIENT:
4053 case CFG80211_STA_AP_CLIENT_UNASSOC:
4054
4055 if (params->sta_flags_mask &
4056 ~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
4057 BIT(NL80211_STA_FLAG_AUTHENTICATED) |
4058 BIT(NL80211_STA_FLAG_ASSOCIATED) |
4059 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
4060 BIT(NL80211_STA_FLAG_WME) |
4061 BIT(NL80211_STA_FLAG_MFP)))
4062 return -EINVAL;
4063
4064
4065 if (!(wiphy->features & NL80211_FEATURE_FULL_AP_CLIENT_STATE) &&
4066 params->sta_flags_mask &
4067 (BIT(NL80211_STA_FLAG_AUTHENTICATED) |
4068 BIT(NL80211_STA_FLAG_ASSOCIATED)))
4069 return -EINVAL;
4070 break;
4071 case CFG80211_STA_IBSS:
4072 case CFG80211_STA_AP_STA:
4073
4074 if (params->sta_flags_mask & ~BIT(NL80211_STA_FLAG_AUTHORIZED))
4075 return -EINVAL;
4076 break;
4077 case CFG80211_STA_TDLS_PEER_SETUP:
4078
4079 if (params->sta_flags_mask & ~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
4080 BIT(NL80211_STA_FLAG_WME)))
4081 return -EINVAL;
4082
4083 if (params->sta_flags_set & BIT(NL80211_STA_FLAG_AUTHORIZED) &&
4084 !params->supported_rates)
4085 return -EINVAL;
4086 break;
4087 case CFG80211_STA_TDLS_PEER_ACTIVE:
4088
4089 return -EINVAL;
4090 case CFG80211_STA_MESH_PEER_KERNEL:
4091 if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE)
4092 return -EINVAL;
4093 break;
4094 case CFG80211_STA_MESH_PEER_USER:
4095 if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION &&
4096 params->plink_action != NL80211_PLINK_ACTION_BLOCK)
4097 return -EINVAL;
4098 break;
4099 }
4100
4101 return 0;
4102}
4103EXPORT_SYMBOL(cfg80211_check_station_change);
4104
4105
4106
4107
4108static struct net_device *get_vlan(struct genl_info *info,
4109 struct cfg80211_registered_device *rdev)
4110{
4111 struct nlattr *vlanattr = info->attrs[NL80211_ATTR_STA_VLAN];
4112 struct net_device *v;
4113 int ret;
4114
4115 if (!vlanattr)
4116 return NULL;
4117
4118 v = dev_get_by_index(genl_info_net(info), nla_get_u32(vlanattr));
4119 if (!v)
4120 return ERR_PTR(-ENODEV);
4121
4122 if (!v->ieee80211_ptr || v->ieee80211_ptr->wiphy != &rdev->wiphy) {
4123 ret = -EINVAL;
4124 goto error;
4125 }
4126
4127 if (v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
4128 v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
4129 v->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) {
4130 ret = -EINVAL;
4131 goto error;
4132 }
4133
4134 if (!netif_running(v)) {
4135 ret = -ENETDOWN;
4136 goto error;
4137 }
4138
4139 return v;
4140 error:
4141 dev_put(v);
4142 return ERR_PTR(ret);
4143}
4144
4145static const struct nla_policy
4146nl80211_sta_wme_policy[NL80211_STA_WME_MAX + 1] = {
4147 [NL80211_STA_WME_UAPSD_QUEUES] = { .type = NLA_U8 },
4148 [NL80211_STA_WME_MAX_SP] = { .type = NLA_U8 },
4149};
4150
4151static int nl80211_parse_sta_wme(struct genl_info *info,
4152 struct station_parameters *params)
4153{
4154 struct nlattr *tb[NL80211_STA_WME_MAX + 1];
4155 struct nlattr *nla;
4156 int err;
4157
4158
4159 if (!info->attrs[NL80211_ATTR_STA_WME])
4160 return 0;
4161
4162 nla = info->attrs[NL80211_ATTR_STA_WME];
4163 err = nla_parse_nested(tb, NL80211_STA_WME_MAX, nla,
4164 nl80211_sta_wme_policy);
4165 if (err)
4166 return err;
4167
4168 if (tb[NL80211_STA_WME_UAPSD_QUEUES])
4169 params->uapsd_queues = nla_get_u8(
4170 tb[NL80211_STA_WME_UAPSD_QUEUES]);
4171 if (params->uapsd_queues & ~IEEE80211_WMM_IE_STA_QOSINFO_AC_MASK)
4172 return -EINVAL;
4173
4174 if (tb[NL80211_STA_WME_MAX_SP])
4175 params->max_sp = nla_get_u8(tb[NL80211_STA_WME_MAX_SP]);
4176
4177 if (params->max_sp & ~IEEE80211_WMM_IE_STA_QOSINFO_SP_MASK)
4178 return -EINVAL;
4179
4180 params->sta_modify_mask |= STATION_PARAM_APPLY_UAPSD;
4181
4182 return 0;
4183}
4184
4185static int nl80211_parse_sta_channel_info(struct genl_info *info,
4186 struct station_parameters *params)
4187{
4188 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]) {
4189 params->supported_channels =
4190 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]);
4191 params->supported_channels_len =
4192 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]);
4193
4194
4195
4196
4197
4198 if (params->supported_channels_len < 2)
4199 return -EINVAL;
4200 if (params->supported_channels_len % 2)
4201 return -EINVAL;
4202 }
4203
4204 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]) {
4205 params->supported_oper_classes =
4206 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]);
4207 params->supported_oper_classes_len =
4208 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]);
4209
4210
4211
4212
4213 if (params->supported_oper_classes_len < 2 ||
4214 params->supported_oper_classes_len > 253)
4215 return -EINVAL;
4216 }
4217 return 0;
4218}
4219
4220static int nl80211_set_station_tdls(struct genl_info *info,
4221 struct station_parameters *params)
4222{
4223 int err;
4224
4225 if (info->attrs[NL80211_ATTR_PEER_AID])
4226 params->aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
4227 if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
4228 params->ht_capa =
4229 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
4230 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
4231 params->vht_capa =
4232 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
4233
4234 err = nl80211_parse_sta_channel_info(info, params);
4235 if (err)
4236 return err;
4237
4238 return nl80211_parse_sta_wme(info, params);
4239}
4240
4241static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info)
4242{
4243 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4244 struct net_device *dev = info->user_ptr[1];
4245 struct station_parameters params;
4246 u8 *mac_addr;
4247 int err;
4248
4249 memset(¶ms, 0, sizeof(params));
4250
4251 if (!rdev->ops->change_station)
4252 return -EOPNOTSUPP;
4253
4254
4255
4256
4257
4258
4259 if (info->attrs[NL80211_ATTR_PEER_AID])
4260 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
4261
4262 if (info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
4263 params.listen_interval =
4264 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
4265 else
4266 params.listen_interval = -1;
4267
4268 if (!info->attrs[NL80211_ATTR_MAC])
4269 return -EINVAL;
4270
4271 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4272
4273 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) {
4274 params.supported_rates =
4275 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
4276 params.supported_rates_len =
4277 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
4278 }
4279
4280 if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
4281 params.capability =
4282 nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]);
4283 params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY;
4284 }
4285
4286 if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) {
4287 params.ext_capab =
4288 nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
4289 params.ext_capab_len =
4290 nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
4291 }
4292
4293 if (parse_station_flags(info, dev->ieee80211_ptr->iftype, ¶ms))
4294 return -EINVAL;
4295
4296 if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION]) {
4297 params.plink_action =
4298 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
4299 if (params.plink_action >= NUM_NL80211_PLINK_ACTIONS)
4300 return -EINVAL;
4301 }
4302
4303 if (info->attrs[NL80211_ATTR_STA_PLINK_STATE]) {
4304 params.plink_state =
4305 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_STATE]);
4306 if (params.plink_state >= NUM_NL80211_PLINK_STATES)
4307 return -EINVAL;
4308 params.sta_modify_mask |= STATION_PARAM_APPLY_PLINK_STATE;
4309 }
4310
4311 if (info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE]) {
4312 enum nl80211_mesh_power_mode pm = nla_get_u32(
4313 info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE]);
4314
4315 if (pm <= NL80211_MESH_POWER_UNKNOWN ||
4316 pm > NL80211_MESH_POWER_MAX)
4317 return -EINVAL;
4318
4319 params.local_pm = pm;
4320 }
4321
4322
4323 err = nl80211_set_station_tdls(info, ¶ms);
4324 if (err)
4325 return err;
4326
4327 params.vlan = get_vlan(info, rdev);
4328 if (IS_ERR(params.vlan))
4329 return PTR_ERR(params.vlan);
4330
4331 switch (dev->ieee80211_ptr->iftype) {
4332 case NL80211_IFTYPE_AP:
4333 case NL80211_IFTYPE_AP_VLAN:
4334 case NL80211_IFTYPE_P2P_GO:
4335 case NL80211_IFTYPE_P2P_CLIENT:
4336 case NL80211_IFTYPE_STATION:
4337 case NL80211_IFTYPE_ADHOC:
4338 case NL80211_IFTYPE_MESH_POINT:
4339 break;
4340 default:
4341 err = -EOPNOTSUPP;
4342 goto out_put_vlan;
4343 }
4344
4345
4346 err = rdev_change_station(rdev, dev, mac_addr, ¶ms);
4347
4348 out_put_vlan:
4349 if (params.vlan)
4350 dev_put(params.vlan);
4351
4352 return err;
4353}
4354
4355static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info)
4356{
4357 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4358 int err;
4359 struct net_device *dev = info->user_ptr[1];
4360 struct station_parameters params;
4361 u8 *mac_addr = NULL;
4362
4363 memset(¶ms, 0, sizeof(params));
4364
4365 if (!rdev->ops->add_station)
4366 return -EOPNOTSUPP;
4367
4368 if (!info->attrs[NL80211_ATTR_MAC])
4369 return -EINVAL;
4370
4371 if (!info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
4372 return -EINVAL;
4373
4374 if (!info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES])
4375 return -EINVAL;
4376
4377 if (!info->attrs[NL80211_ATTR_STA_AID] &&
4378 !info->attrs[NL80211_ATTR_PEER_AID])
4379 return -EINVAL;
4380
4381 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4382 params.supported_rates =
4383 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
4384 params.supported_rates_len =
4385 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
4386 params.listen_interval =
4387 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
4388
4389 if (info->attrs[NL80211_ATTR_PEER_AID])
4390 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
4391 else
4392 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
4393 if (!params.aid || params.aid > IEEE80211_MAX_AID)
4394 return -EINVAL;
4395
4396 if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
4397 params.capability =
4398 nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]);
4399 params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY;
4400 }
4401
4402 if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) {
4403 params.ext_capab =
4404 nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
4405 params.ext_capab_len =
4406 nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
4407 }
4408
4409 if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
4410 params.ht_capa =
4411 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
4412
4413 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
4414 params.vht_capa =
4415 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
4416
4417 if (info->attrs[NL80211_ATTR_OPMODE_NOTIF]) {
4418 params.opmode_notif_used = true;
4419 params.opmode_notif =
4420 nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]);
4421 }
4422
4423 if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION]) {
4424 params.plink_action =
4425 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
4426 if (params.plink_action >= NUM_NL80211_PLINK_ACTIONS)
4427 return -EINVAL;
4428 }
4429
4430 err = nl80211_parse_sta_channel_info(info, ¶ms);
4431 if (err)
4432 return err;
4433
4434 err = nl80211_parse_sta_wme(info, ¶ms);
4435 if (err)
4436 return err;
4437
4438 if (parse_station_flags(info, dev->ieee80211_ptr->iftype, ¶ms))
4439 return -EINVAL;
4440
4441
4442
4443
4444
4445
4446 if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_WME))) {
4447 params.ht_capa = NULL;
4448 params.vht_capa = NULL;
4449 }
4450
4451
4452 BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 7);
4453
4454 switch (dev->ieee80211_ptr->iftype) {
4455 case NL80211_IFTYPE_AP:
4456 case NL80211_IFTYPE_AP_VLAN:
4457 case NL80211_IFTYPE_P2P_GO:
4458
4459 if (!(rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) ||
4460 !(params.sta_flags_set & BIT(NL80211_STA_FLAG_WME)))
4461 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
4462
4463
4464 if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) ||
4465 info->attrs[NL80211_ATTR_PEER_AID])
4466 return -EINVAL;
4467
4468 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
4469
4470
4471 if (!(rdev->wiphy.features &
4472 NL80211_FEATURE_FULL_AP_CLIENT_STATE) &&
4473 params.sta_flags_mask &
4474 (BIT(NL80211_STA_FLAG_AUTHENTICATED) |
4475 BIT(NL80211_STA_FLAG_ASSOCIATED)))
4476 return -EINVAL;
4477
4478
4479 params.vlan = get_vlan(info, rdev);
4480 if (IS_ERR(params.vlan))
4481 return PTR_ERR(params.vlan);
4482 break;
4483 case NL80211_IFTYPE_MESH_POINT:
4484
4485 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
4486
4487
4488 if (params.sta_flags_mask & BIT(NL80211_STA_FLAG_ASSOCIATED))
4489 return -EINVAL;
4490
4491 if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) ||
4492 info->attrs[NL80211_ATTR_PEER_AID])
4493 return -EINVAL;
4494 break;
4495 case NL80211_IFTYPE_STATION:
4496 case NL80211_IFTYPE_P2P_CLIENT:
4497
4498 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
4499
4500
4501 if (params.sta_flags_mask &
4502 (BIT(NL80211_STA_FLAG_ASSOCIATED) |
4503 BIT(NL80211_STA_FLAG_AUTHENTICATED)))
4504 return -EINVAL;
4505
4506 if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
4507 return -EINVAL;
4508
4509 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS))
4510 return -EOPNOTSUPP;
4511
4512 if (!(rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP))
4513 return -EOPNOTSUPP;
4514
4515
4516
4517
4518 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_AUTHORIZED);
4519 break;
4520 default:
4521 return -EOPNOTSUPP;
4522 }
4523
4524
4525
4526 err = rdev_add_station(rdev, dev, mac_addr, ¶ms);
4527
4528 if (params.vlan)
4529 dev_put(params.vlan);
4530 return err;
4531}
4532
4533static int nl80211_del_station(struct sk_buff *skb, struct genl_info *info)
4534{
4535 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4536 struct net_device *dev = info->user_ptr[1];
4537 struct station_del_parameters params;
4538
4539 memset(¶ms, 0, sizeof(params));
4540
4541 if (info->attrs[NL80211_ATTR_MAC])
4542 params.mac = nla_data(info->attrs[NL80211_ATTR_MAC]);
4543
4544 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
4545 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
4546 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
4547 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4548 return -EINVAL;
4549
4550 if (!rdev->ops->del_station)
4551 return -EOPNOTSUPP;
4552
4553 if (info->attrs[NL80211_ATTR_MGMT_SUBTYPE]) {
4554 params.subtype =
4555 nla_get_u8(info->attrs[NL80211_ATTR_MGMT_SUBTYPE]);
4556 if (params.subtype != IEEE80211_STYPE_DISASSOC >> 4 &&
4557 params.subtype != IEEE80211_STYPE_DEAUTH >> 4)
4558 return -EINVAL;
4559 } else {
4560
4561 params.subtype = IEEE80211_STYPE_DEAUTH >> 4;
4562 }
4563
4564 if (info->attrs[NL80211_ATTR_REASON_CODE]) {
4565 params.reason_code =
4566 nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
4567 if (params.reason_code == 0)
4568 return -EINVAL;
4569 } else {
4570
4571 params.reason_code = WLAN_REASON_PREV_AUTH_NOT_VALID;
4572 }
4573
4574 return rdev_del_station(rdev, dev, ¶ms);
4575}
4576
4577static int nl80211_send_mpath(struct sk_buff *msg, u32 portid, u32 seq,
4578 int flags, struct net_device *dev,
4579 u8 *dst, u8 *next_hop,
4580 struct mpath_info *pinfo)
4581{
4582 void *hdr;
4583 struct nlattr *pinfoattr;
4584
4585 hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_MPATH);
4586 if (!hdr)
4587 return -1;
4588
4589 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
4590 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, dst) ||
4591 nla_put(msg, NL80211_ATTR_MPATH_NEXT_HOP, ETH_ALEN, next_hop) ||
4592 nla_put_u32(msg, NL80211_ATTR_GENERATION, pinfo->generation))
4593 goto nla_put_failure;
4594
4595 pinfoattr = nla_nest_start(msg, NL80211_ATTR_MPATH_INFO);
4596 if (!pinfoattr)
4597 goto nla_put_failure;
4598 if ((pinfo->filled & MPATH_INFO_FRAME_QLEN) &&
4599 nla_put_u32(msg, NL80211_MPATH_INFO_FRAME_QLEN,
4600 pinfo->frame_qlen))
4601 goto nla_put_failure;
4602 if (((pinfo->filled & MPATH_INFO_SN) &&
4603 nla_put_u32(msg, NL80211_MPATH_INFO_SN, pinfo->sn)) ||
4604 ((pinfo->filled & MPATH_INFO_METRIC) &&
4605 nla_put_u32(msg, NL80211_MPATH_INFO_METRIC,
4606 pinfo->metric)) ||
4607 ((pinfo->filled & MPATH_INFO_EXPTIME) &&
4608 nla_put_u32(msg, NL80211_MPATH_INFO_EXPTIME,
4609 pinfo->exptime)) ||
4610 ((pinfo->filled & MPATH_INFO_FLAGS) &&
4611 nla_put_u8(msg, NL80211_MPATH_INFO_FLAGS,
4612 pinfo->flags)) ||
4613 ((pinfo->filled & MPATH_INFO_DISCOVERY_TIMEOUT) &&
4614 nla_put_u32(msg, NL80211_MPATH_INFO_DISCOVERY_TIMEOUT,
4615 pinfo->discovery_timeout)) ||
4616 ((pinfo->filled & MPATH_INFO_DISCOVERY_RETRIES) &&
4617 nla_put_u8(msg, NL80211_MPATH_INFO_DISCOVERY_RETRIES,
4618 pinfo->discovery_retries)))
4619 goto nla_put_failure;
4620
4621 nla_nest_end(msg, pinfoattr);
4622
4623 genlmsg_end(msg, hdr);
4624 return 0;
4625
4626 nla_put_failure:
4627 genlmsg_cancel(msg, hdr);
4628 return -EMSGSIZE;
4629}
4630
4631static int nl80211_dump_mpath(struct sk_buff *skb,
4632 struct netlink_callback *cb)
4633{
4634 struct mpath_info pinfo;
4635 struct cfg80211_registered_device *rdev;
4636 struct wireless_dev *wdev;
4637 u8 dst[ETH_ALEN];
4638 u8 next_hop[ETH_ALEN];
4639 int path_idx = cb->args[2];
4640 int err;
4641
4642 err = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev);
4643 if (err)
4644 return err;
4645
4646 if (!rdev->ops->dump_mpath) {
4647 err = -EOPNOTSUPP;
4648 goto out_err;
4649 }
4650
4651 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) {
4652 err = -EOPNOTSUPP;
4653 goto out_err;
4654 }
4655
4656 while (1) {
4657 err = rdev_dump_mpath(rdev, wdev->netdev, path_idx, dst,
4658 next_hop, &pinfo);
4659 if (err == -ENOENT)
4660 break;
4661 if (err)
4662 goto out_err;
4663
4664 if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid,
4665 cb->nlh->nlmsg_seq, NLM_F_MULTI,
4666 wdev->netdev, dst, next_hop,
4667 &pinfo) < 0)
4668 goto out;
4669
4670 path_idx++;
4671 }
4672
4673
4674 out:
4675 cb->args[2] = path_idx;
4676 err = skb->len;
4677 out_err:
4678 nl80211_finish_wdev_dump(rdev);
4679 return err;
4680}
4681
4682static int nl80211_get_mpath(struct sk_buff *skb, struct genl_info *info)
4683{
4684 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4685 int err;
4686 struct net_device *dev = info->user_ptr[1];
4687 struct mpath_info pinfo;
4688 struct sk_buff *msg;
4689 u8 *dst = NULL;
4690 u8 next_hop[ETH_ALEN];
4691
4692 memset(&pinfo, 0, sizeof(pinfo));
4693
4694 if (!info->attrs[NL80211_ATTR_MAC])
4695 return -EINVAL;
4696
4697 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
4698
4699 if (!rdev->ops->get_mpath)
4700 return -EOPNOTSUPP;
4701
4702 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
4703 return -EOPNOTSUPP;
4704
4705 err = rdev_get_mpath(rdev, dev, dst, next_hop, &pinfo);
4706 if (err)
4707 return err;
4708
4709 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4710 if (!msg)
4711 return -ENOMEM;
4712
4713 if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0,
4714 dev, dst, next_hop, &pinfo) < 0) {
4715 nlmsg_free(msg);
4716 return -ENOBUFS;
4717 }
4718
4719 return genlmsg_reply(msg, info);
4720}
4721
4722static int nl80211_set_mpath(struct sk_buff *skb, struct genl_info *info)
4723{
4724 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4725 struct net_device *dev = info->user_ptr[1];
4726 u8 *dst = NULL;
4727 u8 *next_hop = NULL;
4728
4729 if (!info->attrs[NL80211_ATTR_MAC])
4730 return -EINVAL;
4731
4732 if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
4733 return -EINVAL;
4734
4735 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
4736 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
4737
4738 if (!rdev->ops->change_mpath)
4739 return -EOPNOTSUPP;
4740
4741 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
4742 return -EOPNOTSUPP;
4743
4744 return rdev_change_mpath(rdev, dev, dst, next_hop);
4745}
4746
4747static int nl80211_new_mpath(struct sk_buff *skb, struct genl_info *info)
4748{
4749 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4750 struct net_device *dev = info->user_ptr[1];
4751 u8 *dst = NULL;
4752 u8 *next_hop = NULL;
4753
4754 if (!info->attrs[NL80211_ATTR_MAC])
4755 return -EINVAL;
4756
4757 if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
4758 return -EINVAL;
4759
4760 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
4761 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
4762
4763 if (!rdev->ops->add_mpath)
4764 return -EOPNOTSUPP;
4765
4766 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
4767 return -EOPNOTSUPP;
4768
4769 return rdev_add_mpath(rdev, dev, dst, next_hop);
4770}
4771
4772static int nl80211_del_mpath(struct sk_buff *skb, struct genl_info *info)
4773{
4774 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4775 struct net_device *dev = info->user_ptr[1];
4776 u8 *dst = NULL;
4777
4778 if (info->attrs[NL80211_ATTR_MAC])
4779 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
4780
4781 if (!rdev->ops->del_mpath)
4782 return -EOPNOTSUPP;
4783
4784 return rdev_del_mpath(rdev, dev, dst);
4785}
4786
4787static int nl80211_get_mpp(struct sk_buff *skb, struct genl_info *info)
4788{
4789 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4790 int err;
4791 struct net_device *dev = info->user_ptr[1];
4792 struct mpath_info pinfo;
4793 struct sk_buff *msg;
4794 u8 *dst = NULL;
4795 u8 mpp[ETH_ALEN];
4796
4797 memset(&pinfo, 0, sizeof(pinfo));
4798
4799 if (!info->attrs[NL80211_ATTR_MAC])
4800 return -EINVAL;
4801
4802 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
4803
4804 if (!rdev->ops->get_mpp)
4805 return -EOPNOTSUPP;
4806
4807 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
4808 return -EOPNOTSUPP;
4809
4810 err = rdev_get_mpp(rdev, dev, dst, mpp, &pinfo);
4811 if (err)
4812 return err;
4813
4814 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4815 if (!msg)
4816 return -ENOMEM;
4817
4818 if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0,
4819 dev, dst, mpp, &pinfo) < 0) {
4820 nlmsg_free(msg);
4821 return -ENOBUFS;
4822 }
4823
4824 return genlmsg_reply(msg, info);
4825}
4826
4827static int nl80211_dump_mpp(struct sk_buff *skb,
4828 struct netlink_callback *cb)
4829{
4830 struct mpath_info pinfo;
4831 struct cfg80211_registered_device *rdev;
4832 struct wireless_dev *wdev;
4833 u8 dst[ETH_ALEN];
4834 u8 mpp[ETH_ALEN];
4835 int path_idx = cb->args[2];
4836 int err;
4837
4838 err = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev);
4839 if (err)
4840 return err;
4841
4842 if (!rdev->ops->dump_mpp) {
4843 err = -EOPNOTSUPP;
4844 goto out_err;
4845 }
4846
4847 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) {
4848 err = -EOPNOTSUPP;
4849 goto out_err;
4850 }
4851
4852 while (1) {
4853 err = rdev_dump_mpp(rdev, wdev->netdev, path_idx, dst,
4854 mpp, &pinfo);
4855 if (err == -ENOENT)
4856 break;
4857 if (err)
4858 goto out_err;
4859
4860 if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid,
4861 cb->nlh->nlmsg_seq, NLM_F_MULTI,
4862 wdev->netdev, dst, mpp,
4863 &pinfo) < 0)
4864 goto out;
4865
4866 path_idx++;
4867 }
4868
4869 out:
4870 cb->args[2] = path_idx;
4871 err = skb->len;
4872 out_err:
4873 nl80211_finish_wdev_dump(rdev);
4874 return err;
4875}
4876
4877static int nl80211_set_bss(struct sk_buff *skb, struct genl_info *info)
4878{
4879 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4880 struct net_device *dev = info->user_ptr[1];
4881 struct wireless_dev *wdev = dev->ieee80211_ptr;
4882 struct bss_parameters params;
4883 int err;
4884
4885 memset(¶ms, 0, sizeof(params));
4886
4887 params.use_cts_prot = -1;
4888 params.use_short_preamble = -1;
4889 params.use_short_slot_time = -1;
4890 params.ap_isolate = -1;
4891 params.ht_opmode = -1;
4892 params.p2p_ctwindow = -1;
4893 params.p2p_opp_ps = -1;
4894
4895 if (info->attrs[NL80211_ATTR_BSS_CTS_PROT])
4896 params.use_cts_prot =
4897 nla_get_u8(info->attrs[NL80211_ATTR_BSS_CTS_PROT]);
4898 if (info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE])
4899 params.use_short_preamble =
4900 nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]);
4901 if (info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME])
4902 params.use_short_slot_time =
4903 nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]);
4904 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
4905 params.basic_rates =
4906 nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
4907 params.basic_rates_len =
4908 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
4909 }
4910 if (info->attrs[NL80211_ATTR_AP_ISOLATE])
4911 params.ap_isolate = !!nla_get_u8(info->attrs[NL80211_ATTR_AP_ISOLATE]);
4912 if (info->attrs[NL80211_ATTR_BSS_HT_OPMODE])
4913 params.ht_opmode =
4914 nla_get_u16(info->attrs[NL80211_ATTR_BSS_HT_OPMODE]);
4915
4916 if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
4917 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4918 return -EINVAL;
4919 params.p2p_ctwindow =
4920 nla_get_s8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
4921 if (params.p2p_ctwindow < 0)
4922 return -EINVAL;
4923 if (params.p2p_ctwindow != 0 &&
4924 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN))
4925 return -EINVAL;
4926 }
4927
4928 if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
4929 u8 tmp;
4930
4931 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4932 return -EINVAL;
4933 tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
4934 if (tmp > 1)
4935 return -EINVAL;
4936 params.p2p_opp_ps = tmp;
4937 if (params.p2p_opp_ps &&
4938 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS))
4939 return -EINVAL;
4940 }
4941
4942 if (!rdev->ops->change_bss)
4943 return -EOPNOTSUPP;
4944
4945 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
4946 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4947 return -EOPNOTSUPP;
4948
4949 wdev_lock(wdev);
4950 err = rdev_change_bss(rdev, dev, ¶ms);
4951 wdev_unlock(wdev);
4952
4953 return err;
4954}
4955
4956static int nl80211_req_set_reg(struct sk_buff *skb, struct genl_info *info)
4957{
4958 char *data = NULL;
4959 bool is_indoor;
4960 enum nl80211_user_reg_hint_type user_reg_hint_type;
4961 u32 owner_nlportid;
4962
4963
4964
4965
4966
4967
4968
4969
4970 if (unlikely(!rcu_access_pointer(cfg80211_regdomain)))
4971 return -EINPROGRESS;
4972
4973 if (info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE])
4974 user_reg_hint_type =
4975 nla_get_u32(info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE]);
4976 else
4977 user_reg_hint_type = NL80211_USER_REG_HINT_USER;
4978
4979 switch (user_reg_hint_type) {
4980 case NL80211_USER_REG_HINT_USER:
4981 case NL80211_USER_REG_HINT_CELL_BASE:
4982 if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
4983 return -EINVAL;
4984
4985 data = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
4986 return regulatory_hint_user(data, user_reg_hint_type);
4987 case NL80211_USER_REG_HINT_INDOOR:
4988 if (info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
4989 owner_nlportid = info->snd_portid;
4990 is_indoor = !!info->attrs[NL80211_ATTR_REG_INDOOR];
4991 } else {
4992 owner_nlportid = 0;
4993 is_indoor = true;
4994 }
4995
4996 return regulatory_hint_indoor(is_indoor, owner_nlportid);
4997 default:
4998 return -EINVAL;
4999 }
5000}
5001
5002static int nl80211_get_mesh_config(struct sk_buff *skb,
5003 struct genl_info *info)
5004{
5005 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5006 struct net_device *dev = info->user_ptr[1];
5007 struct wireless_dev *wdev = dev->ieee80211_ptr;
5008 struct mesh_config cur_params;
5009 int err = 0;
5010 void *hdr;
5011 struct nlattr *pinfoattr;
5012 struct sk_buff *msg;
5013
5014 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
5015 return -EOPNOTSUPP;
5016
5017 if (!rdev->ops->get_mesh_config)
5018 return -EOPNOTSUPP;
5019
5020 wdev_lock(wdev);
5021
5022 if (!wdev->mesh_id_len)
5023 memcpy(&cur_params, &default_mesh_config, sizeof(cur_params));
5024 else
5025 err = rdev_get_mesh_config(rdev, dev, &cur_params);
5026 wdev_unlock(wdev);
5027
5028 if (err)
5029 return err;
5030
5031
5032 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5033 if (!msg)
5034 return -ENOMEM;
5035 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
5036 NL80211_CMD_GET_MESH_CONFIG);
5037 if (!hdr)
5038 goto out;
5039 pinfoattr = nla_nest_start(msg, NL80211_ATTR_MESH_CONFIG);
5040 if (!pinfoattr)
5041 goto nla_put_failure;
5042 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
5043 nla_put_u16(msg, NL80211_MESHCONF_RETRY_TIMEOUT,
5044 cur_params.dot11MeshRetryTimeout) ||
5045 nla_put_u16(msg, NL80211_MESHCONF_CONFIRM_TIMEOUT,
5046 cur_params.dot11MeshConfirmTimeout) ||
5047 nla_put_u16(msg, NL80211_MESHCONF_HOLDING_TIMEOUT,
5048 cur_params.dot11MeshHoldingTimeout) ||
5049 nla_put_u16(msg, NL80211_MESHCONF_MAX_PEER_LINKS,
5050 cur_params.dot11MeshMaxPeerLinks) ||
5051 nla_put_u8(msg, NL80211_MESHCONF_MAX_RETRIES,
5052 cur_params.dot11MeshMaxRetries) ||
5053 nla_put_u8(msg, NL80211_MESHCONF_TTL,
5054 cur_params.dot11MeshTTL) ||
5055 nla_put_u8(msg, NL80211_MESHCONF_ELEMENT_TTL,
5056 cur_params.element_ttl) ||
5057 nla_put_u8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
5058 cur_params.auto_open_plinks) ||
5059 nla_put_u32(msg, NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
5060 cur_params.dot11MeshNbrOffsetMaxNeighbor) ||
5061 nla_put_u8(msg, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
5062 cur_params.dot11MeshHWMPmaxPREQretries) ||
5063 nla_put_u32(msg, NL80211_MESHCONF_PATH_REFRESH_TIME,
5064 cur_params.path_refresh_time) ||
5065 nla_put_u16(msg, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
5066 cur_params.min_discovery_timeout) ||
5067 nla_put_u32(msg, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
5068 cur_params.dot11MeshHWMPactivePathTimeout) ||
5069 nla_put_u16(msg, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
5070 cur_params.dot11MeshHWMPpreqMinInterval) ||
5071 nla_put_u16(msg, NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
5072 cur_params.dot11MeshHWMPperrMinInterval) ||
5073 nla_put_u16(msg, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
5074 cur_params.dot11MeshHWMPnetDiameterTraversalTime) ||
5075 nla_put_u8(msg, NL80211_MESHCONF_HWMP_ROOTMODE,
5076 cur_params.dot11MeshHWMPRootMode) ||
5077 nla_put_u16(msg, NL80211_MESHCONF_HWMP_RANN_INTERVAL,
5078 cur_params.dot11MeshHWMPRannInterval) ||
5079 nla_put_u8(msg, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
5080 cur_params.dot11MeshGateAnnouncementProtocol) ||
5081 nla_put_u8(msg, NL80211_MESHCONF_FORWARDING,
5082 cur_params.dot11MeshForwarding) ||
5083 nla_put_u32(msg, NL80211_MESHCONF_RSSI_THRESHOLD,
5084 cur_params.rssi_threshold) ||
5085 nla_put_u32(msg, NL80211_MESHCONF_HT_OPMODE,
5086 cur_params.ht_opmode) ||
5087 nla_put_u32(msg, NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
5088 cur_params.dot11MeshHWMPactivePathToRootTimeout) ||
5089 nla_put_u16(msg, NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
5090 cur_params.dot11MeshHWMProotInterval) ||
5091 nla_put_u16(msg, NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
5092 cur_params.dot11MeshHWMPconfirmationInterval) ||
5093 nla_put_u32(msg, NL80211_MESHCONF_POWER_MODE,
5094 cur_params.power_mode) ||
5095 nla_put_u16(msg, NL80211_MESHCONF_AWAKE_WINDOW,
5096 cur_params.dot11MeshAwakeWindowDuration) ||
5097 nla_put_u32(msg, NL80211_MESHCONF_PLINK_TIMEOUT,
5098 cur_params.plink_timeout))
5099 goto nla_put_failure;
5100 nla_nest_end(msg, pinfoattr);
5101 genlmsg_end(msg, hdr);
5102 return genlmsg_reply(msg, info);
5103
5104 nla_put_failure:
5105 genlmsg_cancel(msg, hdr);
5106 out:
5107 nlmsg_free(msg);
5108 return -ENOBUFS;
5109}
5110
5111static const struct nla_policy nl80211_meshconf_params_policy[NL80211_MESHCONF_ATTR_MAX+1] = {
5112 [NL80211_MESHCONF_RETRY_TIMEOUT] = { .type = NLA_U16 },
5113 [NL80211_MESHCONF_CONFIRM_TIMEOUT] = { .type = NLA_U16 },
5114 [NL80211_MESHCONF_HOLDING_TIMEOUT] = { .type = NLA_U16 },
5115 [NL80211_MESHCONF_MAX_PEER_LINKS] = { .type = NLA_U16 },
5116 [NL80211_MESHCONF_MAX_RETRIES] = { .type = NLA_U8 },
5117 [NL80211_MESHCONF_TTL] = { .type = NLA_U8 },
5118 [NL80211_MESHCONF_ELEMENT_TTL] = { .type = NLA_U8 },
5119 [NL80211_MESHCONF_AUTO_OPEN_PLINKS] = { .type = NLA_U8 },
5120 [NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR] = { .type = NLA_U32 },
5121 [NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES] = { .type = NLA_U8 },
5122 [NL80211_MESHCONF_PATH_REFRESH_TIME] = { .type = NLA_U32 },
5123 [NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT] = { .type = NLA_U16 },
5124 [NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT] = { .type = NLA_U32 },
5125 [NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL] = { .type = NLA_U16 },
5126 [NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL] = { .type = NLA_U16 },
5127 [NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME] = { .type = NLA_U16 },
5128 [NL80211_MESHCONF_HWMP_ROOTMODE] = { .type = NLA_U8 },
5129 [NL80211_MESHCONF_HWMP_RANN_INTERVAL] = { .type = NLA_U16 },
5130 [NL80211_MESHCONF_GATE_ANNOUNCEMENTS] = { .type = NLA_U8 },
5131 [NL80211_MESHCONF_FORWARDING] = { .type = NLA_U8 },
5132 [NL80211_MESHCONF_RSSI_THRESHOLD] = { .type = NLA_U32 },
5133 [NL80211_MESHCONF_HT_OPMODE] = { .type = NLA_U16 },
5134 [NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT] = { .type = NLA_U32 },
5135 [NL80211_MESHCONF_HWMP_ROOT_INTERVAL] = { .type = NLA_U16 },
5136 [NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL] = { .type = NLA_U16 },
5137 [NL80211_MESHCONF_POWER_MODE] = { .type = NLA_U32 },
5138 [NL80211_MESHCONF_AWAKE_WINDOW] = { .type = NLA_U16 },
5139 [NL80211_MESHCONF_PLINK_TIMEOUT] = { .type = NLA_U32 },
5140};
5141
5142static const struct nla_policy
5143 nl80211_mesh_setup_params_policy[NL80211_MESH_SETUP_ATTR_MAX+1] = {
5144 [NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC] = { .type = NLA_U8 },
5145 [NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL] = { .type = NLA_U8 },
5146 [NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC] = { .type = NLA_U8 },
5147 [NL80211_MESH_SETUP_USERSPACE_AUTH] = { .type = NLA_FLAG },
5148 [NL80211_MESH_SETUP_AUTH_PROTOCOL] = { .type = NLA_U8 },
5149 [NL80211_MESH_SETUP_USERSPACE_MPM] = { .type = NLA_FLAG },
5150 [NL80211_MESH_SETUP_IE] = { .type = NLA_BINARY,
5151 .len = IEEE80211_MAX_DATA_LEN },
5152 [NL80211_MESH_SETUP_USERSPACE_AMPE] = { .type = NLA_FLAG },
5153};
5154
5155static int nl80211_parse_mesh_config(struct genl_info *info,
5156 struct mesh_config *cfg,
5157 u32 *mask_out)
5158{
5159 struct nlattr *tb[NL80211_MESHCONF_ATTR_MAX + 1];
5160 u32 mask = 0;
5161
5162#define FILL_IN_MESH_PARAM_IF_SET(tb, cfg, param, min, max, mask, attr, fn) \
5163do { \
5164 if (tb[attr]) { \
5165 if (fn(tb[attr]) < min || fn(tb[attr]) > max) \
5166 return -EINVAL; \
5167 cfg->param = fn(tb[attr]); \
5168 mask |= (1 << (attr - 1)); \
5169 } \
5170} while (0)
5171
5172
5173 if (!info->attrs[NL80211_ATTR_MESH_CONFIG])
5174 return -EINVAL;
5175 if (nla_parse_nested(tb, NL80211_MESHCONF_ATTR_MAX,
5176 info->attrs[NL80211_ATTR_MESH_CONFIG],
5177 nl80211_meshconf_params_policy))
5178 return -EINVAL;
5179
5180
5181
5182 BUILD_BUG_ON(NL80211_MESHCONF_ATTR_MAX > 32);
5183
5184
5185 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshRetryTimeout, 1, 255,
5186 mask, NL80211_MESHCONF_RETRY_TIMEOUT,
5187 nla_get_u16);
5188 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConfirmTimeout, 1, 255,
5189 mask, NL80211_MESHCONF_CONFIRM_TIMEOUT,
5190 nla_get_u16);
5191 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHoldingTimeout, 1, 255,
5192 mask, NL80211_MESHCONF_HOLDING_TIMEOUT,
5193 nla_get_u16);
5194 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxPeerLinks, 0, 255,
5195 mask, NL80211_MESHCONF_MAX_PEER_LINKS,
5196 nla_get_u16);
5197 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxRetries, 0, 16,
5198 mask, NL80211_MESHCONF_MAX_RETRIES,
5199 nla_get_u8);
5200 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshTTL, 1, 255,
5201 mask, NL80211_MESHCONF_TTL, nla_get_u8);
5202 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, element_ttl, 1, 255,
5203 mask, NL80211_MESHCONF_ELEMENT_TTL,
5204 nla_get_u8);
5205 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, auto_open_plinks, 0, 1,
5206 mask, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
5207 nla_get_u8);
5208 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshNbrOffsetMaxNeighbor,
5209 1, 255, mask,
5210 NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
5211 nla_get_u32);
5212 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPmaxPREQretries, 0, 255,
5213 mask, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
5214 nla_get_u8);
5215 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, path_refresh_time, 1, 65535,
5216 mask, NL80211_MESHCONF_PATH_REFRESH_TIME,
5217 nla_get_u32);
5218 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, min_discovery_timeout, 1, 65535,
5219 mask, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
5220 nla_get_u16);
5221 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathTimeout,
5222 1, 65535, mask,
5223 NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
5224 nla_get_u32);
5225 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPpreqMinInterval,
5226 1, 65535, mask,
5227 NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
5228 nla_get_u16);
5229 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPperrMinInterval,
5230 1, 65535, mask,
5231 NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
5232 nla_get_u16);
5233 FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
5234 dot11MeshHWMPnetDiameterTraversalTime,
5235 1, 65535, mask,
5236 NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
5237 nla_get_u16);
5238 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRootMode, 0, 4,
5239 mask, NL80211_MESHCONF_HWMP_ROOTMODE,
5240 nla_get_u8);
5241 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRannInterval, 1, 65535,
5242 mask, NL80211_MESHCONF_HWMP_RANN_INTERVAL,
5243 nla_get_u16);
5244 FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
5245 dot11MeshGateAnnouncementProtocol, 0, 1,
5246 mask, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
5247 nla_get_u8);
5248 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshForwarding, 0, 1,
5249 mask, NL80211_MESHCONF_FORWARDING,
5250 nla_get_u8);
5251 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, rssi_threshold, -255, 0,
5252 mask, NL80211_MESHCONF_RSSI_THRESHOLD,
5253 nla_get_s32);
5254 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, ht_opmode, 0, 16,
5255 mask, NL80211_MESHCONF_HT_OPMODE,
5256 nla_get_u16);
5257 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathToRootTimeout,
5258 1, 65535, mask,
5259 NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
5260 nla_get_u32);
5261 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMProotInterval, 1, 65535,
5262 mask, NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
5263 nla_get_u16);
5264 FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
5265 dot11MeshHWMPconfirmationInterval,
5266 1, 65535, mask,
5267 NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
5268 nla_get_u16);
5269 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, power_mode,
5270 NL80211_MESH_POWER_ACTIVE,
5271 NL80211_MESH_POWER_MAX,
5272 mask, NL80211_MESHCONF_POWER_MODE,
5273 nla_get_u32);
5274 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshAwakeWindowDuration,
5275 0, 65535, mask,
5276 NL80211_MESHCONF_AWAKE_WINDOW, nla_get_u16);
5277 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, plink_timeout, 0, 0xffffffff,
5278 mask, NL80211_MESHCONF_PLINK_TIMEOUT,
5279 nla_get_u32);
5280 if (mask_out)
5281 *mask_out = mask;
5282
5283 return 0;
5284
5285#undef FILL_IN_MESH_PARAM_IF_SET
5286}
5287
5288static int nl80211_parse_mesh_setup(struct genl_info *info,
5289 struct mesh_setup *setup)
5290{
5291 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5292 struct nlattr *tb[NL80211_MESH_SETUP_ATTR_MAX + 1];
5293
5294 if (!info->attrs[NL80211_ATTR_MESH_SETUP])
5295 return -EINVAL;
5296 if (nla_parse_nested(tb, NL80211_MESH_SETUP_ATTR_MAX,
5297 info->attrs[NL80211_ATTR_MESH_SETUP],
5298 nl80211_mesh_setup_params_policy))
5299 return -EINVAL;
5300
5301 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])
5302 setup->sync_method =
5303 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])) ?
5304 IEEE80211_SYNC_METHOD_VENDOR :
5305 IEEE80211_SYNC_METHOD_NEIGHBOR_OFFSET;
5306
5307 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])
5308 setup->path_sel_proto =
5309 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])) ?
5310 IEEE80211_PATH_PROTOCOL_VENDOR :
5311 IEEE80211_PATH_PROTOCOL_HWMP;
5312
5313 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])
5314 setup->path_metric =
5315 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])) ?
5316 IEEE80211_PATH_METRIC_VENDOR :
5317 IEEE80211_PATH_METRIC_AIRTIME;
5318
5319
5320 if (tb[NL80211_MESH_SETUP_IE]) {
5321 struct nlattr *ieattr =
5322 tb[NL80211_MESH_SETUP_IE];
5323 if (!is_valid_ie_attr(ieattr))
5324 return -EINVAL;
5325 setup->ie = nla_data(ieattr);
5326 setup->ie_len = nla_len(ieattr);
5327 }
5328 if (tb[NL80211_MESH_SETUP_USERSPACE_MPM] &&
5329 !(rdev->wiphy.features & NL80211_FEATURE_USERSPACE_MPM))
5330 return -EINVAL;
5331 setup->user_mpm = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_MPM]);
5332 setup->is_authenticated = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AUTH]);
5333 setup->is_secure = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AMPE]);
5334 if (setup->is_secure)
5335 setup->user_mpm = true;
5336
5337 if (tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]) {
5338 if (!setup->user_mpm)
5339 return -EINVAL;
5340 setup->auth_id =
5341 nla_get_u8(tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]);
5342 }
5343
5344 return 0;
5345}
5346
5347static int nl80211_update_mesh_config(struct sk_buff *skb,
5348 struct genl_info *info)
5349{
5350 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5351 struct net_device *dev = info->user_ptr[1];
5352 struct wireless_dev *wdev = dev->ieee80211_ptr;
5353 struct mesh_config cfg;
5354 u32 mask;
5355 int err;
5356
5357 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
5358 return -EOPNOTSUPP;
5359
5360 if (!rdev->ops->update_mesh_config)
5361 return -EOPNOTSUPP;
5362
5363 err = nl80211_parse_mesh_config(info, &cfg, &mask);
5364 if (err)
5365 return err;
5366
5367 wdev_lock(wdev);
5368 if (!wdev->mesh_id_len)
5369 err = -ENOLINK;
5370
5371 if (!err)
5372 err = rdev_update_mesh_config(rdev, dev, mask, &cfg);
5373
5374 wdev_unlock(wdev);
5375
5376 return err;
5377}
5378
5379static int nl80211_put_regdom(const struct ieee80211_regdomain *regdom,
5380 struct sk_buff *msg)
5381{
5382 struct nlattr *nl_reg_rules;
5383 unsigned int i;
5384
5385 if (nla_put_string(msg, NL80211_ATTR_REG_ALPHA2, regdom->alpha2) ||
5386 (regdom->dfs_region &&
5387 nla_put_u8(msg, NL80211_ATTR_DFS_REGION, regdom->dfs_region)))
5388 goto nla_put_failure;
5389
5390 nl_reg_rules = nla_nest_start(msg, NL80211_ATTR_REG_RULES);
5391 if (!nl_reg_rules)
5392 goto nla_put_failure;
5393
5394 for (i = 0; i < regdom->n_reg_rules; i++) {
5395 struct nlattr *nl_reg_rule;
5396 const struct ieee80211_reg_rule *reg_rule;
5397 const struct ieee80211_freq_range *freq_range;
5398 const struct ieee80211_power_rule *power_rule;
5399 unsigned int max_bandwidth_khz;
5400
5401 reg_rule = ®dom->reg_rules[i];
5402 freq_range = ®_rule->freq_range;
5403 power_rule = ®_rule->power_rule;
5404
5405 nl_reg_rule = nla_nest_start(msg, i);
5406 if (!nl_reg_rule)
5407 goto nla_put_failure;
5408
5409 max_bandwidth_khz = freq_range->max_bandwidth_khz;
5410 if (!max_bandwidth_khz)
5411 max_bandwidth_khz = reg_get_max_bandwidth(regdom,
5412 reg_rule);
5413
5414 if (nla_put_u32(msg, NL80211_ATTR_REG_RULE_FLAGS,
5415 reg_rule->flags) ||
5416 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_START,
5417 freq_range->start_freq_khz) ||
5418 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_END,
5419 freq_range->end_freq_khz) ||
5420 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_MAX_BW,
5421 max_bandwidth_khz) ||
5422 nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN,
5423 power_rule->max_antenna_gain) ||
5424 nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_EIRP,
5425 power_rule->max_eirp) ||
5426 nla_put_u32(msg, NL80211_ATTR_DFS_CAC_TIME,
5427 reg_rule->dfs_cac_ms))
5428 goto nla_put_failure;
5429
5430 nla_nest_end(msg, nl_reg_rule);
5431 }
5432
5433 nla_nest_end(msg, nl_reg_rules);
5434 return 0;
5435
5436nla_put_failure:
5437 return -EMSGSIZE;
5438}
5439
5440static int nl80211_get_reg_do(struct sk_buff *skb, struct genl_info *info)
5441{
5442 const struct ieee80211_regdomain *regdom = NULL;
5443 struct cfg80211_registered_device *rdev;
5444 struct wiphy *wiphy = NULL;
5445 struct sk_buff *msg;
5446 void *hdr;
5447
5448 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5449 if (!msg)
5450 return -ENOBUFS;
5451
5452 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
5453 NL80211_CMD_GET_REG);
5454 if (!hdr)
5455 goto put_failure;
5456
5457 if (info->attrs[NL80211_ATTR_WIPHY]) {
5458 bool self_managed;
5459
5460 rdev = cfg80211_get_dev_from_info(genl_info_net(info), info);
5461 if (IS_ERR(rdev)) {
5462 nlmsg_free(msg);
5463 return PTR_ERR(rdev);
5464 }
5465
5466 wiphy = &rdev->wiphy;
5467 self_managed = wiphy->regulatory_flags &
5468 REGULATORY_WIPHY_SELF_MANAGED;
5469 regdom = get_wiphy_regdom(wiphy);
5470
5471
5472 if (WARN_ON(!regdom && self_managed)) {
5473 nlmsg_free(msg);
5474 return -EINVAL;
5475 }
5476
5477 if (regdom &&
5478 nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
5479 goto nla_put_failure;
5480 }
5481
5482 if (!wiphy && reg_last_request_cell_base() &&
5483 nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE,
5484 NL80211_USER_REG_HINT_CELL_BASE))
5485 goto nla_put_failure;
5486
5487 rcu_read_lock();
5488
5489 if (!regdom)
5490 regdom = rcu_dereference(cfg80211_regdomain);
5491
5492 if (nl80211_put_regdom(regdom, msg))
5493 goto nla_put_failure_rcu;
5494
5495 rcu_read_unlock();
5496
5497 genlmsg_end(msg, hdr);
5498 return genlmsg_reply(msg, info);
5499
5500nla_put_failure_rcu:
5501 rcu_read_unlock();
5502nla_put_failure:
5503 genlmsg_cancel(msg, hdr);
5504put_failure:
5505 nlmsg_free(msg);
5506 return -EMSGSIZE;
5507}
5508
5509static int nl80211_send_regdom(struct sk_buff *msg, struct netlink_callback *cb,
5510 u32 seq, int flags, struct wiphy *wiphy,
5511 const struct ieee80211_regdomain *regdom)
5512{
5513 void *hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags,
5514 NL80211_CMD_GET_REG);
5515
5516 if (!hdr)
5517 return -1;
5518
5519 genl_dump_check_consistent(cb, hdr, &nl80211_fam);
5520
5521 if (nl80211_put_regdom(regdom, msg))
5522 goto nla_put_failure;
5523
5524 if (!wiphy && reg_last_request_cell_base() &&
5525 nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE,
5526 NL80211_USER_REG_HINT_CELL_BASE))
5527 goto nla_put_failure;
5528
5529 if (wiphy &&
5530 nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
5531 goto nla_put_failure;
5532
5533 if (wiphy && wiphy->regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
5534 nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
5535 goto nla_put_failure;
5536
5537 genlmsg_end(msg, hdr);
5538 return 0;
5539
5540nla_put_failure:
5541 genlmsg_cancel(msg, hdr);
5542 return -EMSGSIZE;
5543}
5544
5545static int nl80211_get_reg_dump(struct sk_buff *skb,
5546 struct netlink_callback *cb)
5547{
5548 const struct ieee80211_regdomain *regdom = NULL;
5549 struct cfg80211_registered_device *rdev;
5550 int err, reg_idx, start = cb->args[2];
5551
5552 rtnl_lock();
5553
5554 if (cfg80211_regdomain && start == 0) {
5555 err = nl80211_send_regdom(skb, cb, cb->nlh->nlmsg_seq,
5556 NLM_F_MULTI, NULL,
5557 rtnl_dereference(cfg80211_regdomain));
5558 if (err < 0)
5559 goto out_err;
5560 }
5561
5562
5563 reg_idx = 1;
5564 list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
5565 regdom = get_wiphy_regdom(&rdev->wiphy);
5566 if (!regdom)
5567 continue;
5568
5569 if (++reg_idx <= start)
5570 continue;
5571
5572 err = nl80211_send_regdom(skb, cb, cb->nlh->nlmsg_seq,
5573 NLM_F_MULTI, &rdev->wiphy, regdom);
5574 if (err < 0) {
5575 reg_idx--;
5576 break;
5577 }
5578 }
5579
5580 cb->args[2] = reg_idx;
5581 err = skb->len;
5582out_err:
5583 rtnl_unlock();
5584 return err;
5585}
5586
5587#ifdef CONFIG_CFG80211_CRDA_SUPPORT
5588static const struct nla_policy reg_rule_policy[NL80211_REG_RULE_ATTR_MAX + 1] = {
5589 [NL80211_ATTR_REG_RULE_FLAGS] = { .type = NLA_U32 },
5590 [NL80211_ATTR_FREQ_RANGE_START] = { .type = NLA_U32 },
5591 [NL80211_ATTR_FREQ_RANGE_END] = { .type = NLA_U32 },
5592 [NL80211_ATTR_FREQ_RANGE_MAX_BW] = { .type = NLA_U32 },
5593 [NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN] = { .type = NLA_U32 },
5594 [NL80211_ATTR_POWER_RULE_MAX_EIRP] = { .type = NLA_U32 },
5595 [NL80211_ATTR_DFS_CAC_TIME] = { .type = NLA_U32 },
5596};
5597
5598static int parse_reg_rule(struct nlattr *tb[],
5599 struct ieee80211_reg_rule *reg_rule)
5600{
5601 struct ieee80211_freq_range *freq_range = ®_rule->freq_range;
5602 struct ieee80211_power_rule *power_rule = ®_rule->power_rule;
5603
5604 if (!tb[NL80211_ATTR_REG_RULE_FLAGS])
5605 return -EINVAL;
5606 if (!tb[NL80211_ATTR_FREQ_RANGE_START])
5607 return -EINVAL;
5608 if (!tb[NL80211_ATTR_FREQ_RANGE_END])
5609 return -EINVAL;
5610 if (!tb[NL80211_ATTR_FREQ_RANGE_MAX_BW])
5611 return -EINVAL;
5612 if (!tb[NL80211_ATTR_POWER_RULE_MAX_EIRP])
5613 return -EINVAL;
5614
5615 reg_rule->flags = nla_get_u32(tb[NL80211_ATTR_REG_RULE_FLAGS]);
5616
5617 freq_range->start_freq_khz =
5618 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]);
5619 freq_range->end_freq_khz =
5620 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]);
5621 freq_range->max_bandwidth_khz =
5622 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]);
5623
5624 power_rule->max_eirp =
5625 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]);
5626
5627 if (tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN])
5628 power_rule->max_antenna_gain =
5629 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]);
5630
5631 if (tb[NL80211_ATTR_DFS_CAC_TIME])
5632 reg_rule->dfs_cac_ms =
5633 nla_get_u32(tb[NL80211_ATTR_DFS_CAC_TIME]);
5634
5635 return 0;
5636}
5637
5638static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info)
5639{
5640 struct nlattr *tb[NL80211_REG_RULE_ATTR_MAX + 1];
5641 struct nlattr *nl_reg_rule;
5642 char *alpha2;
5643 int rem_reg_rules, r;
5644 u32 num_rules = 0, rule_idx = 0, size_of_regd;
5645 enum nl80211_dfs_regions dfs_region = NL80211_DFS_UNSET;
5646 struct ieee80211_regdomain *rd;
5647
5648 if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
5649 return -EINVAL;
5650
5651 if (!info->attrs[NL80211_ATTR_REG_RULES])
5652 return -EINVAL;
5653
5654 alpha2 = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
5655
5656 if (info->attrs[NL80211_ATTR_DFS_REGION])
5657 dfs_region = nla_get_u8(info->attrs[NL80211_ATTR_DFS_REGION]);
5658
5659 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
5660 rem_reg_rules) {
5661 num_rules++;
5662 if (num_rules > NL80211_MAX_SUPP_REG_RULES)
5663 return -EINVAL;
5664 }
5665
5666 if (!reg_is_valid_request(alpha2))
5667 return -EINVAL;
5668
5669 size_of_regd = sizeof(struct ieee80211_regdomain) +
5670 num_rules * sizeof(struct ieee80211_reg_rule);
5671
5672 rd = kzalloc(size_of_regd, GFP_KERNEL);
5673 if (!rd)
5674 return -ENOMEM;
5675
5676 rd->n_reg_rules = num_rules;
5677 rd->alpha2[0] = alpha2[0];
5678 rd->alpha2[1] = alpha2[1];
5679
5680
5681
5682
5683
5684 if (reg_supported_dfs_region(dfs_region))
5685 rd->dfs_region = dfs_region;
5686
5687 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
5688 rem_reg_rules) {
5689 r = nla_parse(tb, NL80211_REG_RULE_ATTR_MAX,
5690 nla_data(nl_reg_rule), nla_len(nl_reg_rule),
5691 reg_rule_policy);
5692 if (r)
5693 goto bad_reg;
5694 r = parse_reg_rule(tb, &rd->reg_rules[rule_idx]);
5695 if (r)
5696 goto bad_reg;
5697
5698 rule_idx++;
5699
5700 if (rule_idx > NL80211_MAX_SUPP_REG_RULES) {
5701 r = -EINVAL;
5702 goto bad_reg;
5703 }
5704 }
5705
5706 r = set_regdom(rd, REGD_SOURCE_CRDA);
5707
5708 rd = NULL;
5709
5710 bad_reg:
5711 kfree(rd);
5712 return r;
5713}
5714#endif
5715
5716static int validate_scan_freqs(struct nlattr *freqs)
5717{
5718 struct nlattr *attr1, *attr2;
5719 int n_channels = 0, tmp1, tmp2;
5720
5721 nla_for_each_nested(attr1, freqs, tmp1) {
5722 n_channels++;
5723
5724
5725
5726
5727
5728
5729
5730
5731
5732 nla_for_each_nested(attr2, freqs, tmp2)
5733 if (attr1 != attr2 &&
5734 nla_get_u32(attr1) == nla_get_u32(attr2))
5735 return 0;
5736 }
5737
5738 return n_channels;
5739}
5740
5741static int nl80211_parse_random_mac(struct nlattr **attrs,
5742 u8 *mac_addr, u8 *mac_addr_mask)
5743{
5744 int i;
5745
5746 if (!attrs[NL80211_ATTR_MAC] && !attrs[NL80211_ATTR_MAC_MASK]) {
5747 eth_zero_addr(mac_addr);
5748 eth_zero_addr(mac_addr_mask);
5749 mac_addr[0] = 0x2;
5750 mac_addr_mask[0] = 0x3;
5751
5752 return 0;
5753 }
5754
5755
5756 if (!attrs[NL80211_ATTR_MAC] || !attrs[NL80211_ATTR_MAC_MASK])
5757 return -EINVAL;
5758
5759 memcpy(mac_addr, nla_data(attrs[NL80211_ATTR_MAC]), ETH_ALEN);
5760 memcpy(mac_addr_mask, nla_data(attrs[NL80211_ATTR_MAC_MASK]), ETH_ALEN);
5761
5762
5763 if (!is_multicast_ether_addr(mac_addr_mask) ||
5764 is_multicast_ether_addr(mac_addr))
5765 return -EINVAL;
5766
5767
5768
5769
5770
5771
5772 for (i = 0; i < ETH_ALEN; i++)
5773 mac_addr[i] &= mac_addr_mask[i];
5774
5775 return 0;
5776}
5777
5778static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info)
5779{
5780 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5781 struct wireless_dev *wdev = info->user_ptr[1];
5782 struct cfg80211_scan_request *request;
5783 struct nlattr *attr;
5784 struct wiphy *wiphy;
5785 int err, tmp, n_ssids = 0, n_channels, i;
5786 size_t ie_len;
5787
5788 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
5789 return -EINVAL;
5790
5791 wiphy = &rdev->wiphy;
5792
5793 if (!rdev->ops->scan)
5794 return -EOPNOTSUPP;
5795
5796 if (rdev->scan_req || rdev->scan_msg) {
5797 err = -EBUSY;
5798 goto unlock;
5799 }
5800
5801 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
5802 n_channels = validate_scan_freqs(
5803 info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
5804 if (!n_channels) {
5805 err = -EINVAL;
5806 goto unlock;
5807 }
5808 } else {
5809 n_channels = ieee80211_get_num_supported_channels(wiphy);
5810 }
5811
5812 if (info->attrs[NL80211_ATTR_SCAN_SSIDS])
5813 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp)
5814 n_ssids++;
5815
5816 if (n_ssids > wiphy->max_scan_ssids) {
5817 err = -EINVAL;
5818 goto unlock;
5819 }
5820
5821 if (info->attrs[NL80211_ATTR_IE])
5822 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
5823 else
5824 ie_len = 0;
5825
5826 if (ie_len > wiphy->max_scan_ie_len) {
5827 err = -EINVAL;
5828 goto unlock;
5829 }
5830
5831 request = kzalloc(sizeof(*request)
5832 + sizeof(*request->ssids) * n_ssids
5833 + sizeof(*request->channels) * n_channels
5834 + ie_len, GFP_KERNEL);
5835 if (!request) {
5836 err = -ENOMEM;
5837 goto unlock;
5838 }
5839
5840 if (n_ssids)
5841 request->ssids = (void *)&request->channels[n_channels];
5842 request->n_ssids = n_ssids;
5843 if (ie_len) {
5844 if (n_ssids)
5845 request->ie = (void *)(request->ssids + n_ssids);
5846 else
5847 request->ie = (void *)(request->channels + n_channels);
5848 }
5849
5850 i = 0;
5851 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
5852
5853 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_FREQUENCIES], tmp) {
5854 struct ieee80211_channel *chan;
5855
5856 chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
5857
5858 if (!chan) {
5859 err = -EINVAL;
5860 goto out_free;
5861 }
5862
5863
5864 if (chan->flags & IEEE80211_CHAN_DISABLED)
5865 continue;
5866
5867 request->channels[i] = chan;
5868 i++;
5869 }
5870 } else {
5871 enum ieee80211_band band;
5872
5873
5874 for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
5875 int j;
5876 if (!wiphy->bands[band])
5877 continue;
5878 for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
5879 struct ieee80211_channel *chan;
5880
5881 chan = &wiphy->bands[band]->channels[j];
5882
5883 if (chan->flags & IEEE80211_CHAN_DISABLED)
5884 continue;
5885
5886 request->channels[i] = chan;
5887 i++;
5888 }
5889 }
5890 }
5891
5892 if (!i) {
5893 err = -EINVAL;
5894 goto out_free;
5895 }
5896
5897 request->n_channels = i;
5898
5899 i = 0;
5900 if (n_ssids) {
5901 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) {
5902 if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
5903 err = -EINVAL;
5904 goto out_free;
5905 }
5906 request->ssids[i].ssid_len = nla_len(attr);
5907 memcpy(request->ssids[i].ssid, nla_data(attr), nla_len(attr));
5908 i++;
5909 }
5910 }
5911
5912 if (info->attrs[NL80211_ATTR_IE]) {
5913 request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
5914 memcpy((void *)request->ie,
5915 nla_data(info->attrs[NL80211_ATTR_IE]),
5916 request->ie_len);
5917 }
5918
5919 for (i = 0; i < IEEE80211_NUM_BANDS; i++)
5920 if (wiphy->bands[i])
5921 request->rates[i] =
5922 (1 << wiphy->bands[i]->n_bitrates) - 1;
5923
5924 if (info->attrs[NL80211_ATTR_SCAN_SUPP_RATES]) {
5925 nla_for_each_nested(attr,
5926 info->attrs[NL80211_ATTR_SCAN_SUPP_RATES],
5927 tmp) {
5928 enum ieee80211_band band = nla_type(attr);
5929
5930 if (band < 0 || band >= IEEE80211_NUM_BANDS) {
5931 err = -EINVAL;
5932 goto out_free;
5933 }
5934
5935 if (!wiphy->bands[band])
5936 continue;
5937
5938 err = ieee80211_get_ratemask(wiphy->bands[band],
5939 nla_data(attr),
5940 nla_len(attr),
5941 &request->rates[band]);
5942 if (err)
5943 goto out_free;
5944 }
5945 }
5946
5947 if (info->attrs[NL80211_ATTR_SCAN_FLAGS]) {
5948 request->flags = nla_get_u32(
5949 info->attrs[NL80211_ATTR_SCAN_FLAGS]);
5950 if ((request->flags & NL80211_SCAN_FLAG_LOW_PRIORITY) &&
5951 !(wiphy->features & NL80211_FEATURE_LOW_PRIORITY_SCAN)) {
5952 err = -EOPNOTSUPP;
5953 goto out_free;
5954 }
5955
5956 if (request->flags & NL80211_SCAN_FLAG_RANDOM_ADDR) {
5957 if (!(wiphy->features &
5958 NL80211_FEATURE_SCAN_RANDOM_MAC_ADDR)) {
5959 err = -EOPNOTSUPP;
5960 goto out_free;
5961 }
5962
5963 if (wdev->current_bss) {
5964 err = -EOPNOTSUPP;
5965 goto out_free;
5966 }
5967
5968 err = nl80211_parse_random_mac(info->attrs,
5969 request->mac_addr,
5970 request->mac_addr_mask);
5971 if (err)
5972 goto out_free;
5973 }
5974 }
5975
5976 request->no_cck =
5977 nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
5978
5979 request->wdev = wdev;
5980 request->wiphy = &rdev->wiphy;
5981 request->scan_start = jiffies;
5982
5983 rdev->scan_req = request;
5984 err = rdev_scan(rdev, request);
5985
5986 if (!err) {
5987 nl80211_send_scan_start(rdev, wdev);
5988 if (wdev->netdev)
5989 dev_hold(wdev->netdev);
5990 } else {
5991 out_free:
5992 rdev->scan_req = NULL;
5993 kfree(request);
5994 }
5995
5996 unlock:
5997 return err;
5998}
5999
6000static int
6001nl80211_parse_sched_scan_plans(struct wiphy *wiphy, int n_plans,
6002 struct cfg80211_sched_scan_request *request,
6003 struct nlattr **attrs)
6004{
6005 int tmp, err, i = 0;
6006 struct nlattr *attr;
6007
6008 if (!attrs[NL80211_ATTR_SCHED_SCAN_PLANS]) {
6009 u32 interval;
6010
6011
6012
6013
6014
6015
6016
6017 if (!attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
6018 return -EINVAL;
6019
6020 interval = nla_get_u32(attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]);
6021 if (!interval)
6022 return -EINVAL;
6023
6024 request->scan_plans[0].interval =
6025 DIV_ROUND_UP(interval, MSEC_PER_SEC);
6026 if (!request->scan_plans[0].interval)
6027 return -EINVAL;
6028
6029 if (request->scan_plans[0].interval >
6030 wiphy->max_sched_scan_plan_interval)
6031 request->scan_plans[0].interval =
6032 wiphy->max_sched_scan_plan_interval;
6033
6034 return 0;
6035 }
6036
6037 nla_for_each_nested(attr, attrs[NL80211_ATTR_SCHED_SCAN_PLANS], tmp) {
6038 struct nlattr *plan[NL80211_SCHED_SCAN_PLAN_MAX + 1];
6039
6040 if (WARN_ON(i >= n_plans))
6041 return -EINVAL;
6042
6043 err = nla_parse(plan, NL80211_SCHED_SCAN_PLAN_MAX,
6044 nla_data(attr), nla_len(attr),
6045 nl80211_plan_policy);
6046 if (err)
6047 return err;
6048
6049 if (!plan[NL80211_SCHED_SCAN_PLAN_INTERVAL])
6050 return -EINVAL;
6051
6052 request->scan_plans[i].interval =
6053 nla_get_u32(plan[NL80211_SCHED_SCAN_PLAN_INTERVAL]);
6054 if (!request->scan_plans[i].interval ||
6055 request->scan_plans[i].interval >
6056 wiphy->max_sched_scan_plan_interval)
6057 return -EINVAL;
6058
6059 if (plan[NL80211_SCHED_SCAN_PLAN_ITERATIONS]) {
6060 request->scan_plans[i].iterations =
6061 nla_get_u32(plan[NL80211_SCHED_SCAN_PLAN_ITERATIONS]);
6062 if (!request->scan_plans[i].iterations ||
6063 (request->scan_plans[i].iterations >
6064 wiphy->max_sched_scan_plan_iterations))
6065 return -EINVAL;
6066 } else if (i < n_plans - 1) {
6067
6068
6069
6070
6071 return -EINVAL;
6072 }
6073
6074 i++;
6075 }
6076
6077
6078
6079
6080
6081 if (request->scan_plans[n_plans - 1].iterations)
6082 return -EINVAL;
6083
6084 return 0;
6085}
6086
6087static struct cfg80211_sched_scan_request *
6088nl80211_parse_sched_scan(struct wiphy *wiphy, struct wireless_dev *wdev,
6089 struct nlattr **attrs)
6090{
6091 struct cfg80211_sched_scan_request *request;
6092 struct nlattr *attr;
6093 int err, tmp, n_ssids = 0, n_match_sets = 0, n_channels, i, n_plans = 0;
6094 enum ieee80211_band band;
6095 size_t ie_len;
6096 struct nlattr *tb[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1];
6097 s32 default_match_rssi = NL80211_SCAN_RSSI_THOLD_OFF;
6098
6099 if (!is_valid_ie_attr(attrs[NL80211_ATTR_IE]))
6100 return ERR_PTR(-EINVAL);
6101
6102 if (attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
6103 n_channels = validate_scan_freqs(
6104 attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
6105 if (!n_channels)
6106 return ERR_PTR(-EINVAL);
6107 } else {
6108 n_channels = ieee80211_get_num_supported_channels(wiphy);
6109 }
6110
6111 if (attrs[NL80211_ATTR_SCAN_SSIDS])
6112 nla_for_each_nested(attr, attrs[NL80211_ATTR_SCAN_SSIDS],
6113 tmp)
6114 n_ssids++;
6115
6116 if (n_ssids > wiphy->max_sched_scan_ssids)
6117 return ERR_PTR(-EINVAL);
6118
6119
6120
6121
6122
6123
6124
6125
6126
6127
6128 if (attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
6129 nla_for_each_nested(attr,
6130 attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
6131 tmp) {
6132 struct nlattr *rssi;
6133
6134 err = nla_parse(tb, NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
6135 nla_data(attr), nla_len(attr),
6136 nl80211_match_policy);
6137 if (err)
6138 return ERR_PTR(err);
6139
6140 if (tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID]) {
6141 n_match_sets++;
6142 continue;
6143 }
6144 rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
6145 if (rssi)
6146 default_match_rssi = nla_get_s32(rssi);
6147 }
6148 }
6149
6150
6151 if (!n_match_sets && default_match_rssi != NL80211_SCAN_RSSI_THOLD_OFF)
6152 n_match_sets = 1;
6153
6154 if (n_match_sets > wiphy->max_match_sets)
6155 return ERR_PTR(-EINVAL);
6156
6157 if (attrs[NL80211_ATTR_IE])
6158 ie_len = nla_len(attrs[NL80211_ATTR_IE]);
6159 else
6160 ie_len = 0;
6161
6162 if (ie_len > wiphy->max_sched_scan_ie_len)
6163 return ERR_PTR(-EINVAL);
6164
6165 if (attrs[NL80211_ATTR_SCHED_SCAN_PLANS]) {
6166
6167
6168
6169
6170 if (attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
6171 return ERR_PTR(-EINVAL);
6172
6173 nla_for_each_nested(attr,
6174 attrs[NL80211_ATTR_SCHED_SCAN_PLANS], tmp)
6175 n_plans++;
6176 } else {
6177
6178
6179
6180
6181
6182
6183 if (!attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
6184 return ERR_PTR(-EINVAL);
6185
6186 n_plans = 1;
6187 }
6188
6189 if (!n_plans || n_plans > wiphy->max_sched_scan_plans)
6190 return ERR_PTR(-EINVAL);
6191
6192 request = kzalloc(sizeof(*request)
6193 + sizeof(*request->ssids) * n_ssids
6194 + sizeof(*request->match_sets) * n_match_sets
6195 + sizeof(*request->scan_plans) * n_plans
6196 + sizeof(*request->channels) * n_channels
6197 + ie_len, GFP_KERNEL);
6198 if (!request)
6199 return ERR_PTR(-ENOMEM);
6200
6201 if (n_ssids)
6202 request->ssids = (void *)&request->channels[n_channels];
6203 request->n_ssids = n_ssids;
6204 if (ie_len) {
6205 if (n_ssids)
6206 request->ie = (void *)(request->ssids + n_ssids);
6207 else
6208 request->ie = (void *)(request->channels + n_channels);
6209 }
6210
6211 if (n_match_sets) {
6212 if (request->ie)
6213 request->match_sets = (void *)(request->ie + ie_len);
6214 else if (n_ssids)
6215 request->match_sets =
6216 (void *)(request->ssids + n_ssids);
6217 else
6218 request->match_sets =
6219 (void *)(request->channels + n_channels);
6220 }
6221 request->n_match_sets = n_match_sets;
6222
6223 if (n_match_sets)
6224 request->scan_plans = (void *)(request->match_sets +
6225 n_match_sets);
6226 else if (request->ie)
6227 request->scan_plans = (void *)(request->ie + ie_len);
6228 else if (n_ssids)
6229 request->scan_plans = (void *)(request->ssids + n_ssids);
6230 else
6231 request->scan_plans = (void *)(request->channels + n_channels);
6232
6233 request->n_scan_plans = n_plans;
6234
6235 i = 0;
6236 if (attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
6237
6238 nla_for_each_nested(attr,
6239 attrs[NL80211_ATTR_SCAN_FREQUENCIES],
6240 tmp) {
6241 struct ieee80211_channel *chan;
6242
6243 chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
6244
6245 if (!chan) {
6246 err = -EINVAL;
6247 goto out_free;
6248 }
6249
6250
6251 if (chan->flags & IEEE80211_CHAN_DISABLED)
6252 continue;
6253
6254 request->channels[i] = chan;
6255 i++;
6256 }
6257 } else {
6258
6259 for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
6260 int j;
6261 if (!wiphy->bands[band])
6262 continue;
6263 for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
6264 struct ieee80211_channel *chan;
6265
6266 chan = &wiphy->bands[band]->channels[j];
6267
6268 if (chan->flags & IEEE80211_CHAN_DISABLED)
6269 continue;
6270
6271 request->channels[i] = chan;
6272 i++;
6273 }
6274 }
6275 }
6276
6277 if (!i) {
6278 err = -EINVAL;
6279 goto out_free;
6280 }
6281
6282 request->n_channels = i;
6283
6284 i = 0;
6285 if (n_ssids) {
6286 nla_for_each_nested(attr, attrs[NL80211_ATTR_SCAN_SSIDS],
6287 tmp) {
6288 if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
6289 err = -EINVAL;
6290 goto out_free;
6291 }
6292 request->ssids[i].ssid_len = nla_len(attr);
6293 memcpy(request->ssids[i].ssid, nla_data(attr),
6294 nla_len(attr));
6295 i++;
6296 }
6297 }
6298
6299 i = 0;
6300 if (attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
6301 nla_for_each_nested(attr,
6302 attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
6303 tmp) {
6304 struct nlattr *ssid, *rssi;
6305
6306 err = nla_parse(tb, NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
6307 nla_data(attr), nla_len(attr),
6308 nl80211_match_policy);
6309 if (err)
6310 goto out_free;
6311 ssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID];
6312 if (ssid) {
6313 if (WARN_ON(i >= n_match_sets)) {
6314
6315
6316
6317
6318 err = -EINVAL;
6319 goto out_free;
6320 }
6321
6322 if (nla_len(ssid) > IEEE80211_MAX_SSID_LEN) {
6323 err = -EINVAL;
6324 goto out_free;
6325 }
6326 memcpy(request->match_sets[i].ssid.ssid,
6327 nla_data(ssid), nla_len(ssid));
6328 request->match_sets[i].ssid.ssid_len =
6329 nla_len(ssid);
6330
6331 request->match_sets[i].rssi_thold =
6332 default_match_rssi;
6333 rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
6334 if (rssi)
6335 request->match_sets[i].rssi_thold =
6336 nla_get_s32(rssi);
6337 }
6338 i++;
6339 }
6340
6341
6342 if (i == 0 && n_match_sets)
6343 request->match_sets[0].rssi_thold = default_match_rssi;
6344
6345 request->min_rssi_thold = INT_MAX;
6346 for (i = 0; i < n_match_sets; i++)
6347 request->min_rssi_thold =
6348 min(request->match_sets[i].rssi_thold,
6349 request->min_rssi_thold);
6350 } else {
6351 request->min_rssi_thold = NL80211_SCAN_RSSI_THOLD_OFF;
6352 }
6353
6354 if (ie_len) {
6355 request->ie_len = ie_len;
6356 memcpy((void *)request->ie,
6357 nla_data(attrs[NL80211_ATTR_IE]),
6358 request->ie_len);
6359 }
6360
6361 if (attrs[NL80211_ATTR_SCAN_FLAGS]) {
6362 request->flags = nla_get_u32(
6363 attrs[NL80211_ATTR_SCAN_FLAGS]);
6364 if ((request->flags & NL80211_SCAN_FLAG_LOW_PRIORITY) &&
6365 !(wiphy->features & NL80211_FEATURE_LOW_PRIORITY_SCAN)) {
6366 err = -EOPNOTSUPP;
6367 goto out_free;
6368 }
6369
6370 if (request->flags & NL80211_SCAN_FLAG_RANDOM_ADDR) {
6371 u32 flg = NL80211_FEATURE_SCHED_SCAN_RANDOM_MAC_ADDR;
6372
6373 if (!wdev)
6374 flg = NL80211_FEATURE_ND_RANDOM_MAC_ADDR;
6375
6376 if (!(wiphy->features & flg)) {
6377 err = -EOPNOTSUPP;
6378 goto out_free;
6379 }
6380
6381 if (wdev && wdev->current_bss) {
6382 err = -EOPNOTSUPP;
6383 goto out_free;
6384 }
6385
6386 err = nl80211_parse_random_mac(attrs, request->mac_addr,
6387 request->mac_addr_mask);
6388 if (err)
6389 goto out_free;
6390 }
6391 }
6392
6393 if (attrs[NL80211_ATTR_SCHED_SCAN_DELAY])
6394 request->delay =
6395 nla_get_u32(attrs[NL80211_ATTR_SCHED_SCAN_DELAY]);
6396
6397 err = nl80211_parse_sched_scan_plans(wiphy, n_plans, request, attrs);
6398 if (err)
6399 goto out_free;
6400
6401 request->scan_start = jiffies;
6402
6403 return request;
6404
6405out_free:
6406 kfree(request);
6407 return ERR_PTR(err);
6408}
6409
6410static int nl80211_start_sched_scan(struct sk_buff *skb,
6411 struct genl_info *info)
6412{
6413 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6414 struct net_device *dev = info->user_ptr[1];
6415 struct wireless_dev *wdev = dev->ieee80211_ptr;
6416 struct cfg80211_sched_scan_request *sched_scan_req;
6417 int err;
6418
6419 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) ||
6420 !rdev->ops->sched_scan_start)
6421 return -EOPNOTSUPP;
6422
6423 if (rdev->sched_scan_req)
6424 return -EINPROGRESS;
6425
6426 sched_scan_req = nl80211_parse_sched_scan(&rdev->wiphy, wdev,
6427 info->attrs);
6428
6429 err = PTR_ERR_OR_ZERO(sched_scan_req);
6430 if (err)
6431 goto out_err;
6432
6433 err = rdev_sched_scan_start(rdev, dev, sched_scan_req);
6434 if (err)
6435 goto out_free;
6436
6437 sched_scan_req->dev = dev;
6438 sched_scan_req->wiphy = &rdev->wiphy;
6439
6440 if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
6441 sched_scan_req->owner_nlportid = info->snd_portid;
6442
6443 rcu_assign_pointer(rdev->sched_scan_req, sched_scan_req);
6444
6445 nl80211_send_sched_scan(rdev, dev,
6446 NL80211_CMD_START_SCHED_SCAN);
6447 return 0;
6448
6449out_free:
6450 kfree(sched_scan_req);
6451out_err:
6452 return err;
6453}
6454
6455static int nl80211_stop_sched_scan(struct sk_buff *skb,
6456 struct genl_info *info)
6457{
6458 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6459
6460 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) ||
6461 !rdev->ops->sched_scan_stop)
6462 return -EOPNOTSUPP;
6463
6464 return __cfg80211_stop_sched_scan(rdev, false);
6465}
6466
6467static int nl80211_start_radar_detection(struct sk_buff *skb,
6468 struct genl_info *info)
6469{
6470 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6471 struct net_device *dev = info->user_ptr[1];
6472 struct wireless_dev *wdev = dev->ieee80211_ptr;
6473 struct cfg80211_chan_def chandef;
6474 enum nl80211_dfs_regions dfs_region;
6475 unsigned int cac_time_ms;
6476 int err;
6477
6478 dfs_region = reg_get_dfs_region(wdev->wiphy);
6479 if (dfs_region == NL80211_DFS_UNSET)
6480 return -EINVAL;
6481
6482 err = nl80211_parse_chandef(rdev, info, &chandef);
6483 if (err)
6484 return err;
6485
6486 if (netif_carrier_ok(dev))
6487 return -EBUSY;
6488
6489 if (wdev->cac_started)
6490 return -EBUSY;
6491
6492 err = cfg80211_chandef_dfs_required(wdev->wiphy, &chandef,
6493 wdev->iftype);
6494 if (err < 0)
6495 return err;
6496
6497 if (err == 0)
6498 return -EINVAL;
6499
6500 if (!cfg80211_chandef_dfs_usable(wdev->wiphy, &chandef))
6501 return -EINVAL;
6502
6503 if (!rdev->ops->start_radar_detection)
6504 return -EOPNOTSUPP;
6505
6506 cac_time_ms = cfg80211_chandef_dfs_cac_time(&rdev->wiphy, &chandef);
6507 if (WARN_ON(!cac_time_ms))
6508 cac_time_ms = IEEE80211_DFS_MIN_CAC_TIME_MS;
6509
6510 err = rdev->ops->start_radar_detection(&rdev->wiphy, dev, &chandef,
6511 cac_time_ms);
6512 if (!err) {
6513 wdev->chandef = chandef;
6514 wdev->cac_started = true;
6515 wdev->cac_start_time = jiffies;
6516 wdev->cac_time_ms = cac_time_ms;
6517 }
6518 return err;
6519}
6520
6521static int nl80211_channel_switch(struct sk_buff *skb, struct genl_info *info)
6522{
6523 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6524 struct net_device *dev = info->user_ptr[1];
6525 struct wireless_dev *wdev = dev->ieee80211_ptr;
6526 struct cfg80211_csa_settings params;
6527
6528
6529
6530 static struct nlattr *csa_attrs[NL80211_ATTR_MAX+1];
6531 int err;
6532 bool need_new_beacon = false;
6533 int len, i;
6534 u32 cs_count;
6535
6536 if (!rdev->ops->channel_switch ||
6537 !(rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH))
6538 return -EOPNOTSUPP;
6539
6540 switch (dev->ieee80211_ptr->iftype) {
6541 case NL80211_IFTYPE_AP:
6542 case NL80211_IFTYPE_P2P_GO:
6543 need_new_beacon = true;
6544
6545
6546 if (!wdev->beacon_interval)
6547 return -ENOTCONN;
6548 break;
6549 case NL80211_IFTYPE_ADHOC:
6550 if (!wdev->ssid_len)
6551 return -ENOTCONN;
6552 break;
6553 case NL80211_IFTYPE_MESH_POINT:
6554 if (!wdev->mesh_id_len)
6555 return -ENOTCONN;
6556 break;
6557 default:
6558 return -EOPNOTSUPP;
6559 }
6560
6561 memset(¶ms, 0, sizeof(params));
6562
6563 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
6564 !info->attrs[NL80211_ATTR_CH_SWITCH_COUNT])
6565 return -EINVAL;
6566
6567
6568 if (need_new_beacon && !info->attrs[NL80211_ATTR_CSA_IES])
6569 return -EINVAL;
6570
6571
6572
6573
6574 cs_count = nla_get_u32(info->attrs[NL80211_ATTR_CH_SWITCH_COUNT]);
6575 if (cs_count > 255)
6576 return -EINVAL;
6577
6578 params.count = cs_count;
6579
6580 if (!need_new_beacon)
6581 goto skip_beacons;
6582
6583 err = nl80211_parse_beacon(info->attrs, ¶ms.beacon_after);
6584 if (err)
6585 return err;
6586
6587 err = nla_parse_nested(csa_attrs, NL80211_ATTR_MAX,
6588 info->attrs[NL80211_ATTR_CSA_IES],
6589 nl80211_policy);
6590 if (err)
6591 return err;
6592
6593 err = nl80211_parse_beacon(csa_attrs, ¶ms.beacon_csa);
6594 if (err)
6595 return err;
6596
6597 if (!csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON])
6598 return -EINVAL;
6599
6600 len = nla_len(csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON]);
6601 if (!len || (len % sizeof(u16)))
6602 return -EINVAL;
6603
6604 params.n_counter_offsets_beacon = len / sizeof(u16);
6605 if (rdev->wiphy.max_num_csa_counters &&
6606 (params.n_counter_offsets_beacon >
6607 rdev->wiphy.max_num_csa_counters))
6608 return -EINVAL;
6609
6610 params.counter_offsets_beacon =
6611 nla_data(csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON]);
6612
6613
6614 for (i = 0; i < params.n_counter_offsets_beacon; i++) {
6615 u16 offset = params.counter_offsets_beacon[i];
6616
6617 if (offset >= params.beacon_csa.tail_len)
6618 return -EINVAL;
6619
6620 if (params.beacon_csa.tail[offset] != params.count)
6621 return -EINVAL;
6622 }
6623
6624 if (csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]) {
6625 len = nla_len(csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]);
6626 if (!len || (len % sizeof(u16)))
6627 return -EINVAL;
6628
6629 params.n_counter_offsets_presp = len / sizeof(u16);
6630 if (rdev->wiphy.max_num_csa_counters &&
6631 (params.n_counter_offsets_beacon >
6632 rdev->wiphy.max_num_csa_counters))
6633 return -EINVAL;
6634
6635 params.counter_offsets_presp =
6636 nla_data(csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]);
6637
6638
6639 for (i = 0; i < params.n_counter_offsets_presp; i++) {
6640 u16 offset = params.counter_offsets_presp[i];
6641
6642 if (offset >= params.beacon_csa.probe_resp_len)
6643 return -EINVAL;
6644
6645 if (params.beacon_csa.probe_resp[offset] !=
6646 params.count)
6647 return -EINVAL;
6648 }
6649 }
6650
6651skip_beacons:
6652 err = nl80211_parse_chandef(rdev, info, ¶ms.chandef);
6653 if (err)
6654 return err;
6655
6656 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, ¶ms.chandef,
6657 wdev->iftype))
6658 return -EINVAL;
6659
6660 err = cfg80211_chandef_dfs_required(wdev->wiphy,
6661 ¶ms.chandef,
6662 wdev->iftype);
6663 if (err < 0)
6664 return err;
6665
6666 if (err > 0)
6667 params.radar_required = true;
6668
6669 if (info->attrs[NL80211_ATTR_CH_SWITCH_BLOCK_TX])
6670 params.block_tx = true;
6671
6672 wdev_lock(wdev);
6673 err = rdev_channel_switch(rdev, dev, ¶ms);
6674 wdev_unlock(wdev);
6675
6676 return err;
6677}
6678
6679static int nl80211_send_bss(struct sk_buff *msg, struct netlink_callback *cb,
6680 u32 seq, int flags,
6681 struct cfg80211_registered_device *rdev,
6682 struct wireless_dev *wdev,
6683 struct cfg80211_internal_bss *intbss)
6684{
6685 struct cfg80211_bss *res = &intbss->pub;
6686 const struct cfg80211_bss_ies *ies;
6687 void *hdr;
6688 struct nlattr *bss;
6689
6690 ASSERT_WDEV_LOCK(wdev);
6691
6692 hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags,
6693 NL80211_CMD_NEW_SCAN_RESULTS);
6694 if (!hdr)
6695 return -1;
6696
6697 genl_dump_check_consistent(cb, hdr, &nl80211_fam);
6698
6699 if (nla_put_u32(msg, NL80211_ATTR_GENERATION, rdev->bss_generation))
6700 goto nla_put_failure;
6701 if (wdev->netdev &&
6702 nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex))
6703 goto nla_put_failure;
6704 if (nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
6705 goto nla_put_failure;
6706
6707 bss = nla_nest_start(msg, NL80211_ATTR_BSS);
6708 if (!bss)
6709 goto nla_put_failure;
6710 if ((!is_zero_ether_addr(res->bssid) &&
6711 nla_put(msg, NL80211_BSS_BSSID, ETH_ALEN, res->bssid)))
6712 goto nla_put_failure;
6713
6714 rcu_read_lock();
6715
6716 if (rcu_access_pointer(res->proberesp_ies) &&
6717 nla_put_flag(msg, NL80211_BSS_PRESP_DATA))
6718 goto fail_unlock_rcu;
6719
6720
6721
6722
6723 ies = rcu_dereference(res->ies);
6724 if (ies) {
6725 if (nla_put_u64(msg, NL80211_BSS_TSF, ies->tsf))
6726 goto fail_unlock_rcu;
6727 if (ies->len && nla_put(msg, NL80211_BSS_INFORMATION_ELEMENTS,
6728 ies->len, ies->data))
6729 goto fail_unlock_rcu;
6730 }
6731
6732
6733 ies = rcu_dereference(res->beacon_ies);
6734 if (ies && ies->from_beacon) {
6735 if (nla_put_u64(msg, NL80211_BSS_BEACON_TSF, ies->tsf))
6736 goto fail_unlock_rcu;
6737 if (ies->len && nla_put(msg, NL80211_BSS_BEACON_IES,
6738 ies->len, ies->data))
6739 goto fail_unlock_rcu;
6740 }
6741 rcu_read_unlock();
6742
6743 if (res->beacon_interval &&
6744 nla_put_u16(msg, NL80211_BSS_BEACON_INTERVAL, res->beacon_interval))
6745 goto nla_put_failure;
6746 if (nla_put_u16(msg, NL80211_BSS_CAPABILITY, res->capability) ||
6747 nla_put_u32(msg, NL80211_BSS_FREQUENCY, res->channel->center_freq) ||
6748 nla_put_u32(msg, NL80211_BSS_CHAN_WIDTH, res->scan_width) ||
6749 nla_put_u32(msg, NL80211_BSS_SEEN_MS_AGO,
6750 jiffies_to_msecs(jiffies - intbss->ts)))
6751 goto nla_put_failure;
6752
6753 if (intbss->ts_boottime &&
6754 nla_put_u64(msg, NL80211_BSS_LAST_SEEN_BOOTTIME,
6755 intbss->ts_boottime))
6756 goto nla_put_failure;
6757
6758 switch (rdev->wiphy.signal_type) {
6759 case CFG80211_SIGNAL_TYPE_MBM:
6760 if (nla_put_u32(msg, NL80211_BSS_SIGNAL_MBM, res->signal))
6761 goto nla_put_failure;
6762 break;
6763 case CFG80211_SIGNAL_TYPE_UNSPEC:
6764 if (nla_put_u8(msg, NL80211_BSS_SIGNAL_UNSPEC, res->signal))
6765 goto nla_put_failure;
6766 break;
6767 default:
6768 break;
6769 }
6770
6771 switch (wdev->iftype) {
6772 case NL80211_IFTYPE_P2P_CLIENT:
6773 case NL80211_IFTYPE_STATION:
6774 if (intbss == wdev->current_bss &&
6775 nla_put_u32(msg, NL80211_BSS_STATUS,
6776 NL80211_BSS_STATUS_ASSOCIATED))
6777 goto nla_put_failure;
6778 break;
6779 case NL80211_IFTYPE_ADHOC:
6780 if (intbss == wdev->current_bss &&
6781 nla_put_u32(msg, NL80211_BSS_STATUS,
6782 NL80211_BSS_STATUS_IBSS_JOINED))
6783 goto nla_put_failure;
6784 break;
6785 default:
6786 break;
6787 }
6788
6789 nla_nest_end(msg, bss);
6790
6791 genlmsg_end(msg, hdr);
6792 return 0;
6793
6794 fail_unlock_rcu:
6795 rcu_read_unlock();
6796 nla_put_failure:
6797 genlmsg_cancel(msg, hdr);
6798 return -EMSGSIZE;
6799}
6800
6801static int nl80211_dump_scan(struct sk_buff *skb, struct netlink_callback *cb)
6802{
6803 struct cfg80211_registered_device *rdev;
6804 struct cfg80211_internal_bss *scan;
6805 struct wireless_dev *wdev;
6806 int start = cb->args[2], idx = 0;
6807 int err;
6808
6809 err = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev);
6810 if (err)
6811 return err;
6812
6813 wdev_lock(wdev);
6814 spin_lock_bh(&rdev->bss_lock);
6815 cfg80211_bss_expire(rdev);
6816
6817 cb->seq = rdev->bss_generation;
6818
6819 list_for_each_entry(scan, &rdev->bss_list, list) {
6820 if (++idx <= start)
6821 continue;
6822 if (nl80211_send_bss(skb, cb,
6823 cb->nlh->nlmsg_seq, NLM_F_MULTI,
6824 rdev, wdev, scan) < 0) {
6825 idx--;
6826 break;
6827 }
6828 }
6829
6830 spin_unlock_bh(&rdev->bss_lock);
6831 wdev_unlock(wdev);
6832
6833 cb->args[2] = idx;
6834 nl80211_finish_wdev_dump(rdev);
6835
6836 return skb->len;
6837}
6838
6839static int nl80211_send_survey(struct sk_buff *msg, u32 portid, u32 seq,
6840 int flags, struct net_device *dev,
6841 bool allow_radio_stats,
6842 struct survey_info *survey)
6843{
6844 void *hdr;
6845 struct nlattr *infoattr;
6846
6847
6848 if (!survey->channel && !allow_radio_stats)
6849 return 0;
6850
6851 hdr = nl80211hdr_put(msg, portid, seq, flags,
6852 NL80211_CMD_NEW_SURVEY_RESULTS);
6853 if (!hdr)
6854 return -ENOMEM;
6855
6856 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
6857 goto nla_put_failure;
6858
6859 infoattr = nla_nest_start(msg, NL80211_ATTR_SURVEY_INFO);
6860 if (!infoattr)
6861 goto nla_put_failure;
6862
6863 if (survey->channel &&
6864 nla_put_u32(msg, NL80211_SURVEY_INFO_FREQUENCY,
6865 survey->channel->center_freq))
6866 goto nla_put_failure;
6867
6868 if ((survey->filled & SURVEY_INFO_NOISE_DBM) &&
6869 nla_put_u8(msg, NL80211_SURVEY_INFO_NOISE, survey->noise))
6870 goto nla_put_failure;
6871 if ((survey->filled & SURVEY_INFO_IN_USE) &&
6872 nla_put_flag(msg, NL80211_SURVEY_INFO_IN_USE))
6873 goto nla_put_failure;
6874 if ((survey->filled & SURVEY_INFO_TIME) &&
6875 nla_put_u64(msg, NL80211_SURVEY_INFO_TIME,
6876 survey->time))
6877 goto nla_put_failure;
6878 if ((survey->filled & SURVEY_INFO_TIME_BUSY) &&
6879 nla_put_u64(msg, NL80211_SURVEY_INFO_TIME_BUSY,
6880 survey->time_busy))
6881 goto nla_put_failure;
6882 if ((survey->filled & SURVEY_INFO_TIME_EXT_BUSY) &&
6883 nla_put_u64(msg, NL80211_SURVEY_INFO_TIME_EXT_BUSY,
6884 survey->time_ext_busy))
6885 goto nla_put_failure;
6886 if ((survey->filled & SURVEY_INFO_TIME_RX) &&
6887 nla_put_u64(msg, NL80211_SURVEY_INFO_TIME_RX,
6888 survey->time_rx))
6889 goto nla_put_failure;
6890 if ((survey->filled & SURVEY_INFO_TIME_TX) &&
6891 nla_put_u64(msg, NL80211_SURVEY_INFO_TIME_TX,
6892 survey->time_tx))
6893 goto nla_put_failure;
6894 if ((survey->filled & SURVEY_INFO_TIME_SCAN) &&
6895 nla_put_u64(msg, NL80211_SURVEY_INFO_TIME_SCAN,
6896 survey->time_scan))
6897 goto nla_put_failure;
6898
6899 nla_nest_end(msg, infoattr);
6900
6901 genlmsg_end(msg, hdr);
6902 return 0;
6903
6904 nla_put_failure:
6905 genlmsg_cancel(msg, hdr);
6906 return -EMSGSIZE;
6907}
6908
6909static int nl80211_dump_survey(struct sk_buff *skb, struct netlink_callback *cb)
6910{
6911 struct survey_info survey;
6912 struct cfg80211_registered_device *rdev;
6913 struct wireless_dev *wdev;
6914 int survey_idx = cb->args[2];
6915 int res;
6916 bool radio_stats;
6917
6918 res = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev);
6919 if (res)
6920 return res;
6921
6922
6923 radio_stats = nl80211_fam.attrbuf[NL80211_ATTR_SURVEY_RADIO_STATS];
6924
6925 if (!wdev->netdev) {
6926 res = -EINVAL;
6927 goto out_err;
6928 }
6929
6930 if (!rdev->ops->dump_survey) {
6931 res = -EOPNOTSUPP;
6932 goto out_err;
6933 }
6934
6935 while (1) {
6936 res = rdev_dump_survey(rdev, wdev->netdev, survey_idx, &survey);
6937 if (res == -ENOENT)
6938 break;
6939 if (res)
6940 goto out_err;
6941
6942
6943 if (survey.channel &&
6944 survey.channel->flags & IEEE80211_CHAN_DISABLED) {
6945 survey_idx++;
6946 continue;
6947 }
6948
6949 if (nl80211_send_survey(skb,
6950 NETLINK_CB(cb->skb).portid,
6951 cb->nlh->nlmsg_seq, NLM_F_MULTI,
6952 wdev->netdev, radio_stats, &survey) < 0)
6953 goto out;
6954 survey_idx++;
6955 }
6956
6957 out:
6958 cb->args[2] = survey_idx;
6959 res = skb->len;
6960 out_err:
6961 nl80211_finish_wdev_dump(rdev);
6962 return res;
6963}
6964
6965static bool nl80211_valid_wpa_versions(u32 wpa_versions)
6966{
6967 return !(wpa_versions & ~(NL80211_WPA_VERSION_1 |
6968 NL80211_WPA_VERSION_2));
6969}
6970
6971static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info)
6972{
6973 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6974 struct net_device *dev = info->user_ptr[1];
6975 struct ieee80211_channel *chan;
6976 const u8 *bssid, *ssid, *ie = NULL, *sae_data = NULL;
6977 int err, ssid_len, ie_len = 0, sae_data_len = 0;
6978 enum nl80211_auth_type auth_type;
6979 struct key_parse key;
6980 bool local_state_change;
6981
6982 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
6983 return -EINVAL;
6984
6985 if (!info->attrs[NL80211_ATTR_MAC])
6986 return -EINVAL;
6987
6988 if (!info->attrs[NL80211_ATTR_AUTH_TYPE])
6989 return -EINVAL;
6990
6991 if (!info->attrs[NL80211_ATTR_SSID])
6992 return -EINVAL;
6993
6994 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
6995 return -EINVAL;
6996
6997 err = nl80211_parse_key(info, &key);
6998 if (err)
6999 return err;
7000
7001 if (key.idx >= 0) {
7002 if (key.type != -1 && key.type != NL80211_KEYTYPE_GROUP)
7003 return -EINVAL;
7004 if (!key.p.key || !key.p.key_len)
7005 return -EINVAL;
7006 if ((key.p.cipher != WLAN_CIPHER_SUITE_WEP40 ||
7007 key.p.key_len != WLAN_KEY_LEN_WEP40) &&
7008 (key.p.cipher != WLAN_CIPHER_SUITE_WEP104 ||
7009 key.p.key_len != WLAN_KEY_LEN_WEP104))
7010 return -EINVAL;
7011 if (key.idx > 4)
7012 return -EINVAL;
7013 } else {
7014 key.p.key_len = 0;
7015 key.p.key = NULL;
7016 }
7017
7018 if (key.idx >= 0) {
7019 int i;
7020 bool ok = false;
7021 for (i = 0; i < rdev->wiphy.n_cipher_suites; i++) {
7022 if (key.p.cipher == rdev->wiphy.cipher_suites[i]) {
7023 ok = true;
7024 break;
7025 }
7026 }
7027 if (!ok)
7028 return -EINVAL;
7029 }
7030
7031 if (!rdev->ops->auth)
7032 return -EOPNOTSUPP;
7033
7034 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
7035 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
7036 return -EOPNOTSUPP;
7037
7038 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
7039 chan = nl80211_get_valid_chan(&rdev->wiphy,
7040 info->attrs[NL80211_ATTR_WIPHY_FREQ]);
7041 if (!chan)
7042 return -EINVAL;
7043
7044 ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
7045 ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
7046
7047 if (info->attrs[NL80211_ATTR_IE]) {
7048 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
7049 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
7050 }
7051
7052 auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
7053 if (!nl80211_valid_auth_type(rdev, auth_type, NL80211_CMD_AUTHENTICATE))
7054 return -EINVAL;
7055
7056 if (auth_type == NL80211_AUTHTYPE_SAE &&
7057 !info->attrs[NL80211_ATTR_SAE_DATA])
7058 return -EINVAL;
7059
7060 if (info->attrs[NL80211_ATTR_SAE_DATA]) {
7061 if (auth_type != NL80211_AUTHTYPE_SAE)
7062 return -EINVAL;
7063 sae_data = nla_data(info->attrs[NL80211_ATTR_SAE_DATA]);
7064 sae_data_len = nla_len(info->attrs[NL80211_ATTR_SAE_DATA]);
7065
7066 if (sae_data_len < 4)
7067 return -EINVAL;
7068 }
7069
7070 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
7071
7072
7073
7074
7075
7076 if (local_state_change)
7077 return 0;
7078
7079 wdev_lock(dev->ieee80211_ptr);
7080 err = cfg80211_mlme_auth(rdev, dev, chan, auth_type, bssid,
7081 ssid, ssid_len, ie, ie_len,
7082 key.p.key, key.p.key_len, key.idx,
7083 sae_data, sae_data_len);
7084 wdev_unlock(dev->ieee80211_ptr);
7085 return err;
7086}
7087
7088static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
7089 struct genl_info *info,
7090 struct cfg80211_crypto_settings *settings,
7091 int cipher_limit)
7092{
7093 memset(settings, 0, sizeof(*settings));
7094
7095 settings->control_port = info->attrs[NL80211_ATTR_CONTROL_PORT];
7096
7097 if (info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) {
7098 u16 proto;
7099 proto = nla_get_u16(
7100 info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]);
7101 settings->control_port_ethertype = cpu_to_be16(proto);
7102 if (!(rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
7103 proto != ETH_P_PAE)
7104 return -EINVAL;
7105 if (info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT])
7106 settings->control_port_no_encrypt = true;
7107 } else
7108 settings->control_port_ethertype = cpu_to_be16(ETH_P_PAE);
7109
7110 if (info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]) {
7111 void *data;
7112 int len, i;
7113
7114 data = nla_data(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
7115 len = nla_len(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
7116 settings->n_ciphers_pairwise = len / sizeof(u32);
7117
7118 if (len % sizeof(u32))
7119 return -EINVAL;
7120
7121 if (settings->n_ciphers_pairwise > cipher_limit)
7122 return -EINVAL;
7123
7124 memcpy(settings->ciphers_pairwise, data, len);
7125
7126 for (i = 0; i < settings->n_ciphers_pairwise; i++)
7127 if (!cfg80211_supported_cipher_suite(
7128 &rdev->wiphy,
7129 settings->ciphers_pairwise[i]))
7130 return -EINVAL;
7131 }
7132
7133 if (info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]) {
7134 settings->cipher_group =
7135 nla_get_u32(info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]);
7136 if (!cfg80211_supported_cipher_suite(&rdev->wiphy,
7137 settings->cipher_group))
7138 return -EINVAL;
7139 }
7140
7141 if (info->attrs[NL80211_ATTR_WPA_VERSIONS]) {
7142 settings->wpa_versions =
7143 nla_get_u32(info->attrs[NL80211_ATTR_WPA_VERSIONS]);
7144 if (!nl80211_valid_wpa_versions(settings->wpa_versions))
7145 return -EINVAL;
7146 }
7147
7148 if (info->attrs[NL80211_ATTR_AKM_SUITES]) {
7149 void *data;
7150 int len;
7151
7152 data = nla_data(info->attrs[NL80211_ATTR_AKM_SUITES]);
7153 len = nla_len(info->attrs[NL80211_ATTR_AKM_SUITES]);
7154 settings->n_akm_suites = len / sizeof(u32);
7155
7156 if (len % sizeof(u32))
7157 return -EINVAL;
7158
7159 if (settings->n_akm_suites > NL80211_MAX_NR_AKM_SUITES)
7160 return -EINVAL;
7161
7162 memcpy(settings->akm_suites, data, len);
7163 }
7164
7165 return 0;
7166}
7167
7168static int nl80211_associate(struct sk_buff *skb, struct genl_info *info)
7169{
7170 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7171 struct net_device *dev = info->user_ptr[1];
7172 struct ieee80211_channel *chan;
7173 struct cfg80211_assoc_request req = {};
7174 const u8 *bssid, *ssid;
7175 int err, ssid_len = 0;
7176
7177 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
7178 return -EINVAL;
7179
7180 if (!info->attrs[NL80211_ATTR_MAC] ||
7181 !info->attrs[NL80211_ATTR_SSID] ||
7182 !info->attrs[NL80211_ATTR_WIPHY_FREQ])
7183 return -EINVAL;
7184
7185 if (!rdev->ops->assoc)
7186 return -EOPNOTSUPP;
7187
7188 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
7189 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
7190 return -EOPNOTSUPP;
7191
7192 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
7193
7194 chan = nl80211_get_valid_chan(&rdev->wiphy,
7195 info->attrs[NL80211_ATTR_WIPHY_FREQ]);
7196 if (!chan)
7197 return -EINVAL;
7198
7199 ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
7200 ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
7201
7202 if (info->attrs[NL80211_ATTR_IE]) {
7203 req.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
7204 req.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
7205 }
7206
7207 if (info->attrs[NL80211_ATTR_USE_MFP]) {
7208 enum nl80211_mfp mfp =
7209 nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
7210 if (mfp == NL80211_MFP_REQUIRED)
7211 req.use_mfp = true;
7212 else if (mfp != NL80211_MFP_NO)
7213 return -EINVAL;
7214 }
7215
7216 if (info->attrs[NL80211_ATTR_PREV_BSSID])
7217 req.prev_bssid = nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]);
7218
7219 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
7220 req.flags |= ASSOC_REQ_DISABLE_HT;
7221
7222 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
7223 memcpy(&req.ht_capa_mask,
7224 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
7225 sizeof(req.ht_capa_mask));
7226
7227 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
7228 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
7229 return -EINVAL;
7230 memcpy(&req.ht_capa,
7231 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
7232 sizeof(req.ht_capa));
7233 }
7234
7235 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT]))
7236 req.flags |= ASSOC_REQ_DISABLE_VHT;
7237
7238 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
7239 memcpy(&req.vht_capa_mask,
7240 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]),
7241 sizeof(req.vht_capa_mask));
7242
7243 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {
7244 if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
7245 return -EINVAL;
7246 memcpy(&req.vht_capa,
7247 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]),
7248 sizeof(req.vht_capa));
7249 }
7250
7251 if (nla_get_flag(info->attrs[NL80211_ATTR_USE_RRM])) {
7252 if (!(rdev->wiphy.features &
7253 NL80211_FEATURE_DS_PARAM_SET_IE_IN_PROBES) ||
7254 !(rdev->wiphy.features & NL80211_FEATURE_QUIET))
7255 return -EINVAL;
7256 req.flags |= ASSOC_REQ_USE_RRM;
7257 }
7258
7259 err = nl80211_crypto_settings(rdev, info, &req.crypto, 1);
7260 if (!err) {
7261 wdev_lock(dev->ieee80211_ptr);
7262 err = cfg80211_mlme_assoc(rdev, dev, chan, bssid,
7263 ssid, ssid_len, &req);
7264 wdev_unlock(dev->ieee80211_ptr);
7265 }
7266
7267 return err;
7268}
7269
7270static int nl80211_deauthenticate(struct sk_buff *skb, struct genl_info *info)
7271{
7272 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7273 struct net_device *dev = info->user_ptr[1];
7274 const u8 *ie = NULL, *bssid;
7275 int ie_len = 0, err;
7276 u16 reason_code;
7277 bool local_state_change;
7278
7279 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
7280 return -EINVAL;
7281
7282 if (!info->attrs[NL80211_ATTR_MAC])
7283 return -EINVAL;
7284
7285 if (!info->attrs[NL80211_ATTR_REASON_CODE])
7286 return -EINVAL;
7287
7288 if (!rdev->ops->deauth)
7289 return -EOPNOTSUPP;
7290
7291 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
7292 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
7293 return -EOPNOTSUPP;
7294
7295 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
7296
7297 reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
7298 if (reason_code == 0) {
7299
7300 return -EINVAL;
7301 }
7302
7303 if (info->attrs[NL80211_ATTR_IE]) {
7304 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
7305 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
7306 }
7307
7308 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
7309
7310 wdev_lock(dev->ieee80211_ptr);
7311 err = cfg80211_mlme_deauth(rdev, dev, bssid, ie, ie_len, reason_code,
7312 local_state_change);
7313 wdev_unlock(dev->ieee80211_ptr);
7314 return err;
7315}
7316
7317static int nl80211_disassociate(struct sk_buff *skb, struct genl_info *info)
7318{
7319 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7320 struct net_device *dev = info->user_ptr[1];
7321 const u8 *ie = NULL, *bssid;
7322 int ie_len = 0, err;
7323 u16 reason_code;
7324 bool local_state_change;
7325
7326 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
7327 return -EINVAL;
7328
7329 if (!info->attrs[NL80211_ATTR_MAC])
7330 return -EINVAL;
7331
7332 if (!info->attrs[NL80211_ATTR_REASON_CODE])
7333 return -EINVAL;
7334
7335 if (!rdev->ops->disassoc)
7336 return -EOPNOTSUPP;
7337
7338 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
7339 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
7340 return -EOPNOTSUPP;
7341
7342 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
7343
7344 reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
7345 if (reason_code == 0) {
7346
7347 return -EINVAL;
7348 }
7349
7350 if (info->attrs[NL80211_ATTR_IE]) {
7351 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
7352 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
7353 }
7354
7355 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
7356
7357 wdev_lock(dev->ieee80211_ptr);
7358 err = cfg80211_mlme_disassoc(rdev, dev, bssid, ie, ie_len, reason_code,
7359 local_state_change);
7360 wdev_unlock(dev->ieee80211_ptr);
7361 return err;
7362}
7363
7364static bool
7365nl80211_parse_mcast_rate(struct cfg80211_registered_device *rdev,
7366 int mcast_rate[IEEE80211_NUM_BANDS],
7367 int rateval)
7368{
7369 struct wiphy *wiphy = &rdev->wiphy;
7370 bool found = false;
7371 int band, i;
7372
7373 for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
7374 struct ieee80211_supported_band *sband;
7375
7376 sband = wiphy->bands[band];
7377 if (!sband)
7378 continue;
7379
7380 for (i = 0; i < sband->n_bitrates; i++) {
7381 if (sband->bitrates[i].bitrate == rateval) {
7382 mcast_rate[band] = i + 1;
7383 found = true;
7384 break;
7385 }
7386 }
7387 }
7388
7389 return found;
7390}
7391
7392static int nl80211_join_ibss(struct sk_buff *skb, struct genl_info *info)
7393{
7394 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7395 struct net_device *dev = info->user_ptr[1];
7396 struct cfg80211_ibss_params ibss;
7397 struct wiphy *wiphy;
7398 struct cfg80211_cached_keys *connkeys = NULL;
7399 int err;
7400
7401 memset(&ibss, 0, sizeof(ibss));
7402
7403 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
7404 return -EINVAL;
7405
7406 if (!info->attrs[NL80211_ATTR_SSID] ||
7407 !nla_len(info->attrs[NL80211_ATTR_SSID]))
7408 return -EINVAL;
7409
7410 ibss.beacon_interval = 100;
7411
7412 if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) {
7413 ibss.beacon_interval =
7414 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
7415 if (ibss.beacon_interval < 1 || ibss.beacon_interval > 10000)
7416 return -EINVAL;
7417 }
7418
7419 if (!rdev->ops->join_ibss)
7420 return -EOPNOTSUPP;
7421
7422 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
7423 return -EOPNOTSUPP;
7424
7425 wiphy = &rdev->wiphy;
7426
7427 if (info->attrs[NL80211_ATTR_MAC]) {
7428 ibss.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
7429
7430 if (!is_valid_ether_addr(ibss.bssid))
7431 return -EINVAL;
7432 }
7433 ibss.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
7434 ibss.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
7435
7436 if (info->attrs[NL80211_ATTR_IE]) {
7437 ibss.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
7438 ibss.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
7439 }
7440
7441 err = nl80211_parse_chandef(rdev, info, &ibss.chandef);
7442 if (err)
7443 return err;
7444
7445 if (!cfg80211_reg_can_beacon(&rdev->wiphy, &ibss.chandef,
7446 NL80211_IFTYPE_ADHOC))
7447 return -EINVAL;
7448
7449 switch (ibss.chandef.width) {
7450 case NL80211_CHAN_WIDTH_5:
7451 case NL80211_CHAN_WIDTH_10:
7452 case NL80211_CHAN_WIDTH_20_NOHT:
7453 break;
7454 case NL80211_CHAN_WIDTH_20:
7455 case NL80211_CHAN_WIDTH_40:
7456 if (!(rdev->wiphy.features & NL80211_FEATURE_HT_IBSS))
7457 return -EINVAL;
7458 break;
7459 case NL80211_CHAN_WIDTH_80:
7460 case NL80211_CHAN_WIDTH_80P80:
7461 case NL80211_CHAN_WIDTH_160:
7462 if (!(rdev->wiphy.features & NL80211_FEATURE_HT_IBSS))
7463 return -EINVAL;
7464 if (!wiphy_ext_feature_isset(&rdev->wiphy,
7465 NL80211_EXT_FEATURE_VHT_IBSS))
7466 return -EINVAL;
7467 break;
7468 default:
7469 return -EINVAL;
7470 }
7471
7472 ibss.channel_fixed = !!info->attrs[NL80211_ATTR_FREQ_FIXED];
7473 ibss.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
7474
7475 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
7476 u8 *rates =
7477 nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
7478 int n_rates =
7479 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
7480 struct ieee80211_supported_band *sband =
7481 wiphy->bands[ibss.chandef.chan->band];
7482
7483 err = ieee80211_get_ratemask(sband, rates, n_rates,
7484 &ibss.basic_rates);
7485 if (err)
7486 return err;
7487 }
7488
7489 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
7490 memcpy(&ibss.ht_capa_mask,
7491 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
7492 sizeof(ibss.ht_capa_mask));
7493
7494 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
7495 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
7496 return -EINVAL;
7497 memcpy(&ibss.ht_capa,
7498 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
7499 sizeof(ibss.ht_capa));
7500 }
7501
7502 if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
7503 !nl80211_parse_mcast_rate(rdev, ibss.mcast_rate,
7504 nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
7505 return -EINVAL;
7506
7507 if (ibss.privacy && info->attrs[NL80211_ATTR_KEYS]) {
7508 bool no_ht = false;
7509
7510 connkeys = nl80211_parse_connkeys(rdev,
7511 info->attrs[NL80211_ATTR_KEYS],
7512 &no_ht);
7513 if (IS_ERR(connkeys))
7514 return PTR_ERR(connkeys);
7515
7516 if ((ibss.chandef.width != NL80211_CHAN_WIDTH_20_NOHT) &&
7517 no_ht) {
7518 kfree(connkeys);
7519 return -EINVAL;
7520 }
7521 }
7522
7523 ibss.control_port =
7524 nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT]);
7525
7526 ibss.userspace_handles_dfs =
7527 nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS]);
7528
7529 err = cfg80211_join_ibss(rdev, dev, &ibss, connkeys);
7530 if (err)
7531 kzfree(connkeys);
7532 return err;
7533}
7534
7535static int nl80211_leave_ibss(struct sk_buff *skb, struct genl_info *info)
7536{
7537 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7538 struct net_device *dev = info->user_ptr[1];
7539
7540 if (!rdev->ops->leave_ibss)
7541 return -EOPNOTSUPP;
7542
7543 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
7544 return -EOPNOTSUPP;
7545
7546 return cfg80211_leave_ibss(rdev, dev, false);
7547}
7548
7549static int nl80211_set_mcast_rate(struct sk_buff *skb, struct genl_info *info)
7550{
7551 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7552 struct net_device *dev = info->user_ptr[1];
7553 int mcast_rate[IEEE80211_NUM_BANDS];
7554 u32 nla_rate;
7555 int err;
7556
7557 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC &&
7558 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
7559 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_OCB)
7560 return -EOPNOTSUPP;
7561
7562 if (!rdev->ops->set_mcast_rate)
7563 return -EOPNOTSUPP;
7564
7565 memset(mcast_rate, 0, sizeof(mcast_rate));
7566
7567 if (!info->attrs[NL80211_ATTR_MCAST_RATE])
7568 return -EINVAL;
7569
7570 nla_rate = nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE]);
7571 if (!nl80211_parse_mcast_rate(rdev, mcast_rate, nla_rate))
7572 return -EINVAL;
7573
7574 err = rdev->ops->set_mcast_rate(&rdev->wiphy, dev, mcast_rate);
7575
7576 return err;
7577}
7578
7579static struct sk_buff *
7580__cfg80211_alloc_vendor_skb(struct cfg80211_registered_device *rdev,
7581 struct wireless_dev *wdev, int approxlen,
7582 u32 portid, u32 seq, enum nl80211_commands cmd,
7583 enum nl80211_attrs attr,
7584 const struct nl80211_vendor_cmd_info *info,
7585 gfp_t gfp)
7586{
7587 struct sk_buff *skb;
7588 void *hdr;
7589 struct nlattr *data;
7590
7591 skb = nlmsg_new(approxlen + 100, gfp);
7592 if (!skb)
7593 return NULL;
7594
7595 hdr = nl80211hdr_put(skb, portid, seq, 0, cmd);
7596 if (!hdr) {
7597 kfree_skb(skb);
7598 return NULL;
7599 }
7600
7601 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
7602 goto nla_put_failure;
7603
7604 if (info) {
7605 if (nla_put_u32(skb, NL80211_ATTR_VENDOR_ID,
7606 info->vendor_id))
7607 goto nla_put_failure;
7608 if (nla_put_u32(skb, NL80211_ATTR_VENDOR_SUBCMD,
7609 info->subcmd))
7610 goto nla_put_failure;
7611 }
7612
7613 if (wdev) {
7614 if (nla_put_u64(skb, NL80211_ATTR_WDEV,
7615 wdev_id(wdev)))
7616 goto nla_put_failure;
7617 if (wdev->netdev &&
7618 nla_put_u32(skb, NL80211_ATTR_IFINDEX,
7619 wdev->netdev->ifindex))
7620 goto nla_put_failure;
7621 }
7622
7623 data = nla_nest_start(skb, attr);
7624
7625 ((void **)skb->cb)[0] = rdev;
7626 ((void **)skb->cb)[1] = hdr;
7627 ((void **)skb->cb)[2] = data;
7628
7629 return skb;
7630
7631 nla_put_failure:
7632 kfree_skb(skb);
7633 return NULL;
7634}
7635
7636struct sk_buff *__cfg80211_alloc_event_skb(struct wiphy *wiphy,
7637 struct wireless_dev *wdev,
7638 enum nl80211_commands cmd,
7639 enum nl80211_attrs attr,
7640 int vendor_event_idx,
7641 int approxlen, gfp_t gfp)
7642{
7643 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
7644 const struct nl80211_vendor_cmd_info *info;
7645
7646 switch (cmd) {
7647 case NL80211_CMD_TESTMODE:
7648 if (WARN_ON(vendor_event_idx != -1))
7649 return NULL;
7650 info = NULL;
7651 break;
7652 case NL80211_CMD_VENDOR:
7653 if (WARN_ON(vendor_event_idx < 0 ||
7654 vendor_event_idx >= wiphy->n_vendor_events))
7655 return NULL;
7656 info = &wiphy->vendor_events[vendor_event_idx];
7657 break;
7658 default:
7659 WARN_ON(1);
7660 return NULL;
7661 }
7662
7663 return __cfg80211_alloc_vendor_skb(rdev, wdev, approxlen, 0, 0,
7664 cmd, attr, info, gfp);
7665}
7666EXPORT_SYMBOL(__cfg80211_alloc_event_skb);
7667
7668void __cfg80211_send_event_skb(struct sk_buff *skb, gfp_t gfp)
7669{
7670 struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
7671 void *hdr = ((void **)skb->cb)[1];
7672 struct nlattr *data = ((void **)skb->cb)[2];
7673 enum nl80211_multicast_groups mcgrp = NL80211_MCGRP_TESTMODE;
7674
7675
7676 memset(skb->cb, 0, sizeof(skb->cb));
7677
7678 nla_nest_end(skb, data);
7679 genlmsg_end(skb, hdr);
7680
7681 if (data->nla_type == NL80211_ATTR_VENDOR_DATA)
7682 mcgrp = NL80211_MCGRP_VENDOR;
7683
7684 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), skb, 0,
7685 mcgrp, gfp);
7686}
7687EXPORT_SYMBOL(__cfg80211_send_event_skb);
7688
7689#ifdef CONFIG_NL80211_TESTMODE
7690static int nl80211_testmode_do(struct sk_buff *skb, struct genl_info *info)
7691{
7692 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7693 struct wireless_dev *wdev =
7694 __cfg80211_wdev_from_attrs(genl_info_net(info), info->attrs);
7695 int err;
7696
7697 if (!rdev->ops->testmode_cmd)
7698 return -EOPNOTSUPP;
7699
7700 if (IS_ERR(wdev)) {
7701 err = PTR_ERR(wdev);
7702 if (err != -EINVAL)
7703 return err;
7704 wdev = NULL;
7705 } else if (wdev->wiphy != &rdev->wiphy) {
7706 return -EINVAL;
7707 }
7708
7709 if (!info->attrs[NL80211_ATTR_TESTDATA])
7710 return -EINVAL;
7711
7712 rdev->cur_cmd_info = info;
7713 err = rdev_testmode_cmd(rdev, wdev,
7714 nla_data(info->attrs[NL80211_ATTR_TESTDATA]),
7715 nla_len(info->attrs[NL80211_ATTR_TESTDATA]));
7716 rdev->cur_cmd_info = NULL;
7717
7718 return err;
7719}
7720
7721static int nl80211_testmode_dump(struct sk_buff *skb,
7722 struct netlink_callback *cb)
7723{
7724 struct cfg80211_registered_device *rdev;
7725 int err;
7726 long phy_idx;
7727 void *data = NULL;
7728 int data_len = 0;
7729
7730 rtnl_lock();
7731
7732 if (cb->args[0]) {
7733
7734
7735
7736
7737 phy_idx = cb->args[0] - 1;
7738 } else {
7739 err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
7740 nl80211_fam.attrbuf, nl80211_fam.maxattr,
7741 nl80211_policy);
7742 if (err)
7743 goto out_err;
7744
7745 rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk),
7746 nl80211_fam.attrbuf);
7747 if (IS_ERR(rdev)) {
7748 err = PTR_ERR(rdev);
7749 goto out_err;
7750 }
7751 phy_idx = rdev->wiphy_idx;
7752 rdev = NULL;
7753
7754 if (nl80211_fam.attrbuf[NL80211_ATTR_TESTDATA])
7755 cb->args[1] =
7756 (long)nl80211_fam.attrbuf[NL80211_ATTR_TESTDATA];
7757 }
7758
7759 if (cb->args[1]) {
7760 data = nla_data((void *)cb->args[1]);
7761 data_len = nla_len((void *)cb->args[1]);
7762 }
7763
7764 rdev = cfg80211_rdev_by_wiphy_idx(phy_idx);
7765 if (!rdev) {
7766 err = -ENOENT;
7767 goto out_err;
7768 }
7769
7770 if (!rdev->ops->testmode_dump) {
7771 err = -EOPNOTSUPP;
7772 goto out_err;
7773 }
7774
7775 while (1) {
7776 void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid,
7777 cb->nlh->nlmsg_seq, NLM_F_MULTI,
7778 NL80211_CMD_TESTMODE);
7779 struct nlattr *tmdata;
7780
7781 if (!hdr)
7782 break;
7783
7784 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, phy_idx)) {
7785 genlmsg_cancel(skb, hdr);
7786 break;
7787 }
7788
7789 tmdata = nla_nest_start(skb, NL80211_ATTR_TESTDATA);
7790 if (!tmdata) {
7791 genlmsg_cancel(skb, hdr);
7792 break;
7793 }
7794 err = rdev_testmode_dump(rdev, skb, cb, data, data_len);
7795 nla_nest_end(skb, tmdata);
7796
7797 if (err == -ENOBUFS || err == -ENOENT) {
7798 genlmsg_cancel(skb, hdr);
7799 break;
7800 } else if (err) {
7801 genlmsg_cancel(skb, hdr);
7802 goto out_err;
7803 }
7804
7805 genlmsg_end(skb, hdr);
7806 }
7807
7808 err = skb->len;
7809
7810 cb->args[0] = phy_idx + 1;
7811 out_err:
7812 rtnl_unlock();
7813 return err;
7814}
7815#endif
7816
7817static int nl80211_connect(struct sk_buff *skb, struct genl_info *info)
7818{
7819 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7820 struct net_device *dev = info->user_ptr[1];
7821 struct cfg80211_connect_params connect;
7822 struct wiphy *wiphy;
7823 struct cfg80211_cached_keys *connkeys = NULL;
7824 int err;
7825
7826 memset(&connect, 0, sizeof(connect));
7827
7828 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
7829 return -EINVAL;
7830
7831 if (!info->attrs[NL80211_ATTR_SSID] ||
7832 !nla_len(info->attrs[NL80211_ATTR_SSID]))
7833 return -EINVAL;
7834
7835 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
7836 connect.auth_type =
7837 nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
7838 if (!nl80211_valid_auth_type(rdev, connect.auth_type,
7839 NL80211_CMD_CONNECT))
7840 return -EINVAL;
7841 } else
7842 connect.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
7843
7844 connect.privacy = info->attrs[NL80211_ATTR_PRIVACY];
7845
7846 err = nl80211_crypto_settings(rdev, info, &connect.crypto,
7847 NL80211_MAX_NR_CIPHER_SUITES);
7848 if (err)
7849 return err;
7850
7851 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
7852 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
7853 return -EOPNOTSUPP;
7854
7855 wiphy = &rdev->wiphy;
7856
7857 connect.bg_scan_period = -1;
7858 if (info->attrs[NL80211_ATTR_BG_SCAN_PERIOD] &&
7859 (wiphy->flags & WIPHY_FLAG_SUPPORTS_FW_ROAM)) {
7860 connect.bg_scan_period =
7861 nla_get_u16(info->attrs[NL80211_ATTR_BG_SCAN_PERIOD]);
7862 }
7863
7864 if (info->attrs[NL80211_ATTR_MAC])
7865 connect.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
7866 else if (info->attrs[NL80211_ATTR_MAC_HINT])
7867 connect.bssid_hint =
7868 nla_data(info->attrs[NL80211_ATTR_MAC_HINT]);
7869 connect.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
7870 connect.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
7871
7872 if (info->attrs[NL80211_ATTR_IE]) {
7873 connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
7874 connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
7875 }
7876
7877 if (info->attrs[NL80211_ATTR_USE_MFP]) {
7878 connect.mfp = nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
7879 if (connect.mfp != NL80211_MFP_REQUIRED &&
7880 connect.mfp != NL80211_MFP_NO)
7881 return -EINVAL;
7882 } else {
7883 connect.mfp = NL80211_MFP_NO;
7884 }
7885
7886 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
7887 connect.channel = nl80211_get_valid_chan(
7888 wiphy, info->attrs[NL80211_ATTR_WIPHY_FREQ]);
7889 if (!connect.channel)
7890 return -EINVAL;
7891 } else if (info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]) {
7892 connect.channel_hint = nl80211_get_valid_chan(
7893 wiphy, info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]);
7894 if (!connect.channel_hint)
7895 return -EINVAL;
7896 }
7897
7898 if (connect.privacy && info->attrs[NL80211_ATTR_KEYS]) {
7899 connkeys = nl80211_parse_connkeys(rdev,
7900 info->attrs[NL80211_ATTR_KEYS], NULL);
7901 if (IS_ERR(connkeys))
7902 return PTR_ERR(connkeys);
7903 }
7904
7905 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
7906 connect.flags |= ASSOC_REQ_DISABLE_HT;
7907
7908 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
7909 memcpy(&connect.ht_capa_mask,
7910 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
7911 sizeof(connect.ht_capa_mask));
7912
7913 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
7914 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) {
7915 kzfree(connkeys);
7916 return -EINVAL;
7917 }
7918 memcpy(&connect.ht_capa,
7919 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
7920 sizeof(connect.ht_capa));
7921 }
7922
7923 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT]))
7924 connect.flags |= ASSOC_REQ_DISABLE_VHT;
7925
7926 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
7927 memcpy(&connect.vht_capa_mask,
7928 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]),
7929 sizeof(connect.vht_capa_mask));
7930
7931 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {
7932 if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]) {
7933 kzfree(connkeys);
7934 return -EINVAL;
7935 }
7936 memcpy(&connect.vht_capa,
7937 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]),
7938 sizeof(connect.vht_capa));
7939 }
7940
7941 if (nla_get_flag(info->attrs[NL80211_ATTR_USE_RRM])) {
7942 if (!(rdev->wiphy.features &
7943 NL80211_FEATURE_DS_PARAM_SET_IE_IN_PROBES) ||
7944 !(rdev->wiphy.features & NL80211_FEATURE_QUIET)) {
7945 kzfree(connkeys);
7946 return -EINVAL;
7947 }
7948 connect.flags |= ASSOC_REQ_USE_RRM;
7949 }
7950
7951 wdev_lock(dev->ieee80211_ptr);
7952 err = cfg80211_connect(rdev, dev, &connect, connkeys, NULL);
7953 wdev_unlock(dev->ieee80211_ptr);
7954 if (err)
7955 kzfree(connkeys);
7956 return err;
7957}
7958
7959static int nl80211_disconnect(struct sk_buff *skb, struct genl_info *info)
7960{
7961 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7962 struct net_device *dev = info->user_ptr[1];
7963 u16 reason;
7964 int ret;
7965
7966 if (!info->attrs[NL80211_ATTR_REASON_CODE])
7967 reason = WLAN_REASON_DEAUTH_LEAVING;
7968 else
7969 reason = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
7970
7971 if (reason == 0)
7972 return -EINVAL;
7973
7974 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
7975 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
7976 return -EOPNOTSUPP;
7977
7978 wdev_lock(dev->ieee80211_ptr);
7979 ret = cfg80211_disconnect(rdev, dev, reason, true);
7980 wdev_unlock(dev->ieee80211_ptr);
7981 return ret;
7982}
7983
7984static int nl80211_wiphy_netns(struct sk_buff *skb, struct genl_info *info)
7985{
7986 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7987 struct net *net;
7988 int err;
7989
7990 if (info->attrs[NL80211_ATTR_PID]) {
7991 u32 pid = nla_get_u32(info->attrs[NL80211_ATTR_PID]);
7992
7993 net = get_net_ns_by_pid(pid);
7994 } else if (info->attrs[NL80211_ATTR_NETNS_FD]) {
7995 u32 fd = nla_get_u32(info->attrs[NL80211_ATTR_NETNS_FD]);
7996
7997 net = get_net_ns_by_fd(fd);
7998 } else {
7999 return -EINVAL;
8000 }
8001
8002 if (IS_ERR(net))
8003 return PTR_ERR(net);
8004
8005 err = 0;
8006
8007
8008 if (!net_eq(wiphy_net(&rdev->wiphy), net))
8009 err = cfg80211_switch_netns(rdev, net);
8010
8011 put_net(net);
8012 return err;
8013}
8014
8015static int nl80211_setdel_pmksa(struct sk_buff *skb, struct genl_info *info)
8016{
8017 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8018 int (*rdev_ops)(struct wiphy *wiphy, struct net_device *dev,
8019 struct cfg80211_pmksa *pmksa) = NULL;
8020 struct net_device *dev = info->user_ptr[1];
8021 struct cfg80211_pmksa pmksa;
8022
8023 memset(&pmksa, 0, sizeof(struct cfg80211_pmksa));
8024
8025 if (!info->attrs[NL80211_ATTR_MAC])
8026 return -EINVAL;
8027
8028 if (!info->attrs[NL80211_ATTR_PMKID])
8029 return -EINVAL;
8030
8031 pmksa.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]);
8032 pmksa.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
8033
8034 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
8035 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
8036 return -EOPNOTSUPP;
8037
8038 switch (info->genlhdr->cmd) {
8039 case NL80211_CMD_SET_PMKSA:
8040 rdev_ops = rdev->ops->set_pmksa;
8041 break;
8042 case NL80211_CMD_DEL_PMKSA:
8043 rdev_ops = rdev->ops->del_pmksa;
8044 break;
8045 default:
8046 WARN_ON(1);
8047 break;
8048 }
8049
8050 if (!rdev_ops)
8051 return -EOPNOTSUPP;
8052
8053 return rdev_ops(&rdev->wiphy, dev, &pmksa);
8054}
8055
8056static int nl80211_flush_pmksa(struct sk_buff *skb, struct genl_info *info)
8057{
8058 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8059 struct net_device *dev = info->user_ptr[1];
8060
8061 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
8062 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
8063 return -EOPNOTSUPP;
8064
8065 if (!rdev->ops->flush_pmksa)
8066 return -EOPNOTSUPP;
8067
8068 return rdev_flush_pmksa(rdev, dev);
8069}
8070
8071static int nl80211_tdls_mgmt(struct sk_buff *skb, struct genl_info *info)
8072{
8073 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8074 struct net_device *dev = info->user_ptr[1];
8075 u8 action_code, dialog_token;
8076 u32 peer_capability = 0;
8077 u16 status_code;
8078 u8 *peer;
8079 bool initiator;
8080
8081 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
8082 !rdev->ops->tdls_mgmt)
8083 return -EOPNOTSUPP;
8084
8085 if (!info->attrs[NL80211_ATTR_TDLS_ACTION] ||
8086 !info->attrs[NL80211_ATTR_STATUS_CODE] ||
8087 !info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN] ||
8088 !info->attrs[NL80211_ATTR_IE] ||
8089 !info->attrs[NL80211_ATTR_MAC])
8090 return -EINVAL;
8091
8092 peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
8093 action_code = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_ACTION]);
8094 status_code = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
8095 dialog_token = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN]);
8096 initiator = nla_get_flag(info->attrs[NL80211_ATTR_TDLS_INITIATOR]);
8097 if (info->attrs[NL80211_ATTR_TDLS_PEER_CAPABILITY])
8098 peer_capability =
8099 nla_get_u32(info->attrs[NL80211_ATTR_TDLS_PEER_CAPABILITY]);
8100
8101 return rdev_tdls_mgmt(rdev, dev, peer, action_code,
8102 dialog_token, status_code, peer_capability,
8103 initiator,
8104 nla_data(info->attrs[NL80211_ATTR_IE]),
8105 nla_len(info->attrs[NL80211_ATTR_IE]));
8106}
8107
8108static int nl80211_tdls_oper(struct sk_buff *skb, struct genl_info *info)
8109{
8110 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8111 struct net_device *dev = info->user_ptr[1];
8112 enum nl80211_tdls_operation operation;
8113 u8 *peer;
8114
8115 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
8116 !rdev->ops->tdls_oper)
8117 return -EOPNOTSUPP;
8118
8119 if (!info->attrs[NL80211_ATTR_TDLS_OPERATION] ||
8120 !info->attrs[NL80211_ATTR_MAC])
8121 return -EINVAL;
8122
8123 operation = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_OPERATION]);
8124 peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
8125
8126 return rdev_tdls_oper(rdev, dev, peer, operation);
8127}
8128
8129static int nl80211_remain_on_channel(struct sk_buff *skb,
8130 struct genl_info *info)
8131{
8132 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8133 struct wireless_dev *wdev = info->user_ptr[1];
8134 struct cfg80211_chan_def chandef;
8135 struct sk_buff *msg;
8136 void *hdr;
8137 u64 cookie;
8138 u32 duration;
8139 int err;
8140
8141 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
8142 !info->attrs[NL80211_ATTR_DURATION])
8143 return -EINVAL;
8144
8145 duration = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
8146
8147 if (!rdev->ops->remain_on_channel ||
8148 !(rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL))
8149 return -EOPNOTSUPP;
8150
8151
8152
8153
8154
8155 if (duration < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
8156 duration > rdev->wiphy.max_remain_on_channel_duration)
8157 return -EINVAL;
8158
8159 err = nl80211_parse_chandef(rdev, info, &chandef);
8160 if (err)
8161 return err;
8162
8163 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
8164 if (!msg)
8165 return -ENOMEM;
8166
8167 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
8168 NL80211_CMD_REMAIN_ON_CHANNEL);
8169 if (!hdr) {
8170 err = -ENOBUFS;
8171 goto free_msg;
8172 }
8173
8174 err = rdev_remain_on_channel(rdev, wdev, chandef.chan,
8175 duration, &cookie);
8176
8177 if (err)
8178 goto free_msg;
8179
8180 if (nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie))
8181 goto nla_put_failure;
8182
8183 genlmsg_end(msg, hdr);
8184
8185 return genlmsg_reply(msg, info);
8186
8187 nla_put_failure:
8188 err = -ENOBUFS;
8189 free_msg:
8190 nlmsg_free(msg);
8191 return err;
8192}
8193
8194static int nl80211_cancel_remain_on_channel(struct sk_buff *skb,
8195 struct genl_info *info)
8196{
8197 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8198 struct wireless_dev *wdev = info->user_ptr[1];
8199 u64 cookie;
8200
8201 if (!info->attrs[NL80211_ATTR_COOKIE])
8202 return -EINVAL;
8203
8204 if (!rdev->ops->cancel_remain_on_channel)
8205 return -EOPNOTSUPP;
8206
8207 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
8208
8209 return rdev_cancel_remain_on_channel(rdev, wdev, cookie);
8210}
8211
8212static u32 rateset_to_mask(struct ieee80211_supported_band *sband,
8213 u8 *rates, u8 rates_len)
8214{
8215 u8 i;
8216 u32 mask = 0;
8217
8218 for (i = 0; i < rates_len; i++) {
8219 int rate = (rates[i] & 0x7f) * 5;
8220 int ridx;
8221 for (ridx = 0; ridx < sband->n_bitrates; ridx++) {
8222 struct ieee80211_rate *srate =
8223 &sband->bitrates[ridx];
8224 if (rate == srate->bitrate) {
8225 mask |= 1 << ridx;
8226 break;
8227 }
8228 }
8229 if (ridx == sband->n_bitrates)
8230 return 0;
8231 }
8232
8233 return mask;
8234}
8235
8236static bool ht_rateset_to_mask(struct ieee80211_supported_band *sband,
8237 u8 *rates, u8 rates_len,
8238 u8 mcs[IEEE80211_HT_MCS_MASK_LEN])
8239{
8240 u8 i;
8241
8242 memset(mcs, 0, IEEE80211_HT_MCS_MASK_LEN);
8243
8244 for (i = 0; i < rates_len; i++) {
8245 int ridx, rbit;
8246
8247 ridx = rates[i] / 8;
8248 rbit = BIT(rates[i] % 8);
8249
8250
8251 if ((ridx < 0) || (ridx >= IEEE80211_HT_MCS_MASK_LEN))
8252 return false;
8253
8254
8255 if (sband->ht_cap.mcs.rx_mask[ridx] & rbit)
8256 mcs[ridx] |= rbit;
8257 else
8258 return false;
8259 }
8260
8261 return true;
8262}
8263
8264static u16 vht_mcs_map_to_mcs_mask(u8 vht_mcs_map)
8265{
8266 u16 mcs_mask = 0;
8267
8268 switch (vht_mcs_map) {
8269 case IEEE80211_VHT_MCS_NOT_SUPPORTED:
8270 break;
8271 case IEEE80211_VHT_MCS_SUPPORT_0_7:
8272 mcs_mask = 0x00FF;
8273 break;
8274 case IEEE80211_VHT_MCS_SUPPORT_0_8:
8275 mcs_mask = 0x01FF;
8276 break;
8277 case IEEE80211_VHT_MCS_SUPPORT_0_9:
8278 mcs_mask = 0x03FF;
8279 break;
8280 default:
8281 break;
8282 }
8283
8284 return mcs_mask;
8285}
8286
8287static void vht_build_mcs_mask(u16 vht_mcs_map,
8288 u16 vht_mcs_mask[NL80211_VHT_NSS_MAX])
8289{
8290 u8 nss;
8291
8292 for (nss = 0; nss < NL80211_VHT_NSS_MAX; nss++) {
8293 vht_mcs_mask[nss] = vht_mcs_map_to_mcs_mask(vht_mcs_map & 0x03);
8294 vht_mcs_map >>= 2;
8295 }
8296}
8297
8298static bool vht_set_mcs_mask(struct ieee80211_supported_band *sband,
8299 struct nl80211_txrate_vht *txrate,
8300 u16 mcs[NL80211_VHT_NSS_MAX])
8301{
8302 u16 tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
8303 u16 tx_mcs_mask[NL80211_VHT_NSS_MAX] = {};
8304 u8 i;
8305
8306 if (!sband->vht_cap.vht_supported)
8307 return false;
8308
8309 memset(mcs, 0, sizeof(u16) * NL80211_VHT_NSS_MAX);
8310
8311
8312 vht_build_mcs_mask(tx_mcs_map, tx_mcs_mask);
8313
8314 for (i = 0; i < NL80211_VHT_NSS_MAX; i++) {
8315 if ((tx_mcs_mask[i] & txrate->mcs[i]) == txrate->mcs[i])
8316 mcs[i] = txrate->mcs[i];
8317 else
8318 return false;
8319 }
8320
8321 return true;
8322}
8323
8324static const struct nla_policy nl80211_txattr_policy[NL80211_TXRATE_MAX + 1] = {
8325 [NL80211_TXRATE_LEGACY] = { .type = NLA_BINARY,
8326 .len = NL80211_MAX_SUPP_RATES },
8327 [NL80211_TXRATE_HT] = { .type = NLA_BINARY,
8328 .len = NL80211_MAX_SUPP_HT_RATES },
8329 [NL80211_TXRATE_VHT] = { .len = sizeof(struct nl80211_txrate_vht)},
8330 [NL80211_TXRATE_GI] = { .type = NLA_U8 },
8331};
8332
8333static int nl80211_set_tx_bitrate_mask(struct sk_buff *skb,
8334 struct genl_info *info)
8335{
8336 struct nlattr *tb[NL80211_TXRATE_MAX + 1];
8337 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8338 struct cfg80211_bitrate_mask mask;
8339 int rem, i;
8340 struct net_device *dev = info->user_ptr[1];
8341 struct nlattr *tx_rates;
8342 struct ieee80211_supported_band *sband;
8343 u16 vht_tx_mcs_map;
8344
8345 if (!rdev->ops->set_bitrate_mask)
8346 return -EOPNOTSUPP;
8347
8348 memset(&mask, 0, sizeof(mask));
8349
8350 for (i = 0; i < IEEE80211_NUM_BANDS; i++) {
8351 sband = rdev->wiphy.bands[i];
8352
8353 if (!sband)
8354 continue;
8355
8356 mask.control[i].legacy = (1 << sband->n_bitrates) - 1;
8357 memcpy(mask.control[i].ht_mcs,
8358 sband->ht_cap.mcs.rx_mask,
8359 sizeof(mask.control[i].ht_mcs));
8360
8361 if (!sband->vht_cap.vht_supported)
8362 continue;
8363
8364 vht_tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
8365 vht_build_mcs_mask(vht_tx_mcs_map, mask.control[i].vht_mcs);
8366 }
8367
8368
8369 if (!info->attrs[NL80211_ATTR_TX_RATES])
8370 goto out;
8371
8372
8373
8374
8375
8376 BUILD_BUG_ON(NL80211_MAX_SUPP_HT_RATES > IEEE80211_HT_MCS_MASK_LEN * 8);
8377 nla_for_each_nested(tx_rates, info->attrs[NL80211_ATTR_TX_RATES], rem) {
8378 enum ieee80211_band band = nla_type(tx_rates);
8379 int err;
8380
8381 if (band < 0 || band >= IEEE80211_NUM_BANDS)
8382 return -EINVAL;
8383 sband = rdev->wiphy.bands[band];
8384 if (sband == NULL)
8385 return -EINVAL;
8386 err = nla_parse(tb, NL80211_TXRATE_MAX, nla_data(tx_rates),
8387 nla_len(tx_rates), nl80211_txattr_policy);
8388 if (err)
8389 return err;
8390 if (tb[NL80211_TXRATE_LEGACY]) {
8391 mask.control[band].legacy = rateset_to_mask(
8392 sband,
8393 nla_data(tb[NL80211_TXRATE_LEGACY]),
8394 nla_len(tb[NL80211_TXRATE_LEGACY]));
8395 if ((mask.control[band].legacy == 0) &&
8396 nla_len(tb[NL80211_TXRATE_LEGACY]))
8397 return -EINVAL;
8398 }
8399 if (tb[NL80211_TXRATE_HT]) {
8400 if (!ht_rateset_to_mask(
8401 sband,
8402 nla_data(tb[NL80211_TXRATE_HT]),
8403 nla_len(tb[NL80211_TXRATE_HT]),
8404 mask.control[band].ht_mcs))
8405 return -EINVAL;
8406 }
8407 if (tb[NL80211_TXRATE_VHT]) {
8408 if (!vht_set_mcs_mask(
8409 sband,
8410 nla_data(tb[NL80211_TXRATE_VHT]),
8411 mask.control[band].vht_mcs))
8412 return -EINVAL;
8413 }
8414 if (tb[NL80211_TXRATE_GI]) {
8415 mask.control[band].gi =
8416 nla_get_u8(tb[NL80211_TXRATE_GI]);
8417 if (mask.control[band].gi > NL80211_TXRATE_FORCE_LGI)
8418 return -EINVAL;
8419 }
8420
8421 if (mask.control[band].legacy == 0) {
8422
8423
8424
8425 if (!(rdev->wiphy.bands[band]->ht_cap.ht_supported ||
8426 rdev->wiphy.bands[band]->vht_cap.vht_supported))
8427 return -EINVAL;
8428
8429 for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++)
8430 if (mask.control[band].ht_mcs[i])
8431 goto out;
8432
8433 for (i = 0; i < NL80211_VHT_NSS_MAX; i++)
8434 if (mask.control[band].vht_mcs[i])
8435 goto out;
8436
8437
8438 return -EINVAL;
8439 }
8440 }
8441
8442out:
8443 return rdev_set_bitrate_mask(rdev, dev, NULL, &mask);
8444}
8445
8446static int nl80211_register_mgmt(struct sk_buff *skb, struct genl_info *info)
8447{
8448 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8449 struct wireless_dev *wdev = info->user_ptr[1];
8450 u16 frame_type = IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_ACTION;
8451
8452 if (!info->attrs[NL80211_ATTR_FRAME_MATCH])
8453 return -EINVAL;
8454
8455 if (info->attrs[NL80211_ATTR_FRAME_TYPE])
8456 frame_type = nla_get_u16(info->attrs[NL80211_ATTR_FRAME_TYPE]);
8457
8458 switch (wdev->iftype) {
8459 case NL80211_IFTYPE_STATION:
8460 case NL80211_IFTYPE_ADHOC:
8461 case NL80211_IFTYPE_P2P_CLIENT:
8462 case NL80211_IFTYPE_AP:
8463 case NL80211_IFTYPE_AP_VLAN:
8464 case NL80211_IFTYPE_MESH_POINT:
8465 case NL80211_IFTYPE_P2P_GO:
8466 case NL80211_IFTYPE_P2P_DEVICE:
8467 break;
8468 default:
8469 return -EOPNOTSUPP;
8470 }
8471
8472
8473 if (!rdev->ops->mgmt_tx)
8474 return -EOPNOTSUPP;
8475
8476 return cfg80211_mlme_register_mgmt(wdev, info->snd_portid, frame_type,
8477 nla_data(info->attrs[NL80211_ATTR_FRAME_MATCH]),
8478 nla_len(info->attrs[NL80211_ATTR_FRAME_MATCH]));
8479}
8480
8481static int nl80211_tx_mgmt(struct sk_buff *skb, struct genl_info *info)
8482{
8483 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8484 struct wireless_dev *wdev = info->user_ptr[1];
8485 struct cfg80211_chan_def chandef;
8486 int err;
8487 void *hdr = NULL;
8488 u64 cookie;
8489 struct sk_buff *msg = NULL;
8490 struct cfg80211_mgmt_tx_params params = {
8491 .dont_wait_for_ack =
8492 info->attrs[NL80211_ATTR_DONT_WAIT_FOR_ACK],
8493 };
8494
8495 if (!info->attrs[NL80211_ATTR_FRAME])
8496 return -EINVAL;
8497
8498 if (!rdev->ops->mgmt_tx)
8499 return -EOPNOTSUPP;
8500
8501 switch (wdev->iftype) {
8502 case NL80211_IFTYPE_P2P_DEVICE:
8503 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
8504 return -EINVAL;
8505 case NL80211_IFTYPE_STATION:
8506 case NL80211_IFTYPE_ADHOC:
8507 case NL80211_IFTYPE_P2P_CLIENT:
8508 case NL80211_IFTYPE_AP:
8509 case NL80211_IFTYPE_AP_VLAN:
8510 case NL80211_IFTYPE_MESH_POINT:
8511 case NL80211_IFTYPE_P2P_GO:
8512 break;
8513 default:
8514 return -EOPNOTSUPP;
8515 }
8516
8517 if (info->attrs[NL80211_ATTR_DURATION]) {
8518 if (!(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
8519 return -EINVAL;
8520 params.wait = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
8521
8522
8523
8524
8525
8526 if (params.wait < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
8527 params.wait > rdev->wiphy.max_remain_on_channel_duration)
8528 return -EINVAL;
8529
8530 }
8531
8532 params.offchan = info->attrs[NL80211_ATTR_OFFCHANNEL_TX_OK];
8533
8534 if (params.offchan && !(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
8535 return -EINVAL;
8536
8537 params.no_cck = nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
8538
8539
8540
8541
8542 chandef.chan = NULL;
8543 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
8544 err = nl80211_parse_chandef(rdev, info, &chandef);
8545 if (err)
8546 return err;
8547 }
8548
8549 if (!chandef.chan && params.offchan)
8550 return -EINVAL;
8551
8552 params.buf = nla_data(info->attrs[NL80211_ATTR_FRAME]);
8553 params.len = nla_len(info->attrs[NL80211_ATTR_FRAME]);
8554
8555 if (info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]) {
8556 int len = nla_len(info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]);
8557 int i;
8558
8559 if (len % sizeof(u16))
8560 return -EINVAL;
8561
8562 params.n_csa_offsets = len / sizeof(u16);
8563 params.csa_offsets =
8564 nla_data(info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]);
8565
8566
8567 for (i = 0; i < params.n_csa_offsets; i++) {
8568 if (params.csa_offsets[i] >= params.len)
8569 return -EINVAL;
8570 }
8571 }
8572
8573 if (!params.dont_wait_for_ack) {
8574 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
8575 if (!msg)
8576 return -ENOMEM;
8577
8578 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
8579 NL80211_CMD_FRAME);
8580 if (!hdr) {
8581 err = -ENOBUFS;
8582 goto free_msg;
8583 }
8584 }
8585
8586 params.chan = chandef.chan;
8587 err = cfg80211_mlme_mgmt_tx(rdev, wdev, ¶ms, &cookie);
8588 if (err)
8589 goto free_msg;
8590
8591 if (msg) {
8592 if (nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie))
8593 goto nla_put_failure;
8594
8595 genlmsg_end(msg, hdr);
8596 return genlmsg_reply(msg, info);
8597 }
8598
8599 return 0;
8600
8601 nla_put_failure:
8602 err = -ENOBUFS;
8603 free_msg:
8604 nlmsg_free(msg);
8605 return err;
8606}
8607
8608static int nl80211_tx_mgmt_cancel_wait(struct sk_buff *skb, struct genl_info *info)
8609{
8610 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8611 struct wireless_dev *wdev = info->user_ptr[1];
8612 u64 cookie;
8613
8614 if (!info->attrs[NL80211_ATTR_COOKIE])
8615 return -EINVAL;
8616
8617 if (!rdev->ops->mgmt_tx_cancel_wait)
8618 return -EOPNOTSUPP;
8619
8620 switch (wdev->iftype) {
8621 case NL80211_IFTYPE_STATION:
8622 case NL80211_IFTYPE_ADHOC:
8623 case NL80211_IFTYPE_P2P_CLIENT:
8624 case NL80211_IFTYPE_AP:
8625 case NL80211_IFTYPE_AP_VLAN:
8626 case NL80211_IFTYPE_P2P_GO:
8627 case NL80211_IFTYPE_P2P_DEVICE:
8628 break;
8629 default:
8630 return -EOPNOTSUPP;
8631 }
8632
8633 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
8634
8635 return rdev_mgmt_tx_cancel_wait(rdev, wdev, cookie);
8636}
8637
8638static int nl80211_set_power_save(struct sk_buff *skb, struct genl_info *info)
8639{
8640 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8641 struct wireless_dev *wdev;
8642 struct net_device *dev = info->user_ptr[1];
8643 u8 ps_state;
8644 bool state;
8645 int err;
8646
8647 if (!info->attrs[NL80211_ATTR_PS_STATE])
8648 return -EINVAL;
8649
8650 ps_state = nla_get_u32(info->attrs[NL80211_ATTR_PS_STATE]);
8651
8652 if (ps_state != NL80211_PS_DISABLED && ps_state != NL80211_PS_ENABLED)
8653 return -EINVAL;
8654
8655 wdev = dev->ieee80211_ptr;
8656
8657 if (!rdev->ops->set_power_mgmt)
8658 return -EOPNOTSUPP;
8659
8660 state = (ps_state == NL80211_PS_ENABLED) ? true : false;
8661
8662 if (state == wdev->ps)
8663 return 0;
8664
8665 err = rdev_set_power_mgmt(rdev, dev, state, wdev->ps_timeout);
8666 if (!err)
8667 wdev->ps = state;
8668 return err;
8669}
8670
8671static int nl80211_get_power_save(struct sk_buff *skb, struct genl_info *info)
8672{
8673 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8674 enum nl80211_ps_state ps_state;
8675 struct wireless_dev *wdev;
8676 struct net_device *dev = info->user_ptr[1];
8677 struct sk_buff *msg;
8678 void *hdr;
8679 int err;
8680
8681 wdev = dev->ieee80211_ptr;
8682
8683 if (!rdev->ops->set_power_mgmt)
8684 return -EOPNOTSUPP;
8685
8686 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
8687 if (!msg)
8688 return -ENOMEM;
8689
8690 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
8691 NL80211_CMD_GET_POWER_SAVE);
8692 if (!hdr) {
8693 err = -ENOBUFS;
8694 goto free_msg;
8695 }
8696
8697 if (wdev->ps)
8698 ps_state = NL80211_PS_ENABLED;
8699 else
8700 ps_state = NL80211_PS_DISABLED;
8701
8702 if (nla_put_u32(msg, NL80211_ATTR_PS_STATE, ps_state))
8703 goto nla_put_failure;
8704
8705 genlmsg_end(msg, hdr);
8706 return genlmsg_reply(msg, info);
8707
8708 nla_put_failure:
8709 err = -ENOBUFS;
8710 free_msg:
8711 nlmsg_free(msg);
8712 return err;
8713}
8714
8715static const struct nla_policy
8716nl80211_attr_cqm_policy[NL80211_ATTR_CQM_MAX + 1] = {
8717 [NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_U32 },
8718 [NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U32 },
8719 [NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 },
8720 [NL80211_ATTR_CQM_TXE_RATE] = { .type = NLA_U32 },
8721 [NL80211_ATTR_CQM_TXE_PKTS] = { .type = NLA_U32 },
8722 [NL80211_ATTR_CQM_TXE_INTVL] = { .type = NLA_U32 },
8723};
8724
8725static int nl80211_set_cqm_txe(struct genl_info *info,
8726 u32 rate, u32 pkts, u32 intvl)
8727{
8728 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8729 struct net_device *dev = info->user_ptr[1];
8730 struct wireless_dev *wdev = dev->ieee80211_ptr;
8731
8732 if (rate > 100 || intvl > NL80211_CQM_TXE_MAX_INTVL)
8733 return -EINVAL;
8734
8735 if (!rdev->ops->set_cqm_txe_config)
8736 return -EOPNOTSUPP;
8737
8738 if (wdev->iftype != NL80211_IFTYPE_STATION &&
8739 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
8740 return -EOPNOTSUPP;
8741
8742 return rdev_set_cqm_txe_config(rdev, dev, rate, pkts, intvl);
8743}
8744
8745static int nl80211_set_cqm_rssi(struct genl_info *info,
8746 s32 threshold, u32 hysteresis)
8747{
8748 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8749 struct net_device *dev = info->user_ptr[1];
8750 struct wireless_dev *wdev = dev->ieee80211_ptr;
8751
8752 if (threshold > 0)
8753 return -EINVAL;
8754
8755
8756 if (threshold == 0)
8757 hysteresis = 0;
8758
8759 if (!rdev->ops->set_cqm_rssi_config)
8760 return -EOPNOTSUPP;
8761
8762 if (wdev->iftype != NL80211_IFTYPE_STATION &&
8763 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
8764 return -EOPNOTSUPP;
8765
8766 return rdev_set_cqm_rssi_config(rdev, dev, threshold, hysteresis);
8767}
8768
8769static int nl80211_set_cqm(struct sk_buff *skb, struct genl_info *info)
8770{
8771 struct nlattr *attrs[NL80211_ATTR_CQM_MAX + 1];
8772 struct nlattr *cqm;
8773 int err;
8774
8775 cqm = info->attrs[NL80211_ATTR_CQM];
8776 if (!cqm)
8777 return -EINVAL;
8778
8779 err = nla_parse_nested(attrs, NL80211_ATTR_CQM_MAX, cqm,
8780 nl80211_attr_cqm_policy);
8781 if (err)
8782 return err;
8783
8784 if (attrs[NL80211_ATTR_CQM_RSSI_THOLD] &&
8785 attrs[NL80211_ATTR_CQM_RSSI_HYST]) {
8786 s32 threshold = nla_get_s32(attrs[NL80211_ATTR_CQM_RSSI_THOLD]);
8787 u32 hysteresis = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_HYST]);
8788
8789 return nl80211_set_cqm_rssi(info, threshold, hysteresis);
8790 }
8791
8792 if (attrs[NL80211_ATTR_CQM_TXE_RATE] &&
8793 attrs[NL80211_ATTR_CQM_TXE_PKTS] &&
8794 attrs[NL80211_ATTR_CQM_TXE_INTVL]) {
8795 u32 rate = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_RATE]);
8796 u32 pkts = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_PKTS]);
8797 u32 intvl = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_INTVL]);
8798
8799 return nl80211_set_cqm_txe(info, rate, pkts, intvl);
8800 }
8801
8802 return -EINVAL;
8803}
8804
8805static int nl80211_join_ocb(struct sk_buff *skb, struct genl_info *info)
8806{
8807 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8808 struct net_device *dev = info->user_ptr[1];
8809 struct ocb_setup setup = {};
8810 int err;
8811
8812 err = nl80211_parse_chandef(rdev, info, &setup.chandef);
8813 if (err)
8814 return err;
8815
8816 return cfg80211_join_ocb(rdev, dev, &setup);
8817}
8818
8819static int nl80211_leave_ocb(struct sk_buff *skb, struct genl_info *info)
8820{
8821 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8822 struct net_device *dev = info->user_ptr[1];
8823
8824 return cfg80211_leave_ocb(rdev, dev);
8825}
8826
8827static int nl80211_join_mesh(struct sk_buff *skb, struct genl_info *info)
8828{
8829 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8830 struct net_device *dev = info->user_ptr[1];
8831 struct mesh_config cfg;
8832 struct mesh_setup setup;
8833 int err;
8834
8835
8836 memcpy(&cfg, &default_mesh_config, sizeof(cfg));
8837 memcpy(&setup, &default_mesh_setup, sizeof(setup));
8838
8839 if (info->attrs[NL80211_ATTR_MESH_CONFIG]) {
8840
8841 err = nl80211_parse_mesh_config(info, &cfg, NULL);
8842 if (err)
8843 return err;
8844 }
8845
8846 if (!info->attrs[NL80211_ATTR_MESH_ID] ||
8847 !nla_len(info->attrs[NL80211_ATTR_MESH_ID]))
8848 return -EINVAL;
8849
8850 setup.mesh_id = nla_data(info->attrs[NL80211_ATTR_MESH_ID]);
8851 setup.mesh_id_len = nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
8852
8853 if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
8854 !nl80211_parse_mcast_rate(rdev, setup.mcast_rate,
8855 nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
8856 return -EINVAL;
8857
8858 if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) {
8859 setup.beacon_interval =
8860 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
8861 if (setup.beacon_interval < 10 ||
8862 setup.beacon_interval > 10000)
8863 return -EINVAL;
8864 }
8865
8866 if (info->attrs[NL80211_ATTR_DTIM_PERIOD]) {
8867 setup.dtim_period =
8868 nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
8869 if (setup.dtim_period < 1 || setup.dtim_period > 100)
8870 return -EINVAL;
8871 }
8872
8873 if (info->attrs[NL80211_ATTR_MESH_SETUP]) {
8874
8875 err = nl80211_parse_mesh_setup(info, &setup);
8876 if (err)
8877 return err;
8878 }
8879
8880 if (setup.user_mpm)
8881 cfg.auto_open_plinks = false;
8882
8883 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
8884 err = nl80211_parse_chandef(rdev, info, &setup.chandef);
8885 if (err)
8886 return err;
8887 } else {
8888
8889 setup.chandef.chan = NULL;
8890 }
8891
8892 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
8893 u8 *rates = nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
8894 int n_rates =
8895 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
8896 struct ieee80211_supported_band *sband;
8897
8898 if (!setup.chandef.chan)
8899 return -EINVAL;
8900
8901 sband = rdev->wiphy.bands[setup.chandef.chan->band];
8902
8903 err = ieee80211_get_ratemask(sband, rates, n_rates,
8904 &setup.basic_rates);
8905 if (err)
8906 return err;
8907 }
8908
8909 return cfg80211_join_mesh(rdev, dev, &setup, &cfg);
8910}
8911
8912static int nl80211_leave_mesh(struct sk_buff *skb, struct genl_info *info)
8913{
8914 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8915 struct net_device *dev = info->user_ptr[1];
8916
8917 return cfg80211_leave_mesh(rdev, dev);
8918}
8919
8920#ifdef CONFIG_PM
8921static int nl80211_send_wowlan_patterns(struct sk_buff *msg,
8922 struct cfg80211_registered_device *rdev)
8923{
8924 struct cfg80211_wowlan *wowlan = rdev->wiphy.wowlan_config;
8925 struct nlattr *nl_pats, *nl_pat;
8926 int i, pat_len;
8927
8928 if (!wowlan->n_patterns)
8929 return 0;
8930
8931 nl_pats = nla_nest_start(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN);
8932 if (!nl_pats)
8933 return -ENOBUFS;
8934
8935 for (i = 0; i < wowlan->n_patterns; i++) {
8936 nl_pat = nla_nest_start(msg, i + 1);
8937 if (!nl_pat)
8938 return -ENOBUFS;
8939 pat_len = wowlan->patterns[i].pattern_len;
8940 if (nla_put(msg, NL80211_PKTPAT_MASK, DIV_ROUND_UP(pat_len, 8),
8941 wowlan->patterns[i].mask) ||
8942 nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len,
8943 wowlan->patterns[i].pattern) ||
8944 nla_put_u32(msg, NL80211_PKTPAT_OFFSET,
8945 wowlan->patterns[i].pkt_offset))
8946 return -ENOBUFS;
8947 nla_nest_end(msg, nl_pat);
8948 }
8949 nla_nest_end(msg, nl_pats);
8950
8951 return 0;
8952}
8953
8954static int nl80211_send_wowlan_tcp(struct sk_buff *msg,
8955 struct cfg80211_wowlan_tcp *tcp)
8956{
8957 struct nlattr *nl_tcp;
8958
8959 if (!tcp)
8960 return 0;
8961
8962 nl_tcp = nla_nest_start(msg, NL80211_WOWLAN_TRIG_TCP_CONNECTION);
8963 if (!nl_tcp)
8964 return -ENOBUFS;
8965
8966 if (nla_put_in_addr(msg, NL80211_WOWLAN_TCP_SRC_IPV4, tcp->src) ||
8967 nla_put_in_addr(msg, NL80211_WOWLAN_TCP_DST_IPV4, tcp->dst) ||
8968 nla_put(msg, NL80211_WOWLAN_TCP_DST_MAC, ETH_ALEN, tcp->dst_mac) ||
8969 nla_put_u16(msg, NL80211_WOWLAN_TCP_SRC_PORT, tcp->src_port) ||
8970 nla_put_u16(msg, NL80211_WOWLAN_TCP_DST_PORT, tcp->dst_port) ||
8971 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
8972 tcp->payload_len, tcp->payload) ||
8973 nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
8974 tcp->data_interval) ||
8975 nla_put(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
8976 tcp->wake_len, tcp->wake_data) ||
8977 nla_put(msg, NL80211_WOWLAN_TCP_WAKE_MASK,
8978 DIV_ROUND_UP(tcp->wake_len, 8), tcp->wake_mask))
8979 return -ENOBUFS;
8980
8981 if (tcp->payload_seq.len &&
8982 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ,
8983 sizeof(tcp->payload_seq), &tcp->payload_seq))
8984 return -ENOBUFS;
8985
8986 if (tcp->payload_tok.len &&
8987 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
8988 sizeof(tcp->payload_tok) + tcp->tokens_size,
8989 &tcp->payload_tok))
8990 return -ENOBUFS;
8991
8992 nla_nest_end(msg, nl_tcp);
8993
8994 return 0;
8995}
8996
8997static int nl80211_send_wowlan_nd(struct sk_buff *msg,
8998 struct cfg80211_sched_scan_request *req)
8999{
9000 struct nlattr *nd, *freqs, *matches, *match, *scan_plans, *scan_plan;
9001 int i;
9002
9003 if (!req)
9004 return 0;
9005
9006 nd = nla_nest_start(msg, NL80211_WOWLAN_TRIG_NET_DETECT);
9007 if (!nd)
9008 return -ENOBUFS;
9009
9010 if (req->n_scan_plans == 1 &&
9011 nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_INTERVAL,
9012 req->scan_plans[0].interval * 1000))
9013 return -ENOBUFS;
9014
9015 if (nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_DELAY, req->delay))
9016 return -ENOBUFS;
9017
9018 freqs = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQUENCIES);
9019 if (!freqs)
9020 return -ENOBUFS;
9021
9022 for (i = 0; i < req->n_channels; i++)
9023 nla_put_u32(msg, i, req->channels[i]->center_freq);
9024
9025 nla_nest_end(msg, freqs);
9026
9027 if (req->n_match_sets) {
9028 matches = nla_nest_start(msg, NL80211_ATTR_SCHED_SCAN_MATCH);
9029 for (i = 0; i < req->n_match_sets; i++) {
9030 match = nla_nest_start(msg, i);
9031 nla_put(msg, NL80211_SCHED_SCAN_MATCH_ATTR_SSID,
9032 req->match_sets[i].ssid.ssid_len,
9033 req->match_sets[i].ssid.ssid);
9034 nla_nest_end(msg, match);
9035 }
9036 nla_nest_end(msg, matches);
9037 }
9038
9039 scan_plans = nla_nest_start(msg, NL80211_ATTR_SCHED_SCAN_PLANS);
9040 if (!scan_plans)
9041 return -ENOBUFS;
9042
9043 for (i = 0; i < req->n_scan_plans; i++) {
9044 scan_plan = nla_nest_start(msg, i + 1);
9045 if (!scan_plan ||
9046 nla_put_u32(msg, NL80211_SCHED_SCAN_PLAN_INTERVAL,
9047 req->scan_plans[i].interval) ||
9048 (req->scan_plans[i].iterations &&
9049 nla_put_u32(msg, NL80211_SCHED_SCAN_PLAN_ITERATIONS,
9050 req->scan_plans[i].iterations)))
9051 return -ENOBUFS;
9052 nla_nest_end(msg, scan_plan);
9053 }
9054 nla_nest_end(msg, scan_plans);
9055
9056 nla_nest_end(msg, nd);
9057
9058 return 0;
9059}
9060
9061static int nl80211_get_wowlan(struct sk_buff *skb, struct genl_info *info)
9062{
9063 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9064 struct sk_buff *msg;
9065 void *hdr;
9066 u32 size = NLMSG_DEFAULT_SIZE;
9067
9068 if (!rdev->wiphy.wowlan)
9069 return -EOPNOTSUPP;
9070
9071 if (rdev->wiphy.wowlan_config && rdev->wiphy.wowlan_config->tcp) {
9072
9073 size += rdev->wiphy.wowlan_config->tcp->tokens_size +
9074 rdev->wiphy.wowlan_config->tcp->payload_len +
9075 rdev->wiphy.wowlan_config->tcp->wake_len +
9076 rdev->wiphy.wowlan_config->tcp->wake_len / 8;
9077 }
9078
9079 msg = nlmsg_new(size, GFP_KERNEL);
9080 if (!msg)
9081 return -ENOMEM;
9082
9083 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
9084 NL80211_CMD_GET_WOWLAN);
9085 if (!hdr)
9086 goto nla_put_failure;
9087
9088 if (rdev->wiphy.wowlan_config) {
9089 struct nlattr *nl_wowlan;
9090
9091 nl_wowlan = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS);
9092 if (!nl_wowlan)
9093 goto nla_put_failure;
9094
9095 if ((rdev->wiphy.wowlan_config->any &&
9096 nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
9097 (rdev->wiphy.wowlan_config->disconnect &&
9098 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
9099 (rdev->wiphy.wowlan_config->magic_pkt &&
9100 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
9101 (rdev->wiphy.wowlan_config->gtk_rekey_failure &&
9102 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
9103 (rdev->wiphy.wowlan_config->eap_identity_req &&
9104 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
9105 (rdev->wiphy.wowlan_config->four_way_handshake &&
9106 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
9107 (rdev->wiphy.wowlan_config->rfkill_release &&
9108 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
9109 goto nla_put_failure;
9110
9111 if (nl80211_send_wowlan_patterns(msg, rdev))
9112 goto nla_put_failure;
9113
9114 if (nl80211_send_wowlan_tcp(msg,
9115 rdev->wiphy.wowlan_config->tcp))
9116 goto nla_put_failure;
9117
9118 if (nl80211_send_wowlan_nd(
9119 msg,
9120 rdev->wiphy.wowlan_config->nd_config))
9121 goto nla_put_failure;
9122
9123 nla_nest_end(msg, nl_wowlan);
9124 }
9125
9126 genlmsg_end(msg, hdr);
9127 return genlmsg_reply(msg, info);
9128
9129nla_put_failure:
9130 nlmsg_free(msg);
9131 return -ENOBUFS;
9132}
9133
9134static int nl80211_parse_wowlan_tcp(struct cfg80211_registered_device *rdev,
9135 struct nlattr *attr,
9136 struct cfg80211_wowlan *trig)
9137{
9138 struct nlattr *tb[NUM_NL80211_WOWLAN_TCP];
9139 struct cfg80211_wowlan_tcp *cfg;
9140 struct nl80211_wowlan_tcp_data_token *tok = NULL;
9141 struct nl80211_wowlan_tcp_data_seq *seq = NULL;
9142 u32 size;
9143 u32 data_size, wake_size, tokens_size = 0, wake_mask_size;
9144 int err, port;
9145
9146 if (!rdev->wiphy.wowlan->tcp)
9147 return -EINVAL;
9148
9149 err = nla_parse(tb, MAX_NL80211_WOWLAN_TCP,
9150 nla_data(attr), nla_len(attr),
9151 nl80211_wowlan_tcp_policy);
9152 if (err)
9153 return err;
9154
9155 if (!tb[NL80211_WOWLAN_TCP_SRC_IPV4] ||
9156 !tb[NL80211_WOWLAN_TCP_DST_IPV4] ||
9157 !tb[NL80211_WOWLAN_TCP_DST_MAC] ||
9158 !tb[NL80211_WOWLAN_TCP_DST_PORT] ||
9159 !tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD] ||
9160 !tb[NL80211_WOWLAN_TCP_DATA_INTERVAL] ||
9161 !tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD] ||
9162 !tb[NL80211_WOWLAN_TCP_WAKE_MASK])
9163 return -EINVAL;
9164
9165 data_size = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]);
9166 if (data_size > rdev->wiphy.wowlan->tcp->data_payload_max)
9167 return -EINVAL;
9168
9169 if (nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) >
9170 rdev->wiphy.wowlan->tcp->data_interval_max ||
9171 nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) == 0)
9172 return -EINVAL;
9173
9174 wake_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]);
9175 if (wake_size > rdev->wiphy.wowlan->tcp->wake_payload_max)
9176 return -EINVAL;
9177
9178 wake_mask_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_MASK]);
9179 if (wake_mask_size != DIV_ROUND_UP(wake_size, 8))
9180 return -EINVAL;
9181
9182 if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]) {
9183 u32 tokln = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]);
9184
9185 tok = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]);
9186 tokens_size = tokln - sizeof(*tok);
9187
9188 if (!tok->len || tokens_size % tok->len)
9189 return -EINVAL;
9190 if (!rdev->wiphy.wowlan->tcp->tok)
9191 return -EINVAL;
9192 if (tok->len > rdev->wiphy.wowlan->tcp->tok->max_len)
9193 return -EINVAL;
9194 if (tok->len < rdev->wiphy.wowlan->tcp->tok->min_len)
9195 return -EINVAL;
9196 if (tokens_size > rdev->wiphy.wowlan->tcp->tok->bufsize)
9197 return -EINVAL;
9198 if (tok->offset + tok->len > data_size)
9199 return -EINVAL;
9200 }
9201
9202 if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]) {
9203 seq = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]);
9204 if (!rdev->wiphy.wowlan->tcp->seq)
9205 return -EINVAL;
9206 if (seq->len == 0 || seq->len > 4)
9207 return -EINVAL;
9208 if (seq->len + seq->offset > data_size)
9209 return -EINVAL;
9210 }
9211
9212 size = sizeof(*cfg);
9213 size += data_size;
9214 size += wake_size + wake_mask_size;
9215 size += tokens_size;
9216
9217 cfg = kzalloc(size, GFP_KERNEL);
9218 if (!cfg)
9219 return -ENOMEM;
9220 cfg->src = nla_get_in_addr(tb[NL80211_WOWLAN_TCP_SRC_IPV4]);
9221 cfg->dst = nla_get_in_addr(tb[NL80211_WOWLAN_TCP_DST_IPV4]);
9222 memcpy(cfg->dst_mac, nla_data(tb[NL80211_WOWLAN_TCP_DST_MAC]),
9223 ETH_ALEN);
9224 if (tb[NL80211_WOWLAN_TCP_SRC_PORT])
9225 port = nla_get_u16(tb[NL80211_WOWLAN_TCP_SRC_PORT]);
9226 else
9227 port = 0;
9228#ifdef CONFIG_INET
9229
9230 err = __sock_create(wiphy_net(&rdev->wiphy), PF_INET, SOCK_STREAM,
9231 IPPROTO_TCP, &cfg->sock, 1);
9232 if (err) {
9233 kfree(cfg);
9234 return err;
9235 }
9236 if (inet_csk_get_port(cfg->sock->sk, port)) {
9237 sock_release(cfg->sock);
9238 kfree(cfg);
9239 return -EADDRINUSE;
9240 }
9241 cfg->src_port = inet_sk(cfg->sock->sk)->inet_num;
9242#else
9243 if (!port) {
9244 kfree(cfg);
9245 return -EINVAL;
9246 }
9247 cfg->src_port = port;
9248#endif
9249
9250 cfg->dst_port = nla_get_u16(tb[NL80211_WOWLAN_TCP_DST_PORT]);
9251 cfg->payload_len = data_size;
9252 cfg->payload = (u8 *)cfg + sizeof(*cfg) + tokens_size;
9253 memcpy((void *)cfg->payload,
9254 nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]),
9255 data_size);
9256 if (seq)
9257 cfg->payload_seq = *seq;
9258 cfg->data_interval = nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]);
9259 cfg->wake_len = wake_size;
9260 cfg->wake_data = (u8 *)cfg + sizeof(*cfg) + tokens_size + data_size;
9261 memcpy((void *)cfg->wake_data,
9262 nla_data(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]),
9263 wake_size);
9264 cfg->wake_mask = (u8 *)cfg + sizeof(*cfg) + tokens_size +
9265 data_size + wake_size;
9266 memcpy((void *)cfg->wake_mask,
9267 nla_data(tb[NL80211_WOWLAN_TCP_WAKE_MASK]),
9268 wake_mask_size);
9269 if (tok) {
9270 cfg->tokens_size = tokens_size;
9271 memcpy(&cfg->payload_tok, tok, sizeof(*tok) + tokens_size);
9272 }
9273
9274 trig->tcp = cfg;
9275
9276 return 0;
9277}
9278
9279static int nl80211_parse_wowlan_nd(struct cfg80211_registered_device *rdev,
9280 const struct wiphy_wowlan_support *wowlan,
9281 struct nlattr *attr,
9282 struct cfg80211_wowlan *trig)
9283{
9284 struct nlattr **tb;
9285 int err;
9286
9287 tb = kzalloc(NUM_NL80211_ATTR * sizeof(*tb), GFP_KERNEL);
9288 if (!tb)
9289 return -ENOMEM;
9290
9291 if (!(wowlan->flags & WIPHY_WOWLAN_NET_DETECT)) {
9292 err = -EOPNOTSUPP;
9293 goto out;
9294 }
9295
9296 err = nla_parse(tb, NL80211_ATTR_MAX,
9297 nla_data(attr), nla_len(attr),
9298 nl80211_policy);
9299 if (err)
9300 goto out;
9301
9302 trig->nd_config = nl80211_parse_sched_scan(&rdev->wiphy, NULL, tb);
9303 err = PTR_ERR_OR_ZERO(trig->nd_config);
9304 if (err)
9305 trig->nd_config = NULL;
9306
9307out:
9308 kfree(tb);
9309 return err;
9310}
9311
9312static int nl80211_set_wowlan(struct sk_buff *skb, struct genl_info *info)
9313{
9314 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9315 struct nlattr *tb[NUM_NL80211_WOWLAN_TRIG];
9316 struct cfg80211_wowlan new_triggers = {};
9317 struct cfg80211_wowlan *ntrig;
9318 const struct wiphy_wowlan_support *wowlan = rdev->wiphy.wowlan;
9319 int err, i;
9320 bool prev_enabled = rdev->wiphy.wowlan_config;
9321 bool regular = false;
9322
9323 if (!wowlan)
9324 return -EOPNOTSUPP;
9325
9326 if (!info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]) {
9327 cfg80211_rdev_free_wowlan(rdev);
9328 rdev->wiphy.wowlan_config = NULL;
9329 goto set_wakeup;
9330 }
9331
9332 err = nla_parse(tb, MAX_NL80211_WOWLAN_TRIG,
9333 nla_data(info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]),
9334 nla_len(info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]),
9335 nl80211_wowlan_policy);
9336 if (err)
9337 return err;
9338
9339 if (tb[NL80211_WOWLAN_TRIG_ANY]) {
9340 if (!(wowlan->flags & WIPHY_WOWLAN_ANY))
9341 return -EINVAL;
9342 new_triggers.any = true;
9343 }
9344
9345 if (tb[NL80211_WOWLAN_TRIG_DISCONNECT]) {
9346 if (!(wowlan->flags & WIPHY_WOWLAN_DISCONNECT))
9347 return -EINVAL;
9348 new_triggers.disconnect = true;
9349 regular = true;
9350 }
9351
9352 if (tb[NL80211_WOWLAN_TRIG_MAGIC_PKT]) {
9353 if (!(wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT))
9354 return -EINVAL;
9355 new_triggers.magic_pkt = true;
9356 regular = true;
9357 }
9358
9359 if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED])
9360 return -EINVAL;
9361
9362 if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE]) {
9363 if (!(wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE))
9364 return -EINVAL;
9365 new_triggers.gtk_rekey_failure = true;
9366 regular = true;
9367 }
9368
9369 if (tb[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST]) {
9370 if (!(wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ))
9371 return -EINVAL;
9372 new_triggers.eap_identity_req = true;
9373 regular = true;
9374 }
9375
9376 if (tb[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE]) {
9377 if (!(wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE))
9378 return -EINVAL;
9379 new_triggers.four_way_handshake = true;
9380 regular = true;
9381 }
9382
9383 if (tb[NL80211_WOWLAN_TRIG_RFKILL_RELEASE]) {
9384 if (!(wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE))
9385 return -EINVAL;
9386 new_triggers.rfkill_release = true;
9387 regular = true;
9388 }
9389
9390 if (tb[NL80211_WOWLAN_TRIG_PKT_PATTERN]) {
9391 struct nlattr *pat;
9392 int n_patterns = 0;
9393 int rem, pat_len, mask_len, pkt_offset;
9394 struct nlattr *pat_tb[NUM_NL80211_PKTPAT];
9395
9396 regular = true;
9397
9398 nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
9399 rem)
9400 n_patterns++;
9401 if (n_patterns > wowlan->n_patterns)
9402 return -EINVAL;
9403
9404 new_triggers.patterns = kcalloc(n_patterns,
9405 sizeof(new_triggers.patterns[0]),
9406 GFP_KERNEL);
9407 if (!new_triggers.patterns)
9408 return -ENOMEM;
9409
9410 new_triggers.n_patterns = n_patterns;
9411 i = 0;
9412
9413 nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
9414 rem) {
9415 u8 *mask_pat;
9416
9417 nla_parse(pat_tb, MAX_NL80211_PKTPAT, nla_data(pat),
9418 nla_len(pat), NULL);
9419 err = -EINVAL;
9420 if (!pat_tb[NL80211_PKTPAT_MASK] ||
9421 !pat_tb[NL80211_PKTPAT_PATTERN])
9422 goto error;
9423 pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]);
9424 mask_len = DIV_ROUND_UP(pat_len, 8);
9425 if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len)
9426 goto error;
9427 if (pat_len > wowlan->pattern_max_len ||
9428 pat_len < wowlan->pattern_min_len)
9429 goto error;
9430
9431 if (!pat_tb[NL80211_PKTPAT_OFFSET])
9432 pkt_offset = 0;
9433 else
9434 pkt_offset = nla_get_u32(
9435 pat_tb[NL80211_PKTPAT_OFFSET]);
9436 if (pkt_offset > wowlan->max_pkt_offset)
9437 goto error;
9438 new_triggers.patterns[i].pkt_offset = pkt_offset;
9439
9440 mask_pat = kmalloc(mask_len + pat_len, GFP_KERNEL);
9441 if (!mask_pat) {
9442 err = -ENOMEM;
9443 goto error;
9444 }
9445 new_triggers.patterns[i].mask = mask_pat;
9446 memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_MASK]),
9447 mask_len);
9448 mask_pat += mask_len;
9449 new_triggers.patterns[i].pattern = mask_pat;
9450 new_triggers.patterns[i].pattern_len = pat_len;
9451 memcpy(mask_pat,
9452 nla_data(pat_tb[NL80211_PKTPAT_PATTERN]),
9453 pat_len);
9454 i++;
9455 }
9456 }
9457
9458 if (tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION]) {
9459 regular = true;
9460 err = nl80211_parse_wowlan_tcp(
9461 rdev, tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION],
9462 &new_triggers);
9463 if (err)
9464 goto error;
9465 }
9466
9467 if (tb[NL80211_WOWLAN_TRIG_NET_DETECT]) {
9468 regular = true;
9469 err = nl80211_parse_wowlan_nd(
9470 rdev, wowlan, tb[NL80211_WOWLAN_TRIG_NET_DETECT],
9471 &new_triggers);
9472 if (err)
9473 goto error;
9474 }
9475
9476
9477
9478
9479
9480
9481
9482 if (new_triggers.any && regular) {
9483 err = -EINVAL;
9484 goto error;
9485 }
9486
9487 ntrig = kmemdup(&new_triggers, sizeof(new_triggers), GFP_KERNEL);
9488 if (!ntrig) {
9489 err = -ENOMEM;
9490 goto error;
9491 }
9492 cfg80211_rdev_free_wowlan(rdev);
9493 rdev->wiphy.wowlan_config = ntrig;
9494
9495 set_wakeup:
9496 if (rdev->ops->set_wakeup &&
9497 prev_enabled != !!rdev->wiphy.wowlan_config)
9498 rdev_set_wakeup(rdev, rdev->wiphy.wowlan_config);
9499
9500 return 0;
9501 error:
9502 for (i = 0; i < new_triggers.n_patterns; i++)
9503 kfree(new_triggers.patterns[i].mask);
9504 kfree(new_triggers.patterns);
9505 if (new_triggers.tcp && new_triggers.tcp->sock)
9506 sock_release(new_triggers.tcp->sock);
9507 kfree(new_triggers.tcp);
9508 kfree(new_triggers.nd_config);
9509 return err;
9510}
9511#endif
9512
9513static int nl80211_send_coalesce_rules(struct sk_buff *msg,
9514 struct cfg80211_registered_device *rdev)
9515{
9516 struct nlattr *nl_pats, *nl_pat, *nl_rule, *nl_rules;
9517 int i, j, pat_len;
9518 struct cfg80211_coalesce_rules *rule;
9519
9520 if (!rdev->coalesce->n_rules)
9521 return 0;
9522
9523 nl_rules = nla_nest_start(msg, NL80211_ATTR_COALESCE_RULE);
9524 if (!nl_rules)
9525 return -ENOBUFS;
9526
9527 for (i = 0; i < rdev->coalesce->n_rules; i++) {
9528 nl_rule = nla_nest_start(msg, i + 1);
9529 if (!nl_rule)
9530 return -ENOBUFS;
9531
9532 rule = &rdev->coalesce->rules[i];
9533 if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_DELAY,
9534 rule->delay))
9535 return -ENOBUFS;
9536
9537 if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_CONDITION,
9538 rule->condition))
9539 return -ENOBUFS;
9540
9541 nl_pats = nla_nest_start(msg,
9542 NL80211_ATTR_COALESCE_RULE_PKT_PATTERN);
9543 if (!nl_pats)
9544 return -ENOBUFS;
9545
9546 for (j = 0; j < rule->n_patterns; j++) {
9547 nl_pat = nla_nest_start(msg, j + 1);
9548 if (!nl_pat)
9549 return -ENOBUFS;
9550 pat_len = rule->patterns[j].pattern_len;
9551 if (nla_put(msg, NL80211_PKTPAT_MASK,
9552 DIV_ROUND_UP(pat_len, 8),
9553 rule->patterns[j].mask) ||
9554 nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len,
9555 rule->patterns[j].pattern) ||
9556 nla_put_u32(msg, NL80211_PKTPAT_OFFSET,
9557 rule->patterns[j].pkt_offset))
9558 return -ENOBUFS;
9559 nla_nest_end(msg, nl_pat);
9560 }
9561 nla_nest_end(msg, nl_pats);
9562 nla_nest_end(msg, nl_rule);
9563 }
9564 nla_nest_end(msg, nl_rules);
9565
9566 return 0;
9567}
9568
9569static int nl80211_get_coalesce(struct sk_buff *skb, struct genl_info *info)
9570{
9571 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9572 struct sk_buff *msg;
9573 void *hdr;
9574
9575 if (!rdev->wiphy.coalesce)
9576 return -EOPNOTSUPP;
9577
9578 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
9579 if (!msg)
9580 return -ENOMEM;
9581
9582 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
9583 NL80211_CMD_GET_COALESCE);
9584 if (!hdr)
9585 goto nla_put_failure;
9586
9587 if (rdev->coalesce && nl80211_send_coalesce_rules(msg, rdev))
9588 goto nla_put_failure;
9589
9590 genlmsg_end(msg, hdr);
9591 return genlmsg_reply(msg, info);
9592
9593nla_put_failure:
9594 nlmsg_free(msg);
9595 return -ENOBUFS;
9596}
9597
9598void cfg80211_rdev_free_coalesce(struct cfg80211_registered_device *rdev)
9599{
9600 struct cfg80211_coalesce *coalesce = rdev->coalesce;
9601 int i, j;
9602 struct cfg80211_coalesce_rules *rule;
9603
9604 if (!coalesce)
9605 return;
9606
9607 for (i = 0; i < coalesce->n_rules; i++) {
9608 rule = &coalesce->rules[i];
9609 for (j = 0; j < rule->n_patterns; j++)
9610 kfree(rule->patterns[j].mask);
9611 kfree(rule->patterns);
9612 }
9613 kfree(coalesce->rules);
9614 kfree(coalesce);
9615 rdev->coalesce = NULL;
9616}
9617
9618static int nl80211_parse_coalesce_rule(struct cfg80211_registered_device *rdev,
9619 struct nlattr *rule,
9620 struct cfg80211_coalesce_rules *new_rule)
9621{
9622 int err, i;
9623 const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce;
9624 struct nlattr *tb[NUM_NL80211_ATTR_COALESCE_RULE], *pat;
9625 int rem, pat_len, mask_len, pkt_offset, n_patterns = 0;
9626 struct nlattr *pat_tb[NUM_NL80211_PKTPAT];
9627
9628 err = nla_parse(tb, NL80211_ATTR_COALESCE_RULE_MAX, nla_data(rule),
9629 nla_len(rule), nl80211_coalesce_policy);
9630 if (err)
9631 return err;
9632
9633 if (tb[NL80211_ATTR_COALESCE_RULE_DELAY])
9634 new_rule->delay =
9635 nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_DELAY]);
9636 if (new_rule->delay > coalesce->max_delay)
9637 return -EINVAL;
9638
9639 if (tb[NL80211_ATTR_COALESCE_RULE_CONDITION])
9640 new_rule->condition =
9641 nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_CONDITION]);
9642 if (new_rule->condition != NL80211_COALESCE_CONDITION_MATCH &&
9643 new_rule->condition != NL80211_COALESCE_CONDITION_NO_MATCH)
9644 return -EINVAL;
9645
9646 if (!tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN])
9647 return -EINVAL;
9648
9649 nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN],
9650 rem)
9651 n_patterns++;
9652 if (n_patterns > coalesce->n_patterns)
9653 return -EINVAL;
9654
9655 new_rule->patterns = kcalloc(n_patterns, sizeof(new_rule->patterns[0]),
9656 GFP_KERNEL);
9657 if (!new_rule->patterns)
9658 return -ENOMEM;
9659
9660 new_rule->n_patterns = n_patterns;
9661 i = 0;
9662
9663 nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN],
9664 rem) {
9665 u8 *mask_pat;
9666
9667 nla_parse(pat_tb, MAX_NL80211_PKTPAT, nla_data(pat),
9668 nla_len(pat), NULL);
9669 if (!pat_tb[NL80211_PKTPAT_MASK] ||
9670 !pat_tb[NL80211_PKTPAT_PATTERN])
9671 return -EINVAL;
9672 pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]);
9673 mask_len = DIV_ROUND_UP(pat_len, 8);
9674 if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len)
9675 return -EINVAL;
9676 if (pat_len > coalesce->pattern_max_len ||
9677 pat_len < coalesce->pattern_min_len)
9678 return -EINVAL;
9679
9680 if (!pat_tb[NL80211_PKTPAT_OFFSET])
9681 pkt_offset = 0;
9682 else
9683 pkt_offset = nla_get_u32(pat_tb[NL80211_PKTPAT_OFFSET]);
9684 if (pkt_offset > coalesce->max_pkt_offset)
9685 return -EINVAL;
9686 new_rule->patterns[i].pkt_offset = pkt_offset;
9687
9688 mask_pat = kmalloc(mask_len + pat_len, GFP_KERNEL);
9689 if (!mask_pat)
9690 return -ENOMEM;
9691
9692 new_rule->patterns[i].mask = mask_pat;
9693 memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_MASK]),
9694 mask_len);
9695
9696 mask_pat += mask_len;
9697 new_rule->patterns[i].pattern = mask_pat;
9698 new_rule->patterns[i].pattern_len = pat_len;
9699 memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_PATTERN]),
9700 pat_len);
9701 i++;
9702 }
9703
9704 return 0;
9705}
9706
9707static int nl80211_set_coalesce(struct sk_buff *skb, struct genl_info *info)
9708{
9709 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9710 const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce;
9711 struct cfg80211_coalesce new_coalesce = {};
9712 struct cfg80211_coalesce *n_coalesce;
9713 int err, rem_rule, n_rules = 0, i, j;
9714 struct nlattr *rule;
9715 struct cfg80211_coalesce_rules *tmp_rule;
9716
9717 if (!rdev->wiphy.coalesce || !rdev->ops->set_coalesce)
9718 return -EOPNOTSUPP;
9719
9720 if (!info->attrs[NL80211_ATTR_COALESCE_RULE]) {
9721 cfg80211_rdev_free_coalesce(rdev);
9722 rdev->ops->set_coalesce(&rdev->wiphy, NULL);
9723 return 0;
9724 }
9725
9726 nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE],
9727 rem_rule)
9728 n_rules++;
9729 if (n_rules > coalesce->n_rules)
9730 return -EINVAL;
9731
9732 new_coalesce.rules = kcalloc(n_rules, sizeof(new_coalesce.rules[0]),
9733 GFP_KERNEL);
9734 if (!new_coalesce.rules)
9735 return -ENOMEM;
9736
9737 new_coalesce.n_rules = n_rules;
9738 i = 0;
9739
9740 nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE],
9741 rem_rule) {
9742 err = nl80211_parse_coalesce_rule(rdev, rule,
9743 &new_coalesce.rules[i]);
9744 if (err)
9745 goto error;
9746
9747 i++;
9748 }
9749
9750 err = rdev->ops->set_coalesce(&rdev->wiphy, &new_coalesce);
9751 if (err)
9752 goto error;
9753
9754 n_coalesce = kmemdup(&new_coalesce, sizeof(new_coalesce), GFP_KERNEL);
9755 if (!n_coalesce) {
9756 err = -ENOMEM;
9757 goto error;
9758 }
9759 cfg80211_rdev_free_coalesce(rdev);
9760 rdev->coalesce = n_coalesce;
9761
9762 return 0;
9763error:
9764 for (i = 0; i < new_coalesce.n_rules; i++) {
9765 tmp_rule = &new_coalesce.rules[i];
9766 for (j = 0; j < tmp_rule->n_patterns; j++)
9767 kfree(tmp_rule->patterns[j].mask);
9768 kfree(tmp_rule->patterns);
9769 }
9770 kfree(new_coalesce.rules);
9771
9772 return err;
9773}
9774
9775static int nl80211_set_rekey_data(struct sk_buff *skb, struct genl_info *info)
9776{
9777 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9778 struct net_device *dev = info->user_ptr[1];
9779 struct wireless_dev *wdev = dev->ieee80211_ptr;
9780 struct nlattr *tb[NUM_NL80211_REKEY_DATA];
9781 struct cfg80211_gtk_rekey_data rekey_data;
9782 int err;
9783
9784 if (!info->attrs[NL80211_ATTR_REKEY_DATA])
9785 return -EINVAL;
9786
9787 err = nla_parse(tb, MAX_NL80211_REKEY_DATA,
9788 nla_data(info->attrs[NL80211_ATTR_REKEY_DATA]),
9789 nla_len(info->attrs[NL80211_ATTR_REKEY_DATA]),
9790 nl80211_rekey_policy);
9791 if (err)
9792 return err;
9793
9794 if (nla_len(tb[NL80211_REKEY_DATA_REPLAY_CTR]) != NL80211_REPLAY_CTR_LEN)
9795 return -ERANGE;
9796 if (nla_len(tb[NL80211_REKEY_DATA_KEK]) != NL80211_KEK_LEN)
9797 return -ERANGE;
9798 if (nla_len(tb[NL80211_REKEY_DATA_KCK]) != NL80211_KCK_LEN)
9799 return -ERANGE;
9800
9801 rekey_data.kek = nla_data(tb[NL80211_REKEY_DATA_KEK]);
9802 rekey_data.kck = nla_data(tb[NL80211_REKEY_DATA_KCK]);
9803 rekey_data.replay_ctr = nla_data(tb[NL80211_REKEY_DATA_REPLAY_CTR]);
9804
9805 wdev_lock(wdev);
9806 if (!wdev->current_bss) {
9807 err = -ENOTCONN;
9808 goto out;
9809 }
9810
9811 if (!rdev->ops->set_rekey_data) {
9812 err = -EOPNOTSUPP;
9813 goto out;
9814 }
9815
9816 err = rdev_set_rekey_data(rdev, dev, &rekey_data);
9817 out:
9818 wdev_unlock(wdev);
9819 return err;
9820}
9821
9822static int nl80211_register_unexpected_frame(struct sk_buff *skb,
9823 struct genl_info *info)
9824{
9825 struct net_device *dev = info->user_ptr[1];
9826 struct wireless_dev *wdev = dev->ieee80211_ptr;
9827
9828 if (wdev->iftype != NL80211_IFTYPE_AP &&
9829 wdev->iftype != NL80211_IFTYPE_P2P_GO)
9830 return -EINVAL;
9831
9832 if (wdev->ap_unexpected_nlportid)
9833 return -EBUSY;
9834
9835 wdev->ap_unexpected_nlportid = info->snd_portid;
9836 return 0;
9837}
9838
9839static int nl80211_probe_client(struct sk_buff *skb,
9840 struct genl_info *info)
9841{
9842 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9843 struct net_device *dev = info->user_ptr[1];
9844 struct wireless_dev *wdev = dev->ieee80211_ptr;
9845 struct sk_buff *msg;
9846 void *hdr;
9847 const u8 *addr;
9848 u64 cookie;
9849 int err;
9850
9851 if (wdev->iftype != NL80211_IFTYPE_AP &&
9852 wdev->iftype != NL80211_IFTYPE_P2P_GO)
9853 return -EOPNOTSUPP;
9854
9855 if (!info->attrs[NL80211_ATTR_MAC])
9856 return -EINVAL;
9857
9858 if (!rdev->ops->probe_client)
9859 return -EOPNOTSUPP;
9860
9861 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
9862 if (!msg)
9863 return -ENOMEM;
9864
9865 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
9866 NL80211_CMD_PROBE_CLIENT);
9867 if (!hdr) {
9868 err = -ENOBUFS;
9869 goto free_msg;
9870 }
9871
9872 addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
9873
9874 err = rdev_probe_client(rdev, dev, addr, &cookie);
9875 if (err)
9876 goto free_msg;
9877
9878 if (nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie))
9879 goto nla_put_failure;
9880
9881 genlmsg_end(msg, hdr);
9882
9883 return genlmsg_reply(msg, info);
9884
9885 nla_put_failure:
9886 err = -ENOBUFS;
9887 free_msg:
9888 nlmsg_free(msg);
9889 return err;
9890}
9891
9892static int nl80211_register_beacons(struct sk_buff *skb, struct genl_info *info)
9893{
9894 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9895 struct cfg80211_beacon_registration *reg, *nreg;
9896 int rv;
9897
9898 if (!(rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS))
9899 return -EOPNOTSUPP;
9900
9901 nreg = kzalloc(sizeof(*nreg), GFP_KERNEL);
9902 if (!nreg)
9903 return -ENOMEM;
9904
9905
9906 spin_lock_bh(&rdev->beacon_registrations_lock);
9907 list_for_each_entry(reg, &rdev->beacon_registrations, list) {
9908 if (reg->nlportid == info->snd_portid) {
9909 rv = -EALREADY;
9910 goto out_err;
9911 }
9912 }
9913
9914 nreg->nlportid = info->snd_portid;
9915 list_add(&nreg->list, &rdev->beacon_registrations);
9916
9917 spin_unlock_bh(&rdev->beacon_registrations_lock);
9918
9919 return 0;
9920out_err:
9921 spin_unlock_bh(&rdev->beacon_registrations_lock);
9922 kfree(nreg);
9923 return rv;
9924}
9925
9926static int nl80211_start_p2p_device(struct sk_buff *skb, struct genl_info *info)
9927{
9928 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9929 struct wireless_dev *wdev = info->user_ptr[1];
9930 int err;
9931
9932 if (!rdev->ops->start_p2p_device)
9933 return -EOPNOTSUPP;
9934
9935 if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
9936 return -EOPNOTSUPP;
9937
9938 if (wdev->p2p_started)
9939 return 0;
9940
9941 if (rfkill_blocked(rdev->rfkill))
9942 return -ERFKILL;
9943
9944 err = rdev_start_p2p_device(rdev, wdev);
9945 if (err)
9946 return err;
9947
9948 wdev->p2p_started = true;
9949 rdev->opencount++;
9950
9951 return 0;
9952}
9953
9954static int nl80211_stop_p2p_device(struct sk_buff *skb, struct genl_info *info)
9955{
9956 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9957 struct wireless_dev *wdev = info->user_ptr[1];
9958
9959 if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
9960 return -EOPNOTSUPP;
9961
9962 if (!rdev->ops->stop_p2p_device)
9963 return -EOPNOTSUPP;
9964
9965 cfg80211_stop_p2p_device(rdev, wdev);
9966
9967 return 0;
9968}
9969
9970static int nl80211_get_protocol_features(struct sk_buff *skb,
9971 struct genl_info *info)
9972{
9973 void *hdr;
9974 struct sk_buff *msg;
9975
9976 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
9977 if (!msg)
9978 return -ENOMEM;
9979
9980 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
9981 NL80211_CMD_GET_PROTOCOL_FEATURES);
9982 if (!hdr)
9983 goto nla_put_failure;
9984
9985 if (nla_put_u32(msg, NL80211_ATTR_PROTOCOL_FEATURES,
9986 NL80211_PROTOCOL_FEATURE_SPLIT_WIPHY_DUMP))
9987 goto nla_put_failure;
9988
9989 genlmsg_end(msg, hdr);
9990 return genlmsg_reply(msg, info);
9991
9992 nla_put_failure:
9993 kfree_skb(msg);
9994 return -ENOBUFS;
9995}
9996
9997static int nl80211_update_ft_ies(struct sk_buff *skb, struct genl_info *info)
9998{
9999 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10000 struct cfg80211_update_ft_ies_params ft_params;
10001 struct net_device *dev = info->user_ptr[1];
10002
10003 if (!rdev->ops->update_ft_ies)
10004 return -EOPNOTSUPP;
10005
10006 if (!info->attrs[NL80211_ATTR_MDID] ||
10007 !is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
10008 return -EINVAL;
10009
10010 memset(&ft_params, 0, sizeof(ft_params));
10011 ft_params.md = nla_get_u16(info->attrs[NL80211_ATTR_MDID]);
10012 ft_params.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
10013 ft_params.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
10014
10015 return rdev_update_ft_ies(rdev, dev, &ft_params);
10016}
10017
10018static int nl80211_crit_protocol_start(struct sk_buff *skb,
10019 struct genl_info *info)
10020{
10021 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10022 struct wireless_dev *wdev = info->user_ptr[1];
10023 enum nl80211_crit_proto_id proto = NL80211_CRIT_PROTO_UNSPEC;
10024 u16 duration;
10025 int ret;
10026
10027 if (!rdev->ops->crit_proto_start)
10028 return -EOPNOTSUPP;
10029
10030 if (WARN_ON(!rdev->ops->crit_proto_stop))
10031 return -EINVAL;
10032
10033 if (rdev->crit_proto_nlportid)
10034 return -EBUSY;
10035
10036
10037 if (info->attrs[NL80211_ATTR_CRIT_PROT_ID])
10038 proto = nla_get_u16(info->attrs[NL80211_ATTR_CRIT_PROT_ID]);
10039
10040 if (proto >= NUM_NL80211_CRIT_PROTO)
10041 return -EINVAL;
10042
10043
10044 if (!info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION])
10045 return -EINVAL;
10046
10047 duration =
10048 nla_get_u16(info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION]);
10049
10050 if (duration > NL80211_CRIT_PROTO_MAX_DURATION)
10051 return -ERANGE;
10052
10053 ret = rdev_crit_proto_start(rdev, wdev, proto, duration);
10054 if (!ret)
10055 rdev->crit_proto_nlportid = info->snd_portid;
10056
10057 return ret;
10058}
10059
10060static int nl80211_crit_protocol_stop(struct sk_buff *skb,
10061 struct genl_info *info)
10062{
10063 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10064 struct wireless_dev *wdev = info->user_ptr[1];
10065
10066 if (!rdev->ops->crit_proto_stop)
10067 return -EOPNOTSUPP;
10068
10069 if (rdev->crit_proto_nlportid) {
10070 rdev->crit_proto_nlportid = 0;
10071 rdev_crit_proto_stop(rdev, wdev);
10072 }
10073 return 0;
10074}
10075
10076static int nl80211_vendor_cmd(struct sk_buff *skb, struct genl_info *info)
10077{
10078 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10079 struct wireless_dev *wdev =
10080 __cfg80211_wdev_from_attrs(genl_info_net(info), info->attrs);
10081 int i, err;
10082 u32 vid, subcmd;
10083
10084 if (!rdev->wiphy.vendor_commands)
10085 return -EOPNOTSUPP;
10086
10087 if (IS_ERR(wdev)) {
10088 err = PTR_ERR(wdev);
10089 if (err != -EINVAL)
10090 return err;
10091 wdev = NULL;
10092 } else if (wdev->wiphy != &rdev->wiphy) {
10093 return -EINVAL;
10094 }
10095
10096 if (!info->attrs[NL80211_ATTR_VENDOR_ID] ||
10097 !info->attrs[NL80211_ATTR_VENDOR_SUBCMD])
10098 return -EINVAL;
10099
10100 vid = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_ID]);
10101 subcmd = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_SUBCMD]);
10102 for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) {
10103 const struct wiphy_vendor_command *vcmd;
10104 void *data = NULL;
10105 int len = 0;
10106
10107 vcmd = &rdev->wiphy.vendor_commands[i];
10108
10109 if (vcmd->info.vendor_id != vid || vcmd->info.subcmd != subcmd)
10110 continue;
10111
10112 if (vcmd->flags & (WIPHY_VENDOR_CMD_NEED_WDEV |
10113 WIPHY_VENDOR_CMD_NEED_NETDEV)) {
10114 if (!wdev)
10115 return -EINVAL;
10116 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_NETDEV &&
10117 !wdev->netdev)
10118 return -EINVAL;
10119
10120 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_RUNNING) {
10121 if (wdev->netdev &&
10122 !netif_running(wdev->netdev))
10123 return -ENETDOWN;
10124 if (!wdev->netdev && !wdev->p2p_started)
10125 return -ENETDOWN;
10126 }
10127
10128 if (!vcmd->doit)
10129 return -EOPNOTSUPP;
10130 } else {
10131 wdev = NULL;
10132 }
10133
10134 if (info->attrs[NL80211_ATTR_VENDOR_DATA]) {
10135 data = nla_data(info->attrs[NL80211_ATTR_VENDOR_DATA]);
10136 len = nla_len(info->attrs[NL80211_ATTR_VENDOR_DATA]);
10137 }
10138
10139 rdev->cur_cmd_info = info;
10140 err = rdev->wiphy.vendor_commands[i].doit(&rdev->wiphy, wdev,
10141 data, len);
10142 rdev->cur_cmd_info = NULL;
10143 return err;
10144 }
10145
10146 return -EOPNOTSUPP;
10147}
10148
10149static int nl80211_prepare_vendor_dump(struct sk_buff *skb,
10150 struct netlink_callback *cb,
10151 struct cfg80211_registered_device **rdev,
10152 struct wireless_dev **wdev)
10153{
10154 u32 vid, subcmd;
10155 unsigned int i;
10156 int vcmd_idx = -1;
10157 int err;
10158 void *data = NULL;
10159 unsigned int data_len = 0;
10160
10161 rtnl_lock();
10162
10163 if (cb->args[0]) {
10164
10165 struct wiphy *wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1);
10166 struct wireless_dev *tmp;
10167
10168 if (!wiphy) {
10169 err = -ENODEV;
10170 goto out_unlock;
10171 }
10172 *rdev = wiphy_to_rdev(wiphy);
10173 *wdev = NULL;
10174
10175 if (cb->args[1]) {
10176 list_for_each_entry(tmp, &(*rdev)->wdev_list, list) {
10177 if (tmp->identifier == cb->args[1] - 1) {
10178 *wdev = tmp;
10179 break;
10180 }
10181 }
10182 }
10183
10184
10185 return 0;
10186 }
10187
10188 err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
10189 nl80211_fam.attrbuf, nl80211_fam.maxattr,
10190 nl80211_policy);
10191 if (err)
10192 goto out_unlock;
10193
10194 if (!nl80211_fam.attrbuf[NL80211_ATTR_VENDOR_ID] ||
10195 !nl80211_fam.attrbuf[NL80211_ATTR_VENDOR_SUBCMD]) {
10196 err = -EINVAL;
10197 goto out_unlock;
10198 }
10199
10200 *wdev = __cfg80211_wdev_from_attrs(sock_net(skb->sk),
10201 nl80211_fam.attrbuf);
10202 if (IS_ERR(*wdev))
10203 *wdev = NULL;
10204
10205 *rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk),
10206 nl80211_fam.attrbuf);
10207 if (IS_ERR(*rdev)) {
10208 err = PTR_ERR(*rdev);
10209 goto out_unlock;
10210 }
10211
10212 vid = nla_get_u32(nl80211_fam.attrbuf[NL80211_ATTR_VENDOR_ID]);
10213 subcmd = nla_get_u32(nl80211_fam.attrbuf[NL80211_ATTR_VENDOR_SUBCMD]);
10214
10215 for (i = 0; i < (*rdev)->wiphy.n_vendor_commands; i++) {
10216 const struct wiphy_vendor_command *vcmd;
10217
10218 vcmd = &(*rdev)->wiphy.vendor_commands[i];
10219
10220 if (vcmd->info.vendor_id != vid || vcmd->info.subcmd != subcmd)
10221 continue;
10222
10223 if (!vcmd->dumpit) {
10224 err = -EOPNOTSUPP;
10225 goto out_unlock;
10226 }
10227
10228 vcmd_idx = i;
10229 break;
10230 }
10231
10232 if (vcmd_idx < 0) {
10233 err = -EOPNOTSUPP;
10234 goto out_unlock;
10235 }
10236
10237 if (nl80211_fam.attrbuf[NL80211_ATTR_VENDOR_DATA]) {
10238 data = nla_data(nl80211_fam.attrbuf[NL80211_ATTR_VENDOR_DATA]);
10239 data_len = nla_len(nl80211_fam.attrbuf[NL80211_ATTR_VENDOR_DATA]);
10240 }
10241
10242
10243 cb->args[0] = (*rdev)->wiphy_idx + 1;
10244
10245 cb->args[1] = *wdev ? (*wdev)->identifier + 1 : 0;
10246 cb->args[2] = vcmd_idx;
10247 cb->args[3] = (unsigned long)data;
10248 cb->args[4] = data_len;
10249
10250
10251 return 0;
10252 out_unlock:
10253 rtnl_unlock();
10254 return err;
10255}
10256
10257static int nl80211_vendor_cmd_dump(struct sk_buff *skb,
10258 struct netlink_callback *cb)
10259{
10260 struct cfg80211_registered_device *rdev;
10261 struct wireless_dev *wdev;
10262 unsigned int vcmd_idx;
10263 const struct wiphy_vendor_command *vcmd;
10264 void *data;
10265 int data_len;
10266 int err;
10267 struct nlattr *vendor_data;
10268
10269 err = nl80211_prepare_vendor_dump(skb, cb, &rdev, &wdev);
10270 if (err)
10271 return err;
10272
10273 vcmd_idx = cb->args[2];
10274 data = (void *)cb->args[3];
10275 data_len = cb->args[4];
10276 vcmd = &rdev->wiphy.vendor_commands[vcmd_idx];
10277
10278 if (vcmd->flags & (WIPHY_VENDOR_CMD_NEED_WDEV |
10279 WIPHY_VENDOR_CMD_NEED_NETDEV)) {
10280 if (!wdev)
10281 return -EINVAL;
10282 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_NETDEV &&
10283 !wdev->netdev)
10284 return -EINVAL;
10285
10286 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_RUNNING) {
10287 if (wdev->netdev &&
10288 !netif_running(wdev->netdev))
10289 return -ENETDOWN;
10290 if (!wdev->netdev && !wdev->p2p_started)
10291 return -ENETDOWN;
10292 }
10293 }
10294
10295 while (1) {
10296 void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid,
10297 cb->nlh->nlmsg_seq, NLM_F_MULTI,
10298 NL80211_CMD_VENDOR);
10299 if (!hdr)
10300 break;
10301
10302 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10303 (wdev && nla_put_u64(skb, NL80211_ATTR_WDEV,
10304 wdev_id(wdev)))) {
10305 genlmsg_cancel(skb, hdr);
10306 break;
10307 }
10308
10309 vendor_data = nla_nest_start(skb, NL80211_ATTR_VENDOR_DATA);
10310 if (!vendor_data) {
10311 genlmsg_cancel(skb, hdr);
10312 break;
10313 }
10314
10315 err = vcmd->dumpit(&rdev->wiphy, wdev, skb, data, data_len,
10316 (unsigned long *)&cb->args[5]);
10317 nla_nest_end(skb, vendor_data);
10318
10319 if (err == -ENOBUFS || err == -ENOENT) {
10320 genlmsg_cancel(skb, hdr);
10321 break;
10322 } else if (err) {
10323 genlmsg_cancel(skb, hdr);
10324 goto out;
10325 }
10326
10327 genlmsg_end(skb, hdr);
10328 }
10329
10330 err = skb->len;
10331 out:
10332 rtnl_unlock();
10333 return err;
10334}
10335
10336struct sk_buff *__cfg80211_alloc_reply_skb(struct wiphy *wiphy,
10337 enum nl80211_commands cmd,
10338 enum nl80211_attrs attr,
10339 int approxlen)
10340{
10341 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
10342
10343 if (WARN_ON(!rdev->cur_cmd_info))
10344 return NULL;
10345
10346 return __cfg80211_alloc_vendor_skb(rdev, NULL, approxlen,
10347 rdev->cur_cmd_info->snd_portid,
10348 rdev->cur_cmd_info->snd_seq,
10349 cmd, attr, NULL, GFP_KERNEL);
10350}
10351EXPORT_SYMBOL(__cfg80211_alloc_reply_skb);
10352
10353int cfg80211_vendor_cmd_reply(struct sk_buff *skb)
10354{
10355 struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
10356 void *hdr = ((void **)skb->cb)[1];
10357 struct nlattr *data = ((void **)skb->cb)[2];
10358
10359
10360 memset(skb->cb, 0, sizeof(skb->cb));
10361
10362 if (WARN_ON(!rdev->cur_cmd_info)) {
10363 kfree_skb(skb);
10364 return -EINVAL;
10365 }
10366
10367 nla_nest_end(skb, data);
10368 genlmsg_end(skb, hdr);
10369 return genlmsg_reply(skb, rdev->cur_cmd_info);
10370}
10371EXPORT_SYMBOL_GPL(cfg80211_vendor_cmd_reply);
10372
10373
10374static int nl80211_set_qos_map(struct sk_buff *skb,
10375 struct genl_info *info)
10376{
10377 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10378 struct cfg80211_qos_map *qos_map = NULL;
10379 struct net_device *dev = info->user_ptr[1];
10380 u8 *pos, len, num_des, des_len, des;
10381 int ret;
10382
10383 if (!rdev->ops->set_qos_map)
10384 return -EOPNOTSUPP;
10385
10386 if (info->attrs[NL80211_ATTR_QOS_MAP]) {
10387 pos = nla_data(info->attrs[NL80211_ATTR_QOS_MAP]);
10388 len = nla_len(info->attrs[NL80211_ATTR_QOS_MAP]);
10389
10390 if (len % 2 || len < IEEE80211_QOS_MAP_LEN_MIN ||
10391 len > IEEE80211_QOS_MAP_LEN_MAX)
10392 return -EINVAL;
10393
10394 qos_map = kzalloc(sizeof(struct cfg80211_qos_map), GFP_KERNEL);
10395 if (!qos_map)
10396 return -ENOMEM;
10397
10398 num_des = (len - IEEE80211_QOS_MAP_LEN_MIN) >> 1;
10399 if (num_des) {
10400 des_len = num_des *
10401 sizeof(struct cfg80211_dscp_exception);
10402 memcpy(qos_map->dscp_exception, pos, des_len);
10403 qos_map->num_des = num_des;
10404 for (des = 0; des < num_des; des++) {
10405 if (qos_map->dscp_exception[des].up > 7) {
10406 kfree(qos_map);
10407 return -EINVAL;
10408 }
10409 }
10410 pos += des_len;
10411 }
10412 memcpy(qos_map->up, pos, IEEE80211_QOS_MAP_LEN_MIN);
10413 }
10414
10415 wdev_lock(dev->ieee80211_ptr);
10416 ret = nl80211_key_allowed(dev->ieee80211_ptr);
10417 if (!ret)
10418 ret = rdev_set_qos_map(rdev, dev, qos_map);
10419 wdev_unlock(dev->ieee80211_ptr);
10420
10421 kfree(qos_map);
10422 return ret;
10423}
10424
10425static int nl80211_add_tx_ts(struct sk_buff *skb, struct genl_info *info)
10426{
10427 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10428 struct net_device *dev = info->user_ptr[1];
10429 struct wireless_dev *wdev = dev->ieee80211_ptr;
10430 const u8 *peer;
10431 u8 tsid, up;
10432 u16 admitted_time = 0;
10433 int err;
10434
10435 if (!(rdev->wiphy.features & NL80211_FEATURE_SUPPORTS_WMM_ADMISSION))
10436 return -EOPNOTSUPP;
10437
10438 if (!info->attrs[NL80211_ATTR_TSID] || !info->attrs[NL80211_ATTR_MAC] ||
10439 !info->attrs[NL80211_ATTR_USER_PRIO])
10440 return -EINVAL;
10441
10442 tsid = nla_get_u8(info->attrs[NL80211_ATTR_TSID]);
10443 if (tsid >= IEEE80211_NUM_TIDS)
10444 return -EINVAL;
10445
10446 up = nla_get_u8(info->attrs[NL80211_ATTR_USER_PRIO]);
10447 if (up >= IEEE80211_NUM_UPS)
10448 return -EINVAL;
10449
10450
10451 if (tsid >= IEEE80211_FIRST_TSPEC_TSID) {
10452
10453
10454
10455
10456 return -EINVAL;
10457 }
10458
10459 peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
10460
10461 if (info->attrs[NL80211_ATTR_ADMITTED_TIME]) {
10462 admitted_time =
10463 nla_get_u16(info->attrs[NL80211_ATTR_ADMITTED_TIME]);
10464 if (!admitted_time)
10465 return -EINVAL;
10466 }
10467
10468 wdev_lock(wdev);
10469 switch (wdev->iftype) {
10470 case NL80211_IFTYPE_STATION:
10471 case NL80211_IFTYPE_P2P_CLIENT:
10472 if (wdev->current_bss)
10473 break;
10474 err = -ENOTCONN;
10475 goto out;
10476 default:
10477 err = -EOPNOTSUPP;
10478 goto out;
10479 }
10480
10481 err = rdev_add_tx_ts(rdev, dev, tsid, peer, up, admitted_time);
10482
10483 out:
10484 wdev_unlock(wdev);
10485 return err;
10486}
10487
10488static int nl80211_del_tx_ts(struct sk_buff *skb, struct genl_info *info)
10489{
10490 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10491 struct net_device *dev = info->user_ptr[1];
10492 struct wireless_dev *wdev = dev->ieee80211_ptr;
10493 const u8 *peer;
10494 u8 tsid;
10495 int err;
10496
10497 if (!info->attrs[NL80211_ATTR_TSID] || !info->attrs[NL80211_ATTR_MAC])
10498 return -EINVAL;
10499
10500 tsid = nla_get_u8(info->attrs[NL80211_ATTR_TSID]);
10501 peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
10502
10503 wdev_lock(wdev);
10504 err = rdev_del_tx_ts(rdev, dev, tsid, peer);
10505 wdev_unlock(wdev);
10506
10507 return err;
10508}
10509
10510static int nl80211_tdls_channel_switch(struct sk_buff *skb,
10511 struct genl_info *info)
10512{
10513 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10514 struct net_device *dev = info->user_ptr[1];
10515 struct wireless_dev *wdev = dev->ieee80211_ptr;
10516 struct cfg80211_chan_def chandef = {};
10517 const u8 *addr;
10518 u8 oper_class;
10519 int err;
10520
10521 if (!rdev->ops->tdls_channel_switch ||
10522 !(rdev->wiphy.features & NL80211_FEATURE_TDLS_CHANNEL_SWITCH))
10523 return -EOPNOTSUPP;
10524
10525 switch (dev->ieee80211_ptr->iftype) {
10526 case NL80211_IFTYPE_STATION:
10527 case NL80211_IFTYPE_P2P_CLIENT:
10528 break;
10529 default:
10530 return -EOPNOTSUPP;
10531 }
10532
10533 if (!info->attrs[NL80211_ATTR_MAC] ||
10534 !info->attrs[NL80211_ATTR_OPER_CLASS])
10535 return -EINVAL;
10536
10537 err = nl80211_parse_chandef(rdev, info, &chandef);
10538 if (err)
10539 return err;
10540
10541
10542
10543
10544
10545
10546 if (chandef.chan->band == IEEE80211_BAND_2GHZ &&
10547 chandef.width != NL80211_CHAN_WIDTH_20_NOHT &&
10548 chandef.width != NL80211_CHAN_WIDTH_20)
10549 return -EINVAL;
10550
10551
10552 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &chandef,
10553 wdev->iftype))
10554 return -EINVAL;
10555
10556
10557 if (cfg80211_chandef_dfs_required(wdev->wiphy, &chandef, wdev->iftype))
10558 return -EINVAL;
10559
10560 addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
10561 oper_class = nla_get_u8(info->attrs[NL80211_ATTR_OPER_CLASS]);
10562
10563 wdev_lock(wdev);
10564 err = rdev_tdls_channel_switch(rdev, dev, addr, oper_class, &chandef);
10565 wdev_unlock(wdev);
10566
10567 return err;
10568}
10569
10570static int nl80211_tdls_cancel_channel_switch(struct sk_buff *skb,
10571 struct genl_info *info)
10572{
10573 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10574 struct net_device *dev = info->user_ptr[1];
10575 struct wireless_dev *wdev = dev->ieee80211_ptr;
10576 const u8 *addr;
10577
10578 if (!rdev->ops->tdls_channel_switch ||
10579 !rdev->ops->tdls_cancel_channel_switch ||
10580 !(rdev->wiphy.features & NL80211_FEATURE_TDLS_CHANNEL_SWITCH))
10581 return -EOPNOTSUPP;
10582
10583 switch (dev->ieee80211_ptr->iftype) {
10584 case NL80211_IFTYPE_STATION:
10585 case NL80211_IFTYPE_P2P_CLIENT:
10586 break;
10587 default:
10588 return -EOPNOTSUPP;
10589 }
10590
10591 if (!info->attrs[NL80211_ATTR_MAC])
10592 return -EINVAL;
10593
10594 addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
10595
10596 wdev_lock(wdev);
10597 rdev_tdls_cancel_channel_switch(rdev, dev, addr);
10598 wdev_unlock(wdev);
10599
10600 return 0;
10601}
10602
10603#define NL80211_FLAG_NEED_WIPHY 0x01
10604#define NL80211_FLAG_NEED_NETDEV 0x02
10605#define NL80211_FLAG_NEED_RTNL 0x04
10606#define NL80211_FLAG_CHECK_NETDEV_UP 0x08
10607#define NL80211_FLAG_NEED_NETDEV_UP (NL80211_FLAG_NEED_NETDEV |\
10608 NL80211_FLAG_CHECK_NETDEV_UP)
10609#define NL80211_FLAG_NEED_WDEV 0x10
10610
10611#define NL80211_FLAG_NEED_WDEV_UP (NL80211_FLAG_NEED_WDEV |\
10612 NL80211_FLAG_CHECK_NETDEV_UP)
10613#define NL80211_FLAG_CLEAR_SKB 0x20
10614
10615static int nl80211_pre_doit(const struct genl_ops *ops, struct sk_buff *skb,
10616 struct genl_info *info)
10617{
10618 struct cfg80211_registered_device *rdev;
10619 struct wireless_dev *wdev;
10620 struct net_device *dev;
10621 bool rtnl = ops->internal_flags & NL80211_FLAG_NEED_RTNL;
10622
10623 if (rtnl)
10624 rtnl_lock();
10625
10626 if (ops->internal_flags & NL80211_FLAG_NEED_WIPHY) {
10627 rdev = cfg80211_get_dev_from_info(genl_info_net(info), info);
10628 if (IS_ERR(rdev)) {
10629 if (rtnl)
10630 rtnl_unlock();
10631 return PTR_ERR(rdev);
10632 }
10633 info->user_ptr[0] = rdev;
10634 } else if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV ||
10635 ops->internal_flags & NL80211_FLAG_NEED_WDEV) {
10636 ASSERT_RTNL();
10637
10638 wdev = __cfg80211_wdev_from_attrs(genl_info_net(info),
10639 info->attrs);
10640 if (IS_ERR(wdev)) {
10641 if (rtnl)
10642 rtnl_unlock();
10643 return PTR_ERR(wdev);
10644 }
10645
10646 dev = wdev->netdev;
10647 rdev = wiphy_to_rdev(wdev->wiphy);
10648
10649 if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV) {
10650 if (!dev) {
10651 if (rtnl)
10652 rtnl_unlock();
10653 return -EINVAL;
10654 }
10655
10656 info->user_ptr[1] = dev;
10657 } else {
10658 info->user_ptr[1] = wdev;
10659 }
10660
10661 if (dev) {
10662 if (ops->internal_flags & NL80211_FLAG_CHECK_NETDEV_UP &&
10663 !netif_running(dev)) {
10664 if (rtnl)
10665 rtnl_unlock();
10666 return -ENETDOWN;
10667 }
10668
10669 dev_hold(dev);
10670 } else if (ops->internal_flags & NL80211_FLAG_CHECK_NETDEV_UP) {
10671 if (!wdev->p2p_started) {
10672 if (rtnl)
10673 rtnl_unlock();
10674 return -ENETDOWN;
10675 }
10676 }
10677
10678 info->user_ptr[0] = rdev;
10679 }
10680
10681 return 0;
10682}
10683
10684static void nl80211_post_doit(const struct genl_ops *ops, struct sk_buff *skb,
10685 struct genl_info *info)
10686{
10687 if (info->user_ptr[1]) {
10688 if (ops->internal_flags & NL80211_FLAG_NEED_WDEV) {
10689 struct wireless_dev *wdev = info->user_ptr[1];
10690
10691 if (wdev->netdev)
10692 dev_put(wdev->netdev);
10693 } else {
10694 dev_put(info->user_ptr[1]);
10695 }
10696 }
10697
10698 if (ops->internal_flags & NL80211_FLAG_NEED_RTNL)
10699 rtnl_unlock();
10700
10701
10702
10703
10704
10705
10706 if (ops->internal_flags & NL80211_FLAG_CLEAR_SKB) {
10707 struct nlmsghdr *nlh = nlmsg_hdr(skb);
10708
10709 memset(nlmsg_data(nlh), 0, nlmsg_len(nlh));
10710 }
10711}
10712
10713static const struct genl_ops nl80211_ops[] = {
10714 {
10715 .cmd = NL80211_CMD_GET_WIPHY,
10716 .doit = nl80211_get_wiphy,
10717 .dumpit = nl80211_dump_wiphy,
10718 .done = nl80211_dump_wiphy_done,
10719 .policy = nl80211_policy,
10720
10721 .internal_flags = NL80211_FLAG_NEED_WIPHY |
10722 NL80211_FLAG_NEED_RTNL,
10723 },
10724 {
10725 .cmd = NL80211_CMD_SET_WIPHY,
10726 .doit = nl80211_set_wiphy,
10727 .policy = nl80211_policy,
10728 .flags = GENL_ADMIN_PERM,
10729 .internal_flags = NL80211_FLAG_NEED_RTNL,
10730 },
10731 {
10732 .cmd = NL80211_CMD_GET_INTERFACE,
10733 .doit = nl80211_get_interface,
10734 .dumpit = nl80211_dump_interface,
10735 .policy = nl80211_policy,
10736
10737 .internal_flags = NL80211_FLAG_NEED_WDEV |
10738 NL80211_FLAG_NEED_RTNL,
10739 },
10740 {
10741 .cmd = NL80211_CMD_SET_INTERFACE,
10742 .doit = nl80211_set_interface,
10743 .policy = nl80211_policy,
10744 .flags = GENL_ADMIN_PERM,
10745 .internal_flags = NL80211_FLAG_NEED_NETDEV |
10746 NL80211_FLAG_NEED_RTNL,
10747 },
10748 {
10749 .cmd = NL80211_CMD_NEW_INTERFACE,
10750 .doit = nl80211_new_interface,
10751 .policy = nl80211_policy,
10752 .flags = GENL_ADMIN_PERM,
10753 .internal_flags = NL80211_FLAG_NEED_WIPHY |
10754 NL80211_FLAG_NEED_RTNL,
10755 },
10756 {
10757 .cmd = NL80211_CMD_DEL_INTERFACE,
10758 .doit = nl80211_del_interface,
10759 .policy = nl80211_policy,
10760 .flags = GENL_ADMIN_PERM,
10761 .internal_flags = NL80211_FLAG_NEED_WDEV |
10762 NL80211_FLAG_NEED_RTNL,
10763 },
10764 {
10765 .cmd = NL80211_CMD_GET_KEY,
10766 .doit = nl80211_get_key,
10767 .policy = nl80211_policy,
10768 .flags = GENL_ADMIN_PERM,
10769 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10770 NL80211_FLAG_NEED_RTNL,
10771 },
10772 {
10773 .cmd = NL80211_CMD_SET_KEY,
10774 .doit = nl80211_set_key,
10775 .policy = nl80211_policy,
10776 .flags = GENL_ADMIN_PERM,
10777 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10778 NL80211_FLAG_NEED_RTNL |
10779 NL80211_FLAG_CLEAR_SKB,
10780 },
10781 {
10782 .cmd = NL80211_CMD_NEW_KEY,
10783 .doit = nl80211_new_key,
10784 .policy = nl80211_policy,
10785 .flags = GENL_ADMIN_PERM,
10786 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10787 NL80211_FLAG_NEED_RTNL |
10788 NL80211_FLAG_CLEAR_SKB,
10789 },
10790 {
10791 .cmd = NL80211_CMD_DEL_KEY,
10792 .doit = nl80211_del_key,
10793 .policy = nl80211_policy,
10794 .flags = GENL_ADMIN_PERM,
10795 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10796 NL80211_FLAG_NEED_RTNL,
10797 },
10798 {
10799 .cmd = NL80211_CMD_SET_BEACON,
10800 .policy = nl80211_policy,
10801 .flags = GENL_ADMIN_PERM,
10802 .doit = nl80211_set_beacon,
10803 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10804 NL80211_FLAG_NEED_RTNL,
10805 },
10806 {
10807 .cmd = NL80211_CMD_START_AP,
10808 .policy = nl80211_policy,
10809 .flags = GENL_ADMIN_PERM,
10810 .doit = nl80211_start_ap,
10811 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10812 NL80211_FLAG_NEED_RTNL,
10813 },
10814 {
10815 .cmd = NL80211_CMD_STOP_AP,
10816 .policy = nl80211_policy,
10817 .flags = GENL_ADMIN_PERM,
10818 .doit = nl80211_stop_ap,
10819 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10820 NL80211_FLAG_NEED_RTNL,
10821 },
10822 {
10823 .cmd = NL80211_CMD_GET_STATION,
10824 .doit = nl80211_get_station,
10825 .dumpit = nl80211_dump_station,
10826 .policy = nl80211_policy,
10827 .internal_flags = NL80211_FLAG_NEED_NETDEV |
10828 NL80211_FLAG_NEED_RTNL,
10829 },
10830 {
10831 .cmd = NL80211_CMD_SET_STATION,
10832 .doit = nl80211_set_station,
10833 .policy = nl80211_policy,
10834 .flags = GENL_ADMIN_PERM,
10835 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10836 NL80211_FLAG_NEED_RTNL,
10837 },
10838 {
10839 .cmd = NL80211_CMD_NEW_STATION,
10840 .doit = nl80211_new_station,
10841 .policy = nl80211_policy,
10842 .flags = GENL_ADMIN_PERM,
10843 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10844 NL80211_FLAG_NEED_RTNL,
10845 },
10846 {
10847 .cmd = NL80211_CMD_DEL_STATION,
10848 .doit = nl80211_del_station,
10849 .policy = nl80211_policy,
10850 .flags = GENL_ADMIN_PERM,
10851 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10852 NL80211_FLAG_NEED_RTNL,
10853 },
10854 {
10855 .cmd = NL80211_CMD_GET_MPATH,
10856 .doit = nl80211_get_mpath,
10857 .dumpit = nl80211_dump_mpath,
10858 .policy = nl80211_policy,
10859 .flags = GENL_ADMIN_PERM,
10860 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10861 NL80211_FLAG_NEED_RTNL,
10862 },
10863 {
10864 .cmd = NL80211_CMD_GET_MPP,
10865 .doit = nl80211_get_mpp,
10866 .dumpit = nl80211_dump_mpp,
10867 .policy = nl80211_policy,
10868 .flags = GENL_ADMIN_PERM,
10869 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10870 NL80211_FLAG_NEED_RTNL,
10871 },
10872 {
10873 .cmd = NL80211_CMD_SET_MPATH,
10874 .doit = nl80211_set_mpath,
10875 .policy = nl80211_policy,
10876 .flags = GENL_ADMIN_PERM,
10877 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10878 NL80211_FLAG_NEED_RTNL,
10879 },
10880 {
10881 .cmd = NL80211_CMD_NEW_MPATH,
10882 .doit = nl80211_new_mpath,
10883 .policy = nl80211_policy,
10884 .flags = GENL_ADMIN_PERM,
10885 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10886 NL80211_FLAG_NEED_RTNL,
10887 },
10888 {
10889 .cmd = NL80211_CMD_DEL_MPATH,
10890 .doit = nl80211_del_mpath,
10891 .policy = nl80211_policy,
10892 .flags = GENL_ADMIN_PERM,
10893 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10894 NL80211_FLAG_NEED_RTNL,
10895 },
10896 {
10897 .cmd = NL80211_CMD_SET_BSS,
10898 .doit = nl80211_set_bss,
10899 .policy = nl80211_policy,
10900 .flags = GENL_ADMIN_PERM,
10901 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10902 NL80211_FLAG_NEED_RTNL,
10903 },
10904 {
10905 .cmd = NL80211_CMD_GET_REG,
10906 .doit = nl80211_get_reg_do,
10907 .dumpit = nl80211_get_reg_dump,
10908 .policy = nl80211_policy,
10909 .internal_flags = NL80211_FLAG_NEED_RTNL,
10910
10911 },
10912#ifdef CONFIG_CFG80211_CRDA_SUPPORT
10913 {
10914 .cmd = NL80211_CMD_SET_REG,
10915 .doit = nl80211_set_reg,
10916 .policy = nl80211_policy,
10917 .flags = GENL_ADMIN_PERM,
10918 .internal_flags = NL80211_FLAG_NEED_RTNL,
10919 },
10920#endif
10921 {
10922 .cmd = NL80211_CMD_REQ_SET_REG,
10923 .doit = nl80211_req_set_reg,
10924 .policy = nl80211_policy,
10925 .flags = GENL_ADMIN_PERM,
10926 },
10927 {
10928 .cmd = NL80211_CMD_GET_MESH_CONFIG,
10929 .doit = nl80211_get_mesh_config,
10930 .policy = nl80211_policy,
10931
10932 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10933 NL80211_FLAG_NEED_RTNL,
10934 },
10935 {
10936 .cmd = NL80211_CMD_SET_MESH_CONFIG,
10937 .doit = nl80211_update_mesh_config,
10938 .policy = nl80211_policy,
10939 .flags = GENL_ADMIN_PERM,
10940 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10941 NL80211_FLAG_NEED_RTNL,
10942 },
10943 {
10944 .cmd = NL80211_CMD_TRIGGER_SCAN,
10945 .doit = nl80211_trigger_scan,
10946 .policy = nl80211_policy,
10947 .flags = GENL_ADMIN_PERM,
10948 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
10949 NL80211_FLAG_NEED_RTNL,
10950 },
10951 {
10952 .cmd = NL80211_CMD_GET_SCAN,
10953 .policy = nl80211_policy,
10954 .dumpit = nl80211_dump_scan,
10955 },
10956 {
10957 .cmd = NL80211_CMD_START_SCHED_SCAN,
10958 .doit = nl80211_start_sched_scan,
10959 .policy = nl80211_policy,
10960 .flags = GENL_ADMIN_PERM,
10961 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10962 NL80211_FLAG_NEED_RTNL,
10963 },
10964 {
10965 .cmd = NL80211_CMD_STOP_SCHED_SCAN,
10966 .doit = nl80211_stop_sched_scan,
10967 .policy = nl80211_policy,
10968 .flags = GENL_ADMIN_PERM,
10969 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10970 NL80211_FLAG_NEED_RTNL,
10971 },
10972 {
10973 .cmd = NL80211_CMD_AUTHENTICATE,
10974 .doit = nl80211_authenticate,
10975 .policy = nl80211_policy,
10976 .flags = GENL_ADMIN_PERM,
10977 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10978 NL80211_FLAG_NEED_RTNL |
10979 NL80211_FLAG_CLEAR_SKB,
10980 },
10981 {
10982 .cmd = NL80211_CMD_ASSOCIATE,
10983 .doit = nl80211_associate,
10984 .policy = nl80211_policy,
10985 .flags = GENL_ADMIN_PERM,
10986 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10987 NL80211_FLAG_NEED_RTNL,
10988 },
10989 {
10990 .cmd = NL80211_CMD_DEAUTHENTICATE,
10991 .doit = nl80211_deauthenticate,
10992 .policy = nl80211_policy,
10993 .flags = GENL_ADMIN_PERM,
10994 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10995 NL80211_FLAG_NEED_RTNL,
10996 },
10997 {
10998 .cmd = NL80211_CMD_DISASSOCIATE,
10999 .doit = nl80211_disassociate,
11000 .policy = nl80211_policy,
11001 .flags = GENL_ADMIN_PERM,
11002 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11003 NL80211_FLAG_NEED_RTNL,
11004 },
11005 {
11006 .cmd = NL80211_CMD_JOIN_IBSS,
11007 .doit = nl80211_join_ibss,
11008 .policy = nl80211_policy,
11009 .flags = GENL_ADMIN_PERM,
11010 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11011 NL80211_FLAG_NEED_RTNL,
11012 },
11013 {
11014 .cmd = NL80211_CMD_LEAVE_IBSS,
11015 .doit = nl80211_leave_ibss,
11016 .policy = nl80211_policy,
11017 .flags = GENL_ADMIN_PERM,
11018 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11019 NL80211_FLAG_NEED_RTNL,
11020 },
11021#ifdef CONFIG_NL80211_TESTMODE
11022 {
11023 .cmd = NL80211_CMD_TESTMODE,
11024 .doit = nl80211_testmode_do,
11025 .dumpit = nl80211_testmode_dump,
11026 .policy = nl80211_policy,
11027 .flags = GENL_ADMIN_PERM,
11028 .internal_flags = NL80211_FLAG_NEED_WIPHY |
11029 NL80211_FLAG_NEED_RTNL,
11030 },
11031#endif
11032 {
11033 .cmd = NL80211_CMD_CONNECT,
11034 .doit = nl80211_connect,
11035 .policy = nl80211_policy,
11036 .flags = GENL_ADMIN_PERM,
11037 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11038 NL80211_FLAG_NEED_RTNL,
11039 },
11040 {
11041 .cmd = NL80211_CMD_DISCONNECT,
11042 .doit = nl80211_disconnect,
11043 .policy = nl80211_policy,
11044 .flags = GENL_ADMIN_PERM,
11045 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11046 NL80211_FLAG_NEED_RTNL,
11047 },
11048 {
11049 .cmd = NL80211_CMD_SET_WIPHY_NETNS,
11050 .doit = nl80211_wiphy_netns,
11051 .policy = nl80211_policy,
11052 .flags = GENL_ADMIN_PERM,
11053 .internal_flags = NL80211_FLAG_NEED_WIPHY |
11054 NL80211_FLAG_NEED_RTNL,
11055 },
11056 {
11057 .cmd = NL80211_CMD_GET_SURVEY,
11058 .policy = nl80211_policy,
11059 .dumpit = nl80211_dump_survey,
11060 },
11061 {
11062 .cmd = NL80211_CMD_SET_PMKSA,
11063 .doit = nl80211_setdel_pmksa,
11064 .policy = nl80211_policy,
11065 .flags = GENL_ADMIN_PERM,
11066 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11067 NL80211_FLAG_NEED_RTNL,
11068 },
11069 {
11070 .cmd = NL80211_CMD_DEL_PMKSA,
11071 .doit = nl80211_setdel_pmksa,
11072 .policy = nl80211_policy,
11073 .flags = GENL_ADMIN_PERM,
11074 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11075 NL80211_FLAG_NEED_RTNL,
11076 },
11077 {
11078 .cmd = NL80211_CMD_FLUSH_PMKSA,
11079 .doit = nl80211_flush_pmksa,
11080 .policy = nl80211_policy,
11081 .flags = GENL_ADMIN_PERM,
11082 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11083 NL80211_FLAG_NEED_RTNL,
11084 },
11085 {
11086 .cmd = NL80211_CMD_REMAIN_ON_CHANNEL,
11087 .doit = nl80211_remain_on_channel,
11088 .policy = nl80211_policy,
11089 .flags = GENL_ADMIN_PERM,
11090 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
11091 NL80211_FLAG_NEED_RTNL,
11092 },
11093 {
11094 .cmd = NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
11095 .doit = nl80211_cancel_remain_on_channel,
11096 .policy = nl80211_policy,
11097 .flags = GENL_ADMIN_PERM,
11098 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
11099 NL80211_FLAG_NEED_RTNL,
11100 },
11101 {
11102 .cmd = NL80211_CMD_SET_TX_BITRATE_MASK,
11103 .doit = nl80211_set_tx_bitrate_mask,
11104 .policy = nl80211_policy,
11105 .flags = GENL_ADMIN_PERM,
11106 .internal_flags = NL80211_FLAG_NEED_NETDEV |
11107 NL80211_FLAG_NEED_RTNL,
11108 },
11109 {
11110 .cmd = NL80211_CMD_REGISTER_FRAME,
11111 .doit = nl80211_register_mgmt,
11112 .policy = nl80211_policy,
11113 .flags = GENL_ADMIN_PERM,
11114 .internal_flags = NL80211_FLAG_NEED_WDEV |
11115 NL80211_FLAG_NEED_RTNL,
11116 },
11117 {
11118 .cmd = NL80211_CMD_FRAME,
11119 .doit = nl80211_tx_mgmt,
11120 .policy = nl80211_policy,
11121 .flags = GENL_ADMIN_PERM,
11122 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
11123 NL80211_FLAG_NEED_RTNL,
11124 },
11125 {
11126 .cmd = NL80211_CMD_FRAME_WAIT_CANCEL,
11127 .doit = nl80211_tx_mgmt_cancel_wait,
11128 .policy = nl80211_policy,
11129 .flags = GENL_ADMIN_PERM,
11130 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
11131 NL80211_FLAG_NEED_RTNL,
11132 },
11133 {
11134 .cmd = NL80211_CMD_SET_POWER_SAVE,
11135 .doit = nl80211_set_power_save,
11136 .policy = nl80211_policy,
11137 .flags = GENL_ADMIN_PERM,
11138 .internal_flags = NL80211_FLAG_NEED_NETDEV |
11139 NL80211_FLAG_NEED_RTNL,
11140 },
11141 {
11142 .cmd = NL80211_CMD_GET_POWER_SAVE,
11143 .doit = nl80211_get_power_save,
11144 .policy = nl80211_policy,
11145
11146 .internal_flags = NL80211_FLAG_NEED_NETDEV |
11147 NL80211_FLAG_NEED_RTNL,
11148 },
11149 {
11150 .cmd = NL80211_CMD_SET_CQM,
11151 .doit = nl80211_set_cqm,
11152 .policy = nl80211_policy,
11153 .flags = GENL_ADMIN_PERM,
11154 .internal_flags = NL80211_FLAG_NEED_NETDEV |
11155 NL80211_FLAG_NEED_RTNL,
11156 },
11157 {
11158 .cmd = NL80211_CMD_SET_CHANNEL,
11159 .doit = nl80211_set_channel,
11160 .policy = nl80211_policy,
11161 .flags = GENL_ADMIN_PERM,
11162 .internal_flags = NL80211_FLAG_NEED_NETDEV |
11163 NL80211_FLAG_NEED_RTNL,
11164 },
11165 {
11166 .cmd = NL80211_CMD_SET_WDS_PEER,
11167 .doit = nl80211_set_wds_peer,
11168 .policy = nl80211_policy,
11169 .flags = GENL_ADMIN_PERM,
11170 .internal_flags = NL80211_FLAG_NEED_NETDEV |
11171 NL80211_FLAG_NEED_RTNL,
11172 },
11173 {
11174 .cmd = NL80211_CMD_JOIN_MESH,
11175 .doit = nl80211_join_mesh,
11176 .policy = nl80211_policy,
11177 .flags = GENL_ADMIN_PERM,
11178 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11179 NL80211_FLAG_NEED_RTNL,
11180 },
11181 {
11182 .cmd = NL80211_CMD_LEAVE_MESH,
11183 .doit = nl80211_leave_mesh,
11184 .policy = nl80211_policy,
11185 .flags = GENL_ADMIN_PERM,
11186 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11187 NL80211_FLAG_NEED_RTNL,
11188 },
11189 {
11190 .cmd = NL80211_CMD_JOIN_OCB,
11191 .doit = nl80211_join_ocb,
11192 .policy = nl80211_policy,
11193 .flags = GENL_ADMIN_PERM,
11194 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11195 NL80211_FLAG_NEED_RTNL,
11196 },
11197 {
11198 .cmd = NL80211_CMD_LEAVE_OCB,
11199 .doit = nl80211_leave_ocb,
11200 .policy = nl80211_policy,
11201 .flags = GENL_ADMIN_PERM,
11202 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11203 NL80211_FLAG_NEED_RTNL,
11204 },
11205#ifdef CONFIG_PM
11206 {
11207 .cmd = NL80211_CMD_GET_WOWLAN,
11208 .doit = nl80211_get_wowlan,
11209 .policy = nl80211_policy,
11210
11211 .internal_flags = NL80211_FLAG_NEED_WIPHY |
11212 NL80211_FLAG_NEED_RTNL,
11213 },
11214 {
11215 .cmd = NL80211_CMD_SET_WOWLAN,
11216 .doit = nl80211_set_wowlan,
11217 .policy = nl80211_policy,
11218 .flags = GENL_ADMIN_PERM,
11219 .internal_flags = NL80211_FLAG_NEED_WIPHY |
11220 NL80211_FLAG_NEED_RTNL,
11221 },
11222#endif
11223 {
11224 .cmd = NL80211_CMD_SET_REKEY_OFFLOAD,
11225 .doit = nl80211_set_rekey_data,
11226 .policy = nl80211_policy,
11227 .flags = GENL_ADMIN_PERM,
11228 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11229 NL80211_FLAG_NEED_RTNL |
11230 NL80211_FLAG_CLEAR_SKB,
11231 },
11232 {
11233 .cmd = NL80211_CMD_TDLS_MGMT,
11234 .doit = nl80211_tdls_mgmt,
11235 .policy = nl80211_policy,
11236 .flags = GENL_ADMIN_PERM,
11237 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11238 NL80211_FLAG_NEED_RTNL,
11239 },
11240 {
11241 .cmd = NL80211_CMD_TDLS_OPER,
11242 .doit = nl80211_tdls_oper,
11243 .policy = nl80211_policy,
11244 .flags = GENL_ADMIN_PERM,
11245 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11246 NL80211_FLAG_NEED_RTNL,
11247 },
11248 {
11249 .cmd = NL80211_CMD_UNEXPECTED_FRAME,
11250 .doit = nl80211_register_unexpected_frame,
11251 .policy = nl80211_policy,
11252 .flags = GENL_ADMIN_PERM,
11253 .internal_flags = NL80211_FLAG_NEED_NETDEV |
11254 NL80211_FLAG_NEED_RTNL,
11255 },
11256 {
11257 .cmd = NL80211_CMD_PROBE_CLIENT,
11258 .doit = nl80211_probe_client,
11259 .policy = nl80211_policy,
11260 .flags = GENL_ADMIN_PERM,
11261 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11262 NL80211_FLAG_NEED_RTNL,
11263 },
11264 {
11265 .cmd = NL80211_CMD_REGISTER_BEACONS,
11266 .doit = nl80211_register_beacons,
11267 .policy = nl80211_policy,
11268 .flags = GENL_ADMIN_PERM,
11269 .internal_flags = NL80211_FLAG_NEED_WIPHY |
11270 NL80211_FLAG_NEED_RTNL,
11271 },
11272 {
11273 .cmd = NL80211_CMD_SET_NOACK_MAP,
11274 .doit = nl80211_set_noack_map,
11275 .policy = nl80211_policy,
11276 .flags = GENL_ADMIN_PERM,
11277 .internal_flags = NL80211_FLAG_NEED_NETDEV |
11278 NL80211_FLAG_NEED_RTNL,
11279 },
11280 {
11281 .cmd = NL80211_CMD_START_P2P_DEVICE,
11282 .doit = nl80211_start_p2p_device,
11283 .policy = nl80211_policy,
11284 .flags = GENL_ADMIN_PERM,
11285 .internal_flags = NL80211_FLAG_NEED_WDEV |
11286 NL80211_FLAG_NEED_RTNL,
11287 },
11288 {
11289 .cmd = NL80211_CMD_STOP_P2P_DEVICE,
11290 .doit = nl80211_stop_p2p_device,
11291 .policy = nl80211_policy,
11292 .flags = GENL_ADMIN_PERM,
11293 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
11294 NL80211_FLAG_NEED_RTNL,
11295 },
11296 {
11297 .cmd = NL80211_CMD_SET_MCAST_RATE,
11298 .doit = nl80211_set_mcast_rate,
11299 .policy = nl80211_policy,
11300 .flags = GENL_ADMIN_PERM,
11301 .internal_flags = NL80211_FLAG_NEED_NETDEV |
11302 NL80211_FLAG_NEED_RTNL,
11303 },
11304 {
11305 .cmd = NL80211_CMD_SET_MAC_ACL,
11306 .doit = nl80211_set_mac_acl,
11307 .policy = nl80211_policy,
11308 .flags = GENL_ADMIN_PERM,
11309 .internal_flags = NL80211_FLAG_NEED_NETDEV |
11310 NL80211_FLAG_NEED_RTNL,
11311 },
11312 {
11313 .cmd = NL80211_CMD_RADAR_DETECT,
11314 .doit = nl80211_start_radar_detection,
11315 .policy = nl80211_policy,
11316 .flags = GENL_ADMIN_PERM,
11317 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11318 NL80211_FLAG_NEED_RTNL,
11319 },
11320 {
11321 .cmd = NL80211_CMD_GET_PROTOCOL_FEATURES,
11322 .doit = nl80211_get_protocol_features,
11323 .policy = nl80211_policy,
11324 },
11325 {
11326 .cmd = NL80211_CMD_UPDATE_FT_IES,
11327 .doit = nl80211_update_ft_ies,
11328 .policy = nl80211_policy,
11329 .flags = GENL_ADMIN_PERM,
11330 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11331 NL80211_FLAG_NEED_RTNL,
11332 },
11333 {
11334 .cmd = NL80211_CMD_CRIT_PROTOCOL_START,
11335 .doit = nl80211_crit_protocol_start,
11336 .policy = nl80211_policy,
11337 .flags = GENL_ADMIN_PERM,
11338 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
11339 NL80211_FLAG_NEED_RTNL,
11340 },
11341 {
11342 .cmd = NL80211_CMD_CRIT_PROTOCOL_STOP,
11343 .doit = nl80211_crit_protocol_stop,
11344 .policy = nl80211_policy,
11345 .flags = GENL_ADMIN_PERM,
11346 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
11347 NL80211_FLAG_NEED_RTNL,
11348 },
11349 {
11350 .cmd = NL80211_CMD_GET_COALESCE,
11351 .doit = nl80211_get_coalesce,
11352 .policy = nl80211_policy,
11353 .internal_flags = NL80211_FLAG_NEED_WIPHY |
11354 NL80211_FLAG_NEED_RTNL,
11355 },
11356 {
11357 .cmd = NL80211_CMD_SET_COALESCE,
11358 .doit = nl80211_set_coalesce,
11359 .policy = nl80211_policy,
11360 .flags = GENL_ADMIN_PERM,
11361 .internal_flags = NL80211_FLAG_NEED_WIPHY |
11362 NL80211_FLAG_NEED_RTNL,
11363 },
11364 {
11365 .cmd = NL80211_CMD_CHANNEL_SWITCH,
11366 .doit = nl80211_channel_switch,
11367 .policy = nl80211_policy,
11368 .flags = GENL_ADMIN_PERM,
11369 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11370 NL80211_FLAG_NEED_RTNL,
11371 },
11372 {
11373 .cmd = NL80211_CMD_VENDOR,
11374 .doit = nl80211_vendor_cmd,
11375 .dumpit = nl80211_vendor_cmd_dump,
11376 .policy = nl80211_policy,
11377 .flags = GENL_ADMIN_PERM,
11378 .internal_flags = NL80211_FLAG_NEED_WIPHY |
11379 NL80211_FLAG_NEED_RTNL,
11380 },
11381 {
11382 .cmd = NL80211_CMD_SET_QOS_MAP,
11383 .doit = nl80211_set_qos_map,
11384 .policy = nl80211_policy,
11385 .flags = GENL_ADMIN_PERM,
11386 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11387 NL80211_FLAG_NEED_RTNL,
11388 },
11389 {
11390 .cmd = NL80211_CMD_ADD_TX_TS,
11391 .doit = nl80211_add_tx_ts,
11392 .policy = nl80211_policy,
11393 .flags = GENL_ADMIN_PERM,
11394 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11395 NL80211_FLAG_NEED_RTNL,
11396 },
11397 {
11398 .cmd = NL80211_CMD_DEL_TX_TS,
11399 .doit = nl80211_del_tx_ts,
11400 .policy = nl80211_policy,
11401 .flags = GENL_ADMIN_PERM,
11402 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11403 NL80211_FLAG_NEED_RTNL,
11404 },
11405 {
11406 .cmd = NL80211_CMD_TDLS_CHANNEL_SWITCH,
11407 .doit = nl80211_tdls_channel_switch,
11408 .policy = nl80211_policy,
11409 .flags = GENL_ADMIN_PERM,
11410 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11411 NL80211_FLAG_NEED_RTNL,
11412 },
11413 {
11414 .cmd = NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH,
11415 .doit = nl80211_tdls_cancel_channel_switch,
11416 .policy = nl80211_policy,
11417 .flags = GENL_ADMIN_PERM,
11418 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11419 NL80211_FLAG_NEED_RTNL,
11420 },
11421};
11422
11423
11424
11425void nl80211_notify_wiphy(struct cfg80211_registered_device *rdev,
11426 enum nl80211_commands cmd)
11427{
11428 struct sk_buff *msg;
11429 struct nl80211_dump_wiphy_state state = {};
11430
11431 WARN_ON(cmd != NL80211_CMD_NEW_WIPHY &&
11432 cmd != NL80211_CMD_DEL_WIPHY);
11433
11434 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
11435 if (!msg)
11436 return;
11437
11438 if (nl80211_send_wiphy(rdev, cmd, msg, 0, 0, 0, &state) < 0) {
11439 nlmsg_free(msg);
11440 return;
11441 }
11442
11443 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11444 NL80211_MCGRP_CONFIG, GFP_KERNEL);
11445}
11446
11447static int nl80211_add_scan_req(struct sk_buff *msg,
11448 struct cfg80211_registered_device *rdev)
11449{
11450 struct cfg80211_scan_request *req = rdev->scan_req;
11451 struct nlattr *nest;
11452 int i;
11453
11454 if (WARN_ON(!req))
11455 return 0;
11456
11457 nest = nla_nest_start(msg, NL80211_ATTR_SCAN_SSIDS);
11458 if (!nest)
11459 goto nla_put_failure;
11460 for (i = 0; i < req->n_ssids; i++) {
11461 if (nla_put(msg, i, req->ssids[i].ssid_len, req->ssids[i].ssid))
11462 goto nla_put_failure;
11463 }
11464 nla_nest_end(msg, nest);
11465
11466 nest = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQUENCIES);
11467 if (!nest)
11468 goto nla_put_failure;
11469 for (i = 0; i < req->n_channels; i++) {
11470 if (nla_put_u32(msg, i, req->channels[i]->center_freq))
11471 goto nla_put_failure;
11472 }
11473 nla_nest_end(msg, nest);
11474
11475 if (req->ie &&
11476 nla_put(msg, NL80211_ATTR_IE, req->ie_len, req->ie))
11477 goto nla_put_failure;
11478
11479 if (req->flags &&
11480 nla_put_u32(msg, NL80211_ATTR_SCAN_FLAGS, req->flags))
11481 goto nla_put_failure;
11482
11483 return 0;
11484 nla_put_failure:
11485 return -ENOBUFS;
11486}
11487
11488static int nl80211_send_scan_msg(struct sk_buff *msg,
11489 struct cfg80211_registered_device *rdev,
11490 struct wireless_dev *wdev,
11491 u32 portid, u32 seq, int flags,
11492 u32 cmd)
11493{
11494 void *hdr;
11495
11496 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
11497 if (!hdr)
11498 return -1;
11499
11500 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11501 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
11502 wdev->netdev->ifindex)) ||
11503 nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
11504 goto nla_put_failure;
11505
11506
11507 nl80211_add_scan_req(msg, rdev);
11508
11509 genlmsg_end(msg, hdr);
11510 return 0;
11511
11512 nla_put_failure:
11513 genlmsg_cancel(msg, hdr);
11514 return -EMSGSIZE;
11515}
11516
11517static int
11518nl80211_send_sched_scan_msg(struct sk_buff *msg,
11519 struct cfg80211_registered_device *rdev,
11520 struct net_device *netdev,
11521 u32 portid, u32 seq, int flags, u32 cmd)
11522{
11523 void *hdr;
11524
11525 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
11526 if (!hdr)
11527 return -1;
11528
11529 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11530 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
11531 goto nla_put_failure;
11532
11533 genlmsg_end(msg, hdr);
11534 return 0;
11535
11536 nla_put_failure:
11537 genlmsg_cancel(msg, hdr);
11538 return -EMSGSIZE;
11539}
11540
11541void nl80211_send_scan_start(struct cfg80211_registered_device *rdev,
11542 struct wireless_dev *wdev)
11543{
11544 struct sk_buff *msg;
11545
11546 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
11547 if (!msg)
11548 return;
11549
11550 if (nl80211_send_scan_msg(msg, rdev, wdev, 0, 0, 0,
11551 NL80211_CMD_TRIGGER_SCAN) < 0) {
11552 nlmsg_free(msg);
11553 return;
11554 }
11555
11556 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11557 NL80211_MCGRP_SCAN, GFP_KERNEL);
11558}
11559
11560struct sk_buff *nl80211_build_scan_msg(struct cfg80211_registered_device *rdev,
11561 struct wireless_dev *wdev, bool aborted)
11562{
11563 struct sk_buff *msg;
11564
11565 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
11566 if (!msg)
11567 return NULL;
11568
11569 if (nl80211_send_scan_msg(msg, rdev, wdev, 0, 0, 0,
11570 aborted ? NL80211_CMD_SCAN_ABORTED :
11571 NL80211_CMD_NEW_SCAN_RESULTS) < 0) {
11572 nlmsg_free(msg);
11573 return NULL;
11574 }
11575
11576 return msg;
11577}
11578
11579void nl80211_send_scan_result(struct cfg80211_registered_device *rdev,
11580 struct sk_buff *msg)
11581{
11582 if (!msg)
11583 return;
11584
11585 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11586 NL80211_MCGRP_SCAN, GFP_KERNEL);
11587}
11588
11589void nl80211_send_sched_scan_results(struct cfg80211_registered_device *rdev,
11590 struct net_device *netdev)
11591{
11592 struct sk_buff *msg;
11593
11594 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
11595 if (!msg)
11596 return;
11597
11598 if (nl80211_send_sched_scan_msg(msg, rdev, netdev, 0, 0, 0,
11599 NL80211_CMD_SCHED_SCAN_RESULTS) < 0) {
11600 nlmsg_free(msg);
11601 return;
11602 }
11603
11604 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11605 NL80211_MCGRP_SCAN, GFP_KERNEL);
11606}
11607
11608void nl80211_send_sched_scan(struct cfg80211_registered_device *rdev,
11609 struct net_device *netdev, u32 cmd)
11610{
11611 struct sk_buff *msg;
11612
11613 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
11614 if (!msg)
11615 return;
11616
11617 if (nl80211_send_sched_scan_msg(msg, rdev, netdev, 0, 0, 0, cmd) < 0) {
11618 nlmsg_free(msg);
11619 return;
11620 }
11621
11622 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11623 NL80211_MCGRP_SCAN, GFP_KERNEL);
11624}
11625
11626static bool nl80211_reg_change_event_fill(struct sk_buff *msg,
11627 struct regulatory_request *request)
11628{
11629
11630 if (nla_put_u8(msg, NL80211_ATTR_REG_INITIATOR, request->initiator))
11631 goto nla_put_failure;
11632
11633 if (request->alpha2[0] == '0' && request->alpha2[1] == '0') {
11634 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
11635 NL80211_REGDOM_TYPE_WORLD))
11636 goto nla_put_failure;
11637 } else if (request->alpha2[0] == '9' && request->alpha2[1] == '9') {
11638 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
11639 NL80211_REGDOM_TYPE_CUSTOM_WORLD))
11640 goto nla_put_failure;
11641 } else if ((request->alpha2[0] == '9' && request->alpha2[1] == '8') ||
11642 request->intersect) {
11643 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
11644 NL80211_REGDOM_TYPE_INTERSECTION))
11645 goto nla_put_failure;
11646 } else {
11647 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
11648 NL80211_REGDOM_TYPE_COUNTRY) ||
11649 nla_put_string(msg, NL80211_ATTR_REG_ALPHA2,
11650 request->alpha2))
11651 goto nla_put_failure;
11652 }
11653
11654 if (request->wiphy_idx != WIPHY_IDX_INVALID) {
11655 struct wiphy *wiphy = wiphy_idx_to_wiphy(request->wiphy_idx);
11656
11657 if (wiphy &&
11658 nla_put_u32(msg, NL80211_ATTR_WIPHY, request->wiphy_idx))
11659 goto nla_put_failure;
11660
11661 if (wiphy &&
11662 wiphy->regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
11663 nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
11664 goto nla_put_failure;
11665 }
11666
11667 return true;
11668
11669nla_put_failure:
11670 return false;
11671}
11672
11673
11674
11675
11676
11677void nl80211_common_reg_change_event(enum nl80211_commands cmd_id,
11678 struct regulatory_request *request)
11679{
11680 struct sk_buff *msg;
11681 void *hdr;
11682
11683 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
11684 if (!msg)
11685 return;
11686
11687 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd_id);
11688 if (!hdr) {
11689 nlmsg_free(msg);
11690 return;
11691 }
11692
11693 if (nl80211_reg_change_event_fill(msg, request) == false)
11694 goto nla_put_failure;
11695
11696 genlmsg_end(msg, hdr);
11697
11698 rcu_read_lock();
11699 genlmsg_multicast_allns(&nl80211_fam, msg, 0,
11700 NL80211_MCGRP_REGULATORY, GFP_ATOMIC);
11701 rcu_read_unlock();
11702
11703 return;
11704
11705nla_put_failure:
11706 genlmsg_cancel(msg, hdr);
11707 nlmsg_free(msg);
11708}
11709
11710static void nl80211_send_mlme_event(struct cfg80211_registered_device *rdev,
11711 struct net_device *netdev,
11712 const u8 *buf, size_t len,
11713 enum nl80211_commands cmd, gfp_t gfp,
11714 int uapsd_queues)
11715{
11716 struct sk_buff *msg;
11717 void *hdr;
11718
11719 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11720 if (!msg)
11721 return;
11722
11723 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
11724 if (!hdr) {
11725 nlmsg_free(msg);
11726 return;
11727 }
11728
11729 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11730 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
11731 nla_put(msg, NL80211_ATTR_FRAME, len, buf))
11732 goto nla_put_failure;
11733
11734 if (uapsd_queues >= 0) {
11735 struct nlattr *nla_wmm =
11736 nla_nest_start(msg, NL80211_ATTR_STA_WME);
11737 if (!nla_wmm)
11738 goto nla_put_failure;
11739
11740 if (nla_put_u8(msg, NL80211_STA_WME_UAPSD_QUEUES,
11741 uapsd_queues))
11742 goto nla_put_failure;
11743
11744 nla_nest_end(msg, nla_wmm);
11745 }
11746
11747 genlmsg_end(msg, hdr);
11748
11749 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11750 NL80211_MCGRP_MLME, gfp);
11751 return;
11752
11753 nla_put_failure:
11754 genlmsg_cancel(msg, hdr);
11755 nlmsg_free(msg);
11756}
11757
11758void nl80211_send_rx_auth(struct cfg80211_registered_device *rdev,
11759 struct net_device *netdev, const u8 *buf,
11760 size_t len, gfp_t gfp)
11761{
11762 nl80211_send_mlme_event(rdev, netdev, buf, len,
11763 NL80211_CMD_AUTHENTICATE, gfp, -1);
11764}
11765
11766void nl80211_send_rx_assoc(struct cfg80211_registered_device *rdev,
11767 struct net_device *netdev, const u8 *buf,
11768 size_t len, gfp_t gfp, int uapsd_queues)
11769{
11770 nl80211_send_mlme_event(rdev, netdev, buf, len,
11771 NL80211_CMD_ASSOCIATE, gfp, uapsd_queues);
11772}
11773
11774void nl80211_send_deauth(struct cfg80211_registered_device *rdev,
11775 struct net_device *netdev, const u8 *buf,
11776 size_t len, gfp_t gfp)
11777{
11778 nl80211_send_mlme_event(rdev, netdev, buf, len,
11779 NL80211_CMD_DEAUTHENTICATE, gfp, -1);
11780}
11781
11782void nl80211_send_disassoc(struct cfg80211_registered_device *rdev,
11783 struct net_device *netdev, const u8 *buf,
11784 size_t len, gfp_t gfp)
11785{
11786 nl80211_send_mlme_event(rdev, netdev, buf, len,
11787 NL80211_CMD_DISASSOCIATE, gfp, -1);
11788}
11789
11790void cfg80211_rx_unprot_mlme_mgmt(struct net_device *dev, const u8 *buf,
11791 size_t len)
11792{
11793 struct wireless_dev *wdev = dev->ieee80211_ptr;
11794 struct wiphy *wiphy = wdev->wiphy;
11795 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
11796 const struct ieee80211_mgmt *mgmt = (void *)buf;
11797 u32 cmd;
11798
11799 if (WARN_ON(len < 2))
11800 return;
11801
11802 if (ieee80211_is_deauth(mgmt->frame_control))
11803 cmd = NL80211_CMD_UNPROT_DEAUTHENTICATE;
11804 else
11805 cmd = NL80211_CMD_UNPROT_DISASSOCIATE;
11806
11807 trace_cfg80211_rx_unprot_mlme_mgmt(dev, buf, len);
11808 nl80211_send_mlme_event(rdev, dev, buf, len, cmd, GFP_ATOMIC, -1);
11809}
11810EXPORT_SYMBOL(cfg80211_rx_unprot_mlme_mgmt);
11811
11812static void nl80211_send_mlme_timeout(struct cfg80211_registered_device *rdev,
11813 struct net_device *netdev, int cmd,
11814 const u8 *addr, gfp_t gfp)
11815{
11816 struct sk_buff *msg;
11817 void *hdr;
11818
11819 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11820 if (!msg)
11821 return;
11822
11823 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
11824 if (!hdr) {
11825 nlmsg_free(msg);
11826 return;
11827 }
11828
11829 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11830 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
11831 nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) ||
11832 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
11833 goto nla_put_failure;
11834
11835 genlmsg_end(msg, hdr);
11836
11837 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11838 NL80211_MCGRP_MLME, gfp);
11839 return;
11840
11841 nla_put_failure:
11842 genlmsg_cancel(msg, hdr);
11843 nlmsg_free(msg);
11844}
11845
11846void nl80211_send_auth_timeout(struct cfg80211_registered_device *rdev,
11847 struct net_device *netdev, const u8 *addr,
11848 gfp_t gfp)
11849{
11850 nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_AUTHENTICATE,
11851 addr, gfp);
11852}
11853
11854void nl80211_send_assoc_timeout(struct cfg80211_registered_device *rdev,
11855 struct net_device *netdev, const u8 *addr,
11856 gfp_t gfp)
11857{
11858 nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_ASSOCIATE,
11859 addr, gfp);
11860}
11861
11862void nl80211_send_connect_result(struct cfg80211_registered_device *rdev,
11863 struct net_device *netdev, const u8 *bssid,
11864 const u8 *req_ie, size_t req_ie_len,
11865 const u8 *resp_ie, size_t resp_ie_len,
11866 u16 status, gfp_t gfp)
11867{
11868 struct sk_buff *msg;
11869 void *hdr;
11870
11871 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11872 if (!msg)
11873 return;
11874
11875 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONNECT);
11876 if (!hdr) {
11877 nlmsg_free(msg);
11878 return;
11879 }
11880
11881 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11882 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
11883 (bssid && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid)) ||
11884 nla_put_u16(msg, NL80211_ATTR_STATUS_CODE, status) ||
11885 (req_ie &&
11886 nla_put(msg, NL80211_ATTR_REQ_IE, req_ie_len, req_ie)) ||
11887 (resp_ie &&
11888 nla_put(msg, NL80211_ATTR_RESP_IE, resp_ie_len, resp_ie)))
11889 goto nla_put_failure;
11890
11891 genlmsg_end(msg, hdr);
11892
11893 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11894 NL80211_MCGRP_MLME, gfp);
11895 return;
11896
11897 nla_put_failure:
11898 genlmsg_cancel(msg, hdr);
11899 nlmsg_free(msg);
11900
11901}
11902
11903void nl80211_send_roamed(struct cfg80211_registered_device *rdev,
11904 struct net_device *netdev, const u8 *bssid,
11905 const u8 *req_ie, size_t req_ie_len,
11906 const u8 *resp_ie, size_t resp_ie_len, gfp_t gfp)
11907{
11908 struct sk_buff *msg;
11909 void *hdr;
11910
11911 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11912 if (!msg)
11913 return;
11914
11915 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ROAM);
11916 if (!hdr) {
11917 nlmsg_free(msg);
11918 return;
11919 }
11920
11921 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11922 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
11923 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid) ||
11924 (req_ie &&
11925 nla_put(msg, NL80211_ATTR_REQ_IE, req_ie_len, req_ie)) ||
11926 (resp_ie &&
11927 nla_put(msg, NL80211_ATTR_RESP_IE, resp_ie_len, resp_ie)))
11928 goto nla_put_failure;
11929
11930 genlmsg_end(msg, hdr);
11931
11932 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11933 NL80211_MCGRP_MLME, gfp);
11934 return;
11935
11936 nla_put_failure:
11937 genlmsg_cancel(msg, hdr);
11938 nlmsg_free(msg);
11939
11940}
11941
11942void nl80211_send_disconnected(struct cfg80211_registered_device *rdev,
11943 struct net_device *netdev, u16 reason,
11944 const u8 *ie, size_t ie_len, bool from_ap)
11945{
11946 struct sk_buff *msg;
11947 void *hdr;
11948
11949 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
11950 if (!msg)
11951 return;
11952
11953 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DISCONNECT);
11954 if (!hdr) {
11955 nlmsg_free(msg);
11956 return;
11957 }
11958
11959 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11960 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
11961 (from_ap && reason &&
11962 nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason)) ||
11963 (from_ap &&
11964 nla_put_flag(msg, NL80211_ATTR_DISCONNECTED_BY_AP)) ||
11965 (ie && nla_put(msg, NL80211_ATTR_IE, ie_len, ie)))
11966 goto nla_put_failure;
11967
11968 genlmsg_end(msg, hdr);
11969
11970 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11971 NL80211_MCGRP_MLME, GFP_KERNEL);
11972 return;
11973
11974 nla_put_failure:
11975 genlmsg_cancel(msg, hdr);
11976 nlmsg_free(msg);
11977
11978}
11979
11980void nl80211_send_ibss_bssid(struct cfg80211_registered_device *rdev,
11981 struct net_device *netdev, const u8 *bssid,
11982 gfp_t gfp)
11983{
11984 struct sk_buff *msg;
11985 void *hdr;
11986
11987 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11988 if (!msg)
11989 return;
11990
11991 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_JOIN_IBSS);
11992 if (!hdr) {
11993 nlmsg_free(msg);
11994 return;
11995 }
11996
11997 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11998 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
11999 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
12000 goto nla_put_failure;
12001
12002 genlmsg_end(msg, hdr);
12003
12004 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
12005 NL80211_MCGRP_MLME, gfp);
12006 return;
12007
12008 nla_put_failure:
12009 genlmsg_cancel(msg, hdr);
12010 nlmsg_free(msg);
12011}
12012
12013void cfg80211_notify_new_peer_candidate(struct net_device *dev, const u8 *addr,
12014 const u8* ie, u8 ie_len, gfp_t gfp)
12015{
12016 struct wireless_dev *wdev = dev->ieee80211_ptr;
12017 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
12018 struct sk_buff *msg;
12019 void *hdr;
12020
12021 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_MESH_POINT))
12022 return;
12023
12024 trace_cfg80211_notify_new_peer_candidate(dev, addr);
12025
12026 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12027 if (!msg)
12028 return;
12029
12030 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NEW_PEER_CANDIDATE);
12031 if (!hdr) {
12032 nlmsg_free(msg);
12033 return;
12034 }
12035
12036 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12037 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
12038 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
12039 (ie_len && ie &&
12040 nla_put(msg, NL80211_ATTR_IE, ie_len , ie)))
12041 goto nla_put_failure;
12042
12043 genlmsg_end(msg, hdr);
12044
12045 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
12046 NL80211_MCGRP_MLME, gfp);
12047 return;
12048
12049 nla_put_failure:
12050 genlmsg_cancel(msg, hdr);
12051 nlmsg_free(msg);
12052}
12053EXPORT_SYMBOL(cfg80211_notify_new_peer_candidate);
12054
12055void nl80211_michael_mic_failure(struct cfg80211_registered_device *rdev,
12056 struct net_device *netdev, const u8 *addr,
12057 enum nl80211_key_type key_type, int key_id,
12058 const u8 *tsc, gfp_t gfp)
12059{
12060 struct sk_buff *msg;
12061 void *hdr;
12062
12063 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12064 if (!msg)
12065 return;
12066
12067 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_MICHAEL_MIC_FAILURE);
12068 if (!hdr) {
12069 nlmsg_free(msg);
12070 return;
12071 }
12072
12073 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12074 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
12075 (addr && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) ||
12076 nla_put_u32(msg, NL80211_ATTR_KEY_TYPE, key_type) ||
12077 (key_id != -1 &&
12078 nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_id)) ||
12079 (tsc && nla_put(msg, NL80211_ATTR_KEY_SEQ, 6, tsc)))
12080 goto nla_put_failure;
12081
12082 genlmsg_end(msg, hdr);
12083
12084 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
12085 NL80211_MCGRP_MLME, gfp);
12086 return;
12087
12088 nla_put_failure:
12089 genlmsg_cancel(msg, hdr);
12090 nlmsg_free(msg);
12091}
12092
12093void nl80211_send_beacon_hint_event(struct wiphy *wiphy,
12094 struct ieee80211_channel *channel_before,
12095 struct ieee80211_channel *channel_after)
12096{
12097 struct sk_buff *msg;
12098 void *hdr;
12099 struct nlattr *nl_freq;
12100
12101 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC);
12102 if (!msg)
12103 return;
12104
12105 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_BEACON_HINT);
12106 if (!hdr) {
12107 nlmsg_free(msg);
12108 return;
12109 }
12110
12111
12112
12113
12114
12115 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
12116 goto nla_put_failure;
12117
12118
12119 nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_BEFORE);
12120 if (!nl_freq)
12121 goto nla_put_failure;
12122 if (nl80211_msg_put_channel(msg, channel_before, false))
12123 goto nla_put_failure;
12124 nla_nest_end(msg, nl_freq);
12125
12126
12127 nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_AFTER);
12128 if (!nl_freq)
12129 goto nla_put_failure;
12130 if (nl80211_msg_put_channel(msg, channel_after, false))
12131 goto nla_put_failure;
12132 nla_nest_end(msg, nl_freq);
12133
12134 genlmsg_end(msg, hdr);
12135
12136 rcu_read_lock();
12137 genlmsg_multicast_allns(&nl80211_fam, msg, 0,
12138 NL80211_MCGRP_REGULATORY, GFP_ATOMIC);
12139 rcu_read_unlock();
12140
12141 return;
12142
12143nla_put_failure:
12144 genlmsg_cancel(msg, hdr);
12145 nlmsg_free(msg);
12146}
12147
12148static void nl80211_send_remain_on_chan_event(
12149 int cmd, struct cfg80211_registered_device *rdev,
12150 struct wireless_dev *wdev, u64 cookie,
12151 struct ieee80211_channel *chan,
12152 unsigned int duration, gfp_t gfp)
12153{
12154 struct sk_buff *msg;
12155 void *hdr;
12156
12157 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12158 if (!msg)
12159 return;
12160
12161 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
12162 if (!hdr) {
12163 nlmsg_free(msg);
12164 return;
12165 }
12166
12167 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12168 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
12169 wdev->netdev->ifindex)) ||
12170 nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)) ||
12171 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, chan->center_freq) ||
12172 nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
12173 NL80211_CHAN_NO_HT) ||
12174 nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie))
12175 goto nla_put_failure;
12176
12177 if (cmd == NL80211_CMD_REMAIN_ON_CHANNEL &&
12178 nla_put_u32(msg, NL80211_ATTR_DURATION, duration))
12179 goto nla_put_failure;
12180
12181 genlmsg_end(msg, hdr);
12182
12183 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
12184 NL80211_MCGRP_MLME, gfp);
12185 return;
12186
12187 nla_put_failure:
12188 genlmsg_cancel(msg, hdr);
12189 nlmsg_free(msg);
12190}
12191
12192void cfg80211_ready_on_channel(struct wireless_dev *wdev, u64 cookie,
12193 struct ieee80211_channel *chan,
12194 unsigned int duration, gfp_t gfp)
12195{
12196 struct wiphy *wiphy = wdev->wiphy;
12197 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12198
12199 trace_cfg80211_ready_on_channel(wdev, cookie, chan, duration);
12200 nl80211_send_remain_on_chan_event(NL80211_CMD_REMAIN_ON_CHANNEL,
12201 rdev, wdev, cookie, chan,
12202 duration, gfp);
12203}
12204EXPORT_SYMBOL(cfg80211_ready_on_channel);
12205
12206void cfg80211_remain_on_channel_expired(struct wireless_dev *wdev, u64 cookie,
12207 struct ieee80211_channel *chan,
12208 gfp_t gfp)
12209{
12210 struct wiphy *wiphy = wdev->wiphy;
12211 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12212
12213 trace_cfg80211_ready_on_channel_expired(wdev, cookie, chan);
12214 nl80211_send_remain_on_chan_event(NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
12215 rdev, wdev, cookie, chan, 0, gfp);
12216}
12217EXPORT_SYMBOL(cfg80211_remain_on_channel_expired);
12218
12219void cfg80211_new_sta(struct net_device *dev, const u8 *mac_addr,
12220 struct station_info *sinfo, gfp_t gfp)
12221{
12222 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
12223 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12224 struct sk_buff *msg;
12225
12226 trace_cfg80211_new_sta(dev, mac_addr, sinfo);
12227
12228 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12229 if (!msg)
12230 return;
12231
12232 if (nl80211_send_station(msg, NL80211_CMD_NEW_STATION, 0, 0, 0,
12233 rdev, dev, mac_addr, sinfo) < 0) {
12234 nlmsg_free(msg);
12235 return;
12236 }
12237
12238 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
12239 NL80211_MCGRP_MLME, gfp);
12240}
12241EXPORT_SYMBOL(cfg80211_new_sta);
12242
12243void cfg80211_del_sta_sinfo(struct net_device *dev, const u8 *mac_addr,
12244 struct station_info *sinfo, gfp_t gfp)
12245{
12246 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
12247 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12248 struct sk_buff *msg;
12249 struct station_info empty_sinfo = {};
12250
12251 if (!sinfo)
12252 sinfo = &empty_sinfo;
12253
12254 trace_cfg80211_del_sta(dev, mac_addr);
12255
12256 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12257 if (!msg)
12258 return;
12259
12260 if (nl80211_send_station(msg, NL80211_CMD_DEL_STATION, 0, 0, 0,
12261 rdev, dev, mac_addr, sinfo) < 0) {
12262 nlmsg_free(msg);
12263 return;
12264 }
12265
12266 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
12267 NL80211_MCGRP_MLME, gfp);
12268}
12269EXPORT_SYMBOL(cfg80211_del_sta_sinfo);
12270
12271void cfg80211_conn_failed(struct net_device *dev, const u8 *mac_addr,
12272 enum nl80211_connect_failed_reason reason,
12273 gfp_t gfp)
12274{
12275 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
12276 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12277 struct sk_buff *msg;
12278 void *hdr;
12279
12280 msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
12281 if (!msg)
12282 return;
12283
12284 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONN_FAILED);
12285 if (!hdr) {
12286 nlmsg_free(msg);
12287 return;
12288 }
12289
12290 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
12291 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
12292 nla_put_u32(msg, NL80211_ATTR_CONN_FAILED_REASON, reason))
12293 goto nla_put_failure;
12294
12295 genlmsg_end(msg, hdr);
12296
12297 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
12298 NL80211_MCGRP_MLME, gfp);
12299 return;
12300
12301 nla_put_failure:
12302 genlmsg_cancel(msg, hdr);
12303 nlmsg_free(msg);
12304}
12305EXPORT_SYMBOL(cfg80211_conn_failed);
12306
12307static bool __nl80211_unexpected_frame(struct net_device *dev, u8 cmd,
12308 const u8 *addr, gfp_t gfp)
12309{
12310 struct wireless_dev *wdev = dev->ieee80211_ptr;
12311 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
12312 struct sk_buff *msg;
12313 void *hdr;
12314 u32 nlportid = ACCESS_ONCE(wdev->ap_unexpected_nlportid);
12315
12316 if (!nlportid)
12317 return false;
12318
12319 msg = nlmsg_new(100, gfp);
12320 if (!msg)
12321 return true;
12322
12323 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
12324 if (!hdr) {
12325 nlmsg_free(msg);
12326 return true;
12327 }
12328
12329 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12330 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
12331 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
12332 goto nla_put_failure;
12333
12334 genlmsg_end(msg, hdr);
12335 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
12336 return true;
12337
12338 nla_put_failure:
12339 genlmsg_cancel(msg, hdr);
12340 nlmsg_free(msg);
12341 return true;
12342}
12343
12344bool cfg80211_rx_spurious_frame(struct net_device *dev,
12345 const u8 *addr, gfp_t gfp)
12346{
12347 struct wireless_dev *wdev = dev->ieee80211_ptr;
12348 bool ret;
12349
12350 trace_cfg80211_rx_spurious_frame(dev, addr);
12351
12352 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
12353 wdev->iftype != NL80211_IFTYPE_P2P_GO)) {
12354 trace_cfg80211_return_bool(false);
12355 return false;
12356 }
12357 ret = __nl80211_unexpected_frame(dev, NL80211_CMD_UNEXPECTED_FRAME,
12358 addr, gfp);
12359 trace_cfg80211_return_bool(ret);
12360 return ret;
12361}
12362EXPORT_SYMBOL(cfg80211_rx_spurious_frame);
12363
12364bool cfg80211_rx_unexpected_4addr_frame(struct net_device *dev,
12365 const u8 *addr, gfp_t gfp)
12366{
12367 struct wireless_dev *wdev = dev->ieee80211_ptr;
12368 bool ret;
12369
12370 trace_cfg80211_rx_unexpected_4addr_frame(dev, addr);
12371
12372 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
12373 wdev->iftype != NL80211_IFTYPE_P2P_GO &&
12374 wdev->iftype != NL80211_IFTYPE_AP_VLAN)) {
12375 trace_cfg80211_return_bool(false);
12376 return false;
12377 }
12378 ret = __nl80211_unexpected_frame(dev,
12379 NL80211_CMD_UNEXPECTED_4ADDR_FRAME,
12380 addr, gfp);
12381 trace_cfg80211_return_bool(ret);
12382 return ret;
12383}
12384EXPORT_SYMBOL(cfg80211_rx_unexpected_4addr_frame);
12385
12386int nl80211_send_mgmt(struct cfg80211_registered_device *rdev,
12387 struct wireless_dev *wdev, u32 nlportid,
12388 int freq, int sig_dbm,
12389 const u8 *buf, size_t len, u32 flags, gfp_t gfp)
12390{
12391 struct net_device *netdev = wdev->netdev;
12392 struct sk_buff *msg;
12393 void *hdr;
12394
12395 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12396 if (!msg)
12397 return -ENOMEM;
12398
12399 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
12400 if (!hdr) {
12401 nlmsg_free(msg);
12402 return -ENOMEM;
12403 }
12404
12405 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12406 (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
12407 netdev->ifindex)) ||
12408 nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)) ||
12409 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq) ||
12410 (sig_dbm &&
12411 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) ||
12412 nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
12413 (flags &&
12414 nla_put_u32(msg, NL80211_ATTR_RXMGMT_FLAGS, flags)))
12415 goto nla_put_failure;
12416
12417 genlmsg_end(msg, hdr);
12418
12419 return genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
12420
12421 nla_put_failure:
12422 genlmsg_cancel(msg, hdr);
12423 nlmsg_free(msg);
12424 return -ENOBUFS;
12425}
12426
12427void cfg80211_mgmt_tx_status(struct wireless_dev *wdev, u64 cookie,
12428 const u8 *buf, size_t len, bool ack, gfp_t gfp)
12429{
12430 struct wiphy *wiphy = wdev->wiphy;
12431 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12432 struct net_device *netdev = wdev->netdev;
12433 struct sk_buff *msg;
12434 void *hdr;
12435
12436 trace_cfg80211_mgmt_tx_status(wdev, cookie, ack);
12437
12438 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12439 if (!msg)
12440 return;
12441
12442 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME_TX_STATUS);
12443 if (!hdr) {
12444 nlmsg_free(msg);
12445 return;
12446 }
12447
12448 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12449 (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
12450 netdev->ifindex)) ||
12451 nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)) ||
12452 nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
12453 nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie) ||
12454 (ack && nla_put_flag(msg, NL80211_ATTR_ACK)))
12455 goto nla_put_failure;
12456
12457 genlmsg_end(msg, hdr);
12458
12459 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
12460 NL80211_MCGRP_MLME, gfp);
12461 return;
12462
12463 nla_put_failure:
12464 genlmsg_cancel(msg, hdr);
12465 nlmsg_free(msg);
12466}
12467EXPORT_SYMBOL(cfg80211_mgmt_tx_status);
12468
12469static struct sk_buff *cfg80211_prepare_cqm(struct net_device *dev,
12470 const char *mac, gfp_t gfp)
12471{
12472 struct wireless_dev *wdev = dev->ieee80211_ptr;
12473 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
12474 struct sk_buff *msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12475 void **cb;
12476
12477 if (!msg)
12478 return NULL;
12479
12480 cb = (void **)msg->cb;
12481
12482 cb[0] = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM);
12483 if (!cb[0]) {
12484 nlmsg_free(msg);
12485 return NULL;
12486 }
12487
12488 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12489 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
12490 goto nla_put_failure;
12491
12492 if (mac && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac))
12493 goto nla_put_failure;
12494
12495 cb[1] = nla_nest_start(msg, NL80211_ATTR_CQM);
12496 if (!cb[1])
12497 goto nla_put_failure;
12498
12499 cb[2] = rdev;
12500
12501 return msg;
12502 nla_put_failure:
12503 nlmsg_free(msg);
12504 return NULL;
12505}
12506
12507static void cfg80211_send_cqm(struct sk_buff *msg, gfp_t gfp)
12508{
12509 void **cb = (void **)msg->cb;
12510 struct cfg80211_registered_device *rdev = cb[2];
12511
12512 nla_nest_end(msg, cb[1]);
12513 genlmsg_end(msg, cb[0]);
12514
12515 memset(msg->cb, 0, sizeof(msg->cb));
12516
12517 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
12518 NL80211_MCGRP_MLME, gfp);
12519}
12520
12521void cfg80211_cqm_rssi_notify(struct net_device *dev,
12522 enum nl80211_cqm_rssi_threshold_event rssi_event,
12523 gfp_t gfp)
12524{
12525 struct sk_buff *msg;
12526
12527 trace_cfg80211_cqm_rssi_notify(dev, rssi_event);
12528
12529 if (WARN_ON(rssi_event != NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW &&
12530 rssi_event != NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH))
12531 return;
12532
12533 msg = cfg80211_prepare_cqm(dev, NULL, gfp);
12534 if (!msg)
12535 return;
12536
12537 if (nla_put_u32(msg, NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT,
12538 rssi_event))
12539 goto nla_put_failure;
12540
12541 cfg80211_send_cqm(msg, gfp);
12542
12543 return;
12544
12545 nla_put_failure:
12546 nlmsg_free(msg);
12547}
12548EXPORT_SYMBOL(cfg80211_cqm_rssi_notify);
12549
12550void cfg80211_cqm_txe_notify(struct net_device *dev,
12551 const u8 *peer, u32 num_packets,
12552 u32 rate, u32 intvl, gfp_t gfp)
12553{
12554 struct sk_buff *msg;
12555
12556 msg = cfg80211_prepare_cqm(dev, peer, gfp);
12557 if (!msg)
12558 return;
12559
12560 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_PKTS, num_packets))
12561 goto nla_put_failure;
12562
12563 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_RATE, rate))
12564 goto nla_put_failure;
12565
12566 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_INTVL, intvl))
12567 goto nla_put_failure;
12568
12569 cfg80211_send_cqm(msg, gfp);
12570 return;
12571
12572 nla_put_failure:
12573 nlmsg_free(msg);
12574}
12575EXPORT_SYMBOL(cfg80211_cqm_txe_notify);
12576
12577void cfg80211_cqm_pktloss_notify(struct net_device *dev,
12578 const u8 *peer, u32 num_packets, gfp_t gfp)
12579{
12580 struct sk_buff *msg;
12581
12582 trace_cfg80211_cqm_pktloss_notify(dev, peer, num_packets);
12583
12584 msg = cfg80211_prepare_cqm(dev, peer, gfp);
12585 if (!msg)
12586 return;
12587
12588 if (nla_put_u32(msg, NL80211_ATTR_CQM_PKT_LOSS_EVENT, num_packets))
12589 goto nla_put_failure;
12590
12591 cfg80211_send_cqm(msg, gfp);
12592 return;
12593
12594 nla_put_failure:
12595 nlmsg_free(msg);
12596}
12597EXPORT_SYMBOL(cfg80211_cqm_pktloss_notify);
12598
12599void cfg80211_cqm_beacon_loss_notify(struct net_device *dev, gfp_t gfp)
12600{
12601 struct sk_buff *msg;
12602
12603 msg = cfg80211_prepare_cqm(dev, NULL, gfp);
12604 if (!msg)
12605 return;
12606
12607 if (nla_put_flag(msg, NL80211_ATTR_CQM_BEACON_LOSS_EVENT))
12608 goto nla_put_failure;
12609
12610 cfg80211_send_cqm(msg, gfp);
12611 return;
12612
12613 nla_put_failure:
12614 nlmsg_free(msg);
12615}
12616EXPORT_SYMBOL(cfg80211_cqm_beacon_loss_notify);
12617
12618static void nl80211_gtk_rekey_notify(struct cfg80211_registered_device *rdev,
12619 struct net_device *netdev, const u8 *bssid,
12620 const u8 *replay_ctr, gfp_t gfp)
12621{
12622 struct sk_buff *msg;
12623 struct nlattr *rekey_attr;
12624 void *hdr;
12625
12626 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12627 if (!msg)
12628 return;
12629
12630 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_REKEY_OFFLOAD);
12631 if (!hdr) {
12632 nlmsg_free(msg);
12633 return;
12634 }
12635
12636 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12637 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
12638 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
12639 goto nla_put_failure;
12640
12641 rekey_attr = nla_nest_start(msg, NL80211_ATTR_REKEY_DATA);
12642 if (!rekey_attr)
12643 goto nla_put_failure;
12644
12645 if (nla_put(msg, NL80211_REKEY_DATA_REPLAY_CTR,
12646 NL80211_REPLAY_CTR_LEN, replay_ctr))
12647 goto nla_put_failure;
12648
12649 nla_nest_end(msg, rekey_attr);
12650
12651 genlmsg_end(msg, hdr);
12652
12653 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
12654 NL80211_MCGRP_MLME, gfp);
12655 return;
12656
12657 nla_put_failure:
12658 genlmsg_cancel(msg, hdr);
12659 nlmsg_free(msg);
12660}
12661
12662void cfg80211_gtk_rekey_notify(struct net_device *dev, const u8 *bssid,
12663 const u8 *replay_ctr, gfp_t gfp)
12664{
12665 struct wireless_dev *wdev = dev->ieee80211_ptr;
12666 struct wiphy *wiphy = wdev->wiphy;
12667 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12668
12669 trace_cfg80211_gtk_rekey_notify(dev, bssid);
12670 nl80211_gtk_rekey_notify(rdev, dev, bssid, replay_ctr, gfp);
12671}
12672EXPORT_SYMBOL(cfg80211_gtk_rekey_notify);
12673
12674static void
12675nl80211_pmksa_candidate_notify(struct cfg80211_registered_device *rdev,
12676 struct net_device *netdev, int index,
12677 const u8 *bssid, bool preauth, gfp_t gfp)
12678{
12679 struct sk_buff *msg;
12680 struct nlattr *attr;
12681 void *hdr;
12682
12683 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12684 if (!msg)
12685 return;
12686
12687 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PMKSA_CANDIDATE);
12688 if (!hdr) {
12689 nlmsg_free(msg);
12690 return;
12691 }
12692
12693 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12694 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
12695 goto nla_put_failure;
12696
12697 attr = nla_nest_start(msg, NL80211_ATTR_PMKSA_CANDIDATE);
12698 if (!attr)
12699 goto nla_put_failure;
12700
12701 if (nla_put_u32(msg, NL80211_PMKSA_CANDIDATE_INDEX, index) ||
12702 nla_put(msg, NL80211_PMKSA_CANDIDATE_BSSID, ETH_ALEN, bssid) ||
12703 (preauth &&
12704 nla_put_flag(msg, NL80211_PMKSA_CANDIDATE_PREAUTH)))
12705 goto nla_put_failure;
12706
12707 nla_nest_end(msg, attr);
12708
12709 genlmsg_end(msg, hdr);
12710
12711 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
12712 NL80211_MCGRP_MLME, gfp);
12713 return;
12714
12715 nla_put_failure:
12716 genlmsg_cancel(msg, hdr);
12717 nlmsg_free(msg);
12718}
12719
12720void cfg80211_pmksa_candidate_notify(struct net_device *dev, int index,
12721 const u8 *bssid, bool preauth, gfp_t gfp)
12722{
12723 struct wireless_dev *wdev = dev->ieee80211_ptr;
12724 struct wiphy *wiphy = wdev->wiphy;
12725 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12726
12727 trace_cfg80211_pmksa_candidate_notify(dev, index, bssid, preauth);
12728 nl80211_pmksa_candidate_notify(rdev, dev, index, bssid, preauth, gfp);
12729}
12730EXPORT_SYMBOL(cfg80211_pmksa_candidate_notify);
12731
12732static void nl80211_ch_switch_notify(struct cfg80211_registered_device *rdev,
12733 struct net_device *netdev,
12734 struct cfg80211_chan_def *chandef,
12735 gfp_t gfp,
12736 enum nl80211_commands notif,
12737 u8 count)
12738{
12739 struct sk_buff *msg;
12740 void *hdr;
12741
12742 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12743 if (!msg)
12744 return;
12745
12746 hdr = nl80211hdr_put(msg, 0, 0, 0, notif);
12747 if (!hdr) {
12748 nlmsg_free(msg);
12749 return;
12750 }
12751
12752 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
12753 goto nla_put_failure;
12754
12755 if (nl80211_send_chandef(msg, chandef))
12756 goto nla_put_failure;
12757
12758 if ((notif == NL80211_CMD_CH_SWITCH_STARTED_NOTIFY) &&
12759 (nla_put_u32(msg, NL80211_ATTR_CH_SWITCH_COUNT, count)))
12760 goto nla_put_failure;
12761
12762 genlmsg_end(msg, hdr);
12763
12764 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
12765 NL80211_MCGRP_MLME, gfp);
12766 return;
12767
12768 nla_put_failure:
12769 genlmsg_cancel(msg, hdr);
12770 nlmsg_free(msg);
12771}
12772
12773void cfg80211_ch_switch_notify(struct net_device *dev,
12774 struct cfg80211_chan_def *chandef)
12775{
12776 struct wireless_dev *wdev = dev->ieee80211_ptr;
12777 struct wiphy *wiphy = wdev->wiphy;
12778 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12779
12780 ASSERT_WDEV_LOCK(wdev);
12781
12782 trace_cfg80211_ch_switch_notify(dev, chandef);
12783
12784 wdev->chandef = *chandef;
12785 wdev->preset_chandef = *chandef;
12786 nl80211_ch_switch_notify(rdev, dev, chandef, GFP_KERNEL,
12787 NL80211_CMD_CH_SWITCH_NOTIFY, 0);
12788}
12789EXPORT_SYMBOL(cfg80211_ch_switch_notify);
12790
12791void cfg80211_ch_switch_started_notify(struct net_device *dev,
12792 struct cfg80211_chan_def *chandef,
12793 u8 count)
12794{
12795 struct wireless_dev *wdev = dev->ieee80211_ptr;
12796 struct wiphy *wiphy = wdev->wiphy;
12797 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12798
12799 trace_cfg80211_ch_switch_started_notify(dev, chandef);
12800
12801 nl80211_ch_switch_notify(rdev, dev, chandef, GFP_KERNEL,
12802 NL80211_CMD_CH_SWITCH_STARTED_NOTIFY, count);
12803}
12804EXPORT_SYMBOL(cfg80211_ch_switch_started_notify);
12805
12806void
12807nl80211_radar_notify(struct cfg80211_registered_device *rdev,
12808 const struct cfg80211_chan_def *chandef,
12809 enum nl80211_radar_event event,
12810 struct net_device *netdev, gfp_t gfp)
12811{
12812 struct sk_buff *msg;
12813 void *hdr;
12814
12815 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12816 if (!msg)
12817 return;
12818
12819 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_RADAR_DETECT);
12820 if (!hdr) {
12821 nlmsg_free(msg);
12822 return;
12823 }
12824
12825 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
12826 goto nla_put_failure;
12827
12828
12829 if (netdev) {
12830 struct wireless_dev *wdev = netdev->ieee80211_ptr;
12831
12832 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
12833 nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
12834 goto nla_put_failure;
12835 }
12836
12837 if (nla_put_u32(msg, NL80211_ATTR_RADAR_EVENT, event))
12838 goto nla_put_failure;
12839
12840 if (nl80211_send_chandef(msg, chandef))
12841 goto nla_put_failure;
12842
12843 genlmsg_end(msg, hdr);
12844
12845 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
12846 NL80211_MCGRP_MLME, gfp);
12847 return;
12848
12849 nla_put_failure:
12850 genlmsg_cancel(msg, hdr);
12851 nlmsg_free(msg);
12852}
12853
12854void cfg80211_probe_status(struct net_device *dev, const u8 *addr,
12855 u64 cookie, bool acked, gfp_t gfp)
12856{
12857 struct wireless_dev *wdev = dev->ieee80211_ptr;
12858 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
12859 struct sk_buff *msg;
12860 void *hdr;
12861
12862 trace_cfg80211_probe_status(dev, addr, cookie, acked);
12863
12864 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12865
12866 if (!msg)
12867 return;
12868
12869 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PROBE_CLIENT);
12870 if (!hdr) {
12871 nlmsg_free(msg);
12872 return;
12873 }
12874
12875 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12876 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
12877 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
12878 nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie) ||
12879 (acked && nla_put_flag(msg, NL80211_ATTR_ACK)))
12880 goto nla_put_failure;
12881
12882 genlmsg_end(msg, hdr);
12883
12884 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
12885 NL80211_MCGRP_MLME, gfp);
12886 return;
12887
12888 nla_put_failure:
12889 genlmsg_cancel(msg, hdr);
12890 nlmsg_free(msg);
12891}
12892EXPORT_SYMBOL(cfg80211_probe_status);
12893
12894void cfg80211_report_obss_beacon(struct wiphy *wiphy,
12895 const u8 *frame, size_t len,
12896 int freq, int sig_dbm)
12897{
12898 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12899 struct sk_buff *msg;
12900 void *hdr;
12901 struct cfg80211_beacon_registration *reg;
12902
12903 trace_cfg80211_report_obss_beacon(wiphy, frame, len, freq, sig_dbm);
12904
12905 spin_lock_bh(&rdev->beacon_registrations_lock);
12906 list_for_each_entry(reg, &rdev->beacon_registrations, list) {
12907 msg = nlmsg_new(len + 100, GFP_ATOMIC);
12908 if (!msg) {
12909 spin_unlock_bh(&rdev->beacon_registrations_lock);
12910 return;
12911 }
12912
12913 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
12914 if (!hdr)
12915 goto nla_put_failure;
12916
12917 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12918 (freq &&
12919 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq)) ||
12920 (sig_dbm &&
12921 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) ||
12922 nla_put(msg, NL80211_ATTR_FRAME, len, frame))
12923 goto nla_put_failure;
12924
12925 genlmsg_end(msg, hdr);
12926
12927 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, reg->nlportid);
12928 }
12929 spin_unlock_bh(&rdev->beacon_registrations_lock);
12930 return;
12931
12932 nla_put_failure:
12933 spin_unlock_bh(&rdev->beacon_registrations_lock);
12934 if (hdr)
12935 genlmsg_cancel(msg, hdr);
12936 nlmsg_free(msg);
12937}
12938EXPORT_SYMBOL(cfg80211_report_obss_beacon);
12939
12940#ifdef CONFIG_PM
12941static int cfg80211_net_detect_results(struct sk_buff *msg,
12942 struct cfg80211_wowlan_wakeup *wakeup)
12943{
12944 struct cfg80211_wowlan_nd_info *nd = wakeup->net_detect;
12945 struct nlattr *nl_results, *nl_match, *nl_freqs;
12946 int i, j;
12947
12948 nl_results = nla_nest_start(
12949 msg, NL80211_WOWLAN_TRIG_NET_DETECT_RESULTS);
12950 if (!nl_results)
12951 return -EMSGSIZE;
12952
12953 for (i = 0; i < nd->n_matches; i++) {
12954 struct cfg80211_wowlan_nd_match *match = nd->matches[i];
12955
12956 nl_match = nla_nest_start(msg, i);
12957 if (!nl_match)
12958 break;
12959
12960
12961
12962
12963
12964
12965
12966
12967 if (nla_put(msg, NL80211_ATTR_SSID, match->ssid.ssid_len,
12968 match->ssid.ssid)) {
12969 nla_nest_cancel(msg, nl_match);
12970 goto out;
12971 }
12972
12973 if (match->n_channels) {
12974 nl_freqs = nla_nest_start(
12975 msg, NL80211_ATTR_SCAN_FREQUENCIES);
12976 if (!nl_freqs) {
12977 nla_nest_cancel(msg, nl_match);
12978 goto out;
12979 }
12980
12981 for (j = 0; j < match->n_channels; j++) {
12982 if (nla_put_u32(msg, j, match->channels[j])) {
12983 nla_nest_cancel(msg, nl_freqs);
12984 nla_nest_cancel(msg, nl_match);
12985 goto out;
12986 }
12987 }
12988
12989 nla_nest_end(msg, nl_freqs);
12990 }
12991
12992 nla_nest_end(msg, nl_match);
12993 }
12994
12995out:
12996 nla_nest_end(msg, nl_results);
12997 return 0;
12998}
12999
13000void cfg80211_report_wowlan_wakeup(struct wireless_dev *wdev,
13001 struct cfg80211_wowlan_wakeup *wakeup,
13002 gfp_t gfp)
13003{
13004 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
13005 struct sk_buff *msg;
13006 void *hdr;
13007 int size = 200;
13008
13009 trace_cfg80211_report_wowlan_wakeup(wdev->wiphy, wdev, wakeup);
13010
13011 if (wakeup)
13012 size += wakeup->packet_present_len;
13013
13014 msg = nlmsg_new(size, gfp);
13015 if (!msg)
13016 return;
13017
13018 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_WOWLAN);
13019 if (!hdr)
13020 goto free_msg;
13021
13022 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
13023 nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
13024 goto free_msg;
13025
13026 if (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
13027 wdev->netdev->ifindex))
13028 goto free_msg;
13029
13030 if (wakeup) {
13031 struct nlattr *reasons;
13032
13033 reasons = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS);
13034 if (!reasons)
13035 goto free_msg;
13036
13037 if (wakeup->disconnect &&
13038 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT))
13039 goto free_msg;
13040 if (wakeup->magic_pkt &&
13041 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT))
13042 goto free_msg;
13043 if (wakeup->gtk_rekey_failure &&
13044 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE))
13045 goto free_msg;
13046 if (wakeup->eap_identity_req &&
13047 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST))
13048 goto free_msg;
13049 if (wakeup->four_way_handshake &&
13050 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE))
13051 goto free_msg;
13052 if (wakeup->rfkill_release &&
13053 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE))
13054 goto free_msg;
13055
13056 if (wakeup->pattern_idx >= 0 &&
13057 nla_put_u32(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
13058 wakeup->pattern_idx))
13059 goto free_msg;
13060
13061 if (wakeup->tcp_match &&
13062 nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_MATCH))
13063 goto free_msg;
13064
13065 if (wakeup->tcp_connlost &&
13066 nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_CONNLOST))
13067 goto free_msg;
13068
13069 if (wakeup->tcp_nomoretokens &&
13070 nla_put_flag(msg,
13071 NL80211_WOWLAN_TRIG_WAKEUP_TCP_NOMORETOKENS))
13072 goto free_msg;
13073
13074 if (wakeup->packet) {
13075 u32 pkt_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211;
13076 u32 len_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211_LEN;
13077
13078 if (!wakeup->packet_80211) {
13079 pkt_attr =
13080 NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023;
13081 len_attr =
13082 NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023_LEN;
13083 }
13084
13085 if (wakeup->packet_len &&
13086 nla_put_u32(msg, len_attr, wakeup->packet_len))
13087 goto free_msg;
13088
13089 if (nla_put(msg, pkt_attr, wakeup->packet_present_len,
13090 wakeup->packet))
13091 goto free_msg;
13092 }
13093
13094 if (wakeup->net_detect &&
13095 cfg80211_net_detect_results(msg, wakeup))
13096 goto free_msg;
13097
13098 nla_nest_end(msg, reasons);
13099 }
13100
13101 genlmsg_end(msg, hdr);
13102
13103 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
13104 NL80211_MCGRP_MLME, gfp);
13105 return;
13106
13107 free_msg:
13108 nlmsg_free(msg);
13109}
13110EXPORT_SYMBOL(cfg80211_report_wowlan_wakeup);
13111#endif
13112
13113void cfg80211_tdls_oper_request(struct net_device *dev, const u8 *peer,
13114 enum nl80211_tdls_operation oper,
13115 u16 reason_code, gfp_t gfp)
13116{
13117 struct wireless_dev *wdev = dev->ieee80211_ptr;
13118 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
13119 struct sk_buff *msg;
13120 void *hdr;
13121
13122 trace_cfg80211_tdls_oper_request(wdev->wiphy, dev, peer, oper,
13123 reason_code);
13124
13125 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
13126 if (!msg)
13127 return;
13128
13129 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_TDLS_OPER);
13130 if (!hdr) {
13131 nlmsg_free(msg);
13132 return;
13133 }
13134
13135 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
13136 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
13137 nla_put_u8(msg, NL80211_ATTR_TDLS_OPERATION, oper) ||
13138 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer) ||
13139 (reason_code > 0 &&
13140 nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason_code)))
13141 goto nla_put_failure;
13142
13143 genlmsg_end(msg, hdr);
13144
13145 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
13146 NL80211_MCGRP_MLME, gfp);
13147 return;
13148
13149 nla_put_failure:
13150 genlmsg_cancel(msg, hdr);
13151 nlmsg_free(msg);
13152}
13153EXPORT_SYMBOL(cfg80211_tdls_oper_request);
13154
13155static int nl80211_netlink_notify(struct notifier_block * nb,
13156 unsigned long state,
13157 void *_notify)
13158{
13159 struct netlink_notify *notify = _notify;
13160 struct cfg80211_registered_device *rdev;
13161 struct wireless_dev *wdev;
13162 struct cfg80211_beacon_registration *reg, *tmp;
13163
13164 if (state != NETLINK_URELEASE)
13165 return NOTIFY_DONE;
13166
13167 rcu_read_lock();
13168
13169 list_for_each_entry_rcu(rdev, &cfg80211_rdev_list, list) {
13170 bool schedule_destroy_work = false;
13171 bool schedule_scan_stop = false;
13172 struct cfg80211_sched_scan_request *sched_scan_req =
13173 rcu_dereference(rdev->sched_scan_req);
13174
13175 if (sched_scan_req && notify->portid &&
13176 sched_scan_req->owner_nlportid == notify->portid)
13177 schedule_scan_stop = true;
13178
13179 list_for_each_entry_rcu(wdev, &rdev->wdev_list, list) {
13180 cfg80211_mlme_unregister_socket(wdev, notify->portid);
13181
13182 if (wdev->owner_nlportid == notify->portid)
13183 schedule_destroy_work = true;
13184 }
13185
13186 spin_lock_bh(&rdev->beacon_registrations_lock);
13187 list_for_each_entry_safe(reg, tmp, &rdev->beacon_registrations,
13188 list) {
13189 if (reg->nlportid == notify->portid) {
13190 list_del(®->list);
13191 kfree(reg);
13192 break;
13193 }
13194 }
13195 spin_unlock_bh(&rdev->beacon_registrations_lock);
13196
13197 if (schedule_destroy_work) {
13198 struct cfg80211_iface_destroy *destroy;
13199
13200 destroy = kzalloc(sizeof(*destroy), GFP_ATOMIC);
13201 if (destroy) {
13202 destroy->nlportid = notify->portid;
13203 spin_lock(&rdev->destroy_list_lock);
13204 list_add(&destroy->list, &rdev->destroy_list);
13205 spin_unlock(&rdev->destroy_list_lock);
13206 schedule_work(&rdev->destroy_work);
13207 }
13208 } else if (schedule_scan_stop) {
13209 sched_scan_req->owner_nlportid = 0;
13210
13211 if (rdev->ops->sched_scan_stop &&
13212 rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN)
13213 schedule_work(&rdev->sched_scan_stop_wk);
13214 }
13215 }
13216
13217 rcu_read_unlock();
13218
13219
13220
13221
13222
13223 regulatory_netlink_notify(notify->portid);
13224 return NOTIFY_OK;
13225}
13226
13227static struct notifier_block nl80211_netlink_notifier = {
13228 .notifier_call = nl80211_netlink_notify,
13229};
13230
13231void cfg80211_ft_event(struct net_device *netdev,
13232 struct cfg80211_ft_event_params *ft_event)
13233{
13234 struct wiphy *wiphy = netdev->ieee80211_ptr->wiphy;
13235 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
13236 struct sk_buff *msg;
13237 void *hdr;
13238
13239 trace_cfg80211_ft_event(wiphy, netdev, ft_event);
13240
13241 if (!ft_event->target_ap)
13242 return;
13243
13244 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
13245 if (!msg)
13246 return;
13247
13248 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FT_EVENT);
13249 if (!hdr)
13250 goto out;
13251
13252 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
13253 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
13254 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, ft_event->target_ap))
13255 goto out;
13256
13257 if (ft_event->ies &&
13258 nla_put(msg, NL80211_ATTR_IE, ft_event->ies_len, ft_event->ies))
13259 goto out;
13260 if (ft_event->ric_ies &&
13261 nla_put(msg, NL80211_ATTR_IE_RIC, ft_event->ric_ies_len,
13262 ft_event->ric_ies))
13263 goto out;
13264
13265 genlmsg_end(msg, hdr);
13266
13267 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
13268 NL80211_MCGRP_MLME, GFP_KERNEL);
13269 return;
13270 out:
13271 nlmsg_free(msg);
13272}
13273EXPORT_SYMBOL(cfg80211_ft_event);
13274
13275void cfg80211_crit_proto_stopped(struct wireless_dev *wdev, gfp_t gfp)
13276{
13277 struct cfg80211_registered_device *rdev;
13278 struct sk_buff *msg;
13279 void *hdr;
13280 u32 nlportid;
13281
13282 rdev = wiphy_to_rdev(wdev->wiphy);
13283 if (!rdev->crit_proto_nlportid)
13284 return;
13285
13286 nlportid = rdev->crit_proto_nlportid;
13287 rdev->crit_proto_nlportid = 0;
13288
13289 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
13290 if (!msg)
13291 return;
13292
13293 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CRIT_PROTOCOL_STOP);
13294 if (!hdr)
13295 goto nla_put_failure;
13296
13297 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
13298 nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
13299 goto nla_put_failure;
13300
13301 genlmsg_end(msg, hdr);
13302
13303 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
13304 return;
13305
13306 nla_put_failure:
13307 if (hdr)
13308 genlmsg_cancel(msg, hdr);
13309 nlmsg_free(msg);
13310
13311}
13312EXPORT_SYMBOL(cfg80211_crit_proto_stopped);
13313
13314void nl80211_send_ap_stopped(struct wireless_dev *wdev)
13315{
13316 struct wiphy *wiphy = wdev->wiphy;
13317 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
13318 struct sk_buff *msg;
13319 void *hdr;
13320
13321 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
13322 if (!msg)
13323 return;
13324
13325 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_STOP_AP);
13326 if (!hdr)
13327 goto out;
13328
13329 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
13330 nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex) ||
13331 nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
13332 goto out;
13333
13334 genlmsg_end(msg, hdr);
13335
13336 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(wiphy), msg, 0,
13337 NL80211_MCGRP_MLME, GFP_KERNEL);
13338 return;
13339 out:
13340 nlmsg_free(msg);
13341}
13342
13343
13344
13345int nl80211_init(void)
13346{
13347 int err;
13348
13349 err = genl_register_family_with_ops_groups(&nl80211_fam, nl80211_ops,
13350 nl80211_mcgrps);
13351 if (err)
13352 return err;
13353
13354 err = netlink_register_notifier(&nl80211_netlink_notifier);
13355 if (err)
13356 goto err_out;
13357
13358 return 0;
13359 err_out:
13360 genl_unregister_family(&nl80211_fam);
13361 return err;
13362}
13363
13364void nl80211_exit(void)
13365{
13366 netlink_unregister_notifier(&nl80211_netlink_notifier);
13367 genl_unregister_family(&nl80211_fam);
13368}
13369
